Skip to content

1.6.18
Compare
Choose a tag to compare
@hansott hansott released this 24 Mar 11:03
· 313 commits to main since this release
1.6.18
2411b0a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
  • Improve coverage of private IP addresses (used for SSRF detection etc)
  • Log a warning if Zen.setUser(...) is called outside of context (e.g. when source is not supported by Zen)
  • Use sliding window for rate limiting (avoids burst abuse near window edges)
  • Mark values as unsafe:

Useful when you want to explicitly label data as potentially dangerous, such as output from an LLM being used to generate a file name:

const toolCall = completion.choices[0].message.tool_calls[0];
const filepath = JSON.parse(toolCall.function.arguments).filepath;

// Mark the filepath as unsafe since it came from the LLM
Zen.markUnsafe(filepath);

// This will be blocked if the LLM tries to perform path traversal
// e.g. if filepath is "../../../etc/passwd"
await readFile(filepath);
Assets 2
Loading