@reclaimprotocol/attestor-core 5.0.1-beta.2 → 5.0.1-beta.21

package/lib/scripts/generate-receipt.js

@@ -1,101 +0,0 @@
-import "../server/utils/config-env.js";
-import { setCryptoImplementation } from "@reclaimprotocol/tls";
-import { webcryptoCrypto } from "@reclaimprotocol/tls/webcrypto";
-import { readFile } from "fs/promises";
-import {
-  API_SERVER_PORT,
-  createClaimOnAttestor,
-  getAttestorClientFromPool,
-  getTranscriptString,
-  logger,
-  providers,
-  WS_PATHNAME
-} from "../index.js";
-import { getCliArgument } from "../scripts/utils.js";
-import { createServer, decryptTranscript } from "../server/index.js";
-import { assertValidateProviderParams } from "../server/utils/validation.js";
-import { getEnvVariable } from "../utils/env.js";
-setCryptoImplementation(webcryptoCrypto);
-const DEFAULT_ATTESTOR_HOST_PORT = "wss://eu.attestor.reclaimprotocol.org/ws";
-const PRIVATE_KEY_HEX = getEnvVariable("PRIVATE_KEY_HEX") || "0x0123788edad59d7c013cdc85e4372f350f828e2cec62d9a2de4560e69aec7f89";
-let server;
-async function main(receiptParams) {
-  const paramsJson = receiptParams ?? await getInputParameters();
-  if (!(paramsJson.name in providers)) {
-    throw new Error(`Unknown provider "${paramsJson.name}"`);
-  }
-  assertValidateProviderParams(paramsJson.name, paramsJson.params);
-  let attestorHostPort = getCliArgument("attestor") || DEFAULT_ATTESTOR_HOST_PORT;
-  if (attestorHostPort === "local") {
-    console.log("starting local attestor server...");
-    server = await createServer();
-    attestorHostPort = `ws://localhost:${API_SERVER_PORT}${WS_PATHNAME}`;
-  }
-  globalThis.ATTESTOR_BASE_URL = attestorHostPort.replace("ws://", "http://").replace("wss://", "https://");
-  const zkEngine = getCliArgument("zk") === "gnark" ? "gnark" : "stwo";
-  const { request, error, claim } = await createClaimOnAttestor({
-    name: paramsJson.name,
-    secretParams: paramsJson.secretParams,
-    params: paramsJson.params,
-    ownerPrivateKey: PRIVATE_KEY_HEX,
-    client: { url: attestorHostPort },
-    logger,
-    zkEngine
-  });
-  if (error) {
-    console.error("claim creation failed:", error);
-  } else {
-    const ctx = claim?.context ? JSON.parse(claim.context) : {};
-    console.log(`receipt is valid for ${paramsJson.name} provider`);
-    if (ctx.extractedParameters) {
-      console.log("extracted params:", ctx.extractedParameters);
-    }
-  }
-  if (!request) {
-    throw new Error("Missing request in claim");
-  }
-  const decTranscript = await decryptTranscript(
-    request?.transcript,
-    logger,
-    zkEngine,
-    request?.fixedServerIV,
-    request?.fixedClientIV
-  );
-  const transcriptStr = getTranscriptString(decTranscript);
-  console.log("receipt:\n", transcriptStr);
-  console.log("claim:\n", claim);
-  const client = getAttestorClientFromPool(attestorHostPort);
-  await client.terminateConnection();
-}
-async function getInputParameters() {
-  const paramsJsonFile = getCliArgument("json");
-  if (!paramsJsonFile) {
-    const name = getCliArgument("name");
-    const paramsStr = getCliArgument("params");
-    const secretParamsStr = getCliArgument("secretParams");
-    if (!name || !paramsStr || !secretParamsStr) {
-      throw new Error("Either provide --json argument for parameters JSON or provide separately with --name, --params & --secretParams");
-    }
-    return {
-      name,
-      params: JSON.parse(paramsStr),
-      secretParams: JSON.parse(secretParamsStr)
-    };
-  }
-  let fileContents = await readFile(paramsJsonFile, "utf8");
-  for (const variable in process.env) {
-    fileContents = fileContents.replace(
-      `{{${variable}}}`,
-      process.env[variable]
-    );
-  }
-  return JSON.parse(fileContents);
-}
-main().catch((err) => {
-  console.error("error in receipt gen", err);
-}).finally(() => {
-  server?.close();
-});
-export {
-  main
-};

package/lib/scripts/generate-toprf-keys.js

@@ -1,24 +0,0 @@
-import { hexlify } from "ethers";
-import { logger, makeDefaultOPRFOperator } from "../utils/index.js";
-const ENGINE = "gnark";
-const TOTAL_KEYS = 10;
-const THRESHOLD = 1;
-async function main() {
-  const op = makeDefaultOPRFOperator("chacha20", ENGINE, logger);
-  const {
-    publicKey,
-    privateKey,
-    shares
-  } = await op.generateThresholdKeys(TOTAL_KEYS, THRESHOLD);
-  logEnvValue("TOPRF_PUBLIC_KEY", publicKey);
-  logEnvValue("TOPRF_PRIVATE_KEY", privateKey);
-  for (const [i, share] of shares.entries()) {
-    console.log(`# Share ${i}`);
-    logEnvValue("TOPRF_SHARE_PUBLIC_KEY", share.publicKey);
-    logEnvValue("TOPRF_SHARE_PRIVATE_KEY", share.privateKey);
-  }
-}
-function logEnvValue(name, value) {
-  console.log(`${name}=${hexlify(value)}`);
-}
-void main();

package/lib/scripts/jsc-cli-rpc.js

@@ -1,35 +0,0 @@
-import "../external-rpc/jsc-polyfills/index.js";
-import { setCryptoImplementation } from "@reclaimprotocol/tls";
-import { pureJsCrypto } from "@reclaimprotocol/tls/purejs-crypto";
-import { handleIncomingMessage } from "../external-rpc/index.js";
-import { B64_JSON_REVIVER } from "../utils/b64-json.js";
-function readIncomingMsg() {
-  const cmd2 = readline();
-  return JSON.parse(cmd2, B64_JSON_REVIVER);
-}
-setCryptoImplementation(pureJsCrypto);
-print("Input base URL for attestor");
-const initCmd = readIncomingMsg();
-if (initCmd.type !== "init") {
-  throw new Error("Expected init command");
-}
-globalThis.RPC_CHANNEL_NAME = "cli";
-globalThis.ATTESTOR_BASE_URL = initCmd.attestorBaseUrl;
-const channel = {
-  postMessage(message) {
-    print(message);
-  }
-};
-globalThis[RPC_CHANNEL_NAME] = channel;
-print("reading RPC messages...");
-let cmd;
-while (cmd = readIncomingMsg(), cmd.type !== "quit") {
-  if (cmd.type === "init") {
-    continue;
-  }
-  handleIncomingMessage(cmd);
-  await new Promise((resolve) => {
-    setTimeout(resolve, 500);
-  });
-}
-print("done");

package/lib/scripts/register-avs-operator.js

@@ -1,3 +0,0 @@
-import "src/server/utils/config-env";
-import { registerOperator } from "../avs/utils/register.js";
-void registerOperator();

package/lib/scripts/start-server.js

@@ -1,11 +0,0 @@
-import "../server/utils/config-env.js";
-import { setCryptoImplementation } from "@reclaimprotocol/tls";
-import { webcryptoCrypto } from "@reclaimprotocol/tls/webcrypto";
-import { getApm } from "../server/utils/apm.js";
-getApm();
-setCryptoImplementation(webcryptoCrypto);
-async function main() {
-  const { createServer } = await import("../server/index.js");
-  return createServer();
-}
-main();

package/lib/scripts/update-avs-metadata.js

@@ -1,20 +0,0 @@
-import "src/server/utils/config-env";
-import { getContracts } from "../avs/utils/contracts.js";
-import { getCliArgument } from "../scripts/utils.js";
-async function main() {
-  const { contract } = getContracts();
-  const minSignaturesPerTask = getCliArgument("minSignaturesPerTask");
-  if (!minSignaturesPerTask) {
-    throw new Error(
-      "Provide operator address via --minSignaturesPerTask <num>"
-    );
-  }
-  const tx = await contract.updateTaskCreationMetadata({
-    minSignaturesPerTask: +(minSignaturesPerTask || 0),
-    maxTaskCreationDelayS: 0,
-    maxTaskLifetimeS: 0
-  });
-  await tx.wait();
-  console.log("Updated task creation metadata");
-}
-void main();

package/lib/scripts/utils.js

@@ -1,10 +0,0 @@
-function getCliArgument(arg) {
-  const index = process.argv.indexOf(`--${arg}`);
-  if (index === -1) {
-    return void 0;
-  }
-  return process.argv[index + 1];
-}
-export {
-  getCliArgument
-};

package/lib/scripts/whitelist-operator.js

@@ -1,16 +0,0 @@
-import "src/server/utils/config-env";
-import { getContracts } from "../avs/utils/contracts.js";
-import { getCliArgument } from "../scripts/utils.js";
-async function main() {
-  const { contract } = getContracts();
-  const address = getCliArgument("address");
-  if (!address) {
-    throw new Error(
-      "Provide operator address via --address <addr>"
-    );
-  }
-  const tx = await contract.whitelistAddressAsOperator(address, true);
-  await tx.wait();
-  console.log("Whitelisted address:", address);
-}
-void main();

package/lib/server/create-server.js

@@ -1,105 +0,0 @@
-import { createServer as createHttpServer } from "http";
-import serveStatic from "serve-static";
-import { WebSocketServer } from "ws";
-import { API_SERVER_PORT, ATTESTOR_ADDRESS_PATHNAME, BROWSER_RPC_PATHNAME, WS_PATHNAME } from "../config/index.js";
-import { AttestorServerSocket } from "../server/socket.js";
-import { getAttestorAddress } from "../server/utils/generics.js";
-import { addKeepAlive } from "../server/utils/keep-alive.js";
-import { createBgpListener } from "../utils/bgp-listener.js";
-import { getEnvVariable } from "../utils/env.js";
-import { logger as LOGGER } from "../utils/index.js";
-import { SelectedServiceSignatureType } from "../utils/signatures/index.js";
-import { promisifySend } from "../utils/ws.js";
-const PORT = +(getEnvVariable("PORT") || API_SERVER_PORT);
-const DISABLE_BGP_CHECKS = getEnvVariable("DISABLE_BGP_CHECKS") === "1";
-const ATTESTOR_ADDRESS_JSON_RES = JSON.stringify({
-  address: getAttestorAddress(SelectedServiceSignatureType),
-  signatureType: SelectedServiceSignatureType
-});
-async function createServer(port = PORT) {
-  const http = createHttpServer();
-  const serveBrowserRpc = serveStatic(
-    "browser",
-    {
-      index: ["index.html"],
-      setHeaders(res) {
-        res.setHeader("Access-Control-Allow-Origin", "*");
-      }
-    }
-  );
-  const bgpListener = !DISABLE_BGP_CHECKS ? createBgpListener(LOGGER.child({ service: "bgp-listener" })) : void 0;
-  const wss = new WebSocketServer({ noServer: true });
-  http.on("upgrade", handleUpgrade.bind(wss));
-  http.on("request", (req, res) => {
-    const url = URL.parse(req.url || "", "http://localhost");
-    if (!url) {
-      res.statusCode = 422;
-      res.end("Invalid URL");
-      return;
-    }
-    if (url.pathname === ATTESTOR_ADDRESS_PATHNAME) {
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(ATTESTOR_ADDRESS_JSON_RES);
-      return;
-    }
-    if (!url.pathname?.startsWith(BROWSER_RPC_PATHNAME)) {
-      res.statusCode = 404;
-      res.end("Not found");
-      return;
-    }
-    req.url = req.url.slice(BROWSER_RPC_PATHNAME.length) || "/";
-    serveBrowserRpc(req, res, (err) => {
-      if (err) {
-        LOGGER.error({ err, url: req.url }, "Failed to serve file");
-      }
-      res.statusCode = err?.statusCode ?? 404;
-      res.end(err?.message ?? "Not found");
-    });
-  });
-  http.listen(port);
-  await new Promise((resolve, reject) => {
-    http.once("listening", () => resolve());
-    http.once("error", reject);
-  });
-  wss.on("connection", (ws, req) => handleNewClient(ws, req, bgpListener));
-  LOGGER.info(
-    {
-      port,
-      apiPath: WS_PATHNAME,
-      browserRpcPath: BROWSER_RPC_PATHNAME,
-      signerAddress: getAttestorAddress(SelectedServiceSignatureType)
-    },
-    "WS server listening"
-  );
-  const wssClose = wss.close.bind(wss);
-  wss.close = (cb) => {
-    wssClose(() => http.close(cb));
-    bgpListener?.close();
-  };
-  return wss;
-}
-async function handleNewClient(ws, req, bgpListener) {
-  promisifySend(ws);
-  const client = await AttestorServerSocket.acceptConnection(
-    ws,
-    { req, bgpListener, logger: LOGGER }
-  );
-  if (!client) {
-    return;
-  }
-  ws.serverSocket = client;
-  addKeepAlive(ws, LOGGER.child({ sessionId: client.sessionId }));
-}
-function handleUpgrade(request, socket, head) {
-  const { pathname } = new URL(request.url, "wss://base.url");
-  if (pathname === WS_PATHNAME) {
-    this.handleUpgrade(request, socket, head, (ws) => {
-      this.emit("connection", ws, request);
-    });
-    return;
-  }
-  socket.destroy();
-}
-export {
-  createServer
-};

package/lib/server/handlers/claimTeeBundle.js

@@ -1,232 +0,0 @@
-import { ClaimTeeBundleResponse } from "../../proto/api.js";
-import { VerificationBundle } from "../../proto/tee-bundle.js";
-import { substituteParamValues } from "../../providers/http/index.js";
-import { assertValidProviderTranscript } from "../../server/utils/assert-valid-claim-request.js";
-import { getAttestorAddress, niceParseJsonObject, signAsAttestor } from "../../server/utils/generics.js";
-import { verifyOprfMpcOutputs } from "../../server/utils/tee-oprf-mpc-verification.js";
-import { verifyOprfProofs } from "../../server/utils/tee-oprf-verification.js";
-import { reconstructTlsTranscript } from "../../server/utils/tee-transcript-reconstruction.js";
-import { verifyTeeBundle } from "../../server/utils/tee-verification.js";
-import { AttestorError } from "../../utils/error.js";
-import { createSignDataForClaim, getIdentifierFromClaimInfo } from "../../utils/index.js";
-const claimTeeBundle = async (teeBundleRequest, { logger, client }) => {
-  const {
-    verificationBundle,
-    data
-  } = teeBundleRequest;
-  const res = ClaimTeeBundleResponse.create({ request: teeBundleRequest });
-  logger.info("Starting TEE bundle verification");
-  const teeData = await verifyTeeBundle(verificationBundle, logger);
-  const timestampS = Math.floor(teeData.kOutputPayload.timestampMs / 1e3);
-  logger.info("Verifying OPRF proofs");
-  const bundle = VerificationBundle.decode(verificationBundle);
-  const zkOprfResults = await verifyOprfProofs(
-    { ...teeData, oprfVerifications: bundle.oprfVerifications },
-    logger
-  );
-  logger.info("Verifying OPRF MPC outputs");
-  const oprfMpcResults = verifyOprfMpcOutputs(
-    teeData.kOutputPayload,
-    teeData.tOutputPayload,
-    logger
-  );
-  const allOprfResults = validateAndCombineOprfResults(zkOprfResults, oprfMpcResults, logger);
-  logger.info("Starting TLS transcript reconstruction with OPRF replacements");
-  const transcriptData = await reconstructTlsTranscript(teeData, logger, allOprfResults);
-  logger.info("Creating plaintext transcript from TEE data");
-  const plaintextTranscript = createPlaintextTranscriptFromTeeData(transcriptData, logger);
-  logger.info("Running direct provider validation on TEE reconstructed data");
-  if (!data) {
-    throw new AttestorError("ERROR_INVALID_CLAIM", "No claim data provided in TEE bundle request");
-  }
-  const validatedClaim = await validateTeeProviderReceipt(
-    plaintextTranscript,
-    data,
-    logger,
-    { version: client.metadata.clientVersion },
-    transcriptData.certificateInfo
-  );
-  const ctx = niceParseJsonObject(validatedClaim.context, "context");
-  ctx.pcr0_k = teeData.teekPcr0;
-  ctx.pcr0_t = teeData.teetPcr0;
-  ctx.tee_session_id = teeData.teeSessionId;
-  validatedClaim.context = JSON.stringify(ctx);
-  res.claim = {
-    ...validatedClaim,
-    identifier: getIdentifierFromClaimInfo(validatedClaim),
-    // Use timestampS from TEE_K bundle for claim signing
-    timestampS,
-    // hardcode for compatibility with V1 claims
-    epoch: 1
-  };
-  logger.info({ claim: res.claim }, "TEE bundle claim validation successful");
-  res.signatures = {
-    attestorAddress: getAttestorAddress(
-      client.metadata.signatureType
-    ),
-    claimSignature: res.claim ? await signAsAttestor(
-      createSignDataForClaim(res.claim),
-      client.metadata.signatureType
-    ) : new Uint8Array(),
-    resultSignature: await signAsAttestor(
-      ClaimTeeBundleResponse.encode(res).finish(),
-      client.metadata.signatureType
-    )
-  };
-  logger.info("TEE bundle claim processing completed");
-  return res;
-};
-function createPlaintextTranscriptFromTeeData(transcriptData, logger) {
-  const transcript = [];
-  if (transcriptData.revealedRequest && transcriptData.revealedRequest.length > 0) {
-    transcript.push({
-      sender: "client",
-      message: transcriptData.revealedRequest
-    });
-    logger.debug("Added TEE revealed request to plaintext transcript", {
-      length: transcriptData.revealedRequest.length
-    });
-  }
-  if (transcriptData.reconstructedResponse && transcriptData.reconstructedResponse.length > 0) {
-    transcript.push({
-      sender: "server",
-      message: transcriptData.reconstructedResponse
-    });
-    logger.debug("Added TEE consolidated response to plaintext transcript", {
-      length: transcriptData.reconstructedResponse.length
-    });
-  }
-  if (transcriptData.certificateInfo) {
-    logger.info("Certificate information available for validation", {
-      commonName: transcriptData.certificateInfo.commonName,
-      issuerCommonName: transcriptData.certificateInfo.issuerCommonName,
-      dnsNames: transcriptData.certificateInfo.dnsNames,
-      notBefore: new Date(transcriptData.certificateInfo.notBeforeUnix * 1e3).toISOString(),
-      notAfter: new Date(transcriptData.certificateInfo.notAfterUnix * 1e3).toISOString()
-    });
-  }
-  logger.info("Created plaintext transcript from TEE data", {
-    totalMessages: transcript.length,
-    hasRequest: !!transcriptData.revealedRequest?.length,
-    hasResponse: !!transcriptData.reconstructedResponse?.length,
-    hasCertificateInfo: !!transcriptData.certificateInfo
-  });
-  return transcript;
-}
-async function validateTeeProviderReceipt(plaintextTranscript, claimInfo, logger, providerCtx, certificateInfo) {
-  logger.info("Starting direct TEE provider validation", {
-    provider: claimInfo.provider,
-    transcriptMessages: plaintextTranscript.length,
-    hasCertificateInfo: !!certificateInfo
-  });
-  if (certificateInfo) {
-    validateTlsCertificate(claimInfo, certificateInfo, logger);
-  }
-  const validatedClaim = await assertValidProviderTranscript(
-    plaintextTranscript,
-    claimInfo,
-    logger,
-    providerCtx
-  );
-  logger.info("TEE provider validation completed successfully", {
-    provider: validatedClaim.provider,
-    owner: validatedClaim.owner || "unknown"
-  });
-  return validatedClaim;
-}
-function isHostnameValidForCertificate(hostname, certName) {
-  if (hostname === certName) {
-    return true;
-  }
-  if (certName.startsWith("*.")) {
-    const wildcardDomain = certName.slice(2);
-    if (hostname.endsWith(wildcardDomain)) {
-      const subdomainPart = hostname.slice(0, -wildcardDomain.length);
-      if (subdomainPart.endsWith(".")) {
-        const subdomain = subdomainPart.slice(0, -1);
-        return !subdomain.includes(".");
-      }
-    }
-  }
-  return false;
-}
-function validateTlsCertificate(claimInfo, certificateInfo, logger) {
-  let claimedHostname;
-  const paramsWithTemplates = niceParseJsonObject(claimInfo.parameters, "params");
-  const params = substituteParamValues(paramsWithTemplates, void 0, true).newParams;
-  if ("url" in params && typeof params.url === "string") {
-    claimedHostname = new URL(params.url).hostname;
-  }
-  if (!claimedHostname) {
-    logger.warn("Could not extract hostname from claim for certificate validation", {
-      provider: claimInfo.provider
-    });
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      "Certificate validation failed: hostname not found"
-    );
-  }
-  logger.info("Validating TLS certificate for claimed hostname", {
-    claimedHostname,
-    certificateCommonName: certificateInfo.commonName,
-    certificateDnsNames: certificateInfo.dnsNames
-  });
-  const isValidForHostname = isHostnameValidForCertificate(claimedHostname, certificateInfo.commonName) || certificateInfo.dnsNames.some((name) => isHostnameValidForCertificate(claimedHostname, name));
-  if (!isValidForHostname) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      `Certificate validation failed: hostname '${claimedHostname}' not valid for certificate (CN: ${certificateInfo.commonName}, SANs: ${certificateInfo.dnsNames.join(", ")})`
-    );
-  }
-  const now = Date.now() / 1e3;
-  if (now < certificateInfo.notBeforeUnix || now > certificateInfo.notAfterUnix) {
-    throw new AttestorError(
-      "ERROR_INVALID_CLAIM",
-      `Certificate validation failed: certificate not valid at current time (valid from ${new Date(certificateInfo.notBeforeUnix * 1e3).toISOString()} to ${new Date(certificateInfo.notAfterUnix * 1e3).toISOString()})`
-    );
-  }
-  logger.info("TLS certificate validation passed", {
-    claimedHostname,
-    validatedAgainst: isHostnameValidForCertificate(claimedHostname, certificateInfo.commonName) ? `CommonName: ${certificateInfo.commonName}` : `SAN: ${certificateInfo.dnsNames.find((name) => isHostnameValidForCertificate(claimedHostname, name))}`
-  });
-}
-function validateAndCombineOprfResults(zkOprfResults, oprfMpcResults, logger) {
-  const allOprfResults = [...zkOprfResults, ...oprfMpcResults];
-  if (allOprfResults.length === 0) {
-    return allOprfResults;
-  }
-  logger.info(`Combined ${zkOprfResults.length} ZK OPRF + ${oprfMpcResults.length} OPRF MPC results`);
-  const seen = {};
-  for (const result of zkOprfResults) {
-    seen[result.position] = { length: result.length, source: "zk" };
-  }
-  for (const result of oprfMpcResults) {
-    const existing = seen[result.position];
-    if (existing) {
-      if (existing.length !== result.length) {
-        throw new AttestorError(
-          "ERROR_INVALID_CLAIM",
-          `OPRF range conflict at position ${result.position}: ZK length ${existing.length} vs MPC length ${result.length}`
-        );
-      }
-      logger.warn(`Duplicate OPRF range at position ${result.position} from both ZK and MPC - using MPC result`);
-    }
-    for (const [pos, data] of Object.entries(seen)) {
-      const position = Number(pos);
-      const existingEnd = position + data.length;
-      const newEnd = result.position + result.length;
-      const overlaps = result.position < existingEnd && newEnd > position && result.position !== position;
-      if (overlaps) {
-        throw new AttestorError(
-          "ERROR_INVALID_CLAIM",
-          `Overlapping OPRF ranges: [${position}:${existingEnd}] (${data.source}) and [${result.position}:${newEnd}] (mpc)`
-        );
-      }
-    }
-    seen[result.position] = { length: result.length, source: "mpc" };
-  }
-  return allOprfResults;
-}
-export {
-  claimTeeBundle
-};

package/lib/server/handlers/claimTunnel.js

@@ -1,80 +0,0 @@
-import { MAX_CLAIM_TIMESTAMP_DIFF_S } from "../../config/index.js";
-import { ClaimTunnelResponse } from "../../proto/api.js";
-import { getApm } from "../../server/utils/apm.js";
-import { assertTranscriptsMatch, assertValidClaimRequest } from "../../server/utils/assert-valid-claim-request.js";
-import { getAttestorAddress, signAsAttestor } from "../../server/utils/generics.js";
-import { AttestorError, createSignDataForClaim, getIdentifierFromClaimInfo, unixTimestampSeconds } from "../../utils/index.js";
-const claimTunnel = async (claimRequest, { tx, logger, client }) => {
-  const {
-    request,
-    data: { timestampS } = {}
-  } = claimRequest;
-  const tunnel = client.getTunnel(request?.id);
-  try {
-    await tunnel.close();
-  } catch (err) {
-    logger.debug({ err }, "error closing tunnel");
-  }
-  if (tx) {
-    const transcriptBytes = tunnel.transcript.reduce(
-      (acc, { message }) => acc + message.length,
-      0
-    );
-    tx?.setLabel("transcriptBytes", transcriptBytes.toString());
-  }
-  if (tunnel.createRequest?.host !== request?.host || tunnel.createRequest?.port !== request?.port || tunnel.createRequest?.geoLocation !== request?.geoLocation || tunnel.createRequest?.proxySessionId !== request?.proxySessionId) {
-    throw AttestorError.badRequest("Tunnel request does not match");
-  }
-  assertTranscriptsMatch(claimRequest.transcript, tunnel.transcript);
-  const res = ClaimTunnelResponse.create({ request: claimRequest });
-  try {
-    const now = unixTimestampSeconds();
-    if (Math.floor(timestampS - now) > MAX_CLAIM_TIMESTAMP_DIFF_S) {
-      throw new AttestorError(
-        "ERROR_INVALID_CLAIM",
-        `Timestamp provided ${timestampS} is too far off. Current time is ${now}`
-      );
-    }
-    const assertTx = getApm()?.startTransaction("assertValidClaimRequest", { childOf: tx });
-    try {
-      const claim = await assertValidClaimRequest(
-        claimRequest,
-        client.metadata,
-        logger
-      );
-      res.claim = {
-        ...claim,
-        identifier: getIdentifierFromClaimInfo(claim),
-        // hardcode for compatibility with V1 claims
-        epoch: 1
-      };
-    } catch (err) {
-      assertTx?.setOutcome("failure");
-      throw err;
-    } finally {
-      assertTx?.end();
-    }
-  } catch (err) {
-    logger.error({ err }, "invalid claim request");
-    const attestorErr = AttestorError.fromError(err, "ERROR_INVALID_CLAIM");
-    res.error = attestorErr.toProto();
-  }
-  res.signatures = {
-    attestorAddress: getAttestorAddress(
-      client.metadata.signatureType
-    ),
-    claimSignature: res.claim ? await signAsAttestor(
-      createSignDataForClaim(res.claim),
-      client.metadata.signatureType
-    ) : new Uint8Array(),
-    resultSignature: await signAsAttestor(
-      ClaimTunnelResponse.encode(res).finish(),
-      client.metadata.signatureType
-    )
-  };
-  client.removeTunnel(request.id);
-  return res;
-};
-export {
-  claimTunnel
-};

package/lib/server/handlers/completeClaimOnChain.js

@@ -1,29 +0,0 @@
-import { EventLog } from "ethers";
-import { getContracts } from "../../avs/utils/contracts.js";
-import { getEnvVariable } from "../../utils/env.js";
-import { AttestorError, ethersStructToPlainObject } from "../../utils/index.js";
-const ACCEPT_CLAIM_PAYMENT_REQUESTS = getEnvVariable("ACCEPT_CLAIM_PAYMENT_REQUESTS") === "1";
-const completeClaimOnChain = async ({ chainId: chainIdNum, taskIndex, completedTaskJson }) => {
-  if (!ACCEPT_CLAIM_PAYMENT_REQUESTS) {
-    throw new AttestorError(
-      "ERROR_PAYMENT_REFUSED",
-      "Payment requests are not accepted at this time"
-    );
-  }
-  const chainId = chainIdNum.toString();
-  const { contract } = getContracts(chainId.toString());
-  const task = JSON.parse(completedTaskJson);
-  const tx = await contract.taskCompleted(task, taskIndex);
-  const rslt = await tx.wait();
-  const logs = rslt?.logs ?? [];
-  const eventLogs = logs.filter((log) => log instanceof EventLog);
-  const obj = eventLogs[0]?.args;
-  const plainObj = ethersStructToPlainObject(obj);
-  return {
-    txHash: rslt?.hash ?? "",
-    taskCompletedObjectJson: JSON.stringify(plainObj)
-  };
-};
-export {
-  completeClaimOnChain
-};