# ABAP Enclave — companion kit A privacy-first, **air-gapped** AI toolkit for ABAP teams. Everything runs on your own hardware and network — **no ABAP source ever leaves the client network**, and there's no per-seat cloud-AI licence. ABAP Enclave is the open-source companion to the [ABAP Enclave service](https://lumivara.ca/services/abap-enclave), which tailors it to your landscape. It has two parts: 1. **The editor stack** — a locally hosted open-weight model (Ollama) wired into VS Code via Continue + the ABAP remote filesystem, with abaplint enforcing Clean ABAP. Stood up with one command (below). 2. **The `abap-enclave` CLI** — a pip-installable Python package (`cli/`) that the capability modules (ATC triage, test generation, documentation) plug into. It carries the shared ADT + Ollama clients so the modules stay thin. ## Install the editor stack (one command) Download this folder, then run the bootstrapper — it installs VS Code, Ollama + a code model, the extensions, and drops in the config. Re-run any time (it's idempotent); point it at your project with `-Workspace` / `--workspace`. ```powershell .\install.ps1 # Windows ``` ```sh ./install.sh # macOS / Linux ``` > Air-gapped / offline, a different model, or manual steps? See [Details](#details). ## Install the CLI ```sh cd cli pip install -e . # or: pipx install . abap-enclave --version abap-enclave --help cp abap-enclave.toml.example abap-enclave.toml # then edit (no secrets in it) abap-enclave doctor # shows resolved config + checks local Ollama ``` The capability subcommands register on this one CLI: | Command | What it does | |---------|--------------| | `abap-enclave atc-triage` | Explain ATC findings + suggest fixes (read-only). | | `abap-enclave gen-tests` | Draft ABAP Unit tests (dry-run by default). | | `abap-enclave gen-docs` | Document/explain legacy code (read-only by default). | ### Config schema `abap-enclave.toml` (env vars with prefix `ABAP_ENCLAVE_` override every value; the **password is never stored** — only `$ABAP_ENCLAVE_ADT_PASSWORD` or a prompt): ```toml [adt] host = "https://your-sap-host:44300" client = "100" user = "DEVELOPER" verify_tls = true [ollama] endpoint = "http://localhost:11434" model = "abap-enclave" timeout = 600 ``` ## Why zero-egress matters ABAP is your business logic. Cloud AI assistants send the code you're editing to a third-party API — a non-starter in regulated or air-gapped landscapes. ABAP Enclave keeps **the model, the prompts, the completions, and the source all local**: Ollama serves the model on `localhost`, Continue's telemetry is off, and the CLI's ADT client talks only to your on-prem system. ## What's inside (the installer uses these — you don't edit them) | File | Purpose | |------|---------| | `cli/` | The pip-installable `abap-enclave` package (foundation + capabilities). | | `Modelfile` | Ollama Modelfile — builds the `abap-enclave` model with a Clean ABAP / Clean Core system prompt. | | `continue/config.json` | Continue config — local Ollama, telemetry off, ABAP context providers. | | `abaplint.jsonc` | Clean-ABAP-leaning abaplint ruleset (commented). | | `.vscode/settings.json`, `.vscode/extensions.json` | Workspace settings + recommended extensions, telemetry off. | | `install.ps1`, `install.sh` | The one-command bootstrappers (online or air-gapped). | ## Details ### Offline / air-gapped The bootstrapper installs from a local `./vendor/` pack with no internet (`-Offline` / `--offline`); the scripts document the exact vendor layout. The CLI uses only the local Ollama endpoint and your on-prem ADT host — no egress. ### Foundation, then modules `cli/abap_enclave_core/` is the shared foundation: an ADT REST client, an Ollama client, a config loader, and output helpers. The capability modules add subcommands that reuse it — they don't duplicate the plumbing. Run the package's tests with `pip install -e ".[dev]" && pytest` (mocked; offline). ### No secrets This kit contains **no** hosts, users, passwords, or client-specific values — only placeholders. The ABAP Enclave service sets those up per developer. --- The [**ABAP Enclave service**](https://lumivara.ca/services/abap-enclave) stands the whole stack up for your team, benchmarks models on your hardware, wires it securely into your landscape, and tunes the ruleset — so the productivity uplift is real and the zero-egress guarantee holds.