Document the formal sandbox model and permissions specification for .pweb bundles. This is a prerequisite for spec v1.0.
Should cover:
- Default-deny capability model
- The nine capability categories and their viewer tier requirements
- How capabilities are declared in
manifest.json
- Runtime enforcement rules (what the viewer must block/allow)
- Origin isolation model (
bundle:// synthetic origin)
- CSP injected by the viewer
- External link interception behaviour
- Storage scoping rules
See MANIFEST.md and the capability table in CLAUDE.md for the current draft.
Document the formal sandbox model and permissions specification for .pweb bundles. This is a prerequisite for spec v1.0.
Should cover:
manifest.jsonbundle://synthetic origin)See
MANIFEST.mdand the capability table inCLAUDE.mdfor the current draft.