Glacivis is in closed alpha. Learn what we're building →
Glacivis

Feature · AI assistance

AI you can audit.

Other ELN AIs claim to summarise your data. Glacivis's AI cites the specific notes, attachments, and protocols it read, marks every mutation it makes, and lets you filter the activity feed to 'human only' or 'AI only'.

The AI-trust problem in lab software

AI in scientific software has a credibility ceiling, and the ceiling isn't accuracy — it's auditability. A research output that depends on an AI summary is a research output you cannot defend if you cannot show what the AI looked at, what it changed, and when. Most ELN AI assistants today are bolted-on chat panels with no link back to the source notes and no record in the entity history.

Glacivis's AI is built around the inverse premise: every AI interaction is a first-class citizen of the same audit trail your human writes go through. The AI doesn't get a shadow path. It writes through the same op-log, stamped with actor_type='ai'.

How citation-grounded responses work

Every AI response carries a structured citations block listing the entities it consulted: notes, protocols, attachments, experiments. Each citation is a clickable jump-back that opens the entity at the correct revision and scrolls to the cited region where applicable. There is no "the AI says" without "the AI saw".

The cortex layer that powers this is structured as L1 base skills + L2 subject scopes + L3 task recipes. The base layer ships with read-side primitives — core.read_note_body, core.search_inside_notes, core.read_protocol, core.read_attachment_text — and every call records what it read into the response's citations array. You don't have to opt into citations; they're a precondition of the architecture.

Action log: actor_type tells you who did what

The op-log carries an actor_type column with values human, ai, or system. Every AI mutation passes actor_type='ai' and carries the AI session ID in the payload. The activity feed UI surfaces AI work distinctly from your own work — by default it's an AI-tagged row with a different icon and a "shows source" expand-arrow.

Filter the feed to "human only" before submitting an entry to peer review and you have a defensible record of which writes are yours. Filter to "AI only" and you can audit everything the assistant has touched in the workspace.

Scope, never silent expansion

The AI's write capabilities are scoped through an explicit policy module inside the cortex with twelve floor-level rules: secrets-in- payloads, paths-outside-workspace, DDL-from-AI, bulk-deletions- without-confirm, and a handful of others. The AI cannot escape these by reasoning around them; the policy module is enforced at the action layer, not at the prompt layer.

  • The AI never edits a locked entry.
  • The AI never operates outside the workspace you granted it.
  • The AI never executes bulk-deletion without an explicit human-side hold-to-confirm.
  • The AI never writes secrets, file paths outside the workspace, or arbitrary SQL into entity payloads.
  • The AI never proposes a destructive action without staging it for your review first ("act-vs-teach" rule).

Detached AI rail, predictable state

The AI rail renders in a separate Tauri window so you can move it to a second monitor and keep your editor uncovered. State sync between the main window and the rail goes through an explicit allow-list snapshot — what's visible in the rail is exactly what the main window's chat-store has elected to expose, never more. New chat-store fields don't leak until they're wired through the snapshot path on purpose.

Why this design. The user's AI-trust requirement is unambiguous: cite the notes it consulted, log every mutation distinctly, and make it possible to roll back AI work without rolling back human work. We treat that as a precondition for shipping AI features at all.

What you can do today

  • Ask the AI to summarise an experiment, and click through to the exact notes it read.
  • Ask it to draft a protocol from existing runs; review the citations before accepting.
  • See every AI-authored mutation in the entity history panel, distinct from your own.
  • Filter the activity feed by actor (human / AI / system).
  • Roll back an AI mutation without rolling back your own concurrent edits.
  • Use the detached rail across a multi-monitor setup; window state stays in sync.

What's coming

  • Provider choice. The provider-adapter layer is already in place; user-selectable models per workspace land in Phase 2.
  • Domain-specific cortex packs. Sequence-aware cortex skills (BLAST, restriction-site annotation) and chemistry-aware skills (SMILES handling) are on the roadmap.
  • Per-skill audit timeline. A timeline view of "every time the AI invoked skill X across the workspace" for retrospective review.

Download Glacivis →