A secure Swift SDK for communicating with AI models running in Tinfoil's confidential computing enclaves. This SDK configures the MacPaw OpenAI SDK with additional security features including automatic enclave attestation verification and certificate pinning for direct-to-enclave encrypted communication.
dependencies: [
.package(url: "https://github.com/tinfoilsh/tinfoil-swift.git", branch: "main")
]Or in Xcode:
- Go to File > Add Packages...
- Enter the repository URL:
https://github.com/tinfoilsh/tinfoil-swift.git - Select the branch or version you want to use
- Click "Add Package"
The OpenAI SDK dependency will be automatically included.
import TinfoilAI
import OpenAI
// Create a secure OpenAI client
// This automatically:
// - Fetches an available router from Tinfoil's network
// - Verifies the enclave is running genuine Tinfoil code
// - Sets up certificate pinning for all requests
let client = try await TinfoilAI.create(
apiKey: "YOUR_API_KEY" // Optional, uses TINFOIL_API_KEY env var if not provided
)
// Use the client exactly like the OpenAI SDK
let chatQuery = ChatQuery(
messages: [
.user(.init(content: .string("Hello, world!")))
],
model: "model-name"
)
let response = try await client.chats(query: chatQuery)
print(response.choices.first?.message.content ?? "No response")- Automatic Router Selection: Dynamically selects from available Tinfoil routers
- Enclave Verification: Verifies code integrity via GitHub and Sigstore
- Remote Attestation: Validates the enclave runtime environment (AMD SEV-SNP / Intel TDX)
- Certificate Pinning: Ensures direct-to-enclave encrypted communication
- OpenAI Compatible: Drop-in replacement for OpenAI SDK
Stream responses in real-time as they're generated:
let client = try await TinfoilAI.create()
let chatQuery = ChatQuery(
messages: [.user(.init(content: .string("Tell me a story")))],
model: "model-name"
)
// Stream the response
for try await chunk in client.chatsStream(query: chatQuery) {
if let delta = chunk.choices.first?.delta.content {
print(delta, terminator: "")
}
}Tinfoil Swift combines remote attestation and certificate pinning to ensure your data only reaches verified enclave code. During setup, the SDK requests an attestation report that cryptographically proves the exact code running in the enclave and includes the enclave's TLS public key fingerprint. On every API request, the SDK validates the server's TLS certificate matches this attested fingerprint. This creates a cryptographic chain from GitHub source code → attestation → TLS connection, preventing man-in-the-middle attacks even if DNS or router selection is compromised.
You can receive the verification document through an optional callback:
let verificationCallback: VerificationCallback = { verificationDocument in
if let doc = verificationDocument {
print("✅ Attestation verification successful")
print("Code fingerprint: \(doc.codeFingerprint)")
print("Enclave fingerprint: \(doc.enclaveFingerprint)")
print("Security verified: \(doc.securityVerified)")
print("All steps succeeded: \(doc.allStepsSucceeded)")
}
}
let client = try await TinfoilAI.create(
apiKey: "YOUR_API_KEY",
onVerification: verificationCallback
)let client = try await TinfoilAI.create(
apiKey: String? = nil, // API key (uses TINFOIL_API_KEY env var if nil)
enclaveURL: String? = nil, // Custom enclave URL (auto-selects router if nil)
githubRepo: String = "tinfoilsh/confidential-model-router", // GitHub repo for verification
parsingOptions: ParsingOptions = .relaxed, // OpenAI parsing options
onVerification: VerificationCallback? = nil // Verification callback
)
// Returns: TinfoilAI - A client with the same API as OpenAIThis library is a secure wrapper around the MacPaw OpenAI SDK that can be used with Tinfoil. The TinfoilAI.create() method returns a TinfoilAI client that provides the same API as the OpenAI client, configured for secure communication with Tinfoil enclaves.
For complete documentation, see:
- iOS 17.0+ / macOS 12.0+
- Swift 5.9+
- Xcode 15.0+
Please report security vulnerabilities by either:
-
Emailing [email protected]
-
Opening an issue on GitHub on this repository
We aim to respond to (legitimate) security reports within 24 hours.