@appliedblockchain/silentdatarollup-ethers-provider 1.0.8 → 1.0.10

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Applied Blockchain Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -15,6 +15,9 @@
     - [Overview](#overview)
     - [Using the SDInterface](#using-the-sdinterface)
     - [Private Events Example](#private-events-example)
+  - [Smart Account Support](#smart-account-support)
+    - [Smart Account Overview](#smart-account-overview)
+    - [Smart Account Example](#smart-account-example)
 - [Troubleshooting](#troubleshooting)
 - [License](#license)
 - [Additional Resources](#additional-resources)
@@ -26,7 +29,7 @@ Custom providers for Silent Data, compatible with ethers.js.
 ## Prerequisites
 
 - Node.js (version 18 or higher)
-- npm
+- pnpm
 - Basic knowledge of Ethereum and smart contracts
 - Ethers.js v6
 
@@ -37,7 +40,7 @@ Custom providers for Silent Data, compatible with ethers.js.
 #### Installing Basic Usage Dependencies
 
 ```bash
-npm install @appliedblockchain/silentdatarollup-core @appliedblockchain/silentdatarollup-ethers-provider ethers@6
+pnpm add @appliedblockchain/silentdatarollup-core @appliedblockchain/silentdatarollup-ethers-provider ethers@6
 ```
 
 #### Basic Usage Example
@@ -67,7 +70,7 @@ console.log(balance)
 #### Installing Usage with a Contract Dependencies
 
 ```bash
-npm install @appliedblockchain/silentdatarollup-core @appliedblockchain/silentdatarollup-ethers-provider ethers@6
+pnpm add @appliedblockchain/silentdatarollup-core @appliedblockchain/silentdatarollup-ethers-provider ethers@6
 ```
 
 #### Usage with a Contract Example
@@ -216,6 +219,66 @@ for (const log of privateEvents) {
 }
 ```
 
+### Smart Account Support
+
+#### Smart Account Overview
+
+Silent Data Rollup supports smart accounts (smart wallet contracts) that implement [EIP-1271](https://eips.ethereum.org/EIPS/eip-1271) for signature verification. When using a smart account, you provide the `smartWalletAddress` in the provider configuration, and the provider automatically handles signature verification through the smart contract.
+
+**Key features:**
+
+- **EIP-1271 Compatibility**: Your smart account contract must implement the `isValidSignature(bytes32 hash, bytes signature)` function
+- **Automatic Hash Signing**: When `smartWalletAddress` is provided, the provider signs the hash of messages for proper EIP-1271 verification
+- **Flexible Signer Support**: Works with any signer implementation, including passkey signers, browser wallets, and more
+
+#### Smart Account Example
+
+This example shows how to use the provider with a passkey signer and smart account. For a complete passkey implementation, see the [Giano repository](https://github.com/appliedblockchain/giano).
+
+```typescript
+import { SilentDataRollupProvider } from '@appliedblockchain/silentdatarollup-ethers-provider'
+import { NetworkName } from '@appliedblockchain/silentdatarollup-core'
+// Example: Using Giano passkey signer
+// See https://github.com/appliedblockchain/giano for full implementation
+import { GianoSigner } from '@appliedblockchain/giano-client'
+
+// Initialize your Giano passkey signer
+const gianoSigner = await GianoSigner.create({
+  // Passkey configuration
+})
+
+// Configure provider with smart account
+const providerConfig = {
+  rpcUrl: 'SILENT_DATA_ROLLUP_RPC_URL',
+  network: NetworkName.TESTNET,
+  signer: gianoSigner,
+  // Provide your EIP-1271 compatible smart account address
+  smartWalletAddress: '0xYOUR_SMART_ACCOUNT_ADDRESS',
+}
+
+const provider = new SilentDataRollupProvider(providerConfig)
+
+// Use the provider as normal
+// All signatures will be verified via your smart account's EIP-1271 implementation
+const balance = await provider.getBalance('YOUR_ADDRESS')
+console.log(balance)
+
+// Works with contracts too
+const contractConfig = {
+  contractAddress: 'YOUR_CONTRACT_ADDRESS',
+  abi: [
+    /* Your contract ABI */
+  ],
+  runner: provider,
+  methodsToSign: ['privateMethod'],
+}
+
+const contract = new SilentDataRollupContract(contractConfig)
+const result = await contract.privateMethod('param')
+```
+
+**Note**: Your smart account contract must implement EIP-1271's `isValidSignature` function to verify signatures. The provider will automatically sign message hashes when `smartWalletAddress` is configured, ensuring compatibility with the EIP-1271 standard.
+
 ## License
 
 This project is licensed under the [MIT License](LICENSE).

package/dist/index.d.mts

@@ -5,12 +5,19 @@ declare const DEBUG_NAMESPACE = "silentdata:ethers-provider";
 
 interface SilentDataRollupProviderConfig extends BaseConfig {
     rpcUrl: string;
+    l1RpcUrl?: string;
+    registryContract?: string;
     network?: NetworkName;
     chainId?: number;
     privateKey?: string;
     signer?: Signer;
     options?: JsonRpcApiProviderOptions;
     smartWalletAddress?: string;
+    /**
+     * When set to true, all eth_call requests will be signed
+     * with authentication headers, regardless of whether they match signable contracts
+     */
+    alwaysSignEthCalls?: boolean;
 }
 /**
  * Extended filter type that includes a special flag for private events
@@ -37,6 +44,15 @@ declare class SilentDataRollupProvider extends JsonRpcProvider {
     private baseProvider;
     constructor(config: SilentDataRollupProviderConfig);
     _send(payload: JsonRpcPayload | Array<JsonRpcPayload>): Promise<Array<JsonRpcResult>>;
+    private _isRegistryContractSet;
+    private _isNodeRuntime;
+    /**
+     * Get authentication headers if required for the given payload.
+     * Returns null if no auth headers are needed.
+     */
+    private _getAuthHeaders;
+    private _sendWithoutAttestation;
+    private _sendWithPinnedTlsAndAttest;
     static getRequest({ rpcUrl }: {
         rpcUrl: string;
     }): FetchRequest;

package/dist/index.d.ts

@@ -5,12 +5,19 @@ declare const DEBUG_NAMESPACE = "silentdata:ethers-provider";
 
 interface SilentDataRollupProviderConfig extends BaseConfig {
     rpcUrl: string;
+    l1RpcUrl?: string;
+    registryContract?: string;
     network?: NetworkName;
     chainId?: number;
     privateKey?: string;
     signer?: Signer;
     options?: JsonRpcApiProviderOptions;
     smartWalletAddress?: string;
+    /**
+     * When set to true, all eth_call requests will be signed
+     * with authentication headers, regardless of whether they match signable contracts
+     */
+    alwaysSignEthCalls?: boolean;
 }
 /**
  * Extended filter type that includes a special flag for private events
@@ -37,6 +44,15 @@ declare class SilentDataRollupProvider extends JsonRpcProvider {
     private baseProvider;
     constructor(config: SilentDataRollupProviderConfig);
     _send(payload: JsonRpcPayload | Array<JsonRpcPayload>): Promise<Array<JsonRpcResult>>;
+    private _isRegistryContractSet;
+    private _isNodeRuntime;
+    /**
+     * Get authentication headers if required for the given payload.
+     * Returns null if no auth headers are needed.
+     */
+    private _getAuthHeaders;
+    private _sendWithoutAttestation;
+    private _sendWithPinnedTlsAndAttest;
     static getRequest({ rpcUrl }: {
         rpcUrl: string;
     }): FetchRequest;

package/dist/index.js

@@ -90,6 +90,7 @@ var SilentDataRollupSigner = class extends import_ethers.AbstractSigner {
 };
 
 // src/provider.ts
+var import_silentdatarollup_core2 = require("@appliedblockchain/silentdatarollup-core");
 var log = (0, import_debug.default)(import_silentdatarollup_core.DEBUG_NAMESPACE);
 function isPromise(value) {
   return value && typeof value.then === "function";
@@ -126,7 +127,10 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends import_et
       "config",
       config
     );
-    this.baseProvider = new import_silentdatarollup_core.SilentDataRollupBase(config);
+    this.baseProvider = new import_silentdatarollup_core.SilentDataRollupBase({
+      ...config,
+      smartWalletAddress: config.smartWalletAddress
+    });
     this.config = config;
     this.config.authSignatureType = config.authSignatureType || import_silentdatarollup_core.SignatureType.Raw;
     if (config.signer) {
@@ -165,43 +169,78 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends import_et
         }
       }
     }
+    if (!this._isNodeRuntime() || !this._isRegistryContractSet()) {
+      return await this._sendWithoutAttestation(payload, isPrivateLogsRequest);
+    }
+    return await this._sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest);
+  }
+  _isRegistryContractSet() {
+    return Boolean(this.config.l1RpcUrl) && Boolean(this.config.registryContract);
+  }
+  _isNodeRuntime() {
+    return typeof process !== "undefined" && typeof process.versions === "object" && typeof process.versions.node === "string";
+  }
+  /**
+   * Get authentication headers if required for the given payload.
+   * Returns null if no auth headers are needed.
+   */
+  async _getAuthHeaders(payload, isPrivateLogsRequest) {
+    const requiresAuthHeaders = isPrivateLogsRequest || import_silentdatarollup_core.SIGN_RPC_METHODS.includes(payload.method) || (0, import_silentdatarollup_core.isSignableContractCall)(payload, this.baseProvider.contracts) || this.config.alwaysSignEthCalls && payload.method === "eth_call";
+    if (!requiresAuthHeaders) {
+      return null;
+    }
+    const headers = {};
+    if (this.config.delegate) {
+      const {
+        [import_silentdatarollup_core.HEADER_DELEGATE]: xDelegate,
+        [import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
+        [import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
+      } = await this.baseProvider.getDelegateHeaders(this);
+      headers[import_silentdatarollup_core.HEADER_DELEGATE] = xDelegate;
+      if (xDelegateSignature) {
+        headers[import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE] = xDelegateSignature;
+      }
+      if (xEip712DelegateSignature) {
+        headers[import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE] = xEip712DelegateSignature;
+      }
+    }
+    if (this.config.smartWalletAddress) {
+      log("Setting smart wallet header:", this.config.smartWalletAddress);
+      headers[import_silentdatarollup_core.HEADER_SIGNER_SWC] = this.config.smartWalletAddress;
+    }
+    const {
+      [import_silentdatarollup_core.HEADER_TIMESTAMP]: xTimestamp,
+      [import_silentdatarollup_core.HEADER_SIGNATURE]: xSignature,
+      [import_silentdatarollup_core.HEADER_EIP712_SIGNATURE]: xEip712Signature,
+      [import_silentdatarollup_core.HEADER_FROM_BLOCK]: xFromBlock
+    } = await this.baseProvider.getAuthHeaders(this, payload);
+    headers[import_silentdatarollup_core.HEADER_TIMESTAMP] = xTimestamp;
+    if (xSignature) {
+      headers[import_silentdatarollup_core.HEADER_SIGNATURE] = xSignature;
+    }
+    if (xEip712Signature) {
+      headers[import_silentdatarollup_core.HEADER_EIP712_SIGNATURE] = xEip712Signature;
+    }
+    if (xFromBlock) {
+      headers[import_silentdatarollup_core.HEADER_FROM_BLOCK] = xFromBlock;
+    }
+    const signatureType = this.config.authSignatureType ?? import_silentdatarollup_core.SignatureType.EIP191;
+    if (signatureType) {
+      headers[import_silentdatarollup_core.HEADER_SIGNATURE_TYPE] = signatureType;
+    }
+    return headers;
+  }
+  async _sendWithoutAttestation(payload, isPrivateLogsRequest) {
     const request = this._getConnection();
     request.body = JSON.stringify(payload);
     request.setHeader("content-type", "application/json");
-    const requiresAuthHeaders = isPrivateLogsRequest || import_silentdatarollup_core.SIGN_RPC_METHODS.includes(payload.method) || (0, import_silentdatarollup_core.isSignableContractCall)(payload, this.baseProvider.contracts);
-    if (requiresAuthHeaders) {
-      if (this.config.delegate) {
-        const {
-          [import_silentdatarollup_core.HEADER_DELEGATE]: xDelegate,
-          [import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
-          [import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
-        } = await this.baseProvider.getDelegateHeaders(this);
-        request.setHeader(import_silentdatarollup_core.HEADER_DELEGATE, xDelegate);
-        if (xDelegateSignature) {
-          request.setHeader(import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE, xDelegateSignature);
-        }
-        if (xEip712DelegateSignature) {
-          request.setHeader(
-            import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE,
-            xEip712DelegateSignature
-          );
-        }
-      }
-      if (this.config.smartWalletAddress) {
-        log("Setting smart wallet header:", this.config.smartWalletAddress);
-        request.setHeader(import_silentdatarollup_core.HEADER_SIGNER_SWC, this.config.smartWalletAddress);
-      }
-      const {
-        [import_silentdatarollup_core.HEADER_TIMESTAMP]: xTimestamp,
-        [import_silentdatarollup_core.HEADER_SIGNATURE]: xSignature,
-        [import_silentdatarollup_core.HEADER_EIP712_SIGNATURE]: xEip712Signature
-      } = await this.baseProvider.getAuthHeaders(this, payload);
-      request.setHeader(import_silentdatarollup_core.HEADER_TIMESTAMP, xTimestamp);
-      if (xSignature) {
-        request.setHeader(import_silentdatarollup_core.HEADER_SIGNATURE, xSignature);
-      }
-      if (xEip712Signature) {
-        request.setHeader(import_silentdatarollup_core.HEADER_EIP712_SIGNATURE, xEip712Signature);
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      for (const [key, value] of Object.entries(authHeaders)) {
+        request.setHeader(key, value);
       }
     }
     const response = await request.send();
@@ -212,6 +251,100 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends import_et
     }
     return resp;
   }
+  async _sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest) {
+    const https = await import(
+      /* webpackIgnore: true */
+      "https"
+    );
+    const { URL } = await import(
+      /* webpackIgnore: true */
+      "url"
+    );
+    const conn = this._getConnection();
+    const rpcUrlStr = conn.url;
+    if (!rpcUrlStr) {
+      throw new Error("Unable to determine rpcUrl for pinned TLS transport");
+    }
+    const rpcUrl = new URL(rpcUrlStr);
+    let exporterKey = null;
+    const doRequest = (method, path, body, headers2 = {}, forcedSocket) => new Promise((resolve, reject) => {
+      const req = https.request(
+        {
+          protocol: rpcUrl.protocol,
+          hostname: rpcUrl.hostname,
+          port: rpcUrl.port ? Number(rpcUrl.port) : 443,
+          path,
+          method,
+          headers: headers2,
+          agent: false,
+          createConnection: forcedSocket ? () => forcedSocket : void 0
+        },
+        (res) => {
+          const socket = res.socket;
+          const DomainSeparator = "CUSTOM-RPC ATTEST:";
+          const DOMAIN_SEPARATOR = Buffer.from(DomainSeparator, "utf8");
+          exporterKey = socket.exportKeyingMaterial(
+            32,
+            "tdx-attestation",
+            DOMAIN_SEPARATOR
+          );
+          const chunks = [];
+          res.on(
+            "data",
+            (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d))
+          );
+          res.on(
+            "end",
+            () => resolve({
+              statusCode: res.statusCode ?? 0,
+              body: Buffer.concat(chunks),
+              socket
+            })
+          );
+        }
+      );
+      req.on("error", reject);
+      if (body) {
+        req.write(body);
+      }
+      req.end();
+    });
+    const attest = await doRequest("GET", "/tdx/attest", void 0, {
+      connection: "keep-alive"
+    });
+    if (attest.statusCode < 200 || attest.statusCode >= 300) {
+      throw new Error(`/tdx/attest failed: HTTP ${attest.statusCode}`);
+    }
+    const isValid = await (0, import_silentdatarollup_core2.validateTdxAttestation)(
+      attest.body,
+      exporterKey,
+      this.config.l1RpcUrl,
+      this.config.registryContract
+    );
+    if (!isValid) {
+      throw new Error("TDX attestation validation failed");
+    }
+    const headers = {
+      "content-type": "application/json"
+    };
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      Object.assign(headers, authHeaders);
+    }
+    const rpcBody = Buffer.from(JSON.stringify(payload));
+    const rpc = await doRequest("POST", "/", rpcBody, headers, attest.socket);
+    if (rpc.statusCode < 200 || rpc.statusCode >= 300) {
+      throw new Error(`RPC POST / failed: HTTP ${rpc.statusCode}`);
+    }
+    let parsed = JSON.parse(rpc.body.toString("utf8"));
+    if (!Array.isArray(parsed)) {
+      parsed = [parsed];
+    }
+    return parsed;
+  }
   static getRequest({ rpcUrl }) {
     const request = new import_ethers2.FetchRequest(rpcUrl);
     request.allowGzip = true;

package/dist/index.mjs

@@ -11,7 +11,9 @@ import {
   HEADER_DELEGATE_SIGNATURE,
   HEADER_EIP712_DELEGATE_SIGNATURE,
   HEADER_EIP712_SIGNATURE,
+  HEADER_FROM_BLOCK,
   HEADER_SIGNATURE,
+  HEADER_SIGNATURE_TYPE,
   HEADER_SIGNER_SWC,
   HEADER_TIMESTAMP,
   isSignableContractCall,
@@ -79,6 +81,7 @@ var SilentDataRollupSigner = class extends AbstractSigner {
 };
 
 // src/provider.ts
+import { validateTdxAttestation } from "@appliedblockchain/silentdatarollup-core";
 var log = debug(DEBUG_NAMESPACE2);
 function isPromise(value) {
   return value && typeof value.then === "function";
@@ -115,7 +118,10 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends JsonRpcPr
       "config",
       config
     );
-    this.baseProvider = new SilentDataRollupBase(config);
+    this.baseProvider = new SilentDataRollupBase({
+      ...config,
+      smartWalletAddress: config.smartWalletAddress
+    });
     this.config = config;
     this.config.authSignatureType = config.authSignatureType || SignatureType.Raw;
     if (config.signer) {
@@ -154,43 +160,78 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends JsonRpcPr
         }
       }
     }
+    if (!this._isNodeRuntime() || !this._isRegistryContractSet()) {
+      return await this._sendWithoutAttestation(payload, isPrivateLogsRequest);
+    }
+    return await this._sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest);
+  }
+  _isRegistryContractSet() {
+    return Boolean(this.config.l1RpcUrl) && Boolean(this.config.registryContract);
+  }
+  _isNodeRuntime() {
+    return typeof process !== "undefined" && typeof process.versions === "object" && typeof process.versions.node === "string";
+  }
+  /**
+   * Get authentication headers if required for the given payload.
+   * Returns null if no auth headers are needed.
+   */
+  async _getAuthHeaders(payload, isPrivateLogsRequest) {
+    const requiresAuthHeaders = isPrivateLogsRequest || SIGN_RPC_METHODS.includes(payload.method) || isSignableContractCall(payload, this.baseProvider.contracts) || this.config.alwaysSignEthCalls && payload.method === "eth_call";
+    if (!requiresAuthHeaders) {
+      return null;
+    }
+    const headers = {};
+    if (this.config.delegate) {
+      const {
+        [HEADER_DELEGATE]: xDelegate,
+        [HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
+        [HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
+      } = await this.baseProvider.getDelegateHeaders(this);
+      headers[HEADER_DELEGATE] = xDelegate;
+      if (xDelegateSignature) {
+        headers[HEADER_DELEGATE_SIGNATURE] = xDelegateSignature;
+      }
+      if (xEip712DelegateSignature) {
+        headers[HEADER_EIP712_DELEGATE_SIGNATURE] = xEip712DelegateSignature;
+      }
+    }
+    if (this.config.smartWalletAddress) {
+      log("Setting smart wallet header:", this.config.smartWalletAddress);
+      headers[HEADER_SIGNER_SWC] = this.config.smartWalletAddress;
+    }
+    const {
+      [HEADER_TIMESTAMP]: xTimestamp,
+      [HEADER_SIGNATURE]: xSignature,
+      [HEADER_EIP712_SIGNATURE]: xEip712Signature,
+      [HEADER_FROM_BLOCK]: xFromBlock
+    } = await this.baseProvider.getAuthHeaders(this, payload);
+    headers[HEADER_TIMESTAMP] = xTimestamp;
+    if (xSignature) {
+      headers[HEADER_SIGNATURE] = xSignature;
+    }
+    if (xEip712Signature) {
+      headers[HEADER_EIP712_SIGNATURE] = xEip712Signature;
+    }
+    if (xFromBlock) {
+      headers[HEADER_FROM_BLOCK] = xFromBlock;
+    }
+    const signatureType = this.config.authSignatureType ?? SignatureType.EIP191;
+    if (signatureType) {
+      headers[HEADER_SIGNATURE_TYPE] = signatureType;
+    }
+    return headers;
+  }
+  async _sendWithoutAttestation(payload, isPrivateLogsRequest) {
     const request = this._getConnection();
     request.body = JSON.stringify(payload);
     request.setHeader("content-type", "application/json");
-    const requiresAuthHeaders = isPrivateLogsRequest || SIGN_RPC_METHODS.includes(payload.method) || isSignableContractCall(payload, this.baseProvider.contracts);
-    if (requiresAuthHeaders) {
-      if (this.config.delegate) {
-        const {
-          [HEADER_DELEGATE]: xDelegate,
-          [HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
-          [HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
-        } = await this.baseProvider.getDelegateHeaders(this);
-        request.setHeader(HEADER_DELEGATE, xDelegate);
-        if (xDelegateSignature) {
-          request.setHeader(HEADER_DELEGATE_SIGNATURE, xDelegateSignature);
-        }
-        if (xEip712DelegateSignature) {
-          request.setHeader(
-            HEADER_EIP712_DELEGATE_SIGNATURE,
-            xEip712DelegateSignature
-          );
-        }
-      }
-      if (this.config.smartWalletAddress) {
-        log("Setting smart wallet header:", this.config.smartWalletAddress);
-        request.setHeader(HEADER_SIGNER_SWC, this.config.smartWalletAddress);
-      }
-      const {
-        [HEADER_TIMESTAMP]: xTimestamp,
-        [HEADER_SIGNATURE]: xSignature,
-        [HEADER_EIP712_SIGNATURE]: xEip712Signature
-      } = await this.baseProvider.getAuthHeaders(this, payload);
-      request.setHeader(HEADER_TIMESTAMP, xTimestamp);
-      if (xSignature) {
-        request.setHeader(HEADER_SIGNATURE, xSignature);
-      }
-      if (xEip712Signature) {
-        request.setHeader(HEADER_EIP712_SIGNATURE, xEip712Signature);
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      for (const [key, value] of Object.entries(authHeaders)) {
+        request.setHeader(key, value);
       }
     }
     const response = await request.send();
@@ -201,6 +242,100 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends JsonRpcPr
     }
     return resp;
   }
+  async _sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest) {
+    const https = await import(
+      /* webpackIgnore: true */
+      "node:https"
+    );
+    const { URL } = await import(
+      /* webpackIgnore: true */
+      "node:url"
+    );
+    const conn = this._getConnection();
+    const rpcUrlStr = conn.url;
+    if (!rpcUrlStr) {
+      throw new Error("Unable to determine rpcUrl for pinned TLS transport");
+    }
+    const rpcUrl = new URL(rpcUrlStr);
+    let exporterKey = null;
+    const doRequest = (method, path, body, headers2 = {}, forcedSocket) => new Promise((resolve, reject) => {
+      const req = https.request(
+        {
+          protocol: rpcUrl.protocol,
+          hostname: rpcUrl.hostname,
+          port: rpcUrl.port ? Number(rpcUrl.port) : 443,
+          path,
+          method,
+          headers: headers2,
+          agent: false,
+          createConnection: forcedSocket ? () => forcedSocket : void 0
+        },
+        (res) => {
+          const socket = res.socket;
+          const DomainSeparator = "CUSTOM-RPC ATTEST:";
+          const DOMAIN_SEPARATOR = Buffer.from(DomainSeparator, "utf8");
+          exporterKey = socket.exportKeyingMaterial(
+            32,
+            "tdx-attestation",
+            DOMAIN_SEPARATOR
+          );
+          const chunks = [];
+          res.on(
+            "data",
+            (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d))
+          );
+          res.on(
+            "end",
+            () => resolve({
+              statusCode: res.statusCode ?? 0,
+              body: Buffer.concat(chunks),
+              socket
+            })
+          );
+        }
+      );
+      req.on("error", reject);
+      if (body) {
+        req.write(body);
+      }
+      req.end();
+    });
+    const attest = await doRequest("GET", "/tdx/attest", void 0, {
+      connection: "keep-alive"
+    });
+    if (attest.statusCode < 200 || attest.statusCode >= 300) {
+      throw new Error(`/tdx/attest failed: HTTP ${attest.statusCode}`);
+    }
+    const isValid = await validateTdxAttestation(
+      attest.body,
+      exporterKey,
+      this.config.l1RpcUrl,
+      this.config.registryContract
+    );
+    if (!isValid) {
+      throw new Error("TDX attestation validation failed");
+    }
+    const headers = {
+      "content-type": "application/json"
+    };
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      Object.assign(headers, authHeaders);
+    }
+    const rpcBody = Buffer.from(JSON.stringify(payload));
+    const rpc = await doRequest("POST", "/", rpcBody, headers, attest.socket);
+    if (rpc.statusCode < 200 || rpc.statusCode >= 300) {
+      throw new Error(`RPC POST / failed: HTTP ${rpc.statusCode}`);
+    }
+    let parsed = JSON.parse(rpc.body.toString("utf8"));
+    if (!Array.isArray(parsed)) {
+      parsed = [parsed];
+    }
+    return parsed;
+  }
   static getRequest({ rpcUrl }) {
     const request = new FetchRequest(rpcUrl);
     request.allowGzip = true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appliedblockchain/silentdatarollup-ethers-provider",
-  "version": "1.0.8",
+  "version": "1.0.10",
   "description": "Ethers.js provider for Silent Data",
   "author": "Applied Blockchain",
   "homepage": "https://github.com/appliedblockchain/silent-data-rollup-providers#readme",
@@ -25,23 +25,23 @@
   "files": [
     "dist"
   ],
-  "scripts": {
-    "build": "tsc --noEmit && tsup src/index.ts --format cjs,esm --dts --clean",
-    "check-exports": "attw --pack . --profile node16",
-    "prepack": "npm run build",
-    "test": "jest"
-  },
   "dependencies": {
-    "@appliedblockchain/silentdatarollup-core": "1.0.8",
     "debug": "4.3.7",
-    "ethers": "6.13.2"
+    "ethers": "6.13.2",
+    "@appliedblockchain/silentdatarollup-core": "1.0.10"
   },
   "devDependencies": {
-    "@types/node": "22.5.4",
+    "@types/debug": "4.1.12",
+    "@types/node": "24.10.1",
     "ts-node": "10.9.2",
     "typescript": "5.6.2"
   },
   "engines": {
     "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsc --noEmit && tsup src/index.ts --format cjs,esm --dts --clean",
+    "check-exports": "attw --pack . --profile node16",
+    "test": "jest"
   }
-}
+}