Jas — Local-first AI for legal professionals

The challenge

Legal teams want what everyone else is getting from AI — faster drafting, smarter research, meaningful automation — but they can't afford the tradeoffs that come with cloud-first assistants. Confidential client data can't leave the firm's boundary. Every action needs a human on the hook. Every decision needs to be explainable and reviewable after the fact.

Jas set out to resolve that tension: a genuinely useful, agentic AI platform that holds to the standards legal work actually demands. Nothing leaves the device without explicit consent. Every step is auditable. Every action is gated behind visible human approval.

What we built

A local-first AI system architected around three pillars that define Jas's operating doctrine: keep sensitive work inside the firm's boundary, treat AI as a system with checkpoints rather than a magic prompt box, and make the path from intent to action as disciplined as the product itself.

The result is an architecture purpose-built for legal workflows — retrieval, drafting, review, execution — rather than a generic assistant retrofitted with guardrails.

Security architecture

Privacy isn't a feature toggle in Jas — it's the foundation that makes the rest defensible. Every layer enforces data sovereignty:

• AES-256-GCM encryption applied individually to every database, credential store, and audit entry using purpose-derived keys. Compromising one store reveals nothing about the others.
• Local-first daemon running entirely on the firm's hardware. No cloud dependency, no telemetry, no external server access to client data.
• Zero-knowledge memory powered by local embeddings that never leave the device. Semantic search across matter history and working context is fully on-device.
• Tamper-evident audit trail using cryptographically chained logs. Every decision Jas makes is recorded in a verifiable, append-only ledger — ready for internal review or regulatory inspection.

Operating model

Rather than depending on a single model and a single prompt, Jas orchestrates specialized models through a three-phase pipeline that mirrors how legal work actually flows:

1. Classify the work — The request is parsed and separated into its real components: retrieval, drafting, review, and execution. Each piece is wrapped in a secure envelope with the minimum context it needs.
2. Deliberate in bounded steps — A primary orchestrator decomposes the task into a dependency graph of subtasks, tagging each with the required approval level and the model best suited to handle it. Specialized workers reason within strict trust boundaries.
3. Require visible approval — Nothing consequential happens without a human on the hook. Results are validated, surfaced for review, and gated behind explicit consent before any action touches the outside world.

The outcome is smarter plans, safer execution, and results the firm can actually defend.

Approval-gated execution

Jas doesn't just converse — it acts. A growing set of tools lets it work against the firm's filesystem, browser, inbox, and system shell, and every action is gated behind explicit user consent.

• Web intelligence — Full browser sessions for navigation, search, and extraction from live sources. Every page retrieval is logged.
• Communications — Draft, review, and send messages on the user's behalf. Nothing leaves the outbox unreviewed.
• File operations — Read, write, organize, and manage matter files with path-level security boundaries enforced by default.
• System access — Command execution in isolated, resource-limited environments with full namespace and process isolation.
• Learnable skills — A procedural skill system that lets Jas adapt to the firm's workflows without drifting outside its trust boundaries.

Built for legal workflows

Four signals define Jas for its audience:

• Local-first by default — The deployment posture, not an optional mode.
• Approval-gated execution — People stay in the loop on any action with consequences.
• Audit-friendly behavior — Every decision is legible after the fact.
• Built around legal work — Retrieval, drafting, review, and execution as first-class primitives, not generic chat.

Design and identity

The visual language is dark, minimal, and confident — a near-black palette with sharp typographic hierarchy and generous whitespace. Numbered section markers and italic emphasis create a rhythm that feels editorial rather than corporate. The overall aesthetic communicates security and precision without feeling cold, reinforcing the product's core promise: local-first, encrypted, sovereign.