🛡️ Security & Compliance

Mustela is not just a tool; it is a high-integrity environment designed for developers who cannot afford security compromises. By stripping away the bloat of modern web development, we have eliminated the primary vectors of digital attacks.

1. The Security Manifesto

Our security model is built on Reductive Engineering: we believe that the most secure line of code is the one that was never written.

• Zero-Dependency Core: Mustela uses zero third-party libraries. While most SSGs pull in thousands of NPM packages, Mustela is a self-contained ecosystem.
• Immutable Output: The engine generates static HTML assets. There is no server-side logic (PHP, Node, Python) to exploit during runtime.
• Memory Efficiency: With a footprint of < 5MB RAM, Mustela is immune to memory-exhaustion attacks that typically crash heavier runtimes.

2. Compliance Standards

Mustela is engineered to meet the world’s strictest regulatory requirements.

🇪🇺 GDPR & Privacy

Mustela is 100% GDPR compliant by design.

• No Tracking: The engine contains no telemetry or "phone-home" features.
• No Cookies: The standard output generates zero tracking cookies.
• Total Anonymity: Mustela does not process, store, or transmit end-user IP addresses or personal data.

📜 Supply Chain Integrity (SLSA)

Mustela aligns with SLSA Level 4 guidelines. Because there are no external registries involved in the build process, the "Supply Chain" starts and ends with your local source code.

🏗️ Cyber Resilience Act (CRA) Ready

Mustela’s architecture is prepared for upcoming EU regulations regarding software security, focusing on minimal attack surfaces and full transparency.

3. Tactical Edition: Hermetic Isolation

The Tactical Edition is our specialized build for high-security, air-gapped, or classified environments.

4. Professional Attestation