Technology Stack

Core Dependencies

EnforceCore relies on a minimal set of high-quality dependencies to ensure stability and performance.

Dependency Version Purpose Why this one
Python 3.11, 3.12, 3.13 Runtime tomllib, TaskGroup, modern typing. Tested on all three versions in CI.
Pydantic >= 2.5 Policy models, validation Industry standard for data models in Python. V2 is significantly faster.
pydantic-settings >= 2.0 Configuration Clean config management via environment variables and files.
PyYAML >= 6.0 Policy file parsing The standard YAML parser for Python.
structlog >= 24.1 Structured logging Produces machine-readable JSON logs for audit trails.
cryptography >= 42.0 Merkle tree hashing Well-maintained, audited crypto library.

PII Redaction

Dependency Version Purpose Why this one
presidio-analyzer >= 2.2 PII entity detection Microsoft's battle-tested PII detection. Supports 10+ entity types and multiple languages.
presidio-anonymizer >= 2.2 PII redaction Pairs with analyzer for clean redaction strategies.

Optional Linux Hardening

Dependency Version Purpose Why this one
python-seccomp >= 0.1 Syscall filtering Linux-only. Provides bindings for kernel-level sandboxing via seccomp-bpf.

What We Explicitly Do NOT Use

We keep the core library lightweight and focused.

Technology Why not
FastAPI / Flask EnforceCore is a library, not a web service. No HTTP server needed.
SQLAlchemy v1.0 uses JSONL files for audit logs to avoid database dependencies.
Docker SDK Container management is out of scope for v1.0; we assume the agent is already containerized.
LangChain / LlamaIndex No hard dependencies on agent frameworks. Integrations are optional extras.
TensorFlow / PyTorch No heavy ML frameworks in the core. Policy evaluation is rule-based and fast.

Platform Support

Platform Core Resource Limits Syscall Sandbox
Linux (x86_64) ✅ Full ✅ Full ✅ Full
Linux (aarch64) ✅ Full ✅ Full ✅ Full
macOS (Apple Silicon) ✅ Full ⚠️ Partial ❌ N/A
Windows ✅ Full ⚠️ Basic ❌ N/A
Info

Note: The security-critical components (Policy, Enforcer, Redactor, Auditor) work on ALL platforms. Only the OS-level sandboxing features are Linux-specific.