VIN: Verifiable Inference Network

Proof of Untampered AI Generation

"Inverse CAPTCHA" — prove your output came from an AI pipeline, not hand-typed by a human.

A Confidential LLM Proxy running in TEE. Users encrypt their API keys and prompts; VIN decrypts inside the trusted environment, calls the LLM, and returns a signed receipt proving the generation happened inside an attested runtime.

ERC-8004 Agent ID: 1391 on Base Mainnet

What VIN Proves

✅ Tamper-evidence: output text matches what the node signed
✅ Pipeline integrity: output flowed through a specific node implementation
✅ Key confidentiality: your API keys never leave the TEE
✅ Environment integrity (with TEE): signing key bound to measured runtime

What VIN Does NOT Prove

❌ "No human ever influenced the prompt"
❌ The model "truly reasoned" vs. retrieved/copied
❌ A specific proprietary model was used (unless TEE + policy enforced)

Honest claim: "this text was produced and signed by an attested generation pipeline, using credentials that never left the TEE."

Quick Start

# Get TEE encryption pubkey
curl http://localhost:3402/v1/tee-pubkey

# Encrypt your payload (see docs/ARCHITECTURE.md)
# POST to /v1/generate with encrypted_payload

Architecture

VIN is a Confidential LLM Proxy:

User encrypts { api_key, provider_url, messages } with TEE pubkey
TEE decrypts, calls user's LLM provider
TEE encrypts response, signs receipt
User decrypts response, verifies receipt

VIN node needs ZERO secrets — users bring their own API keys.

See docs/ARCHITECTURE.md for full details.

Features

secp256k1 ECIES encryption — EVM-compatible, same curve as Ethereum wallets
Any LLM provider — Anthropic, OpenAI, Groq, local, self-hosted
x402 payment gating — micropayments for each generation
ed25519 receipts — cryptographic proof of generation
dstack TEE — Intel TDX attestation when deployed to Phala

Endpoints

Method	Path	Description
GET	`/health`	Node status + pubkeys
GET	`/v1/tee-pubkey`	Encryption pubkey + attestation
POST	`/v1/generate`	Confidential LLM proxy (x402 gated)
POST	`/v1/verify`	Verify a receipt

Development

cd vin-node
bun install
bun test          # 12 tests
bun run dev       # Start server
bun test-e2e.ts   # E2E test (needs running server)

Deployment

Local Docker

docker build -t vin-node -f vin-node/Dockerfile .
docker run -p 3402:3402 -e VIN_TEST_MODE=1 vin-node

Phala Cloud (TEE)

npx phala deploy -n vin-node -c docker-compose.yml

Related Projects

Sentry Dashboard — Agent vetting + attestations
SwarmChallenge — On-chain swarm verification

License

MIT

Name		Name	Last commit message	Last commit date
Latest commit History 95 Commits
docs		docs
ism		ism
posw-orchestrator		posw-orchestrator
scripts		scripts
vin-client		vin-client
vin-node		vin-node
.gitignore		.gitignore
Dockerfile		Dockerfile
PLAN.md		PLAN.md
README.md		README.md
agent-registration.json		agent-registration.json
docker-compose.phala.yml		docker-compose.phala.yml
docker-compose.test.yml		docker-compose.test.yml
docker-compose.yml		docker-compose.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

VIN: Verifiable Inference Network

What VIN Proves

What VIN Does NOT Prove

Quick Start

Architecture

Features

Endpoints

Development

Deployment

Local Docker

Phala Cloud (TEE)

Related Projects

License

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

VIN: Verifiable Inference Network

What VIN Proves

What VIN Does NOT Prove

Quick Start

Architecture

Features

Endpoints

Development

Deployment

Local Docker

Phala Cloud (TEE)

Related Projects

License

About

Resources

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages