Conversation
…raming, sanitized errors Ralph Layer 14 — Hardened Wasmtime config: Disabled wasm_threads, wasm_simd, wasm_multi_memory, wasm_bulk_memory, wasm_reference_types, wasm_tail_call, wasm_component_model, wasm_gc in sandbox.rs Engine config. Reduces attack surface and CVE exposure. Ralph Layer 6 — Sandwich prompt framing: Added SECURITY_BOUNDARY constant as final section of system prompt. Reasserts trust boundary so LLM has security context fresh in working memory when processing user messages and tool results. Ralph Layer 30 — Sanitized error responses: New sanitized_errors.rs module with correlation-ID-based error logging. Generic user-facing messages, full details in audit trail only. Wired into openfang-api, ready for systematic routes.rs migration. deny(unsafe_code) on 10 crates: channels, desktop, extensions, hands, memory, migrate, runtime, skills, types, wire. 3 crates with existing unsafe (api, cli, kernel) left without deny for now.
…ze limits sandbox.rs execute_sync: - Input size enforcement (4 MB max) - 64-bit safe cast via try_into() instead of 'as i32' truncation - Checked addition for pointer + length (no overflow) - Negative pointer rejection sandbox.rs host_call: - Negative pointer/length rejection - Checked addition for request bounds - Safe cast for response length (try_into instead of 'as i32') - Checked addition for response write bounds sandbox.rs host_log: - Negative pointer/length rejection - Checked addition for bounds - Log message size cap (8 KB) to prevent log flooding from guest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 1 Quick Wins (Ralph Architecture)
Changes
Ralph Layer 14 — Hardened Wasmtime config (
sandbox.rs)Ralph Layer 6 — Sandwich prompt framing (
prompt_builder.rs)Ralph Layer 30 — Sanitized error responses (
sanitized_errors.rs)WASM boundary hardening (
sandbox.rs)deny(unsafe_code) on 10 crates
Files modified
crates/openfang-runtime/src/sandbox.rs— Wasmtime config + bounds hardeningcrates/openfang-runtime/src/prompt_builder.rs— Sandwich framingcrates/openfang-api/src/sanitized_errors.rs— NEW: error sanitization modulecrates/openfang-api/src/lib.rs— Wire in sanitized_errorslib.rs— deny(unsafe_code)Not in this PR (deferred)