Executive summary
AssistantGeneral is a local-first agentic AI platform that runs on standard desktop hardware (Windows or macOS) and, for organisations, ships with a complete governance control plane. The platform is designed around one constraint: capability should never require sending data off the customer's infrastructure.
This document describes the inference architecture, the agent execution loop, the retrieval system, the data connector model, and the enterprise governance layer — in enough detail to support a security review and a deployment plan.
Deployment model
AssistantGeneral installs as a desktop application with an embedded local server process. There is no mandatory external service: inference, retrieval, and tool execution all happen on the host machine. Cloud model providers are integrated as opt-in routes selected per request, never as a default dependency.
- Single-user installs run entirely standalone — no network calls required
- Enterprise and Government editions add a self-hosted admin control plane on infrastructure you operate
- No Royal Softworks-operated service sits in the runtime data path
Inference layer
The default inference engine is llama.cpp, running any GGUF-format model fully offline. This covers Llama, Mistral, Qwen, Phi, Gemma, DeepSeek and most open-weight model families. For tasks that benefit from a larger frontier model, the platform supports one-click routing to nine cloud providers — Anthropic, OpenAI, Google Gemini, xAI, Groq, Mistral, DeepSeek, Together AI and OpenRouter — or any OpenAI-compatible endpoint.
Multiple local machines or GPUs can be pooled into a single routed cluster, distributing inference load across available hardware without any single point depending on external compute.
The agent execution loop
Rather than a single forward pass, every request runs through a structured pipeline: plan, retrieve, act, verify, review, finish. The planning stage decomposes the request into steps before any tool runs. Retrieval pulls grounding context from the knowledge base. Acting invokes tools — file operations, document generation, connector queries, workflow steps — under policy control. A groundedness gate checks every substantive claim against a retrieved source before the response is finalised, and a review pass re-reads the output looking for errors before it reaches the user.
This loop is the basis for the platform's reliability claims: outputs are gated on verification rather than produced in a single uncontrolled generation step.
Retrieval architecture
Documents are indexed locally into a LanceDB vector store. Retrieval is hybrid: dense vector similarity and sparse keyword search are computed independently and fused using Reciprocal Rank Fusion, then the merged candidate set is reranked with a cross-encoder and diversified with Maximal Marginal Relevance to reduce redundant chunks. Recency weighting biases toward newer documents when relevant.
Ingestion supports PDF (including OCR for scanned pages), Word, Excel, CSV, plain text, Markdown, HTML, and YouTube transcripts. Beyond flat retrieval, a knowledge graph layer extracts entities and relationships from ingested documents, enabling multi-hop reasoning across connected facts rather than single-passage matching. Organisations can maintain multiple separate knowledge bases with independent access policies.
Data connectors and external action
Twenty-plus built-in connectors provide read-only synchronisation from common enterprise sources: AWS S3, Azure Blob Storage, Google Cloud Storage, Dropbox, OneDrive, PostgreSQL, MySQL, SQLite, Google Workspace, Microsoft 365, Confluence, Notion, and a configurable web crawler. Database connectors enforce read-only query validation before execution.
Beyond ingestion, Model Context Protocol (MCP) support allows the agent to both read from and act within connected systems — Slack, Microsoft Teams, Discord, Notion, Jira, Confluence, GitHub, GitLab, Linear and HubSpot — under the same policy engine that governs every other tool. The platform can also run as an MCP server, exposing its own capabilities to other MCP-compatible clients, and as an MCP client connecting to custom internal servers.
Document generation
Office document generation runs inside a sandboxed Python (Pyodide/WASM) execution environment with no filesystem access beyond its working sandbox and no network access. Generated .xlsx, .docx and .pptx files are produced with real, computed values — not descriptions of a document. After generation, the platform re-opens the file, audits it for formula errors, placeholder text and broken references, and applies automatic repair before returning it to the user.
Enterprise governance
Enterprise and Government editions add a control plane: an administrator console, identity integration, and centrally enforced policy. Identity flows through OIDC or SAML single sign-on, with SCIM for automated user and group provisioning. A granular role-based access policy is pushed to every managed client and enforced locally on that client — controlling which models, tools, workflows, connectors, data sources and UI surfaces each group may use.
Every governed action is recorded to a fleet-wide, append-only audit log aggregated at the admin console, giving compliance and security teams a single point of visibility across every deployed instance without any of the underlying data leaving customer infrastructure.
Data protection
Sensitive local state is encrypted at rest using AES-256-GCM. An optional PIN lock protects the application itself on shared or unattended machines. Tool execution passes through a three-tier permission model and a sandboxed working directory, so file and shell operations are scoped and confirmable rather than unrestricted. There is no mandatory telemetry: the platform does not phone home, and no background process reports usage data externally.
Compliance posture
Because data processed locally never transits Royal Softworks infrastructure, AssistantGeneral does not establish a data-processor relationship under GDPR for that processing, and no Data Processing Agreement is required for locally-run deployments. The architecture supports air-gapped and network-restricted environments without modification: after installation, every core capability — inference, retrieval, tool execution, workflows and voice — operates without an outbound network connection. The Government edition packages this posture with the full control plane for sovereign deployment.