Analysis of overhead introduced by the Astraea security engine during file system operations.
- Platform: Android (Termux)
- Engine: Astraea (Rust/Zig, ReleaseFast)
- Runtime: Node.js
- Operation:
fs.readFileSync(10,000 iterations)
| Mode | Total Time (10k ops) | Avg Time per Op |
|---|---|---|
| Native (No Astraea) | 160ms | 0.0160ms |
| Astraea Enabled | 520ms | 0.0520ms |
| Overhead | 360ms | 0.0360ms |
The benchmark measures the round-trip cost of intercepting a libuv file system call, performing V8 stack introspection to attribute the call to a specific JavaScript module, and evaluating the request against the Radix Tree policy engine.
- Attribution (High Cost): V8 stack introspection requires capturing the current stack, iterating frames, and extracting script names. This is the primary contributor to the ~36µs overhead.
- Policy Evaluation (Low Cost): The Rust-based Radix Tree is extremely efficient, typically completing lookups in sub-microsecond time.
- FFI Boundary (Minimal): The transition between Zig (Interceptor) and Rust (Engine) is highly optimized.
An overhead of ~0.036ms (36µs) per I/O call is negligible for the vast majority of Node.js applications, where I/O latency (disk/network) is typically measured in milliseconds. Astraea provides strong security guarantees with a performance impact that is effectively invisible in real-world scenarios.