agents-orchestrator/agent-orchestrator

Fork 0

Commit graph

Author	SHA1	Message	Date
Hibryda	a70d45ad21	security: migrate plugin sandbox from new Function() to Web Worker Each plugin now runs in a dedicated Web Worker with permission-gated API proxied via postMessage. Eliminates prototype walking and arguments.callee.constructor escape vectors inherent to same-realm new Function() sandbox.	2026-03-15 02:36:55 +01:00
Hibryda	5e949696d5	fix: track plugin-host source and add 35 sandbox security tests Fix .gitignore 'plugins/' rule that was accidentally ignoring source files in v2/src/lib/plugins/. Narrow to /plugins/ and /v2/plugins/ (runtime plugin directories only). Track plugin-host.ts (was written but never committed) and add comprehensive test suite covering all 13 shadowed globals, this-binding, permission gating, API freeze, and lifecycle management.	2026-03-12 11:10:50 +01:00

Author

SHA1

Message

Date

Hibryda

a70d45ad21

security: migrate plugin sandbox from new Function() to Web Worker

Each plugin now runs in a dedicated Web Worker with permission-gated
API proxied via postMessage. Eliminates prototype walking and
arguments.callee.constructor escape vectors inherent to same-realm
new Function() sandbox.

2026-03-15 02:36:55 +01:00

Hibryda

5e949696d5

fix: track plugin-host source and add 35 sandbox security tests

Fix .gitignore 'plugins/' rule that was accidentally ignoring source
files in v2/src/lib/plugins/. Narrow to /plugins/ and /v2/plugins/
(runtime plugin directories only). Track plugin-host.ts (was written
but never committed) and add comprehensive test suite covering all 13
shadowed globals, this-binding, permission gating, API freeze, and
lifecycle management.

2026-03-12 11:10:50 +01:00

2 commits