@reclaimprotocol/attestor-core 5.0.3 → 5.0.5

package/lib/server/tee/bootstrap.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Brings the attestor up in TEE mode:
+ *   1. Pull signing/OPRF secrets from GCP Secret Manager into process.env.
+ *   2. Load (or obtain via ACME) the TLS cert and start the renewal loop.
+ *   3. Start the attestation refresh loop, with the public key + cert hash
+ *      as nonces.
+ *
+ * Must run before #src/server/index.ts is imported, since modules in that
+ * tree read PRIVATE_KEY at module load.
+ */
+export declare function bootstrapTee(): Promise<void>;

package/lib/server/tee/cert-manager.d.ts

@@ -0,0 +1,24 @@
+import tls from 'tls';
+export interface CertManagerConfig {
+    projectId: string;
+    domain: string;
+    email: string;
+    directoryUrl: string;
+    httpChallengePort: number;
+}
+export interface ActiveCertificate {
+    certPem: string;
+    keyPem: string;
+    notAfter: Date;
+    sha256Hex: string;
+    secureContext: tls.SecureContext;
+}
+/**
+ * Bootstraps the TLS certificate. Tries Secret Manager first; if absent or
+ * expiring within the renewal window, runs ACME against the configured
+ * directory URL and persists the result.
+ */
+export declare function bootstrapCertificate(cfg: CertManagerConfig): Promise<ActiveCertificate>;
+export declare function startRenewalLoop(cfg: CertManagerConfig): void;
+export declare function stopRenewalLoop(): void;
+export declare function getActiveCertificate(): ActiveCertificate | undefined;

package/lib/server/tee/cloud-logging.d.ts

@@ -0,0 +1,23 @@
+import type { LogLevel } from '#src/types/index.ts';
+interface CloudLoggingOptions {
+    projectId: string;
+    logName: string;
+    level?: LogLevel;
+}
+/**
+ * Replaces the default pino logger with one that forwards every log line
+ * to GCP Cloud Logging under the given log name. Idempotent.
+ *
+ * Probes the Cloud Logging client first by writing a no-op entry; if
+ * authentication or transport fails, leaves the default stdout logger in
+ * place rather than crashing the process. On Confidential Space VMs the
+ * launcher's `tee-container-log-redirect` ships stdout to Cloud Logging
+ * anyway, so the worst case is logs appear under
+ * `confidential-space-launcher` rather than the configured `logName`.
+ *
+ * We also install a process-wide `unhandledRejection` filter that
+ * swallows errors originating in `@google-cloud/logging`, since the SDK
+ * has internal lazy gRPC init that escapes our local `.catch()`.
+ */
+export declare function installCloudLogging(opts: CloudLoggingOptions): void;
+export {};

package/lib/server/tee/secret-loader.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Fetches the attestor's signing key and OPRF key material from GCP
+ * Secret Manager and writes them into process.env, so that the rest of
+ * the server (which reads these via getEnvVariable at module load) sees
+ * them as if they had been set in the environment.
+ *
+ * Must be called before any module that reads PRIVATE_KEY / TOPRF_* is
+ * imported, otherwise the reads happen before the values are populated.
+ */
+export declare function loadSecretsIntoEnv(projectId: string): Promise<void>;

package/lib/server/tee/secret-manager.d.ts

@@ -0,0 +1,3 @@
+export declare function accessLatestSecret(projectId: string, secretId: string): Promise<Uint8Array>;
+export declare function createSecretIfNotExists(projectId: string, secretId: string): Promise<void>;
+export declare function addSecretVersion(projectId: string, secretId: string, payload: Uint8Array): Promise<void>;

package/lib/server/utils/assert-valid-claim-request.d.ts

@@ -20,7 +20,7 @@ export declare function assertValidClaimRequest(request: ClaimTunnelRequest, met
  * Verify that the transcript contains a valid claim
  * for the provider.
  */
-export declare function assertValidProviderTranscript<T extends ProviderClaimInfo>(applData: Transcript<Uint8Array>, info: T, logger: Logger, providerCtx: ProviderCtx, oprfRawReplacements?: OPRFRawReplacement[]): Promise<T>;
+export declare function assertValidProviderTranscript<T extends ProviderClaimInfo>(applData: Transcript<Uint8Array>, metadata: InitRequest, info: T, logger: Logger, providerCtx: ProviderCtx, oprfRawReplacements?: OPRFRawReplacement[]): Promise<T>;
 /**
  * Verify that the transcript provided by the client
  * matches the transcript of the tunnel, the server

package/lib/server/utils/generics.d.ts

@@ -20,3 +20,4 @@ export declare function niceParseJsonObject(data: string, key: string): any;
  * in the `messages` parameter.
  */
 export declare function getInitialMessagesFromQuery(req: IncomingMessage): import("#src/proto/api.ts").RPCMessage[];
+export declare function getPublicAddresses(host: string): Promise<string[]>;

package/lib/types/providers.d.ts

@@ -34,6 +34,7 @@ type GetResponseRedactionsOpts<P> = {
     ctx: ProviderCtx;
 };
 type AssertValidProviderReceipt<P> = {
+    clientVersion: AttestorVersion;
     receipt: Transcript<Uint8Array>;
     params: P;
     logger: Logger;

package/lib/utils/gcp-attestation.d.ts

@@ -0,0 +1,23 @@
+/**
+ * GCP attestation validation utilities.
+ *
+ * Validates JWT attestation tokens from GCP Confidential Computing
+ * (Confidential Space). Browser-safe: uses `@peculiar/x509` for chain
+ * verification and `globalThis.crypto.subtle` for JWT signature
+ * verification. Both are available in Node 19+ and modern browsers.
+ */
+import type { Logger } from '#src/types/general.ts';
+export interface GcpValidationResult {
+    isValid: boolean;
+    errors: string[];
+    ethAddress?: Uint8Array;
+    userDataType?: string;
+    pcr0?: string;
+    envVars?: Record<string, string>;
+}
+export declare function validateGcpAttestationAndExtractKey(attestation: Uint8Array | string, logger?: Logger): Promise<GcpValidationResult>;
+/**
+ * Extracts the container image digest from a previously-validated GCP
+ * attestation token. Re-validates the JWT before reading.
+ */
+export declare function extractImageDigestFromGCPAttestation(token: Uint8Array | string, logger?: Logger): Promise<string>;

package/lib/utils/http-parser.d.ts

@@ -51,9 +51,10 @@ export declare function makeHttpResponseParser(): {
      */
     streamEnded(): void;
 };
+export declare function extractRequestBufferFromTranscript(receipt: Transcript<Uint8Array>): Uint8Array<ArrayBufferLike>;
 /**
  * Read the HTTP request from a TLS receipt transcript.
  * @param receipt the transcript to read from or application messages if they were extracted beforehand
  * @returns the parsed HTTP request
  */
-export declare function getHttpRequestDataFromTranscript(receipt: Transcript<Uint8Array>): HttpRequest;
+export declare function getHttpRequestDataFromTranscript(requestBuffer: Uint8Array): HttpRequest;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reclaimprotocol/attestor-core",
-  "version": "5.0.3",
+  "version": "5.0.5",
   "description": "",
   "type": "module",
   "imports": {
@@ -97,6 +97,7 @@
     "esprima-next": "^5.8.4",
     "ethers": "^6.16.0",
     "https-proxy-agent": "^7.0.6",
+    "ip-address": "^10.2.0",
     "ip-cidr": "^3.1.0",
     "jsonpath-plus": "^10.4.0",
     "koffi": "^2.15.2",
@@ -106,7 +107,7 @@
     "pino": "^9.14.0",
     "re2": "^1.23.3",
     "serve-static": "^1.16.3",
-    "snarkjs": "git+https://github.com/reclaimprotocol/snarkjs.git",
+    "snarkjs": "^0.7.6",
     "ws": "^8.20.0",
     "xpath": "^0.0.34"
   },