{"id":48781600,"url":"https://github.com/zd87pl/slm-vault","last_synced_at":"2026-04-13T14:35:30.792Z","repository":{"id":340487248,"uuid":"1074426795","full_name":"zd87pl/slm-vault","owner":"zd87pl","description":"Privacy-first AI personal data manager. A local trusted agent that external AIs command via MCP — they never see your documents. Encrypted storage, local RAG, activity logging, and per-agent permissions.","archived":false,"fork":false,"pushed_at":"2026-03-29T00:18:47.000Z","size":2181,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-29T03:05:02.370Z","etag":null,"topics":["agentic-ai","ai","apple-silicon","encryption","llm","local-first","mcp","mlx","model-context-protocol","personal-data","privacy","python","rag","security"],"latest_commit_sha":null,"homepage":"https://getenclave.io","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zd87pl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/security/COMPLIANCE_FRAMEWORK.md","support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-10-11T19:08:37.000Z","updated_at":"2026-03-29T00:18:51.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/zd87pl/slm-vault","commit_stats":null,"previous_names":["zd87pl/slm-vault"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zd87pl/slm-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zd87pl%2Fslm-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zd87pl%2Fslm-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zd87pl%2Fslm-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zd87pl%2Fslm-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zd87pl","download_url":"https://codeload.github.com/zd87pl/slm-vault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zd87pl%2Fslm-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31757482,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T13:27:56.013Z","status":"ssl_error","status_checked_at":"2026-04-13T13:21:23.512Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-ai","ai","apple-silicon","encryption","llm","local-first","mcp","mlx","model-context-protocol","personal-data","privacy","python","rag","security"],"created_at":"2026-04-13T14:35:29.955Z","updated_at":"2026-04-13T14:35:30.784Z","avatar_url":"https://github.com/zd87pl.png","language":"Python","readme":"# Enclave\n\n**Privacy-First AI Personal Data Manager**\n\n\u003e Your local agent that external AIs command via MCP — they never see your documents.\n\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)\n[![Python](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)\n[![MCP](https://img.shields.io/badge/MCP-compatible-green.svg)](https://modelcontextprotocol.io/)\n\n## The Problem\n\nEvery AI wants your data to be useful. But once you share documents with Claude, Cursor, or Copilot, you lose control. They see your raw data. You can't audit access. You can't revoke it.\n\n**The governance gap is real**: 79% of organizations are adopting agentic AI, but only 48% have frameworks for limiting AI autonomy.\n\n## The Solution\n\nEnclave is a **local trusted agent** that sits between you and external AIs.\n\n```\nExternal Agent (Claude Desktop / Cursor / Copilot)\n ↓ MCP command: \"Summarize Q3 report\"\n ↓\n┌───────────────────────────────────────┐\n│ LOCAL TRUSTED AGENT (Enclave) │\n│ • Full access to your encrypted docs │\n│ • Reads \u0026 processes locally │\n│ • Generates synthesized response │\n│ • Logs every access │\n└───────────────────────────────────────┘\n ↓ Response: \"Q3 revenue was $4.2M...\"\n ↓\nExternal Agent (never saw the actual document)\n```\n\nExternal AIs send commands. Enclave reads your documents locally and returns synthesized answers. **They never see your raw data.**\n\n## Features\n\n- **Local RAG**: Drop documents, instantly queryable via semantic search\n- **MCP Integration**: Works with Claude Desktop, Cursor, Copilot, and any MCP client\n- **Encrypted Storage**: ChaCha20-Poly1305 encryption for all data at rest\n- **Activity Logging**: See every command from every AI agent\n- **Per-Agent Permissions**: Control what each AI can access\n- **Local Inference**: MLX-powered LLM on Apple Silicon (Qwen 2.5, Phi-4, Llama)\n- **Desktop GUI**: Native macOS/Windows/Linux application\n- **Adapter Training**: Fine-tune local models on your documents\n\n### Performance Optimizations\n\n- **HNSW Index**: 10-30x faster vector search at scale\n- **E5-small Embeddings**: +15% retrieval quality vs MiniLM\n- **Persistent Cache**: 2-9x speedup for repeated queries\n- **Recursive Chunking**: Better recall with semantic boundaries\n\n## Quick Start\n\n### Installation\n\n```bash\n# Install from source\ngit clone https://github.com/your-org/slm-vault\ncd slm-vault\npython3.11 -m venv .venv\n./.venv/bin/python -m pip install -U pip\n./.venv/bin/python -m pip install -e \".[mlx,gui,mac-performance]\"\n\n# Verify the local demo path\n./.venv/bin/python scripts/verify_local_demo.py\n```\n\n### Run the Desktop App\n\n```bash\n# Start the GUI\n./.venv/bin/python -m advanced_vault.gui.vault_app\n```\n\n### Start the MCP Server\n\n```bash\n# Start Enclave MCP server\npython -m advanced_vault.mcp_server\n```\n\n### Connect Claude Desktop\n\nAdd to your Claude Desktop MCP config (`~/Library/Application Support/Claude/claude_desktop_config.json`):\n\n```json\n{\n \"mcpServers\": {\n \"enclave\": {\n \"command\": \"python\",\n \"args\": [\"-m\", \"advanced_vault.mcp_server\"]\n }\n }\n}\n```\n\nRestart Claude Desktop. Now you can ask Claude about your documents — Enclave handles the rest.\n\n### Index Documents (Python API)\n\n```python\nfrom advanced_vault.training import RAGIndex\nimport os\n\n# Generate or load a 32-byte encryption key\nmaster_key = os.urandom(32) # In production, derive from password\n\n# Create encrypted index\nwith RAGIndex(master_key=master_key) as index:\n # Add documents\n index.add_document(\n name=\"Q3 Report\",\n content=\"Revenue increased 15% to $4.2M in Q3...\"\n )\n\n # Search\n results = index.search(\"What was Q3 revenue?\")\n for r in results:\n print(f\"{r.document_name}: {r.chunk.content[:100]}...\")\n```\n\n## MCP Tools\n\nEnclave exposes these tools to AI agents:\n\n| Tool | Description |\n|------|-------------|\n| `agent_query` | Ask questions about indexed documents |\n| `agent_summarize` | Summarize a topic or document |\n| `agent_draft` | Draft content informed by your documents |\n| `agent_status` | Check indexed documents and agent status |\n| `vault_store` | Store secrets (API keys, passwords) |\n| `vault_recall` | Retrieve secrets with natural language |\n\n**Key principle**: `agent_query` returns synthesized answers, not raw documents. External AIs never see your actual content.\n\n## Architecture\n\n```\n┌─────────────────────────────────────────────────────────────┐\n│ External AI Agents │\n│ (Claude Desktop, Cursor, Copilot) │\n└───────────────────────────┬─────────────────────────────────┘\n │ MCP Protocol\n ▼\n┌─────────────────────────────────────────────────────────────┐\n│ Enclave MCP Server │\n│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────────┐ │\n│ │ Consent │ │ Activity │ │ Agent Commands │ │\n│ │ Manager │ │ Logger │ │ (query/summarize) │ │\n│ └─────────────┘ └─────────────┘ └─────────────────────┘ │\n└───────────────────────────┬─────────────────────────────────┘\n │\n ┌───────────────────┼───────────────────┐\n ▼ ▼ ▼\n┌───────────────┐ ┌───────────────┐ ┌───────────────────┐\n│ RAG Index │ │ Local LLM │ │ Encrypted Vault │\n│ (HNSW+E5) │ │ (MLX) │ │ (ChaCha20) │\n└───────────────┘ └───────────────┘ └───────────────────┘\n```\n\n## Privacy Model\n\n1. **Your data stays local**: Documents are indexed and stored on your device\n2. **Encryption at rest**: All content encrypted with ChaCha20-Poly1305\n3. **Synthesized responses**: External AIs get answers, not raw documents\n4. **Consent required**: Every access requires explicit permission\n5. **Full audit trail**: See exactly what each AI accessed and when\n6. **Key zeroing**: Encryption keys securely wiped from memory after use\n\n## Project Structure\n\n```\nslm-vault/\n├── advanced_vault/ # Core application\n│ ├── gui/ # Desktop GUI (Flet)\n│ ├── training/ # RAG index, embeddings, caching\n│ ├── mcp_server/ # MCP server implementation\n│ └── backend/ # Supabase integration (optional)\n├── browser-extension/ # Browser extension\n├── langchain-enclave/ # LangChain integration\n├── docs/ # Documentation\n│ ├── architecture/ # Technical architecture\n│ ├── deployment/ # Deployment guides\n│ └── security/ # Security documentation\n└── examples/ # Example scripts\n```\n\n## Requirements\n\n- Python 3.10+\n- macOS (Apple Silicon recommended), Windows, or Linux\n- 8GB+ RAM (16GB+ recommended for local LLM)\n\n### Optional Dependencies\n\n```bash\n# Apple Silicon acceleration\npip install mlx mlx-lm\n\n# Fast embeddings (ONNX)\npip install fastembed\n\n# HNSW index (10-30x faster search)\npip install hnswlib\n\n# Desktop GUI\npip install \"flet[all]\u003e=0.28.3,\u003c0.29\"\n```\n\n## Development\n\n```bash\n# Clone repository\ngit clone https://github.com/your-org/slm-vault\ncd slm-vault\n\n# Install with dev dependencies\npip install -e \".[dev]\"\n\n# Run tests\npytest\n\n# Run linter\nruff check .\n\n# Type checking\nmypy advanced_vault/\n```\n\n## Documentation\n\n- [Architecture Overview](docs/architecture/ARCHITECTURE.md)\n- [Cryptographic Specs](docs/architecture/CRYPTOGRAPHIC_SPECS.md)\n- [MLX DoRA Architecture](docs/MLX_DORA_ARCHITECTURE.md)\n- [Security Analysis](docs/security/SECURITY_ANALYSIS_PDF_QA.md)\n- [Deployment Guide](docs/deployment/RUNPOD_DEPLOYMENT.md)\n\n## Status\n\n- [x] RAG indexing with HNSW acceleration\n- [x] E5-small embeddings with persistent cache\n- [x] MCP server with agent commands\n- [x] Encrypted vault storage (ChaCha20-Poly1305)\n- [x] Activity logging and consent management\n- [x] Desktop GUI (Flet)\n- [x] Local LLM inference (MLX)\n- [x] Browser extension\n- [ ] Multi-device sync (encrypted)\n- [ ] Adapter marketplace\n\n## Contributing\n\nWe welcome contributions! Please:\n\n1. Fork the repository\n2. Create a feature branch\n3. Make your changes\n4. Run tests and linting\n5. Submit a pull request\n\n## License\n\nApache License 2.0 - see [LICENSE](LICENSE)\n\n---\n\n**Enclave**: Privacy-first AI. Your data, your control.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzd87pl%2Fslm-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzd87pl%2Fslm-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzd87pl%2Fslm-vault/lists"}