Search Everything, Reach Almost Nothing
The Plaud corpus grew from a sync script into a meeting-intelligence layer: 380 sessions, ~2M characters of searchable transcript, participant inference, drift checks — and a fail-closed confidentiality fence so AI can query work meetings while everything personal stays unreachable by design.
up from 101 when the sync first shipped
speaker-aware, four curated lenses
the fence is deny-first, opened by evidence
stdlib-only, read-only, local
The sync was the start. The value showed up in the layers on top.
What the corpus became
Full text
Search reads bodies, not titles
Session titles lie — most are auto-generated. The search tool brute-forces ~2M characters of transcript with speaker filters and four curated lenses: northstar, jennisms, decisions, feedback. The queries I actually run, packaged.
Inference
Who was in the room
Participant inference maps sessions to attendees from topic-affinity priors, and writes its confidence and signals alongside every guess instead of overclaiming. 76 of 144 indexed sessions carry inferred participants.
Fail closed
The fence
A read-only MCP server exposes the corpus to Claude behind a deny-first policy. Personal sessions are not filtered out — they are unreachable. Work sessions open one at a time, by evidence, through an explicit allowlist.
The sync post ended at 101 sessions. The corpus is now 380 — about two million characters of transcript sitting in local JSON. A pile that size stops being an archive and becomes either a liability or an asset, and the difference is entirely tooling.
The first layer is search that reads bodies, not metadata. Session titles are auto-generated and useless; the indexes I already had could tell me a meeting existed but not what was said in it. The search tool is deliberately boring engineering — stdlib-only, read-only, no network, brute force over every transcript — with speaker filters, date windows, and four curated lenses that encode the queries I actually run: northstar, jennisms, decisions, feedback.
The second layer is participant inference. Sessions don't record who was in the room, so a script infers attendees from topic-affinity priors built out of my people memory — and writes its confidence and its signals next to every guess. It marks what it cannot infer instead of inventing attendance. 76 of 144 indexed sessions carry inferred participants; the rest say so.
The third layer is drift protection, because this corpus already burned me once: the index said one thing, the bodies said another, and searches quietly missed sessions that existed. Now freshness checks fail loud when the local archive drifts from the cloud, and an index-vs-body divergence check catches the index lying about what it covers.
The layer I would actually show an employer is the fence. Exposing this corpus to an AI assistant is genuinely useful and genuinely dangerous — it holds therapy sessions next to work meetings. So the MCP server that gives Claude access is read-only and deny-first: of 332 sessions, about 8 are reachable by default. Personal sessions are not "filtered" — the fence fails closed, so they are unreachable even when the code around them is wrong. The reachable surface grows one session at a time, through an explicit allowlist, by evidence.
The lesson generalizes past voice memos. If you have a pile of data you half-trust, the order of operations is: make it searchable by content, make its gaps explicit, make its freshness fail loud, and make privacy the default state instead of a setting. Every layer here assumes the layer below it will eventually be wrong. That assumption is the feature.
MEETING INTELLIGENCE, FENCED corpus -> 380 sessions, ~2M chars, local JSON search -> speaker-aware, 4 lenses, stdlib-only infer -> participants from topic-affinity priors guard -> freshness + index-vs-body drift checks fence -> read-only MCP, deny-first, 8 of 332 reachable THE RULE Personal sessions are not filtered. They are unreachable.