Skip to main content
TripleBits Apprentice - Software for Agents

Menu

Sign In Register

What Local-First Means For Data

Understand Apprentice local-first data ownership, what stays local, and how model, MCP, integration, browser, and tool traffic follow configured providers and services.

17 views

What Local-First Means For Data

Apprentice is a local-first desktop app.

That means the app, agent configuration, runtime control, database, tasks, schedules, memory, permissions, integrations, notifications, activity, and audit records are owned from your machine instead of a hosted agent service.

It does not mean every model call or integration call stays on your machine.

Local App Data

Apprentice stores application state locally.

Local app data includes:

  • Agent configuration.
  • Provider settings and account references.
  • Runtime settings.
  • Permissions.
  • Budgets.
  • Schedules.
  • Tasks.
  • Memory and knowledge metadata.
  • Integration records.
  • Notifications.
  • Activity and run history.

Production data lives under the user's Apprentice data directory.

Development data lives under the repository's .devdata directory.

Model Traffic

Model traffic follows the provider selected for the agent.

If the agent uses a local runtime such as Ollama, LM Studio, or Docker Model Runner, model calls go to that configured local service.

If the agent uses a cloud API provider, prompts and relevant context are sent to that provider API.

If the agent uses a CLI or subscription provider, traffic follows that provider's account and service behavior.

Do not describe Apprentice as "nothing leaves your machine" unless you are specifically talking about local app data or a local model runtime.

Tool And Integration Traffic

MCP tools and integrations have their own behavior.

Examples:

  • A local MCP server may stay on the machine.
  • An external MCP server may call an external service.
  • A Slack, Discord, Telegram, WhatsApp, Signal, Twitch, Email, or webhook integration communicates with that external service.
  • A browser automation task may visit external websites.

Use permissions, capabilities, channel subscriptions, and guardrails to control this surface.

Filesystem Access

Agents do not automatically receive access to your entire filesystem.

You choose:

  • Primary directory.
  • Mounted host folders.
  • Read-only or read-write volume mode.
  • Filesystem capability.
  • Permission mode.

Use read-only mounts for inspection and read-write mounts only where edits are intended.

Runtime Control

Apprentice uses Docker for agent execution. Runtime decisions are owned by the backend, including provider resolution, credentials, permissions, guardrails, queueing, and audit events.

The frontend sends user intent and displays backend-owned state.

Practical Rule

Use this wording:

App data and runtime control are local. Model and tool traffic follow the providers, runtimes, MCP tools, and integrations you configure.

That is the accurate local-first promise.

Next Step

Review Docker runtime isolation to understand where agents run and how folder mounts work.