npm - @joclaim/attestor-core - Versions diffs - 0.2.0 → 0.2.3 - Mend

@joclaim/attestor-core 0.2.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/README.md +21 -15
package/lib/avs/abis/avsDirectoryABI.d.ts +60 -0
package/lib/avs/abis/avsDirectoryABI.js +340 -0
package/lib/avs/abis/delegationABI.d.ts +126 -0
package/lib/avs/abis/delegationABI.js +1 -0
package/lib/avs/abis/registryABI.d.ts +136 -0
package/lib/avs/abis/registryABI.js +725 -0
package/lib/avs/client/create-claim-on-avs.d.ts +12 -0
package/lib/avs/client/create-claim-on-avs.js +138 -0
package/lib/avs/config.d.ts +7 -0
package/lib/avs/config.js +20 -0
package/lib/avs/contracts/ReclaimServiceManager.d.ts +697 -0
package/lib/avs/contracts/ReclaimServiceManager.js +1 -0
package/lib/avs/contracts/common.d.ts +21 -0
package/lib/avs/contracts/common.js +1 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +888 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.js +1169 -0
package/lib/avs/contracts/factories/index.d.ts +1 -0
package/{src/avs/contracts/factories/index.ts → lib/avs/contracts/factories/index.js} +1 -1
package/{src/avs/contracts/index.ts → lib/avs/contracts/index.d.ts} +0 -3
package/lib/avs/contracts/index.js +2 -0
package/lib/avs/types/index.d.ts +55 -0
package/lib/avs/types/index.js +1 -0
package/lib/avs/utils/contracts.d.ts +21 -0
package/lib/avs/utils/contracts.js +33 -0
package/lib/avs/utils/register.d.ts +27 -0
package/lib/avs/utils/register.js +78 -0
package/lib/avs/utils/tasks.d.ts +22 -0
package/lib/avs/utils/tasks.js +40 -0
package/lib/client/create-claim.d.ts +5 -0
package/lib/client/create-claim.js +437 -0
package/lib/client/index.d.ts +3 -0
package/lib/client/index.js +3 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts +16 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.js +51 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +26 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.js +131 -0
package/lib/client/utils/attestor-pool.d.ts +8 -0
package/lib/client/utils/attestor-pool.js +25 -0
package/lib/client/utils/client-socket.d.ts +11 -0
package/lib/client/utils/client-socket.js +98 -0
package/lib/client/utils/message-handler.d.ts +4 -0
package/lib/client/utils/message-handler.js +87 -0
package/lib/config/index.d.ts +30 -0
package/lib/config/index.js +43 -0
package/lib/external-rpc/benchmark.d.ts +1 -0
package/lib/external-rpc/benchmark.js +69 -0
package/lib/external-rpc/event-bus.d.ts +7 -0
package/lib/external-rpc/event-bus.js +14 -0
package/lib/external-rpc/handle-incoming-msg.d.ts +2 -0
package/lib/external-rpc/handle-incoming-msg.js +233 -0
package/lib/external-rpc/index.d.ts +3 -0
package/lib/external-rpc/index.js +3 -0
package/lib/external-rpc/jsc-polyfills/1.d.ts +14 -0
package/lib/external-rpc/jsc-polyfills/1.js +82 -0
package/lib/external-rpc/jsc-polyfills/2.d.ts +1 -0
package/lib/external-rpc/jsc-polyfills/2.js +20 -0
package/lib/external-rpc/jsc-polyfills/event.d.ts +10 -0
package/lib/external-rpc/jsc-polyfills/event.js +14 -0
package/lib/external-rpc/jsc-polyfills/index.d.ts +2 -0
package/lib/external-rpc/jsc-polyfills/index.js +2 -0
package/lib/external-rpc/jsc-polyfills/ws.d.ts +21 -0
package/lib/external-rpc/jsc-polyfills/ws.js +81 -0
package/lib/external-rpc/setup-browser.d.ts +6 -0
package/lib/external-rpc/setup-browser.js +33 -0
package/lib/external-rpc/setup-jsc.d.ts +24 -0
package/lib/external-rpc/setup-jsc.js +22 -0
package/lib/external-rpc/types.d.ts +213 -0
package/lib/external-rpc/types.js +1 -0
package/lib/external-rpc/utils.d.ts +20 -0
package/lib/external-rpc/utils.js +100 -0
package/lib/external-rpc/zk.d.ts +14 -0
package/lib/external-rpc/zk.js +63 -0
package/lib/index.d.ts +9 -0
package/lib/index.js +9 -0
package/lib/mechain/abis/governanceABI.d.ts +50 -0
package/lib/mechain/abis/governanceABI.js +458 -0
package/lib/mechain/abis/taskABI.d.ts +157 -0
package/lib/mechain/abis/taskABI.js +509 -0
package/lib/mechain/client/create-claim-on-mechain.d.ts +10 -0
package/lib/mechain/client/create-claim-on-mechain.js +28 -0
package/lib/mechain/client/index.d.ts +1 -0
package/lib/mechain/client/index.js +1 -0
package/lib/mechain/constants/index.d.ts +3 -0
package/{src/mechain/constants/index.ts → lib/mechain/constants/index.js} +3 -5
package/lib/mechain/index.d.ts +2 -0
package/lib/mechain/index.js +2 -0
package/lib/mechain/types/index.d.ts +23 -0
package/lib/mechain/types/index.js +1 -0
package/lib/proto/api.d.ts +633 -0
package/lib/proto/api.js +4258 -0
package/lib/proto/tee-bundle.d.ts +135 -0
package/lib/proto/tee-bundle.js +1161 -0
package/lib/providers/http/index.d.ts +18 -0
package/lib/providers/http/index.js +658 -0
package/lib/providers/http/patch-parse5-tree.d.ts +6 -0
package/lib/providers/http/patch-parse5-tree.js +33 -0
package/lib/providers/http/utils.d.ts +77 -0
package/lib/providers/http/utils.js +324 -0
package/lib/providers/index.d.ts +4 -0
package/lib/providers/index.js +4 -0
package/lib/scripts/build-browser.d.ts +1 -0
package/lib/scripts/build-browser.js +37 -0
package/lib/scripts/build-jsc.d.ts +1 -0
package/lib/scripts/build-jsc.js +49 -0
package/lib/scripts/check-avs-registration.d.ts +1 -0
package/lib/scripts/check-avs-registration.js +26 -0
package/lib/scripts/fallbacks/crypto.d.ts +1 -0
package/lib/scripts/fallbacks/crypto.js +1 -0
package/lib/scripts/fallbacks/empty.d.ts +3 -0
package/lib/scripts/fallbacks/empty.js +1 -0
package/lib/scripts/fallbacks/re2.d.ts +1 -0
package/lib/scripts/fallbacks/re2.js +4 -0
package/lib/scripts/fallbacks/snarkjs.d.ts +1 -0
package/lib/scripts/fallbacks/snarkjs.js +1 -0
package/lib/scripts/generate-provider-types.d.ts +5 -0
package/lib/scripts/generate-provider-types.js +78 -0
package/lib/scripts/generate-receipt.d.ts +9 -0
package/lib/scripts/generate-receipt.js +90 -0
package/lib/scripts/generate-toprf-keys.d.ts +1 -0
package/lib/scripts/generate-toprf-keys.js +20 -0
package/lib/scripts/jsc-cli-rpc.d.ts +1 -0
package/lib/scripts/jsc-cli-rpc.js +37 -0
package/lib/scripts/register-avs-operator.d.ts +1 -0
package/lib/scripts/register-avs-operator.js +4 -0
package/lib/scripts/start-server.d.ts +1 -0
package/lib/scripts/start-server.js +13 -0
package/lib/scripts/update-avs-metadata.d.ts +1 -0
package/lib/scripts/update-avs-metadata.js +19 -0
package/lib/scripts/utils.d.ts +1 -0
package/lib/scripts/utils.js +7 -0
package/lib/scripts/whitelist-operator.d.ts +1 -0
package/lib/scripts/whitelist-operator.js +15 -0
package/lib/server/create-server.d.ts +7 -0
package/lib/server/create-server.js +122 -0
package/lib/server/handlers/claimTeeBundle.d.ts +6 -0
package/lib/server/handlers/claimTeeBundle.js +206 -0
package/lib/server/handlers/claimTunnel.d.ts +2 -0
package/lib/server/handlers/claimTunnel.js +73 -0
package/lib/server/handlers/completeClaimOnChain.d.ts +2 -0
package/lib/server/handlers/completeClaimOnChain.js +22 -0
package/lib/server/handlers/createClaimOnChain.d.ts +2 -0
package/lib/server/handlers/createClaimOnChain.js +26 -0
package/lib/server/handlers/createTaskOnMechain.d.ts +2 -0
package/lib/server/handlers/createTaskOnMechain.js +47 -0
package/lib/server/handlers/createTunnel.d.ts +2 -0
package/lib/server/handlers/createTunnel.js +93 -0
package/lib/server/handlers/disconnectTunnel.d.ts +2 -0
package/lib/server/handlers/disconnectTunnel.js +5 -0
package/lib/server/handlers/fetchCertificateBytes.d.ts +2 -0
package/lib/server/handlers/fetchCertificateBytes.js +41 -0
package/lib/server/handlers/index.d.ts +4 -0
package/lib/server/handlers/index.js +22 -0
package/lib/server/handlers/init.d.ts +2 -0
package/lib/server/handlers/init.js +30 -0
package/lib/server/handlers/toprf.d.ts +2 -0
package/lib/server/handlers/toprf.js +16 -0
package/lib/server/index.d.ts +4 -0
package/lib/server/index.js +4 -0
package/lib/server/provider-api.d.ts +9 -0
package/lib/server/provider-api.js +98 -0
package/lib/server/provider-store.d.ts +53 -0
package/lib/server/provider-store.js +80 -0
package/lib/server/session-api.d.ts +9 -0
package/lib/server/session-api.js +95 -0
package/lib/server/session-store.d.ts +14 -0
package/lib/server/session-store.js +36 -0
package/lib/server/socket.d.ts +13 -0
package/lib/server/socket.js +109 -0
package/lib/server/tunnels/make-tcp-tunnel.d.ts +22 -0
package/lib/server/tunnels/make-tcp-tunnel.js +177 -0
package/lib/server/utils/apm.d.ts +11 -0
package/lib/server/utils/apm.js +36 -0
package/lib/server/utils/assert-valid-claim-request.d.ts +31 -0
package/lib/server/utils/assert-valid-claim-request.js +229 -0
package/lib/server/utils/config-env.d.ts +1 -0
package/lib/server/utils/config-env.js +4 -0
package/lib/server/utils/dns.d.ts +1 -0
package/lib/server/utils/dns.js +18 -0
package/lib/server/utils/gcp-attestation.d.ts +17 -0
package/lib/server/utils/gcp-attestation.js +289 -0
package/lib/server/utils/generics.d.ts +22 -0
package/lib/server/utils/generics.js +51 -0
package/lib/server/utils/iso.d.ts +1 -0
package/lib/server/utils/iso.js +256 -0
package/lib/server/utils/keep-alive.d.ts +7 -0
package/lib/server/utils/keep-alive.js +38 -0
package/lib/server/utils/nitro-attestation.d.ts +33 -0
package/lib/server/utils/nitro-attestation.js +325 -0
package/lib/server/utils/process-handshake.d.ts +13 -0
package/lib/server/utils/process-handshake.js +214 -0
package/lib/server/utils/proxy-session.d.ts +1 -0
package/lib/server/utils/proxy-session.js +6 -0
package/lib/server/utils/tee-oprf-verification.d.ts +22 -0
package/lib/server/utils/tee-oprf-verification.js +160 -0
package/lib/server/utils/tee-transcript-reconstruction.d.ts +24 -0
package/lib/server/utils/tee-transcript-reconstruction.js +187 -0
package/lib/server/utils/tee-verification.d.ts +27 -0
package/lib/server/utils/tee-verification.js +365 -0
package/lib/server/utils/validation.d.ts +2 -0
package/lib/server/utils/validation.js +38 -0
package/lib/types/bgp.d.ts +11 -0
package/lib/types/bgp.js +1 -0
package/lib/types/claims.d.ts +73 -0
package/lib/types/claims.js +1 -0
package/lib/types/client.d.ts +163 -0
package/lib/types/client.js +1 -0
package/lib/types/general.d.ts +54 -0
package/lib/types/general.js +1 -0
package/lib/types/handlers.d.ts +10 -0
package/lib/types/handlers.js +1 -0
package/lib/types/index.d.ts +10 -0
package/lib/types/index.js +10 -0
package/lib/types/providers.d.ts +161 -0
package/lib/types/providers.gen.d.ts +443 -0
package/lib/types/providers.gen.js +10 -0
package/lib/types/providers.js +1 -0
package/lib/types/rpc.d.ts +35 -0
package/lib/types/rpc.js +1 -0
package/lib/types/signatures.d.ts +28 -0
package/lib/types/signatures.js +1 -0
package/lib/types/tunnel.d.ts +18 -0
package/lib/types/tunnel.js +1 -0
package/lib/types/zk.d.ts +28 -0
package/lib/types/zk.js +1 -0
package/lib/utils/auth.d.ts +8 -0
package/lib/utils/auth.js +59 -0
package/lib/utils/b64-json.d.ts +2 -0
package/lib/utils/b64-json.js +17 -0
package/lib/utils/bgp-listener.d.ts +7 -0
package/lib/utils/bgp-listener.js +119 -0
package/lib/utils/claims.d.ts +33 -0
package/lib/utils/claims.js +101 -0
package/lib/utils/env.d.ts +3 -0
package/lib/utils/env.js +15 -0
package/lib/utils/error.d.ts +26 -0
package/lib/utils/error.js +50 -0
package/lib/utils/generics.d.ts +114 -0
package/lib/utils/generics.js +317 -0
package/lib/utils/http-parser.d.ts +59 -0
package/lib/utils/http-parser.js +246 -0
package/lib/utils/index.d.ts +13 -0
package/lib/utils/index.js +13 -0
package/lib/utils/logger.d.ts +13 -0
package/lib/utils/logger.js +91 -0
package/lib/utils/prepare-packets.d.ts +16 -0
package/lib/utils/prepare-packets.js +62 -0
package/lib/utils/redactions.d.ts +62 -0
package/lib/utils/redactions.js +148 -0
package/lib/utils/retries.d.ts +12 -0
package/lib/utils/retries.js +24 -0
package/lib/utils/signatures/eth.d.ts +2 -0
package/lib/utils/signatures/eth.js +29 -0
package/lib/utils/signatures/index.d.ts +5 -0
package/lib/utils/signatures/index.js +7 -0
package/lib/utils/socket-base.d.ts +23 -0
package/lib/utils/socket-base.js +90 -0
package/lib/utils/tls.d.ts +2 -0
package/{src/utils/tls.ts → lib/utils/tls.js} +28 -35
package/lib/utils/ws.d.ts +7 -0
package/lib/utils/ws.js +22 -0
package/lib/utils/zk.d.ts +70 -0
package/lib/utils/zk.js +572 -0
package/package.json +19 -12
package/src/avs/abis/avsDirectoryABI.ts +0 -340
package/src/avs/abis/delegationABI.ts +0 -1
package/src/avs/abis/registryABI.ts +0 -725
package/src/avs/client/create-claim-on-avs.ts +0 -206
package/src/avs/config.ts +0 -25
package/src/avs/contracts/ReclaimServiceManager.ts +0 -1457
package/src/avs/contracts/common.ts +0 -44
package/src/avs/contracts/factories/ReclaimServiceManager__factory.ts +0 -1213
package/src/avs/tests/test.operator.ts +0 -413
package/src/avs/tests/utils.ts +0 -51
package/src/avs/types/index.ts +0 -60
package/src/avs/utils/contracts.ts +0 -66
package/src/avs/utils/register.ts +0 -125
package/src/avs/utils/tasks.ts +0 -76
package/src/client/create-claim.ts +0 -626
package/src/client/index.ts +0 -3
package/src/client/tunnels/make-rpc-tcp-tunnel.ts +0 -78
package/src/client/tunnels/make-rpc-tls-tunnel.ts +0 -172
package/src/client/utils/attestor-pool.ts +0 -35
package/src/client/utils/client-socket.ts +0 -160
package/src/client/utils/message-handler.ts +0 -116
package/src/config/index.ts +0 -65
package/src/external-rpc/benchmark.ts +0 -102
package/src/external-rpc/event-bus.ts +0 -19
package/src/external-rpc/global.d.ts +0 -20
package/src/external-rpc/handle-incoming-msg.ts +0 -308
package/src/external-rpc/index.ts +0 -3
package/src/external-rpc/jsc-polyfills/1.ts +0 -117
package/src/external-rpc/jsc-polyfills/2.ts +0 -24
package/src/external-rpc/jsc-polyfills/event.ts +0 -16
package/src/external-rpc/jsc-polyfills/index.ts +0 -2
package/src/external-rpc/jsc-polyfills/ws.ts +0 -105
package/src/external-rpc/setup-browser.ts +0 -42
package/src/external-rpc/setup-jsc.ts +0 -48
package/src/external-rpc/types.ts +0 -289
package/src/external-rpc/utils.ts +0 -126
package/src/external-rpc/zk.ts +0 -79
package/src/index.ts +0 -9
package/src/mechain/abis/governanceABI.ts +0 -458
package/src/mechain/abis/taskABI.ts +0 -509
package/src/mechain/client/create-claim-on-mechain.ts +0 -52
package/src/mechain/client/index.ts +0 -1
package/src/mechain/index.ts +0 -2
package/src/mechain/types/index.ts +0 -29
package/src/proto/api.ts +0 -5285
package/src/proto/tee-bundle.ts +0 -1413
package/src/providers/http/index.ts +0 -873
package/src/providers/http/patch-parse5-tree.ts +0 -49
package/src/providers/http/utils.ts +0 -439
package/src/providers/index.ts +0 -8
package/src/scripts/build-browser.sh +0 -9
package/src/scripts/build-browser.ts +0 -40
package/src/scripts/build-jsc.ts +0 -55
package/src/scripts/check-avs-registration.ts +0 -38
package/src/scripts/contract-data-gen.sh +0 -8
package/src/scripts/fallbacks/crypto.ts +0 -1
package/src/scripts/fallbacks/empty.ts +0 -2
package/src/scripts/fallbacks/re2.ts +0 -5
package/src/scripts/fallbacks/snarkjs.ts +0 -5
package/src/scripts/generate-certs.sh +0 -11
package/src/scripts/generate-proto.sh +0 -5
package/src/scripts/generate-provider-types.ts +0 -121
package/src/scripts/generate-receipt.ts +0 -138
package/src/scripts/generate-toprf-keys.ts +0 -30
package/src/scripts/jsc-cli-rpc.ts +0 -48
package/src/scripts/register-avs-operator.ts +0 -5
package/src/scripts/start-server.ts +0 -17
package/src/scripts/update-avs-metadata.ts +0 -26
package/src/scripts/utils.ts +0 -8
package/src/scripts/whitelist-operator.ts +0 -22
package/src/server/create-server.ts +0 -169
package/src/server/handlers/claimTeeBundle.ts +0 -308
package/src/server/handlers/claimTunnel.ts +0 -106
package/src/server/handlers/completeClaimOnChain.ts +0 -36
package/src/server/handlers/createClaimOnChain.ts +0 -39
package/src/server/handlers/createTaskOnMechain.ts +0 -80
package/src/server/handlers/createTunnel.ts +0 -128
package/src/server/handlers/disconnectTunnel.ts +0 -11
package/src/server/handlers/fetchCertificateBytes.ts +0 -66
package/src/server/handlers/index.ts +0 -24
package/src/server/handlers/init.ts +0 -46
package/src/server/handlers/toprf.ts +0 -25
package/src/server/index.ts +0 -4
package/src/server/provider-api.ts +0 -118
package/src/server/provider-store.ts +0 -117
package/src/server/session-api.ts +0 -115
package/src/server/session-store.ts +0 -60
package/src/server/socket.ts +0 -156
package/src/server/tunnels/make-tcp-tunnel.ts +0 -275
package/src/server/utils/apm.ts +0 -49
package/src/server/utils/assert-valid-claim-request.ts +0 -375
package/src/server/utils/config-env.ts +0 -6
package/src/server/utils/dns.ts +0 -25
package/src/server/utils/gcp-attestation.ts +0 -415
package/src/server/utils/generics.ts +0 -68
package/src/server/utils/iso.ts +0 -258
package/src/server/utils/keep-alive.ts +0 -50
package/src/server/utils/nitro-attestation.ts +0 -396
package/src/server/utils/process-handshake.ts +0 -311
package/src/server/utils/proxy-session.ts +0 -6
package/src/server/utils/tee-oprf-verification.ts +0 -231
package/src/server/utils/tee-transcript-reconstruction.ts +0 -254
package/src/server/utils/tee-verification.ts +0 -513
package/src/server/utils/validation.ts +0 -57
package/src/tests/auth.test.ts +0 -105
package/src/tests/bgp-listener.test.ts +0 -193
package/src/tests/claim-creation.test.ts +0 -415
package/src/tests/describe-with-server.ts +0 -94
package/src/tests/gcp-attestation.test.ts +0 -206
package/src/tests/http-parser.test.ts +0 -135
package/src/tests/http-provider-utils.test.ts +0 -3306
package/src/tests/http-provider.test.ts +0 -125
package/src/tests/jsc.test_mac.ts +0 -296
package/src/tests/mock-provider-server.ts +0 -106
package/src/tests/mocks.ts +0 -25
package/src/tests/proof_bundle.bin +0 -0
package/src/tests/rpc-communication.test.ts +0 -115
package/src/tests/rpc-tunnel.test.ts +0 -239
package/src/tests/signatures.test.ts +0 -37
package/src/tests/tcp-tunnel.test.ts +0 -154
package/src/tests/tee-bundle.test.ts +0 -321
package/src/tests/tee-signatures.test.ts +0 -81
package/src/tests/utils.ts +0 -108
package/src/tests/verification_bundle.pb +0 -0
package/src/tests/verification_bundle_tee.pb +0 -0
package/src/tests/zk.test.ts +0 -453
package/src/types/bgp.ts +0 -17
package/src/types/claims.ts +0 -79
package/src/types/client.ts +0 -205
package/src/types/general.ts +0 -61
package/src/types/handlers.ts +0 -16
package/src/types/index.ts +0 -10
package/src/types/providers.gen.ts +0 -135
package/src/types/providers.ts +0 -203
package/src/types/rpc.ts +0 -46
package/src/types/signatures.ts +0 -29
package/src/types/tunnel.ts +0 -25
package/src/types/zk.ts +0 -31
package/src/utils/auth.ts +0 -92
package/src/utils/b64-json.ts +0 -25
package/src/utils/bgp-listener.ts +0 -159
package/src/utils/claims.ts +0 -132
package/src/utils/env.ts +0 -21
package/src/utils/error.ts +0 -76
package/src/utils/generics.ts +0 -429
package/src/utils/http-parser.ts +0 -312
package/src/utils/index.ts +0 -13
package/src/utils/logger.ts +0 -114
package/src/utils/prepare-packets.ts +0 -98
package/src/utils/redactions.ts +0 -203
package/src/utils/retries.ts +0 -41
package/src/utils/signatures/eth.ts +0 -35
package/src/utils/signatures/index.ts +0 -11
package/src/utils/socket-base.ts +0 -132
package/src/utils/ws.ts +0 -30
package/src/utils/zk.ts +0 -908

package/src/server/utils/gcp-attestation.ts DELETED Viewed

@@ -1,415 +0,0 @@
-/**
- * GCP attestation validation utilities
- * Validates JWT tokens from Google Confidential Computing
- */
-import crypto, { X509Certificate } from 'crypto'
-import type { Logger } from '#src/types/general.ts'
-export interface GcpValidationResult {
-	isValid: boolean
-	errors: string[]
-	ethAddress?: Uint8Array
-	userDataType?: string
-	pcr0?: string
-	envVars?: Record<string, string> // Environment variables from JWT payload
-}
-interface JwtHeader {
-	kid?: string
-	alg: string
-	x5c?: string[] // Certificate chain for PKI tokens
-}
-interface JwtPayload {
-	iss: string
-	exp: number
-	iat: number
-	aud: string
-	eat_nonce?: string // Contains "tee_k_public_key:0x..." or "tee_t_public_key:0x..."
-	dbgstat?: string // Debug status: "enabled" or "disabled-since-boot"
-	// GCP Confidential Computing specific claims
-	google?: {
-		compute_engine?: {
-			image_digest?: string
-			instance_id?: string
-			project_id?: string
-		}
-	}
-	// Alternative location for image digest (Confidential Space)
-	submods?: {
-		container?: {
-			image_digest?: string
-			image_reference?: string
-			image_id?: string
-			restart_policy?: string
-			args?: string[]
-			env?: Record<string, string>
-		}
-		gce?: {
-			zone?: string
-			project_id?: string
-			project_number?: string
-			instance_name?: string
-			instance_id?: string
-		}
-	}
-}
-interface JwkKey {
-	kid: string
-	n: string // modulus (base64url)
-	e: string // exponent (base64url)
-	kty: string
-	alg: string
-	use: string
-}
-interface JwksResponse {
-	keys: JwkKey[]
-}
-// Cache for Google's public keys
-let gcpKeysCache: JwksResponse | null = null
-let gcpKeysCacheTime = 0
-const GCP_KEYS_CACHE_TTL = 3600000 // 1 hour in milliseconds
-// GCP Confidential Space Root CA
-const GCP_CONFIDENTIAL_SPACE_ROOT_CA = `-----BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgITYBvRy5g9aYYMh7tJS7pFwafL6jANBgkqhkiG9w0BAQsF
-ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
-DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdv
-b2dsZSBDbG91ZDEjMCEGA1UEAxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0Ew
-HhcNMjQwMTE5MjIxMDUwWhcNMzQwMTE2MjIxMDQ5WjCBizELMAkGA1UEBhMCVVMx
-EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzAR
-BgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdvb2dsZSBDbG91ZDEjMCEGA1UE
-AxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCvRuZasczAqhMZe1ODHJ6MFLX8EYVV+RN7xiO9GpuA53iz
-l9Oxgp3NXik3FbYn+7bcIkMMSQpCr6K0jbSQCZT6d5P5PJT5DpNGYjLHkW67/fl+
-Bu7eSMb0qRCa1jS+3OhNK7t7SIaHm1XdmSRghjwoglKRuk3CGrF4Zia9RcE/p2MU
-69GyJZpqHYwTplNr3x4zF+2nJk86GywDP+sGwSPWfcmqY04VQD7ZPDEZZ/qgzdoL
-5ilE92eQnAsy+6m6LxBEHHVcFpfDtNVUIt2VMCWLBeOKUQcn5js756xblInqw/Qt
-QRR0An0yfRjBuGvmMjAwETDo5ETY/fc+nbQVYJzNQTc9EOpFFWPpw/ZjFcN9Amnd
-dxYUETFXPmBYerMez0LKNtGpfKYHHhMMTI3mj0m/V9fCbfh2YbBUnMS2Swd20YSI
-Mi/HiGaqOpGUqXMeQVw7phGTS3QYK8ZM65sC/QhIQzXdsiLDgFBitVnlIu3lIv6C
-uiHvXeSJBRlRxQ8Vu+t6J7hBdl0etWBKAu9Vti46af5cjC03dspkHR3MAUGcrLWE
-TkQ0msQAKvIAlwyQRLuQOI5D6pF+6af1Nbl+vR7sLCbDWdMqm1E9X6KyFKd6e3rn
-E9O4dkFJp35WvR2gqIAkUoa+Vq1MXLFYG4imanZKH0igrIblbawRCr3Gr24FXQID
-AQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUF+fBOE6Th1snpKuvIb6S8/mtPL4wHwYDVR0jBBgwFoAUF+fBOE6Th1snpKuv
-Ib6S8/mtPL4wDQYJKoZIhvcNAQELBQADggIBAGtCuV5eHxWcffylK9GPumaD6Yjd
-cs76KDBe3mky5ItBIrEOeZq3z47zM4dbKZHhFuoq4yAaO1MyApnG0w9wIQLBDndI
-ovtkw6j9/64aqPWpNaoB5MB0SahCUCgI83Dx9SRqGmjPI/MTMfwDLdE5EF9gFmVI
-oH62YnG2aa/sc6m/8wIK8WtTJazEI16/8GPG4ZUhwT6aR3IGGnEBPMbMd5VZQ0Hw
-VbHBKWK3UykaSCxnEg8uaNx/rhNaOWuWtos4qL00dYyGV7ZXg4fpAq7244QUgkWV
-AtVcU2SPBjDd30OFHASnenDHRzQdOtHaxLp4a4WaY3jb2V6Sn3LfE8zSy6GevxmN
-COIWW3xnPF8rwKz4ABEPqECe37zzu3W1nzZAFtdkhPBNnlWYkIusTMtU+8v6EPKp
-GIIRphpaDhtGPJQukpENOfk2728lenPycRfjxwA96UKWq0dKZC45MwBEK9Jngn8Q
-cPmpPmx7pSMkSxEX2Vos2JNaNmCKJd2VaXz8M6F2cxscRdh9TbAYAjGEEjE1nLUH
-2YHDS8Y7xYNFIDSFaJAlqGcCUbzjGhrwHGj4voTe9ZvlmngrcA/ptSuBidvsnRDw
-kNPLowCd0NqxYYSLNL7GroYCFPxoBpr+++4vsCaXalbs8iJxdU2EPqG4MB4xWKYg
-uyT5CnJulxSC5CT1
------END CERTIFICATE-----`
-/**
- * Base64url decode (RFC 4648, no padding)
- */
-function base64urlDecode(input: string): Buffer {
-	// Add padding if needed
-	let base64 = input.replace(/-/g, '+').replace(/_/g, '/')
-	while(base64.length % 4) {
-		base64 += '='
-	}
-	return Buffer.from(base64, 'base64')
-}
-/**
- * Fetch Google's public keys (with caching)
- */
-async function fetchGooglePublicKeys(logger?: Logger): Promise<JwksResponse> {
-	const now = Date.now()
-	// Return cached keys if still valid
-	if(gcpKeysCache && (now - gcpKeysCacheTime) < GCP_KEYS_CACHE_TTL) {
-		if(logger) {
-			logger.debug('Using cached Google public keys')
-		}
-		return gcpKeysCache
-	}
-	// Fetch fresh keys
-	if(logger) {
-		logger.info('Fetching Google public keys from https://www.googleapis.com/oauth2/v3/certs')
-	}
-	const response = await fetch('https://www.googleapis.com/oauth2/v3/certs')
-	if(!response.ok) {
-		throw new Error(`Failed to fetch Google keys: ${response.status} ${response.statusText}`)
-	}
-	const keys = await response.json() as JwksResponse
-	// Update cache
-	gcpKeysCache = keys
-	gcpKeysCacheTime = now
-	if(logger) {
-		logger.info(`Fetched ${keys.keys.length} Google public keys`)
-	}
-	return keys
-}
-/**
- * Convert JWK to RSA public key
- */
-function jwkToPublicKey(jwk: JwkKey): crypto.KeyObject {
-	// Create RSA public key from modulus and exponent
-	return crypto.createPublicKey({
-		key: {
-			kty: 'RSA',
-			n: jwk.n,
-			e: jwk.e,
-		},
-		format: 'jwk'
-	})
-}
-/**
- * Verify x5c certificate chain and return leaf certificate's public key
- */
-function verifyX5cChain(x5cChain: string[], logger?: Logger): crypto.KeyObject {
-	if(!x5cChain || x5cChain.length === 0) {
-		throw new Error('Empty x5c certificate chain')
-	}
-	// Parse leaf certificate (first in chain)
-	const leafCertPem = `-----BEGIN CERTIFICATE-----\n${x5cChain[0]}\n-----END CERTIFICATE-----`
-	const leafCert = new X509Certificate(leafCertPem)
-	if(logger) {
-		logger.info(`x5c leaf certificate: subject=${leafCert.subject}, issuer=${leafCert.issuer}`)
-	}
-	// Parse root CA
-	const rootCert = new X509Certificate(GCP_CONFIDENTIAL_SPACE_ROOT_CA)
-	// For chain verification with Node.js X509Certificate, we need to verify each cert in sequence
-	// Start with leaf and work up to root
-	let currentCert = leafCert
-	// Verify intermediate certificates if present
-	for(let i = 1; i < x5cChain.length; i++) {
-		const intermediatePem = `-----BEGIN CERTIFICATE-----\n${x5cChain[i]}\n-----END CERTIFICATE-----`
-		const intermediateCert = new X509Certificate(intermediatePem)
-		// Verify current cert was signed by intermediate
-		const isValid = currentCert.verify(intermediateCert.publicKey)
-		if(!isValid) {
-			throw new Error(`Certificate chain verification failed at level ${i}`)
-		}
-		if(logger) {
-			logger.debug(`Verified cert level ${i}: ${intermediateCert.subject}`)
-		}
-		currentCert = intermediateCert
-	}
-	// Verify the top cert was signed by root CA
-	const isRootValid = currentCert.verify(rootCert.publicKey)
-	if(!isRootValid) {
-		throw new Error('Certificate chain does not root to GCP Confidential Space Root CA')
-	}
-	if(logger) {
-		logger.info('x5c certificate chain verified successfully')
-	}
-	// Return leaf certificate's public key for signature verification
-	return leafCert.publicKey
-}
-/**
- * Validates GCP JWT attestation and extracts ETH address
- */
-export async function validateGcpAttestationAndExtractKey(
-	attestationBytes: Uint8Array,
-	logger?: Logger
-): Promise<GcpValidationResult> {
-	const errors: string[] = []
-	try {
-		// 1. Parse JWT structure
-		const jwtString = Buffer.from(attestationBytes).toString('utf8')
-		const parts = jwtString.split('.')
-		if(parts.length !== 3) {
-			errors.push('Invalid JWT format: expected 3 parts')
-			return { isValid: false, errors }
-		}
-		const [headerB64, payloadB64, signatureB64] = parts
-		// Decode header and payload
-		const headerJson = base64urlDecode(headerB64).toString('utf8')
-		const payloadJson = base64urlDecode(payloadB64).toString('utf8')
-		const header: JwtHeader = JSON.parse(headerJson)
-		const payload: JwtPayload = JSON.parse(payloadJson)
-		if(logger) {
-			logger.info(`GCP JWT header: kid=${header.kid}, alg=${header.alg}`)
-			logger.info(`GCP JWT payload: iss=${payload.iss}, aud=${payload.aud}`)
-		}
-		// 2. Verify claims
-		const now = Math.floor(Date.now() / 1000)
-		// Check issuer - accept both Google accounts and Confidential Computing
-		const validIssuers = [
-			'https://accounts.google.com',
-			'https://confidentialcomputing.googleapis.com'
-		]
-		if(!validIssuers.includes(payload.iss)) {
-			errors.push(`Invalid issuer: expected one of ${validIssuers.join(', ')}, got "${payload.iss}"`)
-		}
-		// Check expiration
-		if(payload.exp <= now) {
-			errors.push(`Token expired: exp=${payload.exp}, now=${now}`)
-		}
-		// Check issued at (allow 60 second clock skew)
-		if(payload.iat > now + 60) {
-			errors.push(`Token issued in future: iat=${payload.iat}, now=${now}`)
-		}
-		// Audience can be:
-		// 1. Custom audience with data param: https://{ATTESTATION_AUDIENCE_DOMAIN}/attestation?data=tee_k_public_key:0x...
-		// 2. GCP STS audience: https://sts.googleapis.com (for Confidential Space)
-		const attestationAudienceDomain = process.env.ATTESTATION_AUDIENCE_DOMAIN || ''
-		const hasCustomAudience = attestationAudienceDomain && payload.aud?.includes(attestationAudienceDomain)
-		const hasGcpStsAudience = payload.aud?.includes('sts.googleapis.com')
-		if(!hasCustomAudience && !hasGcpStsAudience) {
-			errors.push(`Invalid audience: expected "${attestationAudienceDomain}" or "sts.googleapis.com", got "${payload.aud}"`)
-		}
-		if(errors.length > 0) {
-			return { isValid: false, errors }
-		}
-		// 3. Get public key - either from x5c chain or JWKS
-		let publicKey: crypto.KeyObject
-		if(header.x5c && header.x5c.length > 0) {
-			// PKI token with certificate chain
-			if(logger) {
-				logger.info(`Using x5c certificate chain (${header.x5c.length} certificates)`)
-			}
-			publicKey = verifyX5cChain(header.x5c, logger)
-		} else if(header.kid) {
-			// OIDC token with kid
-			if(logger) {
-				logger.info(`Using OIDC token with kid: ${header.kid}`)
-			}
-			// Fetch Google's public keys
-			const jwks = await fetchGooglePublicKeys(logger)
-			// Find matching key
-			const jwk = jwks.keys.find(k => k.kid === header.kid)
-			if(!jwk) {
-				errors.push(`No public key found for kid: ${header.kid}`)
-				return { isValid: false, errors }
-			}
-			publicKey = jwkToPublicKey(jwk)
-		} else {
-			errors.push('JWT header must contain either x5c or kid field')
-			return { isValid: false, errors }
-		}
-		// 4. Verify signature
-		const signedData = `${headerB64}.${payloadB64}`
-		const signature = base64urlDecode(signatureB64)
-		const verify = crypto.createVerify('RSA-SHA256')
-		verify.update(signedData)
-		const isSignatureValid = verify.verify(publicKey, signature)
-		if(!isSignatureValid) {
-			errors.push('Signature verification failed')
-			return { isValid: false, errors }
-		}
-		if(logger) {
-			logger.info('GCP JWT signature verified successfully')
-		}
-		// 5. Extract ETH address from eat_nonce
-		if(!payload.eat_nonce) {
-			errors.push('No eat_nonce field found in JWT payload')
-			return { isValid: false, errors }
-		}
-		// Format: "tee_k_public_key:0x..." or "tee_t_public_key:0x..."
-		const match = payload.eat_nonce.match(/^(tee_[kt])_public_key:0x([0-9a-fA-F]{40})$/)
-		if(!match) {
-			errors.push(`Invalid eat_nonce format: ${payload.eat_nonce}`)
-			return { isValid: false, errors }
-		}
-		const userDataType = match[1] // "tee_k" or "tee_t"
-		const hexAddress = match[2]
-		const ethAddress = new Uint8Array(Buffer.from(hexAddress, 'hex'))
-		if(logger) {
-			logger.info(`Extracted address from eat_nonce: ${payload.eat_nonce}`)
-		}
-		// Extract image digest from JWT payload (GCP's equivalent to PCR0)
-		let pcr0 = 'gcp-no-digest'
-		if(payload.google?.compute_engine?.image_digest) {
-			pcr0 = payload.google.compute_engine.image_digest
-		} else if(payload.submods?.container?.image_digest) {
-			pcr0 = payload.submods.container.image_digest
-		}
-		// Add debug prefix if debug mode is enabled
-		if(payload.dbgstat === 'enabled' && pcr0.startsWith('sha256:')) {
-			pcr0 = 'debug_' + pcr0
-		}
-		// Extract environment variables if present
-		const envVars = payload.submods?.container?.env || {}
-		if(logger) {
-			const hexAddr = Buffer.from(ethAddress).toString('hex')
-			logger.info(`Extracted ETH address from GCP attestation: 0x${hexAddr}, type: ${userDataType}, pcr0: ${pcr0}`)
-			if(Object.keys(envVars).length > 0) {
-				logger.debug(`Environment variables: ${Object.keys(envVars).join(', ')}`)
-			}
-		}
-		return {
-			isValid: true,
-			errors: [],
-			ethAddress,
-			userDataType,
-			pcr0,
-			envVars
-		}
-	} catch(error) {
-		const errorMsg = error instanceof Error ? error.message : String(error)
-		errors.push(`GCP attestation validation error: ${errorMsg}`)
-		return { isValid: false, errors }
-	}
-}

package/src/server/utils/generics.ts DELETED Viewed

@@ -1,68 +0,0 @@
-import type { IncomingMessage } from 'http'
-import type { ServiceSignatureType } from '#src/proto/api.ts'
-import { RPCMessages } from '#src/proto/api.ts'
-import { getEnvVariable } from '#src/utils/env.ts'
-import { AttestorError, strToUint8Array } from '#src/utils/index.ts'
-import { SIGNATURES } from '#src/utils/signatures/index.ts'
-const PRIVATE_KEY = getEnvVariable('PRIVATE_KEY')!
-/**
- * Sign message using the PRIVATE_KEY env var.
- */
-export function signAsAttestor(
-	data: Uint8Array | string,
-	scheme: ServiceSignatureType
-) {
-	const { sign } = SIGNATURES[scheme]
-	return sign(
-		typeof data === 'string' ? strToUint8Array(data) : data,
-		PRIVATE_KEY
-	)
-}
-/**
- * Obtain the address on chain, from the PRIVATE_KEY env var.
- */
-export function getAttestorAddress(scheme: ServiceSignatureType) {
-	const { getAddress, getPublicKey } = SIGNATURES[scheme]
-	const publicKey = getPublicKey(PRIVATE_KEY)
-	return getAddress(publicKey)
-}
-/**
- * Nice parse JSON with a key.
- * If the data is empty, returns an empty object.
- * And if the JSON is invalid, throws a bad request error,
- * with the key in the error message.
- */
-export function niceParseJsonObject(data: string, key: string) {
-	if(!data) {
-		return {}
-	}
-	try {
-		return JSON.parse(data)
-	} catch(e) {
-		throw AttestorError.badRequest(
-			`Invalid JSON in ${key}: ${e.message}`,
-		)
-	}
-}
-/**
- * Extract any initial messages sent via the query string,
- * in the `messages` parameter.
- */
-export function getInitialMessagesFromQuery(req: IncomingMessage) {
-	const url = new URL(req.url!, 'http://localhost')
-	const messagesB64 = url.searchParams.get('messages')
-	if(!messagesB64?.length) {
-		return []
-	}
-	const msgsBytes = Buffer.from(messagesB64, 'base64')
-	const msgs = RPCMessages.decode(msgsBytes)
-	return msgs.messages
-}