AnythingLLM
Local-first AI application for private chat, document RAG, workspace agents, MCP-compatible tools, model routing, memories, scheduled tasks, multimodal workflows, multi-user Docker deployments, and self-hosted agent automation.
Open the source and read safety notes before installing.
Safety notes
- AnythingLLM can run agents, scheduled tasks, MCP-compatible tools, browser-like workspace actions, developer APIs, and external model calls; scope tools and credentials before enabling them for users.
- The upstream Docker guide includes examples that add the SYS_ADMIN capability to the container. Review whether that capability is acceptable for the host before copying production run commands.
- Multi-user Docker deployments need normal production controls: authentication, TLS, network isolation, secret management, persistent-volume ownership, backups, and upgrade planning.
- Agent tools, custom agents, model routing, memories, and scheduled tasks can change behavior over time; use least privilege, logging, review gates, and rollback plans for write-capable workflows.
- Localhost services such as Ollama, Chroma, LocalAI, or LM Studio may need Docker host routing adjustments; avoid exposing local provider ports wider than intended.
Privacy notes
- Uploaded documents, parsed chunks, embeddings, workspace memories, prompts, chat history, agent state, scheduled task inputs, MCP payloads, provider responses, logs, and API calls may contain sensitive data.
- The README documents anonymous telemetry and an opt-out through DISABLE_TELEMETRY=true or the in-app privacy setting; review this before using regulated or confidential data.
- Even with telemetry disabled, outbound calls may still go to configured LLMs, embedding models, vector databases, external tools, cdn.anythingllm.com, GitHub, or GitHubusercontent depending on the deployment.
- Keep provider keys, JWT secrets, workspace invite links, storage paths, private documents, and generated citations out of public prompts, screenshots, issues, and examples.
Prerequisites
- Docker for the documented self-hosted path, or the desktop application for a local workstation install.
- At least the upstream minimum host resources, with disk sized for documents, embeddings, vector storage, models, logs, and backups.
- A local or remote LLM provider, embedding provider, and optional speech or image models for the workflows the workspace will run.
- A storage, backup, retention, and access-control plan before ingesting private documents or opening a multi-user Docker instance.
- Review of the Docker guide, including container capabilities, host-network access, persistent storage, and provider connectivity.
Schema details
- Install type
- cli
- Troubleshooting
- No
- Scope
- Source repo
- Estimated setup
- 30 minutes
- Difficulty
- intermediate
- Website
- https://anythingllm.com
- Pricing
- freemium
- Disclosure
- editorial
- Application category
- DeveloperApplication
- Operating system
- Cross-platform
Full copyable content
docker pull mintplexlabs/anythingllmAbout this resource
Overview
AnythingLLM is a local-first AI workspace for chatting with documents, building agent workflows, connecting local or hosted model providers, and running a private AI interface for individuals or teams. It combines document ingestion, RAG, source citations, workspace agents, MCP compatibility, model routing, memories, scheduled tasks, multimodal support, a developer API, Docker self-hosting, and desktop app distribution.
This is high-value content for people searching for AnythingLLM, local-first AI apps, self-hosted ChatGPT alternatives, AI agents, RAG chat, MCP-compatible tools, OpenClaw-adjacent agent tooling, private document chat, and no-code agent builders.
Install
AnythingLLM can be installed as a desktop app or run as a Docker deployment. A conservative first step for the Docker path is to pull the official image and then review the upstream Docker guide before launching it:
docker pull mintplexlabs/anythingllm
The Docker guide documents persistent storage, environment variables, model provider connection details, Docker Compose examples, and host routing for local services such as Ollama or LM Studio. Review the container capability and storage choices before using the documented run commands on a production host.
Core Capabilities
| Area | AnythingLLM Coverage |
|---|---|
| Document Chat | Upload documents, parse content, build workspace context, and answer with source citations |
| RAG | Built-in document pipelines, embeddings, vector storage, and retrieval-backed chat |
| Agents | Workspace agents, custom agents, scheduled tasks, intelligent skill selection, and no-code agent flows |
| MCP | MCP-compatible tool integration for adding external tools to agent workflows |
| Models | Local and hosted LLM providers including Ollama, LM Studio, OpenAI, Anthropic, Gemini, Azure OpenAI, Bedrock, OpenRouter, Mistral, Groq, Cohere, LiteLLM, and others |
| Vector Storage | LanceDB by default, plus PGVector, Astra DB, Pinecone, Chroma, Weaviate, Qdrant, Milvus, and Zilliz options |
| Deployment | Desktop app, Docker image, Docker Compose guidance, cloud templates, bare-metal path, and multi-user Docker instance support |
| Platform | Developer API, embeddable chat widget, multimodal support, memories, model routing, telemetry controls, and browser extension ecosystem |
MCP and Agent Fit
AnythingLLM belongs in MCP and agent discovery because it gives non-specialist users a practical workspace for connecting tools, documents, models, and agents. Instead of starting from a code-first framework, users can create a workspace, attach documents, configure models, enable agent tools, and expose a repeatable agent workflow through the UI.
It is also relevant to OpenClaw and skill searches because the upstream repository topics include OpenClaw and agentic AI positioning. The important boundary is operational: every enabled tool, scheduled task, model route, document collection, and memory store should be reviewed as a data flow and permission boundary.
Use Cases
- Build a private document-chat workspace over PDFs, text files, and office documents.
- Run local-first RAG with Ollama, LM Studio, local embeddings, and LanceDB.
- Give a team a multi-user AI workspace without starting from a blank agent framework.
- Add MCP-compatible tools to an agent workspace.
- Route different chats or workflows to different model providers.
- Schedule recurring agent tasks with full workspace context.
- Prototype no-code agent flows before moving specialized logic into a framework such as LangGraph, Qwen-Agent, AG2, or CAMEL-AI.
- Compare local-first tools such as AnythingLLM, Open WebUI, LibreChat, RAGFlow, Dify, and Flowise for private AI workspace needs.
Source Review
Verified on 2026-06-18:
- GitHub reports
Mintplex-Labs/anything-llmas an MIT-licensed repository with active development, 61,000+ stars, and latest releasev1.14.1. - The README describes AnythingLLM as an all-in-one AI app for chatting with documents, using AI agents, multi-user operation, local-first use, and low setup friction.
- The README lists dynamic model routing, memories, scheduled tasks, intelligent skill selection, no-code AI agent builder, MCP compatibility, multimodal support, custom agents, agents inside workspaces, document support, source citations, developer API, and embeddable chat widget support.
- The README lists many local and hosted LLM providers, embedding providers, speech providers, and vector databases, including LanceDB as the default vector database.
- The Docker guide documents the official
mintplexlabs/anythingllmimage, persistent storage, minimum host expectations, Docker Compose examples, host routing for local services, and source-build guidance. - The README documents anonymous telemetry, opt-out controls, and remaining outbound connections that can still happen depending on configured providers and deployment settings.
Safety and Privacy
AnythingLLM is a full AI workspace, not just a chat UI. Agents, MCP-compatible tools, scheduled tasks, custom memories, document ingestion, model routing, and developer APIs can all change what data is sent where and what actions the workspace can perform.
For self-hosting, treat the Docker environment file, JWT secret, provider keys, storage volume, uploaded documents, parsed chunks, embeddings, logs, backups, and telemetry settings as sensitive infrastructure. Review the Docker capability requirements before copying run examples, especially on shared hosts or machines that also run private services.
Duplicate Check
Checked current content/tools/, content/mcp/, content/agents/,
content/skills/, guides, collections, open pull requests, and repository-wide
content for Mintplex-Labs/anything-llm, AnythingLLM, anythingllm.com,
AnythingLLM MCP, AnythingLLM agents, AnythingLLM RAG, local-first AI app,
self-hosted ChatGPT, no-code AI agent builder, document chat with agents, and
OpenClaw AI agents. No dedicated AnythingLLM entry, exact source URL duplicate,
target file, or open duplicate PR was found.
Source citations
Add this badge to your README
Show that AnythingLLM is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/tools/anythingllm)How it compares
AnythingLLM side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | AnythingLLM Local-first AI application for private chat, document RAG, workspace agents, MCP-compatible tools, model routing, memories, scheduled tasks, multimodal workflows, multi-user Docker deployments, and self-hosted agent automation. Open dossier | LibreChat Self-hosted AI chat and agent platform with LibreChat Agents, MCP support, reusable Skills, Subagents, Code Interpreter, web search, artifacts, multi-provider model routing, secure multi-user auth, and Docker Compose deployment. Open dossier | LobeHub (formerly LobeChat) Self-hostable AI agent workspace formerly known as LobeChat, with agent builder, agent groups, personal memory, model-provider routing, skills, MCP-compatible plugins, Docker deployment, Vercel deployment, and IM gateway workflows. Open dossier | RAGFlow Open-source RAG and agentic retrieval platform with DeepDoc document understanding, visual chunking, grounded citations, heterogeneous data-source ingestion, agent workflows, MCP support, code executor support, and Docker self-hosting. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | tools | tools | tools | tools |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | Mintplex Labs | LibreChat | LobeHub | InfinityFlow |
| Added | 2026-06-18 | 2026-06-18 | 2026-06-18 | 2026-06-18 |
| Platforms | CLI | CLI | CLI | CLI |
| Source repo | — | — | — | — |
| Safety notes | ✓AnythingLLM can run agents, scheduled tasks, MCP-compatible tools, browser-like workspace actions, developer APIs, and external model calls; scope tools and credentials before enabling them for users. The upstream Docker guide includes examples that add the SYS_ADMIN capability to the container. Review whether that capability is acceptable for the host before copying production run commands. Multi-user Docker deployments need normal production controls: authentication, TLS, network isolation, secret management, persistent-volume ownership, backups, and upgrade planning. Agent tools, custom agents, model routing, memories, and scheduled tasks can change behavior over time; use least privilege, logging, review gates, and rollback plans for write-capable workflows. Localhost services such as Ollama, Chroma, LocalAI, or LM Studio may need Docker host routing adjustments; avoid exposing local provider ports wider than intended. | ✓LibreChat can combine agents, MCP servers, Skills, Subagents, file search, web search, Code Interpreter, OpenAPI actions, functions, and custom endpoints; each connected tool needs explicit permission review. The Docker Compose file starts application, MongoDB, MeiliSearch, pgvector, and RAG API services and mounts `.env`, uploads, logs, images, and skill directories. Review volumes and secrets before exposing the instance. Code Interpreter is designed for sandboxed execution, but uploaded files, generated code, network access, and language runtimes still need isolation and quota controls. MCP servers can expose read/write tools from local or remote systems. Start with read-only servers, restrict tool scopes, and review logs before enabling account, filesystem, database, browser, or infrastructure actions. Multi-user auth, sharing, presets, agents, and prompt libraries can leak capabilities between users if roles, groups, and admin settings are misconfigured. | ✓Review the official deployment guide, generated Compose files, image tags, mounted volumes, and network bindings before running LobeHub on production or personal machines. LobeHub can organize agent teams, schedule work, use memory, connect skills, and use MCP-compatible plugins. Restrict write-capable plugins, account integrations, and scheduled actions until permissions are reviewed. Docker deployment can expose persistent storage, service ports, and provider credentials. Keep compose files, environment files, backups, and reverse-proxy configs under normal server hardening rules. The current repository license file uses the LobeHub Community License with additional commercial derivative-work conditions, while `package.json` still reports MIT. Treat the LICENSE file as the review source for usage decisions. Do not assume self-hosting removes third-party risk: model providers, plugins, skills, analytics, storage providers, and sandbox integrations can still receive data. | ✓RAGFlow is a multi-service RAG platform, not a small CLI. Review Docker services, exposed ports, persistent volumes, model-provider keys, parser settings, and update strategy before production use. The README notes x86 Docker image availability and separate guidance for ARM64 builds; verify architecture before deploying on ARM hosts. Deep document parsing, OCR, chunking, embeddings, reranking, agent workflows, MCP, and code executor features can process sensitive files and produce misleading outputs if retrieval quality is not tested. The code executor feature requires sandbox review. Use gVisor or another isolation plan before running generated or user-provided code. MCP support should be configured with localhost binding, API-key hygiene, dataset-level scoping, and read-only retrieval defaults unless a broader tool surface has been reviewed. |
| Privacy notes | ✓Uploaded documents, parsed chunks, embeddings, workspace memories, prompts, chat history, agent state, scheduled task inputs, MCP payloads, provider responses, logs, and API calls may contain sensitive data. The README documents anonymous telemetry and an opt-out through DISABLE_TELEMETRY=true or the in-app privacy setting; review this before using regulated or confidential data. Even with telemetry disabled, outbound calls may still go to configured LLMs, embedding models, vector databases, external tools, cdn.anythingllm.com, GitHub, or GitHubusercontent depending on the deployment. Keep provider keys, JWT secrets, workspace invite links, storage paths, private documents, and generated citations out of public prompts, screenshots, issues, and examples. | ✓Chats, prompts, file uploads, image inputs, tool calls, MCP payloads, Skills, Subagent transcripts, Code Interpreter files, RAG chunks, embeddings, message search data, logs, and exports may contain private data. Model providers, rerankers, search providers, MCP servers, custom endpoints, storage services, and analytics integrations may receive user content depending on configuration. Keep `.env`, model keys, OAuth secrets, LDAP settings, MongoDB data, MeiliSearch indexes, pgvector data, upload folders, logs, and generated artifacts out of public repos and screenshots. Before using shared agents or marketplace-style workflows, define who can view prompts, files, agent configs, Skills, MCP server definitions, and conversation exports. | ✓Agent prompts, chat history, scheduled tasks, personal memory, workspace context, uploaded files, model responses, tool calls, plugin traffic, MCP-compatible plugin payloads, logs, and analytics can contain private data. Model provider API keys, auth secrets, S3/storage credentials, database URLs, sandbox credentials, and analytics settings should stay in deployment secrets, not committed configs or screenshots. If using shared workspaces, define who can inspect agent memory, saved prompts, generated pages, project history, plugin configuration, logs, and scheduled task results. Before enabling cloud providers, plugins, skills, or analytics, review data retention and regional handling outside the self-hosted instance. | ✓Uploaded documents, parsed chunks, OCR text, embeddings, dataset metadata, chat history, citations, agent workflow state, code executor inputs, MCP payloads, logs, and model responses may contain private or regulated data. Model providers, embedding providers, rerankers, synchronized data sources, object storage, databases, and MCP clients may receive data depending on deployment settings. Keep RAGFlow API keys, provider keys, service configuration, dataset IDs, document IDs, logs, backups, and generated citations out of prompts, public issues, screenshots, and committed examples. Define retention, deletion, access review, and export rules before ingesting customer, financial, legal, healthcare, source-code, or credential-bearing documents. |
| Prerequisites |
|
|
|
|
| Install | | | | |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Featured in
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.