Enterprise deployment
Also available: Markdown Β· Plain text
Enterprise deployment β Gnomad Desktop Assistant
Audience: IT admins, MDM operators, security reviewers
Status: Alpha guidance (June 2026)
Overview
Gnomad is a single-user desktop agent β not a multi-tenant SaaS. Enterprise deployment means packaging the installer, controlling updates, and optionally pre-configuring LLM endpoints and secrets via managed profiles.
| Concern | Approach |
|---|---|
| Install | Platform installers from GitHub Releases or internal mirror |
| Updates | Tauri in-app updater (signed) or MDM-managed reinstall |
| Secrets | OS keychain, or .env / managed config for cloud keys |
| Network | HTTPS to cloud LLM APIs; optional HTTP(S) proxy via env |
| Audit | Local JSONL logs (agent-audit.jsonl, optional error-log.jsonl) |
| Agent risk | HITL gates + Standard trust mode recommended for locked-down fleets |
Install artifacts
| OS | Artifact | Silent install notes |
|---|---|---|
| macOS | .dmg / .app |
Drag to /Applications; notarize with MACOS_NOTARIZATION.md before enterprise rollout |
| Windows | .msi / NSIS .exe |
MSI supports /quiet (verify with your build) |
| Linux | .deb, .rpm, AppImage |
dpkg -i, rpm -i, or AppImage to user home |
See RELEASE_RUNBOOK.md and BUILD_PLATFORMS.md.
Pre-configuring LLM access
Option A β Environment variables (recommended for MDM)
Deploy a read-only .env or launch wrapper that sets:
| Variable | Purpose |
|---|---|
DeepSeek_API_KEY / OPENAI_API_KEY |
Cloud API key (never commit to git) |
CLOUD_API_BASE_URL |
OpenAI-compatible endpoint |
OLLAMA_URL |
Not env-native today β use keychain or first-run Settings |
Place .env next to the app bundle only for dev-style installs; for production prefer MDM environment variables on the user session or a signed config profile.
Option B β Keychain / Credential Manager
Users complete onboarding once; keys live in:
- macOS Keychain
- Windows Credential Manager
- Linux Secret Service
No central escrow β align with your orgβs secret-management policy.
HTTP proxy
Cloud LLM requests use Rust reqwest. Set standard proxy env vars for the Gnomad process:
export HTTPS_PROXY=https://proxy.corp.example:8080
export NO_PROXY=localhost,127.0.0.1,.corp.example
Verify with a test chat after deploy. Local Ollama stays on localhost unless proxied intentionally.
Updates
- Generate signing keys:
npm run setup:updater-keysβ see UPDATER.md - CI secrets:
TAURI_SIGNING_PRIVATE_KEY,TAURI_SIGNING_PRIVATE_KEY_PASSWORD - Users: Settings β Updates (stable/beta) or disable auto-check via policy (no central policy API yet β document user preference)
For air-gapped environments: disable update checks; distribute new installers via MDM.
Verify config before release:
npm run verify:updater
Trust and agent policy
| Setting | Enterprise recommendation |
|---|---|
| Trust mode | Standard (Path Gate for out-of-workspace FS) |
| YOLO + sandbox | Off unless power users explicitly need it |
| Command planner | Optional; increases local LLM surface |
| Knowledge library | Pre-seed with starter skill pack via install_skill_pack |
Audit logs: {app_data}/gnomad/agent-audit.jsonl β collect with your endpoint agent if required.
MDM checklist
[ ] Installer signed / internal mirror hash verified
[ ] Cloud API key via MDM env or user keychain workflow documented
[ ] HTTPS_PROXY set if required
[ ] Updater signing keys in CI OR updates disabled for air-gap
[ ] Standard trust mode documented for end users
[ ] Accessibility: global shortcut documented (ββ§Space / Ctrl+Shift+Space)
[ ] Support path: TROUBLESHOOTING.md + internal help desk
Data residency
- Chat history and knowledge: local disk under app data
- Cloud prompts: sent to configured provider (DeepSeek, OpenAI, etc.) per their terms
- No Gnomad-hosted backend in default configuration
See PRIVACY.md and SECURITY_MODEL.md.
Related
Built with β€οΈ by Gnomad Studio π¦