SuperLocalBrain — a private knowledge brain for your team’s accumulated files
A 6–10 person professional-services team or family office holds fifteen years of mixed personal and company files. Three storage generations. Two languages, sometimes more. The question that costs them the most time, every week, is the simple one. Where is the thing I half-remember, and what does it actually say? SuperLocalBrain is built around that question: cited answers, locally, with proof on every claim.
What it is, in one paragraph
SuperLocalBrain (SLB) is the knowledge-brain sibling to LocalBrain. Where LocalBrain holds the forensic and FRCP-aligned e-discovery line, SLB stays out of forensic chain and concentrates on the everyday question of finding the thing in the pile. It ingests the team’s emails (PST, MBOX, EML, MSG) and documents (PDF, Word, Excel, PowerPoint, plain text, scans). It rebuilds scattered threads. It resolves pronouns to real people before any language-model call. Then it extracts typed relationships under a three-class provenance taxonomy, and stores them in a dual layout: a graph store for who-relates-to-whom, and a bi-temporal fact ledger that keeps superseded values instead of overwriting them. The team queries it in plain language through a chat-first console. Every answer carries a credibility contract: claims, byte-spans, trust tier, verification status, reasoning trail. Every citation jumps to the source file. The whole system runs on a single Apple-Silicon workstation inside the team’s perimeter. An egress guard physically blocks outbound traffic. cloak.business handles PII at first-party.
Data flow — from a folder of files to a cited answer
Top-down: inputs are normalised, language-processed and extracted; relationships persist in a dual store with a bi-temporal fact ledger; analysis surfaces communities, anomalies and patterns; the assistant answers with a credibility contract; everything is wrapped by a defence-in-depth perimeter.
Who works with whom Anomalies
Missing recipients, gaps, drift Hybrid Search
Keyword + meaning + rerank, RRF-fused Schema Induction
Recurring document patterns
From a folder of files to a clean canonical record
Ingestion is the unglamorous floor everything else stands on. Files are parsed, threads are rebuilt from headers, duplicates are skipped, and every body is run through quote stripping, language detection and coreference resolution — so “he agreed” becomes “Anna agreed” before any language model sees it. PII is anonymised in flight by cloak.business before any text crosses an internal boundary.
Mail archives
PST, MBOX, EML and MSG are parsed into a single canonical mail model with thread reconstruction. Quoted-reply text is stripped so the same sentence isn’t counted ten times. Deduplication is checkpointed so re-runs are idempotent.
Document corpora
PDF, DOCX, XLSX, PPTX, TXT and CSV are extracted deterministically; scanned images go through OCR. Every artefact carries provenance back to its source path, sha256 and byte ranges.
Live sources
A watched-folder connector picks up new files automatically; an IMAP connector pulls from on-premise mail. No cloud-storage connectors are in scope at MVP — sources stay on the operator’s own network.
Coreference before extraction
Pronouns are resolved against the speaker and named-entity context in each thread before any LLM call. The model never has to guess who “he” is — that work is done deterministically up-stream.
PII at first-party
cloak.business sweeps personal data before any chunk is embedded, indexed, or shown to the language model. As curta.solutions’ own product, it sits behind the first-party exemption in the egress rules.
Multi-language by default
German and English ship from day one; Romance languages (French, Italian, Romanian, Spanish) land progressively as deferred per-language scripts in V1 and V2.
Four memory tiers, like a brain that remembers honestly
SuperLocalBrain stores knowledge on four levels — what the assistant is thinking about right now, what the team has accumulated over years, what means what semantically, and what a human wants to browse directly. Nothing is silently overwritten; nothing is duplicated by accident.
L0 · Working
What the assistant is thinking about right now, during one task.
Per-task scratch
Lifetime: single task
L1 · Fact Ledger
Bi-temporal: every claim is time-stamped. Old values get an expiry date, not a delete.
“What did we know on March 1?”
Lifetime: permanent, append-only
L2 · Meaning
Stores the meaning of text; finds “cash flow” from a question about “money problems”.
Semantic recall
Lifetime: derived, rebuildable
L3 · Mirror
A human-readable Obsidian projection that stays in sync with the graph. The wiki is interpretation; raw is truth.
Analyst’s working vault
Lifetime: projection, regeneratable
Every edge across every tier carries: source · confidence · evidence excerpt · timestamp · model version · review status.
Three-class provenance
Every relationship in the graph belongs to exactly one tier — GOLD (deterministic from headers), SILVER (rule-derived), or BRONZE (LLM-inferred, human-confirmable). The tiers are never mixed; downstream tools can always filter on confidence class.
Wiki + Schema layer
On top of the raw ledger sits a self-writing wiki: the system drafts canonical interpretation pages from the corpus, and a named human gardener gates promotions. Schema induction quietly learns the recurring shapes of documents (the invoice email, the renewal notice, the engagement letter).
An assistant that asks back, cites, and refuses to guess
The team interacts with SLB through a chat-first console. The agent plans, retrieves, runs a mandatory self-critique pass, and answers with a structured credibility contract on every response. When a question is ambiguous, it asks back with buttons — instead of guessing — and explicitly says “I don’t know” when the sources don’t support an answer.
Credibility contract
Every answer comes back as a typed JSON envelope: claims with byte-spans, trust tier, verification status, reasoning trail, and citations clickable to the source file.
Self-critique at temperature zero
Before delivery, a second pass compares every claim against the source byte-spans. Unsupported claims get demoted or fail. Correctness beats speed — there is no latency SLA.
Ask-back on ambiguity
“Did you mean Matter A or Matter B?” with buttons to pick. The agent never guesses when the question splits across scopes.
Workbench mode
Natural-language instructions become a reviewable script that a human approves before it runs. The script then executes in a sealed sandbox (time-limited, no network, fully audited) and the result comes back as a downloadable artefact.
Artefact pipeline
Excel, PDF, CSV, JSON, Word, zip — on demand. Ask for “an Excel of every invoice over €10k from Q3” and a real file lands in the inbox, not a transcript to copy by hand.
Hybrid retrieval, RRF-fused
BM25 keyword search, dense vector retrieval, and a cross-encoder reranker all return ranked results; Reciprocal Rank Fusion combines them without requiring score normalisation. Faceted filters and saved searches are first-class.
Three explicit defence layers around the assistant
A knowledge brain that reads untrusted email has to assume some of that email is hostile. SuperLocalBrain is built with three explicit defence layers around the assistant, plus an egress guard that physically enforces the local-only invariant.
Critical-Actions Firewall
A sidecar enforcer mints short-lived capability tokens for every effector that can change state. Planner and executor are split; untrusted ingest text is datamarked before it reaches reasoning; layered prompt-injection detectors gate any escalation; a set of kill switches fail closed. A two-chain append-only audit log records every decision.
Watchdog Supervisor
A supervisor process runs every service under a four-level heartbeat protocol with exponential back-off. Named never-auto-restart conditions block thrash loops on certain failure modes. Bulkheads draw isolation domains so a fault in one cannot cascade. An off-volume audit anchor functions as a meta-audit floor.
Content-Blind Status Surface
A small menubar indicator turns watchdog signals into a six-mood operator status. It is content-blind by design — it sees counters, never answers. Screen-share auto-hides; a panic-hide hotkey is available; speech events are hard-capped to at most one per ten minutes; a 90-day Presentation Mode is mandatory.
Signed AUTONOMY_HALT file pauses every autonomous loop at once. Authentication uses PASETO bearer tokens with audience binding and refresh-token reuse detection.
A single workstation, two phases
SLB is designed to live on one machine inside the team’s perimeter. There is no cloud control plane, no managed service, no SaaS dependency. The roadmap distinguishes between the architecture build and the production hardware that the final faithfulness target depends on.
Architecture-MVP
Today’s hardware. Every layer is wired up; the credibility contract works end-to-end; the assembly line ingests; the firewall logs; the assistant answers with citations. This phase proves the system works.
Faithfulness-MVP
Production hardware. Re-bench on a production-tier Apple-Silicon workstation (~64 GB unified memory, Thunderbolt-attached NVMe). The faithfulness target (≥97% on a sealed acceptance set) is applied here, after the upgrade.
Supported host
Apple Silicon — Mac mini today, Mac Studio at production tier. One idempotent startup orchestrates the local LLM runtime, the storage layer, and the assistant.
Roles
A named human gardener owns the wiki promotion path, runs the runbook drills, and gates GDPR Article 17 erasure requests. Vacation mode hands the role off to a delegate with explicit scope.
What a small team actually does with it
Four scenarios that hit the main surfaces of the system.
Find the half-remembered thing
An advisor asks: “Where is the contract draft Maria sent me last spring?” The assistant retrieves with hybrid search, cites the source email, and surfaces three related threads the advisor didn’t remember.
Time travel through the ledger
A principal asks: “What did we know about the Omega deal on 1 March?” The bi-temporal fact ledger returns the graph as it stood that day — superseded values intact, never overwritten by later edits.
Ask for a deliverable, not a transcript
An executive assistant types: “Excel of every invoice from supplier X over €5k since 2022.” The workbench drafts a reviewable script, runs it sandboxed, and returns a real downloadable file.
Catch the silent gap
The Monday dashboard shows last week’s anomalies: a stakeholder who was always on the renewal thread but wasn’t this time. The advisor clicks through to the triggering message and decides whether to follow up.
The rules the system holds itself to
SuperLocalBrain enforces nine unbreakable rules as project-wide invariants, plus a stack of amendment rules covering compression discipline, the critical-actions firewall, the watchdog, and the status surface.
R1 · Facts before guesses
Use the language model only where real intelligence is needed; never to invent something a header already states.
R2 · Store each thing once
Everything else is just a view of it. Markdown is canonical truth; databases are derived indexes.
R3 · Trust tier per claim
GOLD, SILVER, or BRONZE — never mixed. Every consumer can filter by class.
R4 · Proof per claim
Source, confidence, evidence, timestamp, model version, review status. Six fields, no exceptions.
R5 · Coreference before thinking
“He agreed” is worthless until you know who “He” is. Pronouns are resolved up-stream.
R6 · Guided relation extraction
Relations are extracted by asking constrained questions about pre-computed entity pairs, not by asking the model to free-form discover relations.
R7 · Wiki is interpretation, raw is truth
The self-writing wiki is canonical interpretation; the raw inbox is canonical truth. A human gardener gates promotions.
R8 · Local at rest, networked at change
Data sits locally. Network access is reserved for sanctioned change channels (IMAP ingest and the first-party PII engine).
R9 · Auto-tune read, human-gate write
Read-side improvement loops can run autonomously. Write-side promotions (to the wiki, to the schema) always need a named human signoff.
What runs the engagement
A short table of generic capability categories. Specific vendor choices are deliberate and can be substituted without changing the architecture.
| Layer. | Capability category. | Why this layer. |
|---|---|---|
| Storage (graph). | Embedded graph + vector store. | Neighbourhood traversal and semantic similarity in one engine. |
| Storage (ledger). | Bi-temporal fact ledger with append-only history. | Time-travel queries: “what did we know on date X?”. |
| Search. | Lexical (BM25) + dense vector + cross-encoder rerank, RRF-fused. | Lexical precision and semantic recall in one ranked list. |
| Inference. | Local language-model runtime, Apple-Silicon envelope. | Reasoning stays on the host; nothing leaves the perimeter. |
| NLP. | Local coreference resolver + multilingual NER. | Pronouns and entities resolved before any LLM call. |
| PII. | cloak.business at first-party. | PII detection runs inside the perimeter under a first-party exemption. |
| API. | Model Context Protocol server with ~60 tools. | Any MCP-capable client can drive the system — chat UI, IDE, custom integration. |
| Auth. | PASETO bearer tokens with audience binding. | Capability-bound sessions; refresh-token reuse-detection on every renewal. |
| Status surface. | SwiftUI menubar indicator, content-blind. | Operator visibility without ever showing answer content on-screen. |
| Audit + integrity. | Two-chain append-only audit log + off-volume anchor. | Tamper-evident receipt for every state-changing action; meta-audit floor on a separate device. |
Best fit and known limitations
Best for
A 6–10 person professional-services firm or family office sitting on 15+ years of mixed personal and company files across multiple storage generations. Mixed-language corpora (German + English minimum). Teams that want cited answers and a defensible trail without sending anything to a cloud LLM.
Not the right fit
Teams above 10 active users (RBAC for >10 users is V3+ deferred). Workflows that need full forensic chain — that’s LocalBrain’s territory. Teams happy with a cloud LLM and short-lived prompts; SLB is a custom on-premises engagement, not a SaaS subscription.
Known limitations
Voice input, 3D graph visualisation, autonomous skill generation and full bi-temporal forensic chain are explicitly deferred to V3+. The faithfulness target re-benches after the production hardware upgrade. The wiki layer requires a named gardener role — a small but real operational commitment.
Discuss a similar engagement
If your team has fifteen years of files spread across three storage generations — and the right person on your team spends thirty minutes every day looking for the thing they half-remember — we can build the knowledge brain that ends that workflow, inside your perimeter.