Security Policy

DotBoxD is positioned as a safe extension runtime, so we hold its trust boundary to a high standard and document it precisely. Please read the boundary model below before deploying.

Reporting a vulnerability

Please report suspected vulnerabilities privately — do not open a public issue for a security problem.

  • Use GitHub's "Report a vulnerability" (Security → Advisories) on this repository, or
  • email the maintainer (see the GitHub profile of @JKamsker).

Include a description, affected package(s)/version(s), and a minimal reproduction if possible. We aim to acknowledge within a few days and will coordinate a fix and disclosure timeline with you.

Supported versions

DotBoxD is pre-1.0 (0.x). Only the latest published version receives security fixes while the API stabilizes.

The trust boundary — what is and isn't a sandbox

DotBoxD has three distinct execution modes with very different guarantees. Treat them as different security postures:

Mode What runs Boundary?
Safe mode (Kernels) Validated, capability-gated, fuel/quota-metered restricted IR (never C#, IL, reflection, CLR member names, or arbitrary host calls). Compiled kernels are additionally verified before execution. Yes — this is the real in-process boundary DotBoxD is built to defend.
Trusted-plugin mode Normal .NET assemblies loaded via AssemblyLoadContext. No. AssemblyLoadContext is not a security sandbox — loaded code runs with the full permissions of the process. Use only for code you already trust.
Untrusted arbitrary .NET code Any third-party assembly you do not trust. Requires an OS-level boundary — a separate worker process, container, VM, or equivalent. In-process restrictions are not sufficient.

The kernel sandbox defends against runaway resource use, disallowed effects, and disallowed host access for author-supplied logic expressed as IR. It does not turn AssemblyLoadContext into a sandbox and does not make loading untrusted compiled assemblies safe.

For the full threat model, capability/binding model, and the verifier's guarantees, see docs/security/ and the kernel sandbox specification under docs/Specs/.