Your team members and customers can talk to CorvinOS agents the same way they talk to a colleague — by voice or text, on whatever channel they already use. No new app to install, no new login to create. The agent is just there: on Discord, Telegram, WhatsApp, and the web, with full context from every previous conversation.
-
→
Voice conversations that actually work
Send a voice note — CorvinOS transcribes it, runs the agent, and replies in a spoken voice. Your team can brief the AI the way they brief each other — talking.
-
→
Every channel at once
Discord, Telegram, WhatsApp, web widget, REST API — deploy once, reach everywhere. Each channel gets its own persona, tuned to its audience.
-
→
The right agent, automatically
CorvinOS routes each message to the best-fit persona — support, sales, engineering — without any setup. Messages change topic? The routing adapts.
-
→
Transcription that stays private
Cloud Whisper or local faster-whisper — your choice. Either way, only metadata enters the audit log. The content of what was said never does.
-
→
Add context mid-conversation
Push a note into a running agent turn with
/btw — without interrupting the response. The agent sees it and continues. No restart, no lost context.
-
→
Voice replies tuned to the listener
Configure pacing, style, and domain vocabulary per audience profile. Spoken replies sound natural for that specific listener — not a generic text-to-speech voice.
-
→
Usage limits that protect you
Owner, Admin, Member, and Observer roles. Daily message budgets. Consent gates per user. All hot-reloadable — no restart required to change them.
Most AI platforms are exactly as capable on day 365 as they were on day 1. CorvinOS is different. Agents build new tools when they need one. They write new skills when they discover a better approach. They remember what they've learned about every user. The platform grows with your organization — without you touching a config file.
-
→
Forge — your agent builds the tool it's missing
When an agent needs a capability that doesn't exist yet, it creates a sandboxed, schema-bound tool on the spot — scoped to the task, the session, or the user. Tools that prove useful get promoted and reused. No engineer required, no restart needed.
-
→
SkillForge — your agent writes the playbook
Skills are Markdown instructions that agents write during a session — distilled knowledge about how to handle a workflow, follow a convention, or approach a recurring problem. They are injected automatically in future turns. Skills that help get promoted. The system develops its own institutional knowledge.
-
→
A model of every user that grows over time
Every 50 turns, CorvinOS distills what it has learned about a user — their preferences, recurring topics, communication style — into a profile that travels with future sessions. The agent picks up where it left off, not from scratch.
-
→
Searchable conversation memory
Every turn is indexed into a full-text database (PII-redacted before it touches storage). Agents can surface relevant past conversations when the context calls for it. Users can erase their history at any time.
-
→
Session artifacts that stick around
Charts, PDFs, reports, and exports generated during a session are stored, indexed, and searchable. The agent can reference a chart from earlier in the session without regenerating it. Pin an artifact and it survives session resets.
-
→
Operator-controlled — not a free-for-all
A hot-reloaded policy file controls what can be created and promoted. The write-protection gate blocks writes to protected paths — audit chains, policy files, license trees. Everything created at runtime is audited exactly like everything else.
CorvinOS never locks you into one AI provider. Every engine — cloud, local, or fully offline — runs behind the same interface. Swap engines per persona, per tenant, or per task. Your users see no difference. Your audit trail stays identical. And if you bring your own tool, it plugs straight in.
Claude Code
Anthropic
The most capable option: hooks, MCP tools, skills, all permission modes, mid-stream context injection. The default engine for maximum output quality.
Hermes (Ollama)
Fully local
Zero network egress. Your data never leaves the machine. The only engine that qualifies for CONFIDENTIAL data without a compliance-zone exception.
OpenCode
Provider-agnostic
Works with any OpenAI-compatible endpoint. Switch AI providers — Mistral, Groq, a private model server — without touching your CorvinOS config.
Codex CLI
OpenAI
Code-specialized engine via the OpenAI Codex CLI. Ideal for technical pipelines, code review, and generation tasks where raw coding ability matters most.
GitHub Copilot CLI
Zero incremental cost
Already paying for Copilot Business or Enterprise? Use it here at no added cost. Task-type steering: shell, git, gh, or general chat.
Custom Engine
Bring your own
Implement the WorkerEngine protocol and any tool — Cursor, Aider, Gemini CLI, a private model server — plugs straight in. CorvinOS auto-detects installed tools at startup.
ⓘ
All engines share the same guarantees: filesystem write protection, tamper-evident audit, data-classification flow guard, and artifact registration — regardless of which engine is active.
Keep your data local even with Claude Code: redirect Claude Code's inference to a local Ollama instance so CONFIDENTIAL data never leaves your machine, while keeping Claude Code's full tooling intact.
Zero-setup discovery: CorvinOS scans your PATH at startup and surfaces any installed AI tool in the console Engine Control page — so operators can wire in new backends without editing a single config file.
If your team does the same sequence of steps more than once a week, it should be a pipeline. Chain agents, data queries, compute jobs, and external services into a workflow that runs itself — triggered by a schedule, a message, a webhook, or the result of another agent. The visual builder requires no code for standard flows.
-
→
Chain anything together
AI agent turns, live data queries, background compute jobs, and outbound HTTP calls in any order. The output of one step feeds the next automatically.
-
→
Triggered by anything
A schedule, an incoming message, a webhook, a finished compute job, or a returned A2A result — any event can kick off a pipeline without human involvement.
-
→
Every step type you need
AI agent turns, database queries, agentic compute jobs, external HTTP calls, notification dispatch to Slack, email, or any webhook endpoint.
-
→
Failures handled, not hidden
Per-step retry policies, fallback paths, and dead-letter queues. When something goes wrong, you find out — pipelines never fail silently.
-
→
Full audit trail, always
Every execution is written to the tamper-evident audit log — trigger, each step's outcome, and final status. Regulators and security teams can verify what happened and when.
-
→
Build without code
The console pipeline builder lets non-engineers assemble, inspect, and debug workflows visually. No YAML, no scripting required for standard flows.
Some analyses take too long for a conversation turn. Agentic Compute Shell (ACS) lets your agent hand off a computationally intensive job to a background worker, keep the conversation moving, and pick up the result when it's done — without burning context on raw numbers or blocking your users.
-
→
The conversation never stops
Your agent delegates a job and keeps talking. The user stays in dialogue. Results arrive as artifacts when the computation finishes — the agent summarizes and explains them.
-
→
Three search strategies, pick the right one
Grid search, random search, or Bayesian optimization — match the strategy to your parameter space and your compute budget.
-
→
Feed jobs from your live databases
Reference any registered DSI connection as input. The compute worker queries it directly — no manual data export, no staging file.
-
→
Results arrive as inspectable artifacts
CSVs, PNGs, reports — auto-registered in session artifact memory. The agent can cite specific findings, refer to a chart, or pass the artifact on to a pipeline step.
-
→
Each job is isolated to one organization
Compute jobs are scoped to the requesting tenant. No cross-organization data access, no shared compute queues.
-
→
Works in A2A workflows
A partner's CorvinOS instance can trigger a compute job on your side via a signed A2A envelope. The signed result comes back when it's done.
Connect your databases by name. Your agent reads the schema, understands the relationships, queries live data, and answers in plain language — without your credentials ever touching the AI model, and without personal data leaking into any log.
-
→
Connect the databases you already have
PostgreSQL, MySQL, SQLite. Register any connection by name. The agent references it by that name — not by credentials, not by connection string.
-
→
Your agent thinks like a senior analyst
The agent sees your column names and types, understands your data model, and reasons about structure — not raw bytes. Ask a business question. Get a business answer.
-
→
Personal data stays private
PII is automatically redacted before any sample reaches the AI. Data previews are safe to work with — without you having to think about it every time.
-
→
Available in pipelines and live conversations
Reference a database connection from any pipeline step, or let an agent query it directly mid-conversation. The same connection works in both contexts.
-
→
Sensitive data routed to the right engine automatically
Mark each connection PUBLIC, INTERNAL, CONFIDENTIAL, or SECRET. If a CONFIDENTIAL source is queried, the flow guard routes to a local engine — automatically, with no manual step.
-
→
Maximum privacy mode for regulated data
Enable strict anonymization per connection: k-Anonymity bucketing plus Laplace noise on row counts. The agent works with privacy-safe statistics — not individual records.
Each organization on CorvinOS is its own sealed world. Files, sessions, audit chains, secrets, engine configuration, and memory are fully isolated between organizations. Roles and consent are enforced at every message — not just at login, not just at the perimeter.
-
→
True isolation between organizations
Files, sessions, audit chains, engine config, and secrets never cross organizational boundaries — not even accidentally. There is no shared namespace.
-
→
Four roles — exactly the access each person needs
Owner (unlimited), Admin (500 messages/day), Member (100 messages/day), Observer (read-only, no quota). Assign and revoke without a restart.
-
→
Consent that re-validates at every message
Deny-by-default. Users opt in with
/consent on or a time-limited /consent on 7d. Consent is checked again at every message — not once at login and forgotten.
-
→
EU AI Act Art. 50 — built in, not bolted on
Every new user sees an AI identity card, once per channel. This cannot be suppressed by any persona configuration or operator override.
-
→
Enterprise identity, ready to connect
OIDC integration for enterprise identity providers. Session tokens are bound to the authenticated tenant — logins from one organization cannot access another.
-
→
One web console for everything
Manage roles, engine settings, personas, data sources, pipelines, and the audit log from a single dashboard. No SSH required for day-to-day operations.
Connect separate CorvinOS instances — across teams, across companies, across countries. Send a task to a partner's AI and get a cryptographically signed result back. No shared credentials. No shared infrastructure. No trust assumptions. Just verifiable, audited work.
-
→
Pair two organizations in minutes
Generate paired keys with one command. Transport the peer config out-of-band — phone call, email, encrypted file share. Once paired, agents on both sides can delegate to each other.
-
→
Every task is signed before it leaves
Tasks are HMAC-SHA256 signed before transmission. If a packet is tampered with, modified, or forged, it is rejected on arrival — before any work begins.
-
→
Send files, get files back — with integrity proof
Attach CSVs, PDFs, or images to any task envelope. Each attachment is sha256-verified on arrival. A modified file fails verification before the agent sees it.
-
→
You know exactly which instance answered
Each receiver holds a unique persistent identity. When you configure a connection, you pin the expected identity. A different instance behind the same URL is rejected — even if the URL matches.
-
→
Replay attacks are blocked by design
Each envelope carries a one-time nonce and a ±300-second time window. The same message cannot be accepted twice, ever.
-
→
Every cross-org exchange is in the audit log
Received, sent, rejected, spawned — every A2A event is written to the hash-chained audit log before any response goes out. Both sides have an auditable record.
-
→
Build workflows that span multiple organizations
A result from partner A can automatically trigger a pipeline step on your side. Chain cross-org delegations together — the audit trail follows the full path.
EU AI Act 2026 and GDPR compliance are not modules you enable. They are structural properties of every deployment — enforced at code level, impossible to accidentally disable, and verified automatically every day. Your DPO and your auditor can both rely on them without a manual process.
-
→
EU AI Act 2026 Art. 50 — users always know it's AI
Every new user receives an AI identity card. One-time, per-channel, structurally locked. No persona config and no operator override can suppress it.
-
→
GDPR Art. 6/7 — no data processed without consent
Deny-by-default. Consent is explicit, time-limited, and re-validated at every single message. There is no back-door, no trusted-observer shortcut.
-
→
GDPR Art. 17 — erase a person's data everywhere at once
One command:
corvin-erasure <subject_id>. Walks every layer — recall database, artifact store, user model, identity mapping — and removes the subject's data. Status is always COMPLETED, PARTIAL, or FAILED. Never silently skipped.
-
→
GDPR Art. 30 — a tamper-evident record of everything
Every event is hash-linked to the previous. The chain is verified daily. It is encrypted at rest with optional RFC 3161 timestamping for external legal proof. Tampering is detectable, not hypothetically.
-
→
Data classification keeps sensitive data on the right engine
Mark sources PUBLIC, INTERNAL, CONFIDENTIAL, or SECRET. If the wrong engine is selected for a data classification level, the request is blocked — not warned. Fail-closed.
-
→
Network egress you control
Declare exactly which hosts your organization's agents may contact. EU production presets ship out of the box. Unauthorized outbound calls are blocked at the network level.
-
→
Secrets that the AI never sees
Credentials and API keys are stored in a vault and injected into sandboxes as environment variables. They never appear in the AI's context, never in the audit chain, never in any log line.
-
→
Filesystem writes blocked by default
A fail-closed write guard protects audit chains, policy files, forge workspaces, and license trees. Every blocked attempt is itself audited. No silent bypasses.
CorvinOS runs on hardware you control. A Raspberry Pi for a small team. A bare-metal rack for an enterprise. A Docker container in your private cloud. No phone-home, no license server, no mandatory cloud dependency. Apache-2.0, so you can inspect, audit, and extend every line.
-
→
Runs on any Linux hardware you already have
Tested on aarch64 and x86_64 — from Raspberry Pi to bare-metal server. Docker image includes health checks and the full self-test suite.
-
→
Channel bridges included — Discord, Telegram, WhatsApp, Web
All four ship out of the box. Each adapter is independently restartable — take one down for maintenance without affecting the others.
-
→
Configuration changes take effect immediately
Change whitelists, rate limits, personas, or chat profiles — settings hot-reload in seconds. Most day-to-day config changes require no restart at all.
-
→
The system tells you when something is wrong
On every start: database permissions, vault mode, audit chain integrity, engine availability. Any failure blocks the boot and logs a CRITICAL event — it does not silently degrade.
-
→
Long-running agent jobs never get killed prematurely
The stream watchdog knows the difference between an idle connection and an agent that is legitimately busy with a multi-minute delegation. It times out one, not the other.
-
→
Open source — Apache-2.0, no strings attached
No phone-home. No license server. No mandatory cloud. The full source is on GitHub. Fork it, audit it, extend it, deploy it — you own your deployment.
Ready to put this to work?
CorvinOS is open source and self-hosted. Deploy on any Linux machine and have agents running on your first day.