Security Model

Threat Assumptions

• Guest code may be malformed, hostile, or generated by unreliable systems.
• The host process is trusted.
• Host capability implementations are trusted but may fail.

Deployment Guarantees

Addon Mode

• In-process execution
• Low latency
• Best-effort containment only
• Not a hard boundary against memory-safety or logic bugs

Sidecar Mode

• Separate process boundary
• Better crash containment
• Easier forceful termination
• Recommended for untrusted or resource-heavy guest code

Hardened Sidecar

Use sidecar mode with host-managed OS controls for adversarial inputs.

Security-Sensitive Boundaries

• Parser and validator
• Host value conversion
• Bytecode loading
• Snapshot loading
• Sidecar protocol decoding

The maintained hostile-input suites, fuzz entry points, and denial-of-service audit notes live in docs/HARDENING.md.

Security Issue Criteria

The following are security issues:

• Guest access to forbidden ambient authority
• Unsafe deserialization of compiled programs or snapshots
• Host object or native handle leakage across the boundary
• Limits or cancellation failures that invalidate documented guarantees