AIssistLab

Discovery And Security Model

Security Goal

V2 should detect provider readiness without turning the app into a device crawler or account inspector. The user should understand what is installed and usable, but the app must not expose account identifiers, full home paths, auth token paths, provider config contents, API keys, or raw provider status output.

Discovery Scope

Discovery should be shallow by default:

  1. Explicit path configured by the user.
  2. Known official install paths for that provider.
  3. PATH lookup for known executable names.
  4. Local HTTP health checks for known model-server ports only when the adapter owns that endpoint.
  5. Optional deeper detection only after the user clicks a Detect more action.

Do not run broad filesystem scans. Do not enumerate arbitrary profile folders outside known provider roots. Do not inspect provider config files unless an adapter has a narrow, documented reason and sanitizes the result.

Detection Rules

CLI Providers

For each CLI adapter:

Local Model Servers

For server adapters:

API Gateways

For gateway adapters:

Privacy Rules

Public API and UI output must never include:

Use generic labels:

Use sanitized path displays:

Execution Rules

No automatic login or generation on page load.

Allowed passive checks:

User-clicked actions:

Smoke Test Rules

Smoke tests should:

Child Process Environment Rules

Each adapter should build an env object from:

Never serialize the child env through public APIs. Never show whether a specific secret value matched a provider account. Only show present/missing/malformed.

Localhost Guards

All endpoints that expose device-local state must be localhost-only:

Reject non-local Host headers with 403.

Production Guards

Hosted deployments should reject local CLI providers:

Audit And Logging

Logs should record:

Logs should not record: