This project is an iExec Decentralized Confidential Computing serverless application leveraging Trusted Execution Environment (TEE).
This project was scaffolded with iapp init.
iappCLI installed locallydockerinstalled locally- dockerhub account
- ethereum wallet
iapp init scaffolds a ready to hack iApp template.
Start hacking by editing the source code in ./src.
See iApp development guidelines for more details on the iApp development framework.
Use the iapp test command to run your app locally and check your app fulfills
the framework's requirements for outputs.
iapp testℹ️ Use the following options with
iapp testto simulate inputs:
--args <args>simulates the app invocation with public input args.--inputFile <url>simulates the app invocation with public input files.--requesterSecret <index=value>simulates the app invocation with requester secrets.--protectedData [mock name]simulates the app invocation with a secret protected data.- if your app uses an app secret,
iapp testwill prompt you to set the app secret and simulate the run of the app with it. You can choose to save the secret for further reuse byiapp testandiapp deploy.
Check the test output in the output directory.
ℹ️ Files used by the app while running
iapp testare located in the input directory.
Use the iapp deploy command to transform your app into a TEE app and deploy it
on the iExec decentralized platform.
iapp deployℹ️ for apps using an app secret
The app secret is provisioned once, at the app deployment time. If an app secret was already provided to
iapp testand saved in iapp.config.json,iapp deploywill reuse this secret.
Use the run command to run a deployed app on the iExec decentralized platform.
iapp run <iapp-address>ℹ️ Use the following options with
iapp runto inject inputs:
--args <args>run the app with public input args--inputFile <url>run the app with public input files--requesterSecret <index=value>run the app with requester secrets--protectedData <protected-data-address>run the app with a secret protected data
- iapp.config.json configuration file for the
iappcommands (⚠️ this file contains sensitive information such as credentials or wallet and should never be committed in a public repository). - src/ where your code lives when you develop your app.
- Dockerfile how to build your app docker image.
- input/ input directory for your local tests.
- output/ output directory for your local tests.
- cache/ directory contains traces of your past app deployments and runs.
iApps are serverless Decentralized Confidential Computing applications running on iExec's decentralized workers. This framework gives the guidelines to build such an application.
iApps can process different kind of inputs:
-
Requester inputs:
- public args
- public input files
- requester secrets
-
App developer inputs
-
Third party inputs:
- secret protected data
iApp's must write
output
files in the IEXEC_OUT (/iexec_out/) directory.
Each iApp run must produce a specific computed.json file.
⚠️ Output size limitation:
The results uploaded by the worker must not exceed 50 MB.
If the size exceeds this limit, the task will fail with the errorPOST_COMPUTE_FAILED_UNKNOWN_ISSUE.
Ensure your iApp generates outputs within this limit during testing.
The computed.json file is a JSON file referencing a deterministic result in
the IEXEC_OUT directory (any iApp run with the same inputs should create the
same deterministic result).
{
"deterministic-output-path": "iexec_out/path/to/deterministic/result"
}ℹ️ Only files referenced in
deterministic-output-pathmust be deterministic, other files produced in theIEXEC_OUTdirectory can be non-deterministic.
iApp can use libraries as soon as these libraries are installed while building
the project's Dockerfile.
ℹ️ Limitation
Transforming an app into a TEE application requires a base image (image
FROM) compatible with the transformation. Currently only a small set of base images are available.
- make sure installed libraries can run within the base image
- do not try to replace the base image in the Dockerfile, this would lead to failing TEE transformation.