# C++ Execution Security

The `cpp-on-the-web` import is preserved as an infrastructure prototype. It must not expose public arbitrary C++ execution through GitHub Pages.

## Why not public arbitrary execution?

Compiling and running arbitrary user C++ can allow filesystem access, CPU and memory exhaustion, network abuse, process spawning, data exfiltration, or escape attempts against the host. A static site cannot safely provide the isolation, quotas, audit logs, and cleanup required for this.

## Safer paths

- local-only execution for trusted study examples;
- fixed precompiled demos;
- Emscripten builds for selected known programs;
- Docker or microVM sandboxes with strict CPU, memory, network, and filesystem limits;
- short-lived execution workers with logging and abuse controls.

Any future hosted runner needs a threat model before implementation.
