AI agents are getting good at doing things — triaging your inbox, updating a Notion doc, opening a GitHub issue, moving a Trello card. But to do any of that, an agent needs access to your accounts. And that's where most setups quietly become a problem: you hand an agent a long-lived API key or an OAuth token with broad scopes, and from that moment you have very little say over what it actually does with them.
KeepAI is an attempt to fix that part. It's a local API hub for AI agents — a desktop app plus a CLI (npx keepai) that sits between your agents and your apps, so agents connect to Gmail, Notion, GitHub, Trello, or Airtable through a layer you control.
The core idea: connect once, stay in control
Instead of giving each agent raw credentials, you connect your apps to KeepAI once. Agents then talk to KeepAI, and KeepAI enforces three things on every request:
Fine-grained permissions. You scope exactly what each agent is allowed to do — which apps, which actions, which resources. A summarizer agent can read your inbox without being able to send mail; a triage agent can label issues without being able to delete repos.
Human approvals. Sensitive or irreversible actions (sending an email, deleting data, posting publicly) can require an explicit OK from you before they go through. The agent proposes; you approve.
A full audit trail. Every request an agent makes is logged. If something looks off, you can see exactly what was requested, when, and whether it was approved.
The mental model is simple: the agent gets capabilities, not credentials.
Your keys stay on your machine
KeepAI runs locally. Your credentials and API keys never leave your device — they're stored locally with end-to-end encryption rather than sitting in a third-party cloud. That's a meaningful difference if you're uneasy about pasting production tokens into yet another hosted service just to let an agent send a message.
Getting started
The fastest way to try it is the CLI:
bashnpx keepai
That brings up the hub locally; from there you connect the apps you want to expose and point your agent at KeepAI. There's also a desktop app if you'd rather manage permissions, approvals, and the audit log from a UI.
Open source and free in beta
KeepAI is open source under AGPL-3.0, and it's free during the open beta. If you want to read the code, file an issue, or just see how the permission/approval model is implemented, the repo is public.
Website: [https://www.getkeep.ai](https://www.getkeep.ai)
GitHub: [https://github.com/nostrband/KeepAI](https://github.com/nostrband/KeepAI)
If you're building with agents and you've been hesitating to give them real access to your tools, this is exactly the gap KeepAI is trying to close — give agents room to act, without giving up visibility or control.