Neural Inverse is Open Source →
DocsEnclave

Enclave

The Enclave sits between the IDE and any LLM. Every piece of context an AI agent or chat session would send to a model passes through the Enclave first. If the Enclave detects content that should not leave your environment, it blocks or redacts it before the request is made.

What It Scans

The Enclave scans all LLM context for:

CategoryExamples
High-entropy stringsAPI keys, tokens, private keys, secrets
Credential patternsAWS access keys, JWT tokens, database connection strings, OAuth secrets
PII patternsEmail addresses, phone numbers, social security numbers, payment card numbers
Internal identifiersInternal hostnames, IP ranges, service account names
Custom patternsRegexes defined by the org admin

Each detection is timestamped and logged in the Enclave event log, visible in the Console under Observe > Enclave.

BYOLLM

When BYOLLM is configured, requests route to the organisation's own model endpoint rather than any external provider. The Enclave still scans context before it leaves the IDE - even for internal endpoints. This ensures the scan record exists regardless of where the model runs.

For fully air-gapped deployments (on-premises), all inference stays inside the organisation's infrastructure. Nothing leaves the network.

Enforcement Modes

ModeBehavior
BlockRequest is rejected. Developer sees an error with the reason. Nothing is sent.
RedactDetected content is replaced with [REDACTED] before the request is sent. The model receives the redacted version.
WarnRequest is sent as-is. Developer sees a warning. Event is logged.
Log onlyRequest is sent as-is. Event is logged silently. No developer notification.

Configure the enforcement mode per detection category in the Console under Manage > Enclave > Policies.

Sandbox Execution Monitoring

When Power Mode agents execute terminal commands, the Enclave monitors command output for credential patterns before that output is fed back to the agent as context. A curl response containing an API key will be flagged before the agent reads it.

This closes a common leakage path: a command produces output containing a secret, the output becomes agent context, the agent includes it in the next LLM request.

Developer Experience

When the Enclave blocks or redacts a request, the developer sees:

  • A notification in the IDE status bar: Enclave: 1 item blocked
  • A detailed view in the Enclave panel showing what was detected, which pattern matched, and what action was taken
  • An option to request a policy exception (if the developer request workflow is enabled)

Blocked requests are not retried automatically. The developer must either remove the flagged content or request an exception from a compliance officer.

Configuring Custom Patterns

Add custom detection patterns in .inverse/enclave/patterns.json or in the Console under Manage > Enclave > Custom Patterns:

{
  "patterns": [
    {
      "id": "internal-hostname",
      "description": "Internal service hostnames",
      "pattern": "\\b[a-z]+-service\\.internal\\b",
      "action": "redact"
    }
  ]
}

Custom patterns are evaluated alongside built-in patterns. All matches are logged identically.

On-Premises Deployment

On an on-premises Enterprise instance, the Enclave runs entirely inside your infrastructure. No Enclave event data leaves your network. The Console displays the event log from your local Enclave service.


Was this page helpful?

Last edited