Security Scan
Security Scan — shown in full detail, with its proof: a deterministic content-address recomputable from the component's name.
secure interaction · scanning 3-5-8
16 security-by-architecture properties, across three tiers.
3 core
- ✓ zero network by default
- ✓ no secrets in the repo or bundle
- ✓ content-addressed (tamper-evident)
5 structural
- ✓ same-origin peers only (BroadcastChannel)
- ✓ bring-your-own-key, browser-only
- ✓ read-only commands (no writes)
- ✓ text-only rendering (no injected HTML)
- ✓ no eval, no remote code
8 surface
- ✓ no third-party scripts
- ✓ no cookies, no tracking
- ✓ permission-gated sensors
- ✓ ephemeral keys (no persistent secret)
- ✓ offline-capable (same-origin GET)
- ✓ secure context for Web Crypto
- ✓ deterministic and recomputable
- ✓ open source and auditable
⚠ Not a formal audit or pentest — it describes how the design avoids whole classes of risk.
✓ proven · content-address 5f0099a6-adc8-8f33-8191-d8cddadc937e — declared, placed, mounted, and recomputable from the component's name.