Conversation
gibson042
commented
Jan 29, 2026
Comment on lines
+79
to
+95
| const specimen = harden([1, 'foo', 2, 'bar']); | ||
|
|
||
| test('split first match from copyArray', testContainerHasSplit, { | ||
| specimen, | ||
| pattern: M.string(), | ||
| bound: 1n, | ||
| expectAccepted: ['bar'], | ||
| expectRejected: [2, 'foo', 1], | ||
| }); | ||
|
|
||
| test('split first two matches from copyArray', testContainerHasSplit, { | ||
| specimen, | ||
| pattern: M.string(), | ||
| bound: 2n, | ||
| expectAccepted: ['bar', 'foo'], | ||
| expectRejected: [2, 1], | ||
| }); |
Member
Author
There was a problem hiding this comment.
@erights Whether or not this was intentional, we should reconsider the direction for CopyArray scanning. It makes sense for CopySet and CopyBag to start at the end because of their ordering constraints, but I think CopyArray scanning should start at the beginning.
Contributor
There was a problem hiding this comment.
That makes sense. But I won't get to it anytime soon, so putting this in Draft until then. Unless you wanna give it a try?
Member
Author
michaelfig
reviewed
Jan 30, 2026
Member
michaelfig
left a comment
michaelfig
left a comment
There was a problem hiding this comment.
Good stuff! Thanks for addressing this (presuming you're heading for CopyArray = ReadonlyArray<Passable>).
Comment on lines
+81
to
+87
| test('split first match from copyArray', testContainerHasSplit, { | ||
| specimen, | ||
| pattern: M.string(), | ||
| bound: 1n, | ||
| expectAccepted: ['bar'], | ||
| expectRejected: [2, 'foo', 1], | ||
| }); |
Member
There was a problem hiding this comment.
Is bound: 0n a relevant edge case to test?
Member
Author
There was a problem hiding this comment.
No, the function is documented to require a minimum bound of 1n:
But I have added 1d6b76e for hopefully propagating such documentation to https://docs.endojs.org/variables/_endo_patterns.containerHasSplit.html .
michaelfig
approved these changes
Feb 19, 2026
Member
michaelfig
left a comment
michaelfig
left a comment
There was a problem hiding this comment.
I'll go out on a bit of a limb, and assert that this PR is strictly an improvement.
@gibson042, if you would like @erights to review before merging, please bring it to his attention.
Contributor
Hi @michaelfig , that brought it back to my attention. Looking now. Thanks. |
erights
reviewed
Feb 19, 2026
erights
reviewed
Feb 19, 2026
erights
reviewed
Feb 19, 2026
erights
reviewed
Feb 19, 2026
Comment on lines
+1403
to
+1407
| const isPartial = num > stillNeeds; | ||
| const numTake = isPartial ? stillNeeds : num; | ||
| inCount += num; | ||
| if (inResults) inResults.push([element, numTake]); | ||
| if (isPartial && outResults) outResults.push([element, num - numTake]); |
Contributor
There was a problem hiding this comment.
Just checking: This is all a pure refactor with no observable diff, yes?
Member
Author
erights
reviewed
Feb 19, 2026
| * matched by `elementPatt`, optionally returning those bounded matches and/or | ||
| * their complement as specified by `needInResults` and `needOutResults` | ||
| * (ensuring for CopyBags that at most one Key is split across both, but | ||
| * otherwise making no guarantee regarding the order in which elements are |
Contributor
There was a problem hiding this comment.
Really? That seems like a surprising under-specification.
erights
reviewed
Feb 19, 2026
erights
reviewed
Feb 19, 2026
| * container of the same shape as `specimen` | ||
| * @param {boolean} [needOutResults] collect and return rejects inside a | ||
| * container of the same shape as `specimen` | ||
| * @returns {[matches: Container | undefined, discards: Container | undefined] | false} |
Contributor
There was a problem hiding this comment.
Good. I always forget that we can name the elements of a tuple type.
erights
reviewed
Feb 19, 2026
erights
reviewed
Feb 19, 2026
| false, | ||
| false, | ||
| ); | ||
| return !!containerHasSplit(specimen, elementPatt, bound, reject); |
Contributor
There was a problem hiding this comment.
If it takes a reject parameter and follows the normal reject convention, shouldn't it be named confirmFoo?
Suggested change
| return !!containerHasSplit(specimen, elementPatt, bound, reject); | |
| return !!confirmContainerHasSplit(specimen, elementPatt, bound, reject); |
Member
Author
There was a problem hiding this comment.
Perhaps, but it is externally exposed as containerHasSplit and things are generally more convenient if that name is consistent all the way down.
🦋 Changeset detectedLatest commit: c488503 The changes in this PR will be included in the next version bump. This PR includes changesets to release 4 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…opyArray results (which must be hardened) Fixes #3064
CopyArray is not mutable
gibson042
force-pushed
the
gh-3064-containerhassplit-hardened-results
branch
from
2314b6e to
d93e6a8
Compare
gibson042
force-pushed
the
gh-3064-containerhassplit-hardened-results
branch
from
d93e6a8 to
949cab5
Compare
gibson042
force-pushed
the
gh-3064-containerhassplit-hardened-results
branch
from
949cab5 to
c488503
Compare
Merged
gibson042
added a commit
that referenced
this pull request
Feb 25, 2026
gibson042
added a commit
that referenced
this pull request
Feb 25, 2026
boneskull
added a commit
that referenced
this pull request
Feb 26, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated. # Releases ## @endo/compartment-mapper@2.0.0 ### Major Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - **Breaking:** `CompartmentMapDescriptor` no longer has a `path` property. - **Breaking:** `CompartmentMapDescriptor`'s `label` property is now a _canonical name_ (a string of one or more npm package names separated by `>`). - **Breaking:** The `CompartmentMapDescriptor` returned by `captureFromMap()` now uses canonical names as the keys in its `compartments` property. - Breaking types: `CompartmentMapDescriptor`, `CompartmentDescriptor`, `ModuleConfiguration` (renamed from `ModuleDescriptor`) and `ModuleSource` have all been narrowed into discrete subtypes. - `captureFromMap()`, `loadLocation()` and `importLocation()` now accept a `moduleSourceHook` option. This hook is called when processing each module source, receiving the module source data (location, language, bytes, or error information) and the canonical name of the containing package. - `captureFromMap()` now accepts a `packageConnectionsHook` option. This hook is called for each retained compartment with its canonical name and the set of canonical names of compartments it links to (its connections). Useful for analyzing or visualizing the dependency graph. - `mapNodeModules()`, `loadLocation()`, `importLocation()`, `makeScript()`, `makeFunctor()`, and `writeScript()` now accept the following hook options: - `unknownCanonicalNameHook`: Called for each canonical name mentioned in policy but not found in the compartment map. Useful for detecting policy misconfigurations. - `packageDependenciesHook`: Called for each package with its set of dependencies. Can return partial updates to modify the dependencies, enabling dependency filtering or injection based on policy. - `packageDataHook`: Called once with data about all packages found while crawling `node_modules`, just prior to creation of a compartment map. - When dynamic requires are enabled via configuration, execution now takes policy into consideration when no other relationship (for example, a dependent/dependee relationship) between two Compartments exists. When policy explicitly allows access from package _A_ to _B_ and _A_ dynamically requires _B_ (via absolute path or otherwise), the operation will succeed. This can occur _if and only if_ dynamic requires are enabled _and_ a policy is provided. - Improved error messaging for policy enforcement failures. ### Patch Changes - [#3055](#3055) [`81b4c40`](81b4c40) Thanks [@naugtur](https://github.com/naugtur)! - - Introduces additional signal to consider an export from a package an ESM module when it's selected via an `import` key in `exports` in package.json in case no other indication of it being an ESM module is present. - Updated dependencies \[[`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`a7d3d26`](a7d3d26), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/module-source@1.4.0 - @endo/zip@1.1.0 ## @endo/bundle-source@4.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3083](#3083) [`644ab15`](644ab15) Thanks [@turadg](https://github.com/turadg)! - Fix bundle cache corner cases, improve cache-root validation, and clarify CLI docs for `endoScript` bundle format. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`a2c32ec`](a2c32ec), [`81b4c40`](81b4c40)]: - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/init@1.1.13 - @endo/evasive-transform@2.1.0 ## @endo/captp@4.5.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/check-bundle@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`81b4c40`](81b4c40)]: - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/common@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - Deprecates this package's support for the checkFoo/assertCheck pattern (`Checker`, `identChecker`) in favor of the confirm/reject pattern supported by @endo/errors/rejector.js. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/errors@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Exports `assert.details` under its own name (i.e., `details`). - `hideAndHardenFunction` - If a function `foo` is first frozen with `hideAndHardenFunction(foo)` rather than `freeze(foo)` or `harden(foo)`, then `foo.name` is changed from `'foo'` to `'__HIDE_foo'`. When `stackFiltering: 'concise'` or `stackFiltering: 'omit-frames'`, then (currently only on v8), the stack frames for that function are omitted from the stacks reported by our causal console. - The new `Rejector` type supports the confirmFoo/reject pattern: ```js @import {FAIL, hideAndHardenFunction} from '@Endo@errors'; @import {Rejector} from '@endo/errors/rejector.js'; const confirmFoo = (specimen, reject: Rejector) => test(specimen) || reject && reject`explanation of what went wrong`; export const isFoo = specimen => confirmFoo(specimen, false); hideAndHardenFunction(isFoo); export const assertFoo = specimen => { confirmFoo(specimen, FAIL); }; hideAndHardenFunction(assertFoo); ``` Both `false` and `Fail` satisfy the `Rejector` type. We also deprecate the old checkFoo/assertChecker pattern from @endo/common. The exported `isFoo` and `assertFoo` behave the same as they had when then they were using the checkFoo/assertChecker pattern, but are now internally faster and clearer. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/evasive-transform@2.1.0 ### Minor Changes - [#3026](#3026) [`a2c32ec`](a2c32ec) Thanks [@naugtur](https://github.com/naugtur)! - - Add meaning-preserving transformation of expressions and literals containing content that would otherwise be rejected by SES for looking like dynamic import or HTML-like comments. Previously only comments were transformed. Use `onlyComments` option to opt-out of the new behavior. ## @endo/eventual-send@1.4.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`029dcc4`](029dcc4)]: - @endo/harden@1.1.0 ## @endo/exo@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`98f77e9`](98f77e9), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`c488503`](c488503), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/pass-style@1.7.0 ## @endo/harden@1.1.0 ### Minor Changes - [#3008](#3008) [`029dcc4`](029dcc4) Thanks [@kriskowal](https://github.com/kriskowal)! - - Introduces `@endo/harden`, providing a `harden` implementation that works both inside and outside HardenedJS. - Supports the `hardened` and `harden:unsafe` build conditions to select hardened-environment and no-op behaviors. - Detects pre-lockdown use of `harden` so `lockdown()` fails with a helpful error instead of leaving modules incorrectly hardened. All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. ## @endo/import-bundle@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/lp32@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 ## @endo/marshal@1.9.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/memoize@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/module-source@1.4.0 ### Minor Changes - [#3008](#3008) [`a7d3d26`](a7d3d26) Thanks [@kriskowal](https://github.com/kriskowal)! - - Transitively freezes the properties of `ModuleSource` constructors and instances without requiring lockdown, for greater safety against supply-chain-attack. `ModuleSource`, particularly through the `@endo/module-source/shim.js`, necessarily runs before `lockdown` is called (if ever) and cannot rely on `harden`, so must preemptively transitively freeze its properties to be a hardened module, regardless of whether `lockdown` is ever called. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/nat@5.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/netstring@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/pass-style@1.7.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - - Deprecates `assertChecker`. Use `Fail` in the confirm/reject pattern instead, as supported by `@endo/errors/rejector.js`. - Enables `passStyleOf` to make errors passable as a side-effect when SES locks down with `hardenTaming` set to `unsafe`, which impacts errors on V8 starting with Node.js 21, and similar engines, that own a `stack` getter and setter that would otherwise be repaired as a side-effect of `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/patterns@1.8.0 ### Minor Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - `@endo/patterns` now exports a new `getNamedMethodGuards(interfaceGuard)` that returns that interface guard's record of method guards. The motivation is to support interface inheritance expressed by patterns like ```js const I2 = M.interface('I2', { ...getNamedMethodGuards(I1), doMore: M.call().returns(M.any()), }); ``` See `@endo/exo`'s `exo-wobbly-point.test.js` to see it in action together with an experiment in class inheritance. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - The `sloppy` option for `@endo/patterns` interface guards is deprecated. Use `defaultGuards` instead. - [#3065](#3065) [`c488503`](c488503) Thanks [@gibson042](https://github.com/gibson042)! - - `containerHasSplit` now hardens its output(s) when working with copyArrays, ensuring that each output is itself a copyArray instance. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/promise-kit@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## ses@1.15.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Adds `assert.makeError` and deprecates `assert.error` as an alias, matching the API already exported from `@endo/errors`. - Before this version, the `assert` left in global scope before `lockdown` would redact errors and would be replaced by `lockdown` with a version that did _not_ redact errors if the caller opted-in with `errorTaming` set to one of the `unsafe` variants. After this version, the reverse is true: the `assert` left in global scope before `lockdown` does not redact. Then, `lockdown` replaces `assert` with a redacting `assert` unless the caller opted-out with `errorTaming` set to one of the `unsafe` variants. - [#3008](#3008) [`a29ecd4`](a29ecd4) Thanks [@kriskowal](https://github.com/kriskowal)! - - `lockdown` and `repairIntrinsics` now detect when code has already called a `harden` imported from `@endo/harden` before lockdown, and fail with a clear error about hardened modules executing before lockdown. - Adds `Object[Symbol.for('harden')]` as a variant of `globalThis.harden` that cannot be overridden by an endowment named `harden` in compartments. ## @endo/ses-ava@1.4.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Introduces a `ses-ava` command for running tests with multiple AVA configurations. - Adds an `@endo/ses-ava/test.js` module for getting a `test` function appropriate for your configuration. - Adds an `@endo/ses-ava/prepare-endo-config.js` module suitable for use in the `require` clause of an AVA configuration, such that `@endo/ses-ava/test.js` exports a wrapped SES-AVA `test` function. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/init@1.1.13 ## @endo/stream@1.3.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/stream-node@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/zip@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/init@1.1.13 ### Patch Changes - [#3085](#3085) [`b8b52ce`](b8b52ce) Thanks [@copilot-swe-agent](https://github.com/apps/copilot-swe-agent)! - Move async_hooks patch to dedicated entrypoint for Node.js 24 compatibility The async_hooks patch was originally added in #1115 to address debugger issues (#1105) for local debugging of Node.js processes in lockdown mode. However, the patch is breaking in Node.js 24, and it's unclear whether it's still necessary in Node.js 20+. To maintain backward compatibility while fixing the Node.js 24 breakage, the patch has been moved from the default import path to a new dedicated entrypoint `@endo/init/debug-async-hooks.js`. This allows users who need the async_hooks patch for debugging in older Node.js versions to opt-in explicitly, while preventing breakage for users on Node.js 24+. If you were relying on the async_hooks patch, import `@endo/init/debug-async-hooks.js` instead of `@endo/init/debug.js`. Note that this entrypoint may not work correctly in Node.js 24+. - Updated dependencies \[[`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/cli@2.3.12 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`644ab15`](644ab15), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`98f77e9`](98f77e9), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/bundle-source@4.2.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/init@1.1.13 - @endo/daemon@2.5.2 ## @endo/daemon@2.5.2 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/captp@4.5.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/marshal@1.9.0 - @endo/netstring@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/test262-runner@0.1.49 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/compartment-mapper@2.0.0
gibson042
added a commit
that referenced
this pull request
Feb 26, 2026
gibson042
added a commit
that referenced
this pull request
Feb 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #3064
Description
containerHasSplitcontainerHasSplitso they actually have pass style "copyArray"containerHasSplitSecurity Considerations
None known.
Scaling Considerations
n/a
Documentation Considerations
n/a
Testing Considerations
✔
Compatibility Considerations
CopyArrays are already claimed by documentation to be immutable, so this shouldn't affect anything (and doesn't AFAICT).
Upgrade Considerations
I think this fix falls below the level of inclusion in NEWS.md, but could be persuaded out of that position.