What's inside (OwnSona Manual)

Backend: Java 17+, built on the Kiss web development framework. Kiss is an open-source Java full-stack framework; OwnSona uses its servlet container, JSON-RPC plumbing, c3p0 connection pool, bld build script, and the MCPServerBase base class this server extends. Documentation for Kiss itself — manual, JSDoc, JavaDoc, training videos — lives at https://kissweb.org; the source is at https://github.com/blakemcbride/Kiss. Runs as a single servlet under Apache Tomcat 11 (embedded).
Storage: PostgreSQL 16 with the pgvector extension for similarity search and pg_trgm for fuzzy text matching.
Embeddings: OpenAI’s text-embedding-3-small (1536-dim) by default, exposed through a swappable EmbeddingProvider interface. Self-hosted alternatives (Ollama, sentence-transformers) work without changing any application code.
Auth: OAuth 2.1 (auth code + PKCE). Every /mcp request must present an Authorization: Bearer JWT access token issued by the embedded authorization server. MCP clients discover the AS via /.well-known/oauth-protected-resource and register themselves dynamically (RFC 7591); the user logs in once via a browser tab the client opens. The secret-scanner refuses to store text that looks like an API key, JWT, or PEM private key.
Transport: HTTPS on port 443, terminated by Tomcat directly.
Supervision: systemd, with a nightly pg_dump backup unit.