Snap2Sim / SECURITY.md
jasondo
Finalize docs and archive prompts
7006f4b
|
Raw
History Blame Contribute Delete
4.44 kB
# Security Notes
This project is a public hackathon demo. Treat the repo, README, screenshots,
and Codex-visible files as public unless explicitly told otherwise.
## Do Not Commit Or Expose
- Modal tokens, Hugging Face tokens, API keys, passwords, OAuth credentials, or
private SSH keys.
- Local credential files such as `.modal.toml`, `.huggingface/token`,
`.netrc`, `.env`, `.envrc`, or shell profile exports containing secrets.
- Modal or Hugging Face dashboard pages that include account-private billing,
workspace settings, tokens, or secret values.
- Raw user-uploaded photos unless the user explicitly asks to add sample images
to the repo.
- Full model outputs if they include private user content, uploaded image
details, or long traces that are not needed for debugging.
- Modal Volume contents, downloaded GGUF files, Hugging Face cache directories,
or any other large runtime assets.
## Endpoint Access
The deployed Modal endpoint URLs are public HTTP entry points at the network
level, but every Modal web endpoint must require:
```text
Authorization: Bearer <SNAP2SIM_API_TOKEN>
```
`SNAP2SIM_API_TOKEN` must be stored only as:
- Modal secret: `snap2sim-api-auth`
- Hugging Face Space secret: `SNAP2SIM_API_TOKEN`
Do not document the live Modal endpoint URLs in public files unless the user
explicitly asks. The URLs are not credentials, but keeping them out of public
docs reduces casual discovery, and the bearer token is the real protection
against credit-spending spam.
The public Hugging Face Space is now under
`build-small-hackathon/Snap2Sim`, served at
`https://build-small-hackathon-snap2sim.hf.space`. Keep GitHub as the source of
truth and do not edit files directly on the Space.
The Space endpoints are same-origin browser APIs, not public credentials. Keep
the server-side rate limits, upload-size caps, and image decompression-bomb
guards in `app.py` active. These controls reduce abuse of the Space as a
trusted Modal proxy but do not replace the Modal bearer token.
## Environment Variables
Safe to expose in public docs or `.env.example`:
- `INFERENCE_BACKEND`
- `MODAL_ANALYZE_URL`
- `MODAL_GENERATE_URL`
- `INFERENCE_TIMEOUT_SECONDS`
- `SNAP2SIM_MODEL_REPO`
- `SNAP2SIM_GGUF_QUANT`
- `SNAP2SIM_MMPROJ_FILE`
- `SNAP2SIM_RUNTIME_GPU`
Keep private and configure only through local secret stores, Modal secrets, or
Hugging Face Space secrets:
- `MODAL_TOKEN_ID`
- `MODAL_TOKEN_SECRET`
- `SNAP2SIM_API_TOKEN`
- `HF_TOKEN`
- `HUGGING_FACE_HUB_TOKEN`
- Any future provider key such as `OPENAI_API_KEY`, `ANTHROPIC_API_KEY`, or
hosted inference credentials.
## GitHub Actions
The GitHub-to-Hugging Face sync workflow uses a GitHub Actions secret named
`HF_TOKEN`. Store that token only in GitHub repository or organization secrets.
Do not hardcode it in `.github/workflows/sync_to_hf.yml`, README files,
environment templates, prompts, or local scripts.
The workflow is one-way only: GitHub `main` pushes to the Hugging Face Space.
Do not configure jobs that pull changes back from Hugging Face into GitHub.
## Agent Guidance
- Prefer Hugging Face Space variables for public configuration and Space secrets
for credentials.
- The `index.html` / `gradio.Server` frontend is public client-side
code. Never embed `SNAP2SIM_API_TOKEN`, Modal endpoint URLs, Hugging Face
tokens, or any credential-bearing values in HTML, JavaScript, CSS, bundled
static assets, browser local storage, or query strings. Browser JS should call
same-origin `@app.api()` endpoints; server-side Python should attach secrets
when calling Modal.
- Do not inject model-authored HTML, JavaScript, or A-Frame markup into the DOM.
Scene rendering should stay deterministic Three.js built from validated JSON.
- Do not print secret-bearing environment variables in logs.
- Do not paste full Modal or Hugging Face auth files into issues, docs, prompts,
or Codex summaries.
- When sharing logs, trim them to the failing stack trace and remove uploaded
image payloads, base64 strings, tokens, cookies, and account-private URLs.
- Before adding new dependencies or services, document whether they require
credentials and where those credentials should live.
## Reporting
For this hackathon repo, report suspected leaks directly to the repository owner
or workspace owner. If a token was exposed, rotate it immediately in the
provider dashboard and remove the leaked value from git history.