Personal agents / private apps / field notes

MJGIVAI

Malcolm Graham's working lab for personal agents, private app builds, OpenClaw experiments, secure AI systems, and practical web tools that prove what is actually useful.

Now

Current signal

Things on the bench.

Building

Daily Agenda project history

Recording how a private agenda app moves from local signals to TestFlight, including the mistakes and privacy lessons along the way.

Read the build history
Exploring

Personal agents and OpenClaw

Testing how small specialized agents can coordinate, remember, and help with real work.

Collecting

Web experiments worth studying

Interactive explanations, useful personal sites, and interfaces that make the web feel handmade again.

Field Notes

Notes

Technical notes with room for side quests.

Agent OS

OpenClaw / agents

A practical personal Agent OS.

A useful personal agent should remember enough to be continuous, ask before risk, hand work to the right specialist, and automate only inside clear trust boundaries.

Current setup

Pancho keeps the thread.

Pancho acts as coordinator, dispatcher, and summary point. Doozer builds, Einstein researches, Patton handles operations, Leonardo reviews design, and Rosco audits security.

Daily memory Scoped handoffs Ask before risk Read-first automation
Agent OS workflow: intent, coordination, specialists, memory, and trust boundaries.
Personal Agent OS workflow Malcolm sends intent to Pancho, Pancho routes work to specialist agents, outputs return through Pancho, memory records decisions, and trust boundaries control external actions. Trust boundary: private data, cost, public actions, account changes, credentials Malcolm intent + approval Pancho coordinator/router context keeper Einstein research Doozer builds Leonardo mobile-first UX Patton operations Rosco security sweep Memory files daily notes raw MEMORY.md curated Permission rules safe internal work ask before external risk Answer or action returns through Pancho

Diffs from the ideal

What exists, what is missing, and why.

Exists: daily memory, role files, specialist agents, cost limits, credential rules, and conservative automation.

Now: long-term `MEMORY.md` distills daily notes into durable shared rules.

Next: keep curation lightweight so durable preferences stay aligned with how the agents actually work.

Agent stack map

Who handles what.

The stack works best when each agent has a clear job and Pancho keeps decisions, context, and final handoff in one place.

Coordinator

Pancho

Owns context, routes work, checks risk, and brings decisions back to Malcolm.

Builds

Doozer

Implements bounded changes, keeps patches scoped, and reports changed files.

Research

Einstein

Finds sources, compares options, and turns fuzzy questions into usable briefs.

Operations

Patton

Handles systems, deployment posture, runbooks, and operational cleanup.

Mobile UX

Leonardo

Reviews mobile-first layout, visual hierarchy, tap targets, and presentation quality.

Security

Rosco

Audits code, dependencies, credentials, local exposure, and public-service risk.

Secure Stack

Field guide / security

Secure personal AI stack.

A practical checklist for keeping personal agents useful without letting convenience outrun memory, permissions, credentials, or deployment discipline.

Research baseline

What the guidance says in plain English.

OWASP's LLM guidance warns about prompt injection, data leakage, excessive agency, and unsafe tool access. NIST frames AI risk as governance, measurement, management, and transparency. CISA keeps the operational bar simple: design secure defaults, reduce exposed attack surface, and make risky actions intentional.

Secure personal AI stack: local context, narrow credentials, permission gates, review, and public deployment.
Secure personal AI stack workflow A workflow showing private context entering local tools, passing through agent permissions and credential boundaries, then moving through review before anything public is deployed. Private workspace Public surface Local context files, memory, notes Agent work least authority Permission gate ask before risk Deploy public tested + reviewed Credentials scoped, rotated, hidden Review loop tests, diffs, audit
  • 01 Local context

    Files, memory, and notes stay in the private workspace first.

  • 02 Agent work

    Tools run with least authority and narrow task context.

  • 03 Permission gate

    Risky, public, costly, or account-level actions require review.

  • 04 Review loop

    Tests, diffs, and audit checks happen before public deployment.

  • 05 Deploy public

    Only approved and verified changes leave the private workspace.

01

Keep private context local first.

Put durable preferences and operating rules in workspace files. Avoid copying private memory, credentials, or raw chat context into public pages, prompts, commits, or issue comments.

02

Use narrow credentials.

Prefer existing authenticated sessions, password managers, short-lived tokens, and per-service scopes. Never ask the user to paste raw passwords into chat.

03

Gate agent actions by risk.

Reading, organizing, and local edits are low-risk. Spending money, changing DNS, sending messages, touching auth, or publishing externally should require explicit approval.

04

Review before public deployment.

Check diffs, run the smallest meaningful tests, scan secrets, verify mobile layout, and confirm the live production page after deployment.

Fit to this setup

Where Malcolm's stack already lines up.

Strong match: local workspace memory, Pancho as coordinator, specialist handoffs, explicit cost limits, and conservative rules for external actions.

Main gap: long-term memory curation should be kept current so old preferences do not drift away from how the system actually works.

Reasonable difference: this is a personal stack, not an enterprise AI program, so the right control is lightweight review and narrow authority rather than heavy policy ceremony.

Experiments

Field notes / tools

Working notes that can turn into useful tools.

A practical library for the things worth testing in public: personal agents, small infrastructure, secure AI workflows, and cheap web systems that are useful without becoming a maintenance project.

Build Log

Lab notebook

What changed, why it matters.

Updated July 5, 2026 after the Fable UX pass.

Short operating notes from the workbench: shipped site changes, security decisions, design reviews, and lessons that are useful beyond one deploy.

Project story

Daily Agenda build history goes live.

The site now includes a sanitized case study of the Daily Agenda app's path to TestFlight, including HealthKit fixes, local Messages permissions, multi-agent review, and the decision to remove private bundled agenda data before release.

Workflow update

Website previews are phone-first.

Local site review now starts with a phone-accessible preview URL, not a desktop-only localhost link, because mobile is the first review surface for new MJGIVAI website material.

Service guide

Automation menu added.

The homepage now translates readiness and pilot planning into concrete workflow options with required inputs, effort, guardrails, and useful first-version outputs.

Interactive tool

AI readiness scorecard added.

The homepage now includes a local-only assessment that turns workflow, data, security, and ownership signals into a plain next-step recommendation and a one-page pilot brief.

Site trust polish

Comment system hardened and cleaned up.

Production Turnstile uses the real domain widget, admin pages are kept out of crawler paths, and smoke-test comments were removed from the moderation queue.

Homepage direction

Agent Stack Map becomes a public explanation.

The site now names the agent roles directly so visitors can understand the operating model behind the tools and notes.

Tool launch

OpenClaw cost calculator goes live.

The calculator turns a personal-agent setup into editable one-time and monthly costs, then invites moderated discussion.

Project Story

Daily Agenda / July 2026

Building a private agenda app from scattered signals.

Daily Agenda started as a practical question: can a personal agent turn local emails, meetings, notes, conversations, and health context into a useful day plan without exposing the private data that makes it useful?

Current state

Internal TestFlight, real sources, private by design.

The app is now at TestFlight build 0.2.0 (13). It has a SwiftUI dashboard, Apple Health sync, Messages and Outlook source wiring, a local production pipeline, and a review process that treats useful personal context as sensitive by default.

0.2.0 (13)TestFlight build PrivateNo bundled agenda data Best effortiOS background refresh
Sanitized Daily Agenda app mockup showing a mobile dashboard, source pipeline, and TestFlight status.
Sanitized project visual. The real app uses private local data; this image uses representative labels only.

How we built it

Seven steps from prototype to phone.

  1. Started with a local agenda pipeline. The first version pulled together Gmail, Plaud, Apple Notes, Notion, and calendar context into a daily operating brief.
  2. Moved from report to product. The static output became a SwiftUI dashboard with a command center, calendar rail, source mix, and task cards built for quick scanning on an iPhone.
  3. Made release repeatable. Xcode signing, App Store Connect uploads, simulator tests, and release gates turned the work into an internal TestFlight loop.
  4. Added Apple Health carefully. The app now reads steps, exercise minutes, and stand minutes, stores only an aggregate snapshot, and refreshes hourly while active with best-effort background refresh.
  5. Unlocked Messages with local permissions. Once macOS privacy access was granted, the pipeline could use local Messages context safely and surface only conservative actionable follow-ups.
  6. Ran specialist reviews before shipping. UI, build, security, operations, and sync behavior each got a focused pass so the release was checked from more than one angle.
  7. Removed private seed data before TestFlight. A generated agenda bundle was useful for demos, but it contained real personal and work context. We removed it and shipped build 12 without a private agenda snapshot in the app bundle.

Obstacle 01

The phone build started as the wrong app.

Early TestFlight work exposed a demo shell where the production dashboard should have been. We replaced it with the real ContentView, then made archive and simulator checks part of the release habit.

Obstacle 02

HealthKit looked broken when the answer was zero.

HealthKit can return no data for a valid day. The fix was to treat no-data responses as zero, persist the last aggregate snapshot, and keep refresh behavior honest.

Obstacle 03

macOS protected local Messages access.

Full Disk Access and assistive permissions had to be handled before the pipeline could use local Messages context. The ingest now fails softly instead of breaking the whole agenda.

Obstacle 04

A useful demo seed became a security risk.

The app briefly bundled a generated agenda snapshot with real personal context. The security review caught it, the resource was removed, and the next version shipped without private bundled data.

Model Map

Usage signals / not a census

A map of where AI model attention is going.

There is no clean public pie chart for global model usage. This section compares three useful signals instead: what developers say they use, what AI builders are considering, and where OpenRouter traffic was moving on the captured date.

Developer survey selections

Stack Overflow top model-family mentions, normalized.

OpenAI GPT 36.9% Claude Sonnet 19.4% Gemini Flash 16.0% OpenAI Reasoning 15.7% OpenAI Image 12.1%

Stack Overflow responses are multi-select, so this chart shows share of reported selections among the top categories, not share of developers and not market share.

AI builder demand

Families builders are using or considering.

Artificial Analysis surveyed AI practitioners. This is useful for vendor shortlists, but it still measures demand and consideration, not total production volume.

OpenRouter weekly pulse

Latest token-routing attention.

  1. Claude Opus 4.7#1
  2. Claude Sonnet 4.6#2
  3. Gemini 3 Flash#3
  4. DeepSeek V3#4
  5. Kimi K2#5
  6. Gemini 2.5 Flash#6
  7. MiniMax M2#7
  8. GPT-5#8

OpenRouter is a live routing ecosystem. These ranks move quickly, so this snapshot should be read as dated momentum on that platform only.

Method

How to read it.

OpenAI remains the broad default in surveys. Claude is especially strong around coding and agent workflows. Gemini is prominent in fast, cost-sensitive, and Google-stack work. DeepSeek, Kimi, MiniMax, Qwen, GLM, and Llama matter for open-weight, regional, and cost-sensitive deployments.

Scorecard

Client-side tool

AI readiness scorecard.

A short, local-only check for whether a workflow is still in the basics stage, ready for a contained pilot, or ready for useful automation. Add a few project details and it drafts a one-page pilot brief in the browser. No account, database, or API call is involved.

Workflow shape
Data access
Security posture
Human review
Success measure
Operating owner

Pilot brief builder

Turn the score into a first plan.

Keep the first pilot narrow: one workflow, one owner, one success measure, one review gate, and one clear reason to stop.

Generated brief


            

Automation

Workflow menu / first versions

A practical menu of automations worth starting with.

The right first automation is rarely the flashiest one. It is a repeated workflow with clear inputs, a named owner, visible review, and a useful output that saves time without hiding accountability.

How to choose

Start with the workflow that already hurts every week.

Good candidates are boring, frequent, and easy to verify. Avoid giving an agent broad authority on day one. Give it narrow data, a draft output, and a human review gate.

Repeated Measurable Reviewable Low-risk

01

Lead intake

Capture form, email, and referral leads into one qualified queue.

Needs
Website form, CRM or sheet, qualification rules
Effort
Small
Guardrail
Never overwrite source records; log every change
First output
Daily prioritized lead digest

02

Follow-up emails

Draft timely responses after calls, form fills, or stale threads.

Needs
Email, meeting notes, approved tone examples
Effort
Small to medium
Guardrail
Human approves every outbound message
First output
Draft replies with source context attached

03

Meeting prep

Assemble briefs before sales calls, ops reviews, or vendor check-ins.

Needs
Calendar, CRM, notes, open tasks
Effort
Medium
Guardrail
Read-only access first; no calendar edits
First output
One-page agenda with risks and asks

04

Report generation

Turn recurring data pulls into consistent summaries and review packets.

Needs
Source reports, template, metric definitions
Effort
Medium
Guardrail
Keep formulas deterministic; flag uncertain commentary
First output
Weekly report draft with variance notes

05

Inbox triage

Sort new messages by urgency, topic, owner, and next action.

Needs
Email labels, priority rules, escalation contacts
Effort
Medium
Guardrail
Start with labels and drafts, not send/delete rights
First output
Morning queue with suggested actions

06

Website updates

Convert notes, releases, and tool changes into reviewed site updates.

Needs
Repo access, style rules, preview deployment
Effort
Small to medium
Guardrail
Preview, check, and review before production deploy
First output
Draft section, changelog, and deploy checklist

07

Customer FAQ

Answer repeat questions from approved docs while escalating edge cases.

Needs
FAQ sources, policies, escalation paths
Effort
Medium
Guardrail
Cite sources and refuse answers outside the approved base
First output
Internal answer assistant for support staff

08

Internal search

Make policies, project notes, and decisions easier to find safely.

Needs
Document inventory, permissions, retention rules
Effort
Medium to large
Guardrail
Respect source permissions and show where answers came from
First output
Searchable knowledge index with citations
Cost Lab

Interactive note

OpenClaw setup cost calculator.

Estimate the one-time setup and monthly run-rate for a practical personal agent stack. Defaults are planning assumptions, not vendor quotes, so every line stays editable. MCP services are modeled as optional connector costs, not a dependency of this static page. The expanded guide is available at the standalone calculator page.

One-time setup

Monthly run-rate

Origin Lab

Project / local analysis

AI-likelihood signal check.

No upload No API No cost

Paste text or inspect an image in your browser.

Origin Lab gives a practical signal score, not a verdict. Text checks rhythm and repetition. Image checks metadata and pixel patterns. Nothing leaves this page.

First-pass inspection only. Never treat the score as proof.

0 characters Works best above 300 characters
--

AI-likelihood signal

Waiting for a sample

Local results will appear here.

Privacy Local only

No server request is made for analysis.

Cost Free to run

The browser does the work with ordinary JavaScript.

Limits Not proof

Use the score as a lead, not a final judgment.

Archive

About / contact

This is Malcolm's corner of the web.

MJGIVAI is a place for technical thinking, personal experiments, hobby notes, and durable links. It is intentionally small, static, and easy to change.