{"slug": "show-hn-phlox-open-source-self-hosted-agentic-web-chat", "title": "Show HN: Phlox – Open-source self-hosted agentic web chat", "summary": "Phlox, an open-source self-hosted agentic web chat application, has been released on GitHub. It supports any model provider including AWS Bedrock and OpenAI-compatible endpoints, and features agentic tool use, document RAG, code execution, MCP integration, and multi-user authentication with cost accounting.", "body_md": "Phlox is a self-hostable chat application with an agentic harness, document RAG, code\nexecution, and MCP integration β€” running over **any** model provider: **AWS Bedrock** or\n**any OpenAI-compatible endpoint** (OpenAI, Ollama, vLLM, LiteLLM, LM Studio, local\nmodels).\n\n- πŸ’¬\n**Streaming chat** with conversation history, rename/delete, search & export, message edit/regenerate, markdown with highlighted/copyable code,**Mermaid diagrams** and**LaTeX math**. - πŸ€–\n**Agentic harness**(inspired by PI Coder): the model uses tools in a loop β€” filesystem (`read_file`\n\n/`write_file`\n\n/`edit_file`\n\n/`glob`\n\n/`grep`\n\n),`run_shell`\n\n,`execute_python`\n\n/`execute_node`\n\n,`search_documents`\n\n,`web_fetch`\n\n, plus**planning**(`update_todos`\n\n),**sub-agents**(`spawn_subagent`\n\n),**memory**(`save_memory`\n\n), and**checkpoints**β€” each scoped to a per-conversation sandboxed workspace. - 🀝\n**Human-in-the-loop approvals**β€” pause on sensitive tools, approve/deny, resume. - 🧰\n**Code execution** with captured output and**artifacts** shown inline + a**Workspace Files** panel to browse/download everything the agent created. - πŸ—‚οΈ\n**Workspace checkpoints**β€” git-backed snapshots with one-click restore. - πŸ“š\n**Documents / RAG**β€” upload PDF/DOCX/TXT/MD/code;** hybrid (dense+sparse) search**over** Qdrant**with reranking + citations; global or per-conversation scoping. Works offline via a fallback embedder. - 🧠\n**Cross-conversation memory**β€” durable facts recalled across chats. - πŸ–ΌοΈ\n**Multimodal**β€” attach images to messages for vision models. - πŸ”Œ\n**MCP integration**β€” connect Model Context Protocol servers; their tools join automatically. - πŸ”€\n**Any provider**β€” named profiles for Bedrock / OpenAI-compatible endpoints, switchable live, with a connection tester. - 🏠\n**Runs fully local**β€” point at** Ollama**,** LM Studio**, or** vLLM**(any OpenAI-compatible server) for offline, self-hosted inference with no cloud API key; RAG embeddings can run locally too. - πŸ”\n**Auth & multi-user**β€” local accounts (or** Entra ID SSO**),`user`\n\n/`admin`\n\nroles, per-user data isolation, an**admin panel**(users, MCP, tools, auth). See[docs/AUTH.md](/robert-mcdermott/phlox/blob/main/docs/AUTH.md). - πŸ’΅\n**Usage & cost accounting**β€” per-message token/cost in the UI, plus an admin** chargeback**view: usage by** month Γ— user Γ— department Γ— model**, CSV export for finance, and a durable ledger that keeps a departed user's costs billable after their account is deleted. See[docs/OBSERVABILITY.md](/robert-mcdermott/phlox/blob/main/docs/OBSERVABILITY.md). - βš™οΈ\n**Live admin configuration**β€” edit provider profiles (keys write-only), model pricing, resilience, generation defaults, and sandbox limits from an admin-only**Configuration** panel, applied without a server restart.`config.yml`\n\nremains the seed. - πŸ“¦\n**Container sandbox**β€” run code in an isolated** Podman/Docker**container with resource limits + network isolation. See[docs/SANDBOX.md](/robert-mcdermott/phlox/blob/main/docs/SANDBOX.md). - 🎨\n**Theming**β€” Phlox Dark (default) + Phlox Light/Light/Dark/Fred Hutch/Hutch Night/Sandstone, instant switching. See[docs/THEMING.md](/robert-mcdermott/phlox/blob/main/docs/THEMING.md). - πŸ›‘οΈ\n**Per-tool permissions**β€”`auto | ask | deny`\n\n, with an \"Agent mode\" toggle.\n\n| Doc | What it covers |\n|---|---|\n|\n\n**start here**[docs/ROADMAP.md](/robert-mcdermott/phlox/blob/main/docs/ROADMAP.md)[docs/AUTH.md](/robert-mcdermott/phlox/blob/main/docs/AUTH.md)**Entra ID SSO** setup[docs/SANDBOX.md](/robert-mcdermott/phlox/blob/main/docs/SANDBOX.md)**Podman/Docker container** code-execution sandbox[docs/OBSERVABILITY.md](/robert-mcdermott/phlox/blob/main/docs/OBSERVABILITY.md)[docs/MCP.md](/robert-mcdermott/phlox/blob/main/docs/MCP.md)[docs/THEMING.md](/robert-mcdermott/phlox/blob/main/docs/THEMING.md)[docs/ADDING_A_TOOL.md](/robert-mcdermott/phlox/blob/main/docs/ADDING_A_TOOL.md)Β·[docs/ADDING_A_PROVIDER.md](/robert-mcdermott/phlox/blob/main/docs/ADDING_A_PROVIDER.md)[AGENTS.md](/robert-mcdermott/phlox/blob/main/AGENTS.md)Two processes: a **FastAPI** backend (LLM orchestration, agent harness, MCP, RAG, code\nexec, auth, SQLite persistence) and a **React/Vite** frontend. Full details in\n** docs/ARCHITECTURE.md**.\n\n```\nbackend/ FastAPI app (app/), config.yml, SQLite + Qdrant under data/\nfrontend/ React + Vite + Tailwind SPA\ndocs/ ARCHITECTURE, ROADMAP, AUTH, SANDBOX, MCP, THEMING, ADDING_A_*\nscripts/ dev.ps1 / dev.sh\n```\n\nPrerequisites: **Python 3.11+** with [ uv](https://docs.astral.sh/uv/),\n\n**Node 18+**, and a model provider (a local\n\n[Ollama](https://ollama.com)is the easiest).\n\n```\n# 1. Backend\ncd backend\nuv sync\ncp config.yml.example config.yml # edit: set your provider profile(s)\nuv run uvicorn app.main:app --reload --port 8000\n\n# 2. Frontend (separate terminal)\ncd frontend\nnpm install\nnpm run dev # open http://localhost:5173\n```\n\nOn Windows you can run both with `./scripts/dev.ps1`\n\n; on macOS/Linux `./scripts/dev.sh`\n\n.\n\nEdit `backend/config.yml`\n\n(full examples in `config.yml.example`\n\n). Any\n**OpenAI-compatible** server works with `type: openai`\n\nβ€” just point `endpoint`\n\nat it. That\ncovers the popular **local** runtimes, so Phlox can run **entirely offline** with no\ncloud API key:\n\n```\ndefault_profile: local-ollama\nprofiles:\n local-ollama:\n type: openai\n label: \"Ollama (local)\"\n endpoint: http://localhost:11434/v1\n api_key: ollama # required by the client, ignored by Ollama\n model: qwen3.6:35b\n # Optional: restrict/seed the model dropdown. If omitted, /api/providers\n # tries to list models from the endpoint.\n models: [qwen3.6:35b, glm-4.7-flash:latest]\n supports_tools: true # set false for models without tool-calling\n\n # LM Studio (local) β€” enable its server under the \"Developer\" tab (default port 1234).\n lmstudio:\n type: openai\n label: \"LM-Studio (local)\"\n endpoint: http://localhost:1234/v1\n api_key: none # required by the client, ignored by LM-Studio\n model: qwen/qwen3.6-27b\n # Optional: restrict/seed the model dropdown. If omitted, /api/providers\n # tries to list models from the endpoint.\n models: [qwen/qwen3.6-27b]\n supports_tools: true # set false for models without tool-calling\n```\n\nThe same `type: openai`\n\nshape also covers **OpenAI**, **LiteLLM**, and any other\nOpenAI-compatible gateway β€” set the `endpoint`\n\nand `api_key`\n\n. For **AWS Bedrock**, use\n`type: bedrock`\n\nwith a `model`\n\nid and `aws_region`\n\n(credentials resolve via the standard\nAWS chain; for temporary STS creds also set `aws_session_token`\n\n).\n\nDefine as many profiles as you like and switch between them live in **Settings β†’ Model**\n(there's a built-in connection tester). Embeddings for document RAG can also run locally β€”\ne.g. Ollama's `nomic-embed-text`\n\nβ€” so the whole stack stays offline.\n\nEdit config without a restart.`config.yml`\n\nis the seed; an admin can edit provider profiles, model pricing, resilience, generation defaults, and sandbox limitsliveinSettings β†’ (Admin) Configuration(overrides are stored in the DB and applied immediately). API keys there are write-only/masked. Bootstrap-sensitive settings (`auth`\n\n,`vector_store`\n\n, the sandbox runnertype, OTel) stay file-only and need a restart. See[docs/AUTH.md]Β§admin config.\n\nAuth is **on by default** with a seeded admin: ** admin / admin**. Manage users, reset\npasswords, and view/configure SSO under\n\n**Settings β†’ (Admin) Users / Authentication**.\n\n**Change the default admin password and set a real** before sharing access β€” see\n\n`auth.jwt_secret`\n\n[docs/AUTH.md](/robert-mcdermott/phlox/blob/main/docs/AUTH.md). To run single-user with no login, set\n\n`auth.enabled: false`\n\n.By default code runs in a **local subprocess** (fast, trusts the host). For isolation, set\n`sandbox.runner: container`\n\nto run each execution in an ephemeral **Podman/Docker**\ncontainer with CPU/memory/PID limits and network isolation β€” see [docs/SANDBOX.md](/robert-mcdermott/phlox/blob/main/docs/SANDBOX.md).\n\n```\ncd frontend && npm run build # outputs frontend/dist\ncd ../backend && uv run uvicorn app.main:app --port 8000\n```\n\nFastAPI serves the built SPA from `frontend/dist`\n\nat `/`\n\n.\n\nThe backend has a pytest suite (unit + FastAPI `TestClient`\n\nAPI tests + scripted-provider\nagent-loop/fallback tests); the frontend is verified by a production build. The same checks\nrun in **GitHub Actions CI** (`.github/workflows/ci.yml`\n\n) on every push/PR.\n\n```\n# Backend: lint + tests (from backend/)\ncd backend\nuv sync --extra dev # installs ruff + pytest\nuv run ruff check app tests\nuv run pytest # or: uv run pytest -k usage to run a subset\n\n# Frontend: the CI check is the build (from frontend/)\ncd ../frontend && npm run build\n```\n\nThe tests run against an in-memory/temp SQLite DB with `auth.enabled`\n\noff (a synthetic dev\nadmin), so no provider credentials or network are needed β€” agent-loop tests use a built-in\n**scripted \"test\" provider**. Coverage includes the chargeback ledger surviving user\ndeletion (`tests/test_api.py::test_usage_ledger_survives_user_deletion`\n\n).\n\n`backend/evals/run_evals.py`\n\nexercises the agent against a **real** configured provider\n(tool use, RAG, multi-step). It needs a working `config.yml`\n\nprofile and is **not** part of\nCI:\n\n```\ncd backend && uv run python -m evals.run_evals\n```\n\n**Auth:** change the seeded`admin`\n\n/`admin`\n\nand set a strong`auth.jwt_secret`\n\n(env`PHLOX_JWT_SECRET`\n\n) before any shared use. Data is isolated per user; admin features are role-gated.**Sandbox:** the local runner trusts the host (fine for single-user/local). For untrusted/multi-user execution use`sandbox.runner: container`\n\n([docs/SANDBOX.md](/robert-mcdermott/phlox/blob/main/docs/SANDBOX.md)).- Mutating/execution tools default to the\npermission policy; \"Agent mode\" auto-approves for a turn.`ask`\n\n**Sensitive data (PHI):** Postgres, audit logging, secrets management, and data governance are tracked as**Tier 5** in the[roadmap](/robert-mcdermott/phlox/blob/main/docs/ROADMAP.md)and are required before any deployment touching sensitive data.\n\nLicensed under the **Apache License, Version 2.0** β€” see [LICENSE](/robert-mcdermott/phlox/blob/main/LICENSE).\nCopyright Β© 2026 Robert McDermott <[robert.c.mcdermott@gmail.com](mailto:robert.c.mcdermott@gmail.com)>.", "url": "https://wpnews.pro/news/show-hn-phlox-open-source-self-hosted-agentic-web-chat", "canonical_source": "https://github.com/robert-mcdermott/phlox", "published_at": "2026-06-15 21:59:38+00:00", "updated_at": "2026-06-15 22:18:28.572167+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-infrastructure", "large-language-models", "developer-tools"], "entities": ["Phlox", "AWS Bedrock", "OpenAI", "Ollama", "vLLM", "LiteLLM", "LM Studio", "Qdrant"], "alternates": {"html": "https://wpnews.pro/news/show-hn-phlox-open-source-self-hosted-agentic-web-chat", "markdown": "https://wpnews.pro/news/show-hn-phlox-open-source-self-hosted-agentic-web-chat.md", "text": "https://wpnews.pro/news/show-hn-phlox-open-source-self-hosted-agentic-web-chat.txt", "jsonld": "https://wpnews.pro/news/show-hn-phlox-open-source-self-hosted-agentic-web-chat.jsonld"}}