Dan Connolly

Actually, I was just having second thoughts; the most recent xsnap work is in agoric-sdk, so it seems likely to land there, unless / until we move it (#681 )....

> avoid abbreviation in the public names exported by this package, like makeCommand over makeCmd yes, dictionary words are good.

> > DRAFT until > > This PR looks like it still addresses an important need. :) > What are our expectations for this PR? I'd like it to land...

> at the platform level there is another important security model implemented on top of the binder infrastructure. This is the permission/uid-based system, where services can check the uid of...

It seems that in cases such as Activities, Binder stuff is used to implement capability security. But for app permissions, not so much. An LLM summarized it this way: ---...

@kriskowal @michaelfig PTAL. trial deployment: https://jessie-blockly1.netlify.app/ The test suite includes the bulk of the examples from - [Intro to Hardened JavaScript](https://gist.githubusercontent.com/dckc/88670346a52ae4e6e693fdfa2f5cfd14/raw/131d45d0dda7fc06fbe91c0e2baa9a76ac6ce448/hardened-js-intro.md) `makeCounter` is working but for an indentation quirk:

I just ran into this again when exploring `endoScript` in a fresh project: ``` $ LOCKDOWN_OPTIONS='{"errorTaming":"unsafe","stackFiltering":"verbose"}' node src/core-eval-gen.js src/hello.contract.js '@endo/lockdown' sniffed and found a 'LOCKDOWN_OPTIONS' environment variable writing entry dist/hello.deploy.mjs...

I'm running into this again in a PR review. `@endo/marshal` was added to `package.json`; the yarn.lock changes have a bunch of additions such as `@endo/pass-style`, which make sense, but then...