Skip to main content
The Double VM layer provides enhanced security through nested VM isolation. A parent VM acts as a security barrier that validates all operations before they reach the host system.

Architecture

  • Parent VM: Security barrier with operation validation
  • Inner VM: Isolated execution environment for user code
  • Tool call flow: Inner VM → Parent VM validation → Host handler

Basic Configuration

Parent Validation Options

Operation Name Filtering

Control which tool names are allowed:

Built-in Suspicious Pattern Detection

The Double VM detects these attack patterns automatically:

Custom Suspicious Patterns

Define your own detection logic:

Detection Pattern Interface

Rate Limiting

Prevent rapid-fire tool calls:
When the rate limit is exceeded, subsequent calls are blocked until the rate drops.

Security Benefits

  1. Operation Isolation - Tool calls pass through validation layer
  2. Pattern Detection - Detect multi-step attack sequences
  3. Rate Limiting - Prevent denial-of-service via tool flooding
  4. Audit Trail - Operation history for forensics
  5. Defense in Depth - Additional layer beyond AST validation

Performance Considerations

The Double VM adds minimal overhead:
  • Latency: ~1-2ms per tool call for validation
  • Memory: ~10MB additional for parent VM context
  • CPU: Negligible for pattern matching
For performance-critical applications, you can disable specific features: