Edge Core OS
The on-prem daemon layer running on 1U edge appliances inside hospital server rooms. Three components: Rust network gate — a kernel-level firewall (nftables/iptables) that severs the WAN interface during training and restores it after proof submission. Go OPA compliance guard — static analysis engine that scans training scripts and Dockerfiles for network-capable dependencies before execution. C SGX enclave launcher — verifies MRENCLAVE measurements, obtains DCAP quotes, and refuses execution without hardware attestation.
All three components fail closed. No synthetic attestation. No dev fallback for SGX. No network during training.