LSP EXTENSION ONBOARDING 60 MIN
Editor integration, implementation workflow, and operational runbooks.
mutant lsp vs code extension onboarding in 60 minutes last updated 2026-07-10 this guide is a practical first-hour path for a junior engineer to understand run debug and safely modify mut...
Tooling Audience: integrator Score: 64.195 Term: lspTerm: extensionTerm: onboardingTerm: 60Term: min
LSP EXTENSION LLD
Editor integration, implementation workflow, and operational runbooks.
mutant lsp vs code extension low-level design lld this is the implementation-level developer guide for the mutant language tooling stack audience - junior or new engineers who need to und...
Tooling Audience: integrator Score: 25.26 Term: lspTerm: extensionTerm: onboardingTerm: 60Term: min
SECURITY RUNBOOK
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
...mmand_failed 3 key controls 3 1 policy controls 1 runtime setting warn delay terminate 2 runtime setting delay duration 0 5000 3 runtime setting minimal standard paranoid 4 --signer-auth enables trusted signer verification in secure mode 3 2 probe controls 1 r...
Security Audience: security-analyst Score: 7.724 Term: min
WHAT IS MUTANT
Big-picture explanations, quick reference material, and definitive orientation docs.
what is mutant mutant is a programming language built for practical security work forensic automation and cross-platform analysis tooling it is not just a scripting language with a few security helpers bolted on th...
Overview Audience: all Score: 4.238 Term: min
SANDBOX FEATURE SUMMARY
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
...test go - unit tests for all three main functions - benchmark suite showing 400-600 s per detection - validates confidence ranges documentation sandbox_detection md - comprehensive api reference - detection techniques by platform - security best practices - in...
Security Audience: security-analyst Score: 2.247 Term: 60Term: min
MUTANT LANGUAGE REFERENCE
Canonical policies, reference sheets, migration matrices, and source-of-truth documentation.
...sts path - returns whether a file or directory exists - fs_extract_strings path minlen - extracts printable strings from a file - fs_hash path - computes hash digests for a file - fs_list path - lists directory entries for a path - fs_magic path - infers file ...
Reference Audience: language-user Score: 2.036 Term: extensionTerm: min
SANDBOX COMPLETE SUMMARY
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
...p-based detection - runtime configuration setting scanning 4 sandbox_darwin go 360 lines - macos virtualization detection parallels vmware fusion virtualbox utm - container detection colima - macos app sandbox detection - sysctl and file system introspection 5...
Security Audience: security-analyst Score: 1.849 Term: extensionTerm: 60
SECURITY LLD
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
... is enforced only when --signer-auth is enabled - default tamper response is terminate - if trusted key env is not set runtime bootstraps a local persistent keypair and uses the local public key as trusted key for signer-auth verification 2 compatibility mode ...
Security Audience: security-analyst Score: 1.574 Term: 60Term: min
FINAL SUMMARY
Big-picture explanations, quick reference material, and definitive orientation docs.
...mode signer-auth trusted-key path 2 policy-driven tamper response warn delay terminate 3 protection profile defaults minimal standard paranoid 4 anti-debug and sandbox enforcement at pre-decode and pre-execution 5 anti-tamper probe framework with confidence si...
Overview Audience: all Score: 0.919 Term: min
QUICK REFERENCE
Canonical policies, reference sheets, migration matrices, and source-of-truth documentation.
...l verdicts protection profiles set runtime setting to control default posture - minimal - defaults tamper response to warn - defaults risky builtin groups to allow-all unless explicitly constrained - standard - default when unset or invalid - keeps secure mode...
Reference Audience: language-user Score: 0.844 Term: min
SECURITY ANSWERS
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
...rate version of mutant security behavior 1 is encryption password-based or deterministic both are supported 1 if password is provided -password or -pwd password-based kdf path is used 2 if password is omitted deterministic mode is used in both modes runtime de...
Security Audience: security-analyst Score: 0.792 Term: min
WASM REPL REFERENCE
Canonical policies, reference sheets, migration matrices, and source-of-truth documentation.
...devices use process exec builtins process__ cmd__ exec_string replace with deterministic in-memory workflows and explicit js integration points no shell process table access in wasm browser runtime use net__ http__ directly from mutant perform network fetches ...
Reference Audience: language-user Score: 0.764 Term: min
SECURITY ENHANCEMENTS
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
...erification with trusted-key secure path 2 tamper response policy warn delay terminate 3 protection profiles minimal standard paranoid 4 anti-debug checks in runner pre-decode and pre-execution 5 sandbox checks in runner pre-decode and pre-execution 6 anti-tam...
Security Audience: security-analyst Score: 0.732 Term: min
PROCESS INJECTION DETECTION LLD
Tamper resistance, sandboxing, remote scan policy, and security deep dives.
... - enumerate process ids and metadata 2 accesscontroller - acquire handles with minimal rights - escalate rights only for deeper checks 3 remoteinspector - module map checks - memory region checks via virtualqueryex - thread start address checks 4 signalcorrel...
Security Audience: security-analyst Score: 0.447 Term: extensionTerm: min