open-slap
mcp
Warn
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool is a personal desktop assistant featuring a multi-agent AI system with a local FastAPI backend and React frontend. It provides real-time chat, supports multiple LLM providers, and includes an MCP marketplace for integrations.
Security Assessment
The overall risk is rated as Medium. The lightweight code scan of 12 files found no dangerous patterns, hardcoded secrets, or requests for overly broad system permissions. However, by design, the application processes sensitive data (JWT authentication) and includes built-in connectors for highly sensitive platforms like Google Drive, Gmail, and Telegram. It also features controlled local automation and MoE routing that can handle OS commands. While these capabilities are gated behind user-configured permissions, the tool's broad access scope warrants caution.
Quality Assessment
The project is actively maintained, with its most recent repository push occurring today. The developer mentions Apache 2.0 licensing in the documentation, though automated health checks flagged a warning because the license file is nested inside a subdirectory rather than being at the repository root. Community trust is currently very low; the project has minimal public visibility with only 5 GitHub stars, meaning it has not undergone broad peer review.
Verdict
Use with caution—the codebase appears safe without obvious red flags, but its extensive integration capabilities and lack of widespread community auditing require you to thoroughly review your local permission settings before use.
This tool is a personal desktop assistant featuring a multi-agent AI system with a local FastAPI backend and React frontend. It provides real-time chat, supports multiple LLM providers, and includes an MCP marketplace for integrations.
Security Assessment
The overall risk is rated as Medium. The lightweight code scan of 12 files found no dangerous patterns, hardcoded secrets, or requests for overly broad system permissions. However, by design, the application processes sensitive data (JWT authentication) and includes built-in connectors for highly sensitive platforms like Google Drive, Gmail, and Telegram. It also features controlled local automation and MoE routing that can handle OS commands. While these capabilities are gated behind user-configured permissions, the tool's broad access scope warrants caution.
Quality Assessment
The project is actively maintained, with its most recent repository push occurring today. The developer mentions Apache 2.0 licensing in the documentation, though automated health checks flagged a warning because the license file is nested inside a subdirectory rather than being at the repository root. Community trust is currently very low; the project has minimal public visibility with only 5 GitHub stars, meaning it has not undergone broad peer review.
Verdict
Use with caution—the codebase appears safe without obvious red flags, but its extensive integration capabilities and lack of widespread community auditing require you to thoroughly review your local permission settings before use.
Personal desktop assistant with real-time chat, agnostic support for multiple LLM providers (local and free-tiers included), a full agentic team and local automation with permissions. You can customize it as you wish.
README.md
🚀 Open Slap! — Desktop-local agentic engine
Multi-agent AI system with MoE routing, SQLite+FTS5 memory, and MCP marketplace.
⚡ Local assistant with real-time chat, multiple LLM providers, and controlled automation
📁 Current Version: v2.1.1
All documentation, code, and resources are in the v2.1.1/ directory.
Quick Links
- 📖 README (PT/EN) — Full documentation
- 📋 Installation Guide — Setup instructions
- 🗒️ Dev Journal — Development decisions
- 📜 Changelog — Version history
- 📄 License — Apache 2.0
🏗️ Architecture Highlights
- Backend: FastAPI (Python) with async SSE streaming
- Frontend: React + Vite with real-time UI
- Memory: SQLite + FTS5 + Vector embeddings (RAG)
- Routing: MoE (Mixture of Experts) with 6 specialists
- Integrations: MCP marketplace with 10+ providers
🚀 Quick Start
cd v2.1.1/src/backend
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
python main_auth.py
Then open http://localhost:8000
See v2.1.1/README.md for complete documentation.
| Área | O que existe |
|---|---|
| Chat em tempo real | WebSocket com streaming incremental e estado de conexão |
| MoE (experts) | Seleção de especialista por keywords + heurísticas; opção de override |
| Plan→Build | Planos estruturados (bloco plan) + execução/orquestração incremental |
| Memória | SQLite + RAG/FTS + heurísticas (salience, decay, consolidação) |
| Conectores | GitHub, Google Drive/Calendar/Gmail, Telegram (opcionais) |
| Segurança | JWT, settings de permissões (OS commands, web retrieval, file write, connectors, system profile) |
| Interface | Onboarding, boot screen, temas e i18n (PT/EN/ES/AR/ZH) |
Estrutura do repositório
src/
backend/ (Python/FastAPI)
frontend/ (React/Vite)
docs/
README.md
INSTALLATION.md
DEV_JOURNAL.md
CHANGELOG.md
LICENCE.md
Início rápido (Windows)
1) Backend (FastAPI)
cd src\backend
python -m venv .venv
.\.venv\Scripts\Activate.ps1
pip install -r requirements.txt
# opcional: copiar env.example para .env e configurar um provider
Copy-Item env.example .env
python main_auth.py
Servidor (padrão): http://127.0.0.1:5150 (OPENSLAP_HOST/OPENSLAP_PORT).
2) Frontend (React/Vite)
cd src\frontend
npm install
npm run dev
Frontend (padrão Vite): http://localhost:5173.
Instalação completa: v2.1.1/docs/INSTALLATION.md
Variáveis de ambiente
- Template do backend: v2.1.1/src/backend/env.example
- Template do router (MoE LLM-first opcional): v2.1.1/.env.example
Testes e verificação
Backend:
cd src\backend
.\.venv\Scripts\Activate.ps1
pytest -q
Frontend:
cd src\frontend
npm run build
Documentação (pública)
- Journal (decisões, incidentes, pendências): v2.1.1/docs/DEV_JOURNAL.md
- Changelog (mudanças por versão): v2.1.1/docs/CHANGELOG.md
- Guidelines Node (evitar
node_modulesduplicado): v2.1.1/docs/NODE_PROJECT_GUIDELINES.md
Notas de segurança
- Não versionar
.env,node_modules/,dist/, caches (__pycache__/) nem bancos locais (*.db,*.sqlite). - Credenciais devem ser tratadas como efêmeras e não devem ir para logs, memória ou RAG.
Open Slap! — Desktop-local agentic engine (v2.1)
Backend: FastAPI (Python) · Frontend: React + Vite · License: see v2.1.1/docs/LICENCE.md
Open Slap! is a desktop-local assistant (a server running on your machine) with real-time chat, multi-LLM providers and permissioned local automation.
- Public journal: v2.1.1/docs/DEV_JOURNAL.md
- Public changelog: v2.1.1/docs/CHANGELOG.md
- Full installation: v2.1.1/docs/INSTALLATION.md
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found