v2.13.0

Release v2.13.0

Release type: stable
Release line: 2.13.x
Branch: release/2.13.x

Published Packages

• @enclave-vm/core@2.13.0
• @enclave-vm/types@2.13.0
• @enclave-vm/stream@2.13.0
• @enclave-vm/broker@2.13.0
• @enclave-vm/client@2.13.0
• @enclave-vm/react@2.13.0
• @enclave-vm/runtime@2.13.0
• @enclave-vm/ast@2.13.0

[2.13.0] - 2026-04-02

Added

• Introduced OpenAPI integration in @enclave-vm/broker, facilitating automatic tool generation and polling.
• Implemented OpenApiSource, OpenApiSpecPoller, and OpenApiToolLoader for managing API specifications and tool synchronization.
• Added CatalogHandler for exposing HTTP catalog of actions from OpenAPI sources.

Changed

• Enhanced BrokerSession to include deadline management and partial error reporting.
• Improved session cancellation handling and progress event emissions.

Fixed

• Fixed session state transitions to handle race conditions more robustly.

v2.12.0

Release v2.12.0

Release type: stable
Release line: 2.12.x
Branch: release/2.12.x

Published Packages

• @enclave-vm/core@2.12.0
• @enclave-vm/types@2.12.0
• @enclave-vm/stream@2.12.0
• @enclave-vm/broker@2.12.0
• @enclave-vm/client@2.12.0
• @enclave-vm/react@2.12.0
• @enclave-vm/runtime@2.12.0
• @enclave-vm/ast@2.12.0

[2.12.0] - 2026-02-25

Added

• Introduced a new @enclave-vm/browser library for browser sandbox runtime using double iframe isolation.
• Added a browser demo application with React integration for showcasing Enclave's capabilities.
• Implemented Playwright e2e tests for @enclave-vm/browser.

Changed

• Updated @enclave-vm/ast, @enclave-vm/broker, @enclave-vm/stream, and other core modules to version 2.12.0.

Security

• Enhanced sandbox security with improved blocking mechanisms for eval() and object constructor access.

Fixed

• Fixed client disconnect handling in streaming demos for Node 20+, ensuring proper cleanup.

v2.11.1

Release v2.11.1

Release type: stable
Release line: 2.11.x
Branch: release/2.11.x

Published Packages

• @enclave-vm/core@2.11.1
• @enclave-vm/types@2.11.1
• @enclave-vm/stream@2.11.1
• @enclave-vm/broker@2.11.1
• @enclave-vm/client@2.11.1
• @enclave-vm/react@2.11.1
• @enclave-vm/runtime@2.11.1
• @enclave-vm/ast@2.11.1

[2.11.1] - 2026-02-22

Added

• Introduced coercion-utils.ts in @enclave-vm/ast, which provides utilities for detecting JavaScript coercion patterns in AST nodes.

Changed

• Enhanced disallowed-identifier.rule.ts and no-global-access.rule.ts to leverage new static key coercion detection from coercion-utils.
• Improved detection of computed property key expressions that resolve to disallowed identifiers.

Fixed

• Fixed potential issues where certain coercion patterns were not detected, improving the security guard against CVE vulnerabilities.

v2.11.0

Release v2.11.0

Release type: stable
Release line: 2.11.x
Branch: release/2.11.x

Published Packages

• @enclave-vm/core@2.11.0
• @enclave-vm/types@2.11.0
• @enclave-vm/stream@2.11.0
• @enclave-vm/broker@2.11.0
• @enclave-vm/client@2.11.0
• @enclave-vm/react@2.11.0
• @enclave-vm/runtime@2.11.0
• @enclave-vm/ast@2.11.0

[2.11.0] - 2026-02-20

Added

• Introduced additionalDisallowedIdentifiers in @enclave-vm/ast for additional code safety.
• Implemented a function to handle array-coered strings in disallowed-identifier.rule.ts.

Changed

• Updated @enclave-vm/* package dependencies to version 2.11.0.
• Improved handling of configuration scripts and object neutralization in VmAdapter and ParentVmBootstrap.

Fixed

• Resolved configuration and enumeration issues in memory tracking and sandbox adapter properties.

Security

• Enhanced security by neutralizing dangerous static methods on the intrinsic Object constructor to avoid prototype pollution.
• Defense-in-depth improvements: Removed host callbacks after capturing within sandbox scripts.

v2.10.1

Release v2.10.1

Release type: stable
Release line: 2.10.x
Branch: release/2.10.x

Published Packages

• @enclave-vm/core@2.10.1
• @enclave-vm/types@2.10.1
• @enclave-vm/stream@2.10.1
• @enclave-vm/broker@2.10.1
• @enclave-vm/client@2.10.1
• @enclave-vm/react@2.10.1
• @enclave-vm/runtime@2.10.1
• @enclave-vm/ast@2.10.1

[2.10.1] - 2026-02-03

Security

• Introduced hardening against CVE-2023-29017 by implementing enhanced prototype freezing and error encapsulation within parent-vm-bootstrap.ts.
• Added resource exhaustion rule to @enclave-vm/ast to prevent computed access via dangerous string coercion.

Acknowledgments

• Thanks to @cristianstaicu (Endor Labs Security Research Team) for responsibly disclosing GHSA-x39w-8vm5-5m3p.

Changed

• Replaced template literals with string concatenation in vm-adapter.ts and worker-script.ts to mitigate potential code injection risks.
• Updated minimatch, zod, and @babel/standalone dependencies to newer versions for better compatibility.

Fixed

• Addressed potential memory leaks by ensuring proper event handler binding and detachment in worker-pool-adapter.ts.

Added

• New build-worker-script target to libs/core/project.json for optimized worker script builds using esbuild.
• Added runtime prototype verification before user code execution to further enhance security validation.

v2.10.0

Release v2.10.0

Release type: stable
Release line: 2.10.x
Branch: release/2.10.x

Published Packages

• @enclave-vm/core@2.10.0
• @enclave-vm/types@2.10.0
• @enclave-vm/stream@2.10.0
• @enclave-vm/broker@2.10.0
• @enclave-vm/client@2.10.0
• @enclave-vm/react@2.10.0
• @enclave-vm/runtime@2.10.0
• @enclave-vm/ast@2.10.0

[2.10.0] - 2026-02-01

Changed

• Reorganized library structure by renaming libraries for better consistency:
  • ast-guard is now @enclave-vm/ast
  • enclavejs-broker is now @enclave-vm/broker
  • enclavejs-client is now @enclave-vm/client
  • Other corresponding paths and references have been updated accordingly.

v2.9.2

Release v2.9.2

Release type: stable
Release line: 2.9.x
Branch: release/2.9.x

Published Packages

• @enclave-vm/core@2.9.2
• @enclave-vm/types@2.9.2
• @enclave-vm/stream@2.9.2
• @enclave-vm/broker@2.9.2
• @enclave-vm/client@2.9.2
• @enclave-vm/react@2.9.2
• @enclave-vm/runtime@2.9.2
• @enclave-vm/ast@2.9.2

[2.9.2] - 2026-01-30

Added

• Introduced support for NDJSON streaming with encryption via @enclave-vm/stream.
• Added React hooks and components in @enclave-vm/react for enhanced integration.

Fixed

• Resolved bugs in the @enclave-vm/client SDK for improved browser and Node.js compatibility.

Security

• Enhanced CVE protection within ast-guard for better threat detection.

v2.9.1

Release v2.9.1

Release type: stable
Release line: 2.9.x
Branch: release/2.9.x

Published Packages

• @enclave-vm/core@2.9.1
• @enclave-vm/types@2.9.1
• @enclave-vm/stream@2.9.1
• @enclave-vm/broker@2.9.1
• @enclave-vm/client@2.9.1
• @enclave-vm/react@2.9.1
• @enclave-vm/runtime@2.9.1
• @enclave-vm/ast@2.9.1

[2.9.1] - 2026-01-30

Changed

• No specific changes detailed in this release cycle.

Fixed

• General stability improvements and minor bug fixes.

v2.9.0

Release v2.9.0

Release type: stable
Release line: 2.9.x
Branch: release/2.9.x

Published Packages

• @enclave-vm/core@2.9.0
• @enclave-vm/types@2.9.0
• @enclave-vm/stream@2.9.0
• @enclave-vm/broker@2.9.0
• @enclave-vm/client@2.9.0
• @enclave-vm/react@2.9.0
• @enclave-vm/runtime@2.9.0
• @enclave-vm/ast@2.9.0

[2.9.0] - 2026-01-29

Added

• Introduced a new 3-server streaming-demo that showcases EnclaveJS streaming architecture, including nodes for broker, client, and runtime servers.
• Added new AST and Babel presets to ast-guard for enhanced code validation and security.
• Implemented new WebSocket-based execution architecture in streaming-demo, demonstrating multiple execution modes.
• Support for NDJSON streaming responses in broker-server for embedded and lambda execution modes.

Changed

• Refactored the package structure, migrating existing components to a new naming scheme prefixed with 'enclavejs-', including clients, streams, and brokers.
• Updated utility functions in EnclaveVM and ast-guard to improve performance and handle complex code structures.

Fixed

• Addressed various bug fixes in tool execution and error handling across the broker and lambda modes.

enclave-vm@2.7.0

enclave-vm v2.7.0

📦 npm: enclave-vm@2.7.0

---

Added

• Introduced a JSON-based tool bridge with configurable modes and payload limits, exposed via the new toolBridge option on EnclaveConfig.
• Added serialized size estimators (estimateSerializedSize/checkSerializedSize) and enforce them before returning sandbox values when a memory limit is configured.

Changed

• Enclave construction now normalizes toolBridge settings and requires explicit acknowledgement before enabling insecure direct bridging.

Security

• Array.prototype.fill is now memory-tracked inside both VM adapters to block sparse-array exhaustion attacks.
• Return paths reject values whose serialized size would exceed the configured memory limit, preventing Vector 340 serialization amplification.
• All host-generated errors now go through centralized createSafeError, severing prototype chains and stripping host stack details.
• String-mode tool bridge validates JSON payloads, enforces payload caps, sanitizes arguments/results, and updates tool-call stats before invoking host handlers.