Enclave
The Enclave sits between the IDE and any LLM. Every piece of context an AI agent or chat session would send to a model passes through the Enclave first. If the Enclave detects content that should not leave your environment, it blocks or redacts it before the request is made.
What It Scans
The Enclave scans all LLM context for:
| Category | Examples |
|---|---|
| High-entropy strings | API keys, tokens, private keys, secrets |
| Credential patterns | AWS access keys, JWT tokens, database connection strings, OAuth secrets |
| PII patterns | Email addresses, phone numbers, social security numbers, payment card numbers |
| Internal identifiers | Internal hostnames, IP ranges, service account names |
| Custom patterns | Regexes defined by the org admin |
Each detection is timestamped and logged in the Enclave event log, visible in the Console under Observe > Enclave.
BYOLLM
When BYOLLM is configured, requests route to the organisation's own model endpoint rather than any external provider. The Enclave still scans context before it leaves the IDE - even for internal endpoints. This ensures the scan record exists regardless of where the model runs.
For fully air-gapped deployments (on-premises), all inference stays inside the organisation's infrastructure. Nothing leaves the network.
Enforcement Modes
| Mode | Behavior |
|---|---|
| Block | Request is rejected. Developer sees an error with the reason. Nothing is sent. |
| Redact | Detected content is replaced with [REDACTED] before the request is sent. The model receives the redacted version. |
| Warn | Request is sent as-is. Developer sees a warning. Event is logged. |
| Log only | Request is sent as-is. Event is logged silently. No developer notification. |
Configure the enforcement mode per detection category in the Console under Manage > Enclave > Policies.
Sandbox Execution Monitoring
When Power Mode agents execute terminal commands, the Enclave monitors command output for credential patterns before that output is fed back to the agent as context. A curl response containing an API key will be flagged before the agent reads it.
This closes a common leakage path: a command produces output containing a secret, the output becomes agent context, the agent includes it in the next LLM request.
Developer Experience
When the Enclave blocks or redacts a request, the developer sees:
- A notification in the IDE status bar:
Enclave: 1 item blocked - A detailed view in the Enclave panel showing what was detected, which pattern matched, and what action was taken
- An option to request a policy exception (if the developer request workflow is enabled)
Blocked requests are not retried automatically. The developer must either remove the flagged content or request an exception from a compliance officer.
Configuring Custom Patterns
Add custom detection patterns in .inverse/enclave/patterns.json or in the Console under Manage > Enclave > Custom Patterns:
{
"patterns": [
{
"id": "internal-hostname",
"description": "Internal service hostnames",
"pattern": "\\b[a-z]+-service\\.internal\\b",
"action": "redact"
}
]
}Custom patterns are evaluated alongside built-in patterns. All matches are logged identically.
On-Premises Deployment
On an on-premises Enterprise instance, the Enclave runs entirely inside your infrastructure. No Enclave event data leaves your network. The Console displays the event log from your local Enclave service.
Last edited