Run a provider

turn a Mac into earnings · ~10 min · M-series, ≥36 GB recommended
EarningApple M4 Pro · 48 GB
Go-live checklist

Turn idle compute into earnings.

Pick the public HuggingFace models you want to host (including the uncensored builds and community fine-tunes incumbents won't carry), approve them on your own hardware, and serve. Your Mac, your HF key, your accountability. Prompts stay private by attestation — see what Umbra does and does not see.

Time to live~10 minutes
HardwareApple Silicon · M1–M5 · ≥36 GB
RequiredmacOS 15+ · Secure Enclave · SIP on
Commission0% during alpha · 100% to hosts

Five steps to go live your Mac · your HF key · your approval

Each step takes 1–3 minutes. The first three are interactive in your shell; the last two are checks Umbra runs once you're connected. Nothing about this flow sends a prompt — it's all provider setup.

Step 1 · Install
Install the Umbra provider CLI
Signed, notarized, single binary. Drops into /usr/local/bin/umbra — no Homebrew tap, no Python venv, no kernel extension. Sandboxed under Apple's Hardened Runtime.
# one line, signed + notarized
curl -fsSL https://umbra.dev/install | sh
copy
verified · install signature valid
Step 2 · Link device
Pair this Mac with your Umbra account (Secure Enclave)
A short device code opens on first launch — paste it at umbra.dev/pair. Umbra never sees your Mac's device key; the SE generates a P-256 keypair on-chip and only the public key crosses the wire.
$ umbra login

Open https://umbra.dev/pair and enter:

  W7PQ-9LMX

Waiting for approval... 7s
copy
linked · SE device key on file · MDM enrolled
3
Step 3 · Connect Hugging Face
Paste your HF token into the CLI on this device
The CLI prompts you for a read-only HuggingFace token. Umbra uses it to pull public model weights you approve. The token never leaves this machine.
$ umbra hf connect

Paste your HF token (read-only is enough):

  > hf_…your token here…

Validated against huggingface.co/api/whoami-v2
Stored locally in /var/umbra/secrets/hf_token (chmod 600).
copy

Privacy invariant. Your HF token is stored on this Mac and used only to pull public model weights over HTTPS. It is never sent to the Umbra coordinator and never appears in any request log, receipt, or attestation blob. Same posture as your buyers' prompts: private by construction, not by policy.Learn more: docs/threat-model.md · §6 access-path elimination

waiting · paste your HF token
4
Step 4 · Pick & approve your first model
Choose a public HF repo on the arch allowlist
Paste a public HuggingFace repo. Umbra checks the architecture against the allowlist, verifies the GGUF digest, and walks you through approval before any bytes hit disk. Once approved, it's signed into your local GGUF store.
llamamistralqwen2qwen3gemmaphi3mixtralyideepseekllavacommand-r
$ umbra models add yuxinlu1/gemma-4-12B-coder-fable5-composer2.5-v1-GGUF

arch: gemma · allowlisted
license: apache-2.0
size: 7.4 GB · fits your 31.4 / 48 GB free
digest: a8f44d2e9b1c…c01b

Approve? [y/N] y
Pulling ████████████ 100% · registered
copy
not started · enter a repo above
5
Step 5 · Go-live readiness
Three things Umbra checks before routing traffic here
All three have to be true before a buyer request can land on this Mac. They're re-evaluated on a 5-minute random challenge; if any one drops, routing pauses automatically.
Check 1
Memory
Model weight + KV headroom ≥ 4 GB free
Check 2
Attested
SE + SIP + MDA chain passes last 5-min probe
Check 3
Model warm
GGUF mmap'd into llama.cpp, hash matches pinned digest
$ umbra serve

umbra v0.4 · M4 Pro · 48 GB
linked · parafield · tier hardware
model: gemma-4-12b-coder-fable5 · Q4_K_M · warm
digest: a8f44d2…c01b

listening on /var/umbra/socket — routing on
copy
not started · run umbra serve

What Umbra sees about you

  • Your Umbra account id and a public device key.
  • Which public HF models you approved and their pinned digests.
  • Routing-tier metadata (hardware / code_attested) and your reputation score.
  • Token-metered request counts and your share of the take-rate.

What Umbra cannot see

Your HF token. Stored in /var/umbra/secrets (chmod 600). Used only for outbound HTTPS to huggingface.co. Never crosses Umbra's wire.
Buyer prompts. Decrypted only in your Secure Enclave-bound memory and zeroized after the response streams back. Same access-path elimination as the install flow above.
Buyer outputs. Signed at the device and returned over TLS. Umbra relays the bytes — it does not retain them.
Your device key. The SE keypair never leaves the Enclave. Umbra sees only the public cert chain.

After you go live open earnings →

Umbra routes requests to you when your trust tier matches the buyer's trust_level and your reputation is in the upper half of the fleet for that model. Reputation rises with successful responses; falls on drops and failed challenges. Finish APNs code-identity to reach code_attested — the highest-paying private traffic.

Add more models.
/console/provider-models — browse unmet demand near you.
Check earnings.
/console/provider — hourly rate, pending, payout schedule.
Estimate ROI.
/console/provider-estimate — compare model slots before adding.
Verify yourself.
/console/provider-trust — the trust chain buyers see.

Under the hood · the attestation chain

The five layers buyers verify before their prompt lands on your Mac: Secure Enclave P-256 key, MDM SecurityInfo, Apple MDA X.509 chain, 5-minute freshness challenge, APNs code-identity. Read the full chain spec →

A reference Python CLI is in umbra/scripts/umbra-provider. The production path is a Swift binary compiled from umbra/provider/Sources/UmbraProvider/ (SecKeyCreateRandomKey with .secureEnclave). Both register the same way:

$ umbra-provider init --handle your-handle --token "$UMBRA_TOKEN"
  SE pubkey: BHkcccBh+zP91gL7wnYlFAGCuoYRqrNpb/SpSM6rNMLZ…
  Trust level: hardware
  Registered at: 2026-06-23T01:48:32Z

$ umbra-provider status
copy

For local testing without a real Apple device, umbra-provider dev-sim builds a synthetic blob that the Go MDA validator accepts when configured with the sim root pool. See attestation.md for the protocol and test vectors.

Continuerelated in the console

Earningswhere to check this deviceModels you hostmanage what runsTrust & attestationthe chain buyers seeEstimate ROIbefore you add a slot