@ar.io/sdk 3.11.0-alpha.7 → 3.11.0-alpha.9

package/lib/esm/common/wayfinder/verification/data-root-verifier.js

@@ -0,0 +1,130 @@
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import Arweave from 'arweave';
+import { MAX_CHUNK_SIZE, MIN_CHUNK_SIZE, buildLayers, generateLeaves, } from 'arweave/node/lib/merkle.js';
+import { Readable } from 'node:stream';
+import { toB64Url } from '../../../utils/base64.js';
+export async function convertBufferToDataRoot({ buffer, }) {
+    const chunks = [];
+    let cursor = 0;
+    let offset = 0;
+    while (offset < buffer.byteLength) {
+        let chunkSize = Math.min(MAX_CHUNK_SIZE, buffer.byteLength - offset);
+        const remainder = buffer.byteLength - offset - chunkSize;
+        if (remainder > 0 && remainder < MIN_CHUNK_SIZE) {
+            chunkSize = Math.ceil((buffer.byteLength - offset) / 2);
+        }
+        // subarray does not exist on web Buffer type
+        const slice = buffer.subarray(offset, offset + chunkSize);
+        const hash = await crypto.subtle.digest('SHA-256', slice);
+        const hashArray = new Uint8Array(hash);
+        chunks.push({
+            dataHash: hashArray,
+            minByteRange: cursor,
+            maxByteRange: cursor + chunkSize,
+        });
+        cursor += chunkSize;
+        offset += chunkSize;
+    }
+    const leaves = await generateLeaves(chunks);
+    const result = await buildLayers(leaves);
+    return Buffer.from(result.id).toString('base64url');
+}
+export const convertReadableToDataRoot = async ({ iterable, }) => {
+    const chunks = [];
+    let leftover = new Uint8Array(0);
+    let cursor = 0;
+    for await (const data of iterable) {
+        const inputChunk = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+        const combined = new Uint8Array(leftover.length + inputChunk.length);
+        combined.set(leftover, 0);
+        combined.set(inputChunk, leftover.length);
+        let startIndex = 0;
+        while (combined.length - startIndex >= MAX_CHUNK_SIZE) {
+            let chunkSize = MAX_CHUNK_SIZE;
+            const remainderAfterThis = combined.length - startIndex - MAX_CHUNK_SIZE;
+            if (remainderAfterThis > 0 && remainderAfterThis < MIN_CHUNK_SIZE) {
+                chunkSize = Math.ceil((combined.length - startIndex) / 2);
+            }
+            const chunkData = combined.slice(startIndex, startIndex + chunkSize);
+            const dataHash = await Arweave.crypto.hash(chunkData);
+            chunks.push({
+                dataHash,
+                minByteRange: cursor,
+                maxByteRange: cursor + chunkSize,
+            });
+            cursor += chunkSize;
+            startIndex += chunkSize;
+        }
+        leftover = combined.slice(startIndex);
+    }
+    if (leftover.length > 0) {
+        const dataHash = await Arweave.crypto.hash(leftover);
+        chunks.push({
+            dataHash,
+            minByteRange: cursor,
+            maxByteRange: cursor + leftover.length,
+        });
+    }
+    const leaves = await generateLeaves(chunks);
+    const root = await buildLayers(leaves);
+    return toB64Url(Buffer.from(root.id));
+};
+export class DataRootVerifier {
+    trustedDataRootProvider;
+    constructor({ trustedDataRootProvider, }) {
+        this.trustedDataRootProvider = trustedDataRootProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const trustedDataRootPromise = this.trustedDataRootProvider.getDataRoot({
+            txId,
+        });
+        let computedDataRoot;
+        if (Buffer.isBuffer(data)) {
+            computedDataRoot = await convertBufferToDataRoot({ buffer: data });
+        }
+        else if (data instanceof Readable || data instanceof ReadableStream) {
+            computedDataRoot = await convertReadableToDataRoot({ iterable: data });
+        }
+        if (computedDataRoot === undefined) {
+            throw new Error('Data root could not be computed');
+        }
+        const trustedDataRoot = await trustedDataRootPromise;
+        if (computedDataRoot !== trustedDataRoot) {
+            throw new Error('Data root does not match', {
+                cause: { computedDataRoot, trustedDataRoot },
+            });
+        }
+    }
+}
+// some data item options
+// compute and verify data root, use offsets from server and verify the signature that the data item at the offset matches the signature
+// does not give you assurance of valid bundle, but gives verification that the data item itself is valid
+// reading from offsets is the only way for the client to compute and verify the signature
+/**
+ * - when you get a signature of a data item, you can only verify the owner
+ * - you still need to verify it's going back to the bundle, unpack it, and verify the data item exists at the offset
+ * - you need to the location of the chunks for the data item, and prove it's in the chunk and then prove the data root of the bundle, then you have fully verified the data verifier
+ * - how to prove the data item is on arweave - verify the merkle hash that the chunks for the data item, fit within the expected tree of the parent bundle
+ *
+ * Composite verifier - you'll want to be very efficient with streams
+ * - hash verifier
+ * - parent chunks verifier --> for any range of data within a single transaction, tell me that it's correct
+ * - signature verifier
+ * - offset verifier
+ * - data item verifier
+ */
+// introduce a composite verifier that determines where/how to lookup the hash

package/lib/esm/common/wayfinder/verification/hash-verifier.js

@@ -0,0 +1,46 @@
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Readable } from 'node:stream';
+import { hashBufferToB64Url, hashReadableStreamToB64Url, hashReadableToB64Url, } from '../../../utils/hash.js';
+export class HashVerifier {
+    trustedHashProvider;
+    constructor({ trustedHashProvider, }) {
+        this.trustedHashProvider = trustedHashProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const hashPromise = this.trustedHashProvider.getHash({ txId });
+        let computedHash;
+        if (Buffer.isBuffer(data)) {
+            computedHash = hashBufferToB64Url(data);
+        }
+        else if (data instanceof Readable) {
+            computedHash = await hashReadableToB64Url(data);
+        }
+        else if (data instanceof ReadableStream) {
+            computedHash = await hashReadableStreamToB64Url(data);
+        }
+        // await on the hash promise and compare to get a little concurrency when computing hashes over larger data
+        const { hash } = await hashPromise;
+        if (computedHash === undefined) {
+            throw new Error('Hash could not be computed');
+        }
+        if (computedHash !== hash) {
+            throw new Error('Hash does not match', {
+                cause: { computedHash, trustedHash: hash },
+            });
+        }
+    }
+}

package/lib/esm/common/wayfinder/wayfinder.js

@@ -1,7 +1,26 @@
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import EventEmitter from 'node:events';
+import { PassThrough, Readable } from 'node:stream';
 import { ARIO } from '../io.js';
 import { Logger } from '../logger.js';
-import { NetworkGatewaysProvider } from './gateways.js';
+import { NetworkGatewaysProvider, SimpleCacheGatewaysProvider, StaticGatewaysProvider, } from './gateways.js';
+import { TrustedGatewaysHashProvider } from './gateways/trusted-gateways.js';
 import { RandomGatewayRouter } from './routers/random.js';
+import { HashVerifier } from './verification/hash-verifier.js';
 // known regexes for wayfinder urls
 export const arnsRegex = /^[a-z0-9_-]{1,51}$/;
 export const txIdRegex = /^[A-Za-z0-9_-]{43}$/;
@@ -54,6 +73,154 @@ export const resolveWayfinderUrl = async ({ originalUrl, targetGateway, logger,
     // return the original url if it's not a wayfinder url (allows you to use the wayfinder client with non-wayfinder urls)
     return new URL(originalUrl);
 };
+export class WayfinderEmitter extends EventEmitter {
+    constructor({ onVerificationPassed, onVerificationFailed, onVerificationProgress,
+    // TODO: continue this pattern for all events
+     } = {}) {
+        super();
+        if (onVerificationPassed) {
+            this.on('verification-passed', onVerificationPassed);
+        }
+        if (onVerificationFailed) {
+            this.on('verification-failed', onVerificationFailed);
+        }
+        if (onVerificationProgress) {
+            this.on('verification-progress', onVerificationProgress);
+        }
+    }
+    emit(event, payload) {
+        return super.emit(event, payload);
+    }
+    on(event, listener) {
+        return super.on(event, listener);
+    }
+}
+export function tapAndVerifyStream({ originalStream, contentLength, verifyData, txId, emitter, }) {
+    // taps node streams
+    if (originalStream instanceof Readable &&
+        typeof originalStream.pipe === 'function') {
+        const tappedClientStream = new PassThrough();
+        const streamToVerify = new PassThrough();
+        // kick off the verification promise, this will be awaited when the original stream ends
+        const verificationPromise = verifyData({
+            data: streamToVerify,
+            txId,
+        });
+        let bytesProcessed = 0;
+        // pipe the original stream to the verifier and the client stream
+        originalStream.on('data', (chunk) => {
+            streamToVerify.write(chunk);
+            tappedClientStream.write(chunk);
+            bytesProcessed += chunk.length;
+            // only emit if contentLength is not 0
+            if (contentLength !== 0) {
+                emitter?.emit('verification-progress', {
+                    txId,
+                    totalBytes: contentLength,
+                    processedBytes: bytesProcessed,
+                });
+            }
+        });
+        originalStream.on('end', async () => {
+            streamToVerify.end(); // triggers verifier completion and completes the verification promise
+            try {
+                await verificationPromise;
+                emitter?.emit('verification-passed', {
+                    txId,
+                });
+                tappedClientStream.end();
+            }
+            catch (error) {
+                emitter?.emit('verification-failed', {
+                    error,
+                    txId,
+                });
+                tappedClientStream.destroy(error);
+            }
+        });
+        originalStream.on('error', (err) => {
+            emitter?.emit('verification-failed', {
+                error: err,
+                txId,
+            });
+            streamToVerify.destroy(err);
+            tappedClientStream.destroy(err);
+        });
+        // send the stream to the verify function and if it errors end the client stream
+        return tappedClientStream;
+    }
+    // taps web readable streams
+    if (originalStream instanceof ReadableStream &&
+        typeof originalStream.tee === 'function') {
+        const [verifyBranch, clientBranch] = originalStream.tee();
+        // setup our promise to verify the data
+        const verificationPromise = verifyData({
+            data: verifyBranch,
+            txId,
+        });
+        let bytesProcessed = 0;
+        const reader = clientBranch.getReader();
+        const clientStreamWithVerification = new ReadableStream({
+            async pull(controller) {
+                const { done, value } = await reader.read();
+                if (done) {
+                    try {
+                        // due to backpressure, if the client does not consume the stream, the verification will not complete (particularly important for fetch, where the response body needs to be awaited for verification to complete)
+                        await verificationPromise;
+                        emitter?.emit('verification-passed', {
+                            txId,
+                        });
+                        controller.close();
+                    }
+                    catch (err) {
+                        emitter?.emit('verification-failed', {
+                            txId,
+                            error: err,
+                        });
+                        controller.error(err);
+                    }
+                }
+                else {
+                    bytesProcessed += value.length;
+                    emitter?.emit('verification-progress', {
+                        txId,
+                        totalBytes: contentLength,
+                        processedBytes: bytesProcessed,
+                    });
+                    controller.enqueue(value);
+                }
+            },
+            cancel(reason) {
+                reader.cancel(reason);
+                emitter?.emit('verification-failed', {
+                    txId,
+                    error: new Error('Verification cancelled', {
+                        cause: {
+                            reason,
+                        },
+                    }),
+                });
+            },
+        });
+        return clientStreamWithVerification;
+    }
+    throw new Error('Unsupported body type for cloning');
+}
+export function wrapVerifiedResponse(original, newBody, txId) {
+    // Clone headers (Header objects aren't serializable)
+    const headers = new Headers();
+    original.headers.forEach((value, key) => headers.set(key, value));
+    // Create a new Response with the new body and cloned headers
+    const wrapped = new Response(newBody, {
+        status: original.status,
+        statusText: original.statusText,
+        headers,
+    });
+    // Attach txId for downstream tracking
+    wrapped.txId = txId;
+    wrapped.redirectedFrom = original.url;
+    return wrapped;
+}
 /**
  * Creates a wrapped http client that supports ar:// protocol
  *
@@ -67,26 +234,164 @@ export const resolveWayfinderUrl = async ({ originalUrl, targetGateway, logger,
  * @param resolveUrl - the function to construct the redirect url for ar:// requests
  * @returns a wrapped http client that supports ar:// protocol
  */
-export const createWayfinderClient = ({ httpClient, resolveUrl, logger, }) => {
+export const createWayfinderClient = ({ httpClient, resolveUrl, verifyData, emitter = new WayfinderEmitter(), logger, }) => {
     const wayfinderRedirect = async (fn, rawArgs) => {
         // TODO: handle if first arg is not a string (i.e. just return the result of the function call)
         const [originalUrl, ...rest] = rawArgs;
+        if (typeof originalUrl !== 'string') {
+            logger?.debug('Original URL is not a string, skipping routing', {
+                originalUrl,
+            });
+            return fn(...rawArgs);
+        }
+        emitter?.emit('routing-started', {
+            originalUrl: originalUrl.toString(),
+        });
         // route the request to the target gateway
         const redirectUrl = await resolveUrl({
             originalUrl,
             logger,
         });
+        emitter?.emit('routing-succeeded', {
+            originalUrl,
+            targetGateway: redirectUrl.toString(),
+        });
         logger?.debug(`Redirecting request to ${redirectUrl}`, {
             originalUrl,
             redirectUrl,
         });
         // make the request to the target gateway using the redirect url and http client
         const response = await fn(redirectUrl.toString(), ...rest);
+        // TODO: trigger a routing event with the raw response object?
         logger?.debug(`Successfully routed request to ${redirectUrl}`, {
             redirectUrl,
             originalUrl,
         });
-        // TODO: if verifyDataHash is provided, verify the data hash before returning
+        // only verify data if the redirect url is different from the original url
+        if (response && redirectUrl.toString() !== originalUrl.toString()) {
+            if (verifyData) {
+                // if the headers do not have .get on them, we need to parse the headers manually
+                const headers = new Headers();
+                let headersObject = response.headers ?? {};
+                if (typeof headersObject.get !== 'function') {
+                    headersObject = Object.fromEntries(headersObject);
+                    for (const [key, value] of Object.entries(headersObject)) {
+                        headers.set(key, value);
+                    }
+                }
+                else {
+                    for (const [key, value] of headersObject.entries()) {
+                        headers.set(key, value);
+                    }
+                }
+                // transaction id is either in the response headers or the path of the request as the first parameter
+                // TODO: we may want to move this parsing to be returned by the resolveUrl function depending on the redirect URL we've constructed
+                const txId = headers.get('x-arns-resolved-id') ??
+                    redirectUrl.pathname.split('/')[1];
+                // TODO: validate nodes return content length for all responses
+                const contentLength = +(headers.get('content-length') ?? 0);
+                if (!txIdRegex.test(txId)) {
+                    // no transaction id found, skip verification
+                    logger?.debug('No transaction id found, skipping verification', {
+                        redirectUrl,
+                        originalUrl,
+                    });
+                    emitter?.emit('verification-skipped', {
+                        originalUrl,
+                    });
+                    return response;
+                }
+                emitter?.emit('identified-transaction-id', {
+                    originalUrl,
+                    targetGateway: redirectUrl.toString(),
+                    txId,
+                });
+                // parse out the key that contains the response body, we'll use it later when updating the response object
+                const responseDataKey = response.body
+                    ? 'body'
+                    : response.data
+                        ? 'data'
+                        : undefined;
+                if (responseDataKey === undefined) {
+                    throw new Error('No data body or data provided, skipping verification', {
+                        cause: {
+                            redirectUrl: redirectUrl.toString(),
+                            originalUrl: originalUrl.toString(),
+                        },
+                    });
+                }
+                const responseBody = response[responseDataKey];
+                // TODO: determine if it is data item or L1 transaction, and tell the verifier accordingly, just drop in hit to graphql now
+                if (txId === undefined) {
+                    throw new Error('Failed to parse data hash from response headers', {
+                        cause: {
+                            redirectUrl: redirectUrl.toString(),
+                            originalUrl: originalUrl.toString(),
+                            txId,
+                        },
+                    });
+                }
+                else if (responseBody === undefined) {
+                    throw new Error('No data body provided, skipping verification', {
+                        cause: {
+                            redirectUrl: redirectUrl.toString(),
+                            originalUrl: originalUrl.toString(),
+                            txId,
+                        },
+                    });
+                }
+                else {
+                    logger?.debug('Verifying data hash for txId', {
+                        redirectUrl: redirectUrl.toString(),
+                        originalUrl: originalUrl.toString(),
+                        txId,
+                    });
+                    const newClientStream = tapAndVerifyStream({
+                        originalStream: responseBody,
+                        contentLength,
+                        verifyData,
+                        txId,
+                        emitter,
+                    });
+                    if (responseBody instanceof ReadableStream) {
+                        // specific to fetch
+                        return wrapVerifiedResponse(response, newClientStream, txId);
+                    }
+                    else if (responseBody instanceof Readable) {
+                        // overwrite the response body with the new client stream
+                        response.txId = txId;
+                        response.body = newClientStream;
+                        return response;
+                    }
+                    else {
+                        // TODO: content-application/json and it's smaller than 10mb
+                        // TODO: add tests and verify this works for all non-Readable/streamed responses
+                        try {
+                            // if strict set to true
+                            await verifyData({
+                                data: responseBody,
+                                txId,
+                            });
+                            emitter?.emit('verification-passed', {
+                                txId,
+                            });
+                        }
+                        catch (error) {
+                            logger?.debug('Failed to verify data hash', {
+                                error,
+                                txId,
+                            });
+                            emitter?.emit('verification-failed', {
+                                txId,
+                                error,
+                            });
+                        }
+                        return response;
+                    }
+                }
+            }
+        }
+        // TODO: if strict - wait for verification to finish and succeed before returning the response
         return response;
     };
     return new Proxy(httpClient, {
@@ -116,21 +421,31 @@ export class Wayfinder {
      * @example
      * const wayfinder = new Wayfinder({
      *   router: new RandomGatewayRouter({
-     *     gatewaysProvider: new ARIOGatewaysProvider({ ario: ARIO.mainnet() })
+     *     gatewaysProvider: new SimpleCacheGatewaysProvider({
+     *       gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
+     *       ttlSeconds: 60 * 60 * 24, // 1 day
+     *     }),
      *   }),
      * });
+     *
+     * // Returns a target gateway based on the routing strategy
+     * const targetGateway = await wayfinder.router.getTargetGateway();
      */
     router;
     /**
-     * The http client to use for requests
+     * The native http client used by wayfinder
      *
      * @example
      * const wayfinder = new Wayfinder({
      *   router: new RandomGatewayRouter({
-     *     gatewaysProvider: new ARIOGatewaysProvider({ ario: ARIO.mainnet() })
+     *     gatewaysProvider: new SimpleCacheGatewaysProvider({
+     *       gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
+     *       ttlSeconds: 60 * 60 * 24, // 1 day
+     *     }),
      *   }),
      *   httpClient: axios,
      * });
+     *
      */
     httpClient;
     /**
@@ -139,11 +454,15 @@ export class Wayfinder {
      * @example
      * const wayfinder = new Wayfinder({
      *   router: new RandomGatewayRouter({
-     *     gatewaysProvider: new ARIOGatewaysProvider({ ario: ARIO.mainnet() })
+     *     gatewaysProvider: new SimpleCacheGatewaysProvider({
+     *       gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
+     *       ttlSeconds: 60 * 60 * 24, // 1 day
+     *     }),
      *   }),
      *   httpClient: axios,
      * });
      *
+     * // returns the redirected URL based on the routing strategy and the original url
      * const redirectUrl = await wayfinder.resolveUrl({ originalUrl: 'ar://example' });
      */
     resolveUrl;
@@ -153,7 +472,10 @@ export class Wayfinder {
      * @example
      * const { request: wayfind } = new Wayfinder({
      *   router: new RandomGatewayRouter({
-     *     gatewaysProvider: new ARIOGatewaysProvider({ ario: ARIO.mainnet() })
+     *     gatewaysProvider: new SimpleCacheGatewaysProvider({
+     *       gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
+     *       ttlSeconds: 60 * 60 * 24, // 1 day
+     *     }),
      *   }),
      *   httpClient: axios,
      * });;
@@ -168,21 +490,62 @@ export class Wayfinder {
     request;
     // TODO: stats provider
     // TODO: metricsProvider for otel/prom support
-    // TODO: private verificationSettings: {
-    //   trustedGateways: URL[];
-    //   method: 'local' | 'remote';
-    // };
-    constructor({ 
+    verifyData;
+    /**
+     * The event emitter for wayfinder that emits verification events.
+     *
+     * const wayfinder = new Wayfinder()
+     *
+     * wayfinder.emitter.on('verification-passed', (event) => {
+     *   console.log('Verification passed!', event);
+     * })
+     *
+     * wayfinder.emitter.on('verification-failed', (event) => {
+     *   console.log('Verification failed!', event);
+     * })
+     *
+     * or implement the events interface and pass it in, using callback functions
+     *
+     * const wayfinder = new Wayfinder({
+     *   events: {
+     *     onVerificationPassed: (event) => {
+     *       console.log('Verification passed!', event);
+     *     },
+     *     onVerificationFailed: (event) => {
+     *       console.log('Verification failed!', event);
+     *     },
+     *     onVerificationProgress: (event) => {
+     *       console.log('Verification progress!', event);
+     *     },
+     *   }
+     * })
+     *
+     * const response = await wayfind('ar://example');
+     */
+    // TODO: consider changing this to events or event emitter
+    emitter;
+    constructor({ httpClient, 
     // TODO: consider changing router to routingStrategy or strategy
     router = new RandomGatewayRouter({
-        // optionally use a cache gateways provider to reduce the number of requests to the contract
-        gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
-    }), httpClient, logger = Logger.default,
-    // TODO: add verifier interface that provides a verifyDataHash function
+        gatewaysProvider: new SimpleCacheGatewaysProvider({
+            gatewaysProvider: new NetworkGatewaysProvider({ ario: ARIO.mainnet() }),
+            ttlSeconds: 60 * 60 * 24, // 1 day
+        }),
+    }), logger = Logger.default, 
+    // TODO: support disabling verification or create some PassThroughVerifier like thing
+    verifier = new HashVerifier({
+        trustedHashProvider: new TrustedGatewaysHashProvider({
+            gatewaysProvider: new StaticGatewaysProvider({
+                gateways: ['https://permagate.io'],
+            }),
+        }),
+    }), events,
     // TODO: stats provider
      }) {
         this.router = router;
         this.httpClient = httpClient;
+        this.emitter = new WayfinderEmitter(events);
+        this.verifyData = verifier.verifyData.bind(verifier);
         this.resolveUrl = async ({ originalUrl, logger }) => {
             return resolveWayfinderUrl({
                 originalUrl,
@@ -193,9 +556,29 @@ export class Wayfinder {
         this.request = createWayfinderClient({
             httpClient,
             resolveUrl: this.resolveUrl,
+            verifyData: this.verifyData,
+            emitter: this.emitter,
             logger,
-            // TODO: provide the verifyDataHash function from the verifier to the wayfinder client along with verificationSettings
         });
         logger?.debug(`Wayfinder initialized with ${router.name} routing strategy`);
     }
 }
+// TODO: add a chart for verification strategies and what they do
+// include complexity, performance, and security
+// explain use cases that each strategy is best for
+// e.g.
+/**
+ *
+ *  type    | complexity | performance | security
+ * ---------|------------|-------------|---------
+ *  hash    | low        | high        | low
+ * ---------|------------|-------------|---------
+ *  data root    | medium       | medium      | low | only L1
+ * ---------|------------|-------------|---------
+ * signature    | medium       | medium      | medium
+ * ---------|------------|-------------|---------
+ *  composite | high       | low         | high
+ * ---------|------------|-------------|---------
+ *
+ *
+ */