Attestation

Fetch and review TDX sandbox attestation for cloud worktrees in CDE — what it proves and how to retrieve it.

What is attestation?

Most tools ask you to trust a vendor's promise that your code runs in a secure environment. Attestation is the alternative: a signed report from the sandbox that you can verify yourself.

TDX (Intel Trust Domain Extensions) is hardware that runs your code inside an isolated VM with encrypted memory. Attestation proves that VM is genuine Intel TDX hardware running an untampered measured image — and binds the report to your specific sandbox.

What question does it answer?

"Is this sandbox actually running on real TDX hardware with the expected software image?"

It does not answer:

"Did a specific Origin Agent inference call run in a TEE?"

That requires a separate inference attestation receipt for TEE model requests. Sandbox attestation covers runtime; inference receipts cover model calls.

For the full trust stack, see Platform trust.

Remote-only

Sandbox attestation is available only after CDE attaches to a cloud worktree over SSH.

Attestation is not available for local Open Project folders. Local development on your machine does not produce a TDX sandbox report.

If you request attestation outside a cloud worktree, CDE shows:

TDX attestation is only available inside a CDE remote worktree.

Fetch attestation

Attach to a cloud worktree

Open a worktree from the Projects sidebar or Open Cloud Project. Wait until SSH attach completes and the remote file tree loads.

Open the attestation report

Either:

Click the TDX shield in the status bar (left side), or
Open the command palette and run Show TDX Sandbox Attestation

CDE fetches the report for your active sandbox and opens it in an editor tab.

Review the report

The document includes:

Field	What it tells you
Sandbox ID	Which confidential VM this report describes
Worktree / project context	Binds the report to your team and task
TDX quote	Hardware-signed evidence from Intel TDX
Measurements	Digests of the measured launch environment — detect image tampering
Issued time	When the report was generated

Use this evidence in security reviews or procurement questionnaires. For step-by-step independent verification against Intel PKI, see Scanner and Platform trust.

Attestation documents are served from https://attest.daytona.orgn.com. Daytona powers the confidential sandbox VM infrastructure — CDE resolves your worktree's sandbox ID through the ORGN platform API and fetches the TDX report from the attestation gateway.

What attestation proves

Claim	Mechanism
Genuine Intel TDX hardware	Signed quote verifiable against Intel PKI
Untampered runtime image	Measured launch digest in the report
Sandbox identity	Binds the report to your worktree's sandbox ID

Attestation is verifiable by you — not just ORGN. That is the difference from policy-based trust.

Terminology: TDX uses Trust Domains, not SGX enclaves. Do not conflate them in security reviews.

Sandbox attestation vs inference receipts

	Sandbox attestation	Inference TEE receipt
Proves	Execution environment is genuine TDX	Specific model call ran in TEE hardware
Scope	Per sandbox (environment)	Per request (inference)
Fetch in CDE	Status bar / Show TDX Sandbox Attestation	Not inline — use Scanner
When you need it	Runtime confidentiality audits	Inference confidentiality audits

Troubleshooting

Symptom	Likely cause
"Only available inside a CDE remote worktree"	Local folder open, or SSH attach not complete
"Attestation URL is not configured"	Product misconfiguration — contact support
"Could not resolve a Daytona sandbox"	Sandbox not provisioned — retry worktree activation
Fetch timeout or error	Sandbox stopped — CDE: Re-provision active worktree's sandbox or see Troubleshooting

Cloud worktrees — SSH attach and sandbox lifecycle
Origin Agent — runtime vs inference confidentiality
Gateway security — attestation data — inference attestation receipts
Scanner verify — independently verify Gateway TEE requests

On this page