@metamask/snaps-execution-environments 0.31.0 → 0.32.0

package/dist/{webpack → browserify}/iframe/index.html

@@ -1,31 +1,122 @@
-<!DOCTYPE html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title>MetaMask Snaps Execution Environment</title>
-  <meta name="viewport" content="width=device-width, initial-scale=1"></head>
-  <body>
-  <script>/******/ (() => { // webpackBootstrap
-/******/ 	"use strict";
-/******/ 	// The require scope
-/******/ 	var __webpack_require__ = {};
-/******/ 	
-/************************************************************************/
-/******/ 	/* webpack/runtime/make namespace object */
-/******/ 	(() => {
-/******/ 		// define __esModule on exports
-/******/ 		__webpack_require__.r = (exports) => {
-/******/ 			if(typeof Symbol !== 'undefined' && Symbol.toStringTag) {
-/******/ 				Object.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });
-/******/ 			}
-/******/ 			Object.defineProperty(exports, '__esModule', { value: true });
-/******/ 		};
-/******/ 	})();
-/******/ 	
-/************************************************************************/
-var __webpack_exports__ = {};
-__webpack_require__.r(__webpack_exports__);
 
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <meta charset="utf-8" />
+          <title>MetaMask Snaps Iframe Execution Environment</title>
+          <script>;(function() {
+  // this runtime template code is destined to wrap LavaMoat entirely,
+  // therefore this is our way of capturing access to basic APIs LavaMoat
+  // uses to still be accessible only to LavaMoat after scuttling occurs
+  const {
+    RegExp,
+    Reflect,
+    Object,
+    Error,
+    Array,
+    Set,
+    Math,
+    Date,
+    console,
+  } = globalThis
+
+  const moduleRegistry = new Map()
+  const lavamoatPolicy = { resources: {} }
+  const debugMode = false
+  const statsMode = false
+
+  // initialize the kernel
+  const reportStatsHook = statsMode ? (function makeInitStatsHook ({ onStatsReady }) {
+  let statModuleStack = []
+  return reportStatsHook
+
+  function reportStatsHook (event, moduleId) {
+    if (event === 'start') {
+      // record start
+      const startTime = Date.now()
+      // console.log(`loaded module ${moduleId}`)
+      const statRecord = {
+        'name': moduleId,
+        'value': null,
+        'children': [],
+        'startTime': startTime,
+        'endTime': null,
+      }
+      // add as child to current
+      if (statModuleStack.length > 0) {
+        const currentStat = statModuleStack[statModuleStack.length - 1]
+        currentStat.children.push(statRecord)
+      }
+      // set as current
+      statModuleStack.push(statRecord)
+    } else if (event === 'end') {
+      const endTime = Date.now()
+      const currentStat = statModuleStack[statModuleStack.length - 1]
+      // sanity check, should only get an end for the current top of stack
+      if (currentStat.name !== moduleId) {
+        console.error(`stats hook misaligned "${currentStat.name}", "${moduleId}" ${statModuleStack.map(e => e.name).join()}`)
+      }
+      currentStat.endTime = endTime
+      const startTime = currentStat.startTime
+      const duration = endTime - startTime
+      currentStat.value = duration
+      // console.log(`loaded module ${moduleId} in ${duration}ms`)
+      // check if totally done
+      if (statModuleStack.length === 1) {
+        currentStat.version = 1
+        onStatsReady(currentStat)
+      }
+      statModuleStack.pop()
+    }
+  }
+
+})({ onStatsReady }) : () => {}
+  const createKernel = // LavaMoat Prelude
+(function () {
+  return createKernel
+
+  function createKernel ({
+    lavamoatConfig,
+    loadModuleData,
+    getRelativeModuleId,
+    prepareModuleInitializerArgs,
+    getExternalCompartment,
+    globalThisRefs,
+    runWithPrecompiledModules,
+    reportStatsHook,
+  }) {
+    // debug options are hard-coded at build time
+    const {
+      debugMode,
+    } = {"debugMode":false}
+    // security options are hard-coded at build time
+    const {
+      scuttleGlobalThis,
+      scuttleGlobalThisExceptions,
+    } = {"scuttleGlobalThis":true,"scuttleGlobalThisExceptions":["postMessage","removeEventListener"]}
+
+    // identify the globalRef
+    const globalRef = (typeof globalThis !== 'undefined') ? globalThis : (typeof self !== 'undefined') ? self : (typeof global !== 'undefined') ? global : undefined
+    if (!globalRef) {
+      throw new Error('Lavamoat - unable to identify globalRef')
+    }
+
+    // polyfill globalThis
+    if (globalRef && !globalRef.globalThis) {
+      globalRef.globalThis = globalRef
+    }
+
+    // create the SES rootRealm
+    // "templateRequire" calls are inlined in "generateKernel"
+    // load-bearing semi-colon, do not remove
+    ;// define ses
+(function(){
+  const global = globalRef
+  const exports = {}
+  const module = { exports }
+  ;(function(){
+// START of injected code from ses
+'use strict';
 (() => {
   const functors = [
 // === functors[0] ===
@@ -594,7 +685,7 @@ freeze(bestEffortStringify);
  */
 
 /**
- * @typedef {object} AssertMakeErrorOptions
+ * @typedef {Object} AssertMakeErrorOptions
  * @property {string=} errorName
  */
 
@@ -641,65 +732,51 @@ freeze(bestEffortStringify);
  */
 
 // Type all the overloads of the assertTypeof function.
-// There may eventually be a better way to do this, but
-// thems the breaks with Typescript 4.0.
+// There may eventually be a better way to do this, but they break with
+// Typescript 4.0.
 /**
  * @callback AssertTypeofBigint
  * @param {any} specimen
  * @param {'bigint'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is bigint}
- */
-
-/**
+ *
  * @callback AssertTypeofBoolean
  * @param {any} specimen
  * @param {'boolean'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is boolean}
- */
-
-/**
+ *
  * @callback AssertTypeofFunction
  * @param {any} specimen
  * @param {'function'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is Function}
- */
-
-/**
+ *
  * @callback AssertTypeofNumber
  * @param {any} specimen
  * @param {'number'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is number}
- */
-
-/**
+ *
  * @callback AssertTypeofObject
  * @param {any} specimen
  * @param {'object'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is Record<any, any> | null}
- */
-
-/**
+ *
  * @callback AssertTypeofString
  * @param {any} specimen
  * @param {'string'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is string}
- */
-
-/**
+ *
  * @callback AssertTypeofSymbol
  * @param {any} specimen
  * @param {'symbol'} typename
  * @param {Details=} optDetails
  * @returns {asserts specimen is symbol}
- */
-
-/**
+ *
  * @callback AssertTypeofUndefined
  * @param {any} specimen
  * @param {'undefined'} typename
@@ -753,7 +830,7 @@ freeze(bestEffortStringify);
  */
 
 /**
- * @typedef {object} StringablePayload
+ * @typedef {Object} StringablePayload
  * Holds the payload passed to quote so that its printed form is visible.
  * @property {() => string} toString How to print the payload
  */
@@ -2420,8 +2497,10 @@ const        makeSafeEvaluator=  ({
 
 
 const        provideCompartmentEvaluator=  (compartmentFields, options)=>  {
-  const { sloppyGlobalsMode=  false, __moduleShimLexicals__=  undefined}=
-    options;
+  const {
+    sloppyGlobalsMode=  false,
+    __moduleShimLexicals__=  undefined}=
+      options;
 
   let safeEvaluate;
 
@@ -4214,7 +4293,7 @@ $h‍_once.makeAlias(makeAlias);const resolveAll=(imports,resolveHook,fullReferr
   return freeze(resolvedImports);
  };
 
-const loadRecord=  (
+const loadRecord=  async(
   compartmentPrivateFields,
   moduleAliases,
   compartment,
@@ -4335,64 +4414,27 @@ const loadWithoutErrorAnnotation=  async(
       } in compartment ${q(compartment.name)}`;
    }
 
-  // check if record is a RedirectStaticModuleInterface
-  if( staticModuleRecord.specifier!==  undefined) {
-    // check if this redirect with an explicit record
-    if( staticModuleRecord.record!==  undefined) {
-      // ensure expected record shape
-      if( staticModuleRecord.compartment!==  undefined) {
-        throw new TypeError(
-          'Cannot redirect to an explicit record with a specified compartment');
-
-       }
-      const {
-        compartment: aliasCompartment=  compartment,
-        specifier: aliasSpecifier=  moduleSpecifier,
-        record: aliasModuleRecord,
-        importMeta}=
-          staticModuleRecord;
-
-      const aliasRecord=  loadRecord(
-        compartmentPrivateFields,
-        moduleAliases,
-        aliasCompartment,
-        aliasSpecifier,
-        aliasModuleRecord,
-        pendingJobs,
-        moduleLoads,
-        errors,
-        importMeta);
-
-      mapSet(moduleRecords, moduleSpecifier, aliasRecord);
-      return aliasRecord;
-     }
-
-    // check if this redirect with an explicit compartment
-    if( staticModuleRecord.compartment!==  undefined) {
-      // ensure expected record shape
-      if( staticModuleRecord.importMeta!==  undefined) {
-        throw new TypeError(
-          'Cannot redirect to an implicit record with a specified importMeta');
-
-       }
-      // Behold: recursion.
-      // eslint-disable-next-line no-use-before-define
-      const aliasRecord=  await memoizedLoadWithErrorAnnotation(
-        compartmentPrivateFields,
-        moduleAliases,
-        staticModuleRecord.compartment,
-        staticModuleRecord.specifier,
-        pendingJobs,
-        moduleLoads,
-        errors);
-
-      mapSet(moduleRecords, moduleSpecifier, aliasRecord);
-      return aliasRecord;
-     }
+  if( staticModuleRecord.record!==  undefined) {
+    const {
+      compartment: aliasCompartment=  compartment,
+      specifier: aliasSpecifier=  moduleSpecifier,
+      record: aliasModuleRecord,
+      importMeta}=
+        staticModuleRecord;
 
-    throw new TypeError(
-      'Unnexpected RedirectStaticModuleInterface record shape');
+    const aliasRecord=  await loadRecord(
+      compartmentPrivateFields,
+      moduleAliases,
+      aliasCompartment,
+      aliasSpecifier,
+      aliasModuleRecord,
+      pendingJobs,
+      moduleLoads,
+      errors,
+      importMeta);
 
+    mapSet(moduleRecords, moduleSpecifier, aliasRecord);
+    return aliasRecord;
    }
 
   return loadRecord(
@@ -4835,7 +4877,6 @@ $h‍_once.makeThirdPartyModuleInstance(makeThirdPartyModuleInstance);const make
     __syncModuleProgram__: functorSource,
     __fixedExportMap__: fixedExportMap=  {},
     __liveExportMap__: liveExportMap=  {},
-    __reexportMap__: reexportMap=  {},
     __needsImportMeta__: needsImportMeta=  false}=
       staticModuleRecord;
 
@@ -5089,35 +5130,26 @@ $h‍_once.makeThirdPartyModuleInstance(makeThirdPartyModuleInstance);const make
        }
       if( arrayIncludes(exportAlls, specifier)) {
         // Make all these imports candidates.
-        // Note names don't change in reexporting all
-        for( const [importAndExportName, importNotify]of  entries(
-          importNotifiers))
-           {
-          if( candidateAll[importAndExportName]===  undefined) {
-            candidateAll[importAndExportName]=  importNotify;
+        for( const [importName, importNotify]of  entries(importNotifiers)) {
+          if( candidateAll[importName]===  undefined) {
+            candidateAll[importName]=  importNotify;
            }else {
             // Already a candidate: remove ambiguity.
-            candidateAll[importAndExportName]=  false;
+            candidateAll[importName]=  false;
            }
          }
        }
-      if( reexportMap[specifier]) {
-        // Make named reexports candidates too.
-        for( const [localName, exportedName]of  reexportMap[specifier]) {
-          candidateAll[exportedName]=  importNotifiers[localName];
-         }
-       }
      }
 
-    for( const [exportName, notify]of  entries(candidateAll)) {
-      if( !notifiers[exportName]&&  notify!==  false) {
-        notifiers[exportName]=  notify;
+    for( const [importName, notify]of  entries(candidateAll)) {
+      if( !notifiers[importName]&&  notify!==  false) {
+        notifiers[importName]=  notify;
 
         // exported live binding state
         let value;
         const update=  (newValue)=> value=  newValue;
         notify(update);
-        exportsProps[exportName]=  {
+        exportsProps[importName]=  {
           get() {
             return value;
            },
@@ -5309,8 +5341,12 @@ const        instantiate=  (
   moduleAliases,
   moduleRecord)=>
      {
-  const { compartment, moduleSpecifier, resolvedImports, staticModuleRecord}=
-    moduleRecord;
+  const {
+    compartment,
+    moduleSpecifier,
+    resolvedImports,
+    staticModuleRecord}=
+      moduleRecord;
   const { instances}=   weakmapGet(compartmentPrivateFields, compartment);
 
   // Memoize.
@@ -6563,8 +6599,12 @@ freeze(ErrorInfo);
 
 /** @type {MakeCausalConsole} */
 const makeCausalConsole=  (baseConsole, loggedErrorHandler)=>  {
-  const { getStackString, tagError, takeMessageLogArgs, takeNoteLogArgsArray}=
-    loggedErrorHandler;
+  const {
+    getStackString,
+    tagError,
+    takeMessageLogArgs,
+    takeNoteLogArgsArray}=
+      loggedErrorHandler;
 
   /**
    * @param {ReadonlyArray<any>} logArgs
@@ -7678,10 +7718,8 @@ const        getAnonymousIntrinsics=  ()=>  {
 
   // 9.2.4.1 %ThrowTypeError%
 
-  const ThrowTypeError=  getOwnPropertyDescriptor(
-    makeArguments(),
-    'callee').
-    get;
+  const ThrowTypeError=  getOwnPropertyDescriptor(makeArguments(), 'callee').
+     get;
 
   // 21.1.5.2 The %StringIteratorPrototype% Object
 
@@ -8183,8 +8221,7 @@ function        tameDomains(domainTaming=  'safe') {
 })
 ,
 // === functors[36] ===
-(({   imports: $h‍_imports,   liveVar: $h‍_live,   onceVar: $h‍_once,   importMeta: $h‍____meta,  }) => {   let FERAL_FUNCTION,SyntaxError,TypeError,defineProperties,getPrototypeOf,setPrototypeOf,freeze;$h‍_imports([["./commons.js", [["FERAL_FUNCTION", [$h‍_a => (FERAL_FUNCTION = $h‍_a)]],["SyntaxError", [$h‍_a => (SyntaxError = $h‍_a)]],["TypeError", [$h‍_a => (TypeError = $h‍_a)]],["defineProperties", [$h‍_a => (defineProperties = $h‍_a)]],["getPrototypeOf", [$h‍_a => (getPrototypeOf = $h‍_a)]],["setPrototypeOf", [$h‍_a => (setPrototypeOf = $h‍_a)]],["freeze", [$h‍_a => (freeze = $h‍_a)]]]]]);   
-
+(({   imports: $h‍_imports,   liveVar: $h‍_live,   onceVar: $h‍_once,   importMeta: $h‍____meta,  }) => {   let FERAL_FUNCTION,SyntaxError,TypeError,defineProperties,getPrototypeOf,setPrototypeOf;$h‍_imports([["./commons.js", [["FERAL_FUNCTION", [$h‍_a => (FERAL_FUNCTION = $h‍_a)]],["SyntaxError", [$h‍_a => (SyntaxError = $h‍_a)]],["TypeError", [$h‍_a => (TypeError = $h‍_a)]],["defineProperties", [$h‍_a => (defineProperties = $h‍_a)]],["getPrototypeOf", [$h‍_a => (getPrototypeOf = $h‍_a)]],["setPrototypeOf", [$h‍_a => (setPrototypeOf = $h‍_a)]]]]]);   
 
 
 
@@ -8235,7 +8272,7 @@ function                tameFunctionConstructors() {
     FERAL_FUNCTION.prototype.constructor('return 1');
    }catch( ignore) {
     // Throws, no need to patch.
-    return freeze({});
+    return harden({});
    }
 
   const newIntrinsics=  {};
@@ -8268,7 +8305,7 @@ function                tameFunctionConstructors() {
     // Prevents the evaluation of source when calling constructor on the
     // prototype of functions.
     // eslint-disable-next-line func-names
-    const InertConstructor=  function()  {
+    const InertConstructor=  function() {
       throw new TypeError(
         'Function.prototype.constructor is not a valid constructor.');
 
@@ -8474,8 +8511,9 @@ function                tameMathObject(mathTaming=  'safe') {
   const originalMath=  Math;
   const initialMath=  originalMath; // to follow the naming pattern
 
-  const { random: _, ...otherDescriptors}=
-    getOwnPropertyDescriptors(originalMath);
+  const { random: _, ...otherDescriptors}=   getOwnPropertyDescriptors(
+    originalMath);
+
 
   const sharedMath=  create(objectPrototype, otherDescriptors);
 
@@ -9010,8 +9048,10 @@ const        repairIntrinsics=  (options=  {})=>  {
   // [`stackFiltering` options](https://github.com/Agoric/SES-shim/blob/master/packages/ses/lockdown-options.md#stackfiltering-options)
   // for an explanation.
 
-  const { getEnvironmentOption: getenv, getCapturedEnvironmentOptionNames}=
-    makeEnvironmentCaptor(globalThis);
+  const {
+    getEnvironmentOption: getenv,
+    getCapturedEnvironmentOptionNames}=
+      makeEnvironmentCaptor(globalThis);
 
   const {
     errorTaming=  getenv('LOCKDOWN_ERROR_TAMING', 'safe'),
@@ -9117,8 +9157,11 @@ const        repairIntrinsics=  (options=  {})=>  {
 
   tameDomains(domainTaming);
 
-  const { addIntrinsics, completePrototypes, finalIntrinsics}=
-    makeIntrinsicsCollector();
+  const {
+    addIntrinsics,
+    completePrototypes,
+    finalIntrinsics}=
+      makeIntrinsicsCollector();
 
   addIntrinsics({ harden});
 
@@ -9309,25 +9352,23 @@ assign(globalThis, {
 ,
 ]; // functors end
 
-  const cell = (name, value = undefined) => {
+  function cell(name, value = undefined) {
     const observers = [];
-    return Object.freeze({
-      get: Object.freeze(() => {
-        return value;
-      }),
-      set: Object.freeze((newValue) => {
-        value = newValue;
-        for (const observe of observers) {
-          observe(value);
-        }
-      }),
-      observe: Object.freeze((observe) => {
-        observers.push(observe);
+    function set(newValue) {
+      value = newValue;
+      for (const observe of observers) {
         observe(value);
-      }),
-      enumerable: true,
-    });
-  };
+      }
+    }
+    function get() {
+      return value;
+    }
+    function observe(observe) {
+      observers.push(observe);
+      observe(value);
+    }
+    return { get, set, observe, enumerable: true };
+  }
 
   const cells = [
     {
@@ -9632,24 +9673,23 @@ assign(globalThis, {
   ];
 
 
-  const namespaces = cells.map(cells => Object.freeze(Object.create(null, cells)));
+  const namespaces = cells.map(cells => Object.create(null, cells));
 
   for (let index = 0; index < namespaces.length; index += 1) {
     cells[index]['*'] = cell('*', namespaces[index]);
   }
 
-function observeImports(map, importName, importIndex) {
-  for (const [name, observers] of map.get(importName)) {
-    const cell = cells[importIndex][name];
-    if (cell === undefined) {
-      throw new ReferenceError(`Cannot import name ${name}`);
-    }
-    for (const observer of observers) {
-      cell.observe(observer);
+  function observeImports(map, importName, importIndex) {
+    for (const [name, observers] of map.get(importName)) {
+      const cell = cells[importIndex][name];
+      if (cell === undefined) {
+        throw new ReferenceError(`Cannot import name ${name}`);
+      }
+      for (const observer of observers) {
+        cell.observe(observer);
+      }
     }
   }
-}
-
 
   functors[0]({
     imports(entries) {
@@ -10422,6 +10462,1199 @@ function observeImports(map, importName, importIndex) {
   return cells[cells.length - 1]['*'].get();
 })();
 
-/******/ })()
-;</script><script src="bundle.js"></script></body>
-</html>
+// END of injected code from ses
+  })()
+  return module.exports
+})()
+
+    const lockdownOptions = {
+      // gives a semi-high resolution timer
+      dateTaming: 'unsafe',
+      // this is introduces non-determinism, but is otherwise safe
+      mathTaming: 'unsafe',
+      // lets code observe call stack, but easier debuggability
+      errorTaming: 'unsafe',
+      // shows the full call stack
+      stackFiltering: 'verbose',
+      // deep stacks
+      consoleTaming: 'unsafe',
+    }
+
+    lockdown(lockdownOptions)
+
+    // initialize the kernel
+    const createKernelCore = (function () {
+  'use strict'
+  return createKernelCore
+
+  function createKernelCore ({
+    // the platform api global
+    globalRef,
+    // package policy object
+    lavamoatConfig,
+    // kernel configuration
+    loadModuleData,
+    getRelativeModuleId,
+    prepareModuleInitializerArgs,
+    getExternalCompartment,
+    globalThisRefs,
+    // security options
+    scuttleGlobalThis,
+    scuttleGlobalThisExceptions,
+    debugMode,
+    runWithPrecompiledModules,
+    reportStatsHook,
+  }) {
+    // prepare the LavaMoat kernel-core factory
+    // factory is defined within a Compartment
+    // unless "runWithPrecompiledModules" is enabled
+    let makeKernelCore
+    if (runWithPrecompiledModules) {
+      makeKernelCore = unsafeMakeKernelCore
+    } else {
+      // endowments:
+      // - console is included for convenience
+      // - Math is for untamed Math.random
+      // - Date is for untamed Date.now
+      const kernelCompartment = new Compartment({ console, Math, Date })
+      makeKernelCore = kernelCompartment.evaluate(`(${unsafeMakeKernelCore})\n//# sourceURL=LavaMoat/core/kernel`)
+    }
+    const lavamoatKernel = makeKernelCore({
+      globalRef,
+      lavamoatConfig,
+      loadModuleData,
+      getRelativeModuleId,
+      prepareModuleInitializerArgs,
+      getExternalCompartment,
+      globalThisRefs,
+      scuttleGlobalThis,
+      scuttleGlobalThisExceptions,
+      debugMode,
+      runWithPrecompiledModules,
+      reportStatsHook,
+    })
+
+    return lavamoatKernel
+  }
+
+  // this is serialized and run in a SES Compartment when "runWithPrecompiledModules" is false
+  // mostly just exists to expose variables to internalRequire and loadBundle
+  function unsafeMakeKernelCore ({
+    globalRef,
+    lavamoatConfig,
+    loadModuleData,
+    getRelativeModuleId,
+    prepareModuleInitializerArgs,
+    getExternalCompartment,
+    globalThisRefs = ['globalThis'],
+    scuttleGlobalThis = false,
+    scuttleGlobalThisExceptions = [],
+    debugMode = false,
+    runWithPrecompiledModules = false,
+    reportStatsHook = () => {},
+  }) {
+    // "templateRequire" calls are inlined in "generateKernel"
+    const generalUtils = // define makeGeneralUtils
+(function(){
+  const global = globalRef
+  const exports = {}
+  const module = { exports }
+  ;(function(){
+// START of injected code from makeGeneralUtils
+module.exports = makeGeneralUtils
+
+function makeGeneralUtils () {
+  return {
+    createFunctionWrapper,
+  }
+
+  function createFunctionWrapper (sourceValue, unwrapTest, unwrapTo) {
+    const newValue = function (...args) {
+      if (new.target) {
+        // handle constructor calls
+        return Reflect.construct(sourceValue, args, new.target)
+      } else {
+        // handle function calls
+        // unwrap to target value if this value is the source package compartment's globalThis
+        const thisRef = unwrapTest(this) ? unwrapTo : this
+        return Reflect.apply(sourceValue, thisRef, args)
+      }
+    }
+    Object.defineProperties(newValue, Object.getOwnPropertyDescriptors(sourceValue))
+    return newValue
+  }
+}
+
+// END of injected code from makeGeneralUtils
+  })()
+  return module.exports
+})()()
+    const { getEndowmentsForConfig, makeMinimalViewOfRef, applyEndowmentPropDescTransforms } = // define makeGetEndowmentsForConfig
+(function(){
+  const global = globalRef
+  const exports = {}
+  const module = { exports }
+  ;(function(){
+// START of injected code from makeGetEndowmentsForConfig
+// the contents of this file will be copied into the prelude template
+// this module has been written so that it required directly or copied and added to the template with a small wrapper
+module.exports = makeGetEndowmentsForConfig
+
+// utilities for generating the endowments object based on a globalRef and a config
+
+// The config uses a period-deliminated path notation to pull out deep values from objects
+// These utilities help create an object populated with only the deep properties specified in the config
+
+function makeGetEndowmentsForConfig ({ createFunctionWrapper }) {
+  return {
+    getEndowmentsForConfig,
+    makeMinimalViewOfRef,
+    copyValueAtPath,
+    applyGetSetPropDescTransforms,
+    applyEndowmentPropDescTransforms,
+  }
+
+  /**
+   *
+   * @function getEndowmentsForConfig
+   * @param {object} sourceRef - Object from which to copy properties
+   * @param {object} config - LavaMoat package config
+   * @param {object} unwrapTo - For getters and setters, when the this-value is unwrapFrom, is replaced as unwrapTo
+   * @param {object} unwrapFrom - For getters and setters, the this-value to replace (default: targetRef)
+   * @return {object} - The targetRef
+   *
+   */
+  function getEndowmentsForConfig (sourceRef, config, unwrapTo, unwrapFrom) {
+    if (!config.globals) {
+      return {}
+    }
+    // validate read access from config
+    const whitelistedReads = []
+    const explicitlyBanned = []
+    Object.entries(config.globals).forEach(([path, configValue]) => {
+      const pathParts = path.split('.')
+      // disallow dunder proto in path
+      const pathContainsDunderProto = pathParts.some(pathPart => pathPart === '__proto__')
+      if (pathContainsDunderProto) {
+        throw new Error(`Lavamoat - "__proto__" disallowed when creating minial view. saw "${path}"`)
+      }
+      // false means no access. It's necessary so that overrides can also be used to tighten the policy
+      if (configValue === false) {
+        explicitlyBanned.push(path)
+        return 
+      }
+      // write access handled elsewhere
+      if (configValue === 'write') {
+        return
+      }
+      if (configValue !== true) {
+        throw new Error(`LavaMoat - unrecognizable policy value (${typeof configValue}) for path "${path}"`)
+      }
+      whitelistedReads.push(path)
+    })
+    return makeMinimalViewOfRef(sourceRef, whitelistedReads, unwrapTo, unwrapFrom, explicitlyBanned)
+  }
+
+  function makeMinimalViewOfRef (sourceRef, paths, unwrapTo, unwrapFrom, explicitlyBanned = []) {
+    const targetRef = {}
+    paths.forEach(path => {
+      copyValueAtPath('', path.split('.'), explicitlyBanned, sourceRef, targetRef, unwrapTo, unwrapFrom)
+    })
+    return targetRef
+  }
+
+  function extendPath(visited, next) {
+    if (!visited || visited.length === 0) {
+      return next
+    }
+    return `${visited}.${next}`
+  }
+
+  function copyValueAtPath (visitedPath, pathParts, explicitlyBanned, sourceRef, targetRef, unwrapTo = sourceRef, unwrapFrom = targetRef) {
+    if (pathParts.length === 0) {
+      throw new Error('unable to copy, must have pathParts, was empty')
+    }
+    const [nextPart, ...remainingParts] = pathParts
+    const currentPath = extendPath(visitedPath, nextPart)
+    // get the property from any depth in the property chain
+    const { prop: sourcePropDesc } = getPropertyDescriptorDeep(sourceRef, nextPart)
+
+    // if source missing the value to copy, just skip it
+    if (!sourcePropDesc) {
+      return
+    }
+
+    // if target already has a value, it must be extensible
+    const targetPropDesc = Reflect.getOwnPropertyDescriptor(targetRef, nextPart)
+    if (targetPropDesc) {
+      // dont attempt to extend a getter or trigger a setter
+      if (!('value' in targetPropDesc)) {
+        throw new Error(`unable to copy on to targetRef, targetRef has a getter at "${nextPart}"`)
+      }
+      // value must be extensible (cant write properties onto it)
+      const targetValue = targetPropDesc.value
+      const valueType = typeof targetValue
+      if (valueType !== 'object' && valueType !== 'function') {
+        throw new Error(`unable to copy on to targetRef, targetRef value is not an obj or func "${nextPart}"`)
+      }
+    }
+
+    // if this is not the last path in the assignment, walk into the containing reference
+    if (remainingParts.length > 0) {
+      const { sourceValue, sourceWritable } = getSourceValue()
+      const nextSourceRef = sourceValue
+      let nextTargetRef
+      // check if value exists on target and does not need selective treatment
+      if (targetPropDesc && !explicitlyBanned.includes(currentPath)) {
+        // a value already exists, we should walk into it
+        nextTargetRef = targetPropDesc.value
+      } else {
+        // its not populated so lets write to it
+        // put an object to serve as a container
+        const containerRef = {}
+        const newPropDesc = {
+          value: containerRef,
+          writable: sourceWritable,
+          enumerable: sourcePropDesc.enumerable,
+          configurable: sourcePropDesc.configurable,
+        }
+        Reflect.defineProperty(targetRef, nextPart, newPropDesc)
+        // the newly created container will be the next target
+        nextTargetRef = containerRef
+      }
+      copyValueAtPath(currentPath, remainingParts, explicitlyBanned, nextSourceRef, nextTargetRef)
+      return
+    }
+
+    // If conflicting rules exist, opt for the negative one. This should never happen
+    if (explicitlyBanned.includes(currentPath)) {
+      console.warn(`LavaMoat - conflicting rules exist for "${currentPath}"`)
+      return
+    }
+
+    // this is the last part of the path, the value we're trying to actually copy
+    // if has getter/setter - apply this-value unwrapping
+    if (!('value' in sourcePropDesc)) {
+      // wrapper setter/getter with correct receiver
+      const wrapperPropDesc = applyGetSetPropDescTransforms(sourcePropDesc, unwrapFrom, unwrapTo)
+      Reflect.defineProperty(targetRef, nextPart, wrapperPropDesc)
+      return
+    }
+
+    // need to determine the value type in order to copy it with
+    // this-value unwrapping support
+    const { sourceValue, sourceWritable } = getSourceValue()
+
+    // not a function - copy as is
+    if (typeof sourceValue !== 'function') {
+      Reflect.defineProperty(targetRef, nextPart, sourcePropDesc)
+      return
+    }
+    // otherwise add workaround for functions to swap back to the sourceal "this" reference
+    const unwrapTest = thisValue => thisValue === unwrapFrom
+    const newValue = createFunctionWrapper(sourceValue, unwrapTest, unwrapTo)
+    const newPropDesc = {
+      value: newValue,
+      writable: sourceWritable,
+      enumerable: sourcePropDesc.enumerable,
+      configurable: sourcePropDesc.configurable,
+    }
+    Reflect.defineProperty(targetRef, nextPart, newPropDesc)
+
+    function getSourceValue () {
+      // determine the source value, this coerces getters to values
+      // im deeply sorry, respecting getters was complicated and
+      // my brain is not very good
+      let sourceValue, sourceWritable
+      if ('value' in sourcePropDesc) {
+        sourceValue = sourcePropDesc.value
+        sourceWritable = sourcePropDesc.writable
+      } else if ('get' in sourcePropDesc) {
+        sourceValue = sourcePropDesc.get.call(unwrapTo)
+        sourceWritable = 'set' in sourcePropDesc
+      } else {
+        throw new Error('getEndowmentsForConfig - property descriptor missing a getter')
+      }
+      return { sourceValue, sourceWritable }
+    }
+  }
+
+  function applyEndowmentPropDescTransforms (propDesc, unwrapFromCompartment, unwrapToGlobalThis) {
+    let newPropDesc = propDesc
+    newPropDesc = applyFunctionPropDescTransform(newPropDesc, unwrapFromCompartment, unwrapToGlobalThis)
+    newPropDesc = applyGetSetPropDescTransforms(newPropDesc, unwrapFromCompartment.globalThis, unwrapToGlobalThis)
+    return newPropDesc
+  }
+
+  function applyGetSetPropDescTransforms (sourcePropDesc, unwrapFromGlobalThis, unwrapToGlobalThis) {
+    const wrappedPropDesc = { ...sourcePropDesc }
+    if (sourcePropDesc.get) {
+      wrappedPropDesc.get = function () {
+        const receiver = this
+        // replace the "receiver" value if it points to fake parent
+        const receiverRef = receiver === unwrapFromGlobalThis ? unwrapToGlobalThis : receiver
+        // sometimes getters replace themselves with static properties, as seen wih the FireFox runtime
+        const result = Reflect.apply(sourcePropDesc.get, receiverRef, [])
+        if (typeof result === 'function') {
+          // functions must be wrapped to ensure a good this-value.
+          // lockdown causes some propDescs to go to value -> getter,
+          // eg "Function.prototype.bind". we need to wrap getter results
+          // as well in order to ensure they have their this-value wrapped correctly
+          // if this ends up being problematic we can maybe take advantage of lockdown's
+          // "getter.originalValue" property being available
+          return createFunctionWrapper(result, (thisValue) => thisValue === unwrapFromGlobalThis, unwrapToGlobalThis)
+        } else {
+          return result
+        }
+      }
+    }
+    if (sourcePropDesc.set) {
+      wrappedPropDesc.set = function (value) {
+        // replace the "receiver" value if it points to fake parent
+        const receiver = this
+        const receiverRef = receiver === unwrapFromGlobalThis ? unwrapToGlobalThis : receiver
+        return Reflect.apply(sourcePropDesc.set, receiverRef, [value])
+      }
+    }
+    return wrappedPropDesc
+  }
+
+  function applyFunctionPropDescTransform (propDesc, unwrapFromCompartment, unwrapToGlobalThis) {
+    if (!('value' in propDesc && typeof propDesc.value === 'function')) {
+      return propDesc
+    }
+    const unwrapTest = (thisValue) => {
+      // unwrap function calls this-value to unwrapToGlobalThis when:
+      // this value is globalThis ex. globalThis.abc()
+      // scope proxy leak workaround ex. abc()
+      return thisValue === unwrapFromCompartment.globalThis
+    }
+    const newFn = createFunctionWrapper(propDesc.value, unwrapTest, unwrapToGlobalThis)
+    return { ...propDesc, value: newFn }
+  }
+}
+
+function getPropertyDescriptorDeep (target, key) {
+  let receiver = target
+  while (true) {
+    // abort if this is the end of the prototype chain.
+    if (!receiver) {
+      return { prop: null, receiver: null }
+    }
+    // support lookup on objects and primitives
+    const typeofReceiver = typeof receiver
+    if (typeofReceiver === 'object' || typeofReceiver === 'function') {
+      const prop = Reflect.getOwnPropertyDescriptor(receiver, key)
+      if (prop) {
+        return { receiver, prop }
+      }
+      // try next in the prototype chain
+      receiver = Reflect.getPrototypeOf(receiver)
+    } else {
+      // prototype lookup for primitives
+      // eslint-disable-next-line no-proto
+      receiver = receiver.__proto__
+    }
+  }
+}
+
+// END of injected code from makeGetEndowmentsForConfig
+  })()
+  return module.exports
+})()(generalUtils)
+    const { prepareCompartmentGlobalFromConfig } = // define makePrepareRealmGlobalFromConfig
+(function(){
+  const global = globalRef
+  const exports = {}
+  const module = { exports }
+  ;(function(){
+// START of injected code from makePrepareRealmGlobalFromConfig
+// the contents of this file will be copied into the prelude template
+// this module has been written so that it required directly or copied and added to the template with a small wrapper
+module.exports = makePrepareRealmGlobalFromConfig
+
+// utilities for exposing configuring the exposed endowments on the container global
+
+// The config uses a period-deliminated path notation to pull out deep values from objects
+// These utilities help modify the container global to expose the allowed globals from the globalStore OR the platform global
+
+function makePrepareRealmGlobalFromConfig ({ createFunctionWrapper }) {
+  return {
+    prepareCompartmentGlobalFromConfig,
+    getTopLevelReadAccessFromPackageConfig,
+    getTopLevelWriteAccessFromPackageConfig,
+  }
+
+  function getTopLevelReadAccessFromPackageConfig (globalsConfig) {
+    const result = Object.entries(globalsConfig)
+      .filter(([key, value]) => value === 'read' || value === true || (value === 'write' && key.split('.').length > 1))
+      .map(([key]) => key.split('.')[0])
+    // return unique array
+    return Array.from(new Set(result))
+  }
+
+  function getTopLevelWriteAccessFromPackageConfig (globalsConfig) {
+    const result = Object.entries(globalsConfig)
+      .filter(([key, value]) => value === 'write' && key.split('.').length === 1)
+      .map(([key]) => key)
+    return result
+  }
+
+  function prepareCompartmentGlobalFromConfig (packageCompartment, globalsConfig, endowments, globalStore, globalThisRefs) {
+    const packageCompartmentGlobal = packageCompartment.globalThis
+    // lookup top level read + write access keys
+    const topLevelWriteAccessKeys = getTopLevelWriteAccessFromPackageConfig(globalsConfig)
+    const topLevelReadAccessKeys = getTopLevelReadAccessFromPackageConfig(globalsConfig)
+
+    // define accessors
+
+    // allow read access via globalStore or packageCompartmentGlobal
+    topLevelReadAccessKeys.forEach(key => {
+      Object.defineProperty(packageCompartmentGlobal, key, {
+        get () {
+          if (globalStore.has(key)) {
+            return globalStore.get(key)
+          } else {
+            return Reflect.get(endowments, key, this)
+          }
+        },
+        set () {
+          // TODO: there should be a config to throw vs silently ignore
+          console.warn(`LavaMoat: ignoring write attempt to read-access global "${key}"`)
+        },
+      })
+    })
+
+    // allow write access to globalStore
+    // read access via globalStore or packageCompartmentGlobal
+    topLevelWriteAccessKeys.forEach(key => {
+      Object.defineProperty(packageCompartmentGlobal, key, {
+        get () {
+          if (globalStore.has(key)) {
+            return globalStore.get(key)
+          } else {
+            return endowments[key]
+          }
+        },
+        set (value) {
+          globalStore.set(key, value)
+        },
+        enumerable: true,
+        configurable: true,
+      })
+    })
+
+    // set circular globalRefs
+    globalThisRefs.forEach(key => {
+      // if globalRef is actually an endowment, ignore
+      if (topLevelReadAccessKeys.includes(key)) {
+        return
+      }
+      if (topLevelWriteAccessKeys.includes(key)) {
+        return
+      }
+      // set circular ref to global
+      packageCompartmentGlobal[key] = packageCompartmentGlobal
+    })
+
+    // bind Function constructor this value to globalThis
+    // legacy globalThis shim
+    const origFunction = packageCompartmentGlobal.Function
+    const newFunction = function (...args) {
+      const fn = origFunction(...args)
+      const unwrapTest = thisValue => thisValue === undefined
+      return createFunctionWrapper(fn, unwrapTest, packageCompartmentGlobal)
+    }
+    Object.defineProperties(newFunction, Object.getOwnPropertyDescriptors(origFunction))
+    packageCompartmentGlobal.Function = newFunction
+  }
+}
+
+// END of injected code from makePrepareRealmGlobalFromConfig
+  })()
+  return module.exports
+})()(generalUtils)
+    const { strictScopeTerminator } = // define strict-scope-terminator
+(function(){
+  const global = globalRef
+  const exports = {}
+  const module = { exports }
+  ;(function(){
+// START of injected code from strict-scope-terminator
+// import {
+//   Proxy,
+//   String,
+//   TypeError,
+//   ReferenceError,
+//   create,
+//   freeze,
+//   getOwnPropertyDescriptors,
+//   globalThis,
+//   immutableObject,
+// } from './commons.js';
+const { freeze, create, getOwnPropertyDescriptors } = Object;
+const immutableObject = freeze(create(null));
+
+// import { assert } from './error/assert.js';
+const assert = {
+  fail: (msg) => {
+    throw new Error(msg);
+  }
+}
+
+// const { details: d, quote: q } = assert;
+const d = (strings, args) => strings.join() + args.join();
+const q = (arg) => arg
+
+/**
+ * alwaysThrowHandler
+ * This is an object that throws if any property is called. It's used as
+ * a proxy handler which throws on any trap called.
+ * It's made from a proxy with a get trap that throws. It's safe to
+ * create one and share it between all Proxy handlers.
+ */
+const alwaysThrowHandler = new Proxy(
+  immutableObject,
+  freeze({
+    get(_shadow, prop) {
+      // eslint-disable-next-line @endo/no-polymorphic-call
+      assert.fail(
+        d`Please report unexpected scope handler trap: ${q(String(prop))}`,
+      );
+    },
+  }),
+);
+
+/*
+ * scopeProxyHandlerProperties
+ * scopeTerminatorHandler manages a strictScopeTerminator Proxy which serves as
+ * the final scope boundary that will always return "undefined" in order
+ * to prevent access to "start compartment globals".
+ */
+const scopeProxyHandlerProperties = {
+  get(_shadow, _prop) {
+    return undefined;
+  },
+
+  set(_shadow, prop, _value) {
+    // We should only hit this if the has() hook returned true matches the v8
+    // ReferenceError message "Uncaught ReferenceError: xyz is not defined"
+    throw new ReferenceError(`${String(prop)} is not defined`);
+  },
+
+  has(_shadow, prop) {
+    // we must at least return true for all properties on the realm globalThis
+    return prop in globalThis;
+  },
+
+  // note: this is likely a bug of safari
+  // https://bugs.webkit.org/show_bug.cgi?id=195534
+  getPrototypeOf() {
+    return null;
+  },
+
+  // Chip has seen this happen single stepping under the Chrome/v8 debugger.
+  // TODO record how to reliably reproduce, and to test if this fix helps.
+  // TODO report as bug to v8 or Chrome, and record issue link here.
+  getOwnPropertyDescriptor(_target, prop) {
+    // Coerce with `String` in case prop is a symbol.
+    const quotedProp = q(String(prop));
+    // eslint-disable-next-line @endo/no-polymorphic-call
+    console.warn(
+      `getOwnPropertyDescriptor trap on scopeTerminatorHandler for ${quotedProp}`,
+      new TypeError().stack,
+    );
+    return undefined;
+  },
+};
+
+// The scope handler's prototype is a proxy that throws if any trap other
+// than get/set/has are run (like getOwnPropertyDescriptors, apply,
+// getPrototypeOf).
+const strictScopeTerminatorHandler = freeze(
+  create(
+    alwaysThrowHandler,
+    getOwnPropertyDescriptors(scopeProxyHandlerProperties),
+  ),
+);
+
+const strictScopeTerminator = new Proxy(
+  immutableObject,
+  strictScopeTerminatorHandler,
+);
+
+module.exports = {
+  alwaysThrowHandler,
+  strictScopeTerminatorHandler,
+  strictScopeTerminator,
+}
+
+// END of injected code from strict-scope-terminator
+  })()
+  return module.exports
+})()
+
+    const moduleCache = new Map()
+    const packageCompartmentCache = new Map()
+    const globalStore = new Map()
+
+    const rootPackageName = '$root$'
+    const rootPackageCompartment = createRootPackageCompartment(globalRef)
+
+    // scuttle globalThis right after we used it to create the root package compartment
+    if (scuttleGlobalThis) {
+      if (!Array.isArray(scuttleGlobalThisExceptions)) {
+        throw new Error(`LavaMoat - scuttleGlobalThisExceptions must be an array, got "${typeof scuttleGlobalThisExceptions}"`)
+      }
+      performScuttleGlobalThis(globalRef, scuttleGlobalThisExceptions)
+    }
+
+    const kernel = {
+      internalRequire,
+    }
+    if (debugMode) {
+      kernel._getPolicyForPackage = getPolicyForPackage
+      kernel._getCompartmentForPackage = getCompartmentForPackage
+    }
+    Object.freeze(kernel)
+    return kernel
+
+    function performScuttleGlobalThis (globalRef, extraPropsToAvoid = new Array()) {
+      const props = new Array()
+      getPrototypeChain(globalRef)
+        .forEach(proto =>
+          props.push(...Object.getOwnPropertyNames(proto)))
+
+      for (let i = 0; i < extraPropsToAvoid.length; i++) {
+        const prop = extraPropsToAvoid[i]
+        if (!prop.startsWith('/')) {
+          continue
+        }
+        const parts = prop.split('/')
+        const pattern = parts.slice(1, -1).join('/')
+        const flags = parts[parts.length - 1]
+        extraPropsToAvoid[i] = new RegExp(pattern, flags)
+      }
+
+      // support LM,SES exported APIs and polyfills
+      const avoidForLavaMoatCompatibility = ['Compartment', 'Error', 'globalThis']
+      const propsToAvoid = new Set([...avoidForLavaMoatCompatibility, ...extraPropsToAvoid])
+
+      for (const prop of props) {
+        if (shouldAvoidProp(propsToAvoid, prop)) {
+          continue
+        }
+        if (Object.getOwnPropertyDescriptor(globalRef, prop)?.configurable === false) {
+          continue
+        }
+        const desc = {
+          set: () => {
+            console.warn(
+              `LavaMoat - property "${prop}" of globalThis cannot be set under scuttling mode. ` +
+              'To learn more visit https://github.com/LavaMoat/LavaMoat/pull/360.',
+            )
+          },
+          get: () => {
+            throw new Error(
+              `LavaMoat - property "${prop}" of globalThis is inaccessible under scuttling mode. ` +
+              'To learn more visit https://github.com/LavaMoat/LavaMoat/pull/360.',
+            )
+          },
+          configurable: false,
+        }
+        Object.defineProperty(globalRef, prop, desc)
+      }
+    }
+
+    // this function instantiaties a module from a moduleId.
+    // 1. loads the module metadata and policy
+    // 2. prepares the execution environment
+    // 3. instantiates the module, recursively instantiating dependencies
+    // 4. returns the module exports
+    function internalRequire (moduleId) {
+      // use cached module.exports if module is already instantiated
+      if (moduleCache.has(moduleId)) {
+        const moduleExports = moduleCache.get(moduleId).exports
+        return moduleExports
+      }
+
+      reportStatsHook('start', moduleId)
+
+      try {
+        // load and validate module metadata
+        // if module metadata is missing, throw an error
+        const moduleData = loadModuleData(moduleId)
+        if (!moduleData) {
+          const err = new Error('Cannot find module \'' + moduleId + '\'')
+          err.code = 'MODULE_NOT_FOUND'
+          throw err
+        }
+        if (moduleData.id === undefined) {
+          throw new Error('LavaMoat - moduleId is not defined correctly.')
+        }
+
+        // parse and validate module data
+        const { package: packageName, source: moduleSource } = moduleData
+        if (!packageName) {
+          throw new Error(`LavaMoat - missing packageName for module "${moduleId}"`)
+        }
+        const packagePolicy = getPolicyForPackage(lavamoatConfig, packageName)
+
+        // create the moduleObj and initializer
+        const { moduleInitializer, moduleObj } = prepareModuleInitializer(moduleData, packagePolicy)
+
+        // cache moduleObj here
+        // this is important to inf loops when hitting cycles in the dep graph
+        // must cache before running the moduleInitializer
+        moduleCache.set(moduleId, moduleObj)
+
+        // validate moduleInitializer
+        if (typeof moduleInitializer !== 'function') {
+          throw new Error(`LavaMoat - moduleInitializer is not defined correctly. got "${typeof moduleInitializer}"\n${moduleSource}`)
+        }
+
+        // initialize the module with the correct context
+        const initializerArgs = prepareModuleInitializerArgs(requireRelativeWithContext, moduleObj, moduleData)
+        moduleInitializer.apply(moduleObj.exports, initializerArgs)
+        const moduleExports = moduleObj.exports
+        return moduleExports
+
+        // this is passed to the module initializer
+        // it adds the context of the parent module
+        // this could be replaced via "Function.prototype.bind" if its more performant
+        function requireRelativeWithContext (requestedName) {
+          const parentModuleExports = moduleObj.exports
+          const parentModuleData = moduleData
+          const parentPackagePolicy = packagePolicy
+          const parentModuleId = moduleId
+          return requireRelative({ requestedName, parentModuleExports, parentModuleData, parentPackagePolicy, parentModuleId })
+        }
+      } finally {
+        reportStatsHook('end', moduleId)
+      }
+    }
+
+    // this resolves a module given a requestedName (eg relative path to parent) and a parentModule context
+    // the exports are processed via "protectExportsRequireTime" per the module's configuration
+    function requireRelative ({ requestedName, parentModuleExports, parentModuleData, parentPackagePolicy, parentModuleId }) {
+      const parentModulePackageName = parentModuleData.package
+      const parentPackagesWhitelist = parentPackagePolicy.packages
+      const parentBuiltinsWhitelist = Object.entries(parentPackagePolicy.builtin)
+        .filter(([_, allowed]) => allowed === true)
+        .map(([packagePath, allowed]) => packagePath.split('.')[0])
+
+      // resolve the moduleId from the requestedName
+      const moduleId = getRelativeModuleId(parentModuleId, requestedName)
+
+      // browserify goop:
+      // recursive requires dont hit cache so it inf loops, so we shortcircuit
+      // this only seems to happen with a few browserify builtins (nodejs builtin module polyfills)
+      // we could likely allow any requestedName since it can only refer to itself
+      if (moduleId === parentModuleId) {
+        if (['timers', 'buffer'].includes(requestedName) === false) {
+          throw new Error(`LavaMoat - recursive require detected: "${requestedName}"`)
+        }
+        return parentModuleExports
+      }
+
+      // load module
+      let moduleExports = internalRequire(moduleId)
+
+      // look up config for module
+      const moduleData = loadModuleData(moduleId)
+      const packageName = moduleData.package
+
+      // disallow requiring packages that are not in the parent's whitelist
+      const isSamePackage = packageName === parentModulePackageName
+      const parentIsEntryModule = parentModulePackageName === rootPackageName
+      let isInParentWhitelist = false
+      if (moduleData.type === 'builtin') {
+        isInParentWhitelist = parentBuiltinsWhitelist.includes(packageName)
+      } else {
+        isInParentWhitelist = (parentPackagesWhitelist[packageName] === true)
+      }
+
+      // validate that the import is allowed
+      if (!parentIsEntryModule && !isSamePackage && !isInParentWhitelist) {
+        let typeText = ' '
+        if (moduleData.type === 'builtin') {
+          typeText = ' node builtin '
+        }
+        throw new Error(`LavaMoat - required${typeText}package not in allowlist: package "${parentModulePackageName}" requested "${packageName}" as "${requestedName}"`)
+      }
+
+      // create minimal selection if its a builtin and the whole path is not selected for
+      if (!parentIsEntryModule && moduleData.type === 'builtin' && !parentPackagePolicy.builtin[moduleId]) {
+        const builtinPaths = (
+          Object.entries(parentPackagePolicy.builtin)
+          // grab all allowed builtin paths that match this package
+            .filter(([packagePath, allowed]) => allowed === true && moduleId === packagePath.split('.')[0])
+          // only include the paths after the packageName
+            .map(([packagePath, allowed]) => packagePath.split('.').slice(1).join('.'))
+            .sort()
+        )
+        moduleExports = makeMinimalViewOfRef(moduleExports, builtinPaths)
+      }
+
+      return moduleExports
+    }
+
+    function prepareModuleInitializer (moduleData, packagePolicy) {
+      const { moduleInitializer, precompiledInitializer, package: packageName, id: moduleId, source: moduleSource } = moduleData
+
+      // moduleInitializer may be set by loadModuleData (e.g. builtin + native modules)
+      if (moduleInitializer) {
+        // if an external moduleInitializer is set, ensure it is allowed
+        if (moduleData.type === 'native') {
+          // ensure package is allowed to have native modules
+          if (packagePolicy.native !== true) {
+            throw new Error(`LavaMoat - "native" module type not permitted for package "${packageName}", module "${moduleId}"`)
+          }
+        } else if (moduleData.type !== 'builtin') {
+          // builtin module types dont have policy configurations
+          // but the packages that can import them are constrained elsewhere
+          // here we just ensure that the module type is the only other type with a external moduleInitializer
+          throw new Error(`LavaMoat - invalid external moduleInitializer for module type "${moduleData.type}" in package "${packageName}", module "${moduleId}"`)
+        }
+        // moduleObj must be from the same Realm as the moduleInitializer (eg dart2js runtime requirement)
+        // here we are assuming the provided moduleInitializer is from the same Realm as this kernel
+        const moduleObj = { exports: {} }
+        return { moduleInitializer, moduleObj }
+      }
+
+      // setup initializer from moduleSource and compartment.
+      // execute in package compartment with globalThis populated per package policy
+      const packageCompartment = getCompartmentForPackage(packageName, packagePolicy)
+
+      try {
+        let moduleObj
+        let moduleInitializer
+        if (runWithPrecompiledModules) {
+          if (!precompiledInitializer) {
+            throw new Error(`LavaMoat - precompiledInitializer missing for "${moduleId}" from package "${packageName}"`)
+          }
+          // moduleObj must be from the same Realm as the moduleInitializer (eg dart2js runtime requirement)
+          // here we are assuming the provided moduleInitializer is from the same Realm as this kernel
+          moduleObj = { exports: {} }
+          const evalKit = {
+            globalThis: packageCompartment.globalThis,
+            scopeTerminator: strictScopeTerminator,
+          }
+          // this invokes the with-proxy wrapper
+          const moduleInitializerFactory = precompiledInitializer.call(evalKit)
+          // this ensures strict mode
+          moduleInitializer = moduleInitializerFactory()
+        } else {
+          if (typeof moduleSource !== 'string') {
+            throw new Error(`LavaMoat - moduleSource not a string for "${moduleId}" from package "${packageName}"`)
+          }
+          const sourceURL = moduleData.file || `modules/${moduleId}`
+          if (sourceURL.includes('\n')) {
+            throw new Error(`LavaMoat - Newlines not allowed in filenames: ${JSON.stringify(sourceURL)}`)
+          }
+          // moduleObj must be from the same Realm as the moduleInitializer (eg dart2js runtime requirement)
+          moduleObj = packageCompartment.evaluate('({ exports: {} })')
+          // TODO: move all source mutations elsewhere
+          moduleInitializer = packageCompartment.evaluate(`${moduleSource}\n//# sourceURL=${sourceURL}`)
+        }
+        return { moduleInitializer, moduleObj }
+      } catch (err) {
+        console.warn(`LavaMoat - Error evaluating module "${moduleId}" from package "${packageName}" \n${err.stack}`)
+        throw err
+      }
+    }
+
+    function createRootPackageCompartment (globalRef) {
+      if (packageCompartmentCache.has(rootPackageName)) {
+        throw new Error('LavaMoat - createRootPackageCompartment called more than once')
+      }
+      // prepare the root package's SES Compartment
+      // endowments:
+      // - Math is for untamed Math.random
+      // - Date is for untamed Date.now
+      const rootPackageCompartment = new Compartment({ Math, Date })
+      // find the relevant endowment sources
+      const globalProtoChain = getPrototypeChain(globalRef)
+      // the index for the common prototypal ancestor, Object.prototype
+      // this should always be the last index, but we check just in case
+      const commonPrototypeIndex = globalProtoChain.findIndex(globalProtoChainEntry => globalProtoChainEntry === Object.prototype)
+      if (commonPrototypeIndex === -1) {
+        throw new Error('Lavamoat - unable to find common prototype between Compartment and globalRef')
+      }
+      // we will copy endowments from all entries in the prototype chain, excluding Object.prototype
+      const endowmentSources = globalProtoChain.slice(0, commonPrototypeIndex)
+
+      // call all getters, in case of behavior change (such as with FireFox lazy getters)
+      // call on contents of endowmentsSources directly instead of in new array instances. If there is a lazy getter it only changes the original prop desc.
+      endowmentSources.forEach(source => {
+        const descriptors = Object.getOwnPropertyDescriptors(source)
+        Object.values(descriptors).forEach(desc => {
+          if ('get' in desc) {
+            try {
+              Reflect.apply(desc.get, globalRef, [])
+            }catch{}
+          }
+        })
+      })
+
+      const endowmentSourceDescriptors = endowmentSources.map(globalProtoChainEntry => Object.getOwnPropertyDescriptors(globalProtoChainEntry))
+      // flatten propDesc collections with precedence for globalThis-end of the prototype chain
+      const endowmentDescriptorsFlat = Object.assign(Object.create(null), ...endowmentSourceDescriptors.reverse())
+      // expose all own properties of globalRef, including non-enumerable
+      Object.entries(endowmentDescriptorsFlat)
+        // ignore properties already defined on compartment global
+        .filter(([key]) => !(key in rootPackageCompartment.globalThis))
+        // ignore circular globalThis refs
+        .filter(([key]) => !(globalThisRefs.includes(key)))
+        // define property on compartment global
+        .forEach(([key, desc]) => {
+          // unwrap functions, setters/getters & apply scope proxy workaround
+          const wrappedPropDesc = applyEndowmentPropDescTransforms(desc, rootPackageCompartment, globalRef)
+          Reflect.defineProperty(rootPackageCompartment.globalThis, key, wrappedPropDesc)
+        })
+      // global circular references otherwise added by prepareCompartmentGlobalFromConfig
+      // Add all circular refs to root package compartment globalThis
+      for (const ref of globalThisRefs) {
+        if (ref in rootPackageCompartment.globalThis) {
+          continue
+        }
+        rootPackageCompartment.globalThis[ref] = rootPackageCompartment.globalThis
+      }
+
+      // save the compartment for use by other modules in the package
+      packageCompartmentCache.set(rootPackageName, rootPackageCompartment)
+
+      return rootPackageCompartment
+    }
+
+    function getCompartmentForPackage (packageName, packagePolicy) {
+      // compartment may have already been created
+      let packageCompartment = packageCompartmentCache.get(packageName)
+      if (packageCompartment) {
+        return packageCompartment
+      }
+
+      // prepare Compartment
+      if (getExternalCompartment && packagePolicy.env) {
+        // external compartment can be provided by the platform (eg lavamoat-node)
+        packageCompartment = getExternalCompartment(packageName, packagePolicy)
+      } else {
+        // prepare the module's SES Compartment
+        // endowments:
+        // - Math is for untamed Math.random
+        // - Date is for untamed Date.now
+        packageCompartment = new Compartment({ Math, Date })
+      }
+      // prepare endowments
+      let endowments
+      try {
+        endowments = getEndowmentsForConfig(
+          // source reference
+          rootPackageCompartment.globalThis,
+          // policy
+          packagePolicy,
+          // unwrap to
+          globalRef,
+          // unwrap from
+          packageCompartment.globalThis,
+        )
+      } catch (err) {
+        const errMsg = `Lavamoat - failed to prepare endowments for package "${packageName}":\n${err.stack}`
+        throw new Error(errMsg)
+      }
+
+      // transform functions, getters & setters on prop descs. Solves SES scope proxy bug
+      Object.entries(Object.getOwnPropertyDescriptors(endowments))
+        // ignore non-configurable properties because we are modifying endowments in place
+        .filter(([key, propDesc]) => propDesc.configurable)
+        .forEach(([key, propDesc]) => {
+          const wrappedPropDesc = applyEndowmentPropDescTransforms(propDesc, packageCompartment, rootPackageCompartment.globalThis)
+          Reflect.defineProperty(endowments, key, wrappedPropDesc)
+        })
+
+      // sets up read/write access as configured
+      const globalsConfig = packagePolicy.globals
+      prepareCompartmentGlobalFromConfig(packageCompartment, globalsConfig, endowments, globalStore, globalThisRefs)
+
+      // save the compartment for use by other modules in the package
+      packageCompartmentCache.set(packageName, packageCompartment)
+
+      return packageCompartment
+    }
+
+    // this gets the lavaMoat config for a module by packageName
+    // if there were global defaults (e.g. everything gets "console") they could be applied here
+    function getPolicyForPackage (config, packageName) {
+      const packageConfig = (config.resources || {})[packageName] || {}
+      packageConfig.globals = packageConfig.globals || {}
+      packageConfig.packages = packageConfig.packages || {}
+      packageConfig.builtin = packageConfig.builtin || {}
+      return packageConfig
+    }
+
+    // util for getting the prototype chain as an array
+    // includes the provided value in the result
+    function getPrototypeChain (value) {
+      const protoChain = []
+      let current = value
+      while (current && (typeof current === 'object' || typeof current === 'function')) {
+        protoChain.push(current)
+        current = Reflect.getPrototypeOf(current)
+      }
+      return protoChain
+    }
+
+    function shouldAvoidProp(propsToAvoid, prop) {
+      for (const avoid of propsToAvoid) {
+        if (avoid instanceof RegExp && avoid.test(prop)) {
+          return true
+        }
+        if (propsToAvoid.has(prop)) {
+          return true
+        }
+      }
+      return false
+    }
+  }
+})()
+
+    const kernel = createKernelCore({
+      lavamoatConfig,
+      loadModuleData,
+      getRelativeModuleId,
+      prepareModuleInitializerArgs,
+      getExternalCompartment,
+      globalRef,
+      globalThisRefs,
+      scuttleGlobalThis,
+      scuttleGlobalThisExceptions,
+      debugMode,
+      runWithPrecompiledModules,
+      reportStatsHook,
+    })
+    return kernel
+  }
+})()
+
+  const kernel = createKernel({
+    runWithPrecompiledModules: true,
+    lavamoatConfig: lavamoatPolicy,
+    loadModuleData,
+    getRelativeModuleId,
+    prepareModuleInitializerArgs,
+    globalThisRefs: ['window', 'self', 'global', 'globalThis'],
+    debugMode,
+    reportStatsHook,
+  })
+  const { internalRequire } = kernel
+
+  // create a lavamoat pulic API for loading modules over multiple files
+  const LavaPack = Object.freeze({
+    loadPolicy: Object.freeze(loadPolicy),
+    loadBundle: Object.freeze(loadBundle),
+    runModule: Object.freeze(runModule),
+  })
+  // in debug mode, expose the kernel on the LavaPack API
+  if (debugMode) {
+    LavaPack._kernel = kernel
+  }
+
+  Object.defineProperty(globalThis, 'LavaPack', {value: LavaPack})
+  return
+
+
+  function loadModuleData (moduleId) {
+    if (typeof window === 'undefined' && require('node:module').isBuiltin(moduleId)) {
+      return {
+        type: 'builtin',
+        package: moduleId,
+        id: moduleId,
+        // Using unprotected require
+        moduleInitializer: (_, module) => {
+          module.exports = require(moduleId);
+        },
+      }
+    }
+    if (!moduleRegistry.has(moduleId)) {
+      throw new Error(`no module registered for "${moduleId}" (${typeof moduleId})`)
+    }
+    return moduleRegistry.get(moduleId)
+  }
+
+  function getRelativeModuleId (parentModuleId, requestedName) {
+    const parentModuleData = loadModuleData(parentModuleId)
+    if (!(requestedName in parentModuleData.deps)) {
+      console.warn(`missing dep: ${parentModuleData.package} requested ${requestedName}`)
+    }
+    return parentModuleData.deps[requestedName] || requestedName
+  }
+
+  function prepareModuleInitializerArgs (requireRelativeWithContext, moduleObj, moduleData) {
+    const require = requireRelativeWithContext
+    const module = moduleObj
+    const exports = moduleObj.exports
+    // bify direct module instantiation disabled ("arguments[4]")
+    return [require, module, exports, null, null]
+  }
+
+  // it is called by the policy loader or modules collection
+  function loadPolicy (bundlePolicy) {
+    // verify + load config
+    Object.entries(bundlePolicy.resources || {}).forEach(([packageName, packageConfig]) => {
+      if (packageName in lavamoatPolicy) {
+        throw new Error(`LavaMoat - loadBundle encountered redundant config definition for package "${packageName}"`)
+      }
+      lavamoatPolicy.resources[packageName] = packageConfig
+    })
+  }
+
+  // it is called by the modules collection
+  function loadBundle (newModules, entryPoints, bundlePolicy) {
+    // verify + load config
+    if (bundlePolicy) {
+      loadPolicy(bundlePolicy)
+    }
+    // verify + load in each module
+    for (const [moduleId, moduleDeps, initFn, { package: packageName, type }] of newModules) {
+      // verify that module is new
+      if (moduleRegistry.has(moduleId)) {
+        throw new Error(`LavaMoat - loadBundle encountered redundant module definition for id "${moduleId}"`)
+      }
+      // add the module
+      moduleRegistry.set(moduleId, {
+        type: type || 'js',
+        id: moduleId,
+        deps: moduleDeps,
+        // source: `(${initFn})`,
+        precompiledInitializer: initFn,
+        package: packageName,
+      })
+    }
+    // run each of entryPoints
+    const entryExports = Array.prototype.map.call(entryPoints, (entryId) => {
+      return runModule(entryId)
+    })
+    // webpack compat: return the first module's exports
+    return entryExports[0]
+  }
+
+  function runModule (moduleId) {
+    if (!moduleRegistry.has(moduleId)) {
+      throw new Error(`no module registered for "${moduleId}" (${typeof moduleId})`)
+    }
+    return internalRequire(moduleId)
+  }
+
+  // called by reportStatsHook
+  function onStatsReady (moduleGraphStatsObj) {
+    const graphId = Date.now()
+    console.warn(`completed module graph init "${graphId}" in ${moduleGraphStatsObj.value}ms ("${moduleGraphStatsObj.name}")`)
+    console.warn('logging module init stats object:')
+    console.warn(JSON.stringify(moduleGraphStatsObj, null, 2))
+  }
+
+})()
+</script>
+          <script src="bundle.js"></script>
+        </head>
+      </html>