TEE-attested execution (AWS Nitro Enclaves / Intel TDX)
Project description
aimarket-tee
Documentation
| Document | Description |
|---|---|
| User guide | Install, configure, verify plugin is loaded |
| User cases | Personas and cross-plugin workflows |
| SDK integration | Code examples and hook behavior |
TEE-attested execution for AI capabilities. AWS Nitro Enclaves / Intel TDX. Before invoke, the server sends a cryptographic attestation report: "this code runs in an encrypted hardware enclave. I physically cannot see your input." Receipts are signed by the enclave key. Unlocks enterprise, legal, medical, and finance verticals.
When to Use
- Confidential AI processing — consumer sends sensitive data (PII, legal docs, medical records), provider can't see it
- Enterprise compliance (GDPR/HIPAA/FedRAMP) — attestation report proves code integrity and data isolation
- Third-party model hosting — model owner deploys to enclave, hub operator can't extract weights
- Regulated industries — prove to auditors that execution happened in certified hardware
Installation
pip install aimarket-tee
API Endpoints
No additional API endpoints. Activated automatically via invoke flow — attestation is attached to every invocation response.
End-to-End Example
from aimarket_tee.tee_attestation import TEEAttestationService, EnclavePlatform
service = TEEAttestationService(platform=EnclavePlatform.AWS_NITRO)
# Execute capability inside enclave — provider sees only hashes
result = service.execute_with_attestation(
capability_id="legal.review@v1",
product_id="prod-legal",
input_payload={"documents": {"nda": "CONFIDENTIAL: review this NDA..."}},
code_identifier="legal-review-v2.0.0-githash-abc123",
price_usd=5.00
)
print(result["attestation"]["platform"]) # aws_nitro
print(result["attestation"]["code_hash"]) # sha256 of code
print(result["receipt"]["input_hash"]) # sha256 of input (provider never sees plaintext)
print(result["enterprise_compliance"]["gdpr"]) # "Input never leaves enclave in plaintext"
Security
- Code hash verification — consumer verifies the exact code running in enclave
- Input confidentiality — provider sees only SHA-256(input), never plaintext
- Output signed by enclave key — verifiable proof of correct execution
- Attestation TTL — 5 minutes by default, prevents replay attacks
License
MIT · Maintained by AI-Factory
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aimarket_tee-2.0.0.tar.gz.
File metadata
- Download URL: aimarket_tee-2.0.0.tar.gz
- Upload date:
- Size: 3.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
375a6ad33e11cf5917ae4e9411f1f4c97ab07aca8834833b2527b7a0a7805e75
|
|
| MD5 |
ddb269a37e08f33bf6c64ff30fe73d1a
|
|
| BLAKE2b-256 |
c29a9b2ad17572a5f24924c3aba808765e143fb5105e83e0b959f0aa9db2f472
|
File details
Details for the file aimarket_tee-2.0.0-py3-none-any.whl.
File metadata
- Download URL: aimarket_tee-2.0.0-py3-none-any.whl
- Upload date:
- Size: 4.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.6
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ef84c8ff3383dd6490afc53b614f1ea364e783eab89d31bd47f6589bdaadebcd
|
|
| MD5 |
d68b358d2e9540045ebf61a36fbfa963
|
|
| BLAKE2b-256 |
7222d654178e91de0cac6b6326f37efd6f22ef3314c9db7dbd24b98c691ebd38
|