Same-origin runtime
The app, pinned JavaScript packages, and OpenCascade WebAssembly are served as static assets from one origin.
Security model
DatumRelay reduces unnecessary file movement and makes evidence traceable. It does not provide authentication, tenant isolation, cryptographic approval, or a remote audit system.
These are implementation controls, not a certification or guarantee against hostile input.
The app, pinned JavaScript packages, and OpenCascade WebAssembly are served as static assets from one origin.
Deployment headers restrict scripts, workers, connections, framing, browser permissions, referrers, and MIME sniffing.
The npm lockfile records exact versions and integrity metadata for reproducible installs.
File size, aggregate size, triangle, vertex, profile, challenge, and filename bounds reduce accidental resource exhaustion.
SHA-256 binds a result to exact artifact bytes and canonical decision content so later changes can be detected.
Unsupported domains remain not covered instead of being silently represented as passed.
A secure operating process must account for each of these boundaries.
There is no authentication, authorization, role separation, tenant isolation, administrative control, or remote audit log.
Passport structure and evidence metadata can be checked, but the beta does not verify the issuing organization or a digital signature.
A SHA-256 value can expose changed bytes. It does not establish authorship, authenticity, approval, or non-repudiation.
A ZIP may contain original CAD, drawing, and inspection artifacts. Treat it as a controlled engineering record.
Same-origin scripts, extensions, malware, people using an unlocked profile, and endpoint tooling may access local or in-memory data.
Complex or hostile native/WebAssembly inputs can consume substantial CPU or memory even below declared refusal limits.
No public security-reporting address or response-time commitment is published yet. Contracted pilots must use the private route in their pilot agreement. Otherwise, do not publish exploit details or engineering artifacts; ask the project owner for a private contact through the channel that provided this beta.
Use DatumRelay as a bounded preflight alongside required engineering and supplier approvals.