diff --git a/.cspell.json b/.cspell.json index 5cadb0c..2da0ce6 100644 --- a/.cspell.json +++ b/.cspell.json @@ -40,6 +40,7 @@ "Github", "GitLab", "Hubspot", + "hypervisor", "Intercom", "Linear", "MDX", diff --git a/docs.json b/docs.json index b88170b..3d47a23 100644 --- a/docs.json +++ b/docs.json @@ -33,7 +33,8 @@ "features/mcp", "features/skills", "features/tasks", - "features/memory" + "features/memory", + "features/confidential" ] }, { diff --git a/features/confidential.mdx b/features/confidential.mdx new file mode 100644 index 0000000..f34597c --- /dev/null +++ b/features/confidential.mdx @@ -0,0 +1,91 @@ +--- +title: Confidential mode +sidebarTitle: Confidential +description: Run your work through models hosted in a hardware-sealed enclave, encrypted with a key only you hold. +--- + +Confidential mode routes your inference through Prem's confidential compute, so the work you send Fluso stays private even from the people running the servers. It's available on the Max plan and, once enabled, it stays on. The sections below cover what confidential compute is, how the protection works, and how to switch it on from Settings. + +## What is confidential compute + +Confidential compute lets you run open-source models inside Prem's Enclave. The enclave sits in a Trusted Execution Environment, a hardware-isolated region of the server that keeps your code and data sealed off from the host OS, the hypervisor, and anyone operating the infrastructure. Every request is encrypted with a key that only you hold. Prem can't read your data, the cloud provider can't read it, and someone with physical access to the hardware can't read it either. + +For the underlying platform, see Prem's [confidential compute documentation](https://docs.prem.io/basics/learn-more/overview). + +## How the protection is enforced + +This doesn't rest on a policy or a promise. It's enforced by the hardware and you can verify it cryptographically. Before any key is released into the enclave, the workload produces hardware evidence signed by the silicon vendor. Prem verifies that signature, and only then do your keys enter the enclave. The trust boundary moves from operator promises to a guarantee rooted in the hardware. The principle Prem builds on is short: don't trust the operator, trust the signature. + +Payloads are protected with post-quantum encryption (`XWing`, a hybrid of `X25519` and `ML-KEM 768`), so your traffic holds up even against future quantum attacks. Every request carries its own attestation. + +## Plans + +Confidential mode is a Max plan feature. Every Fluso account starts on a sponsored Pro plan, which covers normal inference at no cost to you. The setting lives in **Settings** under **Confidential APIs**, and on the sponsored Pro plan it shows up locked behind a **Max plan** badge. + +Open your profile from the bottom of the left sidebar. The plan you're on shows next to **Manage plan**. + + + Fluso account menu opened from the bottom of the left sidebar, showing Settings, Manage account, and Manage plan with a Sponsored Pro badge. + + +Open **Settings**. The Confidential APIs panel carries a **Max plan** badge and the toggle is disabled, with an "Available on the Max plan" prompt that links to plans. + + + Fluso Settings page. The Confidential APIs panel shows a Max plan badge, a disabled Off toggle, and an 'Available on the Max plan — unlock confidential inference' prompt. Billing reads Sponsored Pro plan. + + +## Turning it on + + + + From the Confidential APIs prompt or **Settings → Plans**, pick **Max** and complete checkout. New accounts get a 30-day free trial. + + + Plans grid showing Basic, Plus, Pro, and Max. The Max card reads '$119/month — all the advantages of the Pro plan with the most private settings'. + + + + With Max active, you can flip the toggle. The panel warns that the change is permanent first. + + + Confidential APIs panel on the Max plan: the toggle is enabled and an amber 'Heads up — this is permanent' note explains that requests will stay on confidential inference. Billing reads Max plan. + + + A dialog confirms the one-way switch and lists what gets disabled in this mode. + + + Turn on confidential mode dialog: 'Every request routes through end-to-end encrypted inference. This is permanent — it can't be turned off once enabled.' Disabled in this mode: automated task generation, image generation. Cancel and Enable permanently buttons. + + + + The panel turns green with an **Active** badge and reads "Confidential mode is locked on". From here on, your inference runs through the enclave. + + + Confidential APIs panel in the active state: green ACTIVE badge, On toggle, and a green 'Confidential mode is locked on' card. Billing reads Max plan. + + + + + + Enabling confidential mode is permanent. Once your workspace is in confidential mode, you can't switch back to standard inference. Image generation and automated task creation are disabled while it's on. + + +## FAQ + + + + No. Turning on confidential mode is a one-way change for your workspace. Once you're in confidential mode, there's no path back to standard inference. + + + Confidential mode never falls back to standard inference, because a silent fallback would route your data through a non-confidential path. If the enclave can't be reached, the request fails and you'll see an error instead. Retry once the enclave is reachable again. If it stays down, [contact support](mailto:support@premai.io). + + + Image generation and automated task creation. Both rely on paths that would take your data outside the enclave, so they're turned off in this mode. Everything else keeps working. + + + The Max plan. Every account starts on a sponsored Pro plan, which runs normal inference. Confidential mode is the reason to move to Max. New accounts can start a 30-day Max trial. + + + No. Your data is encrypted with a key only you hold, and the model runs inside a hardware-sealed enclave. Prem, the cloud provider, and anyone with physical access to the hardware are all outside that boundary. + + diff --git a/images/features/confidential/confidential-active.png b/images/features/confidential/confidential-active.png new file mode 100644 index 0000000..d4514ed Binary files /dev/null and b/images/features/confidential/confidential-active.png differ diff --git a/images/features/confidential/confidential-available.png b/images/features/confidential/confidential-available.png new file mode 100644 index 0000000..453b7b7 Binary files /dev/null and b/images/features/confidential/confidential-available.png differ diff --git a/images/features/confidential/confidential-confirm.png b/images/features/confidential/confidential-confirm.png new file mode 100644 index 0000000..2687b88 Binary files /dev/null and b/images/features/confidential/confidential-confirm.png differ diff --git a/images/features/confidential/profile-modal.png b/images/features/confidential/profile-modal.png new file mode 100644 index 0000000..407861a Binary files /dev/null and b/images/features/confidential/profile-modal.png differ diff --git a/images/features/confidential/settings-page.png b/images/features/confidential/settings-page.png new file mode 100644 index 0000000..a2c7db0 Binary files /dev/null and b/images/features/confidential/settings-page.png differ diff --git a/images/features/confidential/upgrade-max.png b/images/features/confidential/upgrade-max.png new file mode 100644 index 0000000..d46f202 Binary files /dev/null and b/images/features/confidential/upgrade-max.png differ