Skip to content

feat: Venice E2EE attestation and message encryption#16

Open
sh1ftred wants to merge 1 commit into
mainfrom
feat/venice-only
Open

feat: Venice E2EE attestation and message encryption#16
sh1ftred wants to merge 1 commit into
mainfrom
feat/venice-only

Conversation

@sh1ftred

Copy link
Copy Markdown
Contributor

Summary

Adds Venice E2EE (End-to-End Encryption) support for models prefixed with e2ee-*.

Extracted from the combined Venice+Tinfoil PR (#2), keeping only the Venice E2EE implementation. Tinfoil EHBP has been removed into a separate PR (#15).

What's included

Venice E2EE (client/VeniceE2EE.ts)

  • isE2EEModel() — detects e2ee-* model IDs
  • prepareE2EERequest() — fetches attestation from /tee/attestation, verifies server response, encrypts messages via ECDH + AES-256-GCM
  • createE2EEDecryptTransform()TransformStream for transparent SSE response decryption
  • Full crypto primitives: ECDH secp256k1 key exchange, HKDF-SHA256 key derivation, AES-256-GCM per-message encryption

Integration points (client/RoutstrClient.ts)

  • _prepareRoutedRequest(): Venice attestation runs before _spendToken(), so failed attestation costs nothing
  • SSE streaming: response body teed through decrypt transform before normal SDK processing

Security docs

  • VeniceE2EE-Weaknesses.md — catalogues weaknesses vs. the Tinfoil reference implementation

Known limitations

  • Attestation verification is server-self-attested (checks verified, nonce, model fields)
  • Does NOT parse the Intel TDX quote or verify the code fingerprint client-side
  • See VeniceE2EE-Weaknesses.md for full analysis

@elkimek

elkimek commented Jul 12, 2026

Copy link
Copy Markdown

Just FYI Venice's E2EE models don't support tool calling AFAICT.

@sh1ftred

Copy link
Copy Markdown
Contributor Author

Yep. That's why we didn't prioritize this ahah.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants