overview
QUESTIONS ANSWERED
Big-picture explanations, quick reference material, and definitive orientation docs.
Context Rail
Tags and Themes
On This Page
Questions Answered (Code-Synced)
This document answers common security questions using current implementation behavior.
1. Is anti-debugging implemented?
Yes.
- Platform-specific detection exists in security package.
- Runner enforces checks at pre-decode and pre-execution stages.
- Response is policy-driven (warn, delay, terminate).
2. Is process injection detection implemented?
Yes, as part of anti-tamper process-protection probes.
- Probe execution requires runtime setting=1.
- Runner enforcement path is additionally controlled by runtime setting.
- High-confidence signals (detected=true and confidence >= 80) trigger process_protection_detected policy flow.
Remote scan status:
- Remote scan manager integration exists behind runtime setting.
- Mode gate is runtime setting=off|observe|enforce.
- Current windows scanner is scaffolding-safe no-op, so integration is present while detector depth is still partial.
See:
3. Is polymorphic bytecode fully active?
Partially.
- Engine integration and marker/tagging are active.
- Mutation controls and seed controls are wired through compile paths.
- Advanced transforms are currently gated in configuration for safety.
See:
4. Does secure mode always enforce trusted signer pinning?
Not always.
- Secure mode is the default runtime posture.
- Trusted signer verification runs when
--signer-authis enabled. - Without
--signer-auth, secure mode keeps runtime hardening gates but does not run signer pinning verification. - Trusted key source is runtime setting (with local bootstrap fallback if unset).
5. Is memory security implemented?
Partially.
- VM runtime path uses object encryption/decryption in storage/use flow.
- Additional secure wrappers exist for SecureGlobal, SecureStack, and SecureConstantPool.
- Wrapper-first runtime path is not the default VM storage path today.
6. Which docs should students read first?
7. What changed from older docs?
- Removed stale claims about unsupported CLI flags and unfinished integrations.
- Clarified gate semantics for anti-tamper probes.
- Clarified current polymorphic and memory-security status.
- Clarified signer-auth semantics and remote scan integration depth.