Credential lifecycle management for the Latch Enclave. Tracks expiry, validates credentials against upstream services, records usage metadata. Use when working on credential health checks, token rotation, or service authentication status.
LLM-assisted data classification for the Latch Enclave proxy. Covers prompt building, response parsing, tier validation, and the DataClassifier class. Use when working on data classification, sensitivity tiers, content analysis, or LLM-driven data labeling in the enclave pipeline.
Domain-based egress filtering for the Latch Enclave proxy. Matches outbound requests to registered services, enforces data tier access, injects credentials into headers, scans for credential leaks, and enforces path/method scoping with glob patterns. Use when working on proxy request evaluation, network policy enforcement, or fine-grained service access control.
Per-session HTTP proxy for the Latch Enclave. Gates outbound requests by domain/service, injects credentials, enforces path/method scoping, scans for credential leaks, logs all traffic for audit. Use when working on proxy lifecycle, network gating, leak prevention, or enclave session setup.
Audit logging and session attestation for the Latch Enclave. Covers hash-chained proxy audit events, Merkle tree proofs, session receipts, PR annotations, and tamper-evident logging. Use when working on audit trails, session receipts, compliance proofs, inclusion proofs, PR annotation, or the attestation engine.
Binary Merkle tree utility with domain-separated hashing for the Latch Enclave attestation system. Provides O(log n) inclusion proofs and consistency proofs for tamper-evident audit logging. Use when working on Merkle roots, audit event proofs, log consistency verification, or attestation store Merkle integration.
GitHub PR attestation comment service for Latch Enclave. Posts session receipts as Markdown comments on GitHub PRs via the REST API. Use when working on PR annotations, attestation comments, or GitHub integration for session receipts.
Manages enclave sandbox lifecycle and environment configuration for Latch sessions. Builds proxy-routed environments with credential injection, detects sandbox backends (Docker/Seatbelt/bubblewrap). Use when working on session sandbox setup, environment configuration, or enclave security hardening.