As AI assistants become a core part of developer workflows, we face a critical challenge: Data Privacy.
How do you allow an AI to help you clean spreadsheets, query databases, or analyze source code without uploading sensitive local data to cloud chatbot servers? For many companies and individual developers, uploading proprietary databases or client spreadsheets to the cloud is a complete showstopper due to compliance and security policies.
To solve this, I built and open-sourced DWN.BRIDGE—a native Windows desktop client designed to act as a Zero-Knowledge bridge.
It allows you to run autonomous local agents that interact with your files and databases, ensuring that your raw data stays entirely on your local machine, while still leveraging the reasoning capabilities of public LLMs (like Google Gemini).
Privacy by Design
The core engineering principle of DWN.BRIDGE is isolation: the LLM should never see your raw data, only the instructions and metadata needed to solve the problem.
Here is how the data flows:
graph TD
subgraph "Local PC (Client Side)"
App[C# WPF Native Client] -->|Stealth Control via WebView2| Browser[Free Gemini Web Session]
App -->|Executes Shell Commands| CLI[Sandboxed Terminal]
App -->|Reads/Parses Schemas| DB[(Local DB / Excel / CSV)]
end
subgraph "Cloud Brain (Orchestrator)"
Browser <-->|Web Interaction| Cloud[Google Gemini LLM]
App <-->|Encrypted AES-GCM Payloads| Server[Private CloudBrain Server]
end
style App fill:#3B82F6,stroke:#1E3A8A,stroke-width:2px,color:#fff
style Browser fill:#10B981,stroke:#047857,stroke-width:2px,color:#fff
style Server fill:#8B5CF6,stroke:#5B21B6,stroke-width:2px,color:#fff
1. The Zero-Knowledge Schema Parser
When you point DWN.BRIDGE to a local database (SQL Server, SQLite, Excel, or CSV), the client does not upload the file. Instead:
- Local Metadata Extraction: The local C# client parses the database locally to extract ONLY the schema structure (table names, column headers, and data types).
- Abstract Context: It sends this abstract schema to the LLM (e.g.,
Table: Employees [Id INT, Role VARCHAR, JoinDate DATE]). - Logic Generation: The LLM analyzes the schema and writes a SQL query or a parsing script to answer your question.
- Local Execution: The C# client receives the SQL query, executes it locally on your machine, extracts the answer, and presents it to you.
Your proprietary rows and private records never leave your computer. The LLM only sees the empty structure.
2. The WebView2 Browser Bridge
To make this work seamlessly with existing public interfaces, the client hosts a native Microsoft WebView2 control. The browser automation layer acts as a secure container, bridging the local tools to the chat interface. This integration is a technical necessity to allow local file system access without compromising the security model of the browser.
Exposing Local Tools with Explicit User Consent
To allow the AI to perform local operations (like compiling code or reading logs), the client exposes sandboxed local tools to the orchestrator:
READ_FILE/WRITE_FILE: For reading/writing source code and files.RUN_COMMAND: For executing compilers, test runners, or git commands.EXECUTE_SQL: For querying local databases.
Because security is paramount, no local tool can execute without explicit user approval. The client prompts you with a native WPF Dialog displaying the exact command or file modification requested by the agent. You are always in control of your system.
Open Source Trust
When dealing with local filesystem and database access, trust is non-negotiable.
This is why DWN.BRIDGE is fully open-source. Any developer can inspect the C# codebase, audit how the tools are sandboxed, and compile the client directly from source using the .NET 10 SDK.
Furthermore, configuring agents is fully customizable via simple Markdown profiles where you can define their exact boundaries and active tools.