I have been experimenting with my own AI harness called Charis. Charis is a Java-based harness for running tool-using LLM agents, built around Anthropic models. It runs locally or remotely, serving a Svelte web UI over HTTP, and includes a growing set of tools aimed at security practitioners, including direct integration with the NIST National Vulnerability Database (NVD) and the Google Project Zero exploitation tracker. Charis is currently a proof of concept and is not yet publicly available.
Architecture Overview
Charis is structured as an Apache Maven multi-module project. There are three modules, though only two are active:
- charis-core — the engine library. All real logic lives here: sessions, tools, skills, memory, cron scheduling, and sub-agents.
- charis-server — an HTTP + SSE wrapper around the engine that serves the Svelte web UI. This is the active frontend, running by default on port 8765.
Core Engine Concepts
The design intent is straightforward: a primary AI model (aka orchestrator). The engine exposes tools, routes events, and persists state. Delegating tools keep the orchestrator context small by pushing bulk reads and searches into ephemeral child sessions returning a synthesized answer, no raw tool output in the primary context unless it was specifically requested.
- CharisEngine — top-level entry point. Owns all registries and produces
Sessionobjects. - Session — one conversation. Each user message starts a
Turn: model call → emitTurnEventstream → execute tool calls → re-prompt → repeat untilTurnCompleted. - TurnEvent — typed event stream consumed by any UI: assistant text, tool call, tool result, sub-agent activity, completion.
- SessionStore — JSONL-per-session persistence under
~/.charis/. - ToolRegistry — the full set of built-in tools (filesystem, shell, code execution, web, vision, memory, skills, sub-agents, task plans, cron, NVD CVE search, Project Zero search, charting).
- ModelRegistry — wraps the Anthropic SDK; falls back to a
FakeModelClientwhenANTHROPIC_API_KEYis unset, enabling offline testing. - SkillRegistry — three-tier skill lookup (project → user → built-in).
- MemoryStore — persistent
MEMORY.mdindex plus per-entry markdown files, organized by type: user, feedback, project, reference. - SubAgentDispatcher — spawns a child
Sessionwith a restricted tool subset and forwards its events upstream. Many tools delegate through this to avoid flooding the parent context with raw content. - CronScheduler — cron-utils backed by a
ScheduledExecutorService; thecron_scheduletool registers, lists, and unregisters scheduled prompts using standard Unix five-field syntax.
Tool Reference
Filesystem
- file_read — Read a file as UTF-8. Delegates to a child agent by default; set
raw:truefor verbatim contents. - file_write — Write a file as UTF-8 (modes: overwrite or append).
- file_search — Regex search across files; returns matches with file and line context.
- file_manage — List, move, copy, or delete files (optional recursive delete).
Execution
- bash — Run a shell command via
/bin/sh -c; returns stdout, stderr, and exit code. - code_exec — Execute a snippet in Python, Node.js, or Java (
jshell). Default timeout 30 seconds.
Web
- web_fetch — Fetch a URL over HTTP. Delegates by default with an
extractionPrompt;raw:truereturns the verbatim body. - web_search — Tavily-backed web search. Returns a synthesized answer plus ranked results with title, URL, content, and relevance score.
Vision and Display
- vision_analyze — Analyze a PNG, JPEG, GIF, or WebP image via Claude vision; surfaces the image inline in the UI.
- image_show — Display a local image inline (SVG/PNG/JPEG/GIF/WebP) without running analysis.
- chart — Generate charts from structured data.
Agents and Skills
- subagent — Spawn a child agent session with a prompt and optional tool subset; runs synchronously and streams events back to the parent.
- skill_list — Enumerate every available project, user, and built-in skill.
- skill_invoke — Load a named skill body inline into the conversation context.
- clarifying_question — Pause execution and ask the user a question; blocks until answered.
Planning and Scheduling
- task_plan — Manage a structured task plan: create, update, complete, or snapshot steps.
- cron_schedule — Register, unregister, or list cron-scheduled prompts using standard Unix five-field syntax.
Memory and History
- memory_read — Read a memory entry by name from the persistent store.
- memory_write — Write or update a memory entry (types: user, feedback, project, reference).
- session_search — Case-insensitive substring search across prior session history.
Vulnerability Intelligence
This is the area where Charis has capabilities beyond general-purpose AI tools. Rather than making live API calls at query time, Charis maintains local SQLite mirrors of two public datasets and queries them directly.
- nvd_search — Queries a local mirror of the NIST NVD CVE database using free-text natural language. The first call bootstraps the full catalog (streamed progress); subsequent calls auto-sync deltas past a configurable freshness window. Returns the synthesized answer, the SQL executed, row count, truncation flag, and sync metadata. Use this for CVE metadata, CVSS scores, and vendor advisories.
- project_zero_search — Searches Google Project Zero’s “0day In The Wild” catalogue and caches in local database. Complements NVD: NVD has all CVEs and metadata; Project Zero tracks which CVEs were actually exploited in the wild. Accepts a natural-language query, a direct SQL SELECT, or structured filters by CVE ID, vendor, product, or year. Use this for exploitation activity and attacker trend questions.
The screenshot above shows nvd_search in use against the local NVD mirror, surfacing CVE metadata and CVSS details for a query relevant to a Java library. All source data queried is publicly available.
References
- Anthropic Claude — the LLM powering Charis agents
- Anthropic API documentation
- NIST National Vulnerability Database (NVD)
- Google Project Zero — 0days In The Wild
- Tavily — web search backend
- cron-utils — cron expression parsing and scheduling library
- Apache Maven — build and project structure
- Svelte — web UI framework used in charis-server
