toolsSource-backedReview first Safety ✓ Privacy ✓

LibreChat

Self-hosted AI chat and agent platform with LibreChat Agents, MCP support, reusable Skills, Subagents, Code Interpreter, web search, artifacts, multi-provider model routing, secure multi-user auth, and Docker Compose deployment.

by LibreChat·added 2026-06-18·

CLI

HarnessCLI

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

LibreChat can combine agents, MCP servers, Skills, Subagents, file search, web search, Code Interpreter, OpenAPI actions, functions, and custom endpoints; each connected tool needs explicit permission review.
The Docker Compose file starts application, MongoDB, MeiliSearch, pgvector, and RAG API services and mounts `.env`, uploads, logs, images, and skill directories. Review volumes and secrets before exposing the instance.
Code Interpreter is designed for sandboxed execution, but uploaded files, generated code, network access, and language runtimes still need isolation and quota controls.
MCP servers can expose read/write tools from local or remote systems. Start with read-only servers, restrict tool scopes, and review logs before enabling account, filesystem, database, browser, or infrastructure actions.
Multi-user auth, sharing, presets, agents, and prompt libraries can leak capabilities between users if roles, groups, and admin settings are misconfigured.

Privacy notes

Chats, prompts, file uploads, image inputs, tool calls, MCP payloads, Skills, Subagent transcripts, Code Interpreter files, RAG chunks, embeddings, message search data, logs, and exports may contain private data.
Model providers, rerankers, search providers, MCP servers, custom endpoints, storage services, and analytics integrations may receive user content depending on configuration.
Keep `.env`, model keys, OAuth secrets, LDAP settings, MongoDB data, MeiliSearch indexes, pgvector data, upload folders, logs, and generated artifacts out of public repos and screenshots.
Before using shared agents or marketplace-style workflows, define who can view prompts, files, agent configs, Skills, MCP server definitions, and conversation exports.

Prerequisites

Docker Compose for the recommended local deployment path, or Node.js v20.19+ with separate MongoDB and MeiliSearch instances for npm-based setup.
Provider credentials for selected model routes such as Anthropic, OpenAI, Azure OpenAI, AWS Bedrock, Google, Vertex AI, OpenRouter, Groq, DeepSeek, Qwen, Ollama, or custom OpenAI-compatible endpoints.
Configured `.env`, optional `librechat.yaml`, MeiliSearch master key, MongoDB storage, pgvector/RAG API services, upload storage, and reverse-proxy settings for production.
A policy for which users can create agents, share agents, enable MCP servers, define Skills, run Code Interpreter, use web search, or upload files.
A backup, retention, auth, moderation, and update plan for multi-user self-hosted deployments.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 45 minutes
Difficulty: intermediate

Tool listing metadata

Website: https://librechat.ai/
Pricing: free
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Web

Full copyable content

git clone https://github.com/danny-avila/LibreChat.git
cd LibreChat
cp .env.example .env
docker compose up -d

About this resource

Overview

LibreChat is a self-hosted AI chat and agent platform. It started as a ChatGPT-style interface, but the current project description and README put it squarely in the agent/operator category: LibreChat Agents, MCP support, reusable Skills, Subagents, Code Interpreter, OpenAPI actions, custom functions, web search, artifacts, image generation, multi-provider model routing, secure multi-user auth, moderation, and token-spend tools.

It is a strong directory fit because it ranks across several active search clusters at once: self-hosted ChatGPT, Claude/OpenAI/Gemini model switching, MCP clients, agent builders, Skills, Subagents, Code Interpreter, RAG, and multi-user AI workspace deployment.

Install

The README and docs recommend Docker as the fastest local path. Basic shape:

git clone https://github.com/danny-avila/LibreChat.git
cd LibreChat
cp .env.example .env
docker compose up -d

The checked-in docker-compose.yml starts LibreChat, MongoDB, MeiliSearch, pgvector, and the LibreChat RAG API service. Edit .env and deployment configuration before using it beyond a local test.

Agent Capabilities

Area	LibreChat Coverage
Agents	No-code custom assistants, agent sharing, agent marketplace workflows, tools, file search, code execution, and provider compatibility
MCP	MCP support for tools and MCP server configuration workflows
Skills	Reusable `SKILL.md` instruction bundles for manual, automatic, or always-on agent workflows
Subagents	Delegated child agent runs with isolated context windows
Code Interpreter	Sandboxed code execution across Python, Node.js, Go, C/C++, Java, PHP, Rust, and Fortran according to the README
Models	Anthropic Claude, AWS Bedrock, OpenAI, Azure OpenAI, Google, Vertex AI, Responses API, custom endpoints, Ollama, Groq, Mistral, OpenRouter, DeepSeek, Qwen, and more
Retrieval and files	RAG API, pgvector service, file upload/analysis, message search, web search, reranking, and artifacts
Operations	Multi-user auth, OAuth2, LDAP, email login, moderation, token spend tools, presets, import/export, resumable streams, and Docker deployment

MCP and Skills Fit

LibreChat is one of the clearest MCP/Skills-adjacent content gaps because the README explicitly connects LibreChat Agents with MCP servers, tools, file search, code execution, reusable Skills, and Subagents. It is not a single MCP server; it is a self-hosted platform where users configure agents and external capabilities.

For HeyClaude users, that means LibreChat is a practical comparison point for Claude Desktop, Claude Code, LobeHub, Open WebUI, and other agent workspaces: the key question is not just whether it can call tools, but who controls the server config, which users can create agents, and how uploaded files, logs, and tool outputs are retained.

Source Review

Verified on 2026-06-18:

GitHub reports danny-avila/LibreChat as an active MIT-licensed repository with 39,000+ stars, 8,000+ forks, and topics including mcp, claude, responses-api, gpt-5, artifacts, and webui.
The repository description identifies LibreChat as an enhanced ChatGPT clone with Agents, MCP, Skills, DeepSeek, Anthropic, AWS, OpenAI, Responses API, Azure, Groq, GPT-5, Mistral, OpenRouter, Vertex AI, Gemini, Artifacts, model switching, message search, Code Interpreter, OpenAPI Actions, Functions, secure multi-user auth, presets, and self-hosting.
The README documents LibreChat Agents, Skills, Subagents, MCP support, Code Interpreter, web search, artifacts, image generation via OpenAI, DALL-E, Stable Diffusion, Flux, or MCP servers, file interactions, presets, auth, and deployment/configuration features.
docker-compose.yml defines services for the API, MongoDB, MeiliSearch, pgvector, and RAG API, with mounted .env, images, uploads, logs, and skill directories.
The root LICENSE file is MIT. The current package.json reports ISC, so license-sensitive usage should verify the dedicated LICENSE file and current upstream release before redistribution.

Safety and Privacy

LibreChat can become a full multi-user automation surface. Treat every enabled agent capability as a product permission: model endpoints, MCP servers, Skills, Subagents, Code Interpreter, web search, file upload, RAG, OpenAPI actions, and custom functions all deserve separate review.

Self-hosting also creates operational duties. MongoDB, MeiliSearch, pgvector, uploads, logs, skill files, and environment variables need backups, access controls, retention rules, and update discipline. Do not expose a deployment to real users until auth, secrets, storage, moderation, and logs have been checked.

Duplicate Check

Checked current content/tools/, content/mcp/, content/agents/, content/skills/, guides, collections, open pull requests, and repository-wide content for danny-avila/LibreChat, LibreChat, LibreChat Agents, LibreChat MCP, LibreChat Skills, LibreChat Subagents, self-hosted ChatGPT, Code Interpreter, MCP server support, and multi-provider AI chat. Existing content covers adjacent agent workspaces, MCP servers, skills, Code Interpreter-related tools, and model provider tools, but no dedicated LibreChat tools entry, exact source URL duplicate, target file, or open duplicate PR was found.

#librechat #ai-agents #mcp #skills #subagents #code-interpreter #self-hosted #chatgpt #claude #docker

Source citations

Add this badge to your README

Show that LibreChat is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/tools/librechat.svg)](https://heyclau.de/entry/tools/librechat)

How it compares

LibreChat side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	LibreChat Self-hosted AI chat and agent platform with LibreChat Agents, MCP support, reusable Skills, Subagents, Code Interpreter, web search, artifacts, multi-provider model routing, secure multi-user auth, and Docker Compose deployment. Open dossier	AnythingLLM Local-first AI application for private chat, document RAG, workspace agents, MCP-compatible tools, model routing, memories, scheduled tasks, multimodal workflows, multi-user Docker deployments, and self-hosted agent automation. Open dossier	LobeHub (formerly LobeChat) Self-hostable AI agent workspace formerly known as LobeChat, with agent builder, agent groups, personal memory, model-provider routing, skills, MCP-compatible plugins, Docker deployment, Vercel deployment, and IM gateway workflows. Open dossier	RAGFlow Open-source RAG and agentic retrieval platform with DeepDoc document understanding, visual chunking, grounded citations, heterogeneous data-source ingestion, agent workflows, MCP support, code executor support, and Docker self-hosting. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	tools	tools	tools	tools
Source	source-backed	source-backed	source-backed	source-backed
Author	LibreChat	Mintplex Labs	LobeHub	InfinityFlow
Added	2026-06-18	2026-06-18	2026-06-18	2026-06-18
Platforms	CLI	CLI	CLI	CLI
Source repo	—	—	—	—
Safety notes	✓LibreChat can combine agents, MCP servers, Skills, Subagents, file search, web search, Code Interpreter, OpenAPI actions, functions, and custom endpoints; each connected tool needs explicit permission review. The Docker Compose file starts application, MongoDB, MeiliSearch, pgvector, and RAG API services and mounts `.env`, uploads, logs, images, and skill directories. Review volumes and secrets before exposing the instance. Code Interpreter is designed for sandboxed execution, but uploaded files, generated code, network access, and language runtimes still need isolation and quota controls. MCP servers can expose read/write tools from local or remote systems. Start with read-only servers, restrict tool scopes, and review logs before enabling account, filesystem, database, browser, or infrastructure actions. Multi-user auth, sharing, presets, agents, and prompt libraries can leak capabilities between users if roles, groups, and admin settings are misconfigured.	✓AnythingLLM can run agents, scheduled tasks, MCP-compatible tools, browser-like workspace actions, developer APIs, and external model calls; scope tools and credentials before enabling them for users. The upstream Docker guide includes examples that add the SYS_ADMIN capability to the container. Review whether that capability is acceptable for the host before copying production run commands. Multi-user Docker deployments need normal production controls: authentication, TLS, network isolation, secret management, persistent-volume ownership, backups, and upgrade planning. Agent tools, custom agents, model routing, memories, and scheduled tasks can change behavior over time; use least privilege, logging, review gates, and rollback plans for write-capable workflows. Localhost services such as Ollama, Chroma, LocalAI, or LM Studio may need Docker host routing adjustments; avoid exposing local provider ports wider than intended.	✓Review the official deployment guide, generated Compose files, image tags, mounted volumes, and network bindings before running LobeHub on production or personal machines. LobeHub can organize agent teams, schedule work, use memory, connect skills, and use MCP-compatible plugins. Restrict write-capable plugins, account integrations, and scheduled actions until permissions are reviewed. Docker deployment can expose persistent storage, service ports, and provider credentials. Keep compose files, environment files, backups, and reverse-proxy configs under normal server hardening rules. The current repository license file uses the LobeHub Community License with additional commercial derivative-work conditions, while `package.json` still reports MIT. Treat the LICENSE file as the review source for usage decisions. Do not assume self-hosting removes third-party risk: model providers, plugins, skills, analytics, storage providers, and sandbox integrations can still receive data.	✓RAGFlow is a multi-service RAG platform, not a small CLI. Review Docker services, exposed ports, persistent volumes, model-provider keys, parser settings, and update strategy before production use. The README notes x86 Docker image availability and separate guidance for ARM64 builds; verify architecture before deploying on ARM hosts. Deep document parsing, OCR, chunking, embeddings, reranking, agent workflows, MCP, and code executor features can process sensitive files and produce misleading outputs if retrieval quality is not tested. The code executor feature requires sandbox review. Use gVisor or another isolation plan before running generated or user-provided code. MCP support should be configured with localhost binding, API-key hygiene, dataset-level scoping, and read-only retrieval defaults unless a broader tool surface has been reviewed.
Privacy notes	✓Chats, prompts, file uploads, image inputs, tool calls, MCP payloads, Skills, Subagent transcripts, Code Interpreter files, RAG chunks, embeddings, message search data, logs, and exports may contain private data. Model providers, rerankers, search providers, MCP servers, custom endpoints, storage services, and analytics integrations may receive user content depending on configuration. Keep `.env`, model keys, OAuth secrets, LDAP settings, MongoDB data, MeiliSearch indexes, pgvector data, upload folders, logs, and generated artifacts out of public repos and screenshots. Before using shared agents or marketplace-style workflows, define who can view prompts, files, agent configs, Skills, MCP server definitions, and conversation exports.	✓Uploaded documents, parsed chunks, embeddings, workspace memories, prompts, chat history, agent state, scheduled task inputs, MCP payloads, provider responses, logs, and API calls may contain sensitive data. The README documents anonymous telemetry and an opt-out through DISABLE_TELEMETRY=true or the in-app privacy setting; review this before using regulated or confidential data. Even with telemetry disabled, outbound calls may still go to configured LLMs, embedding models, vector databases, external tools, cdn.anythingllm.com, GitHub, or GitHubusercontent depending on the deployment. Keep provider keys, JWT secrets, workspace invite links, storage paths, private documents, and generated citations out of public prompts, screenshots, issues, and examples.	✓Agent prompts, chat history, scheduled tasks, personal memory, workspace context, uploaded files, model responses, tool calls, plugin traffic, MCP-compatible plugin payloads, logs, and analytics can contain private data. Model provider API keys, auth secrets, S3/storage credentials, database URLs, sandbox credentials, and analytics settings should stay in deployment secrets, not committed configs or screenshots. If using shared workspaces, define who can inspect agent memory, saved prompts, generated pages, project history, plugin configuration, logs, and scheduled task results. Before enabling cloud providers, plugins, skills, or analytics, review data retention and regional handling outside the self-hosted instance.	✓Uploaded documents, parsed chunks, OCR text, embeddings, dataset metadata, chat history, citations, agent workflow state, code executor inputs, MCP payloads, logs, and model responses may contain private or regulated data. Model providers, embedding providers, rerankers, synchronized data sources, object storage, databases, and MCP clients may receive data depending on deployment settings. Keep RAGFlow API keys, provider keys, service configuration, dataset IDs, document IDs, logs, backups, and generated citations out of prompts, public issues, screenshots, and committed examples. Define retention, deletion, access review, and export rules before ingesting customer, financial, legal, healthcare, source-code, or credential-bearing documents.
Prerequisites	Docker Compose for the recommended local deployment path, or Node.js v20.19+ with separate MongoDB and MeiliSearch instances for npm-based setup. Provider credentials for selected model routes such as Anthropic, OpenAI, Azure OpenAI, AWS Bedrock, Google, Vertex AI, OpenRouter, Groq, DeepSeek, Qwen, Ollama, or custom OpenAI-compatible endpoints. Configured `.env`, optional `librechat.yaml`, MeiliSearch master key, MongoDB storage, pgvector/RAG API services, upload storage, and reverse-proxy settings for production. A policy for which users can create agents, share agents, enable MCP servers, define Skills, run Code Interpreter, use web search, or upload files.	Docker for the documented self-hosted path, or the desktop application for a local workstation install. At least the upstream minimum host resources, with disk sized for documents, embeddings, vector storage, models, logs, and backups. A local or remote LLM provider, embedding provider, and optional speech or image models for the workflows the workspace will run. A storage, backup, retention, and access-control plan before ingesting private documents or opening a multi-user Docker instance.	Docker Compose, Vercel, or another supported deployment target from the official self-hosting documentation. Model-provider credentials such as `OPENAI_API_KEY`, plus any provider-specific proxy, model list, auth, storage, sandbox, analytics, or database settings required by the deployment. A review of the official deployment files, image tags, mounted volumes, environment variables, and network bindings before running LobeHub on a machine with sensitive data. A storage, auth, backup, retention, and update plan for a self-hosted agent workspace.	CPU with at least 4 cores, 16 GB RAM, 50 GB disk, Docker 24.0.0 or newer, and Docker Compose v2.26.1 or newer for the documented self-hosted path. Python 3.13 for source/development workflows. gVisor if the code executor sandbox feature will be used. Configured model-provider and embedding-provider keys in the documented service configuration.
Install	`docker compose up -d`	`docker pull mintplexlabs/anythingllm`	`docker compose up -d`	`docker compose -f docker-compose.yml up -d`
Config	—	—	—	—
Citations	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationdocs.librechat.ai Websitelibrechat.ai	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationdocs.anythingllm.com	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationlobehub.com	Source repositorygithub.com 2026-06-18T13:46:08-07:00 Documentationragflow.io
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Featured in

Best list: Best AI coding agents

Signals

Loading live community signals…