An in-Odoo AI assistant powered by the Claude Code CLI. It answers questions, queries your data, and builds reports — running as the logged-in user, never as superuser, with a full audit trail.
Quick start · Security model · Configuration · Commercial support · Roadmap
Most "AI for Odoo" add-ons either ship your data to a third-party prompt or hand the model a superuser connection and hope for the best. Claudoo is built the other way around — security first:
| Claudoo | |
|---|---|
| 🔒 Runs as the user | Every ORM action executes with su=False, so the user's ir.model.access rights and record rules are enforced automatically. The model can never see or do more than the person using it. |
| 🧮 Read-only SQL, really | sql_select is double-guarded: a SELECT-only text validator (no stacked statements, row locks, or dangerous functions) and Postgres SET TRANSACTION READ ONLY + a statement timeout. Gated to a dedicated AI SQL Analyst group. |
| 🧾 Full audit log | Every tool call — model, method, SQL, row counts, outcome, even denials — is written to an immutable log on a separate committed cursor, so it survives rollbacks. |
| 🔑 Per-user OAuth, no shared key | Each user clicks Login with Claude and authorizes with their own subscription. Credentials are stored per user, mode 0600, never in the database, never echoed back. |
| 🚫 No shell, no web, no surprises | Claude's built-in tools (Bash, file write, web, agent spawners) are hard-denied. The model can act only through a small set of Odoo tools over a loopback bridge that holds no database credentials. |
| ⚡ Streaming UX | Replies and tool "chips" stream into the chat in real time over the Odoo bus. |
If you sell or run Odoo for clients, the security posture is the feature: you can give business users a natural-language window into their ERP without widening anyone's access by a single record.
OWL chat UI ──/claudoo/send (auth=user)──► Odoo worker ──► daemon thread
▲ bus stream (deltas, tool chips) │ spawns
│ claude -p --output-format stream-json (OAuth)
│ tool surface = mcp__odoo__* ONLY
│ │ stdio MCP
│ ▼
│ bridge/mcp_server.py (no DB creds, loopback only)
│ │ Bearer(session token)
└──── bus.bus ◄── controllers/tools.py (auth='ai_bridge', runs AS the user) ──► Postgres
- Only Odoo touches the database. The CLI subprocess and the MCP forwarder hold no credentials — only a short-lived, session-scoped HMAC bearer token.
- The bridge is reachable on loopback only; the auth method rejects any
non-local caller and rebinds the request to the session's user (
su=False). - Built-in tools are denied through a generated
settings.jsondeny-list plus aPreToolUsehook, so the model is confined tomcp__odoo__*.
- Odoo 18.0
- The Claude Code CLI installed on the Odoo server (Claudoo auto-detects the binary; the path is configurable).
- Python
requests(declared as an external dependency). - A Claude subscription per user (OAuth login) — no API key required.
# Put the module on your addons_path (the repo is the module folder),
# then install it:
odoo-bin -c odoo.conf -d <your-db> -i claudoo --stop-after-init
# Restart your live server afterwards (Odoo does not re-import changed Python).- Open the Claudoo app from the top menu.
- Click Login with Claude and authorize with your subscription.
- Ask away: "How many sale orders are still in draft this month?"
Grant the AI SQL Analyst group to users who should be able to run read-only SQL reports, and AI Assistant Manager to those who configure it and read the audit log.
Claudoo treats LLM output as untrusted and defends accordingly:
- Never superuser. Tool endpoints abort if
request.env.suis true. - ACLs + record rules apply to every read and write, because the call runs as the user.
- Writes are opt-in. Read tools are the default; each write tool
(
orm_create/write/unlink,orm_action,run_wizard,run_server_action) must be granted per user, and zero-trust mode strips them entirely. - SQL can only read. See the guard above.
- Capability tokens expire, are session-scoped, single-jti, and HMAC-signed with the database secret.
See SECURITY.md for the full threat model and how to report a vulnerability.
Settings → Claudoo (or System Parameters claudoo.*):
| Parameter | Purpose |
|---|---|
cli_path / cli_glob |
Path (or glob) to the Claude Code binary (auto-detected if blank) |
model |
Claude model id (default claude-sonnet-4-5) |
max_turns, timeout_s |
Per-turn limits |
home_root, scratch_root |
Per-user OAuth home and CLI scratch directories |
base_url |
Loopback URL the bridge calls back on |
sql_enabled |
Master switch for sql_select |
zero_trust_default |
Global default for read-only (zero-trust) mode |
python_bin |
Interpreter used to run the bundled bridge scripts (defaults to Odoo's) |
- AI Assistant User — can use the chat (ORM reads).
- AI SQL Analyst — additionally may run
sql_select. - AI Assistant Manager — configuration + audit log; sees all sessions.
odoo-bin -c odoo.conf -d <db> -i claudoo --test-enable --test-tags claudoo --stop-after-initCovers the SQL guard, bridge-token mint/verify, the tool-access policy, the
ai_bridge auth method, and the audit log. CI runs them on every push and PR.
Claudoo is free and open source (LGPL-3.0) and always will be. It is built and maintained by CICDoo, who also offer:
- 🚀 Managed deployment & hosting — Claudoo running securely on your Odoo, you manage your business and we manage your infrastructure
- 🛟 Priority support & SLAs for production rollouts.
- 🧩 Custom tools & integrations — extend the safe tool surface to your models and workflows.
- 📜 Commercial license for organizations that cannot adopt LGPL terms — modify Claudoo and keep your changes private, embed it in a closed product, or get warranty/indemnification. See COMMERCIAL_LICENSE.md.
- 🎓 Training & security review for teams enabling AI access to their ERP.
👉 Get in touch: sam@cicdoo.com · cicdoo.com
If Claudoo saves your team time, consider sponsoring its development.
- Approval-gated
orm_create/orm_write/orm_unlinkwith before→after diff cards - An admin allow/deny policy model for tools and models
- A dedicated
ai_sql_roPostgres role + view scoping - OS-level sandboxing of the CLI subprocess
- Per-session rate and tool budgets
Have an idea? Open a feature request or a PR — see CONTRIBUTING.md.
Claudoo wraps Anthropic's Claude Code CLI. "Claude" and "Anthropic" are trademarks of Anthropic. Claudoo is an independent, community project and is not affiliated with or endorsed by Anthropic.
Claudoo is dual-licensed — choose whichever fits you:
- 🆓 Open source: GNU LGPL-3.0-or-later. Free for any use, including on both Odoo Community and Enterprise; modifications to Claudoo's own files stay under the LGPL.
- 💼 Commercial: a proprietary-friendly license from CICDoo that lifts the LGPL obligations (keep modifications private, embed in closed products, warranty/SLA). See COMMERCIAL_LICENSE.md · license@cicdoo.com.
SPDX-License-Identifier: LGPL-3.0-or-later OR LicenseRef-Claudoo-Commercial
© 2026 CICDoo