What is Torbo Base™?

Torbo Base is a local-first AI gateway that runs on your Mac (or Linux/Docker) and gives you a private, powerful command center for AI. It connects your favorite language models — local or cloud — to your files, calendar, email, browser, code, and messaging platforms, all through a single unified interface.

Think of it as your personal AI operations hub: one server that handles everything, keeps your data on your machine, and never phones home.

Built by Michael David Murphy and Orion at Perceptual Art LLC. Designed for individuals and teams who want AI power without sacrificing privacy.

How It Works

The gateway runs as a lightweight server on your Mac (or in Docker on any machine). It exposes an OpenAI-compatible API on your local network, so any device — your phone, tablet, another computer, or a browser — can connect to it.

Install — Download for Mac or deploy via Docker on Linux
Configure — A guided 6-step setup wizard walks you through everything
Connect — Use any OpenAI-compatible client or the built-in web chat at http://your-ip:4200/chat

Architecture

┌─────────────────────────────────────────────────┐
│  YOUR DEVICES                                    │
│  Phone · Laptop · Browser · Any OpenAI client    │
└────────────────────┬────────────────────────────┘
                     │  Local network / Tailscale
                     ▼
┌─────────────────────────────────────────────────┐
│  TORBO BASE™  (port 4200)                        │
│  ┌──────────┐ ┌──────────┐ ┌──────────────────┐ │
│  │  Model   │ │  Tool    │ │  Memory System   │ │
│  │  Router  │ │  Engine  │ │  (3-layer + Army) │ │
│  └────┬─────┘ └────┬─────┘ └──────────────────┘ │
│       │             │                            │
│  ┌────┴─────────────┴─────────────────────────┐  │
│  │  Channel Bridges · Task Queue · Agents        │  │
│  └────────────────────────────────────────────┘  │
└────────────────────┬────────────────────────────┘
                     │  Your API keys
                     ▼
┌─────────────────────────────────────────────────┐
│  AI PROVIDERS                                    │
│  Ollama (local) · Claude · GPT · Gemini · Grok   │
└─────────────────────────────────────────────────┘

Gateway Server — HTTP server (port 4200) that routes requests to the right model, executes tools, manages memory, and streams responses via SSE
Model Router — Automatically routes to Ollama (local), Anthropic, OpenAI, Google Gemini, or xAI based on the model name in your request
Tool Engine — 30+ built-in tools plus unlimited MCP tools from third-party servers
Memory System — Three-layer memory architecture: vector embeddings (SQLite), structured JSON, and a background Memory Army that learns from every conversation
Channel Bridges — Bidirectional messaging bridges to Telegram, Discord, Slack, WhatsApp, and Signal
Task Queue + Agents — Background agents that can be assigned tasks, delegated work, and operate autonomously

Cross-Platform

Platform	Details
macOS	Native SwiftUI app with menu bar presence, Keychain integration, and full system access
Linux / Docker	Headless mode with SwiftNIO networking, file-based secrets, and graceful signal handling
Docker	Multi-stage build, health checks, runs as non-root user, production-ready

Setup Wizard

A guided 6-step setup that takes about 2 minutes:

Local Inference — Detects Ollama or guides installation
Starting Model — Pull your first local model
Access Level — Configure the security dial
Cloud Providers — Enter API keys (optional — skip if local-only)
Voice & Image — Configure ElevenLabs and image generation (optional)
Remote Access — Set up Tailscale for anywhere access (optional)

Multi-Model AI Gateway

OpenAI-Compatible API

The gateway speaks the OpenAI API format natively. Any client that works with OpenAI works with Torbo Base — no code changes needed. Just point it at your local IP.

Endpoint: POST /v1/chat/completions (streaming SSE)
Models endpoint: GET /v1/models
Full streaming support with Server-Sent Events

Supported Providers

Provider	Models	API
Ollama (Local)	Any model you pull — Llama, Qwen, Mistral, Phi, CodeLlama, Gemma, etc.	Local, free, no API key
Anthropic	Claude Opus, Sonnet, Haiku	Cloud, API key required
OpenAI	GPT-4o, GPT-4 Turbo, o1, o3	Cloud, API key required
Google	Gemini Pro, Gemini Ultra	Cloud, API key required
xAI	Grok	Cloud, API key required

Intelligent Routing

The model name in your request determines where it goes:

claude-* or anthropic → Anthropic API
gpt-*, o1-*, o3-* → OpenAI API
gemini-* → Google Gemini API
grok-* → xAI API
Everything else → Local Ollama

Automatic Format Conversion

Torbo Base automatically converts between OpenAI, Anthropic, and Gemini message formats — including tool calls, vision/multimodal content, and streaming deltas. You send OpenAI format, Torbo handles the rest.

Ollama Integration

Auto-detection — Finds Ollama on your system automatically
Auto-start — Launches ollama serve if it's installed but not running
Model management — Pull, list, and manage models from the dashboard
Embedding model — Uses nomic-embed-text (768-dimensional vectors) for the memory and RAG systems

30+ Built-in Tools

Every tool is gated by the access level system — agents can only use what you allow.

Available at All Access Levels

Tool	Description
`web_search`	Search the web via DuckDuckGo (no API key needed)
`web_fetch`	Fetch and convert any web page to clean text
`generate_image`	Generate images via DALL-E 3
`search_documents`	Semantic search across all ingested documents (RAG)
`create_workflow`	Create multi-step AI workflows
`create_task`	Create and assign tasks to crew members
`list_tasks`	View the task queue
`complete_task`	Mark tasks as done

Read Access (Level 2+)

Tool	Description
`browser_navigate`	Navigate a headless Chromium browser to any URL
`browser_screenshot`	Capture page screenshots
`browser_extract`	Extract text content and links from pages
`list_events`	List upcoming calendar events
`check_availability`	Find free time slots on your calendar

Write Access (Level 3+)

Tool	Description
`browser_interact`	Click, type, scroll, and interact with web pages
`create_event`	Create calendar events

Execute Access (Level 4+)

Tool	Description
`run_command`	Run approved shell commands
`execute_code`	Execute Python, JavaScript, or Bash in a sandbox
`execute_code_docker`	Execute code in an isolated Docker container

Full Access (Level 5)

Tool	Description
`check_email`	Check unread emails in Apple Mail
`read_email`	Read email content
`draft_email`	Create email drafts (never auto-sends)
`capture_screen`	Capture your screen
`git_branch`	Create and switch git branches
`git_commit`	Stage and commit changes
`git_revert`	Revert to last commit
`build_dmg`	Build macOS DMG installers
`xcode_build_deploy`	Build and deploy iOS apps via Xcode

MCP (Model Context Protocol)

The gateway is a fully-featured MCP host. Connect any MCP server and its tools become available to your AI agents automatically.

Protocol version: 2025-11-25
Transport: stdio (child process pipes)
Wire format: JSON-RPC 2.0
Dynamic tool discovery — tools from connected MCP servers appear alongside built-in tools
Hot reload — handles tools/list_changed notifications for live updates
Config file: ~/Library/Application Support/TorboBase/mcp_servers.json

Example Configuration

{
  "servers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@anthropic-ai/mcp-filesystem"],
      "env": {}
    }
  }
}

Three-Layer Memory System

Your AI remembers. Not in the cloud — on your machine.

Layer 1: Vector Memory (SQLite)

Embeds every important exchange using nomic-embed-text via Ollama
Cosine similarity search with importance-weighted ranking
Categories: fact, conversation, identity, project, episode
Hybrid search: keyword pre-filter + embedding-ranked results
Automatic deduplication via content hashing

Layer 2: Structured Memory (JSON)

Identity — Who the AI is (name, personality, voice style)
User — Who you are (name, location, preferences, family)
Knowledge — Facts (capped at 200, auto-compressed), projects with status
Working — Current topic, recent topics, pending tasks

Layer 3: Memory Army (Background Workers)

Worker	Role	Schedule
Librarian	Extracts memories and creates episode summaries	After every exchange
Searcher	Retrieves relevant memories before each LLM call	Before every request
Repairer	Deduplicates, compresses old memories, decays importance	Every 2 hours
Watcher	Health monitor, checks system responsiveness	Every 5 minutes

How It Works

Before each request: The Memory Router searches all three layers and injects relevant context into the system prompt
After each response: New information is automatically extracted and indexed
Over time: The Memory Army compresses, deduplicates, and maintains the knowledge base

RAG (Retrieval-Augmented Generation)

Supported Formats

Documents: PDF, plain text, Markdown
Code: Swift, Python, JavaScript, TypeScript, Go, Rust, Java, C, C++, Ruby, PHP, CSS, HTML, JSON, YAML, TOML, XML, SQL, Shell, Dockerfile (20+ languages)
Folder ingestion: Recursive, auto-skips .git, node_modules, .build

How It Works

Extract — Text extraction from PDFs (PyMuPDF → pdfminer → strings fallback chain)
Chunk — Split into ~500-token chunks with 100-character overlap
Embed — Generate vectors via nomic-embed-text
Store — SQLite database with cosine similarity search
Search — search_documents tool available to all agents at any access level

Workflow Engine

Create multi-step AI pipelines from natural language.

Natural language decomposition — Describe what you want, the gateway breaks it into steps
Auto-assignment — Each step is routed to the best-fit model by keyword matching
Context cascading — Output from each step flows into the next as context
Dependency tracking — Steps execute in order with proper dependency management
Persistent — Workflows survive restarts

Example: "Research the latest Swift concurrency patterns, write a technical summary, then review it for accuracy" → step 1 researches → step 2 writes → step 3 reviews

Task Queue

Features

Priority levels: Low, Normal, High, Critical
Dependency tracking between tasks
Auto-cancellation of dependent tasks on failure
Context injection from completed dependencies

ProactiveAgent (Autonomous Execution)

When enabled, the ProactiveAgent checks the task queue every 30 seconds and autonomously executes tasks:

Simple tasks → Local 7B model (free, instant)
Medium tasks → Local 14B model (free, good quality)
Complex tasks → Cloud models (Claude Sonnet, GPT-4o)

Messaging Channel Bridges

Connect the gateway to your messaging platforms. Messages flow bidirectionally — receive messages, process through your AI, respond automatically.

Platform	Protocol	Features
Telegram	Bot API, long polling	Bidirectional, Markdown formatting
Discord	Bot API v10	Bidirectional, 2000-char message splitting
Slack	Web API	Bidirectional, thread support, 4000-char handling
WhatsApp	Business Cloud API v18.0	Webhook-based inbound, REST outbound
Signal	signal-cli REST API	Polling-based, privacy-focused

Broadcast

Send a single message to all active channels simultaneously via POST /v1/channels/broadcast.

Code Execution

Process Sandbox

Languages: Python, JavaScript (Node.js), Bash
Timeout: 30 seconds default, 120 seconds max
Network: Disabled by default
Output limit: 100K characters
File detection: Automatically captures generated files
Auto-cleanup: Sandboxes cleaned after 1 hour

Docker Sandbox

Maximum isolation for untrusted code:

Read-only filesystem (except /tmp and working directory)
No new privileges — cannot escalate permissions
All capabilities dropped — minimal kernel access
PID limit of 50 — fork bomb protection
Configurable memory and CPU limits
Network disabled by default
Optional GPU passthrough for ML workloads
Auto-fallback to process sandbox if Docker is unavailable

Browser Automation

Full headless browser control via Playwright (Chromium):

Action	Description
`navigate`	Go to any URL
`screenshot`	Capture full page screenshots
`click`	Click elements by CSS selector
`type`	Type text into inputs
`extract`	Extract page text and links
`evaluate`	Execute arbitrary JavaScript
`waitFor`	Wait for elements to appear
`scroll`	Scroll the page
`select`	Select dropdown options
`pdf`	Generate PDF of the page

Auto-installs Chromium on first use. Sessions auto-clean after 30 minutes.

Calendar Integration

Full calendar access on macOS via EventKit:

List events by date range
Today's events shortcut
Check availability (is a time slot free?)
Find free slots (minimum duration configurable)
Create events with calendar selection, location, and notes
List all available calendars

Email Integration (macOS)

Secure email access via Apple Mail:

Check unread emails (configurable mailbox and limit)
Read full email content (auto-marks as read)
Draft emails (saved as drafts — never auto-sent for safety)

Safety: Email drafts are created but never auto-sent. You must manually review and send every email.

Webhooks & Scheduler

Webhooks

Trigger tasks, workflows, or notifications from external events
HMAC signature verification for security
Example: GitHub push → SiD reviews the code

Scheduled Events

Interval — Every N seconds
Daily — Every day at a specific time
Weekdays — Monday through Friday
Weekly — Specific day and time

Scheduled events create tasks in the queue for automatic execution.

Voice & TTS

Text-to-Speech

Primary: ElevenLabs API (eleven_turbo_v2_5 model) — high-quality, natural voices
Fallback: OpenAI TTS (tts-1 model)
Endpoint: POST /v1/audio/speech

Speech-to-Text

OpenAI Whisper API (whisper-1 model)
Endpoint: POST /v1/audio/transcriptions

Web Chat

A built-in web chat interface served at http://your-ip:4200/chat:

No app install needed — works in any browser
Dark theme matching the desktop aesthetic
Model selector dropdown
Streaming responses with SSE
Markdown rendering with code syntax highlighting
Responsive layout for any screen size

Dashboard (macOS)

A 5-tab control center:

Tab	What It Shows
Home	Interactive orb visualization, access level control, system status with health checks
Models	Ollama model management — pull, list, view details
Sessions	Conversation history and session viewer
Security	Audit log, access control, paired device management
Settings	Server configuration, API keys, system prompt, channel configuration

Menu Bar

Torbo Base lives in your menu bar for quick access:

Status indicator with mini orb
Server address and client count
Quick actions: Open Dashboard, Open Web Chat, Kill Switch
Ollama status at a glance

Six-Tier Access Control

A color-coded six-tier dial controls what your AI agents can do. Each level unlocks progressively more capability, from completely off to full system autonomy:

Level	Color	Name	What's Allowed
0	Gray	OFF	Kill switch — nothing gets through
1	Green	CHAT	Conversations only, no system access
2	Cyan	READ	Chat + read files, browse web, view calendar
3	Yellow	WRITE	Read + write files, create calendar events, interact with browser
4	Orange	EXEC	Write + run shell commands, execute code, manage webhooks
5	Red	FULL	Everything — email, screen capture, git, builds (requires confirmation)

Kill Switch

One tap to shut everything down. Saves your previous level and restores it when you re-enable.

Full Access Confirmation

Level 5 requires an explicit confirmation dialog — no accidental escalation.

Per-Agent Levels

Each agent has an individual access level, capped by the global level. One agent might have full access while another only has read access.

Authentication

Token System

32-byte cryptographically random tokens generated via platform-secure random (SecRandomCopyBytes on macOS, /dev/urandom on Linux)
Base64-encoded, URL-safe
Stored in macOS Keychain (kSecAttrAccessibleWhenUnlockedThisDeviceOnly) or encrypted file on Linux
Token rotation available at any time

Device Pairing

Pairing code: 6 alphanumeric characters (ambiguous characters I, O, 0, 1 excluded)
5-minute expiry — codes become invalid after 5 minutes
Single-use — each code works once
Permanent token — successful pairing issues a long-lived Bearer token
QR code — scan to pair instantly

Rate Limiting

Per-IP tracking: 60 requests per minute (configurable). HTTP 429 response when exceeded.

Audit Logging

Every request is logged:

Timestamp
Client IP address
HTTP method and path
Required access level for the endpoint
Whether access was granted or denied
Detail message

Privacy: Audit logs are stored in memory only (max 500 entries) — never written to disk, never sent anywhere.

Command Safety

Core File Protection

15+ critical files are locked — AI agents cannot modify:

GatewayServer.swift, Capabilities.swift, AppState.swift, TorboBaseApp.swift, KeychainManager.swift, PairingManager.swift, ConversationStore.swift, TaskQueue.swift, ProactiveAgent.swift, and more.

Command Threat Classification

Threat Level	Examples	Action
Blocked	Fork bombs, `rm -rf /`, `mkfs`, `dd`	Rejected immediately
Destructive	`rm`, `sudo`, `git push --force`, `git reset --hard`	Requires highest access level
Moderate	File write operations	Requires write access level
Safe	Read-only commands (`ls`, `cat`, `grep`)	Allowed at execute level

Protected System Paths

These directories can never be modified: /System, /Library, /usr, /bin, /sbin, /Applications

Automatic Backups

Files are backed up to ~/.torbo-backup/ before any modification by an AI agent.

Directory Sandboxing

Each agent can be scoped to specific directories. By default: ~/Desktop, ~/Documents, ~/Downloads.

Privacy Filter

AI-powered PII redaction before any cloud API call:

Four Filter Levels

Level	Description
Off	No filtering
Basic	Emails, phone numbers, SSN, credit cards
Standard (default)	Basic + addresses, names, ZIP codes, IP addresses
Strict	Standard + account numbers, routing numbers, medical record numbers

How It Works

Detect — Regex-based PII detection across 12+ categories
Redact — Replace with unique reversible placeholders
Send — Cloud API sees only redacted content
Restore — PII is re-inserted into the response before you see it

Works across OpenAI, Anthropic, and Gemini request formats automatically.

Code Execution Safety

Process Sandbox

30-second default timeout (120s max)
Network access disabled by default
100K character output limit
10MB file size limit
Auto-cleanup after 1 hour

Docker Sandbox

Read-only filesystem (except /tmp)
All Linux capabilities dropped
No privilege escalation possible
PID limit of 50 (fork bomb protection)
Configurable memory limits (default 256MB)
Configurable CPU limits
Network disabled by default

Network Security

Local-Only by Default

The server binds to 0.0.0.0:4200 on your local network. It is not exposed to the internet unless you choose to set up Tailscale or port forwarding.

Tailscale (Optional Remote Access)

End-to-end encrypted mesh VPN
No port forwarding needed
No firewall changes needed
Tailscale never sees your data
Free for personal use

CORS

Full CORS support (Access-Control-Allow-Origin: *) for browser-based clients.

Privacy Policy

We collect nothing. Zero. No data leaves your device.

What	Where It Lives
API tokens	macOS Keychain (encrypted, per-device) or Linux encrypted file
Conversations	Local JSONL files on your machine
Memory vectors	Local SQLite database
Documents (RAG)	Local SQLite database
Configuration	Local UserDefaults / JSON files
Audit logs	RAM only (max 500 entries, never persisted to disk)

What We Don't Do

No telemetry
No analytics
No crash reports
No device identifiers
No tracking of any kind
No data sent to Torbo servers (there are none)
No third-party SDKs that phone home

Cloud Interactions

Cloud API calls only happen when you:

Explicitly enter an API key
Explicitly choose a cloud model
Send a message

The privacy filter redacts PII from cloud requests by default.

Safety Rails

Git safety: Branch names auto-sanitized, git_revert provides a safety net, git tools only at Full Access
Email safety: Drafts are created but never auto-sent. You must manually review and send every email.

Compliance

The zero-collection architecture aligns with:

GDPR (EU)
CCPA/CPRA (California)
COPPA (Children's privacy)
PIPEDA (Canada)
LGPD (Brazil)
POPIA (South Africa)
Apple App Store Guidelines

There is nothing to comply with when you collect nothing.

Security Summary

Feature	Detail
Access control	Color-coded 6-tier dial with per-agent granularity
Authentication	32-byte cryptographic tokens, Keychain-stored
Device pairing	6-char codes, 5-min expiry, single-use, QR support
Rate limiting	60 req/min per IP
Audit logging	Every request logged (RAM only)
File protection	15+ core files locked, system paths protected
Command safety	Threat classification, blocked dangerous commands
Auto-backup	Files backed up before AI modification
Directory sandbox	Per-agent directory scoping
Privacy filter	PII redaction before cloud calls (4 levels)
Code sandbox	Process isolation with timeouts and limits
Docker sandbox	Read-only FS, no privileges, PID/memory/CPU limits
Data storage	100% local — Keychain, SQLite, JSON, JSONL
Telemetry	Zero. None. Nothing.
Network	Local-only by default, optional Tailscale encryption
Email safety	Drafts only — never auto-sends
Kill switch	One tap to disable everything

Get Torbo Base™

macOS 13+ · Linux / Docker · Apple Silicon & Intel · Apache 2.0

Download .dmg View Source