Kition
Download
Local-first & privacy

Privacy practices for lawyers and consultants

Client cases, drafts, billing — what to feed AI, what to keep strictly local, and how to enforce it via hooks.

Kition Team·Apr 15, 2026·7 min read

Four layers of isolation

  • Vault tiers: clients/ in its own vault with custom hooks
  • Hook denies: block agent from feeding clients/ content to web_fetch / browser
  • Provider tiers: sensitive vault uses local LLM; general vault uses cloud
  • Audit log: PostToolUse pipes every tool call to syslog

A common hook snippet

{
  "PreToolUse": {
    "web_fetch": ".kition/scripts/deny-if-client-path.sh",
    "browser_open": ".kition/scripts/deny-if-client-path.sh"
  }
}
Back to blogMore in Local-first & privacy

Related reading

Advanced / Hooks / MCP

Using hooks for audit and compliance

Law, healthcare, education need "every agent action traceable." Hooks + log hashing = a low-cost audit setup.

Local-first & privacy

Security: local-first vs cloud notes

The biggest cloud-notes attack surface is the vendor. For local-first, it is your machine. The first is out of your hands; the second is not.

Ready when you are.

Kition is a local-first AI workspace. Markdown documents, structured tables, and an AI agent — running on your own machine, against the model provider you choose.

Download KitionPricing