Documentation
ISA Warden Documentation.
Answers about local-first AI, accounts, onboarding, workspaces, models, documents, agents, tools, administration, extensions, self-hosted dashboard servers, privacy, updates, and troubleshooting.
This documentation is based on ISA Warden’s product architecture, application interface text, dashboard administration model, extension specification, and shared tool definitions. The supporting implementation details are available in the project source files.
Subjects the documentation covers
This documentation for ISA Warden covers these subjects:
- Product overview and purpose
- Platform, installation, and local-first behavior
- Account modes: local, cloud, offline, login, registration
- Onboarding: account, workspace, and model setup
- Workspaces, groups, roles, members, and invitations
- Chat, threads, conversations, message history, and conversation settings
- AI models: local GGUF models, cloud/private models, model downloads, loading, unloading, memory, vision, and tool-calling support
- Documents, files, retrieval, document processing, and supported uploads
- Agents: purpose, instructions, creativity, tools, and group availability
- Built-in tools: calculator, web search, webpage extraction, browser extraction, and document tools
- Dashboard administration: resources, permissions, feedback, artifacts, storage endpoints, servers, and extensions
- Security, privacy, permissions, data location, local data deletion, and account deletion
- Extensions: what they are, installation, permissions, bridge APIs, native code, and workspace file access
- Updates, notifications, downloads, changelogs, and troubleshooting
- Appearance, accessibility-adjacent preferences, language support, and settings
- Common errors and recovery paths
- Developer and administrator notes, where relevant, with clear distinction from end-user behavior
General product FAQ
What is ISA Warden?
ISA Warden is a local-first AI desktop platform. Its primary user-facing app is chat-ui-3, a SvelteKit and Tauri desktop application, with Rust-based local backend logic in chat-ui-3/src-tauri. It combines chat, local or remote AI models, workspaces, document handling, agents, tools, dashboard administration, and extensions.
What does “local-first” mean in ISA Warden?
Local-first means the app is designed to keep core AI interaction and application behavior available on the user’s computer where possible. Local models, local app data, and desktop integration are central parts of the product. Some features, such as dashboard workspaces, cloud accounts, artifact storage, invitations, private servers, or shared resources, may require network access or a dashboard service.
Is ISA Warden only a chatbot?
No. Chat is the primary interaction surface, but the app also includes workspaces, groups, roles, model management, document retrieval, agents, tools, extension hosting, file and artifact management, feedback review, and private server integration.
Which app is the main interface?
The main interface is chat-ui-3, built with SvelteKit, TypeScript, Vite, and Tauri. The desktop shell and local backend are implemented under chat-ui-3/src-tauri.
What backend services are involved?
ISA Warden has a dashboard stack in isa_dashboard. It provides Rust gRPC server/client infrastructure, protocol definitions, dashboard routes, workspace management, resource management, permissions, and related service-side functionality.
Can the app still work if the dashboard is inaccessible?
Yes, the UI contains an explicit dashboard-inaccessible state saying the dashboard may be unreachable because of no internet connection or the dashboard being offline, and that the rest of the application can still be used. Dashboard-dependent operations will not work until connectivity or service availability is restored.
Account and onboarding FAQ
Do I need an account to use ISA Warden?
Not always. The onboarding flow supports signing in, creating an account, continuing as the current user, or continuing offline. Cloud/dashboard features, shared workspaces, invitations, uploads, and administrator workflows may require an authenticated account.
What is the difference between a local account and a cloud account?
A local account is used on the current device and is suitable for local or offline workflows. A cloud/dashboard account enables shared workspaces, invitations, dashboard resources, and authenticated dashboard operations.
Can I use ISA Warden offline?
Yes, the onboarding text includes a “Continue Offline” path. Offline use is appropriate for local workflows. However, online features such as dashboard access, workspace invitations, artifact uploads, remote model servers, updates, web search, and cloud resources may require network access.
What happens during onboarding?
The onboarding flow guides the user through three main areas:
- Account setup: sign in, continue offline, or use an existing account.
- Workspace setup: choose, join, or create a workspace.
- Model setup: select an AI model suitable for the device and workflow.
How long does onboarding take?
The onboarding UI estimates approximately 1–5 minutes.
Can I change onboarding choices later?
Yes. The onboarding copy explicitly says settings can be changed later, and the app includes settings, workspace selection, model management, and dashboard management screens.
What if workspace loading fails during onboarding?
The onboarding flow includes errors for failed workspace loading, failed invitation loading, failed workspace creation, and failed invitation acceptance. In practice, this usually means the app could not reach the dashboard, the user session is invalid, the workspace name is invalid or already used, or permissions are insufficient.
Workspace, group, role, and member FAQ
What is a workspace?
A workspace is the main organizational container in ISA Warden. It holds members, groups, roles, models, agents, tools, servers, files, artifacts, extensions, and feedback resources.
What is a group?
A group is a workspace subdivision used to control which members can access which resources. Groups can be linked to models, tools, agents, files, and members.
What is a role?
A role is a collection of permissions assigned to workspace members. Roles control administrative abilities such as managing the workspace, roles, invites, members, groups, models, agents, tools, servers, feedback, and resource links.
What permissions exist?
The extension specification and dashboard references include examples such as manage workspace, manage roles, invite users, manage users, manage groups, manage group members, manage models, manage agents, manage tools, manage servers, link resources, view feedback, and delete feedback.
Who can invite members?
Users with the relevant invitation permission can invite members. The dashboard UI also supports group-level invitation workflows where users may invite or add members to a group if they have sufficient rights.
What happens when I receive a workspace invitation?
Pending invitations appear during onboarding and in workspace views. Until accepted, workspace content stays hidden. Accepting the invitation unlocks workspace content according to the groups and permissions assigned to the user.
Can I decline an invitation?
Yes. The app includes a decline invitation flow with confirmation.
Can I leave a workspace?
Yes. The dashboard includes a leave workspace action. The confirmation text states that leaving is irreversible and removes access to all workspace data for that user.
Can administrators remove members?
Yes, if they have the required rights. Removing a member from a workspace also removes them from all groups inside that workspace, and they can only be re-added by invitation.
Can workspace names and group names be changed?
Yes. The dashboard includes rename actions for workspaces and groups, with validation that names cannot be empty.
Chat and thread FAQ
What is a thread?
A thread is a conversation in ISA Warden. Threads contain messages, selected model context, optional documents, conversation settings, and in some cases agent synchronization state.
Can I search threads?
The UI includes a thread search component and a threads sidebar, so thread browsing and searching are part of the app’s chat workflow.
What are conversation settings?
Conversation settings include model-related and behavior-related controls such as the selected model, token window, and agent synchronization. The exact settings available depend on the selected workspace, model, and agent state.
What does “agent out of sync” mean?
The thread sidebar can show that an agent is out of sync with thread settings. Syncing with the agent replaces the conversation’s system prompt with the agent instructions.
Can I mention agents or documents in chat?
Yes. The thread message UI includes a mention picker for agents and documents.
What file types can I attach to chat?
The chat UI lists support for images and documents. Supported image types include PNG, JPG, GIF, WebP, and BMP. Supported document types include PDF, DOCX, XLSX, PPTX, CSV, and HTML.
What happens if I attach an unsupported file?
The app shows an unsupported file error and lists supported types.
Can the app process images?
Yes, but only when the current model supports vision/image input. If the current model does not support images, the app asks the user to select a vision-capable model, remove images, or continue in a copy of the conversation without images.
What does “tool calling not available” mean?
Tool calling may be unavailable because the selected model is not trained for tool use or because the token window is too small. The UI indicates that efficient tool calling requires a minimum 32k token window.
AI model FAQ
What kinds of AI models can ISA Warden use?
ISA Warden supports local models, remote/private server models, and cloud-connected models as represented in the dashboard model source and location fields.
What is a local model?
A local model is stored and run on the user’s computer. The UI supports GGUF model downloads, local model loading, unloading, and status tracking.
What is a GGUF model?
GGUF is a model file format commonly used by local LLM runtimes such as llama.cpp. ISA Warden’s onboarding and dashboard flows include GGUF model selection, downloads, memory checks, and optional vision files.
How does ISA Warden choose a model during onboarding?
The onboarding model selection flow ranks GGUF models based on device suitability and presents small, medium, and large tiers. Small models are fastest but lower quality, medium models balance speed and capability, and large models provide best capability but slower responses.
What does the model fit indicator mean?
Model fit indicators describe how suitable a model is for the current device. Examples include perfect fit, good fit, marginal fit, and not supported.
Does ISA Warden check memory before adding models?
Yes. The dashboard model flow includes memory requirement checks. It can show safe, caution, high-risk, or unknown states. If a model requires more memory than available, the operation may be blocked.
What is swapping and why does it matter?
Swapping happens when the system uses disk storage as overflow memory. The app warns when a model may cause memory swapping because it can significantly reduce performance.
Can I use Hugging Face models?
Yes. The dashboard includes a Hugging Face Hub model source and GGUF model browsing/selection flow.
Can I add a model from a download URL?
Yes. The dashboard supports adding models using a download link, including optional vision file links for multimodal models that require a separate file.
What is a vision file or mmproj file?
Some vision-capable local models require a paired GGUF vision projection file, often represented in the UI as a vision file or mmproj file. This file enables image input for compatible local models.
What if a model is marked as vision-capable but the download appears text-only?
The onboarding flow includes a warning that image support may not work and asks the user whether to download it anyway as a text model or cancel and choose another model.
Can I connect a private model server?
Yes. The dashboard supports private servers with server name, address, API key, model fetching, and adding server-provided models to a workspace.
What model statuses can appear?
Model statuses include inactive/unloaded, loading, active/loaded, downloading, failed, and not downloaded.
What if a local model fails to start?
The app can show that the llama.cpp backend exited before the model was ready or that the backend could not launch the selected model. The user can switch to another available model if one exists.
Documents and retrieval FAQ
Can ISA Warden answer questions about uploaded documents?
Yes. The app supports document upload/attachment, document processing, document search, and retrieval against thread-attached files.
What does document processing mean?
Document processing extracts text and prepares it for retrieval. The UI distinguishes fast extraction, high-quality extraction, ready state, and failed state.
What does “fast ready, HQ running” mean?
It means a faster extraction pass is already available for use while a higher-quality extraction pass is still processing.
Can I search documents in the current conversation?
Yes. Built-in tools include document search, document listing, and chunk-level document reading for documents attached to the current conversation.
Are all uploaded documents automatically available in every chat?
No. The extension specification clarifies that being present in vector storage does not automatically make a document part of every chat. Retrieval depends on which files are attached to or allowed for the specific thread/request.
Can documents be tagged for retrieval?
Yes. Retrieval settings support tagged files and a maximum chunk count, allowing the request to constrain which attached documents should be used.
Agent FAQ
What is an agent?
An agent is a configured AI assistant inside a workspace. It has a name, description, instructions, creativity level, assigned tools, and group availability.
What are agent instructions?
Agent instructions define the behavior and purpose of the agent. Syncing an agent to a thread can replace the conversation’s system prompt with those instructions.
What is agent creativity?
The dashboard supports creativity levels such as strict, neutral, and loose. These control how constrained or creative the agent should be.
Can agents use tools?
Yes. Agents can be assigned tools available in the workspace. Whether tool use works in a conversation also depends on the selected model’s tool-calling capability and token window.
Can agents be limited to groups?
Yes. Agents can be managed across group memberships, making them available only to specific groups where appropriate.
Who can create agents?
The dashboard indicates that agent creation requires administrator privileges in the current workspace.
Tool FAQ
What are tools in ISA Warden?
Tools extend what AI models and extensions can do. They can provide calculation, web access, document retrieval, webpage extraction, and other capabilities.
What built-in tools are available?
Built-in tools defined in isa-objects/src/builtin_tools.rs include:
- Calculator
- Web Search
- Extract Webpage Text
- Browse and Extract
- Search Documents
- Documents in Conversation
- Read Document
What does the calculator tool support?
The calculator supports arithmetic and scientific operations such as addition, subtraction, multiplication, division, powers, modulo, square roots, trigonometric functions, logarithms, exponentials, rounding, min/max, degrees/radians conversion, factorial, and related operations.
What does Web Search do?
Web Search searches the web using DuckDuckGo and returns results.
What does Extract Webpage Text do?
It extracts text content from a webpage and converts it to a markdown-like format.
What does Browse and Extract do?
It uses browser-based page loading to extract content, which is useful for pages requiring dynamic rendering.
What do the document tools do?
Document tools list documents in the current conversation, search document chunks, and read specific chunks or all chunks from a document.
Can custom tools be added?
The dashboard supports adding tools with types such as web search, code execution, file access, API integration, custom, and scripted. Actual availability depends on workspace configuration and implementation.
What is a scripted tool?
The UI supports a scripted tool type with script code. The dashboard labels it as Rune script code. Its exact behavior depends on the configured tool runtime and workspace permissions.
Dashboard FAQ
What is the dashboard?
The dashboard is the administrative area for managing workspaces, access, members, models, tools, agents, servers, files, artifacts, extensions, feedback, roles, and permissions.
What can administrators manage in the dashboard?
Administrators can manage workspace structure, groups, members, invites, roles, permissions, models, agents, tools, servers, files, artifacts, extensions, and feedback, depending on their assigned permissions.
What are dashboard resources?
Dashboard resources include workspaces, members, models, agents, tools, servers, pending invites, permission definitions, and current user permissions.
What does “access denied” mean?
It means the current user does not have permission to perform the requested action. Some actions require administrator privileges or a specific role permission.
What is dashboard feedback?
Feedback entries are user feedback records, including positive/negative ratings, optional user comments, conversation context, timestamps, and raw data. Only administrators or users with feedback permissions can view or manage them.
Can feedback be exported?
Yes. The dashboard includes an export JSON action for feedback entries.
Can feedback be deleted?
Yes, if the user has the required permission. Deleting feedback is a destructive action.
Workspace files and artifacts FAQ
What are workspace files?
Workspace files are files stored inside a workspace folder structure. They can be uploaded, replaced, downloaded, deleted, filtered, sorted, linked to groups, and assigned visibility/write policies.
What file metadata is tracked?
The dashboard shows metadata such as name, kind, size, content type, owner, extension, updated time, visibility, write policy, parent folder, and linked groups.
Can files be replaced without changing their identity?
Yes. The dashboard includes a replace workflow that keeps the file ID, name, permissions, and links while replacing only the contents.
What are artifacts?
Artifacts are uploaded files stored through artifact storage, often backed by S3-compatible endpoints. Uploaded model artifacts and workspace-linked files can appear as artifacts.
What is an artifact storage endpoint?
An artifact storage endpoint defines where new artifact uploads go. It includes details such as endpoint URL, region, bucket, public base URL, key prefix, path-style setting, and credentials.
Can existing artifacts move when the active endpoint changes?
No. The dashboard states that new uploads use the active endpoint, while existing artifacts keep the endpoint they were uploaded through.
Can artifacts be downloaded?
Yes. The app can create signed download links for artifacts. Signed links are temporary and should be treated as sensitive.
Can artifacts be deleted?
Yes, unless they are still in use. If an artifact is used by a workspace file, it must be deleted or replaced there first.
Server and cloud model FAQ
What is a server in ISA Warden?
A server is a configured private API endpoint that can provide models to a workspace. It includes a name, server address, optional API key, and discoverable available models.
Can ISA Warden fetch models from a private server?
Yes. The server modal includes actions for loading available models from the server and adding a selected model to the workspace.
What if fetching models from a server fails?
The dashboard shows a models fetch error. Common causes include wrong server address, invalid API key, server downtime, incompatible API shape, or network failure.
Can models use API connections instead of local files?
Yes. Model source types include local file, HTTP download, dashboard artifact, and API connection.
Extension FAQ
What are ISA Warden extensions?
Extensions are packaged add-ons that run inside ISA Warden and integrate with the host through a browser bridge. They can provide custom UI, use host commands, call native code when allowed, access workspace files when permitted, and interact with chat or document workflows.
What technologies are preferred for extensions?
The preferred extension architecture is Svelte for UI, Rust native binaries when native logic is required, and host integration through the ISA Warden extension bridge.
What files does an extension package need?
An extension requires an extension manifest and an entry file. Optional assets include native binaries, packaged frontend assets, local build scripts, and extension documentation.
What is a dashboard-distributed extension package?
Dashboard-distributed extensions use a package root with an extension metadata file and a compressed payload archive. The package suffix is .ISAWardenExtension.
Can extensions include native code?
Yes, but only when declared correctly. If native functionality is used, the extension must define native binaries and request the native code permission.
What permissions can extensions use?
Extensions declare permissions for host capabilities such as app information, thread access, native code, filesystem read/write/delete, and other host commands. Extensions should request minimal permissions.
Are extensions independently privileged?
No. Extensions operate inside the authority of the current user. Access requires user rights, resource visibility, declared extension capability, and host policy allowance.
Can extensions access workspace files?
Yes, when permitted. Workspace filesystem commands allow listing files, uploading files, storing JSON, downloading via signed links, and deleting files, depending on permissions.
Can extensions send email?
Yes, through the host email command when supported and permitted. The authenticated user’s email is derived server-side; extensions must not spoof the current user’s email.
Can extensions use built-in tools?
Yes. The extension bridge exposes built-in tools directly and through an MCP-shaped discovery/invocation layer.
Can extensions create their own threads?
Yes. Extensions can create extension-scoped threads, optionally hidden from the main thread list, with required extension context fields.
Should extensions store their own databases?
Usually no. The extension specification recommends host storage, thread APIs, workspace file APIs, and document snapshot APIs before introducing a custom extension-owned database.
Security and privacy FAQ
Is ISA Warden private?
ISA Warden is designed around local-first operation and secure/private messaging, but privacy depends on the selected workflow. Local models and local accounts can keep more work on-device. Cloud accounts, remote servers, artifact uploads, web search, dashboard services, and extensions may involve networked systems.
What data is local?
Local account state, local models, local conversations, logs, model files, and local app data may reside on the device depending on configuration. The settings UI includes actions for opening the local models folder and deleting local application data.
Can I delete local data?
Yes. The settings danger zone includes an action to delete all locally stored application data on the device. The app reloads afterward.
Can I delete my account?
Yes. The settings danger zone includes account deletion. Whether this deletes only local state or also dashboard/cloud state depends on the account type and server-side behavior.
Are API keys visible?
The dashboard supports server API keys and artifact storage credentials. These should be treated as sensitive secrets. Access should be restricted through roles and permissions.
How are permissions enforced?
Dashboard permissions are enforced server-side through route permission checks, and the UI also hides or disables actions when the user lacks permission.
Are signed download links safe to share?
No. Signed links grant temporary access to a file or artifact. They should only be shared with intended recipients and treated as sensitive until expiration.
Settings, appearance, and language FAQ
What settings are available?
Settings include profile overview, account type, profile picture, appearance, theme, text size, security/password actions, AI model management, logs, installation diagnostics, debug controls, account deletion, and local data deletion.
Does ISA Warden support dark mode?
Yes. The settings include light, dark, and system theme options.
Can I change text size?
Yes. Text size options include default, comfortable, and large.
Can I change my profile picture?
Yes. The settings include a profile picture change action.
Can I change my password?
Yes, if the account supports it. The app validates current password, new password, confirmation, and minimum length.
What languages are supported?
The project includes English and Dutch language packs under chat-ui-3/src/langs/en and chat-ui-3/src/langs/nl.
Updates, notifications, and downloads FAQ
Does ISA Warden support application updates?
Yes. The app includes update checking, update download, installation, update notifications, and post-update changelog display.
What notifications can appear?
Notifications include application updates, model downloads, OCR downloads, generic downloads, progress updates, pauses, failures, cancellations, and completion states.
Can downloads be paused or resumed?
The notification UI includes pause and resume actions, and progress states for downloads.
What is shown after an update?
The app can show a changelog modal describing what is new in the installed version. If no changelog is provided, it shows an empty changelog message.
What if checking for updates fails?
The app shows an update error. Typical causes include network failure, unavailable update service, invalid update metadata, or local installation issues.
Troubleshooting FAQ
Why does the dashboard say it is inaccessible?
The dashboard may be offline, unreachable, or blocked by lack of internet connection. The app indicates that the rest of the application can still be used.
Why can’t I start a chat?
A model is required to start a chat. If no model is selected or available in the workspace, select or add a model first.
Why is my message queued?
Messages can wait while a model is loading, unloaded, downloading, preparing after download, or while the assistant is still responding.
Why does the app say the LLM was not found?
The selected model may not be downloaded or available at its expected location. The app can ask whether to continue downloading the model.
Why does image input fail?
The selected local model may not support images, or the conversation may contain images while the selected model is text-only. Switch to a vision-capable model, remove image messages, or continue in a copy without images.
Why does tool calling fail?
Tool calling can fail if the selected model does not support tool use, the token window is too small, the tool call exceeds maximum recursion depth, or the tool itself fails.
Why is a model download blocked?
The device may not have enough disk space, the model may require too much memory, or the download URL may be missing or invalid.
Why can’t I upload files or artifacts?
Uploads usually require sign-in and dashboard access. Artifact uploads also require an active storage endpoint and valid storage configuration.
Why can’t I delete an artifact?
An artifact cannot be deleted while still used by a workspace file. Delete or replace the dependent workspace file first.
Why can’t I manage a workspace resource?
Your role may lack the required permission. Ask a workspace administrator to grant the relevant role permission or perform the action.
Where can I find logs?
The settings include an application logs screen with actions to copy or clear logs. Logs are intended for troubleshooting and support.
Administrator FAQ
What should admins configure first?
Admins should create or select a workspace, invite members, define roles, create groups, add models, configure agents/tools/servers as needed, and verify that members only see the resources they should access.
What is the safest way to grant permissions?
Use roles with the minimum required permissions. Avoid giving broad administrator rights unless the user needs full workspace administration.
How should admins manage models?
Admins can add local/downloaded models, dashboard artifact models, API-connected models, Hugging Face models, and private server models. They should verify memory fit, group availability, safety level, and source details.
How should admins manage tools?
Admins should add only tools needed by the workspace, assign them to appropriate groups, and consider whether selected models can actually use tools.
How should admins manage servers?
Admins should store correct server address and API key values, test model fetching, add only required server models to the workspace, and remove or reconfigure models before deleting a server.
How should admins manage extensions?
Admins should review extension author, version, permissions, native code usage, persistence behavior, dashboard resource access, and data retention before adding an extension.
Developer-oriented FAQ
What are the core runtime components?
The core components are chat-ui-3, chat-ui-3/src-tauri, isa_dashboard, and isa-objects.
Where is the frontend?
The frontend is under chat-ui-3/src, with route and component files under chat-ui-3/src/routes.
Where are Tauri commands implemented?
General commands are in chat-ui-3/src-tauri/src/commands/mod.rs. Dashboard commands are in chat-ui-3/src-tauri/src/dashboard_commands/mod.rs. Commands must also be registered in chat-ui-3/src-tauri/src/lib.rs.
Where are dashboard API definitions?
Dashboard protocol definitions are in isa_dashboard/isa_dashboard_proto/proto/isa_dashboard.proto, and routes are registered through isa_dashboard/isa_dashboard_server_lib/src/routes/mod.rs.
Where are built-in tool definitions?
Shared built-in tool definitions are in isa-objects/src/builtin_tools.rs. Runtime tool implementations are under chat-ui-3/src-tauri/src/model_engine/rig_tools.
What validation is expected after UI changes?
For Svelte or JavaScript UI changes in chat-ui-3, run the project’s build validation command from that directory.
What validation is expected after Rust changes?
For Rust changes, run compile checks and tests. If the changes are in the Tauri app, run them from chat-ui-3/src-tauri.
What should developers know about translations?
All user-visible UI strings must use static translation keys, and English and Dutch language packs must stay synchronized under chat-ui-3/src/langs/en and chat-ui-3/src/langs/nl.
FAQ: Running Your Own ISA Warden Dashboard Server
This section is written for companies that want to run their own ISA Warden dashboard server while ISA Warden provides the downloadable client/app. It is based on the dashboard server architecture, command-line configuration, server configuration model, container build setup, and related implementation details available in the project source files.
General questions
What is the ISA Warden dashboard server?
The ISA Warden dashboard server is the company-side backend that manages shared dashboard data for ISA Warden. It provides workspace, user, member, group, role, model, tool, server, artifact, extension, feedback, invitation, authentication, and permission functionality.
The app itself is the downloadable ISA Warden client. The dashboard server is the backend your organization can host so your company controls its own users, workspaces, and shared AI resources.
Why would a company run its own dashboard server?
A company may want to run its own dashboard server to:
- Control where workspace and user-management data is stored.
- Manage employees, teams, workspaces, groups, and permissions internally.
- Configure company-approved AI models, agents, tools, servers, artifacts, and extensions.
- Keep administrative control separate from ISA Warden’s public/default infrastructure.
- Integrate with company-owned storage, SMTP, networking, monitoring, and backup policies.
- Offer employees a consistent ISA Warden download while keeping the dashboard backend private.
Does self-hosting mean we also host the desktop app download?
Not necessarily. The intended model in your question is: ISA Warden provides the downloadable app, while the company runs its own dashboard server. The server configuration contains a download_link field used in invitation emails, and its default points to the ISA Warden download page.
Is the dashboard server required for all ISA Warden use?
No. ISA Warden is local-first and can support local/offline workflows. However, the dashboard server is required for company-managed features such as shared workspaces, invitations, roles, shared resource management, feedback administration, artifact endpoints, and centralized model/tool/extension availability.
What does the dashboard server not do?
The dashboard server is not the local LLM runtime itself. Local model execution happens through the client-side app and local backend. The dashboard server manages shared metadata and resources, such as which models, tools, agents, servers, files, and permissions are available.
Deployment and hosting
How is the dashboard server distributed?
The repository contains a container build definition for the dashboard server. It builds the Rust dashboard server binary and packages it into a minimal distroless runtime image.
Can the dashboard server run in Docker?
Yes. The dashboard server has a Dockerfile intended for containerized deployment. The runtime image uses a non-root distroless base and starts the isa_dashboard_server binary as its entrypoint.
What CPU architectures are supported by the Docker build?
The container build setup contains conditional build logic for arm64 and amd64 targets. Unsupported architectures cause the build to fail.
Does the server run as root inside the container?
No. The runtime stage uses the distroless nonroot image and runs as user 65532:65532, with working directory /storage.
What ports does the dashboard server use?
The dashboard server CLI exposes two listener pairs:
- gRPC API host/port: default host
0.0.0.0, default port19911. - Web host/port for HTML flows such as forgotten-password and activation pages: default host
0.0.0.0, default port19912.
These defaults are defined by the CLI options in isa_dashboard/isa_dashboard_server_lib/src/cli.rs.
Why are there two ports?
The gRPC port serves the application/dashboard API. The web port serves browser-accessible HTML flows such as password reset and account activation pages.
Can the ports be changed?
Yes. The CLI supports --host, --port, --web-host, and --web-port options.
Should we expose the server directly to the internet?
For production, a company should normally put the dashboard server behind its standard ingress layer, load balancer, reverse proxy, firewall, TLS termination, and monitoring stack. The server binds to configurable addresses and ports, but external exposure should follow your company’s security requirements.
Does the dashboard server require TLS?
The inspected server code exposes host and port configuration but does not by itself prove an embedded TLS setup for the gRPC listener. In production, terminate TLS at a trusted reverse proxy, ingress controller, or load balancer unless a deployment package explicitly provides another supported TLS configuration.
Database requirements
What database does the dashboard server use?
The dashboard server connects to SurrealDB. The CLI requires a SurrealDB address, username, and password.
Which database parameters are required?
The CLI requires:
--db-addr: SurrealDB host/address.--db-username: SurrealDB username.--db-password: SurrealDB password.
These are required fields in isa_dashboard/isa_dashboard_server_lib/src/cli.rs.
What SurrealDB namespace and database are used?
For remote SurrealDB initialization, the server code selects namespace dashboard and database default after connecting.
Does the dashboard server include SurrealDB in the same container?
The inspected dashboard server Dockerfile builds and runs only the dashboard server binary. It does not include SurrealDB in the same container. Companies should run SurrealDB separately according to their infrastructure and persistence requirements.
What should we back up?
At minimum, back up the SurrealDB data store used by the dashboard server. If you use artifact storage, also back up the configured object storage buckets or ensure they are covered by your object storage provider’s retention/backup policies. You should also back up the dashboard server configuration file because it contains important operational settings such as JWT key, email templates, SMTP settings, web URL, and download link.
What happens if the database is lost?
The dashboard server stores critical state in the database: users, workspaces, roles, groups, resources, invites, artifacts, files, feedback, and related metadata. Losing the database may mean losing access to company dashboard state unless backups exist.
Server configuration
What configuration file does the dashboard server need?
The server requires a --config-path argument. If the file does not exist, the server creates a default configuration file automatically.
What is stored in the server configuration?
The server configuration includes:
- JWT signing key.
- Token lifetime.
- Dashboard name.
- Invitation email template.
- Forgotten-password email template.
- Activation email template.
- SMTP credentials.
- Web URL.
- Download link.
These fields are defined in the ServerConfig struct in isa_dashboard/isa_dashboard_server_lib/src/objects/server_config.rs.
What is the default dashboard name?
The default dashboard name is “Private dashboard”.
What is the token lifetime?
The default token lifetime is seven days, defined as 7 * 24 * 60 * 60 seconds.
What is the JWT key used for?
The JWT key signs and verifies authentication tokens. It is security-critical. If it changes, existing tokens may become invalid.
Should we keep the generated JWT key?
For a persistent production deployment, yes. Generate it once, store the configuration securely, and keep it stable across restarts and redeployments. Do not recreate the config file on every container start.
What happens if the config file is regenerated?
A regenerated config file can change the JWT key and reset other settings. This may invalidate existing sessions and can break expected email, activation, password reset, and branding behavior.
Can we customize the dashboard name?
Yes. The name field in the server config controls the dashboard name returned by the server info route and used for identification.
Can we customize invitation and password reset emails?
Yes. The config includes templates for invitation email, forgotten-password email, and activation email. The server loads these templates into its template environment at startup.
Can we customize the download link sent to users?
Yes. The config includes a download_link field. By default, it points to the ISA Warden download page, which matches the model where ISA Warden provides the app download while your company hosts the dashboard server.
Email, invitations, activation, and password reset
Does the dashboard server send email?
Yes. The dashboard server supports SMTP email for invitations, account activation, password reset, and extension email workflows.
What SMTP settings are required?
SMTP configuration includes:
- Username.
- Password.
- Host.
- From email.
- Port.
These fields are defined in SMTPCredentials in isa_dashboard/isa_dashboard_server_lib/src/objects/server_config.rs.
Does SMTP support STARTTLS?
For port 587, the SMTP implementation uses STARTTLS relay configuration. Other ports use the relay configuration path shown in the SMTP sender implementation.
What should the web_url be?
The web_url should be the externally reachable web URL for the dashboard server’s web flows. It is used to generate activation and password reset links.
What happens if web_url is wrong?
Activation links and password reset links may point to the wrong host, making account activation or password recovery fail for users.
What happens if SMTP is not configured correctly?
User invitations, activation emails, password reset emails, and extension email workflows may fail. For company deployments, SMTP should be tested before inviting users.
Can companies use their own mail provider?
Yes. Companies should configure SMTP using their own approved mail provider, sender address, authentication, and security controls.
Do invitations include the app download link?
Yes. Invitation email rendering uses download_link from server configuration. This lets a company invite users to a private dashboard while pointing them to the ISA Warden download provided by ISA Warden.
Authentication and account management
Who owns the user accounts on a self-hosted dashboard?
The company operating the dashboard server owns and controls the dashboard user accounts stored in its SurrealDB instance.
Can users register on a self-hosted dashboard?
Yes, the server includes registration, activation, login, password reset, password change, and user-info routes. Exact registration policy should be decided by the company and reflected in deployment/network access and operational controls.
How are sessions authenticated?
The server uses JWT-based authentication. Tokens are signed using the server’s JWT key and have a configurable lifetime.
Can users reset passwords?
Yes. Password reset routes and web forms exist, and reset emails are generated using the configured web_url and email templates.
Can users change passwords?
Yes. The dashboard routes include password change functionality.
Can unactivated users be cleaned up?
The server library includes utility logic for removing old unactivated users. Companies should define an operational policy for account activation expiry and cleanup.
Company administration and permissions
What can company administrators manage?
Company administrators can manage workspaces, members, groups, roles, permissions, models, agents, tools, servers, files, artifacts, storage endpoints, extensions, and feedback depending on their permissions.
How are permissions structured?
Permissions are role-based. A workspace can have roles, and roles contain permission groups such as workspace administration, groups, resources, feedback, and other permissions.
Can different teams have different access?
Yes. Use groups to separate teams and assign models, agents, tools, files, and extensions to the appropriate groups.
Can a company limit who can manage models and tools?
Yes. Model, agent, tool, server, role, member, invite, feedback, and resource-linking actions are governed by permissions.
Can administrators remove members?
Yes, if they have the required permissions. Removing a member from a workspace also removes them from all groups in that workspace.
Can users leave a company workspace?
Yes. The dashboard supports leaving a workspace, and the UI treats it as irreversible from the user’s perspective.
Model, tool, server, and agent management
Can a company define approved AI models?
Yes. Administrators can add models to workspaces and make them available to groups. Models may represent local downloads, HTTP downloads, dashboard artifacts, private server models, or API-connected models.
Does the dashboard server run the models?
Not generally. It manages model records and availability. Local models run on the client device, while API/private server models run where those services are hosted.
Can a company connect private model servers?
Yes. The dashboard supports private server entries with server name, address, API key, available model discovery, and adding models from those servers into workspaces.
Can a company provide central model artifacts?
Yes. The dashboard supports artifact upload and artifact storage endpoints. Model records can point to dashboard artifacts.
Can companies define shared agents?
Yes. Administrators can create agents with descriptions, instructions, creativity settings, assigned tools, and group availability.
Can companies define tools?
Yes. Workspaces automatically get built-in tools when created, and administrators can manage tool availability by group. The shared built-in tool list is defined in isa-objects/src/builtin_tools.rs.
What built-in tools are available by default?
Built-in tools include calculator, web search, webpage text extraction, browser-based webpage extraction, document search, document listing, and document reading.
Files, artifacts, and object storage
Does the dashboard server store files?
The dashboard server manages workspace files and artifacts. Artifact content is stored through configured S3-compatible artifact storage endpoints, while metadata is stored in the database.
What is an artifact storage endpoint?
An artifact storage endpoint tells the dashboard where to upload and retrieve artifacts. It contains endpoint URL, region, bucket, public base URL, optional key prefix, path-style setting, and credentials.
Can companies use S3-compatible storage?
Yes. The artifact implementation uses S3-compatible client configuration and supports custom endpoints, regions, buckets, path-style requests, access keys, secret keys, and signed download links.
Can different workspaces use different storage endpoints?
The dashboard supports artifact endpoints associated with workspaces, including an active endpoint for new uploads. Existing artifacts keep the endpoint through which they were uploaded.
Are artifact downloads public?
Downloads are created as signed URLs. A signed URL should be treated as sensitive because it grants temporary access to the artifact.
What should companies back up for artifacts?
Back up both the artifact metadata in SurrealDB and the object data in the configured S3-compatible bucket. Losing either can break downloads and model artifact references.
Extensions and company distribution
Can companies distribute ISA Warden extensions through their dashboard?
Yes. The dashboard has extension management and package URL workflows. Dashboard-distributed extensions use .ISAWardenExtension package roots with metadata and payload archives.
Can extensions include native binaries?
Yes, but native code must be explicitly declared and permissioned. Companies should review native-code extensions carefully before distributing them.
How should companies review extensions?
Before approving an extension, review:
- Publisher and author identity.
- Version and compatibility.
- Requested permissions.
- Whether native code is included.
- Whether email sending is used.
- Whether dashboard resources are used.
- Whether workspace files or artifacts are accessed.
- Persistence and uninstall behavior.
- Data retention and logging behavior.
Do extensions bypass user permissions?
No. Extensions operate within the authority of the current user. Access depends on the user’s rights, resource visibility, the extension’s declared capability, and host policy.
Security and compliance
What security responsibilities does the company have when self-hosting?
The company is responsible for:
- Hosting infrastructure security.
- Database security and backups.
- TLS termination and certificate management.
- SMTP credentials and sender reputation.
- JWT key secrecy and persistence.
- Network access rules.
- Object storage security.
- Log retention and monitoring.
- User lifecycle management.
- Extension review and approval.
- Permission and role governance.
What secrets must be protected?
Protect at least:
- SurrealDB root/user credentials.
- Dashboard server JWT key.
- SMTP username/password.
- Artifact storage access keys and secret keys.
- Private model server API keys.
- Any reverse proxy or deployment secrets.
Should the dashboard config file be stored in a mounted volume?
Yes. For production, store the config file on persistent storage or in a secure configuration/secrets system. It should not be regenerated on every deployment.
Should logs be monitored?
Yes. The server initializes tracing/logging and supports environment-based log filtering. Companies should route logs into their standard observability stack.
Is Sentry enabled?
The CLI initializes Sentry with a configured DSN in isa_dashboard/isa_dashboard_server_cli/src/main.rs. Companies should confirm the intended telemetry behavior for their distribution/deployment and ensure it matches internal privacy and compliance requirements.
Does the dashboard server send personal data to Sentry?
The Sentry initialization sets send_default_pii to true in isa_dashboard/isa_dashboard_server_cli/src/main.rs. For self-hosted company deployments, this must be reviewed carefully against privacy and compliance policies.
Can a company disable or alter telemetry?
The inspected code shows telemetry initialized in the CLI. Whether it is configurable in the distributed package depends on the build/package ISA Warden provides. For enterprise/self-hosted deployments, telemetry controls should be clarified before production rollout.
Networking and client connection
How do employees connect the ISA Warden app to the company dashboard?
Employees use the ISA Warden app download and configure/login against the company’s dashboard endpoint according to the deployment instructions provided by ISA Warden or the company administrator.
Does the app need internet access if the dashboard is internal?
The app needs network access to whatever dashboard endpoint the company provides. If the dashboard is internal-only, users may need to be on the corporate network or VPN.
Can the dashboard be private to a company network?
Yes. A company can place the dashboard behind VPN, private DNS, firewall rules, identity-aware proxy, or other access controls. Ensure the client app can reach the gRPC API and web URL used for activation/password reset flows.
What URLs should be communicated to users?
Users need:
- The ISA Warden download link.
- The company dashboard endpoint or login instructions.
- Any VPN or corporate network requirements.
- Support contact for account activation or password reset issues.
Operations, upgrades, and maintenance
What should be monitored?
Monitor:
- Dashboard server process health.
- gRPC port availability.
- Web port availability.
- SurrealDB connectivity and storage usage.
- Object storage availability.
- SMTP delivery success/failure.
- Error logs.
- Authentication failures.
- Artifact upload/download failures.
- Resource usage and restart count.
What should be included in backups?
Back up:
- SurrealDB data.
- Dashboard server config file.
- Object storage buckets used for artifacts.
- Deployment manifests or infrastructure-as-code.
- Any reverse proxy/TLS configuration.
How should upgrades be handled?
Use a staged rollout:
- Back up database, config, and artifact storage.
- Test the new dashboard server version in a staging environment.
- Verify login, registration, invitations, password reset, workspace loading, model/resource management, artifact upload/download, and extension workflows.
- Deploy during a maintenance window if needed.
- Monitor logs and user reports after rollout.
Can the dashboard server be horizontally scaled?
The inspected code shows the server stores shared state in SurrealDB and object storage, which are external services. However, production horizontal scaling should be explicitly validated for token handling, web flows, file uploads, object storage multipart uploads, route idempotency, and any deployment-specific session assumptions.
Does the server need persistent local disk?
The server itself needs persistent access to its configuration file if stored locally. Artifact content should live in configured object storage, and primary dashboard data should live in SurrealDB. Container-local ephemeral storage should not be the only copy of production config.
Troubleshooting
Users cannot log in. What should we check?
Check:
- Dashboard server is running.
- gRPC endpoint is reachable from the client network.
- SurrealDB is reachable from the dashboard server.
- JWT config has not been unexpectedly regenerated.
- User account exists and is activated.
- Password is correct.
- Server logs for authentication/database errors.
Users do not receive invitation emails. What should we check?
Check:
- SMTP host, port, username, password, and sender address.
- Mail provider delivery logs.
- Spam/quarantine rules.
- Invitation email template validity.
download_linkvalue.- Dashboard server logs.
Activation or password reset links do not work. What should we check?
Check:
web_urlpoints to the externally reachable dashboard web endpoint.- Web port is exposed through ingress/proxy.
- TLS/host routing is correct.
- Token has not expired.
- Server logs for reset/activation route errors.
The app says the dashboard is inaccessible. What should we check?
Check:
- Client can reach the dashboard API endpoint.
- VPN/corporate network is active if required.
- DNS resolves correctly.
- Firewall rules allow traffic.
- Reverse proxy forwards gRPC correctly.
- Dashboard server is healthy.
- SurrealDB connectivity is healthy.
Artifact upload fails. What should we check?
Check:
- Active artifact endpoint exists for the workspace.
- Bucket name, region, endpoint URL, and path-style setting are correct.
- Access key and secret key are valid.
- Bucket can be created or already exists.
- Public base URL is correct.
- Object storage allows multipart uploads.
- Server logs for S3 errors.
Model downloads or artifact-based models fail. What should we check?
Check:
- Model record source configuration.
- Artifact exists and is not deleted.
- Signed download link creation works.
- Object storage endpoint is reachable by the client.
- Workspace/group permissions allow the model.
- Client has enough disk space and memory.
Users cannot see a model, agent, tool, or extension. What should we check?
Check:
- Resource exists in the workspace.
- Resource is linked to the user’s group.
- User is a member of the correct group.
- Role permissions allow access or management.
- Pending invitation has been accepted.
- Client has refreshed available resources.
Recommended company rollout checklist
Before inviting employees, a company should verify:
- Dashboard server is deployed and reachable.
- SurrealDB is deployed, secured, monitored, and backed up.
- Server config is persistent and securely stored.
- JWT key is stable across restarts.
web_urlpoints to the company’s externally reachable web endpoint.download_linkpoints to the ISA Warden download page or company-approved download page.- SMTP works for invitations, activation, and password reset.
- TLS/ingress/proxy configuration is production-ready.
- First administrator account is created and activated.
- Initial workspace, roles, groups, and permissions are configured.
- Approved models, tools, servers, agents, and extensions are configured.
- Artifact storage endpoint is configured if uploads or artifact-backed models are needed.
- Backups and restore procedures are tested.
- Logs and metrics are monitored.
- Telemetry/Sentry behavior is reviewed for compliance.
- User support instructions are prepared.
Short version for company buyers
Yes, a company can run its own ISA Warden dashboard server. ISA Warden provides the downloadable client/app, while the company hosts the dashboard backend connected to its own SurrealDB database, SMTP provider, object storage, network controls, and administrative policies. This gives the company control over workspaces, users, roles, groups, models, agents, tools, servers, artifacts, extensions, and feedback while employees use the ISA Warden app to connect to the company-managed environment.
Scope notes and precision limits
This FAQ is based on repository documentation, UI translation strings, package metadata, architecture notes, extension specification, and shared built-in tool definitions. It accurately reflects implemented or clearly represented product concepts found in those sources. Some operational details, such as exact production hosting, account backend policies, commercial licensing, and final user-facing marketing language, are not fully specified in the inspected files and should be confirmed before publishing externally.