AI-powered personal cybersecurity agent that learns your behavior and protects you from threats.
HavenAI is a multi-agent AI system that monitors your computer for security threats. Unlike traditional antivirus that relies on signatures, HavenAI learns what's "normal" for you and alerts you when something unusual happens. It combines a native desktop application with a cloud-backed web dashboard, keeping raw telemetry private on-device while syncing only critical alerts to the cloud.
- Multi-Agent Monitoring β Five specialized agents (File, Process, Network, Email Inbox, Message/Notification) each watch a different surface of your system
- Perceive-Analyze-Act Pattern β Every agent continuously observes, scores risk, and acts on findings in autonomous loops
- Correlated Threat Detection β The Coordinator cross-references findings across agents (e.g., a downloaded file being immediately executed)
- Local-First Storage β All raw telemetry is stored in SQLite on-device with a 7-day rolling window; only medium+ severity alerts sync to the cloud
- Email Inbox Monitoring β Connects to your email via IMAP app passwords with auto-detected provider settings (Gmail, Outlook, Yahoo, iCloud) to scan for phishing
- AI Chat Assistant β Conversational security assistant with full context of all active agents, powered by OpenAI
- Real-Time Dashboard β Live file events, process spawns, network connections, health metrics, and alert feed
- Notification Channels β Email, SMS (Twilio), and automated voice call alerts based on configurable severity thresholds
- Privacy-First β IMAP and account credentials are encrypted on-device via the OS keychain (macOS Keychain / Windows DPAPI / libsecret); raw telemetry (file events, processes, connections) stays in local SQLite; only medium+ severity alerts (with the context needed to explain them) sync to the cloud
- Modern UI β Glassmorphism design system with WebGL shader backgrounds, built with Tailwind CSS and lucide-react
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CLOUD β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Web App β β Backend β β Database β β
β β (Next.js) β β (FastAPI) β β (PostgreSQL) β β
β β Vercel β β Render β β Render β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β β β β
β β Alerts, Auth, Devices β β
β β medium+ severity β β
βββββββββββΌβββββββββββββββββββββΌβββββββββββββββββββΌββββββββββββββββββββ
β HTTPS β β
β β β
βββββββββββΌβββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββββ
β β USER'S COMPUTER β β
β βΌ βΌ β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β HavenAI Desktop App (Electron) β β
β β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ ββββββββββββββββ β β
β β β File β β Process β β Network β β Email Inbox β β β
β β β Agent β β Agent β β Agent β β Agent β β β
β β ββββββ¬ββββββ ββββββ¬ββββββ ββββββ¬ββββββ ββββββββ¬ββββββββ β β
β β β β β β β β
β β βΌ βΌ βΌ βΌ β β
β β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β Coordinator (Orchestrator) β β β
β β β - Correlates findings across agents β β β
β β β - Writes to SQLite first, syncs medium+ to cloud β β β
β β β - Manages agent lifecycles β β β
β β ββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββ β β
β β β β β
β β βΌ β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β SQLite (~/.havenai/havenai.db) β β β
β β β events | alerts | agent_snapshots | 7-day prune β β β
β β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
HavenAI/
βββ webapp/ # Next.js web application (Vercel)
β βββ app/
β β βββ page.tsx # Landing page with shader backgrounds
β β βββ about/ # About page
β β βββ features/ # Features page
β β βββ download/ # Desktop app download page
β β βββ login/ # Authentication page
β β βββ dashboard/ # Main command center
β β β βββ page.tsx # Dashboard with Overview/Runtime/Agents tabs
β β β βββ components/ # TopBar, HealthScore, QuickStats, AlertFeed,
β β β β # ChatPanel, RuntimeInspector, AgentPanel,
β β β β # SetupPanel, ResourceMonitor, etc.
β β β βββ hooks/ # useAlerts, useAgentStatus, useChat,
β β β β # useSetupPreferences
β β β βββ services/ # Mock data providers (web fallback)
β β βββ components/ # Shared: Navbar, Footer, shader backgrounds
β β # (ShaderBackground, SmokeBackground,
β β # DottedSurface, WaveShader, etc.)
β βββ tailwind.config.js
β βββ package.json
β
βββ desktop-app/
β βββ electron/ # Electron shell
β β βββ src/
β β β βββ main.ts # Main process: window, tray, IPC handlers,
β β β β # python-bridge, electron-store
β β β βββ preload.ts # Context bridge API exposed to renderer
β β βββ renderer/ # Next.js static export for Electron
β β β βββ app/
β β β βββ page.tsx # Root (auth check -> dashboard)
β β β βββ login/page.tsx # Desktop login
β β β βββ globals.css # Desktop design system
β β βββ package.json
β β
β βββ agent/ # Python agent system
β βββ havenai/
β βββ agents/
β β βββ base.py # Abstract Agent with perceive/analyze/act
β β βββ coordinator.py # Orchestrator, alert routing, cloud sync
β β βββ file_agent.py # Watchdog-based file monitoring
β β βββ process_agent.py # psutil process monitoring
β β βββ network_agent.py # Network connection monitoring
β β βββ email_inbox_agent.py # IMAP phishing detection
β β βββ message_agent.py # Notification channel router
β βββ api/
β β βββ client.py # Backend API client (auth, alerts, heartbeat)
β βββ storage/
β βββ local_db.py # SQLite local storage (events, alerts, prune)
β
βββ backend/ # FastAPI backend (Render)
β βββ app/
β β βββ main.py # App entry, CORS, router registration
β β βββ config.py # Environment configuration
β β βββ security.py # JWT token handling
β β βββ schemas.py # Pydantic request/response models
β β βββ dependencies.py # Auth dependency injection
β β βββ db/
β β β βββ database.py # SQLAlchemy engine + session
β β β βββ models.py # User, Device, Alert, UserSetupPreferences
β β βββ routers/
β β β βββ auth.py # Register, login, token refresh
β β β βββ devices.py # Device registration, heartbeat
β β β βββ alerts.py # Alert CRUD
β β β βββ chat.py # AI chat endpoint (OpenAI)
β β β βββ setup.py # User preferences (monitoring toggles, phones)
β β β βββ downloads.py # Desktop app download links
β β β βββ health.py # Health check
β β βββ services/
β β βββ notifications.py # SendGrid email, Twilio SMS/voice calls
β βββ requirements.txt
β βββ tests/
β
βββ .env # Root environment variables
βββ README.md
| Layer | Technology | Hosting |
|---|---|---|
| Web Frontend | Next.js 14, Tailwind CSS, Three.js (shaders) | Vercel |
| Desktop App | Electron, Next.js (static export) | GitHub Releases (.dmg + .exe) |
| Agent System | Python 3, psutil, watchdog, imaplib | Runs locally |
| Local Storage | SQLite (via Python sqlite3) | ~/.havenai/havenai.db |
| Backend API | FastAPI, SQLAlchemy, Pydantic | Render |
| Cloud Database | PostgreSQL | Render |
| Auth | JWT (access + refresh tokens) | β |
| Notifications | SendGrid (email), Twilio (SMS/voice) | β |
| AI Chat | OpenAI GPT API | β |
| IPC | Electron IPC + stdin/stdout JSON (Python bridge) | β |
Each agent follows the perceive-analyze-act pattern in its own thread:
| Agent | What it monitors | Key libraries |
|---|---|---|
| FileAgent | File creates/modifies in Downloads and Desktop | watchdog |
| ProcessAgent | New process spawns, suspicious parent-child chains | psutil |
| NetworkAgent | Active TCP connections, suspicious ports/destinations | psutil, socket |
| EmailInboxAgent | Unread emails for phishing indicators via IMAP | imaplib |
| MessageAgent | Routes alerts to configured notification channels | β |
The Coordinator runs the main loop, processes alerts from all agents, performs cross-agent correlation (e.g., downloaded file + immediate execution = critical threat), and manages data flow between local SQLite and the cloud backend.
| Data | Where | Retention |
|---|---|---|
| Raw file/process/network events | SQLite on device | 7-day rolling window |
| All alerts (any severity) | SQLite on device | 7-day rolling window |
| Medium/high/critical alerts | PostgreSQL (cloud) | Indefinite |
| User accounts, devices, preferences | PostgreSQL (cloud) | Indefinite |
| IMAP credentials | electron-store (device only) | Until user clears |
| Agent state snapshots | SQLite on device | 7-day rolling window |
- Node.js 18+
- Python 3.11+
- PostgreSQL (for backend, or use Render)
Create a .env in the project root:
# Backend
DATABASE_URL=postgresql://user:pass@host:5432/havenai
SECRET_KEY=your-jwt-secret
OPENAI_API_KEY=sk-...
# Notifications (optional)
SENDGRID_API_KEY=SG...
SENDGRID_FROM_EMAIL=alerts@yourdomain.com
TWILIO_ACCOUNT_SID=AC...
TWILIO_AUTH_TOKEN=...
TWILIO_FROM_NUMBER=+1...
# Frontend
NEXT_PUBLIC_API_URL=http://localhost:8000Backend:
cd backend
pip install -r requirements.txt
uvicorn app.main:app --reloadWeb App:
cd webapp
npm install
npm run devDesktop App (development):
cd desktop-app/electron
npm install
npm run devPython Agents (standalone):
cd desktop-app/agent
pip install -r requirements.txt
python -m havenai.agents.coordinatorcd desktop-app/electron
npm run package:mac
npm run package:win
npm run package:linux
# Output: release/HavenAI-0.1.0-arm64.dmg
# Output: release/HavenAI-Setup-0.1.0.exe
# Output: release/HavenAI-0.1.0.AppImageFor tagged releases, keep these versions aligned:
desktop-app/electron/package.json(version)backend/app/routers/downloads.py(APP_VERSION)- Git tag (
v<version>)
| Service | Platform | URL |
|---|---|---|
| Web App | Vercel | Configured via webapp/vercel.json |
| Backend API | Render | Web service with uvicorn app.main:app |
| Database | Render | PostgreSQL (internal URL for backend) |
| Desktop App | GitHub Releases | .dmg (macOS), .exe (Windows), and .AppImage (Linux) uploaded per release |
- Jacob Ahrens β jxa1493@miami.edu
- Gianna Scuteri β grs124@miami.edu
- Dhilan Fye β dmf168@miami.edu
This project is part of ECE 481/482 Senior Design at the University of Miami.