Skip to content

Releases: ultravioletrs/cube

Cube AI — Release Notes v0.1.0

12 Mar 12:52
@SammyOina SammyOina
v0.1.0
e31d9cc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Cube AI — Release Notes v0.1.0 Latest
Latest

Cube AI — Release Notes v0.1.0

First public release of Cube AI — a secure, confidential computing platform for running AI workloads inside hardware-attested Confidential Virtual Machines (CVMs).

🎉 Highlights

  • Confidential VM infrastructure with AMD SEV-SNP and Intel TDX support.

  • Secure AI inference via Ollama and vLLM, proxied through an authenticated, attested TLS layer.

  • Hardware attestation with full attestation report generation, audit logging, and policy enforcement.

  • AI Guardrails — content moderation and off-topic detection as a sidecar service.

  • Cube Proxy — OpenAI-compatible reverse proxy with dynamic routing, authorization, and audit logging.

  • Production-ready deployment with Traefik, SSO, Mailchimp, Fluent Bit log collection, and cloud CI/CD.

🔐 Confidential Computing & Attestation

  • Deployed VMs as Confidential VMs (CVMs) using QEMU with SEV-SNP and TDX enabled.

  • Implemented hardware attestation with support for multiple platform types (vTPM, TDX, SNP).

  • Added attested TLS (aTLS) support in the HTTP server for verified secure connections.

  • Attestation reports are now included in audit logs for full traceability.

  • Introduced attestation policy generation guide and proxy configuration documentation.

  • Added a dedicated attestation API endpoint supporting JSON and text-proto response formats.

  • Enabled TPM, IMA, and TDX kernel features in the Cube Agent configuration.

  • Certificate provisioning for the agent using CVM ID and cert tokens.

🤖 AI Inference

  • Ollama support with GPU passthrough and preloaded Docker images in VM.

  • vLLM support for high-throughput model serving.

  • OpenAI-compatible proxy — Cube Proxy now speaks the OpenAI API protocol.

  • Replaced TinyLlama with an updated default model across all configurations.

  • Migrated guardrails to Colang 2.x for improved off-topic and output validation handling.

🛡️ Guardrails

  • Implemented AI Guardrails as a content moderation service with configurable policies.

  • Refactored guardrails into a standalone sidecar architecture.

  • Added vLLM + guardrails integration.

  • Default basic guardrail configs included out of the box.

  • Guardrails detection and logging integrated into the audit system, with extraction tests.

🔀 Cube Proxy

  • Built a reverse proxy with Traefik as the ingress layer.

  • Added dynamic route management — create, update, and delete routes at runtime.

  • Route validation and conflict detection with strip_prefix support.

  • event_type and aTLS fields added to route rules for audit logging and verification.

  • Authorization layer integrated with SuperMQ (SMQ) permission model.

  • Audit middleware with structured request/response logging.

  • Token usage calculation added to chat completion responses.

🧩 Cube Agent

  • Introduced the enclave agent for in-CVM service orchestration.

  • config.json bind mount support for the agent service.

  • Kernel relocation and randomization features enabled.

  • Replaced DHCP client with systemd-networkd and systemd-resolved.

  • Dynamic config auto-sync support added.

🖥️ UI & Frontend

  • Deployed Cube AI web UI with authentication via NextAuth.

  • SSO (Single Sign-On) enabled on the development deployment.

  • Magistrala-UI backend integrated.

  • Updated logos, fonts, and menu styling.

  • UI build pipeline added with CI/CD automation.

📊 Audit Logging

  • Audit logs include attestation reports, guardrails detection results, and token usage.

  • Domain ID filtering added for scoped audit log queries.

  • Replaced Fluentd log driver with Fluent Bit tail-based log collection.

  • Audit filter refactored for cleaner query handling.

🏗️ Infrastructure & DevOps

  • Cloud deployment workflow with concurrency controls and manual dispatch support.

  • Added workflow to build and publish release artifacts automatically.

  • Docker image publishing fixed and CI pipeline hardened.

  • Mailchimp configuration added for transactional email.

  • HTTPS enforced for password reset and verification URLs.

  • Email templates refactored for password reset and account verification.

  • Upgraded to SuperMQ v0.19.1.

📖 Documentation

  • Added cloud-init documentation for local deployment.

  • Attestation policy and proxy configuration guides.

  • Updated README with architecture and setup instructions.

  • Fixed curl examples for HTTPS proxy usage.

👥 Contributors

A huge thank you to everyone who contributed to this first release:

Contributor First PR
@rodneyosodo #5 — Automate VM Creation
@JeffMboya #21 — Cloud-init documentation
@wambui-pixel #30 — Config file
@SammyOina #49 — Proxy API refactor
@WashingtonKK #89 — API URL routing
@smithjilks #71 — AI Guardrails
@FilipCivljak #117 — HTTPS curl examples
@Musilah #136 — README update
@dependabot #106 — Dependency updates

Full Changelog: https://github.com/ultravioletrs/cube/commits/v0.1.0

Contributors

dependabot, rodneyosodo, and 7 other contributors
Assets 7
Loading