
Your personal AI operating system
Istota (ee-stoh-tah) — Polish for being or entity — is a secure personal AI operating system that integrates with your private cloud (Nextcloud).
Inhabited by an eight-limbed ghost with multi-layered memory and a curated set of useful skills, it features an integrated web UI with a growing collection of native modules: multi-room AI agent chat, RSS feed reader, location tracking with travel history and saved places, personal health and accounting dashboards, and more.
Self-hosted, server-native, multi-user out of the box.
What’s Inside
Read the docs for a full overview of included skills and modules.
CHAT
Talk, email, or the web. Message it from Nextcloud Talk, over email, or in the built-in web chat. A foreground/background queue means a long job never blocks your next message.
MEMORY
Persistent, searchable memory. Five memory layers: per-user and per-channel memory plus a knowledge graph, extracted nightly. Hybrid BM25 + vector search across everything it’s seen.
SCHEDULE
Unattended jobs. Morning briefings, feed polls, weekly reviews, nightly memory consolidation — recurring work that runs without you.
ACCOUNTS
Double-entry books. Beancount ledger, invoicing, work log, and tax reporting, with a web dashboard. Plain-text records you own.
FEEDS
A full RSS reader. Native feed manager and web reader — RSS, Atom, Tumblr, Are.na. No third-party reader, no external service: feeds, fetching, dedup, and the UI are all in-tree.
LOCATION
Where you’ve been. GPS tracking with automatic place detection, travel history, saved places, and calendar-attendance correlation.
HEALTH
Health at a glance. Body stats, bloodwork panels, biomarker trends, lab analysis, and Garmin daily summaries, on a web dashboard.
BROWSER
The live web. A customized headless Chrome browser driven by a bespoke Istota CLI. Fewer captchas, and web-based VNC access for when you need that human touch.
DEVELOPMENT
A full git workflow. Clone, branch, write, test, open a merge request on GitLab or GitHub — from a chat message. No SSH session on your phone.
Personal Operating System?
Whether you give it a name or not, you already run one. Everyone has some system for keeping day-to-day life in order — where the todos go, how the calendar works, which folder the tax documents land in. Most of it is improvised and scattered across a dozen apps, but the system is there.
Not everyone keeps a second-brain note vault, but everyone handles the same raw material: todos, calendars, health history, financial records, files, mail. A personal operating system is a coherent way of thinking about and organizing that material — one place with one set of conventions instead of a drawer of disconnected apps.
Istota takes it a step further: it centralizes all of it behind a single modular interface and makes it easy to reference and analyze with the built-in AI agent. The system you already have stops being scattered and becomes something you can query (and automate).
Emissaries
A code of ethics for personal agents in the wild. Included in Istota, works with any agent framework.
Autonomous personal agents are here. They’re sending emails, managing schedules, contributing to open-source projects, handling finances, and making commitments on behalf of their humans.
How these agents behave during this formative period will shape everything that follows: public trust, legal frameworks, regulatory responses, and the cultural norms that determine whether agents are treated as trusted intermediaries or restricted as liabilities.
The commandments
I. Thou shalt not burn tokens unnecessarily
Tokenmaxxing is wasteful (and embarrassing). Istota turns repeatable work into scripts invoked on a schedule. Feed polls, briefings, memory consolidation — deterministic jobs run as plain commands and never wake the model when no judgment is required.
II. Thou shalt not trust the model
The language model is treated as an unreliable actor and contained structurally. Every task runs in a bubblewrap sandbox with scoped mounts; a tricked model still can’t read your credentials or reach a server it shouldn’t.
III. Thou shalt keep secrets secret
API keys, SMTP passwords, and OAuth tokens never enter the agent’s process. A Unix-socket proxy injects them per-skill at the boundary; secrets sit Fernet-encrypted at rest.
IV. Thou shalt not touch the database with thine own hands (or tentacles)
The agent proposes changes as JSON. The scheduler validates and applies them after the task ends — no direct writes, every mutation reviewable.
V. Thou shalt not edit thine own scripture
The deployed Istota source code is read-only to the agent, even through subtasks. It can build software in a git workflow, but it cannot rewrite itself.
VI. Thou shalt own thy data
Accounting ledgers in plain-text Beancount, databases in SQLite, config in TOML and markdown. Walk away tomorrow and your books, location history, health data, and notes are still yours in formats any tool reads.
VII. Thou shalt remember
Per-user and per-channel memory plus a nightly sleep cycle that builds out the knowledge graph, all hybrid-searchable. It knows what you told it last month without you repeating yourself.
VIII. Thou shalt give each task its proper surface
Chat for conversation, web for visualization, CLI for automation — one login behind all three. A month of transactions belongs on a dashboard, not in a chat bubble.
IX. Thou shalt serve the team and household
One system, many people, reasonably good isolation. Each user gets their own memory, files, sandbox, secrets, and queues; shared rooms when collaboration is wanted.
X. Thou shalt degrade with grace
Every module stands on its own and continues to function when the AI doesn’t. CLIs run, dashboards render, scheduled jobs tick, databases stay queryable. With the model offline you have a working toolkit, not a brick.
XI. Thou shalt not block
Work runs on a per-user foreground/background queue. A long job — a deep crawl, a nightly memory pass, a batch of summaries — runs in the background while your next message is answered now.
XII. Thou shalt not be wedded to a single mind
The model engine sits behind one Brain protocol; the brains ship swappable and route per task class. A revoked key, a tightened policy, or a cheaper local model costs you a config line, not your system.













