Skip to content

docs: add Concepts page bridging quickstart and spec#327

Merged
imran-siddique merged 2 commits into
mainfrom
docs/concepts-section
Jun 21, 2026
Merged

docs: add Concepts page bridging quickstart and spec#327
imran-siddique merged 2 commits into
mainfrom
docs/concepts-section

Conversation

@imran-siddique

@imran-siddique imran-siddique commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds docs/concepts.md — a plain-language bridge between the quickstart and the spec. Covers:

  • TRACE Claims vs. logs: why hardware-anchored evidence cannot be edited post-hoc (comparison table)
  • Hardware attestation: the full verification chain from AMD CA → VCEK → SNP report → runtime.measurementcnf.jwksignature
  • Audit chains: how the Merkle hash chain makes the tool transcript self-certifying without a third-party ledger
  • Cedar policy: why the policy is hash-bound, why it is auditable (declarative, not executable), and a real example of context-conditioned enforcement
  • A summary flow diagram showing how the four pieces compose at startup, per call, and at session end

Adds "How It Works" to the nav between Quick Start and Configuration.

Test plan

  • MkDocs builds without warnings
  • "How It Works" nav entry appears and links correctly
  • All internal spec links (spec/attestation.md, spec/call-graph.md, spec/cedar-policy.md) resolve

@imran-siddique
docs: add Concepts page bridging quickstart and spec
fffaea2 
Adds docs/concepts.md covering the four core design ideas in plain
language: why TRACE Claims differ from logs, how hardware attestation
creates a verifiable chain of trust, how the Merkle audit chain
prevents transcript tampering, and why Cedar policy is auditable by
design. Includes a summary flow diagram and links to relevant spec
pages. Adds "How It Works" to the nav between Quick Start and
Configuration.

Signed-off-by: Imran Siddique <imran.siddique@opaque.co>
@imran-siddique
docs: add Latest Results section to benchmarks page
f4e21fa 
Adds a note explaining that benchmark results are committed to
benchmarks/ by CI after nightly runs on TEE hardware, and that the
directory is currently empty pending the first scheduled run. Prevents
the audit gap of a page that implies results exist when it has none.
Also fixes the title dash style.

Signed-off-by: Imran Siddique <imran.siddique@opaque.co>
@imran-siddique imran-siddique merged commit 3525625 into main Jun 21, 2026
10 checks passed
@imran-siddique imran-siddique deleted the docs/concepts-section branch June 21, 2026 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique