Open WebUI is one of the most popular self-hosted clients for large language models, but it does not include built-in mechanisms to prevent data leaks or block malicious commands injected through tool results. Archestra fills that gap: it intercepts every LLM request from Open WebUI, evaluates the trustworthiness of tool outputs, and prevents untrusted context from influencing model behaviour — providing an essential security layer for production deployments.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/archestra-ai/archestra/llms.txt
Use this file to discover all available pages before exploring further.
What You Will Build
This guide walks through the full setup: Open WebUI connecting to OpenAI via the Archestra proxy, with a GitHub tool that demonstrates the Lethal Trifecta vulnerability and how Archestra prevents it. You will also configure an MCP server tool accessible directly from the Open WebUI chat interface.Prerequisites
You will need an LLM provider API key. This guide uses OpenAI, but Archestra supports multiple providers — see Supported LLM Providers for the full list. Obtain an OpenAI API key from one of the following sources:- OpenAI platform
- Azure OpenAI
- Any OpenAI-compatible service (LocalAI, FastChat, Helicone, LiteLLM, OpenRouter, etc.)
Setup
Deploy Open WebUI and Archestra with Docker Compose
Export your OpenAI API key, then pull and start both services with a single Docker Compose file.
- Deploy Both Services
- Deploy Archestra Only (Existing Open WebUI)
Configure the Archestra Connection in Open WebUI
Once Open WebUI is running, point it at the Archestra proxy instead of directly at the OpenAI API.
- Open Open WebUI at localhost:3004 (or your custom domain, e.g.
https://openwebui.yourcompany.com/). - Click your User → Admin Panel.
- Navigate to Settings → Connections → OpenAI → Configure (look for the wrench icon).
- Verify — or add — the following connection values:
- API Key: your OpenAI API key
- Base URL:
http://localhost:9000/v1/openai
If Open WebUI is running in its own Docker container separately from Archestra, use Docker’s special hostname instead of
localhost: http://host.docker.internal:9000/v1/openai- Click Save, then Create a New Chat to verify the connection is working.
Add a Tool to Open WebUI
Give your LLM the ability to take actions by adding a tool. This example imports a
web_search tool from the Open WebUI community.- Click User → Admin Panel.
- Navigate to Functions → Import From Link.
- Paste
https://openwebui.com/t/constliakos/web_searchand click Import → Save.
Configure an MCP Server Tool
Open WebUI also supports MCP (Model Context Protocol) servers, which expose richer capabilities to the model.
- Click User → Admin Panel.
- Navigate to Settings → External Tools → Manage Tool Servers → +.
- In the dialog, set Type to MCP Streamable HTTP.
- Paste your MCP server’s streamable HTTP URL. This example uses the Dungeons & Dragons MCP server:
- Click Save.
Observe Chat History in Archestra
Archestra records every proxied request so you can audit what your agent is doing.
- Open
http://localhost:3000and navigate to Chat. - Click Details on any conversation to see the full request, tool call, and response history.
Configure Trust Policies
Every tool call is logged in the Archestra platform at
http://localhost:3000. By default, all tool results are treated as untrusted, and any subsequent tool call is blocked if the context contains untrusted information.You can refine this with two types of policies:Tool Call Policies — allow specific calls even when context is untrusted. For example, always allow fetch to open google.com regardless of context state.Tool Result Policies — mark specific results as trusted. For example, if you query your corporate website, mark its response as trusted so subsequent tool calls are not blocked.