Tier 1 of ADR 0009 (#77) — the default confinement tier. Per-OS native primitives behind the one Sandbox trait: lightweight, no external runtime, available on a stock host. High priority: this is the baseline L3 boundary on every platform (Tier 2 micro-VM and Tier 3 Wasm-plugins are opt-in tiers above it).
Per-OS backends
Definition of done
Each OS reports a real, fail-closed SandboxKind (not None) for the axes the platform can enforce, and an honest None only where genuinely unsupported. The CI matrix asserts the reported SandboxKind matches the host's true capability (ADR 0004 D1 / #30).
Refs ADR 0009 (#77). Tracks #35, #57, #50, #51.
Tier 1 of ADR 0009 (#77) — the default confinement tier. Per-OS native primitives behind the one
Sandboxtrait: lightweight, no external runtime, available on a stock host. High priority: this is the baseline L3 boundary on every platform (Tier 2 micro-VM and Tier 3 Wasm-plugins are opt-in tiers above it).Per-OS backends
fs_read/fs_writelanded (PR feat(shell): wire the Landlock fs_write L3 boundary into the engine (#35) #53/feat(core): Landlock fs_read axis with loader/system base allow-list (#31) #54).net+execunder:sandbox_init) — shell L3: macOS (Seatbelt) sandbox backend for the per-OS toggle #50Definition of done
Each OS reports a real, fail-closed
SandboxKind(notNone) for the axes the platform can enforce, and an honestNoneonly where genuinely unsupported. The CI matrix asserts the reportedSandboxKindmatches the host's true capability (ADR 0004 D1 / #30).Refs ADR 0009 (#77). Tracks #35, #57, #50, #51.