← Back to work Frontier build · architectural complexity

SymbiOS

A multi-agent system for systemic therapy: every user gets their own Guardian AI, connected to partners through a consent-based knowledge graph, giving relationship insight no single shared chatbot can. It's not another chatbot wrapper. The architecture is the differentiation, and the architecture is the point.

Frontier build · clinical ambition

SymbiOS is a frontier build on a deliberate, test-first track, the kind of system I hope becomes a clinical product over time. The reason it moves carefully is the architecture itself: scaling a multi-agent system, anonymising data before any model sees it, secure transfer of highly sensitive information across a consent boundary. Building this kind of system slowly and carefully is the responsible move, not a limitation.

~56k

Lines of TypeScript across the backend.

~70%

Of replies served locally by templates in ~50ms, no LLM call.

Datastores in the local stack: PostgreSQL, Neo4j, Redis, API, client.

MCP context tools enriching the Guardian with graph context.

Why it's hard

The hard parts,
all at once.

Most AI products solve one hard thing. SymbiOS has to solve several at the same time: scaling a multi-agent system; anonymisation and strict data boundaries so the model never sees real identities; complex data flows between independent services; and the secure transfer of highly sensitive data across a consent boundary.

The moat is the combination, a Neo4j temporal graph, a per-user Guardian doing anonymised cross-referencing, and an asymmetric consent model, which competitors with a single shared AI can't copy quickly. That's the whole thesis: a technically advanced solution to genuinely hard problems, built hands-on.

// What it does

The system, in parts

Per-user Guardian agent A full pipeline: message analysis → fast template match → partner context from the graph → an LLM reply only when one is actually needed. ~70% of replies are served locally by templates in ~50ms with no model call at all: the cheapest path first, the model second. A crisis protocol on a 0 to 1 urgency scale, with keyword fallback if the model fails.

Consent-gated knowledge graph Neo4j nodes and relationships for users, connections, emotional states, patterns, goals and insights. Asymmetric per-connection consent (none → basic → emotional → patterns → full) gatekeeps every read of partner data.

Anonymisation before the LLM A per-user PII vault swaps names, emails and phone numbers for anonymous IDs before any model ever sees the data, then re-identifies for display. A genuine answer to the privacy-vs-context dilemma.

Complex, isolated data flows One user can hold unlimited independent connections (partner, family, friend, therapist), each with isolated data and its own consent level. Bridge messages mediate communication between two parties' agents.

Secure transfer of sensitive data AES-256-GCM message encryption, Argon2id passwords, JWT, GDPR export and account deletion. The kind of data where a single leak isn't an inconvenience; it's a non-starter.

Entity resolution Six contextual strategies (person, event, place, goal, trigger, state), a multilingual name-matching layer, and a geo-context layer that links places to emotional states in the graph: unusual depth for this stage.

// How it's built

The architecture

Backendruntime

TypeScript, Node.js, Fastify, Socket.io for real-time message → response, LangChain over Gemini, Vitest for tests.

Datastorage

PostgreSQL for relational data, Neo4j as the temporal knowledge graph, Redis for cache and pub/sub. Migrations for users, sessions, consent records, connections, sessions, goals and insights.

AI layerintelligence

A right-sized model via LangChain, MCP context tools, and a template system that resolves ~70% of replies locally, never reaching for a model where deterministic templates do the job. Model routing keeps cost and latency down by design, not as an afterthought.

Clientapp

A Flutter / Dart client (Riverpod + GetIt DI) with splash, login, register and chat screens, plus speech-to-text and audio dependencies wired in.

Securityboundary

AES-256-GCM, Argon2id, JWT, a per-user anonymisation vault, and consent filtering verified by its own test suite.

Engineering honesty is part of the build: the measured ~3.2s time-to-first-token is acknowledged as too slow, with a planned move to faster inference and a semantic cache. Naming the gaps is how you keep a system trustworthy, especially one handling sensitive data.

// How it scales

Lean today. A clear plan to scale.

Template-first, model-second, datastores ready to split // keep the AI bill sane as it grows

Today

one local stack

The whole multi-agent system runs on a single local stack (Postgres, Neo4j, Redis, API and client together), proving the architecture works and costs almost nothing while the hard problems are validated.

Cost

~70% no-LLM

Around 70% of replies never touch a model. That template-first design is what keeps the AI bill near zero now and keeps it sane when the user count climbs.

faster inference

The measured ~3.2s time-to-first-token is named as too slow on purpose, with a planned move to faster inference and a semantic cache so repeat-shaped queries skip the model entirely.

At scale

split datastores

The five datastores are already separate concerns, so scaling means moving the graph, relational and cache layers onto their own infrastructure as load demands, not a rebuild. Spend tracks real usage.

Building something this hard?

SymbiOS is the kind of architecture that breaks teams in the handoffs: multi-agent, consent-gated, privacy-first, all at once. If that's the shape of your problem, let's talk.

Book a 20-min call See the work →