mirror of
https://github.com/ultravioletrs/cocos.git
synced 2026-06-22 20:00:18 +00:00
Sammy Kerata Oina
a3265bc346
* feat: Introduce computation runner, log forwarder, ingress, and egress proxy services. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update Go environment variable parsing and build system to use new architecture and repository. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update package sources to `sammyoina/cocos-ai` at a specific commit, add log-forwarder pre-start hook, and rename proxy binaries. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * chore: Update build system references to a specific commit and enhance logging for service connections and message processing. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * build: Update package source repositories and versions, migrate client logging to slog, and adjust ingress/egress proxy build and install steps. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * debug stuck Signed-off-by: Sammy Oina <sammyoina@gmail.com> * debug Signed-off-by: Sammy Oina <sammyoina@gmail.com> * debug Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: add HTTP/2 support to egress proxy and update build system to use specific commit hashes Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: enhance egress proxy CONNECT handling, update package sources, and add gRPC test utility Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update build system for various services to a specific commit from a new repository, change agent gRPC port to 7001, and add a gRPC test client. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Migrate agent-internal gRPC communication to Unix sockets, set ingress proxy to port 7002, and update build hashes. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: Remove standalone ingress-proxy systemd service and update component versions. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix: Prevent computation re-initialization in agent and update component versions across several packages. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: update package versions and enable h2c support in ingress proxy. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: refactor ingress proxy to support HTTP/2 over Unix sockets and update component versions. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: Update build system package sources to `ultravioletrs/cocos` and reduce agent logging verbosity. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * refactor: improve error handling in proxy commands and remove unused gRPC test Signed-off-by: Sammy Oina <sammyoina@gmail.com> * test: add mock service state return value in handleRunReqChunks test Signed-off-by: Sammy Oina <sammyoina@gmail.com> * feat: add comprehensive tests for service and proxy components Signed-off-by: Sammy Oina <sammyoina@gmail.com> * fix linter Signed-off-by: Sammy Oina <sammyoina@gmail.com> * improve coverage Signed-off-by: Sammy Oina <sammyoina@gmail.com> * test: add gRPC client and ingress adapter tests, and update egress proxy tests. Signed-off-by: Sammy Oina <sammyoina@gmail.com> * improve coverage Signed-off-by: Sammy Oina <sammyoina@gmail.com> --------- Signed-off-by: Sammy Oina <sammyoina@gmail.com>
Cocos AI 🥥
Confidential Computing System for AI
Made with ❤️ by Ultraviolet
Guide | Contributing | Website
Introduction 🚀
Cocos AI is a cutting-edge platform designed to enable secure multiparty computation (SMPC) using Confidential Computing and Trusted Execution Environments (TEEs).
It empowers organizations to collaboratively process sensitive data for AI/ML workloads while ensuring:
- 🔒 Data Privacy: Your data stays encrypted and secure throughout the computation.
- 🛡️ Trust and Integrity: Protected by hardware enclaves with robust remote attestation protocols.
- 🤝 Seamless Collaboration: Multiple organizations can work together without exposing sensitive information.
Features 🛠️
Cocos AI provides essential features for secure and efficient collaborative AI/ML:
- 🖥️ TEE Enablement and Monitoring: Secure VM management for deploying and monitoring workloads.
- 🛡️ Hardware Abstraction Layer (HAL): Built on a hardened Linux kernel, secure bootloader, and minimal root filesystem (minimal TCB).
- 🕵️ In-Enclave Agent and Networking Controller: Essential system software for managing secure workloads.
- 🔒 Encrypted Data Transfer: Asynchronous data transfer and secure result delivery.
- 🛠️ API for Platform Manipulation: Programmatic control for managing workloads.
- ✅ Attestation and Verification Tools: Hardware- and software-supported attestation for integrity assurance.
- 🖱️ Command-Line Interface (CLI): A user-friendly CLI for system interaction.
🚀 Quick Start
Clone the Repository and Build Binaries
git clone git@github.com:ultravioletrs/cocos.git
make
This will generate three binaries:
ls build/
# cocos-agent cocos-cli cocos-manager
Deployment Overview:
- Manager: Deploy on the AMD SEV-SNP host to orchestrate workloads.
- Agent: Build into the EOS-based HAL for secure enclave management.
- CLI: Interact with remote agents to control operations.
📚 Documentation
Comprehensive documentation is available at the official documentation page.
For CLI usage details, visit the CLI Documentation.
Documentation is automatically generated from the docs repository. Contributions to documentation are welcome!
🛡️ License
Cocos AI is published under the permissive open-source Apache-2.0 license. Contributions are encouraged and appreciated!
🌐 Links and Resources
- Cocos AI Website
- Official Releases
- Confidential Computing Overview
- Trusted Execution Environments (TEEs)
This work has been partially supported by the ELASTIC and CONFIDENTIAL6G, which received funding from the Smart Networks and Services Joint Undertaking (SNS JU) under the European Union’s Horizon Europe research and innovation programme under Grant Agreement No. 101139067 and Grant Agreement No. 101096435. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union. Neither the European Union nor the granting authority can be held responsible for them.