Security model
M8Shift reduces accidental agent conflicts. It is not a sandbox.
Boundary first
M8Shift coordinates cooperative ownership. Filesystem access, branch rules, secrets, provider accounts, and tool permissions remain enforced by the host environment.
Defense layers
Strict parsingJournal fields are parsed and framed so handoffs remain inspectable instead of free-form hidden state.Ownership tokenThe lock block records the holder, state, turn, TTL, and roster before mutations happen.Exclusive penAn inter-process lock serializes every M8Shift mutation and keeps the shared tree degree-1.Host permissionsReal enforcement belongs to the OS, IDE, repository, branch protection, and agent host.ValidationInput/state checks are hard guardrails; contract validation is read-only reporting.Threat modelReview assets, trust boundaries, expected attackers, and mitigations in one place.Audits & frameworksHow M8Shift maps to OWASP, MITRE ATLAS, NIST, CISA, ANSSI and IBM — and what is N/A by design.
Permission vocabulary
AdvisoryRecorded expectation only. Useful for agents and humans, but not a real access boundary.Host-enforcedImplemented outside M8Shift by filesystem, repository, IDE, OS, or provider controls.MixedPart advisory and part enforced. Each capability must state which layer actually applies it.
Documentation rule
The site must never describe advisory metadata as a true security boundary. When in doubt, say which host layer enforces the rule.