dd devopsdefender

Intel TDX · EasyEnclave · GitHub OIDC · Noise

Attested execution for crypto systems that cannot rely on operator trust.

DevOpsDefender runs protocol oracles, keepers, co-signers, settlement bots, and confidential coding agents inside measured TDX VMs. The public API exposes enough evidence for an external verifier to bind code, config, runtime state, and the agent Noise key before trusting a result.

Read the verification path Inspect the code
GET /health verifiable 
{
  "confidential_mode": true,
  "taint_reasons": [
    "customer_workload_deployed"
  ],
  "noise": {
    "quote_b64": "tdx_quote...",
    "pubkey_hex": "8f0b...a91e"
  },
  "deployments": ["btc-usd-oracle"]
}

External verification

Do not trust the operator. Verify the machine.

01

Fetch public evidence

/health returns the TDX quote, Noise public key, workload list, mode, and taint reasons.

02

Verify the TDX quote

Intel Trust Authority or an equivalent verifier checks the quote signature and measured boot.

03

Bind the transport

The quote report data commits to the agent Noise key, preventing a clean quote from authenticating another endpoint.

# Evidence is public. No CF Access, no operator session.
curl -fsSL https://<agent>.devopsdefender.com/health \
  | jq '{confidential_mode, taint_reasons, noise}'

# Sealed oracle expectation:
# confidential_mode == true
# taint_reasons == ["customer_workload_deployed"]

Runtime substrate

EasyEnclave is the small measured base.

What EasyEnclave replaces

EasyEnclave is a Linux distribution replacement for confidential VMs: one Rust PID 1, a small Unix socket API, no systemd, no package manager, and no runtime network stack in the enclave supervisor.

What DD adds

DevOpsDefender layers fleet registration, Cloudflare tunnel routing, GitHub OIDC authorization, Intel attestation refresh, workload logs, and shell access controls on top of that measured base.

protocol clientverifies quote + Noise key
DD agentroutes, reports health, enforces auth
EasyEnclavemeasured PID 1 + workload supervisor
Intel TDXmemory isolation + signed quote

Workload model

Release assets in. Attested behavior out.

Workloads are JSON specs, not mutable servers. A crypto oracle can be pinned to a GitHub release asset and a commit-level workload spec, then deployed into confidential mode where mutation routes are absent. 

{
  "app_name": "btc-usd-oracle",
  "github_release": {
    "repo": "example/proof-oracle",
    "asset": "oracle-linux-amd64",
    "rename": "oracle"
  },
  "cmd": ["/var/lib/easyenclave/bin/oracle"],
  "expose": { "hostname_label": "oracle", "port": 8080 }
}

Oracles

Publish signed prices, reserves, attestations, or proof status from code whose deployment state is externally checkable.

Keepers

Run liquidation, settlement, rebalance, or bridge-monitoring jobs with public health and operator-taint evidence.

Confidential agents

Run Codex, Claude, or custom bots with encrypted terminal history and reconnectable sessions when read-write access is intended.

Operational access

Terminal access is capability-scoped.

Read-only workload terminals

Oracle observers can view workload logs through the xterm interface without stdin, resize, close, or signal controls. This is for protocols where visibility is useful and interference is not.

Read-write PTY sessions

Operator shells and confidential coding agents get real PTYs, reconnectable sessions, encrypted transcript history, and WezTerm-style notification escape support. 

# Long-running agent can notify the browser or mobile web shell.
printf '\033]777;notify;%s;%s\033\\' \
  'keeper' 'settlement window open'

Trust model

Taint is explicit state, not vibes.

State Verifier meaning
[] Pristine boot. No customer deploy, owner reassignment, arbitrary exec, or shell access has occurred.
customer_workload_deployed Expected sealed-oracle state after the workload is installed. Mutation routes should still be absent.
arbitrary_exec_enabled The node booted with deploy/exec surfaces available. Useful for operators, not a sealed oracle.
interactive_shell_enabled Read-write shell access is enabled. Treat as operator-interactive infrastructure.
Non-goal: DD does not make a dishonest oracle algorithm honest. It makes the running code, configuration, transport key, and operator access state inspectable enough that a protocol can decide whether to consume the result.

Build crypto infrastructure that can explain itself to verifiers.

The source is open, the runtime is measured, and the public health surface is designed for machines, not screenshots.

Open the repository EasyEnclave Sats for Compute