External JavaScript is not sandboxed
Capability admission and lifecycle cleanup reduce integration risk; they do not make arbitrary third-party code trustworthy.

SECURITY / R0-R7
PliegoRS treats content, builds, plugins, replay, and distribution as explicit trust boundaries with bounded inputs and inspectable evidence.
These numbers describe the 0.0.1 public preview release and its frozen dependency graph. Every release must reproduce the same gates against its own bytes.
1 P0 · 12 P1 · 6 P2
Current audit · 2026-07-16 · 1 maintenance warning
Two binary replicas per target
One exact Ed25519 manifest
A value becomes trusted only after the boundary that owns its risk has admitted it. Failure stops publication, replay, import, or installation.
Root capabilities, no-follow opens, canonical confinement, and byte, depth, count, and graph ceilings.
Open contractGuarded staging, rollback replacement, exact output receipts, causal graphs, and verification before explanation.
Open contractCapability admission, same-origin modules, bounded props, serialized updates, reduced motion, and awaited cleanup.
Open contractCanonical signatures, explicit authority, contiguous cursors, fork rejection, and verified pages before replay.
Open contractExact asset sets, two-replica binary agreement, detached Ed25519 signatures, lifecycle smoke tests, and explicit promotion.
Open contractThe public ledger summarizes representative controls. The repository preserves the complete threat models, adversarial fixtures, commands, and residual risks.
| ID | Surface | Enforced control | Evidence | State |
|---|---|---|---|---|
| P0 | Destructive output | Output paths cannot target the project, an ancestor, a link, or an unowned directory. | R1 / ARTIFACT TRUST | CLOSED |
| P1 | Preview confinement | Loopback by default, bounded workers and queue, finite heartbeats, no linked-file traversal. | SECURITY / REVIEW | CLOSED |
| P1 | Adapter races | Generation tokens, serialized updates, cancellation, terminal guards, and awaited teardown prevent revival after disposal. | R4 / DOM LIFECYCLE | CLOSED |
| P1 | Verified replay | Unknown authorities, invalid signatures, gaps, forks, and unsupported event versions fail before replay state exists. | R2 / VERIFIED SYNC | CLOSED |
| P2 | Resource exhaustion | Content, manifests, media recipes, props, graphs, ledgers, sources, and staged output have explicit ceilings. | SECURITY / REVIEW | CLOSED |
| R6 | Distribution mutation | Changed bytes, extras, missing files, key drift, sidecar drift, and replica disagreement reject the release candidate. | R6 / DISTRIBUTION | CLOSED |
The accepted release binds 15 primary assets, five ordered targets, two binary replicas per target, source commit, sizes, hashes, roles, and a detached Ed25519 signature.
Boundary: direct installers verify checksum sidecars. Verify the complete signed bundle against this independently published fingerprint for the high-assurance path.
sha256:97df5a29b5d4be6f626634b6824eebea5f2e7fcfa9c93ed644a3a2913dad7250node verify-release-bundle.mjs \
--dir . \
--expected-key-fingerprint \
sha256:97df5a29b5d4be6f626634b6824eebea5f2e7fcfa9c93ed644a3a2913dad7250Read the distribution contractSecurity documentation becomes dangerous when it turns a scoped control into a universal promise.
Capability admission and lifecycle cleanup reduce integration risk; they do not make arbitrary third-party code trustworthy.
The completed review covers the static Rust/WASM surface. A server runtime, credentials, and product backend require their own threat models.
A content hash detects change. It does not identify a signer, grant permission, or establish provenance without an authority policy.
Network installers verify archive sidecars but do not independently verify the detached Ed25519 signature. The complete bundle verifier is the high-assurance path.
RustSec RUSTSEC-2026-0173 flags the build-time proc-macro-error2 dependency through rstml. No vulnerability is reported; removal remains tracked as a maintenance item.
| Line | Status | Security fixes |
|---|---|---|
| 0.0.1 | Public pre-release | 0.0.1 and main |
After 1.0, this table will identify every maintained release line and end-of-support date.
No advisories are published as of 2026-07-16. This is a disclosure status, not a claim that undiscovered vulnerabilities do not exist.
Open GitHub advisoriesInclude the version or commit, affected surface, minimal reproduction, impact, prerequisites, mitigations, and your disclosure preference. Never send unrelated credentials, private source, or personal data.
hello@pliegors.devComplete reports: within 3 business days
Target: within 7 business days
Agree a date after a supported fix exists
Research that avoids privacy violations, data destruction, service degradation, and unauthorized access will be handled constructively. This policy never authorizes testing systems you do not own or have permission to test.