Pick a recent response ⌘ K
Every response carries a receipt. Pick one — Umbra reveals the chain that produced it. You can re-run the same checks locally; nothing about this page requires trusting Umbra.
1 · identitySecure EnclaveApple-issued device keyverified
2 · enrollmentMDM—verified
3 · policyApple MDAmanaged-app attestationverified
4 · code identityAPNsbinary SHA-256 pinnedverified
5 · model digestGGUF SHA-256—verified
Receipt summary
response_id—provider—model—digest—trust_level—attested_at—nonce—signature—
X.509 cert chain
# leaf — provider device key
CN = —
Issuer = Apple Inc. — SE Attestation CA G3
SHA-256 = —
# intermediate — enrollment MDM
CN = —
Issuer = Apple Inc. — Device Identity CA
SHA-256 = —
# root — Apple Public CA
CN = Apple Root CA — G3
SHA-256 = b0bf…8365
CN = —
Issuer = Apple Inc. — SE Attestation CA G3
SHA-256 = —
# intermediate — enrollment MDM
CN = —
Issuer = Apple Inc. — Device Identity CA
SHA-256 = —
# root — Apple Public CA
CN = Apple Root CA — G3
SHA-256 = b0bf…8365
cross-signed against Apple's published root store on every receipt
What this proves
- The response was produced by an Apple M-series device with a real Secure Enclave.
- The device is enrolled with a known MDM and was in good standing when the request ran.
- The exact model weights on disk hashed to the digest Umbra advertised.
- Apple's APNs code-identity check pinned the daemon binary at request time.
What Umbra cannot see
The prompt. It is decrypted only inside the provider's Secure Enclave-bound memory and zeroized after the response streams back.
The model output. It is signed at the device and returned over TLS. Umbra relays the bytes — it does not retain them.
The provider's disk. Public GGUF weights aren't secret; prompts never touch disk; there's no log file.
The provider's identity keys. The device key never leaves the Enclave. Umbra sees only the public cert chain.
Run it yourself no trust required
Drop the response_id into the CLI below, or fetch the receipt JSON and verify the chain offline. Either way, Umbra is one of the parties you're checking against.
# CLI — end-to-end verification
umbra verify RESPONSE_ID
# or fetch the receipt JSON and check locally
curl https://api.tryumbra.dev/v1/receipts/RESPONSE_ID
umbra verify --offline receipt.json
umbra verify RESPONSE_ID
# or fetch the receipt JSON and check locally
curl https://api.tryumbra.dev/v1/receipts/RESPONSE_ID
umbra verify --offline receipt.json