@layr-labs/ecloud-sdk 0.0.1-rfc.1 → 0.1.0-dev.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +264 -48
- package/VERSION +2 -0
- package/dist/index.cjs +1702 -2490
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +699 -82
- package/dist/index.d.ts +699 -82
- package/dist/index.js +1704 -2529
- package/dist/index.js.map +1 -1
- package/package.json +8 -6
- package/tools/kms-client-linux-amd64 +0 -0
- package/tools/tls-keygen-linux-amd64 +0 -0
- package/dist/keys/mainnet-alpha/prod/kms-encryption-public-key.pem +0 -14
- package/dist/keys/mainnet-alpha/prod/kms-signing-public-key.pem +0 -4
- package/dist/keys/sepolia/dev/kms-encryption-public-key.pem +0 -14
- package/dist/keys/sepolia/dev/kms-signing-public-key.pem +0 -4
- package/dist/keys/sepolia/prod/kms-encryption-public-key.pem +0 -14
- package/dist/keys/sepolia/prod/kms-signing-public-key.pem +0 -4
- package/dist/templates/Dockerfile.layered.tmpl +0 -58
- package/dist/templates/compute-source-env.sh.tmpl +0 -110
package/package.json
CHANGED
|
@@ -1,12 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@layr-labs/ecloud-sdk",
|
|
3
|
-
"version": "0.0
|
|
3
|
+
"version": "0.1.0-dev.1",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
8
8
|
"files": [
|
|
9
9
|
"dist",
|
|
10
|
+
"tools",
|
|
11
|
+
"VERSION",
|
|
10
12
|
"README.md"
|
|
11
13
|
],
|
|
12
14
|
"exports": {
|
|
@@ -17,12 +19,12 @@
|
|
|
17
19
|
}
|
|
18
20
|
},
|
|
19
21
|
"scripts": {
|
|
20
|
-
"build": "tsup
|
|
21
|
-
"
|
|
22
|
-
"test:build-type": "node test-build-type.js",
|
|
22
|
+
"build": "tsup",
|
|
23
|
+
"prepublishOnly": "cp ../../README.md .",
|
|
23
24
|
"lint": "eslint .",
|
|
24
25
|
"format": "prettier --check .",
|
|
25
|
-
"format:fix": "prettier --write ."
|
|
26
|
+
"format:fix": "prettier --write .",
|
|
27
|
+
"typecheck": "tsc --noEmit"
|
|
26
28
|
},
|
|
27
29
|
"dependencies": {
|
|
28
30
|
"@inquirer/prompts": "^7.10.1",
|
|
@@ -34,7 +36,7 @@
|
|
|
34
36
|
"handlebars": "^4.7.8",
|
|
35
37
|
"jose": "^6.1.2",
|
|
36
38
|
"js-yaml": "^4.1.1",
|
|
37
|
-
"node-forge": "^1.3.
|
|
39
|
+
"node-forge": "^1.3.2",
|
|
38
40
|
"viem": "^2.38.6"
|
|
39
41
|
},
|
|
40
42
|
"devDependencies": {
|
|
Binary file
|
|
Binary file
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
-----BEGIN PUBLIC KEY-----
|
|
2
|
-
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0kHU86k17ofCIGcJKDcf
|
|
3
|
-
AFurFhSLeWmOL0bwWLCeVnTPG0MMHtJOq+woE0XXSWw6lzm+jzavBBTwKde1dgal
|
|
4
|
-
Ap91vULAZFMUpiUdd2dNUVtvU89qW0Pgf1Eu5FDj7BkY/SnyECbWJM4ga0BmpiGy
|
|
5
|
-
nQwLNN9mMGhjVoVLn2zwEGZ7JzS9Nz11EZKO/k/9DcO6LaoIFmKuvVf3jl6lvZg8
|
|
6
|
-
aeA0LoZXjkycHlRUt/kfKwZnhakUaYHP1ksV7ZNmolS5GYDTSKGB2KPPNR1s4/Xu
|
|
7
|
-
u8zeEFC8HuGRU8XuuBeaAunitnGhbNVREUNJGff6HZOGB6CIFNXjbQETeZ3p5uro
|
|
8
|
-
0v+hd1QqQYBv7+DEaMCmGnJNGAyIMr2mn4vr7wGsIj0HonlSHmQ8rmdUhL2ocNTc
|
|
9
|
-
LhKgZiZmBuDpSbFW/r53R2G7CHcqaqGeUBnT54QCH4zsYKw0/4dOtwFxQpTyBf9/
|
|
10
|
-
+k+KaWEJYKkx9d9OzKGyAvzrTDVOFoajddiJ6LPvRlMdOUQr3hl4IAC0/nh9lhHq
|
|
11
|
-
D0R+i5WAU96TkdAe7B7iTGH2D22k0KUPR6Q9W3aF353SLxQAMPNrgG4QQufAdRJn
|
|
12
|
-
AF+8ntun5TkTqjTWRSwAsUJZ1z4wb96DympWJbDi0OciJRZ3Fz3j9+amC43yCHGg
|
|
13
|
-
aaEMjdt35ewbztUSc04F10MCAwEAAQ==
|
|
14
|
-
-----END PUBLIC KEY-----
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
-----BEGIN PUBLIC KEY-----
|
|
2
|
-
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr/vqttU6aXX35HtsXavU
|
|
3
|
-
5teysunDzZB3HyaFM4qcuRnqj+70KxqLOwZsERN5SwZ/56Jm8T2ds1CcXsQCMUMw
|
|
4
|
-
+MPlsF6KMGfzghLtYHONwvKLnn+U9y886aAay6W8a0A7O7YCZehNYD3kQnCXjOIc
|
|
5
|
-
Mj6v8AEvMw+w/lNabjRXnwSBMKVIGp/cSL0hGwt8fGoC3TsxQN9opzvU1Z4rAw9K
|
|
6
|
-
a119l6dlPnqezDva378TCaXDjqKe/jSZOI1CcYpaSK2SJ+95Wbvte5j3lXbg1oT2
|
|
7
|
-
0rXeJUHEJ68QxMtJplfw0Sg+Ek4CUJ2c/kbdg0u7sIIO5wcB4WHL/Lfbw2XPmcBI
|
|
8
|
-
t0r0EC575D3iHF/aI01Ms2IRA0GDeHnNcr5FJLWJljTjNLEt4tFITrXwBe1Ealm3
|
|
9
|
-
NCxamApl5bBSwQ72Gb5fiQFwB8Fl2/XG3wfGTFInFEvWE4c/H8dtu1wHTsyEFZcG
|
|
10
|
-
B47IkD5GBSZq90Hd9xuZva55dxGpqUVrEJO88SqHGP9Oa+HLTYdEe5AR5Hitw4Mu
|
|
11
|
-
dk1cCH+X5OqY9dfpdoCNbKAM0N2SJvNAnDTU2JKGYheXrnDslXR6atBmU5gDkH+W
|
|
12
|
-
QVryDYl9xbwWIACMQsAQjrrtKw5xqJ4V89+06FN/wyEVF7KWAcJ4AhKiVnCvLqzb
|
|
13
|
-
BbISc+gOkRsefhCDJVPEKDkCAwEAAQ==
|
|
14
|
-
-----END PUBLIC KEY-----
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
-----BEGIN PUBLIC KEY-----
|
|
2
|
-
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApDvk8pAivkgtiC5li5MP
|
|
3
|
-
xMTJDduTeorBl18ynrooTxp2BwwgPwXfXbJaCA0qRubvc0aO2uh2VDrPM27CqMLH
|
|
4
|
-
o2S9YLtpLii4A1Nl7SE/MdWKWdG6v94xNGpc2YyPP7yWtHfqOkgDWp8sokl3Uq/9
|
|
5
|
-
MS0pjUaI7RyS5boCTy8Qw90BxGMpucjOmqm+luw4EdPWZCrgriUR2bbGRRgAmrT1
|
|
6
|
-
K4ou4IgPp799r120hwHbCWxnOvLdQdpiv2507b900xS/3yZahhnHCAn66146LU/f
|
|
7
|
-
BrRpQKSM0qSpktXrrc9MH/ru2VLR5cGLp89ZcZMQA9cRGglWM5XWVY3Ti2TPJ6Kd
|
|
8
|
-
An1d7qNkGJaSdVa3x3HkOf6c6HeTyqis5/L/6L+PFhUsTRbmKg1FtwD+3xxdyf7h
|
|
9
|
-
abFxryE9rv+WatHL6r6z5ztV0znJ/Fpfs5A45FWA6pfb28fA59RGpi/DQ8RxgdCH
|
|
10
|
-
nZRNvdz8dTgRaXSPgkfGXBcCFqb/QhFmad7XbWDthGzfhbPOxNPtiaGRQ1Dr/Pgq
|
|
11
|
-
n0ugdLbRQLmDOAFgaQcnr0U4y1TUlWJnvoZMETkVN7gmITtXA4F324ALT7Rd+Lgk
|
|
12
|
-
HikW5vG+NjAEwXfPsK0YzT+VbHd7o1lbru9UxiDlN03XVEkz/oRQi47CvSTo3FSr
|
|
13
|
-
5dB4lz8kov3UUcNJfQFZolMCAwEAAQ==
|
|
14
|
-
-----END PUBLIC KEY-----
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
{{#if includeTLS}}
|
|
2
|
-
# Get Caddy from official image
|
|
3
|
-
FROM caddy:2.10.2-alpine AS caddy
|
|
4
|
-
{{/if}}
|
|
5
|
-
|
|
6
|
-
FROM {{baseImage}}
|
|
7
|
-
|
|
8
|
-
{{#if originalUser}}
|
|
9
|
-
# Switch to root to perform setup (base image has non-root USER: {{originalUser}})
|
|
10
|
-
USER root
|
|
11
|
-
{{/if}}
|
|
12
|
-
|
|
13
|
-
# Copy core TEE components
|
|
14
|
-
COPY compute-source-env.sh /usr/local/bin/
|
|
15
|
-
COPY kms-client /usr/local/bin/
|
|
16
|
-
COPY kms-signing-public-key.pem /usr/local/bin/
|
|
17
|
-
|
|
18
|
-
{{#if includeTLS}}
|
|
19
|
-
# Copy Caddy from official image
|
|
20
|
-
COPY --from=caddy /usr/bin/caddy /usr/local/bin/caddy
|
|
21
|
-
|
|
22
|
-
# Copy TLS components
|
|
23
|
-
COPY tls-keygen /usr/local/bin/
|
|
24
|
-
COPY Caddyfile /etc/caddy/
|
|
25
|
-
{{/if}}
|
|
26
|
-
|
|
27
|
-
{{#if originalUser}}
|
|
28
|
-
# Make binaries executable (755 for executables, 644 for keys)
|
|
29
|
-
RUN chmod 755 /usr/local/bin/compute-source-env.sh \
|
|
30
|
-
&& chmod 755 /usr/local/bin/kms-client{{#if includeTLS}} \
|
|
31
|
-
&& chmod 755 /usr/local/bin/tls-keygen \
|
|
32
|
-
&& chmod 755 /usr/local/bin/caddy{{/if}} \
|
|
33
|
-
&& chmod 644 /usr/local/bin/kms-signing-public-key.pem
|
|
34
|
-
|
|
35
|
-
# Switch back to the original user from base image
|
|
36
|
-
USER {{originalUser}}
|
|
37
|
-
{{else}}
|
|
38
|
-
# Make binaries executable (preserve existing permissions, just add execute)
|
|
39
|
-
RUN chmod +x /usr/local/bin/compute-source-env.sh \
|
|
40
|
-
&& chmod +x /usr/local/bin/kms-client{{#if includeTLS}} \
|
|
41
|
-
&& chmod +x /usr/local/bin/tls-keygen{{/if}}
|
|
42
|
-
{{/if}}
|
|
43
|
-
|
|
44
|
-
{{#if logRedirect}}
|
|
45
|
-
|
|
46
|
-
LABEL tee.launch_policy.log_redirect={{logRedirect}}
|
|
47
|
-
{{/if}}
|
|
48
|
-
|
|
49
|
-
LABEL eigenx_cli_version={{ecloudCLIVersion}}
|
|
50
|
-
LABEL eigenx_use_ita=True
|
|
51
|
-
|
|
52
|
-
{{#if includeTLS}}
|
|
53
|
-
# Expose both HTTP and HTTPS ports for Caddy
|
|
54
|
-
EXPOSE 80 443
|
|
55
|
-
{{/if}}
|
|
56
|
-
|
|
57
|
-
ENTRYPOINT ["/usr/local/bin/compute-source-env.sh"]
|
|
58
|
-
CMD {{{originalCmd}}}
|
|
@@ -1,110 +0,0 @@
|
|
|
1
|
-
#!/bin/sh
|
|
2
|
-
echo "compute-source-env.sh: Running setup script..."
|
|
3
|
-
|
|
4
|
-
# Fetch and source environment variables from KMS
|
|
5
|
-
echo "Fetching secrets from KMS..."
|
|
6
|
-
if /usr/local/bin/kms-client \
|
|
7
|
-
--kms-server-url "{{kmsServerURL}}" \
|
|
8
|
-
--kms-signing-key-file /usr/local/bin/kms-signing-public-key.pem \
|
|
9
|
-
--userapi-url "{{userAPIURL}}" \
|
|
10
|
-
--output /tmp/.env; then
|
|
11
|
-
echo "compute-source-env.sh: Successfully fetched environment variables from KMS"
|
|
12
|
-
set -a && . /tmp/.env && set +a
|
|
13
|
-
rm -f /tmp/.env
|
|
14
|
-
else
|
|
15
|
-
echo "compute-source-env.sh: ERROR - Failed to fetch environment variables from KMS"
|
|
16
|
-
echo "compute-source-env.sh: Exiting - cannot start user workload without KMS secrets"
|
|
17
|
-
exit 1
|
|
18
|
-
fi
|
|
19
|
-
|
|
20
|
-
# Setup TLS if tls-keygen is present (which means TLS was configured at build time)
|
|
21
|
-
setup_tls() {
|
|
22
|
-
# If tls-keygen isn't present, TLS wasn't configured during build
|
|
23
|
-
if [ ! -x /usr/local/bin/tls-keygen ]; then
|
|
24
|
-
echo "compute-source-env.sh: TLS not configured (no tls-keygen binary)"
|
|
25
|
-
return 0
|
|
26
|
-
fi
|
|
27
|
-
|
|
28
|
-
local domain="${DOMAIN:-}"
|
|
29
|
-
local mnemonic="${MNEMONIC:-}"
|
|
30
|
-
|
|
31
|
-
# Since tls-keygen is present, TLS is expected - validate requirements
|
|
32
|
-
if [ -z "$domain" ] || [ "$domain" = "localhost" ]; then
|
|
33
|
-
echo "compute-source-env.sh: ERROR - TLS binary present but DOMAIN not configured or is localhost"
|
|
34
|
-
echo "compute-source-env.sh: Set DOMAIN environment variable to a valid domain"
|
|
35
|
-
exit 1
|
|
36
|
-
fi
|
|
37
|
-
|
|
38
|
-
if [ -z "$mnemonic" ]; then
|
|
39
|
-
echo "compute-source-env.sh: ERROR - TLS binary present but MNEMONIC not available"
|
|
40
|
-
echo "compute-source-env.sh: Cannot obtain TLS certificate without mnemonic"
|
|
41
|
-
exit 1
|
|
42
|
-
fi
|
|
43
|
-
|
|
44
|
-
if [ ! -x /usr/local/bin/caddy ]; then
|
|
45
|
-
echo "compute-source-env.sh: ERROR - TLS binary present but Caddy not found"
|
|
46
|
-
exit 1
|
|
47
|
-
fi
|
|
48
|
-
|
|
49
|
-
echo "compute-source-env.sh: Setting up TLS for domain: $domain"
|
|
50
|
-
|
|
51
|
-
# Obtain TLS certificate using ACME
|
|
52
|
-
# Default to http-01, but allow override via ACME_CHALLENGE env var
|
|
53
|
-
local challenge="${ACME_CHALLENGE:-http-01}"
|
|
54
|
-
|
|
55
|
-
# Check if we should use staging (for testing)
|
|
56
|
-
local staging_flag=""
|
|
57
|
-
if [ "${ACME_STAGING:-false}" = "true" ]; then
|
|
58
|
-
staging_flag="-staging"
|
|
59
|
-
echo "compute-source-env.sh: Using Let's Encrypt STAGING environment (certificates won't be trusted)"
|
|
60
|
-
fi
|
|
61
|
-
|
|
62
|
-
echo "compute-source-env.sh: Obtaining TLS certificate using $challenge challenge..."
|
|
63
|
-
# Pass the API URL for certificate persistence
|
|
64
|
-
if ! MNEMONIC="$mnemonic" DOMAIN="$domain" API_URL="{{userAPIURL}}" /usr/local/bin/tls-keygen \
|
|
65
|
-
-challenge "$challenge" \
|
|
66
|
-
$staging_flag; then
|
|
67
|
-
echo "compute-source-env.sh: ERROR - Failed to obtain TLS certificate"
|
|
68
|
-
echo "compute-source-env.sh: Certificate issuance failed for $domain"
|
|
69
|
-
exit 1
|
|
70
|
-
fi
|
|
71
|
-
|
|
72
|
-
echo "compute-source-env.sh: TLS certificate obtained successfully"
|
|
73
|
-
|
|
74
|
-
# Validate Caddyfile before starting
|
|
75
|
-
if ! /usr/local/bin/caddy validate --config /etc/caddy/Caddyfile --adapter caddyfile 2>/dev/null; then
|
|
76
|
-
echo "compute-source-env.sh: ERROR - Invalid Caddyfile"
|
|
77
|
-
echo "compute-source-env.sh: TLS was requested (DOMAIN=$domain) but setup failed"
|
|
78
|
-
exit 1
|
|
79
|
-
fi
|
|
80
|
-
|
|
81
|
-
# Start Caddy in background
|
|
82
|
-
echo "compute-source-env.sh: Starting Caddy reverse proxy..."
|
|
83
|
-
|
|
84
|
-
# Check if Caddy logs should be enabled
|
|
85
|
-
if [ "${ENABLE_CADDY_LOGS:-false}" = "true" ]; then
|
|
86
|
-
if ! /usr/local/bin/caddy start --config /etc/caddy/Caddyfile --adapter caddyfile 2>&1; then
|
|
87
|
-
echo "compute-source-env.sh: ERROR - Failed to start Caddy"
|
|
88
|
-
echo "compute-source-env.sh: TLS was requested (DOMAIN=$domain) but setup failed"
|
|
89
|
-
exit 1
|
|
90
|
-
fi
|
|
91
|
-
else
|
|
92
|
-
# Redirect Caddy output to /dev/null to silence logs
|
|
93
|
-
if ! /usr/local/bin/caddy start --config /etc/caddy/Caddyfile --adapter caddyfile >/dev/null 2>&1; then
|
|
94
|
-
echo "compute-source-env.sh: ERROR - Failed to start Caddy"
|
|
95
|
-
echo "compute-source-env.sh: TLS was requested (DOMAIN=$domain) but setup failed"
|
|
96
|
-
exit 1
|
|
97
|
-
fi
|
|
98
|
-
fi
|
|
99
|
-
|
|
100
|
-
# Give Caddy a moment to fully initialize
|
|
101
|
-
sleep 2
|
|
102
|
-
echo "compute-source-env.sh: Caddy started successfully"
|
|
103
|
-
return 0
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
# Run TLS setup
|
|
107
|
-
setup_tls
|
|
108
|
-
|
|
109
|
-
echo "compute-source-env.sh: Environment sourced."
|
|
110
|
-
exec "$@"
|