The Financial AI Tech Stack: Inside ChatFin's JavaScript VM
Exploring the security architecture behind running autonomous finance scripts, now available on GitHub for the community.
In the world of autonomous finance, "prompt injection" is not just a nuisance; it is a critical vulnerability. If an AI agent generates code to calculate a tax provision or reallocate a budget, how do you ensure that code doesn't also exfiltrate sensitive data or modify a restricted record?
The answer lies in sandboxing. Today, ChatFin Labs is open-sourcing our `javascript-vm` repository, the core technology we use to execute untrusted financial scripts securely and reliably.
The Danger of "Eval" in Finance
Many early AI implementations essentially take code generated by an LLM and run it directly in the application's runtime. This is the equivalent of handing your bank login to a stranger. A malicious prompt could trick the AI into accessing file systems or environment variables.
To prevent this, ChatFin processes all agent-generated calculations inside a strict virtual machine. This VM has no network access and no filesystem access, except for exactly what we explicitly pass into it.
Built on Isolated-VM
Our repository utilizes `isolated-vm`, a powerful Node.js library that allows for the creation of completely separate V8 isolates. This means the code runs in its own memory space. If the script crashes or runs an infinite loop, it doesn't take down the entire finance platform.
This architecture is similar to how serverless functions work but optimized for the lightweight, rapid-fire execution needed for real-time conversation agents.
TypeScript-First Development
The javascript-vm is written 100% in TypeScript. We believe that type safety is non-negotiable in financial engineering. The repository includes full type definitions, making it easy for developers to integrate it into their existing TypeScript projects.
By enforcing strict typing, we reduce the class of errors that often plague dynamic scripting environments, ensuring that "undefined" is never the result of a million-dollar calculation.
Debuggability with WebSocket Inspector
One of the hardest parts of working with sandboxed code is debugging it. It is a "black box." Our solution includes a WebSocket inspector server. This allows developers to attach Chrome DevTools directly to the isolated context.
This feature is a game-changer for auditing AI behaviors. You can step through the AI's generated code line-by-line to understand exactly how it arrived at a financial figure.
Why Open Source?
Security through obscurity is a failed strategy. By opening our execution engine, we invite the community to inspect our security model and help us make it bulletproof. We want javascript-vm to become the standard for safe execution in fintech.
Developers can now use this same engine to build their own internal tools where users or agents need to run custom logic safely.
Conclusion
As finance teams increasingly rely on "agentic" workflows, the underlying infrastructure must be secure by design. ChatFin's JavaScript VM provides that security layer.
We encourage security researchers and fintech engineers to star the repo and contribute.
Code Securely
Check out javascript-vm on GitHub to see how we sandbox financial AI.