Your team uses Odoo — without logging in to Odoo: Introducing OdooPilot

Arun Rajiah — Sat, 02 May 2026 16:23:17 +0000

Your warehouse manager shouldn't need to learn Odoo to update a stock count. Your sales rep shouldn't need a VPN to log a call note. Your HR assistant shouldn't need the Odoo UI to approve a leave request.

They just need to send a message.

That's the problem OdooPilot solves.

What is OdooPilot?

OdooPilot is an open-source Odoo 17 Community addon (v17.0.11.0.0) that gives every employee an AI assistant on Telegram or WhatsApp — connected to the same Odoo instance, scoped to the same permissions they already have.

No login. No training. No extra server. No Docker. No SaaS fees. Everything runs inside your Odoo instance.

Here's what it looks like in practice:

Mira (WhatsApp):   "I need 3 days off next month — Mar 14–16."
OdooPilot:         "Filed leave request for 3 days (Mar 14–16). Carlos has been notified."

Carlos (Telegram): [inline button: ✅ Approve   ❌ Refuse]
Carlos:            taps Approve.
OdooPilot:         "✅ Leave approved. Mira has been notified."

The Odoo adoption problem solved: data is no longer stale because the people who generate it finally have a way to reach Odoo that fits their day. Same data, same permissions, same audit trail — just lower friction.

Technical architecture

Everything runs inside the Odoo addon — no separate Python service, no cloud deployment:

HTTP Controllers — verify webhook HMAC signatures in constant time, per-(channel, chat_id) sliding-window rate limit, idempotency dedup on message IDs
Agent loop — loads session, builds messages, runs the LLM tool loop
Read tools execute immediately; Write tools → preflight → resolve target record → stage pending args + per-write nonce → ask Yes/No
On confirmed Yes → execute under the linked Odoo user's environment (all record rules apply)

LLM support — swap in Settings, no restart needed

Provider	Default model	Notes
`anthropic`	`claude-3-5-haiku-20241022`	Best reasoning per dollar
`openai`	`gpt-4o-mini`	Widest ecosystem
`groq`	`llama-3.3-70b-versatile`	Free tier, very fast
`ollama`	(set in config)	100% local — data never leaves your server

Security (passed public audit April 2026)

Webhook HMAC-SHA256 verification in constant time — mandatory for both Telegram and WhatsApp
Per-write nonce — the confirmation click is cryptographically bound to the exact staged write; prompt injection can't swap it
SHA-256 hashed magic-link tokens, single-use, 1-hour expiry
Two-step CSRF-protected account linking flow
Bounded thread pool + sliding-window rate limiting
Immutable audit log for every tool call (timestamp, user, tool, args, result)

What it covers today

Domain	Read	Write (with confirmation)
Project & Tasks	✅	✅ mark task done
Sales & CRM	✅	✅ confirm order · update stage · create lead
Invoices & Accounting	✅	—
Inventory	✅	—
HR & Leaves	✅	✅ approve leave
Purchase	✅	—

Write tools always show an inline Yes/No confirmation before touching any data.

Community feedback wanted

I'm building this for the Odoo community and I'd love your input:

👉 Which modules do you need most? (Manufacturing? Timesheets? Point of Sale?)
👉 Telegram or WhatsApp — which does your team actually use?
👉 What's missing that would make you install it today?
👉 If OdooPilot saves your team time, consider sponsoring to keep development going!

DEV Community: Arun Rajiah