feat(ocap-kernel): configurable vat global allowlist

[sirtimid]

Summary

This is Part 1 of the vat endowments overhaul (closes #813). Part 2 will integrate attenuated endowment factories from @metamask/snaps-execution-environments once MetaMask/snaps#3957 is merged and released — adding timer teardown on vat termination, anti-timing-attack Date, and crypto-backed Math.random.

The hardcoded allowedGlobals in VatSupervisor is extracted into a dedicated endowments.ts module and made configurable:

• New DEFAULT_ALLOWED_GLOBALS constant — a hardened record of host/Web API endowments that SES Compartments do not provide by default. JS intrinsics (ArrayBuffer, BigInt, typed arrays, Intl, etc.) are excluded since they are already available in every Compartment.
• Expanded endowment set — adds URL, URLSearchParams, atob, btoa, AbortController, AbortSignal alongside the existing TextEncoder, TextDecoder, setTimeout, clearTimeout, Date.
• Configurable allowedGlobals on VatSupervisor — optional constructor parameter defaulting to DEFAULT_ALLOWED_GLOBALS. Custom maps are hardened on assignment.
• Warning on unknown globals — when a vat requests a global not in the allowlist, a warning is logged instead of silently ignoring it.

Testing

Unit tests in endowments.test.ts verify the constant's shape and frozen state. VatSupervisor.test.ts tests the configurable parameter, the warning behavior (both positive and negative paths via initVat RPC). E2e tests in kernel-test exercise each endowment inside a real SES Compartment and verify that all host APIs are genuinely absent when not endowed, including that the tamed Date.now throws in secure mode without the Date endowment.

🤖 Generated with Claude Code

---

Note

Medium Risk
Changes vat endowment/SES-global handling by expanding and centralizing the allowlist and adding kernel-controlled restrictions, which can affect vat initialization and security boundaries if misconfigured.

Overview
Adds a hardened DEFAULT_ALLOWED_GLOBALS export and expands the default endowment set (e.g. URL, URLSearchParams, atob/btoa, AbortController/AbortSignal) used to explicitly provide host/Web globals to vats.

Introduces a kernel-level allowedGlobalNames option that is propagated through VatManager/VatHandle to the initVat RPC and enforced in VatSupervisor by filtering the allowlist; vats now fail initialization when requesting a global outside the effective allowlist.

Adds unit + integration tests (including a new kernel-test vat) to verify each endowment works when granted, is absent when not endowed, and that kernel restrictions reject disallowed globals; updates public exports and changelog accordingly.

^{Reviewed by Cursor Bugbot for commit a105504. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	78.47% ⬇️ -0.24%	8696 / 11081
🔵	Statements	78.3% ⬇️ -0.23%	8838 / 11287
🔵	Functions	75.9% ⬇️ -0.37%	2035 / 2681
🔵	Branches	76.45% ⬆️ +0.03%	3747 / 4901

File Coverage

File	Stmts	Branches	Functions	Lines	Uncovered Lines
Changed Files
packages/kernel-test/src/vats/endowment-globals.ts	0%	0%	0%	0%	14-83
packages/ocap-kernel/src/Kernel.ts	88.39% 🟰 ±0%	77.77% 🟰 ±0%	82.6% 🟰 ±0%	88.39% 🟰 ±0%	293-296, 313, 337, 412-422, 510, 578, 644-647, 660, 670-671, 714, 731
packages/ocap-kernel/src/index.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/rpc/vat/initVat.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/vats/VatHandle.ts	90.14% ⬆️ +0.14%	86.66% ⬆️ +0.95%	100% 🟰 ±0%	90.14% ⬆️ +0.14%	324, 375-380, 389-395
packages/ocap-kernel/src/vats/VatManager.ts	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%	100% 🟰 ±0%
packages/ocap-kernel/src/vats/VatSupervisor.ts	75.3% ⬆️ +2.58%	52.77% ⬆️ +10.35%	50% ⬇️ -8.33%	75.3% ⬆️ +2.58%	131, 143, 152, 190, 228-232, 243, 252-253, 275-277, 280, 284-286, 315-316, 346, 363-371
packages/ocap-kernel/src/vats/endowments.ts	100%	100%	100%	100%

Generated in workflow #4294 for commit a105504 by the Vitest Coverage Report Action

[rekmarks]

LGTM!