Project Abolitus

Abolitus is a browser-first AI roleplay client built around one rule: the server should never need plaintext to do its job.

This repository explains the product in plain language. It is meant to answer what stays local, what can sync, what premium unlocks, and what the backend can and cannot see.

Product Shape

• Local chat runs in the browser and stores its working state in the client database.
• E2EE cloud sync keeps encrypted continuity across devices without exposing plaintext to the backend.
• Desktop Tunnel lets a phone, tablet, or secondary laptop use a model that is running on a desktop.
• Billing is crypto-only and wallet-based.
• No analytics or ad trackers.
• The trust boundary is explicit: no plaintext chat, no provider keys in the backend, and no legal identity layer.

Local Chat

The default experience is local and private.

1. The browser assembles the active prompt from the current chat, persona, lorebook entries, prompt wrappers, and other local settings.
2. Provider keys stay on the device. When you use a browser-safe route such as OpenRouter, NanoGPT, or a local OpenAI-compatible server like Ollama or LM Studio, the browser sends the request directly.
3. Responses return to the browser and are persisted locally in Dexie.js.

That means you can use Abolitus without Premium and without cloud sync. The local experience is the baseline product, not a degraded demo.

Migration and Compatibility

If you are coming from SillyTavern or another local roleplay tool, you do not need to rebuild everything from scratch.

Abolitus can import the main parts of an existing setup: PNG character cards, prompt wrappers, sampler presets, and lorebooks. Provider keys, browser-only helpers, and device-specific tunnel settings still need a quick review on the new machine.

Read the full Migration Guide for a step-by-step explanation of what carries over, what does not, and how to move without losing your setup.

E2EE Cloud Sync

Cloud sync is for encrypted continuity, not cloud-readable storage.

The flow is simple:

1. The browser creates or unlocks your master key locally.
2. The vault snapshot is serialized on the device.
3. The payload is encrypted with AES-256-GCM before any upload happens.
4. The encrypted payload is padded to 1 KB boundaries so object size reveals less about the content.
5. The browser derives a storage write token from the vault key and sync slot to prove ownership without exposing the key.
6. Supabase verifies the owner proof and stores the ciphertext blob.
7. Another device downloads the same blob and decrypts it locally with the same vault key.

What the server can see:

• object paths and sync-slot identifiers
• ownership proofs and the minimum metadata needed to route writes
• payment and entitlement state when Premium features are involved

What it cannot see:

• plaintext chats
• provider API keys
• the vault key itself
• local retrieval memory or prompt assembly content

If you lose the vault key, Abolitus cannot recover that encrypted data. That is the zero-knowledge tradeoff.

Desktop Tunnel

Desktop Tunnel is a Premium feature for the case where your best local model runs on a desktop, but you want to use it from a phone, tablet, or second laptop.

The model still runs on the desktop. The remote device is only the front end.

The flow is:

1. The desktop advertises that it is available.
2. The remote device claims a short-lived relay session.
3. Relay metadata is coordinated through the premium control plane.
4. Prompt traffic stays encrypted for the live session.
5. The desktop performs the actual inference and streams the reply back.

What this feature is not:

• It is not a public hosted model service.
• It is not a permanent P2P mesh.
• It is not an ngrok setup that leaves you babysitting temporary tunnel links and tokens.
• It is not a Cloudflare Tunnel setup that turns a private local host into another brittle public edge.
• It is not a replacement for a desktop model that is asleep or offline.
• It is not a router-forwarding product that requires you to expose your home network.

The useful mental model is simple: Desktop Tunnel keeps the model where the GPU is and moves the conversation surface to the device in your hand.

Billing and Access

Abolitus is crypto-only. There is no card checkout and no bank-account billing path.

Premium is wallet-based and prepaid. The codebase currently supports multiple crypto rails, but the canonical client checkout path is Solana USDC and Solana USDT. Other rails may be wallet-connected or server-verified depending on the route.

Billing tracks entitlement state, not a legal identity record. We do not ask for a name, physical address, or KYC file as part of normal checkout.

Premium unlocks encrypted cloud sync and Desktop Tunnel access. It does not unlock local chat, because local chat is already the baseline product.

What This Repository Is For

This whitepaper repo exists to make the product easy to understand before anyone installs it or funds it.

It is meant to answer three questions:

• What does Abolitus do?
• Where is the trust boundary?
• Why should a user believe the boundary is real?

Further Reading

• Read Setup Guide for an A to Z setup and usage walkthrough.
• Read Terms of Service & Zero-Knowledge Policy for the service model and user responsibility summary.
• Read Feature Overview for the full user-facing feature inventory.
• Read Migration Guide for the compatibility and import flow.
• Read Security Model for the cryptographic and operational detail.
• Read Brand Philosophy for the visual language and copy tone.