Trust boundary
Verify that the hosted API runs the published open-source workload.
api.trustedrouter.com is the prompt path (api.quillrouter.com is a permanent alias to the same attested endpoint). Public TLS terminates inside the measured GCP Confidential Space workload. The TrustedRouter control plane does not serve production inference routes and does not receive prompt or output bodies.
Clients can fetch live attestation, verify issuer/audience/digest, and compare the measured image digest with the release data published here.
Client Verification
- OKFetch
https://api.trustedrouter.com/attestationover normal public TLS. - OKVerify the JWT issuer is
https://confidentialcomputing.googleapis.com. - OKVerify the audience is
quill-cloud. - OKCompare the attested image digest with this page.
- OKCheck the TLS certificate fingerprint is bound into the attestation nonce.
DNS Requirement
api.trustedrouter.com (and its api.quillrouter.com alias) must remain DNS-only or TCP-passthrough. TLS termination by a CDN would break the hosted-code trust claim because the prompt path certificate key must remain inside the measured workload.
No Prompt Logs
Prompt/output storage is disabled. Generation content endpoint returns a compatible content_not_stored response.
Hosted Open Source
Control plane, billing, keys, compatibility routes, dashboard, and trust page.
Attested prompt gateway, release digest, and Confidential Space verification path.
Cloud deployment scripts, measured workload bringup, and trust publication flow.
Open-source Quill client, device, bootstrap, and attestation-facing code.
Python SDK repository for attestation-aware client helpers.
JavaScript SDK repository for browser and Node integrations.
Fail Closed
If attestation, billing authorization, or the gateway contract is unavailable, the prompt path should fail rather than silently downgrade to a non-attested route.
Legal Packet
Procurement teams can review the named entity, draft DPA/BAA terms, subprocessors, and machine-readable checkpoint at trustedrouter.com/legal.
SOC 2 Readiness
Readiness documentation is prepared, but no SOC 2 report has been obtained yet. Review the current packet at SOC 2 readiness.
HIPAA Readiness
PHI workloads require a signed BAA and approved route policy. Review the current packet at HIPAA readiness.
Machine-readable release
{
"api_base_url": "https://api.trustedrouter.com/v1",
"attestation_audience": "quill-cloud",
"attestation_issuer": "https://confidentialcomputing.googleapis.com",
"commit": "01bef89",
"compliance": {
"hipaa_readiness": "https://trustedrouter.com/legal/hipaa-readiness",
"hipaa_status": "readiness_documentation_prepared_baa_required_for_phi",
"legal_packet": "https://trustedrouter.com/legal",
"procurement_json": "https://trustedrouter.com/legal/procurement.json",
"soc2_readiness": "https://trustedrouter.com/legal/soc2-readiness",
"soc2_status": "readiness_documentation_prepared_report_pending",
"subprocessors": "https://trustedrouter.com/legal/subprocessors"
},
"data_policy": {
"control_plane_prompt_access": false,
"prompt_output_storage": false
},
"image_digest": "sha256:318ef641c2ff19eba0d9b2b07adf45e29349c0576e900e1a10686807416f6bac",
"image_reference": "us-central1-docker.pkg.dev/quill-cloud-proxy/quill/enclave-multi:gcp-release-01bef89",
"platform": "gcp-confidential-space",
"released_by": "github-actions:deploy-enclave-gcp",
"source_commit": "01bef89",
"source_repo": "https://github.com/Lore-Hex/quill-cloud-proxy",
"source_repositories": {
"attested_gateway": "https://github.com/Lore-Hex/quill-cloud-proxy",
"cloud_infra": "https://github.com/Lore-Hex/quill-cloud-infra",
"control_plane": "https://github.com/Lore-Hex/quill-router",
"javascript_sdk": "https://github.com/Lore-Hex/trusted-router-js",
"python_sdk": "https://github.com/Lore-Hex/trusted-router-py",
"quill": "https://github.com/Lore-Hex/quill"
},
"tls": {
"hostname": "api.trustedrouter.com",
"mode": "acme-inside-confidential-space"
}
}