When you callDocumentation Index
Fetch the complete documentation index at: https://developer.litprotocol.com/llms.txt
Use this file to discover all available pages before exploring further.
api.chipotle.litprotocol.com, your request terminates inside an Intel TDX Trusted Execution Environment (TEE) operated by Phala Cloud. The TEE generates a hardware-signed attestation quote on every boot, and the code it’s allowed to run is gated by smart contracts on Base — not by Lit Protocol or any Phala employee.
The fastest way to verify this is to view the Phala Trust Center report for our production app. It runs every check on this page automatically and shows you the result in a browser.
View the Lit Chipotle Trust Center Report
Phala’s public Trust Center verifies the Intel TDX hardware quote, the Docker compose hash, the OS measurements, the TLS certificate, and the on-chain KMS configuration — all automatically, no install required.
app_id (3f91deaf16ff7c823ee65081d6bafa1ceea05ffc). This same value is returned by GET /info on the live API and is the address of the on-chain DstackApp contract that governs which code the enclave is allowed to run.
What you should expect to see
A passing Trust Center report confirms four independent properties:| Property | Why it matters |
|---|---|
| Hardware quote verified | Intel’s TDX hardware root of trust signed a statement about what code is running. Anyone can verify the signature against Intel’s published root CAs. |
| Compose hash matches | The SHA-256 of app-compose.json (the docker-compose config + metadata) recorded in the TDX quote matches what’s whitelisted in the on-chain DstackApp contract. |
| OS measurements match | The boot-time measurements (firmware, kernel, initrd) match a known-good dstack OS release whitelisted in the Phala KMS contract. |
| TLS terminates in TEE | The HTTPS certificate served by api.chipotle.litprotocol.com was generated inside the TEE itself. No proxy, load balancer, or CDN can see your traffic. |
Verify it yourself in three commands
The Trust Center is convenient, but the whole point of attestation is that you don’t have to trust anyone — including Phala. Here’s the minimum-viable manual check:On-chain governance you can audit
Three smart contracts on Base together define what Lit Chipotle is allowed to do. All three are administered by a Safe multisig — no single party can change them.DstackApp
0x3F91…05FfC — whitelists the compose hashes (i.e. the docker-compose configurations) the Lit Chipotle CVM is allowed to boot.Phala KMS
0x2f83…Ba9C — whitelists allowed dstack OS images and KMS instance measurements. Gatekeeps key release to the CVM.Safe Multisig
0xF688…1098 — owns both contracts above. Any deployment or config change requires multiple Lit signers.On-Chain KMS Deep Dive
What KmsAuth and DstackApp actually do, what “active” looks like on Basescan, and how key release is gated.
What’s next
- On-Chain KMS — how the KMS contracts gate key release and what to look for on Basescan
- Full Verification Guide — step-by-step manual verification of every layer
- Chain of Trust Reference — what each layer checks and why
- Security & Verification Overview — Zero-Trust TLS and the trust model