Skip to main content
Enclave provides a layered security architecture for executing untrusted JavaScript code. This page explains the system components and how they work together.

Core Components

@enclave-vm/ast

Static analysis and validation layer:
  • Pre-scanner - Catches DoS attacks before parsing
  • AST validation - Blocks dangerous constructs
  • Code transformation - Wraps code for safe execution

@enclave-vm/core

Runtime execution layer:
  • Sandboxed context - Isolated JavaScript environment
  • Resource limits - Timeout, iteration, memory limits
  • Tool routing - Controlled external interactions

Tools

Your application’s capabilities exposed to scripts:
  • Type-safe handlers - Validate inputs, sanitize outputs
  • Rate limiting - Control how often tools are called
  • Audit logging - Track all tool invocations

Defense-in-Depth Layers

Enclave uses a 6-layer security model: Each layer provides independent protection. Even if one layer is bypassed, subsequent layers catch the attack.

Deployment Architectures

Single Process (Embedded)

Simplest deployment - everything runs in one process:
Best for: Internal tools, low traffic, simplicity.

Worker Pool (Process Isolation)

Code runs in separate worker threads for stronger isolation:
Best for: Multi-tenant applications, untrusted code, memory isolation.

Distributed (3-Tier with EnclaveJS)

For production applications with streaming and real-time features:
  • Client - React hooks for real-time streaming UI
  • Broker - HTTP API, tool registry, session management
  • Runtime - Isolated code execution worker
Best for: Production SaaS, real-time UIs, horizontal scaling.

Data Flow

Request Flow

Tool Call Flow

When to Use Each Architecture