Building in public - Kameas AI

Kenaz - The secure AI workbench.

Kenaz gives knowledge workers a sandboxed, observable, on-device environment for AI-assisted work - with policy-as-code governance and a cryptographic audit trail.

Join the Waitlist See the architecture
  • On-device learning
  • Policy-as-code
  • Cryptographic audit
  • Open source

01 / The Problem

AI tools are powerful. They're also opaque, unsandboxed, and unaudited.

Opaque

You can't see what your AI tools are doing at a system level. What files they read, what APIs they called, what data left the machine.

Unsandboxed

Running an AI agent against credit files or patient records means trusting it with production credentials, unrestricted egress, and no kill switch.

Unaudited

Every AI interaction trains someone's model - but not yours. Your work patterns compound in the cloud for someone else's benefit.

02 / The Workbench

Kenaz. One environment. Observed. Sandboxed. Yours.

A Kameas AI product.

Observer

The host daemon watches signals the AI layer needs to reason about work - and records them locally. Nothing leaves the machine.

Filesystem paths, mtimes, sizes ~200 evt/min
Process exec tree, lifetimes ~80 evt/min
Clipboard hashed - no payloads hash-only
Network destinations, not bodies dest-only
Keystrokes cadence, never content cadence
App context window, focus, project ~40 evt/min

VM Sandbox

Ephemeral KVM/QEMU workbenches. Each session gets a policy - egress allowlist, tool-call restrictions, PII filters. On teardown, the session ledger is filtered and merged into your training corpus.

Workbench

  • IDE + Language servers
  • Browser
  • Terminal + shells
  • AI tools (Cursor, Claude Code, local agents)

Policy (YAML)

egress:
  allow:
    - github.com
    - *.anthropic.com
  deny: "*"
tools:
  allow: [read, write, exec]
  deny:  [network.raw]
pii:
  filter: on
  policies: [pci, phi]

On teardown

  1. 1VM ledger exported
  2. 2Policy replay & filter
  3. 3Merge → host SQLite
  4. 4Corpus refreshed

On-device learning

A continuous training loop fine-tunes a local LLM using your corpus. Hot-reload without restart. Weekly suggestions surface patterns, friction, and tool recommendations - evidence-backed and yours alone. Weights never leave the device.

Base model

LFM2-24B · Q4_K_M

MoE, ~2B active per token

Adapter

LoRA · rank 16

fine-tuned on your corpus

Hot-reload

< 300ms

no service restart

Suggestion cadence

Weekly digest

evidence-linked to events

Audit trail

Every VM lifecycle event, policy decision, merge operation, and training run is appended to a hash-chained, Ed25519-signed ledger. Tamper-evident. Independently verifiable. Compliance-ready.

#1824 vm.start session=af3e · policy=fintech-v3 3c8f…7b21
#1825 policy.allow egress=api.anthropic.com · rule=llm-allow 9a10…4e0c
#1826 policy.deny egress=paste.ee · rule=default-deny 0f44…2cd8
#1827 merge.ok events=412 · filtered=37 · corpus=host b63e…18a9
#1828 train.step adapter=v0.3.1 · loss=0.214 7f22…d4e5

Inference routing

Hardware-aware routing. Full local inference on capable hardware. Hybrid on mid-range. Kameas SaaS fallback on light hardware - previewed before anything leaves the device.

Local · Full M4 Pro+ · RTX 5090 · RTX 5080

Everything - observer, training, inference - runs on-device.

Local · Hybrid M2/M3 · RTX 4070 · Ryzen AI

Local for most work; SaaS fallback for long-context reasoning.

Kameas SaaS Light hardware · CI · fallback

Opt-in. Every call previewed. No logging of prompts or completions.

03 / Architecture

What's under the hood.

Three layers, one direction of data flow. The native app is the control plane. The host holds the corpus. The VM is ephemeral.

L0 Native App · Control Plane
UI ShellWails v2 · React
SessionsVM lifecycle
Policy EditorYAML · linted
Audit Viewersigned · verifiable
launches · signs · routes
L1 Host Machine · Corpus & Runtime
Observer daemonGo · fsnotifylive
Host SQLiteWAL · hash-chained
ML runtimellama.cpp
Training loopLoRA · continuous
reads corpus → writes adapters → hot-reload →
policy-enforced · filtered merge
L2 VM Sandbox · Ephemeral
VM observersame daemon, vsock
VM SQLitesession ledger
Workbench appsIDE · browser · term
Egress filterallow · deny · logenforced
Active & live Allow Deny (filtered) Metadata only

04 / Privacy

Built for engineers who read source code.

On your machine - always

Stays local. Non-negotiable.

  • All raw events from observer sources
  • Your workflow patterns and suggestions
  • Local model weights and LoRA adapters
  • AI interaction history and session ledgers
  • The full training corpus, forever

Can leave - opt-in only

You decide, per call, per policy.

  • Fleet telemetry - anonymous aggregate counts, no PII
  • Inference fallback - Kameas SaaS on light hardware
  • Every fallback call is previewed before sending
  • No prompts or completions are retained server-side
  • Policy gates every outbound byte at the egress filter

Read the code

The observer daemon is open source. The inference layer runs llama.cpp - also open source. "Trust us" is not the privacy model - "read the code" is.

05 / Enterprise

The product engineers love becomes the product that justifies the AI investment.

AI Adoption Analytics

Adoption tiers, session counts, tool mix. No individual attribution.

Velocity Correlation

Cycle time, friction events, pattern adoption - rolled up by team.

AI Cost Efficiency

Local vs. SaaS inference ratio, cost per developer, trend over quarters.

Compliance Posture

Policy coverage, egress-deny rates, audit integrity checks.

The fleet layer deploys on your infrastructure. No data flows through Kameas servers. Engineering leadership gets the dashboard. Engineers keep full individual control.

Open source

Kenaz

Free

Apache 2.0 · single user

  • Full workbench & observer
  • VM sandbox with policy-as-code
  • On-device learning & suggestions
  • Cryptographic audit trail
  • Community support
Join the waitlist

Enterprise

Kenaz Enterprise

Per seat · annual

Deployed on your infrastructure

  • Everything in open source
  • Fleet Reporter & Leadership dashboard
  • Centralized inference routing policy
  • Model allowlisting & SSO
  • Priority support & SLA
Talk to us

06 / Open Source

One engineer. 14 years in fintech. Open source.

Kenaz is being built in public. The daemon, observer, audit layer, and VM plumbing are Apache 2.0 from day one.

Layer Technology Why
App framework Wails v2 · Go + React/TS Native desktop, single binary, no Electron.
Local store SQLite · WAL · go-sqlite3 Zero-config, concurrent reads, cryptographic chain.
Inference llama.cpp · LFM2-24B Q4_K_M Managed local inference, MoE, ~2B active.
VM sandbox KVM · QEMU · QCOW2 Ephemeral isolation, policy-enforced egress.
Audit Ed25519 · SHA-256 chain Tamper-evident, independently verifiable.
Policy YAML · Go enforcer Declarative, version-controlled, auditable.
Fleet Go · Helm Deployable on customer infrastructure.

07 / Waitlist

Kenaz is in active development.

Join the waitlist for early access, or talk to us about enterprise.

No spam, no marketing blasts. Updates only when there's something worth saying.

You're on the list.

Check your inbox for confirmation. We'll be in touch as Kenaz ships.