# Copyright (C) 2024 Gramine contributors # SPDX-License-Identifier: BSD-3-Clause # Node.js manifest file example libos.entrypoint = "{{ nodejs_dir }}/node" fs.start_dir = "/agent" loader.log_level = "{{ log_level }}" loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}" # Insecure configuration for loading arguments and environment variables # Do not set these configurations in production loader.insecure__use_cmdline_argv = true loader.insecure__use_host_env = true fs.mounts = [ { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" }, { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" }, { uri = "file:/usr/{{ arch_libdir }}", path = "/usr/{{ arch_libdir }}" }, { uri = "file:{{ nodejs_dir }}/node", path = "{{ nodejs_dir }}/node" }, { type = "tmpfs", path = "/tmp" }, { type = "tmpfs", path = "/agent/content_cache" }, ] sys.enable_extra_runtime_domain_names_conf = true sys.fds.limit = 65535 sgx.debug = false sgx.remote_attestation = "dcap" sgx.max_threads = 64 # Some dependencies of Eliza utilize WebAssembly (WASM). # Initializing WASM requires a substantial amount of memory. # If there is insufficient memory, you may encounter the following error: # RangeError: WebAssembly.instantiate(): Out of memory: Cannot allocate Wasm memory for a new instance. # To address this, we set the enclave size to 64GB. sgx.enclave_size = "64G" # `use_exinfo = true` is needed because Node.js uses memory mappings with `MAP_NORESERVE`, which # will defer page accepts to page-fault events when EDMM is enabled sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.use_exinfo = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} sgx.trusted_files = [ "file:{{ gramine.runtimedir() }}/", "file:{{ arch_libdir }}/", "file:/usr/{{ arch_libdir }}/", "file:{{ nodejs_dir }}/node", "file:characters/", "file:agent/src/", "file:agent/package.json", "file:agent/tsconfig.json", "file:package.json", "file:.env", # Add these files to sgx.trusted_files in production and remove them from sgx.allowed_files. # Trusting these files requires a high-performance SGX machine due to the large number of files, # which could significantly increase startup time. # To mitigate startup time degradation, we use allowed_files in development. # # "file:node_modules/", # "file:packages/", # These files are symbolic links to node_modules, # and Gramine does not support adding symbolic link directories to sgx.trusted_files. # Therefore, we must add each directory individually to sgx.trusted_files. # "file:agent/node_modules/@elizaos/adapter-sqlite/", # "file:agent/node_modules/@elizaos/.../", ] # Insecure configuration. Use gramine encrypted fs to store data in production. sgx.allowed_files = [ "file:agent/data/", "file:agent/model.gguf", # Move these files to sgx.trusted_files in production. "file:node_modules/", "file:packages/", "file:agent/node_modules/", ] loader.env.SGX = "1"