Open Source · MIT License

Your AI agent.
Your desktop. Your rules.

Plug in your own API key. Get a fully governed AI agent with file access, shell commands, MCP connectors, and mobile remote control — secured by cryptographic governance at every layer.

Download for Free View on GitHub
10
AI Providers
<10 MB
Download Size
3
Window Modes
50+
Built-In Features
0
Credentials in Flat Files
Bring Your Own AI
Any model. Any provider.
Your API key.
Connect to the AI you already pay for. Cuttlefish routes through your key — we never see it, store it, or bill for tokens. Keys live in your OS keychain, not flat files.

10 Providers, One Interface

OpenAI, Anthropic, Google, Azure OpenAI, xAI, DeepSeek, Mistral, Groq, Ollama (local), or any OpenAI-compatible endpoint. Add connections in seconds, test them instantly, switch mid-session.

OpenAI Anthropic Google Azure xAI DeepSeek Mistral Groq Ollama Custom

OS Keychain Storage

API keys stored in macOS Keychain, Windows Credential Manager, or Linux Secret Service. Hardware-backed encryption where supported. Never in localStorage, never in flat files.

SECURITY

Extended Thinking

Toggle extended reasoning mode for complex tasks. Watch the AI's thinking process unfold in collapsible blocks — full transparency into how your agent reasons.

AI FEATURES

File & Image Attachments

Drag images, PDFs, code files, and CSV data directly into chat. 5 MB per file, inline preview chips, base64 encoding. Your agent can see what you see.

CHAT
Desktop Agent
A real agent on your machine.
Not a chatbot with delusions.
Cuttlefish can read files, execute shell commands, manage your clipboard, and connect to external tools — all sandboxed and governed.

Sandboxed File Access

Read, write, stat, and list files via Tauri IPC. 10 MB read limit, UNC path rejection, null byte filtering. Sandboxed to user-configured allowed directories.

  • Allowed directory whitelist
  • Symlink traversal protection
  • Consent prompts for writes

Shell Command Execution

Run terminal commands with 30-second timeout, 1 MB output cap, and full stdout/stderr capture. Every execution governed by risk tier classification.

  • T0/T1/T2 risk tiers
  • Auto-deny after 60s inactivity
  • Max 8 tool iterations per request

Clipboard Bridge

Agent reads from and writes to your clipboard via native Tauri plugin. Gated behind the Clipboard Access capability toggle — you decide what's allowed.

  • Read/write via capability toggle
  • Governed like all other tools

Tiered Consent System

Every tool action classified by risk. Read-only operations flow through quietly. File writes need a tap. System-level commands get a full modal with countdown timer and risk badge.

T0
Read-Only
File reads, stat, list. Passthrough.
T1
Reversible
File writes. Quick approve/deny.
T2
System-Level
Shell execution. Full modal, 60s auto-deny.

MCP Connector Ecosystem

Browse and install Model Context Protocol servers from the Explore marketplace. Notion, GitHub, Slack, Google Drive, Postgres, and more — each with per-tool permission review before install.

  • Health monitoring with reconnect
  • Per-tool allow/deny granularity
  • Custom MCP server support (stdio + HTTP)
  • Tool discovery + SHA-256 namespacing
Desktop Native
Three window modes.
Always one shortcut away.
Full app for deep work. Companion widget for quick questions. Animated mascot when you just want it nearby. Switch instantly with Ctrl+Space.
Full App
1200 × 800
All tabs — Chat, Canvas, Explore, Settings. Standard window with resize, maximize, multi-monitor.
Companion
400 × 600
Always-on-top floating chat panel. Resizable, position remembered across restarts.
Mascot
120 × 120
Transparent 3D animated cuttlefish with WebGL shaders, ink particles, and bioluminescent glow.

Keyboard First

Full keyboard navigation. Command palette, tab switching, new chat, settings — all without touching the mouse.

Ctrl+Space Toggle mode
Ctrl+K Commands
Ctrl+N New chat
Ctrl+1–4 Switch tabs

Native Notifications

Windows Toast, macOS Notification Center, Linux D-Bus. Task completions, remote commands, agent alerts — all through your OS notification system.

Launch at Login

Optional auto-start via Windows registry. System tray icon with context menu — open full, quick chat, hide to mascot, or quit. Minimize-to-tray on close.

Explore
Connectors. Skills. Triggers.
One marketplace.
Browse the catalog, install MCP connectors, add skill manifests from GitHub or URL, and set up automated triggers — all from the Explore tab.

MCP Connectors

Notion, GitHub, Google Drive, Slack, Postgres, File System, Web Browser, and more. Per-tool permission review, health monitoring, one-click install.

8+ FEATURED

Installable Skills

Add capabilities from the catalog, GitHub repos, URLs, or local files. Each skill brings system instructions and tool definitions — validated, versioned, toggleable.

EXTENSIBLE

Trigger Templates

Daily summary, file organizer, code review reminder, meeting prep, email digest. Four-step wizard: configure → set condition → define action → review.

5 BUILT-IN
Mobile Remote
Control your desktop agent
from your phone.
Scan a QR code, pair in seconds. Send commands from the mobile PWA — they execute on your desktop through an E2E encrypted relay.

End-to-End Encrypted Remote Control

Every command HMAC-SHA256 signed with a shared secret established during pairing. Nonce deduplication, sequence monotonicity, device fingerprint binding, and 5-minute TTL on pairing tokens. The relay is a dumb proxy — all crypto is end-to-end.

  • 256-bit CSPRNG pairing tokens
  • HMAC-SHA256 command signing
  • Canonical JSON for cross-platform hash agreement
  • High-risk commands require desktop approval
  • Offline queue with auto-send on reconnect

Instant Pairing

QR code or manual 8-character code (ABCD-1234). Codes auto-refresh every 4 minutes. Up to 3 paired devices, visible in settings with one-click revoke.

Installable PWA

Full chat interface at app.getcuttlefish.app. Auto-install prompt, standalone mode, 100-message local history, encrypted session storage in IndexedDB, proactive token refresh.

Security
Built to be safe.
Not patched to be less dangerous.
Security isn't a feature we added. It's the architecture everything else sits on.
Cuttlefish Others
Credential storage OS Keychain Flat files (chmod 600)
Action governance Preflight → LiveGuard → Receipt None
Audit trail Ed25519-signed, WORM, 7-year retention No audit trail
Tool consent Risk-tiered with auto-deny timeout Global allow/deny
Process isolation Tauri (Rust + WebView, no Node in renderer) Electron (full Node access)
Remote command auth HMAC + nonce + seq + TTL + fingerprint N/A
Bundle size ~10 MB ~ 200 MB+
Internet-exposed instances 0 (localhost only) 135,000+
Get Started
From download to agent
in under 5 minutes.
Five-step guided onboarding. Add your API key, set capabilities, configure allowed directories, and start chatting.

Welcome

Meet the mascot. Understand the mission. Get started or skip — your choice.

Connect Your AI

Pick a provider, paste your API key, test the connection. Key goes straight to your OS keychain.

Set Capabilities

Toggle file access, shell commands, clipboard. Each one is a conscious choice, not a hidden default.

Allowed Directories

Choose where the agent can operate. Home, Documents, Desktop — or type any custom path. Nothing is assumed.

Ready to take control?

Free. Open source. No account required. Just download, add your API key, and go.

Download for Free Read the Docs