Tinfoil Proxy CLI - Tinfoil Documentation

tinfoil-proxy

Run the same verified proxy as Tinfoil Proxy as a plain foreground process. GitHub: tinfoilsh/tinfoil-proxy

tinfoil-proxy is a small Go binary that serves the same http://127.0.0.1:3301/v1 endpoint as the menu-bar app. It’s the right pick for scripts, CI runners, headless servers, or any workflow where you don’t want a GUI.

Install script (macOS & Linux)

curl -fsSL https://github.com/tinfoilsh/tinfoil-proxy/raw/main/install.sh | sh

This detects your OS and CPU architecture, downloads the matching tinfoil-proxy binary from the latest release, and installs it to /usr/local/bin. Set INSTALL_DIR to install elsewhere, or VERSION (e.g. VERSION=0.0.8) to pin a specific release.

Pre-built binaries

Each release publishes standalone tinfoil-proxy binaries for macOS, Linux, and Windows alongside the Electron installers. Grab the one for your OS from the releases page.

From source

go install github.com/tinfoilsh/tinfoil-proxy@latest

This drops tinfoil-proxy into $GOPATH/bin (usually $HOME/go/bin). Make sure that’s on your PATH.

Docker

A multi-arch image (linux/amd64 + arm64) is published to the GitHub Container Registry on every release:

docker run --rm -p 127.0.0.1:3301:3301 ghcr.io/tinfoilsh/tinfoil-proxy
# clients now use http://127.0.0.1:3301/v1

The image binds to 0.0.0.0 inside the container so the published port is reachable; mapping it to 127.0.0.1 on the host keeps the endpoint loopback-only. Append flags after the image name to override defaults, for example ghcr.io/tinfoilsh/tinfoil-proxy -p 9443 -r tinfoilsh/confidential-model-router -e inference.tinfoil.sh. Pin a specific version with the :0.0.8 tag instead of :latest.

Run it

tinfoil-proxy

The defaults are sensible: tinfoil-proxy listens on http://127.0.0.1:3301 and auto-selects a Tinfoil router enclave, verifies its attestation against the public transparency log, and pins the attested public-key fingerprint for upstream TLS connections. If the enclave rotates its TLS certificate later, the underlying Go client re-runs attestation before trusting the new key. Point any OpenAI-compatible client at:

Base URL: http://127.0.0.1:3301/v1

Pin a specific enclave

--host and --repo are an all-or-nothing pair — leave both empty for auto-discovery, or set both to pin a particular enclave + config repo:

tinfoil-proxy \
  -r tinfoilsh/confidential-model-router \
  -e inference.tinfoil.sh \
  -p 3301

Choose a custom port

tinfoil-proxy -p 9443
# clients now use http://127.0.0.1:9443/v1

Command options

Flag	Description	Default
`-p, --port`	Port to listen on	`3301`
`-b, --bind`	Address to bind to	`127.0.0.1`
`-e, --host`	Pin a specific enclave hostname	auto
`-r, --repo`	Pin a specific config repo	auto
`--log-format`	`text` or `json`	`text`
`-v, --verbose`	Verbose output	off
`-t, --trace`	Trace output	off

Use it from any tool

Once tinfoil-proxy is running, the local endpoint is just a regular OpenAI-compatible base URL. See the coding agents tutorial for plug-and-play setups for Cline, Factory Droid, OpenCode, Hermes, and more. tinfoil-proxy (CLI) and Tinfoil Proxy (menu-bar app) ship from the same repo. Both expose the same local endpoint (http://127.0.0.1:3301/v1 by default) and run identical attestation against the Tinfoil router enclave they forward to upstream. Pick whichever fits your workflow:

	CLI (`tinfoil-proxy`)	Menu-bar app (Tinfoil Proxy)
Best for	Scripts, CI, headless servers	Day-to-day use on your laptop
Install	`go install …` or pre-built binary	`.pkg` / `.deb` / `.exe`
Stays running	Foreground process	Menu-bar (opt in to Open at Login)
Auto-update	Manual	Built in (macOS & Windows)
Verification UI	Logs	Live status

tinfoil-proxy

​Install script (macOS & Linux)

​Pre-built binaries

​From source

​Docker

​Run it

​Pin a specific enclave

​Choose a custom port

​Command options

​Use it from any tool

​Compare to the menu-bar app