Skip to main content

View on GitHub

tinfoilsh/tinfoil-proxy
tinfoil-proxy is a small Go binary that serves the same http://127.0.0.1:3301/v1 endpoint as the menu-bar app. It’s the right pick for scripts, CI runners, headless servers, or any workflow where you don’t want a GUI.

Install script (macOS & Linux)

This detects your OS and CPU architecture, downloads the matching tinfoil-proxy binary from the latest release, and installs it to /usr/local/bin. Set INSTALL_DIR to install elsewhere, or VERSION (e.g. VERSION=0.0.8) to pin a specific release.

Pre-built binaries

Each release publishes standalone tinfoil-proxy binaries for macOS, Linux, and Windows alongside the Electron installers. Grab the one for your OS from the releases page.

From source

This drops tinfoil-proxy into $GOPATH/bin (usually $HOME/go/bin). Make sure that’s on your PATH.

Docker

A multi-arch image (linux/amd64 + arm64) is published to the GitHub Container Registry on every release:
The image binds to 0.0.0.0 inside the container so the published port is reachable; mapping it to 127.0.0.1 on the host keeps the endpoint loopback-only. Append flags after the image name to override defaults, for example ghcr.io/tinfoilsh/tinfoil-proxy -p 9443 -r tinfoilsh/confidential-model-router -e inference.tinfoil.sh. Pin a specific version with the :0.1.0 tag instead of :latest.

Run it

The defaults are sensible: tinfoil-proxy listens on http://127.0.0.1:3301 and auto-selects a Tinfoil router enclave, verifies its attestation against the public transparency log, and pins the attested public-key fingerprint for upstream TLS connections. If the enclave rotates its TLS certificate later, the underlying Go client re-runs attestation before trusting the new key. Point any OpenAI-compatible client at:

Pin a specific enclave

--host and --repo are an all-or-nothing pair — leave both empty for auto-discovery, or set both to pin a particular enclave + config repo:

Choose a custom port

Command options

Use it from any tool

Once tinfoil-proxy is running, the local endpoint is just a regular OpenAI-compatible base URL. See the coding agents tutorial for plug-and-play setups for Cline, Factory Droid, OpenCode, Hermes, and more.

Compare to the menu-bar app

tinfoil-proxy (CLI) and Tinfoil Proxy (menu-bar app) ship from the same repo. Both expose the same local endpoint (http://127.0.0.1:3301/v1 by default) and run identical attestation against the Tinfoil router enclave they forward to upstream. Pick whichever fits your workflow: