v0.4.0 — LLRT capability boundary hardening

Packages

• @robinbraemer/codemode@0.4.0
• @robinbraemer/llrt@0.2.0
• @robinbraemer/llrt-* native packages@0.2.0

Highlights

• Adds explicit data-only and capability executor contracts.
• Adds LLRT callJsonWithHost manifest execution with no raw global host bridge on the capability path.
• Routes legacy LLRT function globals through a private manifest namespace.
• Hardens data-only input validation, host payload/result limits, namespace collision handling, and manifest name validation.

Verification

• PR #17 passed CI and the full LLRT native package matrix.
• Local: mise exec -- pnpm run ci.

v0.3.2

Publishes the hardened LLRT follow-up after v0.3.1 / v0.1.1.

• abort LLRT host-call contexts when execution completes or times out
• forward AbortSignal through CodeMode request bridge and cancel response readers on abort/error
• add maxRequestBytes to cap sandbox request payloads before host forwarding
• publish @robinbraemer/codemode@0.3.2 and @robinbraemer/llrt@0.1.2 with native optional packages

Use this release for CNAP adoption; do not adopt v0.3.1 / v0.1.1 as the hardened default.

v0.3.1

Summary

• Harden LLRT native execution by disabling default module/file/package loading for sandboxed call_json execution.
• Hide response headers from sandbox code unless explicitly exposed and harden protected request header filtering.
• Publish @robinbraemer/codemode@0.3.1 and @robinbraemer/llrt@0.1.1 with rebuilt native packages.

Verification

• PR CI passed.
• PR LLRT native matrix passed for darwin-arm64, darwin-x64, linux-arm64-gnu, linux-x64-gnu, plus package verification.

Release workflows should publish the npm packages from this tag.

v0.2.0 — QuickJS executor backend

Highlights

• New QuickJSExecutor — pure-WASM sandbox backend via quickjs-emscripten. Optional peer dependency. Auto-selected on Bun and other runtimes where isolated-vm cannot dlopen.
• createExecutor() — runtime-aware backend picker. Use this as the default for new integrations: executor: await createExecutor({ memoryMB: 128, timeoutMs: 60_000 }).
• Stats parity — ExecuteStats shape locked across backends so callers can swap transparently.
• Shared executor contract test suite — adding a new contract test automatically covers every backend.

When to use which backend

Backend	Recommended for
IsolatedVMExecutor	Production on Node. Native V8 speed, mature, no upstream async bugs.
QuickJSExecutor	Fallback only — runtimes where isolated-vm can't load (Bun, Cloudflare Workers, browser). See README for known upstream quickjs-emscripten@0.32.0 regressions and the Promise.all-over-sequential-await guest-code constraint.

Other changes

• Dep bumps: vitest 3 → 4, typescript 5 → 6, jdx/mise-action v2 → v4, plus non-major patches across convex, hono, isolated-vm, tsx, zod.
• 97/97 tests green across both executors.

Full diff: #11

v0.1.5

What's Changed

• feat: Expose execution stats from V8 isolates — ExecuteResult now includes stats with CPU time, wall time, and heap statistics from isolated-vm
• feat: Expose requestCount on the bridge function returned by createRequestBridge()

These additions let consumers (e.g. CodeModeService) record OTel metrics without the library itself depending on OpenTelemetry.

v0.1.4

What's changed

• Revert error response stripping — Error status codes (401, 403, 404) are kept in the spec so agents can debug failures.
• Improved search tool description — Aligned examples with Cloudflare's patterns: tag-based discovery when available, list-all as fallback, split endpoint detail examples by concern (requestBody vs parameters).

v0.1.3

What's changed

• Strip error responses from spec — Only 2xx/default responses are kept in the processed spec. Error schemas (401, 404, 500) are identical boilerplate on every endpoint and were wasting context tokens.
  • Full CNAP spec: ~58K → ~26K tokens (56% reduction)
  • Single endpoint query: ~990 → ~358 tokens (64% reduction)

v0.1.2

What's changed

• Leaner spec processing — processSpec() now drops components, info, and operationId from the output. Since all $refs are resolved inline, these fields were redundant and wasted sandbox memory.
• Lower default response token limit — maxResponseTokens default reduced from 25,000 to 6,000 (matching Cloudflare's implementation), keeping agent context usage lean.
• Updated tool type declarations — SPEC_TYPES no longer advertises components or info on the spec global.

These changes reduce context overhead without changing the search/execute API.

v0.1.1

Full Changelog: v0.1.0...v0.1.1

v0.1.0

Full Changelog: https://github.com/cnap-tech/codemode/commits/v0.1.0