bitrouter-attestation

Provider-agnostic, client-side confidential-inference verification. The central abstraction is [ConfidentialVerifier]: given a model and a nonce it proves (L1) the serving endpoint is genuine TEE hardware running the legitimate, policy-pinned model, and given an exact request/response it proves (L1.5) that exchange ran in that TEE unmodified.

The design mirrors private-ai-gateway's UpstreamVerifier / UpstreamVerifiedEvent normalization, but runs in the caller's own trusted process (bitrouter-cli's local daemon) instead of inside an attested re-signing gateway — so it needs no TEE of its own. See the refactor spec (bitrouter-cloud/docs/bitrouter-attestation-plugin.md).

This crate is intentionally pure: no SDK, axum, or server dependency, so it ships in the daemon, the bitrouter verify CLI, the cloud /v1/aci/verify endpoint, and third-party clients alike.