════════════════════════════════════════════════════════════════════════
  ENTERPRISE DEPLOYMENT
  Gnomad Desktop Assistant · docs/ENTERPRISE.md
════════════════════════════════════════════════════════════════════════

ENTERPRISE DEPLOYMENT — GNOMAD DESKTOP ASSISTANT
================================================

Audience: IT admins, MDM operators, security reviewers  
Status: Alpha guidance (June 2026)

────────────────────────────────────────

OVERVIEW
--------

Gnomad is a single-user desktop agent — not a multi-tenant SaaS. Enterprise deployment means packaging the installer, controlling updates, and optionally pre-configuring LLM endpoints and secrets via managed profiles.

  Concern     |  Approach                                                           
  Install     |  Platform installers from GitHub Releases or internal mirror        
  Updates     |  Tauri in-app updater (signed) or MDM-managed reinstall             
  Secrets     |  OS keychain, or .env / managed config for cloud keys               
  Network     |  HTTPS to cloud LLM APIs; optional HTTP(S) proxy via env            
  Audit       |  Local JSONL logs (agent-audit.jsonl, optional error-log.jsonl)     
  Agent risk  |  HITL gates + Standard trust mode recommended for locked-down fleets

────────────────────────────────────────

INSTALL ARTIFACTS
-----------------

  OS       |  Artifact              |  Silent install notes                                                                
  macOS    |  .dmg / .app           |  Drag to /Applications; notarize with MACOS_NOTARIZATION.md before enterprise rollout
  Windows  |  .msi / NSIS .exe      |  MSI supports /quiet (verify with your build)                                        
  Linux    |  .deb, .rpm, AppImage  |  dpkg -i, rpm -i, or AppImage to user home                                           

See RELEASE_RUNBOOK.md and BUILD_PLATFORMS.md.

────────────────────────────────────────

PRE-CONFIGURING LLM ACCESS
--------------------------

Option A — Environment variables (recommended for MDM)

Deploy a read-only .env or launch wrapper that sets:

  Variable                           |  Purpose                                                  
  DeepSeek_API_KEY / OPENAI_API_KEY  |  Cloud API key (never commit to git)                      
  CLOUD_API_BASE_URL                 |  OpenAI-compatible endpoint                               
  OLLAMA_URL                         |  Not env-native today — use keychain or first-run Settings

Place .env next to the app bundle only for dev-style installs; for production prefer MDM environment variables on the user session or a signed config profile.

Option B — Keychain / Credential Manager

Users complete onboarding once; keys live in:

  • macOS Keychain
  • Windows Credential Manager
  • Linux Secret Service

No central escrow — align with your org’s secret-management policy.

────────────────────────────────────────

HTTP PROXY
----------

Cloud LLM requests use Rust reqwest. Set standard proxy env vars for the Gnomad process:

  [bash]
    export HTTPS_PROXY=https://proxy.corp.example:8080
    export NO_PROXY=localhost,127.0.0.1,.corp.example

Verify with a test chat after deploy. Local Ollama stays on localhost unless proxied intentionally.

────────────────────────────────────────

UPDATES
-------

  1. Generate signing keys: npm run setup:updater-keys — see UPDATER.md
  2. CI secrets: TAURI_SIGNING_PRIVATE_KEY, TAURI_SIGNING_PRIVATE_KEY_PASSWORD
  3. Users: Settings → Updates (stable/beta) or disable auto-check via policy (no central policy API yet — document user preference)

For air-gapped environments: disable update checks; distribute new installers via MDM.

Verify config before release:

  [bash]
    npm run verify:updater

────────────────────────────────────────

TRUST AND AGENT POLICY
----------------------

  Setting            |  Enterprise recommendation                              
  Trust mode         |  Standard (Path Gate for out-of-workspace FS)           
  YOLO + sandbox     |  Off unless power users explicitly need it              
  Command planner    |  Optional; increases local LLM surface                  
  Knowledge library  |  Pre-seed with starter skill pack via install_skill_pack

Audit logs: {app_data}/gnomad/agent-audit.jsonl — collect with your endpoint agent if required.

────────────────────────────────────────

MDM CHECKLIST
-------------

  [code]
    [ ] Installer signed / internal mirror hash verified
    [ ] Cloud API key via MDM env or user keychain workflow documented
    [ ] HTTPS_PROXY set if required
    [ ] Updater signing keys in CI OR updates disabled for air-gap
    [ ] Standard trust mode documented for end users
    [ ] Accessibility: global shortcut documented (⌘⇧Space / Ctrl+Shift+Space)
    [ ] Support path: TROUBLESHOOTING.md + internal help desk

────────────────────────────────────────

DATA RESIDENCY
--------------

  • Chat history and knowledge: local disk under app data
  • Cloud prompts: sent to configured provider (DeepSeek, OpenAI, etc.) per their terms
  • No Gnomad-hosted backend in default configuration

See PRIVACY.md and SECURITY_MODEL.md.

────────────────────────────────────────

RELATED
-------

  • UPDATER.md
  • RELEASE_RUNBOOK.md
  • MACOS_PERMISSIONS.md
  • ACCESSIBILITY.md

────────────────────────────────────────

Built with ❤️ by Gnomad Studio 🦙

════════════════════════════════════════════════════════════════════════
Built with ❤️ by Gnomad Studio 🦙
https://gnomadstudio.org
════════════════════════════════════════════════════════════════════════