@phala/dstack-sdk
Advanced tools
This SDK provides a JavaScript/TypeScript client for communicating with the Tappd server, which available inside DStack.
npm install @phala/dstack-sdk
import { TappdClient } from '@phala/dstack-sdk';
const client = new TappdClient();
// Causion: You don't need to do this most of the time.
const httpClient = new TappdClient('http://localhost:8000');
// Get the information of the Base Image.
await client.info();
// Derive a key with optional path and subject
const keyResult = await client.deriveKey('<unique-id>');
console.log(keyResult.key); // X.509 private key in PEM format
console.log(keyResult.certificate_chain); // Certificate chain
const keyBytes = keyResult.asUint8Array(); // Get key as Uint8Array
// Generate TDX quote
const quoteResult = await client.tdxQuote('some-data', 'sha256');
console.log(quoteResult.quote); // TDX quote in hex format
console.log(quoteResult.event_log); // Event log
const rtmrs = quoteResult.replayRtmrs(); // Replay RTMRs
For tdxQuote, it supports a range of hash algorithms, including:
sha256: SHA-256 hash algorithmsha384: SHA-384 hash algorithmsha512: SHA-512 hash algorithmsha3-256: SHA3-256 hash algorithmsha3-384: SHA3-384 hash algorithmsha3-512: SHA3-512 hash algorithmkeccak256: Keccak-256 hash algorithmkeccak384: Keccak-384 hash algorithmkeccak512: Keccak-512 hash algorithmraw: No hashing, use raw data (must be <= 64 bytes)The SDK provides integration with viem for Ethereum account management:
import { toViemAccount } from 'tappd-sdk/viem';
const keyResult = await client.deriveKey('<unique-id>');
const account = toViemAccount(keyResult);
// Use the account with viem operations
The SDK provides integration with Solana Web3.js for Solana account management:
import { toKeypair } from 'tappd-sdk/solana';
const keyResult = await client.deriveKey('<unique-id>');
const keypair = toKeypair(keyResult);
// Use the keypair with Solana Web3.js operations
The SDK includes utilities for encrypting environment variables using X25519 key exchange and AES-GCM. This feature is handy for interacting with the bare DStack Teepod API or the Phala Cloud API.
import { encryptEnvVars, type EnvVar } from 'tappd-sdk/encrypt-env-vars';
const envVars: EnvVar[] = [
{ key: 'API_KEY', value: 'secret123' },
{ key: 'DATABASE_URL', value: 'postgresql://...' }
];
const publicKeyHex = '0x...'; // You need get that from Teepod API or Phala Cloud API.
const encrypted = await encryptEnvVars(envVars, publicKeyHex);
// encrypted is a hex string containing: ephemeral public key + iv + encrypted data
new TappdClient(endpoint?: string)
endpoint: Unix socket path or HTTP(S) URL. Defaults to '/var/run/tappd.sock'.DSTACK_SIMULATOR_ENDPOINT environment variable if setNOTE: Leave it empty in production. You only need to add volumes in your docker-compose file:
volumes:
- /var/run/tappd.sock:/var/run/tappd.sock
For local development without TDX devices, you can use the simulator available for download here:
https://github.com/Leechael/tappd-simulator/releases
deriveKey(path?: string, subject?: string, alt_names?: string[]): Promise<DeriveKeyResponse>Derives a key for the given path and subject.
NOTE: Only the path affects the derived result. subject & alt_names are for the generated certificate and do not affect the derived result.
path: Optional path for key derivationsubject: Optional subject name (defaults to path)alt_names: Optional alternative names for the certificateDeriveKeyResponse containing key and certificate chaintdxQuote(report_data: string | Buffer | Uint8Array, hash_algorithm?: TdxQuoteHashAlgorithms): Promise<TdxQuoteResponse>Generates a TDX quote. The quote is returned in hex format, and you can paste your quote into https://proof.t16z.com/ to get the attestation report.
report_data: Data to include in the quotehash_algorithm: Hash algorithm to use (sha256, sha384, sha512, etc.)TdxQuoteResponse containing quote and event loginfo(): Promise<TappdInfoResponse>Retrieves server information.
interface DeriveKeyResponse {
key: string;
certificate_chain: string[];
asUint8Array: (max_length?: number) => Uint8Array;
}
type TdxQuoteHashAlgorithms =
'sha256' | 'sha384' | 'sha512' | 'sha3-256' | 'sha3-384' | 'sha3-512' |
'keccak256' | 'keccak384' | 'keccak512' | 'raw';
interface TdxQuoteResponse {
quote: Hex;
event_log: string;
replayRtmrs: () => string[];
}
interface TappdInfoResponse {
app_id: string;
instance_id: string;
app_cert: string;
tcb_info: string;
app_name: string;
public_logs: boolean;
public_sysinfo: boolean;
}
interface EnvVar {
key: string;
value: string;
}
Apache License
FAQs
DStack SDK
The npm package @phala/dstack-sdk receives a total of 3,903 weekly downloads. As such, @phala/dstack-sdk popularity was classified as popular.
We found that @phala/dstack-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.