Key takeaway: PCCI ships today with full end-to-end encryption, CPU + GPU attestation, and a complete AI capability set (chat, audio, vision, documents, search). The main gap at launch is image reproducibility — the ability for you to rebuild our enclave image from source and verify it matches production. This is our top roadmap priority. Everything else listed below is available now.
What Ships Today
Encryption & Privacy
Everything below is production-ready and available now.| Feature | What It Means for You |
|---|---|
| End-to-end encryption (post-quantum) | Your data is encrypted on your device and only decrypted inside the sealed enclave. Protected against both current and future quantum threats. |
| Client-side key sovereignty | You generate and hold the master key. We never have it and cannot decrypt your data. |
AI Capabilities
All standard AI features, fully encrypted:| Capability | Details |
|---|---|
| Chat completions | OpenAI-compatible, streaming, tool calling, multi-step reasoning |
| Audio transcription | Whisper and Deepgram models |
| Audio translation | Audio to English |
Attestation
Hardware-backed proof that the right code is running on genuine hardware:| Feature | What It Means for You |
|---|---|
| AMD SEV-SNP CPU attestation | Verify the enclave is running the expected code on genuine AMD hardware |
| Intel TDX CPU attestation | Same verification for Intel-based deployments |
| NVIDIA GPU attestation | Verify GPU confidential computing is active on genuine NVIDIA Hopper/Blackwell hardware |
| Combined CPU + GPU attestation | Verify the entire processing pipeline, not just one component |
| Multi-GPU attestation & load balancing | Attest and distribute inference across multiple GPUs with per-GPU verification |
| Rust/WASM verification stack | Memory-safe verification code you can run in a browser — no server trust needed |
Platform & SDK
| Feature | What It Means for You |
|---|---|
| TypeScript SDK | Full-featured client with automatic encryption — works like the OpenAI SDK |
| Local proxy server | Use PCCI from any language (Python, Go, Java, etc.) with zero code changes |
| Organizations & teams | Multi-org support with role-based permissions |
| Scoped API keys | Fine-grained permissions with IP restrictions |
| Rate limiting (4-tier) | Fair usage across Free, Tier 1, Tier 2, and Tier 3 |
| Usage-based billing | Stripe integration with tier progression |
| Idempotency | Safe retries with 24-hour key validity |
What’s Not Available at Launch
We believe in being upfront about gaps. These features are in progress but not ready on day one.Image Reproducibility
What it is: The ability for anyone to rebuild the exact enclave image from our published source code and verify that the resulting binary matches what’s running in production — byte for byte. Why it matters: Today, attestation proves that the enclave is running a specific image (the fingerprint matches a published value). But how do you know that published fingerprint corresponds to the open-source code? You’re trusting our build process. Reproducible builds close this gap — you build the image yourself, compare the fingerprint, and verify the match independently. Where we are today:- The build infrastructure is in place (Packer-based, pinned base images, pinned driver versions)
- The build pipeline produces consistent images
- You can verify attestation fingerprints against our published values
- You cannot yet independently reproduce the exact binary, because we haven’t eliminated all sources of non-determinism (timestamps, file ordering, package manager variance)
- Deterministic build tooling that eliminates non-determinism
- Published step-by-step instructions for independent reproduction
- Automated hash comparison tooling
- CI/CD integration that publishes reproducibility proofs alongside every release
Attestation Hardening
Incremental improvements to the attestation system, shipping continuously:| Improvement | Why It Matters |
|---|---|
| Certificate Revocation List (CRL) checking | Automatically detect if attestation signing keys have been revoked |
| Embedded root CAs | Ship manufacturer root certificates in the verification libraries, removing runtime dependencies |
| Stricter TCB matching | Tighter validation of platform firmware and security versions |
| Automated measurement verification | Compare attestation fingerprints against published known-good values automatically with each release |
Roadmap
Ordered by priority. We ship when things are ready, not on arbitrary dates.Next Priority
Reproducible Enclave Images
Deterministic builds with published instructions for independent verification. This completes the trust chain from source code → build → running enclave. Our most important gap to close.
Attestation Hardening
CRL checks, embedded root CAs, stricter TCB matching, and automated measurement verification. Incremental improvements shipping continuously.
Medium-Term
Additional Self-Hosted Models
More model families hosted within our confidential infrastructure.
Enhanced Document Search
Improved embedding models, smarter document chunking, and cross-document search.
Longer-Term
Native SDKs for More Languages
Python, Go, and Rust SDKs with built-in encryption — beyond the current local proxy approach.
Verification Center
A visual interface for inspecting attestation reports, viewing measurement history, and monitoring enclave health — making verification accessible to non-specialists.
Enclave-to-Enclave Chaining
Multi-hop confidential computing where enclaves attest to each other, enabling complex confidential workflows across services.
The Trust Journey
PCCI’s trust model strengthens progressively. Each milestone narrows what you need to take on faith: Today — Attestation proves that the enclave is running a specific, fingerprinted image on genuine hardware. You can verify the hardware signatures and confirm freshness. The gap: you trust our published fingerprints correspond to the source code. Next — Reproducible builds let you build the image yourself and compare fingerprints. This closes the trust gap between source code and running enclave. At this point, you trust only the hardware manufacturers and the laws of mathematics. Then — A verification center makes continuous monitoring accessible to everyone — visual dashboards, alerts on fingerprint changes, transparencies summaries and historical audit trails. Security verification becomes something anyone in your organization can check, not just your security team.This page reflects the current state of the platform. We update it as things change. For questions about specific features or timelines, reach out at support@premai.io.