A private computer that thinks, talks, and acts — and never leaves your control.
A full agent runtime, voice, live dashboards, and on-VM vision — all inside one hardware-isolated VM, under your own encryption keys and your own model API key. Capability you can hand real work, on infrastructure no one else can touch.
arkivist@your-org · cold boot
- [ok]ArkiAgent runtime— skills · memory · tools · self-modification
- [ok]Voice bridge— inbound & outbound calls
- [ok]Live dashboards— built on demand
- [ok]Drone vision— on-VM detection, no cloud
- [ok]Hardware isolation— your keys, your machine
One machine. Everything above runs inside it.
THE REFRAME
It's not an assistant. It's a computer.
An assistant answers questions. A computer has a runtime, senses, output surfaces, and memory — and runs your work. The Arkivist Computer reasons with ArkiAgent, hears and speaks over the phone, sees through on-VM vision, renders live dashboards, and remembers across restarts. The difference that matters: it's a whole machine you own, sealed inside a hardware-isolated VM under your keys — not capability rented on shared infrastructure you can't inspect.
What the computer does - A runtime, senses, and output surfaces — in one machine.
RUNTIME
It runs
ArkiAgent dispatches work, not prompts. Skills hot-reload from your Nextcloud, memory survives restarts, and the agent can extend its own toolset within guardrails.
See the ArkiAgent runtime →VOICE
It talks
Inbound and outbound phone calls through a Twilio bridge with Cartesia voice. An operator console lets a human take the line at any time.
DASHBOARDS
It shows
Ask for a view and the agent builds a working, whitelabel dashboard live from your data — real typed widgets, not a screenshot.
See live dashboards →OUTPUT
It produces
Office documents drafted straight into your Nextcloud, plus durable autonomous task loops that run for hours under hard bounding caps.
Inside the machine - The computer's memory and senses — wired on day one.
your-org.arkivist.io
- ArkiAgent/admin/chat
- Data Explorer/admin/data
- Code Editor/code
- Files/files
- Secrets/secrets
All paths served under your tenant subdomain. WebAuthn session shared across all tools — one login, full stack access.
- ArkiAgent. Your agent inside the VM. Dispatches work against your data — dashboards, briefs, queries — under your OpenRouter key, on your terms. Arkivist never sees your prompts or outputs.
- Data Explorer. Native SQL and Cypher workbench with a natural-language AskBar. Ontology-aware, schema-aware, ready on day one — no DBGate, no shared credentials.
- Code Editor. VS Code with Cline running in your browser. AI-assisted development against your codebase, with MCP tools wired through ArkiAgent.
- Files. A Nextcloud document library inside your VM. WebDAV sync, full-text search, version history — and where your agent drops every artifact it produces.
- Secrets. A Vault for API keys, credentials, and OAuth tokens. Encrypted under your LUKS-derived key, never outside your VM.
VERTICAL · DRONE SECURITY
It can watch, too.
Camera feeds, object detection, and recording — all running inside the same isolated VM. Detection happens on-VM on CPU; no frame is sent to a cloud model. A surveillance swarm watches the watchers and emails the owner when something matters.
Security - The more it can do, the more isolation matters.
- Cryptographic isolation. Full-disk LUKS encryption per VM. Shamir 2-of-3 key split — one share held by you, anchored on Hedera's public ledger. The platform operator cannot decrypt your data unilaterally. Recovery requires your share.
- Network segmentation. Each VM runs on a dedicated bridge with a VXLAN overlay and nftables egress allowlist. There is no route between tenants at the network layer — not a firewall rule that could be misconfigured, a physical absence of a path.
- Identity without passwords. WebAuthn + FIDO2 for humans. mTLS with SPIFFE SVIDs for every service. No passwords, no static API keys, no shared secrets anywhere in the stack. Every identity is cryptographic and short-lived.
- Compliance trail built in. Every write, query, and configuration change is dual-written to your local audit log and the Mothership compliance ledger. You arrive at a security review with a complete, tamper-evident record — not a promise to produce one.
Build vs. Buy - You could build this. Here's what that actually looks like.
- ✓Isolated tenant VM provisioning and lifecycle management
- ✓Per-tenant LUKS key generation and Shamir 2-of-3 escrow
- ✓VXLAN overlay networking and per-tenant nftables rules
- ✓SPIFFE/SPIRE deployment and SVID rotation
- ✓step-ca PKI with offline root
- ✓Bastion fleet management across providers
- ✓WebAuthn single sign-on across every tool
- ✓Compliance dual-write with tamper-evident audit trail
- ✓An agent runtime — skills, persistent memory, self-modification loop
- ✓A voice bridge — telephony plus streaming text-to-speech
- ✓On-VM computer vision — an object-detection pipeline on CPU
- ✓A live dashboard canvas that composes typed widgets on demand
- ✓A durable task-loop engine with hard bounding caps
- ✓Ongoing security patching across the entire stack
Realistic timeline
12–24 months
of senior engineering time to reach production parity across all of it — before ongoing maintenance, security patching, and compliance updates ever begin.
Every month your team spends on this is another month your customers are still waiting for a real answer. We provisioned all of it so you don't have to.
Configure - Pick your machine. We handle everything else.
vCPU
RAM
Storage
Pilot
Perfect for evaluating the Arkivist Computer with a small team.
SPECIALIZED TIER
Drone-Security — 6 vCPU · 24 GB · 200 GB
Feeds, on-VM detection, and recording in a near-solo VM.
THE RUNTIME
ArkiAgent is the mind of the machine. It does work, not chat.
Dispatch agents to build dashboards, draft briefs, query your knowledge graph, take a phone call, or run a task loop for hours. Every output is anchored to your Five Pillars ontology and provable through Arkivist. ArkiAgent reasons under your own OpenRouter key — your account, your model, your bill — and nothing leaves your VM except the calls you authorize.
See the computer run your work.
We'll provision a live Arkivist Computer for your org — full machine, your data, your encryption keys. Book a slot and we'll have it ready before the call.
- A live Arkivist Computer provisioned for your org — ready before your demo call
- See ArkiAgent run real work: a dashboard, a drafted doc, a query against your data
- AI under your own OpenRouter key — your account, your model, your bill; Arkivist never sees your prompts
- One WebAuthn login for your whole team — across every tool on the machine