Skip to main content
This page documents all configuration options for @enclave-vm/core.

Quick Example

import { Enclave } from '@enclave-vm/core';

const enclave = new Enclave({
  // Security level preset
  securityLevel: 'SECURE',

  // Core limits
  timeout: 10000,
  maxToolCalls: 50,
  maxIterations: 5000,

  // Tool handler
  toolHandler: async (name, args) => {
    return executeToolSafely(name, args);
  },

  // Additional options
  globals: { context: { userId: 'user-123' } },
  validate: true,
  transform: true,
});

Core Options

OptionTypeDefaultDescription
securityLevelstring'STANDARD'Preset: STRICT, SECURE, STANDARD, PERMISSIVE
timeoutnumber30000Maximum execution time in milliseconds
maxToolCallsnumber100Maximum tool calls per execution
maxIterationsnumber10000Maximum loop iterations (prevents infinite loops)
toolHandlerfunction-Async function that handles callTool() invocations
globalsobject-Additional globals available in script context
validatebooleantrueValidate code with ast-guard before execution
transformbooleantrueTransform code before execution

Console Limits

OptionTypeDefaultDescription
maxConsoleOutputBytesnumber1MBMaximum total console output in bytes
maxConsoleCallsnumber1000Maximum number of console calls

Memory Tracking

OptionTypeDefaultDescription
memoryLimitnumber-Memory limit in bytes (enables tracking)
const enclave = new Enclave({
  memoryLimit: 32 * 1024 * 1024, // 32MB
});

const result = await enclave.run(code);
console.log('Peak memory:', result.stats.memoryUsage);

Reference Sidecar

OptionTypeDefaultDescription
sidecar.enabledbooleanfalseEnable sidecar for large data handling
sidecar.maxTotalSizenumber10MBMaximum total size of stored references
sidecar.maxReferenceSizenumber1MBMaximum size of a single reference
sidecar.extractionThresholdnumber1024Minimum string size to extract
sidecar.allowCompositesbooleanfalseAllow string concatenation with references
const enclave = new Enclave({
  sidecar: {
    enabled: true,
    extractionThreshold: 1024,
    maxTotalSize: 50 * 1024 * 1024,
    allowComposites: false,
  },
});

Double VM Layer

OptionTypeDefaultDescription
doubleVm.enabledbooleantrueEnable nested VM isolation
doubleVm.parentTimeoutBuffernumber1000Extra timeout for parent VM (ms)
doubleVm.parentValidation.validateOperationNamesbooleantrueValidate tool names
doubleVm.parentValidation.allowedOperationPatternRegExp-Whitelist pattern for tool names
doubleVm.parentValidation.blockedOperationPatternsRegExp[]-Blacklist patterns
doubleVm.parentValidation.maxOperationsPerSecondnumber100Rate limiting
doubleVm.parentValidation.blockSuspiciousSequencesbooleantrueDetect attack patterns
doubleVm.parentValidation.suspiciousPatternsarray-Custom detection patterns
const enclave = new Enclave({
  doubleVm: {
    enabled: true,
    parentValidation: {
      validateOperationNames: true,
      blockedOperationPatterns: [/^admin:/i],
      maxOperationsPerSecond: 50,
    },
  },
});

AI Scoring Gate

OptionTypeDefaultDescription
scoringGate.scorerstring'disabled'Scorer type: disabled, rule-based, local-llm, external-api
scoringGate.blockThresholdnumber70Score to block execution
scoringGate.warnThresholdnumber40Score to log warning
scoringGate.failOpenbooleantrueAllow execution if scoring fails
scoringGate.externalApi.endpointstring-External API endpoint
scoringGate.externalApi.apiKeystring-API key for external service
scoringGate.externalApi.timeoutMsnumber5000API timeout
scoringGate.customAnalyzersarray-Custom analysis functions
const enclave = new Enclave({
  scoringGate: {
    scorer: 'rule-based',
    blockThreshold: 70,
    warnThreshold: 40,
  },
});

Worker Pool Adapter

OptionTypeDefaultDescription
adapterstring'vm'Adapter: vm or worker_threads
workerPoolConfig.minWorkersnumber2Minimum workers to keep warm
workerPoolConfig.maxWorkersnumber8Maximum concurrent workers
workerPoolConfig.memoryLimitPerWorkernumber256MBMemory limit per worker
workerPoolConfig.maxExecutionsPerWorkernumber1000Executions before worker recycle
workerPoolConfig.maxQueueSizenumber100Maximum pending executions
workerPoolConfig.maxMessagesPerSecondnumber1000Message flood protection
const enclave = new Enclave({
  adapter: 'worker_threads',
  workerPoolConfig: {
    minWorkers: 2,
    maxWorkers: 16,
    memoryLimitPerWorker: 256 * 1024 * 1024,
  },
});

Security Options

OptionTypeDefaultDescription
sanitizeStackTracesbooleanvariesRemove internal paths from stack traces
blockTimingAPIsbooleanvariesBlock Date, performance timing
allowUnboundedLoopsbooleanvariesAllow while/do-while loops
unicodeSecurityCheckbooleanvariesCheck for Unicode attacks

Execution Result

The run() method returns: 
interface ExecutionResult<T> {
  success: boolean;
  value?: T;              // Result value (if success)
  error?: {
    name: string;
    message: string;
    code: string;         // Error code (see below)
    stack?: string;
    data?: unknown;       // Additional error context
  };
  stats: {
    duration: number;      // Execution time (ms)
    toolCallCount: number; // Tool calls made
    iterationCount: number; // Loop iterations
    memoryUsage?: number;  // Peak memory (if tracked)
    sidecar?: {
      referencesCreated: number;
      totalBytesStored: number;
      resolutionCount: number;
    };
  };
}

Error Codes

CodeDescription
VALIDATION_ERRORAST validation failed
EXECUTION_ERRORRuntime error in script
TIMEOUTExecution exceeded timeout
TOOL_ERRORTool call failed
MAX_TOOL_CALLSTool call limit exceeded
MAX_ITERATIONSLoop iteration limit exceeded
MEMORY_LIMIT_EXCEEDEDMemory limit exceeded
SCORING_BLOCKEDBlocked by scoring gate
SIDECAR_SIZE_EXCEEDEDSidecar storage limit exceeded
SIDECAR_COMPOSITE_BLOCKEDString concatenation blocked