Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.redpill.ai/llms.txt

Use this file to discover all available pages before exploring further.

Verify in 5 Minutes

You shouldn’t trust our privacy claims. Here’s how to verify them yourself in under 5 minutes.

What You’re Verifying

When you verify, you’re proving:
  1. The code running is what we claim - Docker compose hash matches published source
  2. It’s running in real TEE hardware - Intel TDX / AMD SEV-SNP + NVIDIA GPU attestation
  3. Your specific request was processed there - Signed response with hardware-bound key

Quick Verification (2 minutes)

1. Install the Verifier

git clone https://github.com/redpill-ai/redpill-verifier.git
cd redpill-verifier/js
npm install && npm run build

2. Verify Attestation (No API Key Needed)

npx redpill-verifier attestation --model phala/gpt-oss-120b
Output: 
RedPill Verifier — TEE Attestation
  Model: phala/gpt-oss-120b

[Step 1] Intel TDX Quote
  OK    TDX quote verified

[Step 2] Report Data Binding
  OK    Signing key bound to TEE hardware
  OK    Nonce embedded in report data

[Step 3] GPU Attestation
  OK    GPU nonce matches
  OK    NVIDIA verdict: true

[Step 4] Compose Manifest
  OK    Compose hash matches mr_config

[Step 5] Sigstore Provenance
  OK    5556fb80b9528327... (HTTP 200)

  VERIFIED
  Provider: near-ai | Hardware: INTEL_TDX, NVIDIA_CC
If you see VERIFIED, the model is running in genuine TEE hardware.

Verify Your Chat Response (3 minutes)

Use RedPill as an OpenAI drop-in, then verify the response: 
import OpenAI from 'openai'
import { verify } from '@redpill-ai/verifier'

const openai = new OpenAI({ baseURL: 'https://api.redpill.ai/v1', apiKey: 'sk-xxx' })
const response = await openai.chat.completions.create({
  model: 'phala/gpt-oss-120b',
  messages: [{ role: 'user', content: 'Hello!' }],
})

// Verify the response came from a real TEE
const proof = await verify(response.id, {
  model: 'phala/gpt-oss-120b',
  apiKey: 'sk-xxx',
})

console.log(proof.verified)           // true
console.log(proof.signature.valid)    // true — ECDSA ecrecover
console.log(proof.provider)           // "near-ai"
console.log(proof.hardware)           // ["INTEL_TDX", "NVIDIA_CC"]

What Each Check Means

CheckWhat It Proves
Intel TDX quote verifiedCode runs in genuine Intel TDX CPU enclave
Report data binds signing addressSigning key is generated inside TEE
Report data embeds request nonceAttestation is fresh (not replayed)
GPU nonce matchesGPU attestation is for this specific request
NVIDIA verdictGPU is genuine H100/H200 with confidential computing
Compose hash matches mr_configRunning code matches the Docker compose shown
Sigstore provenanceContainer images have verified build provenance

Two Verification Modes

Light Mode (Default) — No Docker

Uses cloud APIs: Phala TDX verifier, NVIDIA NRAS, and optionally Automata on-chain DCAP. 
npx redpill-verifier attestation --model phala/gpt-oss-120b

Deep Mode — Trust Only Intel Silicon

Uses dstack-verifier (Rust + QEMU) to independently replay boot measurements. Requires Docker. 
# Start dstack-verifier
docker compose up -d

# Run with deep verification
npx redpill-verifier attestation --model phala/qwen-2.5-7b-instruct --deep
Deep mode verifies all three TEE components independently: model, KMS, and gateway.

Multi-Provider Support

RedPill routes to different TEE providers. The verifier auto-detects and applies provider-specific checks.
ProviderExample ModelsHardware
Chutesz-ai/glm-5.1, moonshotai/kimi-k2.6, deepseek/deepseek-v3.2Intel TDX + NVIDIA CC
Near AIz-ai/glm-5, deepseek/deepseek-chat-v3.1, openai/gpt-oss-120bIntel TDX + NVIDIA CC
Phalaphala/qwen3.5-27b, phala/qwen3-vl-30b-a3b-instruct, phala/gpt-oss-20bIntel TDX + NVIDIA CC
Tinfoilmeta-llama/llama-3.3-70b-instructIntel TDX or AMD SEV-SNP
Use GET /v1/models for the live model catalog. Tinfoil models are listed as GPU TEE models, but RedPill’s attestation endpoint currently returns provider errors for the Tinfoil catalog entries, so do not rely on /v1/attestation/report for Tinfoil until the endpoint returns a supported Tinfoil format.

API Verification Flow

If you are implementing verification in your own service, use the same order:
  1. Send POST /v1/chat/completions and store the exact request body plus response body.
  2. Fetch GET /v1/signature/{request_id}?model=....
  3. Verify the signed request_hash:response_hash against your stored bodies.
  4. Verify the signature and signer address.
  5. Generate a fresh 32-byte nonce.
  6. Fetch GET /v1/attestation/report?model=...&nonce=...&signing_address=....
  7. Verify the TDX quote, NVIDIA attestation, nonce, and signer binding.
Attestation answers “is this model server a genuine TEE?” Signature verification answers “did that TEE sign my exact response?” Production verification should do both.

On-Chain Verification

Verify the TDX quote trustlessly via Ethereum smart contracts — no API trust needed: 
npx redpill-verifier attestation --model phala/gpt-oss-120b --network sepolia
Store proof permanently on-chain: 
npx redpill-verifier store \
  --private-key 0x... \
  --proof-store 0x83541AD3f380De2b28E0108d4Da934236342B02b \
  --network sepolia

How It Works

1

Generate fresh nonce

Verifier creates a random 32-byte hex nonce to prevent replay attacks
2

Auto-detect provider

Queries /v1/models to identify if model runs on Phala, NearAI, Chutes, or Tinfoil
3

Fetch attestation

Request attestation from /v1/attestation/report?model=...&nonce=...
4

Verify TDX/SEV-SNP quote

Light: submit to Phala’s verification service. Deep: replay via dstack-verifier (QEMU)
5

Verify GPU attestation

Submit GPU payload to NVIDIA NRAS service
6

Provider-specific checks

Tinfoil: hardware policy + Sigstore golden values. Chutes: anti-tamper binding. Phala: compose manifest
7

Optional: on-chain DCAP

Verify via Automata smart contract for trustless proof

CI/CD Integration

# .github/workflows/verify-tee.yml
name: Verify TEE Attestation

on:
  schedule:
    - cron: '0 * * * *'  # Every hour
  workflow_dispatch:

jobs:
  verify:
    runs-on: ubuntu-latest
    steps:
      - name: Setup verifier
        run: |
          git clone https://github.com/redpill-ai/redpill-verifier.git
          cd redpill-verifier/js && npm install && npm run build

      - name: Verify models
        run: |
          cd redpill-verifier/js
          npx redpill-verifier attestation --model phala/gpt-oss-120b --light --skip-onchain

What If Verification Fails?

Cause: Quote couldn’t be validated against Intel’s root certificates.Action: Could be network issue. Retry. If persistent, the hardware may not be genuine TEE.
Cause: Attestation may be replayed from old request.Action: Generate new nonce and try again. If persistent, contact security@redpill.ai.
Cause: Running code doesn’t match the Docker compose manifest.Action: Check for recent updates. If mismatch persists, stop using and report to security@redpill.ai.
Cause: GPU attestation failed NVIDIA verification.Action: GPU may not be genuine H100/H200 TEE. Report to security@redpill.ai.
Cause: The model’s backend may be temporarily unavailable.Action: Try a different model from the same provider, or retry in a few minutes.

Next Steps

Full Attestation Guide

Deep dive into attestation format

Signature Verification

Verify individual request signatures

GitHub Repo

View verifier source code

Threat Model

Understand what we protect against