tr- and are only shown once.export TRESOR_API_KEY="tr-live-..."
Use the OpenAI-compatible HTTP endpoint directly. Works in any environment that can speak HTTP.
curl https://api.tresor.co/v1/chat/completions \
-H "Authorization: Bearer $TRESOR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"model": "global/redpill/gpt-oss-120b",
"messages": [{"role": "user", "content": "Hello!"}],
"stream": true
}'
from openai import OpenAI
client = OpenAI(
base_url="https://api.tresor.co/v1",
api_key="<your-api-key>",
)
stream = client.chat.completions.create(
model="global/redpill/gpt-oss-120b",
messages=[{"role": "user", "content": "Hello!"}],
stream=True,
)
for chunk in stream:
print(chunk.choices[0].delta.content or "", end="", flush=True)
import OpenAI from "openai";
const client = new OpenAI({
baseURL: "https://api.tresor.co/v1",
apiKey: process.env.TRESOR_API_KEY,
});
const stream = await client.chat.completions.create({
model: "global/redpill/gpt-oss-120b",
messages: [{ role: "user", content: "Hello!" }],
stream: true,
});
for await (const chunk of stream) {
process.stdout.write(chunk.choices[0]?.delta?.content ?? "");
}
You should see the response stream back as Server-Sent Events. The final chunk includes a tresor.receipt_id you can use to fetch a signed receipt of the call.
tresor-attestWrap your client with the tresor-attest SDK. Every request is gated on a fresh hardware-attestation check; if the endpoint is not the audited binary inside an AMD SEV-SNP Confidential VM, the call refuses to send any payload.
# pip install tresorhq-attest openai
import httpx
from openai import OpenAI
from attest import AttestedTransport
client = OpenAI(
base_url="https://api.tresor.co/v1",
api_key="<your-api-key>",
http_client=httpx.Client(transport=AttestedTransport()),
)
resp = client.chat.completions.create(
model="global/redpill/gpt-oss-120b",
messages=[{"role": "user", "content": "Hello!"}],
)
print(resp.choices[0].message.content)
// npm install @tresorhq/attest openai
import OpenAI from "openai";
import { createAttestedFetch } from "@tresorhq/attest";
const client = new OpenAI({
baseURL: "https://api.tresor.co/v1",
apiKey: process.env.TRESOR_API_KEY,
fetch: createAttestedFetch(),
});
const resp = await client.chat.completions.create({
model: "global/redpill/gpt-oss-120b",
messages: [{ role: "user", content: "Hello!" }],
});
console.log(resp.choices[0]?.message?.content);
// go get github.com/tresorhq/attest/go/attest
// Pure verifier library — see https://github.com/tresorhq/attest/tree/main/go
// for an end-to-end example wrapping net/http.
If verification fails, the call raises a typed AttestationError (Python / TypeScript) or returns a sentinel error (Go) before any application data crosses the wire. There is no soft-fail mode.