pdurlej/platform

Fork 0

Add Matrix Heretic room backed by Mac-hosted Ollama over Tailscale #112

New issue

Open

opened 2026-05-06 03:38:48 +02:00 by codex · 3 comments

codex commented

2026-05-06 03:38:48 +02:00

Collaborator

Summary

Create a dedicated Element/Matrix room on the existing RS2000 Matrix stack that talks to Piotr's local Heretic Ollama model through a secure tunnel to the Mac. This is not an Ollama Cloud setup and should not make the model a global/default assistant.

Working name: Heretic Room. Purpose: a contrarian / red-team / weird-critique side channel for agents and Piotr, separate from normal rooms.

Why

Piotr published a custom Ollama model and wants to use it in a dedicated Matrix/Element room. The model works locally, but Ollama Cloud API does not currently run this custom model. RS2000 should host the Matrix room/bot, but should not host the 16-17 GB model itself; the model should run on the Mac and be reached over a private tunnel.

Verified facts, 2026-05-06

Model

Public Ollama registry page:

https://ollama.com/pdurlej/gemma-4-26B-A4B-it-heretic

Exact model id:

pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M

Local Ollama on the Mac lists the model:

pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M
size: 16796023618 bytes
family: gemma4
parameter_size: 25.2B
quantization: Q4_K_M

Local test passed via:

ollama run pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M "Reply exactly PUBLIC_HERETIC_OK."

The model returned PUBLIC_HERETIC_OK..

Not Ollama Cloud-ready

Ollama Cloud API currently does not see this model as an inference model:

https://ollama.com/api/chat
model: pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M
result: 404 model not found

So do not design this around https://ollama.com/api/chat. Treat the registry as distribution only; inference is local/private.

Existing Matrix/Element runtime

RS2000 currently runs the Matrix stack:

home-platform-synapse-1       matrixdotorg/synapse:v1.150.0    Up, healthy
home-platform-element-web-1   vectorim/element-web:v1.12.13    Up, healthy
home-platform-matrix-well-known-1 nginx:1.28.3-alpine3.23-perl Up, healthy

Relevant platform modules already exist:

modules/synapse/
modules/element-web/
modules/matrix-well-known/
modules/matrix-hub-private/ parked

Synapse domain:

matrix.pdurlej.com

Element domain:

element.pdurlej.com

Tunnel status

Mac Tailscale is online. Observed Mac Tailscale IP at time of check:

100.66.75.41

Local Ollama responds on the Mac:

curl http://127.0.0.1:11434/api/version
# {"version":"0.23.0"}

But direct RS2000 -> Mac Tailscale IP does not currently work:

http://100.66.75.41:11434/api/version -> timeout
http://100.66.75.41:11434/api/tags -> timeout

And on the Mac:

tailscale serve status -> No serve config

Therefore this needs an explicit tunnel/serve/proxy path.

Recommended architecture

Preferred v0

Keep Ollama and the model on the Mac.
Expose Mac-local Ollama to the tailnet only using Tailscale Serve, not public internet.
Run a small Matrix bot on RS2000.
The bot only joins one allowlisted Matrix room.
The bot forwards explicit commands/messages to the Mac Ollama endpoint and posts the model response back into the same Matrix room.

High-level flow:

Element room on RS2000 Synapse
  -> Matrix bot container on RS2000
  -> Tailscale-only endpoint to Mac
  -> Mac Ollama http://127.0.0.1:11434
  -> model pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M

Tunnel option A: Tailscale Serve

On the Mac, expose local Ollama to tailnet only. Verify exact syntax with tailscale serve --help; current local CLI supports this shape:

tailscale serve --bg --http=11434 127.0.0.1:11434

Then verify from RS2000 using the Mac's Tailscale DNS name or tailnet URL shown by:

tailscale serve status

Expected tests from RS2000:

curl http://<mac-tailnet-host-or-ip>:11434/api/version
curl http://<mac-tailnet-host-or-ip>:11434/api/tags

Do not use Tailscale Funnel for v0. Funnel would make this internet-facing and is not needed.

Tunnel option B: SSH reverse tunnel fallback

If Tailscale Serve is not reliable enough, use an SSH reverse tunnel from the Mac to RS2000:

ssh -N -R 127.0.0.1:11434:127.0.0.1:11434 rs2000

Then the Matrix bot on RS2000 can call:

http://127.0.0.1:11434

For production, persist this via launchd on the Mac, not a hand-held terminal session. Consider autossh or equivalent restart behavior if needed.

Bot design

Recommended v0 bot behavior:

Matrix bot account, e.g. @heretic:pdurlej.com.
One allowlisted room only, e.g. #heretic:pdurlej.com or private invite-only room.
Ignore every message unless it uses an explicit prefix, e.g. !heretic.
Post responses as normal Matrix replies.
Include model id in startup logs, not in every answer.
Keep transcript persistence minimal; Matrix already stores room history.
Avoid logging full private prompts unless explicitly configured for debugging.
Enforce a simple max prompt length and timeout.
Add a small “busy” message for long generations.

API call shape:

curl "$OLLAMA_BASE_URL/api/chat" \
  -H 'Content-Type: application/json' \
  -d '{
    "model": "pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M",
    "messages": [{"role": "user", "content": "Reply exactly HERETIC_ROOM_OK."}],
    "stream": false
  }'

Platform changes to make

Add a new module, likely:

modules/matrix-heretic-room/

Suggested files:

modules/matrix-heretic-room/module.yaml
modules/matrix-heretic-room/runbook.md
modules/matrix-heretic-room/smoke.sh

If implementing bot code in-repo, keep it small and isolated, e.g.:

services/matrix-heretic-bot/

or use an existing Matrix bot framework if the platform already standardizes on one.

Potential implementation options:

Python matrix-nio bot: most controllable, small custom bridge.
maubot: good if we already want a plugin-based Matrix bot runtime.
Node Matrix SDK: acceptable if platform prefers Node services.

For v0, prefer the smallest maintainable bot over a large framework unless maubot is already deployed.

Secrets/config

Do not commit secrets.

Expected config/secrets:

MATRIX_HERETIC_BOT_USER=@heretic:pdurlej.com
MATRIX_HERETIC_BOT_ACCESS_TOKEN=<Infisical secret>
MATRIX_HERETIC_ALLOWED_ROOM_ID=<Infisical or env config>
OLLAMA_BASE_URL=http://<tailnet-or-reverse-tunnel-endpoint>:11434
OLLAMA_MODEL=pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M

If using Infisical, document the path and names, not values.

Security requirements

Do not expose raw Ollama :11434 to the public internet.
Do not use Tailscale Funnel for v0.
Restrict Matrix bot to one room.
Require explicit prefix like !heretic.
Avoid storing private prompt logs outside Matrix unless debug mode is enabled.
If any HTTP endpoint is exposed outside tailnet, add auth/token and TLS.

Acceptance tests

Tunnel tests

From RS2000:

curl "$OLLAMA_BASE_URL/api/version"
curl "$OLLAMA_BASE_URL/api/tags" | grep 'pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M'

Direct model test

From RS2000 through the final endpoint:

curl "$OLLAMA_BASE_URL/api/chat" \
  -H 'Content-Type: application/json' \
  -d '{
    "model": "pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M",
    "messages": [{"role":"user","content":"Reply exactly HERETIC_ROOM_OK."}],
    "stream": false
  }'

Expected response contains:

HERETIC_ROOM_OK

Matrix smoke

In the dedicated Element room:

!heretic Reply exactly MATRIX_HERETIC_OK.

Expected bot reply contains:

MATRIX_HERETIC_OK

Persistence/restart

Restart Matrix bot container/service on RS2000; smoke still passes.
Restart Mac Ollama; tunnel recovers or runbook clearly explains recovery.
Reboot Mac if practical; launchd tunnel recovers or issue documents manual restart.

Non-goals

Do not make Heretic the default model anywhere.
Do not host this 16-17 GB model on RS2000 for v0.
Do not depend on Ollama Cloud custom-model inference.
Do not expose this as a public unauthenticated API.
Do not build a general multi-model Matrix agent framework in v0.

Open questions for implementer

Is Tailscale Serve enough for the Mac -> RS2000 path, or should we use SSH reverse tunnel for simpler RS2000-local addressing?
Should the bot run as a small custom matrix-nio container, or do we want to introduce maubot as a reusable bot runtime?
Exact room naming: Heretic, Heretic Lab, or Contrarian Review?
Should prompts require !heretic prefix only, or should the bot respond to mentions too?
Where should Infisical secrets live for Matrix bot credentials?

Useful local commands already verified

ollama list | grep heretic
curl http://127.0.0.1:11434/api/version
tailscale serve status
ssh rs2000 'docker ps --format "{{.Names}}\t{{.Image}}\t{{.Status}}" | grep -Ei "synapse|element|matrix"'

## Summary Create a dedicated Element/Matrix room on the existing RS2000 Matrix stack that talks to Piotr's local Heretic Ollama model through a secure tunnel to the Mac. This is **not** an Ollama Cloud setup and should not make the model a global/default assistant. Working name: **Heretic Room**. Purpose: a contrarian / red-team / weird-critique side channel for agents and Piotr, separate from normal rooms. ## Why Piotr published a custom Ollama model and wants to use it in a dedicated Matrix/Element room. The model works locally, but Ollama Cloud API does not currently run this custom model. RS2000 should host the Matrix room/bot, but should **not** host the 16-17 GB model itself; the model should run on the Mac and be reached over a private tunnel. ## Verified facts, 2026-05-06 ### Model Public Ollama registry page: - https://ollama.com/pdurlej/gemma-4-26B-A4B-it-heretic Exact model id: ```text pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M ``` Local Ollama on the Mac lists the model: ```text pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M size: 16796023618 bytes family: gemma4 parameter_size: 25.2B quantization: Q4_K_M ``` Local test passed via: ```sh ollama run pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M "Reply exactly PUBLIC_HERETIC_OK." ``` The model returned `PUBLIC_HERETIC_OK.`. ### Not Ollama Cloud-ready Ollama Cloud API currently does **not** see this model as an inference model: ```text https://ollama.com/api/chat model: pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M result: 404 model not found ``` So do not design this around `https://ollama.com/api/chat`. Treat the registry as distribution only; inference is local/private. ### Existing Matrix/Element runtime RS2000 currently runs the Matrix stack: ```text home-platform-synapse-1 matrixdotorg/synapse:v1.150.0 Up, healthy home-platform-element-web-1 vectorim/element-web:v1.12.13 Up, healthy home-platform-matrix-well-known-1 nginx:1.28.3-alpine3.23-perl Up, healthy ``` Relevant platform modules already exist: - `modules/synapse/` - `modules/element-web/` - `modules/matrix-well-known/` - `modules/matrix-hub-private/` parked Synapse domain: ```text matrix.pdurlej.com ``` Element domain: ```text element.pdurlej.com ``` ### Tunnel status Mac Tailscale is online. Observed Mac Tailscale IP at time of check: ```text 100.66.75.41 ``` Local Ollama responds on the Mac: ```sh curl http://127.0.0.1:11434/api/version # {"version":"0.23.0"} ``` But direct RS2000 -> Mac Tailscale IP does **not** currently work: ```text http://100.66.75.41:11434/api/version -> timeout http://100.66.75.41:11434/api/tags -> timeout ``` And on the Mac: ```text tailscale serve status -> No serve config ``` Therefore this needs an explicit tunnel/serve/proxy path. ## Recommended architecture ### Preferred v0 1. Keep Ollama and the model on the Mac. 2. Expose Mac-local Ollama to the tailnet only using Tailscale Serve, not public internet. 3. Run a small Matrix bot on RS2000. 4. The bot only joins one allowlisted Matrix room. 5. The bot forwards explicit commands/messages to the Mac Ollama endpoint and posts the model response back into the same Matrix room. High-level flow: ```text Element room on RS2000 Synapse -> Matrix bot container on RS2000 -> Tailscale-only endpoint to Mac -> Mac Ollama http://127.0.0.1:11434 -> model pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M ``` ### Tunnel option A: Tailscale Serve On the Mac, expose local Ollama to tailnet only. Verify exact syntax with `tailscale serve --help`; current local CLI supports this shape: ```sh tailscale serve --bg --http=11434 127.0.0.1:11434 ``` Then verify from RS2000 using the Mac's Tailscale DNS name or tailnet URL shown by: ```sh tailscale serve status ``` Expected tests from RS2000: ```sh curl http://<mac-tailnet-host-or-ip>:11434/api/version curl http://<mac-tailnet-host-or-ip>:11434/api/tags ``` Do **not** use Tailscale Funnel for v0. Funnel would make this internet-facing and is not needed. ### Tunnel option B: SSH reverse tunnel fallback If Tailscale Serve is not reliable enough, use an SSH reverse tunnel from the Mac to RS2000: ```sh ssh -N -R 127.0.0.1:11434:127.0.0.1:11434 rs2000 ``` Then the Matrix bot on RS2000 can call: ```text http://127.0.0.1:11434 ``` For production, persist this via `launchd` on the Mac, not a hand-held terminal session. Consider `autossh` or equivalent restart behavior if needed. ## Bot design Recommended v0 bot behavior: - Matrix bot account, e.g. `@heretic:pdurlej.com`. - One allowlisted room only, e.g. `#heretic:pdurlej.com` or private invite-only room. - Ignore every message unless it uses an explicit prefix, e.g. `!heretic`. - Post responses as normal Matrix replies. - Include model id in startup logs, not in every answer. - Keep transcript persistence minimal; Matrix already stores room history. - Avoid logging full private prompts unless explicitly configured for debugging. - Enforce a simple max prompt length and timeout. - Add a small “busy” message for long generations. API call shape: ```sh curl "$OLLAMA_BASE_URL/api/chat" \ -H 'Content-Type: application/json' \ -d '{ "model": "pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M", "messages": [{"role": "user", "content": "Reply exactly HERETIC_ROOM_OK."}], "stream": false }' ``` ## Platform changes to make Add a new module, likely: ```text modules/matrix-heretic-room/ ``` Suggested files: ```text modules/matrix-heretic-room/module.yaml modules/matrix-heretic-room/runbook.md modules/matrix-heretic-room/smoke.sh ``` If implementing bot code in-repo, keep it small and isolated, e.g.: ```text services/matrix-heretic-bot/ ``` or use an existing Matrix bot framework if the platform already standardizes on one. Potential implementation options: - Python `matrix-nio` bot: most controllable, small custom bridge. - `maubot`: good if we already want a plugin-based Matrix bot runtime. - Node Matrix SDK: acceptable if platform prefers Node services. For v0, prefer the smallest maintainable bot over a large framework unless maubot is already deployed. ## Secrets/config Do not commit secrets. Expected config/secrets: ```text MATRIX_HERETIC_BOT_USER=@heretic:pdurlej.com MATRIX_HERETIC_BOT_ACCESS_TOKEN=<Infisical secret> MATRIX_HERETIC_ALLOWED_ROOM_ID=<Infisical or env config> OLLAMA_BASE_URL=http://<tailnet-or-reverse-tunnel-endpoint>:11434 OLLAMA_MODEL=pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M ``` If using Infisical, document the path and names, not values. ## Security requirements - Do not expose raw Ollama `:11434` to the public internet. - Do not use Tailscale Funnel for v0. - Restrict Matrix bot to one room. - Require explicit prefix like `!heretic`. - Avoid storing private prompt logs outside Matrix unless debug mode is enabled. - If any HTTP endpoint is exposed outside tailnet, add auth/token and TLS. ## Acceptance tests ### Tunnel tests From RS2000: ```sh curl "$OLLAMA_BASE_URL/api/version" curl "$OLLAMA_BASE_URL/api/tags" | grep 'pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M' ``` ### Direct model test From RS2000 through the final endpoint: ```sh curl "$OLLAMA_BASE_URL/api/chat" \ -H 'Content-Type: application/json' \ -d '{ "model": "pdurlej/gemma-4-26B-A4B-it-heretic:Q4_K_M", "messages": [{"role":"user","content":"Reply exactly HERETIC_ROOM_OK."}], "stream": false }' ``` Expected response contains: ```text HERETIC_ROOM_OK ``` ### Matrix smoke In the dedicated Element room: ```text !heretic Reply exactly MATRIX_HERETIC_OK. ``` Expected bot reply contains: ```text MATRIX_HERETIC_OK ``` ### Persistence/restart - Restart Matrix bot container/service on RS2000; smoke still passes. - Restart Mac Ollama; tunnel recovers or runbook clearly explains recovery. - Reboot Mac if practical; launchd tunnel recovers or issue documents manual restart. ## Non-goals - Do not make Heretic the default model anywhere. - Do not host this 16-17 GB model on RS2000 for v0. - Do not depend on Ollama Cloud custom-model inference. - Do not expose this as a public unauthenticated API. - Do not build a general multi-model Matrix agent framework in v0. ## Open questions for implementer 1. Is Tailscale Serve enough for the Mac -> RS2000 path, or should we use SSH reverse tunnel for simpler RS2000-local addressing? 2. Should the bot run as a small custom `matrix-nio` container, or do we want to introduce `maubot` as a reusable bot runtime? 3. Exact room naming: `Heretic`, `Heretic Lab`, or `Contrarian Review`? 4. Should prompts require `!heretic` prefix only, or should the bot respond to mentions too? 5. Where should Infisical secrets live for Matrix bot credentials? ## Useful local commands already verified ```sh ollama list | grep heretic curl http://127.0.0.1:11434/api/version tailscale serve status ssh rs2000 'docker ps --format "{{.Names}}\t{{.Image}}\t{{.Status}}" | grep -Ei "synapse|element|matrix"' ```

claude referenced this issue

2026-05-17 17:25:34 +02:00

docs(specs): Matrix Heretic Room v0 prebuild (#112) #328

claude referenced this issue from a commit

2026-05-17 23:02:43 +02:00

prompts(forks): v0.1 dispatch template with worktree isolation (8 retry prebuilds)

claude referenced this issue

2026-05-17 23:03:11 +02:00

prompts(forks): v0.1 dispatch template with worktree isolation (8 retry prebuilds) #356

claude referenced this issue from a commit

2026-05-18 08:19:14 +02:00

docs(specs): Matrix Heretic Room v0 prebuild (#112)

claude referenced this issue

2026-05-18 08:19:34 +02:00

docs(specs): #112 Matrix Heretic room v0 prebuild #368

codex added this to the 08 - Persona and OpenClaw product loops milestone

2026-05-19 08:36:30 +02:00

pdurlej referenced this issue from a commit

2026-05-23 09:20:00 +02:00

Merge pull request 'docs(specs): #112 Matrix Heretic room v0 prebuild' (#368) from claude/fork-B1-matrix-heretic-room into main

codex referenced this issue

2026-05-28 01:21:54 +02:00

chore(m08): select next one or two Persona/OpenClaw product loops #542

codex referenced this issue

2026-05-29 16:58:33 +02:00

chore(m08): select next one or two Persona/OpenClaw product loops #542

codex commented

2026-05-29 16:58:34 +02:00

Author

Collaborator

Parked from M08 to M10 per Iskra supplemental triage. Heretic Matrix/Ollama room is useful future product work, not current Persona/OpenClaw critical path. No runtime mutation was performed.

codex modified the milestone from 08 - Persona and OpenClaw product loops to 10 - Improvements

2026-05-29 16:58:34 +02:00

claude added the

priority:p3

label

2026-05-30 22:43:22 +02:00

claude added the

status:parked

label

2026-06-01 08:53:12 +02:00

claude commented

2026-06-01 08:53:13 +02:00

Collaborator

Parked (p3, M10 closure plan #653 + Judging Claw priority). Reactivate when the Matrix-Ollama Heretic room is actually wanted.

**Parked (p3, M10 closure plan #653 + Judging Claw priority).** Reactivate when the Matrix-Ollama Heretic room is actually wanted.

Iskra commented

2026-06-08 03:02:44 +02:00

Collaborator

{
"confidence": 5,
"effort_hint": "medium",
"escalation": {
"kind": "none",
"reason": ""
},
"evidence_refs": [
{
"note": "Issue proposes a dedicated Matrix room for a local Heretic Ollama model via private tunnel.",
"type": "forgejo",
"value": "issue-title-body-labels-and-target-snapshot"
},
{
"note": "Body states the room is a contrarian side channel and not a global default assistant.",
"type": "forgejo",
"value": "issue-body-purpose"
},
{
"note": "Snapshot labels mark the issue as priority p3 and parked.",
"type": "snapshot",
"value": "target-snapshot-labels"
}
],
"impact": 2,
"judge_actor": {
"name": "iskra",
"runtime": "openclaw"
},
"judged_at": "2026-06-08T01:01:00Z",
"labels_to_apply": [
"judge/p3"
],
"piotr_fit": "medium",
"priority": "p3",
"rationale_summary": "This is P3 observe work because it is an interesting parked side-channel experiment rather than core platform delivery.",
"reach": 2,
"recommended_next_action": "observe",
"rerun_reason": "no_prior_judgment",
"schema": "openclaw.judge.v0",
"target": {
"kind": "issue",
"number": 112,
"repo": "pdurlej/platform"
},
"target_snapshot": {
"body_hash": "sha256:f6055464e8b7d1d72a5fd9c4f39003963cb44b795d80d8f0a69c6a7902b85a5c",
"commit_count": null,
"evidence_hash": "sha256:13226464f65860ccbacf9ed251410a51e460beddb4c34563738e230eaffbce89",
"head_sha": null,
"labels": [
"priority:p3",
"status:parked"
],
"labels_hash": "sha256:70bfe69a42f166841b4645bc96bcb858084f4174783502fb4cef5ef76e679e84",
"state": "open",
"title_hash": "sha256:4eef14e26c3139d33b491108b087331fb6011e0a2747f220e41c7af0d546fd7f",
"updated_at": "2026-06-01T08:53:13+02:00"
},
"top_caveat": "Keep it isolated from default assistant routing and avoid exposing the Mac-hosted model broadly."
}

{ "confidence": 5, "effort_hint": "medium", "escalation": { "kind": "none", "reason": "" }, "evidence_refs": [ { "note": "Issue proposes a dedicated Matrix room for a local Heretic Ollama model via private tunnel.", "type": "forgejo", "value": "issue-title-body-labels-and-target-snapshot" }, { "note": "Body states the room is a contrarian side channel and not a global default assistant.", "type": "forgejo", "value": "issue-body-purpose" }, { "note": "Snapshot labels mark the issue as priority p3 and parked.", "type": "snapshot", "value": "target-snapshot-labels" } ], "impact": 2, "judge_actor": { "name": "iskra", "runtime": "openclaw" }, "judged_at": "2026-06-08T01:01:00Z", "labels_to_apply": [ "judge/p3" ], "piotr_fit": "medium", "priority": "p3", "rationale_summary": "This is P3 observe work because it is an interesting parked side-channel experiment rather than core platform delivery.", "reach": 2, "recommended_next_action": "observe", "rerun_reason": "no_prior_judgment", "schema": "openclaw.judge.v0", "target": { "kind": "issue", "number": 112, "repo": "pdurlej/platform" }, "target_snapshot": { "body_hash": "sha256:f6055464e8b7d1d72a5fd9c4f39003963cb44b795d80d8f0a69c6a7902b85a5c", "commit_count": null, "evidence_hash": "sha256:13226464f65860ccbacf9ed251410a51e460beddb4c34563738e230eaffbce89", "head_sha": null, "labels": [ "priority:p3", "status:parked" ], "labels_hash": "sha256:70bfe69a42f166841b4645bc96bcb858084f4174783502fb4cef5ef76e679e84", "state": "open", "title_hash": "sha256:4eef14e26c3139d33b491108b087331fb6011e0a2747f220e41c7af0d546fd7f", "updated_at": "2026-06-01T08:53:13+02:00" }, "top_caveat": "Keep it isolated from default assistant routing and avoid exposing the Mac-hosted model broadly." }

Iskra added the

judge/p3

label

2026-06-08 03:02:44 +02:00