Every component is open-source and replaceable. No vendor lock-in, no proprietary dependencies. Your infrastructure, your rules.
Four steps from voice to response, all on your own infrastructure.
Tap the device. Audio buffers to RAM while Wi-Fi reconnects. TLS keeps the connection encrypted end-to-end.
Audio sent over an encrypted tunnel to faster-whisper for local speech-to-text. Your voice never reaches an external service.
A Python orchestrator routes to the right agent. Ollama generates the response locally on your Mac Mini.
EdgeTTS converts text to natural speech. Audio streams back to your wearable device over the encrypted tunnel.
Every component is replaceable. No vendor lock-in, no proprietary dependencies.
What each component does and why it was chosen.
Runs AI models directly on your Mac Mini. Your prompts and context never leave the machine. Supports swapping models without code changes.
A custom FastAPI service that routes requests to the right agent, manages tool permissions, and enforces security policies. The brain that connects everything together.
Shared memory between agent processes. Handles message passing, conversation context, and real-time state. Keeps agents coordinated without tight coupling.
Morning briefings, reminder delivery, evening summaries, and periodic maintenance. Simple, reliable, battle-tested Unix scheduling.
Transcribes your voice to text locally. Based on OpenAI's Whisper model, optimised for speed with CTranslate2. Runs as a simple HTTP service.
Converts agent responses to natural-sounding speech. Different voices per agent so you always know who's talking. Also runs as a local HTTP service.
Every device connects over HTTPS with its own unique API key. TLS encrypts all traffic. No VPN required — standard, auditable, works everywhere.
Custom firmware built from scratch with Espressif's official framework. Not Arduino. Full control over audio pipeline, power management, and OTA updates.
Reminders, follow-ups, and structured data delivered to your phone via Signal. Headless client on the server — no GUI, no companion app needed.
Serves the OpenRain web interface and reverse-proxies internal services. Handles TLS termination, keeping everything behind a single secure entry point.
A private web dashboard for managing your agents, browsing the library, viewing reports, and seeing full transparency logs of every agent's decisions and actions.
16GB Apple Silicon running the entire stack. Sits in a colocation data centre — your own hardware, on your own terms. Quiet, efficient, and always on.
Purpose-built voice gateways. One firmware, multiple form factors.
1.69" capacitive touchscreen, built-in mic and speaker, Wi-Fi 6, RISC-V architecture.
1.69" touchscreen, 8MB PSRAM for extended audio. Needs external mic and speaker modules.
Secure tunnels, over-the-air updates, and zero cloud dependency.
Each device authenticates to the server with its own unique API key over HTTPS. TLS encrypts everything in transit. No VPN stack needed on constrained hardware — just standard, reliable web protocols.
Flash once via USB, then all subsequent firmware updates are delivered over the air. Triggered by voice command: "Update all devices." Essential for managing multiple devices.
Multiple Wi-Fi networks baked in at compile time. Devices connect to whichever known network is available. Unknown Wi-Fi? Tether to your phone.
Wi-Fi enters light sleep between interactions. On tap, audio buffers to RAM while Wi-Fi reconnects. The user perceives no delay.
Every layer is designed to keep your information exactly where it belongs.
Ollama runs on your Mac Mini. Your prompts, your context, your answers — all processed on a machine sat quietly on a shelf that you physically own. No listening. No recording. No always-on microphone.
TLS secures every connection between your wearable devices and your server. Unique API key per device. No shared secrets. No plaintext.
No subscriptions to cancel. No terms of service to change. No vendor who can read your data or shut down the API.
No always-on microphone. No wake word listening. The device records only when you deliberately tap it. Intent is always clear.
Defence in depth. Every layer adds protection, no single layer is trusted alone.
Every device gets its own unique API key. Compromising one device doesn't compromise the others. Keys can be rotated individually via the web UI.
All agents start chat-only with no tool access. Tools are enabled incrementally per-agent. An agent that reads email cannot send email — separate agents with human confirmation between.
Agents that read external data (email, web) are never given write or send capabilities on those same systems. This limits the blast radius of prompt injection attacks.
Configurable per-agent. Agents that take outward-facing actions (send, delete, post) require explicit voice confirmation before proceeding. Chat-only agents don't need it.
Server storage is encrypted at rest. Even physical loss of the hardware isn't a loss of your private data. Your conversations and files stay protected no matter what.
Every action taken by every agent is logged. The web interface lets you see exactly what each agent can see, how it makes decisions, and what it did. No hidden behaviour. Total transparency of thought and intent.