Patients increasingly receive medical advice from both public AI and clinicians. That advice improves when it can reference the complete record across providers, but patients are understandably reluctant to upload hundreds of pages of sensitive records to public AI, and clinicians rarely have the time to review everything. In practice, many decisions end up based on a brief chat rather than the full record.
MAIA introduces a patient-controlled Private AI agent that sits between a patient's complete health record and public AIs. Patients can see and edit chats, share them with clinicians, and manage current medications, a patient summary, a diary of symptoms and observations, relevant references, and a privacy filter that pseudonymizes names before sending anything to public AI.
MAIA reduces the number of parties that must be trusted with private information. The host running the service (DigitalOcean in this implementation) must be trusted to run the code without modification. The publisher of the open source code and any verifier also need to be trusted for the integrity of the code they release or audit.
The design goal is that the author does not need access to anyone's private data. A verifier, even an excellent coding AI, can help confirm the code has no back doors, but they cannot attest to the operational access of whoever provisions a patient's account. This is why MAIA supports user-driven provisioning without third-party assistance.
When running MAIA, use your own credit card to pay for hosting. If someone else pays for the service, they control the billing account and can likely control access to your data even if the code has been verified.
- Get Started simple, passwordless entry for new users with self-provisioning wizard.
- Passkey registration optional to create web-accessible account.
- Local only/no‑passkey or password mode for private devices.
- Sign Out with optional local snapshot for deleted account restoration.
- Setup Wizard with multi‑page guidance and feature review.
- My Stuff dialog for private AI agent instruction, document and privacy management.
- Saved Files list with KB inclusion checkboxes.
- Saved Files indexing status and KB summary.
- Upload file from paperclip / file picker.
- PDF Viewer modal with paging.
- Text/Markdown Viewer with page links for source confirmation.
- My Lists linked to PDF source pages.
- Create Categorized Lists from Apple Health file.
- AI-assisted Current Medications patient-reconciled and verified.
- Generate Patient Summary with editing and verification.
- Switch AI provider dropdown (Private AI + public models).
- Saved Chats to local computer and as deep links.
- Open deep link as guest (isolated view).
- Privacy Filtering substitutes all names in a chat for pseudonymity.
- Admin Account and user management page.
- Passkey registration creates the user document and session.
- Agent provisioning (admin-triggered or auto in some flows):
- Creates agent, waits for deployment, stores endpoint + API key.
- File import:
- Uploads land in root, metadata stored in Cloudant.
- KB build and indexing:
- Files are moved into
userId/<kbName>/. - Indexing starts on the folder datasource.
- Polling persists status to
userDoc.kbIndexingStatus.
- Files are moved into
- KB attachment:
- Automatically attaches when agent is ready and indexing is complete.
- Current Medications / Patient Summary:
- Generated and verified through My Lists and Patient Summary flows.
PUBLIC_APP_URL
Single source: passkey origin and allowed origins are derived from this; RPID is derived as the apex domain (e.g.https://maia.adriang.xyz→ originhttps://maia.adriang.xyz, RPIDadriang.xyz). Used for deep links and app URL.PASSKEY_RPID(optional)
Override RPID if you need a different domain scope (e.g. full hostname instead of apex).PASSKEY_ORIGINS(optional)
Comma-separated allowlist if you need more than the single derived origin.
CLOUDANT_URL,CLOUDANT_USERNAME,CLOUDANT_PASSWORD
Required for user docs, sessions, and audit logs.
When USE_COUCHDB_DROPLET=true, the server auto-creates a DigitalOcean droplet (ubuntu-s-1vcpu-1gb-tor1-01) with Dockerized CouchDB and sets CLOUDANT_* from it. Credentials are stored in Spaces at couchdb/credentials.json so they survive redeploys. Requires DIGITALOCEAN_TOKEN, DIGITALOCEAN_AWS_ACCESS_KEY_ID, DIGITALOCEAN_AWS_SECRET_ACCESS_KEY (bucket name is from NEW-AGENT.txt).
DIGITALOCEAN_TOKEN
Auth for DO GenAI REST API.DO_REGION,DO_PROJECT_ID
Required to create agents and KBs.DO_EMBEDDING_MODEL_ID(optional)
Overrides default embedding model. OpenSearch database UUID is parsed from envOPENSEARCH_URL(DO dashboard URL).
- Bucket name is fixed in code (see NEW-AGENT.txt;
getSpacesBucketName()). DIGITALOCEAN_AWS_ACCESS_KEY_ID,DIGITALOCEAN_AWS_SECRET_ACCESS_KEY
S3-compatible access to Spaces (endpoint derived fromDO_REGION).
- Set
OPENSEARCH_URLin .env to your DO database dashboard URL; the app parses the database UUID from the path (e.g.https://cloud.digitalocean.com/databases/<uuid>?i=...).
PUBLIC_APP_URL— Canonical app URL (also drives passkey config; see Passkeys above).PORT— Server listen port.
- App Platform: Runs the frontend + Node server.
- Droplet with Dockerized CouchDB: Cloudant-compatible data store for users, chats, sessions, and audit log. Can be auto-provisioned via
USE_COUCHDB_DROPLET=true(see CouchDB Droplet env vars). - GenAI Agent: DigitalOcean Private AI agent per user.
- Knowledge Base: DigitalOcean KB per user, indexed from the Spaces folder datasource.
- OpenSearch 2 Database: Clinical notes indexing/search store.
- Spaces File Store: S3-compatible storage for all user files and lists.
npm install
cp .env.example .env
npm run dev # Vite (frontend)
npm run start # Node (backend)Health check:
curl http://localhost:3001/health