diff --git a/docs/security/audit-logs.md b/docs/security/audit-logs.md new file mode 100644 index 0000000..4fa1beb --- /dev/null +++ b/docs/security/audit-logs.md @@ -0,0 +1,182 @@ +--- +id: audit-logs +title: Audit Logs +sidebar_position: 2 +--- + +Audit logs provide visibility into security-relevant and administrative actions +performed within Cube AI. They help administrators and operators monitor +activity, investigate issues, and support compliance and accountability +requirements. + +--- + +## Audit Logs Overview + +Audit logs record important events that occur within the Cube AI system, +particularly those related to: + +- User activity +- Domain-level changes +- Access control and security-sensitive operations + +Audit logging is **domain-scoped**, meaning events are associated with the domain +in which they occurred. + +--- + +## What Is Recorded + +Depending on configuration and permissions, audit logs may include events such as: + +- User login and logout activity +- Domain creation or deletion +- Changes to domain membership +- Role assignments or updates +- Administrative actions performed through the UI +- Security-related configuration changes +- Model interactions and inference requests + +Each audit log entry typically captures: + +- The type of action performed +- The user who performed the action +- The affected resource or domain +- A timestamp of when the action occurred + +--- + +## TEE Attestation and Attested mTLS Events + +For model workloads running inside a **Trusted Execution Environment (TEE)**, +Cube AI establishes secure connections using **attested mutual TLS (mTLS)**. + +These secure interactions are recorded in audit logs and provide +cryptographic traceability of confidential model execution. + +The following events may be captured: + +- Attested mTLS handshake between the Cube AI proxy and the TEE agent +- Verification of TEE attestation evidence +- Secure session establishment for LLM inference requests + +All attested TLS handshakes are recorded as audit events. + +These events include metadata about: + +- TLS version +- Cipher suite +- Attestation verification status +- Attestation nonce +- Secure session metadata + +Audit logs also allow viewing the **attestation report** associated with +each verified TEE interaction. + +These records provide verifiable evidence that model inference was executed +within a trusted and integrity-verified execution environment. + +### Example: Attested LLM Request in Audit Logs + +The Audit Logs page displays attestation status for each model interaction. + +![Audit logs with attested LLM requests](/img/ui/audit-tee-attestation.png) + +Selecting an event opens detailed attestation information, including +secure handshake metadata and the attestation report. + +![Audit log event details with attestation report](/img/ui/audit-tee-attestation-details.png) + +--- + +## Accessing Audit Logs + +Audit logs are accessible through the Cube AI UI to users with sufficient +permissions. + +Access to audit logs is restricted to authorized roles to ensure sensitive +information is not exposed to unauthorized users. + +![Audit logs page](/img/ui/audit-logs.png) + +--- + +## Audit Logs in the UI + +Audit logs are available from the Cube AI user interface within the context of an +active domain. + +Depending on system activity and configuration, the audit log table may initially +appear empty until relevant events occur, such as: + +- Model interactions (LLM requests) +- Role or membership changes +- Administrative or security-related actions +- TEE attestation and secure handshake events + +This behavior is expected and does not indicate an error. + +--- + +## Using Audit Logs + +Audit logs can be used to: + +- Review recent administrative activity +- Investigate unexpected behavior or configuration changes +- Track access-related events +- Verify secure model execution within a TEE +- Support security reviews and incident analysis + +Audit logs provide an immutable record of events and are intended for +observability rather than real-time monitoring. + +--- + +## Audit Logs and Roles + +Visibility into audit logs depends on the user’s role within a domain. + +Typically: + +- Administrative roles can view audit logs +- Standard users may not have access to audit information + +For more details on role-based permissions, see: +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +--- + +## Audit Logs and Domain Context + +All audit log entries are associated with a specific domain. + +When switching domains: + +- The visible audit logs change accordingly +- Only events related to the active domain are shown + +This ensures isolation and clarity when managing multiple domains. + +--- + +## Security and Compliance + +Audit logging is a key component of Cube AI’s security posture. + +By maintaining a record of critical actions, audit logs help: + +- Detect misuse or misconfiguration +- Support forensic analysis +- Demonstrate accountability and operational transparency +- Provide traceability for confidential LLM workloads executed inside a TEE + +--- + +## Next Steps + +To understand how permissions affect access to audit information, review: +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +For domain-level workflows, see: +πŸ‘‰ **UI β†’ Domains** diff --git a/docs/security/roles-and-access-control.md b/docs/security/roles-and-access-control.md new file mode 100644 index 0000000..4d359f8 --- /dev/null +++ b/docs/security/roles-and-access-control.md @@ -0,0 +1,179 @@ +--- +id: roles-and-access-control +sidebar_position: 1 +title: Roles and Access Control +--- + +Cube AI uses role-based access control (RBAC) to manage what users can +see and do within a domain. Roles define permissions at the domain level +and ensure that actions are performed only by authorized users. + +## Role-Based Access Control Overview + +Access control in Cube AI is **domain-scoped**. + +This means that: + +- Users can belong to one or more domains +- A user may have different roles in different domains +- Permissions apply only within the currently active domain + +Roles determine which UI features and actions are available to a user. + +## Roles in Cube AI + +Each domain includes a default **Admin** role, which has full control +over domain resources. The domain creator is automatically assigned the +Admin role. + +In addition to the default role, administrators can create custom roles +with fine-grained permissions. + +## Managing Roles + +Roles can be created and customized within each domain. + +To manage roles: + +1. Open a domain. +2. Navigate to **Roles** in the left-side menu. + +![Roles list page](/img/ui/roles.png) + +The Roles page displays: + +- Role name +- Created by +- Created at +- Updated by +- Updated at + +### Creating a Domain Role + +To create a new role: + +1. Click **Create**. +2. Enter a **Role name**. +3. Select one or more **Actions** (permissions). +4. Optionally assign existing **Members**. +5. Click **Create**. + +![Create domain role modal](/img/ui/create-role.png) + +### Role Permissions (Actions) + +Each role is assigned a set of actions (permissions) that define what +operations users can perform within a domain. + +Actions cover domain administration, model usage, audit log access, and other Cube-specific capabilities exposed in the UI. + +Available actions are displayed directly in the role creation and editing UI. +The list of actions is Cube-specific and may evolve between releases. + +![Role actions selection](/img/ui/role-actions.png) + +Administrators can select one or more actions when creating or editing +a role. The selected actions determine which UI sections and operations +are accessible to users assigned to that role. + +### Editing a Role + +Once created, roles can be modified from their respective role pages. + +Users with sufficient permissions can: + +- Update the role name +- Add or remove actions +- Assign or remove members + +Role updates take effect immediately within the domain. + +![Domain role details page](/img/ui/role-details.png) + +## Inviting Domain Members + +Domain administrators can invite users to join a domain. + +1. Open a domain. +2. Navigate to **Invitations**. +3. Click **Send Invitation**. + +![Invitations page](/img/ui/invitations.png) + +### Sending an Invitation + +1. Select a user. +2. Select a domain role. +3. Click **Send**. + +![Send invitation modal](/img/ui/invite-member.png) + +After sending: + +- The invitation appears in the list +- Its status is set to **Pending** +- The user must accept the invitation before gaining access + +## Accepting an Invitation + +An invited user must accept the invitation before becoming a domain +member. + +Acceptance is performed either via an email confirmation link or within +the UI, depending on deployment configuration. + +![Accept invitation screen](/img/ui/accept-invite.png) + +Once accepted: + +- The user becomes a member of the domain +- The assigned role is applied immediately + +## Assigning Roles to Members + +Administrators can assign roles directly from the **Members** section. + +1. Navigate to **Members**. +2. Click **Assign User**. +3. Select a user and role. +4. Click **Assign**. + +![Members page](/img/ui/members.png) + +![Assign user modal](/img/ui/assign-user.png) + +## Removing Members + +To remove a member from a domain: + +1. Navigate to **Members**. +2. Locate the user. +3. Use the available actions to remove the member. + +Removing a member immediately revokes access to domain resources. + +## UI Behavior Based on Roles + +The Cube AI UI adapts based on the active user's role. + +Depending on permissions: + +- Certain navigation items may be hidden +- Some actions may be disabled or unavailable +- Administrative sections may only be visible to authorized users + +![Domain members and role assignment](/img/ui/domain-members-roles.png) + +## Auditing Role-Related Events + +Changes to domain membership and roles may be recorded as +security-relevant events. + +For details on how such events are tracked, see: πŸ‘‰ **Security & Access β†’ Audit Logs** + +## Next Steps + +To understand how access-related actions are monitored, continue with: +πŸ‘‰ **Security & Access β†’ Audit Logs** + +For domain workflows, see: πŸ‘‰ **UI β†’ Domains** diff --git a/docs/ui/domains.md b/docs/ui/domains.md new file mode 100644 index 0000000..7d9cdca --- /dev/null +++ b/docs/ui/domains.md @@ -0,0 +1,131 @@ +--- +id: domains +title: Domains +sidebar_position: 2 +--- + +Domains are a core organizational concept in Cube AI. A domain represents an +isolated workspace where users interact with models, manage access, and perform +LLM-powered operations. + +Domains provide logical isolation between different teams or workloads while +sharing the same Cube AI deployment. + +--- + +## What is a Domain? + +A **domain** acts as an isolated environment that groups: + +- Users and their roles +- Models and backend configurations +- Chat and inference activity + +All interactions in Cube AI happen **within the context of a selected domain**. +This ensures clear separation between different teams, projects, or use cases. + +--- + +## Accessing Domains + +After logging in, users are presented with the Cube AI dashboard, where available +domains are listed. + +From the dashboard, users can: + +- Open an existing domain +- Create a new domain (if permitted) + +![Domain selection dashboard](/img/ui/domains.png) + +The currently active domain defines the scope of all actions in the UI. + +For a step-by-step onboarding flow, see: +πŸ‘‰ **Getting Started** + +--- + +## Creating a Domain + +To create a new domain: + +1. Log in to the Cube AI UI. +2. From the dashboard, click **Create Domain**. +3. Enter a **Name** and **Route** for the domain. +4. Click **Create**. +5. When the domain appears in the list, click **Open Domain**. + +Once opened, you are redirected into the domain workspace. + +![Domain creation screen](/img/ui/domains.png) + +--- + +## Domain Workspace + +After opening a domain, the UI switches into the domain context. + +Inside a domain, users can: + +- Access the chat interface +- Select and interact with available models +- Perform domain-scoped operations + +Navigation within the domain is handled through the left-side menu. + +![Chat interface](/img/ui/chat.png) + +--- + +## Domain Context + +The active domain determines: + +- Which users and roles apply +- Which models are available +- Which resources and actions are visible in the UI + +Switching domains changes this context entirely, ensuring isolation between +different environments. + +:::note +Switching domains updates the entire UI context, including available models, +users, and permissions. +::: + +--- + +## Domain Membership and Roles + +Users belong to one or more domains and may have different roles in each domain. +Roles define what actions a user is allowed to perform within that domain. + +Details about roles and permissions are documented in: + +πŸ‘‰ **Security & Access β†’ Roles and Access Control** + +--- + +## Typical Domain Workflow + +A common user flow in Cube AI looks like this: + +1. Log in to the Cube AI UI +2. Select or create a domain +3. Enter the domain workspace +4. Interact with models and services within that domain +5. Switch domains as needed + +--- + +## Next Steps + +After creating and entering a domain, you can explore: + +- User actions and profile management +- Role-based access control +- Audit logs and security events +- API access scoped to domains + +For first-time users, see: +πŸ‘‰ **UI β†’ User Actions** diff --git a/docs/ui/overview.md b/docs/ui/overview.md new file mode 100644 index 0000000..85e227c --- /dev/null +++ b/docs/ui/overview.md @@ -0,0 +1,178 @@ +--- +id: overview +title: UI Concepts Overview +sidebar_position: 1 +--- + +The Cube AI user interface provides a web-based environment for interacting with +large language models, managing domains, and performing user and +domain-scoped operations. + +This section provides both a conceptual overview and a visual walkthrough +of the Cube AI UI. + +--- + +## UI Structure + +The Cube AI UI is organized around a few core concepts: + +- **Authentication** – users log in using their credentials +- **Domains** – isolated workspaces that define execution context +- **Navigation** – domain-scoped features available through the sidebar +- **Actions** – operations performed within the UI based on permissions + +All interactions occur either: + +- Before selecting a domain (authentication phase), or +- Within the context of an active domain (domain phase) + +--- + +## Authentication Flow + +Users begin by accessing the Cube AI login screen. + +![Cube AI login screen](/img/ui/login.png) + +After successful authentication: + +- The user is redirected to the dashboard +- Available domains are displayed +- The user selects or creates a domain to continue + +Account-related actions such as sign up, verification, password reset, and +profile management are documented in: + +πŸ‘‰ [User Actions](./user-actions) + +--- + +## Domain-Centric Navigation + +Once a domain is opened, the UI switches into **domain context**. + +Within this context: + +- All visible resources belong to the active domain +- Available models and services are scoped to the domain +- Visible actions depend on the user's assigned role + +Switching domains updates the entire UI context accordingly. + +![Domain selection screen](/img/ui/domains.png) + +For detailed domain workflows, see: + +πŸ‘‰ [Domains](./domains) + +--- + +## Models and Inference + +Models are scoped to the selected domain. + +Users can interact with models directly from the Chat interface. +The list of available models reflects what is enabled in the active domain. + +![Available models in the selected domain](/img/ui/models.png) + +--- + +## Tokens (API Access) + +The Tokens section allows users to: + +- Create Personal Access Tokens (PATs) +- Define token duration and scopes +- Revoke existing tokens +- Copy tokens for API and tool usage + +Tokens are required for API access and external integrations. + +![Personal Access Token creation screen](/img/ui/pats.png) + +--- + +## Chat Interface + +The UI provides interactive access to language models through a chat interface. + +Users can: + +- Select a model from available domain models +- Send prompts and receive responses +- Switch models dynamically +- Execute inference inside a Trusted Execution Environment (TEE), if enabled + +Responses are domain-isolated and follow the security policies of the active domain. + +![Chat and model selection screen](/img/ui/chat.png) + +--- + +## Roles and Permissions + +Access to UI features is controlled by role-based permissions. + +Depending on their assigned role within a domain, users may be able to: + +- Create or manage domains +- Invite or manage other users +- Access administrative features +- View audit logs +- Perform secure model operations + +For details, see: + +πŸ‘‰ [Roles and Access Control](../security/roles-and-access-control) + +--- + +## Security and Auditing + +Cube AI provides visibility into security-relevant actions through audit logs. + +Audit logs help track: + +- User activity +- Domain-level changes +- Role and membership updates +- Secure model interactions (including TEE-based workloads) + +For more details: + +πŸ‘‰ [Audit Logs](../security/audit-logs) + +--- + +## Typical User Workflow + +A common end-to-end workflow looks like this: + +1. Log in to the UI +2. Select or create a domain +3. Select an available model +4. Create a Personal Access Token (if API access is needed) +5. Interact with the model via Chat or API + +--- + +## Developer-Focused UI Documentation + +This section focuses on user-facing UI behavior. + +Developer-oriented documentation related to UI integration and customization, +including the Chat UI and backend configuration, is available in: + +πŸ‘‰ [Chat UI](../developer-guide/chat-ui) + +--- + +## Next Steps + +To continue exploring Cube AI: + +- Start with [Domains](./domains) +- Review [User Actions](./user-actions) +- Explore the **Security & Access** section diff --git a/docs/ui/ui-overview.md b/docs/ui/ui-overview.md deleted file mode 100644 index a569048..0000000 --- a/docs/ui/ui-overview.md +++ /dev/null @@ -1,88 +0,0 @@ ---- -id: ui-overview -title: UI Overview ---- - -This section provides a high-level overview of the Cube AI user interface and -common user workflows. - ---- - -## Login - -Users authenticate using their email and password through the Cube AI login page. - -![Cube AI login screen](/img/ui/login.png) - -After successful authentication, users gain access to their available domains. - ---- - -## Domains - -Domains represent isolated execution environments. - -A selected domain determines: - -- Available models -- Enabled backends (Ollama, vLLM) -- Permissions and access scope - -Users must select a domain before interacting with models or APIs. - -![Domain selection screen](/img/ui/domains.png) - ---- - -## Models - -Models are scoped to the selected domain. - -Available models can be viewed and selected directly from the Chat interface. -The list of models reflects what is enabled and available in the active domain. - -![Available models in the selected domain](/img/ui/models.png) - ---- - -## Tokens - -The Tokens section allows users to: - -- Create Personal Access Tokens (PATs) -- Define token duration and scopes -- Revoke existing tokens -- Copy tokens for API and tool usage - -Tokens are required for API access and external integrations. - -![Personal Access Token creation screen](/img/ui/pats.png) - ---- - -## Chat and Completions - -The UI provides interactive access to language models through a chat interface. - -Users can: - -- Select a model from the available domain models -- Send prompts and receive responses -- Switch models dynamically -- Execute inference inside a Trusted Execution Environment (TEE) - -Responses are generated securely and are domain-isolated. - -![Chat and model selection screen](/img/ui/chat.png) - ---- - -## Typical User Workflow - -A common workflow looks like this: - -1. Log in to the UI -2. Select a domain -3. Select an available model -4. Create a Personal Access Token -5. Use the token in API calls or external tools diff --git a/docs/ui/user-actions.md b/docs/ui/user-actions.md new file mode 100644 index 0000000..2598ce2 --- /dev/null +++ b/docs/ui/user-actions.md @@ -0,0 +1,181 @@ +--- +id: user-actions +title: User Actions +sidebar_position: 3 +--- + +This section describes common user-facing actions in the Cube AI UI, including +authentication, account verification, password management, and profile-related +operations. + +--- + +## Login + +### Login purpose + +Authenticate to Cube AI using an email and password. + +### Login location in the UI + +Login page. + +![Cube AI login screen](/img/ui/login.png) + +### Login steps + +1. Open the Cube AI UI. +2. Enter your email address and password. +3. Click **Sign in**. + +### Login expected result + +You are authenticated and redirected to the dashboard or your last active domain. + +--- + +## Sign up + +### Sign up purpose + +Create a new Cube AI user account. + +### Sign up steps + +1. Open the Cube AI UI. +2. Click **Sign up**. +3. Enter your email address and password. +4. Submit the registration form. + +![Sign up screen](/img/ui/signup.png) + +### Sign up expected result + +A new account is created and a verification email is sent. + +--- + +## Account verification + +### Account verification purpose + +Verify ownership of the email address associated with a user account. + +### How it works + +After registration, Cube AI may send a verification email containing a secure link, +depending on the deployment configuration. + +### Account verification steps + +1. Open the verification email. +2. Click the verification link. +3. Return to the Cube AI UI. + +### Account verification expected result + +The account is marked as verified and full access is enabled. + +--- + +## Password reset + +### Password reset purpose + +Regain access to an account if the password is forgotten. + +### Password reset location in the UI + +Login page β†’ **Forgot password**. + +![Forgot password screen](/img/ui/forgot-password.png) + +### Password reset steps + +1. Click **Forgot password** on the login page. +2. Enter your email address. +3. Click **Send reset link**. +4. Open the password reset email. +5. Click the reset link. +6. Enter a new password. +7. Confirm the new password. +8. Submit the form. + +### Password reset expected result + +The password is successfully updated and the user can log in using the new password. + +> Note: The password reset form is accessed through the secure link sent to the registered email address. + +--- + +## Change password + +### Change password purpose + +Update the account password while logged in. + +### Change password location in the UI + +Profile page β†’ **Password** tab. + +![Change password screen](/img/ui/change-password.png) + +### Change password steps + +1. Open the user profile page. +2. Navigate to the **Password** section. +3. Enter your current password. +4. Enter and confirm the new password. +5. Click **Update**. + +### Change password expected result + +The password is updated successfully and applies immediately. + +--- + +## Profile management + +### Profile management purpose + +Manage personal account settings. + +### Profile management how to access + +![User profile page](/img/ui/profile-page.png) + +After logging in, users can access profile-related actions from the user menu in +the UI (typically available via the user icon). + +### Profile management available actions + +Depending on configuration and permissions, users may be able to: + +- View their account information +- Update personal details +- Change their password +- View account verification status +- Log out of the application + +Profile actions affect only the user account and do **not** modify domain +membership or role assignments. + +--- + +## Logout + +### Logout purpose + +End the current authenticated session. + +### Logout steps + +![User menu with Log out option](/img/ui/user-menu-logout.png) + +1. Open the user menu. +2. Click **Log out**. + +### Logout expected result + +The session is terminated and the user is redirected to the login page. diff --git a/sidebars.ts b/sidebars.ts index 1c9eeb2..37b6524 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -1,13 +1,10 @@ import type { SidebarsConfig } from '@docusaurus/plugin-content-docs'; -// This runs in Node.js - Don't use client-side code here (browser APIs, JSX...) - const sidebars: SidebarsConfig = { tutorialSidebar: [ // --- Core docs --- 'intro', 'getting-started', - 'ui/ui-overview', 'architecture', 'guardrails', @@ -28,7 +25,7 @@ const sidebars: SidebarsConfig = { items: [ 'api/overview', 'api/authentication', - 'auth/pats', + 'auth/pats', 'api/models', 'api/chat-completions', 'api/completions', @@ -63,6 +60,27 @@ const sidebars: SidebarsConfig = { 'developer-guide/auth-and-request-flow', ], }, + + // --- UI --- + { + type: 'category', + label: 'UI', + items: [ + 'ui/overview', + 'ui/domains', + 'ui/user-actions', + ], + }, + + // --- Security & Access --- + { + type: 'category', + label: 'Security & Access', + items: [ + 'security/roles-and-access-control', + 'security/audit-logs', + ], + }, ], }; diff --git a/static/img/ui/accept-invite.png b/static/img/ui/accept-invite.png new file mode 100644 index 0000000..111ff9f Binary files /dev/null and b/static/img/ui/accept-invite.png differ diff --git a/static/img/ui/assign-user.png b/static/img/ui/assign-user.png new file mode 100644 index 0000000..e365a97 Binary files /dev/null and b/static/img/ui/assign-user.png differ diff --git a/static/img/ui/audit-logs.png b/static/img/ui/audit-logs.png new file mode 100644 index 0000000..ba27420 Binary files /dev/null and b/static/img/ui/audit-logs.png differ diff --git a/static/img/ui/audit-tee-attestation-details.png b/static/img/ui/audit-tee-attestation-details.png new file mode 100644 index 0000000..ca2631b Binary files /dev/null and b/static/img/ui/audit-tee-attestation-details.png differ diff --git a/static/img/ui/audit-tee-attestation.png b/static/img/ui/audit-tee-attestation.png new file mode 100644 index 0000000..00fc684 Binary files /dev/null and b/static/img/ui/audit-tee-attestation.png differ diff --git a/static/img/ui/change-password.png b/static/img/ui/change-password.png new file mode 100644 index 0000000..b26aa13 Binary files /dev/null and b/static/img/ui/change-password.png differ diff --git a/static/img/ui/create-role.png b/static/img/ui/create-role.png new file mode 100644 index 0000000..538bf94 Binary files /dev/null and b/static/img/ui/create-role.png differ diff --git a/static/img/ui/domain-members-roles.png b/static/img/ui/domain-members-roles.png new file mode 100644 index 0000000..2b5656f Binary files /dev/null and b/static/img/ui/domain-members-roles.png differ diff --git a/static/img/ui/forgot-password.png b/static/img/ui/forgot-password.png new file mode 100644 index 0000000..86bd607 Binary files /dev/null and b/static/img/ui/forgot-password.png differ diff --git a/static/img/ui/invitations.png b/static/img/ui/invitations.png new file mode 100644 index 0000000..59efe17 Binary files /dev/null and b/static/img/ui/invitations.png differ diff --git a/static/img/ui/invite-member.png b/static/img/ui/invite-member.png new file mode 100644 index 0000000..420430c Binary files /dev/null and b/static/img/ui/invite-member.png differ diff --git a/static/img/ui/members.png b/static/img/ui/members.png new file mode 100644 index 0000000..36632b5 Binary files /dev/null and b/static/img/ui/members.png differ diff --git a/static/img/ui/password-reset.png b/static/img/ui/password-reset.png new file mode 100644 index 0000000..2086986 Binary files /dev/null and b/static/img/ui/password-reset.png differ diff --git a/static/img/ui/profile-page.png b/static/img/ui/profile-page.png new file mode 100644 index 0000000..0978ab0 Binary files /dev/null and b/static/img/ui/profile-page.png differ diff --git a/static/img/ui/role-actions.png b/static/img/ui/role-actions.png new file mode 100644 index 0000000..94b3a6b Binary files /dev/null and b/static/img/ui/role-actions.png differ diff --git a/static/img/ui/role-details.png b/static/img/ui/role-details.png new file mode 100644 index 0000000..838d913 Binary files /dev/null and b/static/img/ui/role-details.png differ diff --git a/static/img/ui/roles.png b/static/img/ui/roles.png new file mode 100644 index 0000000..4138ac8 Binary files /dev/null and b/static/img/ui/roles.png differ diff --git a/static/img/ui/signup.png b/static/img/ui/signup.png new file mode 100644 index 0000000..f575e6b Binary files /dev/null and b/static/img/ui/signup.png differ diff --git a/static/img/ui/user-menu-logout.png b/static/img/ui/user-menu-logout.png new file mode 100644 index 0000000..ea167bb Binary files /dev/null and b/static/img/ui/user-menu-logout.png differ