Technology Stack
Core Dependencies
EnforceCore relies on a minimal set of high-quality dependencies to ensure stability and performance.
| Dependency |
Version |
Purpose |
Why this one |
| Python |
3.11+ |
Runtime |
Walrus operator, tomllib, TaskGroup, modern typing. 3.11+ is standard in AI/ML. |
| Pydantic |
>= 2.5 |
Policy models, validation |
Industry standard for data models in Python. V2 is significantly faster. |
| pydantic-settings |
>= 2.0 |
Configuration |
Clean config management via environment variables and files. |
| PyYAML |
>= 6.0 |
Policy file parsing |
The standard YAML parser for Python. |
| structlog |
>= 24.1 |
Structured logging |
Produces machine-readable JSON logs for audit trails. |
| cryptography |
>= 42.0 |
Merkle tree hashing |
Well-maintained, audited crypto library. |
PII Redaction
| Dependency |
Version |
Purpose |
Why this one |
| presidio-analyzer |
>= 2.2 |
PII entity detection |
Microsoft's battle-tested PII detection. Supports 10+ entity types and multiple languages. |
| presidio-anonymizer |
>= 2.2 |
PII redaction |
Pairs with analyzer for clean redaction strategies. |
Optional Linux Hardening
| Dependency |
Version |
Purpose |
Why this one |
| python-seccomp |
>= 0.1 |
Syscall filtering |
Linux-only. Provides bindings for kernel-level sandboxing via seccomp-bpf. |
What We Explicitly Do NOT Use
We keep the core library lightweight and focused.
| Technology |
Why not |
| FastAPI / Flask |
EnforceCore is a library, not a web service. No HTTP server needed. |
| SQLAlchemy |
v1.0 uses JSONL files for audit logs to avoid database dependencies. |
| Docker SDK |
Container management is out of scope for v1.0; we assume the agent is already containerized. |
| LangChain / LlamaIndex |
No hard dependencies on agent frameworks. Integrations are optional extras. |
| TensorFlow / PyTorch |
No heavy ML frameworks in the core. Policy evaluation is rule-based and fast. |
Platform Support
| Platform |
Core |
Resource Limits |
Syscall Sandbox |
| Linux (x86_64) |
✅ Full |
✅ Full |
✅ Full |
| Linux (aarch64) |
✅ Full |
✅ Full |
✅ Full |
| macOS (Apple Silicon) |
✅ Full |
⚠️ Partial |
❌ N/A |
| Windows |
✅ Full |
⚠️ Basic |
❌ N/A |
Info
Note: The security-critical components (Policy, Enforcer, Redactor, Auditor) work on ALL platforms. Only the OS-level sandboxing features are Linux-specific.
