Trust boundary

Verify that the hosted API runs the published open-source workload.

api.quillrouter.com is the prompt path. Public TLS terminates inside the measured GCP Confidential Space workload. The TrustedRouter control plane does not serve production inference routes and does not receive prompt or output bodies.

Clients can fetch the live attestation, verify issuer/audience/digest, and compare the measured image digest with the release data published here.

Client Verification

  • OKFetch https://api.quillrouter.com/attestation over normal public TLS.
  • OKVerify the JWT issuer is https://confidentialcomputing.googleapis.com.
  • OKVerify the audience is quill-cloud.
  • OKCompare the attested image digest with this page.
  • OKCheck the TLS certificate fingerprint is bound into the attestation nonce.

Published Files

image-digest-gcp.txt

image-reference-gcp.txt

gcp-release.json

DNS Requirement

api.quillrouter.com must remain DNS-only or TCP-passthrough. TLS termination by a CDN would break the hosted-code trust claim because the prompt path certificate key must remain inside the measured workload.

No Prompt Logs

Prompt/output storage is disabled. Generation content endpoint returns a compatible content_not_stored response.

Hosted Open Source

Lore-Hex/quill-router

Control plane, billing, keys, compatibility routes, dashboard, and trust page.

Lore-Hex/quill-cloud-proxy

Attested prompt gateway, release digest, and Confidential Space verification path.

Lore-Hex/quill-cloud-infra

Cloud deployment scripts, measured workload bringup, and trust publication flow.

Lore-Hex/quill

Open-source Quill client, device, bootstrap, and attestation-facing code.

Lore-Hex/trusted-router-py

Python SDK repository for attestation-aware client helpers.

Lore-Hex/trusted-router-js

JavaScript SDK repository for browser and Node integrations.

Fail Closed

If attestation, billing authorization, or the gateway contract is unavailable, the prompt path should fail rather than silently downgrade to a non-attested route.

Machine-readable release

{
  "api_base_url": "https://api.quillrouter.com/v1",
  "attestation_audience": "quill-cloud",
  "attestation_issuer": "https://confidentialcomputing.googleapis.com",
  "data_policy": {
    "control_plane_prompt_access": false,
    "prompt_output_storage": false
  },
  "image_digest": "sha256:658eee7842c13a7ea6d15242dca3307622897bdc9434a1c4dad18702db0c5f0f",
  "image_reference": "us-central1-docker.pkg.dev/quill-cloud-proxy/quill/enclave-openrouter:gcp-release-2ed4d5a",
  "platform": "gcp-confidential-space",
  "source_commit": "2ed4d5a",
  "source_repo": "https://github.com/Lore-Hex/quill-cloud-proxy",
  "source_repositories": {
    "attested_gateway": "https://github.com/Lore-Hex/quill-cloud-proxy",
    "cloud_infra": "https://github.com/Lore-Hex/quill-cloud-infra",
    "control_plane": "https://github.com/Lore-Hex/quill-router",
    "javascript_sdk": "https://github.com/Lore-Hex/trusted-router-js",
    "python_sdk": "https://github.com/Lore-Hex/trusted-router-py",
    "quill": "https://github.com/Lore-Hex/quill"
  },
  "tls": {
    "hostname": "api.quillrouter.com",
    "mode": "acme-inside-confidential-space"
  }
}