Skip to content

tinfoilsh/tinfoil-webapp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,495 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Tinfoil AI Chat Web App

Live at: chat.tinfoil.sh

Table of Contents

Built With

Security Architecture

Tinfoil Chat is designed to ensure that only the AI model inside a verified secure enclave can read your messages - not Tinfoil, not cloud providers, not network intermediaries.

How It Works

We use EHBP (Encrypted HTTP Body Protocol) with HPKE encryption (RFC 9180) to secure messages in transit to the enclave. All data from the chat application running in the browser is encrypted with the HPKE key that is generated and lives only inside the secure enclave.

Before sending any message:

  1. Attestation Verification: Your browser cryptographically verifies that the remote server is a genuine secure enclave running unmodified code via the Wasm verifier.
  2. Key Exchange: The verified enclave provides its HPKE public key
  3. End-to-End Encryption: Messages are encrypted directly to the verified enclave's public key before transmission

This guarantees that only the attested enclave possessing the corresponding private key can decrypt your messages.

Encrypted Chat Storage

Saved chats are encrypted with AES-GCM-256 using a key only you control before being uploaded to the cloud sync service. The cloud copy is opaque to our servers — only the holder of the key can decrypt it. If you lose this key, your cloud-stored chat history cannot be recovered.

On-device caches (IndexedDB, sessionStorage) hold chat content in plaintext while you are signed in so the app can read and render messages without round-tripping the cloud. Anyone with access to the browser profile while signed in can read those caches; sign out (or use the in-app "Clear all data" flow) to evict them.

Learn more: Private Chat Backups

Verification Steps

The chat interface shows real-time verification status for:

  • Hardware Attestation: Confirms genuine AMD SEV-SNP or Intel TDX enclave and genuine NVIDIA Hopper/Blackwell GPU
  • Code Integrity: Verifies enclave runs the exact, unmodified code version matching the pinned code on Sigstore
  • Chat Security: Validates measurements fetched from Sigstore match measurements fetched from enclave

Learn more about the security model:

Development

Quick Start

  1. Clone and install

    git clone https://github.com/tinfoilsh/tinfoil-webapp.git
    cd tinfoil-webapp
    npm install
  2. Environment setup

    cp .env.example .env.local

    Configure your .env.local with the required keys:

    NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=your_clerk_key
    CLERK_SECRET_KEY=your_clerk_secret
    NEXT_PUBLIC_API_BASE_URL=https://api.tinfoil.sh
  3. Start development server

    npm run dev

Local Testing & Dev Mode

For running the app against a local model router (bypassing attestation and encryption), see LOCAL_TESTING.md.

Reporting Vulnerabilities

Please report security vulnerabilities by either:

We aim to respond to security reports within 24 hours and will keep you updated on our progress.

About

Tinfoil AI Chat Web App

Resources

License

Stars

15 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors