Jarvis (Personal AI OS)

Highlights

• 35 MCP tools registered with Claude Code via 'claude mcp add jarvis'. IDE sessions get jarvis_search, jarvis_context, jarvis_memory_query, jarvis_mail, jarvis_calendar, jarvis_say, jarvis_bugpatrol, jarvis_news, jarvis_jobs, jarvis_build and more
• 4 layer Personal Knowledge Core (Identity, Domain, Operational, Episodic) on SQLite plus FTS5 with confidence gated writes. Identity needs 0.7, domain entries 0.6, episodes are append only from any source
• Routing V2 classifies every request into 6 task classes via keyword scoring. code_execution gets no personal data and goes to deepseek-coder-v2, personal_memory_query gets full identity and all domains, deep_reasoning is cloud preferred with a summary slice
• 12 cron jobs in jarvis_daemon: inbox (15 min), calendar (30 min), state synthesis (2 h), vault sync (6 h), morning briefing 7am, evening summary, memory decay nightly, opportunity detection 3x per day
• Anti hallucination layer. Grounding first system and user prompts plus a post response regex that catches fabricated BPM or HRM or calorie or step data before it poisons conversation history
• 13 skills under ai_os/skills/: bug_patrol, email_agent, calendar_agent, news_agent, app_generator, job_tracker, claude_code, git_bisect_auto, vuln_scanner, arch_diagrams, dead_code, repo_navigator
• Optional stealth cloud pipeline. Regex PII sanitizer (email, phone, SSN, API keys, ETH/BTC) plus per request canary injector plus SOCKS5 Tor plus cloud LLM plus PII restorer. In BUNKER mode the network stack is firewalled off entirely
• Cross channel presence. Terminal CLI, Telegram bot, WhatsApp via OpenClaw, voice loop with 'Hey Jarvis' wake word, MCP tools inside any IDE that speaks MCP, all backed by the same PKC

Deep dive

owned-ai v0.4.0 (codename Jarvis) is a personal AI OS I can talk to from a Mac terminal, a Telegram bot, WhatsApp, voice ("Hey Jarvis") or as MCP tools inside Claude Code. The architecture is three FastAPI services plus a daemon. llm_gateway on :8080 routes chat completions, rlm_gateway on :8081 owns RAG plus memory plus the Personal Knowledge Core, and mcp_server exposes 35 jarvis_* tools to any IDE that speaks MCP. Models are local by default. Ollama serves llama3.1:8b for general tasks, deepseek-coder-v2:16b for code and nomic-embed-text for embeddings, with cloud calls gated behind a stealth pipeline. The 13 skills include email_agent (Gmail IMAP/SMTP), calendar_agent (Google Calendar via CalDAV), news_agent (RSS with interest filtering), bug_patrol (autonomous test fix loop), vuln_scanner (OSV CVE), arch_diagrams (Mermaid), dead_code, git_bisect_auto, app_generator (natural language to app to deploy) and claude_code (Jarvis using Claude Code as a sub tool). The interesting engineering is the PKC and Routing V2. The PKC is not a vector blob. It is a typed 4 layer SQLite schema with explicit write gates. identity_facts is versioned with superseded_by and only accepts confidence at or above 0.7, domains plus domain_entries covers 9 life areas at confidence at or above 0.6, pkc_tasks plus operational_state is the active to do layer, episodes is an FTS5 indexed timeline that takes any source append only. Routing V2 classifies every request into one of six task classes (personal_memory_query, operational_planning, communication_action, code_execution, research_world, deep_reasoning) and each class has its own model preference and PKC injection policy. code_execution gets no personal context and goes to deepseek-coder-v2, personal_memory_query gets full identity and all domains, deep_reasoning is cloud preferred with a summary slice. The daemon runs 12 cron jobs that keep state alive: inbox digestion every 15 min, calendar every 30 min, state synthesis every 2 h, vault sync every 6 h (DB to markdown), nightly memory consolidation, opportunity detection 3x per day, plus a morning briefing and an evening summary. The reason it exists is sovereignty. I own the data, the model and the brain. An optional stealth pipeline strips PII (email, phone, SSN, API keys, ETH/BTC addresses), injects per request canary tokens to detect cloud leaks and routes through SOCKS5 Tor before any cloud LLM ever sees the request. In BUNKER mode it never touches the internet at all.

Tech stack