Phala TEE Deployment

Prerequisites
Step 1: Build and publish the Docker image
Step 2: Deploy to Phala Cloud
Step 3: Verify the TEE attestation
Sample docker-compose.yaml
When to use TEE deployment
Useful links
See also

This guide deploys a Swarms agent into a Trusted Execution Environment (TEE) on Phala Cloud. TEEs run your agent inside a hardware-isolated enclave so neither the host operator nor a compromised orchestrator can read or tamper with the running process. After deployment you can produce an on-chain proof that the published Docker image is exactly what is executing.

Prerequisites

Docker installed locally.
A DockerHub account.
Access to the Phala Cloud dashboard.

Step 1: Build and publish the Docker image

# Build the image (replace with your DockerHub username)
docker compose build -t <your-dockerhub-username>/swarm-agent-node:latest

# Push to DockerHub
docker push <your-dockerhub-username>/swarm-agent-node:latest

Public DockerHub images are visible to anyone. If your image embeds anything confidential (rare — keys belong in env vars or secrets), use a private registry instead.

Step 2: Deploy to Phala Cloud

Pick one of:

CLI (recommended) — use tee-cloud-cli for scripted, reproducible deployments.
Dashboard — deploy interactively from the Phala Cloud Dashboard.

Step 3: Verify the TEE attestation

Once your service is live, visit the TEE Attestation Explorer and check that the published image hash matches the running enclave. This is your verifiable proof that the deployed code is exactly the code you pushed — anyone (you, your users, an auditor) can independently verify it.

Sample `docker-compose.yaml`

services:
  swarms-agent-server:
    image: swarms-agent-node:latest
    platform: linux/amd64
    volumes:
      - /var/run/tappd.sock:/var/run/tappd.sock
      - swarms:/app
    restart: always
    ports:
      - 8000:8000
    command: # Sample MCP Server
      - /bin/sh
      - -c
      - |
        cd /app/mcp_example
        python mcp_test.py
volumes:
  swarms:

The tappd.sock mount exposes Phala’s TEE attestation socket inside your container so the agent can request and emit attestation reports at runtime.

When to use TEE deployment

Sensitive system prompts or tools — the prompt and tool implementations stay isolated from the host.
Regulated workloads — health, finance, or legal use cases where you need cryptographic evidence of what code processed user data.
Multi-party trust — when several stakeholders need to agree on what an agent is doing without trusting a single operator.

Useful links

Source: docs/swarms_cloud/phala_deploy.md. Replace <your-dockerhub-username> with your actual DockerHub username when running the commands above.

Index

Basic Examples

Single Agent

Multi-Agent Examples

Applications

Research

Use Cases

Finance

Voice Agents

Integrations

Deployment

CLI

Phala TEE Deployment

Prerequisites

Step 1: Build and publish the Docker image

Step 2: Deploy to Phala Cloud

Step 3: Verify the TEE attestation

Sample `docker-compose.yaml`

When to use TEE deployment

Useful links

See also

Index

Basic Examples

Single Agent

Multi-Agent Examples

Applications

Research

Use Cases

Finance

Voice Agents

Integrations

Deployment

CLI

Documentation Index

​Prerequisites

​Step 1: Build and publish the Docker image

​Step 2: Deploy to Phala Cloud

​Step 3: Verify the TEE attestation

​Sample docker-compose.yaml

​When to use TEE deployment

​Useful links

​See also

Prerequisites

Step 1: Build and publish the Docker image

Step 2: Deploy to Phala Cloud

Step 3: Verify the TEE attestation

Sample `docker-compose.yaml`

When to use TEE deployment

Useful links

See also