1
+ # Copyright (C) 2024 Gramine contributors
2
+ # SPDX-License-Identifier: BSD-3-Clause
3
+
4
+ # Node.js manifest file example
5
+
6
+ libos.entrypoint = "{{ nodejs_dir }}/node"
7
+
8
+ fs.start_dir = "/agent"
9
+
10
+ loader.log_level = "{{ log_level }}"
11
+
12
+ loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}"
13
+
14
+ # Insecure configuration for loading arguments and environment variables
15
+ # Do not set these configurations in production
16
+ loader.insecure__use_cmdline_argv = true
17
+ loader.insecure__use_host_env = true
18
+
19
+ fs.mounts = [
20
+ { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" },
21
+ { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" },
22
+ { uri = "file:/usr/{{ arch_libdir }}", path = "/usr/{{ arch_libdir }}" },
23
+ { uri = "file:{{ nodejs_dir }}/node", path = "{{ nodejs_dir }}/node" },
24
+ { type = "tmpfs", path = "/tmp" },
25
+ { type = "tmpfs", path = "/agent/content_cache" },
26
+ ]
27
+
28
+ sys.enable_extra_runtime_domain_names_conf = true
29
+ sys.fds.limit = 65535
30
+
31
+ sgx.debug = false
32
+ sgx.remote_attestation = "dcap"
33
+ sgx.max_threads = 64
34
+
35
+ # Some dependencies of Eliza utilize WebAssembly (WASM).
36
+ # Initializing WASM requires a substantial amount of memory.
37
+ # If there is insufficient memory, you may encounter the following error:
38
+ # RangeError: WebAssembly.instantiate(): Out of memory: Cannot allocate Wasm memory for a new instance.
39
+ # To address this, we set the enclave size to 64GB.
40
+ sgx.enclave_size = "64G"
41
+
42
+ # `use_exinfo = true` is needed because Node.js uses memory mappings with `MAP_NORESERVE`, which
43
+ # will defer page accepts to page-fault events when EDMM is enabled
44
+ sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
45
+ sgx.use_exinfo = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }}
46
+
47
+ sgx.trusted_files = [
48
+ "file:{{ gramine.runtimedir() }}/",
49
+ "file:{{ arch_libdir }}/",
50
+ "file:/usr/{{ arch_libdir }}/",
51
+ "file:{{ nodejs_dir }}/node",
52
+ "file:characters/",
53
+ "file:agent/src/",
54
+ "file:agent/package.json",
55
+ "file:agent/tsconfig.json",
56
+ "file:package.json",
57
+ "file:.env",
58
+
59
+ # Add these files to sgx.trusted_files in production and remove them from sgx.allowed_files.
60
+ # Trusting these files requires a high-performance SGX machine due to the large number of files,
61
+ # which could significantly increase startup time.
62
+ # To mitigate startup time degradation, we use allowed_files in development.
63
+ #
64
+ # "file:node_modules/",
65
+ # "file:packages/",
66
+ # These files are symbolic links to node_modules,
67
+ # and Gramine does not support adding symbolic link directories to sgx.trusted_files.
68
+ # Therefore, we must add each directory individually to sgx.trusted_files.
69
+ # "file:agent/node_modules/@elizaos/adapter-sqlite/",
70
+ # "file:agent/node_modules/@elizaos/.../",
71
+ ]
72
+
73
+ # Insecure configuration. Use gramine encrypted fs to store data in production.
74
+ sgx.allowed_files = [
75
+ "file:agent/data/",
76
+ "file:agent/model.gguf",
77
+
78
+ # Move these files to sgx.trusted_files in production.
79
+ "file:node_modules/",
80
+ "file:packages/",
81
+ "file:agent/node_modules/",
82
+ ]
83
+
84
+ loader.env.SGX = "1"
0 commit comments