three different kinds of hiding, kept separate

What each tier actually protects.

“Your method stays yours” means three different things across the tiers, and honesty requires stating which. T2 protects by license and sandbox: the verifier node does run your container, so the operator could in principle inspect it; the protection is legal and operational, not cryptographic. T3 protects by never sending the method at all: only a certificate travels, and an open kernel checks it. T0 protects nothing and is labeled exactly so.

tierwho can see the methodwhere it runsprotection typewhat the badge proves
T1 · fully openeveryone (public)runs in the node sandbox on public inputsnone; everything is public and re-runnablereproducibility of every claim, end to end
T2 · receipt-verifiedthe verifier node only, inside an attested sandboxsealed container, re-executed under a verification-only licenseLEGAL (license) + operational (sandbox, no exfil); NOT cryptographic secrecy from the operatorpass/fail on each claim; hash-commitment timestamp as priority evidence
T3 · proof-carryingno one; the method never leaves your machineonly a certificate travels; the open kernel checks itTECHNICAL: the verifier sees a certificate, not the methodthe certificate's statement, checked by a public kernel of a different kind
T0 · attested onlyn/a; not re-executednothing is runidentity + timestamp onlythat a signed artifact existed at a time; NOT that it reproduces

If a verifier can re-execute a sealed container, the verifier’s operator has custody of it during the run. T2’s guarantee is that custody is bounded by license and by a hermetic sandbox, not that the operator is cryptographically blind. Choose T3 when that distinction matters to you.