# UnifiedWriter Macro Security Policy

UnifiedWriter macros are designed for browser-safe document automation only.
The macro layer must never become an OS automation layer.

## Default policy

- Imported DOCM macros are preserved but not executed.
- `vbaProject.bin` is stored for round-trip/export compatibility.
- JavaScript macro execution is disabled until explicitly allowed.
- Host applications may disable macro execution entirely.
- Unsupported OS-level VBA is reported, not converted.

## Blocked VBA categories

- FileSystemObject
- Shell
- external DLL / Declare / PtrSafe APIs
- Win32 API calls
- ActiveX
- COM Automation and `CreateObject` / `GetObject`
- external application automation

## Allowed macro direction

Allowed macro work should map to UnifiedWriter's DocumentModel and APIs:

- insert text
- apply text formatting
- manipulate paragraphs
- manipulate tables
- insert page breaks
- manipulate images
- manage comments, footnotes, headers and footers

## Host responsibilities

The Host controls whether macro execution is available. File access, network
access and external integrations are Host/Adapter responsibilities and are not
provided to scripts by the UnifiedWriter runtime.
