9d5f4da3d6
Maple AI is a TEE-based private inference provider using Confidential Computing for end-to-end encryption with cryptographic attestations. - Add maple-models.ts with model catalog and discovery - Add MAPLE_API_KEY environment variable support - Add interactive onboarding: `clawdbot onboard --auth-choice maple-api-key` - Add configurable proxy URL (default: http://127.0.0.1:8080/v1) - Add provider auto-registration when API key detected - Add documentation at docs/providers/maple.md Supported models: kimi-k2-thinking (default), gpt-oss-120b, deepseek-r1-0528, qwen3-coder-480b, qwen3-vl-30b, llama-3.3-70b, gemma-3-27b
6.1 KiB
Maple AI Provider
Maple AI provides TEE-based (Trusted Execution Environment) private inference using Confidential Computing. All inference runs in secure enclaves with end-to-end encryption and cryptographic attestations, ensuring your prompts and responses remain private.
How It Works
Maple AI runs as a local proxy (desktop app or Docker container) that connects to secure TEE enclaves. Your data is encrypted end-to-end and never visible to Maple or any third party. Maple runs the largest, state-of-the-art open models and does not share any data back to the model creators. Sign up at trymaple.ai to get started. Maple Proxy requires a paid account with API credits.
- Desktop App or Docker: Run the Maple proxy locally
- Local Proxy: Default endpoint at
http://127.0.0.1:8080/v1 - TEE Backend: Requests are forwarded to Maple's secure enclaves
- Cryptographic Attestation: Verify the enclave is running trusted code
Features
- End-to-end encryption: Your prompts and responses are encrypted
- Cryptographic attestations: Verify the secure enclave integrity
- Open-source verifiable code: Audit the code running in the enclave
- OpenAI-compatible API: Standard
/v1endpoints for easy integration - Streaming: Required for all completions
Setup
1. Install Maple Proxy
Desktop App (Recommended)
Download and run the Maple desktop app from trymaple.ai/downloads. The proxy runs automatically on http://127.0.0.1:8080/v1.
Docker
docker run -p 8080:8080 \
-e MAPLE_BACKEND_URL=https://enclave.trymaple.ai \
-e MAPLE_ENABLE_CORS=true \
trymaple/proxy
2. Generate API Key
Open the Maple app and generate an API key. This key authenticates your requests to the local proxy.
3. Configure Moltbot
Option A: Interactive Setup (Recommended)
moltbot onboard --auth-choice maple-api-key
This will:
- Prompt for your API key
- Ask for the proxy URL (defaults to
http://127.0.0.1:8080/v1) - Configure the provider automatically
Option B: Environment Variable
export MAPLE_API_KEY="your-api-key"
Option C: Non-interactive
moltbot onboard --non-interactive \
--auth-choice maple-api-key \
--token "your-api-key" \
--token-provider maple
4. Verify Setup
moltbot chat --model maple/llama-3.3-70b "Hello, are you working?"
Available Models
| Model ID | Name | Use Case | Pricing |
|---|---|---|---|
kimi-k2-thinking |
Kimi K2 Thinking | Complex agentic workflows, multi-step coding, web research | $4/$4 per M tokens |
gpt-oss-120b |
GPT OSS 120B | Creative writing, structured data | $4/$4 |
deepseek-r1-0528 |
DeepSeek R1 | Research, advanced math, coding | $4/$4 |
qwen3-coder-480b |
Qwen3 Coder 480B | Agentic coding, large codebase analysis, browser automation | $4/$4 |
qwen3-vl-30b |
Qwen3 VL 30B | Image and video analysis, screenshot-to-code, OCR, GUI automation | $4/$4 |
llama-3.3-70b |
Llama 3.3 70B | General reasoning, conversation | $4/$4 |
gemma-3-27b |
Gemma 3 27B | General purpose, efficient | $10/$10 |
Model Selection
Change your default model anytime:
moltbot models set maple/llama-3.3-70b
moltbot models set maple/deepseek-r1-0528
List available models:
moltbot models list | grep maple
Configuration
Custom Proxy URL
If running the proxy on a different host or port:
# ~/.moltbot.yaml
models:
providers:
maple:
baseUrl: "http://192.168.1.100:8080/v1"
api: "openai-completions"
apiKey: "MAPLE_API_KEY"
Docker Environment Variables
| Variable | Description | Default |
|---|---|---|
MAPLE_BACKEND_URL |
TEE enclave URL | https://enclave.trymaple.ai |
MAPLE_ENABLE_CORS |
Enable CORS headers | false |
RUST_LOG |
Log level | info |
Usage Examples
# General chat
moltbot chat --model maple/llama-3.3-70b
# Advanced reasoning
moltbot chat --model maple/kimi-k2-thinking
# Research and coding
moltbot chat --model maple/deepseek-r1-0528
# Vision tasks
moltbot chat --model maple/qwen3-vl-30b
# Coding tasks
moltbot chat --model maple/qwen3-coder-480b
Privacy and Security
Why TEE?
Trusted Execution Environments (TEEs) provide hardware-level isolation:
- Memory encryption: Data is encrypted in memory
- Attestation: Cryptographic proof of what code is running
- Isolation: Even the host system cannot access enclave data
Security Proof Attestation
Maple provides cryptographic attestations that prove the integrity of the secure enclave. You can view the current attestations at trymaple.ai/proof.
The Maple Proxy automatically verifies these attestations before connecting to the backend. If the attestation is invalid or tampered with, the proxy refuses to connect, similar to how SSL/TLS certificates protect web connections. This ensures you're always communicating with a genuine, unmodified Maple enclave.
Verification
You can verify the enclave attestation to ensure:
- The code running matches the open-source release
- The TEE hardware is genuine
- No tampering has occurred
Visit trymaple.ai/proof to inspect the current attestation details.
Troubleshooting
Proxy not running
Ensure the Maple app is running or Docker container is active:
curl http://127.0.0.1:8080/health
Connection refused
Check the proxy URL is correct and the service is running:
# Test connectivity
curl -H "Authorization: Bearer $MAPLE_API_KEY" \
http://127.0.0.1:8080/v1/models
Model not available
The model list is fetched from the proxy. Ensure your Maple subscription includes the model you're trying to use.