Skip to content

tinfoilanalytics/tinfoil-cli

BranchesTags

Repository files navigation

Tinfoil CLI

A command-line interface for making verified HTTP requests to Tinfoil enclaves and validating attestation documents.

Installation

Pre-built binaries

Download the latest release for your OS from the Releases page.

Build from source

  1. Ensure you have Go installed.
  2. Clone the repository:
git clone https://github.com/tinfoilanalytics/tinfoil-cli.git
cd tinfoil-cli
  1. Build the binary:
go build -o tinfoil
  1. (Optional) Move the binary to your PATH:
sudo mv tinfoil /usr/local/bin/

Command Reference

Usage:
  tinfoil [command]

Available Commands:
  attestation Attestation commands
  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  http        Make verified HTTP requests

Flags:
  -e, --enclave-host string   Enclave hostname (default "models.default.tinfoil.sh")
  -h, --help                  help for tinfoil
  -r, --repo string           Source repo (default "tinfoilanalytics/default-models-nitro")

Use "tinfoil [command] --help" for more information about a command.

Verified HTTP Requests

Make requests to enclave endpoints with automatic attestation verification.

GET Request

tinfoil http get "https://{ENCLAVE_HOST}/endpoint" \
  -e models.default.tinfoil.sh \
  -r tinfoilanalytics/default-models-nitro

POST Request

tinfoil http post "https://{ENCLAVE_HOST}/endpoint" \
  -e models.default.tinfoil.sh \
  -r tinfoilanalytics/default-models-nitro \
  -b '{"input_data": "example"}'

Flags:

  • -e, --enclave-host: The hostname of the enclave.
  • -r, --repo: GitHub source repo containing code measurements.
  • -b, --body: Request body (POST only)

Attestation Verification

Validate that the enclave is running authorized code.

Sample successful output:

$ tinfoil attestation verify \
  -e models.default.tinfoil.sh \
  -r tinfoilanalytics/default-models-nitro
INFO[0000] Fetching latest release for tinfoilanalytics/default-models-nitro 
INFO[0000] Fetching sigstore bundle from v0.0.2 for latest version tinfoilanalytics/default-models-nitro EIF 906162aef9fb2d4731433421ae6050840a867ee4b7b9302ada6228a809e0cab5 
INFO[0000] Fetching trust root                          
INFO[0000] Verifying code measurements                  
INFO[0000] Fetching attestation doc from models.default.tinfoil.sh 
INFO[0001] Verifying enclave measurements               
INFO[0001] Certificate fingerprint match: b3ca31564d143085005670b450ef3d64429aa1529c641ec897983f11c2726007 
INFO[0001] Verification successful, measurements match

Troubleshooting

Common error resolutions:

  • PCR register mismatch: Running enclave code differs from source repo

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

v0.0.2 Latest
Jan 31, 2025
+ 1 release

Packages

No packages published

Contributors 2

Languages