Diff: patterns/zero-execution-routing
From 1c02ec1 to 1c02ec1
+0 / −0 lines
| Before | After |
|---|---|
| --- | --- |
| schema: foundry-doc-v1 | schema: foundry-doc-v1 |
| type: topic | type: topic |
| content_type: topic | content_type: topic |
| slug: zero-execution-routing | slug: zero-execution-routing |
| short_description: "Presentation layers in the platform adhere to a zero-execution mandate, eliminating client-side JavaScript for core DOM manipulation by using structural determinism for bilingual routing and native CSS state machines for interactive elements." | short_description: "Presentation layers in the platform adhere to a zero-execution mandate, eliminating client-side JavaScript for core DOM manipulation by using structural determinism for bilingual routing and native CSS state machines for interactive elements." |
| title: "Zero-execution routing and presentation" | title: "Zero-execution routing and presentation" |
| audience: vendor-public | audience: vendor-public |
| bcsc_class: current-fact | bcsc_class: current-fact |
| language: en | language: en |
| paired_with: zero-execution-routing.es.md | paired_with: zero-execution-routing.es.md |
| category: patterns | category: patterns |
| last_edited: 2026-05-25 | last_edited: 2026-05-25 |
| editor: pointsav-engineering | editor: pointsav-engineering |
| --- | --- |
| Platform presentation layers adhere to a zero-execution mandate, eliminating client-side JavaScript for core DOM manipulation, language routing, and file serving. This architectural constraint minimizes the attack surface and supports SOC 3 (Service Organization Control 3) compliance by relying entirely on deterministic files and native CSS state management. The pattern complements the [[machine-based-auth|machine-based authentication]] layer and the [[sovereign-ai-routing|sovereign AI routing]] architecture. | Platform presentation layers adhere to a zero-execution mandate, eliminating client-side JavaScript for core DOM manipulation, language routing, and file serving. This architectural constraint minimizes the attack surface and supports SOC 3 (Service Organization Control 3) compliance by relying entirely on deterministic files and native CSS state management. The pattern complements the [[machine-based-auth|machine-based authentication]] layer and the [[sovereign-ai-routing|sovereign AI routing]] architecture. |
| ## Key Takeaways | ## Key Takeaways |
| - No client-side JavaScript for core DOM manipulation, language routing, or file serving. The zero-execution mandate reduces the presentation-layer attack surface and supports SOC 3 compliance by relying entirely on deterministic static files and native CSS. | - No client-side JavaScript for core DOM manipulation, language routing, or file serving. The zero-execution mandate reduces the presentation-layer attack surface and supports SOC 3 compliance by relying entirely on deterministic static files and native CSS. |
| - Bilingual routing is structural, not conditional. The English `index.html` sits at the root; the Spanish `index.html` sits at `/es/` with the language-state checkbox `checked` in static HTML — no IP sniffing, no server-side redirect logic. | - Bilingual routing is structural, not conditional. The English `index.html` sits at the root; the Spanish `index.html` sits at `/es/` with the language-state checkbox `checked` in static HTML — no IP sniffing, no server-side redirect logic. |
| - Interactive elements (language toggles, download buttons) use native CSS checkbox state machines: all language blocks load simultaneously, and CSS `display: block/none` switches between them on `:checked` state. Result: zero execution latency, zero script injection surface at the presentation layer. | - Interactive elements (language toggles, download buttons) use native CSS checkbox state machines: all language blocks load simultaneously, and CSS `display: block/none` switches between them on `:checked` state. Result: zero execution latency, zero script injection surface at the presentation layer. |
| - The pattern pairs with [[machine-based-auth]]. Presentation surfaces that execute no JavaScript cannot be exploited via script injection — authentication occurs at the machine layer, not the browser layer. | - The pattern pairs with [[machine-based-auth]]. Presentation surfaces that execute no JavaScript cannot be exploited via script injection — authentication occurs at the machine layer, not the browser layer. |
| ## 1. Deterministic Bilingual Routing | ## 1. Deterministic Bilingual Routing |
| The platform avoids the security risks and latency of IP-sniffing scripts or conditional server-side redirects. Language routing is achieved through structural determinism: | The platform avoids the security risks and latency of IP-sniffing scripts or conditional server-side redirects. Language routing is achieved through structural determinism: |
| * **English (Root):** The primary `index.html` resides in the root directory. | * **English (Root):** The primary `index.html` resides in the root directory. |
| * **Spanish (/es/):** A structurally identical `index.html` resides in the `/es/` sub-directory, with the `checked` attribute natively applied to the language-state checkbox. | * **Spanish (/es/):** A structurally identical `index.html` resides in the `/es/` sub-directory, with the `checked` attribute natively applied to the language-state checkbox. |
| ## 2. The Pure CSS State Machine | ## 2. The Pure CSS State Machine |
| Interactive interface elements, such as language toggles and dynamic download buttons, operate via native CSS checkbox patterns rather than script-driven state: | Interactive interface elements, such as language toggles and dynamic download buttons, operate via native CSS checkbox patterns rather than script-driven state: |
| * **Simultaneous Loading:** The DOM loads all language blocks and button variations simultaneously. | * **Simultaneous Loading:** The DOM loads all language blocks and button variations simultaneously. |
| * **Native Switching:** CSS rules (`display: block` / `none`) are tied to the `:checked` state of hidden inputs. | * **Native Switching:** CSS rules (`display: block` / `none`) are tied to the `:checked` state of hidden inputs. |
| * **Zero Latency:** This method provides the illusion of a high-performance Web 2.0 application with zero execution latency and no client-side script vulnerability. | * **Zero Latency:** This method provides the illusion of a high-performance Web 2.0 application with zero execution latency and no client-side script vulnerability. |
| This approach ensures that platform interfaces are accessible, secure, and instantaneous across all network environments. | This approach ensures that platform interfaces are accessible, secure, and instantaneous across all network environments. |
| ## See also | ## See also |
| - [[sovereign-ai-routing]] — the sovereign AI routing architecture that pairs with this zero-execution discipline | - [[sovereign-ai-routing]] — the sovereign AI routing architecture that pairs with this zero-execution discipline |
| - [[machine-based-auth]] — machine-based authentication layer operating in the same zero-trust presentation context | - [[machine-based-auth]] — machine-based authentication layer operating in the same zero-trust presentation context |
| - [[decode-time-constraints]] — decode-time constraints that enforce deterministic execution boundaries | - [[decode-time-constraints]] — decode-time constraints that enforce deterministic execution boundaries |
| - [[sel4-microkernel-substrate]] — the microkernel substrate that grounds the execution isolation model | - [[sel4-microkernel-substrate]] — the microkernel substrate that grounds the execution isolation model |