Developer HubGitHubContact Us
Search…
Welcome!
Olive Helps
Platform
FAQs
Data Security
Loop Development Kit
Your First Loop
Troubleshooting
Loop Security
Permissions
Environment Permissions
Loop Publication
Loop Analytics Library
Examples
Documentation
Interfaces
Type Alias
Enumerations
Whisper Components
Base Attributes
Autocomplete
Box
Breadcrumb
Button
Chart
CollapseBox
Grid
Checkbox
Date Time
Divider
DropZone
Email
Icon
List Pair
Link
Pagination
Number
Markdown
Message
Password
Progress
Radio
Rating
RichTextEditor
Section Title
Select
Text Input
Telephone
Typography
APTITUDES
What are Aptitudes?
Browser
Clipboard
Config
Cursor
Document
Filesystem
Keyboard
Network
Process
Screen
Search
System
UI
User
Vault
Whisper
Window
Release Notes
What's New
Archive
Powered By GitBook
Loop Security
Your security is important to us!

Loop Sandboxing

All Loops, whether built by Olive or by third parties, are executed in isolated runtime environments. Each Loop runs in its own sandbox: This allows Olive Helps to create device, file, network, and process isolation. In the case of network isolation, each Loop is set to have no network access by default. If the Loop needs access to a specific API for example, then the Loop Author must declare that they need network permission and which domain they plan to access. When a user adds a Loop from the Library, they can see exactly what a Loop is asking to do.
Every network call will come through the Olive Helps ecosystem: https-only traffic is enforced, and access restricted to the domains declared by the Loop Author. Olive also monitors and logs domain access and frequency by every Loop. All activities that Loops do (read a file, make a network request, etc) cannot bypass the Olive Helps ecosystem, ensuring peace of mind.

Loop Signing

All Loops are signed by both the Loop Author and by Olive to ensure the authenticity of the Loops throughout their lifecycle.

Third-party / Partner Loops

Olive Helps is a platform: One that is most powerful when third-parties contribute their expertise and services in the form of Loops. We understand the importance of security in healthcare -- there are processes in place to make sure Loops meet our requirements before ever becoming public.
No Loop is made public in the Loop Library without first being reviewed by the Olive team. The Olive team verifies adherence to security practices and user experience guidelines. We also asses vulnerability through threat modeling, as well as review data flow and asset classification.
If a Loop uses third-party APIs, data will be transferred securely from a user’s desktop to the API using HTTPS enforced by Olive Helps at all times, ensuring encryption at rest and in transit.
Some Loops in the Library may install content via binary files on a user’s local machine -- these will not make calls out to any services. A majority of these Loops request the most updated content from a provisioned source. For instance, a NPI lookup might trigger a Loop that makes a call out to a provider dictionary which is maintained as a central service by Olive.
Loop Development Kit - Previous
Troubleshooting
Next
Permissions
Last modified 4mo ago
Copy link
Contents
Loop Sandboxing
Loop Signing
Third-party / Partner Loops