> ## Documentation Index
> Fetch the complete documentation index at: https://docs.redpill.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Confidential AI FAQ

> Common questions about the platform's attestation, receipts, confidential models, and trust boundary.

<AccordionGroup>
  <Accordion title="What is Attested Confidential Inference (ACI)?" icon="microchip">
    It is inference served by a gateway running in a TEE that proves its own identity with an
    [attestation report](/confidential-ai/attestation-report) and signs a per-response
    [receipt](/confidential-ai/receipts) binding your request and response to that attested workload.
    You verify the proofs yourself rather than trusting an API's word.
  </Accordion>

  <Accordion title="What is the difference between a confidential and a routed response?" icon="code-compare">
    A confidential response runs on an upstream enclave that the gateway verifies before forwarding
    your prompt, fail-closed. A routed response passes through the TEE gateway but the upstream is not
    attested and sees your prompt. Confidentiality is a property of the verified upstream provider, not
    of the model id; confirm it per response from the receipt's `upstream.verified` event
    (`result = verified`, `required = true`). See [How it works](/confidential-ai/how-it-works) and
    [Trust boundary](/confidential-ai/trust-boundary).
  </Accordion>

  <Accordion title="Can the platform read my prompts?" icon="eye">
    Plaintext is visible to the **attested** gateway after TLS or E2EE decryption, because it has to
    process the request. The gateway is a reviewed workload running in a TEE and does not retain
    request or response bodies. It does not mean no software ever sees
    the request. For the exact boundary, read [Trust boundary](/confidential-ai/trust-boundary).
  </Accordion>

  <Accordion title="Does E2EE hide my request from the gateway?" icon="key">
    No. [E2EE](/confidential-ai/e2e-encryption) encrypts selected fields to a key from the attested
    keyset, and the gateway decrypts them inside the TEE to process the request. E2EE proves the
    decryption key belongs to the attested workload; it does not hide the request from that workload.
  </Accordion>

  <Accordion title="How do I prove a response was genuinely confidential?" icon="circle-check">
    Verify the [attestation report](/confidential-ai/attestation-report), then fetch the
    [receipt](/confidential-ai/receipts) by its `x-receipt-id` and confirm
    `upstream.verified.result = verified` and `required = true`. The full procedure is in
    [Verify a response](/guides/verify-a-response).
  </Accordion>

  <Accordion title="What does the nonce in the attestation report do?" icon="shuffle">
    The gateway binds your nonce into the hardware-signed quote's `report_data`. A report that commits
    to a nonce you just generated cannot be a replay of an older capture, which is how you prove
    freshness. Use a new random nonce each time.
  </Accordion>

  <Accordion title="What does the gateway store?" icon="database">
    Receipts, which hold hashes of your request and response, not the content. The gateway does not
    store request or response bodies. Receipts are retained for a configurable window.
  </Accordion>

  <Accordion title="Which providers run confidential models?" icon="server">
    Tinfoil, NEAR AI, Chutes, and Phala-backed enclaves, among others the platform adds over time. Each
    enforces a [channel binding](/confidential-ai/channel-binding) and attests a set of
    [typed claims](/confidential-ai/tcb-and-claims). The receipt's `upstream.verified.provider` records
    which provider served a given request. See [Providers](/confidential-ai/providers).
  </Accordion>

  <Accordion title="Which verification endpoints should I use?" icon="plug">
    The canonical endpoints live under `/v1/aci/`: `GET /v1/aci/attestation`,
    `GET /v1/aci/receipts/{id}`, and `GET /v1/aci/sessions/{id}`. The older
    `GET /v1/attestation/report` and `GET /v1/signature/{id}` remain as legacy compatibility aliases that return the same data in a legacy envelope. Use the `/v1/aci/*`
    endpoints for new integrations.
  </Accordion>
</AccordionGroup>
