termgrid-core 1.5.5

Deterministic terminal grid state engine with invariant enforcement and backend decoupling.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

# Security Policy

termgrid-core is a deterministic state engine for grid-based rendering.
It does not execute untrusted code, interpret escape sequences, or perform
network I/O. However, misuse or adversarial inputs may still create risk
conditions. This document outlines those boundaries clearly.

---

## Threat Model

termgrid-core:

- Does not parse ANSI/VT escape streams
- Does not evaluate scripts
- Does not perform font shaping
- Does not normalize Unicode input
- Does not perform bidirectional reordering

It operates purely on structured `RenderOp` inputs.

Security exposure therefore exists primarily in:

- Extremely large inputs
- Pathological Unicode sequences
- Adversarial replay logs
- Backend misuse

---

## Unicode Abuse Considerations

The engine treats grapheme clusters atomically. However:

- Combining mark chains are not artificially length-limited.
- Extremely long grapheme clusters may increase processing cost.
- Width behavior is version-pinned and deterministic.

Applications embedding termgrid-core should:

- Impose input size limits
- Consider upstream normalization policies
- Validate untrusted replay logs before execution

---

## Resource Exhaustion

Worst-case per-frame complexity is O(total_cells).
Damage escalation prevents unbounded rectangle growth.

However, callers remain responsible for:

- Limiting grid dimensions
- Limiting replay size
- Controlling animation frame rate

termgrid-core does not internally rate-limit or sandbox execution.

---

## Serialization Integrity

The wire format is canonical and deterministic.

If byte-level integrity is required:

- Do not reserialize using non-canonical encoders
- Validate version field before replay
- Consider hashing serialized frames for audit trails

---

## Backend Responsibility

Backends are responsible for:

- Correct terminal reset semantics
- Avoiding escape injection vulnerabilities
- Sanitizing output channels if required

termgrid-core guarantees structural correctness of the grid state.
It does not guarantee backend safety.

---

## Reporting Vulnerabilities

If a deterministic invariant can be violated or state corruption
can be induced through valid API usage, it is considered a defect.

Please report issues with:

- Minimal reproducible example
- Grid dimensions
- Unicode content used
- Expected vs actual behavior

Security-sensitive reports may be submitted privately before disclosure.

---

## Explicit Non-Goals

termgrid-core is not:

- A sandbox
- A VT emulator
- A security boundary
- A privilege isolation layer

It is a deterministic rendering engine.

Consumers must provide appropriate containment where required.