From 6464ec8e475ca4b6c34ddc4e9c44018c04e41e95 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 11 Dec 2025 01:19:19 +0000
Subject: [PATCH] chore(release): prepare release v1.1.0

Bumped versions for: ast-guard

Version analysis and docs updates by Codex AI.
---
 CHANGELOG.md                            |  8 ++++++++
 docs/draft/docs/libraries/ast-guard.mdx |  8 ++++++++
 docs/live/docs/libraries/ast-guard.mdx  |  8 ++++++++
 libs/ast-guard/CHANGELOG.md             | 13 +++++++++++++
 libs/ast-guard/package.json             |  2 +-
 5 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ffe34af..46e4c35 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.1.0] - 2025-12-11
+
+Hardened ast-guard’s AgentScript preset with additional browser primitive blocks and dynamic import enforcement.
+
+### Updated Libraries
+
+- **ast-guard** v1.1.0 - AgentScript preset now blocks structuredClone/messaging APIs, queueMicrotask, and import() expressions for parity with the Enclave sandbox.
+
 ### Changed
 
 - Updated the documented cache directory default for `LocalLlmConfig` to `~/.enclave/models` in `libs/enclave-vm/src/scoring/types.ts:377` to match the new Enclave pathing.
diff --git a/docs/draft/docs/libraries/ast-guard.mdx b/docs/draft/docs/libraries/ast-guard.mdx
index e344007..65ec557 100644
--- a/docs/draft/docs/libraries/ast-guard.mdx
+++ b/docs/draft/docs/libraries/ast-guard.mdx
@@ -29,6 +29,14 @@ console.log(result.valid); // true
 - **Security Presets**: STRICT, SECURE, STANDARD, PERMISSIVE
 - **Zero Dependencies**: Only uses acorn for parsing
 
+## AgentScript preset hardening
+
+Use `createAgentScriptPreset()` when you want AST validation to match Enclave's runtime sandbox. The preset now:
+
+- Blocks modern browser primitives like `structuredClone`, `AbortController`/`AbortSignal`, `MessageChannel`/`MessagePort`, `BroadcastChannel`, `TextEncoder`/`TextDecoder`, and `Intl` so those capabilities never reach execution.
+- Treats `queueMicrotask` the same way as timers to guard against microtask flooding attacks.
+- Reports dynamic `import()` expressions through `NoEvalRule`, preventing untrusted code from lazy-loading modules.
+
 ## Security Presets
 
 | Preset | Description |
diff --git a/docs/live/docs/libraries/ast-guard.mdx b/docs/live/docs/libraries/ast-guard.mdx
index e344007..65ec557 100644
--- a/docs/live/docs/libraries/ast-guard.mdx
+++ b/docs/live/docs/libraries/ast-guard.mdx
@@ -29,6 +29,14 @@ console.log(result.valid); // true
 - **Security Presets**: STRICT, SECURE, STANDARD, PERMISSIVE
 - **Zero Dependencies**: Only uses acorn for parsing
 
+## AgentScript preset hardening
+
+Use `createAgentScriptPreset()` when you want AST validation to match Enclave's runtime sandbox. The preset now:
+
+- Blocks modern browser primitives like `structuredClone`, `AbortController`/`AbortSignal`, `MessageChannel`/`MessagePort`, `BroadcastChannel`, `TextEncoder`/`TextDecoder`, and `Intl` so those capabilities never reach execution.
+- Treats `queueMicrotask` the same way as timers to guard against microtask flooding attacks.
+- Reports dynamic `import()` expressions through `NoEvalRule`, preventing untrusted code from lazy-loading modules.
+
 ## Security Presets
 
 | Preset | Description |
diff --git a/libs/ast-guard/CHANGELOG.md b/libs/ast-guard/CHANGELOG.md
index 8eda54b..2f0b560 100644
--- a/libs/ast-guard/CHANGELOG.md
+++ b/libs/ast-guard/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## [Unreleased]
+
+## [1.1.0] - 2025-12-11
+
+### Added
+
+- AgentScript preset now blocks structuredClone, AbortController/AbortSignal, MessageChannel/MessagePort, BroadcastChannel, TextEncoder/TextDecoder, and Intl before code hits runtime (libs/ast-guard/src/presets/agentscript.preset.ts:292).
+- AgentScript preset treats queueMicrotask as a disallowed timer primitive to mitigate microtask flooding attacks (libs/ast-guard/src/presets/agentscript.preset.ts:311).
+
+### Security
+
+- NoEvalRule now reports dynamic import() expressions so untrusted code cannot lazy-load modules (libs/ast-guard/src/rules/no-eval.rule.ts:4).
+
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
diff --git a/libs/ast-guard/package.json b/libs/ast-guard/package.json
index 1cee9b5..8c9d602 100644
--- a/libs/ast-guard/package.json
+++ b/libs/ast-guard/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ast-guard",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "A production-ready AST security guard for JavaScript - validate, protect, and enforce code safety with extensible rules",
   "author": "AgentFront <info@agentfront.dev>",
   "homepage": "https://github.com/agentfront/enclave/tree/main/libs/ast-guard",