- Extensive security testing - See security audit for details
- Defense in depth - 6 security layers for LLM-generated code
- Streaming runtime - Real-time event streaming with tool call support
- Zero-config - Works out of the box with sensible defaults
- TypeScript-first - Full type safety and excellent DX
npm install enclave-vm # Secure JS sandbox
npm install ast-guard # AST security validation
npm install vectoriadb # Vector searchnpm install @enclavejs/broker # Tool broker & session management
npm install @enclavejs/client # Browser/Node client SDK
npm install @enclavejs/react # React hooks & components| Package | Description |
|---|---|
enclave-vm |
Secure JavaScript sandbox with 6 security layers |
@enclavejs/broker |
Tool registry, secrets management, session API |
@enclavejs/client |
Browser & Node.js client for streaming sessions |
@enclavejs/react |
React hooks: useEnclaveSession, EnclaveProvider |
@enclavejs/runtime |
Deployable runtime worker (Lambda, Vercel, etc.) |
@enclavejs/types |
TypeScript types & Zod schemas |
@enclavejs/stream |
NDJSON streaming, encryption, reconnection |
ast-guard |
AST-based security validator |
vectoriadb |
Lightweight in-memory vector database |
import { Enclave } from 'enclave-vm';
const enclave = new Enclave({
securityLevel: 'SECURE',
toolHandler: async (name, args) => {
if (name === 'getUser') return { id: args.id, name: 'Alice' };
throw new Error(`Unknown tool: ${name}`);
},
});
const result = await enclave.run(`
const user = await callTool('getUser', { id: 123 });
return { greeting: 'Hello, ' + user.name };
`);
if (result.success) {
console.log(result.value); // { greeting: 'Hello, Alice' }
}
enclave.dispose();import { EnclaveProvider, useEnclaveSession } from '@enclavejs/react';
function App() {
return (
<EnclaveProvider brokerUrl="https://your-server.com">
<CodeRunner />
</EnclaveProvider>
);
}
function CodeRunner() {
const { execute, state, result, stdout } = useEnclaveSession();
const runCode = () =>
execute(`
const data = await callTool('fetchData', { id: 123 });
return data;
`);
return (
<div>
<button onClick={runCode} disabled={state === 'running'}>
{state === 'running' ? 'Running...' : 'Run Code'}
</button>
{stdout && <pre>{stdout}</pre>}
{result && <pre>{JSON.stringify(result, null, 2)}</pre>}
</div>
);
}See README-ARCHITECTURE.md for detailed architecture documentation covering:
- Deployment scenarios (embedded vs extracted runtime)
- Streaming protocol (NDJSON)
- Tool broker pattern
- Reference sidecar & auto-ref
- Security & encryption
Run the streaming demo locally:
npx nx demo streaming-demoThis starts 3 servers demonstrating the secure architecture:
- Client (port 4100) - Web UI
- Broker (port 4101) - Tool execution & session management
- Runtime (port 4102) - Sandboxed code execution
![@github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=64&v=4){kind=small}