Request Details
Field reference for the ORGN Scanner request detail page at /request/:requestId.
ORGN Scanner is not Studio Code Security (Shannon). Scanner audits Gateway inference attestation and confidential compute sandboxes — it does not scan your repository for CWE vulnerabilities. For code security assessments, see Code Security.
Every Gateway inference request has a detail page in ORGN Scanner at /request/:requestId. This is the primary surface for inspecting request metadata and attestation receipts.
https://scanner.orgn.com/request/<request-id>There is no /verify route — verification happens on the request detail page itself. See Verify a request for the independent validation workflow.
The page is public. No sign-in is required to view request metadata or attestation artifacts.
How to reach a request detail page
| Path | Action |
|---|---|
Messages (/messages) | Click any row in the paginated feed |
Explorer (/) | Click a cell in the activity grid |
Models (/models) | Open a model, then click a recent request |
| Direct URL | Navigate to /request/:requestId if you have the ID from Gateway response headers |
The request ID is a UUID returned by the Gateway on every inference call. It also appears in spend logs and audit exports.
Request metadata
Identity and status
| Field | Description |
|---|---|
| Request ID | Unique UUID for audit trails and cross-referencing |
| Status | success, pending, failed, rate_limited, or error |
| Call type | Inference operation class (chat completion, embedding, etc.) |
| Start / end time | Request window in UTC |
| Application | Client tag — which application sent the request (curl, VS Code, Studio, etc.) |
Model and provider
| Field | Description |
|---|---|
| Model | Model ID in underscore format (e.g. phala_deepseek_r1, near_qwen3_30b) |
| Display name | Operator-curated label from the model catalog |
| Provider | Routing destination — near, phala, or vercel |
| Model creator | Upstream model author slug from the catalog |
| Model gateway | Gateway routing class |
Usage and cost
| Field | Description |
|---|---|
| Prompt tokens | Input token count |
| Completion tokens | Output token count |
| Total tokens | Sum of prompt + completion |
| Spend | Cost in USD for this request |
| Cache hit | Whether a prompt cache was used (when applicable) |
Scanner never displays prompt or completion content — only counts and metadata.
Attestation panel
For TEE models, the detail page includes an attestation section. For ZDR models, attestation fields read N/A.
| Field | Description |
|---|---|
| Attestation status | verified, failed, pending, or n/a |
| Attestation type | Provider attestation class (NEAR SGX, Phala TDX+GPU, etc.) |
| Verified | Boolean — whether cryptographic verification passed |
| Signing address | On-chain or PKI address that signed the receipt |
| Message signing address | Address that signed the request/response hash binding |
| Message signature | ECDSA signature over request and response hashes |
| Attestation timestamp | When the receipt was generated (RFC 3339) |
| Nonce | Session binding value linking Intel and NVIDIA evidence |
| Has Intel | Whether an Intel TDX quote is present |
| Has NVIDIA | Whether NVIDIA GPU evidence is present |
| NVIDIA arch | GPU architecture identifier (when applicable) |
| Intel quote | Base64-encoded TDX attestation report |
| GPU evidence | Array of NVIDIA SPDM certificate + evidence pairs |
| Error | Verification failure reason (when status is failed) |
For field-level semantics and the two attestation systems, see Attestation reference.
What is not shown
Scanner enforces a strict data boundary:
- Prompt text — never displayed
- Model output / completion text — never displayed
- API keys — never displayed
- User PII — not surfaced on the public detail page
Attestation proves execution integrity and environment authenticity — not content inspection.
Backend API
The request detail page loads from:
GET /internal/console/explorer/request/{request_id}Response shape:
{
"spend_log": { /* request metadata */ },
"model_catalog": { /* catalog row if available */ },
"attestation": { /* receipt payload or null */ }
}This endpoint is public — no user authentication required. The Scanner UI proxies it through the Gateway internal console API.
Status reference
| Status | UI indicator | Typical cause |
|---|---|---|
success | Green | Inference completed normally |
pending | Yellow | Request in flight or attestation receipt pending |
failed | Red | Inference error or attestation verification failure |
rate_limited | Orange | Gateway rate limit hit |
Attestation status is independent of request status. A success request can still have pending attestation while the TEE provider returns the receipt.
Next steps
- Verify a request — validate receipts against Intel and NVIDIA PKI
- Messages — find requests via search and filters
- Scanner Quickstart — guided first inspection