A secure server running inside a Trusted Execution Environment (TEE) on GCP Confidential Space. It provides protocol managed wallets and serves as a base for extensions.
The TEE node runs behind a proxy service — external clients communicate exclusively through the proxy.
See docs/ for the full documentation, including architecture, configuration, security model, and extension integration.
Docker images are built reproducibly so that the image digest can be independently verified for TEE attestation. See REPRODUCIBILITY.md for build and verification instructions.
- Go 1.25.1 or higher
- Docker with BuildKit support
- GCP account (for production deployment)
go run cmd/main.gogo test ./...