diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 7221d36..6e6804f 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -55,7 +55,7 @@ jobs:
if [ -d docs ]; then cp -r docs $BUILD/docs; fi
- for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME; do
+ for fname in README.md CHANGELOG.md CONTRIBUTING.md GOVERNANCE.md ROADMAP.md LIMITATIONS.md CNAME robots.txt; do
if [ -f "$fname" ]; then cp "$fname" "$BUILD/$fname"; fi
done
diff --git a/README.md b/README.md
index c844396..d1659cc 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@
> **Developer Preview** - launching at Confidential Computing Summit, June 23 2026. May have breaking changes before v1.0.
+**cMCP (Confidential MCP Runtime) is an open-source gateway that enforces MCP tool-call policy inside a hardware Trusted Execution Environment (TEE).** Every tool call is intercepted, evaluated against a Cedar policy bundle, and enforced where the process it governs cannot reach it. Each session produces a signed, hardware-attested TRACE Claim that a verifier checks without trusting the operator.
+
+> **TL;DR** - Point your agent at the cMCP Gateway. It evaluates every tool call against a Cedar policy inside a TEE, blocks or redacts what the policy denies, and emits a tamper-evident TRACE Claim as proof. Run `pip install cmcp-runtime` and start in software mode with no hardware required.
+
Your agent calls Snowflake, Salesforce, a dozen APIs. What stops it from leaking a customer's data on one of those calls? If a regulator asks, could you prove it didn't?
---
@@ -241,6 +245,73 @@ See [SECURITY.md](SECURITY.md) for vulnerability reporting and response SLAs. Se
---
+## FAQ
+
+### What is cMCP?
+
+cMCP (Confidential MCP Runtime) is an open-source gateway that enforces MCP tool-call policy inside a hardware Trusted Execution Environment. It intercepts each tool call, evaluates it against a Cedar policy bundle, enforces the decision (allow, deny, or redact), and records the call in a hardware-sealed audit chain.
+
+### How is cMCP different from software-only MCP governance?
+
+Software-only governance runs the policy engine in the same OS an operator or a supply-chain CVE can reach, so it cannot prove the policy that ran was the approved one or that the decision was not flipped in memory. cMCP runs the policy engine inside a TEE and measures the Cedar bundle hash into the hardware attestation report before any code runs, so the control plane cannot be reached by the process it governs.
+
+### Do I need special hardware to try it?
+
+No. Set `CMCP_DEV_MODE=1` to use the software-only TEE provider and run the full quickstart without a hardware TEE. Hardware providers (TPM, AMD SEV-SNP, Intel TDX, OPAQUE) are used in production.
+
+### What is a TRACE Claim?
+
+A TRACE Claim (a `GatewayClaim`) is a signed, hardware-attested artifact produced per session. It records which tools ran, which policy decided each call, the Cedar bundle hash, and the audit chain, and it is signed with an Ed25519 key that never leaves the TEE. A verifier checks it with the `cmcp_verify` library without trusting the operator.
+
+### Which TEE providers are supported?
+
+TPM 2.0 / vTPM, AMD SEV-SNP, and Intel TDX, with NVIDIA GPU confidential computing planned for v0.2 and OPAQUE Confidential Runtime available as explicit opt-in. Auto-detection order is SEV-SNP, then TDX, then TPM, then software.
+
+### What license is cMCP under?
+
+MIT.
+
+
+
+---
+
## Contributing
[CONTRIBUTING.md](CONTRIBUTING.md) · [GOVERNANCE.md](GOVERNANCE.md) · [Discussions](https://github.com/agentrust-io/cmcp/discussions)
diff --git a/docs/assets/og.png b/docs/assets/og.png
new file mode 100644
index 0000000..c0f9db9
Binary files /dev/null and b/docs/assets/og.png differ
diff --git a/docs/concepts.md b/docs/concepts.md
index 1261e41..16a7c47 100644
--- a/docs/concepts.md
+++ b/docs/concepts.md
@@ -1,3 +1,7 @@
+---
+description: How cMCP works. The four design ideas behind hardware-attested MCP tool-call governance: tamper-evident audit, TRACE Claims as evidence, TEE-measured Cedar policy, and operator-independent verification.
+---
+
# How cMCP Works
This page explains the four core design ideas behind cMCP. The [quickstart](quickstart.md) shows you how to run it; this page explains why it works.
diff --git a/docs/quickstart.md b/docs/quickstart.md
index 7717bbe..9d7b2db 100644
--- a/docs/quickstart.md
+++ b/docs/quickstart.md
@@ -1,4 +1,8 @@
-# Quickstart - cMCP Runtime
+---
+description: cMCP quickstart. From zero to your first signed TRACE Claim in under 30 minutes using CMCP_DEV_MODE=1, no hardware TEE required. Install, write a Cedar policy and tool catalog, run the gateway, and verify the claim.
+---
+
+# Quickstart - cMCP Runtime
From zero to first TRACE Claim in under 30 minutes. Uses `CMCP_DEV_MODE=1` so no hardware TEE is required.
diff --git a/mkdocs.yml b/mkdocs.yml
index 96eaf18..a844e9b 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -27,6 +27,7 @@ exclude_docs: |
theme:
name: material
+ custom_dir: overrides
logo: docs/assets/icon.svg
favicon: docs/assets/icon.svg
palette:
@@ -64,6 +65,35 @@ theme:
plugins:
- search
+ - llmstxt:
+ full_output: llms-full.txt
+ markdown_description: >-
+ cMCP (Confidential MCP Runtime) is an open-source gateway that enforces
+ MCP tool-call policy inside a hardware Trusted Execution Environment
+ (TEE). Every tool call is intercepted, evaluated against a Cedar policy
+ bundle, and enforced by a policy engine the governed process cannot
+ reach. The Cedar bundle hash is measured into the hardware attestation
+ report before any code runs, and each session produces a signed,
+ hardware-attested TRACE Claim that a verifier checks without trusting the
+ operator. Supports TPM, AMD SEV-SNP, Intel TDX, and OPAQUE providers,
+ with enforcing, advisory, and silent modes.
+ sections:
+ Getting started:
+ - README.md
+ - docs/quickstart.md
+ - docs/concepts.md
+ - docs/configuration.md
+ Specification:
+ - docs/SPEC.md
+ - docs/spec/cedar-policy.md
+ - docs/spec/attestation.md
+ - docs/spec/threat-model.md
+ - docs/spec/verification-library.md
+ Tutorials:
+ - docs/tutorials/connecting-agent-frameworks.md
+ - docs/tutorials/cedar-policy-walkthrough.md
+ - docs/tutorials/verifying-a-trace-claim.md
+ - docs/tutorials/tee-attestation.md
- minify:
minify_html: true
- mkdocstrings:
diff --git a/overrides/main.html b/overrides/main.html
new file mode 100644
index 0000000..e04a8d3
--- /dev/null
+++ b/overrides/main.html
@@ -0,0 +1,67 @@
+{% extends "base.html" %}
+
+{#
+ SEO and AEO head additions:
+ - Open Graph and Twitter card meta for link previews and answer engines.
+ - JSON-LD structured data (SoftwareApplication, Organization, WebSite) so
+ search and answer engines can model what cMCP is.
+ Canonical and description tags are emitted by Material when site_url is set,
+ so they are not repeated here.
+#}
+{% block extrahead %}
+ {{ super() }}
+ {% set page_desc = page.meta.description if page and page.meta and page.meta.description else config.site_description %}
+ {% set page_url = page.canonical_url if page and page.canonical_url else config.site_url %}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+{% endblock %}
diff --git a/requirements-docs.txt b/requirements-docs.txt
index 5d5386a..4a21e7a 100644
--- a/requirements-docs.txt
+++ b/requirements-docs.txt
@@ -1,6 +1,7 @@
mkdocs>=1.6.1
mkdocs-material>=9.7.6
mkdocs-minify-plugin>=0.8
+mkdocs-llmstxt>=0.5,<1.0
pymdown-extensions>=10.21.3
mkdocstrings[python]>=1.0.4
griffe>=2.1.0
diff --git a/robots.txt b/robots.txt
new file mode 100644
index 0000000..db03184
--- /dev/null
+++ b/robots.txt
@@ -0,0 +1,35 @@
+# cMCP documentation - crawling policy
+# Search and answer engines, including AI crawlers, are welcome.
+
+User-agent: *
+Allow: /
+
+# AI and answer-engine crawlers (explicitly welcomed)
+User-agent: GPTBot
+Allow: /
+
+User-agent: OAI-SearchBot
+Allow: /
+
+User-agent: ChatGPT-User
+Allow: /
+
+User-agent: ClaudeBot
+Allow: /
+
+User-agent: anthropic-ai
+Allow: /
+
+User-agent: Claude-Web
+Allow: /
+
+User-agent: PerplexityBot
+Allow: /
+
+User-agent: Google-Extended
+Allow: /
+
+User-agent: CCBot
+Allow: /
+
+Sitemap: https://cmcp.agentrust-io.com/sitemap.xml