Pick a recent response
Every response carries a receipt. Pick one — Umbra reveals the chain that produced it. You can re-run the same checks locally; nothing about this page requires trusting Umbra.
1 · identitySecure EnclaveApple-issued device keyverified
2 · enrollmentMDMParafield · A2DE48…F1verified
3 · policyApple MDAmanaged-app attestationverified
4 · code identityAPNsbinary SHA-256 pinnedverified
5 · model digestGGUF SHA-256a8f4…c01bverified
Receipt summary
response_idresp_2026-06-22T18:42:07Z_a3f1providerparafield · M4 Pro · 48 GBmodelgemma-4-12b-coder-fable5 (Q4_K_M)digesta8f44d2…c01btrust_levelhardwareattested_at2026-06-22 18:42:08 UTCnonce7c4e8a90-b3d2-4f5a-9e1c-2d8b6a4f1c3esignature0x9c4d2f8e…af71b3 (secp256r1)
X.509 cert chain
# leaf — provider device key
CN = parafield.device.7XqA0s
Issuer = Apple Inc. — SE Attestation CA G3
SHA-256 = 7c4e…8a90
# intermediate — enrollment MDM
CN = Parafield MDM CA
Issuer = Apple Inc. — Device Identity CA
SHA-256 = 2f1d…c0bb
# root — Apple Public CA
CN = Apple Root CA — G3
SHA-256 = b0bf…8365
CN = parafield.device.7XqA0s
Issuer = Apple Inc. — SE Attestation CA G3
SHA-256 = 7c4e…8a90
# intermediate — enrollment MDM
CN = Parafield MDM CA
Issuer = Apple Inc. — Device Identity CA
SHA-256 = 2f1d…c0bb
# root — Apple Public CA
CN = Apple Root CA — G3
SHA-256 = b0bf…8365
cross-signed against Apple's published root store on every receipt
What this proves
- The response was produced by an Apple M-series device with a real Secure Enclave.
- The device is enrolled with a known MDM and was in good standing when the request ran.
- The exact model weights on disk hashed to the digest Umbra advertised.
- Apple's APNs code-identity check pinned the daemon binary at request time.
What Umbra cannot see
The prompt. It is decrypted only inside the provider's Secure Enclave-bound memory and zeroized after the response streams back.
The model output. It is signed at the device and returned over TLS. Umbra relays the bytes — it does not retain them.
The provider's disk. Public GGUF weights aren't secret; prompts never touch disk; there's no log file.
The provider's identity keys. The device key never leaves the Enclave. Umbra sees only the public cert chain.
Run it yourself no trust required
Drop the response_id into the CLI below, or fetch the receipt JSON and verify the chain offline. Either way, Umbra is one of the parties you're checking against.
# CLI — end-to-end verification
umbra verify resp_2026-06-22T18:42:07Z_a3f1
# or fetch the receipt JSON and check locally
curl https://api.umbra.dev/v1/receipts/resp_2026-06-22T18:42:07Z_a3f1
umbra verify --offline receipt.json
umbra verify resp_2026-06-22T18:42:07Z_a3f1
# or fetch the receipt JSON and check locally
curl https://api.umbra.dev/v1/receipts/resp_2026-06-22T18:42:07Z_a3f1
umbra verify --offline receipt.json