Security

Read-Only Guarantee

Expressions cannot assign variables, mutate the context, or produce side effects:

• Assignment operators (=, +=, -=, ++, --) are rejected at the parser level

• Mutating methods (.push(), .pop(), .splice(), .sort(), .reverse(), .shift(), .unshift()) are excluded from the method whitelist

• Block-body arrows (x => { ... }) are rejected — no variable declarations or multi-statement logic

• Context serialization — variables are serialized into the Worker's separate V8 heap, so even if an escape is found, mutations cannot propagate back to session state

Blocked Globals

Blocked Globals means that an expression or script cannot access global variables, global objects, or ambient system state. Only explicitly provided inputs are available.

• eval, Function — Code execution

• require, import — Module loading

• process, global, globalThis — Node.js internals

• setTimeout, setInterval — Async operations

• fetch, XMLHttpRequest — Network access

• console — Side effects

• Proxy, Reflect — Meta-programming

Protections

Protections are the enforced safeguards that ensure expressions remain safe, predictable, and non‑abusive, even when they come from untrusted sources. They define what an expression is allowed to do, what it can never do, and how far it is allowed to go.

• Think of protections as the guardrails around the expression engine.

• Worker Isolation: Each expression runs in a separate V8 isolate

• Hard Timeout: worker.terminate() kills hung expressions

• Memory Limits: Worker heap size capped at 64MB (configurable)

• Size Limits: Context, result, string, and array sizes enforced

• Prototype Blocking: No access to __proto__, constructor, prototype

• Auto-Recovery: Crashed workers are automatically replaced