Summary
Support deploying confidential / TEE workloads whose OCI container image is identified by IPFS (content-addressed, pinned via a third-party pinning service, fetched via a public IPFS gateway), so operators are not required to use a traditional container registry (e.g. Docker Hub) as the only way to supply the image.
Motivation
- Distribution: Prefer CID + pinning + gateway over
docker push to a centralized registry for immutable, content-addressed images.
- Separation of concerns: Application keys (wallets, XMTP, etc.) stay out of registry vendor flows; infra can publish images via IPFS-only pipelines.
- Alignment: Broader ecosystem work exists for OCI-on-IPFS; Phala/dstack would benefit from a documented, supported deploy path instead of assuming
registry/repo:tag only.
Desired behavior
-
Deploy surface (CLI, API, or app-compose / equivalent) accepts an image reference that resolves to an OCI image on IPFS, e.g.:
ipfs://<CID> or a single documented URI scheme, and/or- Explicit support for gateway URLs that resolve to OCI manifest + blobs (with clear rules: not ambiguous “any HTTPS URL”).
-
Runtime: Workers that load images for TDX/dstack materialize the image from IPFS (direct or via gateway), verify digest/manifest consistency, then run with the same security posture as registry-backed images.
-
Documentation: Pinning best practices, gateway timeouts, size limits, and failure modes (unpinned CID, invalid manifest).
Non-goals
- This issue is not about replacing RA-TLS, attestation, or
@phala/dstack-sdk key APIs — only how the container image bytes are sourced.
Suggested acceptance criteria
References
- Ecosystem: OCI distribution over IPFS (e.g. nerdctl IPFS documentation, IPDR) — Phala can define the supported subset for production.
Context (optional)
Consumers want IPFS pinning + public gateway as the distribution layer; Phala-side support is required for ipfs:// (or equivalent) to be more than a manual “import to registry first” step.
Summary
Support deploying confidential / TEE workloads whose OCI container image is identified by IPFS (content-addressed, pinned via a third-party pinning service, fetched via a public IPFS gateway), so operators are not required to use a traditional container registry (e.g. Docker Hub) as the only way to supply the image.
Motivation
docker pushto a centralized registry for immutable, content-addressed images.registry/repo:tagonly.Desired behavior
Deploy surface (CLI, API, or
app-compose/ equivalent) accepts an image reference that resolves to an OCI image on IPFS, e.g.:ipfs://<CID>or a single documented URI scheme, and/orRuntime: Workers that load images for TDX/dstack materialize the image from IPFS (direct or via gateway), verify digest/manifest consistency, then run with the same security posture as registry-backed images.
Documentation: Pinning best practices, gateway timeouts, size limits, and failure modes (unpinned CID, invalid manifest).
Non-goals
@phala/dstack-sdkkey APIs — only how the container image bytes are sourced.Suggested acceptance criteria
References
Context (optional)
Consumers want IPFS pinning + public gateway as the distribution layer; Phala-side support is required for
ipfs://(or equivalent) to be more than a manual “import to registry first” step.