A TEE-based prover for Aztec transactions
mainnet.tee-rex.dev · testnet.tee-rex.dev · nightlies.tee-rex.dev
Research project -- TEE-Rex is a reference implementation for TEE-based proving on Aztec. It is designed to be high-quality, well-documented, and forkable so that other teams can study the approach and take it into production. This repository is not production infrastructure. The hosted servers may be online or offline at any time. If you'd like to test a PoC, feel free to reach out via Signal.
Prove Aztec transactions inside an AWS Nitro Enclave. The SDK encrypts proving inputs so that only the enclave can read them, generates the proof inside the TEE, and returns it to the client.
- Delegate Aztec transaction proving to a TEE (AWS Nitro Enclave)
- Encrypt sensitive data with TEE-attested encryption keys (curve25519 + AES-256-GCM)
- Verify Nitro attestation documents (COSE_Sign1, certificate chain, PCR values)
- Drop-in replacement for Aztec's default prover (SDK docs)
- Seamless fallback to local WASM proving
- Use the hosted TEE or run your own
- For native desktop proving, see the Aztec Accelerator companion project
npm add @alejoamiras/tee-reximport { createAztecNodeClient } from "@aztec/aztec.js/node";
import { createPXE } from "@aztec/pxe/client/lazy";
import { getPXEConfig } from "@aztec/pxe/config";
import { TeeRexProver } from "@alejoamiras/tee-rex";
const prover = new TeeRexProver({ apiUrl: "https://testnet.tee-rex.dev/prover" });
const pxe = await createPXE(node, getPXEConfig(), { proverOrOptions: prover });
// use the PXE as usual -- proving is delegated to the TEESee the SDK README for the full API reference, hosted server URLs, and embedded wallet integration examples.
To run your own TEE-Rex server, see the Server README.
tee-rex/
├── packages/
│ ├── sdk/ → @alejoamiras/tee-rex (npm package)
│ │ Drop-in Aztec prover: local (WASM) or UEE/TEE (server)
│ ├── server/ → Express server (runs in Nitro Enclave or standalone)
│ │ Handles /prove, /attestation endpoints
│ └── app/ → Vite frontend demo (local/UEE/TEE mode toggle)
├── infra/ → Deploy scripts, IAM policies, CloudFront config
└── docs/ → Architecture diagrams, CI pipeline reference
For architecture diagrams and detailed flow descriptions, see docs/architecture.md.
# Install dependencies
bun install
# Run lint + typecheck + unit tests
bun run test
# Run e2e tests (requires Aztec local network + tee-rex server)
bun run test:e2e
# Start the server
bun run start
# Build the SDK
bun run sdk:buildSee CONTRIBUTING.md for development workflow and guidelines.
| Document | Description |
|---|---|
| SDK README | SDK installation, API reference, usage examples |
| Server README | Self-hosting guide, API reference, Docker setup |
| Architecture | System diagrams, proving flow, Docker strategy |
| CI Pipeline | Workflow reference, change detection, deploy logic |
This software is provided for research and educational purposes only. It is not audited, not production-hardened, and comes with absolutely no warranties or guarantees of any kind. The authors are not responsible for any loss of funds, data, privacy, or any other damages resulting from the use of this software. Use at your own risk.
The hosted servers (mainnet.tee-rex.dev, testnet.tee-rex.dev, nightlies.tee-rex.dev) are best-effort research infrastructure with no uptime guarantees. They may be taken offline, reconfigured, or decommissioned without notice.
If you intend to use TEE-based proving in production, you should fork this repository, conduct your own security audit, and operate your own infrastructure.
Made with