Security UI System
@prox-os/security-ui is the shared presentation and contract layer for
Security UI as an OS-Native Safety Presentation Layer
@prox-os/security-ui is the shared presentation and contract layer for
security-related state in Prox OS. It lets apps, resources, files, AI tool
calls, notifications, search results, collaboration flows, workspaces, and
future activity events present safety information consistently.
The package owns security view models and UI primitives. Runtime auth, authorization enforcement, policy evaluation, cryptography, audit persistence, security operations, and backend security integrations stay outside this package.
How It Differs From Auth, Policy, and Audit Backends
- Auth backend: identifies users, creates sessions, validates tokens, and enforces session state.
- Authorization or policy engine: decides whether an actor can perform an action.
- Audit backend: persists tamper-resistant event logs.
- Security UI: displays principals, permissions, risks, policy notices, sessions, devices, token metadata, and access reviews. It emits callbacks or action intents but does not enforce decisions.
Runtime-Agnostic Boundary
The contracts are serializable. They avoid React nodes in core types and do not bind to Clerk, Auth.js, Supabase Auth, Firebase Auth, Cloudflare Access, OPA, Cedar, KMS, scanners, SIEM vendors, or backend audit storage.
Event Flow
domain security event
-> security view model
-> UI warning, review, session card, token card, or audit row
-> user intent callback
-> action intent
-> future runtime/backend enforcementPermission Flow
principal + resource + permission metadata
-> permission set
-> permission matrix or access panel
-> access review request
-> future backend policy/enforcementSecurity UI can show the matrix and create a review request. It cannot make the permission true.
AI Safety Flow
AI tool call or sensitive context
-> security resource / risk / policy notice
-> human-in-the-loop access review
-> action intent
-> runtime approval gate@prox-os/ai-ui owns AI sessions, messages, tool calls, approvals, and
artifacts. Security UI translates risk and sensitivity into shared warnings and
review surfaces.
File Sharing Flow
file node or resource ref
-> security resource ref
-> public link notice / sensitivity notice
-> notification/search/activity draft
-> future runtime enforcement@prox-os/files owns file state and provider boundaries. Security UI does not
own storage or file permissions.
Relationships
@prox-os/actions: receives action intents for revoke session, disable public link, request/approve/reject access review, revoke token, and open security targets.@prox-os/ai-ui: provides AI tool-call risk and sensitive context input.@prox-os/files: provides file access, public-link, and sensitivity input.@prox-os/notifications: can receive security notification drafts.@prox-os/search: can index security events, audit events, and reviews.@prox-os/collaboration: can provide external collaborator and public review link context.- Future
@prox-os/workspace-ui: can consume permission sets and access reviews for workspace member and role management. - Future
@prox-os/activity: can consume security and audit event drafts for timeline views.
Why Phase 1 Avoids Security Backends
Phase 1 is a frontend contract and mock UI layer. Binding it to an auth provider or policy engine now would make every app inherit runtime assumptions before the OS-level session, workspace, permission, and audit architecture is ready.
Avoided in Phase 1:
- Auth providers.
- RBAC/ABAC policy engines.
- Real permission enforcement.
- Encryption, KMS, secret storage, token creation, or revocation.
- Scanner, DLP, SIEM, and compliance systems.
- Real audit persistence.
Future Provider Adapters
- Backend auth/session provider.
- RBAC/ABAC provider.
- Policy engine adapter.
- Audit log provider.
- Cloudflare Access / Zero Trust integration.
- Secret/token provider.
- Workspace security policy provider.
- AI safety policy router.
Data Model Sketch
OsSecurityPrincipal
-> OsPermissionGrant
-> OsPermissionSet
-> OsSecurityResourceRef
OsSecurityEvent
-> OsAuditEvent
-> OsSecuritySummary
OsSecurityPolicyNotice
-> OsAccessReviewRequest
-> OsSecurityUiEvent
-> OsAction intent
OsSecuritySession
-> OsSecurityDevice
OsIntegrationToken
-> OsTokenScopePrivacy, Permission, Audit, and Trust Considerations
- Never display real secrets in UI primitives or mock data.
- Treat public-link and public-indexed states as warnings, not proof of backend exposure.
- Treat trust and risk values as view-model metadata, not a security decision.
- Keep sensitive context wording explicit: this package can show the warning, but runtime policy decides whether data may be used.
- Real audit logs need backend durability and tamper resistance; this package only displays event rows.