Skip to content

Add SECURITY.md#1

Open
shivamsn97 wants to merge 2 commits into
mainfrom
launch-hardening
Open

Add SECURITY.md#1
shivamsn97 wants to merge 2 commits into
mainfrom
launch-hardening

Conversation

@shivamsn97

Copy link
Copy Markdown
Member

Adds a private vulnerability-disclosure path (GitHub advisory + security@pyxle.dev) for the benchmark suite, and directs framework vulnerabilities to the pyxle repo.

Two Pyxle-only subsystem runners that measure an internal rather than comparing
frameworks, so they spawn their own `pyxle serve` to control its configuration
across runs (shared spawn/health-check/teardown in server-control.mjs):

- pool-scaling-ab.mjs: sweeps `--ssr-workers` (holding `--workers 1`) and
  reports the 1→N scale factor per SSR page. Same-box + relative by
  construction; recommends oha so the load generator isn't the ceiling that
  masks scaling.
- cache-hitmiss.mjs: HIT (warm /cached) vs MISS (query-bypass, or a
  PYXLE_PAGE_CACHE_BACKEND=off server) latency on the new cacheable /cached
  route. Each pass is x-pyxle-cache header-verified before it counts.

Both follow the existing runner conventions (loadgen/stats, warmup, reps,
median, the INVALID-cell gate, oha/autocannon rules, result JSON + meta with an
honest `publishable` flag). Adds frameworks/pyxle-ssr/pages/cached.pyxl (a
300-row table behind a {"data", "revalidate"} cache envelope), npm script
entries, and README docs. Smoke-tested end-to-end: cache HIT ~32× the
throughput of a cold render.
A private vulnerability-disclosure path (GitHub advisory + security@pyxle.dev)
for the benchmark suite; framework issues are directed to the pyxle repo.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant