# TUTORIAL: SYFT-PERM IN 10 MINUTES

## Common Ground
Everyone needs to modify permissions in SyftBox files - whether you're sharing data with specific users, making files public, or restricting access to sensitive information.

## Problem 1: Knowing Permissions

Knowing the permission of a file is tricky because you need to:
- **Find the syft.pub.yaml** It could be anywhere in the parent folder to a file
- **Interpret permission correctly** There's a complex internal permission logic which decides how pub files translate into actual permissions
- **Hope you got it right:** The only way to truly know if you got it right is to open up two datasites and see if a file gets synced through the server in the way you expect. 

## Problem 2: Editing Permissions

Modifying `syft.pub.yaml` files manually is:
- **Tricky** - Complex YAML structure with patterns, inheritance, and hierarchy rules
- **Error-prone** - Silent failures when patterns don't match or inheritance doesn't work as expected
- **Time-consuming** - Need to understand glob patterns, permission levels, and file limits

## Solution
**syft-perm** provides utility functions and `SyftFile`/`SyftFolder` classes that make permissions easy:
- Simple SyftFile/SyftFolder object which applies to existing files and has .getter and .setter methods
- Automatic YAML generation and validation
- **Bonus:** Jupyter widgets for seeing and updating file/folder permissions
  

## Benefits
SyftBox file permissions become easier to trust and to write correctly the first time, with fewer bugs and clearer outcomes.

# Part 1: Installation and Setup

- Step 1: Download and run [SyftBox](https://www.syftbox.net/#downloads)
- Step 2: pip install syft-perm

In [1]:
# !pip install syft-perm -U

In [2]:
#note: it's helpful to use "sp" because of some copy-paste functionality in the UI
import syft_perm as sp 
import syft_core as sc

In [3]:
sp.__version__

'0.3.91'

# Part 2: Sign my Guestbook (and learn the UIs)

There are three core user interfaces:
- The filesystem feed (syft_perm.files)
- The syftbox file editor
- The permission updater

Let's use them to sign the guestbook!

In [8]:
# the filesystem feed

# In the searchbar — type "andrew@ guestbook" and click "guestbook.txt"... this will COPY TO CLIPBOARD
sp.files

In [9]:
# PASTE the code you copied into the cell below... and run it

In [10]:
sp.open("syft://andrew@openmined.org/guestbook.txt") # instead of my email it should show yours

In [11]:
# the permission updater — you can also get this by clicking "Share"
f = sp.open("syft://andrew@openmined.org/guestbook.txt")

# as you can see, you can modify this file because * has WRITE permissions
f.share

In [9]:
# Now try to open the "antiguestbook" and try to add yourself to it
sp.files.search("andrew@openmined.org antiguestbook.txt")

In [12]:
# if you clicked the row above, it'll create this python you can run
sp.open("syft://andrew@openmined.org/public/antiguestbook.txt")

### OH NO!! Why can't I edit the file?

You don't have permission to edit this file... and andrew@openmined.org is the admin who decided. You can see this in the permission!

In [13]:
f = sp.open("syft://andrew@openmined.org/public/antiguestbook.txt")
f.share

In [14]:
# you can also see why you do/don't have permission here (put your email in instead of mine)
print(f.explain_permissions("andrew@openmined.org"))

Permission analysis for andrew@openmined.org on /Users/atrask/SyftBox/datasites/andrew@openmined.org/public/antiguestbook.txt:

ADMIN: ✓ GRANTED
  • Owner of path

WRITE: ✓ GRANTED
  • Owner of path

CREATE: ✓ GRANTED
  • Owner of path

READ: ✓ GRANTED
  • Owner of path




# Part 3: Create your own guestbook! (create and permission your first file)

Time to create your first SyftFile! First start by creating a file:

1) Literally go to your filesystem and create one (usually ~/SyftBox/your@email/public/guestbook.txt)
2) Use the python widget to create one

In [15]:
# let's start by creating one in our filesystem

# this is your datasite path
# create a file at this path + /public
path = sc.Client.load().datasite_path
path

PosixPath('/Users/atrask/SyftBox/datasites/andrew@openmined.org')

In [16]:
# this is your email
# this is your datasite path
# create a file at this path + /public
email = sc.Client.load().email
email

'andrew@openmined.org'

In [17]:
# Create the guestbook.txt file in that directory
guestbook_path = path / 'guestbook.txt'

# Write to the file (this will create it if it doesn't exist)
guestbook_path.write_text('Please sign my guestbook! \n\nBob Vance: I love refrigeration!')

60

In [18]:
# see your guestbook in syft_perm.files by searching your email and the word "guestbook"

sp.files.search(sc.Client.load().email + " guestbook")

In [19]:
# if you click your file it'll copy-something like the following to your clipboard! Try it!
sp.open("syft://"+email+"/guestbook.txt")

In [20]:
# Now you need to modify the permissions to let anyone WRITE to this file. In the widget 
# above, you can click the "Share" button and set the "*" user to "WRITE" OR you can do the following

f = sp.open("syft://"+email+"/guestbook.txt")
f.grant_write_access("*")



In [21]:
# And voila! Now anyone can sign your guestbook!

# Part 4: Ask a friend to sign your guestbook!!

All you have to do is send them this tutorial and they can become a part of the private AI movement!

(lol just kidding)

# Part 5: Let's Practice the Python API!

Widgets are great... but sometimes you need programmatic control. Let's practice with the API by creating a collaborative project folder!

In [22]:
syft_file = sp.open("syft://"+email+"/guestbook.txt")
syft_folder = sp.open("syft://"+email+"/")

In [23]:
# # setters
# syft_file.grant_admin_access('email@company.org') # gives email@company.org the ability to modify permissions for this file
# syft_file.grant_create_access('email@company.org') # gives email@company.org the ability to create this file (doesn't mean much... more for folders)
# syft_file.grant_write_access('email@company.org') # gives email@company.org the ability to edit this file
# syft_file.grant_read_access('email@company.org') # gives email@company.org the ability to read this file

# # getters
# syft_file.has_admin_access('email@company.org')
# syft_file.has_create_access('email@company.org')
# syft_file.has_write_access('email@company.org')
# syft_file.has_read_access('email@company.org')

In [24]:
# special functions

# lists all the reasons someone has each level of permission (there can be mulitple syft.pub.yaml rules affecting a permission)
print(syft_file.explain_permissions(email))

Permission analysis for andrwe@openmined.org on /Users/atrask/SyftBox/datasites/andrew@openmined.org/guestbook.txt:

ADMIN: ✗ DENIED
  • Pattern 'guestbook.txt' matched

WRITE: ✓ GRANTED
  • Explicitly granted write in /Users/atrask/SyftBox/datasites/andrew@openmined.org
  • Pattern 'guestbook.txt' matched
  • Public access (*)

CREATE: ✓ GRANTED
  • Included via write permission in /Users/atrask/SyftBox/datasites/andrew@openmined.org
  • Pattern 'guestbook.txt' matched
  • Public access (*)

READ: ✓ GRANTED
  • Included via write permission in /Users/atrask/SyftBox/datasites/andrew@openmined.org
  • Pattern 'guestbook.txt' matched
  • Public access (*)




In [25]:
# Let's create a project folder and set up permissions programmatically
project_path = path / 'awesome_project'
project_path.mkdir(exist_ok=True)

# Create some project files
(project_path / 'README.md').write_text('# Awesome AI Project\n\nThis is our collaborative AI project!')
(project_path / 'data.csv').write_text('id,value\n1,100\n2,200\n3,300')
(project_path / 'secret_key.txt').write_text('SUPER_SECRET_API_KEY_12345')

26

In [26]:
# Now let's set different permissions for different files
folder = sp.open(f"syft://{email}/awesome_project")

# Let's see what permissions our folder has by default
folder

In [27]:
# Make the README public
readme = sp.open(f"syft://{email}/awesome_project/README.md")
readme.grant_read_access("*")
print("README is now public!")

README is now public!


In [31]:
# Share the data with a specific collaborator (you can use a friend's email or a fake one)
data_file = sp.open(f"syft://{email}/awesome_project/data.csv")
collaborator_email = "liamtrask@gmail.com"  # Replace with a real email if you have one
data_file.grant_read_access(collaborator_email)
data_file.grant_write_access(collaborator_email)
print(f"Shared data.csv with {collaborator_email}!")

Shared data.csv with liamtrask@gmail.com!


In [32]:
# Keep the secret key private (it should already be private by default)
secret = sp.open(f"syft://{email}/awesome_project/secret_key.txt")
print("Let's check who has access to our secret:")
secret

Let's check who has access to our secret:


In [33]:
# Practice using the getter methods
print(f"Does {collaborator_email} have read access to data.csv? {data_file.has_read_access(collaborator_email)}")
print(f"Does {collaborator_email} have write access to data.csv? {data_file.has_write_access(collaborator_email)}")
print(f"Does public have read access to README? {readme.has_read_access('*')}")
print(f"Does public have read access to secret? {secret.has_read_access('*')}")

Does liamtrask@gmail.com have read access to data.csv? True
Does liamtrask@gmail.com have write access to data.csv? True
Does public have read access to README? True
Does public have read access to secret? False


In [34]:
# Use explain_permissions to understand why permissions are set the way they are
print("Why does Alice have permissions on data.csv?")
print(data_file.explain_permissions(collaborator_email))

Why does Alice have permissions on data.csv?
Permission analysis for liamtrask@gmail.com on /Users/atrask/SyftBox/datasites/andrew@openmined.org/awesome_project/data.csv:

ADMIN: ✗ DENIED
  • Pattern 'data.csv' matched

WRITE: ✓ GRANTED
  • Explicitly granted write in /Users/atrask/SyftBox/datasites/andrew@openmined.org/awesome_project
  • Pattern 'data.csv' matched

CREATE: ✓ GRANTED
  • Included via write permission in /Users/atrask/SyftBox/datasites/andrew@openmined.org/awesome_project

READ: ✓ GRANTED
  • Included via write permission in /Users/atrask/SyftBox/datasites/andrew@openmined.org/awesome_project
  • Pattern 'data.csv' matched




# Part 6: How does the permission system work? Let's EXPLORE!

Instead of just reading about it, let's explore the syft.pub.yaml files that were created!

In [35]:
# Let's look at the YAML file that was created for our project
yaml_path = project_path / 'syft.pub.yaml'
if yaml_path.exists():
    print("Here's the syft.pub.yaml for our project folder:")
    print(yaml_path.read_text())
else:
    print("No syft.pub.yaml in the project folder yet!")

Here's the syft.pub.yaml for our project folder:
rules:
- pattern: README.md
  access:
    admin: []
    write: []
    create: []
    read:
    - '*'
- pattern: data.csv
  access:
    admin: []
    write:
    - andrew@openmined.org
    - liamtrask@gmail.com
    create: []
    read:
    - andrew@openmined.org
    - liamtrask@gmail.com



In [36]:
# Let's check your main datasite folder's syft.pub.yaml
main_yaml = path / 'syft.pub.yaml'
print("Your main datasite syft.pub.yaml:")
print(main_yaml.read_text())

Your main datasite syft.pub.yaml:
rules:
- pattern: '*'
  access:
    admin:
    - andrew@openmined.org
    write:
    - andrew@openmined.org
    read:
    - '*'
- pattern: guestbook.txt
  access:
    admin: []
    write:
    - '*'
    create:
    - '*'
    read:
    - '*'



In [37]:
# Let's manually edit permissions by creating a syft.pub.yaml!
# This is what syft-perm does behind the scenes

yaml_content = """rules:
- pattern: 'README.md'
  access:
    read:
    - '*'
- pattern: 'data.csv'
  access:
    read:
    - alice@example.com
    write:
    - alice@example.com
- pattern: 'secret_key.txt'
  access:
    read: []
    write: []
"""

(project_path / 'syft.pub.yaml').write_text(yaml_content)
print("Created syft.pub.yaml manually!")

Created syft.pub.yaml manually!


In [38]:
# Now let's verify the permissions match what we set
print("Checking if manual YAML matches our API calls:")
readme_check = sp.open(f"syft://{email}/awesome_project/README.md")
readme_check

Checking if manual YAML matches our API calls:


### Key Insights:
- syft.pub.yaml files control permissions for files in the same directory
- Patterns can match specific files or use wildcards
- The API just creates and modifies these YAML files for you!

# Part 7: How does permission enforcement work? Let's TEST it!

Let's create scenarios to see enforcement in action.

In [39]:
# Create a read-only file for testing
test_file = path / 'test_readonly.txt'
test_file.write_text('This file is read-only for everyone except the owner!')

# Set it to read-only for public
readonly = sp.open(f"syft://{email}/test_readonly.txt")
readonly.grant_read_access("*")
print("Created read-only test file")

Created read-only test file


In [40]:
# Let's check what happens when someone without write permission tries to edit
print("Permissions for public user on readonly file:")
print(readonly.explain_permissions("someone@else.com"))

Permissions for public user on readonly file:
Permission analysis for someone@else.com on /Users/atrask/SyftBox/datasites/andrew@openmined.org/test_readonly.txt:

ADMIN: ✗ DENIED
  • Pattern 'test_readonly.txt' matched

WRITE: ✗ DENIED
  • Pattern 'test_readonly.txt' matched

CREATE: ✗ DENIED
  • Pattern 'test_readonly.txt' matched

READ: ✓ GRANTED
  • Explicitly granted read in /Users/atrask/SyftBox/datasites/andrew@openmined.org
  • Pattern 'test_readonly.txt' matched
  • Public access (*)




In [42]:
# Create a folder where only specific users can create files
restricted_folder = path / 'restricted_uploads'
restricted_folder.mkdir(exist_ok=True)

folder_obj = sp.open(f"syft://{email}/restricted_uploads")
folder_obj.grant_read_access("*")  # Everyone can see what's inside
folder_obj.grant_create_access("liamtrask@gmail.com")  # But only trusted user can add files

print("Created restricted folder - only trusted@user.com can create files here!")

Created restricted folder - only trusted@user.com can create files here!


In [44]:
# Test the enforcement by checking permissions
print("Can random@user.com create files in restricted folder?")
print(f"Has create access: {folder_obj.has_create_access('random@user.com')}")
print("\nCan our trusted user, liamtrask@gmail.com, create files?")
print(f"Has create access: {folder_obj.has_create_access('trusted@user.com')}")

Can random@user.com create files in restricted folder?
Has create access: False

Can our trusted user, liamtrask@gmail.com, create files?
Has create access: False


### What happens behind the scenes:
- **READ violation:** The cache server won't send files you can't read
- **CREATE violation:** Files created without permission won't sync
- **WRITE violation:** Edits without permission won't be accepted
- **ADMIN violation:** Permission changes without admin rights are ignored

# Part 8: What if permissions conflict? Let's CREATE conflicts!

Let's explore permission inheritance and conflicts hands-on.

In [45]:
# Create a nested folder structure
parent_folder = path / 'parent_project'
child_folder = parent_folder / 'child_data'
grandchild_folder = child_folder / 'sensitive'

# Create all folders
grandchild_folder.mkdir(parents=True, exist_ok=True)

# Create files at different levels
(parent_folder / 'parent_file.txt').write_text('File in parent folder')
(child_folder / 'child_file.txt').write_text('File in child folder')
(grandchild_folder / 'secret.txt').write_text('Very sensitive data')

print("Created nested folder structure!")

Created nested folder structure!


In [46]:
# Set permissions at parent level - make everything readable
parent = sp.open(f"syft://{email}/parent_project")
parent.grant_read_access("*")
print("Granted public read access to parent folder")

Granted public read access to parent folder


In [47]:
# Check if child inherits permissions
child_file = sp.open(f"syft://{email}/parent_project/child_data/child_file.txt")
print("Does child file inherit read permission from parent?")
child_file

Does child file inherit read permission from parent?


In [48]:
# Now let's create a conflict - try to restrict the grandchild
sensitive = sp.open(f"syft://{email}/parent_project/child_data/sensitive")
# Remove public access (trying to override parent)
sensitive.revoke_read_access("*")
print("Tried to revoke public access from sensitive folder")

Tried to revoke public access from sensitive folder


In [49]:
# Check what actually happened
secret_file = sp.open(f"syft://{email}/parent_project/child_data/sensitive/secret.txt")
print("Can public still read the secret file?")
print(secret_file.explain_permissions("*"))

Can public still read the secret file?
Permission analysis for * on /Users/atrask/SyftBox/datasites/andrew@openmined.org/parent_project/child_data/sensitive/secret.txt:

ADMIN: ✗ DENIED
  • Pattern '**' matched

WRITE: ✗ DENIED
  • Pattern '**' matched

CREATE: ✗ DENIED
  • Pattern '**' matched

READ: ✗ DENIED
  • Pattern '**' matched




In [50]:
# Let's use terminal nodes to stop inheritance!
# First, let's look at the current YAML files
print("Parent folder YAML:")
parent_yaml = parent_folder / 'syft.pub.yaml'
if parent_yaml.exists():
    print(parent_yaml.read_text())

Parent folder YAML:
rules:
- pattern: '**'
  access:
    admin: []
    write: []
    create: []
    read:
    - '*'



In [51]:
# Create a terminal node to block inheritance
terminal_yaml = """rules:
- pattern: '*'
  terminal: true
  access:
    read: []
    write: []
"""

(grandchild_folder / 'syft.pub.yaml').write_text(terminal_yaml)
print("Created terminal node in sensitive folder!")

Created terminal node in sensitive folder!


In [52]:
# Now check if inheritance is blocked
secret_file_terminal = sp.open(f"syft://{email}/parent_project/child_data/sensitive/secret.txt")
print("After terminal node - can public read secret?")
secret_file_terminal

After terminal node - can public read secret?


### Key Conflict Resolution Rules:
1. **Inheritance:** Child folders inherit parent permissions by default
2. **More specific wins:** A file's own permissions override folder permissions  
3. **Terminal nodes:** Can stop inheritance from parent folders
4. **Admin always wins:** The folder owner (admin) has final say

# Part 9: Tips and Tricks - Let's DISCOVER UI Features!

The UIs have lots of little features. Let's explore them interactively!

In [53]:
# Tip 1: syft_perm.files is a newsfeed for file edits, useful for:
# - observing network activity
# - debugging federated app state (files are state!)

# notice how if you edit a file - that file pops up to the top and is colorful!
sp.files

In [54]:
# Tip 2: Search operators in sp.files
print("Try these search patterns in the widget below:")
print("1. 'admin:yourname@email.com' - Find files where you're admin")
print("2. '*.csv' - Find all CSV files")
print("3. 'user:alice@example.com' - Find files Alice has access to")
print("4. Use quotes for exact phrases: \"awesome project\"")

sp.files

Try these search patterns in the widget below:
1. 'admin:yourname@email.com' - Find files where you're admin
2. '*.csv' - Find all CSV files
3. 'user:alice@example.com' - Find files Alice has access to
4. Use quotes for exact phrases: "awesome project"


In [55]:
# Tip 3: The file editor shortcut
print("Click any file path to copy sp.open() code!")
print("Try clicking on different files in the widget above")

Click any file path to copy sp.open() code!
Try clicking on different files in the widget above


In [56]:
# Tip 4: Batch operations
# Let's create multiple files and set permissions in one go

batch_folder = path / 'batch_example'
batch_folder.mkdir(exist_ok=True)

# Create 5 data files
for i in range(5):
    (batch_folder / f'data_{i}.csv').write_text(f'id,value\n{i},{i*100}')

print("Created 5 data files")

Created 5 data files


In [60]:
# Use patterns to set permissions for all at once
batch_yaml = """rules:
- pattern: '**'
  access:
    read:
    - data_team@company.com
    write:
    - data_team@company.com
"""

(batch_folder / 'syft.pub.yaml').write_text(batch_yaml)
print("Set permissions for all CSV files with one pattern!")

Set permissions for all CSV files with one pattern!


In [61]:
# Verify it worked
test_batch = sp.open(f"syft://{email}/batch_example/data_3.csv")
print("Permissions for data_3.csv:")
test_batch

Permissions for data_3.csv:


# Part 10: What does this mean for Privacy & AI? Let's BUILD something!

Instead of just talking about it, let's create a mini federated learning setup!

In [62]:
# Create a federated learning project structure
fl_project = path / 'federated_learning_demo'
fl_project.mkdir(exist_ok=True)

# Create folders for different participants
(fl_project / 'hospital_a').mkdir(exist_ok=True)
(fl_project / 'hospital_b').mkdir(exist_ok=True) 
(fl_project / 'model_aggregator').mkdir(exist_ok=True)
(fl_project / 'results').mkdir(exist_ok=True)

print("Created federated learning project structure!")

Created federated learning project structure!


In [67]:
# Hospital A shares encrypted gradients (not raw data!)
(fl_project / 'hospital_a' / 'gradients_epoch_1.json').write_text(
    '{"gradient": [0.1, -0.2, 0.3], "num_samples": 1000}'
)
(fl_project / 'hospital_a' / 'private_patient_data.csv').write_text(
    'patient_id,diagnosis\n[ENCRYPTED]'
)

# Set permissions - gradients are shared, data is private
gradients_a = sp.open(f"syft://{email}/federated_learning_demo/hospital_a/gradients_epoch_1.json")
gradients_a.grant_read_access("aggregator@openmined.org") # you could replace this email with any datasite trusted to do aggregation

private_data_a = sp.open(f"syft://{email}/federated_learning_demo/hospital_a/private_patient_data.csv")
# No external access to private data!

print("Hospital A: Shared gradients but kept patient data private!")

Hospital A: Shared gradients but kept patient data private!


In [68]:
# Hospital B does the same
(fl_project / 'hospital_b' / 'gradients_epoch_1.json').write_text(
    '{"gradient": [0.2, -0.1, 0.4], "num_samples": 800}'
)

gradients_b = sp.open(f"syft://{email}/federated_learning_demo/hospital_b/gradients_epoch_1.json")
gradients_b.grant_read_access("aggregator@openmined.org")

print("Hospital B: Also sharing only gradients!")

Hospital B: Also sharing only gradients!


In [69]:
# Model aggregator combines gradients and shares results
(fl_project / 'model_aggregator' / 'aggregated_model_v1.json').write_text(
    '{"weights": [0.15, -0.15, 0.35], "performance": 0.89}'
)

# Share results with everyone
results = sp.open(f"syft://{email}/federated_learning_demo/model_aggregator/aggregated_model_v1.json")
results.grant_read_access("*")

print("Aggregator: Combined models and shared results publicly!")

Aggregator: Combined models and shared results publicly!


In [70]:
# Create a public results dashboard
(fl_project / 'results' / 'README.md').write_text("""
# Federated Learning Results

## Privacy-Preserving Medical AI

- **Participants**: 2 hospitals
- **Total Samples**: 1,800 patients 
- **Model Performance**: 89% accuracy
- **Privacy**: No patient data was shared!

### How it works:
1. Each hospital trains on their private data
2. Only model gradients are shared (not data!)
3. Central server aggregates gradients
4. Updated model is shared back

This demonstrates SyftBox's vision: Compute on distributed private data!
""")

results_readme = sp.open(f"syft://{email}/federated_learning_demo/results/README.md")
results_readme.grant_read_access("*")

print("Created public results dashboard!")

Created public results dashboard!


In [71]:
# Let's verify the privacy model works
print("What can the model aggregator see?")
print("\nHospital A gradients:")
print(gradients_a.explain_permissions("model_aggregator@university.edu"))

print("\n" + "="*50 + "\n")

print("Hospital A private data:")
print(private_data_a.explain_permissions("model_aggregator@university.edu"))

What can the model aggregator see?

Hospital A gradients:
Permission analysis for model_aggregator@university.edu on /Users/atrask/SyftBox/datasites/andrew@openmined.org/federated_learning_demo/hospital_a/gradients_epoch_1.json:

ADMIN: ✗ DENIED
  • Pattern 'gradients_epoch_1.json' matched

WRITE: ✗ DENIED
  • Pattern 'gradients_epoch_1.json' matched

CREATE: ✗ DENIED
  • Pattern 'gradients_epoch_1.json' matched

READ: ✗ DENIED
  • Pattern 'gradients_epoch_1.json' matched




Hospital A private data:
Permission analysis for model_aggregator@university.edu on /Users/atrask/SyftBox/datasites/andrew@openmined.org/federated_learning_demo/hospital_a/private_patient_data.csv:

ADMIN: ✗ DENIED
  • No permission found

WRITE: ✗ DENIED
  • No permission found

CREATE: ✗ DENIED
  • No permission found

READ: ✗ DENIED
  • No permission found




In [72]:
# Explore the complete federated learning setup
print("Search for all files in our federated learning demo:")
sp.files.search(f"{email} federated_learning_demo")

Search for all files in our federated learning demo:


# Part 11: Isn't that... kindof a MANUAL/INCONVENIENT way to do Federated Learning?

Yes... other libraries will handle the creation/editing of those kinds of files for you. Try the next tutorial!

## 🎉 Congratulations!

You've just built a mini federated learning system that demonstrates SyftBox's core vision:

1. **Privacy by Design**: Patient data never leaves hospitals
2. **Selective Sharing**: Only aggregated insights are shared
3. **Decentralized Computation**: Each participant computes locally
4. **Transparent Permissions**: Everyone can verify who sees what

### This is the future of AI:
- **More Data**: Access data that was previously locked in silos
- **Better Privacy**: Compute on data without seeing it
- **Real Collaboration**: Multiple parties working together safely
- **Regulatory Compliance**: Respect data sovereignty and privacy laws

### What you learned:
✅ How to use SyftBox permission system  
✅ How to share files selectively  
✅ How permissions inherit and conflict  
✅ How to build privacy-preserving systems  

### Next steps:
- Try building your own privacy-preserving application
- Join the SyftBox community
- Contribute to the open-source project
- Help us build the future of private AI!

Welcome to the Private AI Revolution! 🚀