search

sodazone / ocelloids-services

Ocelloids Service Layer
https://ocelloids.net
Apache License 2.0
9 stars 3 forks source link

Runtime baseline: Consider node:vm execution #85

Closed mfornos closed 3 months ago

mfornos commented 3 months ago

[!IMPORTANT] This environment is not intended to run untrusted code.

Load and run agents using node:vm, ideally make it easy to add new environments. Common host services: out streams, shared streams, ingress, persistence, inter-agent comm. Presets for exposed dependencies like @polkadot/api.

mfornos commented 3 months ago

Just to keep a log, alts for untrusted code execution:

mfornos commented 3 months ago

After careful evaluation, running agent scripts in a Node.js vm context adds negative value to our current needs for the following reasons:

  1. Transpilation Requirement. The script must be transpiled to JavaScript, adding unnecessary complexity.
  2. Inherent Insecurity. node:vm does not provide true security isolation, making sandboxing ineffective.
  3. Lack of Immediate Need. We do not need to dynamically load remote code in the mid-term. For future needs, WebAssembly or an alternative will be considered.
  4. Sufficiency of the Module Loader. The standard Node.js module loader meets our current needs and supports dynamic imports, offering required flexibility without additional burden.

Therefore, we will not implement this approach in our case and context. :no_good:

For reference on a similar approach in the context of HTTP handlers: Vercel Edge Runtime