About

Track candidates, job openings, and interviews without losing momentum. A faster workflow for better hiring decisions.

Badges

Tastemaker
Tastemaker
Gone streaking
Gone streaking
Gone streaking 5
Gone streaking 5

Forums

We built the wrong feature for 3 months. Our most-requested feature told us.

For three months, the #1 feature request in Murror was "let me share my journal entries with my partner."

It made perfect sense. Murror helps you understand your emotions and relationships. Sharing seemed like the obvious next step. Our roadmap was built around it. We designed the UI, built the sharing flow, even wrote the notification copy.

From NoteUX to Konxios: Building the AI Operating System I Always Wanted

Hey everyone

A while back, I shared NoteUX here on Product Hunt, and the support from this community meant a lot.

Since then, I've been quietly working on something much bigger.

Today, I'm excited to share Konxios - an AI Operating System designed to bring models, agents, workflows, files, and tools together in one place.

At‑rest encryption + per‑client scope

Following up on the launch thread, few of you asked same good question:

transcript is immutable and redaction happens at share boundary, but doesn't local index still hold plaintext secrets at rest, so any agent/MCP client with read access (or synced backup) can pull old key straight out of search?

it is a logical deduction. scritty's model is not "your disk is the trust boundary." instead there's opt in at rest encryption on the local store one switch, pointed at a passphrase you hold (env var or OS keychain, never written to config) and the whole local store is encrypted, both layers, not just the transcript:

  1. relational transcript + keyword index (SQLCipher): page level AES 256, each page authenticated with an HMAC so tampering is detectable, key stretched from the passphrase via PBKDF2.

  2. vector index: XChaCha20 Poly1305 authenticated encryption, key derived via Argon2id, KDF params + salt bound as AAD. same passphrase as layer one so an old key buried in history isn't readable by another process, MCP client, or synced backup without it. fail closed -- passphrase absent > the store refuses to open, never a silent fallback to plaintext.

  3. scope gating: per client. MCP access is by scoped token; hand an agent a token bound to a specific session (or set), and it can't widen to the whole corpus. cross corpus reads (e.g. corpus wide semantic search) are refused for that token, not silently honored. "one agent asking for everything" only works if you explicitly mint it admin scope.

View more