docs: reconcile documentation with the implementation#383
Merged
Conversation
Align the docs with what the code actually does and resolve several cross-doc contradictions found in a docs-consistency pass. Docs-only. - Enforcement default: the config default is `enforcing` (config.py); fix SPEC §9 which said advisory, and note the quickstart's advisory is a first-run choice, not the default. (#377) - Attestation providers: correct the auto-detect probe order to `tpm -> sev-snp -> tdx -> opaque` (detect.py); stop ranking the unimplemented `opaque` provider "Highest"/"High" (it is a stub whose detect() returns False and is never auto-selected); drop it from the Phase-1 in-scope hardware-attestation list. (#378) - TRACE Claim: replace the stale flat schema in SPEC §5 with the real GatewayClaim envelope and point to the normative schemas/trace-claim.schema.json; add tool_transcript to the README field summary (the field is real, defined in the schema and code). (#379) - Verifier maturity: describe the SEV-SNP/TDX/TPM verifiers honestly in ROADMAP (parsing + cert-chain against real roots; signature paths synthetic-vector; end-to-end hardware validation pending), matching the sibling ca2a repo. (#380) - Wording: the tagline no longer implies tamper-proofing; evidence stays tamper-evident. (#381) - Add STATUS.md as the single source of truth for ships-today vs roadmap, linked from the README banner. (#382) - Fix stale package name in code examples (cmcp_gateway -> cmcp_runtime). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves a batch of documentation-consistency issues found in a review pass. Docs-only, no code changes. Every fix was checked against the actual implementation so the docs match what the code does (not an arbitrary pick).
What changed and why
enforcingvs SPEC + Quick Startadvisory) #377). The config default isenforcing(config.py). Fixeddocs/SPEC.md §9which saidadvisory, and annotated the Quick Start'sadvisoryas a deliberate first-run choice.tpm -> sev-snp -> tdx -> opaque(matchestee/detect.py; the README had a different order). Stopped ranking theopaqueprovider "Highest"/"High": it is a placeholder whosedetect()returnsFalse(tee/opaque.py), so it is never auto-selected. Removed it from the Phase-1 in-scope hardware-attestation list.tool_transcript.hashin neither #379). Replaced the stale flat schema inSPEC §5with the realGatewayClaimenvelope and pointed to the normativeschemas/trace-claim.schema.json(whichdocs/quickstart.mdalready mirrors). Addedtrace.tool_transcriptto the README field summary — the field is real (schemas/trace-claim.schema.json,audit/trace_claim.py), soLIMITATIONS.md's reference to it was correct; the two doc-schemas were the stale part.ROADMAP.mdnow describes the SEV-SNP/TDX/TPM verifiers honestly: report parsing + certificate-chain verification against real vendor roots, report-signature paths validated with synthetic vectors, end-to-end hardware validation pending — matching the status tracked in the siblingca2arepo.STATUS.md(ships-today vs roadmap), linked from the README banner, so status is stated once.cmcp_gateway->cmcp_runtime).Closes #377
Closes #378
Closes #379
Closes #380
Closes #381
Closes #382
🤖 Generated with Claude Code