Skip to main content
This guide walks you through building your first secure code execution environment with Enclave. By the end, you’ll have a working sandbox that safely executes untrusted JavaScript with tool access.

Prerequisites

  • Node.js 22 or later
  • npm, pnpm, or yarn

Step 1: Install Packages

Step 2: Create Your First Sandbox

Create a new file sandbox.ts:

Step 3: Run It

You should see:

What Just Happened?

  1. AST Validation - Before executing, Enclave validated the code using ast-guard to block dangerous constructs like eval, process, and prototype manipulation.
  2. Code Transformation - The code was wrapped in a safe execution context with rate-limited loops and proxied tool calls.
  3. Sandboxed Execution - The code ran in an isolated Node.js vm context with no access to the host environment.
  4. Tool Calls - The script called your tools through a controlled interface, letting you audit and control all external interactions.

Security Levels

Enclave provides preset security levels. The most common:

What’s Blocked?

AgentScript (the language subset Enclave uses) blocks:
  • eval, Function, setTimeout, setInterval
  • process, require, import
  • window, global, globalThis
  • __proto__, constructor, prototype
  • User-defined functions (prevents recursion bombs)
  • while and do-while loops (prevents infinite loops)
See AgentScript for the full language definition.

Next Steps

Concepts

Understand the architecture and security model

@enclave-vm/core

Deep dive into configuration and features

Guides

Build a complete AI agent with tools

Examples

Copy-paste examples for common use cases