Skip to content

Configuration

The SDK requires an explicit configuration. No defaults are applied.

Core configuration

const axiom = new Axiom({
  securityTier: "standard" | "attested",
  enclave: "none" | "auto" | "required",
  policyVersion: "v1",
  platform: {
    type: "sev-snp",
    verificationMode: "strict" | "permissive",
  },
});

Configuration checklist

  • Always set policyVersion: "v1"
  • Use securityTier: "standard" for software-only transformation
  • Use securityTier: "attested" only if you need verification evidence
  • Use enclave: "auto" for dev/test (simulator fallback)

Security tiers

Tier Description Attestation Use case
standard Software boundary only No Development, non-sensitive workloads
attested TEE-backed execution (preview) Yes High-assurance workflows

Enclave modes

Mode Behavior Attested tier
none Never use enclave Invalid config
auto Prefer native; fallback to simulator Native if available, otherwise simulator
required Must use native enclave Fail if native unavailable

Note: enclave only applies when securityTier is attested.

Platform options

  • type: currently "sev-snp" only
  • verificationMode: "strict" — all claims must pass
  • verificationMode: "permissive" — allow warnings (simulator)

Note: verificationMode is a consumer hint and is not enforced by the SDK.

Output fields

Attested tier returns attestationEvidence and verificationHint in the result.

Configuration validation

The SDK throws ConfigurationError if:

  • securityTier is not "standard" or "attested"
  • enclave is not "auto", "required", or "none"
  • policyVersion is not "v1"
  • securityTier is "attested" and enclave is "none"

Prev: Quickstart | Next: Attested Mode