Intel TDX · Phala Cloud

Verify this server

This server runs inside an Intel TDX confidential VM. This page is served from inside that VM and explains how to check, without trusting us, that the code running here is exactly the public source code.

This deployment

Version
v0.2.0
Source commit
0d4fd15 0d4fd1590a652fa1bc73b88f307ad0ed5d549b2a
Source code
https://github.com/open-software-network/os-june
Image
ghcr.io/open-software-network/june-api:0d4fd15
Attestation
Phala Trust Center report

Why this matters

Audio, transcripts, and notes pass through this server. Because the running image is remotely attested, neither Phala (the platform) nor Open Software (us) can quietly swap it for one that reads your data. Any change to the running code is visible in the chain below.

The chain has three links: source (a public git commit), image (a container image our CI builds from that commit, published with a content digest), and attestation (third-party-verifiable proof that the image with that digest is what is actually executing inside a genuine Intel TDX VM).

Check it yourself

  1. Open the Trust Center report. Confirm the attestation verifies, then find the image reference pinned in the attested compose file. It should be:

    ghcr.io/open-software-network/june-api:0d4fd15
  2. Resolve that tag to its content digest in the public registry:

    docker buildx imagetools inspect ghcr.io/open-software-network/june-api:0d4fd15 \
      --format '{{.Manifest.Digest}}'
  3. Compare against the digest our CI recorded in the repository at deploy time, as an immutable deploy/<env>/<sha> git tag:

    git clone https://github.com/open-software-network/os-june && cd os-june
    git tag -l 'deploy/*/0d4fd15' -n3

    The tag message states which image digest commit 0d4fd15 deployed. It must match the digest from step 2.

  4. Read the source at that commit. The commit linked above is the exact tree the image was built from. The build stamps it into the image itself.

This proves the running digest is the one our public CI built and recorded for that commit. Bit-for-bit reproducible rebuilds (regenerating the digest yourself instead of trusting our CI) are in progress; see docs/reproducible-builds.md.

What this does not cover

The chain verifies the code running in the confidential VM, not what upstream providers do. Everything leaving the TEE for model inference (audio for transcription, prompts and context for note generation and the agent) goes through Venice. By default it runs on Venice private models: zero data retention, no training. If you select an anonymized model not run by Venice, the request is still routed and anonymized by Venice, but the underlying model provider may retain data under its own privacy policy. End-to-end private inference is a separate workstream.