securityprivacylocalhost
Odysseus Security & Safe Defaults
Odysseus is a powerful admin workspace — not a public chatbot. Start local, stay authenticated, and expand access only when you mean to.
Golden rule
Default to localhost only. Odysseus can run shell commands, read files, and hold API tokens — don't expose it like a consumer app.
Safe defaults checklist
- ✓Access via http://localhost:7000 on the same machine first
- ✓Change the admin password after first login in Settings
- ✓Keep Odysseus on localhost until you understand the risk
- ✗Do not expose raw port 7000 to the public internet
- ✗Never paste API keys into random websites or fake installers
- ✗Do not share admin credentials in GitHub issues or Discord
Privacy boundary
Local-first ≠ offline-only. Here's what can leave your machine:
| Feature | Stays local | May leave machine |
|---|---|---|
| Local Ollama chat | Prompts stay on your machine | Nothing, if no cloud API is configured |
| Cloud API (OpenAI, etc.) | Settings stored locally | Prompts sent to your configured provider |
| Deep research / web search | Reports saved locally | Queries may hit external search APIs |
| Agents, shell, MCP tools | Runs on your hardware | Connected tools may receive context you send |
Related guides
FAQ