Reference implementation
Read your inbox in a Nitro enclave.
Reply like Jack Sparrow.
Plaintext email content never leaves the enclave's trust boundary. The host process you're talking to right now can only see opaque ciphertext.
Browser↔Host (parent EC2)↔Nitro enclave
OAuth tokens, message bodies, generated drafts — all confined to the enclave. The host only persists v1-envelope ciphertext.