Shouyu-CLI

What it is

Shouyu is a terminal AI coding agent built around one hard rule: it never leaves the machine. No cloud APIs, no telemetry, no phone-home. It runs against a local model server — Ollama by default, or anything OpenAI-compatible — and provides the full agentic loop: read and edit files, run shell commands, search a codebase, hold persistent memory, spawn sub-agents. The assistant you reach for somewhere the cloud is simply not an option.

Built offline-first, from the ground up

This is not a cloud tool with the network switched off. It was built from scratch to be offline — the architecture assumes no internet exists, and every part of it, from the agent loop to the permission model, is designed around that constraint rather than retrofitted to it. Offline is not a mode; it is the foundation.

The hard part is making an agent reliable on the small local models that air-gapped hardware can actually run. A 14–26B model is far less forgiving than a frontier endpoint — tool schemas have to be lean, prompts tight, and the loop disciplined, or the model loses the thread. A lot of the real work lives in exactly that unglamorous place.

Designed for high-assurance environments

The offline-first posture is the whole game in air-gapped, sovereign, high-assurance settings — the regulated, government-adjacent networks where hosted coding assistants are non-starters precisely because they reach out to the internet. The design leans into what those environments actually demand:

• Default-deny, not default-allow. Every action is refused unless explicitly permitted — the inverse of how consumer agents behave, and the only defensible posture when the blast radius is real.
• Provenance you can attest. Signed releases and a software bill of materials, so a tool dropped onto an air-gapped workstation can prove where every byte came from.
• A compliance-aware knowledge base. A local retrieval layer over a curated corpus — including Australia's ASD Information Security Manual — so the assistant can answer "how do I configure this, and which controls does that satisfy?" entirely offline. A corpus no hosted tool can touch.
• An evaluation harness that doubles as proof. Real infrastructure tasks run under a hard network block, which makes the eval suite itself the strongest evidence that it genuinely works with the cable pulled.

Status

Built in the open, and honestly early. The architecture is locked, a proof-of-concept and its evaluation harness are standing, and the core agent loop runs — but there is a long way to go before it is something I would hand to an operator. The code will be open-sourced once it has made some bigger moves. This is the headline of what I do now: security-rooted AI platforms for places where runs offline is not a feature, it is the entire requirement.