π Learn how to build secure, verifiable AI applications using NEAR AI Confidential Cloud
This repository demonstrates how to interact with NEAR AI's Confidential Cloud platform, verify attestations, and ensure your AI workloads run in secure, trusted execution environments (TEEs).
- π Attestation Verification: Get and verify model attestations from NEAR AI Cloud
- π‘οΈ Hardware Security: Validate NVIDIA GPU attestations for secure execution
- π Cryptographic Verification: Verify signatures and hash integrity
- β‘ End-to-End Workflow: Complete pipeline from request to verified response
- Node.js 18+ and npm/pnpm
- NEAR AI Cloud API Key (Get yours here)
- Basic understanding of:
- Trusted Execution Environments (TEEs)
- Cryptographic signatures
- Hash functions
git clone https://github.com/near-examples/nearai-confidential-cloud-examples.git
cd nearai-confidential-cloud-examples
pnpm install # or npm installCreate a .env file with your NEAR AI Cloud API key:
# .env
NEARAI_CLOUD_API_KEY=your_api_key_herepnpm start # or npm startThe main demo (app.js) walks through a complete confidential AI workflow:
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π NEAR AI Confidential Cloud Demo β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β 1) Get Attestation Report β
β ββ Fetch model attestation from NEAR AI Cloud β
β ββ Extract TEE signing address β
β β
β 2) Verify with NVIDIA β
β ββ Send attestation to NVIDIA service β
β ββ Validate hardware security claims β
β β
β 3) Send & Verify Chat Message β
β ββ Send message to NEAR AI TEE model β
β ββ Get result w/ cryptographic signature β
β ββ Verify request/response hashes β
β ββ Validate TEE signature β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
nearai-confidential-cloud-examples/
βββ app.js # π― Main demo application
βββ utils/ # π οΈ Utility modules
β βββ api.js # API interaction helpers
β βββ model-attestation.js # Attestation processing
β βββ send-and-verify-chat.js # Chat workflow
β βββ verification-helpers.js # Crypto verification
βββ package.json # π¦ Dependencies
βββ .env # π API configuration
import { getModelAttestation, getChatMessageSignature } from './utils/api.js';
// Get attestation for a model
const attestation = await getModelAttestation('gpt-oss-120b');
// Get signature for a chat completion
const signature = await getChatMessageSignature(chatId, modelId);import { decodeAttestationReport, decodeNvidiaAttestation } from './utils/model-attestation.js';
// Decode attestation report structure
const decoded = decodeAttestationReport(attestationReport);
// Process NVIDIA attestation response
const nvidiaResult = decodeNvidiaAttestation(gpuVerification);import { verifySignature, compareHashes, sha256sum } from './utils/verification-helpers.js';
// Verify cryptographic signature
const signatureResult = await verifySignature(message, signature, expectedAddress);
// Compare hash values
const hashResult = compareHashes(signatureText, requestHash, responseHash);
// Generate SHA-256 hash
const hash = sha256sum(data);| Variable | Description | Required |
|---|---|---|
NEARAI_CLOUD_API_KEY |
Your NEAR AI Cloud API key | β Yes |
Edit app.js to test different models:
// Available models at: https://cloud.near.ai/
const MODEL_NAME = "gpt-oss-120b"; // GPT model
const MODEL_NAME = "llama-3.3-70b-instruct"; // Llama modelπ Starting NEAR AI Confidential Cloud Demo
API Key configured: Yes
===============================================
1) Getting NEAR AI Cloud attestation report:
NEAR AI TEE SIGNING ADDRESS: 0x1234...abcd
AI Model: gpt-oss-120b
2) Verifying attestation report with NVIDIA:
RESULT: β
Overall Attestation PASSED
3) Sending and verifying chat message...
π Checking if hash values match:
β REQUEST HASH β
β RESPONSE HASH β
RESULT: β
HASHES VALID
π Verifying signature returned by NEAR AI Cloud:
RESULT: β
SIGNATURE VERIFIED
β
Demo complete!
When you see β for all checks, you have cryptographic proof that:
- ποΈ Trusted Hardware: The AI model runs in a verified TEE
- π Data Integrity: Request and response haven't been tampered with
- βοΈ Authenticity: Response was signed by the verified TEE
- π‘οΈ End-to-End Security: Complete chain of trust established
β API Key Not Found
Error: 401 Unauthorized
π‘ Tip: Make sure your NEARAI_CLOUD_API_KEY is set in the .env fileβ Model Not Available
Error: 404 Not Found
π‘ Tip: The model name might not exist or be availableβ Network Issues
Error: fetch failed
π‘ Tip: Check your internet connection and API endpointsThe demo interacts with these NEAR AI Cloud endpoints:
- Attestation:
https://cloud-api.near.ai/v1/attestation/report - Chat Completions:
https://cloud-api.near.ai/v1/chat/completions - Signatures:
https://cloud-api.near.ai/v1/signature/{chatId}
And external verification:
- NVIDIA Attestation:
https://nras.attestation.nvidia.com/v3/attest/gpu
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- NEAR AI Cloud Documentation
- NVIDIA Confidential Computing
- NVIDIA Attestation Service
- Trusted Execution Environments
This project is licensed under the MIT License - see the LICENSE file for details.