v1.2.0-alpha: GPU Compute & The Iron Shield 🛡️
KnotenCore moves into the v1.2.0-alpha era! Sprints 187 to 193 lay down critical foundation pieces: unlocking massive parallel processing via GPGPU Compute Pipelines, optimizing bytecode through compile-time folding, and locking down the sandbox with rigorous security checks. Here is what's new.
⚡ WGPU GPGPU & Matrix Standard Library (Sprint 187)
Sprint 187 expands our WGPU architecture into the realm of general-purpose GPU computing. By wiring up DispatchCompute and serializing complex array structures into packed f32 storage buffers, scripts can now run custom parallel operations on the GPU via WGSL shaders.
To support this, we added parallel math helpers like math_vector_scale and math_matrix_transform (powered by glam::Mat4) directly to the FFI bridge, establishing a robust toolset for complex 3D orbital dynamics and physics calculations.
🛡️ The Iron Shield Hardening (Sprints 190, 193)
Security is paramount in an execution environment built for AI agents. Sprints 190 and 193 were dedicated to closing sandbox bypass vectors:
- Symlink Blocking: Both read and write operations check paths using
std::fs::symlink_metadata. Symbolic links are strictly rejected, preventing arbitrary host directory traversal. - Domain Whitelist Suffix Guard: We patched a vulnerability where domain whitelisting used a simple suffix check (e.g.
evilgoogle.commatchinggoogle.com). Now, domains must match exactly or as a sub-domain (domain == whitelist || domain.ends_with(".whitelist")). - FFI Panic Protection: Dynamic module routing is wrapped in
catch_unwind. Any panic triggered within native routines is converted into anExecResult::Fault, protecting the main host loop from crashing.
📉 Compiler Optimization Phase 1 (Sprint 192)
In Sprint 192, we verified and tested our first compiler optimization pipeline. The AOT compiler now aggressively reduces code size and improves VM throughput using:
- Constant Folding: Expressions like
5 + 10 * 2are resolved toIntLiteral(25)at compile time. - Logical & Bitwise Folding: Comparisons and bitwise operators with deterministic inputs collapse to literals.
- Dead Code Elimination (DCE): Unreachable branches inside conditional
Ifconstructs and loops are fully purged before bytecode emission.
Supported by 29 new unit tests, these optimizations guarantee that complex code generated by AI agents runs with minimal VM overhead.