npm - @joclaim/attestor-core - Versions diffs - 0.2.0 → 0.2.3 - Mend

@joclaim/attestor-core 0.2.0 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (420) hide show

package/README.md +21 -15
package/lib/avs/abis/avsDirectoryABI.d.ts +60 -0
package/lib/avs/abis/avsDirectoryABI.js +340 -0
package/lib/avs/abis/delegationABI.d.ts +126 -0
package/lib/avs/abis/delegationABI.js +1 -0
package/lib/avs/abis/registryABI.d.ts +136 -0
package/lib/avs/abis/registryABI.js +725 -0
package/lib/avs/client/create-claim-on-avs.d.ts +12 -0
package/lib/avs/client/create-claim-on-avs.js +138 -0
package/lib/avs/config.d.ts +7 -0
package/lib/avs/config.js +20 -0
package/lib/avs/contracts/ReclaimServiceManager.d.ts +697 -0
package/lib/avs/contracts/ReclaimServiceManager.js +1 -0
package/lib/avs/contracts/common.d.ts +21 -0
package/lib/avs/contracts/common.js +1 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +888 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.js +1169 -0
package/lib/avs/contracts/factories/index.d.ts +1 -0
package/{src/avs/contracts/factories/index.ts → lib/avs/contracts/factories/index.js} +1 -1
package/{src/avs/contracts/index.ts → lib/avs/contracts/index.d.ts} +0 -3
package/lib/avs/contracts/index.js +2 -0
package/lib/avs/types/index.d.ts +55 -0
package/lib/avs/types/index.js +1 -0
package/lib/avs/utils/contracts.d.ts +21 -0
package/lib/avs/utils/contracts.js +33 -0
package/lib/avs/utils/register.d.ts +27 -0
package/lib/avs/utils/register.js +78 -0
package/lib/avs/utils/tasks.d.ts +22 -0
package/lib/avs/utils/tasks.js +40 -0
package/lib/client/create-claim.d.ts +5 -0
package/lib/client/create-claim.js +437 -0
package/lib/client/index.d.ts +3 -0
package/lib/client/index.js +3 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts +16 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.js +51 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +26 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.js +131 -0
package/lib/client/utils/attestor-pool.d.ts +8 -0
package/lib/client/utils/attestor-pool.js +25 -0
package/lib/client/utils/client-socket.d.ts +11 -0
package/lib/client/utils/client-socket.js +98 -0
package/lib/client/utils/message-handler.d.ts +4 -0
package/lib/client/utils/message-handler.js +87 -0
package/lib/config/index.d.ts +30 -0
package/lib/config/index.js +43 -0
package/lib/external-rpc/benchmark.d.ts +1 -0
package/lib/external-rpc/benchmark.js +69 -0
package/lib/external-rpc/event-bus.d.ts +7 -0
package/lib/external-rpc/event-bus.js +14 -0
package/lib/external-rpc/handle-incoming-msg.d.ts +2 -0
package/lib/external-rpc/handle-incoming-msg.js +233 -0
package/lib/external-rpc/index.d.ts +3 -0
package/lib/external-rpc/index.js +3 -0
package/lib/external-rpc/jsc-polyfills/1.d.ts +14 -0
package/lib/external-rpc/jsc-polyfills/1.js +82 -0
package/lib/external-rpc/jsc-polyfills/2.d.ts +1 -0
package/lib/external-rpc/jsc-polyfills/2.js +20 -0
package/lib/external-rpc/jsc-polyfills/event.d.ts +10 -0
package/lib/external-rpc/jsc-polyfills/event.js +14 -0
package/lib/external-rpc/jsc-polyfills/index.d.ts +2 -0
package/lib/external-rpc/jsc-polyfills/index.js +2 -0
package/lib/external-rpc/jsc-polyfills/ws.d.ts +21 -0
package/lib/external-rpc/jsc-polyfills/ws.js +81 -0
package/lib/external-rpc/setup-browser.d.ts +6 -0
package/lib/external-rpc/setup-browser.js +33 -0
package/lib/external-rpc/setup-jsc.d.ts +24 -0
package/lib/external-rpc/setup-jsc.js +22 -0
package/lib/external-rpc/types.d.ts +213 -0
package/lib/external-rpc/types.js +1 -0
package/lib/external-rpc/utils.d.ts +20 -0
package/lib/external-rpc/utils.js +100 -0
package/lib/external-rpc/zk.d.ts +14 -0
package/lib/external-rpc/zk.js +63 -0
package/lib/index.d.ts +9 -0
package/lib/index.js +9 -0
package/lib/mechain/abis/governanceABI.d.ts +50 -0
package/lib/mechain/abis/governanceABI.js +458 -0
package/lib/mechain/abis/taskABI.d.ts +157 -0
package/lib/mechain/abis/taskABI.js +509 -0
package/lib/mechain/client/create-claim-on-mechain.d.ts +10 -0
package/lib/mechain/client/create-claim-on-mechain.js +28 -0
package/lib/mechain/client/index.d.ts +1 -0
package/lib/mechain/client/index.js +1 -0
package/lib/mechain/constants/index.d.ts +3 -0
package/{src/mechain/constants/index.ts → lib/mechain/constants/index.js} +3 -5
package/lib/mechain/index.d.ts +2 -0
package/lib/mechain/index.js +2 -0
package/lib/mechain/types/index.d.ts +23 -0
package/lib/mechain/types/index.js +1 -0
package/lib/proto/api.d.ts +633 -0
package/lib/proto/api.js +4258 -0
package/lib/proto/tee-bundle.d.ts +135 -0
package/lib/proto/tee-bundle.js +1161 -0
package/lib/providers/http/index.d.ts +18 -0
package/lib/providers/http/index.js +658 -0
package/lib/providers/http/patch-parse5-tree.d.ts +6 -0
package/lib/providers/http/patch-parse5-tree.js +33 -0
package/lib/providers/http/utils.d.ts +77 -0
package/lib/providers/http/utils.js +324 -0
package/lib/providers/index.d.ts +4 -0
package/lib/providers/index.js +4 -0
package/lib/scripts/build-browser.d.ts +1 -0
package/lib/scripts/build-browser.js +37 -0
package/lib/scripts/build-jsc.d.ts +1 -0
package/lib/scripts/build-jsc.js +49 -0
package/lib/scripts/check-avs-registration.d.ts +1 -0
package/lib/scripts/check-avs-registration.js +26 -0
package/lib/scripts/fallbacks/crypto.d.ts +1 -0
package/lib/scripts/fallbacks/crypto.js +1 -0
package/lib/scripts/fallbacks/empty.d.ts +3 -0
package/lib/scripts/fallbacks/empty.js +1 -0
package/lib/scripts/fallbacks/re2.d.ts +1 -0
package/lib/scripts/fallbacks/re2.js +4 -0
package/lib/scripts/fallbacks/snarkjs.d.ts +1 -0
package/lib/scripts/fallbacks/snarkjs.js +1 -0
package/lib/scripts/generate-provider-types.d.ts +5 -0
package/lib/scripts/generate-provider-types.js +78 -0
package/lib/scripts/generate-receipt.d.ts +9 -0
package/lib/scripts/generate-receipt.js +90 -0
package/lib/scripts/generate-toprf-keys.d.ts +1 -0
package/lib/scripts/generate-toprf-keys.js +20 -0
package/lib/scripts/jsc-cli-rpc.d.ts +1 -0
package/lib/scripts/jsc-cli-rpc.js +37 -0
package/lib/scripts/register-avs-operator.d.ts +1 -0
package/lib/scripts/register-avs-operator.js +4 -0
package/lib/scripts/start-server.d.ts +1 -0
package/lib/scripts/start-server.js +13 -0
package/lib/scripts/update-avs-metadata.d.ts +1 -0
package/lib/scripts/update-avs-metadata.js +19 -0
package/lib/scripts/utils.d.ts +1 -0
package/lib/scripts/utils.js +7 -0
package/lib/scripts/whitelist-operator.d.ts +1 -0
package/lib/scripts/whitelist-operator.js +15 -0
package/lib/server/create-server.d.ts +7 -0
package/lib/server/create-server.js +122 -0
package/lib/server/handlers/claimTeeBundle.d.ts +6 -0
package/lib/server/handlers/claimTeeBundle.js +206 -0
package/lib/server/handlers/claimTunnel.d.ts +2 -0
package/lib/server/handlers/claimTunnel.js +73 -0
package/lib/server/handlers/completeClaimOnChain.d.ts +2 -0
package/lib/server/handlers/completeClaimOnChain.js +22 -0
package/lib/server/handlers/createClaimOnChain.d.ts +2 -0
package/lib/server/handlers/createClaimOnChain.js +26 -0
package/lib/server/handlers/createTaskOnMechain.d.ts +2 -0
package/lib/server/handlers/createTaskOnMechain.js +47 -0
package/lib/server/handlers/createTunnel.d.ts +2 -0
package/lib/server/handlers/createTunnel.js +93 -0
package/lib/server/handlers/disconnectTunnel.d.ts +2 -0
package/lib/server/handlers/disconnectTunnel.js +5 -0
package/lib/server/handlers/fetchCertificateBytes.d.ts +2 -0
package/lib/server/handlers/fetchCertificateBytes.js +41 -0
package/lib/server/handlers/index.d.ts +4 -0
package/lib/server/handlers/index.js +22 -0
package/lib/server/handlers/init.d.ts +2 -0
package/lib/server/handlers/init.js +30 -0
package/lib/server/handlers/toprf.d.ts +2 -0
package/lib/server/handlers/toprf.js +16 -0
package/lib/server/index.d.ts +4 -0
package/lib/server/index.js +4 -0
package/lib/server/provider-api.d.ts +9 -0
package/lib/server/provider-api.js +98 -0
package/lib/server/provider-store.d.ts +53 -0
package/lib/server/provider-store.js +80 -0
package/lib/server/session-api.d.ts +9 -0
package/lib/server/session-api.js +95 -0
package/lib/server/session-store.d.ts +14 -0
package/lib/server/session-store.js +36 -0
package/lib/server/socket.d.ts +13 -0
package/lib/server/socket.js +109 -0
package/lib/server/tunnels/make-tcp-tunnel.d.ts +22 -0
package/lib/server/tunnels/make-tcp-tunnel.js +177 -0
package/lib/server/utils/apm.d.ts +11 -0
package/lib/server/utils/apm.js +36 -0
package/lib/server/utils/assert-valid-claim-request.d.ts +31 -0
package/lib/server/utils/assert-valid-claim-request.js +229 -0
package/lib/server/utils/config-env.d.ts +1 -0
package/lib/server/utils/config-env.js +4 -0
package/lib/server/utils/dns.d.ts +1 -0
package/lib/server/utils/dns.js +18 -0
package/lib/server/utils/gcp-attestation.d.ts +17 -0
package/lib/server/utils/gcp-attestation.js +289 -0
package/lib/server/utils/generics.d.ts +22 -0
package/lib/server/utils/generics.js +51 -0
package/lib/server/utils/iso.d.ts +1 -0
package/lib/server/utils/iso.js +256 -0
package/lib/server/utils/keep-alive.d.ts +7 -0
package/lib/server/utils/keep-alive.js +38 -0
package/lib/server/utils/nitro-attestation.d.ts +33 -0
package/lib/server/utils/nitro-attestation.js +325 -0
package/lib/server/utils/process-handshake.d.ts +13 -0
package/lib/server/utils/process-handshake.js +214 -0
package/lib/server/utils/proxy-session.d.ts +1 -0
package/lib/server/utils/proxy-session.js +6 -0
package/lib/server/utils/tee-oprf-verification.d.ts +22 -0
package/lib/server/utils/tee-oprf-verification.js +160 -0
package/lib/server/utils/tee-transcript-reconstruction.d.ts +24 -0
package/lib/server/utils/tee-transcript-reconstruction.js +187 -0
package/lib/server/utils/tee-verification.d.ts +27 -0
package/lib/server/utils/tee-verification.js +365 -0
package/lib/server/utils/validation.d.ts +2 -0
package/lib/server/utils/validation.js +38 -0
package/lib/types/bgp.d.ts +11 -0
package/lib/types/bgp.js +1 -0
package/lib/types/claims.d.ts +73 -0
package/lib/types/claims.js +1 -0
package/lib/types/client.d.ts +163 -0
package/lib/types/client.js +1 -0
package/lib/types/general.d.ts +54 -0
package/lib/types/general.js +1 -0
package/lib/types/handlers.d.ts +10 -0
package/lib/types/handlers.js +1 -0
package/lib/types/index.d.ts +10 -0
package/lib/types/index.js +10 -0
package/lib/types/providers.d.ts +161 -0
package/lib/types/providers.gen.d.ts +443 -0
package/lib/types/providers.gen.js +10 -0
package/lib/types/providers.js +1 -0
package/lib/types/rpc.d.ts +35 -0
package/lib/types/rpc.js +1 -0
package/lib/types/signatures.d.ts +28 -0
package/lib/types/signatures.js +1 -0
package/lib/types/tunnel.d.ts +18 -0
package/lib/types/tunnel.js +1 -0
package/lib/types/zk.d.ts +28 -0
package/lib/types/zk.js +1 -0
package/lib/utils/auth.d.ts +8 -0
package/lib/utils/auth.js +59 -0
package/lib/utils/b64-json.d.ts +2 -0
package/lib/utils/b64-json.js +17 -0
package/lib/utils/bgp-listener.d.ts +7 -0
package/lib/utils/bgp-listener.js +119 -0
package/lib/utils/claims.d.ts +33 -0
package/lib/utils/claims.js +101 -0
package/lib/utils/env.d.ts +3 -0
package/lib/utils/env.js +15 -0
package/lib/utils/error.d.ts +26 -0
package/lib/utils/error.js +50 -0
package/lib/utils/generics.d.ts +114 -0
package/lib/utils/generics.js +317 -0
package/lib/utils/http-parser.d.ts +59 -0
package/lib/utils/http-parser.js +246 -0
package/lib/utils/index.d.ts +13 -0
package/lib/utils/index.js +13 -0
package/lib/utils/logger.d.ts +13 -0
package/lib/utils/logger.js +91 -0
package/lib/utils/prepare-packets.d.ts +16 -0
package/lib/utils/prepare-packets.js +62 -0
package/lib/utils/redactions.d.ts +62 -0
package/lib/utils/redactions.js +148 -0
package/lib/utils/retries.d.ts +12 -0
package/lib/utils/retries.js +24 -0
package/lib/utils/signatures/eth.d.ts +2 -0
package/lib/utils/signatures/eth.js +29 -0
package/lib/utils/signatures/index.d.ts +5 -0
package/lib/utils/signatures/index.js +7 -0
package/lib/utils/socket-base.d.ts +23 -0
package/lib/utils/socket-base.js +90 -0
package/lib/utils/tls.d.ts +2 -0
package/{src/utils/tls.ts → lib/utils/tls.js} +28 -35
package/lib/utils/ws.d.ts +7 -0
package/lib/utils/ws.js +22 -0
package/lib/utils/zk.d.ts +70 -0
package/lib/utils/zk.js +572 -0
package/package.json +19 -12
package/src/avs/abis/avsDirectoryABI.ts +0 -340
package/src/avs/abis/delegationABI.ts +0 -1
package/src/avs/abis/registryABI.ts +0 -725
package/src/avs/client/create-claim-on-avs.ts +0 -206
package/src/avs/config.ts +0 -25
package/src/avs/contracts/ReclaimServiceManager.ts +0 -1457
package/src/avs/contracts/common.ts +0 -44
package/src/avs/contracts/factories/ReclaimServiceManager__factory.ts +0 -1213
package/src/avs/tests/test.operator.ts +0 -413
package/src/avs/tests/utils.ts +0 -51
package/src/avs/types/index.ts +0 -60
package/src/avs/utils/contracts.ts +0 -66
package/src/avs/utils/register.ts +0 -125
package/src/avs/utils/tasks.ts +0 -76
package/src/client/create-claim.ts +0 -626
package/src/client/index.ts +0 -3
package/src/client/tunnels/make-rpc-tcp-tunnel.ts +0 -78
package/src/client/tunnels/make-rpc-tls-tunnel.ts +0 -172
package/src/client/utils/attestor-pool.ts +0 -35
package/src/client/utils/client-socket.ts +0 -160
package/src/client/utils/message-handler.ts +0 -116
package/src/config/index.ts +0 -65
package/src/external-rpc/benchmark.ts +0 -102
package/src/external-rpc/event-bus.ts +0 -19
package/src/external-rpc/global.d.ts +0 -20
package/src/external-rpc/handle-incoming-msg.ts +0 -308
package/src/external-rpc/index.ts +0 -3
package/src/external-rpc/jsc-polyfills/1.ts +0 -117
package/src/external-rpc/jsc-polyfills/2.ts +0 -24
package/src/external-rpc/jsc-polyfills/event.ts +0 -16
package/src/external-rpc/jsc-polyfills/index.ts +0 -2
package/src/external-rpc/jsc-polyfills/ws.ts +0 -105
package/src/external-rpc/setup-browser.ts +0 -42
package/src/external-rpc/setup-jsc.ts +0 -48
package/src/external-rpc/types.ts +0 -289
package/src/external-rpc/utils.ts +0 -126
package/src/external-rpc/zk.ts +0 -79
package/src/index.ts +0 -9
package/src/mechain/abis/governanceABI.ts +0 -458
package/src/mechain/abis/taskABI.ts +0 -509
package/src/mechain/client/create-claim-on-mechain.ts +0 -52
package/src/mechain/client/index.ts +0 -1
package/src/mechain/index.ts +0 -2
package/src/mechain/types/index.ts +0 -29
package/src/proto/api.ts +0 -5285
package/src/proto/tee-bundle.ts +0 -1413
package/src/providers/http/index.ts +0 -873
package/src/providers/http/patch-parse5-tree.ts +0 -49
package/src/providers/http/utils.ts +0 -439
package/src/providers/index.ts +0 -8
package/src/scripts/build-browser.sh +0 -9
package/src/scripts/build-browser.ts +0 -40
package/src/scripts/build-jsc.ts +0 -55
package/src/scripts/check-avs-registration.ts +0 -38
package/src/scripts/contract-data-gen.sh +0 -8
package/src/scripts/fallbacks/crypto.ts +0 -1
package/src/scripts/fallbacks/empty.ts +0 -2
package/src/scripts/fallbacks/re2.ts +0 -5
package/src/scripts/fallbacks/snarkjs.ts +0 -5
package/src/scripts/generate-certs.sh +0 -11
package/src/scripts/generate-proto.sh +0 -5
package/src/scripts/generate-provider-types.ts +0 -121
package/src/scripts/generate-receipt.ts +0 -138
package/src/scripts/generate-toprf-keys.ts +0 -30
package/src/scripts/jsc-cli-rpc.ts +0 -48
package/src/scripts/register-avs-operator.ts +0 -5
package/src/scripts/start-server.ts +0 -17
package/src/scripts/update-avs-metadata.ts +0 -26
package/src/scripts/utils.ts +0 -8
package/src/scripts/whitelist-operator.ts +0 -22
package/src/server/create-server.ts +0 -169
package/src/server/handlers/claimTeeBundle.ts +0 -308
package/src/server/handlers/claimTunnel.ts +0 -106
package/src/server/handlers/completeClaimOnChain.ts +0 -36
package/src/server/handlers/createClaimOnChain.ts +0 -39
package/src/server/handlers/createTaskOnMechain.ts +0 -80
package/src/server/handlers/createTunnel.ts +0 -128
package/src/server/handlers/disconnectTunnel.ts +0 -11
package/src/server/handlers/fetchCertificateBytes.ts +0 -66
package/src/server/handlers/index.ts +0 -24
package/src/server/handlers/init.ts +0 -46
package/src/server/handlers/toprf.ts +0 -25
package/src/server/index.ts +0 -4
package/src/server/provider-api.ts +0 -118
package/src/server/provider-store.ts +0 -117
package/src/server/session-api.ts +0 -115
package/src/server/session-store.ts +0 -60
package/src/server/socket.ts +0 -156
package/src/server/tunnels/make-tcp-tunnel.ts +0 -275
package/src/server/utils/apm.ts +0 -49
package/src/server/utils/assert-valid-claim-request.ts +0 -375
package/src/server/utils/config-env.ts +0 -6
package/src/server/utils/dns.ts +0 -25
package/src/server/utils/gcp-attestation.ts +0 -415
package/src/server/utils/generics.ts +0 -68
package/src/server/utils/iso.ts +0 -258
package/src/server/utils/keep-alive.ts +0 -50
package/src/server/utils/nitro-attestation.ts +0 -396
package/src/server/utils/process-handshake.ts +0 -311
package/src/server/utils/proxy-session.ts +0 -6
package/src/server/utils/tee-oprf-verification.ts +0 -231
package/src/server/utils/tee-transcript-reconstruction.ts +0 -254
package/src/server/utils/tee-verification.ts +0 -513
package/src/server/utils/validation.ts +0 -57
package/src/tests/auth.test.ts +0 -105
package/src/tests/bgp-listener.test.ts +0 -193
package/src/tests/claim-creation.test.ts +0 -415
package/src/tests/describe-with-server.ts +0 -94
package/src/tests/gcp-attestation.test.ts +0 -206
package/src/tests/http-parser.test.ts +0 -135
package/src/tests/http-provider-utils.test.ts +0 -3306
package/src/tests/http-provider.test.ts +0 -125
package/src/tests/jsc.test_mac.ts +0 -296
package/src/tests/mock-provider-server.ts +0 -106
package/src/tests/mocks.ts +0 -25
package/src/tests/proof_bundle.bin +0 -0
package/src/tests/rpc-communication.test.ts +0 -115
package/src/tests/rpc-tunnel.test.ts +0 -239
package/src/tests/signatures.test.ts +0 -37
package/src/tests/tcp-tunnel.test.ts +0 -154
package/src/tests/tee-bundle.test.ts +0 -321
package/src/tests/tee-signatures.test.ts +0 -81
package/src/tests/utils.ts +0 -108
package/src/tests/verification_bundle.pb +0 -0
package/src/tests/verification_bundle_tee.pb +0 -0
package/src/tests/zk.test.ts +0 -453
package/src/types/bgp.ts +0 -17
package/src/types/claims.ts +0 -79
package/src/types/client.ts +0 -205
package/src/types/general.ts +0 -61
package/src/types/handlers.ts +0 -16
package/src/types/index.ts +0 -10
package/src/types/providers.gen.ts +0 -135
package/src/types/providers.ts +0 -203
package/src/types/rpc.ts +0 -46
package/src/types/signatures.ts +0 -29
package/src/types/tunnel.ts +0 -25
package/src/types/zk.ts +0 -31
package/src/utils/auth.ts +0 -92
package/src/utils/b64-json.ts +0 -25
package/src/utils/bgp-listener.ts +0 -159
package/src/utils/claims.ts +0 -132
package/src/utils/env.ts +0 -21
package/src/utils/error.ts +0 -76
package/src/utils/generics.ts +0 -429
package/src/utils/http-parser.ts +0 -312
package/src/utils/index.ts +0 -13
package/src/utils/logger.ts +0 -114
package/src/utils/prepare-packets.ts +0 -98
package/src/utils/redactions.ts +0 -203
package/src/utils/retries.ts +0 -41
package/src/utils/signatures/eth.ts +0 -35
package/src/utils/signatures/index.ts +0 -11
package/src/utils/socket-base.ts +0 -132
package/src/utils/ws.ts +0 -30
package/src/utils/zk.ts +0 -908

package/src/server/utils/tee-transcript-reconstruction.ts DELETED Viewed

@@ -1,254 +0,0 @@
-/**
- * TLS Transcript Reconstruction from TEE data
- */
-import type { CertificateInfo } from '#src/proto/tee-bundle.ts'
-import type { TeeBundleData } from '#src/server/utils/tee-verification.ts'
-import type { Logger } from '#src/types/general.ts'
-import { AttestorError } from '#src/utils/error.ts'
-import { REDACTION_CHAR_CODE } from '#src/utils/index.ts'
-// Types specific to transcript reconstruction
-export interface TeeTranscriptData {
-	revealedRequest: Uint8Array
-	reconstructedResponse: Uint8Array
-	certificateInfo?: CertificateInfo
-	responseTrimOffset?: number // Number of leading asterisks trimmed from response
-}
-/**
- * Reconstructs TLS transcript from TEE bundle data
- * @param bundleData - Validated TEE bundle data
- * @param logger - Logger instance
- * @param oprfResults - Optional OPRF results to apply during reconstruction
- * @returns Reconstructed transcript data
- */
-export async function reconstructTlsTranscript(
-	bundleData: TeeBundleData,
-	logger: Logger,
-	oprfResults?: Array<{ position: number, length: number, output: Uint8Array }>
-): Promise<TeeTranscriptData> {
-	try {
-		// 1. Reconstruct request using proof stream
-		const revealedRequest = reconstructRequest(bundleData, logger)
-		// 2. Reconstruct response using consolidated keystream and ciphertext
-		const reconstructedResponse = await reconstructConsolidatedResponse(bundleData, logger, oprfResults)
-		// 3. Extract certificate info from TEE_K payload
-		const certificateInfo = bundleData.kOutputPayload.certificateInfo
-		logger.info('TLS transcript reconstruction completed successfully', {
-			requestSize: revealedRequest.length,
-			responseSize: reconstructedResponse.length,
-			hasCertificateInfo: !!certificateInfo
-		})
-		return {
-			revealedRequest,
-			reconstructedResponse,
-			certificateInfo
-		}
-	} catch(error) {
-		logger.error({ error }, 'TLS transcript reconstruction failed')
-		throw new AttestorError('ERROR_INVALID_CLAIM', `Transcript reconstruction failed: ${(error as Error).message}`)
-	}
-}
-/**
- * Reconstructs the original request by applying proof stream to redacted request
- */
-function reconstructRequest(bundleData: TeeBundleData, logger: Logger): Uint8Array {
-	const { kOutputPayload } = bundleData
-	if(!kOutputPayload.requestRedactionRanges || kOutputPayload.requestRedactionRanges.length === 0) {
-		logger.warn('No request redaction ranges - using redacted request as-is')
-		return kOutputPayload.redactedRequest
-	}
-	// Create a copy of the redacted request
-	const revealedRequest = new Uint8Array(kOutputPayload.redactedRequest)
-	// Create pretty display: show revealed proof data, but keep other sensitive data as '*'
-	const prettyRequest = new Uint8Array(revealedRequest)
-	for(const range of kOutputPayload.requestRedactionRanges) {
-		// Keep non-proof sensitive data as '*' for display
-		if(!range.type.includes('proof')) {
-			const start = range.start
-			const length = range.length
-			for(let i = 0; i < length && start + i < prettyRequest.length; i++) {
-				prettyRequest[start + i] = REDACTION_CHAR_CODE
-			}
-		}
-	}
-	return prettyRequest
-}
-/**
- * NEW: Reconstructs response using consolidated keystream and ciphertext
- * This is much simpler than the old packet-by-packet approach
- */
-async function reconstructConsolidatedResponse(bundleData: TeeBundleData, logger: Logger, oprfResults?: Array<{
-	position: number
-	length: number
-	output: Uint8Array
-}>): Promise<Uint8Array> {
-	const { kOutputPayload, tOutputPayload } = bundleData
-	// Get consolidated data from both TEEs
-	const consolidatedKeystream = kOutputPayload.consolidatedResponseKeystream
-	const consolidatedCiphertext = tOutputPayload.consolidatedResponseCiphertext
-	if(!consolidatedKeystream || consolidatedKeystream.length === 0) {
-		throw new AttestorError('ERROR_INVALID_CLAIM', 'No consolidated response keystream available')
-	}
-	if(!consolidatedCiphertext || consolidatedCiphertext.length === 0) {
-		throw new AttestorError('ERROR_INVALID_CLAIM', 'No consolidated response ciphertext available')
-	}
-	// Verify lengths match
-	if(consolidatedKeystream.length !== consolidatedCiphertext.length) {
-		logger.warn('Keystream and ciphertext length mismatch', {
-			keystreamLength: consolidatedKeystream.length,
-			ciphertextLength: consolidatedCiphertext.length
-		})
-	}
-	// XOR to get plaintext (keystream XOR ciphertext = plaintext)
-	const minLength = Math.min(consolidatedKeystream.length, consolidatedCiphertext.length)
-	const reconstructedResponse = new Uint8Array(minLength)
-	for(let i = 0; i < minLength; i++) {
-		reconstructedResponse[i] = consolidatedKeystream[i] ^ consolidatedCiphertext[i]
-	}
-	logger.info(`Reconstructed response: ${reconstructedResponse.length} bytes, ${kOutputPayload.responseRedactionRanges?.length || 0} redaction ranges`)
-	// Apply response redaction ranges to the reconstructed response
-	let processedResponse = applyResponseRedactionRanges(reconstructedResponse, kOutputPayload.responseRedactionRanges, logger)
-	// Apply OPRF replacements BEFORE trimming leading asterisks
-	if(oprfResults && oprfResults.length > 0) {
-		logger.info(`Applying ${oprfResults.length} OPRF replacements before trimming`)
-		const { replaceOprfRanges } = await import('#src/server/utils/tee-oprf-verification.ts')
-		processedResponse = replaceOprfRanges(processedResponse, oprfResults, logger)
-	}
-	// Count leading asterisks
-	let leadingAsterisks = 0
-	for(const element of processedResponse) {
-		if(element === REDACTION_CHAR_CODE) {
-			leadingAsterisks++
-		} else {
-			break
-		}
-	}
-	// Count trailing asterisks (may contain undesired data like alerts)
-	let trailingAsterisks = 0
-	for(let i = processedResponse.length - 1; i >= leadingAsterisks; i--) {
-		if(processedResponse[i] === REDACTION_CHAR_CODE) {
-			trailingAsterisks++
-		} else {
-			break
-		}
-	}
-	const finalLength = processedResponse.length - leadingAsterisks - trailingAsterisks
-	logger.info(`After processing: ${processedResponse.length} bytes, ${leadingAsterisks} leading and ${trailingAsterisks} trailing asterisks trimmed, final: ${finalLength} bytes`)
-	return processedResponse.slice(leadingAsterisks, processedResponse.length - trailingAsterisks)
-}
-// Removed legacy packet-based extraction functions since we now use consolidated streams
-/**
- * Applies response redaction ranges to replace random garbage with asterisks
- * Response redaction ranges have NO type field - they all work the same way (binary redaction)
- */
-function applyResponseRedactionRanges(
-	response: Uint8Array,
-	redactionRanges?: Array<{ start: number, length: number }>,
-	logger?: Logger
-): Uint8Array {
-	if(!redactionRanges || redactionRanges.length === 0) {
-		return response
-	}
-	const result = new Uint8Array(response)
-	// Consolidate overlapping ranges (same as client implementation)
-	const consolidatedRanges = consolidateRedactionRanges(redactionRanges)
-	if(logger) {
-		logger.info(`Applying ${consolidatedRanges.length} redaction ranges to ${response.length} byte response`)
-	}
-	// Apply each redaction range to replace random garbage with asterisks
-	for(const [idx, range] of consolidatedRanges.entries()) {
-		const rangeStart = range.start
-		const rangeEnd = range.start + range.length
-		// Check bounds
-		if(rangeStart < 0 || rangeEnd > result.length) {
-			if(logger) {
-				logger.warn(`Redaction range #${idx} out of bounds: [${rangeStart}-${rangeEnd}] vs ${result.length}`)
-			}
-			continue
-		}
-		if(logger && idx < 3) {
-			logger.info(`Redaction range #${idx}: [${rangeStart}-${rangeEnd}]`)
-		}
-		// Replace random garbage with asterisks
-		for(let i = rangeStart; i < rangeEnd; i++) {
-			result[i] = REDACTION_CHAR_CODE
-		}
-	}
-	return result
-}
-/**
- * Consolidates overlapping redaction ranges
- */
-function consolidateRedactionRanges(
-	ranges: Array<{ start: number, length: number }>
-): Array<{ start: number, length: number }> {
-	if(ranges.length === 0) {
-		return []
-	}
-	// Sort ranges by start position
-	const sortedRanges = [...ranges].sort((a, b) => a.start - b.start)
-	const consolidated: Array<{ start: number, length: number }> = []
-	let current = { ...sortedRanges[0] }
-	for(let i = 1; i < sortedRanges.length; i++) {
-		const next = sortedRanges[i]
-		// Check if ranges overlap or are adjacent
-		if(next.start <= current.start + current.length) {
-			// Merge ranges
-			const endCurrent = current.start + current.length
-			const endNext = next.start + next.length
-			current.length = Math.max(endCurrent, endNext) - current.start
-		} else {
-			// No overlap, add current and move to next
-			consolidated.push(current)
-			current = { ...next }
-		}
-	}
-	consolidated.push(current)
-	return consolidated
-}