Skip to main content
When the gateway verifies a confidential upstream, it records an attested session: an immutable snapshot of the verified TEE channel the request was bound to. A receipt’s upstream.verified.session_id (as_…) references it, so you can trace any confidential response to the exact security context that served it.

Resolve a session

curl "https://api.t2000.ai/v1/aci/sessions/{session-id}"
It captures the verified upstream identity + endpoint, the enforced channel binding, a set of typed claims, and the byte-preserving evidence the verifier checked. The session_id is a content hash of that material — re-verifying the same channel resolves to the same id (idempotent), and any change (rotated cert, new measurement) produces a new id, so the context can’t silently change.

Channel binding

Verifying an upstream isn’t enough on its own — the gateway also binds the connection to the verified enclave before forwarding, and refuses if it can’t:
BindingWhat it pins
tls_spki_sha256The upstream’s TLS public key — pins the HTTPS connection to the verified key
e2ee_public_key_sha256The upstream’s E2E key — encrypts the request body so only the attested enclave can decrypt
A “verified” result that carries no enforceable binding is rejected — there’s no “verified but unpinned”.

Typed claims

A session doesn’t just say “trusted”. It carries a fixed set of claims, each with a status and an honest source — so a hardware-proven fact and an operator’s assertion never look alike. t2 verify surfaces these:
SourceAssurance
hardware_provenFrom the verified TEE quote or its collateral (strongest)
verifier_derivedComputed by the verifier from verified evidence
provider_assertedPublished by the provider, not independently proven
operator_assertedDeclared by the gateway operator (weakest)
ClaimAsks
tee_attestedIs this a genuine CPU TEE with an identity bound to the channel?
tcb_up_to_dateIs the platform’s Trusted Computing Base current? (tri-state — a stale TCB is refuted, recorded, not hidden)
gpu_attestedIs a genuine confidential-computing GPU attested + nonce-bound?
serving_software_known_goodDoes the serving software map to reviewed source?
A claim that isn’t established is unknown — transparency, never a silent pass. Treat any unknown as “not proven” and weigh it accordingly. See verify a responset2 verify prints each claim with its status + source.