Overview
We make two things: Tiles, our consumer product, a local-first AI assistant (currently a CLI in alpha); and Tilekit, the SDK for developers to build on the infrastructure behind Tiles.
Status: Alpha
Tiles is currently alpha-quality software. It is usable for everyday tasks, though you may encounter bugs and performance issues. Tilekit, the developer SDK, is experimental, not a current priority, and intended for exploratory use, not production.
Features
Agent Harness
On-device Models
Decentralized Identity
Locally generated DIDs, with the private key always stored locally on device.
P2P Sync
Encrypted peer-to-peer sync for chats across your linked devices, online or on your local network, with Iroh’s networking stack.
Shared Links
Create a public link to a chat session, published through ATProto.
Offline Installer
Fully offline installer for secure, air-gapped installations.
Use Tilekit as an app-server runtime to integrate identity, memory, sync, and agent templates in your own app, built with open standards like Open Responses API.
What makes Tiles different
Tiles is built around a narrow bet: one well-integrated model at a time, starting with 
gpt-oss-20b, optimized for credible local inference on Apple Silicon systems with 16GB+ memory while balancing privacy, capability, and everyday usability.
| Capability | Tiles | Ollama | LM Studio | Jan | Osaurus |
|---|---|---|---|---|---|
| Decentralized Identity | Supported | Not supported | Not supported | Not supported | Supported |
| Encryption | Supported | Not supported | Partially supported | Not supported | Partially supported |
| Sync | Supported | Not supported | Not supported | Not supported | Not supported |
| On-device models | Supported | Supported | Supported | Supported | Supported |
| Cloud models | Not supported | Supported | Not supported | Supported | Supported |
| In-house models | Not supported | Not supported | Not supported | Supported | Supported |
| Agent Harness | Supported | Supported | Partially supported | Not supported | Supported |
| Memory | Not supported | Not supported | Not supported | Not supported | Supported |
| Connectors | Not supported | Supported | Supported | Supported | Supported |
| Sandbox | Not supported | Not supported | Not supported | Not supported | Supported |
| Remote Link | Not supported | Not supported | Supported | Not supported | Supported |
| Shared Links | Supported | Not supported | Not supported | Not supported | Not supported |
| Developer SDK | Supported | Supported | Supported | Not supported | Supported |
| Offline Installer | Supported | Not supported | Not supported | Not supported | Not supported |
| Cross platform | Not supported | Supported | Supported | Supported | Not supported |
| Open source | Supported | Partially supported | Partially supported | Supported | Supported |
Product walkthrough
Demo video
Watch a quick demo of Tiles:
CLI
Onboarding flow for the Tiles CLI.
Shared Links
View this shared chat example at tiles.run/share/YXQ6Ly9k…xeTI3. Tiles does not store a copy of the shared conversation on our servers, and the shared content is fetched directly from the user’s Bluesky PDS.
Shared chat link screen shown after running a /share command.
Frequently asked questions
Short answers drawn from our security documentation. For full context and limits, read that page.
What is the current maturity level of Tiles and Tilekit?
Tiles is currently alpha-quality software. It is usable for everyday tasks, though you may encounter bugs and performance issues. Tilekit, the developer SDK, is experimental, not a current priority, and intended for exploratory use, not production.
What does local-first mean for Tiles?
Tiles is designed so the default experience runs on-device. The local server binds to localhost,
which limits exposed network surface during normal use. Configuration and application data live in standard
local directories, and you can change the user data path when needed.
Are chat and account databases stored as plain SQLite files?
No. Application state is persisted locally with encryption at rest. The Rust build uses SQLCipher-enabled SQLite, and database connections use a passkey from secure storage. That raises the bar against casual inspection of copied files, though it does not remove all local risk.
How does Tiles handle identity and secret material?
Public identity is separated from private keys. Device and account identity use did:key identifiers
from Ed25519 keys. Private keys and database passkeys are stored in the operating system’s secure credential
store, not in plaintext app configuration files.
How does device linking and chat sync work?
Peer-to-peer linking is user-mediated, not automatic. One device shows a ticket or local code; the other enters it and explicitly accepts or rejects. In release builds, endpoints derive from your stored secret key, and peer identity is checked against the delivered public key. Sync includes defensive controls, including a maximum size cap for downloaded deltas before they are applied.
Sync uses Iroh for device-to-device networking. When a direct path is not practical, Iroh’s public relays can help establish the connection; we list that relay use on our sub-processors page.
Does Tiles include product analytics, and what is logged locally?
The product does not currently bundle obvious analytics SDKs such as Sentry, PostHog, Segment, Mixpanel, or similar telemetry. There is still local logging: the Python server may log request metadata and bodies to files under the Tiles data directory, so prompt content can appear in local logs unless logging changes.
How do updates, signing, and bundled dependencies relate to trust?
Updates can check GitHub releases and install via the hosted installer script, which depends on release and hosting integrity rather than a stronger built-in end-user verification workflow. Dependencies are pinned and reviewed. The macOS package is code signed, notarized, and stapled. Bundled dependencies are self-contained so normal installation and use do not require live package downloads from the internet.
How do I report a security vulnerability?
Use the published security policy and private disclosure path. Researchers can use GitHub Security Advisories or email security@tiles.run, with expectations for acknowledgement, triage, and coordinated disclosure. See SECURITY.md.