Security in DΛREΛKT_ is not a feature. It is a structural property. 16 hardening levels, each building on the last, each auditable, each reversible.
From capability tokens to hash-chain evidence, from SRI enforcement to egress gate capture. Every layer exists because the web demanded it.
N0–N4 // Capability tokens bound to { op, moduleId, sessionId }. Single-use, expiring.
N5–N8 // Hash-chain evidence with server-signed anchoring. SPKI key pinning.
N9–N12 // Egress gate capturing fetch/XHR/WebSocket/beacon. CSP tightening. Security modes.
N13–N16 // URL validation with IPv6/octal/hex normalization. Nonce replay protection. Channel rotation.
Tokens bound to { op, moduleId, sessionId }. Cannot be replayed.
Single-use, expiring, closure-held. Consumed on first use.
Well-known ops: AUDIT_CLEAR, LOG_SET_SILENT, VAULT_RESET, QUARANTINE.
Dual-gate with requireAdmin() for sensitive operations.
Issued by daCapability.js v2. The kernel's trust primitive.
SHA-256 hash chain with evidence grading.
Checkpoints every 200 entries or 30s to server for signing.
Server-signed receipts for cross-session correlation.
Grade system: EVIDENCE_GRADE | UNTRUSTED_EVIDENCE | BROKEN.
FNV-1a fallback taints entire chain as UNTRUSTED. Flags via daMind.
Captures native fetch, XHR, WebSocket, EventSource, sendBeacon at boot.
Replaces with policy-enforcing wrappers validated via daURLValidator.
IPv6 link-local/multicast blocking. IPv4 integer/octal/hex normalization.
Protocol-relative and credential-bearing URLs hard-blocked.
SRI mandatory in production. Cross-origin scripts without integrity rejected.
Trust is not assumed. Trust is computed, verified, and recorded.