Why Capsule
Capsule turns raw Nitro complexity into a product workflow. You focus on the application — Capsule handles the enclave infrastructure.
The Problem with Raw Nitro
AWS Nitro Enclaves provide strong hardware isolation, but every team using them directly must own the same set of infrastructure problems.
EC2 & Enclave Sizing
Picking instance classes, enclave memory and CPU split, and region topology for every application.
EIF Packaging
Building, launching, debugging, and managing the lifecycle through Nitro-specific tooling like nitro-cli.
Vsock & Networking
Designing the ingress/egress bridge between enclave and host without leaking complexity into the application.
Attestation Plumbing
Collecting runtime evidence, exposing it to verifiers, and building a reusable verification path.
Clock & Time
Handling wall-clock drift that breaks JWT validation, TLS certificate checks, and timestamp-dependent protocols.
Key Management
Building key derivation, sealing, signing, and wallet workflows without a ready-made KMS surface.
What Capsule Changes
Capsule absorbs the infrastructure complexity and gives developers a cleaner surface.
Run & Supervise
Run and supervise the enclave workload without every team owning the raw launch path. One command: capsule-cli run.
Ingress / Egress
Standardized traffic between enclave and host. Declare ports in capsule.yaml, Capsule sets up the vsock bridge.
Clock Sync
Automatic wall-clock synchronization — no app-specific plumbing required. Enabled by default.
Capsule API
Use HTTP APIs on 127.0.0.1 instead of binding app code directly to the Nitro SDK.
KMS / S3 / Wallet
Key management, encrypted object storage, and app wallets are already packaged into the runtime.
Mock Service
Develop and debug outside the enclave using the Capsule API mock, then deploy without rewriting.
Capsule vs. Alternatives
Where Capsule sits relative to raw Nitro, confidential VMs, and other TEE platforms.
Good Boundary, Missing Identity
Confidential VMs secure the cloud environment against the infrastructure operator. But they don't automatically prove which application is running. Nitro's launch measurements bind attestation to the enclave image — not just to VM boot integrity.
Strong but Manual
Nitro provides the strongest app-oriented launch identity on AWS, but the entire operations stack — EIF builds, vsock wiring, attestation collection, time sync, key management — falls on each team.
Nitro Made Practical
Capsule keeps Nitro's hardware isolation and attestation model while removing the bespoke infrastructure work. You get a Docker-based build, a rich runtime API, and a managed enclave lifecycle.
Who Should Use Capsule
AI / ML Teams
Protect prompts, model inputs, retrieval context, and execution policies inside confidential compute.
Fintech
Run risk engines, fraud detection, and scoring logic with a verifiable runtime boundary.
Web3 / DeFi
Confidential strategy execution, oracle backends, bridge relayers, and on-chain agents with protected off-chain logic.
Data Processing
Handle customer datasets and B2B transformations without exposing plaintext to operators.
Key Management
Keep signing flows closer to the enclave boundary with Nova KMS and app wallet support.
Secure Automation
Ship workflow engines where the decision logic itself should stay confidential.
The Nova Platform Pipeline
From a Docker app to a verifiable Nitro-backed service in five steps.
Code Locally
Start from the app template, open-source examples, or your own Docker app. Develop against the Capsule API mock service first.
Create & Register App
Create the app in the Nova Platform and establish its on-chain identity through the app registry.
Build & Enroll Version
Run the public build, capture PCR measurements, and enroll version metadata linking source to enclave image.
Deploy Instance
Choose region and tier. Nova provisions hardware, launches the enclave, and exposes a managed HTTPS endpoint.
Verify & Register Instance
Fetch runtime attestation, generate the off-chain proof, and complete on-chain verification and instance registration.