This repository was archived by the owner on Feb 26, 2026. It is now read-only.
Add Proxy-Based Attestation and aTLS Overview#31
Open
FilipCivljak wants to merge 5 commits intomainfrom
Open
Conversation
SammyOina
suggested changes
Jan 12, 2026
docs/attestation.md
Outdated
| aTLS is a standard TLS connection augmented with a **hardware-backed attestation report** proving that the remote service is running inside a **Trusted Execution Environment (TEE)**. | ||
|
|
||
| During startup: | ||
| In Cube AI, the Embeddings Service acts as the TLS server and extends its **X.509 certificate** with an attestation report generated by the underlying TEE (e.g. AMD SEV-SNP). |
Contributor
There was a problem hiding this comment.
we dont have an "embeddings service"
docs/attestation.md
Outdated
| --- | ||
|
|
||
| ## Why Attestation Matters | ||
| ## Local Proxy-Based Attestation |
Contributor
There was a problem hiding this comment.
our proxy sits on the cloud, users don't deploy it. atls can be verifid through audit logs and attestation can be still fetched directly using proxy
| The Local Proxy enforces an **attestation policy** that defines the expected properties of the TEE. | ||
|
|
||
| ### 🔹 Attestation Endpoint | ||
| This policy includes: |
Contributor
There was a problem hiding this comment.
insert a sample attestation policy json file
SammyOina
suggested changes
Jan 30, 2026
Contributor
SammyOina
left a comment
SammyOina
left a comment
There was a problem hiding this comment.
atls handshakes now show up on the audit logs so add this information and screenshots as well
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of PR
Documentation update – adds explanation of Cube AI attestation, Attested TLS (aTLS), and Local Proxy-based attestation.
What this does
Related Issues
Tests
Notes