Execution Safety
Stave never executes user-supplied code. This document enumerates the guarantees.
AirGap Policy Source of Truth
All air-gapped runtime restrictions are centralized in one file:
This file defines:
- Proxy environment variables blocked by
--require-offline - Runtime-banned imports and explicit allowlisted exceptions
- Credential environment variables that runtime code must never read
Both runtime checks and CI safety tests consume this policy so restrictions are traceable and drift-resistant.
No subprocess execution
The runtime stave binary does not import os/exec and never spawns child processes. All evaluation, extraction, and output generation happens in-process.
Terminal recording generation is owned by the sibling publisher workspace (../publisher/generate-recordings.sh) and is not part of the Stave runtime or release artifact.
No plugins
The plugin standard library package is not imported anywhere in the runtime codebase. Stave has no plugin loading mechanism.
Restricted template execution
html/template is banned in runtime code.
text/template is banned in runtime code. Custom output formatting uses a restricted renderer (internal/cli/ui/template.go) that supports only field access, range, and json — not the full text/template API. Enforcement artifacts (Terraform HCL, SCP JSON) are still generated by direct string formatting and struct marshaling.
No interpreters or embedded runtimes
Stave does not embed scripting engines, Lua, WASM runtimes, or any other code execution environment.
No reflection-based dispatch
Stave does not use reflect for dynamic dispatch or method invocation. Type assertions are used only for JSON value handling in predicate evaluation.
Controls are a closed DSL
Control files are data (YAML), not code. They are:
- Schema-validated against
ctrl.v1before evaluation - Restricted to a fixed set of predicate operators (see Evaluation Semantics)
- Combined only via
any(OR) andall(AND) logic - Not extensible — no custom functions, no user-defined operators, no hooks
The operator set is defined in internal/core/predicate/operators.go and tested against drift.
Enforcement artifacts are templates, not executables
The enforce command generates remediation templates (Terraform HCL, AWS SCP JSON). Stave writes these files but never executes them. Users must review and apply artifacts through their own deployment pipeline.
Banned imports summary
The following packages are not imported by the runtime binary (cmd/stave):
| Package | Reason banned |
|---|---|
os/exec | No subprocess execution |
plugin | No plugin loading |
text/template | No template execution |
html/template | No template execution |
unsafe | No unsafe memory operations |
net/http | No network I/O |
net/rpc | No network I/O |
crypto/tls | No TLS connections |
This is enforced by a CI test (TestNoBannedImportsInRuntime in internal/core/).
Schema identifiers use urn:stave:schema: (not HTTP URLs) to avoid false positives. This is enforced by TestNoHTTPSchemaIdentifiers.