For Acurast builders

Hohmann.

You already ship to Acurast.
Hohmann makes it a deploy.

You run jobs inside TEEs on real phones, on residential broadband — you know the destination. Hohmann turns the raw path to it — extrinsics, funding, sealed secrets, encrypted logs, a public front door — into one policy you declare once and repeat from CI.

Early access The Hohmann plugin is rolling out now. APIs and pricing may change.

Read the docs → See the three commands

New to Acurast? Start with what makes this possible →

01 — The gap

A job isn't a deployment.

You can register a job by hand. Running it as production — repeatable, with secrets that arrive sealed, logs you can read, and a public front door — is a fresh ceremony every time:

01 · orchestration

A launch is many transactions

Pin the artifact, fund the job, match processors, pass admission — every launch is a string of extrinsics, wallet prompts, and failure modes.

02 · observability

Logs shouldn't break the seal

Your code runs on a phone you'll never meet — you need its logs. Pull them in the clear and your sealed app leaks through its own diagnostics; Acurast won't encrypt them to you for free.

03 · secrets

Credentials can't ride in the open

The job needs its API keys at runtime — but Acurast gives you no sealed path to deliver them. Roll your own, or let credentials ride in the open.

02 — Raw Acurast vs Hohmann

The same destination,
a managed path.

Everything you'd hand-roll on top of Acurast — declared once, and handled for you.

Raw Acurast job

hand-rolled · every launch

DeployN extrinsics + wallet prompts

Artifactpin & host it yourself

Secretsno sealed path — DIY

Logsin the clear, or build it

Ingressno public front door

Spendwatch the wallet by hand

With Hohmann

acme-api · one policy, from CI

Deployone policy, from CI

Artifactpinned · GitHub OIDC

Secretssealed to the enclave

Logsstreaming · encrypted

Ingresspublic HTTPS · one line

Spendcaps + --yes-spend gates

03 — The policy

Say what.
Hohmann runs the how.

One JSON file in your repo declares the whole launch — runtime, schedule, secrets, logging, ingress. Hohmann turns it into a plan you can read before a single token moves — and backs it with preflights, replacement holds, and post-mortem diagnosis.

# slipway.json · proof.slipway.application-policy.v3

{

"runtime": { "artifact": "github:acme/api@v1.4.2" },

"schedule": { "replicas": 2, "duration": "30d" },

"secrets": ["STRIPE_KEY", "DATABASE_URL"],

"logging": true,

"ingress": { "implementor": "switchboard",

"switchboard": { "transport": "forward" } },

"acurast": { "minReputation": 0.8 }

}

The plan

acme-api · read it before you pay

ArtifactPinned · encrypted IPFS

Secrets2 grants · sealed

LoggingStream ready · encrypted

IngressQuote signed · Switchboard

BudgetWithin cap · USDC

SpendHeld until --yes-spend

04 — The platform

One policy pulls
nine systems together.

Each piece replaces a manual ceremony with something declared, auditable, and repeatable — what it takes to run TEEs on home internet like production infrastructure. Eight are live today; the ninth is on the slips.

01Live

GitHub-first launches

One commit declares the deployment — reviewable, repeatable, OIDC-pinned. No key files.

02Live

Sealed secrets

Encrypted to the job's enclave before they leave you — no “store now, decrypt later”.

03Live

Live logging

Encrypted end-to-end, from inside the seal to your terminal — readable by you alone.

04Live

Switchboard ingress

A public HTTPS front door — one line of policy.

05Live

Encrypted code

Your bundle is plaintext in exactly two places: your repo and the TEE. Ciphertext everywhere between.

06Live

Launch schedules

Replicas, windows, durations, rolling replacements — declared once, kept on time.

07Live

Dollars in, dollars out

Budgets, quotes, and settlement in USDC — Hohmann does the token dance, your books never see it.

08Live

Spend controls

Caps, preflights, and explicit --yes-spend gates — nothing spends while you're not looking.

09Building

Custom runtimes

Bring a full proot image — your CI builds it, Hohmann serves it straight to the phone.

05 — Speaks Acurast

It maps to the primitives you know.

No new mental model. The policy compiles down to the Acurast concepts you already reason about — Hohmann just stops you hand-tuning them per launch.

01 · processors

Selection & reputation

minReputation, replica counts and matching live in policy — declared, not negotiated by hand each time.

02 · quota

Network request budget

Set the job's network-request quota in policy; Hohmann provisions the job to match, so admission doesn't surprise you.

03 · custody

Consumer & custody wallets

Every job is tied to a consumer wallet — Hohmann runs one custody identity for your deploys, so matching, admission and settlement all line up. No per-launch key juggling.

06 — Migration

Point it at the repo
you already ship.

No rewrite, no new SDK. Hohmann imports your existing app straight from GitHub, pins the artifact, and stands the launch up as a policy you can review before a single token moves.

07 — Launch

Three commands to launched.

Install the PROOF CLI, publish your policy, preflight, launch. Artifacts, secrets, logs, and routing are handled for you.

# install the PROOF CLI + Hohmann plugin

$ npm install -g @proof-computer/proof-cli

$ proof plugins install @proof-computer/proof-cli-slipway

# 1 · publish your application policy

$ proof slipway application import --github acme/api --publish

→ policy v3 validated · artifact pinned

# 2 · preflight (budget · secrets · ingress)

$ proof slipway custody preflight acme-api

→ secret grants ready · quote signed · USDC

# 3 · launch

$ proof slipway custody execution run-one acme-api --yes-spend

→ secrets sealed to the enclave

→ logs streaming · encrypted

✓ live · api.acme.ingress.works

Launched

acme-api · application-policy.v3

StatusActive

Runs onAttested phone · home ISP

ArtifactPinned · GitHub OIDC

SecretsSealed to enclave

LogsStreaming · encrypted

Ingressapi.acme.ingress.works