A3S Power
A3S Power
Privacy-preserving LLM inference server for Trusted Execution Environments
A3S Power
A3S Power is a privacy-preserving LLM inference server built to run inside Trusted Execution Environments (TEE). It provides an OpenAI-compatible API for chat completions, text completions, embeddings, and vision — with hardware-enforced memory encryption, model integrity verification, and automatic log redaction.
Why Power?
- TEE-native: Runs inside AMD SEV-SNP and Intel TDX MicroVMs with hardware-encrypted memory
- OpenAI-compatible: Works with any OpenAI SDK (
/v1/chat/completions,/v1/embeddings) - Pure Rust inference: Default backend via
mistralrs(candle) — no C++ toolchain, ideal for supply-chain auditing - Privacy by default: Prompts and responses never appear in logs; memory is zeroed on model unload
- Verifiable: Remote attestation proves inference runs in a genuine TEE before you trust the output
Architecture
┌──────────────────────────────────────────────────────┐
│ a3s-power │
│ │
│ TEE Layer │
│ ┌────────────────┐ ┌──────────────┐ ┌────────────┐ │
│ │ attestation │ │ model_seal │ │ privacy │ │
│ │ (TeeProvider) │ │ (SHA-256) │ │ (redact) │ │
│ └────────┬───────┘ └──────┬───────┘ └─────┬──────┘ │
│ │
│ Server Layer │
│ ┌─────────────────────────────────────────────────┐ │
│ │ Axum Router /health /metrics /v1/* │ │
│ └──────────────────────┬──────────────────────────┘ │
│ │ │
│ Backend Layer │
│ ┌──────────────────────────────────────────────────┐ │
│ │ MistralRsBackend (default) · LlamaCppBackend │ │
│ │ PicolmBackend (TEE layer-streaming) │ │
│ │ GGUF · SafeTensors · Vision · Embeddings │ │
│ └──────────────────────────────────────────────────┘ │
│ │
│ Model Layer │
│ ┌──────────────────────────────────────────────────┐ │
│ │ ModelRegistry · SHA-256 blob store · HF pull │ │
│ └──────────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────┘Key Components
Prop
Type
Model Format Support
Prop
Type
Default Paths
Prop
Type