You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/security.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
Execbox provides defense-in-depth controls for guest code execution. The isolation level you get depends on the executor and deployment boundary you choose.
4
4
5
-
## What execbox does provide
5
+
## What execbox provides
6
6
7
7
- Fresh execution state per call
8
8
- JSON-only tool and result boundaries
@@ -11,7 +11,7 @@ Execbox provides defense-in-depth controls for guest code execution. The isolati
11
11
- Timeout and memory controls
12
12
- Abort propagation into in-flight host tool work
13
13
14
-
## What execbox does not claim
14
+
## Important boundaries
15
15
16
16
- A hard security boundary for hostile or multi-tenant code by default
17
17
- That in-process runtimes are equivalent to a container, VM, or separate trust domain
0 commit comments