Apache-2.0 Python framework for building production-ready conversational AI apps with chat lifecycles, messages, steps, actions, elements, authentication, persistence, and integrations.
by Chainlit Maintainers · submitted by oktofeesh1·added 2026-06-04·
Chainlit apps run Python code in response to user chat events, actions, lifecycle hooks, MCP tool calls, and integrations, so app functions should be treated as trusted server code., The docs say Chainlit applications are public by default; private apps require an authentication secret and at least one authentication callback., Authentication identifies users, but app code still needs explicit authorization checks for admin controls, private chat history, user-specific data, file access, and external tool execution., Steps can expose intermediate reasoning, tool inputs, tool outputs, and chain-of-thought-style traces depending on configuration, so production apps should decide whether to show full steps, only tool calls, or hide them., Actions trigger Python callbacks from clickable UI controls, and Ask APIs can block code while requesting text, files, actions, or forms; handlers should validate user input and guard side effects., MCP support can connect to SSE, streamable HTTP, and stdio tool providers, discover tools, and execute them, so tool permissions, command-line tools, credentials, and network reachability need review., Deployment docs note that production runs should use headless mode, host binding must be intentional, and Docker deployments commonly need `--host 0.0.0.0`; reverse proxies and websockets need explicit configuration., Environment variable docs warn against hardcoding API keys and recommend keeping `.env` out of version control; public apps should not ship the maintainer's own provider keys to broad audiences.
Privacy notes
Chainlit apps can process chat messages, prompts, chat history, steps, tool inputs and outputs, user sessions, uploaded files, elements, human feedback, tags, metadata, logs, API calls, and generated artifacts., Enabling data persistence stores and uses chat and element data that is otherwise not persisted by default; teams should define retention, deletion, access, export, and monitoring policies., Authentication can store user identity, unique identifiers, headers, OAuth profile data, login state, and auth tokens that should be scoped and protected as sensitive application data., The user session is unique to a user and a chat session; shared globals can leak state across users, as the docs warn in their user-session example., Environment variables, `.env` files, model provider keys, vector database keys, OAuth secrets, MCP credentials, and deployment settings should stay out of committed code, screenshots, logs, and persisted chat artifacts., Multi-platform deployments such as web app, Copilot embed, Teams, Slack, Discord, custom React frontends, and Chainlit integrations may pass chat content and metadata through additional platforms with separate privacy terms.
Author
Chainlit Maintainers
Submitted by
oktofeesh1
Claim status
unclaimed
Last verified
2026-06-04
Decision playbook
Review trust signals before you adopt
Signals are present but mixed. Use the checklist below to confirm the source and operational safety for your environment.
Compare context
Selected
0
Current score
78
Baseline
—
Delta
No baseline selected
No major trust-signal divergence detected in the current selection.
Source and provenance checks
Complete
Confirm ownership and provenance before trusting install instructions.
Source link availableRequired
Open the canonical repository and verify ownership.
Done
Source provenance statusRequired
Marked as source-backed.
Done
Metadata reviewed
Registry metadata indicates a reviewed listing.
Done
Safety and privacy checks
Complete
Validate risk disclosures before installation or API wiring.
Safety notes presentRequired
Review the listed safety guidance before running commands.
Done
Privacy notes presentRequired
Review data handling notes before connecting accounts or secrets.
Done
Trust level risk gateRequired
Trust level does not block evaluation.
Done
Package and install checks
Needs review
Check package metadata and artifact integrity signals.
Install payload available
Install or copy payload is available for review.
Done
Package verification flag
No package verification flag provided.
Pending
Checksum metadata
No checksum provided for downloaded artifact.
Pending
Compare-driven decision checks
Needs review
Use compare context to validate trade-offs before adoption.
Compare tray has multiple entries
Add at least one more entry to compare trust differences.
8 safety and 6 privacy notes across 6 risk areas. Review closely: credentials & tokens, permissions & scopes, network access.
6 areas
SafetyExecution & processesChainlit apps run Python code in response to user chat events, actions, lifecycle hooks, MCP tool calls, and integrations, so app functions should be treated as trusted server code.
SafetyCredentials & tokensThe docs say Chainlit applications are public by default; private apps require an authentication secret and at least one authentication callback.
SafetyPermissions & scopesAuthentication identifies users, but app code still needs explicit authorization checks for admin controls, private chat history, user-specific data, file access, and external tool execution.
SafetyGeneralSteps can expose intermediate reasoning, tool inputs, tool outputs, and chain-of-thought-style traces depending on configuration, so production apps should decide whether to show full steps, only tool calls, or hide them.
SafetyNetwork accessActions trigger Python callbacks from clickable UI controls, and Ask APIs can block code while requesting text, files, actions, or forms; handlers should validate user input and guard side effects.
SafetyCredentials & tokensMCP support can connect to SSE, streamable HTTP, and stdio tool providers, discover tools, and execute them, so tool permissions, command-line tools, credentials, and network reachability need review.
SafetyExecution & processesDeployment docs note that production runs should use headless mode, host binding must be intentional, and Docker deployments commonly need `--host 0.0.0.0`; reverse proxies and websockets need explicit configuration.
SafetyCredentials & tokensEnvironment variable docs warn against hardcoding API keys and recommend keeping `.env` out of version control; public apps should not ship the maintainer's own provider keys to broad audiences.
PrivacyCredentials & tokensChainlit apps can process chat messages, prompts, chat history, steps, tool inputs and outputs, user sessions, uploaded files, elements, human feedback, tags, metadata, logs, API calls, and generated artifacts.
PrivacyData retentionEnabling data persistence stores and uses chat and element data that is otherwise not persisted by default; teams should define retention, deletion, access, export, and monitoring policies.
PrivacyCredentials & tokensAuthentication can store user identity, unique identifiers, headers, OAuth profile data, login state, and auth tokens that should be scoped and protected as sensitive application data.
PrivacyCredentials & tokensThe user session is unique to a user and a chat session; shared globals can leak state across users, as the docs warn in their user-session example.
PrivacyCredentials & tokensEnvironment variables, `.env` files, model provider keys, vector database keys, OAuth secrets, MCP credentials, and deployment settings should stay out of committed code, screenshots, logs, and persisted chat artifacts.
PrivacyGeneralMulti-platform deployments such as web app, Copilot embed, Teams, Slack, Discord, custom React frontends, and Chainlit integrations may pass chat content and metadata through additional platforms with separate privacy terms.
Disclosure: editorial
Safety notes
Chainlit apps run Python code in response to user chat events, actions, lifecycle hooks, MCP tool calls, and integrations, so app functions should be treated as trusted server code.
The docs say Chainlit applications are public by default; private apps require an authentication secret and at least one authentication callback.
Authentication identifies users, but app code still needs explicit authorization checks for admin controls, private chat history, user-specific data, file access, and external tool execution.
Steps can expose intermediate reasoning, tool inputs, tool outputs, and chain-of-thought-style traces depending on configuration, so production apps should decide whether to show full steps, only tool calls, or hide them.
Actions trigger Python callbacks from clickable UI controls, and Ask APIs can block code while requesting text, files, actions, or forms; handlers should validate user input and guard side effects.
MCP support can connect to SSE, streamable HTTP, and stdio tool providers, discover tools, and execute them, so tool permissions, command-line tools, credentials, and network reachability need review.
Deployment docs note that production runs should use headless mode, host binding must be intentional, and Docker deployments commonly need `--host 0.0.0.0`; reverse proxies and websockets need explicit configuration.
Environment variable docs warn against hardcoding API keys and recommend keeping `.env` out of version control; public apps should not ship the maintainer's own provider keys to broad audiences.
Privacy notes
Chainlit apps can process chat messages, prompts, chat history, steps, tool inputs and outputs, user sessions, uploaded files, elements, human feedback, tags, metadata, logs, API calls, and generated artifacts.
Enabling data persistence stores and uses chat and element data that is otherwise not persisted by default; teams should define retention, deletion, access, export, and monitoring policies.
Authentication can store user identity, unique identifiers, headers, OAuth profile data, login state, and auth tokens that should be scoped and protected as sensitive application data.
The user session is unique to a user and a chat session; shared globals can leak state across users, as the docs warn in their user-session example.
Environment variables, `.env` files, model provider keys, vector database keys, OAuth secrets, MCP credentials, and deployment settings should stay out of committed code, screenshots, logs, and persisted chat artifacts.
Multi-platform deployments such as web app, Copilot embed, Teams, Slack, Discord, custom React frontends, and Chainlit integrations may pass chat content and metadata through additional platforms with separate privacy terms.
Prerequisites
Python environment with Chainlit, model provider SDKs, vector or database clients, agent frameworks, deployment runtime, and frontend customization dependencies installed as needed.
Chat lifecycle design for `on_chat_start`, `on_message`, messages, steps, actions, elements, commands, user sessions, chat profiles, chat settings, streaming, ask-user flows, and testing.
Authentication and authorization plan for public-by-default apps, `CHAINLIT_AUTH_SECRET`, password auth, OAuth, header auth, user identifiers, admin actions, and user-specific data.
Data plan for chat history, human feedback, data persistence, open-source data layers, tags, metadata, file elements, generated artifacts, and retention policies.
Deployment plan for host binding, websockets, subpaths, cross-origin settings, environment variables, reverse proxy behavior, Slack, Discord, Teams, Copilot embeds, and custom React frontends.
Tooling plan for LangChain, LangGraph, OpenAI, Mistral AI, Semantic Kernel, LlamaIndex, LiteLLM, vLLM, local model servers, MCP connections, and any external tool execution.
## Editorial notes
Chainlit is useful when Claude-adjacent teams need to ship conversational AI prototypes, agent review apps, internal copilots, model evaluation chats, RAG interfaces, tool-calling demos, and human-in-the-loop workflows without building a chat frontend from scratch. Its message, step, action, element, session, authentication, persistence, and integration APIs give agents and developers a practical Python surface for turning LLM logic into usable chat applications.
This entry covers the open-source Chainlit framework. It is distinct from Gradio, Streamlit, Marimo, Hugging Face MCP Server, and LangChain. Gradio focuses on model demos and AI app interfaces. Streamlit focuses on data apps and dashboards. Marimo focuses on reactive notebooks. Hugging Face MCP Server exposes Hugging Face resources through MCP. LangChain is an LLM application framework. Chainlit focuses on production-oriented conversational AI applications and chat user interfaces around Python app logic.
## Source notes
- The official docs describe Chainlit as an open-source Python package for building production-ready conversational AI.
- The docs list key features including fast Python setup, authentication, data persistence, multi-step reasoning visualization, and multi-platform use.
- The repository README describes Chainlit as a way to build Python production-ready conversational AI applications in minutes and says the project is Apache-2.0 licensed.
- The README says Chainlit is community-maintained as of May 1, 2025, with the original Chainlit team stepping back from active development and maintainers responsible for code review, releases, and security.
- The message docs define messages as information sent between user and assistant, with lifecycle hooks as the building blocks of a chat.
- The `on_message` API docs say the decorated function runs every time a new message is received from the UI.
- The step docs describe steps with type, input, output, start, and end, and say the chain-of-thought display can be configured to show full reasoning, hide it, or show only tool calls.
- The action docs describe clickable UI buttons attached to messages that trigger Python callbacks.
- The element docs describe attaching images, PDFs, custom elements, and other content to messages or steps.
- The user-session docs say each user session is unique to a user and a chat session, and warn that naive global state can be shared across users.
- The authentication docs say Chainlit apps are public by default and require `CHAINLIT_AUTH_SECRET` plus authentication callbacks for private apps.
- The data-persistence docs say Chainlit does not persist chats and generated elements by default, but persistence can be enabled through an official, community, or custom data layer.
- The environment-variable docs warn against hardcoding API keys, describe `.env` loading, and say `.env` should be added to `.gitignore`.
- The deployment docs describe web app, Copilot, custom React, Teams, Slack, and Discord targets, plus production notes for headless startup, host binding, websockets, subpaths, and cross origins.
- The MCP docs say Chainlit can connect to SSE, streamable HTTP, and stdio MCP services, discover available tools, execute them, and integrate tool responses into the application flow.
- The integrations docs cover LangChain, LangGraph, OpenAI, OpenAI Assistants, Mistral AI, Semantic Kernel, LlamaIndex, LiteLLM, vLLM, LMStudio, and Hugging Face workflows.
- The repository is `Chainlit/chainlit`, is Apache-2.0 licensed, active, and community-maintained.
## Duplicate check
Checked current `content/tools/`, `content/mcp/`, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for `Chainlit`, `Chainlit/chainlit`, `github.com/Chainlit/chainlit`, `docs.chainlit.io`, `chainlit.io`, `conversational AI`, `chat lifecycle`, and `MCP tools`. Existing mentions are contextual distinction notes inside the recent Marimo, Streamlit, and Gradio entries; no dedicated Chainlit tools entry, source URL duplicate, target file, issue duplicate, semantic duplicate, or open duplicate PR was found.
## Disclosure
Editorial listing. No paid placement or affiliate link is used. Chainlit is Apache-2.0 open-source software and its README says it is community-maintained as of May 1, 2025. Chainlit Help, model providers, LLM APIs, vector databases, MCP tool providers, Slack, Discord, Teams, Copilot embeds, custom frontends, cloud hosts, and downstream deployment services may have separate licenses, billing, terms, privacy obligations, warranties, and access controls.
About this resource
Editorial notes
Chainlit is useful when Claude-adjacent teams need to ship conversational AI prototypes, agent review apps, internal copilots, model evaluation chats, RAG interfaces, tool-calling demos, and human-in-the-loop workflows without building a chat frontend from scratch. Its message, step, action, element, session, authentication, persistence, and integration APIs give agents and developers a practical Python surface for turning LLM logic into usable chat applications.
This entry covers the open-source Chainlit framework. It is distinct from Gradio, Streamlit, Marimo, Hugging Face MCP Server, and LangChain. Gradio focuses on model demos and AI app interfaces. Streamlit focuses on data apps and dashboards. Marimo focuses on reactive notebooks. Hugging Face MCP Server exposes Hugging Face resources through MCP. LangChain is an LLM application framework. Chainlit focuses on production-oriented conversational AI applications and chat user interfaces around Python app logic.
Source notes
The official docs describe Chainlit as an open-source Python package for building production-ready conversational AI.
The docs list key features including fast Python setup, authentication, data persistence, multi-step reasoning visualization, and multi-platform use.
The repository README describes Chainlit as a way to build Python production-ready conversational AI applications in minutes and says the project is Apache-2.0 licensed.
The README says Chainlit is community-maintained as of May 1, 2025, with the original Chainlit team stepping back from active development and maintainers responsible for code review, releases, and security.
The message docs define messages as information sent between user and assistant, with lifecycle hooks as the building blocks of a chat.
The on_message API docs say the decorated function runs every time a new message is received from the UI.
The step docs describe steps with type, input, output, start, and end, and say the chain-of-thought display can be configured to show full reasoning, hide it, or show only tool calls.
The action docs describe clickable UI buttons attached to messages that trigger Python callbacks.
The element docs describe attaching images, PDFs, custom elements, and other content to messages or steps.
The user-session docs say each user session is unique to a user and a chat session, and warn that naive global state can be shared across users.
The authentication docs say Chainlit apps are public by default and require CHAINLIT_AUTH_SECRET plus authentication callbacks for private apps.
The data-persistence docs say Chainlit does not persist chats and generated elements by default, but persistence can be enabled through an official, community, or custom data layer.
The environment-variable docs warn against hardcoding API keys, describe .env loading, and say .env should be added to .gitignore.
The deployment docs describe web app, Copilot, custom React, Teams, Slack, and Discord targets, plus production notes for headless startup, host binding, websockets, subpaths, and cross origins.
The MCP docs say Chainlit can connect to SSE, streamable HTTP, and stdio MCP services, discover available tools, execute them, and integrate tool responses into the application flow.
The integrations docs cover LangChain, LangGraph, OpenAI, OpenAI Assistants, Mistral AI, Semantic Kernel, LlamaIndex, LiteLLM, vLLM, LMStudio, and Hugging Face workflows.
The repository is Chainlit/chainlit, is Apache-2.0 licensed, active, and community-maintained.
Duplicate check
Checked current content/tools/, content/mcp/, agents, hooks, rules, skills, commands, guides, collections, open pull requests, live issue state, and repository-wide content for Chainlit, Chainlit/chainlit, github.com/Chainlit/chainlit, docs.chainlit.io, chainlit.io, conversational AI, chat lifecycle, and MCP tools. Existing mentions are contextual distinction notes inside the recent Marimo, Streamlit, and Gradio entries; no dedicated Chainlit tools entry, source URL duplicate, target file, issue duplicate, semantic duplicate, or open duplicate PR was found.
Disclosure
Editorial listing. No paid placement or affiliate link is used. Chainlit is Apache-2.0 open-source software and its README says it is community-maintained as of May 1, 2025. Chainlit Help, model providers, LLM APIs, vector databases, MCP tool providers, Slack, Discord, Teams, Copilot embeds, custom frontends, cloud hosts, and downstream deployment services may have separate licenses, billing, terms, privacy obligations, warranties, and access controls.
Apache-2.0 Python framework for building production-ready conversational AI apps with chat lifecycles, messages, steps, actions, elements, authentication, persistence, and integrations.
Apache-2.0 Python framework for turning scripts into interactive data apps, dashboards, reports, chat apps, multipage tools, and deployable analytical interfaces.
Open-source Python AgentOS and multi-agent framework, evolved from AutoGen, for building conversable agents, group chats, swarms, human-in-the-loop workflows, tool use, RAG, code execution, and provider-backed agent systems.
Open-source, LLM-friendly Python web crawler and scraper that turns web pages into clean, LLM-ready Markdown for RAG, agents, and data pipelines, with an async browser pool, caching, structured extraction, and adaptive deep crawling.
✓Chainlit apps run Python code in response to user chat events, actions, lifecycle hooks, MCP tool calls, and integrations, so app functions should be treated as trusted server code.
The docs say Chainlit applications are public by default; private apps require an authentication secret and at least one authentication callback.
Authentication identifies users, but app code still needs explicit authorization checks for admin controls, private chat history, user-specific data, file access, and external tool execution.
Steps can expose intermediate reasoning, tool inputs, tool outputs, and chain-of-thought-style traces depending on configuration, so production apps should decide whether to show full steps, only tool calls, or hide them.
Actions trigger Python callbacks from clickable UI controls, and Ask APIs can block code while requesting text, files, actions, or forms; handlers should validate user input and guard side effects.
MCP support can connect to SSE, streamable HTTP, and stdio tool providers, discover tools, and execute them, so tool permissions, command-line tools, credentials, and network reachability need review.
Deployment docs note that production runs should use headless mode, host binding must be intentional, and Docker deployments commonly need `--host 0.0.0.0`; reverse proxies and websockets need explicit configuration.
Environment variable docs warn against hardcoding API keys and recommend keeping `.env` out of version control; public apps should not ship the maintainer's own provider keys to broad audiences.
✓Streamlit apps execute Python scripts and rerun code from top to bottom on user interaction or code changes, so destructive writes, API calls, database mutations, long jobs, and side effects need explicit guards.
Cached data can be global across users, sessions, and reruns, while Session State is scoped to a browser session; teams should avoid accidentally sharing user-specific or sensitive data through global caches.
The Streamlit security docs warn that `st.cache_data` and `st.session_state` use Python pickle internally, and that malicious pickle data can execute arbitrary code during unpickling.
Cached resources such as database connections and ML models can be shared globally and must be thread-safe, or should be scoped per session when isolation is required.
Secrets should not be committed to repositories; Streamlit supports environment variables, local or project secrets files, and platform-specific secret storage.
OIDC authentication identifies users but does not provide authorization or delegated OAuth access by itself, so apps still need explicit permission checks for admin actions and user-specific data.
Custom components, embedded HTML, iframes, JavaScript, media, file uploaders, and third-party packages should be treated as trusted app code and reviewed before public deployment.
Chat elements and LLM integrations can call external APIs and stream long-running responses, so prompts, attachments, generated outputs, rate limits, and provider credentials need operational limits.
✓AG2 agents can converse, call tools, execute code, use retrieval systems, run browser workflows, and coordinate group chats; require explicit permissions and approval gates for high-impact actions.
The upstream install docs and examples commonly involve provider credentials; keep API keys, config files, notebooks, and `.env` files out of commits and support tickets.
Code execution, Docker, Jupyter, browser-use, and RAG extras can touch local files, network services, notebooks, databases, and external websites; scope them tightly before granting agent access.
Multi-agent conversations can continue through nested chats, swarms, group chats, and custom reply handlers; define termination, escalation, retry, and human takeover behavior.
Track the release roadmap before upgrading because deprecations and the v1.0 transition can change which APIs should be used for new work.
✓Crawl4AI fetches and renders web pages you point it at, running a headless browser that executes page scripts, so crawl only sites you trust to run and process.
Crawled content is untrusted input; when its Markdown or extracted text is fed to an LLM or agent, treat it as a prompt-injection surface and constrain what the agent may do with it.
Respect each site's terms of service, robots directives, and rate limits, and avoid crawling content you are not permitted to access.
If you run the Docker API server, keep authentication enabled and do not expose it on a public interface without protection; recent releases harden it as secure-by-default.
Keep production crawling permissions and scope narrower than quickstart examples, and set timeouts and limits for long or deep crawls.
Privacy notes
✓Chainlit apps can process chat messages, prompts, chat history, steps, tool inputs and outputs, user sessions, uploaded files, elements, human feedback, tags, metadata, logs, API calls, and generated artifacts.
Enabling data persistence stores and uses chat and element data that is otherwise not persisted by default; teams should define retention, deletion, access, export, and monitoring policies.
Authentication can store user identity, unique identifiers, headers, OAuth profile data, login state, and auth tokens that should be scoped and protected as sensitive application data.
The user session is unique to a user and a chat session; shared globals can leak state across users, as the docs warn in their user-session example.
Environment variables, `.env` files, model provider keys, vector database keys, OAuth secrets, MCP credentials, and deployment settings should stay out of committed code, screenshots, logs, and persisted chat artifacts.
Multi-platform deployments such as web app, Copilot embed, Teams, Slack, Discord, custom React frontends, and Chainlit integrations may pass chat content and metadata through additional platforms with separate privacy terms.
✓Streamlit apps can process Python source, widget inputs, uploaded files, session state, cached results, DataFrames, SQL queries, database rows, charts, maps, chat prompts, logs, and rendered outputs.
Secrets can be loaded from `st.secrets`, TOML files, environment variables, deployment settings, or third-party secret managers; these values should stay out of source control, screenshots, app output, and logs.
Community Cloud and other hosted deployment paths can involve GitHub account connection, source repository access, app metadata, runtime logs, dependency installation, secrets configuration, and platform-specific retention policies.
OIDC login stores identity information and an identity cookie for the app session; user profile fields, login status, and authorization decisions should be treated as sensitive app data.
Global caches, global resources, and persisted session data can expose values across users or reruns if the app does not separate public, shared, and user-specific data deliberately.
Custom components, embedded iframes, external APIs, databases, warehouses, LLM providers, and analytics services may receive user inputs, prompts, query results, browser metadata, or credentials depending on app design.
✓Prompts, messages, tool arguments, tool outputs, code snippets, notebook state, retrieved documents, vector-store contents, provider responses, traces, and execution logs may contain sensitive user or workspace data.
Do not expose secrets, API keys, private file paths, customer records, internal documents, database rows, or raw exceptions through agent messages, logs, notebooks, screenshots, or public examples.
Provider extras and retrieval integrations can route data through OpenAI, Anthropic, Google, AWS, local model servers, databases, vector stores, browser automation, or other third-party services.
If AG2 is used for code execution or browser automation, define which files, domains, credentials, downloads, screenshots, and logs can be read or retained.
✓Crawled pages, extracted text, and generated Markdown can contain personal or proprietary data from the sites you visit; handle that output under normal data-handling policies.
LLM-based extraction sends page content to the configured model provider, which processes it under its own terms; local models keep that processing on your machine.
Caches, saved crawl outputs, and logs can retain fetched content and metadata, so choose retention and access controls deliberately.
Model-provider keys, crawl configurations, and stored outputs should be kept out of version control and access-controlled like other operational data.
Prerequisites
Python environment with Chainlit, model provider SDKs, vector or database clients, agent frameworks, deployment runtime, and frontend customization dependencies installed as needed.
Chat lifecycle design for `on_chat_start`, `on_message`, messages, steps, actions, elements, commands, user sessions, chat profiles, chat settings, streaming, ask-user flows, and testing.
Authentication and authorization plan for public-by-default apps, `CHAINLIT_AUTH_SECRET`, password auth, OAuth, header auth, user identifiers, admin actions, and user-specific data.
Data plan for chat history, human feedback, data persistence, open-source data layers, tags, metadata, file elements, generated artifacts, and retention policies.
Python environment with Streamlit and project dependencies installed for the selected local, Codespaces, Snowflake, Community Cloud, or self-hosted deployment path.
App architecture plan for Streamlit's top-to-bottom rerun model, widgets, forms, fragments, callbacks, Session State, caching, multipage routing, and long-running operations.
Data and connection plan for local files, DataFrames, SQL databases, Snowflake, APIs, credentials, environment variables, secrets, and external service quotas.
Deployment plan for dependency installation, remote `streamlit run`, secrets handling, configuration, authentication, authorization, static assets, logging, and app sharing.
Python 3.10 or newer and a Python environment managed with pip, uv, or another package manager.
Model provider credentials for the selected provider extra, such as OpenAI, Anthropic, Gemini, Bedrock, Mistral, Ollama, Groq, xAI, or another supported route.
A secrets strategy for provider keys, AG2 config files, `.env` files, notebooks, and example `OAI_CONFIG_LIST`-style credentials.
A reviewed execution boundary for code execution, Docker, Jupyter, browser-use, RAG, retrieval, database, and external tool extras.
Python 3.10+ project and a dependency manager to install `crawl4ai` from PyPI, followed by the `crawl4ai-setup` step that prepares the browser.
Enough local resources to run a headless browser, or Docker if you deploy the crawler as a server.
Target URLs or sites to crawl, and awareness of each site's terms of service, robots rules, and rate limits.
For LLM-based extraction, a model-provider key or local model for the extraction strategy you configure.