Security & Trust
CRAFT is designed around a trust model where you control what executes, what data is accessed, and what leaves your machine. This page explains the security architecture for technical evaluators, IT reviewers, and security-conscious teams.
Summary for IT / Security reviewers: All automations execute locally inside the host application. Cloud services are passive — artifact registry, license validation, and trust anchor distribution only. All published artifacts are SHA-256 content-addressed and ES256 signed. Telemetry is off by default. Every network interaction is disclosed through the mandatory Preview/Validate Gate before execution proceeds.
Local Execution Boundary
All automation execution happens on your machine inside your CAD host process. There is no cloud execution path, remote code evaluation, or server-side processing of your project data.
What Runs Locally
- ✓ Automation execution
- ✓ Plan generation (template-first)
- ✓ Preview/Validate Gate checks
- ✓ Artifact signature verification
- ✓ Model/project file access
What the Server Provides
- Artifact registry (store and serve signed artifacts)
- License activation and token refresh
- Trust anchor distribution (public keys)
- Artifact versioning and deprecation metadata
The server does not receive, process, or store your project files, model data, drawing content, or execution results. It is a passive store and governance surface.
The Preview/Validate Gate
The Gate is a mandatory checkpoint that blocks all consequential operations — run, export, import, and publish — until the user reviews the execution plan. It is not advisory; it is enforced.
Preview
Shows what operations will be performed, what files or elements will be affected, what host context is required, and what data (if any) would leave your machine.
Validate
Structural and semantic checks confirm the plan is well-formed, dependencies resolve, and required host context is available. Validation is strictly read-only — it inspects but never modifies your environment.
Gate Outputs (detailed explanation)
Fail-Closed by Design
If the Gate cannot prove that an automation is safe — because a dependency is missing, host context is unavailable, the license is insufficient, or a structural check fails — it blocks execution. There is no "proceed anyway" override. If safety, determinism, or compatibility cannot be confirmed, the operation does not proceed.
Artifact Integrity
Every published automation artifact is cryptographically signed and content-addressed. The integrity chain covers the full lifecycle from publish through download to execution.
Content Addressing
Each artifact is identified by a SHA-256 content hash. Any modification to the artifact content invalidates the hash, making tampering detectable.
Cryptographic Signatures
Artifacts are signed using industry-standard cryptographic keys managed by CRAFT. Trust anchors have a managed lifecycle with rotation and revocation support.
Immutable on Publish
Once published, an artifact version cannot be overwritten or modified. Attempting to publish an existing version returns a conflict error. Updates require a new SemVer version.
Client-Side Verification
The CRAFT client verifies artifact signatures locally using public trust anchors before allowing import or execution. A downloaded artifact is never trusted without local verification. Trust anchors can be fetched from the server or embedded in the client.
Trust anchors are available via a public API for independent verification. The endpoint is unauthenticated and returns public keys only.
Privacy, Telemetry & Egress
No Telemetry by Default
CRAFT does not collect or send telemetry unless you explicitly opt in. There is no silent analytics, no crash reporting by default, and no usage tracking. The default configuration is:
telemetry: { enabled: false }
No Host-Context Egress
Project files, model content, file paths, and environment data do not leave your machine by default. The default configuration is:
Host environment sharing: disabled by default
Egress Disclosure Panel
Every operation that passes through the Gate includes an egress disclosure
panel. This panel is always present — even when all egress fields are
false. It shows:
- Network activity — whether data is sent to external destinations, and which URLs
- Host environment data — whether your CAD environment information is transmitted, and which fields
- Usage telemetry — whether telemetry data is collected, and where it is stored
Egress opt-in is per-operation, not persistent. Each time you run, export, import, or publish, the Gate shows the egress profile for that specific operation. Acknowledging egress for one operation does not enable it for future operations.
Deterministic Execution
CRAFT enforces a determinism contract: given the same task description, software version, and CAD environment, CRAFT produces the same execution plan, dependency set, and content hash. This is not aspirational — it is enforced by the canonicalization and hashing contracts.
Canonical Form
Plans are normalized to a standard format before hashing. Optional fields set to their default values are elided. This ensures that semantically identical plans always produce the same hash.
Pinned Dependencies
At generation time, CRAFT selects the highest compatible version of each component and pins it in a lockfile. Re-runs with the same lockfile produce identical results.
Frequently Asked Questions
Common questions from IT and security reviewers.
Does CRAFT send my project files to your servers?
No. Project files, model data, drawing content, and execution results stay on your machine. The server stores and serves signed automation artifacts. It does not receive, process, or store your project data.
Can an automation send data to an external server without my knowledge?
No. Every network egress destination is declared in the automation's egress profile and shown in the Gate's egress disclosure panel before execution. If an automation declares network egress, you must acknowledge it before the Gate allows the operation to proceed. There is no silent network access.
What happens if the CRAFT server is unreachable?
CRAFT works offline for up to 7 days after the last successful license token refresh. Locally cached artifacts can be executed without server contact. After the 7-day window, the Gate hard-blocks seat-required operations until a refresh succeeds.
Can I verify artifact signatures independently?
Yes. Trust anchors (public keys) are available via a public, unauthenticated API. You can verify artifact signatures independently using standard cryptographic libraries.
Does CRAFT use AI or LLM for automation generation?
CRAFT uses a template-first generation model. Execution plans are generated deterministically from structured templates. AI assists with task classification when needed, but rule-based validation always applies. AI never generates execution plans, writes code, or bypasses the Gate.
Can I override the Gate if I trust an automation?
No. The Gate is fail-closed with no override. If a dependency is missing, a host condition is not met, or a license check fails, the operation is blocked until the issue is resolved. This is by design — trust is earned through inspection, not bypassed.
How is the license token refresh disclosed?
License token refresh is a network call to the CRAFT server and is subject to Gate egress disclosure. It is not a silent background operation — the refresh is disclosed like any other network interaction.
Download & Install Confidence
The CRAFT installer is code-signed and ships with a SHA-256 checksum. After installation, automation artifacts are verified client-side using ES256 signatures against published trust anchors before any execution is permitted.
See the Download page for verification details, or review the documentation for the full trust anchor lifecycle and signature verification process.
Questions for Your Security Review?
We're happy to answer IT and security questions directly. Or request early access to evaluate the trust model hands-on.