About

AI access should be a right, not a risk

Arlopass is an open-source project building the missing layer between web apps and AI providers. We believe users should control which models power their apps — and never hand over their API keys to do it.

9+ AI providers supported
10 Lines to integrate
0 Keys on your server
MIT License, forever
The problem

AI on the web is broken

Today, web apps that use AI force a bad choice: paste your API key into an app you don't fully control, or don't use AI at all. API keys routinely leak through client-side code, server logs, and misconfigured deployments. Keys end up in browser storage, server logs, and third-party analytics.

Users can't choose their model. Developers bear the full cost and liability of hosting AI. And enterprises have no governance layer for how AI is used in the browser.

The solution

A browser-native AI access layer

Arlopass sits between web apps and AI providers, right in the browser. The user owns the connection. The app gets AI capabilities without touching credentials. The enterprise gets governance without changing application code.

Principles

What we believe

User-first

The user is in control

Users choose which apps to trust, which models to use, and when to share access. Every AI request requires explicit consent. No silent data flows, no hidden permissions.

Zero-trust

Keys never leave the device

API credentials are encrypted in a vault file on your device using AES-256-GCM — not in the browser, not on a server. The web app never touches your keys. HMAC authentication with ephemeral session keys at every trust boundary.

Open source

MIT licensed, forever

The protocol, SDK, extension, bridge, and every adapter — all MIT licensed. AI access on the web should be a standard, not a moat. Fork it, extend it, audit it.

Privacy

No backend, no tracking

Arlopass has no cloud infrastructure, no user accounts, and no telemetry. The extension and native bridge run locally. Pair it with Ollama for fully offline, zero-exposure AI.

Standards

Compliance-ready by design

Ed25519-signed policy bundles, cryptographic audit trails, and pre-mapped controls for ISO 27001, SOC 2, ISO 42001, and GDPR. Security is architecture, not afterthought.

Interop

Any model, any provider

Ollama, Claude, GPT, Gemini, Bedrock, Vertex AI, Perplexity, Microsoft Foundry — and any future provider with an API. One adapter interface, infinite providers.

Open source

Built in the open

Every line of Arlopass is MIT licensed and developed on GitHub. We believe AI access infrastructure should be auditable by anyone and controlled by no single vendor.

Contribute

Code & adapters

Write new provider adapters, improve the SDK, or fix bugs. Every PR is reviewed within 48 hours.

View on GitHub →
Discuss

Community

Join the Discord for real-time discussion, support, and feature brainstorming with the community.

Join Discord →
Learn

Documentation

Comprehensive docs covering quickstart, SDK reference, adapter development, enterprise deployment, and more.

Read the docs →

Coming soon

We've submitted Arlopass to the browser extension stores and are waiting for approval. Store listings will be available soon — check back shortly.

In the meantime, you can install from source on GitHub.