chain-studio/assets/docs/security.md
flemming-it 3b07d340d5 feat(studio): Welcome page Phase B — embedded doc reader (v0.38.0)
Second slice of the Welcome surface. Operator-facing
documentation now lives inside Studio as bundled assets and
renders inline via a modal sheet — no browser, no external
link, air-gap-tauglich.

- Four operator-readable explainers under `assets/docs/`,
  each with an EN + DE pair:
    architecture[_de].md  — Hub / Module / Flow + how they fit
    security[_de].md       — sandbox model, declared perms,
                              operator ceiling
    audit[_de].md          — hash-chained log, WORM-1 mechanics,
                              `fai admin verify-events`
    flows[_de].md          — flow YAML, templating reference,
                              extract→summarize example
  These are short (≈ 300-500 words each), operator-shaped
  prose. Not copies of the architecture docs in
  fai_platform/docs/architecture/ — those are
  contributor-dense.

- pubspec.yaml declares `assets/docs/` so the markdown ships
  inside the Studio binary. Air-gap deployments read them
  with no network access.

- New `_DocReaderSheet` modal: 85 %-of-viewport bottom sheet,
  drag handle + title bar with the doc icon and close button,
  scrollable Markdown body styled to match Studio chrome.
  Loads `assets/docs/<slug>_<locale>.md` first, falls back to
  the EN file. Locale comes from
  `Localizations.localeOf(context)`.

- `_DocsRow` on the Welcome page sits below the trust-posture
  deck. Two-column grid on ≥ 640 dp, single column below.
  Each card is icon + title + one-line blurb + chevron;
  click opens the reader sheet for that slug.

- 12 new ARB keys for the docs section (header, blurb, four
  card titles + blurbs, close button, error message).
- 4 new icons reused: `account_tree_outlined` (architecture),
  `shield_outlined` (security), `verified_outlined` (audit),
  `alt_route_outlined` (flows).

Implements Phase B of `docs/landing-page-design.md`. Phase C
(live getting-started checklist with persistent state) is the
last remaining slice.

Signed-off-by: flemming-it <stefan.a.flemming@googlemail.com>
2026-05-09 00:24:31 +02:00

66 lines
2.3 KiB
Markdown

# Sandbox model
Every F∆I module runs inside a WebAssembly sandbox with no
ambient access to the host. The module can do exactly what it
declares in its `module.yaml` — and nothing else.
## What a module declares
```yaml
permissions:
- net: api.openai.com # outbound HTTPS only
- net: 127.0.0.1:11434 # local Ollama
- fs.read: /var/lib/fai/in # read-only directory
- fs.write: /var/lib/fai/out # writable directory
- env: OPENAI_API_KEY # one specific env var
- hub: invoke # call other modules
```
Anything not on this list is impossible at runtime. A module
that forgets to ask for `net:` cannot reach the network at all.
The hub's `WasiCtxBuilder` wires only the declared preopens
and env vars — there is no escape hatch.
## What the operator controls
Operators add their own ceiling on top in `~/.fai/config.yaml`:
```yaml
security:
module_allowlist: # only these modules may load
- "text.*"
module_denylist: # never load these
- "experimental.*"
max_permissions: # cap requests per scope
net: ["api.openai.com"]
fs.read: ["/var/lib/fai"]
require_signatures: true # reject unsigned bundles
require_sbom: true # reject bundles without CycloneDX
```
Modules whose declared permissions exceed the operator's
ceiling fail to load with an explicit error. The operator
ceiling is the second gate; the module's own declaration is
the first.
## What you'll see in this app
- The **Store** detail sheet for an installed module shows
the declared permissions list with icons (`net:` globe,
`fs.read:` folder, `fs.write:` edit, `env:` terminal).
- The **Doctor** page summary tile shows total module count
and capability count.
- A **flow run** that violates a permission fails with a
named error (`PermissionDenied: net:example.com`) in the
audit log — visible on the Audit page.
## What we don't have
- No process-level isolation between modules. They all run
inside one hub process. A WASM trap escalates to a flow-step
failure, not a hub crash, but heap exhaustion in one module
can pressure the others. Pooled instance mode is on the
roadmap.
- No live policy backend (OPA-style runtime decisions).
Permission lists are static at module-load time. Customer
-driven; deferred until a real deployment needs it.