npm - @reclaimprotocol/attestor-core - Versions diffs - 5.0.1-beta.7 → 5.0.1 - Mend

@reclaimprotocol/attestor-core 5.0.1-beta.7 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (307) hide show

package/browser/resources/attestor-browser.min.mjs +4512 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +1 -1
package/lib/external-rpc/index.js +10399 -3
package/lib/index.js +8323 -10
package/lib/server/utils/proxy-session.d.ts +1 -1
package/lib/types/general.d.ts +0 -1
package/lib/utils/generics.d.ts +1 -6
package/lib/utils/index.d.ts +0 -1
package/package.json +8 -7
package/lib/avs/abis/avsDirectoryABI.js +0 -343
package/lib/avs/abis/delegationABI.js +0 -4
package/lib/avs/abis/registryABI.js +0 -728
package/lib/avs/client/create-claim-on-avs.js +0 -168
package/lib/avs/config.js +0 -26
package/lib/avs/contracts/ReclaimServiceManager.js +0 -0
package/lib/avs/contracts/common.js +0 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.js +0 -1183
package/lib/avs/contracts/factories/index.js +0 -4
package/lib/avs/contracts/index.js +0 -6
package/lib/avs/types/index.js +0 -0
package/lib/avs/utils/contracts.js +0 -53
package/lib/avs/utils/register.js +0 -74
package/lib/avs/utils/tasks.js +0 -48
package/lib/browser/avs/abis/avsDirectoryABI.d.ts +0 -60
package/lib/browser/avs/abis/avsDirectoryABI.js +0 -343
package/lib/browser/avs/abis/delegationABI.d.ts +0 -126
package/lib/browser/avs/abis/delegationABI.js +0 -4
package/lib/browser/avs/abis/registryABI.d.ts +0 -136
package/lib/browser/avs/abis/registryABI.js +0 -728
package/lib/browser/avs/client/create-claim-on-avs.d.ts +0 -12
package/lib/browser/avs/client/create-claim-on-avs.js +0 -168
package/lib/browser/avs/config.d.ts +0 -7
package/lib/browser/avs/config.js +0 -26
package/lib/browser/avs/contracts/ReclaimServiceManager.d.ts +0 -601
package/lib/browser/avs/contracts/ReclaimServiceManager.js +0 -0
package/lib/browser/avs/contracts/common.d.ts +0 -50
package/lib/browser/avs/contracts/common.js +0 -0
package/lib/browser/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +0 -890
package/lib/browser/avs/contracts/factories/ReclaimServiceManager__factory.js +0 -1183
package/lib/browser/avs/contracts/factories/index.d.ts +0 -1
package/lib/browser/avs/contracts/factories/index.js +0 -4
package/lib/browser/avs/contracts/index.d.ts +0 -3
package/lib/browser/avs/contracts/index.js +0 -6
package/lib/browser/avs/types/index.d.ts +0 -55
package/lib/browser/avs/types/index.js +0 -0
package/lib/browser/avs/utils/contracts.d.ts +0 -21
package/lib/browser/avs/utils/contracts.js +0 -53
package/lib/browser/avs/utils/register.d.ts +0 -27
package/lib/browser/avs/utils/register.js +0 -74
package/lib/browser/avs/utils/tasks.d.ts +0 -22
package/lib/browser/avs/utils/tasks.js +0 -48
package/lib/browser/client/create-claim.d.ts +0 -5
package/lib/browser/client/create-claim.js +0 -461
package/lib/browser/client/index.d.ts +0 -3
package/lib/browser/client/index.js +0 -3
package/lib/browser/client/tunnels/make-rpc-tcp-tunnel.d.ts +0 -16
package/lib/browser/client/tunnels/make-rpc-tcp-tunnel.js +0 -53
package/lib/browser/client/tunnels/make-rpc-tls-tunnel.d.ts +0 -26
package/lib/browser/client/tunnels/make-rpc-tls-tunnel.js +0 -127
package/lib/browser/client/utils/attestor-pool.d.ts +0 -8
package/lib/browser/client/utils/attestor-pool.js +0 -24
package/lib/browser/client/utils/client-socket.d.ts +0 -11
package/lib/browser/client/utils/client-socket.js +0 -120
package/lib/browser/client/utils/message-handler.d.ts +0 -4
package/lib/browser/client/utils/message-handler.js +0 -97
package/lib/browser/config/index.d.ts +0 -31
package/lib/browser/config/index.js +0 -62
package/lib/browser/external-rpc/benchmark.d.ts +0 -1
package/lib/browser/external-rpc/benchmark.js +0 -82
package/lib/browser/external-rpc/event-bus.d.ts +0 -7
package/lib/browser/external-rpc/event-bus.js +0 -17
package/lib/browser/external-rpc/global.d.js +0 -0
package/lib/browser/external-rpc/handle-incoming-msg.d.ts +0 -2
package/lib/browser/external-rpc/handle-incoming-msg.js +0 -241
package/lib/browser/external-rpc/index.d.ts +0 -3
package/lib/browser/external-rpc/index.js +0 -3
package/lib/browser/external-rpc/jsc-polyfills/1.d.ts +0 -14
package/lib/browser/external-rpc/jsc-polyfills/1.js +0 -80
package/lib/browser/external-rpc/jsc-polyfills/2.d.ts +0 -1
package/lib/browser/external-rpc/jsc-polyfills/2.js +0 -15
package/lib/browser/external-rpc/jsc-polyfills/event.d.ts +0 -10
package/lib/browser/external-rpc/jsc-polyfills/event.js +0 -19
package/lib/browser/external-rpc/jsc-polyfills/index.d.ts +0 -2
package/lib/browser/external-rpc/jsc-polyfills/index.js +0 -2
package/lib/browser/external-rpc/jsc-polyfills/ws.d.ts +0 -21
package/lib/browser/external-rpc/jsc-polyfills/ws.js +0 -83
package/lib/browser/external-rpc/setup-browser.d.ts +0 -6
package/lib/browser/external-rpc/setup-browser.js +0 -33
package/lib/browser/external-rpc/setup-jsc.d.ts +0 -24
package/lib/browser/external-rpc/setup-jsc.js +0 -22
package/lib/browser/external-rpc/types.d.ts +0 -213
package/lib/browser/external-rpc/types.js +0 -0
package/lib/browser/external-rpc/utils.d.ts +0 -20
package/lib/browser/external-rpc/utils.js +0 -100
package/lib/browser/external-rpc/zk.d.ts +0 -14
package/lib/browser/external-rpc/zk.js +0 -58
package/lib/browser/index.browser.js +0 -13
package/lib/browser/index.d.ts +0 -9
package/lib/browser/index.js +0 -13
package/lib/browser/mechain/abis/governanceABI.d.ts +0 -50
package/lib/browser/mechain/abis/governanceABI.js +0 -461
package/lib/browser/mechain/abis/taskABI.d.ts +0 -157
package/lib/browser/mechain/abis/taskABI.js +0 -512
package/lib/browser/mechain/client/create-claim-on-mechain.d.ts +0 -10
package/lib/browser/mechain/client/create-claim-on-mechain.js +0 -33
package/lib/browser/mechain/client/index.d.ts +0 -1
package/lib/browser/mechain/client/index.js +0 -1
package/lib/browser/mechain/constants/index.d.ts +0 -3
package/lib/browser/mechain/constants/index.js +0 -8
package/lib/browser/mechain/index.d.ts +0 -2
package/lib/browser/mechain/index.js +0 -2
package/lib/browser/mechain/types/index.d.ts +0 -23
package/lib/browser/mechain/types/index.js +0 -0
package/lib/browser/proto/api.d.ts +0 -651
package/lib/browser/proto/api.js +0 -4250
package/lib/browser/proto/tee-bundle.d.ts +0 -156
package/lib/browser/proto/tee-bundle.js +0 -1296
package/lib/browser/providers/http/index.d.ts +0 -18
package/lib/browser/providers/http/index.js +0 -640
package/lib/browser/providers/http/patch-parse5-tree.d.ts +0 -6
package/lib/browser/providers/http/patch-parse5-tree.js +0 -34
package/lib/browser/providers/http/utils.d.ts +0 -77
package/lib/browser/providers/http/utils.js +0 -283
package/lib/browser/providers/index.d.ts +0 -4
package/lib/browser/providers/index.js +0 -7
package/lib/browser/types/bgp.d.ts +0 -11
package/lib/browser/types/bgp.js +0 -0
package/lib/browser/types/claims.d.ts +0 -70
package/lib/browser/types/claims.js +0 -0
package/lib/browser/types/client.d.ts +0 -163
package/lib/browser/types/client.js +0 -0
package/lib/browser/types/general.d.ts +0 -77
package/lib/browser/types/general.js +0 -0
package/lib/browser/types/handlers.d.ts +0 -10
package/lib/browser/types/handlers.js +0 -0
package/lib/browser/types/index.d.ts +0 -10
package/lib/browser/types/index.js +0 -10
package/lib/browser/types/providers.d.ts +0 -161
package/lib/browser/types/providers.gen.d.ts +0 -443
package/lib/browser/types/providers.gen.js +0 -16
package/lib/browser/types/providers.js +0 -0
package/lib/browser/types/rpc.d.ts +0 -35
package/lib/browser/types/rpc.js +0 -0
package/lib/browser/types/signatures.d.ts +0 -28
package/lib/browser/types/signatures.js +0 -0
package/lib/browser/types/tunnel.d.ts +0 -18
package/lib/browser/types/tunnel.js +0 -0
package/lib/browser/types/zk.d.ts +0 -38
package/lib/browser/types/zk.js +0 -0
package/lib/browser/utils/auth.d.ts +0 -8
package/lib/browser/utils/auth.js +0 -71
package/lib/browser/utils/b64-json.d.ts +0 -2
package/lib/browser/utils/b64-json.js +0 -17
package/lib/browser/utils/claims.d.ts +0 -33
package/lib/browser/utils/claims.js +0 -89
package/lib/browser/utils/env.d.ts +0 -3
package/lib/browser/utils/env.js +0 -19
package/lib/browser/utils/error.d.ts +0 -26
package/lib/browser/utils/error.js +0 -54
package/lib/browser/utils/generics.d.ts +0 -119
package/lib/browser/utils/generics.js +0 -272
package/lib/browser/utils/http-parser.d.ts +0 -59
package/lib/browser/utils/http-parser.js +0 -201
package/lib/browser/utils/index.browser.js +0 -13
package/lib/browser/utils/index.d.ts +0 -13
package/lib/browser/utils/index.js +0 -13
package/lib/browser/utils/logger.browser.js +0 -88
package/lib/browser/utils/logger.d.ts +0 -14
package/lib/browser/utils/logger.js +0 -88
package/lib/browser/utils/prepare-packets.d.ts +0 -16
package/lib/browser/utils/prepare-packets.js +0 -69
package/lib/browser/utils/redactions.d.ts +0 -73
package/lib/browser/utils/redactions.js +0 -135
package/lib/browser/utils/retries.d.ts +0 -12
package/lib/browser/utils/retries.js +0 -26
package/lib/browser/utils/signatures/eth.d.ts +0 -2
package/lib/browser/utils/signatures/eth.js +0 -31
package/lib/browser/utils/signatures/index.d.ts +0 -5
package/lib/browser/utils/signatures/index.js +0 -12
package/lib/browser/utils/socket-base.d.ts +0 -23
package/lib/browser/utils/socket-base.js +0 -96
package/lib/browser/utils/tls-imports.d.ts +0 -1
package/lib/browser/utils/tls-imports.js +0 -34
package/lib/browser/utils/tls.d.ts +0 -2
package/lib/browser/utils/tls.js +0 -58
package/lib/browser/utils/ws.d.ts +0 -7
package/lib/browser/utils/ws.js +0 -22
package/lib/browser/utils/zk.d.ts +0 -71
package/lib/browser/utils/zk.js +0 -625
package/lib/client/create-claim.js +0 -461
package/lib/client/index.js +0 -3
package/lib/client/tunnels/make-rpc-tcp-tunnel.js +0 -53
package/lib/client/tunnels/make-rpc-tls-tunnel.js +0 -127
package/lib/client/utils/attestor-pool.js +0 -24
package/lib/client/utils/client-socket.js +0 -120
package/lib/client/utils/message-handler.js +0 -97
package/lib/config/index.js +0 -62
package/lib/external-rpc/benchmark.js +0 -82
package/lib/external-rpc/event-bus.js +0 -17
package/lib/external-rpc/global.d.js +0 -0
package/lib/external-rpc/handle-incoming-msg.js +0 -241
package/lib/external-rpc/jsc-polyfills/1.js +0 -80
package/lib/external-rpc/jsc-polyfills/2.js +0 -15
package/lib/external-rpc/jsc-polyfills/event.js +0 -19
package/lib/external-rpc/jsc-polyfills/index.js +0 -2
package/lib/external-rpc/jsc-polyfills/ws.js +0 -83
package/lib/external-rpc/setup-browser.js +0 -33
package/lib/external-rpc/setup-jsc.js +0 -22
package/lib/external-rpc/types.js +0 -0
package/lib/external-rpc/utils.js +0 -100
package/lib/external-rpc/zk.js +0 -58
package/lib/index.browser.d.ts +0 -9
package/lib/mechain/abis/governanceABI.js +0 -461
package/lib/mechain/abis/taskABI.js +0 -512
package/lib/mechain/client/create-claim-on-mechain.js +0 -33
package/lib/mechain/client/index.js +0 -1
package/lib/mechain/constants/index.js +0 -8
package/lib/mechain/index.js +0 -2
package/lib/mechain/types/index.js +0 -0
package/lib/proto/api.js +0 -4250
package/lib/proto/tee-bundle.js +0 -1296
package/lib/providers/http/index.js +0 -640
package/lib/providers/http/patch-parse5-tree.js +0 -34
package/lib/providers/http/utils.js +0 -283
package/lib/providers/index.js +0 -7
package/lib/scripts/check-avs-registration.js +0 -28
package/lib/scripts/fallbacks/crypto.js +0 -4
package/lib/scripts/fallbacks/empty.js +0 -4
package/lib/scripts/fallbacks/re2.js +0 -7
package/lib/scripts/fallbacks/snarkjs.js +0 -10
package/lib/scripts/fallbacks/stwo.js +0 -159
package/lib/scripts/generate-provider-types.js +0 -101
package/lib/scripts/generate-receipt.js +0 -101
package/lib/scripts/generate-toprf-keys.js +0 -24
package/lib/scripts/jsc-cli-rpc.js +0 -35
package/lib/scripts/register-avs-operator.js +0 -3
package/lib/scripts/start-server.js +0 -11
package/lib/scripts/update-avs-metadata.js +0 -20
package/lib/scripts/utils.js +0 -10
package/lib/scripts/whitelist-operator.js +0 -16
package/lib/server/create-server.js +0 -105
package/lib/server/handlers/claimTeeBundle.js +0 -232
package/lib/server/handlers/claimTunnel.js +0 -80
package/lib/server/handlers/completeClaimOnChain.js +0 -29
package/lib/server/handlers/createClaimOnChain.js +0 -32
package/lib/server/handlers/createTaskOnMechain.js +0 -57
package/lib/server/handlers/createTunnel.js +0 -98
package/lib/server/handlers/disconnectTunnel.js +0 -8
package/lib/server/handlers/fetchCertificateBytes.js +0 -57
package/lib/server/handlers/index.js +0 -25
package/lib/server/handlers/init.js +0 -33
package/lib/server/handlers/toprf.js +0 -19
package/lib/server/index.js +0 -4
package/lib/server/socket.js +0 -112
package/lib/server/tunnels/make-tcp-tunnel.js +0 -202
package/lib/server/utils/apm.js +0 -29
package/lib/server/utils/assert-valid-claim-request.js +0 -354
package/lib/server/utils/config-env.js +0 -4
package/lib/server/utils/dns.js +0 -24
package/lib/server/utils/gcp-attestation.js +0 -237
package/lib/server/utils/generics.js +0 -45
package/lib/server/utils/iso.js +0 -259
package/lib/server/utils/keep-alive.js +0 -38
package/lib/server/utils/nitro-attestation.js +0 -249
package/lib/server/utils/oprf-raw.js +0 -61
package/lib/server/utils/process-handshake.js +0 -233
package/lib/server/utils/proxy-session.js +0 -4
package/lib/server/utils/tee-oprf-mpc-verification.js +0 -86
package/lib/server/utils/tee-oprf-verification.js +0 -151
package/lib/server/utils/tee-transcript-reconstruction.js +0 -140
package/lib/server/utils/tee-verification.js +0 -358
package/lib/server/utils/validation.js +0 -45
package/lib/types/bgp.js +0 -0
package/lib/types/claims.js +0 -0
package/lib/types/client.js +0 -0
package/lib/types/general.js +0 -0
package/lib/types/handlers.js +0 -0
package/lib/types/index.js +0 -10
package/lib/types/providers.gen.js +0 -16
package/lib/types/providers.js +0 -0
package/lib/types/rpc.js +0 -0
package/lib/types/signatures.js +0 -0
package/lib/types/tunnel.js +0 -0
package/lib/types/zk.js +0 -0
package/lib/utils/auth.js +0 -71
package/lib/utils/b64-json.js +0 -17
package/lib/utils/bgp-listener.js +0 -123
package/lib/utils/claims.js +0 -89
package/lib/utils/env.js +0 -19
package/lib/utils/error.js +0 -54
package/lib/utils/generics.js +0 -272
package/lib/utils/http-parser.js +0 -201
package/lib/utils/index.browser.d.ts +0 -13
package/lib/utils/index.js +0 -14
package/lib/utils/logger.browser.d.ts +0 -14
package/lib/utils/logger.js +0 -82
package/lib/utils/prepare-packets.js +0 -69
package/lib/utils/redactions.js +0 -135
package/lib/utils/retries.js +0 -26
package/lib/utils/signatures/eth.js +0 -31
package/lib/utils/signatures/index.js +0 -12
package/lib/utils/socket-base.js +0 -96
package/lib/utils/tls-imports.d.ts +0 -1
package/lib/utils/tls-imports.js +0 -34
package/lib/utils/tls.js +0 -58
package/lib/utils/ws.js +0 -22
package/lib/utils/zk.js +0 -625

package/lib/utils/zk.js DELETED Viewed

@@ -1,625 +0,0 @@
-import { concatenateUint8Arrays, crypto, generateIV } from "../utils/tls-imports.js";
-import {
-  ceilToBlockSizeMultiple,
-  CONFIG as ZK_CONFIG,
-  generateProof,
-  getBlockSizeBytes,
-  makeLocalFileFetch,
-  makeRemoteFileFetch,
-  verifyProof
-} from "@reclaimprotocol/zk-symmetric-crypto";
-import { makeGnarkOPRFOperator, makeGnarkZkOperator } from "@reclaimprotocol/zk-symmetric-crypto/gnark";
-import { makeSnarkJsZKOperator } from "@reclaimprotocol/zk-symmetric-crypto/snarkjs";
-import { makeStwoZkOperator } from "@reclaimprotocol/zk-symmetric-crypto/stwo";
-import PQueue from "p-queue";
-import {
-  DEFAULT_REMOTE_FILE_FETCH_BASE_URL,
-  DEFAULT_ZK_CONCURRENCY,
-  TOPRF_DOMAIN_SEPARATOR
-} from "../config/index.js";
-import { ZKProofEngine } from "../proto/api.js";
-import { detectEnvironment, getEnvVariable } from "../utils/env.js";
-import { AttestorError } from "../utils/error.js";
-import {
-  getPureCiphertext,
-  getRecordIV,
-  getZkAlgorithmForCipherSuite,
-  isTls13Suite,
-  strToUint8Array
-} from "../utils/generics.js";
-import { logger as LOGGER } from "../utils/logger.js";
-import { binaryHashToStr, isFullyRedacted, isRedactionCongruent, REDACTION_CHAR_CODE } from "../utils/redactions.js";
-const ZK_CONCURRENCY = +(getEnvVariable("ZK_CONCURRENCY") || DEFAULT_ZK_CONCURRENCY);
-async function makeZkProofGenerator({
-  zkOperators,
-  oprfOperators,
-  logger = LOGGER,
-  zkProofConcurrency = ZK_CONCURRENCY,
-  cipherSuite,
-  zkEngine = "snarkjs"
-}) {
-  const zkQueue = new PQueue({ concurrency: zkProofConcurrency, autoStart: true });
-  const packetsToProve = [];
-  logger = logger.child({ module: "zk", zkEngine });
-  let zkProofsToGen = 0;
-  return {
-    /**
-     * Adds the given packet to the list of packets to
-     * generate ZK proofs for.
-     *
-     * Call `generateProofs()` to finally generate the proofs
-     */
-    async addPacketToProve(packet, {
-      redactedPlaintext,
-      toprfs = [],
-      overshotToprfFromPrevBlock
-    }, onGeneratedProofs, getNextPacket) {
-      if (packet.type === "plaintext") {
-        throw new Error("Cannot generate proof for plaintext");
-      }
-      const alg = getZkAlgorithmForCipherSuite(cipherSuite);
-      const chunkSizeBytes = getChunkSizeBytes(alg);
-      const key = await crypto.exportKey(packet.encKey);
-      const iv = packet.iv;
-      const ciphertext = getPureCiphertext(packet.ciphertext, cipherSuite);
-      if (overshotToprfFromPrevBlock) {
-        redactedPlaintext.set(
-          new Uint8Array(overshotToprfFromPrevBlock.length).fill(REDACTION_CHAR_CODE)
-        );
-      }
-      const trueCiphertextLength = isTls13Suite(cipherSuite) ? ciphertext.length - 1 : ciphertext.length;
-      const packetToProve = {
-        onGeneratedProofs,
-        algorithm: alg,
-        proofsToGenerate: [],
-        toprfsToGenerate: [],
-        iv: packet.fixedIv
-      };
-      for (const toprf of toprfs) {
-        const toprfDistFromEnd = trueCiphertextLength - (toprf.dataLocation.fromIndex + toprf.dataLocation.length);
-        if (toprfDistFromEnd < 0) {
-          const nextPacket = getNextPacket();
-          if (nextPacket?.type !== "ciphertext") {
-            throw new AttestorError(
-              "ERROR_INTERNAL",
-              "TOPRF data overshoots ciphertext length, but no next ciphertext packet found"
-            );
-          }
-          if (nextPacket.encKey !== packet.encKey) {
-            throw new AttestorError(
-              "ERROR_INTERNAL",
-              "TOPRF data overshoots ciphertext length, but next packet has different encryption key"
-            );
-          }
-          const nextCiphertext = nextPacket.ciphertext.slice(0, Math.abs(toprfDistFromEnd));
-          const iv2 = nextPacket.iv;
-          toprf.overshoot = {
-            ciphertext: nextCiphertext,
-            iv: iv2,
-            recordNumber: nextPacket.recordNumber
-          };
-        }
-        const fromIndex = getIdealOffsetForToprfBlock(alg, toprf);
-        const toIndex = Math.min(fromIndex + chunkSizeBytes, ciphertext.length);
-        const slice = { fromIndex, toIndex };
-        packetToProve.toprfsToGenerate.push(getTOPRFProofGenerationParamsForSlice({
-          key,
-          iv,
-          ciphertext,
-          slice,
-          toprf: {
-            ...toprf,
-            dataLocation: {
-              ...toprf.dataLocation,
-              fromIndex: toprf.dataLocation.fromIndex - fromIndex
-            }
-          }
-        }));
-        zkProofsToGen += 1;
-        const pktToIndex = Math.min(
-          trueCiphertextLength,
-          toprf.dataLocation.fromIndex + toprf.dataLocation.length
-        );
-        const pktFromIndex = toprf.dataLocation.fromIndex;
-        for (let i = pktFromIndex; i < pktToIndex; i++) {
-          redactedPlaintext[i] = REDACTION_CHAR_CODE;
-        }
-      }
-      for (let i = 0; i < ciphertext.length; i += chunkSizeBytes) {
-        const slice = {
-          fromIndex: i,
-          toIndex: Math.min(i + chunkSizeBytes, ciphertext.length)
-        };
-        const proofParams = getProofGenerationParamsForSlice(
-          { key, iv, ciphertext, redactedPlaintext, slice }
-        );
-        if (!proofParams) {
-          continue;
-        }
-        packetToProve.proofsToGenerate.push(proofParams);
-        zkProofsToGen += 1;
-      }
-      packetsToProve.push(packetToProve);
-    },
-    getTotalChunksToProve() {
-      return zkProofsToGen;
-    },
-    async generateProofs(onChunkDone) {
-      if (!packetsToProve.length) {
-        return;
-      }
-      const start = Date.now();
-      const tasks = [];
-      for (const {
-        onGeneratedProofs,
-        algorithm,
-        proofsToGenerate,
-        toprfsToGenerate
-      } of packetsToProve) {
-        const proofs = [];
-        const toprfs = [];
-        let proofsLeft = proofsToGenerate.length + toprfsToGenerate.length;
-        for (const proofToGen of proofsToGenerate) {
-          tasks.push(zkQueue.add(async () => {
-            const proof = await generateZkProofForChunk(algorithm, proofToGen);
-            onChunkDone?.();
-            proofs.push(proof);
-            proofsLeft -= 1;
-            if (proofsLeft === 0) {
-              onGeneratedProofs(proofs, toprfs);
-            }
-          }, { throwOnTimeout: true }));
-        }
-        for (const toprfToGen of toprfsToGenerate) {
-          tasks.push(zkQueue.add(async () => {
-            const toprf = await generateOprfProofForChunk(algorithm, toprfToGen);
-            onChunkDone?.();
-            toprfs.push(toprf);
-            proofsLeft -= 1;
-            if (proofsLeft === 0) {
-              onGeneratedProofs(proofs, toprfs);
-            }
-          }, { throwOnTimeout: true }));
-        }
-      }
-      await Promise.all(tasks);
-      logger?.info(
-        { durationMs: Date.now() - start, zkProofsToGen },
-        "generated ZK proofs"
-      );
-      packetsToProve.splice(0, packetsToProve.length);
-      zkProofsToGen = 0;
-      const alg = getZkAlgorithmForCipherSuite(cipherSuite);
-      const zkOperator = await getZkOperatorForAlgorithm(alg);
-      zkOperator.release?.();
-    }
-  };
-  async function generateZkProofForChunk(algorithm, {
-    startIdx,
-    redactedPlaintext,
-    privateInput,
-    publicInput
-  }) {
-    const operator = getZkOperatorForAlgorithm(algorithm);
-    const proof = await generateProof(
-      { algorithm, privateInput, publicInput, operator, logger }
-    );
-    logger?.debug({ startIdx }, "generated proof for chunk");
-    return {
-      proofData: typeof proof.proofData === "string" ? strToUint8Array(proof.proofData) : proof.proofData,
-      decryptedRedactedCiphertext: proof.plaintext || new Uint8Array(),
-      redactedPlaintext,
-      startIdx
-    };
-  }
-  async function generateOprfProofForChunk(algorithm, { startIdx, privateInput, publicInput, toprf }) {
-    const operator = getOprfOperatorForAlgorithm(algorithm);
-    const toprfLocations = [];
-    if (toprf?.overshoot) {
-      const { dataLocation, overshoot: { ciphertext } } = toprf;
-      toprfLocations.push(
-        {
-          pos: dataLocation.fromIndex,
-          len: dataLocation.length - ciphertext.length
-        },
-        {
-          pos: ceilToBlockSizeMultiple(
-            dataLocation.fromIndex + dataLocation.length,
-            algorithm
-          ),
-          len: ciphertext.length
-        }
-      );
-    } else if (toprf) {
-      toprfLocations.push({
-        pos: toprf.dataLocation.fromIndex,
-        len: toprf.dataLocation.length
-      });
-    }
-    const proof = await generateProof(
-      {
-        algorithm,
-        privateInput,
-        publicInput,
-        operator,
-        logger,
-        ...toprf ? {
-          toprf: {
-            locations: toprfLocations,
-            output: toprf.nullifier,
-            responses: toprf.responses,
-            domainSeparator: TOPRF_DOMAIN_SEPARATOR
-          },
-          mask: toprf.mask
-        } : {}
-      }
-    );
-    logger?.debug({ toprfLocations }, "generated TOPRF proof for chunk");
-    return {
-      startIdx,
-      proofData: typeof proof.proofData === "string" ? strToUint8Array(proof.proofData) : proof.proofData,
-      payload: toprf
-    };
-  }
-  function getZkOperatorForAlgorithm(algorithm) {
-    return zkOperators?.[algorithm] || makeDefaultZkOperator(algorithm, zkEngine, logger);
-  }
-  function getOprfOperatorForAlgorithm(algorithm) {
-    return oprfOperators?.[algorithm] || makeDefaultOPRFOperator(algorithm, zkEngine, logger);
-  }
-}
-async function verifyZkPacket({
-  cipherSuite,
-  ciphertext,
-  zkReveal,
-  zkOperators,
-  oprfOperators,
-  logger = LOGGER,
-  zkEngine = "snarkjs",
-  iv,
-  recordNumber,
-  toprfOvershotNullifier,
-  getNextPacket
-}) {
-  const { proofs, toprfs, oprfRawMarkers } = zkReveal;
-  const algorithm = getZkAlgorithmForCipherSuite(cipherSuite);
-  const recordIV = getRecordIV(ciphertext, cipherSuite);
-  ciphertext = new Uint8Array(getPureCiphertext(ciphertext, cipherSuite));
-  const realRedactedPlaintext = new Uint8Array(ciphertext.length).fill(REDACTION_CHAR_CODE);
-  const replacements = await Promise.all(toprfs.map(async (toprf, i) => {
-    try {
-      return await verifyToprfProofPacket(toprf);
-    } catch (e) {
-      e.message += ` (TOPRF proof ${i}, from ${toprf.payload?.dataLocation?.fromIndex}, record ${recordNumber})`;
-      throw e;
-    }
-  }));
-  await Promise.all(proofs.map(async (proof, i) => {
-    try {
-      await verifyZkProofPacket(proof);
-    } catch (e) {
-      e.message += ` (ZK proof ${i}, startIdx ${proof.startIdx}, record ${recordNumber})`;
-      throw e;
-    }
-  }));
-  for (const { set, startIdx } of replacements) {
-    realRedactedPlaintext.set(set, startIdx);
-  }
-  if (toprfOvershotNullifier) {
-    realRedactedPlaintext.set(toprfOvershotNullifier);
-  }
-  return { redactedPlaintext: realRedactedPlaintext, oprfRawMarkers };
-  async function verifyZkProofPacket({
-    proofData,
-    decryptedRedactedCiphertext,
-    redactedPlaintext,
-    startIdx
-  }) {
-    const ciphertextChunkEnd = startIdx + redactedPlaintext.length;
-    const ciphertextChunk = ciphertext.slice(startIdx, ciphertextChunkEnd);
-    for (let i = 0; i < ciphertextChunk.length; i++) {
-      if (redactedPlaintext[i] === REDACTION_CHAR_CODE) {
-        ciphertextChunk[i] = REDACTION_CHAR_CODE;
-      }
-    }
-    let nonce = concatenateUint8Arrays([iv, recordIV]);
-    if (!recordIV.length) {
-      nonce = generateIV(nonce, recordNumber);
-    }
-    const ciphertextInput = {
-      ciphertext: ciphertextChunk,
-      iv: nonce,
-      offsetBytes: startIdx
-    };
-    if (!isRedactionCongruent(redactedPlaintext, decryptedRedactedCiphertext)) {
-      throw new Error("redacted ciphertext not congruent");
-    }
-    await verifyProof(
-      {
-        proof: {
-          algorithm,
-          proofData,
-          plaintext: decryptedRedactedCiphertext
-        },
-        publicInput: ciphertextInput,
-        logger,
-        operator: getZkOperator()
-      }
-    );
-    logger?.debug(
-      { startIdx, endIdx: startIdx + redactedPlaintext.length },
-      "verified proof"
-    );
-    realRedactedPlaintext.set(redactedPlaintext, startIdx);
-  }
-  async function verifyToprfProofPacket({ startIdx, proofData, payload: toprf }) {
-    if (!toprf?.dataLocation || !toprf.responses || !toprf.nullifier) {
-      throw new Error("invalid TOPRF proof payload");
-    }
-    const { dataLocation, nullifier } = toprf;
-    const ciphertextChunkEnd = Math.min(ciphertext.length, getChunkSizeBytes(algorithm) + startIdx);
-    const isLastChunk = ciphertextChunkEnd >= ciphertext.length;
-    const ciphertextChunk = ciphertext.slice(startIdx, ciphertextChunkEnd);
-    let nonce = concatenateUint8Arrays([iv, recordIV]);
-    if (!recordIV.length) {
-      nonce = generateIV(nonce, recordNumber);
-    }
-    const ciphertextInput = {
-      ciphertext: ciphertextChunk,
-      iv: nonce,
-      offsetBytes: startIdx
-    };
-    let pubInput = ciphertextInput;
-    const nulliferStr = binaryHashToStr(nullifier, dataLocation.length);
-    const locations = [];
-    const toprfEndIdx = dataLocation.fromIndex + dataLocation.length;
-    const trueCiphLen = isLastChunk && isTls13Suite(cipherSuite) ? ciphertextChunk.length - 1 : ciphertextChunk.length;
-    const overshoot = toprfEndIdx - trueCiphLen;
-    if (overshoot > 0) {
-      const nextPkt = getNextPacket(
-        strToUint8Array(nulliferStr.slice(dataLocation.length - overshoot))
-      );
-      if (!nextPkt) {
-        throw new Error("OPRF data overshot, but no next packet found");
-      }
-      const nextRecordIV = getRecordIV(ciphertext, cipherSuite);
-      let nextNonce = concatenateUint8Arrays([iv, nextRecordIV]);
-      if (!nextRecordIV.length) {
-        nextNonce = generateIV(nextNonce, recordNumber + 1);
-      }
-      pubInput = [
-        ciphertextInput,
-        {
-          ciphertext: nextPkt.slice(0, overshoot),
-          iv: nextNonce,
-          offsetBytes: 0
-        }
-      ];
-      locations.push(
-        {
-          pos: dataLocation.fromIndex,
-          len: dataLocation.length - overshoot
-        },
-        {
-          pos: ceilToBlockSizeMultiple(
-            dataLocation.fromIndex + dataLocation.length,
-            algorithm
-          ),
-          len: overshoot
-        }
-      );
-    } else {
-      locations.push({
-        pos: dataLocation.fromIndex,
-        len: dataLocation.length
-      });
-    }
-    await verifyProof(
-      {
-        proof: { algorithm, proofData, plaintext: void 0 },
-        publicInput: pubInput,
-        logger,
-        operator: getOprfOperator(),
-        toprf: {
-          locations,
-          domainSeparator: TOPRF_DOMAIN_SEPARATOR,
-          output: nullifier,
-          responses: toprf.responses
-        }
-      }
-    );
-    logger?.debug({ locations }, "verified TOPRF proof");
-    return {
-      set: strToUint8Array(
-        nulliferStr.slice(0, locations[0].len)
-      ),
-      startIdx: locations[0].pos + startIdx
-    };
-  }
-  function getZkOperator() {
-    return zkOperators?.[algorithm] || makeDefaultZkOperator(algorithm, zkEngine, logger);
-  }
-  function getOprfOperator() {
-    return oprfOperators?.[algorithm] || makeDefaultOPRFOperator(algorithm, zkEngine, logger);
-  }
-}
-function getChunkSizeBytes(alg) {
-  const { chunkSize, bitsPerWord } = ZK_CONFIG[alg];
-  return chunkSize * bitsPerWord / 8;
-}
-const zkEngines = {};
-const oprfEngines = {};
-const operatorMakers = {
-  "snarkjs": makeSnarkJsZKOperator,
-  "gnark": makeGnarkZkOperator,
-  "stwo": makeStwoZkOperator
-};
-const OPRF_OPERATOR_MAKERS = {
-  "gnark": makeGnarkOPRFOperator
-};
-function makeDefaultZkOperator(algorithm, zkEngine, logger) {
-  let zkOperators = zkEngines[zkEngine];
-  if (!zkOperators) {
-    zkEngines[zkEngine] = {};
-    zkOperators = zkEngines[zkEngine];
-  }
-  if (!zkOperators[algorithm]) {
-    const opType = getOperatorType();
-    const zkBaseUrl = opType === "remote" ? getZkResourcesBaseUrl() : void 0;
-    logger?.info({ type: opType, algorithm, zkBaseUrl }, "fetching zk operator");
-    const fetcher = opType === "local" ? makeLocalFileFetch() : makeRemoteFileFetch({ baseUrl: zkBaseUrl, logger });
-    const maker = operatorMakers[zkEngine];
-    if (!maker) {
-      throw new Error(`No ZK operator maker for ${zkEngine}`);
-    }
-    zkOperators[algorithm] = maker({ algorithm, fetcher });
-  }
-  return zkOperators[algorithm];
-}
-function getOperatorType() {
-  const envop = getEnvVariable("ZK_OPERATOR_TYPE");
-  if (envop === "local" || envop === "remote") {
-    return envop;
-  }
-  return detectEnvironment() === "node" ? "local" : "remote";
-}
-function makeDefaultOPRFOperator(algorithm, zkEngine, logger) {
-  let operators = oprfEngines[zkEngine];
-  if (!operators) {
-    oprfEngines[zkEngine] = {};
-    operators = oprfEngines[zkEngine];
-  }
-  if (!operators[algorithm]) {
-    const type = getOperatorType();
-    const zkBaseUrl = type === "remote" ? getZkResourcesBaseUrl() : void 0;
-    logger?.info({ type, algorithm, zkBaseUrl }, "fetching oprf operator");
-    const fetcher = type === "local" ? makeLocalFileFetch() : makeRemoteFileFetch({ baseUrl: zkBaseUrl, logger });
-    const maker = OPRF_OPERATOR_MAKERS[zkEngine];
-    if (!maker) {
-      throw new Error(`No OPRF operator maker for ${zkEngine}`);
-    }
-    operators[algorithm] = maker({ algorithm, fetcher });
-  }
-  return operators[algorithm];
-}
-function getEngineString(engine) {
-  if (engine === ZKProofEngine.ZK_ENGINE_GNARK) {
-    return "gnark";
-  }
-  if (engine === ZKProofEngine.ZK_ENGINE_SNARKJS) {
-    return "snarkjs";
-  }
-  if (engine === ZKProofEngine.ZK_ENGINE_STWO) {
-    return "stwo";
-  }
-  throw new Error(`Unknown ZK engine: ${engine}`);
-}
-function getEngineProto(engine) {
-  if (engine === "gnark") {
-    return ZKProofEngine.ZK_ENGINE_GNARK;
-  }
-  if (engine === "snarkjs") {
-    return ZKProofEngine.ZK_ENGINE_SNARKJS;
-  }
-  if (engine === "stwo") {
-    return ZKProofEngine.ZK_ENGINE_STWO;
-  }
-  throw new Error(`Unknown ZK engine: ${engine}`);
-}
-function getProofGenerationParamsForSlice({
-  key,
-  iv,
-  ciphertext,
-  redactedPlaintext,
-  slice: { fromIndex, toIndex }
-}) {
-  const ciphertextChunk = ciphertext.slice(fromIndex, toIndex);
-  const plaintextChunk = redactedPlaintext.slice(fromIndex, toIndex);
-  if (isFullyRedacted(plaintextChunk)) {
-    return;
-  }
-  for (let i = 0; i < ciphertextChunk.length; i++) {
-    if (plaintextChunk[i] === REDACTION_CHAR_CODE) {
-      ciphertextChunk[i] = REDACTION_CHAR_CODE;
-    }
-  }
-  return {
-    startIdx: fromIndex,
-    redactedPlaintext: plaintextChunk,
-    privateInput: { key },
-    publicInput: { ciphertext: ciphertextChunk, iv, offsetBytes: fromIndex }
-  };
-}
-function getTOPRFProofGenerationParamsForSlice({
-  key,
-  iv,
-  ciphertext,
-  slice: { fromIndex, toIndex },
-  toprf
-}) {
-  const ciphertextChunk = ciphertext.slice(fromIndex, toIndex);
-  if (toprf?.overshoot) {
-    const {
-      overshoot: { ciphertext: overshootCiphertext, iv: overshootIv }
-    } = toprf;
-    return {
-      privateInput: { key },
-      publicInput: [
-        {
-          ciphertext: ciphertextChunk,
-          iv,
-          offsetBytes: fromIndex
-        },
-        { ciphertext: overshootCiphertext, iv: overshootIv }
-      ],
-      toprf,
-      startIdx: fromIndex
-    };
-  }
-  return {
-    privateInput: { key },
-    publicInput: { ciphertext: ciphertextChunk, iv, offsetBytes: fromIndex },
-    toprf,
-    startIdx: fromIndex
-  };
-}
-function getIdealOffsetForToprfBlock(alg, { dataLocation, overshoot }) {
-  const chunkSizeBytes = getChunkSizeBytes(alg);
-  const blockSizeBytes = getBlockSizeBytes(alg);
-  const offsetChunks = Math.floor(dataLocation.fromIndex / chunkSizeBytes);
-  const endOffsetChunks = Math.floor((dataLocation.fromIndex + dataLocation.length) / chunkSizeBytes);
-  if (endOffsetChunks === offsetChunks) {
-    const start = offsetChunks * chunkSizeBytes;
-    if (overshoot) {
-      const overshootBlocks = Math.ceil(overshoot.ciphertext.length / blockSizeBytes);
-      return start + overshootBlocks * blockSizeBytes;
-    }
-    return start;
-  }
-  const offsetBytes = Math.floor(dataLocation.fromIndex / blockSizeBytes) * blockSizeBytes;
-  const endOffsetBytes = Math.ceil((dataLocation.fromIndex + dataLocation.length) / blockSizeBytes);
-  if (endOffsetBytes - offsetBytes > chunkSizeBytes) {
-    throw new AttestorError(
-      "ERROR_BAD_REQUEST",
-      "OPRF data cannot fit into a single chunk"
-    );
-  }
-  return offsetBytes;
-}
-function getZkResourcesBaseUrl() {
-  if (typeof ATTESTOR_BASE_URL !== "string") {
-    return DEFAULT_REMOTE_FILE_FETCH_BASE_URL;
-  }
-  return new URL(
-    DEFAULT_REMOTE_FILE_FETCH_BASE_URL,
-    ATTESTOR_BASE_URL
-  ).toString();
-}
-export {
-  getEngineProto,
-  getEngineString,
-  makeDefaultOPRFOperator,
-  makeDefaultZkOperator,
-  makeZkProofGenerator,
-  verifyZkPacket
-};