Open Source Implementation of Apple's Private Compute Cloud
OpenPCC
OpenPCC is an open-source framework for provably private AI inference, inspired by Apple’s Private Cloud Compute but fully open, auditable, and deployable on your own infrastructure. It allows anyone to run open or custom AI models without exposing prompts, outputs, or logs - enforcing privacy with encrypted streaming, hardware attestation, and unlinkable requests.
OpenPCC is designed to become a transparent, community-governed standard for AI data privacy.
Read the OpenPCC Whitepaper: https://github.com/openpcc/openpcc/blob/main/whitepaper/openpcc.pdf
OpenPCC Client
This repo contains the code for an OpenPCC compliant go client as well as a c library that is used as the basis of python and javascript clients. In addition, it contains a number of in-memory services that can be used to exercise the client.
Go Usage
see cmd/test-client/main.go for a local dev example. To connect to a prod service, it would look something like this:
import ( "context" "fmt" "net/http" "os" "strings" "github.com/openpcc/openpcc" "github.com/openpcc/openpcc/inttest" "github.com/openpcc/openpcc/transparency" ) func makePCCRequest() error { ctx := context.Background() identityPolicy := transparency.IdentityPolicy{ OIDCSubjectRegex: "^https://github.com/confidentsecurity/T/.github/workflows.*", OIDCIssuerRegex: "https://token.actions.githubusercontent.com", } cfg := openpcc.DefaultConfig() cfg.APIURL = "https://app.confident.security" cfg.APIKey = "{Your API Key here}" cfg.TransparencyVerifier = transparency.DefaultVerifierConfig() cfg.TransparencyIdentityPolicy = &identityPolicy client, err := openpcc.NewFromConfig(ctx, cfg) if err != nil { return fmt.Errorf("failed to create openpcc client: %w", err) } // Inference requests use OpenAI API generate format body := "{\"model\":\"qwen3:1.7b\",\"prompt\":\"why is the sky blue?\"}" // nosemgrep: problem-based-packs.insecure-transport.go-stdlib.http-customized-request.http-customized-request req, err := http.NewRequest("POST", "http://confsec.invalid/v1/completions", strings.NewReader(body)) if err != nil { return err } // add a tag to the request to route request to compute nodes that are running the specified model req.Header.Add("X-Confsec-Node-Tags", "qwen3:1.7b") resp, err := client.RoundTrip(req) if err != nil { return err } return nil }
Development
Dev commands are run using the go tool mage
you can run it just from the go.mod tool install with go tool mage [cmd], or you can install mage itself to save the key presses: go install github.com/magefile/mage@latest
mage will print a list of commands (see /magefiles/* for the source of the commands)
To exercise the library in development, use mage runMemServices to run all the in-memory OpenPCC services. Then use mage runClient to make a test request into the system.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
