Your warehouse manager shouldn't need to learn Odoo to update a stock count. Your sales rep shouldn't need a VPN to log a call note. Your HR assistant shouldn't need the Odoo UI to approve a leave request.
They just need to send a message.
That's the problem OdooPilot solves.
What is OdooPilot?
OdooPilot is an open-source Odoo 17 Community addon (v17.0.11.0.0) that gives every employee an AI assistant on Telegram or WhatsApp — connected to the same Odoo instance, scoped to the same permissions they already have.
No login. No training. No extra server. No Docker. No SaaS fees. Everything runs inside your Odoo instance.
Here's what it looks like in practice:
Mira (WhatsApp): "I need 3 days off next month — Mar 14–16."
OdooPilot: "Filed leave request for 3 days (Mar 14–16). Carlos has been notified."
Carlos (Telegram): [inline button: ✅ Approve ❌ Refuse]
Carlos: taps Approve.
OdooPilot: "✅ Leave approved. Mira has been notified."
The Odoo adoption problem solved: data is no longer stale because the people who generate it finally have a way to reach Odoo that fits their day. Same data, same permissions, same audit trail — just lower friction.
Technical architecture
Everything runs inside the Odoo addon — no separate Python service, no cloud deployment:
- HTTP Controllers — verify webhook HMAC signatures in constant time, per-(channel, chat_id) sliding-window rate limit, idempotency dedup on message IDs
- Agent loop — loads session, builds messages, runs the LLM tool loop
- Read tools execute immediately; Write tools → preflight → resolve target record → stage pending args + per-write nonce → ask Yes/No
- On confirmed Yes → execute under the linked Odoo user's environment (all record rules apply)
LLM support — swap in Settings, no restart needed
| Provider | Default model | Notes |
|---|---|---|
anthropic |
claude-3-5-haiku-20241022 |
Best reasoning per dollar |
openai |
gpt-4o-mini |
Widest ecosystem |
groq |
llama-3.3-70b-versatile |
Free tier, very fast |
ollama |
(set in config) | 100% local — data never leaves your server |
Security (passed public audit April 2026)
- Webhook HMAC-SHA256 verification in constant time — mandatory for both Telegram and WhatsApp
- Per-write nonce — the confirmation click is cryptographically bound to the exact staged write; prompt injection can't swap it
- SHA-256 hashed magic-link tokens, single-use, 1-hour expiry
- Two-step CSRF-protected account linking flow
- Bounded thread pool + sliding-window rate limiting
- Immutable audit log for every tool call (timestamp, user, tool, args, result)
What it covers today
| Domain | Read | Write (with confirmation) |
|---|---|---|
| Project & Tasks | ✅ | ✅ mark task done |
| Sales & CRM | ✅ | ✅ confirm order · update stage · create lead |
| Invoices & Accounting | ✅ | — |
| Inventory | ✅ | — |
| HR & Leaves | ✅ | ✅ approve leave |
| Purchase | ✅ | — |
Write tools always show an inline Yes/No confirmation before touching any data.
Community feedback wanted
I'm building this for the Odoo community and I'd love your input:
- 👉 Which modules do you need most? (Manufacturing? Timesheets? Point of Sale?)
- 👉 Telegram or WhatsApp — which does your team actually use?
- 👉 What's missing that would make you install it today?
- 👉 If OdooPilot saves your team time, consider sponsoring to keep development going!
Links
- 📦 Odoo App Store: https://apps.odoo.com/apps/modules/17.0/odoopilot
- 🐙 GitHub (LGPL-3 open-source): https://github.com/arunrajiah/odoopilot
- ♥ Sponsor: https://github.com/sponsors/arunrajiah
Current release: 17.0.11.0.0 — pure Odoo 17 Community addon, no external dependencies beyond what Odoo already ships.
Top comments (0)