aallam
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 0 additions & 18 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 1 addition & 4 deletions b/‎AGENTS.md‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 0 additions & 1 deletion b/‎CONTRIBUTING.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎README.md‎
Lines changed: 6 additions & 7 deletions b/‎README.md‎
Lines changed: 6 additions & 7 deletions
diff --git a/‎benchmarks/results.md‎
Lines changed: 0 additions & 1 deletion b/‎benchmarks/results.md‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎docs/architecture/README.md‎
Lines changed: 7 additions & 10 deletions b/‎docs/architecture/README.md‎
Lines changed: 7 additions & 10 deletions
diff --git a/‎docs/architecture/execbox-core.md‎
Lines changed: 1 addition & 2 deletions b/‎docs/architecture/execbox-core.md‎
Lines changed: 1 addition & 2 deletions
@@ -61,24 +61,6 @@ jobs:
       - name: Run security-focused tests
         run: npm run test:security
 
-  isolated-vm-security:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Use Node.js 24
-        uses: actions/setup-node@v4
-        with:
-          node-version: 24
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Run isolated-vm security lane
-        run: npm run test:isolated-vm
-
   docs:
     runs-on: ubuntu-latest
 
 
@@ -4,7 +4,7 @@
 
 - `execbox` is a Node.js 22+ npm workspace that publishes the `@execbox/*` package family.
 - Core source lives under `packages/*/src`, tests live under `packages/*/__tests__`, runnable examples live under `examples/`, and the public docs site lives under `docs/`.
-- The workspace currently contains `@execbox/core`, `@execbox/quickjs`, `@execbox/remote`, and `@execbox/isolated-vm`.
+- The workspace currently contains `@execbox/core`, `@execbox/quickjs`, and `@execbox/remote`.
 - Keep changes aligned with existing package boundaries. Prefer changing the owning package instead of introducing cross-package shortcuts.
 
 ## Setup Commands
@@ -17,8 +17,6 @@
 - Validate published package metadata and type resolution: `npm run package:check`
 - Build docs site: `npm run docs:build`
 - Run security-focused suites: `npm run test:security`
-- Run isolated-vm tests only when needed: `npm run test:isolated-vm`
-- Run the full isolated-vm verification lane: `npm run verify:isolated-vm`
 
 ## Codebase Conventions
 
@@ -35,7 +33,6 @@
 - If you change the public API of any entrypoint listed in `scripts/workspace-entrypoints.ts`, including `@execbox/core/runtime` and `@execbox/quickjs/remote-endpoint`, also run `npm run api:check`.
 - If you change docs site content, navigation, or VitePress config, also run `npm run docs:build`.
 - If you touch execution boundaries, timeout handling, abort propagation, schema validation, or log/memory controls, also run `npm run test:security`.
-- If you touch `@execbox/isolated-vm` or codepaths guarded by `VITEST_INCLUDE_ISOLATED_VM`, run `npm run test:isolated-vm` or `npm run verify:isolated-vm`.
 
 ## Security Notes
 
 
@@ -23,7 +23,6 @@ This guide is for both humans and coding agents. Agent-specific operating instru
 - Package export, manifest, or published type-resolution changes: `npm run package:check`
 - Docs site changes: `npm run docs:build`
 - Security or execution-boundary changes: `npm run test:security`
-- `@execbox/isolated-vm` changes: `npm run test:isolated-vm` or `npm run verify:isolated-vm`
 
 Choose the smallest verification set that covers your change, and include the commands you ran in your PR or handoff notes when the context would help reviewers.
 
 
@@ -6,20 +6,19 @@ Portable code execution for [Model Context Protocol](https://modelcontextprotoco
 
 [![License](https://img.shields.io/github/license/aallam/execbox?style=flat-square)](https://github.com/aallam/execbox/blob/main/LICENSE)
 [![Docs](https://img.shields.io/badge/docs-site-0ea5e9?style=flat-square)](https://execbox.aallam.com)
-[![Packages](https://img.shields.io/badge/packages-4-111827?style=flat-square)](#package-map)
+[![Packages](https://img.shields.io/badge/packages-3-111827?style=flat-square)](#package-map)
 
 </div>
 
 Execbox turns host tool catalogs into callable guest namespaces, supports MCP wrapping on both sides of the boundary, and lets you place guest JavaScript where it fits your deployment: inline, behind a worker or child-process host, or across your own remote transport.
 
 ## Package Map
 
-| Package                                           | npm                                                                                                                                   | What it is for                                                                            |
-| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
-| [`@execbox/core`](./packages/core/)               | [![npm](https://img.shields.io/npm/v/%40execbox%2Fcore?style=flat-square)](https://www.npmjs.com/package/@execbox/core)               | Core execution contract, provider resolution, MCP adapters, and runtime/protocol subpaths |
-| [`@execbox/quickjs`](./packages/quickjs/)         | [![npm](https://img.shields.io/npm/v/%40execbox%2Fquickjs?style=flat-square)](https://www.npmjs.com/package/@execbox/quickjs)         | QuickJS executor for inline, worker, and process hosts                                    |
-| [`@execbox/remote`](./packages/remote/)           | [![npm](https://img.shields.io/npm/v/%40execbox%2Fremote?style=flat-square)](https://www.npmjs.com/package/@execbox/remote)           | Transport-backed remote executor                                                          |
-| [`@execbox/isolated-vm`](./packages/isolated-vm/) | [![npm](https://img.shields.io/npm/v/%40execbox%2Fisolated-vm?style=flat-square)](https://www.npmjs.com/package/@execbox/isolated-vm) | `isolated-vm` backend for execbox                                                         |
+| Package                                   | npm                                                                                                                           | What it is for                                                                            |
+| ----------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
+| [`@execbox/core`](./packages/core/)       | [![npm](https://img.shields.io/npm/v/%40execbox%2Fcore?style=flat-square)](https://www.npmjs.com/package/@execbox/core)       | Core execution contract, provider resolution, MCP adapters, and runtime/protocol subpaths |
+| [`@execbox/quickjs`](./packages/quickjs/) | [![npm](https://img.shields.io/npm/v/%40execbox%2Fquickjs?style=flat-square)](https://www.npmjs.com/package/@execbox/quickjs) | QuickJS executor for inline, worker, and process hosts                                    |
+| [`@execbox/remote`](./packages/remote/)   | [![npm](https://img.shields.io/npm/v/%40execbox%2Fremote?style=flat-square)](https://www.npmjs.com/package/@execbox/remote)   | Advanced transport-backed executor for app-owned runtime boundaries                       |
 
 ## Examples
 
 
@@ -154,4 +154,3 @@ This suite only measures the parent Node process. It does not attempt to attribu
 - It does not prove exact throughput rankings for every workload or host. The concurrency and tool-call suites are still sensitive to local scheduler noise.
 - It does not prove memory behavior for `QuickJsExecutor({ host: "process" })`, because the memory suite intentionally avoids reporting child-process RSS as if it were host-process memory.
 - It does not measure `RemoteExecutor`, because remote performance depends on the caller-owned transport and remote runtime deployment.
-- It does not measure `IsolatedVmExecutor`, which has a separate native/runtime verification lane.
@@ -11,7 +11,7 @@ This Concepts section is for two audiences:
 
 - Start here for the package map, trust model, and overall flow.
 - Read [execbox-core.md](./execbox-core.md) for provider resolution, execution contracts, and error handling.
-- Read [execbox-executors.md](./execbox-executors.md) for QuickJS host modes, remote execution, and `isolated-vm` trade-offs.
+- Read [execbox-executors.md](./execbox-executors.md) for QuickJS host modes and remote execution trade-offs.
 - Read [execbox-mcp-and-protocol.md](./execbox-mcp-and-protocol.md) for MCP wrapping and where `@execbox/core/protocol` fits.
 - Read [execbox-remote-workflow.md](./execbox-remote-workflow.md) for the end-to-end remote execution control flow.
 - Read [execbox-protocol-reference.md](./execbox-protocol-reference.md) for the protocol message catalog and session rules.
@@ -27,27 +27,24 @@ flowchart LR
     CORE["@execbox/core<br/>provider resolution + MCP adapters + runtime helpers"]
     QJS["@execbox/quickjs<br/>QuickJS executor + reusable runner"]
     REM["@execbox/remote<br/>transport-backed remote executor"]
-    IVM["@execbox/isolated-vm<br/>in-process isolated-vm executor + reusable runner"]
     PROTO["@execbox/core/protocol<br/>transport messages + shared host session"]
     MCP["MCP sources and wrapped servers"]
 
     APP --> CORE
     APP --> QJS
     APP --> REM
-    APP --> IVM
     CORE --> MCP
     QJS --> PROTO
     REM --> PROTO
 ```
 
 ### Package Roles
 
-| Package                | Role                                                                                                         |
-| ---------------------- | ------------------------------------------------------------------------------------------------------------ |
-| `@execbox/core`        | App-facing core types, provider resolution, MCP adapters, plus runtime and protocol subpaths                 |
-| `@execbox/quickjs`     | Default QuickJS executor package with inline, worker-hosted, and process-hosted modes plus a reusable runner |
-| `@execbox/remote`      | Transport-backed executor that runs against an app-defined runner boundary                                   |
-| `@execbox/isolated-vm` | Alternate executor backend using a fresh `isolated-vm` context and a reusable isolated-vm runner             |
+| Package            | Role                                                                                                         |
+| ------------------ | ------------------------------------------------------------------------------------------------------------ |
+| `@execbox/core`    | App-facing core types, provider resolution, MCP adapters, plus runtime and protocol subpaths                 |
+| `@execbox/quickjs` | Default QuickJS executor package with inline, worker-hosted, and process-hosted modes plus a reusable runner |
+| `@execbox/remote`  | Transport-backed executor that runs against an app-defined runner boundary                                   |
 
 ## End-to-End Execution Model
 
@@ -102,4 +99,4 @@ Key implications:
 
 ## Architecture In One Paragraph
 
-`@execbox/core` owns the app-facing execution contract, provider resolution, MCP adapters, and the `@execbox/core/protocol` transport surface. Runtime implementers use `@execbox/core/runtime` for shared dispatch, manifest, timeout, log, and normalization helpers. `@execbox/quickjs` and `@execbox/isolated-vm` each expose a runtime-specific reusable runner. Hosted `@execbox/quickjs` modes and `@execbox/remote` sit on top of `@execbox/core/protocol`, which owns the transport boundary: message shapes, shared host sessions, and reusable resource pools for transport-backed execution.
+`@execbox/core` owns the app-facing execution contract, provider resolution, MCP adapters, and the `@execbox/core/protocol` transport surface. Runtime implementers use `@execbox/core/runtime` for shared dispatch, manifest, timeout, log, and normalization helpers. `@execbox/quickjs` exposes the default runtime-specific reusable runner. Hosted `@execbox/quickjs` modes and `@execbox/remote` sit on top of `@execbox/core/protocol`, which owns the transport boundary: message shapes, shared host sessions, and reusable resource pools for transport-backed execution.
@@ -106,7 +106,6 @@ sequenceDiagram
 This seam is what lets execbox share semantics across:
 
 - the in-process QuickJS executor
-- the in-process `isolated-vm` executor
 - transport-backed executors that reuse the same manifest and dispatcher model through `@execbox/core/protocol`
 
 without forcing every runtime through the same transport implementation.
@@ -190,7 +189,7 @@ Executors are responsible for their own runtime-specific classification rules, b
 
 ## Why the Core Stays Small
 
-The core package does not own QuickJS, `isolated-vm`, worker threads, or transport mechanics. That separation keeps the core useful for:
+The core package does not own QuickJS, worker threads, child processes, or transport mechanics. That separation keeps the core useful for:
 
 - direct in-process runtimes
 - worker-backed runtimes