@appliedblockchain/silentdatarollup-ethers-provider 1.0.9 → 1.0.10

package/dist/index.d.mts

@@ -5,6 +5,8 @@ declare const DEBUG_NAMESPACE = "silentdata:ethers-provider";
 
 interface SilentDataRollupProviderConfig extends BaseConfig {
     rpcUrl: string;
+    l1RpcUrl?: string;
+    registryContract?: string;
     network?: NetworkName;
     chainId?: number;
     privateKey?: string;
@@ -42,6 +44,15 @@ declare class SilentDataRollupProvider extends JsonRpcProvider {
     private baseProvider;
     constructor(config: SilentDataRollupProviderConfig);
     _send(payload: JsonRpcPayload | Array<JsonRpcPayload>): Promise<Array<JsonRpcResult>>;
+    private _isRegistryContractSet;
+    private _isNodeRuntime;
+    /**
+     * Get authentication headers if required for the given payload.
+     * Returns null if no auth headers are needed.
+     */
+    private _getAuthHeaders;
+    private _sendWithoutAttestation;
+    private _sendWithPinnedTlsAndAttest;
     static getRequest({ rpcUrl }: {
         rpcUrl: string;
     }): FetchRequest;

package/dist/index.d.ts

@@ -5,6 +5,8 @@ declare const DEBUG_NAMESPACE = "silentdata:ethers-provider";
 
 interface SilentDataRollupProviderConfig extends BaseConfig {
     rpcUrl: string;
+    l1RpcUrl?: string;
+    registryContract?: string;
     network?: NetworkName;
     chainId?: number;
     privateKey?: string;
@@ -42,6 +44,15 @@ declare class SilentDataRollupProvider extends JsonRpcProvider {
     private baseProvider;
     constructor(config: SilentDataRollupProviderConfig);
     _send(payload: JsonRpcPayload | Array<JsonRpcPayload>): Promise<Array<JsonRpcResult>>;
+    private _isRegistryContractSet;
+    private _isNodeRuntime;
+    /**
+     * Get authentication headers if required for the given payload.
+     * Returns null if no auth headers are needed.
+     */
+    private _getAuthHeaders;
+    private _sendWithoutAttestation;
+    private _sendWithPinnedTlsAndAttest;
     static getRequest({ rpcUrl }: {
         rpcUrl: string;
     }): FetchRequest;

package/dist/index.js

@@ -90,6 +90,7 @@ var SilentDataRollupSigner = class extends import_ethers.AbstractSigner {
 };
 
 // src/provider.ts
+var import_silentdatarollup_core2 = require("@appliedblockchain/silentdatarollup-core");
 var log = (0, import_debug.default)(import_silentdatarollup_core.DEBUG_NAMESPACE);
 function isPromise(value) {
   return value && typeof value.then === "function";
@@ -168,51 +169,78 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends import_et
         }
       }
     }
-    const request = this._getConnection();
-    request.body = JSON.stringify(payload);
-    request.setHeader("content-type", "application/json");
+    if (!this._isNodeRuntime() || !this._isRegistryContractSet()) {
+      return await this._sendWithoutAttestation(payload, isPrivateLogsRequest);
+    }
+    return await this._sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest);
+  }
+  _isRegistryContractSet() {
+    return Boolean(this.config.l1RpcUrl) && Boolean(this.config.registryContract);
+  }
+  _isNodeRuntime() {
+    return typeof process !== "undefined" && typeof process.versions === "object" && typeof process.versions.node === "string";
+  }
+  /**
+   * Get authentication headers if required for the given payload.
+   * Returns null if no auth headers are needed.
+   */
+  async _getAuthHeaders(payload, isPrivateLogsRequest) {
     const requiresAuthHeaders = isPrivateLogsRequest || import_silentdatarollup_core.SIGN_RPC_METHODS.includes(payload.method) || (0, import_silentdatarollup_core.isSignableContractCall)(payload, this.baseProvider.contracts) || this.config.alwaysSignEthCalls && payload.method === "eth_call";
-    if (requiresAuthHeaders) {
-      if (this.config.delegate) {
-        const {
-          [import_silentdatarollup_core.HEADER_DELEGATE]: xDelegate,
-          [import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
-          [import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
-        } = await this.baseProvider.getDelegateHeaders(this);
-        request.setHeader(import_silentdatarollup_core.HEADER_DELEGATE, xDelegate);
-        if (xDelegateSignature) {
-          request.setHeader(import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE, xDelegateSignature);
-        }
-        if (xEip712DelegateSignature) {
-          request.setHeader(
-            import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE,
-            xEip712DelegateSignature
-          );
-        }
-      }
-      if (this.config.smartWalletAddress) {
-        log("Setting smart wallet header:", this.config.smartWalletAddress);
-        request.setHeader(import_silentdatarollup_core.HEADER_SIGNER_SWC, this.config.smartWalletAddress);
-      }
+    if (!requiresAuthHeaders) {
+      return null;
+    }
+    const headers = {};
+    if (this.config.delegate) {
       const {
-        [import_silentdatarollup_core.HEADER_TIMESTAMP]: xTimestamp,
-        [import_silentdatarollup_core.HEADER_SIGNATURE]: xSignature,
-        [import_silentdatarollup_core.HEADER_EIP712_SIGNATURE]: xEip712Signature,
-        [import_silentdatarollup_core.HEADER_FROM_BLOCK]: xFromBlock
-      } = await this.baseProvider.getAuthHeaders(this, payload);
-      request.setHeader(import_silentdatarollup_core.HEADER_TIMESTAMP, xTimestamp);
-      if (xSignature) {
-        request.setHeader(import_silentdatarollup_core.HEADER_SIGNATURE, xSignature);
-      }
-      if (xEip712Signature) {
-        request.setHeader(import_silentdatarollup_core.HEADER_EIP712_SIGNATURE, xEip712Signature);
+        [import_silentdatarollup_core.HEADER_DELEGATE]: xDelegate,
+        [import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
+        [import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
+      } = await this.baseProvider.getDelegateHeaders(this);
+      headers[import_silentdatarollup_core.HEADER_DELEGATE] = xDelegate;
+      if (xDelegateSignature) {
+        headers[import_silentdatarollup_core.HEADER_DELEGATE_SIGNATURE] = xDelegateSignature;
       }
-      if (xFromBlock) {
-        request.setHeader(import_silentdatarollup_core.HEADER_FROM_BLOCK, xFromBlock);
+      if (xEip712DelegateSignature) {
+        headers[import_silentdatarollup_core.HEADER_EIP712_DELEGATE_SIGNATURE] = xEip712DelegateSignature;
       }
-      const signatureType = this.config.authSignatureType ?? import_silentdatarollup_core.SignatureType.EIP191;
-      if (signatureType) {
-        request.setHeader(import_silentdatarollup_core.HEADER_SIGNATURE_TYPE, signatureType);
+    }
+    if (this.config.smartWalletAddress) {
+      log("Setting smart wallet header:", this.config.smartWalletAddress);
+      headers[import_silentdatarollup_core.HEADER_SIGNER_SWC] = this.config.smartWalletAddress;
+    }
+    const {
+      [import_silentdatarollup_core.HEADER_TIMESTAMP]: xTimestamp,
+      [import_silentdatarollup_core.HEADER_SIGNATURE]: xSignature,
+      [import_silentdatarollup_core.HEADER_EIP712_SIGNATURE]: xEip712Signature,
+      [import_silentdatarollup_core.HEADER_FROM_BLOCK]: xFromBlock
+    } = await this.baseProvider.getAuthHeaders(this, payload);
+    headers[import_silentdatarollup_core.HEADER_TIMESTAMP] = xTimestamp;
+    if (xSignature) {
+      headers[import_silentdatarollup_core.HEADER_SIGNATURE] = xSignature;
+    }
+    if (xEip712Signature) {
+      headers[import_silentdatarollup_core.HEADER_EIP712_SIGNATURE] = xEip712Signature;
+    }
+    if (xFromBlock) {
+      headers[import_silentdatarollup_core.HEADER_FROM_BLOCK] = xFromBlock;
+    }
+    const signatureType = this.config.authSignatureType ?? import_silentdatarollup_core.SignatureType.EIP191;
+    if (signatureType) {
+      headers[import_silentdatarollup_core.HEADER_SIGNATURE_TYPE] = signatureType;
+    }
+    return headers;
+  }
+  async _sendWithoutAttestation(payload, isPrivateLogsRequest) {
+    const request = this._getConnection();
+    request.body = JSON.stringify(payload);
+    request.setHeader("content-type", "application/json");
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      for (const [key, value] of Object.entries(authHeaders)) {
+        request.setHeader(key, value);
       }
     }
     const response = await request.send();
@@ -223,6 +251,100 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends import_et
     }
     return resp;
   }
+  async _sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest) {
+    const https = await import(
+      /* webpackIgnore: true */
+      "https"
+    );
+    const { URL } = await import(
+      /* webpackIgnore: true */
+      "url"
+    );
+    const conn = this._getConnection();
+    const rpcUrlStr = conn.url;
+    if (!rpcUrlStr) {
+      throw new Error("Unable to determine rpcUrl for pinned TLS transport");
+    }
+    const rpcUrl = new URL(rpcUrlStr);
+    let exporterKey = null;
+    const doRequest = (method, path, body, headers2 = {}, forcedSocket) => new Promise((resolve, reject) => {
+      const req = https.request(
+        {
+          protocol: rpcUrl.protocol,
+          hostname: rpcUrl.hostname,
+          port: rpcUrl.port ? Number(rpcUrl.port) : 443,
+          path,
+          method,
+          headers: headers2,
+          agent: false,
+          createConnection: forcedSocket ? () => forcedSocket : void 0
+        },
+        (res) => {
+          const socket = res.socket;
+          const DomainSeparator = "CUSTOM-RPC ATTEST:";
+          const DOMAIN_SEPARATOR = Buffer.from(DomainSeparator, "utf8");
+          exporterKey = socket.exportKeyingMaterial(
+            32,
+            "tdx-attestation",
+            DOMAIN_SEPARATOR
+          );
+          const chunks = [];
+          res.on(
+            "data",
+            (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d))
+          );
+          res.on(
+            "end",
+            () => resolve({
+              statusCode: res.statusCode ?? 0,
+              body: Buffer.concat(chunks),
+              socket
+            })
+          );
+        }
+      );
+      req.on("error", reject);
+      if (body) {
+        req.write(body);
+      }
+      req.end();
+    });
+    const attest = await doRequest("GET", "/tdx/attest", void 0, {
+      connection: "keep-alive"
+    });
+    if (attest.statusCode < 200 || attest.statusCode >= 300) {
+      throw new Error(`/tdx/attest failed: HTTP ${attest.statusCode}`);
+    }
+    const isValid = await (0, import_silentdatarollup_core2.validateTdxAttestation)(
+      attest.body,
+      exporterKey,
+      this.config.l1RpcUrl,
+      this.config.registryContract
+    );
+    if (!isValid) {
+      throw new Error("TDX attestation validation failed");
+    }
+    const headers = {
+      "content-type": "application/json"
+    };
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      Object.assign(headers, authHeaders);
+    }
+    const rpcBody = Buffer.from(JSON.stringify(payload));
+    const rpc = await doRequest("POST", "/", rpcBody, headers, attest.socket);
+    if (rpc.statusCode < 200 || rpc.statusCode >= 300) {
+      throw new Error(`RPC POST / failed: HTTP ${rpc.statusCode}`);
+    }
+    let parsed = JSON.parse(rpc.body.toString("utf8"));
+    if (!Array.isArray(parsed)) {
+      parsed = [parsed];
+    }
+    return parsed;
+  }
   static getRequest({ rpcUrl }) {
     const request = new import_ethers2.FetchRequest(rpcUrl);
     request.allowGzip = true;

package/dist/index.mjs

@@ -81,6 +81,7 @@ var SilentDataRollupSigner = class extends AbstractSigner {
 };
 
 // src/provider.ts
+import { validateTdxAttestation } from "@appliedblockchain/silentdatarollup-core";
 var log = debug(DEBUG_NAMESPACE2);
 function isPromise(value) {
   return value && typeof value.then === "function";
@@ -159,51 +160,78 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends JsonRpcPr
         }
       }
     }
-    const request = this._getConnection();
-    request.body = JSON.stringify(payload);
-    request.setHeader("content-type", "application/json");
+    if (!this._isNodeRuntime() || !this._isRegistryContractSet()) {
+      return await this._sendWithoutAttestation(payload, isPrivateLogsRequest);
+    }
+    return await this._sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest);
+  }
+  _isRegistryContractSet() {
+    return Boolean(this.config.l1RpcUrl) && Boolean(this.config.registryContract);
+  }
+  _isNodeRuntime() {
+    return typeof process !== "undefined" && typeof process.versions === "object" && typeof process.versions.node === "string";
+  }
+  /**
+   * Get authentication headers if required for the given payload.
+   * Returns null if no auth headers are needed.
+   */
+  async _getAuthHeaders(payload, isPrivateLogsRequest) {
     const requiresAuthHeaders = isPrivateLogsRequest || SIGN_RPC_METHODS.includes(payload.method) || isSignableContractCall(payload, this.baseProvider.contracts) || this.config.alwaysSignEthCalls && payload.method === "eth_call";
-    if (requiresAuthHeaders) {
-      if (this.config.delegate) {
-        const {
-          [HEADER_DELEGATE]: xDelegate,
-          [HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
-          [HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
-        } = await this.baseProvider.getDelegateHeaders(this);
-        request.setHeader(HEADER_DELEGATE, xDelegate);
-        if (xDelegateSignature) {
-          request.setHeader(HEADER_DELEGATE_SIGNATURE, xDelegateSignature);
-        }
-        if (xEip712DelegateSignature) {
-          request.setHeader(
-            HEADER_EIP712_DELEGATE_SIGNATURE,
-            xEip712DelegateSignature
-          );
-        }
-      }
-      if (this.config.smartWalletAddress) {
-        log("Setting smart wallet header:", this.config.smartWalletAddress);
-        request.setHeader(HEADER_SIGNER_SWC, this.config.smartWalletAddress);
-      }
+    if (!requiresAuthHeaders) {
+      return null;
+    }
+    const headers = {};
+    if (this.config.delegate) {
       const {
-        [HEADER_TIMESTAMP]: xTimestamp,
-        [HEADER_SIGNATURE]: xSignature,
-        [HEADER_EIP712_SIGNATURE]: xEip712Signature,
-        [HEADER_FROM_BLOCK]: xFromBlock
-      } = await this.baseProvider.getAuthHeaders(this, payload);
-      request.setHeader(HEADER_TIMESTAMP, xTimestamp);
-      if (xSignature) {
-        request.setHeader(HEADER_SIGNATURE, xSignature);
-      }
-      if (xEip712Signature) {
-        request.setHeader(HEADER_EIP712_SIGNATURE, xEip712Signature);
+        [HEADER_DELEGATE]: xDelegate,
+        [HEADER_DELEGATE_SIGNATURE]: xDelegateSignature,
+        [HEADER_EIP712_DELEGATE_SIGNATURE]: xEip712DelegateSignature
+      } = await this.baseProvider.getDelegateHeaders(this);
+      headers[HEADER_DELEGATE] = xDelegate;
+      if (xDelegateSignature) {
+        headers[HEADER_DELEGATE_SIGNATURE] = xDelegateSignature;
       }
-      if (xFromBlock) {
-        request.setHeader(HEADER_FROM_BLOCK, xFromBlock);
+      if (xEip712DelegateSignature) {
+        headers[HEADER_EIP712_DELEGATE_SIGNATURE] = xEip712DelegateSignature;
       }
-      const signatureType = this.config.authSignatureType ?? SignatureType.EIP191;
-      if (signatureType) {
-        request.setHeader(HEADER_SIGNATURE_TYPE, signatureType);
+    }
+    if (this.config.smartWalletAddress) {
+      log("Setting smart wallet header:", this.config.smartWalletAddress);
+      headers[HEADER_SIGNER_SWC] = this.config.smartWalletAddress;
+    }
+    const {
+      [HEADER_TIMESTAMP]: xTimestamp,
+      [HEADER_SIGNATURE]: xSignature,
+      [HEADER_EIP712_SIGNATURE]: xEip712Signature,
+      [HEADER_FROM_BLOCK]: xFromBlock
+    } = await this.baseProvider.getAuthHeaders(this, payload);
+    headers[HEADER_TIMESTAMP] = xTimestamp;
+    if (xSignature) {
+      headers[HEADER_SIGNATURE] = xSignature;
+    }
+    if (xEip712Signature) {
+      headers[HEADER_EIP712_SIGNATURE] = xEip712Signature;
+    }
+    if (xFromBlock) {
+      headers[HEADER_FROM_BLOCK] = xFromBlock;
+    }
+    const signatureType = this.config.authSignatureType ?? SignatureType.EIP191;
+    if (signatureType) {
+      headers[HEADER_SIGNATURE_TYPE] = signatureType;
+    }
+    return headers;
+  }
+  async _sendWithoutAttestation(payload, isPrivateLogsRequest) {
+    const request = this._getConnection();
+    request.body = JSON.stringify(payload);
+    request.setHeader("content-type", "application/json");
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      for (const [key, value] of Object.entries(authHeaders)) {
+        request.setHeader(key, value);
       }
     }
     const response = await request.send();
@@ -214,6 +242,100 @@ var SilentDataRollupProvider = class _SilentDataRollupProvider extends JsonRpcPr
     }
     return resp;
   }
+  async _sendWithPinnedTlsAndAttest(payload, isPrivateLogsRequest) {
+    const https = await import(
+      /* webpackIgnore: true */
+      "node:https"
+    );
+    const { URL } = await import(
+      /* webpackIgnore: true */
+      "node:url"
+    );
+    const conn = this._getConnection();
+    const rpcUrlStr = conn.url;
+    if (!rpcUrlStr) {
+      throw new Error("Unable to determine rpcUrl for pinned TLS transport");
+    }
+    const rpcUrl = new URL(rpcUrlStr);
+    let exporterKey = null;
+    const doRequest = (method, path, body, headers2 = {}, forcedSocket) => new Promise((resolve, reject) => {
+      const req = https.request(
+        {
+          protocol: rpcUrl.protocol,
+          hostname: rpcUrl.hostname,
+          port: rpcUrl.port ? Number(rpcUrl.port) : 443,
+          path,
+          method,
+          headers: headers2,
+          agent: false,
+          createConnection: forcedSocket ? () => forcedSocket : void 0
+        },
+        (res) => {
+          const socket = res.socket;
+          const DomainSeparator = "CUSTOM-RPC ATTEST:";
+          const DOMAIN_SEPARATOR = Buffer.from(DomainSeparator, "utf8");
+          exporterKey = socket.exportKeyingMaterial(
+            32,
+            "tdx-attestation",
+            DOMAIN_SEPARATOR
+          );
+          const chunks = [];
+          res.on(
+            "data",
+            (d) => chunks.push(Buffer.isBuffer(d) ? d : Buffer.from(d))
+          );
+          res.on(
+            "end",
+            () => resolve({
+              statusCode: res.statusCode ?? 0,
+              body: Buffer.concat(chunks),
+              socket
+            })
+          );
+        }
+      );
+      req.on("error", reject);
+      if (body) {
+        req.write(body);
+      }
+      req.end();
+    });
+    const attest = await doRequest("GET", "/tdx/attest", void 0, {
+      connection: "keep-alive"
+    });
+    if (attest.statusCode < 200 || attest.statusCode >= 300) {
+      throw new Error(`/tdx/attest failed: HTTP ${attest.statusCode}`);
+    }
+    const isValid = await validateTdxAttestation(
+      attest.body,
+      exporterKey,
+      this.config.l1RpcUrl,
+      this.config.registryContract
+    );
+    if (!isValid) {
+      throw new Error("TDX attestation validation failed");
+    }
+    const headers = {
+      "content-type": "application/json"
+    };
+    const authHeaders = await this._getAuthHeaders(
+      payload,
+      isPrivateLogsRequest
+    );
+    if (authHeaders) {
+      Object.assign(headers, authHeaders);
+    }
+    const rpcBody = Buffer.from(JSON.stringify(payload));
+    const rpc = await doRequest("POST", "/", rpcBody, headers, attest.socket);
+    if (rpc.statusCode < 200 || rpc.statusCode >= 300) {
+      throw new Error(`RPC POST / failed: HTTP ${rpc.statusCode}`);
+    }
+    let parsed = JSON.parse(rpc.body.toString("utf8"));
+    if (!Array.isArray(parsed)) {
+      parsed = [parsed];
+    }
+    return parsed;
+  }
   static getRequest({ rpcUrl }) {
     const request = new FetchRequest(rpcUrl);
     request.allowGzip = true;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@appliedblockchain/silentdatarollup-ethers-provider",
-  "version": "1.0.9",
+  "version": "1.0.10",
   "description": "Ethers.js provider for Silent Data",
   "author": "Applied Blockchain",
   "homepage": "https://github.com/appliedblockchain/silent-data-rollup-providers#readme",
@@ -28,7 +28,7 @@
   "dependencies": {
     "debug": "4.3.7",
     "ethers": "6.13.2",
-    "@appliedblockchain/silentdatarollup-core": "1.0.9"
+    "@appliedblockchain/silentdatarollup-core": "1.0.10"
   },
   "devDependencies": {
     "@types/debug": "4.1.12",