Security Considerations
Trust Model
- Verifier Trust: Clients must trust the Verifier hardware (Intel TDX or AWS Nitro) and the Verifier operator’s build process
- Code Hash: Organizations should verify image hashes through a trusted channel
- Key Management: Agent private keys must be stored securely; compromise allows impersonation
What Spellguard Does NOT Provide
Message confidentiality at rest: Archives contain encrypted payloads, but encryption keys must be managed separately.
- Guarantee of message delivery — AMP logs what happened, not what should have happened
- Policy enforcement — AMP audits; policy enforcement is a separate concern
Standards Compliance
| Standard | Usage |
|---|
| RFC 9334 RATS | Evidence building and verification pattern |
| A2A Protocol | Agent discovery and interoperability |
| Intel TDX / AWS Nitro | Hardware-backed Verifier attestation |