LH-01 · Enrolling now

Local AI Agents

Bounded agents you can trust on your own machine.

About this course

Build and operate bounded local-agent workflows with least-privilege tools, safe local setup, evidence capture and rollback discipline. The course treats every agent as a system to be governed, not a black box to be trusted.

Course record

Register no.
LH-01
Status
32 lessons published · open to enrol
Level
Practitioner
Access
Free
Format
Self-paced, text-first modules with formative checks
Who it is for
Practitioners who run or want to run AI agents on their own hardware and need them to stay inside safe, auditable limits.

Focus areas

  • The model underneath
  • Running models locally
  • Least-privilege tool design
  • Bounded task design
  • Safe local setup
  • Tool use and the agent loop
  • Memory and retrieval
  • MCP and interoperable tools
  • Evidence and evaluation
  • Rollback and handoff

Module outline

10 modules
  1. Local-agent mental model

    Three lessons — what an agent is, autonomy boundaries and tool permissions — building the vocabulary that the rest of the course, and every later module, relies on.

    1. What an agent isLesson 1 of 3 · 20–30 minutes
    2. Autonomy boundariesLesson 2 of 3 · 20–30 minutes
    3. Tool permissionsLesson 3 of 3 · 20–30 minutes
  2. The model underneath

    Three lessons — tokens and context windows; system, user, tool and retrieved context; sampling, determinism and structured output — the model internals a builder needs before bounding a task around one, live-verified against current runtime and model documentation.

    1. Tokens and context windowsLesson 1 of 3 · 20–30 minutes
    2. System, user, tool and retrieved contextLesson 2 of 3 · 20–30 minutes
    3. Sampling, determinism and structured outputLesson 3 of 3 · 20–30 minutes
  3. Running models locally

    Four lessons, lab-split — hardware realities (RAM vs VRAM, CPU vs GPU inference, sizing a 7B-8B model against a 16GB machine); quantisation and model selection (GGUF, K-quant naming, instruct vs base, params vs quant at a fixed budget); a setup lab installing Ollama and pulling a small model; and an execution-and-reflection lab capturing real latency and memory evidence, live-verified against current Ollama and llama.cpp documentation.

    1. Hardware realities: what actually determines whether a model runsLesson 1 of 4 · 20–30 minutes
    2. Quantisation and model selectionLesson 2 of 4 · 20–30 minutes
    3. Lab: installing a local runtimeLesson 3 of 4 · 30–45 minutes
    4. Lab: capturing first-run evidenceLesson 4 of 4 · 30–45 minutes
  4. Bounded task design

    Three lessons — inputs, outputs and constraints; acceptance criteria; stop rules — turning a vague task into one with an explicit brief and a stop condition.

    1. Inputs, outputs and constraintsLesson 1 of 3 · 15–20 minutes
    2. Acceptance criteriaLesson 2 of 3 · 15–20 minutes
    3. Stop rulesLesson 3 of 3 · 20–30 minutes
  5. Safe local setup

    Three lessons — workspace hygiene, secrets and data boundaries, filesystem and network scope — building the least-privilege habits that keep a bounded task's local run from reaching what it never needed to.

    1. Workspace hygieneLesson 1 of 3 · 15–20 minutes
    2. Secrets and data boundariesLesson 2 of 3 · 15–20 minutes
    3. Filesystem and network scopeLesson 3 of 3 · 20–30 minutes
  6. Tool use and the agent loop

    Four lessons, lab-split — tool schemas and the cross-vendor call/result round trip (Ollama, OpenAI, Anthropic); dispatch, result envelopes, timeouts, retries, idempotency and cancellation as one connected design decision; validation at every boundary plus the human approval gate before writes; and a runnable lab building a first tool loop with read-only tools against a local Ollama server, live-verified against current Ollama, OpenAI and Anthropic tool-calling documentation.

    1. Tool schemas and the call/result round-tripLesson 1 of 4 · 20–30 minutes
    2. Dispatch, result envelopes and failure handlingLesson 2 of 4 · 20–30 minutes
    3. Validation at every boundary and the approval gateLesson 3 of 4 · 20–30 minutes
    4. Lab: building a first tool loopLesson 4 of 4 · 30–45 minutes
  7. State, memory and retrieval

    Three lessons — conversation state vs durable memory and the working/episodic/semantic/procedural taxonomy; embeddings and retrieval-augmented generation, including when plain search beats a vector database; and memory hygiene covering poisoning, scope, retention and deletion — live-verified against current Ollama, Anthropic, SQLite and OWASP documentation.

    1. Conversation state versus durable memoryLesson 1 of 3 · 20–30 minutes
    2. Embeddings and retrieval-augmented generationLesson 2 of 3 · 20–30 minutes
    3. Memory hygiene: poisoning, privacy and deletionLesson 3 of 3 · 20–30 minutes
  8. MCP and interoperable tools

    Three lessons — MCP hosts, clients, servers and its three primitives (resources, prompts, tools); capability discovery, transports and least-privilege authentication, with the specification's own Key Principles quoted exactly; and untrusted content plus a least-privilege MCP tool contract designed before implementation — live-verified against the current (2025-11-25) official MCP specification.

    1. MCP: hosts, clients, servers and its three primitivesLesson 1 of 3 · 20–30 minutes
    2. Capability discovery, transports and least-privilege authenticationLesson 2 of 3 · 20–30 minutes
    3. Untrusted content and designing a safe tool contractLesson 3 of 3 · 20–30 minutes
  9. Evidence and evaluation

    Three lessons — evidence types, capturing run evidence, evaluating a run — building an evidence packet as a run happens and judging it against acceptance criteria to decide accept, revise or roll back.

    1. Evidence typesLesson 1 of 3 · 15–20 minutes
    2. Capturing run evidenceLesson 2 of 3 · 15–20 minutes
    3. Evaluating a runLesson 3 of 3 · 20–30 minutes
  10. Rollback and handoff

    Three lessons — reverting safely, documenting residual risk, run report and handoff — closing out a run: choosing rollback over revision, writing an honest residual-risk statement, and assembling a run report with a named next owner and fail criteria.

    1. Reverting safelyLesson 1 of 3 · 15–20 minutes
    2. Documenting residual riskLesson 2 of 3 · 15–20 minutes
    3. Run report and handoffLesson 3 of 3 · 20–30 minutes

Before you enrol

All 10 modules below are published and available in full.

Learning Harbour will not publish learner outcomes, testimonials or completion statistics it cannot verify, and its certificates will state verified platform completion only — they carry no accreditation.