SSVM Sandbox
Skill execution MUST be isolated.
Isolation MUST prevent:
-
Direct OS syscalls outside allowlist
-
Raw network sockets
-
Process spawning without policy
-
Privilege escalation
Enforcement MAY use:
-
WASM sandbox
-
seccomp
-
gVisor / microVM
-
Hardened containers
All IO MUST pass through Bridge API.