Pilot programme targeting Q3 2026. Register your interest now.Pilot EOI
UPAS
Interfaces

Security Model

Security and privacy model for UPAS

UPAS is designed with security and privacy as core principles.

No Authentication Required

UPAS operates entirely on-device without server-side authentication:

  • No API keys: No external credentials required
  • No user accounts: No login or registration
  • No server calls: All inference happens locally

This design is intentional for environments where:

  • Network connectivity is unreliable
  • Device sharing is common
  • User tracking is inappropriate

Data Flow

Query Flow

User Query → Local Inference → Local Response
     ↓              ↓               ↓
  (on device)   (on device)    (on device)

No data leaves the device during normal operation.

Sync Flow

Sync Request → CDN/Server → Pack Download → Local Cache
     ↓             ↓              ↓              ↓
 (metadata)   (pack files)   (verified)    (on device)

During sync, only pack metadata and content are transferred. User queries are never transmitted.

Privacy Guarantees

No Prompt Exfiltration

User queries never leave the device:

  • Inference runs locally via WebGPU or WASM
  • No telemetry of query content
  • No logging of operational context

Minimised Logging

UPAS logs only:

  • Cache health metrics
  • Runtime status
  • Sync timestamps

UPAS does not log:

  • User queries
  • Response content
  • Operational context
  • Device identifiers

No Tracking

UPAS does not:

  • Set tracking cookies
  • Collect analytics
  • Fingerprint devices
  • Store user behaviour

Integrity Verification

Pack Integrity

Procedure packs include SHA-256 hashes:

// Verify pack integrity before use
async function verifyPack(pack: ProcedurePack): Promise<boolean> {
  const computed = await sha256(JSON.stringify(pack.documents));
  return computed === pack.integrity;
}

Document Integrity

Individual documents also include hashes:

// Verify document integrity
async function verifyDocument(doc: Document): Promise<boolean> {
  const computed = await sha256(doc.content);
  return computed === doc.hash;
}

Threat Model

In Scope

UPAS addresses:

  • Offline availability: Works without network
  • Data sovereignty: No cloud processing of queries
  • Source verification: Provenance at point of use
  • Safe degradation: Graceful failure modes

Out of Scope

UPAS does not address:

  • Device security: Assumes trusted device
  • Physical access: No protection against device theft
  • Model attacks: Adversarial prompts possible
  • Content integrity: Relies on trusted publishers

Content Security Policy

Recommended CSP for UPAS deployments:

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'wasm-unsafe-eval';
  worker-src 'self';
  connect-src 'self' https://huggingface.co https://cdn.example.org;
  style-src 'self' 'unsafe-inline';
  img-src 'self' data:;
  frame-ancestors 'none';
  base-uri 'self';
  form-action 'self';

Responsible Disclosure

To report security vulnerabilities:

  1. Do not disclose publicly
  2. Email security concerns to the project maintainers
  3. Include reproduction steps
  4. Allow reasonable time for response

See the GitHub security policy for details.

Next Steps

Interfaces Reference

Data formats and interfaces used in UPAS (prototype)

Events and Callbacks

Runtime events and callbacks in UPAS

On this page

No Authentication Required
Data Flow
Query Flow
Sync Flow
Privacy Guarantees
No Prompt Exfiltration
Minimised Logging
No Tracking
Integrity Verification
Pack Integrity
Document Integrity
Threat Model
In Scope
Out of Scope
Content Security Policy
Responsible Disclosure
Next Steps