Scanner Quickstart
Open ORGN Scanner, find an inference request, and verify its TEE attestation in minutes.
ORGN Scanner (scanner.orgn.com) is the attestation and audit explorer for ORGN Gateway inference and confidential compute sandboxes. It answers: "Was this request executed in a verified Trust Domain?" — not "What vulnerabilities exist in my code?" (that is Studio code security).
Scanner shows request metadata and cryptographic evidence. It never displays prompt contents or model outputs.
Open Scanner
Go to scanner.orgn.com. The Explorer and request verification pages are public — no sign-in required to browse recent inference activity and inspect attestation metadata.
Optional: sign in with id-orgn to unlock scoped filters (for example my=1 for your team's requests) and role-based views (app owner, org admin, internal viewer).
Explore the Explorer
The Explorer (home page) is a visual grid of recent inference activity:
- Each block represents a request or sandbox event
- Color and status icons indicate success, pending attestation, or failure
- Filter by model, provider, application tag, or time range
The Explorer pulls live stats from the Gateway spend log and attestation pipeline — use it for a high-level audit view before drilling into individual requests.
See Explorer for filtering, stats panels, and role-based visibility.
Find a request in Messages
Navigate to Messages for a searchable, paginated list of inference requests:
- Model ID and display name
- Provider (NEAR AI, Phala, Vercel AI Gateway)
- Token usage, latency, and cost
- Attestation status — Verified, Pending, or Failed
- Application tag (which client sent the request — curl, VS Code, Studio, etc.)
Click a row to open the request detail page at /request/:requestId.
Inspect request details
The request detail page shows:
| Field | Description |
|---|---|
| Request ID | Unique identifier for audit trails |
| Model | Model ID (underscore format, e.g. phala_deepseek_r1) |
| Status | Success, failed, or pending |
| Attestation type | TEE provider attestation class |
| Verified | Whether cryptographic verification passed |
| Signing address | On-chain or PKI signing address for the receipt |
| Intel / NVIDIA flags | Which hardware attestation roots are present |
Attestation payloads include timestamps, nonces, and error details when verification fails.
Verify attestation independently
For TEE model requests with Verified status:
- Copy the attestation ID and signing address from the request detail page
- Follow Verify a request to validate the receipt against Intel TDX and NVIDIA public PKI
- Export artifacts for compliance archives if required
ZDR (Vercel-routed) requests appear in Scanner for observability but do not produce hardware attestation receipts.
Monitor sandboxes
Navigate to Sandboxes to inspect confidential compute environments:
- Running TDX sandboxes provisioned for Studio projects and Gateway workloads
- Per-sandbox attestation status via
/sandboxes/:sandboxId - Sandbox lifecycle actions (where your role permits)
Sandbox attestation complements inference attestation — it proves the compute environment was genuine, while request attestation proves a specific inference call ran inside it.
See Sandboxes and Attestation reference.
Scanner vs Studio code security
| ORGN Scanner | Studio Code Security (Shannon) | |
|---|---|---|
| URL | scanner.orgn.com | Studio project → Security tab |
| Purpose | Audit inference and compute attestation | Find CWE vulnerabilities in your repository |
| Input | Gateway API requests, sandbox events | Your project's source code |
| Output | Attestation receipts, verification status | Findings, scores, remediation reports |
If a colleague asks "run a security scan," clarify which question they mean before pointing them to the wrong product.
Next steps
- Verify a request — independent cryptographic verification
- Attestation data reference — field definitions
- Gateway quickstart — send a request that produces an attestation receipt
- Platform trust model — TEE vs ZDR and data boundaries