Overview & Boundaries
InterGen is the AI assistant built into InterGenOS. It runs entirely on your machine, helps you administer, configure, and write code on that machine, and sends nothing about your prompts, files, or system anywhere outside the box. There is no cloud account, no API key, and no telemetry in the default install.
This page covers what InterGen does, the boundaries it operates within, and the two features that govern how it touches the outside world: InterGen Sentinel and Phone-A-Friend (Frontier/Cloud Escalation).
How it fits together
InterGen runs locally, and everything that crosses the machine boundary is screened first by one gate — its Sentinel scanner. The whole shape in one view:
flowchart TD
You(["You"]) -->|" prompt "| IG["InterGen<br/>local Qwen model, auto-sized to your hardware<br/>Tier 1 ~1.5 GB to Tier 3 ~21 GB, on-device"]
IG -->|" anything crossing the machine boundary "| S
subgraph S["InterGen Sentinel"]
direction TB
R["Local-Rules<br/>always on, no model, no network"] --> Q["Local-Qwen<br/>optional, on-device classifier"] --> C["Cloud scanner<br/>opt-in, OFF by default"]
end
S --> V{"verdict?"}
V -->|" ALLOW "| W(["External tools · MCP servers<br/>Phone-A-Friend, opt-in cloud"])
V -->|" FLAG / BLOCK "| H(["held for review, or refused"])
C:::off
classDef off stroke-dasharray:5 4;
On a default install, no cloud provider is configured for either Sentinel or Phone-A-Friend, so everything above runs entirely on your machine. Cloud help — a stronger scanner, or a frontier model via Phone-A-Friend — is opt-in per request, never the default, and any outbound payload is screened by Sentinel’s egress policy before it leaves.

InterGen answering a disk-usage question: it ran the read-only command, then summarized the result in plain English.
What InterGen does
InterGen is a chat-style system assistant. You open it from the Applications menu or with the intergen command in any terminal, and you ask it about your machine. Its strength is knowing your system, not the whole world. Typical requests:
- “How much free space is on my root partition?” — it runs the right
dfinvocation and reads back the answer. - “What’s my current IP address?” — a direct
ipcommand plus a plain-English summary. - “Write me a systemd timer that runs
backup.shevery Sunday at 03:00.” — it drafts the unit and timer files, then asks before installing. - “Why did sshd fail to start after I edited the config?” — it reads
journalctl -u sshd, summarizes the error, and suggests a fix. - “Install htop” — it recognizes the intent and asks you to confirm before running
sudo pkm install htop.
InterGen is not a replacement for a general chat tool. If you ask about brand-new software the model has not seen, it tells you so rather than guessing.
How it scales to your hardware
InterGen inspects the host’s RAM and GPU and selects an appropriately sized local model automatically. The shipping tiers all run Qwen models served locally:
- Tier 1 (~1.5 GB model) — machines with under 8 GB of RAM. Handles system queries, command lookups, and log summaries. Not built for writing code from scratch.
- Tier 2 (~5.5 GB model) — machines with 8 to 15 GB of RAM. The daily-driver tier: coding, configuration drafts, and multi-step reasoning. On a Tier 2 machine without a discrete GPU, InterGen falls back to the smaller model to keep latency usable.
- Tier 3 (~21 GB model) — machines with 16 GB or more of RAM and a discrete GPU. Deep, multi-file code analysis and complex architectural reasoning. A 16 GB+ machine without a discrete GPU stays on the Tier 2 model.
If your hardware changes, InterGen picks up the upgrade and switches tiers on the next start. A small embedding model ships alongside every tier to power semantic matching in the router.
The boundaries: fully local, zero telemetry
Every model InterGen uses runs on your own CPU and GPU by default. Nothing about your prompts, files, configuration, or machine identity leaves the local network. The trade-offs are honest:
- The local models are smaller than frontier cloud models, so answers on hard tasks are less sharp.
- First use downloads the model (roughly 1.5–21 GB depending on your tier). After that, no network is needed.
The trade-off you do not make is data exposure. When you want the depth of a frontier model, the optional Phone-A-Friend (Frontier/Cloud Escalation) feature lets you opt in on a per-request basis, off by default and never silent.
This is the InterGenOS posture in practice: a machine you understand, can modify, and can trust.
What it can and can’t do: the safety chain
Every action InterGen proposes is classified before it runs:
- AUTO — read-only or harmless operations such as
ls,df, andjournalctl. They run immediately and the result is shown to you. - CONFIRM — anything that changes state, such as
systemctl restart,pkm install, or editing a config file. InterGen pauses, shows exactly what it intends to do, and runs nothing until you approve. - BLOCKED — destructive or security-bypassing operations such as
rm -rf /, formatting the root disk, or disabling Secure Boot from inside the running system. InterGen refuses and explains why.
The classifier is conservative by design. Nothing that changes the system runs without explicit approval, and the most dangerous commands cannot run at all. This is what keeps you in control.
InterGen Sentinel
InterGen Sentinel is the pluggable security scanner that guards InterGen’s interactions with the outside world. It inspects content crossing two boundaries: data returned from external and MCP tools (ingress, an injection risk) and content about to be sent off-device (egress, an exfiltration risk). Both surfaces are scanned by default.
Sentinel runs a layered scan and returns one of three verdicts: ALLOW, FLAG (hold for human review), or BLOCK (refuse). When verdicts disagree, the most severe one wins, and any scanner that errors fails closed to FLAG rather than silently allowing content through.
The default configuration runs two stages, both fully on-device:
- Local-Rules — an always-on deterministic floor of pattern and heuristic rules. No model, no network. This is the minimum guarantee on every interaction.
- Local-Qwen — an optional deeper pass backed by a small on-device Qwen classifier. Richer judgement than the rules floor, still no network.
For the strongest analysis you may opt in to a cloud scanner backed by one of six providers: Claude (Anthropic), Gemini (Google), Copilot (Microsoft), ChatGPT (OpenAI), Grok (xAI), or DeepSeek. No cloud provider is configured by default, so the default install scans entirely on-device.
Sentinel also enforces a signed never-list: a manifest of paths the assistant may never perform a destructive operation on, including its own configuration. The scan policy is in the protected set the assistant itself can never edit, and turning scanning off requires a human-authenticated path.
Phone-A-Friend (Frontier/Cloud Escalation)
Phone-A-Friend (Frontier/Cloud Escalation) is the optional, consent-first path for handing a request to a more capable frontier model in the cloud when the local assistant cannot satisfy it. It is off by default: no provider is configured out of the box, and the feature only acts after you have explicitly set one up.
When a request exceeds local capability, InterGen offers to escalate and asks before reaching out. A consent modal shows you the full outbound payload before anything is sent, so your consent is informed. The same six providers available to Sentinel can be configured here, with API keys stored in the system keyring rather than in plain configuration.
Every outbound payload is scanned by Sentinel’s egress policy first, so a blocked send keeps sensitive content from leaving the machine. This preserves InterGen’s local-first posture: cloud assistance is available when you ask for it, never imposed.
Turning InterGen on or off
InterGen is off by default. You opt in either at install time (the “Enable the InterGen AI assistant?” toggle in Forge’s package-selection screen) or later by running:
intergen setup
That downloads the model, enables the intergen.service unit, and starts the assistant. Because the installer enables the unit globally (systemctl --global enable intergen.service), opting back out means undoing that global enablement — run systemctl --global disable intergen.service, or use the in-app toggle. A per-user systemctl --user disable does not undo the installer’s global enable, so reach for the global disable or the toggle instead.
The model files stay on disk under /var/lib/intergen/models/ in case you want to re-enable later without re-downloading. To free that space, remove the directory as root.