{"id":"openai-chatgpt-retrieval-plugin","name":"chatgpt-retrieval-plugin","homepage":null,"repo_url":"https://github.com/openai/chatgpt-retrieval-plugin","category":"ai-ml","subcategories":[],"tags":["ai-ml","retrieval","rag","vector-database","fastapi","semantic-search","self-hosted","python"],"what_it_does":"A self-hosted Retrieval-Augmented Generation (RAG) backend that exposes a FastAPI service for semantic search over user-provided documents. It chunks documents, creates embeddings via OpenAI, stores/query them in a chosen vector database provider, and serves query/upsert/delete endpoints intended to be used as a ChatGPT Retrieval Plugin backend (and for custom GPT actions/function calling).","use_cases":["Semantic search over personal or organizational documents using natural-language queries","RAG pipelines where you want control over chunking, embedding dimensions/models, and vector DB provider","Building ChatGPT custom GPTs that can retrieve relevant snippets from documents","Automating document ingestion/updating via webhooks into upsert/delete endpoints","Enterprise internal knowledge retrieval (self-hosted) with metadata filtering (e.g., author/date/source)"],"not_for":["Serving as a general-purpose document storage service without a vector-search focus","Use cases requiring multi-tenant isolation with fine-grained per-user authorization unless additional controls are implemented","High-availability systems without operational readiness (monitoring, backups, vector DB scaling)"],"best_when":"You want a self-hosted, configurable RAG retrieval layer with pluggable vector database backends and metadata filtering, and you can manage hosting/operations and API authentication for your environment.","avoid_when":"You cannot guarantee secure deployment of the FastAPI server (auth, network controls) or you need strong multi-tenant/least-privilege authorization semantics beyond the provided token-based approaches.","alternatives":["OpenAI/ChatGPT native file retrieval features (if you don’t need granular retrieval control)","Other self-hosted RAG stacks such as LlamaIndex/your own FastAPI + vector DB integration","Vector DB + embedding pipeline with a custom API (e.g., using pgvector, Qdrant, Weaviate, Pinecone)"],"af_score":37.2,"security_score":58.0,"reliability_score":21.2,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-29T13:09:04.899977+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":true},"auth":{"methods":["None","API key (Basic)","API key (Bearer)","OAuth (per README)","Bearer token via BEARER_TOKEN environment variable (for local/server setup)"],"oauth":true,"scopes":false,"notes":"Auth methods are described at a high level (None/Basic-Bearer/OAuth). Scopes/granularity are not evident from the provided excerpt; the quickstart indicates a shared BEARER_TOKEN for access to the API."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"As an open-source self-hosted service, direct subscription pricing is not specified in the provided content; costs depend on hosting and upstream APIs (notably embeddings/completions via OpenAI or Azure OpenAI) and your chosen vector database."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":37.2,"security_score":58.0,"reliability_score":21.2,"mcp_server_quality":0.0,"documentation_accuracy":75.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":0.0,"tls_enforcement":90.0,"auth_strength":55.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security guidance is present at least conceptually (authentication methods, bearer token setup). However, the provided content does not show fine-grained scopes/authorization, token rotation policies, or explicit rate-limit/error security semantics. Deployment should ensure HTTPS termination, protect the server from public exposure, and securely manage environment variables containing API keys and vector DB credentials.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":0.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Shared-token auth can complicate agent workflows in multi-tenant contexts if you need per-user separation.","The service relies on external vector database configuration and correct environment variables; misconfiguration may cause failures that agents can’t automatically remediate.","No explicit guidance is provided (in the excerpt) about pagination, rate-limit response headers, or safe retry/idempotency semantics for upsert/query operations."]}}