Core Components
@enclave-vm/ast
Static analysis and validation layer:- Pre-scanner - Catches DoS attacks before parsing
- AST validation - Blocks dangerous constructs
- Code transformation - Wraps code for safe execution
@enclave-vm/core
Runtime execution layer:- Sandboxed context - Isolated JavaScript environment
- Resource limits - Timeout, iteration, memory limits
- Tool routing - Controlled external interactions
Tools
Your application’s capabilities exposed to scripts:- Type-safe handlers - Validate inputs, sanitize outputs
- Rate limiting - Control how often tools are called
- Audit logging - Track all tool invocations
Defense-in-Depth Layers
Enclave uses a 6-layer security model:
Each layer provides independent protection. Even if one layer is bypassed, subsequent layers catch the attack.
Deployment Architectures
Single Process (Embedded)
Simplest deployment - everything runs in one process:Worker Pool (Process Isolation)
Code runs in separate worker threads for stronger isolation:Distributed (3-Tier with EnclaveJS)
For production applications with streaming and real-time features:- Client - React hooks for real-time streaming UI
- Broker - HTTP API, tool registry, session management
- Runtime - Isolated code execution worker
Data Flow
Request Flow
Tool Call Flow
When to Use Each Architecture
Related
- Security Model - 6-layer defense explained
- AgentScript - Language subset definition
- enclave-vm - Core library documentation
- EnclaveJS - Streaming runtime