Coming soon Open-source · local-first · Gmail first

Your agent sees only the data you allow.

Connecting an agent to your data — email, files, chat, calendar — is all-or-nothing: one OK and it reads everything. Lens sits in between and enforces a trusted, topic-filtered view, judged by meaning: a small slice you define. Everything else stays invisible. Starting with Gmail.

No product yet — just a heads-up when the open-source core lands. No spam.

Focus your agent. Guard the rest.

How Lens gates your data sources Items flow from your data sources on the right — Gmail today, Drive and Slack coming soon — toward the Lens gate in the center. Only the items that match your topic pass through to the AI agents on the left; everything else is held back at the gate and never crosses.
Only what you allow crosses the boundary. Everything else stays at the source.

Works with your sources

  • Gmail Live
  • Outlook Soon
  • Slack Soon
  • Drive Soon
  • Calendar Soon
  • Notion Soon

The trusted gatekeeper

A classifier that protects, never leaks.

Semantic filtering has a paradox: to decide an item is about something, you have to read it — including the ones that don't match. Lens resolves it by running the gate inside a local trust boundary. Only matches ever cross out.

  1. 01

    Pre-filter

    A cheap, deterministic source query — for Gmail today: from:, label, date, has:attachment — narrows candidates to a small, plausible set. Exposure is bounded before anything is read.

  2. 02

    Trusted classifier

    A locked-down classifier — your own key or a small local model — reads only those survivors and labels each match or no-match. It lives inside the boundary, purely to decide.

  3. 03

    The boundary

    Only matches cross to the agent. Non-matching content never reaches your app, and the audit trail records metadata only — never subjects, bodies, or attachments.

Local trust boundary · your machine
Gmail pre-filter classifier gate
matches cross to the agent everything else stays here
Audit log = metadata only, never content. Read-only in v1 — no send or delete paths.

One gate, many sources

Connectors

Gmail is the first surface. The same trusted gate is built to slot in more sources behind one contract — so "secure Gmail view" becomes a "secure view of any source," then a universal data-access layer.

  • Gmail

    The first surface — scheduled pipeline + live MCP.

    Available first

  • Outlook

    Microsoft 365 mail behind the same gate.

    Coming soon

  • Slack

    Messaging, scoped by topic, not channels.

    Coming soon

  • IMAP

    Any mailbox that speaks the open protocol.

    Coming soon

  • Google Drive

    "Only docs about Project X" — files, gated.

    Coming soon

  • Calendar

    "Only work meetings" — events, scoped.

    Coming soon

  • Notion

    Knowledge bases, sliced to the relevant pages.

    Coming soon

  • …and beyond

    A universal agent data-access layer — every source behind one consent gate.

Where this goes

Vision & roadmap

Lens is not a Gmail feature — it's a primitive: narrow the source, a trusted gate classifies, only matches cross, every access is audited and revocable.

  1. Now In progress

    The wedge

    Secure semantic Gmail view. Flagship: the Sovrenn daily-PDF pipeline into your app, plus a live MCP connector. Open-source local core.

  2. Next Coming soon

    Widen the surface

    More sources behind the same gate — Outlook / Microsoft 365 → generic IMAP → messaging like Slack. "Secure Gmail view" becomes a secure view of any source.

  3. Later Coming soon

    Widen the data types

    Drive, Calendar, Notion, financial transactions scoped by category — and a deeper policy gate: redaction, DLP, graduated write actions. From a single-source tool to a universal agent data-access layer.

  4. North Star Coming soon

    A consent layer for everything

    The open, auditable, revocable consent layer that every agent integration routes through to touch your data. You give any agent a precise slice of any source — and nothing more.