A comprehensive TypeScript-based platform for managing and verifying Trusted Execution Environment (TEE) attestations in the dstack ecosystem. The Trust Center provides end-to-end verification of hardware attestation, OS integrity, source code authenticity, and domain ownership for TEE-protected applications.
dstack relies on TEE hardware to measure the programs it executes and generate attestation reports cryptographically signed by the hardware to ensure authority and integrity. The platform uses customized operating systems to verify applications (Docker images), Key Management Services (KMS), and Gateway configurations, recording measurement digests in attestation reports.
Specifically, dstack leverages the RTMR3 measurement register in attestation reports to store a series of events that measure various aspects of applications. The dstack-verifier collects information from multiple sources (Docker images, source code, OS source, domains) and compares them against measurement values in attestation reports, helping users confirm the source code of applications they interact with.
trust-center-monorepo/
├── apps/
│ ├── server/ # Background Worker (BullMQ Queue Processing)
│ └── webapp/ # Trust Center Web Application (Next.js)
├── packages/
│ ├── db/ # Database Package (@phala/trust-center-db)
│ └── verifier/ # Core TEE Verification Library (@phala/dstack-verifier)
│ ├── src/
│ │ ├── verifiers/ # Entity verifiers (App, KMS, Gateway)
│ │ ├── verification/ # Verification modules (hardware, OS, source, domain)
│ │ ├── utils/ # Measurement tools (dstack-mr, dcap-qvl)
│ │ └── dataObjects/ # Data collection and relationships
│ ├── external/
│ │ ├── dcap-qvl/ # Intel DCAP Quote Verification Library (Rust)
│ │ └── dstack-images/ # dstack OS images for verification
│ └── bin/ # Compiled verification tools
├── Dockerfile # Production Docker image (multi-stage build)
├── compose.yml # Production Docker Compose
├── compose.dev.yml # Development Docker Compose
└── Makefile # Build and deployment commands
For each application, dstack-verifier checks three entities:
- Application (App) - The main application running in TEE
- Key Management Service (KMS) - Cryptographic key management
- Gateway - Network gateway with Zero Trust HTTPS
Each entity undergoes all verification phases independently.
Validates TEE hardware authenticity using cryptographically signed attestation reports.
- Intel TDX/SGX: Quote verification via Intel DCAP-QVL (Rust-based)
- NVIDIA GPU: GPU attestation for GPU-enabled applications (Redpill only)
- Measurement Registers: Extracts MRTD, RTMR0-3 values
- Certificate Chain: Validates hardware certificates against trusted CAs
Confirms the operating system matches known trusted dstack OS versions.
- Measurement Calculation: Uses
dstack-mr-cli(Rust) ordstack-mr(Go) to calculate expected measurements - MRTD Validation: Compares Trusted Domain measurement
- RTMR Comparison: Validates RTMR0-2 boot stage measurements against calculated values
- Version Support: Handles multiple dstack OS versions with version-specific logic
Validates that the Docker compose file hash matches the on-chain registry.
- Compose Hash Extraction: Extracts SHA-256 hash from RTMR3 event log
- Blockchain Registry: Checks against allowed hashes in smart contracts (Base network)
- Image Verification: Validates Docker image tags and configurations
- Sigstore Integration (TODO): Link Docker images to GitHub source via transparency logs
Validates Zero Trust HTTPS implementation for Gateway entities.
- TEE-Controlled Keys: Ensures TLS private keys are generated and controlled by TEE
- Certificate Validation: Validates certificate chain and ACME (Let's Encrypt) integration
- DNS CAA Records: Verifies DNS Certification Authority Authorization
- Certificate Transparency: Checks CT logs for certificate transparency (optional, slow)
The @phala/trust-center-db package provides PostgreSQL integration with Drizzle ORM, shared types, and Zod schemas.
Key Features:
- Drizzle ORM for type-safe database access
- Zod schemas for runtime validation
- Centralized type definitions
- Database migration management
Tech Stack: TypeScript, Drizzle ORM, PostgreSQL, Zod
The @phala/dstack-verifier package is a comprehensive TypeScript library for verifying Trusted Execution Environment (TEE) attestations.
Key Features:
- Hardware attestation verification (Intel TDX/SGX, NVIDIA GPU)
- Operating system integrity validation (MRTD, RTMR0-3)
- Source code authenticity verification (compose hash)
- Domain ownership validation (Zero Trust HTTPS)
- Smart contract integration with Base network
- Modular verification architecture with configurable flags
- Multi-entity verification (App, KMS, Gateway)
Architecture:
VerificationService: Orchestrates verification workflowVerifier Chain: Chain-of-responsibility pattern for entity verificationDataObjectCollector: Collects and tracks verification metadata- Verification Modules: Isolated modules for each verification phase
Tech Stack: TypeScript, Viem, Zod, Rust (dcap-qvl, dstack-mr-cli), Go (dstack-mr)
Background worker service that processes verification tasks from a Redis queue. No HTTP endpoints.
Key Features:
- BullMQ queue worker for background processing
- Database polling via dbMonitor service
- S3-compatible object storage for results
- PostgreSQL persistence for task state
- Docker deployment ready
Tech Stack: Bun, TypeScript, PostgreSQL, Redis, BullMQ
A modern Next.js trust center dashboard with direct database access (no API layer).
Key Features:
- Interactive data object visualization
- Trust relationship diagrams
- Real-time verification status
- Direct Drizzle database queries
- Server Actions for task creation
- Comprehensive UI component library (shadcn/ui)
Tech Stack: Next.js 15, React 19, TypeScript, Tailwind CSS, React Flow, shadcn/ui
- Bun >= 1.2.23
- Node.js >= 18 (for compatibility)
- PostgreSQL (for task persistence)
- Redis (for queue management)
- Docker (recommended for complete environment)
For native verifier development:
- Rust toolchain >= 1.86 (for dcap-qvl and dstack-mr-cli)
- Go >= 1.23 (for legacy dstack-mr tool)
- Build essentials (gcc, pkg-config, libssl-dev)
# Install all dependencies
bun install# Start development environment (Postgres, Redis, Server, Webapp)
make dev
# View logs
make logs
# Open shell in container
make shell
# Stop containers
make down
# Clean up containers and volumes
make clean# Start server worker
cd apps/server && bun run dev
# Start webapp
cd apps/webapp && bun run dev# Start production environment
make prod
# Check service health
make health
# View status
make statuscd packages/db
# Generate migration files
drizzle-kit generate
# Apply migrations
bun run migrate
# Push schema changes
drizzle-kit push
# Open database studio
drizzle-kit studioThe verifier package includes a standalone HTTP API server for testing verification operations:
# Navigate to verifier package
cd packages/verifier
# Start test server with hot reload (default: http://localhost:3000)
bun run dev
# Or specify custom host/port
PORT=8080 HOST=0.0.0.0 bun run devAvailable Endpoints:
GET /- Service information and available endpointsGET /health- Health checkPOST /verify- Execute verification with JSON body
Example Request:
curl -X POST http://localhost:3000/verify \
-H "Content-Type: application/json" \
-d '{
"app": {
"contractAddress": "0x1234...",
"model": "phala/llama-3.1-8b",
"metadata": {
"osSource": {
"github_repo": "https://github.com/Dstack-TEE/meta-dstack",
"git_commit": "abc123",
"version": "v0.5.3"
}
}
},
"flags": {
"hardware": true,
"os": true,
"sourceCode": true
}
}'Note: This test server is for development only. Production deployments use the background worker architecture.
# Type check all code
bun run typecheckEach app has its own environment configuration:
-
Server: See apps/server/.env.example
DATABASE_URL: PostgreSQL connection stringREDIS_URL: Redis connection stringS3_*: S3-compatible storage credentialsQUEUE_*: BullMQ queue configuration
-
Web App: See apps/webapp/.env.example
DATABASE_URL: PostgreSQL connection string (direct Drizzle access)NEXT_PUBLIC_*: Public environment variables
This monorepo uses Turborepo for efficient task execution and caching.
- Parallel execution: Runs tasks across workspaces in parallel
- Smart caching: Caches build outputs and only rebuilds what changed
- Task pipelines: Defines dependencies between tasks
- Filtered execution: Run tasks for specific apps using
--filter
turbo.json: Defines the task pipeline and caching strategypackage.json: Workspace configuration and shared scripts
We welcome contributions to the Trust Center project! Here's how to get started:
-
Fork and Clone
git clone https://github.com/YOUR_USERNAME/dstack-verifier.git cd dstack-verifier -
Install Dependencies
bun install
-
Build External Tools (for verifier development)
# Build Intel DCAP Quote Verification Library cd packages/verifier bun run build:dcap-qvl
-
Create a Feature Branch
git checkout -b feature/your-feature-name
-
Make Your Changes
- Follow the existing code style (Biome formatting)
- Add tests for new functionality
- Update documentation as needed
-
Code Quality Checks
# Format code bunx biome format --write . # Lint code bunx biome lint . # Fix formatting and lint issues bunx biome check --write . # Type check bun run typecheck
-
Test Your Changes
# Run the test server (for verifier changes) cd packages/verifier && bun run dev # Run the full stack locally make dev
-
Commit and Push
git add . git commit -m "feat: description of your changes" git push origin feature/your-feature-name
-
Submit a Pull Request
- Open a PR against the
mainbranch - Provide a clear description of your changes
- Link any related issues
- Open a PR against the
- Format: Single quotes, minimal semicolons (enforced by Biome)
- Imports: Organized automatically (external packages first, then internal)
- Types: Use strict TypeScript with explicit types
- Naming: camelCase for variables/functions, PascalCase for classes/types
- Verifier Package: Each
VerificationServiceinstance must be created per verification task to avoid data pollution - Database Changes: Run
drizzle-kit generateinpackages/dbto create migrations - External Dependencies: The verifier requires Rust (dcap-qvl, dstack-mr-cli) and Go (dstack-mr) tools
- Check the Trust Center Documentation
- Review CLAUDE.md for detailed architecture information
- Open an issue for questions or bug reports
See individual app directories for licensing information.
import { VerificationService } from '@phala/dstack-verifier'
// Create a verification service instance
const service = new VerificationService()
// Verify a Redpill application
const result = await service.verify({
contractAddress: '0x1234...',
model: 'phala/llama-3.1-8b',
metadata: {
osSource: {
github_repo: 'https://github.com/Dstack-TEE/meta-dstack',
git_commit: 'abc123...',
version: 'v0.5.3'
}
}
}, {
hardware: true,
os: true,
sourceCode: true,
teeControlledKey: true,
certificateKey: true,
dnsCAA: false,
ctLog: false
})
// Check verification results
if (result.success) {
console.log('Verification passed!')
console.log('Data objects:', result.dataObjects)
console.log('Relationships:', result.relationships)
} else {
console.error('Verification failed:', result.errors)
}// Verify a Phala Cloud application
const result = await service.verify({
contractAddress: '0x5678...',
domain: 'myapp.phala.network',
})// Skip slow verification steps
const result = await service.verify({
contractAddress: '0x...',
model: 'phala/model-name',
}, {
hardware: true,
os: true,
sourceCode: true,
teeControlledKey: true,
certificateKey: false, // Skip certificate validation
dnsCAA: false, // Skip DNS queries
ctLog: false, // Skip CT log queries (slow)
})dstack uses Intel TDX/SGX measurement registers to ensure system integrity:
- MRTD: Measurement of entire Trusted Domain (OS image, kernel, initramfs)
- RTMR0: First boot stage measurements
- RTMR1: Second boot stage measurements
- RTMR2: Third boot stage measurements
- RTMR3: Application measurements (compose hash, configuration events)
- dcap-qvl: Rust-based Intel DCAP Quote Verification Library
- dstack-mr-cli: Rust-based measurement calculation tool (latest versions)
- dstack-mr: Go-based measurement calculation tool (legacy versions)
- qemu-tdx: Modified QEMU for ACPI table extraction
The verifier integrates with smart contracts on Base network:
- DstackApp: Application registry with allowed compose hashes
- DstackKms: KMS configuration and governance
- Contract ABIs located in packages/verifier/src/utils/abi/
- Hardware attestation (Intel TDX/SGX)
- OS integrity verification (MRTD, RTMR0-2)
- Source code verification (compose hash)
- Domain verification (Zero Trust HTTPS)
- Multi-entity verification (App, KMS, Gateway)
- Smart contract integration (Base network)
- Sigstore integration for image-to-source linking
- Certificate chain validation improvements
- On-chain compose hash registry validation
- Full network verification results