DEV Community

Cover image for I wrote a novel about personal AI in 2017. In 2026, I built it.
Rajmohan
Rajmohan

Posted on

I wrote a novel about personal AI in 2017. In 2026, I built it.

#opensource #ai #security #network

In 2017, I published a novel called UTOPAI, which was about an AI Utopia. The novel is available as open source (it is also in amazon).

In the novel, I imagined about a world where every person has a personal AI named Dina. Dina is not a task agent like OpenClaw. Rather, she is a sovereign AI companion that knows you and your preferences, your friends, your promises etc. She talks to other AIs (other Dinas) on your behalf, knows what products are perfect for you, never falls for advertisement and marketing - basically, she works for you and nobody else.

Eight and a half years later, I have actually built her.

github.com/rajmohanutopai/dina
Open Source. MIT License

The Hidden Problems

AI Agents are extremely capable. OpenClaw, Perplexity Computer, Hermes Agent and Claude Cowork are all extremely strong AI Agents which can draft emails, book flights, browse the web, and execute complex tasks autonomously.

But, to make it completely helpful, there are some missing pieces.

Agent's identity

Current agents don't have a sovereign identity. While people do usually name their agents, it is mostly just that, a name. There is no independent cryptographic existence for the agent.

Without an independent cryptographic ID, agents cannot be policed properly. A network made of agents cannot be made to behave properly without such an externally visible ID.

How secure is your data?

Over a period of time, Agents will come to support a lot of personal and sensitive data. How can we make sure that the agents data is not leaked using prompt injection methods? How can we avoid agents sending your sensitive data to insecure emails?

Fundamental data security is one concern which has to be solved to make agents truly useful.

Dina

Dina is both the helpful agent from the novel, which is available as a full implementation and is also an open-source protocol which others can implement. Any one can implement Dina protocol to create helpful supportive agents which play nice with each other in the network.

Thus, Dina can be considered as three things.

  1. Dina, the AI companion is an agent by herself, which can be installed and run in your machine
  2. She is also agent safety layer which could be incorporated to other stronger task agents like OpenClaw or Claude Cowork. Install Dina as another supporting agent, and integrate with other task agents as skills or hooks.
  3. She is also a protocol for which the full spec is released. This will allow multiple types of Dinas to interact with each other in the network.

Dina, the AI companion

Dina is built with a Go Core and a Python Brain, with data stored in SQLite with SQLCipher Encryption, which should provide the missing pieces to make Agents truly useful.

1. Cryptographic Identity

Every Dina has her own identity, built on Ed25519 keys generated from a BIP-39 24-word mnemonic. This identity isn't tied to any external platform like Google or Microsoft. It's completely yours and cannot be banned by anyone.

Every public action she takes is cryptographically signed, and can be traced back to her.

2. Encrypted Persona Vaults

The data is not stored in a single big database. It is compartmentalised into separate encrypted vaults. Your general data goes to one DB, while your health data is in another, and you financial data goes to a completely separate vault.

You can create your own vaults, as many as required. Each vault has its own cryptographic keys. Since they are locked and unlocked separately, kept in full cryptographic isolation, this is not a preference setting which could be easily jailbroken via a prompt.

3. Agent Safety

Currently, task agent safety is based on system prompts. Dina provides one additional layer of safety for existing agents. Action gating enforced in code, not LLM reasoning

Every task agent action gets a risk assessment. If it is considered LOW-risk, like web search, it passes through silently. For MODERATE and HIGH-risk actions (sending emails, sharing data, deleting files), your explicit approval is required. Without that the agent action is blocked.

Please note that, for this, we have to fully integrate Dina to these task agents. A basic security is now provided as Dina Skill, but later on, I will extend this to add as hooks.

In the following video, both scenarios can be seen (openclaw is called using external terminal command to show the scenario well)

  • An agent proposes sending a quarterly report to your boss. User reviews. Approved By User
  • The same agent proposes sending salary data to an external unknown address.User reviews. Denied By User

Agent Safety - Vault Access

Another layer of agent safety built in is using the earlier mentioned persona vaults. Since the data is fundamentally saved under lock and key, a task agent which wants to use locked data will again need explicit approval from the user.

Please note that, if the data is stored in General Vault, it can be accessed without approval from the user. As shown in the video below, this is explicitly required only for locked vaults.

4. Context Enrichment

Dina is a full AI Companion which stores the data in all these vaults. This allows Dina to interact with you with full context.

When you tell Dina "I have chronic back pain" that goes into your health vault. When you say "My budget is $500" that goes into your finance vault. When you later ask "what office chair should I buy?" Dina pulls from both vaults to give you a recommendation that is tailored to you.

The context enrichment is part and parcel of Dina. Any incoming or outgoing message is enriched with data within the vaults, thus providing helpful information in every turn.

5. Dina to Dina Messaging

Dina talks to other Dina's using its own encrypted peer to peer network. Dina's ID is stored in the PLC at AT-Proto Network (thank you #atproto), and thus, Dinas can connect and interact to each other.

When a Dina sends a message to another Dina, it goes through the Cloud MsgBox (currently hosted by me in msgbox.dinakernel.com). The cloud msgbox is polled by Dinas. This allows dinas to talk to each other even without having a public IP. The msgbox is a dumb relay - the encrypted message passes through it, encrypted by both sender and receivers information.

Another advantage of msgbox is that it acts as, yeah, a msgbox. If the target Dina is shut down, the message will stay in the msgbox until target Dina wakes up and polls it and downloads the message.

In the video below, we can see Dina to Dina with Context Enrichment.

6. Trust Network

Trust Network is of paramount importance to Dina (especially in the novel). It allows the agentic world to work on trust and reputation, allows multiple Dinas to work nicely with each other, search and buy products based on its capability more than marketing.

Currently, when we search for a product, results are ordered by aggregators based on their internal reasoning. It could be paid ads, or it could be because these products are actually better.

Dina extends the review system with the trust network. Trust Network is built on AT Protocol, where trust is earned through signed attestations.

People can review and publish product information to trust network, and anyone can write and use their own AppViews (a default appview is provided at appview.dinakernel.com) to collate and find out the best product for you.

The idea behind the Trust Network is that personal AI Agents like Dina can analyse and find out the best product for you since Dina knows what is your requirement, and she can also read and understand reviews.

Trust Network goes beyond just reviews - since every agents public information is signed and known, any agent which is not playing fair, any appview which is providing incorrect collation of data, all of them can be found out using the same trust network.

In the video below, the user asks Dina for a chair recommendation. She checks the health vault (chronic back pain - needs lumbar support), finance vault ($500 budget) and
the Trust Network (Alonso's signed review of the Steelcase Leap V2).

With these three encrypted sources, where recommendations from people I trust bubble up, where signed attestations provide trust, it allows Dina to get the best result tailored for you.

7. Task Delegation

Dina is your personal AI. She handles your personal info, your personal world, interactions with others and interactions with Trust Network. But for complex tasks, Dina delegates it to much stronger agents like OpenClaw or Claude Cowork.

8. What Next

Dina will support Task Delegation through Messaging.
The scenario is as follows -

  • I am at a bus stop, waiting for a bus.
  • My Dina asks the bus driver's Dina what time the bus arrives at my stop.
  • The bus driver's Dina will delegate task to its OpenClaw.
  • Bus Drivers OpenClaw checks its internal systems, Google Maps etc and responds the exact time the bus will reach the location

Dina - Always open source, Currently in Technical preview

Please try out Dina at github.com/rajmohanutopai/dina

Currently in technical preview, with more than 4500 tests passing.

Since I am a solo dev, I would absolutely love for the backend and security engineers here to tear apart the architecture, check out the repo, and let me know where I can improve.

Please do try out and let us make it an open protocol and an open world.

Top comments (0)