Security overview
Asobi is built on a Erlang/OTP stack with a small, deliberate trust boundary between player input and server-side game state. This section documents what the runtime defends against, what it does not, and how to deploy it safely.
Reading order
Threat model
Trust boundaries, the player-input edge, distributed Erlang assumptions, and what “trusted” actually means for game-module code.
Authentication & rate limiting
Bearer-token verification, Apple StoreKit 2 JWS chain validation, Steam ticket validation, and the per-route rate-limit gate.
Known limitations (asobi)
Trust assumptions about game-module code, distributed Erlang defaults, OS-level resource bounds the runtime does not enforce.
Lua sandbox model
What asobi_lua removes, replaces, and time-budgets in the Luerl state hosting your game.
Lua trust model
Why mounted Lua scripts are trusted in the same sense as the binary, and audit results that confirm specific escape attempts fail.
Lua known limitations
Resource caps the Luerl sandbox does not enforce yet, deployment hygiene, and best-effort rollback behaviour.
Reporting vulnerabilities
Send reports to security@asobi.dev rather than opening a public issue. We aim to acknowledge within 72 hours and ship a fix or mitigation within 14 days for critical findings.