🦞 v0.4.0 out now — see what shipped →

The central AI
for your team.

Pinchy is the self-hosted hub for every AI workflow your company runs. One agent per team function. Your software, your chat, your knowledge — connected through a scoped permission model and a full audit trail.

Start a 14-day trial → Book a call
terminal
$ curl -fsSL https://raw.githubusercontent.com/heypinchy/pinchy/v0.4.0/docker-compose.yml -o docker-compose.yml
$ docker compose up -d
✓ pinchy started
✓ openclaw started
✓ db started

🦞 Open http://localhost:7777 — setup wizard creates your admin
Invite your team · pick agent templates · chat with Smithers
Star us on GitHub 🔱 Fork the repo 📜 AGPL-3.0 · fully open source ✍️ Built in public · weekly updates

The Problem

You don't need five AI tools.
You need one that fits your team.

🧩

Every Team Buys Its Own AI

Sales uses one tool, support another, ops a third. No shared knowledge, no shared audit, no shared permission model. Shadow AI under a different name.

☁️

Cloud AI Bleeds Data

ChatGPT Enterprise, Copilot, Dust — your prompts and documents end up on someone else's servers. GDPR and the EU Cloud Act make that a non-starter for regulated work.

Workflow Tools Aren't Agents

n8n and Make execute flows you drew. Pinchy runs agents that decide which tool to use next — inside the boundaries you set, not free of them.

One platform. One permission model. One audit trail. Every agent.

The Solution

One agent per team function. Not one bot for everything.

Pinchy agents are roles, not chatbots. Each agent has its own tools, its own knowledge, its own audience. Shape them like you shape teams — with clear boundaries and a shared backbone.

🎧

Support Drafter

Reads the ticket, pulls product docs and prior resolutions, drafts a reply. A human sends. Speed without surrendering the customer relationship.

🗂️

CRM Assistant

Odoo or Pipedrive CRM, kept tidy. Drafts follow-ups, qualifies leads, scores opportunities. Your reps confirm; the admin stops being admin.

📄

Document Reader

Invoices, contracts, shipping docs. The agent extracts, matches against your system, flags outliers. Compliance trail comes built in.

🏗️

Onboarding Guide

New customer or new hire asks setup questions through the web UI or Telegram. The agent walks them through it, cites sources, escalates the rest.

🏢

Internal Q&A

"What's the remote-work policy?" "Who owns the runbook?" HR docs, IT guides, internal notes — answered in chat, scoped per group.

📈

Executive Summary

Weekly Monday digest. Odoo revenue, support volume, pipeline changes — combined across systems, delivered where your team reads.

Compliance Checker

Reviews documents against internal policy or regulation. Flags gaps, tracks which requirements are covered, cites the clause that made the call.

📣

Marketing Analyst

Campaign metrics pulled from Odoo Marketing and your analytics. Opens, clicks, conversions — delivered as a weekly digest or answered on demand.

Pinchy chat UI — sidebar listing agents (Smithers, Frink, Mindy, Tibor), greeting from the personal assistant Smithers, and a message composer at the bottom
Your team picks the agent. The agent picks the tools. The sidebar stays the same.

Enterprise Governance

Plugins, not raw tools.
The agent doesn't decide what it can do. You do.

Raw tools — shell access, file system, API calls — are great for individuals and terrifying for enterprises. Pinchy wraps them in plugins with configuration and authorization layers, so the permission layer enforces before the model ever improvises.

🧩

Scoped Permissions

An agent doesn't get the raw "exec" tool. It gets a "Create Jira Ticket" plugin with defined parameters, boundaries, and access rights. The plugin decides what the agent can do — not the agent itself.

🔀

Cross-Channel Workflows

Customer email comes in → agent looks up the CRM → summary lands in your internal Slack channel. Support ticket in Jira → agent analyzes → draft reply sent via email. Input on one channel, output on another.

👥

Same Agent, Different Permissions

Marketing uses the CRM agent to read contacts. Sales uses it to update deals. Finance can't access it at all. One agent, scoped per team through the plugin layer.

What Pinchy Ships

The pieces you actually need — shipped, not promised.

🧩

Scoped Agent Permissions

Agents get plugins, not raw tools. Allow-listed, per-agent, per-group. The permission layer enforces before the model ever improvises.

 📚

Knowledge Base

Upload documents, scope per agent and user group. Cited sources in every answer — "page 3 of the onboarding guide", not "the model told me so".

 📋

Audit Trail

Every tool call, every knowledge-base hit, every approval — logged with user and agent identity. One view across web UI, Telegram, plugins.

 📊

Usage Dashboard

Token spend by agent, user, and source. Cache hits split out. Timezone-correct charts. You see where the money goes before the invoice arrives.

 👥

Users & Groups

Deactivate, reactivate, assign agents per user and per group. Internal staff and external partners can share agents with different scopes.

 📦

Pre-Built GHCR Images

Versioned Docker images on GHCR. No build step. Pull the v0.4.0 tag, docker compose up, and you're running.

 🦙

Ollama First-Class

Local Ollama or Ollama Cloud, configured per agent. Sensitive agents stay on-prem; others can reach frontier models.

 💬

Telegram per Agent

One bot per agent. Main-bot identifies the user, per-agent bot runs the conversation. Permissions follow identity — same model as the web UI.

Integrations

The systems your team already uses.

Pinchy connects to ERPs, chat, local models, and your own software. Each integration is a plugin — declared, scoped, and enforced by the permission layer before the model is invoked.

🧾

Odoo

Every module. 16 agent templates out of the box.

 💬

Telegram

One bot per agent. Identity + permissions carry over.

 🦙

Ollama

Local or Cloud. Per-agent model choice.

 📚

Knowledge Base

Scoped documents. Cited sources.

Security

Your data. Your servers. Period.

Not a marketing claim. An architecture decision.

🇪🇺 GDPR Compliant by Design

Data never leaves your jurisdiction. No transatlantic data transfers. No DPAs needed with third-party AI providers.

🏛️ CLOUD Act? Not Your Problem.

Your servers, your rules. No US-based cloud provider can be compelled to hand over your data.

🔐 Vault Encryption

All credentials encrypted at rest. API keys, tokens, secrets — locked down with industry-standard encryption.

🏥 Industry-Ready

Banking, healthcare, legal, government — Pinchy meets the security requirements that cloud AI never will.

Cloud AI Pinchy
Data LocationUS/GlobalYour servers
GDPRComplex DPAsCompliant by design
CLOUD Act ExposureYesNone
Audit TrailLimitedHMAC-signed, tamper-proof
Air-Gap CapableNoYes
Custom ModelsVendor-lockedAny LLM
Fully OfflineImpossibleYes (Ollama / llama.cpp)
Agent GovernanceTrust the modelPlugin permission layer

How It Works

Three steps to a running AI team.

1

Install

Download the compose file, docker compose up -d. Pre-built GHCR images, no compile, three services (Pinchy, OpenClaw, Postgres).

2

Set up

Open http://localhost:7777. The setup wizard creates your first admin and connects your LLM provider (Anthropic, OpenAI, Google, or Ollama).

3

Work

Invite your team, pick agent templates, chat with agents via the web UI or Telegram. Permissions and audit follow every conversation.

Software Vendors

Embed Pinchy as your product's AI layer.

Building AI into your own SaaS is a team, a year, and an ongoing cost you didn't plan for. Expose an API instead and let Pinchy be the AI surface your customers actually want — with a dedicated extension for your product.

How the partner track works →

The Engine

Built on OpenClaw.

Pinchy runs on OpenClaw — the open-source multi-channel agent engine. We didn't reinvent the wheel. Pinchy adds the governance layer — plugins, permissions, knowledge, audit — that makes an agent engine safe for company use.

  • ✓ Battle-tested multi-channel core
  • ✓ Active open-source community
  • ✓ Extensible skill system
  • ✓ Pinchy adds: plugin governance, scoped permissions, knowledge base, audit trail, admin UI
Learn about OpenClaw →

FAQ

Frequently Asked Questions

Is OpenClaw secure enough for enterprise use?

Not on its own. OpenClaw gives agents full system access with no built-in permission layer — that's why Pinchy exists. We add Docker container isolation, per-agent allow-list permissions, basic RBAC (Admin / Member + Groups), and per-row HMAC-SHA256 signed audit trails. Granular RBAC (custom roles, SSO/SAML) is on the roadmap. Read how our security model works →

How much does it cost to run AI agents?

You control the models, so you control the costs. Docker hosting is free (your own servers). API costs typically run $1–150/month per agent depending on model choice and usage volume. Sonnet vs Opus alone is a 10x cost difference. More on cost control →

Can I run this completely offline?

Yes. Pair Pinchy with a local model via Ollama or llama.cpp and nothing ever leaves your network. Zero external connections. For teams that need cloud models, just add your API key — your choice.

Do I need to be technical to set this up?

You need to be comfortable with Docker Compose — that's it. Run one command, configure via the admin dashboard. Five minutes from zero to running agents. We're building a setup wizard to make it even easier.

Is this really open source?

Yes. Pinchy's core is licensed under AGPL-3.0. Full source code on GitHub. We follow an open-core model: the community edition is fully functional for small teams. Enterprise features like granular RBAC add capabilities for larger organizations. Inspect it, audit it, deploy it yourself.

Get Started

Two ways in.

Start a 14-day self-hosted trial and explore v0.4.0 on your own infrastructure, or book a 30-minute call and we'll walk through the use case that fits your team.

Start a 14-day trial → Book a call