diff --git a/docs/security/audit-logs.md b/docs/security/audit-logs.md new file mode 100644 index 0000000..7b14682 --- /dev/null +++ b/docs/security/audit-logs.md @@ -0,0 +1,117 @@ +--- +id: audit-logs +title: Audit Logs +sidebar_position: 2 +--- + +Audit logs provide visibility into security-relevant and administrative actions +performed within Cube AI. They help administrators and operators monitor +activity, investigate issues, and support compliance and accountability +requirements. + +--- + +## Audit Logs Overview + +Audit logs record important events that occur within the Cube AI system, +particularly those related to: + +- User activity +- Domain-level changes +- Access control and security-sensitive operations + +Audit logging is **domain-scoped**, meaning events are associated with the domain +in which they occurred. + +--- + +## What Is Recorded + +Depending on configuration and permissions, audit logs may include events such as: + +- User login and logout activity +- Domain creation or deletion +- Changes to domain membership +- Role assignments or updates +- Administrative actions performed through the UI +- Security-related configuration changes + +Each audit log entry typically captures: + +- The type of action performed +- The user who performed the action +- The affected resource or domain +- A timestamp of when the action occurred + +--- + +## Accessing Audit Logs + +Audit logs are accessible through the Cube AI UI to users with sufficient +permissions. + +Access to audit logs is restricted to authorized roles to ensure sensitive +information is not exposed to unauthorized users. + +--- + +## Using Audit Logs + +Audit logs can be used to: + +- Review recent administrative activity +- Investigate unexpected behavior or configuration changes +- Track access-related events +- Support security reviews and incident analysis + +Audit logs provide an immutable record of events and are intended for +observability rather than real-time monitoring. + +--- + +## Audit Logs and Roles + +Visibility into audit logs depends on the user’s role within a domain. + +Typically: + +- Administrative roles can view audit logs +- Standard users may not have access to audit information + +For more details on role-based permissions, see: +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +--- + +## Audit Logs and Domain Context + +All audit log entries are associated with a specific domain. + +When switching domains: + +- The visible audit logs change accordingly +- Only events related to the active domain are shown + +This ensures isolation and clarity when managing multiple domains. + +--- + +## Security and Compliance + +Audit logging is a key component of Cube AI’s security posture. + +By maintaining a record of critical actions, audit logs help: + +- Detect misuse or misconfiguration +- Support forensic analysis +- Demonstrate accountability and operational transparency + +--- + +## Next Steps + +To understand how permissions affect access to audit information, review: +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +For domain-level workflows, see: +πŸ‘‰ **UI β†’ Domains** diff --git a/docs/security/roles-and-access-control.md b/docs/security/roles-and-access-control.md new file mode 100644 index 0000000..f4b2989 --- /dev/null +++ b/docs/security/roles-and-access-control.md @@ -0,0 +1,125 @@ +--- +id: roles-and-access-control +title: Roles and Access Control +sidebar_position: 1 +--- + +Cube AI uses role-based access control (RBAC) to manage what users can see and do +within a domain. Roles define permissions at the domain level and ensure that +actions are performed only by authorized users. + +--- + +## Role-Based Access Control Overview + +Access control in Cube AI is **domain-scoped**. + +This means that: + +- Users can belong to one or more domains +- A user may have different roles in different domains +- Permissions apply only within the currently active domain + +Roles determine which UI features and actions are available to a user. + +--- + +## Roles in Cube AI + +Cube AI provides a set of predefined roles that control access to domain features. + +While the exact role names and permissions may vary depending on deployment and +configuration, roles typically differentiate between: + +- **Administrative users** – users with elevated permissions +- **Standard users** – users with access to core functionality +- **Restricted users** – users with limited or read-only access + +--- + +## Common Permissions + +Roles may control access to actions such as: + +- Creating or managing domains +- Inviting or managing domain members +- Assigning or changing user roles +- Accessing administrative UI sections +- Viewing or managing security-related information +- Interacting with models and chat interfaces + +Not all users have access to all features. The UI dynamically reflects the +permissions granted by the user’s role. + +--- + +## Domain Membership + +Users must be members of a domain to access its resources. + +Within a domain: + +- Each user is assigned a specific role +- Role assignments apply only to that domain +- Removing a user from a domain immediately revokes domain access + +Domain membership and role assignments are managed through the Cube AI UI by users +with sufficient permissions. + +--- + +## UI Behavior Based on Roles + +The Cube AI UI adapts based on the active user’s role. + +Depending on permissions: + +- Certain navigation items may be hidden +- Some actions may be disabled or unavailable +- Administrative sections may only be visible to authorized users + +This ensures that users only interact with features they are allowed to access. + +--- + +## Role Changes + +When a user’s role is updated: + +- The change takes effect immediately +- UI visibility and available actions are updated accordingly +- No page reload may be required, depending on the UI state + +Role changes affect only the selected domain. + +--- + +## Access Control and Security + +Role-based access control helps enforce security boundaries by: + +- Limiting access to sensitive operations +- Reducing the risk of accidental or unauthorized changes +- Ensuring clear separation of responsibilities within a domain + +RBAC works together with other Cube AI security mechanisms, such as authentication +and auditing, to provide a controlled and observable environment. + +--- + +## Auditing and Role-Related Events + +Changes to domain membership and roles may be recorded as security-relevant events. + +For details on how such events are tracked, see: +πŸ‘‰ **Security & Access β†’ Audit Logs** + +--- + +## Next Steps + +To understand how access-related actions are monitored, continue with: +πŸ‘‰ **Security & Access β†’ Audit Logs** + +For domain workflows, see: +πŸ‘‰ **UI β†’ Domains** diff --git a/docs/ui/domains.md b/docs/ui/domains.md new file mode 100644 index 0000000..500c7a4 --- /dev/null +++ b/docs/ui/domains.md @@ -0,0 +1,129 @@ +--- +id: domains +title: Domains +sidebar_position: 2 +--- + +Domains are a core organizational concept in Cube AI. A domain represents an +isolated workspace where users interact with models, manage access, and perform +LLM-powered operations. + +Domains provide logical isolation between different teams or workloads while +sharing the same Cube AI deployment. + +--- + +## What is a Domain? + +A **domain** acts as an isolated environment that groups: + +- Users and their roles +- Models and backend configurations +- Chat and inference activity + +All interactions in Cube AI happen **within the context of a selected domain**. +This ensures clear separation between different teams, projects, or use cases. + +--- + +## Accessing Domains + +After logging in, users are presented with the Cube AI dashboard, where available +domains are listed. + +From the dashboard, users can: + +- Open an existing domain +- Create a new domain (if permitted) + +The currently active domain defines the scope of all actions in the UI. + +For a step-by-step onboarding flow, see: +πŸ‘‰ **Getting Started** + +--- + +## Creating a Domain + +To create a new domain: + +1. Log in to the Cube AI UI. +2. From the dashboard, click **Create Domain**. +3. Enter a **Name** and **Route** for the domain. +4. Click **Create**. +5. When the domain appears in the list, click **Open Domain**. + +Once opened, you are redirected into the domain workspace. + +![Create domain screen](/img/getting-started-create-domain.png) + +--- + +## Domain Workspace + +After opening a domain, the UI switches into the domain context. + +Inside a domain, users can: + +- Access the chat interface +- Select and interact with available models +- Perform domain-scoped operations + +Navigation within the domain is handled through the left-side menu. + +![Chat interface](/img/getting-started-chat.png) + +--- + +## Domain Context + +The active domain determines: + +- Which users and roles apply +- Which models are available +- Which resources and actions are visible in the UI + +Switching domains changes this context entirely, ensuring isolation between +different environments. + +:::note +Switching domains updates the entire UI context, including available models, +users, and permissions. +::: + +--- + +## Domain Membership and Roles + +Users belong to one or more domains and may have different roles in each domain. +Roles define what actions a user is allowed to perform within that domain. + +Details about roles and permissions are documented in: + +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +--- + +## Typical Domain Workflow + +A common user flow in Cube AI looks like this: + +1. Log in to the Cube AI UI +2. Select or create a domain +3. Enter the domain workspace +4. Interact with models and services within that domain +5. Switch domains as needed + +--- + +## Next Steps + +After creating and entering a domain, you can explore: + +- User actions and profile management +- Role-based access control +- Audit logs and security events +- API access scoped to domains + +For first-time users, see: +πŸ‘‰ **UI β†’ User Actions** diff --git a/docs/ui/overview.md b/docs/ui/overview.md new file mode 100644 index 0000000..36ab541 --- /dev/null +++ b/docs/ui/overview.md @@ -0,0 +1,127 @@ +--- +id: overview +title: UI Overview +sidebar_position: 1 +--- + +The Cube AI user interface provides a web-based environment for interacting with +large language models, managing domains, and performing user and +domain-scoped operations. + +This section gives a high-level overview of the Cube AI UI structure and common +user workflows. + +--- + +## UI Structure + +The Cube AI UI is organized around a few core concepts: + +- **Authentication** – users log in using their credentials +- **Domains** – isolated workspaces that define context and scope +- **Navigation** – access to domain-specific features through the UI menu +- **Actions** – user and domain operations performed through the interface + +All user interactions occur either before selecting a domain (authentication) +or within the context of an active domain. + +--- + +## Authentication Flow + +Users begin by accessing the Cube AI login screen. + +After successful authentication: + +- The user is redirected to the dashboard +- Available domains are displayed +- The user selects or creates a domain to continue + +Account-related actions such as sign up, verification, password reset, and +profile management are documented in: + +πŸ‘‰ **UI β†’ User Actions** + +--- + +## Domain-Centric Navigation + +Once a domain is opened, the UI switches into **domain context**. + +Within this context: + +- All visible resources belong to the active domain +- Available actions depend on the user’s role in that domain +- Models and services are scoped to the domain + +Switching domains updates the entire UI context accordingly. + +For more details, see: +πŸ‘‰ **UI β†’ Domains** + +--- + +## Common User Workflows + +Typical workflows in the Cube AI UI include: + +- Logging in and selecting a domain +- Creating and managing domains +- Interacting with models through the chat interface +- Switching models within a domain +- Managing users and roles (if permitted) +- Viewing system and security-related events + +Each workflow is documented in its respective section of the UI documentation. + +--- + +## Roles and Permissions + +Access to UI features is controlled by role-based permissions. + +Depending on their assigned role, users may be able to: + +- Create or manage domains +- Invite or manage other users +- Access administrative or security features + +Role definitions and permissions are covered in: + +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +--- + +## Security and Auditing + +Cube AI provides visibility into security-relevant actions through audit logs. + +Audit logs help track: + +- User activity +- Domain-level changes +- Security-sensitive operations + +For details, see: +πŸ‘‰ **Security & Access β†’ Audit Logs** + +--- + +## Developer-Focused UI Documentation + +This section focuses on **user-facing UI behavior**. + +Developer-oriented documentation related to UI integration and customization, +such as the Chat UI, is available in: + +πŸ‘‰ **Developer Guide β†’ Chat UI** + +--- + +## Next Steps + +To continue exploring the Cube AI UI: + +- Start with **UI β†’ Domains** to understand domain workflows +- Review **UI β†’ User Actions** for account-related operations +- Explore **Security & Access** for roles and auditing features diff --git a/docs/ui/user-actions.md b/docs/ui/user-actions.md new file mode 100644 index 0000000..d0baedb --- /dev/null +++ b/docs/ui/user-actions.md @@ -0,0 +1,139 @@ +--- +id: user-actions +title: User Actions +sidebar_position: 3 +--- + +This section describes common user-facing actions in the Cube AI UI, including +authentication, account verification, password management, and profile-related +operations. + +--- + +## Login + +### Login purpose + +Authenticate to Cube AI using an email and password. + +### Login location in the UI + +Login page. + +![Cube AI login screen](/img/getting-started-login.png) + +### Login steps + +1. Open the Cube AI UI. +2. Enter your email address and password. +3. Click **Sign in**. + +### Login expected result + +You are authenticated and redirected to the dashboard or your last active domain. + +--- + +## Sign up + +### Sign up purpose + +Create a new Cube AI user account. + +### Sign up steps + +1. Open the Cube AI UI. +2. Click **Sign up**. +3. Enter your email address and password. +4. Submit the registration form. + +### Sign up expected result + +A new account is created and a verification email is sent. + +--- + +## Account verification + +### Account verification purpose + +Verify ownership of the email address associated with a user account. + +### Account verification how it works + +After registration, Cube AI sends a verification email containing a secure link. + +### Account verification steps + +1. Open the verification email. +2. Click the verification link. +3. Return to the Cube AI UI. + +### Account verification expected result + +The account is marked as verified and full access is enabled. + +--- + +## Password reset + +### Password reset purpose + +Regain access to an account if the password is forgotten. + +### Password reset location in the UI + +Login page β†’ **Forgot password**. + +### Password reset steps + +1. Click **Forgot password**. +2. Enter your email address. +3. Follow the instructions received by email. + +### Password reset expected result + +You can set a new password and log in again. + +--- + +## Profile management + +### Profile management purpose + +Manage personal account settings. + +### Profile management how to access + +After logging in, users can access profile-related actions from the user menu in +the UI (typically available via the user icon). + +### Profile management available actions + +Depending on configuration and permissions, users may be able to: + +- View their account information +- Update personal details +- Change their password +- View account verification status +- Log out of the application + +Profile actions affect only the user account and do **not** modify domain +membership or role assignments. + +--- + +## Logout + +### Logout purpose + +End the current authenticated session. + +### Logout steps + +1. Open the user menu. +2. Click **Log out**. + +### Logout expected result + +The session is terminated and the user is redirected to the login page. diff --git a/sidebars.ts b/sidebars.ts index 36d3fcd..cd44573 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -62,6 +62,27 @@ const sidebars: SidebarsConfig = { 'developer-guide/auth-and-request-flow', ], }, + + // --- UI --- + { + type: 'category', + label: 'UI', + items: [ + 'ui/overview', + 'ui/domains', + 'ui/user-actions', + ], + }, + + // --- Security & Access --- + { + type: 'category', + label: 'Security & Access', + items: [ + 'security/roles-and-access-control', + 'security/audit-logs', + ], + }, ], };