2.0.0b1 — TEE-attestation bridge (experimental preview)
Pre-releaseWarning
Research preview — not the recommended install. The stable v1.x line is the product;
pip install proofbundle will never pull this pre-release (PEP 440). This beta exists to
be reviewed, not to be trusted. Install only via:
pip install --pre "proofbundle[experimental]"
What this preview explores
Offline verification of TEE attestation results (proofbundle.experimental.enclave):
following the IETF RATS Passport model (RFC 9334),
a Verifier appraises raw TEE evidence out of band and signs an EAT
(RFC 9711); proofbundle verifies that token
offline and checks it is cryptographically bound to a specific receipt
(eat_nonce == enclave_binding_for(receipt)). CLI: proofbundle verify-enclave.
Note
Honest scope: proofbundle does not parse or appraise raw hardware evidence — that is
the Verifier's role. It verifies the Verifier's signed result and the receipt binding.
It does not prove the enclave is genuine, and never will claim to.
Deliberately hard to misuse
- Lives under
proofbundle.experimental— not re-exported from the top-level package - Emits an
ExperimentalWarningon import; the stable v1 core imports none of it - Doubly gated: pre-release channel and
[experimental]extra - Promotion to 2.0.0 only after the preview stabilises and, ideally, an external audit
Verification discipline
320 tests (303 v1.9.1 base + 16 enclave + 1 EAT fuzz case) — including an adversarial red
matrix: wrong verifier key, cross-receipt binding, alg=none, typ confusion, profile
mismatch, claim tamper, garbage input. Mutation gate: 31 operators, all killed.
No wire-format or behavior change to any v1 path.
Docs: EXPERIMENTAL_ENCLAVE.md ·
example
Full Changelog: v1.9.1...v2.0.0b1