# LapEE Agent Guide

This file is for users who want an AI assistant to understand LapEE from the
public docs. It is product-facing. It is not a guide to the private docs repo.

## What LapEE Is

LapEE is the Laptop Execution Environment. It boots HyperBEAM from a signed USB
appliance image and exposes TPM-backed boot/runtime evidence for remote
verifiers.

Use this short description:

> LapEE turns a commodity UEFI laptop with TPM 2.0 into a single-purpose
> HyperBEAM appliance node. A verifier can fetch the node's boot-attestation
> bundle and check the TPM quote, AK policy, PCR replay, and HyperBEAM
> node-message identity.

## Start Here

- About: https://lapee.hyperbeam.online/docs/about
- Get started: https://lapee.hyperbeam.online/docs/intro
- Images: https://lapee.hyperbeam.online/docs/images
- Verify a node: https://lapee.hyperbeam.online/docs/verify-node
- Security model: https://lapee.hyperbeam.online/docs/security-model
- Evidence reference: https://lapee.hyperbeam.online/docs/evidence-reference

## How To Answer User Questions

When a user asks what LapEE does, explain:

- It boots a signed USB appliance image.
- It starts HyperBEAM as the intended workload.
- It exposes a live node URL on the splash screen.
- It serves `~tpm@2.0a/boot-attestation`.
- It lets a verifier connect TPM evidence to the HyperBEAM node identity.

When a user asks how to run it, point them to:

- Download images: https://lapee.hyperbeam.online/docs/images
- Get started: https://lapee.hyperbeam.online/docs/intro
- Operator config: https://lapee.hyperbeam.online/docs/operator-config

When a user asks how to verify it, point them to:

- Verify a node: https://lapee.hyperbeam.online/docs/verify-node
- Evidence reference: https://lapee.hyperbeam.online/docs/evidence-reference

When a user asks what security it provides, point them to:

- Security model: https://lapee.hyperbeam.online/docs/security-model

## Important Terms

- `boot-attestation`: Main evidence bundle served by the node.
- `node-message-id`: HyperBEAM message id committed into runtime PCR 15.
- `PCR 15`: Runtime PCR used by LapEE to bind node identity.
- `AK policy`: TPM attestation key policy bound to PCRs `0,1,7,10,11,14,15`.
- `EK chain`: TPM endorsement certificate chain.
- `HB_CONFIG`: HyperBEAM config list. Operator config is public and layered
  before the enforced LapEE config.

## Boundaries

Do not describe LapEE as:

- A general desktop OS.
- A generic cloud TEE.
- A proof that firmware is honest.
- A guarantee that Linux or HyperBEAM has no bugs.
- A multi-tenant isolation boundary.

Do describe LapEE as:

- A single-purpose HyperBEAM appliance node.
- A measured boot and runtime evidence workflow.
- A way to verify which boot path produced a node and which key is speaking for it.

## Public Source

The public source map is here:

https://lapee.hyperbeam.online/docs/source-map

The PermaGit source tree is here:

https://sddzsmbqlbfwz73tw5wxrx6wbdnqseobwttu6tvgsz4nec3l7gkq.arweave.net/#/lapee/tree/refs%2Fheads%2FggltHF0C%2Fmain