Overview
Quick Start
Security Model
The Babel transform runs in an isolated VM context with multiple security layers:| Layer | Protection | Description |
|---|---|---|
| Preset Whitelist | Controlled transforms | Only allowed presets can be used (no arbitrary plugins) |
| Input Size Limit | DoS prevention | Maximum source code size varies by security level |
| Output Size Limit | Memory protection | Prevents output expansion attacks |
| Transform Timeout | Resource control | Prevents infinite compilation loops |
| Isolated Context | Sandbox escape | Babel runs without access to fs, process, require |
| No Plugins | Code execution | Plugins are completely blocked (they execute arbitrary code) |
Configuration
Security Levels
Each security level provides different limits for Babel transforms:| Security Level | Max Input | Max Output | Timeout | Allowed Presets |
|---|---|---|---|---|
STRICT | 100 KB | 500 KB | 5s | react only |
SECURE | 500 KB | 2 MB | 10s | typescript, react |
STANDARD | 1 MB | 5 MB | 15s | typescript, react |
PERMISSIVE | 5 MB | 25 MB | 30s | typescript, react, env |
Creating a Babel Enclave
Transform API
Inside the enclave, theBabel global provides a restricted transform API:
Transform Options
| Option | Type | Default | Description |
|---|---|---|---|
filename | string | 'input.tsx' | Filename for error messages |
presets | string[] | [] | Babel presets to apply |
sourceType | 'module' | 'script' | 'module' | How to parse the code |
Common Use Cases
Transform React Components
Transform TypeScript + JSX
Tool Integration for Dynamic Components
Error Handling
Babel transform errors are sanitized to prevent path leakage:Common Errors
| Error | Cause | Solution |
|---|---|---|
Preset "X" is not allowed | Using disallowed preset | Use preset from allowed list |
Code exceeds maximum size | Input too large | Reduce input or use higher security level |
Output exceeds maximum size | Transform produced too much output | Simplify input code |
Transform timed out | Compilation taking too long | Simplify code or increase timeout |
Code contains invalid null bytes | Malicious input | Clean input before transform |
Performance
Babel transforms are optimized with context caching:| Operation | Typical Latency | Throughput |
|---|---|---|
| Simple component (L1) | ~0.6ms | 1400+ transforms/sec |
| Props + types (L2) | ~0.9ms | 1100+ transforms/sec |
| Styled components (L3) | ~0.8ms | 1200+ transforms/sec |
| Composite patterns (L4) | ~1.2ms | 700+ transforms/sec |
| Complex TypeScript (L5) | ~2.2ms | 350+ transforms/sec |
Performance Tips
- Batch transforms - Transform multiple components in a single enclave run
- Reuse enclave - Don’t create/dispose for each transform
- Minimize types - Complex TypeScript types increase transform time
- Use STANDARD level - Good balance of security and performance
Direct API (Outside Enclave)
For server-side use without the full enclave sandbox, usecreateRestrictedBabel:
Related
- Overview - Enclave introduction
- Security Levels - Security profiles
- AgentScript Preset - AST validation for enclave code
- Tool System - Integrating tools with enclave