From e56da2e282d6d7d811050d582582c275c58d0f24 Mon Sep 17 00:00:00 2001 From: Imran Siddique Date: Wed, 8 Jul 2026 08:06:05 -0700 Subject: [PATCH] @ docs(tee): clarify in-tree appraisal is aTLS fallback, not primary gate Record the layering intent for NRAS post-attestation appraisal: when cMCP is composed with a platform that attests in the aTLS handshake, the platform verdict is authoritative and the in-tree path stands down. It remains the standalone fallback for deployments with no aTLS peer. Docstring-only. Co-Authored-By: Claude Opus 4.8 (1M context) @ --- src/cmcp_runtime/tee/nras.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/cmcp_runtime/tee/nras.py b/src/cmcp_runtime/tee/nras.py index 0a12c5a..9735db2 100644 --- a/src/cmcp_runtime/tee/nras.py +++ b/src/cmcp_runtime/tee/nras.py @@ -183,6 +183,12 @@ def try_appraise(report: AttestationReport) -> AppraisalResult | None: get_attestation_report() succeeds. It must never raise -- a missing or failed appraisal is non-fatal per issue #125. + Layering: this in-tree appraisal is the standalone fallback for deployments + with no attested-TLS (aTLS) peer. When cMCP is composed with a platform that + performs attestation in the aTLS handshake, the platform verdict is + authoritative and this path stands down -- it is a fallback, not the primary + gate. Do not wire it up as the enforcing check. + Phase 2 / v0.2 -- implements issue #125. """ api_key = os.environ.get(_ENV_API_KEY)