dstack Examples
April 15, 2026 · View on GitHub
Example applications for dstack - Deploy containerized apps to TEEs with end-to-end security in minutes
Getting Started • Confidential AI • Use Cases • Core Patterns • Infrastructure • Dev Tools • Starter Packs • Other Use Cases
Overview
This repository contains ready-to-deploy examples demonstrating how to build and run applications on dstack, the developer-friendly SDK for deploying containerized apps in Trusted Execution Environments (TEE).
Getting Started
Prerequisites
- Docker and Docker Compose
- Node.js (for Phala CLI)
- Git
Setup
# Clone the repo
git clone https://github.com/Dstack-TEE/dstack-examples.git
cd dstack-examples
# Install Phala CLI
npm install -g phala
# Start the local simulator (no TEE hardware needed)
phala simulator start
Run an Example Locally
cd tutorial/01-attestation-oracle
docker compose run --rm \
-v ~/.phala-cloud/simulator/0.5.3/dstack.sock:/var/run/dstack.sock \
app
Deploy to Phala Cloud
phala auth login
phala deploy -n my-app -c docker-compose.yaml
See Phala Cloud for production TEE deployment.
Confidential AI
Run AI workloads where prompts, model weights, and inference stay encrypted in hardware.
| Example | Description |
|---|---|
| confidential-ai/inference | Private LLM inference with vLLM on Confidential GPU |
| confidential-ai/training | Confidential fine-tuning on sensitive data using Unsloth |
| confidential-ai/agents | Secure AI agent with TEE-derived wallet keys using LangChain and Confidential AI models |
GPU deployments require: --instance-type h200.small --region US-EAST-1 --image dstack-nvidia-dev-0.5.4.1
See Confidential AI Guide for concepts and security model.
Tutorials
Step-by-step guides covering core dstack concepts.
| Tutorial | Description |
|---|---|
| 01-attestation-oracle | Use the guest SDK to work with attestations directly — build an oracle, bind data to TDX quotes via report_data, verify with local scripts |
| 02-persistence-and-kms | Use getKey() for deterministic key derivation from a KMS — persistent wallets, same key across restarts |
| 03-gateway-and-ingress | Custom domains with automatic SSL, certificate evidence chain |
| 04-upgrades | Extend AppAuth.sol with custom authorization logic — NFT-gated clusters, on-chain governance |
Use Cases
Real-world applications you can build with dstack.
| Example | Description | Status |
|---|---|---|
| 8004-agent | Trustless AI agent with on-chain attestation and LLM access | Coming Soon |
| oracle | TEE oracle returning JSON + signature + attestation bundle | Coming Soon |
| mcp-server | Attested MCP tool server behind gateway | Coming Soon |
| telegram-agent | Telegram bot with TEE wallet and verified execution | Coming Soon |
Core Patterns
Key building blocks for dstack applications.
Attestation
Request TEE attestations via the SDK. Mount /var/run/dstack.sock in your compose file to access the TEE.
import { DstackClient } from '@phala/dstack-sdk'
const client = new DstackClient()
const info = await client.info() // app_id, instance_id, tcb_info
const quote = await client.getQuote(data) // TDX quote with custom report_data
const key = await client.getKey('/my/path') // deterministic key derivation
volumes:
- /var/run/dstack.sock:/var/run/dstack.sock
| Example | Description | Status |
|---|---|---|
| timelock-nts | Raw socket usage (what the SDK wraps) | Available |
| attestation/configid-based | ConfigID-based verification | Available |
Gateway & Domains
TLS termination, custom domains, external connectivity.
| Example | Description |
|---|---|
| dstack-ingress | Complete ingress solution — auto SSL via Let's Encrypt, multi-domain, DNS validation, evidence generation with TDX quote chain |
| custom-domain | Simpler custom domain setup via zt-https |
Keys & Persistence
Persistent keys across deployments via KMS.
| Example | Description | Status |
|---|---|---|
| get-key-basic | dstack.get_key() — same key identity across machines | Coming Soon |
On-Chain Interaction
Light client for reading chain state, anchoring outputs.
| Example | Description |
|---|---|
| lightclient | Ethereum light client (Helios) running in enclave |
Dev Scaffolding
Development and debugging tools. Not for production.
| Example | Description |
|---|---|
| webshell | Web-based shell access for debugging |
| ssh-over-gateway | SSH tunneling through dstack gateway |
| tcp-port-forwarding | Arbitrary TCP port forwarding |
Infrastructure
Run infrastructure services inside TEEs.
| Example | Description |
|---|---|
| k3s | Single-node k3s cluster in a TEE with wildcard HTTPS and remote kubectl |
Tech Demos
Interesting demonstrations.
| Example | Description |
|---|---|
| tor-hidden-service | Run Tor hidden services in TEEs |
Starter Packs
Full-stack templates with SDK integration. These demonstrate attestation, key derivation, and wallet generation.
| Template | Stack | Link |
|---|---|---|
| Next.js Starter | Next.js + TypeScript | phala-cloud-nextjs-starter |
| Python Starter | FastAPI + Python | phala-cloud-python-starter |
| Bun Starter | Bun + TypeScript | phala-cloud-bun-starter |
| Node.js Starter | Express + TypeScript | phala-cloud-node-starter |
Features: /api/tdx_quote (attestation), /api/eth_account (derived wallet), /api/info (TCB info)
Other Use Cases
External projects and templates worth exploring. These are maintained elsewhere but demonstrate interesting TEE patterns.
| Project | Description | Link |
|---|---|---|
| Oracle Template | Price aggregator with verifiable networking (hardened TLS) and multi-source validation | Gldywn/phala-cloud-oracle-template |
| VRF Template | Verifiable Random Function — hardware-backed cryptographic randomness | Phala-Network/phala-cloud-vrf-template |
| Open WebUI | Self-hosted AI chat interface in TEE | phala-cloud/templates/openwebui |
| n8n Automation | Workflow automation (400+ integrations) with OAuth in TEE | Marvin-Cypher/phala-n8n-template |
| Primus Attestor | zkTLS node — TEE + zero-knowledge proofs | primus-labs/primus-network-startup |
| NEAR Shade Agent | Blockchain oracle/agent for NEAR with TEE attestation | phala-cloud/templates/near-shade-agent |
| Presidio | Microsoft's PII de-identification running in TEE | HashWarlock/presidio |
| ByteBot | AI desktop agent — computer control in isolated TEE sandbox | phala-cloud/templates/bytebot |
Note: These templates use pre-built Docker images. For full auditability, review their source repos before deployment.
See the full Phala Cloud templates for more options.
Details
Implementation details and infrastructure patterns.
| Example | Description |
|---|---|
| launcher | Generic launcher pattern for Docker Compose apps |
| prelaunch-script | Pre-launch script patterns (Phala Cloud) |
| private-docker-image-deployment | Using private Docker registries |
| attestation/rtmr3-based | RTMR3-based attestation (legacy) |
Documentation
- dstack Documentation - Official platform documentation
- Main Repository - Core dstack framework
- Contributing Guide - How to contribute
Development
./dev.sh help # Show available commands
./dev.sh validate <example> # Validate a specific example
./dev.sh validate-all # Validate all examples
Community
- Telegram: Join our community
- Issues: GitHub Issues
License
Apache 2.0 — see LICENSE.