Skip to content

docs: de-cloud README, restore dstack open-framework framing#725

Merged
kvinwang merged 1 commit into
masterfrom
docs/readme-de-cloud
Jun 10, 2026
Merged

docs: de-cloud README, restore dstack open-framework framing#725
kvinwang merged 1 commit into
masterfrom
docs/readme-de-cloud

Conversation

@kvinwang

@kvinwang kvinwang commented Jun 10, 2026

Copy link
Copy Markdown
Collaborator

Why

The dstack-cloud downstream fork was merged back into this repo, and its README modifications came along — rebranding the whole open-source framework repo as a cloud product:

  • title "What is dstack-cloud?" and tagline "Deploy confidential workloads on GCP and AWS"
  • logo alt ![dstack-cloud]
  • Quick Start built around the dstack-cloud CLI
  • some badge/verifier links pointing at Phala-Network/dstack-cloud

This repo is the upstream dstack framework (vmm / kms / gateway / guest-agent), so the README should present the open framework, not the commercial cloud distribution.

Changes

  • title / tagline / logo restored to dstack ("the open framework for confidential AI")
  • badge + verifier links back to Dstack-TEE/dstack
  • Quick Start uses a docker-compose example + meta-dstack guest images instead of the dstack-cloud CLI; dropped the cloud CLI reference section
  • kept the Supported Platforms table (bare metal TDX listed first), FAQ, citation, and other improvements that came back with the merge
  • license stays Apache 2.0

No doc files were moved; all referenced links resolve.

@kvinwang
docs: de-cloud README, restore dstack open-framework framing
13674fb 
The dstack-cloud downstream README was merged back into this repo,
rebranding the whole project as a cloud product ("What is dstack-cloud?",
"Deploy on GCP and AWS", dstack-cloud CLI quick start). Restore the
open-framework framing:

- title/tagline/logo back to dstack (the open framework for confidential AI)
- badge and verifier links back to Dstack-TEE/dstack
- quick start uses docker-compose + meta-dstack images instead of the
  dstack-cloud CLI; drop the CLI reference section
- keep Supported Platforms table (bare metal TDX first), FAQ, citation
- license stays Apache 2.0
Copilot AI review requested due to automatic review settings June 10, 2026 15:19
@kvinwang kvinwang enabled auto-merge (squash) June 10, 2026 15:20
Copilot AI reviewed Jun 10, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restores the repository README framing from the downstream dstack-cloud positioning back to the upstream dstack open framework, including updated branding and a revised “Getting Started” flow.

Changes:

  • Rebrand README title/tagline/logo and links back to dstack (upstream framework)
  • Replace cloud-CLI-centric quick start with a docker-compose based “Getting Started”
  • Update/reshape architecture and documentation sections to match the upstream framing

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md
Comment on lines 222 to +224
Apache 2.0
</content>
</invoke>
Comment thread README.md
![Architecture](./docs/assets/arch.png)

Your container runs inside a Confidential VM (Intel TDX on GCP, Nitro Enclave on AWS). GPU isolation is optional via NVIDIA Confidential Computing. The CPU TEE protects application logic. The GPU TEE protects model weights and inference data.
Your container runs inside a Confidential VM (Intel TDX) with optional GPU isolation via NVIDIA Confidential Computing. The CPU TEE protects application logic; the GPU TEE protects model weights and inference data.
Comment thread README.md
**Core components:**

- **Guest Agent**: Runs inside each CVM. Generates attestation quotes so users can verify exactly what's running. Provisions per-app cryptographic keys from KMS. Encrypts local storage. Apps interact via `/var/run/dstack.sock`.
- **Guest Agent**: Runs inside each CVM. Generates TDX attestation quotes so users can verify exactly what's running. Provisions per-app cryptographic keys from KMS. Encrypts local storage. Apps interact via `/var/run/dstack.sock`.
Comment thread README.md
- **Guest Agent**: Runs inside each CVM. Generates TDX attestation quotes so users can verify exactly what's running. Provisions per-app cryptographic keys from KMS. Encrypts local storage. Apps interact via `/var/run/dstack.sock`.

- **KMS**: Runs in its own TEE. Verifies attestation quotes before releasing keys. Enforces authorization policies that operators cannot bypass. Derives deterministic keys bound to each app's attested identity.
- **KMS**: Runs in its own TEE. Verifies TDX quotes before releasing keys. Enforces authorization policies defined in on-chain smart contracts — operators cannot bypass these checks. Derives deterministic keys bound to each app's attested identity.
@kvinwang kvinwang merged commit f4462bc into master Jun 10, 2026
15 of 16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kvinwang