Skip to content

Document TEE trust model and signature verification scope#289

Open
adambalogh wants to merge 1 commit intomainfrom
claude/fix-tee-proof-verification-1oLvX
Open

Document TEE trust model and signature verification scope#289
adambalogh wants to merge 1 commit intomainfrom
claude/fix-tee-proof-verification-1oLvX

Conversation

@adambalogh
Copy link
Copy Markdown
Collaborator

@adambalogh adambalogh commented May 7, 2026
edited
Loading

Summary

This PR clarifies the trust model and signature verification scope for OpenGradient's verifiable inference system. It documents that live trust comes from TLS certificate pinning to the on-chain registry, while tee_signature verification happens at on-chain settlement rather than in the SDK at return time.

@claude
docs: clarify TEE trust model and proof-field semantics
5b93d3f 
Distinguish the three layers that make SDK responses trustworthy
(network-side attestation at registration, SDK-side TLS pinning at
request time, on-chain signature verification at settlement) so users
don't read tee_signature on a returned response as a client-side
verification gate.

- README: add "Trust Model" section; soften the TEE-Secured LLM Chat
  blurb to point at it.
- types.py: rewrite the TextGenerationOutput class docstring's verification
  paragraph, and tighten the tee_signature field docs on both
  TextGenerationOutput and StreamChunk.
- tee_connection.py: mark StaticTEEConnection as dev-only and call out
  that it is not a production trust path (verify=False, no pinning).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adambalogh @claude