KeepAI: a local, open-source API hub that lets AI agents use your apps safely

KeepAI, a new open-source desktop app and CLI, provides a local API hub that lets AI agents interact with services like Gmail, Notion, and GitHub without exposing long-lived credentials. The tool enforces fine-grained permissions, requires human approval for sensitive actions, and maintains a full audit trail, keeping API keys encrypted on the user's machine. It is free during beta and available under AGPL-3.0.

AI agents are getting good at doing things — triaging your inbox, updating a Notion doc, opening a GitHub issue, moving a Trello card. But to do any of that, an agent needs access to your accounts. And that's where most setups quietly become a problem: you hand an agent a long-lived API key or an OAuth token with broad scopes, and from that moment you have very little say over what it actually does with them. KeepAI is an attempt to fix that part. It's a local API hub for AI agents — a desktop app plus a CLI npx keepai that sits between your agents and your apps, so agents connect to Gmail, Notion, GitHub, Trello, or Airtable through a layer you control. The core idea: connect once, stay in control Instead of giving each agent raw credentials, you connect your apps to KeepAI once. Agents then talk to KeepAI, and KeepAI enforces three things on every request: Fine-grained permissions. You scope exactly what each agent is allowed to do — which apps, which actions, which resources. A summarizer agent can read your inbox without being able to send mail; a triage agent can label issues without being able to delete repos. Human approvals. Sensitive or irreversible actions sending an email, deleting data, posting publicly can require an explicit OK from you before they go through. The agent proposes; you approve. A full audit trail. Every request an agent makes is logged. If something looks off, you can see exactly what was requested, when, and whether it was approved. The mental model is simple: the agent gets capabilities, not credentials. Your keys stay on your machine KeepAI runs locally. Your credentials and API keys never leave your device — they're stored locally with end-to-end encryption rather than sitting in a third-party cloud. That's a meaningful difference if you're uneasy about pasting production tokens into yet another hosted service just to let an agent send a message. Getting started The fastest way to try it is the CLI: bashnpx keepai That brings up the hub locally; from there you connect the apps you want to expose and point your agent at KeepAI. There's also a desktop app if you'd rather manage permissions, approvals, and the audit log from a UI. Open source and free in beta KeepAI is open source under AGPL-3.0, and it's free during the open beta. If you want to read the code, file an issue, or just see how the permission/approval model is implemented, the repo is public. Website: https://www.getkeep.ai https://www.getkeep.ai GitHub: https://github.com/nostrband/KeepAI https://github.com/nostrband/KeepAI If you're building with agents and you've been hesitating to give them real access to your tools, this is exactly the gap KeepAI is trying to close — give agents room to act, without giving up visibility or control.