diff --git a/packages/compartment-mapper/test/snapshots/test-error-handling.js.md b/packages/compartment-mapper/test/snapshots/test-error-handling.js.md
index 749c039ea8..21359b73c1 100644
--- a/packages/compartment-mapper/test/snapshots/test-error-handling.js.md
+++ b/packages/compartment-mapper/test/snapshots/test-error-handling.js.md
@@ -95,14 +95,14 @@ Generated by [AVA](https://avajs.dev).
     `Error: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/cjs/␊
         at Object.execute (file://.../compartment-mapper/src/import-archive.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at Compartment.importNow (file://.../ses/src/compartment-shim.js:…)␊
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at Compartment.importNow (file://.../ses/src/compartment.js:…)␊
         at require (file://.../compartment-mapper/src/parse-cjs-shared-export-wrapper.js:…)␊
         at eval (eval at <anonymous> (eval at makeEvaluate (file://.../ses/src/make-evaluate.js:…)), <anonymous>:…)␊
         at Object.execute (file://.../compartment-mapper/src/parse-pre-cjs.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at file://.../ses/src/compartment-shim.js:…`
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at file://.../ses/src/compartment.js:…`
 
 ## fixtures-error-handling / cjs / makeArchive / parseArchive with a prefix
 
@@ -111,14 +111,14 @@ Generated by [AVA](https://avajs.dev).
     `Error: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/cjs/␊
         at Object.execute (file://.../compartment-mapper/src/import-archive.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at Compartment.importNow (file://.../ses/src/compartment-shim.js:…)␊
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at Compartment.importNow (file://.../ses/src/compartment.js:…)␊
         at require (file://.../compartment-mapper/src/parse-cjs-shared-export-wrapper.js:…)␊
         at eval (eval at <anonymous> (eval at makeEvaluate (file://.../ses/src/make-evaluate.js:…)), <anonymous>:…)␊
         at Object.execute (file://.../compartment-mapper/src/parse-pre-cjs.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at file://.../ses/src/compartment-shim.js:…`
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at file://.../ses/src/compartment.js:…`
 
 ## fixtures-error-handling / cjs / writeArchive / loadArchive
 
@@ -127,14 +127,14 @@ Generated by [AVA](https://avajs.dev).
     `Error: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/cjs/␊
         at Object.execute (file://.../compartment-mapper/src/import-archive.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at Compartment.importNow (file://.../ses/src/compartment-shim.js:…)␊
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at Compartment.importNow (file://.../ses/src/compartment.js:…)␊
         at require (file://.../compartment-mapper/src/parse-cjs-shared-export-wrapper.js:…)␊
         at eval (eval at <anonymous> (eval at makeEvaluate (file://.../ses/src/make-evaluate.js:…)), <anonymous>:…)␊
         at Object.execute (file://.../compartment-mapper/src/parse-pre-cjs.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at file://.../ses/src/compartment-shim.js:…`
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at file://.../ses/src/compartment.js:…`
 
 ## fixtures-error-handling / cjs / writeArchive / importArchive
 
@@ -143,71 +143,11 @@ Generated by [AVA](https://avajs.dev).
     `Error: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/cjs/␊
         at Object.execute (file://.../compartment-mapper/src/import-archive.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at Compartment.importNow (file://.../ses/src/compartment-shim.js:…)␊
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at Compartment.importNow (file://.../ses/src/compartment.js:…)␊
         at require (file://.../compartment-mapper/src/parse-cjs-shared-export-wrapper.js:…)␊
         at eval (eval at <anonymous> (eval at makeEvaluate (file://.../ses/src/make-evaluate.js:…)), <anonymous>:…)␊
         at Object.execute (file://.../compartment-mapper/src/parse-pre-cjs.js:…)␊
         at execute (file://.../ses/src/module-instance.js:…)␊
-        at compartmentImportNow (file://.../ses/src/compartment-shim.js:…)␊
-        at file://.../ses/src/compartment-shim.js:…`
-
-## fixtures-error-handling / both / loadLocation
-
-> Snapshot 1
-
-    `TypeError: Failed to load module "./main.js" in package "file://.../compartment-mapper/test/fixtures-error-handling/node_modules/both/" (1 underlying failures: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/esm/␊
-        at load (file://.../ses/src/module-load.js:…)␊
-        at async file://.../compartment-mapper/test/scaffold.js:…␊
-        at async file://.../compartment-mapper/test/scaffold.js:…`
-
-
-## fixtures-error-handling / both / makeArchive / parseArchive
-
-> Snapshot 1
-
-    `TypeError: Failed to load module "./main.js" in package "file://.../compartment-mapper/test/fixtures-error-handling/node_modules/both/" (1 underlying failures: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/esm/␊
-        at load (file://.../ses/src/module-load.js:…)␊
-        at async digestLocation (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeAndHashArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async file://.../compartment-mapper/test/scaffold.js:…␊
-        at async file://.../compartment-mapper/test/scaffold.js:…`
-
-## fixtures-error-handling / both / makeArchive / parseArchive with a prefix
-
-> Snapshot 1
-
-    `TypeError: Failed to load module "./main.js" in package "file://.../compartment-mapper/test/fixtures-error-handling/node_modules/both/" (1 underlying failures: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/esm/␊
-        at load (file://.../ses/src/module-load.js:…)␊
-        at async digestLocation (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeAndHashArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async file://.../compartment-mapper/test/scaffold.js:…␊
-        at async file://.../compartment-mapper/test/scaffold.js:…`
-
-## fixtures-error-handling / both / writeArchive / loadArchive
-
-> Snapshot 1
-
-    `TypeError: Failed to load module "./main.js" in package "file://.../compartment-mapper/test/fixtures-error-handling/node_modules/both/" (1 underlying failures: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/esm/␊
-        at load (file://.../ses/src/module-load.js:…)␊
-        at async digestLocation (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeAndHashArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async writeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async file://.../compartment-mapper/test/scaffold.js:…␊
-        at async file://.../compartment-mapper/test/scaffold.js:…`
-
-## fixtures-error-handling / both / writeArchive / importArchive
-
-> Snapshot 1
-
-    `TypeError: Failed to load module "./main.js" in package "file://.../compartment-mapper/test/fixtures-error-handling/node_modules/both/" (1 underlying failures: Cannot find external module "missing" in package file://.../compartment-mapper/test/fixtures-error-handling/node_modules/esm/␊
-        at load (file://.../ses/src/module-load.js:…)␊
-        at async digestLocation (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeAndHashArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async makeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async writeArchive (file://.../compartment-mapper/src/archive.js:…)␊
-        at async file://.../compartment-mapper/test/scaffold.js:…␊
-        at async file://.../compartment-mapper/test/scaffold.js:…`
+        at compartmentImportNow (file://.../ses/src/compartment.js:…)␊
+        at file://.../ses/src/compartment.js:…`
diff --git a/packages/compartment-mapper/test/snapshots/test-error-handling.js.snap b/packages/compartment-mapper/test/snapshots/test-error-handling.js.snap
index ec130441ab..1ba5b1f98c 100644
Binary files a/packages/compartment-mapper/test/snapshots/test-error-handling.js.snap and b/packages/compartment-mapper/test/snapshots/test-error-handling.js.snap differ
diff --git a/packages/ses/NEWS.md b/packages/ses/NEWS.md
index 2f67762874..7041eff19e 100644
--- a/packages/ses/NEWS.md
+++ b/packages/ses/NEWS.md
@@ -2,21 +2,28 @@ User-visible changes in SES:
 
 # Next release
 
+- Extracts `repairIntrinsics(options)` and `hardenIntrinsics()` from the
+  behavior of `lockdown(options)` so vetted shims can run between these
+  calls.
+  Any modifications to shared intrinsics survive if applied after
+  `repairIntrinsics()`.
 - In the SES-shim implementation of HardenedJS, all constructed compartments
-get the same safe `Date`
-constructor, that does not provide the ability to measure duration. It used
-to do this by having `Date.now()` return `NaN`, and to have calls on the
-constructor that would normally have returned an indication of the current date,
-instead return the corresponding invalid date indication. Now, all of these
-throw a `TypeError` whose message begins with `'secure mode'`. This aligns with
-the XS implementation of HardenedJS.
-- Similarly, In the SES-shim implementation of HardenedJS,
-all constructed compartments get the same safe `Math` namespace
-object that does not provide a working `random()` function. It used to do that
-by omitting the `random` property from the safe `Math` namespace object. Now,
-the safe shared `Math` namespace object has a `Math.random()` function that
-throws a `TypeError whose message begins with `'secure mode'`. This again
-aligns with the XS implementation of HardenedJS.
+  get the same safe `Date` constructor, that does not provide the ability to
+  measure duration.
+  It used to do this by having `Date.now()` return `NaN`, and to have calls on
+  the constructor that would normally have returned an indication of the
+  current date, instead return the corresponding invalid date indication.
+  Now, all of these throw a `TypeError` whose message begins with `'secure
+  mode'`.
+  This aligns with the XS implementation of HardenedJS.
+- Similarly, In the SES-shim implementation of HardenedJS, all constructed
+  compartments get the same safe `Math` namespace object that does not provide
+  a working `random()` function.
+  It used to do that by omitting the `random` property from the safe `Math`
+  namespace object.
+  Now, the safe shared `Math` namespace object has a `Math.random()` function
+  that throws a `TypeError whose message begins with `'secure mode'`.
+  This again aligns with the XS implementation of HardenedJS.
 
 # v0.18.6 (2023-08-07)
 
diff --git a/packages/ses/docs/guide.md b/packages/ses/docs/guide.md
index c77377c274..4d50f40de8 100644
--- a/packages/ses/docs/guide.md
+++ b/packages/ses/docs/guide.md
@@ -28,7 +28,7 @@ Hardened JavaScript:
 - Removes non-determinism by modifying a few built-in objects.
 - Adds functionality to freeze and make immutable both built-in JavaScript
   objects and program created objects and make them immutable.
-- Is (as SES) is a proposed extension to the JavaScript standard.
+- Is (tentatively named SES) a proposed extension to the JavaScript standard.
 
 Hardened JavaScript consists of three parts:
 - Lockdown is a function that irreversibly repairs and hardens an existing
@@ -39,6 +39,12 @@ Hardened JavaScript consists of three parts:
   globals and modules, but shared hardened primordials and limited access to
   other powerful objects in global scope.
 
+Lockdown consists of separable Repair Intrinsics and Harden Intrinsics phases,
+so that shims (other programs that alter JavaScript) may run between them.
+These shims are obliged to maintain the object capability safety invariants
+provided by Lockdown and must be carefully reviewed.
+We call these "vetted shims".
+
 ## What is SES?
 
 SES is an old umbrella term for the Hardened JavaScript effort, and while we
@@ -143,6 +149,53 @@ To use SES as a script on the web, use the UMD build.
 <script src="node_modules/ses/dist/ses.umd.min.js">
 ```
 
+## Using Hardened JavaScript with vetted shims
+
+Some modules depend on language features that may not be present in the
+underlying platform.
+Some of these shims will compose poorly with `lockdown()`.
+Lockdown will remove any property it finds on a shared intrinsic (like
+`Array.prototype`) that it does not recognize and then freeze all the shared
+intrinsics and all the objects transitively reachable through own properties
+and prototypes.
+
+So, if a shim adds `Array.prototype.collate`, running that shim before calling
+`lockdown()` will have no net effect and running this shim after calling
+`lockdown()` will throw an exception when attempting to assign or define that
+property.
+
+Lockdown consists of two phases: Repair Intrinsics and Harden Intrinsics.
+A shim can run between these phases and its effects will persist.
+The following programs are equivalent:
+
+```js
+lockdown(options);
+```
+
+And,
+
+```js
+repairIntrinsics(options);
+hardenIntrinsics();
+```
+
+And, an application that choses to call these also has the option of running
+shims between the two phases.
+
+```js
+import './non-ses-code-before-lockdown.js';
+import './ses-repair-intrinsics.js'; // calls repairIntrinsics.
+import './vetted-shim.js';
+import './ses-harden-intrinsics.js'; // calls hardenIntrinsics.
+import './ses-code-after-lockdown.js';
+```
+
+However, any such shim must preserve the qualities of Lockdown:
+all reachable objects in an empty compartment must be hardened and must not
+provide a way for isolated parties to communicate.
+So, application authors are responsible for ensuring these shims maintain their
+application’s integrity invariants.
+
 ## What Lockdown does to JavaScript
 
 Hardened JavaScript does not include any I/O objects providing "unsafe" [*ambient authority*](https://en.wikipedia.org/wiki/Ambient_authority).
@@ -204,7 +257,7 @@ Most Node.js-specific [global objects](https://nodejs.org/dist/latest-v14.x/docs
 * `WebAssembly`
 * `TextEncoder` and `TextDecoder`
 * `global`
-  * Use `globalThis` instead (and remember it is frozen).
+  * Use `globalThis` instead.
 * `process`
   * No `process.env` to access the process's environment variables.
   * No `process.argv` for the argument array.
@@ -244,15 +297,31 @@ makes those global objects available.
   and defer the construction of error objects and computed messages until an
   assertion fails.
 
-- `lockdown()` and `harden()` both freeze an object’s API surface (enumerable data properties).
-  A hardened object’s properties cannot be changed, only read, so the only way to interact with a
-  hardened object is through its methods. `harden()` is similar to `Object.freeze()` but more
-  thorough. See the individual [`lockdown()`](#lockdown) and [`harden()`](#harden) sections
-  below.
+- `repairIntrinsics` adds, removes, and replaces various properties of the
+  global environment and shared intrinsics.
+  Introduces `hardenIntrinsics`.
+
+- `hardenIntrinsics` freezes the transitive own properties and prototypes of
+  the shared intrinsics.
+  Introduces `harden`.
 
-- [`Compartment`](https://github.com/endojs/endo/tree/SES-v0.8.0/packages/ses#compartment) is
-  a global. Code runs inside a `Compartment` and can create sub-compartments to host other
-  code (with different globals or transforms). Note that these child compartments get `harden()` and `Compartment`.
+- [`harden()`](#harden) provides a shorthand for reliably freezing the
+  transitive properties and prototypes of other objects, such that the API
+  surface of these objects are tamper-proof when shared between otherwise
+  isolated programs.
+
+- [`lockdown()`](#lockdown) is a shorthand for `repairIntrinsics` and `hardenIntrinsics`.
+
+- [`Compartment`](https://github.com/endojs/endo/tree/SES-v0.8.0/packages/ses#compartment)
+  Code runs inside a `Compartment` and can create sub-compartments to host
+  other code (with different globals or code transforms).
+  The globals in a child compartment include the shared intrinsics including
+  `harden` and a batch of evaluators that run programs that will also be
+  confined to the compartment including `eval`, `Function`, and `Compartment`
+  itself.
+  Compartments can be created with support for loading modules.
+  Comaprtments constructed after `repairIntrinsics()` and `hardenIntrinsics()`
+  also confine the evaluation of modules.
 
 ## Realms
 
@@ -417,6 +486,21 @@ some covert communication channels).
 For a full explanation of `lockdown()` and its options, please click
 [here](./lockdown.md).
 
+## `repairIntrinsics()`
+
+Performs the first part of Lockdown: adding, removing, and replacing certain
+JavaScript intrinsics so that some intrinsics can be safely shared between
+confined programs.
+Running `repairIntrinsics()` introduces `hardenIntrinsics()`.
+
+## `hardenIntrinsics()`
+
+Performs the last part of Lockdown: hardening the shared intrinsics so they can
+be safely shared between confined programs.
+Running `hardenIntrinsics()` reveals the `harden()` function.
+(Harden is not useful until after `hardenIntrinsics()` and could interfere with
+the execution of repairs or shims if it were revealed earlier.)
+
 ## `harden()`
 
 `harden()` is automatically provided by `lockdown()`. Any code that will run inside a vat or a
diff --git a/packages/ses/docs/reference.md b/packages/ses/docs/reference.md
index 0c65015392..a60b4066fa 100644
--- a/packages/ses/docs/reference.md
+++ b/packages/ses/docs/reference.md
@@ -11,27 +11,50 @@ comprehensive [Endo and Hardened JavaScript Programming Guide](./guide.md).
 The SES shim transforms ordinary JavaScript environments into Hardened JavaScript environments.
 
 On Node.js you can import or require `ses` in either CommonJS or ECMAScript modules, then call `lockdown()`. This is a *shim*. It mutates the environment in place so any code running after the shim can assume it’s running in a Hardened JavaScript environment. This includes the globals `lockdown()`, `harden()`, `Compartment`, and so on. For example:
+
 ```js
 require("ses");
 lockdown();
 ```
+
 Or:
+
 ```js
 import 'ses';
 lockdown();
 ```
 
 To ensure a module runs in a Hardened JavaScript environment, wrap the above code in a `ses-lockdown.js` module and import it:
+
 ```js
 import './non-ses-code-before-lockdown.js';
 import './ses-lockdown.js'; // calls lockdown.
 import './ses-code-after-lockdown.js';
 ```
+
 To use SES as a script on the web, use the UMD build.
+
 ```js
 <script src="node_modules/ses/dist/ses.umd.min.js">
 ```
 
+To run shims after `ses` repairs the intrinsics but before `ses` hardens the
+intrinsics, calling `lockdown(options)` is equivalent to running
+`repairIntrinsics(options)` then `hardenIntrinsics()` and vetted shims can run
+in between.
+
+```js
+import './non-ses-code-before-lockdown.js';
+import './ses-repair-intrinsics.js'; // calls repairIntrinsics.
+import './vetted-shim.js';
+import './ses-harden-intrinsics.js'; // calls hardenIntrinsics.
+import './ses-code-after-lockdown.js';
+```
+
+SES is vulnerable to any code that runs before hardening intrinsics.
+All such code, including vetted shims, must receive careful review to ensure it
+preserves the invariants of the OCap security model.
+
 ## Removed by Hardened JavaScript summary
 
 The following are missing or unusable under Hardened JavaScript:
diff --git a/packages/ses/index.js b/packages/ses/index.js
index b0a3be63b0..06f4ab107d 100644
--- a/packages/ses/index.js
+++ b/packages/ses/index.js
@@ -12,34 +12,6 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import { globalThis, TypeError, assign } from './src/commons.js';
-
-import { tameFunctionToString } from './src/tame-function-tostring.js';
-import { getGlobalIntrinsics } from './src/intrinsics.js';
-import { lockdown } from './src/lockdown-shim.js';
-import { makeCompartmentConstructor } from './src/compartment-shim.js';
-import { assert } from './src/error/assert.js';
-
-/** getThis returns globalThis in sloppy mode or undefined in strict mode. */
-function getThis() {
-  return this;
-}
-
-if (getThis()) {
-  // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_NO_SLOPPY.md
-  throw TypeError(`SES failed to initialize, sloppy mode (SES_NO_SLOPPY)`);
-}
-
-const markVirtualizedNativeFunction = tameFunctionToString();
-
-const Compartment = makeCompartmentConstructor(
-  makeCompartmentConstructor,
-  getGlobalIntrinsics(globalThis),
-  markVirtualizedNativeFunction,
-);
-
-assign(globalThis, {
-  lockdown,
-  Compartment,
-  assert,
-});
+import './src/lockdown-shim.js';
+import './src/compartment-shim.js';
+import './src/assert-shim.js';
diff --git a/packages/ses/src/assert-shim.js b/packages/ses/src/assert-shim.js
new file mode 100644
index 0000000000..83b1808846
--- /dev/null
+++ b/packages/ses/src/assert-shim.js
@@ -0,0 +1,4 @@
+import { globalThis } from './commons.js';
+import { assert } from './error/assert.js';
+
+globalThis.assert = assert;
diff --git a/packages/ses/src/assert-sloppy-mode.js b/packages/ses/src/assert-sloppy-mode.js
new file mode 100644
index 0000000000..0c19edf91f
--- /dev/null
+++ b/packages/ses/src/assert-sloppy-mode.js
@@ -0,0 +1,11 @@
+import { TypeError } from './commons.js';
+
+/** getThis returns globalThis in sloppy mode or undefined in strict mode. */
+function getThis() {
+  return this;
+}
+
+if (getThis()) {
+  // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_NO_SLOPPY.md
+  throw TypeError(`SES failed to initialize, sloppy mode (SES_NO_SLOPPY)`);
+}
diff --git a/packages/ses/src/compartment-shim.js b/packages/ses/src/compartment-shim.js
index 9220c4e57d..ecdfac9d2b 100644
--- a/packages/ses/src/compartment-shim.js
+++ b/packages/ses/src/compartment-shim.js
@@ -1,292 +1,15 @@
-// @ts-check
-/* eslint-disable no-underscore-dangle */
-/// <reference types="ses">
+/// <reference types="ses"/>
 
-import {
-  Map,
-  ReferenceError,
-  TypeError,
-  WeakMap,
-  assign,
-  defineProperties,
-  entries,
-  promiseThen,
-  weakmapGet,
-  weakmapSet,
-} from './commons.js';
-import {
-  setGlobalObjectSymbolUnscopables,
-  setGlobalObjectConstantProperties,
-  setGlobalObjectMutableProperties,
-  setGlobalObjectEvaluators,
-} from './global-object.js';
-import { sharedGlobalPropertyNames } from './permits.js';
-import { load } from './module-load.js';
-import { link } from './module-link.js';
-import { getDeferredExports } from './module-proxy.js';
-import { assert } from './error/assert.js';
-import { compartmentEvaluate } from './compartment-evaluate.js';
-import { makeSafeEvaluator } from './make-safe-evaluator.js';
+import { globalThis } from './commons.js';
+import { makeCompartmentConstructor } from './compartment.js';
+import { tameFunctionToString } from './tame-function-tostring.js';
+import { getGlobalIntrinsics } from './intrinsics.js';
 
-const { quote: q } = assert;
+const markVirtualizedNativeFunction = tameFunctionToString();
 
-// moduleAliases associates every public module exports namespace with its
-// corresponding compartment and specifier so they can be used to link modules
-// across compartments.
-// The mechanism to thread an alias is to use the compartment.module function
-// to obtain the exports namespace of a foreign module and pass it into another
-// compartment's moduleMap constructor option.
-const moduleAliases = new WeakMap();
-
-// privateFields captures the private state for each compartment.
-const privateFields = new WeakMap();
-
-// Compartments do not need an importHook or resolveHook to be useful
-// as a vessel for evaluating programs.
-// However, any method that operates the module system will throw an exception
-// if these hooks are not available.
-const assertModuleHooks = compartment => {
-  const { importHook, resolveHook } = weakmapGet(privateFields, compartment);
-  if (typeof importHook !== 'function' || typeof resolveHook !== 'function') {
-    throw TypeError(
-      'Compartment must be constructed with an importHook and a resolveHook for it to be able to load modules',
-    );
-  }
-};
-
-export const InertCompartment = function Compartment(
-  _endowments = {},
-  _modules = {},
-  _options = {},
-) {
-  throw TypeError(
-    'Compartment.prototype.constructor is not a valid constructor.',
-  );
-};
-
-/**
- * @param {Compartment} compartment
- * @param {string} specifier
- */
-const compartmentImportNow = (compartment, specifier) => {
-  const { execute, exportsProxy } = link(
-    privateFields,
-    moduleAliases,
-    compartment,
-    specifier,
-  );
-  execute();
-  return exportsProxy;
-};
-
-export const CompartmentPrototype = {
-  constructor: InertCompartment,
-
-  get globalThis() {
-    return weakmapGet(privateFields, this).globalObject;
-  },
-
-  get name() {
-    return weakmapGet(privateFields, this).name;
-  },
-
-  /**
-   * @param {string} source is a JavaScript program grammar construction.
-   * @param {object} [options]
-   * @param {Array<import('./lockdown-shim').Transform>} [options.transforms]
-   * @param {boolean} [options.sloppyGlobalsMode]
-   * @param {object} [options.__moduleShimLexicals__]
-   * @param {boolean} [options.__evadeHtmlCommentTest__]
-   * @param {boolean} [options.__evadeImportExpressionTest__]
-   * @param {boolean} [options.__rejectSomeDirectEvalExpressions__]
-   */
-  evaluate(source, options = {}) {
-    const compartmentFields = weakmapGet(privateFields, this);
-    return compartmentEvaluate(compartmentFields, source, options);
-  },
-
-  toString() {
-    return '[object Compartment]';
-  },
-
-  module(specifier) {
-    if (typeof specifier !== 'string') {
-      throw TypeError('first argument of module() must be a string');
-    }
-
-    assertModuleHooks(this);
-
-    const { exportsProxy } = getDeferredExports(
-      this,
-      weakmapGet(privateFields, this),
-      moduleAliases,
-      specifier,
-    );
-
-    return exportsProxy;
-  },
-
-  async import(specifier) {
-    if (typeof specifier !== 'string') {
-      throw TypeError('first argument of import() must be a string');
-    }
-
-    assertModuleHooks(this);
-
-    return promiseThen(
-      load(privateFields, moduleAliases, this, specifier),
-      () => {
-        // The namespace box is a contentious design and likely to be a breaking
-        // change in an appropriately numbered future version.
-        const namespace = compartmentImportNow(
-          /** @type {Compartment} */ (this),
-          specifier,
-        );
-        return { namespace };
-      },
-    );
-  },
-
-  async load(specifier) {
-    if (typeof specifier !== 'string') {
-      throw TypeError('first argument of load() must be a string');
-    }
-
-    assertModuleHooks(this);
-
-    return load(privateFields, moduleAliases, this, specifier);
-  },
-
-  importNow(specifier) {
-    if (typeof specifier !== 'string') {
-      throw TypeError('first argument of importNow() must be a string');
-    }
-
-    assertModuleHooks(this);
-
-    return compartmentImportNow(/** @type {Compartment} */ (this), specifier);
-  },
-};
-
-defineProperties(InertCompartment, {
-  prototype: { value: CompartmentPrototype },
-});
-
-/**
- * @callback MakeCompartmentConstructor
- * @param {MakeCompartmentConstructor} targetMakeCompartmentConstructor
- * @param {Record<string, any>} intrinsics
- * @param {(object: object) => void} markVirtualizedNativeFunction
- * @returns {Compartment['constructor']}
- */
-
-/** @type {MakeCompartmentConstructor} */
-export const makeCompartmentConstructor = (
-  targetMakeCompartmentConstructor,
-  intrinsics,
+// @ts-ignore Compartment is definitely on globalThis.
+globalThis.Compartment = makeCompartmentConstructor(
+  makeCompartmentConstructor,
+  getGlobalIntrinsics(globalThis),
   markVirtualizedNativeFunction,
-) => {
-  function Compartment(endowments = {}, moduleMap = {}, options = {}) {
-    if (new.target === undefined) {
-      throw TypeError(
-        "Class constructor Compartment cannot be invoked without 'new'",
-      );
-    }
-
-    // Extract options, and shallow-clone transforms.
-    const {
-      name = '<unknown>',
-      transforms = [],
-      __shimTransforms__ = [],
-      resolveHook,
-      importHook,
-      moduleMapHook,
-      importMetaHook,
-    } = options;
-    const globalTransforms = [...transforms, ...__shimTransforms__];
-
-    // Map<FullSpecifier, ModuleCompartmentRecord>
-    const moduleRecords = new Map();
-    // Map<FullSpecifier, ModuleInstance>
-    const instances = new Map();
-    // Map<FullSpecifier, {ExportsProxy, ProxiedExports, activate()}>
-    const deferredExports = new Map();
-
-    // Validate given moduleMap.
-    // The module map gets translated on-demand in module-load.js and the
-    // moduleMap can be invalid in ways that cannot be detected in the
-    // constructor, but these checks allow us to throw early for a better
-    // developer experience.
-    for (const [specifier, aliasNamespace] of entries(moduleMap || {})) {
-      if (typeof aliasNamespace === 'string') {
-        // TODO implement parent module record retrieval.
-        throw TypeError(
-          `Cannot map module ${q(specifier)} to ${q(
-            aliasNamespace,
-          )} in parent compartment`,
-        );
-      } else if (weakmapGet(moduleAliases, aliasNamespace) === undefined) {
-        // TODO create and link a synthetic module instance from the given
-        // namespace object.
-        throw ReferenceError(
-          `Cannot map module ${q(
-            specifier,
-          )} because it has no known compartment in this realm`,
-        );
-      }
-    }
-
-    const globalObject = {};
-
-    setGlobalObjectSymbolUnscopables(globalObject);
-
-    // We must initialize all constant properties first because
-    // `makeSafeEvaluator` may use them to create optimized bindings
-    // in the evaluator.
-    // TODO: consider merging into a single initialization if internal
-    // evaluator is no longer eagerly created
-    setGlobalObjectConstantProperties(globalObject);
-
-    const { safeEvaluate } = makeSafeEvaluator({
-      globalObject,
-      globalTransforms,
-      sloppyGlobalsMode: false,
-    });
-
-    setGlobalObjectMutableProperties(globalObject, {
-      intrinsics,
-      newGlobalPropertyNames: sharedGlobalPropertyNames,
-      makeCompartmentConstructor: targetMakeCompartmentConstructor,
-      markVirtualizedNativeFunction,
-    });
-
-    // TODO: maybe add evalTaming to the Compartment constructor 3rd options?
-    setGlobalObjectEvaluators(
-      globalObject,
-      safeEvaluate,
-      markVirtualizedNativeFunction,
-    );
-
-    assign(globalObject, endowments);
-
-    weakmapSet(privateFields, this, {
-      name: `${name}`,
-      globalTransforms,
-      globalObject,
-      safeEvaluate,
-      resolveHook,
-      importHook,
-      moduleMap,
-      moduleMapHook,
-      importMetaHook,
-      moduleRecords,
-      __shimTransforms__,
-      deferredExports,
-      instances,
-    });
-  }
-
-  Compartment.prototype = CompartmentPrototype;
-
-  return Compartment;
-};
+);
diff --git a/packages/ses/src/compartment.js b/packages/ses/src/compartment.js
new file mode 100644
index 0000000000..9220c4e57d
--- /dev/null
+++ b/packages/ses/src/compartment.js
@@ -0,0 +1,292 @@
+// @ts-check
+/* eslint-disable no-underscore-dangle */
+/// <reference types="ses">
+
+import {
+  Map,
+  ReferenceError,
+  TypeError,
+  WeakMap,
+  assign,
+  defineProperties,
+  entries,
+  promiseThen,
+  weakmapGet,
+  weakmapSet,
+} from './commons.js';
+import {
+  setGlobalObjectSymbolUnscopables,
+  setGlobalObjectConstantProperties,
+  setGlobalObjectMutableProperties,
+  setGlobalObjectEvaluators,
+} from './global-object.js';
+import { sharedGlobalPropertyNames } from './permits.js';
+import { load } from './module-load.js';
+import { link } from './module-link.js';
+import { getDeferredExports } from './module-proxy.js';
+import { assert } from './error/assert.js';
+import { compartmentEvaluate } from './compartment-evaluate.js';
+import { makeSafeEvaluator } from './make-safe-evaluator.js';
+
+const { quote: q } = assert;
+
+// moduleAliases associates every public module exports namespace with its
+// corresponding compartment and specifier so they can be used to link modules
+// across compartments.
+// The mechanism to thread an alias is to use the compartment.module function
+// to obtain the exports namespace of a foreign module and pass it into another
+// compartment's moduleMap constructor option.
+const moduleAliases = new WeakMap();
+
+// privateFields captures the private state for each compartment.
+const privateFields = new WeakMap();
+
+// Compartments do not need an importHook or resolveHook to be useful
+// as a vessel for evaluating programs.
+// However, any method that operates the module system will throw an exception
+// if these hooks are not available.
+const assertModuleHooks = compartment => {
+  const { importHook, resolveHook } = weakmapGet(privateFields, compartment);
+  if (typeof importHook !== 'function' || typeof resolveHook !== 'function') {
+    throw TypeError(
+      'Compartment must be constructed with an importHook and a resolveHook for it to be able to load modules',
+    );
+  }
+};
+
+export const InertCompartment = function Compartment(
+  _endowments = {},
+  _modules = {},
+  _options = {},
+) {
+  throw TypeError(
+    'Compartment.prototype.constructor is not a valid constructor.',
+  );
+};
+
+/**
+ * @param {Compartment} compartment
+ * @param {string} specifier
+ */
+const compartmentImportNow = (compartment, specifier) => {
+  const { execute, exportsProxy } = link(
+    privateFields,
+    moduleAliases,
+    compartment,
+    specifier,
+  );
+  execute();
+  return exportsProxy;
+};
+
+export const CompartmentPrototype = {
+  constructor: InertCompartment,
+
+  get globalThis() {
+    return weakmapGet(privateFields, this).globalObject;
+  },
+
+  get name() {
+    return weakmapGet(privateFields, this).name;
+  },
+
+  /**
+   * @param {string} source is a JavaScript program grammar construction.
+   * @param {object} [options]
+   * @param {Array<import('./lockdown-shim').Transform>} [options.transforms]
+   * @param {boolean} [options.sloppyGlobalsMode]
+   * @param {object} [options.__moduleShimLexicals__]
+   * @param {boolean} [options.__evadeHtmlCommentTest__]
+   * @param {boolean} [options.__evadeImportExpressionTest__]
+   * @param {boolean} [options.__rejectSomeDirectEvalExpressions__]
+   */
+  evaluate(source, options = {}) {
+    const compartmentFields = weakmapGet(privateFields, this);
+    return compartmentEvaluate(compartmentFields, source, options);
+  },
+
+  toString() {
+    return '[object Compartment]';
+  },
+
+  module(specifier) {
+    if (typeof specifier !== 'string') {
+      throw TypeError('first argument of module() must be a string');
+    }
+
+    assertModuleHooks(this);
+
+    const { exportsProxy } = getDeferredExports(
+      this,
+      weakmapGet(privateFields, this),
+      moduleAliases,
+      specifier,
+    );
+
+    return exportsProxy;
+  },
+
+  async import(specifier) {
+    if (typeof specifier !== 'string') {
+      throw TypeError('first argument of import() must be a string');
+    }
+
+    assertModuleHooks(this);
+
+    return promiseThen(
+      load(privateFields, moduleAliases, this, specifier),
+      () => {
+        // The namespace box is a contentious design and likely to be a breaking
+        // change in an appropriately numbered future version.
+        const namespace = compartmentImportNow(
+          /** @type {Compartment} */ (this),
+          specifier,
+        );
+        return { namespace };
+      },
+    );
+  },
+
+  async load(specifier) {
+    if (typeof specifier !== 'string') {
+      throw TypeError('first argument of load() must be a string');
+    }
+
+    assertModuleHooks(this);
+
+    return load(privateFields, moduleAliases, this, specifier);
+  },
+
+  importNow(specifier) {
+    if (typeof specifier !== 'string') {
+      throw TypeError('first argument of importNow() must be a string');
+    }
+
+    assertModuleHooks(this);
+
+    return compartmentImportNow(/** @type {Compartment} */ (this), specifier);
+  },
+};
+
+defineProperties(InertCompartment, {
+  prototype: { value: CompartmentPrototype },
+});
+
+/**
+ * @callback MakeCompartmentConstructor
+ * @param {MakeCompartmentConstructor} targetMakeCompartmentConstructor
+ * @param {Record<string, any>} intrinsics
+ * @param {(object: object) => void} markVirtualizedNativeFunction
+ * @returns {Compartment['constructor']}
+ */
+
+/** @type {MakeCompartmentConstructor} */
+export const makeCompartmentConstructor = (
+  targetMakeCompartmentConstructor,
+  intrinsics,
+  markVirtualizedNativeFunction,
+) => {
+  function Compartment(endowments = {}, moduleMap = {}, options = {}) {
+    if (new.target === undefined) {
+      throw TypeError(
+        "Class constructor Compartment cannot be invoked without 'new'",
+      );
+    }
+
+    // Extract options, and shallow-clone transforms.
+    const {
+      name = '<unknown>',
+      transforms = [],
+      __shimTransforms__ = [],
+      resolveHook,
+      importHook,
+      moduleMapHook,
+      importMetaHook,
+    } = options;
+    const globalTransforms = [...transforms, ...__shimTransforms__];
+
+    // Map<FullSpecifier, ModuleCompartmentRecord>
+    const moduleRecords = new Map();
+    // Map<FullSpecifier, ModuleInstance>
+    const instances = new Map();
+    // Map<FullSpecifier, {ExportsProxy, ProxiedExports, activate()}>
+    const deferredExports = new Map();
+
+    // Validate given moduleMap.
+    // The module map gets translated on-demand in module-load.js and the
+    // moduleMap can be invalid in ways that cannot be detected in the
+    // constructor, but these checks allow us to throw early for a better
+    // developer experience.
+    for (const [specifier, aliasNamespace] of entries(moduleMap || {})) {
+      if (typeof aliasNamespace === 'string') {
+        // TODO implement parent module record retrieval.
+        throw TypeError(
+          `Cannot map module ${q(specifier)} to ${q(
+            aliasNamespace,
+          )} in parent compartment`,
+        );
+      } else if (weakmapGet(moduleAliases, aliasNamespace) === undefined) {
+        // TODO create and link a synthetic module instance from the given
+        // namespace object.
+        throw ReferenceError(
+          `Cannot map module ${q(
+            specifier,
+          )} because it has no known compartment in this realm`,
+        );
+      }
+    }
+
+    const globalObject = {};
+
+    setGlobalObjectSymbolUnscopables(globalObject);
+
+    // We must initialize all constant properties first because
+    // `makeSafeEvaluator` may use them to create optimized bindings
+    // in the evaluator.
+    // TODO: consider merging into a single initialization if internal
+    // evaluator is no longer eagerly created
+    setGlobalObjectConstantProperties(globalObject);
+
+    const { safeEvaluate } = makeSafeEvaluator({
+      globalObject,
+      globalTransforms,
+      sloppyGlobalsMode: false,
+    });
+
+    setGlobalObjectMutableProperties(globalObject, {
+      intrinsics,
+      newGlobalPropertyNames: sharedGlobalPropertyNames,
+      makeCompartmentConstructor: targetMakeCompartmentConstructor,
+      markVirtualizedNativeFunction,
+    });
+
+    // TODO: maybe add evalTaming to the Compartment constructor 3rd options?
+    setGlobalObjectEvaluators(
+      globalObject,
+      safeEvaluate,
+      markVirtualizedNativeFunction,
+    );
+
+    assign(globalObject, endowments);
+
+    weakmapSet(privateFields, this, {
+      name: `${name}`,
+      globalTransforms,
+      globalObject,
+      safeEvaluate,
+      resolveHook,
+      importHook,
+      moduleMap,
+      moduleMapHook,
+      importMetaHook,
+      moduleRecords,
+      __shimTransforms__,
+      deferredExports,
+      instances,
+    });
+  }
+
+  Compartment.prototype = CompartmentPrototype;
+
+  return Compartment;
+};
diff --git a/packages/ses/src/get-anonymous-intrinsics.js b/packages/ses/src/get-anonymous-intrinsics.js
index 3300c66a14..cf402c3339 100644
--- a/packages/ses/src/get-anonymous-intrinsics.js
+++ b/packages/ses/src/get-anonymous-intrinsics.js
@@ -15,7 +15,7 @@ import {
   regexpPrototype,
   globalThis,
 } from './commons.js';
-import { InertCompartment } from './compartment-shim.js';
+import { InertCompartment } from './compartment.js';
 
 /**
  * Object.getConstructorOf()
diff --git a/packages/ses/src/lockdown-shim.js b/packages/ses/src/lockdown-shim.js
index 39c4e81e23..e821df579c 100644
--- a/packages/ses/src/lockdown-shim.js
+++ b/packages/ses/src/lockdown-shim.js
@@ -1,395 +1,35 @@
-// Copyright (C) 2018 Agoric
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
 // @ts-check
 
-import { makeEnvironmentCaptor } from '@endo/env-options';
-import {
-  FERAL_FUNCTION,
-  FERAL_EVAL,
-  TypeError,
-  arrayFilter,
-  globalThis,
-  is,
-  ownKeys,
-  stringSplit,
-  noEvalEvaluate,
-} from './commons.js';
-import { makeHardener } from './make-hardener.js';
-import { makeIntrinsicsCollector } from './intrinsics.js';
-import whitelistIntrinsics from './permits-intrinsics.js';
-import tameFunctionConstructors from './tame-function-constructors.js';
-import tameDateConstructor from './tame-date-constructor.js';
-import tameMathObject from './tame-math-object.js';
-import tameRegExpConstructor from './tame-regexp-constructor.js';
-import enablePropertyOverrides from './enable-property-overrides.js';
-import tameLocaleMethods from './tame-locale-methods.js';
-import {
-  setGlobalObjectConstantProperties,
-  setGlobalObjectMutableProperties,
-  setGlobalObjectEvaluators,
-} from './global-object.js';
-import { makeSafeEvaluator } from './make-safe-evaluator.js';
-import { initialGlobalPropertyNames } from './permits.js';
-import { tameFunctionToString } from './tame-function-tostring.js';
-import { tameDomains } from './tame-domains.js';
-
-import { tameConsole } from './error/tame-console.js';
-import tameErrorConstructor from './error/tame-error-constructor.js';
-import { assert, makeAssert } from './error/assert.js';
-import { getAnonymousIntrinsics } from './get-anonymous-intrinsics.js';
-import { makeCompartmentConstructor } from './compartment-shim.js';
-import { tameHarden } from './tame-harden.js';
-import { tameSymbolConstructor } from './tame-symbol-constructor.js';
-
-/** @typedef {import('../types.js').LockdownOptions} LockdownOptions */
-
-const { Fail, details: d, quote: q } = assert;
-
-/** @type {Error=} */
-let priorLockdown;
-
-// Build a harden() with an empty fringe.
-// Gate it on lockdown.
-/**
- * @template T
- * @param {T} ref
- * @returns {T}
- */
-const safeHarden = makeHardener();
-
-/**
- * @callback Transform
- * @param {string} source
- * @returns {string}
- */
+// We import this first to fail as fast as possible if the shim has been
+// transformed or embedded in a way that causes it to run in sloppy mode.
+// See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_NO_SLOPPY.md
+import './assert-sloppy-mode.js';
+import { globalThis } from './commons.js';
+import { repairIntrinsics } from './lockdown.js';
 
 /**
- * @callback CompartmentConstructor
- * @param {object} endowments
- * @param {object} moduleMap
- * @param {object} [options]
- * @param {Array<Transform>} [options.transforms]
- * @param {Array<Transform>} [options.__shimTransforms__]
+ * @param {import('./lockdown.js').LockdownOptions} options
  */
-
-// TODO https://github.com/endojs/endo/issues/814
-// Lockdown currently allows multiple calls provided that the specified options
-// of every call agree.  With experience, we have observed that lockdown should
-// only ever need to be called once and that simplifying lockdown will improve
-// the quality of audits.
-
-const assertDirectEvalAvailable = () => {
-  let allowed = false;
-  try {
-    allowed = FERAL_FUNCTION(
-      'eval',
-      'SES_changed',
-      `\
-        eval("SES_changed = true");
-        return SES_changed;
-      `,
-    )(FERAL_EVAL, false);
-    // If we get here and SES_changed stayed false, that means the eval was sloppy
-    // and indirect, which generally creates a new global.
-    // We are going to throw an exception for failing to initialize SES, but
-    // good neighbors clean up.
-    if (!allowed) {
-      delete globalThis.SES_changed;
-    }
-  } catch (_error) {
-    // We reach here if eval is outright forbidden by a Content Security Policy.
-    // We allow this for SES usage that delegates the responsibility to isolate
-    // guest code to production code generation.
-    allowed = true;
-  }
-  if (!allowed) {
-    // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_DIRECT_EVAL.md
-    throw TypeError(
-      `SES cannot initialize unless 'eval' is the original intrinsic 'eval', suitable for direct-eval (dynamically scoped eval) (SES_DIRECT_EVAL)`,
-    );
-  }
+globalThis.lockdown = options => {
+  const hardenIntrinsics = repairIntrinsics(options);
+  globalThis.harden = hardenIntrinsics();
 };
 
 /**
- * @param {LockdownOptions} [options]
- * @returns {() => void} repairIntrinsics
+ * @param {import('./lockdown.js').LockdownOptions} options
  */
-export const repairIntrinsics = (options = {}) => {
-  // First time, absent options default to 'safe'.
-  // Subsequent times, absent options default to first options.
-  // Thus, all present options must agree with first options.
-  // Reconstructing `option` here also ensures that it is a well
-  // behaved record, with only own data properties.
-  //
-  // The `overrideTaming` is not a safety issue. Rather it is a tradeoff
-  // between code compatibility, which is better with the `'moderate'`
-  // setting, and tool compatibility, which is better with the `'min'`
-  // setting. See
-  // https://github.com/Agoric/SES-shim/blob/master/packages/ses/README.md#enabling-override-by-assignment)
-  // for an explanation of when to use which.
-  //
-  // The `stackFiltering` is not a safety issue. Rather it is a tradeoff
-  // between relevance and completeness of the stack frames shown on the
-  // console. Setting`stackFiltering` to `'verbose'` applies no filters, providing
-  // the raw stack frames that can be quite versbose. Setting
-  // `stackFrameFiltering` to`'concise'` limits the display to the stack frame
-  // information most likely to be relevant, eliminating distracting frames
-  // such as those from the infrastructure. However, the bug you're trying to
-  // track down might be in the infrastrure, in which case the `'verbose'` setting
-  // is useful. See
-  // [`stackFiltering` options](https://github.com/Agoric/SES-shim/blob/master/packages/ses/lockdown-options.md#stackfiltering-options)
-  // for an explanation.
-
-  const { getEnvironmentOption: getenv } = makeEnvironmentCaptor(globalThis);
-
-  const {
-    errorTaming = getenv('LOCKDOWN_ERROR_TAMING', 'safe'),
-    errorTrapping = getenv('LOCKDOWN_ERROR_TRAPPING', 'platform'),
-    unhandledRejectionTrapping = getenv(
-      'LOCKDOWN_UNHANDLED_REJECTION_TRAPPING',
-      'report',
-    ),
-    regExpTaming = getenv('LOCKDOWN_REGEXP_TAMING', 'safe'),
-    localeTaming = getenv('LOCKDOWN_LOCALE_TAMING', 'safe'),
-    consoleTaming = getenv('LOCKDOWN_CONSOLE_TAMING', 'safe'),
-    overrideTaming = getenv('LOCKDOWN_OVERRIDE_TAMING', 'moderate'),
-    stackFiltering = getenv('LOCKDOWN_STACK_FILTERING', 'concise'),
-    domainTaming = getenv('LOCKDOWN_DOMAIN_TAMING', 'safe'),
-    evalTaming = getenv('LOCKDOWN_EVAL_TAMING', 'safeEval'),
-    overrideDebug = arrayFilter(
-      stringSplit(getenv('LOCKDOWN_OVERRIDE_DEBUG', ''), ','),
-      /** @param {string} debugName */
-      debugName => debugName !== '',
-    ),
-    __hardenTaming__ = getenv('LOCKDOWN_HARDEN_TAMING', 'safe'),
-    dateTaming = 'safe', // deprecated
-    mathTaming = 'safe', // deprecated
-    ...extraOptions
-  } = options;
-
-  evalTaming === 'unsafeEval' ||
-    evalTaming === 'safeEval' ||
-    evalTaming === 'noEval' ||
-    Fail`lockdown(): non supported option evalTaming: ${q(evalTaming)}`;
-
-  // Assert that only supported options were passed.
-  // Use Reflect.ownKeys to reject symbol-named properties as well.
-  const extraOptionsNames = ownKeys(extraOptions);
-  extraOptionsNames.length === 0 ||
-    Fail`lockdown(): non supported option ${q(extraOptionsNames)}`;
-
-  priorLockdown === undefined ||
-    // eslint-disable-next-line @endo/no-polymorphic-call
-    assert.fail(
-      d`Already locked down at ${priorLockdown} (SES_ALREADY_LOCKED_DOWN)`,
-      TypeError,
-    );
-  // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_ALREADY_LOCKED_DOWN.md
-  priorLockdown = TypeError('Prior lockdown (SES_ALREADY_LOCKED_DOWN)');
-  // Tease V8 to generate the stack string and release the closures the stack
-  // trace retained:
-  priorLockdown.stack;
-
-  assertDirectEvalAvailable();
-
-  /**
-   * Because of packagers and bundlers, etc, multiple invocations of lockdown
-   * might happen in separate instantiations of the source of this module.
-   * In that case, each one sees its own `firstOptions` variable, so the test
-   * above will not detect that lockdown has already happened. We
-   * unreliably test some telltale signs that lockdown has run, to avoid
-   * trying to lock down a locked down environment. Although the test is
-   * unreliable, this is consistent with the SES threat model. SES provides
-   * security only if it runs first in a given realm, or if everything that
-   * runs before it is SES-aware and cooperative. Neither SES nor anything
-   * can protect itself from corrupting code that runs first. For these
-   * purposes, code that turns a realm into something that passes these
-   * tests without actually locking down counts as corrupting code.
-   *
-   * The specifics of what this tests for may change over time, but it
-   * should be consistent with any setting of the lockdown options.
-   */
-  const seemsToBeLockedDown = () => {
-    return (
-      globalThis.Function.prototype.constructor !== globalThis.Function &&
-      // @ts-ignore harden is absent on globalThis type def.
-      typeof globalThis.harden === 'function' &&
-      // @ts-ignore lockdown is absent on globalThis type def.
-      typeof globalThis.lockdown === 'function' &&
-      globalThis.Date.prototype.constructor !== globalThis.Date &&
-      typeof globalThis.Date.now === 'function' &&
-      // @ts-ignore does not recognize that Date constructor is a special
-      // Function.
-      // eslint-disable-next-line @endo/no-polymorphic-call
-      is(globalThis.Date.prototype.constructor.now(), NaN)
-    );
-  };
-
-  if (seemsToBeLockedDown()) {
-    // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_MULTIPLE_INSTANCES.md
-    throw TypeError(
-      `Already locked down but not by this SES instance (SES_MULTIPLE_INSTANCES)`,
-    );
-  }
-
-  /**
-   * 1. TAME powers & gather intrinsics first.
-   */
-
-  tameDomains(domainTaming);
-
-  // Replace Function.prototype.toString with one that recognizes
-  // shimmed functions as honorary native functions.
-  const markVirtualizedNativeFunction = tameFunctionToString();
-
-  const { addIntrinsics, completePrototypes, finalIntrinsics } =
-    makeIntrinsicsCollector();
-
-  const tamedHarden = tameHarden(safeHarden, __hardenTaming__);
-  addIntrinsics({ harden: tamedHarden });
-
-  addIntrinsics(tameFunctionConstructors());
-
-  addIntrinsics(tameDateConstructor(dateTaming));
-  addIntrinsics(tameErrorConstructor(errorTaming, stackFiltering));
-  addIntrinsics(tameMathObject(mathTaming));
-  addIntrinsics(tameRegExpConstructor(regExpTaming));
-  addIntrinsics(tameSymbolConstructor());
-
-  addIntrinsics(getAnonymousIntrinsics());
-
-  completePrototypes();
-
-  const intrinsics = finalIntrinsics();
-
-  /**
-   * Wrap console unless suppressed.
-   * At the moment, the console is considered a host power in the start
-   * compartment, and not a primordial. Hence it is absent from the whilelist
-   * and bypasses the intrinsicsCollector.
-   *
-   * @type {((error: any) => string | undefined) | undefined}
-   */
-  let optGetStackString;
-  if (errorTaming !== 'unsafe') {
-    optGetStackString = intrinsics['%InitialGetStackString%'];
-  }
-  const consoleRecord = tameConsole(
-    consoleTaming,
-    errorTrapping,
-    unhandledRejectionTrapping,
-    optGetStackString,
-  );
-  globalThis.console = /** @type {Console} */ (consoleRecord.console);
-
-  // @ts-ignore assert is absent on globalThis type def.
-  if (errorTaming === 'unsafe' && globalThis.assert === assert) {
-    // If errorTaming is 'unsafe' we replace the global assert with
-    // one whose `details` template literal tag does not redact
-    // unmarked substitution values. IOW, it blabs information that
-    // was supposed to be secret from callers, as an aid to debugging
-    // at a further cost in safety.
-    // @ts-ignore assert is absent on globalThis type def.
-    globalThis.assert = makeAssert(undefined, true);
-  }
-
-  // Replace *Locale* methods with their non-locale equivalents
-  tameLocaleMethods(intrinsics, localeTaming);
-
-  /**
-   * 2. WHITELIST to standardize the environment.
-   */
-
-  // Remove non-standard properties.
-  // All remaining function encountered during whitelisting are
-  // branded as honorary native functions.
-  whitelistIntrinsics(intrinsics, markVirtualizedNativeFunction);
-
-  // Initialize the powerful initial global, i.e., the global of the
-  // start compartment, from the intrinsics.
-
-  setGlobalObjectConstantProperties(globalThis);
-
-  setGlobalObjectMutableProperties(globalThis, {
-    intrinsics,
-    newGlobalPropertyNames: initialGlobalPropertyNames,
-    makeCompartmentConstructor,
-    markVirtualizedNativeFunction,
-  });
-
-  if (evalTaming === 'noEval') {
-    setGlobalObjectEvaluators(
-      globalThis,
-      noEvalEvaluate,
-      markVirtualizedNativeFunction,
-    );
-  } else if (evalTaming === 'safeEval') {
-    const { safeEvaluate } = makeSafeEvaluator({ globalObject: globalThis });
-    setGlobalObjectEvaluators(
-      globalThis,
-      safeEvaluate,
-      markVirtualizedNativeFunction,
-    );
-  } else if (evalTaming === 'unsafeEval') {
-    // Leave eval function and Function constructor of the initial compartment in-tact.
-    // Other compartments will not have access to these evaluators unless a guest program
-    // escapes containment.
-  }
-
-  /**
-   * 3. HARDEN to share the intrinsics.
-   *
-   * We define hardenIntrinsics here so that options are in scope, but return
-   * it to the caller because we intend to eventually allow vetted shims to run
-   * between repairs and the hardening of intrinsics and so we can benchmark
-   * repair separately from hardening.
-   */
-
-  function hardenIntrinsics() {
-    // Circumvent the override mistake.
-    // TODO consider moving this to the end of the repair phase, and
-    // therefore before vetted shims rather than afterwards. It is not
-    // clear yet which is better.
-    // @ts-ignore enablePropertyOverrides does its own input validation
-    enablePropertyOverrides(intrinsics, overrideTaming, overrideDebug);
-
-    // Finally register and optionally freeze all the intrinsics. This
-    // must be the operation that modifies the intrinsics.
-    tamedHarden(intrinsics);
-
-    // Reveal harden after lockdown.
-    // Harden is dangerous before lockdown because hardening just
+globalThis.repairIntrinsics = options => {
+  const hardenIntrinsics = repairIntrinsics(options);
+  // Reveal hardenIntrinsics after repairs.
+  globalThis.hardenIntrinsics = () => {
+    // Reveal harden after hardenIntrinsics.
+    // Harden is dangerous before hardenIntrinsics because hardening just
     // about anything will inadvertently render intrinsics irreparable.
     // Also, for modules that must work both before or after lockdown (code
     // that is portable between JS and SES), the existence of harden in global
     // scope signals whether such code should attempt to use harden in the
     // defense of its own API.
     // @ts-ignore harden not yet recognized on globalThis.
-    globalThis.harden = tamedHarden;
-
-    // Returning `true` indicates that this is a JS to SES transition.
-    return true;
-  }
-
-  return hardenIntrinsics;
-};
-
-/**
- * @param {LockdownOptions} [options]
- */
-export const lockdown = (options = {}) => {
-  const hardenIntrinsics = repairIntrinsics(options);
-  hardenIntrinsics();
+    globalThis.harden = hardenIntrinsics();
+  };
 };
diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js
new file mode 100644
index 0000000000..6b7946cdab
--- /dev/null
+++ b/packages/ses/src/lockdown.js
@@ -0,0 +1,392 @@
+// Copyright (C) 2018 Agoric
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// @ts-check
+
+import { makeEnvironmentCaptor } from '@endo/env-options';
+import {
+  FERAL_FUNCTION,
+  FERAL_EVAL,
+  TypeError,
+  arrayFilter,
+  globalThis,
+  is,
+  ownKeys,
+  stringSplit,
+  noEvalEvaluate,
+} from './commons.js';
+import { makeHardener } from './make-hardener.js';
+import { makeIntrinsicsCollector } from './intrinsics.js';
+import whitelistIntrinsics from './permits-intrinsics.js';
+import tameFunctionConstructors from './tame-function-constructors.js';
+import tameDateConstructor from './tame-date-constructor.js';
+import tameMathObject from './tame-math-object.js';
+import tameRegExpConstructor from './tame-regexp-constructor.js';
+import enablePropertyOverrides from './enable-property-overrides.js';
+import tameLocaleMethods from './tame-locale-methods.js';
+import {
+  setGlobalObjectConstantProperties,
+  setGlobalObjectMutableProperties,
+  setGlobalObjectEvaluators,
+} from './global-object.js';
+import { makeSafeEvaluator } from './make-safe-evaluator.js';
+import { initialGlobalPropertyNames } from './permits.js';
+import { tameFunctionToString } from './tame-function-tostring.js';
+import { tameDomains } from './tame-domains.js';
+
+import { tameConsole } from './error/tame-console.js';
+import tameErrorConstructor from './error/tame-error-constructor.js';
+import { assert, makeAssert } from './error/assert.js';
+import { getAnonymousIntrinsics } from './get-anonymous-intrinsics.js';
+import { makeCompartmentConstructor } from './compartment.js';
+import { tameHarden } from './tame-harden.js';
+import { tameSymbolConstructor } from './tame-symbol-constructor.js';
+
+/** @typedef {import('../types.js').LockdownOptions} LockdownOptions */
+
+const { Fail, details: d, quote: q } = assert;
+
+/** @type {Error=} */
+let priorRepairIntrinsics;
+
+/** @type {Error=} */
+let priorHardenIntrinsics;
+
+// Build a harden() with an empty fringe.
+// Gate it on lockdown.
+/**
+ * @template T
+ * @param {T} ref
+ * @returns {T}
+ */
+const safeHarden = makeHardener();
+
+/**
+ * @callback Transform
+ * @param {string} source
+ * @returns {string}
+ */
+
+/**
+ * @callback CompartmentConstructor
+ * @param {object} endowments
+ * @param {object} moduleMap
+ * @param {object} [options]
+ * @param {Array<Transform>} [options.transforms]
+ * @param {Array<Transform>} [options.__shimTransforms__]
+ */
+
+// TODO https://github.com/endojs/endo/issues/814
+// Lockdown currently allows multiple calls provided that the specified options
+// of every call agree.  With experience, we have observed that lockdown should
+// only ever need to be called once and that simplifying lockdown will improve
+// the quality of audits.
+
+const assertDirectEvalAvailable = () => {
+  let allowed = false;
+  try {
+    allowed = FERAL_FUNCTION(
+      'eval',
+      'SES_changed',
+      `\
+        eval("SES_changed = true");
+        return SES_changed;
+      `,
+    )(FERAL_EVAL, false);
+    // If we get here and SES_changed stayed false, that means the eval was sloppy
+    // and indirect, which generally creates a new global.
+    // We are going to throw an exception for failing to initialize SES, but
+    // good neighbors clean up.
+    if (!allowed) {
+      delete globalThis.SES_changed;
+    }
+  } catch (_error) {
+    // We reach here if eval is outright forbidden by a Content Security Policy.
+    // We allow this for SES usage that delegates the responsibility to isolate
+    // guest code to production code generation.
+    allowed = true;
+  }
+  if (!allowed) {
+    // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_DIRECT_EVAL.md
+    throw TypeError(
+      `SES cannot initialize unless 'eval' is the original intrinsic 'eval', suitable for direct-eval (dynamically scoped eval) (SES_DIRECT_EVAL)`,
+    );
+  }
+};
+
+/**
+ * @param {LockdownOptions} [options]
+ */
+export const repairIntrinsics = (options = {}) => {
+  // First time, absent options default to 'safe'.
+  // Subsequent times, absent options default to first options.
+  // Thus, all present options must agree with first options.
+  // Reconstructing `option` here also ensures that it is a well
+  // behaved record, with only own data properties.
+  //
+  // The `overrideTaming` is not a safety issue. Rather it is a tradeoff
+  // between code compatibility, which is better with the `'moderate'`
+  // setting, and tool compatibility, which is better with the `'min'`
+  // setting. See
+  // https://github.com/Agoric/SES-shim/blob/master/packages/ses/README.md#enabling-override-by-assignment)
+  // for an explanation of when to use which.
+  //
+  // The `stackFiltering` is not a safety issue. Rather it is a tradeoff
+  // between relevance and completeness of the stack frames shown on the
+  // console. Setting`stackFiltering` to `'verbose'` applies no filters, providing
+  // the raw stack frames that can be quite versbose. Setting
+  // `stackFrameFiltering` to`'concise'` limits the display to the stack frame
+  // information most likely to be relevant, eliminating distracting frames
+  // such as those from the infrastructure. However, the bug you're trying to
+  // track down might be in the infrastrure, in which case the `'verbose'` setting
+  // is useful. See
+  // [`stackFiltering` options](https://github.com/Agoric/SES-shim/blob/master/packages/ses/lockdown-options.md#stackfiltering-options)
+  // for an explanation.
+
+  const { getEnvironmentOption: getenv } = makeEnvironmentCaptor(globalThis);
+
+  const {
+    errorTaming = getenv('LOCKDOWN_ERROR_TAMING', 'safe'),
+    errorTrapping = getenv('LOCKDOWN_ERROR_TRAPPING', 'platform'),
+    unhandledRejectionTrapping = getenv(
+      'LOCKDOWN_UNHANDLED_REJECTION_TRAPPING',
+      'report',
+    ),
+    regExpTaming = getenv('LOCKDOWN_REGEXP_TAMING', 'safe'),
+    localeTaming = getenv('LOCKDOWN_LOCALE_TAMING', 'safe'),
+    consoleTaming = getenv('LOCKDOWN_CONSOLE_TAMING', 'safe'),
+    overrideTaming = getenv('LOCKDOWN_OVERRIDE_TAMING', 'moderate'),
+    stackFiltering = getenv('LOCKDOWN_STACK_FILTERING', 'concise'),
+    domainTaming = getenv('LOCKDOWN_DOMAIN_TAMING', 'safe'),
+    evalTaming = getenv('LOCKDOWN_EVAL_TAMING', 'safeEval'),
+    overrideDebug = arrayFilter(
+      stringSplit(getenv('LOCKDOWN_OVERRIDE_DEBUG', ''), ','),
+      /** @param {string} debugName */
+      debugName => debugName !== '',
+    ),
+    __hardenTaming__ = getenv('LOCKDOWN_HARDEN_TAMING', 'safe'),
+    dateTaming = 'safe', // deprecated
+    mathTaming = 'safe', // deprecated
+    ...extraOptions
+  } = options;
+
+  evalTaming === 'unsafeEval' ||
+    evalTaming === 'safeEval' ||
+    evalTaming === 'noEval' ||
+    Fail`lockdown(): non supported option evalTaming: ${q(evalTaming)}`;
+
+  // Assert that only supported options were passed.
+  // Use Reflect.ownKeys to reject symbol-named properties as well.
+  const extraOptionsNames = ownKeys(extraOptions);
+  extraOptionsNames.length === 0 ||
+    Fail`lockdown(): non supported option ${q(extraOptionsNames)}`;
+
+  priorRepairIntrinsics === undefined ||
+    // eslint-disable-next-line @endo/no-polymorphic-call
+    assert.fail(
+      d`Already locked down at ${priorRepairIntrinsics} (SES_ALREADY_LOCKED_DOWN)`,
+      TypeError,
+    );
+  // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_ALREADY_LOCKED_DOWN.md
+  priorRepairIntrinsics = TypeError('Prior lockdown (SES_ALREADY_LOCKED_DOWN)');
+  // Tease V8 to generate the stack string and release the closures the stack
+  // trace retained:
+  priorRepairIntrinsics.stack;
+
+  assertDirectEvalAvailable();
+
+  /**
+   * Because of packagers and bundlers, etc, multiple invocations of lockdown
+   * might happen in separate instantiations of the source of this module.
+   * In that case, each one sees its own `firstOptions` variable, so the test
+   * above will not detect that lockdown has already happened. We
+   * unreliably test some telltale signs that lockdown has run, to avoid
+   * trying to lock down a locked down environment. Although the test is
+   * unreliable, this is consistent with the SES threat model. SES provides
+   * security only if it runs first in a given realm, or if everything that
+   * runs before it is SES-aware and cooperative. Neither SES nor anything
+   * can protect itself from corrupting code that runs first. For these
+   * purposes, code that turns a realm into something that passes these
+   * tests without actually locking down counts as corrupting code.
+   *
+   * The specifics of what this tests for may change over time, but it
+   * should be consistent with any setting of the lockdown options.
+   */
+  const seemsToBeLockedDown = () => {
+    return (
+      globalThis.Function.prototype.constructor !== globalThis.Function &&
+      // @ts-ignore harden is absent on globalThis type def.
+      typeof globalThis.harden === 'function' &&
+      // @ts-ignore lockdown is absent on globalThis type def.
+      typeof globalThis.lockdown === 'function' &&
+      globalThis.Date.prototype.constructor !== globalThis.Date &&
+      typeof globalThis.Date.now === 'function' &&
+      // @ts-ignore does not recognize that Date constructor is a special
+      // Function.
+      // eslint-disable-next-line @endo/no-polymorphic-call
+      is(globalThis.Date.prototype.constructor.now(), NaN)
+    );
+  };
+
+  if (seemsToBeLockedDown()) {
+    // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_MULTIPLE_INSTANCES.md
+    throw TypeError(
+      `Already locked down but not by this SES instance (SES_MULTIPLE_INSTANCES)`,
+    );
+  }
+
+  /**
+   * 1. TAME powers & gather intrinsics first.
+   */
+
+  tameDomains(domainTaming);
+
+  // Replace Function.prototype.toString with one that recognizes
+  // shimmed functions as honorary native functions.
+  const markVirtualizedNativeFunction = tameFunctionToString();
+
+  const { addIntrinsics, completePrototypes, finalIntrinsics } =
+    makeIntrinsicsCollector();
+
+  const tamedHarden = tameHarden(safeHarden, __hardenTaming__);
+  addIntrinsics({ harden: tamedHarden });
+
+  addIntrinsics(tameFunctionConstructors());
+
+  addIntrinsics(tameDateConstructor(dateTaming));
+  addIntrinsics(tameErrorConstructor(errorTaming, stackFiltering));
+  addIntrinsics(tameMathObject(mathTaming));
+  addIntrinsics(tameRegExpConstructor(regExpTaming));
+  addIntrinsics(tameSymbolConstructor());
+
+  addIntrinsics(getAnonymousIntrinsics());
+
+  completePrototypes();
+
+  const intrinsics = finalIntrinsics();
+
+  /**
+   * Wrap console unless suppressed.
+   * At the moment, the console is considered a host power in the start
+   * compartment, and not a primordial. Hence it is absent from the whilelist
+   * and bypasses the intrinsicsCollector.
+   *
+   * @type {((error: any) => string | undefined) | undefined}
+   */
+  let optGetStackString;
+  if (errorTaming !== 'unsafe') {
+    optGetStackString = intrinsics['%InitialGetStackString%'];
+  }
+  const consoleRecord = tameConsole(
+    consoleTaming,
+    errorTrapping,
+    unhandledRejectionTrapping,
+    optGetStackString,
+  );
+  globalThis.console = /** @type {Console} */ (consoleRecord.console);
+
+  // @ts-ignore assert is absent on globalThis type def.
+  if (errorTaming === 'unsafe' && globalThis.assert === assert) {
+    // If errorTaming is 'unsafe' we replace the global assert with
+    // one whose `details` template literal tag does not redact
+    // unmarked substitution values. IOW, it blabs information that
+    // was supposed to be secret from callers, as an aid to debugging
+    // at a further cost in safety.
+    // @ts-ignore assert is absent on globalThis type def.
+    globalThis.assert = makeAssert(undefined, true);
+  }
+
+  // Replace *Locale* methods with their non-locale equivalents
+  tameLocaleMethods(intrinsics, localeTaming);
+
+  /**
+   * 2. WHITELIST to standardize the environment.
+   */
+
+  // Remove non-standard properties.
+  // All remaining function encountered during whitelisting are
+  // branded as honorary native functions.
+  whitelistIntrinsics(intrinsics, markVirtualizedNativeFunction);
+
+  // Initialize the powerful initial global, i.e., the global of the
+  // start compartment, from the intrinsics.
+
+  setGlobalObjectConstantProperties(globalThis);
+
+  setGlobalObjectMutableProperties(globalThis, {
+    intrinsics,
+    newGlobalPropertyNames: initialGlobalPropertyNames,
+    makeCompartmentConstructor,
+    markVirtualizedNativeFunction,
+  });
+
+  if (evalTaming === 'noEval') {
+    setGlobalObjectEvaluators(
+      globalThis,
+      noEvalEvaluate,
+      markVirtualizedNativeFunction,
+    );
+  } else if (evalTaming === 'safeEval') {
+    const { safeEvaluate } = makeSafeEvaluator({ globalObject: globalThis });
+    setGlobalObjectEvaluators(
+      globalThis,
+      safeEvaluate,
+      markVirtualizedNativeFunction,
+    );
+  } else if (evalTaming === 'unsafeEval') {
+    // Leave eval function and Function constructor of the initial compartment in-tact.
+    // Other compartments will not have access to these evaluators unless a guest program
+    // escapes containment.
+  }
+
+  /**
+   * 3. HARDEN to share the intrinsics.
+   *
+   * We define hardenIntrinsics here so that options are in scope, but return
+   * it to the caller because we intend to eventually allow vetted shims to run
+   * between repairs and the hardening of intrinsics and so we can benchmark
+   * repair separately from hardening.
+   */
+
+  const hardenIntrinsics = () => {
+    priorHardenIntrinsics === undefined ||
+      // eslint-disable-next-line @endo/no-polymorphic-call
+      assert.fail(
+        d`Already locked down at ${priorHardenIntrinsics} (SES_ALREADY_LOCKED_DOWN)`,
+        TypeError,
+      );
+    // See https://github.com/endojs/endo/blob/master/packages/ses/error-codes/SES_ALREADY_LOCKED_DOWN.md
+    priorHardenIntrinsics = TypeError(
+      'Prior lockdown (SES_ALREADY_LOCKED_DOWN)',
+    );
+    // Tease V8 to generate the stack string and release the closures the stack
+    // trace retained:
+    priorHardenIntrinsics.stack;
+
+    // Circumvent the override mistake.
+    // TODO consider moving this to the end of the repair phase, and
+    // therefore before vetted shims rather than afterwards. It is not
+    // clear yet which is better.
+    // @ts-ignore enablePropertyOverrides does its own input validation
+    enablePropertyOverrides(intrinsics, overrideTaming, overrideDebug);
+
+    // Finally register and optionally freeze all the intrinsics. This
+    // must be the operation that modifies the intrinsics.
+    tamedHarden(intrinsics);
+
+    return tamedHarden;
+  };
+
+  return hardenIntrinsics;
+};
diff --git a/packages/ses/src/make-safe-evaluator.js b/packages/ses/src/make-safe-evaluator.js
index 0458e71c98..78ce9e1a94 100644
--- a/packages/ses/src/make-safe-evaluator.js
+++ b/packages/ses/src/make-safe-evaluator.js
@@ -19,7 +19,7 @@ const { Fail } = assert;
  * @param {object} options
  * @param {object} options.globalObject
  * @param {object} [options.moduleLexicals]
- * @param {Array<import('./lockdown-shim.js').Transform>} [options.globalTransforms]
+ * @param {Array<import('./lockdown.js').Transform>} [options.globalTransforms]
  * @param {boolean} [options.sloppyGlobalsMode]
  */
 export const makeSafeEvaluator = ({
@@ -54,7 +54,7 @@ export const makeSafeEvaluator = ({
   /**
    * @param {string} source
    * @param {object} [options]
-   * @param {Array<import('./lockdown-shim.js').Transform>} [options.localTransforms]
+   * @param {Array<import('./lockdown.js').Transform>} [options.localTransforms]
    */
   const safeEvaluate = (source, options) => {
     const { localTransforms = [] } = options || {};
diff --git a/packages/ses/test/test-global-object.js b/packages/ses/test/test-global-object.js
index 30984de783..babba4d9fe 100644
--- a/packages/ses/test/test-global-object.js
+++ b/packages/ses/test/test-global-object.js
@@ -9,7 +9,7 @@ import {
   setGlobalObjectEvaluators,
 } from '../src/global-object.js';
 import { sharedGlobalPropertyNames } from '../src/permits.js';
-import { makeCompartmentConstructor } from '../src/compartment-shim.js';
+import { makeCompartmentConstructor } from '../src/compartment.js';
 
 test('globalObject', t => {
   const intrinsics = {
diff --git a/packages/ses/test/test-lockdown-options.js b/packages/ses/test/test-lockdown-options.js
index eb7b9d1fc5..53754c69fe 100644
--- a/packages/ses/test/test-lockdown-options.js
+++ b/packages/ses/test/test-lockdown-options.js
@@ -1,14 +1,14 @@
 import test from 'ava';
-import { lockdown } from '../src/lockdown-shim.js';
+import { repairIntrinsics } from '../src/lockdown.js';
 
-test('lockdown throws with non-recognized options', t => {
+test('repairIntrinsics throws with non-recognized options', t => {
   t.throws(
-    () => lockdown({ mathTaming: 'unsafe', abc: true }),
+    () => repairIntrinsics({ mathTaming: 'unsafe', abc: true }),
     undefined,
     'throws with value true',
   );
   t.throws(
-    () => lockdown({ mathTaming: 'unsafe', abc: false }),
+    () => repairIntrinsics({ mathTaming: 'unsafe', abc: false }),
     undefined,
     'throws with value false',
   );
diff --git a/packages/ses/test/test-repair-intrinsics.js b/packages/ses/test/test-repair-intrinsics.js
index a12db77a2e..91a97a3120 100644
--- a/packages/ses/test/test-repair-intrinsics.js
+++ b/packages/ses/test/test-repair-intrinsics.js
@@ -1,13 +1,8 @@
+/// <reference types="ses"/>
 /* global globalThis */
 
 import test from 'ava';
-import '../index.js';
-import { repairIntrinsics } from '../src/lockdown-shim.js';
-import { getAnonymousIntrinsics } from '../src/get-anonymous-intrinsics.js';
-import {
-  makeCompartmentConstructor,
-  CompartmentPrototype,
-} from '../src/compartment-shim.js';
+import { repairIntrinsics } from '../src/lockdown.js';
 
 // eslint-disable-next-line no-eval
 if (!eval.toString().includes('native code')) {
@@ -26,11 +21,7 @@ test('permitted prototypes - on', t => {
   Object.prototype.hasOwnProperty.foo = 1;
 
   console.time('Benchmark repairIntrinsics()');
-  const hardenIntrinsics = repairIntrinsics(
-    makeCompartmentConstructor,
-    CompartmentPrototype,
-    getAnonymousIntrinsics,
-  );
+  const hardenIntrinsics = repairIntrinsics();
   console.timeEnd('Benchmark repairIntrinsics()');
 
   console.time('Benchmark hardenIntrinsics()');
diff --git a/packages/ses/types.d.ts b/packages/ses/types.d.ts
index c8e119634a..aa5ddae860 100644
--- a/packages/ses/types.d.ts
+++ b/packages/ses/types.d.ts
@@ -19,7 +19,7 @@
 // version of harden.
 export type Harden = <T>(value: T) => T; // not Hardened<T>;
 
-export interface LockdownOptions {
+export interface RepairOptions {
   regExpTaming?: 'safe' | 'unsafe';
   localeTaming?: 'safe' | 'unsafe';
   consoleTaming?: 'safe' | 'unsafe';
@@ -36,6 +36,11 @@ export interface LockdownOptions {
   __hardenTaming__?: 'safe' | 'unsafe';
 }
 
+// Deprecated in favor of the more specific RepairOptions
+export type LockdownOptions = RepairOptions;
+
+export type RepairIntrinsics = (options?: LockdownOptions) => void;
+export type HardenIntrinsics = () => void;
 export type Lockdown = (options?: LockdownOptions) => void;
 
 export type __LiveExportMap__ = Record<string, [string, boolean]>;
@@ -224,6 +229,8 @@ interface CompartmentEvaluateOptions {
 declare global {
   var harden: Harden;
 
+  var repairIntrinsics: RepairIntrinsics;
+  var hardenIntrinsics: HardenIntrinsics;
   var lockdown: Lockdown;
 
   var assert: Assert;