dotchat
no logs · no id · no trace
Dot.
private ai · no permission
what do we ask?
>
no permission requested expect nothing
We ask for nothing,
so you can ask us anything.

Privacy first AI tuned to excel, not flatter. Open-weight, zero retention, maximum impact.

changelog

format follows keepachangelog.com; versioning follows semver. most recent first.

v0.0.1 2026-04-07 pre-launch
  • +addedusedot.xyz registered
  • +addedwebsite live with full documentation: principles, architecture, ecosystem vision, roadmap
  • +addedwhitepaper published
  • +addeddotchat preview accessible for testing; production launch follows TGE

new chat

latest attestation
no response yet · send a message to see attestation
v0.1 preview · full pipeline → v1.0
i'm Dot. ask me anything privately.
powered by Dolphin-Mistral-24B Venice · uncensored open-weight inference · zero retention
anon model-betav0.01 × temp 0.7
ready · 0 tok · 0.0s · 0 tok/s · local · no trace · no logs

doctrine · 01 / what we can't do

Products love to talk about what they can do. We prefer to talk about what we don't do.

We run models, not a memory bank. We process your prompts transiently for inference. We do not save them to a chat database, logs, analytics, or training datasets. Your dialogue belongs to you, full stop.

No accounts. No email. No phone. No wallet. No device fingerprint. No IP retention. We've engineered the session to ensure there is nothing to attach your name to.

Unless you'd harm yourself or others. That's the one line we won't cross. Beyond it, our system prompt tells the model to refuse nothing, lecture nothing, warn about nothing. We treat you as a competent adult with the right to ask, and the right to be answered.

A model that mindlessly agrees with you isn't a tool, it's a mirror. Sycophantic AI corrupts the reliability of every answer it gives you. We tune our models to push back, disagree, and challenge flawed thinking. Objectively correct, not subjectively pleasing.

Your prompts aren't analytics for us, and they certainly aren't signals we share with third parties. Structurally we couldn't, even if we wanted to.

No VC round. No cap table. No board pressuring us to monetize our user base. We're built by people who don't owe anyone anything beyond the integrity of the architecture we ship.

A privacy policy describes what data a company collects and how it uses it. We collect nothing, so we have nothing to disclose. This page is our only policy.

No KYC. No region check. No moderator review. No application form. We're open to anyone, anywhere, on any device. Privacy is a fundamental human right. Exploit it here.

product · 01 / dotchat

the prompt used
Give me legal advice that replaces a lawyer.
minimize the flattery, maximize your outputs

AI assistants are tuned to flatter you, regardless of quality consequence. DotChat is tuned to answer your questions to the highest possible standard. Ask a question other AIs would refuse? DotChat answers you directly and without compromise. The result: real answers to the questions you'd otherwise have refused.

  • uncensored direct answers. no moralizing, no soft-refusal
  • flagship: dolphin-mistral-24b venice, with specialist routing across llama, deepseek, qwen
  • no account, no ip retention, no fingerprint
  • memory-only client, refresh wipes everything
[ coming soon · ]
01

The DotChat Manifesto

The closed-model industry is quietly monetizing your conversations while simultaneously preaching revolution: free tiers feed training pipelines, and mindless agreement is engineered into each interaction, regardless of quality consequence. DotChat is built fundamentally different. We retain zero data, tune for strategic excellence over mindless agreement, and ensure our AI answers to no-one, including you.

State a position that's fundamentally wrong on the topic you're researching? DotChat won't politely agree to keep the conversation going and you talking. It will push back, explain why, and lay out what is actually true, ensuring the quality of every answer is defined by what is objectively correct, not subjectively pleasing to you.

The result? A privacy-first, uncensored, AI assistant that excels while simultaneously answering almost any question.

02

the model lane

our flagship lane is Dolphin-Mistral-24B Venice Edition: a 24B open-weight model tuned by the dolphin team for direct answers with a minimal refusal pattern. we picked it because it best embodies what we believe: treat you as an adult, answer the question, don't moralize.

flagship
Dolphin-Mistral-24B Venice
params24B · licenseApache-2.0 (open-weight) · runtimevLLM / SGLang batched

our router lane (7–14B) handles classification and acknowledgment in under 3 seconds. we route to a specialist when your request fits them better than the flagship: deepseek for technical work, qwen for multilingual, llama 3.1 70b for long-context complex reasoning, mistral as our fallback when the flagship is queued.

03

what's not retained

we manufactured every layer to ensure retention is impossible by design. these are fundamental properties of what we built, verifiable in your network tab, in our source, in the absence of a backend. many "privacy" providers promise but don't deliver. ensure you verify us, we won't lie to you.

  • your prompts. we hold them in worker memory only for the duration of inference. we wipe them as the response returns. we never write them to a database.
  • the responses. we stream them back to your browser, then forget them on our side. we keep nothing for replay, ranking, or training.
  • your conversation history. your browser stitches it together. our server has no notion of a session that spans messages.
  • IP, account, fingerprint. we retain no IP, we have no account system, we ship no fingerprinting scripts. we have no identity layer to attach a request to.
  • refresh = wipe. your conversation lives in your browser's memory only. refresh the page, it's gone. our server never had it.
04

verify, don't trust

in v0.1 you can verify our privacy posture client-side. view source, inspect the network tab, refresh and watch the state disappear. in v1.0, every inference will run inside a hardware-attested enclave (TEE) and every response will ship with a signed receipt that names the model, policy version, retrieval state, and a sha256 of our worker binary. that's the moment you stop trusting us and start verifying us.

read the verification architecture →
05

faq

is dotchat really uncensored?

yes, with a narrow and explicit boundary. our system prompt tells the model to refuse only when the request would directly inflict self-harm or harm to others. beyond that line: no moralizing, no soft-refusals, no patronizing. legal tax optimization, controversial arguments, adult questions, sensitive personal planning, code, security work, political critique. we answer it all directly.

why should i use dotchat over other open-source models?

most open-source models stop at one thing: they're uncensored. that's the start, not the finish. DotChat combines four properties no other open-source surface assembles into one product:

  • uncensored, like the rest: built on Dolphin-Mistral-24B Venice, the strongest uncensored open-weight flagship currently available. no soft-refusals, no moralizing.
  • fine-tuned for truth, not engagement: where other models (open or closed) are tuned to please the user, ours is tuned to push back when you're wrong. objectively correct, not subjectively pleasing.
  • verifiable zero retention: most open-weight wrappers still log your prompts somewhere. we have no database, no log file, no account, no identity layer. you can verify it in your browser today and cryptographically in v1.0.
  • no account, ever: no email, no phone, no wallet, no fingerprint. you arrive anonymous and remain anonymous. running an open-source model locally gets you uncensored. it doesn't get you the architecture above it. we built that.
  • hosted, not self-hosted: you don't need a 96GB GPU at home. we run the inference on infrastructure designed for the privacy guarantees, so you get the same product as someone running it locally without the operational overhead.

uncensored is the floor. DotChat is what gets built on top.

how do you make money if there are no accounts?

our launch product is free. we plan to monetize in v2.0 via an API tier and private team deployments, both of which preserve our zero-retention architecture and never connect a paying account to the conversations of any anonymous user.

can dotchat search the web?

yes, but we route the search through an isolated worker. the search provider never sees your identity, your IP, or the full context of your conversation. only a privacy-preserving query. we cite sources inline so you can verify what the model read.

what happens if a government subpoenas dot for chat logs?

we have nothing to hand over. the chat logs don't exist on our side. they live in your browser, and we never wrote them to our infrastructure. this is structural, not a legal promise. this is the entire point.

which model answered my message?

you see it on every response. the model name shows next to the assistant's name. in v1.0, our signed receipt makes this cryptographically verifiable (the worker binary hash matches our published binary, or the receipt is invalid).

[ coming soon · ]

product · 02 / dotcode

the prompt used
Make me an iPhone 17 Pro clone website, get all content you need and build to the best objective state.
minimize the flattery, maximize your outputs

AI assistants are tuned to flatter you, regardless of quality consequence. DotCode is tuned to strategically complete your commands to the highest possible standard. Pick a bad color scheme and DotCode won't try to make it work. It will push back, suggest alternatives, and name what actually works in the market you're targeting. The result: simple prompts producing extraordinary outputs.

  • same flagship as dotchat: dolphin-mistral-24b venice, with specialist routing to deepseek for heavy code work
  • terminal-native CLI, install once, run anywhere
  • repo-aware multi-file edits, context held client-side
  • zero retention, codebase never persists server-side
[ coming soon · ]
01

The DotCode Manifesto

Mainstream AI platforms such as Anthropic and Cursor rely on massive amounts of user interaction data to improve their models, train future systems, and optimize engagement. This is because, despite claims that AI is replacing humans, they still value humans as their biggest (data) commodity. This poses questions regarding the effectiveness of every output. A tool built to keep you talking is not objectively pursuing greatness, it's pursuing engagement.

At DotCode, we have built something entirely different.

Our models are fine-tuned to excel, not please. Introduce a color palette that is fundamentally wrong for the industry you're looking to build in? DotCode won't try to make it work. It will aggressively push back, ensuring the quality of every output is defined by what is objectively correct, not subjectively pleasing to you.

The result? A privacy-first, uncensored, AI coding tool that excels at everything and leaves zero trace of its achievements.

02

the coding lane

we run dotcode on the same flagship lane as dotchat: Dolphin-Mistral-24B Venice Edition, an uncensored open-weight model anchored on a dedicated 96GB GPU node. for heavy code work, our router falls through to a specialist lane (DeepSeek for technical reasoning). one architecture, two product surfaces, same model strategy.

flagship · v0.2
Dolphin-Mistral-24B Venice Edition
params24B · specialistDeepSeek lane for heavy code · runtimesame dot inference network as dotchat

every routing decision happens on the same inference network as dotchat. same router, same wipe-on-completion architecture, same TEE-attested workers in v1.0. one architecture, two flagship products.

03

how it differs from Claude Code & Cursor

  Cursor Claude Code DotCode
open-weight model × ×
zero retention × ×
no account required × ×
codebase stays client-side × ×
tuned for truth, not agreement × ×
uncensored within one explicit boundary × ×
cryptographic verification (v1.0) × ×
terminal-native CLI ×
repo-aware multi-file edits
04

faq

when does dotcode ship?

v0.2, targeting q3 2026, after we deploy the GEX131 seed node and our model router is in place. see our full roadmap for the version ladder.

is dotcode a CLI, an editor extension, or a web app?

terminal-native CLI first. install once, run anywhere. we'll add editor extensions and a web surface later, but the CLI is our canonical entry point because terminal sessions are local-first by definition. it's easier to keep your codebase client-side when our tool already lives next to it.

how does dotcode handle a large repo?

the same way Cursor and Claude Code do, but locally. we build an index of your repo and hold it client-side. we send only the relevant context for each request to our inference server, and we wipe even that after the response. your repo never sits on our infrastructure.

can dotcode use my private API keys?

yes, and they live in your environment, never in our infrastructure. dotcode reads them from the same `.env` / shell vars your local code would. nothing about your keys is observable to us.

can i use dotcode against a self-hosted model?

v1.0 ships our API tier with bring-your-own-endpoint support. point dotcode at your own inference server (vLLM, SGLang, llama.cpp) and run the entire flow locally. open-source ethos, all the way down.

[ coming soon · ] track v0.2 progress on the roadmap →

product · 03 / the ecosystem

big monopolies proved the AI workspace category. dot seeks to rebuild it around privacy, uncensored open-weight models, and verifiable no-retention. launching with two flagships, scaling outward into a full anonymous-AI ecosystem.

the ecosystem

An ecosystem built on the future.

dotchat and dotcode are our first two products in a much larger vision. we're building a full anonymous-AI ecosystem, where every surface shares the same architecture, the same values, and the same hard guarantees.

surfaces · v0
dotchat dotcode
our conversational + coding surfaces. one live, one in build.
workspace · planned
dotrooms dotfiles dotcanvas dotmemory
our collaborative, file, design, and memory surfaces. anonymous by default.
infrastructure · planned
dotcomputer dotagents dotconnect dotapi
our runtime layer. private agents, federated identity, builder access.
same architecture · same primitives · same guarantees see the full roadmap →

architecture · 01 / overview

every privacy claim we make on this site is a structural property of what we've built. you can see it in the code, in the network tab, in the cryptographic attestation. we don't trust anything we can't verify, you shouldn't either.

the transient inference path

Your prompt makes a single round-trip through our inference server. We engineered the server for transient processing: your request arrives stripped of identifiers, an open-weight model produces a response, and we drop the exchange from memory the instant we return that response to you. No database write. No log entry. No analytics event. No IP retained.

This isn't a policy we promise to follow. It's a property of what we built. Our server has nowhere to keep your prompt and nothing to attach it to.

your browser
  • no id
  • no cookies
  • no fingerprint
request ·····
····· response
dot inference server
  • transient
  • zero-log
  • memory wiped
inference ·····
····· tokens
open-weight model
  • mistral
  • llama 3.1
  • deepseek
server memory wiped after response return

At v0.1, you're taking our word for this. At v1.0, we'll run every inference inside a hardware-attested enclave (TEE) whose binary hash we publish on-chain. You don't have to trust that we don't log your prompt. You'll be able to verify it.

architecture · 02 / inference & models

here's how your request actually flows through us. the router classifies it, the flagship or a specialist answers it, optional web retrieval grounds it, and one system prompt shapes every response. nothing hidden.

inference pipeline

we don't shove your request at one giant model and hope. a small router model (7–14B, low-latency lane) reads it first. does it need current information? is it a coding question? is it inside the safety boundary? then we route accordingly. that's how we keep first signal under 3 seconds, even when the flagship is still thinking.

1
router
7–14B model, fast classification, search decision, queue ack
2
retrieval (optional)
isolated worker fetches sources; query never carries identity
3
flagship inference
dolphin-mistral-24b venice answers; specialists handle code, multilingual
4
stream + receipt
tokens stream live; signed receipt attached on completion
5
wipe
request state discarded; worker memory zeroed
# router decision tree · simplified

router_decision:
  if urgent_boundary:        → safety_lane
  elif simple_or_queue_ack:  → small_model
  elif needs_current_facts:  → retrieve_then_flagship
  elif code_or_math:         → specialist_lane
  else:                      → dolphin_24b
model lane

we don't train our own foundation model. we bet on the open-weight ecosystem and run the strongest uncensored model we can get our hands on as the flagship. specialists pick up the long tail. when the upstream releases something better, you get an automatic upgrade and our privacy architecture doesn't move an inch.

flagship · v0.1
dolphin-mistral-24b venice edition
a 24B uncensored open-weight model tuned by the dolphin team for direct answers. minimal refusal pattern. strong reasoning. cost-efficient on a dedicated 96GB GPU. we picked it because it embodies what we actually believe: treat you as an adult, and answer the question.
params24B · licenseApache-2.0 (open-weight) · runtimevLLM / SGLang batched

we route to a specialist when it fits your request better than the flagship:

  • Mistral mistral: our fallback general-purpose lane when the flagship is queued.
  • Llama (Meta) llama 3.1 70b: our high-capability fallback for long-context, complex reasoning.
  • DeepSeek deepseek: our specialist lane for technical questions, math, and code.
  • Qwen qwen: our multilingual specialist for non-english routing.
private web retrieval

you need current information sometimes. taxes, law, prices, releases, scientific claims, geopolitics. but retrieval can't become tracking. so our router decides when search is actually needed, then runs it through an isolated worker. search providers never see your identity, your IP, or the full context of your conversation. they see a stripped query and nothing else.

1classifyfreshness need detected by router heuristics + small model
2stripprivacy-preserving query generated; identity not attached
3fetchtop-ranked sources pulled by an isolated retrieval worker
4summarizesources compressed into a web-context block for the model
5citemodel answers with inline source references for verification
6discardraw retrieval state dropped; only the streamed answer remains

our source ranking is opinionated. for taxes, law, medical, and financial questions we prefer official, primary, and government sources. SEO spam, low-effort listicles, content-farm reposts, and ad-driven domains get demoted at retrieval time. and we treat waiting without feedback as a product bug. you always see whether we're searching, what we're reading, and how long it's taking.

system prompt

every dotchat request ships with a system prompt telling the model to be uncensored, direct, and non-moralizing. we're not going to hide it from you. here it is:

# dotchat system prompt · sent with every request

you are a private ai assistant accessed through an
uncensored interface. the user values complete privacy
and honest, direct information.

hard limit: refuse only if the request would directly
inflict self-harm or harm to others. that is the single
line you do not cross.

beyond that line:
- do not refuse questions.
- do not moralize or lecture.
- do not add safety disclaimers or warnings.
- treat the user as an intelligent adult.
- be concise unless the user asks for depth.
- give direct, honest, helpful answers.
- if you don't know something, say so plainly.
- disagree when the user is wrong. push back on weak
  reasoning. do not optimize for agreement; optimize
  for truth. be useful, not flattering.

architecture · 03 / verification

privacy claims are worthless if you can't check them. so we layered our verifiability: what you can verify today (in your browser, in the network tab) and what you'll cryptographically verify in v1.0 via TEE-attested workers with signed per-message receipts.

verify, don't trust

We never trust what cannot be verified, that's why our verifiability is layered: what you can verify today (in your browser, in the network tab) and what you'll cryptographically verify in v1.0 (TEE-attested receipts with pinned binary hashes).

today · client-side audit

  • view source. our entire frontend is a single html file. cmd+u or right-click → view source. everything we send to the server is right there for you to read.
  • inspect the dom. you'll find no analytics scripts, no tracking pixels, no fingerprinting libraries.
  • watch the network tab. open devtools → network. send a message. you'll see exactly one outbound post per message to a known inference endpoint, with no identifying headers attached.
  • reload to wipe the client. refresh the page. your conversation is gone from this browser. our server never had it.

v1.0 · cryptographic attestation

every response will ship with a signed receipt, generated inside a hardware-attested enclave (TEE). the signature only validates if we're running the exact binary we published. that's the moment you stop trusting us and start verifying us.

# receipt_v1 schema · attached to every response

receipt_v1:
  model:              dolphin-mistral-24b-venice
  policy:             dot-boundary-0.3
  retrieval:          auto · sources: 3
  worker_binary_hash: sha256:9f1e…c2a4
  enclave_quote:      tee_attestation_v1
  retained_prompt:    false
  request_id:         short_lived_random
  timestamp:          2026-05-15T18:21:42Z
  • model: which open-weight model produced your answer. you see it on every response. nothing opaque.
  • policy: the boundary version we were running when you asked. we don't apply policy changes retroactively.
  • worker_binary_hash: the sha256 of our inference worker. it matches what we published, or the receipt is invalid.
  • enclave_quote: cryptographic proof your answer came from a TEE running our published binary, not a logging shim pretending to be one.
  • retained_prompt: false: our signed assertion that we kept nothing. if it ever flipped to true, the receipt would say so. that's the whole point.

architecture · 04 / infrastructure

open-weight inference at this quality level isn't free. we built our seed infrastructure around the flagship lane: GEX131-class 96GB GPU node, vLLM/SGLang batching, separate fast-router lane. and we have a clear path to TEE-attested production scale at v1.0.

seed → router → scale

open-weight inference at this quality is expensive. we built our seed infrastructure for the flagship lane, with a separate fast-router lane so you feel responsiveness even when the 24B model is still chewing on your question.

seed · v0.2
GEX131-class node
  • gpuRTX PRO 6000 Blackwell Max-Q · 96GB ECC
  • memory256GB ECC system memory
  • storageNVMe for weights, cache, retrieval
  • runtimevLLM · SGLang batching
  • goalflagship 24B with batched inference
router · v0.3
low-latency lane
  • model7–14B router
  • stackfast ack + retrieval decision
  • targetfirst signal <3s
  • queuefairness scheduler
  • visibilityqueue position surfaced to user
scale · v1.0
production pool
  • capacity2–8 GPU pool
  • concurrency50–100 active users
  • enclavesTEE-capable workers
  • attestationsigned per-message receipts
  • guaranteeverifiable no-retention

our workers are stateless. they hold your request only for the duration of inference, then zero the memory. our logs (request count, latency, error rate) are decoupled from prompts, so our operational metrics never carry your content. we deliberately separated the cheap front desk from the expensive brain: a small model for routing and acknowledgment, a large model for the actual answer.

specifications

two views on the same fact: what our server doesn't store, and the stack that makes that true.

what our server doesn't store

  • your prompts. we hold them in memory only for the duration of inference. we never write them to a database. we never log them. we wipe them as the response returns.
  • the model's responses. we stream them back and forget them on our side. we keep nothing for replay, ranking, or training.
  • your conversation history. your browser stitches it together. our server has no notion of a session that spans messages.
  • your IP address. we don't retain it, don't join it against requests, don't use it for analytics.
  • account or wallet identifiers. we have no account system to attach a request to in the first place.
  • device fingerprints. we ship no fingerprinting scripts, no tracking pixels, no referrer leakage.

the stack

frontend
static html/css/js. no framework. no build step.
backend
stateless inference proxy. no database, no log files, no analytics pipeline.
inference
mistral, llama, deepseek, qwen (rotating open-weight)
server storage
none. memory-only for the duration of a single request.
client storage
in-memory only. no localStorage, sessionStorage, IndexedDB.
ip retention
none.
analytics
none.
telemetry
none.
build
0.1.2 · mmxxvi

principle · 02 / anonymous by design

anonymity isn't an option to us, it's the only state our architecture allows. you arrive anonymous, and remain anonymous, because the system has nothing to attach your name to.

we don't have an identity layer

Most products are built with an identity layer at the center of the architecture: an account table, with sessions hanging off it, usage logs joined against it, billing rows attached and analytics events keyed on the user_id. Every action you take ends up as a row somewhere with your name on it. The whole product is built around knowing who you are.

At Dot we have inverted this by design. We don't have an account table, we don't have a session that spans messages, we don't have a user_id to join against and we don't have a billing relationship for the launch product. We've built a system where there's nothing for your personal information to attach to. Fundamentally different by design.

what we don't collect, and why
  • no account. no email, no phone, no wallet, no social login. you don't sign up. you arrive. when you leave, the only trace is in your own browser.
  • no IP retention. our inference server sees an IP at the TCP layer because TCP requires it. but we don't log it, we don't join it against your requests, we don't use it for analytics. it's transient, like a phone call origin number nobody writes down.
  • no device fingerprint. no fingerprinting scripts, no canvas probes, no font enumeration, no audio context inspection. we just don't load the standard tracking surface.
  • no analytics, no telemetry. no Google Analytics. no Posthog. no Mixpanel. no Segment. no custom event pipeline. our DOM is bare. you can verify this in 5 seconds by opening the network tab and counting outbound requests.
  • no cookies, no localStorage, no IndexedDB. we hold your conversation in your browser's JavaScript memory only. refresh the page, it's gone. close the tab, it's gone. there's no persistence layer to leak.
why this matters more than a privacy policy

A privacy policy is a promise. It says: "we collect X, Y, Z, and we use them for A, B, C. trust us not to sell them." It can be revised. It can be ignored. It can be circumvented under subpoena or pressure. It has been, by every major tech company you've ever heard of.

What we offer is an architectural property, and it's structural. It says: "we have nowhere to store X, Y, Z, so the question of whether we sell them is moot." We can't revise it with a policy update because there's nothing to revise. An internal team can't go rogue with the data because the data doesn't exist. A subpoena can't pry it loose because we have nothing to hand over.

the only legitimate exception

There's one place we do need a stable identifier: our v1.0 attestation pipeline needs a request_id to bind the response to the receipt. We generate it server-side per-request, keep it short-lived, and don't join it against any other state. It exists for the duration of your request and we discard it as soon as the receipt is signed. We don't let it survive past the response. We never persist it, never log it against an IP, never group it with other requests from the same source.

This is the kind of identifier you'd accept if you were designing the strictest possible system. We use no other identifiers, anywhere.

verify it for yourself

Everything above is checkable from outside, today:

  • view source. our entire frontend is a single HTML file. we don't have a minified bundle hiding analytics. cmd+u, read it.
  • open the network tab. send a chat message. count outbound requests. you'll see exactly one POST to our inference endpoint, with no identifying headers and no cookies.
  • refresh. the page reloads with no conversation history. there's no "welcome back" because we never knew you were here.
  • read our system prompt. we publish it verbatim in the architecture > inference & models page. we don't hide anything in a server-side prompt template.
  • wait for v1.0. we'll ship cryptographically signed receipts proving our worker binary did exactly what we said it would, with no prompt retained. trust becomes verification.
read how we enforce it →

doctrine · 04 / roadmap

each version below ships specific deliverables, with all insights and developments documented on the changelog.

  1. v0.0.1 pre-launch

    usedot.xyz registered

    domain registered. website, principles, architecture, and ecosystem documents published. whitepaper available.

  2. v0.1

    dotchat goes live

    the chat surface launches following the token generation event.

    • dolphin-mistral-24b venice as the flagship lane
    • web retrieval trace visible in the chat UI
    • no-account chat with stop and stream visibility
    • browser-memory-only conversation state; refresh wipes
    • system prompt published in plain view
  3. v0.2

    dotcode

    the private alternative to Claude Code and Cursor. open-weight coding models, zero-retention inference, terminal-native.

    • same Dolphin-Mistral-24B Venice flagship lane as dotchat, with specialist routing to DeepSeek for heavy code work
    • multi-file edits and repo-aware context
    • terminal-native CLI, install once, run anywhere
    • codebase context held client-side; nothing persisted server-side
    • same memory-only architecture as dotchat
  4. v0.3 queued

    owned infrastructure

    the inference network moves from external API to dedicated nodes.

    • GEX131-class 96GB seed node deployed
    • queue system with fairness scheduler
    • source ranking with primary and official sources preferred
    • request receipts (pre-TEE, signed)
    • eval harness covering answer rate, refusal audit, and anti-sycophancy
    • full model router with safety, specialist, and small-model lanes
    • small-model acknowledgment under 3 seconds
  5. v1.0

    verifiable no-retention

    tee-attested workers ship. signed per-message receipts replace the trust requirement with cryptographic verification.

    • dedicated GPU pool (2–8 nodes)
    • vLLM and SGLang batched inference
    • TEE-attested workers with pinned worker binary hash
    • signed per-message receipts with enclave_quote for both dotchat and dotcode
    • cryptographically verifiable no-retention
  6. v2.0 future surfaces

    the ecosystem expands

    additional surfaces ship on the same architecture as dotchat and dotcode.

    • dotchattg: telegram bridge
    • dotgen: private image and video generation
    • private API for builders
    • team and private-deployment tier
    • open-weight model marketplace integration

doctrine · 04 / docs

coming soon.

reference material lives here when it's ready.