@alejoamiras/tee-rex 4.0.0-devnet.2-patch.0

package/src/lib/attestation.ts

@@ -0,0 +1,317 @@
+import * as x509 from "@peculiar/x509";
+import { decode as decodeCbor, encode as encodeCbor } from "cbor-x";
+import type { ValueOf } from "ts-essentials";
+import { logger } from "./logger.js";
+
+/**
+ * AWS Nitro Enclaves Root CA certificate (PEM).
+ * Source: https://aws-nitro-enclaves.amazonaws.com/AWS_NitroEnclaves_Root-G1.zip
+ */
+const AWS_NITRO_ROOT_CA_PEM = `-----BEGIN CERTIFICATE-----
+MIICETCCAZagAwIBAgIRAPkxdWgbkK/hHUbMtOTn+FYwCgYIKoZIzj0EAwMwSTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRswGQYD
+VQQDDBJhd3Mubml0cm8tZW5jbGF2ZXMwHhcNMTkxMDI4MTMyODA1WhcNNDkxMDI4
+MTQyODA1WjBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQL
+DANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczB2MBAGByqGSM49AgEG
+BSuBBAAiA2IABPwCVOumCMHzaHDimtqQvkY4MpJzbolL//Zy2YlES1BR5TSksfbb
+48C8WBoyt7F2Bw7eEtaaP+ohG2bnUs990d0JX28TcPQXCEPZ3BABIeTPYwEoCWZE
+h8l5YoQwTcU/9KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkCW1DdkF
+R+eWw5b6cp3PmanfS5YwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kAMGYC
+MQCjfy+Rocm9Xue4YnwWmNJVA44fA0P5W2OpYow9OYCVRaEevL8uO1XYru5xtMPW
+rfMCMQCi85sWBbJwKKXdS6BptQFuZbT73o/gBh1qUxl/nNr12UO8Yfwr6wPLb+6N
+IwLz3/Y=
+-----END CERTIFICATE-----`;
+
+/** Parsed fields from a Nitro attestation document. */
+export interface NitroAttestationDocument {
+  moduleId: string;
+  timestamp: number;
+  digest: string;
+  pcrs: Map<number, Uint8Array>;
+  certificate: Uint8Array;
+  cabundle: Uint8Array[];
+  publicKey?: Uint8Array;
+  userData?: Uint8Array;
+  nonce?: Uint8Array;
+}
+
+/** Options for attestation verification. */
+export interface AttestationVerifyOptions {
+  /** Expected PCR values. Only the specified PCR indices are checked. */
+  expectedPCRs?: Record<number, string>;
+  /** Maximum age of the attestation document in milliseconds. Default: 5 minutes. */
+  maxAgeMs?: number;
+  /**
+   * Expected nonce value (hex string). When provided, the attestation document's
+   * nonce field must match exactly. Use this to prevent replay attacks by including
+   * a challenge in the attestation request.
+   */
+  expectedNonce?: string;
+  /** @internal Override the root CA for testing. Defaults to the AWS Nitro Enclaves Root CA. */
+  rootCaPem?: string;
+}
+
+/**
+ * Verify a Nitro attestation document and extract the embedded public key.
+ *
+ * Verification steps:
+ * 1. Decode the COSE_Sign1 envelope
+ * 2. Extract and parse the CBOR attestation document payload
+ * 3. Build and verify the certificate chain (cabundle → leaf → AWS Nitro root CA)
+ * 4. Verify the COSE_Sign1 signature using the leaf certificate
+ * 5. Optionally check PCR values and document freshness
+ * 6. Return the embedded public key
+ *
+ * Uses @peculiar/x509 + Web Crypto API for cross-platform compatibility
+ * (works in Node.js, Bun, and browsers).
+ */
+export async function verifyNitroAttestation(
+  attestationDocumentBase64: string,
+  options: AttestationVerifyOptions = {},
+): Promise<{ publicKey: string; document: NitroAttestationDocument }> {
+  const { maxAgeMs = 5 * 60 * 1000 } = options;
+
+  // 1. Decode the COSE_Sign1 envelope
+  const raw = Buffer.from(attestationDocumentBase64, "base64");
+  const coseSign1: unknown = decodeCbor(raw);
+
+  if (!Array.isArray(coseSign1) || coseSign1.length !== 4) {
+    throw new AttestationError("Invalid COSE_Sign1 structure", AttestationErrorCode.INVALID_COSE);
+  }
+
+  const [protectedHeaders, , payload, signature] = coseSign1 as [
+    Uint8Array,
+    unknown,
+    Uint8Array,
+    Uint8Array,
+  ];
+
+  // 2. Parse the attestation document from the payload
+  const doc = decodeCbor(payload) as Record<string, unknown>;
+  const attestationDoc = parseAttestationDocument(doc);
+
+  // 3. Build and verify certificate chain
+  // Buffer.from() ensures ArrayBuffer backing (not SharedArrayBuffer) for @peculiar/x509 compat
+  const leafCert = new x509.X509Certificate(Buffer.from(attestationDoc.certificate));
+  const rootCa = new x509.X509Certificate(options.rootCaPem ?? AWS_NITRO_ROOT_CA_PEM);
+
+  // Build chain: cabundle contains certs from root to intermediate(s)
+  const caBundleCerts = attestationDoc.cabundle.map(
+    (der) => new x509.X509Certificate(Buffer.from(der)),
+  );
+  await verifyCertificateChain(leafCert, caBundleCerts, rootCa);
+
+  // 4. Verify COSE_Sign1 signature
+  //    Sig_structure = ["Signature1", protected_headers, external_aad, payload]
+  // cbor-x encodes Uint8Array with CBOR tag 64 but Buffer as plain bstr.
+  // COSE requires plain bstr, so use Buffer.alloc(0) for the empty external_aad.
+  const sigStructure = encodeCbor(["Signature1", protectedHeaders, Buffer.alloc(0), payload]);
+
+  const leafPublicKey = await leafCert.publicKey.export(
+    { name: "ECDSA", namedCurve: "P-384" } as EcKeyImportParams,
+    ["verify"],
+  );
+  const signatureValid = await crypto.subtle.verify(
+    { name: "ECDSA", hash: "SHA-384" },
+    leafPublicKey,
+    Buffer.from(signature),
+    Buffer.from(sigStructure),
+  );
+
+  if (!signatureValid) {
+    throw new AttestationError(
+      "COSE_Sign1 signature verification failed",
+      AttestationErrorCode.SIGNATURE_FAILED,
+    );
+  }
+
+  // 5. Check freshness (with 30s tolerance for clock skew between client and enclave)
+  const CLOCK_SKEW_TOLERANCE_MS = 30_000;
+  const docAge = Date.now() - attestationDoc.timestamp;
+  if (docAge > maxAgeMs + CLOCK_SKEW_TOLERANCE_MS) {
+    throw new AttestationError(
+      `Attestation document is too old (${Math.round(docAge / 1000)}s > ${Math.round(maxAgeMs / 1000)}s)`,
+      AttestationErrorCode.EXPIRED,
+    );
+  }
+
+  // 6. Check PCR values if specified
+  if (options.expectedPCRs) {
+    for (const [index, expectedHex] of Object.entries(options.expectedPCRs)) {
+      const pcrIndex = Number(index);
+      const actual = attestationDoc.pcrs.get(pcrIndex);
+      if (!actual) {
+        throw new AttestationError(
+          `PCR${pcrIndex} not found in attestation document`,
+          AttestationErrorCode.PCR_MISMATCH,
+        );
+      }
+      const actualHex = Buffer.from(actual).toString("hex");
+      if (actualHex !== expectedHex.toLowerCase()) {
+        throw new AttestationError(
+          `PCR${pcrIndex} mismatch: expected ${expectedHex}, got ${actualHex}`,
+          AttestationErrorCode.PCR_MISMATCH,
+        );
+      }
+    }
+  }
+
+  // 7. Check nonce if specified
+  if (options.expectedNonce) {
+    if (!attestationDoc.nonce) {
+      throw new AttestationError(
+        "Attestation document does not contain a nonce",
+        AttestationErrorCode.NONCE_MISMATCH,
+      );
+    }
+    const actualNonce = Buffer.from(attestationDoc.nonce).toString("hex");
+    if (actualNonce !== options.expectedNonce.toLowerCase()) {
+      throw new AttestationError(
+        `Nonce mismatch: expected ${options.expectedNonce}, got ${actualNonce}`,
+        AttestationErrorCode.NONCE_MISMATCH,
+      );
+    }
+  }
+
+  // 8. Extract public key
+  if (!attestationDoc.publicKey) {
+    throw new AttestationError(
+      "Attestation document does not contain a public key",
+      AttestationErrorCode.MISSING_KEY,
+    );
+  }
+
+  const publicKey = new TextDecoder().decode(attestationDoc.publicKey);
+
+  logger.info("Nitro attestation verified successfully", {
+    moduleId: attestationDoc.moduleId,
+    pcr0: Buffer.from(attestationDoc.pcrs.get(0) ?? new Uint8Array())
+      .toString("hex")
+      .slice(0, 16),
+  });
+
+  return { publicKey, document: attestationDoc };
+}
+
+function parseAttestationDocument(doc: Record<string, unknown>): NitroAttestationDocument {
+  if (typeof doc.module_id !== "string") {
+    throw new AttestationError("Missing or invalid module_id");
+  }
+  // cbor-x decodes 8-byte CBOR uint64 as BigInt — Nitro's Rust NSM library always
+  // encodes the timestamp as uint64 regardless of value, so we must accept both.
+  if (typeof doc.timestamp !== "number" && typeof doc.timestamp !== "bigint") {
+    throw new AttestationError("Missing or invalid timestamp");
+  }
+  if (typeof doc.digest !== "string") {
+    throw new AttestationError("Missing or invalid digest");
+  }
+  if (!(doc.certificate instanceof Uint8Array)) {
+    throw new AttestationError("Missing or invalid certificate");
+  }
+  if (!Array.isArray(doc.cabundle)) {
+    throw new AttestationError("Missing or invalid cabundle");
+  }
+
+  // Normalize pcrs: cbor-x decodes CBOR maps as plain objects (with string keys)
+  // by default, but as Map when using certain configurations. Accept both.
+  let pcrs: Map<number, Uint8Array>;
+  if (doc.pcrs instanceof Map) {
+    pcrs = doc.pcrs as Map<number, Uint8Array>;
+    for (const [key, value] of pcrs) {
+      if (typeof key !== "number" || !(value instanceof Uint8Array)) {
+        throw new AttestationError("Invalid pcrs entry: expected Map<number, Uint8Array>");
+      }
+    }
+  } else if (doc.pcrs && typeof doc.pcrs === "object") {
+    pcrs = new Map<number, Uint8Array>();
+    for (const [key, value] of Object.entries(doc.pcrs as Record<string, unknown>)) {
+      if (!(value instanceof Uint8Array)) {
+        throw new AttestationError("Invalid pcrs entry: expected Map<number, Uint8Array>");
+      }
+      pcrs.set(Number(key), value);
+    }
+  } else {
+    throw new AttestationError("Missing or invalid pcrs");
+  }
+
+  // Validate cabundle entries
+  const cabundle = doc.cabundle as unknown[];
+  for (const entry of cabundle) {
+    if (!(entry instanceof Uint8Array)) {
+      throw new AttestationError("Invalid cabundle entry: expected Uint8Array[]");
+    }
+  }
+
+  return {
+    moduleId: doc.module_id as string,
+    timestamp: Number(doc.timestamp),
+    digest: doc.digest as string,
+    pcrs,
+    certificate: doc.certificate as Uint8Array,
+    cabundle: cabundle as Uint8Array[],
+    publicKey: doc.public_key instanceof Uint8Array ? doc.public_key : undefined,
+    userData: doc.user_data instanceof Uint8Array ? doc.user_data : undefined,
+    nonce: doc.nonce instanceof Uint8Array ? doc.nonce : undefined,
+  };
+}
+
+async function verifyCertificateChain(
+  leaf: x509.X509Certificate,
+  intermediates: x509.X509Certificate[],
+  root: x509.X509Certificate,
+): Promise<void> {
+  // Verify root is self-signed
+  const rootSelfSigned = await root.verify({ signatureOnly: true });
+  if (!rootSelfSigned) {
+    throw new AttestationError("Root CA is not self-signed", AttestationErrorCode.CHAIN_FAILED);
+  }
+
+  // Build ordered chain: root → intermediates → leaf
+  const chain = [root, ...intermediates, leaf];
+
+  for (let i = 1; i < chain.length; i++) {
+    const cert = chain[i]!;
+    const issuer = chain[i - 1]!;
+
+    const valid = await cert.verify({ publicKey: issuer, signatureOnly: true });
+    if (!valid) {
+      throw new AttestationError(
+        `Certificate chain verification failed at index ${i}`,
+        AttestationErrorCode.CHAIN_FAILED,
+      );
+    }
+
+    // Check validity period
+    const now = new Date();
+    if (now < cert.notBefore || now > cert.notAfter) {
+      throw new AttestationError(
+        `Certificate at index ${i} is not within its validity period`,
+        AttestationErrorCode.CHAIN_FAILED,
+      );
+    }
+  }
+}
+
+/** Machine-readable error codes for attestation verification failures. */
+export type AttestationErrorCode = ValueOf<typeof AttestationErrorCode>;
+export const AttestationErrorCode = {
+  INVALID_COSE: "INVALID_COSE",
+  INVALID_DOCUMENT: "INVALID_DOCUMENT",
+  CHAIN_FAILED: "CHAIN_FAILED",
+  SIGNATURE_FAILED: "SIGNATURE_FAILED",
+  EXPIRED: "EXPIRED",
+  PCR_MISMATCH: "PCR_MISMATCH",
+  NONCE_MISMATCH: "NONCE_MISMATCH",
+  MISSING_KEY: "MISSING_KEY",
+} as const;
+
+/** Error thrown when Nitro attestation verification fails. Includes a machine-readable {@link AttestationErrorCode}. */
+export class AttestationError extends Error {
+  readonly code: AttestationErrorCode;
+
+  constructor(message: string, code: AttestationErrorCode = AttestationErrorCode.INVALID_DOCUMENT) {
+    super(message);
+    this.name = "AttestationError";
+    this.code = code;
+  }
+}

package/src/lib/encrypt.test.ts

@@ -0,0 +1,72 @@
+import { describe, expect, test } from "bun:test";
+import * as openpgp from "openpgp";
+import { encrypt } from "./encrypt.js";
+
+/** Generate a test keypair. */
+async function generateTestKeys() {
+  const keys = await openpgp.generateKey({
+    type: "curve25519",
+    userIDs: [{ name: "Test" }],
+  });
+  return { publicKey: keys.publicKey, privateKey: keys.privateKey };
+}
+
+/** Decrypt data with a private key. */
+async function decryptWithKey(data: Uint8Array, privateKeyArmored: string): Promise<Uint8Array> {
+  const message = await openpgp.readMessage({ binaryMessage: data });
+  const decrypted = await openpgp.decrypt({
+    message,
+    format: "binary",
+    decryptionKeys: await openpgp.readPrivateKey({ armoredKey: privateKeyArmored }),
+  });
+  return decrypted.data as Uint8Array;
+}
+
+describe("encrypt", () => {
+  test("produces non-empty output", async () => {
+    const { publicKey } = await generateTestKeys();
+    const data = new TextEncoder().encode("hello");
+
+    const encrypted = await encrypt({ data, encryptionPublicKey: publicKey });
+
+    expect(encrypted.length).toBeGreaterThan(0);
+  });
+
+  test("output differs from input", async () => {
+    const { publicKey } = await generateTestKeys();
+    const data = new TextEncoder().encode("sensitive data");
+
+    const encrypted = await encrypt({ data, encryptionPublicKey: publicKey });
+
+    expect(encrypted).not.toEqual(data);
+  });
+
+  test("roundtrip: encrypt then decrypt preserves data", async () => {
+    const { publicKey, privateKey } = await generateTestKeys();
+    const original = new TextEncoder().encode("roundtrip test data");
+
+    const encrypted = await encrypt({ data: original, encryptionPublicKey: publicKey });
+    const decrypted = await decryptWithKey(encrypted, privateKey);
+
+    expect(decrypted).toEqual(original);
+  });
+
+  test("roundtrip works with binary data", async () => {
+    const { publicKey, privateKey } = await generateTestKeys();
+    const original = new Uint8Array(256);
+    for (let i = 0; i < 256; i++) {
+      original[i] = i;
+    }
+
+    const encrypted = await encrypt({ data: original, encryptionPublicKey: publicKey });
+    const decrypted = await decryptWithKey(encrypted, privateKey);
+
+    expect(decrypted).toEqual(original);
+  });
+
+  test("throws on invalid public key", async () => {
+    const data = new TextEncoder().encode("hello");
+
+    expect(encrypt({ data, encryptionPublicKey: "not-a-key" })).rejects.toThrow();
+  });
+});

package/src/lib/encrypt.ts

@@ -0,0 +1,29 @@
+import * as openpgp from "openpgp";
+
+openpgp.config.aeadProtect = true;
+
+export async function encrypt({
+  data,
+  encryptionPublicKey,
+}: {
+  data: Uint8Array;
+  encryptionPublicKey: string;
+}): Promise<Uint8Array> {
+  const message = await openpgp.createMessage({ binary: data });
+  const encryptedArmored = await openpgp.encrypt({
+    message,
+    encryptionKeys: await openpgp.readKey({ armoredKey: encryptionPublicKey }),
+  });
+
+  const encrypted = await unarmorToUint8Array(encryptedArmored);
+  return encrypted;
+}
+
+async function unarmorToUint8Array(armored: string) {
+  const unarmored = await openpgp.unarmor(armored);
+  const unarmoredData: unknown = unarmored.data;
+  if (!(unarmoredData instanceof Uint8Array)) {
+    throw new Error("Unarmored data is not a Uint8Array");
+  }
+  return unarmoredData;
+}

package/src/lib/logger.ts

@@ -0,0 +1,3 @@
+import { getLogger } from "@logtape/logtape";
+
+export const logger = getLogger(["tee-rex", "prover"]);

package/src/lib/tee-rex-prover.test.ts

@@ -0,0 +1,184 @@
+import { afterEach, beforeEach, describe, expect, mock, spyOn, test } from "bun:test";
+import { BBLazyPrivateKernelProver } from "@aztec/bb-prover/client/lazy";
+import { WASMSimulator } from "@aztec/simulator/client";
+import * as attestationModule from "./attestation.js";
+import { ProvingMode, TeeRexProver } from "./tee-rex-prover.js";
+
+describe("TeeRexProver", () => {
+  test("can instantiate with correct proving modes", () => {
+    const prover = new TeeRexProver("http://localhost:4000", new WASMSimulator());
+
+    // Default mode should be remote
+    expect(prover).toBeDefined();
+
+    // Can set to local mode
+    prover.setProvingMode(ProvingMode.local);
+
+    // Can set back to remote mode
+    prover.setProvingMode(ProvingMode.remote);
+  });
+
+  describe("createChonkProof routing", () => {
+    const API_URL = "http://tee-rex-test.invalid:9999";
+
+    // Minimal fake execution step matching PrivateExecutionStep shape
+    const fakeStep = {
+      functionName: "test_fn",
+      witness: new Map([[0, "val"]]),
+      bytecode: new Uint8Array([0, 1]),
+      vk: new Uint8Array([2, 3]),
+      timings: { witgen: 10 },
+    } as any;
+
+    let originalFetch: typeof globalThis.fetch;
+
+    beforeEach(() => {
+      originalFetch = globalThis.fetch;
+    });
+
+    afterEach(() => {
+      globalThis.fetch = originalFetch;
+    });
+
+    test("remote mode calls the API's attestation endpoint", async () => {
+      const fetchedUrls: string[] = [];
+
+      globalThis.fetch = mock(async (input: any) => {
+        const url = typeof input === "string" ? input : input.url;
+        fetchedUrls.push(url);
+        // Return a failure to stop the flow early — we just want to verify the URL
+        return new Response("not found", { status: 404 });
+      }) as any;
+
+      const prover = new TeeRexProver(API_URL, new WASMSimulator());
+      prover.setProvingMode(ProvingMode.remote);
+
+      // createChonkProof will fail because our mock server returns 404,
+      // but we can verify it tried to reach the right endpoint
+      try {
+        await prover.createChonkProof([fakeStep]);
+      } catch {
+        // Expected — the mock doesn't return a valid response
+      }
+
+      const attestationEndpointCalled = fetchedUrls.some((url) =>
+        url.includes(`${API_URL}/attestation`),
+      );
+      expect(attestationEndpointCalled).toBe(true);
+    });
+
+    test("requireAttestation rejects standard mode servers", async () => {
+      globalThis.fetch = mock(async (input: any) => {
+        const url = typeof input === "string" ? input : input.url;
+        if (url.includes("/attestation")) {
+          return new Response(JSON.stringify({ mode: "standard", publicKey: "fake-key" }), {
+            status: 200,
+            headers: { "Content-Type": "application/json" },
+          });
+        }
+        return new Response("not found", { status: 404 });
+      }) as any;
+
+      const prover = new TeeRexProver(API_URL, new WASMSimulator());
+      prover.setProvingMode(ProvingMode.remote);
+      prover.setAttestationConfig({ requireAttestation: true });
+
+      await expect(prover.createChonkProof([fakeStep])).rejects.toThrow(
+        "requireAttestation is enabled",
+      );
+    });
+
+    test("nitro mode falls back to server-provided key when node:crypto unavailable", async () => {
+      const SERVER_PUBLIC_KEY = "server-provided-key-abc123";
+
+      globalThis.fetch = mock(async (input: any) => {
+        const url = typeof input === "string" ? input : input.url;
+        if (url.includes("/attestation")) {
+          return new Response(
+            JSON.stringify({
+              mode: "nitro",
+              attestationDocument: "fake-doc",
+              publicKey: SERVER_PUBLIC_KEY,
+            }),
+            { status: 200, headers: { "Content-Type": "application/json" } },
+          );
+        }
+        // /prove endpoint — return a valid response so the flow completes up to encryption
+        return new Response("not found", { status: 404 });
+      }) as any;
+
+      // Mock verifyNitroAttestation to throw a browser-like error
+      const verifySpy = spyOn(attestationModule, "verifyNitroAttestation").mockRejectedValue(
+        new TypeError("s is not a constructor"),
+      );
+
+      const prover = new TeeRexProver(API_URL, new WASMSimulator());
+      prover.setProvingMode(ProvingMode.remote);
+
+      // createChonkProof will fail at the /prove call (404), but the attestation
+      // fallback should have succeeded — verify by checking the spy was called
+      // and the flow continued past attestation to the /prove request
+      try {
+        await prover.createChonkProof([fakeStep]);
+      } catch {
+        // Expected — the mock /prove returns 404
+      }
+
+      expect(verifySpy).toHaveBeenCalledTimes(1);
+      verifySpy.mockRestore();
+    });
+
+    test("nitro mode re-throws real verification errors", async () => {
+      globalThis.fetch = mock(async (input: any) => {
+        const url = typeof input === "string" ? input : input.url;
+        if (url.includes("/attestation")) {
+          return new Response(
+            JSON.stringify({
+              mode: "nitro",
+              attestationDocument: "fake-doc",
+              publicKey: "server-key",
+            }),
+            { status: 200, headers: { "Content-Type": "application/json" } },
+          );
+        }
+        return new Response("not found", { status: 404 });
+      }) as any;
+
+      // Mock verifyNitroAttestation to throw a real verification error
+      const verifySpy = spyOn(attestationModule, "verifyNitroAttestation").mockRejectedValue(
+        new Error("PCR0 mismatch: expected abc got def"),
+      );
+
+      const prover = new TeeRexProver(API_URL, new WASMSimulator());
+      prover.setProvingMode(ProvingMode.remote);
+
+      await expect(prover.createChonkProof([fakeStep])).rejects.toThrow("PCR0 mismatch");
+
+      verifySpy.mockRestore();
+    });
+
+    test("local mode calls super.createChonkProof, not the API", async () => {
+      let fetchCalled = false;
+      globalThis.fetch = mock(async () => {
+        fetchCalled = true;
+        return new Response("", { status: 500 });
+      }) as any;
+
+      const superSpy = spyOn(BBLazyPrivateKernelProver.prototype, "createChonkProof");
+      superSpy.mockRejectedValue(new Error("local prover not available in test"));
+
+      const prover = new TeeRexProver(API_URL, new WASMSimulator());
+      prover.setProvingMode(ProvingMode.local);
+
+      try {
+        await prover.createChonkProof([fakeStep]);
+      } catch {
+        // Expected — we mocked super to throw
+      }
+
+      expect(fetchCalled).toBe(false);
+      expect(superSpy).toHaveBeenCalledTimes(1);
+      superSpy.mockRestore();
+    });
+  });
+});