> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prem.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Platform Status & Roadmap
> What's available today, what's coming next, and what we're building toward — an honest accounting.
This documentation is a living document and is subject to frequent changes to reflect the current state of the architecture.
**Key takeaway:** Prem API ships today with full end-to-end encryption, CPU + GPU attestation, and a complete AI capability set (chat, audio, vision, documents, search). The main gap at launch is **image reproducibility** — the ability for you to rebuild our enclave image from source and verify it matches production. This is our top roadmap priority. Everything else listed below is available now.
## What Ships Today
### Encryption & Privacy
Everything below is production-ready and available now.
| Feature | What It Means for You |
| ------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- |
| End-to-end encryption (post-quantum) | Your data is encrypted on your device and only decrypted inside the sealed enclave. Protected against both current and future quantum threats. |
| Client-side key sovereignty | You generate and hold the master key. We never have it and cannot decrypt your data. |
### AI Capabilities
All standard AI features, fully encrypted:
| Capability | Details |
| ----------------------- | ---------------------------------------------------------------- |
| **Chat completions** | OpenAI-compatible, streaming, tool calling, multi-step reasoning |
| **Audio transcription** | Whisper and Deepgram models |
| **Audio translation** | Audio to English |
### Attestation
Hardware-backed proof that the right code is running on genuine hardware:
| Feature | What It Means for You |
| -------------------------------------- | --------------------------------------------------------------------------------------- |
| AMD SEV-SNP CPU attestation | Verify the enclave is running the expected code on genuine AMD hardware |
| Intel TDX CPU attestation | Same verification for Intel-based deployments |
| NVIDIA GPU attestation | Verify GPU confidential computing is active on genuine NVIDIA Hopper/Blackwell hardware |
| Combined CPU + GPU attestation | Verify the entire processing pipeline, not just one component |
| Multi-GPU attestation & load balancing | Attest and distribute inference across multiple GPUs with per-GPU verification |
| Rust/WASM verification stack | Memory-safe verification code you can run in a browser — no server trust needed |
### Platform & SDK
| Feature | What It Means for You |
| ---------------------- | ------------------------------------------------------------------------------- |
| TypeScript SDK | Full-featured client with automatic encryption — works like the OpenAI SDK |
| Local proxy server | Use Prem API from any language (Python, Go, Java, etc.) with zero code changes |
| Organizations & teams | Multi-org support with role-based permissions |
| Scoped API keys | Fine-grained permissions with IP restrictions |
| Rate limiting (4-tier) | Fair usage across Free, Tier 1, Tier 2, and Tier 3 |
| Usage-based billing | Stripe integration with tier progression |
***
## What's Not Available at Launch
We believe in being upfront about gaps. These features are in progress but **not ready on day one**.
### Image Reproducibility
**Not available at launch.** This is our highest-priority roadmap item.
**What it is:** The ability for anyone to rebuild the exact enclave image from our published source code and verify that the resulting binary matches what's running in production — byte for byte.
**Why it matters:** Today, attestation proves that the enclave is running a *specific* image (the fingerprint matches a published value). But how do you know that published fingerprint corresponds to the open-source code? You're trusting our build process. Reproducible builds close this gap — you build the image yourself, compare the fingerprint, and verify the match independently.
**Where we are today:**
* The build infrastructure is in place (Packer-based, pinned base images, pinned driver versions)
* The build pipeline produces consistent images
* You **can** verify attestation fingerprints against our published values
* You **cannot yet** independently reproduce the exact binary, because we haven't eliminated all sources of non-determinism (timestamps, file ordering, package manager variance)
**What's coming:**
* Deterministic build tooling that eliminates non-determinism
* Published step-by-step instructions for independent reproduction
* Automated hash comparison tooling
* CI/CD integration that publishes reproducibility proofs alongside every release
### Attestation Hardening
Incremental improvements to the attestation system, shipping continuously:
| Improvement | Why It Matters |
| ------------------------------------------ | ---------------------------------------------------------------------------------------------------- |
| Certificate Revocation List (CRL) checking | Automatically detect if attestation signing keys have been revoked |
| Embedded root CAs | Ship manufacturer root certificates in the verification libraries, removing runtime dependencies |
| Stricter TCB matching | Tighter validation of platform firmware and security versions |
| Automated measurement verification | Compare attestation fingerprints against published known-good values automatically with each release |
***
## Roadmap
Ordered by priority. We ship when things are ready, not on arbitrary dates.
### Next Priority
Deterministic builds with published instructions for independent verification. This completes the trust chain from source code → build → running enclave. Our most important gap to close.
CRL checks, embedded root CAs, stricter TCB matching, and automated measurement verification. Incremental improvements shipping continuously.
### Medium-Term
More model families hosted within our confidential infrastructure.
Improved embedding models, smarter document chunking, and cross-document search.
### Longer-Term
Python, Go, and Rust SDKs with built-in encryption — beyond the current local proxy approach.
A visual interface for inspecting attestation reports, viewing measurement history, and monitoring enclave health — making verification accessible to non-specialists.
Multi-hop confidential computing where enclaves attest to each other, enabling complex confidential workflows across services.
***
## The Trust Journey
Prem API 's trust model strengthens progressively. Each milestone narrows what you need to take on faith:
```mermaid theme={"system"}
flowchart TD
A["Today: Attestation"]
A -->|"proves"| B["The enclave runs specific code on genuine hardware"]
C["Next: Reproducible Builds"]
C -->|"proves"| D["That code matches the published source"]
E["Then: Verification Center"]
E -->|"makes"| F["Continuous verification accessible to everyone"]
A --> C --> E
style A fill:#22c55e,color:#fff
style C fill:#f59e0b,color:#fff
style E fill:#3b82f6,color:#fff
```
**Today** — Attestation proves that the enclave is running a specific, fingerprinted image on genuine hardware. You can verify the hardware signatures and confirm freshness. The gap: you trust our published fingerprints correspond to the source code.
**Next** — Reproducible builds let you build the image yourself and compare fingerprints. This closes the trust gap between source code and running enclave. At this point, you trust only the hardware manufacturers and the laws of mathematics.
**Then** — A verification center makes continuous **monitoring** accessible to everyone — visual dashboards, alerts on fingerprint changes, transparencies summaries and historical audit trails. Security verification becomes something anyone in your organization can check, not just your security team.
This page reflects the current state of the platform. We update it as things change. For questions about specific features or timelines, reach out at [support@premai.io](mailto:support@premai.io).