Everything you need to install, configure, and get the most out of HARBOUR AI. All features documented — from first launch to Enterprise SSO.
Download HARBOUR-AI-Setup.exe from GitHub Releases, run it, install Ollama from ollama.com, then pull models:
Install Ollama first, then run the AppImage or deb:
AppImage won't launch: sudo apt install libfuse2
Run on a server and access via browser:
Open http://your-server-ip:8000. See DOCKER.md in the repo for full details.
An Onboarding Wizard walks you through use case → model setup → quick-start tips. After that, choose:
HARBOUR-XXXX-XXXX-XXXX-XXXX keyThe first registered user becomes admin.
Toggle agents on/off in the left panel. Add custom agents with + AGENT or install from 🛒 MARKET.
All agents know your name and today's date automatically — no manual context needed.
| BUTTON | WHAT IT DOES |
|---|---|
| 📋 TMPLT | Templates + sector pack installer |
| 💾 BACKUP | Save a timestamped zip of all data |
| 📚 RAG | Per-session document upload |
| 🧩 PLUGINS | Plugin manager |
| ⏱ SCHED | Scheduled tasks |
| 🔌 API | REST API key management |
| + AGENT | Create a custom agent |
| 🛒 MARKET | Agent marketplace (67 agents, 9 categories) |
| 📄 DOCS | AI-filled UK document templates, exported as DOCX |
| 🎙 MEETING | Record, transcribe, summarise meetings |
| ⚡ FLOW | Chain agents into automated pipelines |
| ⚖ ANALYSE | Contract comparison + compliance checker |
| 🛡 AUTOPILOT | Real-time compliance scanning on every response |
| 📊 DATA | Upload CSV/XLSX, ask questions |
| Analyse, reply, summarise, compliance-check, or ghost-write emails in your own voice | |
| 🔍 SEARCH | Full-text search across all conversations |
| 🏛 KB | Company Knowledge Base (persistent RAG, always-on) |
| ⏰ REPORTS | Scheduled EMMA reports |
| JOBS | Background job queue |
| 🧠 MEM | Agent memory panel |
| 📝 PROMPTS | Prompt library |
| 🔀 AUTO | Auto-route messages to the best agent |
| ROUTE | Custom routing rules |
| 🤖 MDL | Model management + AI provider |
| 👥 TEAM | Team usage (Business licence) |
| 📋 REVIEW | Assigned session review queue |
| 🔌 INTEGRATIONS | Email, Teams, and Calendar connections |
| ❓ HELP | Keyboard shortcuts + feature reference |
| ⚙ ADMIN | Admin dashboard |
docker run -d -p 8080:8080 searxng/searxngClick 🔌 INTEGRATIONS in the toolbar. Three tabs:
Connect any IMAP mailbox. Enter host, port, username, app password → SAVE EMAIL CONFIG → FETCH to load inbox. Everything processed locally.
imap.outlook.com:993 · SMTP smtp.office365.com:465imap.gmail.com:993 · SMTP smtp.gmail.com:465 (use an App Password)Paste an incoming webhook URL from your Teams channel (Channel → Connectors → Incoming Webhook) → SAVE TEAMS CONFIG. Agents can then post summaries and alerts directly to your channel.
Paste an ICS URL (Google Calendar, Outlook, Apple iCal) → SAVE & LOAD TODAY. EMMA fetches today's events for your morning briefing.
EMMA learns how you write emails — your tone, vocabulary, greeting style, sign-off, sentence length — and drafts new emails that sound like you wrote them. Open ✉ MAIL → 👻 GHOST.
Paste 2–5 emails you have actually written into the training box. Separate each email with --- on its own line. Click 🧠 TRAIN EMMA. EMMA analyses your samples and saves a style profile — this only needs to be done once.
Click 👻 GHOST-WRITE EMAIL. EMMA writes the complete email — subject line, greeting, body, sign-off — matching your style.
Your style profile is saved permanently. Click RETRAIN to replace it with new samples (useful if your style has changed or you want to train for a different context). The style summary is visible at the top of the draft form so you can verify EMMA understood your voice correctly.
EMMA panel → ☀ MORNING BRIEFING → toggle ON → set time → SAVE. Each morning EMMA pulls together today's calendar, unread emails, and a key priority. The briefing appears as a pink banner on open. Dismiss with ✕.
Click ▶ RUN NOW for an immediate briefing at any time.
Fifteen minutes before each calendar event, EMMA automatically reads your Company Knowledge Base, Company Brain, and memories for anything relevant to that meeting — then delivers a sharp, contextual brief as an Always-On alert. EMMA panel → 📅 MEETING PRE-BRIEF → toggle ON.
Requires a calendar ICS URL connected under 🔌 INTEGRATIONS → Calendar. EMMA checks every 5 minutes and fires a brief for each event starting within the next 5–20 minutes.
Click ▶ RUN NOW to immediately generate a brief for any event in the next 2 hours — useful before an unplanned call or to test your setup.
Briefs appear as purple alerts in the 🤖 ALWAYS-ON alerts tab. Each event is only briefed once per session to avoid duplicates.
Click 🛡 AUTOPILOT (turns green). Select a framework:
After each agent response, HARBOUR AI scans it async. If an issue is found, a coloured banner shows the risk level (LOW / MEDIUM / HIGH) and specific findings. Zero impact on response speed.
⏰ REPORTS → + NEW REPORT. Set agent, prompt, schedule (daily / weekly / monthly), and optional email recipient. Click ▶ RUN NOW for an immediate one-off. Results saved and viewable inline.
🔀 AUTO (turns purple) routes each message to the best agent automatically. Built-in rules:
| CONTENT DETECTED | ROUTES TO |
|---|---|
| Legal, contracts, GDPR, compliance | JADE |
| Finance, VAT, HMRC, invoices | BELLA |
| Code, SQL, APIs, debug | ELLIE |
| Research, data, analysis | SAPPHIRE |
| HR, employment, disciplinary | BELLA |
Custom rules: click ROUTE → add keyword + target agent. Custom rules run first.
🏛 KB → upload PDF, DOCX, TXT, or Markdown. All agents reference it automatically in every conversation. Upload and delete require Power User or Admin role.
🧠 MEM → add facts agents recall in every conversation. Examples: "I'm a solicitor specialising in employment law", "Always reply in formal British English". On Business licences, scope facts to PERSONAL or TEAM.
/remember <fact> in the chat input to save anything directly to memory.All three methods write to the same store and take effect on the next message.
📋 TMPLT → Sector Packs — installs templates, prompts, and UK law memory facts in one click:
| PACK | FOCUS |
|---|---|
| ⚖ Legal | Contracts, employment law, GDPR, TUPE, DSAR |
| 💼 Accountancy | VAT, corporation tax, MTD, R&D credits |
| 👥 HR | Disciplinary, redundancy, flexible working, TUPE |
| 🎓 Education | KCSIE 2023, SEND/EHC, Ofsted EIF 2023 |
| 🏥 Healthcare | CQC SAF, NHS DSPT, Mental Capacity Act, Care Act s.42 |
✉ MAIL → paste the email → select a task → ▶ RUN:
Click ↓ TXT to save the result.
📊 DATA → upload CSV or XLSX → optional question → ▶ ANALYSE DATA. Returns insights, trends, anomalies, data quality issues, and recommendations. Fully offline.
⚖ ANALYSE:
Frameworks: UK GDPR · ICO Children's Code · FCA Consumer Duty · UK Employment Law · KCSIE 2023 · CQC Fundamental Standards. Both tools support ↓ MD export.
📄 DOCS → select a template → describe the parties and situation → GENERATE & DOWNLOAD DOCX.
Built-in templates: NDA · Letter Before Action · Employment Offer Letter · Client Engagement Letter · Employee Written Warning.
🎙 MEETING → START RECORDING → hold your meeting → STOP RECORDING. Transcribed locally via Whisper. EMMA produces: attendees, key points, decisions, action items (owner + deadline), follow-ups. Export via ↓ MD.
When a meeting recording ends, EMMA automatically extracts every action item and follow-up email from the transcript — no manual review needed. The ✅ ACTIONS toolbar button shows a live count of pending actions.
Click ✅ ACTIONS to open the panel. Each action shows: task, meeting title, owner, and deadline. Click ✓ DONE to dismiss it once complete.
Email-type actions have a 👻 DRAFT FOLLOW-UP EMAIL button. EMMA writes the complete email using your M1 voice profile if trained, or professional UK English if not. Copy to clipboard or download as TXT.
You can also paste any transcript into POST /meeting-actions/extract via the API to extract actions without going through the recording flow.
Screen Memory gives EMMA ambient awareness of your workday. Every few minutes, HARBOUR AI captures the title of your active window and stores it locally. EMMA silently includes your recent activity in every conversation — so when you ask for help, she already knows the context.
EMMA panel → 🖥 SCREEN MEMORY → toggle ON. Everything stays in local SQLite. Nothing ever leaves your machine.
Chrome — Johnson Contract v3 — Google Drive)Click VIEW next to the toggle to open the recall panel. From here you can:
Screen Memory is disabled by default and must be explicitly enabled. HARBOUR AI filters out its own window from captures. The full activity log is visible at any time — there are no hidden captures. This is the privacy-first version of what Microsoft Recall attempted: local-only, opt-in, fully auditable.
⚡ FLOW → + NEW → add steps (agent + prompt, use {{input}} for previous output) → SAVE. To run: select the workflow, enter starting text, click ▶ RUN WORKFLOW. Export as MD.
🔍 OCR → upload an image or use the webcam. HARBOUR AI preprocesses the image and runs Tesseract OCR locally. Edit the extracted text, then click SEND TO EMMA ▶.
Requires Tesseract:
sudo apt install tesseract-ocr⚙ ADMIN → SESSIONS — assign any session to an admin or power user. Assignees view their queue via 📋 REVIEW and read the full conversation inline.
Install from browser_extension/ in the repo (Chrome / Edge, Manifest V3):
chrome://extensions, enable Developer Modebrowser_extension/Select text on any page → ⚓ Ask HARBOUR button appears. Right-click for context menu options. Set auth token and default agent in the popup ⚙ SETTINGS tab.
ip addr on Linux, ipconfig on Windows)mobile/: npm install && npx expo starthttp://192.168.1.x:8000, sign inFeatures: browse sessions, read history, send messages to EMMA with live streaming. 2FA fully supported. Phone and HARBOUR AI machine must be on the same Wi-Fi network (or backend reachable via VPS).
Click the 👥 icon next to a session name → share the session ID with a colleague → they join via the same icon on their instance. All messages broadcast in real time. Requires Business licence.
⚙ Settings → MCP Servers → add a server:
| TRANSPORT | USE CASE |
|---|---|
| stdio | Local subprocess (filesystem, git, etc.) |
| http | Remote server over HTTP/SSE |
| streamable-http | Modern hosted MCP services |
Tools auto-inject into EMMA at connection time.
Defaults to Ollama. To connect LM Studio, vLLM, or any OpenAI-compatible API: 🤖 MDL → AI PROVIDER → set type, base URL, optional API key → TEST → SAVE. Admin only.
Anthropic Claude — select type Anthropic, enter your API key, click SAVE. Recommended models: claude-sonnet-4-6 (fast, balanced), claude-opus-4-7 (most capable).
Per-agent provider routing — each agent can use a different provider independently. 🤖 MDL → PER-AGENT PROVIDER → click any agent to expand → set type, API key, optional model override → SAVE. Classic setup: EMMA on Claude API, the four squad agents on local Ollama. Set to Global to revert an agent to the global provider. Changes take effect immediately.
Connect a local AUTOMATIC1111 instance (./webui.sh --api --nowebui), then 🤖 MDL → 🖼 IMAGE GENERATION → set URL → TEST → SAVE → enable ON. Ask naturally — "generate an image of...", "/imagine ...". Renders inline in chat.
🔐 2FA → ENABLE 2FA → scan QR code in your authenticator app → enter 6-digit code → ACTIVATE 2FA. On login, a second screen prompts for the current TOTP code. To disable, enter a valid code and click DISABLE 2FA.
Shared memories, shared prompt library (TEAM badge), session review queue, and 👥 TEAM panel (member activity, 7-day usage histogram, per-member favourite agents). Power User role can manage the Knowledge Base and review assigned sessions. Admins promote/demote via ⚙ ADMIN → Users.
Requires Enterprise licence. Configure via ⚙ ADMIN → SSO:
Users auto-provisioned on first SSO login.
⚙ ADMIN → tabs: Users · Sessions · Stats · Analytics · Logs · Audit · PII · Branding · Reseller · SSO · Model Cache · Quotas.
HARBOUR-RSL key, generate HARBOUR-CL client keys, track activationsAdmins can set per-user message limits via ⚙ ADMIN → Quotas.
Enable via ⚙ ADMIN → PII → toggle ON. Every incoming chat message is scanned for 11 UK PII types before reaching any AI model. Matched values are replaced with [REDACTED:TYPE].
| PII TYPE | EXAMPLE |
|---|---|
| NHS Number | 123 456 7890 |
| National Insurance | AA 12 34 56 A |
| UK Postcode | SW1A 1AA |
| UK Phone | 07700 900000 |
| Email Address | name@company.co.uk |
| Credit Card | 4111 1111 1111 1111 |
| Sort Code | 20-00-00 |
| Bank Account | 12345678 |
| Date of Birth | 01/01/1980 |
| Passport Number | A1234567 |
| Driving Licence | SMITH801011AB9IJ |
Every redaction event is logged. The PII admin tab shows total events, total items redacted, breakdown by type, and full event history. Off by default; non-blocking — messages are never dropped on detection failure.
Every logged action is cryptographically chained — any tampering is immediately detectable.
prev_hash|timestamp|user_id|action|content_hashGENESIS — creating an unbroken chain from day oneWhat is logged: every chat interaction · login success and failure (with originating IP) · admin user actions (disable, enable, delete, reset password, change role) · PII setting changes.
Verify the chain: go to ⚙ ADMIN → Audit → VERIFY CHAIN. HARBOUR AI re-walks the full log from GENESIS and either confirms all entries are intact or reports the exact entry ID where the chain breaks.
Export the full log as CSV at any time for offline archiving or ICO evidence packs.
A pre-configured hardware appliance for organisations needing zero-setup, air-gapped AI with no IT involvement.
| TIER | PRICE | USERS |
|---|---|---|
| Solo Box | £149 | 1 user |
| Team Box | £499 | Up to 10 users |
| Enterprise Box | POA | Unlimited |
HARBOUR_APPLIANCE_MODE=true in the environmentEarn 20% commission per sale. Go to harbour-ai.co.uk/refer, enter your licence key, get your personal REF-XXXXXX link.
All data stored locally in ~/.harbour-ai/ (Linux) or C:\Users\<name>\.harbour-ai\ (Windows). No telemetry, no cloud, no crash reporting. Passwords hashed PBKDF2-SHA256 (260,000 iterations). JWT sessions with 7-day expiry. Delete everything by removing the ~/.harbour-ai/ folder.
Full compliance statement: harbour-ai.co.uk/gdpr
| SHORTCUT | ACTION |
|---|---|
| Enter | Send message |
| Shift+Enter | New line |
| Ctrl+/ or Ctrl+K | Focus message input |
| Ctrl+1–4 | Toggle BELLA / SAPPHIRE / JADE / ELLIE |
| Ctrl+E | Toggle EMMA |
| Ctrl+D | Toggle debate mode |
| Ctrl+Shift+H | EMMA Quick Ask overlay (works from any app) |
| PROBLEM | FIX |
|---|---|
| Windows Firewall prompt | Click Allow |
| Agents not responding | Run ollama serve |
| Model missing | Run ollama pull llama3.1 |
| AppImage won't launch (Linux) | sudo apt install libfuse2 |
| Slow responses | Close other apps, add a GPU |
| Backend log (Linux) | ~/.harbour-ai/backend-startup.log |
| Log location (Windows) | C:\Users\<name>\.harbour-ai\harbour-ai.log |
| Extension not connecting | Ensure HARBOUR AI is running on localhost:8000 |
| OCR: Tesseract not found | Linux: sudo apt install tesseract-ocr · Windows: UB-Mannheim installer |
EMMA reads every inbound client email daily and scores the relationship — Positive, Neutral, At-Risk, or Churning — using a local language model. Results are stored in the Company Brain. A weekly digest surfaces any At-Risk or Churning relationships so you can act before the client leaves.
SETUP — In HARBOUR AI settings, connect your email account under Integrations → Email. Enable Client Sentiment Monitor. EMMA will scan inbound mail each morning and update sentiment scores. You can also run a manual scan from the Sentiment panel in the dashboard.
| SCORE | MEANING | RECOMMENDED ACTION |
|---|---|---|
| Positive | Client is satisfied and engaged | No action required |
| Neutral | Relationship is stable but passive | Schedule a check-in call |
| At-Risk | Dissatisfaction signals detected | Contact within 48 hours |
| Churning | Strong indicators of departure intent | Escalate to senior contact immediately |
Knowledge Base entries that have not been reviewed or updated for a configurable number of days are flagged as stale. EMMA sends a weekly digest listing every stale entry with its age and the person who created it. This ensures your Company Brain stays accurate as your business evolves.
CONFIGURE — In Settings → Knowledge Base, set the decay threshold (default 90 days). EMMA will flag any entry older than the threshold in the weekly Decay Digest email. Click any flagged entry in the digest to open it directly in HARBOUR AI for review.
Every AI output in the dashboard can be checked against NHS Data Security and Protection Toolkit standards in real time. Non-compliant outputs are flagged inline before they leave the system. The check runs locally — no data transmitted to any cloud service.
ENABLE — In Settings → Compliance, toggle NHS DSPT Mode on. When active, a DSPT badge appears on every AI response. Green = compliant. Red = flag, with the specific standard referenced and a plain-English explanation of the issue.
| DSPT AREA | WHAT EMMA CHECKS |
|---|---|
| Data handling | PII not included in outputs sent to non-authorised parties |
| Access controls | Role-appropriate data returned per logged-in user |
| Audit trail | All DSPT-related queries logged with timestamp and user |
| Data minimisation | Responses contain only the minimum data required |
The British National Formulary drug interaction database, offline and embedded within EMMA. Enter any combination of drugs and EMMA flags interactions by severity — HIGH, MEDIUM, LOW — with the clinical effect and a plain-English explanation. No data leaves your device.
USAGE — Open the BNF Drug Checker panel. Type drug names one at a time. Click Check Interactions. Results display immediately. Each result shows: Drug A + Drug B, interaction severity, clinical effect, and management recommendation sourced from the BNF database.
| SEVERITY | MEANING | COLOUR |
|---|---|---|
| HIGH | Potentially life-threatening — avoid combination | Red |
| MEDIUM | Clinically significant — monitor closely | Amber |
| LOW | Minor interaction — note in records | Yellow |
| NONE | No known interaction | Green |
EMMA guides care providers through a structured CQC self-assessment against the five key questions: Safe, Effective, Caring, Responsive, and Well-led. Answers are saved to the Company Brain. EMMA produces a formatted self-assessment report ready for submission or internal governance review.
USAGE — Open the CQC Self-Assessment panel. Select the assessment area. EMMA presents each question with the rating scale and guidance notes. Complete all sections. Click Generate Report to export a formatted PDF or DOCX of the completed assessment.
Before onboarding any new client, run a conflict check across your entire Company Brain — every conversation, document, and relationship EMMA has indexed. Returns CLEAR, POTENTIAL CONFLICT, or CONFLICT, with specific matches and an explanation. Every check is logged with a timestamp for your compliance records.
USAGE — Open the SRA Conflict Check panel. Enter the prospective client name and matter description. Click Run Conflict Check. EMMA searches the Company Brain for any existing matter involving adverse parties, related entities, or conflicting interests. Results include matched source documents for review.
| RESULT | MEANING | REQUIRED ACTION |
|---|---|---|
| CLEAR | No conflicts detected | Log result and proceed |
| POTENTIAL CONFLICT | Possible conflict — requires review | Refer to supervising partner |
| CONFLICT | Conflict confirmed | Decline matter or obtain informed consent per SRA Code |
EMMA fills N1 (money claim), ET1 (employment tribunal), and N244 (application notice) from a plain-English description of the matter. Every required field is mapped automatically. Exports as DOCX ready for review and filing.
USAGE — Open the Court Form Auto-Fill panel. Select the form type. Describe the matter in plain English — claimant, defendant, amount claimed, basis of claim. Click Generate. EMMA fills all fields. Review, edit if required, then export as DOCX.
| FORM | USE | COURT |
|---|---|---|
| N1 | Money claim (contract, debt, damages) | County Court / High Court |
| ET1 | Employment tribunal claim | Employment Tribunal |
| N244 | Application notice (injunctions, stays, amendments) | County Court / High Court |
EMMA reads your transactions from connected accounting software, groups them by VAT category, and populates the nine MTD VAT return boxes automatically. Reviews flagged items before submission. Exports the completed return as a CSV for your bridging software or accountant.
USAGE — Open the MTD VAT panel. Select the VAT period. EMMA retrieves transactions from your connected accounting integration. Review the categorised summary. Address any flagged items. Click Export CSV to get the bridging-ready file.
| BOX | DESCRIPTION |
|---|---|
| Box 1 | VAT due on sales and outputs |
| Box 2 | VAT due on acquisitions from EC member states |
| Box 3 | Total VAT due (Box 1 + Box 2) |
| Box 4 | VAT reclaimed on purchases and inputs |
| Box 5 | Net VAT to pay or reclaim |
| Box 6 | Total value of sales and outputs (excluding VAT) |
| Box 7 | Total value of purchases and inputs (excluding VAT) |
| Box 8 | Total value of supplies to EC member states |
| Box 9 | Total value of acquisitions from EC member states |
EMMA generates scheduled compliance reports — weekly, monthly, or quarterly — covering GDPR obligations, regulatory deadlines, outstanding actions, and audit trail summaries. Reports are exported as formatted PDFs and emailed to configured recipients automatically.
CONFIGURE — In Settings → Reports, click New Compliance Report. Select report type (GDPR, Sector Compliance, Audit Summary), schedule (weekly / monthly / quarterly), and recipients. EMMA will generate and deliver reports on schedule, with no manual intervention required.
EMMA monitors GOV.UK, the ICO, FCA, CQC, SRA, and other configured regulatory bodies for new guidance, consultations, and legislative changes. When a relevant update is detected, EMMA generates a plain-English summary and adds a compliance action item to your dashboard.
CONFIGURE — In Settings → Regulatory Watch, select the bodies relevant to your sector. EMMA checks for updates daily and alerts you via dashboard notification and email digest. Each alert includes: source, publication date, plain-English summary, and recommended action.
EMMA models your cash position week by week for the next 90 days using real outstanding invoices, historical payment patterns, and recurring costs from your connected accounting software. An Always-On alert fires when your projected runway drops below your configured threshold.
SETUP — Connect an accounting integration (Xero, QuickBooks, FreeAgent) in Settings → Integrations. In the Cash Flow panel, set your minimum cash threshold (e.g. £10,000). EMMA will run a 90-day projection each morning and alert you if the runway forecast drops below the threshold at any point in the window.
| VIEW | DESCRIPTION |
|---|---|
| Weekly forecast | Projected cash balance for each of the next 13 weeks |
| Invoice pipeline | Expected receipts from outstanding invoices by due date |
| Recurring outgoings | Known recurring costs (rent, payroll, subscriptions) modelled forward |
| Threshold alert | Red line on chart showing your minimum threshold — alerts when forecast crosses it |
EMMA sends polite, escalating payment reminders automatically — polite at due date, firm after 14 days, formal at 30 days. Tone adjusts per client relationship. Stops the moment payment is received. Every chase is logged to the Company Brain.
CONFIGURE — In the Invoice Chaser panel, connect your accounting integration. Set escalation intervals and default tone per client tier. EMMA will monitor outstanding invoices and send chases automatically. You can preview and edit any chase before it is sent, or set to fully automatic mode.
| STAGE | TIMING | TONE |
|---|---|---|
| Reminder 1 | Due date | Polite — "just a reminder" |
| Reminder 2 | 14 days overdue | Firm — "please arrange payment" |
| Reminder 3 | 30 days overdue | Formal — "final notice before action" |
| Stopped | On payment receipt | Automatic — EMMA detects payment and halts sequence |
EMMA scans your conversations, commits, and documents for HMRC-qualifying R&D activity — technical uncertainty, systematic investigation, advance in science or technology. Estimates the credit value and drafts the technical narrative for your accountant to submit.
USAGE — Open the R&D Tax Credit panel. Set the accounting period. EMMA scans the Company Brain for qualifying activity. Review the identified activities. EMMA produces: a list of qualifying projects with evidence references, an estimated SME credit value, and a draft technical narrative document ready for your accountant.
| HMRC QUALIFYING CRITERION | HOW EMMA IDENTIFIES IT |
|---|---|
| Advance in science or technology | Novel technical approach identified in conversations and documents |
| Technical uncertainty | Problem-solving language detected — "we didn't know if", "we had to test whether" |
| Systematic investigation | Iterative development, testing, and revision patterns in Company Brain |
| Field of science / technology | Domain classification applied to identified qualifying work |
EMMA monitors competitor pricing pages, job boards, and Companies House filings on a schedule. Hiring patterns reveal revenue direction. Companies House filings reveal financial health. Together they produce a quarterly pricing recommendation with specific evidence.
CONFIGURE — In the Pricing Intelligence panel, add competitor names and URLs. EMMA will check them on your chosen schedule (weekly / monthly). Each cycle produces a competitor snapshot and a pricing recommendation based on market positioning, competitor financial signals, and your current pricing.
@EMMA lives in your Slack workspace or Microsoft Teams. Team members ask questions, get Company Brain lookups, and run research — all processed on your local HARBOUR AI instance. Slack and Teams only relay the message text. No AI processing happens in their cloud.
SETUP — In Settings → Integrations → Slack Bot, click Connect Slack. Authorise the HARBOUR AI app in your workspace. EMMA will appear as @emma. In Microsoft Teams, install the HARBOUR AI Teams app from the manifest. Once installed, @mention EMMA in any channel or message her directly.
| COMMAND | DESCRIPTION |
|---|---|
| @emma ask [question] | Ask EMMA a question — searches Company Brain and web |
| @emma lookup [topic] | Retrieve a specific Knowledge Base entry |
| @emma summarise [URL] | Summarise a web page or document |
| @emma brief | Deliver today's morning briefing to the channel |
Embed EMMA on any website using a single script tag. Visitors chat with a customisable AI assistant backed by your Company Brain. All processing runs on your local HARBOUR AI instance — visitor conversations never touch a third-party AI cloud.
SETUP — In Settings → Widget, configure the widget: name, greeting message, colour scheme, and which Knowledge Base collections EMMA can access. Copy the embed snippet. Paste it before the closing </body> tag on your site. The widget appears immediately.
Expose HARBOUR AI as a developer API. Issue hbr_ prefixed API keys, set monthly request quotas, and receive HMAC-signed webhooks when events fire. As of v1.0.121 the API covers 10 endpoints across chat, Company Brain, agents, workflows, document generation, and data analysis.
SETUP — In the API panel, click Generate Key. Set a label. The key is shown once — copy and store it securely. All requests must include the header: X-API-Key: hbr_your_key. Developer tier: £49/month, 10,000 requests/month. Usage and remaining quota visible in the KEYS tab.
| METHOD | ENDPOINT | DESCRIPTION |
|---|---|---|
| POST | /api/v1/chat | Send a message to EMMA — returns a text response |
| GET | /api/v1/usage | Check token usage and remaining quota for the current key |
| GET | /api/v1/brain/stats | Entity and relation counts from the Company Brain |
| POST | /api/v1/brain/ask | Query the Company Brain with a natural language question |
| POST | /api/v1/brain/ingest | Ingest text — EMMA extracts entities and relations in the background |
| GET | /api/v1/agents | List all available agents (name, persona, model) |
| POST | /api/v1/agents/{agent_id}/chat | Chat with a specific named agent by ID |
| POST | /api/v1/workflows/{wf_id}/run | Run a multi-step workflow with an initial input string |
| POST | /api/v1/doc/generate | Fill a document template from plain-English context — returns text content |
| POST | /api/v1/analyse | Analyse CSV data with a natural language question — returns structured analysis |
Webhooks: register a URL to receive signed events. HARBOUR AI sends HMAC-SHA256 signed POSTs with the X-HARBOUR-Signature header. Events: chat.completed, brain.asked, workflow.completed, doc.generated.
License the HARBOUR AI engine to other software companies. They ship "AI by HARBOUR" to their users under their brand. Configure the brand name, logo, colour scheme, and feature set exposed. Revenue share applied per active seat in their deployment.
ACCESS — White-Label Engine is an Enterprise tier feature. Contact HARBOUR AI to discuss licensing terms. Once configured, you receive a white-label build with your partner's branding applied throughout. The partner's users see their product; you receive a per-seat revenue share monthly.
Post a role, upload CVs, and EMMA scores every candidate against your job description (0–100) — ranked Strong Yes, Yes, Maybe, or No — with specific strengths, weaknesses, and tailored interview questions per CV. Automated acknowledgement emails sent. Everything logged to the Company Brain.
USAGE — Open the Hiring Assistant panel. Paste your job description. Upload CVs (PDF or DOCX, up to 50 at a time). Click Score Candidates. EMMA produces a ranked shortlist. Click any candidate to see their full scorecard and suggested interview questions. Click Send Acknowledgements to dispatch automated replies to all applicants.
| RATING | SCORE RANGE | MEANING |
|---|---|---|
| Strong Yes | 80–100 | Meets or exceeds all key criteria |
| Yes | 60–79 | Meets most criteria — worth interviewing |
| Maybe | 40–59 | Partial match — consider if shortlist is thin |
| No | 0–39 | Does not meet key criteria |
EMMA synthesises everything she monitors — email sentiment, cash flow, compliance flags, at-risk clients, regulatory changes, competitor moves — into a single weekly health score (0–100) across five domains: Finance, Compliance, Operations, Clients, and Knowledge.
USAGE — The Company Health Dashboard is available from the main navigation. It updates automatically every Monday morning. Click any domain to drill into the contributing signals. The overall score is a weighted average of the five domain scores. A score below 60 triggers a priority alert.
| DOMAIN | WHAT IT MEASURES |
|---|---|
| Finance | Cash position, overdue invoices, R&D credits identified |
| Compliance | Outstanding regulatory actions, audit trail health, GDPR status |
| Operations | Workflow completion rate, agent availability, integration health |
| Clients | Sentiment scores, at-risk count, churn risk flags |
| Knowledge | Knowledge Base freshness, stale entry count, coverage gaps |
Ask EMMA "What if we lose our biggest client?" and she models the financial and operational impact using your actual Company Brain data. Revenue and cost change percentages, cash position impact, headcount effect, key risks with likelihood ratings — all from your real business data, entirely offline.
USAGE — Open the Business Simulation panel. Type your scenario in plain English (e.g. "What if we hire 3 developers next quarter?" or "What if our largest client churns?"). Click Simulate. EMMA analyses the Company Brain for relevant data and produces a structured scenario report with financial impact, operational risks, and recommended mitigations.
Lock the interface to a role-specific panel set. A nurse sees only DSPT-compliant clinical tools. A receptionist sees only PHONE and RECEPTIONIST panels. Configured by admin per role, applied per user — the employee never sees what is hidden.
CONFIGURE — In Admin → Kiosk Mode, create a role profile. Select which panels are visible for that role. Assign the profile to user accounts. When those users log in, they see only their configured panel set — the sidebar is locked and the settings panel is hidden. To exit Kiosk Mode, an admin must log in with admin credentials.
| EXAMPLE ROLE | PANELS SHOWN |
|---|---|
| Receptionist | PHONE, RECEPTIONIST, MEETING ASSISTANT |
| Clinical staff | BNF CHECKER, DSPT COMPLIANCE, MEETING ASSISTANT, KNOWLEDGE BASE |
| Finance team | CASH FLOW, INVOICE CHASER, MTD VAT, R&D TAX |
| HR team | HIRING ASSISTANT, HEALTH DASHBOARD, COMPLIANCE REPORTS |
Configure EMMA as a named director of your company. She attends every meeting via transcript, monitors every regulatory deadline, and produces a monthly board pack automatically — P&L narrative, risk register with owners and mitigations, action tracker, KPIs, forward look — exported as DOCX and emailed to the board.
CONFIGURE — In Settings → AI Director, set EMMA's director name (e.g. "EMMA HARBOUR"), the board email list, and the monthly report date. Enable Meeting Attendance to have EMMA process every meeting transcript. The board pack is generated on the configured date each month and emailed as a formatted DOCX attachment. An in-app preview is also available in the Director panel.
| BOARD PACK SECTION | CONTENT |
|---|---|
| Executive Summary | One-page narrative of the month — wins, concerns, key decisions |
| P&L Narrative | Revenue, costs, and margin with EMMA's commentary on variances |
| Risk Register | Active risks, likelihood ratings, owners, and mitigation status |
| Action Tracker | Outstanding actions from all meetings, with owner and due date |
| KPI Dashboard | Key metrics against targets — sourced from Company Brain data |
| Forward Look | Upcoming regulatory deadlines, renewals, and strategic milestones |
Navigate to COMPLIANCE › IR35. HARBOUR guides you through 15 HMRC-aligned questions across six assessment areas: Substitution, Control, Mutuality of Obligation, Financial Risk, Integration, and Business on Own Account. EMMA returns a determination — Inside, Outside, or Borderline — with a confidence rating, key factors on both sides, and a recommended action plan. All assessments are saved with full reasoning.
| ASSESSMENT AREA | QUESTIONS |
|---|---|
| Substitution | Can the worker send a substitute? Has substitution occurred? |
| Control | Who controls when/where/how work is done? |
| Mutuality of Obligation | Is there obligation to offer or accept work? |
| Financial Risk | Does the worker bear business risk? Quote-based pricing? |
| Integration | Part of the client's organisational structure? |
| Business on Own Account | Multiple clients? Own equipment? Business presence? |
Navigate to TAX › MTD ITSA. Enter quarterly self-employment income and allowable expenses. HARBOUR calculates your full tax estimate using 2025–26 rates and saves the submission to the quarterly log.
| TAX COMPONENT | 2025–26 RATE |
|---|---|
| Personal Allowance | £12,570 |
| Basic Rate Income Tax | 20% (£12,570 – £50,270) |
| Higher Rate Income Tax | 40% (£50,270 – £125,140) |
| Additional Rate | 45% (above £125,140) |
| Class 4 NI (lower) | 9% (£12,570 – £50,270) |
| Class 4 NI (upper) | 2% (above £50,270) |
| Class 2 NI | £3.45/week |
Navigate to COMPLIANCE › DSAR. Log an incoming Data Subject Access Request with the subject's name and email and the date received. HARBOUR auto-calculates the 30-day statutory deadline, searches the Company Brain, knowledge base, and inbox for all data held on that individual, and generates a compliant response letter.
| STATUS | MEANING |
|---|---|
| open | Received, not yet actioned |
| in_progress | Search underway |
| complete | Response sent within deadline |
| rejected | Request refused with documented reason |
| extended | 30-day extension applied (complex request) |
Navigate to CONTRACTS › RENEWALS. Paste contract text and EMMA extracts: contract name, counterparty, start/end dates, renewal date, notice period, auto-renewal flag, and annual value. Contracts inside the notice window are flagged based on urgency.
| ALERT LEVEL | CONDITION |
|---|---|
| Critical | Notice deadline is 0–7 days away |
| Warning | Notice deadline is 0–30 days away |
| OK | More than 30 days until notice deadline |
Navigate to TOOLS › REDACT. Paste any text to remove personal data in two passes: a fast regex sweep followed by a local LLM PII sweep. All processing stays on your machine.
| ENTITY TYPE | REGEX OR LLM | PLACEHOLDER |
|---|---|---|
| NI Number | Regex | [NI_NUMBER] |
| NHS Number | Regex | [NHS_NUMBER] |
| Email Address | Regex | [EMAIL] |
| UK Phone | Regex | [PHONE] |
| UK Postcode | Regex | [ADDRESS] |
| Sort Code | Regex | [BANK_DETAILS] |
| Full Name | LLM | [NAME] |
| Date of Birth | LLM | [DATE_OF_BIRTH] |
| Card Number | LLM | [CARD_NUMBER] |
| IP Address | LLM | [IP_ADDRESS] |
Batch mode: POST to /redact/batch with an array of up to 50 strings. Redaction log viewable at GET /redact/log.
Navigate to EDUCATION › OFSTED. Answer seven questions per domain across the four EIF inspection areas. EMMA returns a readiness score out of 10, evidence gaps, and recommended actions. Sessions are saved for comparison.
| EIF DOMAIN | QUESTIONS |
|---|---|
| Quality of Education | 7 |
| Behaviour and Attitudes | 7 |
| Personal Development | 7 |
| Leadership and Management | 7 |
Navigate to CLINICAL › GP REFERRAL. Select specialty and urgency, enter the clinical summary. EMMA generates a DSPT-compliant NHS referral letter. Patient names are never stored — only specialty, urgency, age, and sex are retained for audit.
| URGENCY LEVEL | USE CASE |
|---|---|
| Routine | Non-urgent, standard pathway |
| Urgent | Clinically significant, needs prompt review |
| Two Week Wait | Cancer pathway referral (18-day target) |
| Emergency | Same-day / 999 handover |
Navigate to CARE › CARE PLAN. Enter the resident/service user ID, care setting, and assessment notes. EMMA generates a person-centred care plan across all five CQC domains. Plans are versioned — each review creates a new linked document.
| CQC DOMAIN | COVERAGE |
|---|---|
| Physical | Health conditions, medications, mobility, continence |
| Emotional | Mental health, wellbeing, psychological support needs |
| Social | Family, relationships, social activities, community |
| Cognitive | Memory, orientation, communication, capacity |
| Spiritual | Faith, beliefs, cultural identity, meaningful activities |
Navigate to CHARITY. Four tools built for the charity sector, all SORP FRS 102 aligned.
| TOOL | OUTPUT |
|---|---|
| Annual Return | Trustees' Annual Report narrative for Charity Commission submission |
| Gift Aid | R68-style claim summary — 25p reclaimable per £1 of eligible donation |
| Impact Report | Donor-facing public impact report with outcomes, numbers, and testimonials |
| Board Pack | Full trustee meeting pack: agenda, action tracker, risk register, decisions |
Navigate to SETTINGS › VOICE. Transcribe audio locally with Whisper — no audio leaves the machine. Supports WAV, MP3, M4A, OGG, WEBM up to 25 MB. EMMA responds in concise, TTS-ready language.
Install Whisper: pip install openai-whisper or pip install faster-whisper. espeak TTS: sudo apt install espeak or pip install pyttsx3.
| ENDPOINT | PURPOSE |
|---|---|
| GET /voice/status | Check Whisper and TTS availability |
| POST /voice/transcribe | Upload audio file → text transcript |
| POST /voice/respond | Generate concise EMMA response from transcript |
| GET/POST /voice/config | Wake word, TTS voice, speed, language |
| GET /voice/sessions | Session log with transcripts and responses |
Navigate to TOOLS › TRANSLATE. 37 languages translated by the local LLM — no data sent to Google Translate, DeepL, or any external API. Welsh, Irish Gaelic, and Scottish Gaelic supported.
| MODE | LIMIT | USE CASE |
|---|---|---|
| POST /translate | 10,000 chars | Documents, emails, messages |
| POST /translate/document | 100,000 chars | Long reports — auto-chunked by paragraph |
| POST /translate/batch | 50 strings | UI localisation, form labels |
Navigate to TOOLS › CODE REVIEW. Paste code and select the language. EMMA reviews across seven categories with severity ratings and an overall score out of 10.
| CATEGORY | WHAT IT CHECKS |
|---|---|
| Security | Injection, hardcoded credentials, XSS, CSRF, exposed secrets |
| Bugs | Logic errors, null risks, race conditions, type mismatches |
| Performance | O(n²) algorithms, N+1 queries, memory leaks, blocking I/O |
| Code Quality | Duplication, magic numbers, dead code, poor naming |
| Style | Formatting, naming conventions, line length, imports |
| Documentation | Missing docstrings, outdated comments, undocumented APIs |
| Tests | Missing tests for critical paths, coverage gaps |
23 supported languages: Python, JavaScript, TypeScript, Java, C, C++, C#, Go, Rust, Ruby, PHP, Swift, Kotlin, Scala, R, SQL, Bash, PowerShell, HTML, CSS, YAML, JSON, Dockerfile. Standards Review mode lets you check against your own coding standards document.
Navigate to TOOLS › FORMS. Build no-code AI-processed forms. Each form gets a public submit URL and an embeddable widget. EMMA processes every submission according to your instructions. Webhooks fire HMAC-SHA256 signed on each submission.
| FIELD TYPE | DESCRIPTION |
|---|---|
| text, textarea | Short or long text input |
| email, phone, number, date | Typed inputs with HTML5 validation |
| select, multiselect | Dropdown — single or multiple selection |
| checkbox, radio | Boolean or option group |
| file_upload, rating | File attachment or star rating |
Embed: GET /forms/{id}/embed returns a self-contained HTML+JS snippet. Paste into any website. Webhook signature: X-HARBOUR-Signature: sha256={hmac}. Webhook secret shown once on form creation — save it.
Navigate to COMPLIANCE › RoPA. Build and maintain your Article 30 Record of Processing Activities. AI generates processing activity entries from plain-English descriptions. Exports ICO-ready PDF or Excel. Every change is audit-trailed with timestamp and user ID.
| FEATURE | DESCRIPTION |
|---|---|
| AI Activity Generator | Describe your data processing in plain English; AI produces a structured Article 30 entry |
| Lawful Basis Advisor | AI recommends the correct lawful basis (Art. 6 / Art. 9) with justification |
| Retention Schedule | Set retention periods; automatic expiry alerts when records approach review date |
| Third-Party Register | Log processors and sub-processors with DPA status and transfer mechanisms |
| Export | ICO-template PDF, Excel, or JSON; includes controller signature block |
UK GDPR Article 30 requires organisations with 250+ employees (or any organisation whose processing is likely to result in a risk to rights and freedoms) to maintain a RoPA. HARBOUR AI automates this for any size of organisation. Sync with your DSAR Processor (Section 69) for a complete data map.
Navigate to COMPLIANCE › BREACH RESPONSE. AI-guided 72-hour ICO notification workflow. Classify the breach, assess risk to data subjects, auto-draft ICO notification and subject communications, and track remediation actions through to closure.
| STAGE | DESCRIPTION |
|---|---|
| Classify | Confidentiality, integrity, or availability breach; accidental or deliberate; scope estimate |
| Risk Assessment | AI scores risk to data subjects (LOW / MEDIUM / HIGH / CRITICAL) with UK GDPR rationale |
| 72h Notification | AI drafts ICO Article 33 notification; editable before submission export |
| Subject Communication | Article 34 letters for high-risk breaches; batch mail-merge ready |
| Remediation Tracker | Action items with owners, due dates, and status dashboard |
The 72-hour clock starts when your organisation becomes aware of the breach. HARBOUR AI timestamps breach creation and shows a live countdown. If ICO notification is not required, the system records the rationale with Article 33(1) exemption reference — preserving your audit trail.
Navigate to SECURITY › PEN TEST ANALYSER. Upload penetration test reports in PDF, DOCX, or JSON (Burp Suite, Nessus, OpenVAS, Metasploit, Nuclei, OWASP ZAP, Qualys, Rapid7, Nmap, CrowdStrike). AI extracts findings, maps to OWASP/CVE/CVSS, and generates an executive summary with prioritised remediation plan.
| FEATURE | DESCRIPTION |
|---|---|
| Multi-tool Ingestion | Supports 10 scanner formats; auto-detected on upload |
| Finding Classification | CRITICAL / HIGH / MEDIUM / LOW / INFORMATIONAL with CVSS 3.1 score |
| OWASP Mapping | Each finding mapped to OWASP Top 10 or CWE category |
| Remediation Plan | AI generates step-by-step fix guidance prioritised by risk score |
| Executive Report | Board-ready PDF: risk summary, trend vs. previous test, compliance impact |
| Re-test Tracking | Mark findings as fixed; track re-test status and sign-off |
Results are stored in the tamper-proof audit trail (Section 38). The executive summary is suitable for board packs, insurance questionnaires, and client due diligence. HARBOUR AI itself passed an external penetration test in June 2026 — the result is visible on the landing page trust badge.
Navigate to FINANCE › VALUATION. AI-powered business valuation using four methodologies simultaneously. Input three years of financials; receive a blended valuation range with full workings, comparable transactions, and an investor-ready narrative.
| METHODOLOGY | DESCRIPTION |
|---|---|
| DCF | Discounted Cash Flow with WACC, terminal growth rate, and sensitivity table (3×3 grid) |
| EV/EBITDA | Enterprise Value multiples benchmarked against 15 sector peer groups |
| P/E Ratio | Price-to-earnings with sector premium/discount analysis |
| Asset-Based | Net asset value adjusted for intangibles (IP, brand, customer relationships) |
| Blended Range | Weighted composite with low/mid/high range and confidence interval |
Valuations can be saved, versioned, and compared over time. Suitable for fundraising, M&A, shareholder agreements, and EIS/SEIS applications. Connects to Open Banking (Section 98) for automatic financial data import. Not a substitute for a qualified independent valuation for statutory or legal purposes.
Navigate to FINANCE › M&A DUE DILIGENCE. Structured deal workspace for buy-side and sell-side M&A transactions. AI analyses uploaded documents across seven due diligence workstreams, flags red flags, and populates a live DD tracker with risk ratings.
| WORKSTREAM | KEY CHECKS |
|---|---|
| Financial | Revenue quality, EBITDA normalisation, working capital, debt schedule, contingent liabilities |
| Legal | Contracts, IP ownership, litigation, regulatory licences, change-of-control clauses |
| Commercial | Customer concentration, pipeline quality, competitive positioning, pricing power |
| HR & People | Key-person risk, org structure, employment contracts, pension obligations, IR35 exposure |
| IT & Cyber | Architecture, security posture, tech debt, SaaS dependencies, data residency |
| Tax | Tax compliance history, transfer pricing, R&D credits, deferred tax, HMRC correspondence |
| ESG | Environmental obligations, supply chain risks, governance structures, social commitments |
Upload documents to each workstream; AI extracts relevant data and populates the DD tracker automatically. Red flags are highlighted with severity ratings. The final DD report is generated as a structured Word document with all findings, supporting evidence links, and a deal risk scorecard. Integrates with Business Valuation (Section 83).
Navigate to FINANCE › ACCOUNTS PRODUCTION. Prepare statutory accounts under FRS 102, FRS 105 (micro-entities), or IFRS. Import trial balance from CSV or Open Banking (Section 98); AI applies the correct disclosure framework and drafts all notes automatically.
| STANDARD | ENTITY TYPE |
|---|---|
| FRS 105 | Micro-entities (turnover <£632k, balance sheet <£316k, <10 employees) |
| FRS 102 Section 1A | Small companies (audit-exempt, turnover <£10.2m) |
| FRS 102 Full | Medium and large companies, groups |
| IFRS | Listed companies, subsidiaries of IFRS parents |
Output: iXBRL-tagged P&L, Balance Sheet, Notes, Directors' Report, and Auditor's Report template. The iXBRL file is suitable for direct Companies House filing and HMRC CT600 attachment. AI checks disclosures against the applicable standard and flags any mandatory notes that are missing. Review every AI-generated disclosure before filing — HARBOUR AI is not a substitute for a qualified accountant or auditor.
Navigate to STRATEGY › MARKET INTELLIGENCE. Continuous AI-powered monitoring of competitors, market trends, and industry signals. Track up to 50 competitors across 10 intelligence dimensions with automated weekly briefings delivered to your inbox or Slack.
| DIMENSION | SIGNALS MONITORED |
|---|---|
| Product | Feature announcements, pricing changes, job postings indicating R&D direction |
| Commercial | Customer wins/losses, partnership announcements, contract notices |
| Financial | Funding rounds, revenue signals, Companies House filings |
| People | Executive moves, hiring trends, employee sentiment (Glassdoor) |
| Regulatory | Regulatory actions, sanctions, compliance incidents |
| Technical | GitHub activity, patent filings, technology stack changes |
AI generates a SWOT update and strategic implications summary each week. Set alert thresholds (e.g., alert if a competitor raises >£5m funding or launches a product in your core market). Pairs with AI Business Simulation (Section 64) to model competitive responses before committing to strategy.
Navigate to HEALTH › CLINICAL DECISION. NICE Guidelines-aligned decision support for clinical teams. Enter presenting symptoms, patient demographics, and current medications; AI returns evidence-based assessment pathways, drug interaction flags, red flag alerts, and referral recommendations — all citing the source NICE guideline and publication date.
| FUNCTION | DESCRIPTION |
|---|---|
| Symptom Assessment | Differential diagnosis suggestions ranked by probability with evidence citations |
| NICE Pathway Lookup | Direct link to relevant NICE pathway with condition-specific guidance |
| Drug Interactions | Checks current medication list; flags interactions with severity rating |
| Red Flag Alerts | Immediate visual alert for symptoms indicating serious/life-threatening conditions |
| Referral Generator | Drafts GP or specialist referral letters with clinical summary pre-populated |
| Dosage Calculator | Weight/age-adjusted dosage ranges from BNF with renal/hepatic adjustment flags |
IMPORTANT: Clinical Decision Support is a decision aid — it does not replace clinical judgement, examination, or diagnosis by a qualified healthcare professional. All AI outputs must be reviewed by a clinician before acting. Always refer to the current published NICE guideline. Integrates with GP Referral Letters (Section 73), NHS DSPT Compliance (Section 46), and NHS API (Section 99).
Navigate to CRM. Full customer relationship management with AI-powered engagement scoring, opportunity tracking, and pipeline analytics. Contacts, companies, deals, activities, and communications in one place — with EMMA able to update records from meeting notes automatically.
| MODULE | DESCRIPTION |
|---|---|
| Contacts & Companies | Unlimited contacts with custom fields; automatic company hierarchy linking |
| Deal Pipeline | Kanban or list view; weighted pipeline value; probability-adjusted forecast |
| Activity Timeline | Calls, emails, meetings, notes — all logged with AI-generated summaries |
| Engagement Score | AI scores contact engagement (0–100) based on recency, frequency, and depth of interaction |
| AI Follow-up | EMMA suggests next best action per deal; drafts follow-up emails ready to send |
| Integration | Auto-populates from Meeting Assistant (Section 20), Email Assistant (Section 16), and Open Banking (Section 98) |
After a meeting, say to EMMA: "Update the CRM for the Acme deal from today's meeting." EMMA reads the meeting transcript, extracts agreed next steps, and updates the deal stage, activity log, and follow-up task automatically. All contact data is stored on-premise — no third-party CRM cloud sync.
Navigate to HR › HRIS. Full Human Resource Information System covering the entire UK employment lifecycle. From offer letter to leaver reference — AI drafts all documentation, calculates entitlements, and ensures UK employment law compliance throughout.
| MODULE | UK EMPLOYMENT LAW COVERAGE |
|---|---|
| Employee Records | Right to Work checks, contract management, DBS tracking, emergency contacts |
| Leave Management | Annual leave (Working Time Regulations), sickness (SSP), maternity/paternity/shared parental leave |
| Performance | Objective setting, mid-year review, appraisal documentation, PIP workflow |
| Disciplinary & Grievance | ACAS Code-compliant procedures; AI-drafted investigation reports and outcome letters |
| Offboarding | Leaver checklist, reference letter generation, P45 trigger, settlement agreement templates |
| Compliance | Gender Pay Gap reporting data, TUPE alert flags, IR35 risk scoring per contractor |
Integrates with Payroll (Section 90) for RTI submissions, IR35 Determination (Section 67) for contractor assessments, and AI Video Interview (Section 100) for recruitment. All employee data is stored encrypted on-premise. GDPR retention schedules are enforced automatically — employee records are flagged for deletion 7 years after employment ends (configurable).
Navigate to HR › PAYROLL. HMRC Real Time Information payroll for 2025-26. Calculate PAYE, NIC, student loan deductions, and pension contributions. Submit Full Payment Submissions (FPS) and Employer Payment Summaries (EPS) to HMRC via the PAYE API.
| FEATURE | DETAIL |
|---|---|
| PAYE & NIC | 2025-26 tax tables; handles all NIC categories (A, B, C, H, J, M, Z) |
| Student Loan | Plans 1, 2, 4, and postgraduate loan; auto-detection from employee records |
| Auto-Enrolment | NEST, Peoples Pension, and custom provider; eligible/non-eligible/entitled worker categorisation |
| RTI Submission | FPS on or before payment date; EPS for recovery of SMP/SPP; P60 at year end |
| Payslips | Branded PDF payslips; secure employee portal access; email distribution |
| CJRS / SSP Reclaim | Calculates recoverable SSP; generates EPS recovery values |
Payroll connects to HRIS (Section 89) for employee records and to Open Banking (Section 98) for automated salary payment initiation. All RTI submissions are logged with HMRC correlation IDs. Payroll data is retained for 7 years in compliance with HMRC record-keeping requirements. Not a substitute for a qualified payroll professional for complex arrangements.
Navigate to PROJECTS. AI-powered project management with RAG health scoring. Gantt, Kanban, and list views. EMMA monitors project health daily and alerts when tasks are at risk — before they become late.
| FEATURE | DESCRIPTION |
|---|---|
| RAG Health Score | AI assigns RED / AMBER / GREEN per project and per milestone based on schedule, budget, and risk signals |
| Gantt View | Drag-and-drop timeline with dependency links; critical path highlighted |
| Kanban View | Swimlane board by status or assignee; WIP limits configurable |
| Risk Register | AI identifies risks from task descriptions; probability × impact scoring; mitigation tracking |
| Resource Planner | Capacity view across all team members; highlights over-allocation |
| Status Reports | EMMA generates weekly RAG status report ready for stakeholders; one-click PDF |
Ask EMMA: "What's the health of Project Phoenix?" — she reads the current tasks, schedule, and risk register, and responds with a spoken or written RAG summary. Integrates with HRIS (Section 89) for resource allocation and NL Analytics (Section 92) for project cost analysis.
Navigate to ANALYTICS › NL ANALYTICS. Query any connected data source in plain English. No SQL required. EMMA translates your question into a query, executes it, and returns a chart or table with a plain-English explanation of the result.
| DATA SOURCE | EXAMPLE QUESTIONS |
|---|---|
| CRM (Section 88) | "Which deals are stuck in proposal stage for more than 30 days?" |
| Open Banking (Section 98) | "What was our biggest expense category last quarter?" |
| Payroll (Section 90) | "What is our total employer NIC cost this tax year?" |
| Projects (Section 91) | "How many projects are RED status this week?" |
| HRIS (Section 89) | "How many employees have a probation review due in the next 30 days?" |
| Custom SQL | Connect any SQLite, PostgreSQL, or MySQL database |
EMMA shows the generated SQL before executing — you can review, edit, or reject it. Results are exportable as CSV or chart image. Complex multi-step queries are broken into sub-queries with intermediate results shown at each step. All queries are logged in the audit trail.
Navigate to HR › LEARNING. AI-powered LMS with CPD tracking. Create courses, assign learning paths, track completion, and issue certificates. EMMA can generate course content from your existing documents and knowledge base.
| FEATURE | DESCRIPTION |
|---|---|
| Course Builder | Modules, lessons, quizzes, and video embeds; AI generates quiz questions from lesson content |
| Learning Paths | Assign prerequisite sequences; role-based auto-enrolment |
| CPD Tracking | Log CPD hours per employee; generates CPD statements for professional bodies |
| Compliance Training | Mandatory training tracker with escalation alerts for overdue completions |
| Certificates | Auto-issued branded PDF certificates on course completion with verifiable ID |
| AI Tutor | EMMA answers learner questions in the context of the current course material |
Generate course content by asking EMMA: "Create a GDPR awareness course from our privacy policy and data protection policy." She produces a 5-module course with lessons and quiz questions ready to publish. Integrates with HRIS (Section 89) for completion records and CPD certificates. Supports SCORM 1.2 import for existing e-learning content.
Navigate to SETTINGS › RAG CONNECTORS. Connect external data sources to HARBOUR AI's Retrieval-Augmented Generation engine. EMMA searches across all connected sources when answering questions, citing the source document and relevance score for every retrieved chunk.
| CONNECTOR TYPE | SUPPORTED SOURCES |
|---|---|
| File Systems | Local folder sync, network share (SMB/CIFS), SFTP server |
| Cloud Storage | SharePoint / OneDrive, Google Drive, Dropbox, Box |
| Databases | PostgreSQL, MySQL, SQLite, MongoDB — query results ingested as documents |
| Web & RSS | Web crawler (depth configurable), RSS/Atom feeds, sitemap ingestion |
| APIs | Generic REST connector with JSON path extraction; authentication: API key, OAuth2, Bearer |
| Communication | Email (IMAP), Slack export, Microsoft Teams export |
Each connector has a configurable sync schedule (real-time, hourly, daily, weekly). Documents are chunked, embedded, and stored in the local vector store — nothing leaves your server. Set per-connector access controls so team members only retrieve from sources they're authorised to see. Connectors integrate with the Knowledge Base (Section 13).
Navigate to MARKETPLACE. Browse, install, and manage third-party extensions, sector packs, prompt libraries, and agent templates. Published by HARBOUR AI and verified community developers. All marketplace items are code-reviewed before listing.
| CATEGORY | EXAMPLES |
|---|---|
| Sector Packs | Legal, Healthcare, Finance, Education, Construction, Charity, Hospitality |
| Agent Templates | Pre-configured EMMA personas for specific roles (PA, Paralegal, Nurse, CFO) |
| Prompt Libraries | Curated prompt collections for marketing, HR, compliance, sales |
| Integrations | Pre-built connectors for popular SaaS tools (Xero, Salesforce, HubSpot, Sage) |
| Report Templates | Branded report templates for common use cases |
Installing a marketplace item does not send any data to HARBOUR AI servers. Items are downloaded once and run locally. Rate each item after use — ratings inform the marketplace ranking algorithm. To publish your own items, contact loosekeyz84@proton.me for developer programme access.
Navigate to COMPLIANCE › ADVANCED REGWATCH. Monitors 50 UK and international regulators in real time. AI classifies each publication by impact, urgency, and applicability to your sector configuration. Daily digest with action-required items flagged at the top.
| REGULATOR GROUP | EXAMPLES |
|---|---|
| Financial | FCA, PRA, Bank of England, PSR, FRC, HMRC, Companies House |
| Data & Privacy | ICO, EDPB, FTC, CPPA (Canada) |
| Health | MHRA, NICE, CQC, NHS England, HSE |
| Legal & Justice | SRA, Bar Standards Board, CLC, MOJ, HMCTS |
| Employment | ACAS, Equality & Human Rights Commission, Gangmasters Authority |
| Environment & ESG | EA, DEFRA, FCA ESG, Companies House climate disclosure |
| International | EU AI Act, SEC, EBA, ESMA, BIS, Basel Committee |
Set your sector profile (e.g., Financial Services + Healthcare) and Advanced Regwatch automatically filters to relevant publications. AI generates a plain-English impact summary and a suggested action checklist for each significant change. Integrates with Regulatory Change Monitor (Section 53) — Advanced Regwatch covers 50 regulators vs 10 in the standard module. Action items feed directly into the Compliance Autopilot (Section 10).
Navigate to SETTINGS › ENTERPRISE SSO. Configure SAML 2.0 or OIDC federation with your organisation's identity provider. Supports Azure AD, Okta, Google Workspace, ADFS, PingFederate, and OneLogin. Just-In-Time (JIT) user provisioning creates HARBOUR AI accounts automatically on first SSO login.
| PROVIDER | PROTOCOL |
|---|---|
| Azure AD / Entra ID | SAML 2.0 or OIDC; supports Microsoft group claims for role mapping |
| Okta | SAML 2.0 or OIDC; Okta group push for role sync |
| Google Workspace | OIDC; Google group membership maps to HARBOUR AI roles |
| ADFS | SAML 2.0; supports claim rules for attribute mapping |
| PingFederate | SAML 2.0; adapter configuration via SP metadata |
| OneLogin | SAML 2.0 or OIDC; OneLogin role mapping |
| Generic SAML | Any SAML 2.0 compliant IdP; manual attribute mapping |
Download your SP metadata from SETTINGS › ENTERPRISE SSO › [Configuration] › SP Metadata and upload it to your IdP. Attribute mapping: email, first name, last name, display name, groups, and role are configurable per configuration. Session tokens are short-lived (1 hour) with silent refresh. Audit trail records every SSO login with IdP assertion hash. Pairs with Team Mode (Section 33) and Admin Dashboard (Section 35).
Navigate to FINANCE › OPEN BANKING. Connect to 15 UK banks via the Open Banking OBIE / PSD2 framework. Retrieve real-time account balances and transaction history with your explicit consent. AI categorises transactions, analyses cash flow, and flags covenant breaches automatically.
| FEATURE | DESCRIPTION |
|---|---|
| Supported Banks | Lloyds, Barclays, NatWest, HSBC, Santander, Starling, Monzo, Revolut, Nationwide, Metro, TSB, Co-op, First Direct, Tide, Cashplus |
| Consent Flow | OBIE-compliant consent: you authorise at your bank; no credentials stored by HARBOUR AI |
| AI Categorisation | 20 spend categories: payroll, suppliers, HMRC VAT, HMRC PAYE, rent, utilities, travel, and more |
| Cash Flow Analysis | AI generates 3-scenario cash flow forecast (base, optimistic, stress) with narrative commentary |
| Covenant Monitor | Define financial covenants (e.g., minimum cash balance, max debt ratio); automated breach alerts |
| Accounts Production | Feeds directly into Accounts Production (Section 85) and Business Valuation (Section 83) |
Open Banking connections use OAuth2 with your bank's authorisation server. HARBOUR AI stores only the access/refresh tokens (encrypted at rest) — never your banking credentials. Tokens expire per the bank's consent period (typically 90 days) and you will be prompted to re-consent. Transaction data is stored locally and never sent to any third party.
Navigate to HEALTH › NHS API. Integration with NHS Digital APIs using the FHIR R4 standard. Perform PDS patient demographic lookups, raise e-Referral Service requests, issue EPS prescriptions, and retrieve NHS terminology — all within the secure HARBOUR AI environment.
| NHS API | FHIR RESOURCE |
|---|---|
| PDS (Patient Demographics) | Patient — NHS number (modulus-11 validated), demographics, GP record |
| EPS (Electronic Prescriptions) | MedicationRequest — issue, cancel, and track prescriptions |
| e-Referral Service | ServiceRequest — create referrals with auto-generated UBRN |
| BARS (Booking & Referral) | Appointment — book, amend, cancel across NHS services |
| GP Connect | Patient — access GP records for shared care (authorised providers only) |
| SNOMED CT Terminology | Concept search, hierarchy navigation, description lookup |
| ODS (Organisation Data) | Organisation — look up NHS organisations by ODS code or name |
NHS API access requires registration with NHS Digital and approval of your use case. Configure your NHS Digital credentials under SETTINGS › NHS API › Configuration. All NHS API calls are made server-side; no patient data is transmitted to third-party services. Clinical Decision Support (Section 87) uses NHS API data for real-time patient context. Must be operated in accordance with NHS Digital data sharing agreements and DCB0129/DCB0160 clinical safety standards.
Navigate to HR › AI INTERVIEWS. End-to-end video interview platform powered by AI. Create interview templates, generate STAR-framework questions, invite candidates with unique secure tokens, collect asynchronous video responses, and receive a structured hire/no-hire scorecard — without scheduling a single call.
| STAGE | DESCRIPTION |
|---|---|
| Template Builder | Define role, interview type (competency, technical, cultural, panel, etc.), and evaluation criteria |
| AI Question Generator | EMMA generates STAR-framework questions tailored to the role and competency framework |
| Candidate Invite | Unique token-authenticated link; candidates access without creating an account |
| Async Video Submission | Candidates record on any device; supported formats: MP4, WebM, MOV, AVI, MKV |
| AI Evaluation | Scores each response across 8 dimensions: communication, problem solving, technical depth, leadership, culture fit, self-awareness, resilience, and impact orientation |
| Scorecard | STRONG_HIRE / HIRE / HOLD / NO_HIRE with confidence score, strengths, concerns, onboarding focus, and compensation guidance |
| Multi-Candidate Compare | Side-by-side ranking of up to 10 candidates with AI narrative justification |
All video files are stored locally — never uploaded to third-party services. AI evaluation uses only transcripts and structured response data; video files are processed locally. Integrates with HRIS (Section 89) for offer letter generation and onboarding workflows. Pairs with EMMA Hiring Assistant (Section 62) for the full recruitment lifecycle. Ensure your use of AI in hiring complies with the Equality Act 2010 and ICO guidance on AI and employment decisions.
Click 🛡 TRUST in the toolbar. Every install has its own cryptographic identity — an Ed25519 "Trust Root" key generated on first run — and every AI generation automatically gets a signed receipt: proof of which install produced which output, with which model, at what time. Receipts contain SHA-256 hashes only; your prompts and outputs never enter a receipt.
| TAB | WHAT IT DOES |
|---|---|
| RECEIPTS | Browse receipts; click one to verify its signature on the spot (✓ valid / ✗ altered) and export as JSON. COPY PUBLIC KEY shares your install's key so anyone can verify your receipts. |
| LEDGER (admin) | The audit log is hash-chained and periodically signed. Verify the whole ledger, sign a checkpoint on demand, or download a signed export for an auditor. |
| COLLECTIVE | Preview of opt-in federated improvement. Not live — nothing is transmitted today regardless of the toggle. Consent is off by default and revocable. |
Independent verification: a recipient does not need HARBOUR. Paste a receipt at harbour-ai.co.uk/verify (runs entirely in their browser — nothing is uploaded) or run the offline verifier script shipped in the repo. A valid receipt proves provenance and integrity — that this exact output came from this install, unaltered. It does not certify the output is factually correct.
🏢 TENANTS (admin) is now a full MSP console with four tabs:
| TAB | WHAT IT DOES |
|---|---|
| TENANTS | Create and manage tenants, plus per-tenant CONFIG & GUARDRAILS: allowed models, blocked agents, monthly token budget — enforced at chat time. |
| FLEET | Every device that checks in: platform, version, online status. Issue LOCK / UNLOCK / WIPE — each command is signed by the console's Trust Root and the device verifies the signature before executing. All commands audited. |
| RBAC | Per-agent / per-tool / per-module permission matrix. Default allow; precedence is user deny > user allow > role deny > role allow. |
| BILLING | Per-tenant 30-day rollup: users, active users, messages, tokens, estimated cost — the numbers an MSP needs to invoice clients. |
Click 📜 CERTS. Generates audit-ready evidence for Cyber Essentials / CE+ (the five NCSC control areas) and SOC 2 (the five Trust Services Criteria). Describe your current practice and HARBOUR drafts the evidence section: the requirement, how you meet it, the artefacts an assessor will request, gaps with remediation, and self-assessment answers. ⬇ DOWNLOAD SIGNED BUNDLE compiles every generated section into one Trust-Root-signed bundle a recipient can verify. Unknowns are always marked [TO CONFIRM] — review before submission.
Click ⏺ RECORDER, name the workflow, hit START — the toolbar shows a red REC ● while recording. Do the task normally: every prompt you send to any agent is captured as a candidate step. Hit STOP, then CONVERT — the local model generalises your prompts into a reusable workflow (run-specific details become {{input}}, chained steps use {{previous_output}}) saved straight into the ⚡ FLOW engine to run, schedule, or trigger like any other workflow.
Click 🧭 SECTORS. Sixteen new tools across four regulated verticals:
| SUITE | TOOLS |
|---|---|
| Conveyancing | Title register review (covenants, easements, charges, requisitions) · local search summaries with red flags · pre-contract enquiries drafted from your findings · exchange→completion checklist with statutory deadlines (SDLT 14 days, AP1 priority period) |
| Insurance | Policy wording comparison with clause references · ICOBS 5.2 demands & needs statements with Consumer Duty fair-value notes · renewal reviews that flag silent cover reductions · claim notification and dispute letters |
| Recruitment | Sourcing packs (boolean strings, alternative titles, outreach openers) · client-ready candidate submissions · right-to-work checklists with statutory-excuse recording · terms of business and fee letters (Conduct Regulations 2003) |
| Property / Lettings | Tenancy agreement compliance review (Tenant Fees Act, deposit cap, s.11, Renters' Rights Act readiness) · landlord compliance audits with deadlines and penalties · rent reviews with tribunal-defensible assessment · formal notices with validity-prerequisite checklists |
All outputs are drafts for professional review, not legal advice. Transition-period law (e.g. Renters' Rights Act commencement) is flagged [CHECK CURRENT LAW]; the Regulatory Change Monitor is the live source.
🛡 TRUST → VAULT (admin). API keys and integration credentials are stored AES-256-GCM encrypted — the vault's data key exists on disk only wrapped under a key derived from your install's Trust Root, so a stolen copy of the database yields nothing. Store a secret with a handle and reference it anywhere as {{secret:handle}} (MCP headers, environment variables, URLs). The raw value resolves only at the moment of use and never sits in config files, prompts, logs, or receipts. Your AI provider API key is vaulted automatically when saved in settings.
🛡 TRUST → FIREWALL (admin). Content HARBOUR didn't author — web results, scraped pages, indexed documents, Computer Operator inputs — can carry hidden instructions aimed at the AI. The firewall scans all of it before it reaches an agent: instruction overrides, prompt-extraction attempts, persona hijacks, hidden zero-width characters, tool-call injection, image-URL exfiltration.
| MODE | BEHAVIOUR |
|---|---|
| QUARANTINE (default) | Hostile content is replaced with a notice before reaching the AI |
| FLAG | Content passes through behind a visible warning — for false-positive recovery |
| OFF | Scanning disabled |
Output guardrails: organisation rules applied to what the AI says back — banned topics (block or flag) and a required disclaimer on every response, enforced before the signed receipt is emitted so receipts hash exactly what the user received. Every firewall detection is logged with source, findings, and a content sample. Your own prompts are never scanned — only untrusted content.
🛡 TRUST → E-SIGN. Sign a document or text with your install's Trust Root — the manifest proves who signed what (by hash) and when, and is verified by anyone at harbour-ai.co.uk/verify or with the offline script, no HARBOUR install needed. No DocuSign, no cloud. Content credentials issue a signed "generated by HARBOUR AI" provenance manifest for an exported file — robust because it's a signature over the file's hash, not a strippable watermark.
Consent platform: a registry of data subjects and their consents — purpose, lawful basis, evidence, expiry, withdrawal — closing the GDPR loop with the DPIA/ROPA/DSAR tools. A subject lookup returns everything held for one person for a DSAR response. Bias & fairness auditor: tests decision outcomes from sensitive flows (hiring, lending) for disparate impact using the four-fifths (80%) rule courts and regulators apply under the Equality Act 2010, with an AI compliance narrative. A screening signal, not a legal determination.