Privacy tiers

Every request executes under one of three tiers. The default comes from the API key; you can override per-call with the sable_privacy_tier body field.

| Tier | Routing | Use case | | --- | --- | --- | | standard | Encrypted in transit, software isolation. | Throughput-bound workloads, public data. | | confidential | TEE-enforced execution (SGX / SEV). | Agent memory, business data. | | sovereign | Hardware attestation + jurisdiction pinning. | Regulated data, sovereign deployments. |

# Pin a request to a specific privacy tier.
resp = client.chat.completions.create(
  model="sable-deepseek-v3",
  messages=[{"role":"user","content":"Summarize this filing"}],
  extra_body={"sable_privacy_tier": "sovereign"},
)

In Phase 1 the tier is advisory — it selects a labeled node, but the upstream runtime is the same. In Phase 2 the confidential tier is enforced by Intel SGX / AMD SEV-SNP enclaves; in Phase 3 sovereign adds attestation + jurisdiction-pinned routing.