Architecture
- Parent VM: Security barrier with operation validation
- Inner VM: Isolated execution environment for user code
- Tool call flow: Inner VM → Parent VM validation → Host handler
Basic Configuration
Parent Validation Options
Operation Name Filtering
Control which tool names are allowed:Built-in Suspicious Pattern Detection
The Double VM detects these attack patterns automatically:Custom Suspicious Patterns
Define your own detection logic:Detection Pattern Interface
Rate Limiting
Prevent rapid-fire tool calls:Security Benefits
- Operation Isolation - Tool calls pass through validation layer
- Pattern Detection - Detect multi-step attack sequences
- Rate Limiting - Prevent denial-of-service via tool flooding
- Audit Trail - Operation history for forensics
- Defense in Depth - Additional layer beyond AST validation
Performance Considerations
The Double VM adds minimal overhead:- Latency: ~1-2ms per tool call for validation
- Memory: ~10MB additional for parent VM context
- CPU: Negligible for pattern matching
Related
- Security Levels - Security presets
- AI Scoring Gate - Semantic security analysis
- Worker Pool - OS-level isolation