Security-first, local-first personal autonomous AI assistant.

VaultBot is an always-on background agent that can actually operate your computer — files, apps, browser, online services — under a strict, code-enforced permission model. It is local-first, auditable, and built to be trusted by inspection.

Status: Phase 1 — text-only agent loop, memory, Tier 0–1 skills, allowlist proxy, and vault init wizard are in. Tauri chat window and 50-task benchmark are the remaining Phase 1 items. See docs/PLAN.md for the phased roadmap.

Existing consumer AI assistants are either (a) cloud-only and privacy-hostile, (b) toy-grade in terms of agency, or (c) coarse-grained "all-or-nothing" in their permissions. VaultBot's differentiators:

Detailed product vision: docs/PRD.md. Detailed implementation plan: docs/PLAN.md. Security model and threat model: SECURITY.md. Architectural decisions: docs/adr/.

+-----------------------------------------------------------+
|  UI Surfaces — thin clients, attach over local IPC         |
|  Tray | Chat Window | Overlay HUD | CLI | Wake-word        |
+---------------------------+-------------------------------+
                            |
                            v
+-----------------------------------------------------------+
|  Background Daemon (single instance per user session)      |
|  Planner | Executor | Memory | Skill Router | LLM Gateway  |
+---------------------------+-------------------------------+
                            |
              +-------------+-------------+
              v                           v
+--------------------------+   +--------------------------+
|  Rust security core      |   |  Python skill registry   |
|  policy | audit | vault  |   |  fs | window | browser   |
|  proxy   (PyO3)          |   |  voice | vision | LLM    |
+-----------+--------------+   +--------------+-----------+
            |                                 |
            v                                 v
+-----------------------------------------------------------+
|  OS Adapter Layer  (Win first; mac / Linux in Phase 5)     |
+-----------------------------------------------------------+

The security-critical core (policy engine, audit log, secret vault, network proxy) is implemented in Rust for memory safety, exposed to Python via PyO3. The agent runtime, skills, and integrations live in Python 3.12 for ecosystem reach. The UI uses Tauri (Rust shell + web frontend) for a small, OS-native footprint.

• Windows 10/11 (Phase 0 primary OS; macOS and Linux land in Phase 5).
• Python 3.12+ — winget install Python.Python.3.12
• Rust stable — winget install Rustlang.Rustup
• Node 18+ (for Tauri UI) — already available in this repo via winget install OpenJS.NodeJS.LTS
• WebView2 runtime (pre-installed on Windows 11)
• MSVC Build Tools (winget install Microsoft.VisualStudio.2022.BuildTools with the "Desktop development with C++" workload) — required by Rust on Windows

# From the repo root
py -3.12 -m venv .venv
.\.venv\Scripts\Activate.ps1
python -m pip install --upgrade pip
pip install -e ".[dev]"

# Build the Rust core and install the Python bindings
maturin develop --release --manifest-path vault/core/rust/crates/vault-pyo3/Cargo.toml

# Run the test suite
pytest
cargo test --manifest-path vault/core/rust/Cargo.toml

python -m vault.service.daemon --foreground

In a second shell:

python -m vault.ui.cli status
python -m vault.ui.cli log tail

To install as a Windows service (auto-start at login):

.\scripts\install_service.ps1

See PLAN.md §3.1 and §7 for the canonical module map. Top level:

vault/        # source code (Python core + Rust security crates + UI)
docs/         # PRD, PLAN, ADRs, design notes
tests/        # unit, integration, e2e, benchmark, adversarial
scripts/      # build, install, packaging
installers/   # per-OS installer scripts
.github/      # CI workflows
SECURITY.md
LICENSE

See CONTRIBUTING.md. Security disclosures: see SECURITY.md — please do not open a public issue for security bugs.

AGPL-3.0-or-later (provisional — see ADR-0002). © 2026 Khaled Hossain.