Security & Trust

CRAFT is designed around a trust model where you control what executes, what data is accessed, and what leaves your machine. This page explains the security architecture for technical evaluators, IT reviewers, and security-conscious teams.

In plain language

  • Automations run on your machine, inside Revit or Civil 3D. Never in our cloud.
  • Every action shows you exactly what will change — and what (if anything) leaves your computer — before it runs.
  • Telemetry is off by default. There is no “run anyway” override on the safety check.
  • Every published automation is signed and locked, so you always know you’re running what your team approved.
For security reviewers (technical summary)

All automations execute locally inside the host application. Cloud services are passive — artifact registry, license validation, and trust anchor distribution only. All published artifacts are SHA-256 content-addressed and ES256 signed. Telemetry is off by default. Every network interaction is disclosed through the mandatory Preview/Validate Gate before execution proceeds.

Local Execution Boundary

All automation execution happens on your machine inside your CAD host process. There is no cloud execution path, remote code evaluation, or server-side processing of your project data.

What Runs Locally

  • Automation execution
  • Plan composition (template-first)
  • Preview/Validate Gate checks
  • Artifact signature verification
  • Model/project file access

What the Server Provides

  • Artifact registry (store and serve signed artifacts)
  • License activation and token refresh
  • Trust anchor distribution (public keys)
  • Artifact versioning and deprecation metadata

The server does not receive, process, or store your project files, model data, drawing content, or execution results. It is a passive store and governance surface.

The Preview/Validate Gate

The Gate is a mandatory checkpoint that blocks all consequential operations — run, export, import, and publish — until the user reviews the execution plan. It is not advisory; it is enforced.

Preview

Shows what operations will be performed, what files or elements will be affected, what host context is required, and what data (if any) would leave your machine.

Validate

Structural and semantic checks confirm the plan is well-formed, dependencies resolve, and required host context is available. Validation is strictly read-only — it inspects but never modifies your environment.

Gate Outputs (detailed explanation)

1. Dependencies All packages and components with pinned versions.
2. Inputs and Outputs Expected inputs and what the automation will produce or modify.
3. CAD Environment Requirements Required CAD host version, APIs, and environment data.
4. What Will Change Comparison showing modifications versus current state.
5. Data Leaving Your Machine Network destinations, host environment data, and telemetry. Always shown, even when the answer is “nothing.”
6. Execution Status Whether the automation is cleared to run or blocked. If blocked, there is no override.
7. Suggested Fixes Actionable remediation steps. CRAFT does not apply fixes automatically.

Fail-Closed by Design

If the Gate cannot prove that an automation is safe — because a dependency is missing, host context is unavailable, the license is insufficient, or a structural check fails — it blocks execution. There is no "proceed anyway" override. If safety, determinism, or compatibility cannot be confirmed, the operation does not proceed.

Artifact Integrity

Every published automation artifact is cryptographically signed and content-addressed. The integrity chain covers the full lifecycle from publish through download to execution.

Content Addressing

Each artifact is identified by a SHA-256 content hash. Any modification to the artifact content invalidates the hash, making tampering detectable.

Cryptographic Signatures

Artifacts are signed using industry-standard cryptographic keys managed by CRAFT. Trust anchors have a managed lifecycle with rotation and revocation support.

Immutable on Publish

Once published, an artifact version cannot be overwritten or modified. Attempting to publish an existing version returns a conflict error. Updates require a new SemVer version.

Client-Side Verification

The CRAFT client verifies artifact signatures locally using public trust anchors before allowing import or execution. A downloaded artifact is never trusted without local verification. Trust anchors can be fetched from the server or embedded in the client.

Trust anchors are available via a public API for independent verification. The endpoint is unauthenticated and returns public keys only.

Privacy, Telemetry & Egress

No Telemetry by Default

CRAFT does not collect or send telemetry unless you explicitly opt in. There is no silent analytics, no crash reporting by default, and no usage tracking. The default configuration is:

telemetry: { enabled: false }

No Host-Context Egress

Project files, model content, file paths, and environment data do not leave your machine by default. The default configuration is:

Host environment sharing: disabled by default

Egress Disclosure Panel

Every operation that passes through the Gate includes an egress disclosure panel. This panel is always present — even when all egress fields are false. It shows:

  • Network activity — whether data is sent to external destinations, and which URLs
  • Host environment data — whether your CAD environment information is transmitted, and which fields
  • Usage telemetry — whether telemetry data is collected, and where it is stored

Egress opt-in is per-operation, not persistent. Each time you run, export, import, or publish, the Gate shows the egress profile for that specific operation. Acknowledging egress for one operation does not enable it for future operations.

Deterministic Execution

CRAFT enforces a determinism contract: given the same task description, software version, and CAD environment, CRAFT produces the same execution plan, dependency set, and content hash. This is not aspirational — it is enforced by the canonicalization and hashing contracts.

Canonical Form

Plans are normalized to a standard format before hashing. Optional fields set to their default values are elided. This ensures that semantically identical plans always produce the same hash.

Pinned Dependencies

At generation time, CRAFT selects the highest compatible version of each component and pins it in a lockfile. Re-runs with the same lockfile produce identical results.

AI Scope

What CRAFT’s AI does, what it does not do, and where the boundary is enforced.

CRAFT is an AI-assisted automation tool with a hard boundary. The intelligence layers (interpretation, retrieval, ranking, proposal) may use AI. The execution layers (deterministic compilation, the Preview/Validate Gate, signed execution) may not. AI is never the publisher and never the authority on what runs.

What AI does

  • Interprets plain-language task descriptions (rule-based parsing first; AI classification fills gaps)
  • Retrieves and ranks reuse candidates from your library by similarity
  • Drafts capability contracts subject to schema and structural safety checks
  • Generates test candidates that humans approve before they enter the Gate
  • Proposes compositions whose typed contracts the deterministic compiler validates
  • Discovers near-duplicate clusters and proposes generalizations under human approval

What AI does not do

  • Author the executable plan that actually runs
  • Modify Dynamo, package, or script contents directly
  • Edit the deterministic execution graph as a user-facing authoring tool
  • Bypass, override, or shortcut the Preview/Validate Gate
  • Publish to your library as the sole authority — humans approve every promotion
  • Run in the cloud — there is no cloud execution path

The contract: AI proposes. The deterministic compiler and the Gate decide. You approve. Every AI-drafted artifact is checked for declared side effects against the host API catalog, for determinism plausibility, and for confidence on each field; low-confidence fields are flagged for mandatory human review. Drafts that fail any check do not become signed automations.

Frequently Asked Questions

Common questions from IT and security reviewers.

Does CRAFT send my project files to your servers?

No. Project files, model data, drawing content, and execution results stay on your machine. The server stores and serves signed automation artifacts. It does not receive, process, or store your project data.

Can an automation send data to an external server without my knowledge?

No. Every network egress destination is declared in the automation's egress profile and shown in the Gate's egress disclosure panel before execution. If an automation declares network egress, you must acknowledge it before the Gate allows the operation to proceed. There is no silent network access.

What happens if the CRAFT server is unreachable?

CRAFT works offline for up to 7 days after the last successful license token refresh. Locally cached artifacts can be executed without server contact. After the 7-day window, the Gate hard-blocks seat-required operations until a refresh succeeds.

Can I verify artifact signatures independently?

Yes. Trust anchors (public keys) are available via a public, unauthenticated API. You can verify artifact signatures independently using standard cryptographic libraries.

Does CRAFT use AI or LLM for automation generation?

Yes — in bounded ways. CRAFT uses AI to interpret plain-language task descriptions, search and rank reuse candidates from your library, draft capability contracts (subject to safety checks), generate test candidates for human approval, and propose compositions that the deterministic compiler then validates. AI never authors the executable plan, never modifies script contents, never bypasses the Gate, and is never the sole publisher. Execution plans are produced deterministically from a template-first composition model. See AI Scope for the full boundary.

Can I override the Gate if I trust an automation?

No. The Gate is fail-closed with no override. If a dependency is missing, a host condition is not met, or a license check fails, the operation is blocked until the issue is resolved. This is by design — trust is earned through inspection, not bypassed.

How is the license token refresh disclosed?

License token refresh is a network call to the CRAFT server and is subject to Gate egress disclosure. It is not a silent background operation — the refresh is disclosed like any other network interaction.

Download & Install Confidence

The CRAFT installer is code-signed and ships with a SHA-256 checksum. After installation, automation artifacts are verified client-side using ES256 signatures against published trust anchors before any execution is permitted.

See the Download page for verification details, or review the documentation for the full trust anchor lifecycle and signature verification process.

Report a Vulnerability

Security researchers are welcome here. If you believe you have found a security issue in CRAFT, we want to hear about it. We do not run a paid bug bounty at this time, but we respond to every legitimate report, we do not pursue legal action against researchers who follow this policy, and we credit reporters publicly when they want credit.

Contact

Email reports to our security address. For sensitive reports, use our PGP key (linked from security.txt) to encrypt your submission.

security@cadcraft.ai

Machine-readable contact: /.well-known/security.txt

What to Include

  • A clear description of the issue
  • Steps to reproduce
  • Affected component and version
  • Any proof-of-concept you can share safely
  • Your preferred contact method and whether you want credit

Scope

In Scope

  • cadcraft.ai and all subdomains we operate (api.cadcraft.ai, status.cadcraft.ai when live)
  • The CRAFT desktop installer and add-in for Revit and Civil 3D
  • Signed automation artifacts distributed through the CRAFT registry
  • The Preview/Validate Gate and the deterministic execution pipeline
  • License validation and trust-anchor APIs

Out of Scope

  • Third-party services (Cloudflare, Fly.io, Plausible, Formspree) — report those to the vendor
  • Social engineering attacks against CRAFT staff or customers
  • Physical attacks against CRAFT premises
  • Denial-of-service attacks or volumetric testing
  • Automated vulnerability scanner output without manual verification
  • Reports that require a user to ignore clear security warnings

Our Commitments to You

  • We will acknowledge receipt of your report within one business day.
  • We will provide an initial triage assessment within five business days.
  • We will keep you updated on remediation progress at least every 14 days.
  • We will coordinate a public disclosure timeline with you, targeting 90 days from initial report to public advisory, unless you agree to a different timeline or the issue is already public.
  • We will credit you in the security advisory and release notes if you want credit.
  • We will not pursue legal or administrative action against you for research conducted in accordance with this policy.

Safe Harbor

We want researchers to investigate our products without fear of legal reprisal. If you conduct security research in accordance with this policy, CRAFT will consider your research to be authorized and will not initiate or pursue any legal action against you, including under:

If a third party initiates legal action against you for research conducted under this policy, we will make this authorization known to the relevant parties and courts.

To qualify for this safe harbor, your research must:

This policy is inspired by industry standards including the disclose.io Core Terms and the Department of Justice’s CFAA policy for good-faith security research. If you are unsure whether a specific action is authorized, email us at security@cadcraft.ai before you conduct it and we will work with you in good faith.

Ready for Your IT Review?

We'll walk your security team through the trust model, data handling, and deployment architecture.

Schedule a Security Walkthrough Request Early Access