Skip to main content

Python SDK for TNG — direct OHTTP encryption for confidential AI

Project description

cohere-tng

Python SDK for TNG — drop-in OHTTP encryption for httpx with TEE attestation verification. Built as a native Rust extension via PyO3.

Install

pip install cohere-tng

Usage

Sync

import httpx
import cohere_tng

transport = cohere_tng.Transport(verify={
    "model": "passport",
    "as_provider": "ita",
    "ita_jwks_addr": "https://portal.trustauthority.intel.com",
    "policy_ids": ["my-policy"],
})

with httpx.Client(transport=transport) as client:
    resp = client.get("https://api.example.com/v1/chat")
    print(resp.json())

    # Attestation token is available as a response header
    token = resp.headers.get("x-tng-attestation-token")

Async

import httpx
import cohere_tng

transport = cohere_tng.AsyncTransport(verify={
    "model": "passport",
    "as_provider": "ita",
    "ita_jwks_addr": "https://portal.trustauthority.intel.com",
    "policy_ids": ["my-policy"],
})

async with httpx.AsyncClient(transport=transport) as client:
    resp = await client.get("https://api.example.com/v1/chat")
    print(resp.json())

Response streaming

with httpx.Client(transport=transport) as client:
    with client.stream("POST", url, json=payload) as resp:
        for chunk in resp.iter_bytes():
            process(chunk)

Request streaming

Request bodies provided as generators are streamed through OHTTP without buffering the entire payload in memory:

def audio_chunks():
    with open("recording.wav", "rb") as f:
        while chunk := f.read(8192):
            yield chunk

with httpx.Client(transport=transport) as client:
    resp = client.post(url, content=audio_chunks())

Configuration

Both verify and ohttp follow the same schema as TNG's configuration.

  • verify (required) — Attestation verification config dict. Pass None to explicitly disable verification — not recommended for production.
  • ohttp (optional) — OHTTP config dict (forward_headers, tls_ca_certs, etc.).

Development

python3 -m venv .venv
.venv/bin/pip install maturin httpx
.venv/bin/maturin develop
.venv/bin/pytest tests/

How it works

The cohere-tng package embeds TNG's Rust OHTTP implementation directly into the Python process via PyO3. When you make a request through cohere_tng.Transport:

  1. The TEE running the TNG egress is verified via remote attestation (e.g. Intel Trust Authority) before any data is sent.
  2. The request is encrypted using OHTTP (Oblivious HTTP) in-process.
  3. The encrypted payload is sent to the TNG egress inside the verified TEE.
  4. The egress decrypts and forwards the request to the actual backend.
  5. The response follows the reverse path, decrypted in-process before being returned to httpx. The attestation token is included as an x-tng-attestation-token response header.

Both request and response bodies are streamed — large payloads are never fully buffered in memory.

Acknowledgements

cohere-ai/tng is a fork of inclavare-containers/tng. Licensed under Apache-2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

cohere_tng-0.5.0-cp38-abi3-manylinux_2_28_aarch64.whl (6.5 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.28+ ARM64

cohere_tng-0.5.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (6.6 MB view details)

Uploaded CPython 3.8+manylinux: glibc 2.17+ x86-64

cohere_tng-0.5.0-cp38-abi3-macosx_11_0_arm64.whl (5.8 MB view details)

Uploaded CPython 3.8+macOS 11.0+ ARM64

cohere_tng-0.5.0-cp38-abi3-macosx_10_12_x86_64.whl (6.0 MB view details)

Uploaded CPython 3.8+macOS 10.12+ x86-64

File details

Details for the file cohere_tng-0.5.0-cp38-abi3-manylinux_2_28_aarch64.whl.

File metadata

File hashes

Hashes for cohere_tng-0.5.0-cp38-abi3-manylinux_2_28_aarch64.whl
Algorithm Hash digest
SHA256 da9256d82b8e5a1d5ec23c06b03076e525ad4a6ffd7c7e4a49b898229ff3c591
MD5 af49a50c18aee5e8496cb8d777ead553
BLAKE2b-256 291330d782e48c1466e8b43522b362f3d4fc29fd2237a63a86f1e32d73b5d90f

See more details on using hashes here.

Provenance

The following attestation bundles were made for cohere_tng-0.5.0-cp38-abi3-manylinux_2_28_aarch64.whl:

Publisher: co-build-python.yml on cohere-ai/TNG

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cohere_tng-0.5.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl.

File metadata

File hashes

Hashes for cohere_tng-0.5.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Algorithm Hash digest
SHA256 5539bca8095d13545624d54f69d6e9b135fe84059cfb73b20c334a69583642d6
MD5 ce6ac35df240b141fb5b95fdc01fb60e
BLAKE2b-256 ad697b378bc6754eb38167f5965fb8d57fadc83e91110ec78b26342b1ed59d9d

See more details on using hashes here.

Provenance

The following attestation bundles were made for cohere_tng-0.5.0-cp38-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl:

Publisher: co-build-python.yml on cohere-ai/TNG

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cohere_tng-0.5.0-cp38-abi3-macosx_11_0_arm64.whl.

File metadata

File hashes

Hashes for cohere_tng-0.5.0-cp38-abi3-macosx_11_0_arm64.whl
Algorithm Hash digest
SHA256 3643f1c48e3c62521780581430bd9597378545ed27315b1629de1214a7244b61
MD5 acd72f1ea76219c52efb46cf98f4fb69
BLAKE2b-256 ca9582af946b3a5b88114be24457d31abec5103342f583e1d875f1b306ca326e

See more details on using hashes here.

Provenance

The following attestation bundles were made for cohere_tng-0.5.0-cp38-abi3-macosx_11_0_arm64.whl:

Publisher: co-build-python.yml on cohere-ai/TNG

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file cohere_tng-0.5.0-cp38-abi3-macosx_10_12_x86_64.whl.

File metadata

File hashes

Hashes for cohere_tng-0.5.0-cp38-abi3-macosx_10_12_x86_64.whl
Algorithm Hash digest
SHA256 880aa05da62cc837d06d9f0d510f995b355580943495259988312ef9ab619730
MD5 ad4f37da2f32d83ec0cf28600fa698cd
BLAKE2b-256 87dc080d0463a8b91a2f53f4bb639dfa923faf8bd6fae34bb73ad888f7343d6f

See more details on using hashes here.

Provenance

The following attestation bundles were made for cohere_tng-0.5.0-cp38-abi3-macosx_10_12_x86_64.whl:

Publisher: co-build-python.yml on cohere-ai/TNG

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page