All work
Built for a solo practitioner

A local-first practice assistant that keeps client data on the machine

A Windows desktop app for a solo therapist, built on the Agent SDK, that handles the back office: session notes, scheduling and reminders, client intake, and billing. The sensitive data is encrypted and never leaves the device, and privacy is the architecture rather than a setting.

An agentic app where the model assists and the practitioner owns every clinical call, with private health information staying on the machine by construction. Open-source and fully anonymized, so any solo practitioner can run it.

The problem

A solo therapist spends hours on administrative work that is necessary but not the work itself: writing up session notes, chasing scheduling, handling intake, reconciling billing. The off-the-shelf tools that promise to help tend to do it by shipping sensitive client information off to someone else's cloud. For a one-person practice handling protected health information, that trade is not acceptable. The need was an assistant that takes the admin load off without taking the data off the machine.

Approach

The design is local-first by default: the app runs on the practitioner's own Windows machine, the data is encrypted at rest, and nothing sensitive is sent anywhere. The model drafts and assists; the human reviews and owns the record. The interesting decisions are all about the boundary, what the assistant is allowed to touch and where a person has to stay in the loop.

  • Keep the data on the device. The app is a local desktop build, with protected health information encrypted at rest. The leash: nothing sensitive leaves the machine, so privacy holds even if everything else fails.
  • The practitioner owns every clinical record. The assistant drafts notes and surfaces the routine work; the therapist confirms or edits before anything is final. The leash: the model proposes, a person decides, on every clinical call.
  • Build and test on synthetic data only. The whole build and its test suite run on made-up records, never a real client's. The leash: real data has no path into development, by rule.

What was built

A desktop app built with Electron and TypeScript on the Agent SDK, organized around four workflows: AI-assisted session notes, scheduling and reminders, client intake, and billing. The session-notes workflow runs end to end on synthetic data, and the other three are scaffolded on the same local-first, human-owns-the-record pattern. The codebase is fully anonymized and published as an open-source, MIT-licensed repository, deliberately general so any solo practitioner can pick it up rather than being tied to one person.

Guardrails

What the system is structurally not allowed to do. This is the through-line: capability, then leash.

  • NoIt cannot send sensitive data off the device. Protected health information is encrypted at rest and stays local.
  • NoIt cannot finalize a clinical record on its own. The model drafts; the practitioner confirms or edits every note.
  • NoIt does not touch real client data in development. The build and tests use synthetic records only.

Stack and tools

Agent SDK Electron TypeScript Local-first Encrypted at rest

My role

I designed and built the app end to end: the local-first architecture, the four Agent-SDK workflows, the privacy guardrails, and the anonymized open-source release.