ORGNSIGN-IN
IntroducingConfidential Agentic Execution

The control plane for confidential agents.

Get Started

README

Background tasks that live inside a Trust Domain. Composable, attestation-first, and built to scale — from prototype agents to the most regulated consumer and enterprise workloads on the planet.

npx trigger.dev@latest init --enclave intel-tdx
RUNNING SEALED FOR
OpenAI
Anthropic
Mistral
Hugging Face
Cohere
Meta · Llama
Google · Gemini
OpenAI
Anthropic
Mistral
Hugging Face
Cohere
Meta · Llama
Google · Gemini

Features

01

Hardware Trust Domain.

Intel TDX, AMD SEV-SNP, NVIDIA H100-CC, AWS Nitro — pin one or let us pick.

TDXSEV-SNPH100-CCNITRO
02

Sealed payloads.

X25519 + AES-GCM in flight, Trust Domain memory at rest. Operator reads ciphertext.

{ "text": "——" }[ENC]TD0
03

Remote attestation.

Every run produces a DCAP-signed quote you can verify from your laptop.

QUOTESHA384:9f3a…c1b8
04

Confidential models.

Run GPT-4o, Claude, Llama, Mistral — weights and prompts never leave the TD.

gpt-4oclaude-opus-4-7llama-3.3mistral
05

Reproducible runtime.

Pin MR_TD measurements; reject any image you didn't approve.

MR_TD = 9f3a:c1b8:e7d2:6a04:1b56:af03
06

Multi-region.

us-east, eu-fra, ap-tok, with in-region attestation roots and key custody.

us-east-1eu-fra-1ap-tok-1
07

Zero-trust egress.

Per-task allowlists; calls leave the TD only to attested counterparties.

DENY *ALLOW api.openai.com
08

Auditable by design.

Every quote, every input hash, every model version — append-only ledger.

· #4192 verified · 12ms
· #4191 verified · 9ms
· #4190 verified · 14ms
09

Two lines of code.

Same task() primitive your team knows. Add `enclave` and `attestation`.

task({ enclave: "intel-tdx" })

Framework

The same task() primitive your team already uses. Pin a TEE, demand attestation, the platform handles the rest.

agent.ts
EVERY RUN ATTESTED
1import { task, attest } from "@trigger.dev/sdk"
2 
3export const summarizeFiling = task({
4 id: "summarize-filing",
5 enclave: "intel-tdx", // hardware TEE
6 attestation: "required", // signed quote per run
7 model: "claude-opus-4-7",
8 run: async ({ payload, ai }) => {
9 const result = await ai.complete(payload.text);
10 return attest(result); // signed by TD measurement
11 },
12});

ZERO READS

Operators cannot read payloads, prompts, or model output. Period.

Live ops

Every agent task lands inside a Trust Domain, runs sealed, and exits with a quote.

+att+enc+seal+sig
TDX QUOTE · v1.5
TD0 · cpu-tdx-7v
REGISTERS
5 / 5 SEALED
MR_TD····:····:····:····:····:····
RTMR0····:····:····:····:····:····
RTMR1····:····:····:····:····:····
RTMR2····:····:····:····:····:····
NONCE········
QUOTE VERIFIED
ms · PCS rooted
CONFIDENTIAL AGENT FEED
REALTIME · LAST 7
RUNTASK · MODELENCLAVEREGIONATTMS
  • run_------------ · ----TDX------OK0
  • run_------------ · ----TDX------OK0
  • run_------------ · ----TDX------OK0
  • run_------------ · ----TDX------OK0
  • run_------------ · ----TDX------OK0
  • run_------------ · ----TDX------OK0
SEALED EXECUTION PIPELINE
E2E ENCRYPTED · ATTESTED
  1. 01
    CLIENTTrigger SDK
  2. 02
    ENCRYPTX25519 + AES-GCM
  3. 03
    TRUST DOMAINIntel TDX TD0
  4. 04
    AGENTSealed model run
  5. 05
    ATTESTDCAP quote
  6. 06
    VERIFYCaller-side check
AGENTS RUN · 24H
17,432

across 4 TEE families

ATTESTATION RATE
100%

DCAP-rooted quotes

OPERATOR READS
0

by design — sealed memory

MEDIAN OVERHEAD
8 ms

vs unsealed baseline

SENTINEL · ENCLAVE FAMILIES

Run agents on whichever TEE your workload demands. We attest, you verify, no one else reads.

INTEL TDXTEEAMD SEV-SNPTEEINTEL SGXTEENVIDIA H100-CCTEEAWS NITROTEEARM CCATEEKEYLIMETEEDCAP-V4TEERA-TLSTEEVTPM 2.0TEEMEASURED BOOTTEESECURE BOOTTEE

Roll your own confidential agent platform in minutes.

VERSIONv4.4.5
·
WEEKLY RUNS2.5M
·
ATTESTED100%
GET STARTEDSIGN IN
,