By Resila · In development — waitlist open

Tend
your own fire.

Hearth is a local-first coding agent that runs entirely on open-source models — no Anthropic or OpenAI key, no account, nothing leaves your machine. We're not chasing a bigger model; we're building the harness to bring open models to Claude-Code-level capability, on hardware you already own. It isn't shipped yet — here's exactly what's real.

A fire you tend,
not one you rent.

Every AI coding tool today works the same way underneath: your code leaves your machine, travels to somebody else's server, and comes back through an API you don't control and can't inspect. That's a rented fire. It's warm while you're paying for it, and it goes cold the moment you stop.

Hearth is the opposite bet, made two ways at once. First: your code and your prompts never leave your computer — not because we promise to guard them somewhere else, but because there is no somewhere else. Second, the harder one: we think open-source models can reach Claude-Code-level capability without a frontier API behind them — not by finding a bigger model, but by building a harness disciplined enough to keep a smaller one honest.

Bigger model, or a better harness?

Frontier labs reach Claude-Code-level capability by throwing more parameters and more compute at the problem. We're testing a different bet: that most of what makes a coding agent trustworthy isn't the model — it's the harness around it. Hearth runs on open-source models only, through Ollama or LM Studio, and narrows the gap with deterministic scaffolding: code holds the state of your task, the model's only job is to pick the next action, and verifier gates check that action before it runs.

The finding that mattered most

Deterministic scaffolding doesn't make the model smarter. It turns silently-wrong answers into honest failures — the kind you can see and fix, instead of the kind that ship.

That's not a finished-product claim. It's the architecture we're betting on — and it's why we think open-source-only is a capability strategy, not just a privacy one.

Your code doesn't leave the room.

Some code was never going to leave the building. Regulated codebases. Client contracts that forbid it. A founder who just doesn't want a third party holding the keys to the product. If you've ever closed the tab on an AI coding tool because the terms of service made your stomach drop — you're who we built this for. There's no vendor in the loop to trust.

Local is the default, not a setting buried in a menu. Every shell command runs sandboxed with macOS Seatbelt: confined to your workspace, no network access, and your SSH keys and credentials blocked outright. Before Hearth writes a file or runs a command, you see a plain-English approval card — rendered from structured fields, never from model-generated prose. You're not trusting a summary of what it wants to do. You're looking at the actual thing.

Not a roadmap slide. Here's what already runs.

We're a waitlist because Hearth isn't finished, not because it isn't real. Most of what's below already runs in our own testing today — mechanisms, not promises; where something's still being wired in, we say so. Launch it with one command and a warm local UI opens; no cloud dashboard, no login.

Approval in plain English

Before Hearth writes a file or runs a command, it shows an approval card — Allow once, Always allow, or Don't allow. The card is assembled by Hearth itself, not written by the model, so what you approve is exactly what will happen.

A locked, network-off sandbox

Every shell command runs inside a macOS Seatbelt sandbox confined to your workspace. No network access, and protected files like SSH keys and credentials are blocked outright — even if the model asks for them.

Open models, nothing else in the loop

Hearth runs on models served through Ollama or LM Studio, with an optional Hugging Face cloud endpoint if you want it. No Anthropic or OpenAI key, ever — and nothing to sign up for.

External-state harness, verifier gates

The model doesn't hold the state of your task — code does. Its only job is to pick the next action, and a verifier checks the result before it counts as done. Measured finding: this turns silent mistakes into visible, fixable ones.

Bring your own tools

Hearth speaks MCP: the surface for adding your own tools and servers is built into the UI today. Lighting up live connections — plus skills and subagents — is what we're wiring in next. Extensible by you, never a walled platform.

A warm local UI, one command

A local web interface with a live activity feed and a gently breathing ember approval card, launched with a single command. No cloud dashboard, no login screen — you watch the agent work instead of trusting it blindly.

What's actually driving it right now.

We test against real local models, not numbers on a leaderboard. Model choice is yours — swap what's underneath as better open weights ship, without waiting on us to catch up. This list will change as the harness and the models both improve, and when it does, we'll say so here rather than bury it.

gemma4:31b-mlx most reliable so far qwen2.5:14b evaluating nemotron evaluating

This is a waitlist, not a launch.

Hearth hasn't shipped, and we're not rounding up. We'd rather tell you exactly what's built than oversell what's coming — and earn your trust slowly instead of spending it on a demo.

Running today, in our own testing
  • The permission broker + plain-English approval cards
  • The macOS Seatbelt sandbox
  • The external-state harness with verifier gates
  • The local web UI
Still ahead of us
  • Broader open-model support
  • Live MCP connections, skills, and subagents
  • Wider verifier coverage
  • The hardening only real edge cases bring
  • The polish that makes it yours, not ours

Come sit by the fire while we build it.

Leave your email and we'll send you exactly one message: the day Hearth is ready to run on your machine. No spam, no drip campaign — just the one email when we launch, same as everything else we build.

No account, no sign-up — Hearth runs on your machine.

Questions, answered honestly.

A few things people ask before joining a waitlist for something unshipped.

Is Hearth ready to use?
Not yet. It's a working local build we're actively developing, not a shipped product — that's why this is a waitlist. Join it and we'll email you the moment it's ready to try. Honestly: when it's ready, and not a day before.
Does any of my code get sent to a cloud vendor?
No. Hearth runs on open-source models through Ollama or LM Studio, entirely on your machine. There's no Anthropic or OpenAI API anywhere in the loop, and no account is required to run it. Local is the default, not a checkbox.
How does an open-source model reach Claude-Code-level capability?
Not by being bigger — by being held to a stricter harness. State lives in code instead of the model's head, and verifier gates check each step before it runs. We're honest that we're not there yet, but that's the architecture we're betting on, and it's already turning silent failures into visible ones in our testing.
Can it use cloud inference if I want to?
Yes, optionally — Hearth can call a Hugging Face cloud endpoint if you choose to. That's an explicit, opt-in choice you make per run, never a silent default. Local-first means local by default, not local-only as a rule you can't break.
What stops it from running a destructive command?
Two things, both already built. Every shell command runs inside a locked macOS sandbox (Seatbelt), confined to your workspace, with no network access and your SSH keys and credentials specifically blocked. And any file write or shell command shows you a plain-English approval card first — Allow once, Always allow, or Don't allow.
Which models does it run on, and do I need an account?
We've measured gemma4:31b-mlx as the most reliable driver so far, and we're evaluating qwen2.5:14b and nemotron alongside it. You bring the model through Ollama, LM Studio, or a Hugging Face endpoint — Hearth ships no model of its own, and needs no account to run locally.
Will I get spammed once I sign up?
One email, when Hearth is ready to try. That's the whole policy — the same one we run for every Resila product. No drip campaign, no spam.