@reclaimprotocol/attestor-core 5.0.1-beta.1 → 5.0.1-beta.2

package/lib/scripts/generate-provider-types.js

@@ -0,0 +1,101 @@
+import { readdir, readFile, writeFile } from "fs/promises";
+import { compile } from "json-schema-to-typescript";
+import { parse } from "yaml";
+const PROVIDER_SCHEMAS_PATH = "./provider-schemas";
+const GEN_TS_FILENAME = "./src/types/providers.gen.ts";
+const BinaryDataType = "BinaryData";
+async function main() {
+  const folders = await findAllProviderFolders();
+  console.log(`Generating for ${folders.length} provider folders`);
+  let ts = "/* eslint-disable */\n/* Generated file. Do not edit */";
+  ts += `
+
+type ${BinaryDataType} = Uint8Array | string
+`;
+  let providerTypeMap = "\nexport interface ProvidersConfig {\n";
+  let providerSchemaMap = "\nexport const PROVIDER_SCHEMAS = {\n";
+  for (const folder of folders) {
+    const {
+      schemaTitle: paramsSchemaTitle,
+      ts: paramsSchemaTs,
+      jsonTitle: paramsJsonTitle
+    } = await generateTsFromYamlSchema(folder, "parameters");
+    const {
+      schemaTitle: secretParamsSchemaTitle,
+      ts: secretParamsSchemaTs,
+      jsonTitle: secretParamsJsonTitle
+    } = await generateTsFromYamlSchema(
+      folder,
+      "secret-parameters"
+    );
+    ts += `
+${paramsSchemaTs}
+${secretParamsSchemaTs}`;
+    providerTypeMap += `	${folder}: {
+`;
+    providerTypeMap += `		parameters: ${paramsSchemaTitle}
+`;
+    providerTypeMap += `		secretParameters: ${secretParamsSchemaTitle}
+`;
+    providerTypeMap += "	}\n";
+    providerSchemaMap += `	${folder}: {
+`;
+    providerSchemaMap += `		parameters: ${paramsJsonTitle},
+`;
+    providerSchemaMap += `		secretParameters: ${secretParamsJsonTitle}
+`;
+    providerSchemaMap += "	},\n";
+  }
+  providerTypeMap += "}\n";
+  providerSchemaMap += "}\n";
+  ts += providerTypeMap;
+  ts += providerSchemaMap;
+  await writeFile(GEN_TS_FILENAME, ts);
+  console.log(`Wrote to ${GEN_TS_FILENAME}`);
+}
+async function getJsonSchemaForProvider(name, type) {
+  const paramsYaml = await readFile(
+    `${PROVIDER_SCHEMAS_PATH}/${name}/${type}.yaml`,
+    { encoding: "utf-8" }
+  );
+  const paramsJson = parse(paramsYaml);
+  return paramsJson;
+}
+async function generateTsFromYamlSchema(name, type) {
+  const paramsJson = await getJsonSchemaForProvider(name, type);
+  let paramsSchemaTs = await compile(
+    paramsJson,
+    "",
+    {
+      additionalProperties: false,
+      bannerComment: "",
+      ignoreMinAndMaxItems: true,
+      declareExternallyReferenced: false,
+      customName({ type: type2, format }) {
+        if (type2 === "string" && format === "binary") {
+          return BinaryDataType;
+        }
+        return void 0;
+      }
+    }
+  );
+  const jsonTitle = `${paramsJson.title}Json`;
+  paramsSchemaTs += `
+export const ${jsonTitle} = ${JSON.stringify(paramsJson)}`;
+  return {
+    ts: paramsSchemaTs,
+    schemaTitle: paramsJson.title,
+    jsonTitle
+  };
+}
+async function findAllProviderFolders() {
+  const providerFolders = await readdir(
+    PROVIDER_SCHEMAS_PATH,
+    { withFileTypes: true }
+  );
+  return providerFolders.filter((p) => p.isDirectory()).map((p) => p.name);
+}
+void main();
+export {
+  generateTsFromYamlSchema
+};

package/lib/scripts/generate-receipt.d.ts

@@ -0,0 +1,9 @@
+import '#src/server/utils/config-env.ts';
+import type { ProviderName, ProviderParams, ProviderSecretParams } from '#src/index.ts';
+type ProviderReceiptGenerationParams<P extends ProviderName> = {
+    name: P;
+    params: ProviderParams<P>;
+    secretParams: ProviderSecretParams<P>;
+};
+export declare function main<T extends ProviderName>(receiptParams?: ProviderReceiptGenerationParams<T>): Promise<void>;
+export {};

package/lib/scripts/generate-receipt.js

@@ -0,0 +1,101 @@
+import "../server/utils/config-env.js";
+import { setCryptoImplementation } from "@reclaimprotocol/tls";
+import { webcryptoCrypto } from "@reclaimprotocol/tls/webcrypto";
+import { readFile } from "fs/promises";
+import {
+  API_SERVER_PORT,
+  createClaimOnAttestor,
+  getAttestorClientFromPool,
+  getTranscriptString,
+  logger,
+  providers,
+  WS_PATHNAME
+} from "../index.js";
+import { getCliArgument } from "../scripts/utils.js";
+import { createServer, decryptTranscript } from "../server/index.js";
+import { assertValidateProviderParams } from "../server/utils/validation.js";
+import { getEnvVariable } from "../utils/env.js";
+setCryptoImplementation(webcryptoCrypto);
+const DEFAULT_ATTESTOR_HOST_PORT = "wss://eu.attestor.reclaimprotocol.org/ws";
+const PRIVATE_KEY_HEX = getEnvVariable("PRIVATE_KEY_HEX") || "0x0123788edad59d7c013cdc85e4372f350f828e2cec62d9a2de4560e69aec7f89";
+let server;
+async function main(receiptParams) {
+  const paramsJson = receiptParams ?? await getInputParameters();
+  if (!(paramsJson.name in providers)) {
+    throw new Error(`Unknown provider "${paramsJson.name}"`);
+  }
+  assertValidateProviderParams(paramsJson.name, paramsJson.params);
+  let attestorHostPort = getCliArgument("attestor") || DEFAULT_ATTESTOR_HOST_PORT;
+  if (attestorHostPort === "local") {
+    console.log("starting local attestor server...");
+    server = await createServer();
+    attestorHostPort = `ws://localhost:${API_SERVER_PORT}${WS_PATHNAME}`;
+  }
+  globalThis.ATTESTOR_BASE_URL = attestorHostPort.replace("ws://", "http://").replace("wss://", "https://");
+  const zkEngine = getCliArgument("zk") === "gnark" ? "gnark" : "stwo";
+  const { request, error, claim } = await createClaimOnAttestor({
+    name: paramsJson.name,
+    secretParams: paramsJson.secretParams,
+    params: paramsJson.params,
+    ownerPrivateKey: PRIVATE_KEY_HEX,
+    client: { url: attestorHostPort },
+    logger,
+    zkEngine
+  });
+  if (error) {
+    console.error("claim creation failed:", error);
+  } else {
+    const ctx = claim?.context ? JSON.parse(claim.context) : {};
+    console.log(`receipt is valid for ${paramsJson.name} provider`);
+    if (ctx.extractedParameters) {
+      console.log("extracted params:", ctx.extractedParameters);
+    }
+  }
+  if (!request) {
+    throw new Error("Missing request in claim");
+  }
+  const decTranscript = await decryptTranscript(
+    request?.transcript,
+    logger,
+    zkEngine,
+    request?.fixedServerIV,
+    request?.fixedClientIV
+  );
+  const transcriptStr = getTranscriptString(decTranscript);
+  console.log("receipt:\n", transcriptStr);
+  console.log("claim:\n", claim);
+  const client = getAttestorClientFromPool(attestorHostPort);
+  await client.terminateConnection();
+}
+async function getInputParameters() {
+  const paramsJsonFile = getCliArgument("json");
+  if (!paramsJsonFile) {
+    const name = getCliArgument("name");
+    const paramsStr = getCliArgument("params");
+    const secretParamsStr = getCliArgument("secretParams");
+    if (!name || !paramsStr || !secretParamsStr) {
+      throw new Error("Either provide --json argument for parameters JSON or provide separately with --name, --params & --secretParams");
+    }
+    return {
+      name,
+      params: JSON.parse(paramsStr),
+      secretParams: JSON.parse(secretParamsStr)
+    };
+  }
+  let fileContents = await readFile(paramsJsonFile, "utf8");
+  for (const variable in process.env) {
+    fileContents = fileContents.replace(
+      `{{${variable}}}`,
+      process.env[variable]
+    );
+  }
+  return JSON.parse(fileContents);
+}
+main().catch((err) => {
+  console.error("error in receipt gen", err);
+}).finally(() => {
+  server?.close();
+});
+export {
+  main
+};

package/lib/scripts/generate-toprf-keys.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/scripts/generate-toprf-keys.js

@@ -0,0 +1,24 @@
+import { hexlify } from "ethers";
+import { logger, makeDefaultOPRFOperator } from "../utils/index.js";
+const ENGINE = "gnark";
+const TOTAL_KEYS = 10;
+const THRESHOLD = 1;
+async function main() {
+  const op = makeDefaultOPRFOperator("chacha20", ENGINE, logger);
+  const {
+    publicKey,
+    privateKey,
+    shares
+  } = await op.generateThresholdKeys(TOTAL_KEYS, THRESHOLD);
+  logEnvValue("TOPRF_PUBLIC_KEY", publicKey);
+  logEnvValue("TOPRF_PRIVATE_KEY", privateKey);
+  for (const [i, share] of shares.entries()) {
+    console.log(`# Share ${i}`);
+    logEnvValue("TOPRF_SHARE_PUBLIC_KEY", share.publicKey);
+    logEnvValue("TOPRF_SHARE_PRIVATE_KEY", share.privateKey);
+  }
+}
+function logEnvValue(name, value) {
+  console.log(`${name}=${hexlify(value)}`);
+}
+void main();

package/lib/scripts/jsc-cli-rpc.d.ts

@@ -0,0 +1 @@
+import '#src/external-rpc/jsc-polyfills/index.ts';

package/lib/scripts/jsc-cli-rpc.js

@@ -0,0 +1,35 @@
+import "../external-rpc/jsc-polyfills/index.js";
+import { setCryptoImplementation } from "@reclaimprotocol/tls";
+import { pureJsCrypto } from "@reclaimprotocol/tls/purejs-crypto";
+import { handleIncomingMessage } from "../external-rpc/index.js";
+import { B64_JSON_REVIVER } from "../utils/b64-json.js";
+function readIncomingMsg() {
+  const cmd2 = readline();
+  return JSON.parse(cmd2, B64_JSON_REVIVER);
+}
+setCryptoImplementation(pureJsCrypto);
+print("Input base URL for attestor");
+const initCmd = readIncomingMsg();
+if (initCmd.type !== "init") {
+  throw new Error("Expected init command");
+}
+globalThis.RPC_CHANNEL_NAME = "cli";
+globalThis.ATTESTOR_BASE_URL = initCmd.attestorBaseUrl;
+const channel = {
+  postMessage(message) {
+    print(message);
+  }
+};
+globalThis[RPC_CHANNEL_NAME] = channel;
+print("reading RPC messages...");
+let cmd;
+while (cmd = readIncomingMsg(), cmd.type !== "quit") {
+  if (cmd.type === "init") {
+    continue;
+  }
+  handleIncomingMessage(cmd);
+  await new Promise((resolve) => {
+    setTimeout(resolve, 500);
+  });
+}
+print("done");

package/lib/scripts/register-avs-operator.d.ts

@@ -0,0 +1 @@
+import 'src/server/utils/config-env';

package/lib/scripts/register-avs-operator.js

@@ -0,0 +1,3 @@
+import "src/server/utils/config-env";
+import { registerOperator } from "../avs/utils/register.js";
+void registerOperator();

package/lib/scripts/start-server.d.ts

@@ -0,0 +1 @@
+import '#src/server/utils/config-env.ts';

package/lib/scripts/start-server.js

@@ -0,0 +1,11 @@
+import "../server/utils/config-env.js";
+import { setCryptoImplementation } from "@reclaimprotocol/tls";
+import { webcryptoCrypto } from "@reclaimprotocol/tls/webcrypto";
+import { getApm } from "../server/utils/apm.js";
+getApm();
+setCryptoImplementation(webcryptoCrypto);
+async function main() {
+  const { createServer } = await import("../server/index.js");
+  return createServer();
+}
+main();

package/lib/scripts/update-avs-metadata.d.ts

@@ -0,0 +1 @@
+import 'src/server/utils/config-env';

package/lib/scripts/update-avs-metadata.js

@@ -0,0 +1,20 @@
+import "src/server/utils/config-env";
+import { getContracts } from "../avs/utils/contracts.js";
+import { getCliArgument } from "../scripts/utils.js";
+async function main() {
+  const { contract } = getContracts();
+  const minSignaturesPerTask = getCliArgument("minSignaturesPerTask");
+  if (!minSignaturesPerTask) {
+    throw new Error(
+      "Provide operator address via --minSignaturesPerTask <num>"
+    );
+  }
+  const tx = await contract.updateTaskCreationMetadata({
+    minSignaturesPerTask: +(minSignaturesPerTask || 0),
+    maxTaskCreationDelayS: 0,
+    maxTaskLifetimeS: 0
+  });
+  await tx.wait();
+  console.log("Updated task creation metadata");
+}
+void main();

package/lib/scripts/utils.d.ts

@@ -0,0 +1 @@
+export declare function getCliArgument(arg: string): string | undefined;

package/lib/scripts/utils.js

@@ -0,0 +1,10 @@
+function getCliArgument(arg) {
+  const index = process.argv.indexOf(`--${arg}`);
+  if (index === -1) {
+    return void 0;
+  }
+  return process.argv[index + 1];
+}
+export {
+  getCliArgument
+};

package/lib/scripts/whitelist-operator.d.ts

@@ -0,0 +1 @@
+import 'src/server/utils/config-env';

package/lib/scripts/whitelist-operator.js

@@ -0,0 +1,16 @@
+import "src/server/utils/config-env";
+import { getContracts } from "../avs/utils/contracts.js";
+import { getCliArgument } from "../scripts/utils.js";
+async function main() {
+  const { contract } = getContracts();
+  const address = getCliArgument("address");
+  if (!address) {
+    throw new Error(
+      "Provide operator address via --address <addr>"
+    );
+  }
+  const tx = await contract.whitelistAddressAsOperator(address, true);
+  await tx.wait();
+  console.log("Whitelisted address:", address);
+}
+void main();

package/lib/server/create-server.d.ts

@@ -0,0 +1,8 @@
+import type { IncomingMessage } from 'http';
+import type { WebSocket } from 'ws';
+/**
+ * Creates the WebSocket API server,
+ * creates a fileserver to serve the browser RPC client,
+ * and listens on the given port.
+ */
+export declare function createServer(port?: number): Promise<import("ws").Server<typeof WebSocket, typeof IncomingMessage>>;

package/lib/server/create-server.js

@@ -0,0 +1,105 @@
+import { createServer as createHttpServer } from "http";
+import serveStatic from "serve-static";
+import { WebSocketServer } from "ws";
+import { API_SERVER_PORT, ATTESTOR_ADDRESS_PATHNAME, BROWSER_RPC_PATHNAME, WS_PATHNAME } from "../config/index.js";
+import { AttestorServerSocket } from "../server/socket.js";
+import { getAttestorAddress } from "../server/utils/generics.js";
+import { addKeepAlive } from "../server/utils/keep-alive.js";
+import { createBgpListener } from "../utils/bgp-listener.js";
+import { getEnvVariable } from "../utils/env.js";
+import { logger as LOGGER } from "../utils/index.js";
+import { SelectedServiceSignatureType } from "../utils/signatures/index.js";
+import { promisifySend } from "../utils/ws.js";
+const PORT = +(getEnvVariable("PORT") || API_SERVER_PORT);
+const DISABLE_BGP_CHECKS = getEnvVariable("DISABLE_BGP_CHECKS") === "1";
+const ATTESTOR_ADDRESS_JSON_RES = JSON.stringify({
+  address: getAttestorAddress(SelectedServiceSignatureType),
+  signatureType: SelectedServiceSignatureType
+});
+async function createServer(port = PORT) {
+  const http = createHttpServer();
+  const serveBrowserRpc = serveStatic(
+    "browser",
+    {
+      index: ["index.html"],
+      setHeaders(res) {
+        res.setHeader("Access-Control-Allow-Origin", "*");
+      }
+    }
+  );
+  const bgpListener = !DISABLE_BGP_CHECKS ? createBgpListener(LOGGER.child({ service: "bgp-listener" })) : void 0;
+  const wss = new WebSocketServer({ noServer: true });
+  http.on("upgrade", handleUpgrade.bind(wss));
+  http.on("request", (req, res) => {
+    const url = URL.parse(req.url || "", "http://localhost");
+    if (!url) {
+      res.statusCode = 422;
+      res.end("Invalid URL");
+      return;
+    }
+    if (url.pathname === ATTESTOR_ADDRESS_PATHNAME) {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(ATTESTOR_ADDRESS_JSON_RES);
+      return;
+    }
+    if (!url.pathname?.startsWith(BROWSER_RPC_PATHNAME)) {
+      res.statusCode = 404;
+      res.end("Not found");
+      return;
+    }
+    req.url = req.url.slice(BROWSER_RPC_PATHNAME.length) || "/";
+    serveBrowserRpc(req, res, (err) => {
+      if (err) {
+        LOGGER.error({ err, url: req.url }, "Failed to serve file");
+      }
+      res.statusCode = err?.statusCode ?? 404;
+      res.end(err?.message ?? "Not found");
+    });
+  });
+  http.listen(port);
+  await new Promise((resolve, reject) => {
+    http.once("listening", () => resolve());
+    http.once("error", reject);
+  });
+  wss.on("connection", (ws, req) => handleNewClient(ws, req, bgpListener));
+  LOGGER.info(
+    {
+      port,
+      apiPath: WS_PATHNAME,
+      browserRpcPath: BROWSER_RPC_PATHNAME,
+      signerAddress: getAttestorAddress(SelectedServiceSignatureType)
+    },
+    "WS server listening"
+  );
+  const wssClose = wss.close.bind(wss);
+  wss.close = (cb) => {
+    wssClose(() => http.close(cb));
+    bgpListener?.close();
+  };
+  return wss;
+}
+async function handleNewClient(ws, req, bgpListener) {
+  promisifySend(ws);
+  const client = await AttestorServerSocket.acceptConnection(
+    ws,
+    { req, bgpListener, logger: LOGGER }
+  );
+  if (!client) {
+    return;
+  }
+  ws.serverSocket = client;
+  addKeepAlive(ws, LOGGER.child({ sessionId: client.sessionId }));
+}
+function handleUpgrade(request, socket, head) {
+  const { pathname } = new URL(request.url, "wss://base.url");
+  if (pathname === WS_PATHNAME) {
+    this.handleUpgrade(request, socket, head, (ws) => {
+      this.emit("connection", ws, request);
+    });
+    return;
+  }
+  socket.destroy();
+}
+export {
+  createServer
+};

package/lib/server/handlers/claimTeeBundle.d.ts

@@ -0,0 +1,6 @@
+/**
+ * TEE Bundle Claim Handler
+ * Handles ClaimTeeBundleRequest by verifying TEE attestations and reconstructing TLS transcript
+ */
+import type { RPCHandler } from '#src/types/index.ts';
+export declare const claimTeeBundle: RPCHandler<'claimTeeBundle'>;