Read Trust Boundary first. The gateway is attested and receipts do not retain request bodies, but plaintext is visible inside the attested gateway after TLS termination or E2EE (end-to-end encryption) decryption.
Technical Controls
| Control | How Confidential AI provides it |
|---|---|
| Data isolation | Gateway and confidential providers run in TEEs. |
| Hardware-backed identity | The gateway publishes an attestation report with a TEE quote. |
| Per-response auditability | Receipts bind request and response hashes to the attested workload. |
| No body retention in receipts | Receipts store hashes and facts, not prompt or response text. |
| Confidential upstreams | For confidential responses, the upstream is verified and channel-bound before forwarding. |
| Encryption in transit | TLS for all requests, with optional E2EE. |
Regulatory Fit
| Requirement | How the architecture helps |
|---|---|
| Data minimization | Gateway receipts avoid storing request and response bodies. |
| Confidential processing | TEE isolation and attestation provide verifiable runtime identity. |
| Audit evidence | Attestation reports, receipts, sessions, and source provenance can be retained by the customer. |
| Provider separation | Receipts distinguish confidential upstreams from routed third-party providers. |
upstream.verified.result = verified, required = true, and the provider claims your policy requires.
Source Provenance
Every gateway attestation report includesattestation.source_provenance:
Relevant Repositories
private-ai-gateway
ACI gateway, attestation reports, receipts, and provider verification.
dstack
TEE runtime and KMS used for workload identity and quote generation.
What to Audit
- Attestation report generation and nonce binding.
- Keyset endorsement and receipt signing keys.
- Provider verification and channel binding.
- Receipt event log construction.
- Fail-closed behavior when confidential upstream verification is required.
- Source provenance and image provenance for production releases.