Five interlocking planes of glass, metal, stone, resin, and chrome surrounding a protected center
PLIEGORS / TRUST CENTERREVIEWED / 2026-07-16

SECURITY / R0-R7

Trust is verified. Not implied.

PliegoRS treats content, builds, plugins, replay, and distribution as explicit trust boundaries with bounded inputs and inspectable evidence.

19findings closedR0–R7evidence acceptedPUBLIC PREVIEW0.0.1 supported
PLG.RS / 01Current posture

A snapshot with a date, not a permanent promise.

These numbers describe the 0.0.1 public preview release and its frozen dependency graph. Every release must reproduce the same gates against its own bytes.

Findings closed
19

1 P0 · 12 P1 · 6 P2

Known vulnerable packages
0

Current audit · 2026-07-16 · 1 maintenance warning

Native targets reproduced
5

Two binary replicas per target

Signed primary assets
15

One exact Ed25519 manifest

Inspect the hardening review
PLG.RS / 02Trust topology

Five boundaries. No invisible handoff.

A value becomes trusted only after the boundary that owns its risk has admitted it. Failure stops publication, replay, import, or installation.

  1. 01

    Filesystem + content

    Root capabilities, no-follow opens, canonical confinement, and byte, depth, count, and graph ceilings.

    Open contract
  2. 02

    Build + artifact

    Guarded staging, rollback replacement, exact output receipts, causal graphs, and verification before explanation.

    Open contract
  3. 03

    Plugins + browser

    Capability admission, same-origin modules, bounded props, serialized updates, reduced motion, and awaited cleanup.

    Open contract
  4. 04

    Replay + sync

    Canonical signatures, explicit authority, contiguous cursors, fork rejection, and verified pages before replay.

    Open contract
  5. 05

    Release + install

    Exact asset sets, two-replica binary agreement, detached Ed25519 signatures, lifecycle smoke tests, and explicit promotion.

    Open contract
PLG.RS / 03Evidence ledger

Security evidence, not decorative badges.

The public ledger summarizes representative controls. The repository preserves the complete threat models, adversarial fixtures, commands, and residual risks.

IDSurfaceEnforced controlEvidenceState
P0Destructive outputOutput paths cannot target the project, an ancestor, a link, or an unowned directory.R1 / ARTIFACT TRUSTCLOSED
P1Preview confinementLoopback by default, bounded workers and queue, finite heartbeats, no linked-file traversal.SECURITY / REVIEWCLOSED
P1Adapter racesGeneration tokens, serialized updates, cancellation, terminal guards, and awaited teardown prevent revival after disposal.R4 / DOM LIFECYCLECLOSED
P1Verified replayUnknown authorities, invalid signatures, gaps, forks, and unsupported event versions fail before replay state exists.R2 / VERIFIED SYNCCLOSED
P2Resource exhaustionContent, manifests, media recipes, props, graphs, ledgers, sources, and staged output have explicit ceilings.SECURITY / REVIEWCLOSED
R6Distribution mutationChanged bytes, extras, missing files, key drift, sidecar drift, and replica disagreement reject the release candidate.R6 / DISTRIBUTIONCLOSED
PLG.RS / 04Release trust

The manifest signs the set, not the story.

The accepted release binds 15 primary assets, five ordered targets, two binary replicas per target, source commit, sizes, hashes, roles, and a detached Ed25519 signature.

Key ID
pliegors-candidate-2026-01
Algorithm
Ed25519
Install lifecycle
install → execute → rollback → uninstall

Boundary: direct installers verify checksum sidecars. Verify the complete signed bundle against this independently published fingerprint for the high-assurance path.

RELEASE / TRUST ROOTsha256:97df5a29b5d4be6f626634b6824eebea5f2e7fcfa9c93ed644a3a2913dad7250
node verify-release-bundle.mjs \
  --dir . \
  --expected-key-fingerprint \
  sha256:97df5a29b5d4be6f626634b6824eebea5f2e7fcfa9c93ed644a3a2913dad7250
Read the distribution contract
PLG.RS / 05Claim boundary

What PliegoRS does not claim matters too.

Security documentation becomes dangerous when it turns a scoped control into a universal promise.

01

External JavaScript is not sandboxed

Capability admission and lifecycle cleanup reduce integration risk; they do not make arbitrary third-party code trustworthy.

02

No future server claim

The completed review covers the static Rust/WASM surface. A server runtime, credentials, and product backend require their own threat models.

03

Integrity is not authority

A content hash detects change. It does not identify a signer, grant permission, or establish provenance without an authority policy.

04

Installer signature verification is external

Network installers verify archive sidecars but do not independently verify the detached Ed25519 signature. The complete bundle verifier is the high-assurance path.

05

One transitive crate is unmaintained

RustSec RUSTSEC-2026-0173 flags the build-time proc-macro-error2 dependency through rstml. No vulnerability is reported; removal remains tracked as a maintenance item.

PLG.RS / 06Support window

Supported means named and bounded.

LineStatusSecurity fixes
0.0.1Public pre-release0.0.1 and main

After 1.0, this table will identify every maintained release line and end-of-support date.

ADVISORIES / CURRENT00

No published advisories.

No advisories are published as of 2026-07-16. This is a disclosure status, not a claim that undiscovered vulnerabilities do not exist.

Open GitHub advisories
PLG.RS / 07Private disclosure

Found a boundary that does not hold? Tell us privately.

Include the version or commit, affected surface, minimal reproduction, impact, prerequisites, mitigations, and your disclosure preference. Never send unrelated credentials, private source, or personal data.

hello@pliegors.dev
  1. 01Acknowledgment

    Complete reports: within 3 business days

  2. 02Initial assessment

    Target: within 7 business days

  3. 03Coordinated disclosure

    Agree a date after a supported fix exists

Good-faith research

Research that avoids privacy violations, data destruction, service degradation, and unauthorized access will be handled constructively. This policy never authorizes testing systems you do not own or have permission to test.