|
Donner 0.5.1
Embeddable browser-grade SVG2 engine
|
|
|
Donner 0.5.1
Embeddable browser-grade SVG2 engine
|
Files | |
| FrameInspector.h | |
| Headless frame inspection: decode a sandbox wire stream into an indexed list of commands with human-readable summaries, and replay any prefix of those commands into a real backend. This is the engine that S4's eventual ImGui frame inspector panel will sit on top of; keeping it UI-free means we can test it now and reuse it from non-editor contexts (bug reports, .rnr replay CLIs, structural diffs). | |
| PipelinedRenderer.h | |
| PipelinedRenderer — a multi-threaded, in-process renderer that reuses the sandbox wire format as a producer/consumer boundary between the main thread (parser + driver + serializer) and a worker thread (deserializer + real backend). | |
| ReplayingRenderer.h | |
| Decodes a SerializingRenderer wire stream and dispatches its messages onto a wrapped, real RendererInterface. The replay is host-side: the target can be RendererTinySkia, RendererGeode, or a test mock. | |
| RnrFile.h | |
| .rnr — Donner Renderer Recording — is a compact on-disk container for a single sandbox wire stream plus enough metadata to reproduce the original render. The file body is the raw wire bytes from SandboxHost::renderToBackend (or SerializingRenderer::takeBuffer) appended verbatim — no re-encoding, no compression. | |
| SandboxCodecs.h | |
| Encoders and decoders for Donner value types that cross the sandbox wire boundary. Every Encode* writes its type into a WireWriter; every Decode* reads from a WireReader and sets the reader's failure flag on any problem (truncation, invalid variant tag, out-of-range enum, length cap). Decoders never throw and never crash on adversarial input. | |
| SandboxDiff.h | |
| Structural diff engine for .rnr recordings. Compares two decoded command streams (and their headers) using a longest-common-subsequence alignment, producing a unified-diff-style report suitable for regression triage. | |
| SandboxHardening.h | |
| Defense-in-depth hardening applied inside the sandbox child process immediately after startup, before it reads any untrusted input. See docs/design_docs/0023-editor_sandbox.md §"Milestone S6". | |
| SandboxHost.h | |
| Host-side driver for the sandbox child process. See docs/design_docs/0023-editor_sandbox.md (S1 for the process model, S2 for the wire format, S3 for the host-side replay path). | |
| SandboxProtocol.h | |
| Shared protocol constants between the editor host and the donner_parser_child sandbox binary. See docs/design_docs/0023-editor_sandbox.md Milestone S1 for the one-shot byte-in / PNG-out contract these exit codes implement. | |
| SerializingRenderer.h | |
| SerializingRenderer is a RendererInterface implementation that encodes each virtual method call to a WireWriter instead of rasterizing. It runs the normal RendererDriver inside its draw() entry point, so every call the driver would have made into a real backend (transform stack, paint state, draw primitives) ends up as a wire message. | |
| SvgSource.h | |
| SvgSource resolves a user-supplied URI into a raw byte buffer that the sandbox child can parse. This is the host-side half of the address bar design: the host has filesystem (and eventually network) privilege, and hands the sandbox child only the resulting bytes — never the filename, never the URL. | |
| Wire.h | |
| Milestone S2 wire format for the editor sandbox. See docs/design_docs/0023-editor_sandbox.md §"Wire format". | |
1.15.0