Skip to content
nyxCore/IdeaVaultInstall
nyxCore

Personal AI assistant · local-first · alpha

IdeaVault

A second brain that stays on your machine..

Go backend, Flutter macOS client, SQLite storage. Captures half-thoughts, connects them, helps you draft the thing. Syncs — when you want it — encrypted end-to-end with a key only you hold. No tenant. No telemetry. No cloud-only version planned.

Install See the flowSource (private)

Backend runtime

Go 1.24

Client

Flutter · macOS

Storage

SQLite · local

Local LLM

Ollama

Daemon port

8181

Status

Alpha

The flow — 04

Ideas, then notes, then drafts, then ships

Most assistants start a conversation. IdeaVault remembers one.

A single pipeline from half-thought to finished artefact. Nothing here is novel in isolation — a capture hotkey, a local embedding, a research outline, an export button. What is novel is that they share one SQLite file and one intent: keep the thread.

  1. Capture

    Global hotkey from anywhere on macOS. Drop the half-thought in; summary and tags are generated locally by Ollama.

  2. Connect

    Embeddings stored alongside content in SQLite. Related ideas surface by meaning, not keyword match. No remote vector store.

  3. Draft

    Research assistant with outline + knowledge graph. Pull context from your own corpus; cite the idea that inspired the paragraph.

  4. Ship

    Export to Markdown, push to the task board, or hand the draft back to whatever tool owns the last mile. The vault keeps the provenance.

Global hotkey launches the capture window anywhere on macOS. Menubar icon for quick glance. Nothing else lives in your taskbar.

Custody — your keys, your vault

Encrypted sync, zero-knowledge relay

If the relay gets breached, the breach has nothing to read.

Nemesis wrote this section. Sync exists because one machine is a single point of failure — but moving your ideas across a network is the moment the threat model changes. Three invariants hold, or sync does not ship.

The key never leaves your machine.

Sync is opt-in and endpoint-to-endpoint. Your keychain holds the root key; the server — if you run one — only sees ciphertext and routing metadata.

Zero-knowledge by construction.

The relay can be an object store, a VPS, a Tailscale peer, a USB drive. It cannot read an idea. That invariant is a design constraint, not a marketing line.

Lose the key, lose the vault.

There is no recovery flow we control. Back your key up the way you back up a PGP key or a Bitwarden export. This is the cost of the guarantee above.

Target primitive: AES-256-GCM for record payloads, per-device keypair for envelope exchange, root key derived locally from a user passphrase. Final wire format is frozen before beta — see the code block below for the current Go record shape.

Local-first — Metis

Offline is a mode, not a failure

Every feature works with the cable unplugged. Sync is what happens after.

A second brain that stops thinking when the Wi-Fi blinks is not a second brain. IdeaVault treats the network as an optimisation — useful, opt-in, reversible — not a runtime dependency.

Disconnected is the default mode.

The Flutter client talks to a Go daemon on localhost:8181. No network round-trips to read, write, search, or reason over your own corpus.

Local models where it matters.

Ollama handles summaries, tags, and embeddings in the hot path. Remote providers (OpenAI, Anthropic, Gemini) are opt-in fallbacks, routed by strategy — local-first, cheap-first, best-quality.

One SQLite file you can read.

The vault is ~/.local/share/ideavault/ideas.db. No proprietary format, no cloud table. Back it up, grep it, open it in a SQLite browser. The data is still yours after we walk away.

On the wire — Go record

Encrypted sync, in code

One idea, one envelope. The relay sees only the ciphertext.

This is the shape IdeaVault's sync layer serialises to before it leaves your machine. Content and summary are sealed under AES-GCM with a per-record nonce; the device keypair signs the envelope so the receiving peer can reject anything that did not come from a device you authorised.

// internal/core/idea.go — on-disk shape
// Plaintext in ~/.local/share/ideavault/ideas.db
type Idea struct {
    ID        int64
    Content   string      // the raw half-thought
    Summary   string      // Ollama, local
    Tags      []Tag
    CreatedAt time.Time
    UpdatedAt time.Time
}

// internal/sync/envelope.go — what crosses the wire
type SyncEnvelope struct {
    RecordID   string `json:"id"`
    DeviceID   string `json:"dev"`
    Nonce      []byte `json:"n"`    // 12 B, per-record
    Ciphertext []byte `json:"ct"`   // AES-256-GCM(Idea)
    Signature  []byte `json:"sig"`  // Ed25519(envelope)
    UpdatedAt  int64  `json:"ts"`   // for LWW merge only
}

// The relay — S3, VPS, Tailscale peer — stores and forwards
// SyncEnvelope values. It never sees a plaintext Idea.

Wire format is pinned before the beta. If it changes, we change it with a version byte and a migrator — not with a silent re-encoding.

Honest positioning — 03

What this is not

The adversary’s disclosure. Read before you install.

Ipcha Mistabra wrote this section. Three things IdeaVault deliberately does not do. If any of these are a blocker for you, we would rather you know now.

Disclosure

Not a note-app replacement.

IdeaVault is not Obsidian, Notion, or Apple Notes. If you want a polished editor with plugins and publishing, keep using those. IdeaVault is a capture + reasoning layer that can export into whichever one you already trust.

Disclosure

No cloud-only version is planned.

There is no hosted tier and no roadmap to build one. If nyxCore disappears tomorrow, your binary and your SQLite file keep working. That is the whole point — and it is also why there is no Enterprise SSO.

Disclosure

Sync needs an endpoint you control.

Encrypted sync assumes you bring the relay — an S3 bucket, a Tailscale peer, a VPS, a spare Mac at home. We do not host one for you. This is a feature; it is also friction.

Install — macOS 13+

Quick start

One DMG, one daemon. No tenant, no signup.

The DMG bundles the Flutter client and the Go daemon. Launch it; the daemon starts on localhost:8181, the client connects, and your vault lives at ~/.local/share/ideavault/ideas.db. Ollama is optional — without it, you lose local embeddings but the capture loop still works.

# macOS desktop — bundled DMG (recommended)
open IdeaVault-alpha.dmg   # drag to /Applications

# Or build from source
git clone https://github.com/nyxCore-Systems/AIAssistant
cd AIAssistant
./launch.sh   # builds Go + Flutter, starts daemon + app

# Daemon only (headless / server peer)
go build -o ideavault ./cmd/ideavault
./ideavault serve   # listens on :8181

# Optional — local model runtime
brew install ollama && ollama pull llama3.1:8b
DMG — macOS arm64 Daemon binary

Alpha · private repo · invite-only build

What alpha means here

The capture, search, and draft loops are stable enough for daily use on a single machine. Encrypted sync is behind a flag and still iterating. The wire format may break once before beta; if it does, there will be a migrator and a heads-up, not a silent re-encoding. Keep a backup of ideas.db anyway — that is good hygiene for any vault you rely on.

Metis says: back up the SQLite file before every upgrade, every time.

Back to the nyxCore ecosystem Ask for an alpha invite