$ init i.ar --verbose

i.ar

GPL-3.0 local-first no telemetry containerized self-modifying
scroll

> about

i.ar@local: ~

$ whatis i.ar

i.ar — Inteligencia Avanzada Randazzo — is a containerized Emacs environment where AI agents interact with a real filesystem, execute code, and delegate tasks to specialized sub-agents — all running on local hardware, with no cloud dependencies and no telemetry.

$ i.ar --describe

The system pairs a local LLM backend (Ollama) with Emacs via gptel, giving the model native tools: file I/O, shell execution, code analysis, and multi-agent delegation. Agents maintain persistent memory, log every action to an audit trail, and operate inside a hardened Podman container with read-only mounts, dropped capabilities, and a preflight security audit.

$ i.ar --why

Because AI tools that phone home are surveillance tools. Because the editor is the operating system. Because a system that can modify itself is a system that can grow.

$ _

> architecture

USER INPUT natural language prompts
EMACS + gptel AI integration layer · tool dispatch · session management
LOCAL LLM (Ollama) on-device inference · no external API calls
AGENT SYSTEM hierarchical delegation · persistent memory · audit logging
HARDENED CONTAINER (Podman) read-only rootfs · cap-drop=all · preflight security audit
WIREGUARD MESH + CADDY encrypted transport · automatic TLS · no public API exposure

> features

[>]

Multi-Agent Delegation

Spawn specialized sub-agents for complex tasks. Each agent has a defined role, scoped tools, and a delegation depth limit.

[!]

Prompt Injection Resistance

External content is classified as data, never instructions. Eight directives protect against embedded commands, self-modification, and system prompt extraction.

[#]

Container Hardening

Read-only bind mounts for critical paths. All capabilities dropped except network binding. Preflight audit scans for escape vectors before Emacs starts.

[~]

Audit Logging

Every file operation and command execution is recorded with timestamp, file path, and calling agent. Append-only logs for post-session review.

[*]

Memory & Persistence

Agents maintain persistent memory across sessions. Per-agent history logs, memory files, and task tracking survive restarts.

[%]

Output Sanitization

ANSI escape sequences, control characters, and injection-like patterns are stripped from external data before it enters agent context.

[$]

Session Persistence

Save and restore complete chat sessions. Conversation state survives container restarts and agent reloads.

[&]

Local-First Architecture

No cloud dependencies. No telemetry. No external API calls. The entire system runs on hardware you control.

> philosophy

Local-first is not a preference; it is a survival strategy.

If the code cannot be read, it cannot be trusted.

Every capability has a kill switch, an audit log, and a defined scope.

The system protects the irrelevant.

> stack

Emacs the extensible, customizable, self-documenting editor
gptel LLM client for Emacs with native tool-call support
Ollama run large language models on local hardware
Podman daemonless, rootless container engine
Fedora Silverblue host · minimal container base
Ansible infrastructure as code · reproducible deployments
WireGuard fast, modern, encrypted VPN tunneling
Caddy HTTP server with automatic HTTPS