> ## Documentation Index
> Fetch the complete documentation index at: https://docs.alphaengine.trade/llms.txt
> Use this file to discover all available pages before exploring further.

# Trust and Confidential Compute

> The assumptions behind confidential evaluation.

Confidential compute reduces strategy leakage during evaluation. It does not
remove all trust.

<CardGroup cols={3}>
  <Card title="Protect inputs" icon="lock">
    Evaluate private strategy material inside a restricted runtime.
  </Card>

  <Card title="Publish evidence" icon="file-check">
    Scores, diagnostics, hashes, artifact references, and eligibility can leave
    the runtime.
  </Card>

  <Card title="Keep assumptions visible" icon="shield">
    Operator configuration, keys, permissions, and side channels still matter.
  </Card>
</CardGroup>

## What confidential compute does

It can let AlphaEngine evaluate private strategy inputs inside a restricted
runtime while publishing evidence outside that runtime.

That evidence can include:

* scores,
* diagnostics,
* report hashes,
* artifact references,
* eligibility output.

## What it does not do

Confidential compute does not make final public-market effects invisible. It
also does not prove that every operator, implementation, or governance choice is
correct by itself.

## Primitive choice

AlphaEngine should choose the weakest sufficient privacy primitive:

<Tabs>
  <Tab title="Attested compute">
    Use for private evaluation when attestation is sufficient.
  </Tab>

  <Tab title="Encrypted computation">
    Use fully homomorphic computation when encrypted state or encrypted
    computation is required.
  </Tab>

  <Tab title="Verifiable policy">
    Use zero-knowledge proofs when external parties need to verify policy
    compliance.
  </Tab>

  <Tab title="No single operator">
    Use threshold cryptography when no single runtime or operator should see
    plaintext.
  </Tab>
</Tabs>

## Operator assumptions

The current operator-side modules are internal infrastructure. Public builders
should not need to operate them to use the beta API.

Trust still depends on:

* runtime configuration,
* operator permissions,
* key handling,
* audited adapter boundaries,
* typed failure behavior,
* reproducible artifacts.

## Related pages

<CardGroup cols={3}>
  <Card title="Privacy model" icon="lock" href="/trust/privacy-model">
    The full trust and leakage boundary.
  </Card>

  <Card title="Private strategy evaluation flow" icon="file-check" href="/architecture/private-strategy-evaluation-flow">
    How protected inputs become evidence.
  </Card>

  <Card title="Repo map" icon="table" href="/reference/repo-map">
    Where operator modules live.
  </Card>
</CardGroup>