Open Terminal is a lightweight, self-hosted terminal designed to provide AI agents and automation tools with a dedicated environment for executing commands, managing files, and running code, all accessible through a simple REST API. Its primary purpose is to address the need for a robust and controllable execution environment for AI assistants capable of generating and interacting with code.

The core methodology revolves around providing a remote shell and file system access via an API. It supports two primary deployment modes, each offering different levels of isolation and host integration:

1. Docker (Sandboxed): This is the recommended mode, running Open Terminal within an isolated Docker container. This environment comes pre-equipped with a comprehensive toolkit including Python, Node.js, Git, build tools, data science libraries, and FFmpeg. This sandboxed approach ensures that code execution and file operations are contained within the container, preventing direct interaction with the host system and enhancing security. Users can customize the Docker environment by specifying additional apt packages via the OPEN_TERMINAL_PACKAGES environment variable and pip packages via OPEN_TERMINAL_PIP_PACKAGES, which are installed at container startup. For advanced use cases, the Docker container can be granted access to the host's Docker daemon by mounting /var/run/docker.sock, allowing AI agents to build and manage Docker images and containers, though this carries significant security implications due to the elevated privileges.

2. Bare Metal: Alternatively, Open Terminal can be installed as a standard Python package (pip install open-terminal) and run directly on the host machine. In this configuration, commands are executed with the user's permissions, providing full access to the host's file system, tools, and environment. While offering complete integration for local development or personal automation, this mode lacks the sandboxing of Docker and poses a higher security risk for untrusted code execution.

Configuration is flexible, allowing settings to be defined via CLI flags, environment variables (prefixed with OPEN_TERMINAL_), or TOML configuration files located at $XDG_CONFIG_HOME/open-terminal/config.toml (user-specific) or /etc/open-terminal/config.toml (system-wide). Configuration parameters include host, port, api_key, cors_allowed_origins, log_dir, binary_mime_prefixes, and execute_timeout.

Open Terminal is designed for seamless integration with Open WebUI, allowing AI assistants within the Open WebUI interface to leverage its capabilities. This integration can be established in two ways:

• Direct Connection: Users connect their personal Open Terminal instances from their user settings, with requests proxied directly from the browser, suitable for instances accessible from the user's network.
• System-Level Connection: Administrators configure Open Terminal instances from the admin panel, enabling them for all users with granular access control. In this setup, requests are proxied through the Open WebUI backend, requiring the Open Terminal instance to be reachable only by the Open WebUI server.

For multi-user deployments, Open Terminal offers a built-in multi-user isolation mode activated by setting the $OPEN_TERMINAL_MULTI_USER=true$ environment variable. In this mode, a single container can serve multiple users, providing process-level isolation through standard Unix permissions. Each unique X-User-Id header (typically provided by Open WebUI) maps to a dedicated Linux user within the container, complete with its own isolated home directory. Files, commands, and active terminal sessions are isolated per user. However, it's critical to note that this isolation occurs within a shared container, meaning users share the same kernel, network stack, and installed packages, which is not suitable for untrusted or large-scale deployments requiring stronger security boundaries (for which per-container isolation solutions like "Terminals" are recommended).

The full interactive API documentation is available at /docs on a running instance, detailing endpoints for command execution, file system operations, and other functionalities.