@reclaimprotocol/attestor-core 5.0.5 → 5.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/LICENSE +660 -660
  2. package/browser/resources/attestor-browser.min.mjs +31 -31
  3. package/lib/avs/client/create-claim-on-avs.d.ts +4 -4
  4. package/lib/avs/config.d.ts +1 -1
  5. package/lib/avs/types/index.d.ts +4 -4
  6. package/lib/avs/utils/contracts.d.ts +3 -3
  7. package/lib/avs/utils/register.d.ts +1 -1
  8. package/lib/avs/utils/tasks.d.ts +1 -1
  9. package/lib/client/create-claim.d.ts +2 -2
  10. package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts +2 -2
  11. package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +2 -2
  12. package/lib/client/utils/attestor-pool.d.ts +1 -1
  13. package/lib/client/utils/client-socket.d.ts +4 -4
  14. package/lib/client/utils/message-handler.d.ts +2 -2
  15. package/lib/config/index.d.ts +1 -1
  16. package/lib/external-rpc/handle-incoming-msg.d.ts +1 -1
  17. package/lib/external-rpc/index.js +25 -8
  18. package/lib/external-rpc/jsc-polyfills/1.d.ts +1 -1
  19. package/lib/external-rpc/jsc-polyfills/index.d.ts +2 -2
  20. package/lib/external-rpc/setup-browser.d.ts +1 -1
  21. package/lib/external-rpc/setup-jsc.d.ts +2 -2
  22. package/lib/external-rpc/types.d.ts +7 -7
  23. package/lib/external-rpc/utils.d.ts +2 -2
  24. package/lib/index.js +26 -9
  25. package/lib/mechain/client/create-claim-on-mechain.d.ts +3 -3
  26. package/lib/mechain/types/index.d.ts +2 -2
  27. package/lib/providers/http/index.d.ts +1 -1
  28. package/lib/providers/http/utils.d.ts +3 -3
  29. package/lib/providers/index.d.ts +1 -1
  30. package/lib/scripts/generate-receipt.d.ts +2 -2
  31. package/lib/scripts/jsc-cli-rpc.d.ts +1 -1
  32. package/lib/scripts/start-server.d.ts +1 -1
  33. package/lib/server/handlers/claimTeeBundle.d.ts +1 -1
  34. package/lib/server/handlers/claimTunnel.d.ts +1 -1
  35. package/lib/server/handlers/completeClaimOnChain.d.ts +1 -1
  36. package/lib/server/handlers/createClaimOnChain.d.ts +1 -1
  37. package/lib/server/handlers/createTaskOnMechain.d.ts +1 -1
  38. package/lib/server/handlers/createTunnel.d.ts +1 -1
  39. package/lib/server/handlers/disconnectTunnel.d.ts +1 -1
  40. package/lib/server/handlers/fetchCertificateBytes.d.ts +1 -1
  41. package/lib/server/handlers/index.d.ts +1 -1
  42. package/lib/server/handlers/init.d.ts +1 -1
  43. package/lib/server/handlers/toprf.d.ts +1 -1
  44. package/lib/server/socket.d.ts +4 -4
  45. package/lib/server/tunnels/make-tcp-tunnel.d.ts +3 -3
  46. package/lib/server/utils/assert-valid-claim-request.d.ts +4 -4
  47. package/lib/server/utils/gcp-attestation.d.ts +1 -1
  48. package/lib/server/utils/generics.d.ts +8 -2
  49. package/lib/server/utils/oprf-raw.d.ts +2 -2
  50. package/lib/server/utils/process-handshake.d.ts +2 -2
  51. package/lib/server/utils/tee-oprf-mpc-verification.d.ts +3 -3
  52. package/lib/server/utils/tee-oprf-verification.d.ts +3 -3
  53. package/lib/server/utils/tee-transcript-reconstruction.d.ts +3 -3
  54. package/lib/server/utils/tee-verification.d.ts +3 -3
  55. package/lib/server/utils/validation.d.ts +1 -1
  56. package/lib/types/claims.d.ts +6 -6
  57. package/lib/types/client.d.ts +5 -5
  58. package/lib/types/general.d.ts +1 -1
  59. package/lib/types/handlers.d.ts +3 -3
  60. package/lib/types/providers.d.ts +5 -5
  61. package/lib/types/rpc.d.ts +2 -2
  62. package/lib/types/tunnel.d.ts +1 -1
  63. package/lib/types/zk.d.ts +1 -1
  64. package/lib/utils/auth.d.ts +2 -2
  65. package/lib/utils/bgp-listener.d.ts +1 -1
  66. package/lib/utils/claims.d.ts +3 -3
  67. package/lib/utils/error.d.ts +1 -1
  68. package/lib/utils/generics.d.ts +2 -2
  69. package/lib/utils/http-parser.d.ts +1 -1
  70. package/lib/utils/logger.d.ts +1 -1
  71. package/lib/utils/prepare-packets.d.ts +2 -2
  72. package/lib/utils/redactions.d.ts +1 -1
  73. package/lib/utils/retries.d.ts +1 -1
  74. package/lib/utils/signatures/eth.d.ts +1 -1
  75. package/lib/utils/signatures/index.d.ts +2 -2
  76. package/lib/utils/socket-base.d.ts +3 -3
  77. package/lib/utils/zk.d.ts +4 -4
  78. package/package.json +5 -4
  79. package/lib/server/tee/acme-http-server.d.ts +0 -13
  80. package/lib/server/tee/attestation-generate.d.ts +0 -29
  81. package/lib/server/tee/bootstrap.d.ts +0 -11
  82. package/lib/server/tee/cert-manager.d.ts +0 -24
  83. package/lib/server/tee/cloud-logging.d.ts +0 -23
  84. package/lib/server/tee/secret-loader.d.ts +0 -10
  85. package/lib/server/tee/secret-manager.d.ts +0 -3
  86. package/lib/utils/gcp-attestation.d.ts +0 -23
package/lib/avs/client/create-claim-on-avs.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import type { TaskCompletedEvent } from '#src/avs/contracts/ReclaimServiceManager.ts';
2
- import type { CreateClaimOnAvsOpts } from '#src/avs/types/index.ts';
3
- import type { ProviderClaimData } from '#src/proto/api.ts';
4
- import type { ProviderName } from '#src/types/index.ts';
1
+ import type { TaskCompletedEvent } from '../../avs/contracts/ReclaimServiceManager.ts';
2
+ import type { CreateClaimOnAvsOpts } from '../../avs/types/index.ts';
3
+ import type { ProviderClaimData } from '../../proto/api.ts';
4
+ import type { ProviderName } from '../../types/index.ts';
5
5
  /**
6
6
  * Creates a Reclaim claim on the AVS chain.
7
7
  */
package/lib/avs/config.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { ChainConfig } from '#src/avs/types/index.ts';
1
+ import type { ChainConfig } from '../avs/types/index.ts';
2
2
  export declare const CHAIN_CONFIGS: {
3
3
  [key: string]: ChainConfig;
4
4
  };
package/lib/avs/types/index.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import type { NewTaskCreatedEvent } from '#src/avs/contracts/ReclaimServiceManager.ts';
2
- import type { createClaimOnAttestor } from '#src/client/index.ts';
3
- import type { ClaimTunnelResponse } from '#src/proto/api.ts';
4
- import type { CreateClaimOnAttestorOpts, ProofGenerationStep, ProviderName } from '#src/types/index.ts';
1
+ import type { NewTaskCreatedEvent } from '../../avs/contracts/ReclaimServiceManager.ts';
2
+ import type { createClaimOnAttestor } from '../../client/index.ts';
3
+ import type { ClaimTunnelResponse } from '../../proto/api.ts';
4
+ import type { CreateClaimOnAttestorOpts, ProofGenerationStep, ProviderName } from '../../types/index.ts';
5
5
  export type ChainConfig = {
6
6
  rpcUrl: string;
7
7
  /**
package/lib/avs/utils/contracts.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Contract, JsonRpcProvider, Wallet } from 'ethers';
2
- import type { ChainConfig } from '#src/avs/types/index.ts';
2
+ import type { ChainConfig } from '../../avs/types/index.ts';
3
3
  /**
4
4
  * get the contracts for the given chain ID
5
5
  */
@@ -7,7 +7,7 @@ export declare function getContracts(chainId?: string): {
7
7
  provider: JsonRpcProvider;
8
8
  wallet: Wallet | undefined;
9
9
  delegationManager: Contract;
10
- contract: import("#src/avs/contracts/index.ts").ReclaimServiceManager;
10
+ contract: import("../../avs/contracts/index.ts").ReclaimServiceManager;
11
11
  registryContract: Contract;
12
12
  avsDirectory: Contract;
13
13
  };
@@ -15,7 +15,7 @@ export declare function initialiseContracts({ rpcUrl, stakeRegistryAddress, avsD
15
15
  provider: JsonRpcProvider;
16
16
  wallet: Wallet | undefined;
17
17
  delegationManager: Contract;
18
- contract: import("#src/avs/contracts/index.ts").ReclaimServiceManager;
18
+ contract: import("../../avs/contracts/index.ts").ReclaimServiceManager;
19
19
  registryContract: Contract;
20
20
  avsDirectory: Contract;
21
21
  };
package/lib/avs/utils/register.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { Wallet } from 'ethers';
2
- import { logger as LOGGER } from '#src/utils/index.ts';
2
+ import { logger as LOGGER } from '../../utils/index.ts';
3
3
  type RegisterOpts = {
4
4
  logger?: typeof LOGGER;
5
5
  /**
package/lib/avs/utils/tasks.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { type Wallet } from 'ethers';
2
- import type { IReclaimServiceManager, NewTaskCreatedEvent } from '#src/avs/contracts/ReclaimServiceManager.ts';
2
+ import type { IReclaimServiceManager, NewTaskCreatedEvent } from '../../avs/contracts/ReclaimServiceManager.ts';
3
3
  type CreateClaimWithoutOwner = Omit<IReclaimServiceManager.ClaimRequestStruct, 'owner'>;
4
4
  type CreateNewClaimRequestOnChainOpts = {
5
5
  request: CreateClaimWithoutOwner;
package/lib/client/create-claim.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { CreateClaimOnAttestorOpts, ProviderName } from '#src/types/index.ts';
1
+ import type { CreateClaimOnAttestorOpts, ProviderName } from '../types/index.ts';
2
2
  /**
3
3
  * Create a claim on the attestor
4
4
  */
5
- export declare function createClaimOnAttestor<N extends ProviderName>({ logger: _logger, maxRetries, ...opts }: CreateClaimOnAttestorOpts<N>): Promise<import("#src/proto/api.ts").ClaimTunnelResponse>;
5
+ export declare function createClaimOnAttestor<N extends ProviderName>({ logger: _logger, maxRetries, ...opts }: CreateClaimOnAttestorOpts<N>): Promise<import("../proto/api.ts").ClaimTunnelResponse>;
package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { CreateTunnelRequest } from '#src/proto/api.ts';
2
- import type { IAttestorClient, MakeTunnelFn } from '#src/types/index.ts';
1
+ import type { CreateTunnelRequest } from '../../proto/api.ts';
2
+ import type { IAttestorClient, MakeTunnelFn } from '../../types/index.ts';
3
3
  export type TCPTunnelCreateOpts = {
4
4
  /**
5
5
  * The tunnel ID to communicate with.
package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import type { TLSConnectionOptions } from '@reclaimprotocol/tls';
2
2
  import { makeTLSClient } from '@reclaimprotocol/tls';
3
- import type { CreateTunnelRequest, RPCMessage } from '#src/proto/api.ts';
4
- import type { CompleteTLSPacket, IAttestorClient, Logger, MakeTunnelFn, Transcript } from '#src/types/index.ts';
3
+ import type { CreateTunnelRequest, RPCMessage } from '../../proto/api.ts';
4
+ import type { CompleteTLSPacket, IAttestorClient, Logger, MakeTunnelFn, Transcript } from '../../types/index.ts';
5
5
  type ExtraTLSOptions = {
6
6
  request: Partial<CreateTunnelRequest>;
7
7
  logger: Logger;
package/lib/client/utils/attestor-pool.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { IAttestorClient, IAttestorClientCreateOpts } from '#src/types/index.ts';
1
+ import type { IAttestorClient, IAttestorClientCreateOpts } from '../../types/index.ts';
2
2
  /**
3
3
  * Get a attestor client from the pool,
4
4
  * if it doesn't exist, create one.
package/lib/client/utils/client-socket.d.ts CHANGED
@@ -1,11 +1,11 @@
1
- import type { InitResponse } from '#src/proto/api.ts';
2
- import type { IAttestorClient, IAttestorClientCreateOpts, RPCRequestData, RPCResponseData, RPCType } from '#src/types/index.ts';
3
- import { AttestorSocket } from '#src/utils/socket-base.ts';
1
+ import type { InitResponse } from '../../proto/api.ts';
2
+ import type { IAttestorClient, IAttestorClientCreateOpts, RPCRequestData, RPCResponseData, RPCType } from '../../types/index.ts';
3
+ import { AttestorSocket } from '../../utils/socket-base.ts';
4
4
  export declare class AttestorClient extends AttestorSocket implements IAttestorClient {
5
5
  private waitForInitPromise;
6
6
  initResponse?: InitResponse;
7
7
  constructor({ url, initMessages, signatureType, logger, authRequest, makeWebSocket }: IAttestorClientCreateOpts);
8
- rpc<T extends RPCType>(type: T, request: Partial<RPCRequestData<T>>, timeoutMs?: number): Promise<Exclude<import("#src/proto/api.ts").RPCMessage[`${T}Response`], undefined>>;
8
+ rpc<T extends RPCType>(type: T, request: Partial<RPCRequestData<T>>, timeoutMs?: number): Promise<Exclude<import("../../proto/api.ts").RPCMessage[`${T}Response`], undefined>>;
9
9
  waitForResponse<T extends RPCType>(id: number, timeoutMs?: number): Promise<RPCResponseData<T>>;
10
10
  waitForInit: () => Promise<void>;
11
11
  }
package/lib/client/utils/message-handler.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { RPCMessage } from '#src/proto/api.ts';
2
- import type { IAttestorSocket } from '#src/types/index.ts';
1
+ import type { RPCMessage } from '../../proto/api.ts';
2
+ import type { IAttestorSocket } from '../../types/index.ts';
3
3
  export declare function wsMessageHandler(this: IAttestorSocket, data: unknown): Promise<void>;
4
4
  export declare function handleMessage(this: IAttestorSocket, msg: RPCMessage): Promise<void> | undefined;
package/lib/config/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { InitRequest } from '#src/proto/api.ts';
1
+ import type { InitRequest } from '../proto/api.ts';
2
2
  export declare const DEFAULT_ZK_CONCURRENCY = 10;
3
3
  export declare const RECLAIM_USER_AGENT = "reclaim/0.0.1";
4
4
  export declare const DEFAULT_HTTPS_PORT = 443;
package/lib/external-rpc/handle-incoming-msg.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { ExternalRPCIncomingMsg } from '#src/external-rpc/types.ts';
1
+ import type { ExternalRPCIncomingMsg } from '../external-rpc/types.ts';
2
2
  export declare function handleIncomingMessage(data: string | ExternalRPCIncomingMsg): Promise<void>;
package/lib/external-rpc/index.js CHANGED
@@ -7369,10 +7369,11 @@ function getZkResourcesBaseUrl() {
7369
7369
 
7370
7370
  // src/utils/claims.ts
7371
7371
  import canonicalize from "canonicalize";
7372
- import { keccak256 } from "ethers";
7372
+ import { keccak256 as keccak2562 } from "ethers";
7373
7373
 
7374
7374
  // src/utils/signatures/eth.ts
7375
- import { computeAddress, getBytes as getBytes2, hexlify, SigningKey, verifyMessage, Wallet as Wallet2 } from "ethers";
7375
+ import { computeAddress, getBytes as getBytes2, hexlify, keccak256, recoverAddress, SigningKey, toUtf8Bytes, Wallet as Wallet2 } from "ethers";
7376
+ var EIP191_PREFIX = toUtf8Bytes("Ethereum Signed Message:\n");
7376
7377
  var ETH_SIGNATURE_PROVIDER = {
7377
7378
  getPublicKey(privateKey) {
7378
7379
  const pub = SigningKey.computePublicKey(privateKey, true);
@@ -7384,13 +7385,13 @@ var ETH_SIGNATURE_PROVIDER = {
7384
7385
  },
7385
7386
  async sign(data, privateKey) {
7386
7387
  const wallet = getEthWallet(privateKey);
7387
- const signature = await wallet.signMessage(data);
7388
- return getBytes2(signature);
7388
+ const sig = wallet.signingKey.sign(eip191Digest(data));
7389
+ return getBytes2(sig.serialized);
7389
7390
  },
7390
7391
  async verify(data, signature, addressBytes) {
7391
7392
  const address = typeof addressBytes === "string" ? addressBytes : hexlify(addressBytes);
7392
7393
  const signatureHex = typeof signature === "string" ? signature : hexlify(signature);
7393
- const signerAddress = verifyMessage(data, signatureHex);
7394
+ const signerAddress = recoverAddress(eip191Digest(data), signatureHex);
7394
7395
  return signerAddress.toLowerCase() === address.toLowerCase();
7395
7396
  }
7396
7397
  };
@@ -7400,6 +7401,17 @@ function getEthWallet(privateKey) {
7400
7401
  }
7401
7402
  return new Wallet2(privateKey);
7402
7403
  }
7404
+ function eip191Digest(data) {
7405
+ const bytes = typeof data === "string" ? toUtf8Bytes(data) : data;
7406
+ const lenBytes = toUtf8Bytes(String(bytes.length));
7407
+ const merged = new Uint8Array(
7408
+ EIP191_PREFIX.length + lenBytes.length + bytes.length
7409
+ );
7410
+ merged.set(EIP191_PREFIX, 0);
7411
+ merged.set(lenBytes, EIP191_PREFIX.length);
7412
+ merged.set(bytes, EIP191_PREFIX.length + lenBytes.length);
7413
+ return keccak256(merged);
7414
+ }
7403
7415
 
7404
7416
  // src/utils/signatures/index.ts
7405
7417
  var SIGNATURES = {
@@ -7421,7 +7433,7 @@ function getIdentifierFromClaimInfo(info) {
7421
7433
  const str = `${info.provider}
7422
7434
  ${info.parameters}
7423
7435
  ${info.context || ""}`;
7424
- return keccak256(strToUint8Array(str)).toLowerCase();
7436
+ return keccak2562(strToUint8Array(str)).toLowerCase();
7425
7437
  }
7426
7438
  function canonicalStringify(params) {
7427
7439
  if (!params) {
@@ -8665,7 +8677,8 @@ function isValidProxySessionId(sessionId) {
8665
8677
 
8666
8678
  // src/providers/http/index.ts
8667
8679
  var OK_HTTP_HEADER = "HTTP/1.1 200";
8668
- var MAX_REDACTIONS_IN_PATH = 96;
8680
+ var MIN_INJECTION_STR = " HTTP/1.1\r\n\r\n";
8681
+ var MAX_REDACTIONS_IN_PATH = +(getEnvVariable("HTTP_MAX_REDACTIONS_IN_PATH") ?? MIN_INJECTION_STR.length - 1);
8669
8682
  var dateHeaderRegex = "[dD]ate: ((?:Mon|Tue|Wed|Thu|Fri|Sat|Sun), (?:[0-3][0-9]) (?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (?:[0-9]{4}) (?:[01][0-9]|2[0-3])(?::[0-5][0-9]){2} GMT)";
8670
8683
  var dateDiff = 1e3 * 60 * 10;
8671
8684
  var HTTP_PROVIDER = {
@@ -8849,7 +8862,11 @@ var HTTP_PROVIDER = {
8849
8862
  throw new Error(`Expected protocol: https, found: ${protocol}`);
8850
8863
  }
8851
8864
  const reqBuffer = extractRequestBufferFromTranscript(receipt);
8852
- if (clientVersion >= AttestorVersion.ATTESTOR_VERSION_3_1_0) {
8865
+ if (
8866
+ // 3.1.0 introduced a breaking change for request creation
8867
+ // to prevent smuggling attacks
8868
+ clientVersion >= AttestorVersion.ATTESTOR_VERSION_3_1_0 || getEnvVariable("ALLOW_OLDER_INSECURE_PROOFS") !== "1"
8869
+ ) {
8853
8870
  assertNoSmuggle(reqBuffer, params);
8854
8871
  }
8855
8872
  const req = getHttpRequestDataFromTranscript(reqBuffer);
package/lib/external-rpc/jsc-polyfills/1.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { ExternalRPCIncomingMsg, ExternalRPCOutgoingMsg } from '#src/external-rpc/types.ts';
1
+ import type { ExternalRPCIncomingMsg, ExternalRPCOutgoingMsg } from '../../external-rpc/types.ts';
2
2
  declare global {
3
3
  function readline(): string;
4
4
  function print(...args: any[]): void;
package/lib/external-rpc/jsc-polyfills/index.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import '#src/external-rpc/jsc-polyfills/1.ts';
2
- import '#src/external-rpc/jsc-polyfills/2.ts';
1
+ import '../../external-rpc/jsc-polyfills/1.ts';
2
+ import '../../external-rpc/jsc-polyfills/2.ts';
package/lib/external-rpc/setup-browser.d.ts CHANGED
@@ -3,4 +3,4 @@
3
3
  * from React Native or other windows
4
4
  */
5
5
  export declare function setupWindowRpc(baseUrl?: string, channel?: string): void;
6
- export * from '#src/index.ts';
6
+ export * from '../index.ts';
package/lib/external-rpc/setup-jsc.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import '#src/external-rpc/jsc-polyfills/index.ts';
2
- import * as AttestorRPCImport from '#src/external-rpc/index.ts';
1
+ import '../external-rpc/jsc-polyfills/index.ts';
2
+ import * as AttestorRPCImport from '../external-rpc/index.ts';
3
3
  declare global {
4
4
  /**
5
5
  * `sendMessage` function should be provided by the host of the JS environment for sending messages to host
package/lib/external-rpc/types.d.ts CHANGED
@@ -1,12 +1,12 @@
1
1
  import '#src/external-rpc/global.d.ts';
2
2
  import type { OPRFOperator, ZKEngine, ZKOperator } from '@reclaimprotocol/zk-symmetric-crypto';
3
- import type { TaskCompletedEvent } from '#src/avs/contracts/ReclaimServiceManager.ts';
4
- import type { CreateClaimOnAvsOpts, CreateClaimOnAvsStep } from '#src/avs/types/index.ts';
5
- import type { CreateClaimOnMechainStep } from '#src/mechain/types/index.ts';
6
- import type { AuthenticationRequest } from '#src/proto/api.ts';
7
- import type { extractHTMLElement, extractJSONValueIndex } from '#src/providers/http/utils.ts';
8
- import type { AttestorData, CompleteClaimData, CreateClaimOnAttestorOpts, LogLevel, ProofGenerationStep, ProviderName, ProviderParams, ProviderSecretParams } from '#src/types/index.ts';
9
- import type { HttpRequest, HttpResponse } from '#src/utils/index.ts';
3
+ import type { TaskCompletedEvent } from '../avs/contracts/ReclaimServiceManager.ts';
4
+ import type { CreateClaimOnAvsOpts, CreateClaimOnAvsStep } from '../avs/types/index.ts';
5
+ import type { CreateClaimOnMechainStep } from '../mechain/types/index.ts';
6
+ import type { AuthenticationRequest } from '../proto/api.ts';
7
+ import type { extractHTMLElement, extractJSONValueIndex } from '../providers/http/utils.ts';
8
+ import type { AttestorData, CompleteClaimData, CreateClaimOnAttestorOpts, LogLevel, ProofGenerationStep, ProviderName, ProviderParams, ProviderSecretParams } from '../types/index.ts';
9
+ import type { HttpRequest, HttpResponse } from '../utils/index.ts';
10
10
  type IdentifiedMessage = {
11
11
  id: string;
12
12
  };
package/lib/external-rpc/utils.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import { EventBus } from '#src/external-rpc/event-bus.ts';
2
- import type { ExternalRPCAppClient, ExternalRPCIncomingMsg, ExternalRPCOutgoingMsg, ExternalRPCRequest, ExternalRPCResponse } from '#src/external-rpc/types.ts';
1
+ import { EventBus } from '../external-rpc/event-bus.ts';
2
+ import type { ExternalRPCAppClient, ExternalRPCIncomingMsg, ExternalRPCOutgoingMsg, ExternalRPCRequest, ExternalRPCResponse } from '../external-rpc/types.ts';
3
3
  export declare const RPC_MSG_BRIDGE: EventBus<ExternalRPCIncomingMsg>;
4
4
  export declare function getCurrentMemoryUsage(): Promise<{
5
5
  available: boolean;
package/lib/index.js CHANGED
@@ -5630,10 +5630,11 @@ function getZkResourcesBaseUrl() {
5630
5630
 
5631
5631
  // src/utils/claims.ts
5632
5632
  import canonicalize from "canonicalize";
5633
- import { keccak256 } from "ethers";
5633
+ import { keccak256 as keccak2562 } from "ethers";
5634
5634
 
5635
5635
  // src/utils/signatures/eth.ts
5636
- import { computeAddress, getBytes, hexlify, SigningKey, verifyMessage, Wallet } from "ethers";
5636
+ import { computeAddress, getBytes, hexlify, keccak256, recoverAddress, SigningKey, toUtf8Bytes, Wallet } from "ethers";
5637
+ var EIP191_PREFIX = toUtf8Bytes("Ethereum Signed Message:\n");
5637
5638
  var ETH_SIGNATURE_PROVIDER = {
5638
5639
  getPublicKey(privateKey) {
5639
5640
  const pub = SigningKey.computePublicKey(privateKey, true);
@@ -5645,13 +5646,13 @@ var ETH_SIGNATURE_PROVIDER = {
5645
5646
  },
5646
5647
  async sign(data, privateKey) {
5647
5648
  const wallet = getEthWallet(privateKey);
5648
- const signature = await wallet.signMessage(data);
5649
- return getBytes(signature);
5649
+ const sig = wallet.signingKey.sign(eip191Digest(data));
5650
+ return getBytes(sig.serialized);
5650
5651
  },
5651
5652
  async verify(data, signature, addressBytes) {
5652
5653
  const address = typeof addressBytes === "string" ? addressBytes : hexlify(addressBytes);
5653
5654
  const signatureHex = typeof signature === "string" ? signature : hexlify(signature);
5654
- const signerAddress = verifyMessage(data, signatureHex);
5655
+ const signerAddress = recoverAddress(eip191Digest(data), signatureHex);
5655
5656
  return signerAddress.toLowerCase() === address.toLowerCase();
5656
5657
  }
5657
5658
  };
@@ -5661,6 +5662,17 @@ function getEthWallet(privateKey) {
5661
5662
  }
5662
5663
  return new Wallet(privateKey);
5663
5664
  }
5665
+ function eip191Digest(data) {
5666
+ const bytes = typeof data === "string" ? toUtf8Bytes(data) : data;
5667
+ const lenBytes = toUtf8Bytes(String(bytes.length));
5668
+ const merged = new Uint8Array(
5669
+ EIP191_PREFIX.length + lenBytes.length + bytes.length
5670
+ );
5671
+ merged.set(EIP191_PREFIX, 0);
5672
+ merged.set(lenBytes, EIP191_PREFIX.length);
5673
+ merged.set(bytes, EIP191_PREFIX.length + lenBytes.length);
5674
+ return keccak256(merged);
5675
+ }
5664
5676
 
5665
5677
  // src/utils/signatures/index.ts
5666
5678
  var SIGNATURES = {
@@ -5726,7 +5738,7 @@ function getIdentifierFromClaimInfo(info) {
5726
5738
  const str = `${info.provider}
5727
5739
  ${info.parameters}
5728
5740
  ${info.context || ""}`;
5729
- return keccak256(strToUint8Array(str)).toLowerCase();
5741
+ return keccak2562(strToUint8Array(str)).toLowerCase();
5730
5742
  }
5731
5743
  function canonicalStringify(params) {
5732
5744
  if (!params) {
@@ -5753,7 +5765,7 @@ function hashProviderParams(params) {
5753
5765
  })) ?? []
5754
5766
  };
5755
5767
  const serializedParams = canonicalStringify(filteredParams);
5756
- return keccak256(
5768
+ return keccak2562(
5757
5769
  strToUint8Array(serializedParams)
5758
5770
  ).toLowerCase();
5759
5771
  }
@@ -6945,7 +6957,8 @@ function isValidProxySessionId(sessionId) {
6945
6957
 
6946
6958
  // src/providers/http/index.ts
6947
6959
  var OK_HTTP_HEADER = "HTTP/1.1 200";
6948
- var MAX_REDACTIONS_IN_PATH = 96;
6960
+ var MIN_INJECTION_STR = " HTTP/1.1\r\n\r\n";
6961
+ var MAX_REDACTIONS_IN_PATH = +(getEnvVariable("HTTP_MAX_REDACTIONS_IN_PATH") ?? MIN_INJECTION_STR.length - 1);
6949
6962
  var dateHeaderRegex = "[dD]ate: ((?:Mon|Tue|Wed|Thu|Fri|Sat|Sun), (?:[0-3][0-9]) (?:Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) (?:[0-9]{4}) (?:[01][0-9]|2[0-3])(?::[0-5][0-9]){2} GMT)";
6950
6963
  var dateDiff = 1e3 * 60 * 10;
6951
6964
  var HTTP_PROVIDER = {
@@ -7129,7 +7142,11 @@ var HTTP_PROVIDER = {
7129
7142
  throw new Error(`Expected protocol: https, found: ${protocol}`);
7130
7143
  }
7131
7144
  const reqBuffer = extractRequestBufferFromTranscript(receipt);
7132
- if (clientVersion >= AttestorVersion.ATTESTOR_VERSION_3_1_0) {
7145
+ if (
7146
+ // 3.1.0 introduced a breaking change for request creation
7147
+ // to prevent smuggling attacks
7148
+ clientVersion >= AttestorVersion.ATTESTOR_VERSION_3_1_0 || getEnvVariable("ALLOW_OLDER_INSECURE_PROOFS") !== "1"
7149
+ ) {
7133
7150
  assertNoSmuggle(reqBuffer, params);
7134
7151
  }
7135
7152
  const req = getHttpRequestDataFromTranscript(reqBuffer);
package/lib/mechain/client/create-claim-on-mechain.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import type { CreateClaimOnMechainOpts } from '#src/mechain/types/index.ts';
2
- import type { ClaimTunnelResponse } from '#src/proto/api.ts';
3
- import type { ProviderName } from '#src/types/index.ts';
1
+ import type { CreateClaimOnMechainOpts } from '../../mechain/types/index.ts';
2
+ import type { ClaimTunnelResponse } from '../../proto/api.ts';
3
+ import type { ProviderName } from '../../types/index.ts';
4
4
  /**
5
5
  * Creates a Reclaim claim on the AVS chain.
6
6
  */
package/lib/mechain/types/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { createClaimOnAttestor } from '#src/client/index.ts';
2
- import type { CreateClaimOnAttestorOpts, ProviderName } from '#src/types/index.ts';
1
+ import type { createClaimOnAttestor } from '../../client/index.ts';
2
+ import type { CreateClaimOnAttestorOpts, ProviderName } from '../../types/index.ts';
3
3
  export type CreateClaimOnMechainStep = {
4
4
  type: 'taskRequested';
5
5
  timestamp: number;
package/lib/providers/http/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { Provider, ProviderParams, ProviderSecretParams } from '#src/types/index.ts';
1
+ import type { Provider, ProviderParams, ProviderSecretParams } from '../../types/index.ts';
2
2
  type HTTPProviderParams = ProviderParams<'http'>;
3
3
  declare const HTTP_PROVIDER: Provider<'http'>;
4
4
  export declare function substituteParamValues(currentParams: HTTPProviderParams, secretParams?: ProviderSecretParams<'http'>, ignoreMissingParams?: boolean): {
package/lib/providers/http/utils.d.ts CHANGED
@@ -1,7 +1,7 @@
1
- import '#src/providers/http/patch-parse5-tree.ts';
1
+ import '../../providers/http/patch-parse5-tree.ts';
2
2
  import RE2 from 're2';
3
- import type { ArraySlice, CompleteTLSPacket, ProviderParams, Transcript } from '#src/types/index.ts';
4
- import type { HttpRequest, HttpResponse } from '#src/utils/index.ts';
3
+ import type { ArraySlice, CompleteTLSPacket, ProviderParams, Transcript } from '../../types/index.ts';
4
+ import type { HttpRequest, HttpResponse } from '../../utils/index.ts';
5
5
  export type JSONIndex = {
6
6
  start: number;
7
7
  end: number;
package/lib/providers/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { Provider, ProviderName } from '#src/types/index.ts';
1
+ import type { Provider, ProviderName } from '../types/index.ts';
2
2
  export declare const providers: {
3
3
  [T in ProviderName]: Provider<T>;
4
4
  };
package/lib/scripts/generate-receipt.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import '#src/server/utils/config-env.ts';
2
- import type { ProviderName, ProviderParams, ProviderSecretParams } from '#src/index.ts';
1
+ import '../server/utils/config-env.ts';
2
+ import type { ProviderName, ProviderParams, ProviderSecretParams } from '../index.ts';
3
3
  type ProviderReceiptGenerationParams<P extends ProviderName> = {
4
4
  name: P;
5
5
  params: ProviderParams<P>;
package/lib/scripts/jsc-cli-rpc.d.ts CHANGED
@@ -1 +1 @@
1
- import '#src/external-rpc/jsc-polyfills/index.ts';
1
+ import '../external-rpc/jsc-polyfills/index.ts';
package/lib/scripts/start-server.d.ts CHANGED
@@ -1 +1 @@
1
- import '#src/server/utils/config-env.ts';
1
+ import '../server/utils/config-env.ts';
package/lib/server/handlers/claimTeeBundle.d.ts CHANGED
@@ -2,5 +2,5 @@
2
2
  * TEE Bundle Claim Handler
3
3
  * Handles ClaimTeeBundleRequest by verifying TEE attestations and reconstructing TLS transcript
4
4
  */
5
- import type { RPCHandler } from '#src/types/index.ts';
5
+ import type { RPCHandler } from '../../types/index.ts';
6
6
  export declare const claimTeeBundle: RPCHandler<'claimTeeBundle'>;
package/lib/server/handlers/claimTunnel.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const claimTunnel: RPCHandler<'claimTunnel'>;
package/lib/server/handlers/completeClaimOnChain.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const completeClaimOnChain: RPCHandler<'completeClaimOnChain'>;
package/lib/server/handlers/createClaimOnChain.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const createClaimOnChain: RPCHandler<'createClaimOnChain'>;
package/lib/server/handlers/createTaskOnMechain.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const createTaskOnMechain: RPCHandler<'createTaskOnMechain'>;
package/lib/server/handlers/createTunnel.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const createTunnel: RPCHandler<'createTunnel'>;
package/lib/server/handlers/disconnectTunnel.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const disconnectTunnel: RPCHandler<'disconnectTunnel'>;
package/lib/server/handlers/fetchCertificateBytes.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/handlers.ts';
1
+ import type { RPCHandler } from '../../types/handlers.ts';
2
2
  export declare const fetchCertificateBytes: RPCHandler<'fetchCertificateBytes'>;
package/lib/server/handlers/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { RPCHandler, RPCType } from '#src/types/index.ts';
1
+ import type { RPCHandler, RPCType } from '../../types/index.ts';
2
2
  export declare const HANDLERS: {
3
3
  [T in RPCType]: RPCHandler<T>;
4
4
  };
package/lib/server/handlers/init.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const init: RPCHandler<'init'>;
package/lib/server/handlers/toprf.d.ts CHANGED
@@ -1,2 +1,2 @@
1
- import type { RPCHandler } from '#src/types/index.ts';
1
+ import type { RPCHandler } from '../../types/index.ts';
2
2
  export declare const toprf: RPCHandler<'toprf'>;
package/lib/server/socket.d.ts CHANGED
@@ -1,13 +1,13 @@
1
1
  import type { WebSocket as WS } from 'ws';
2
- import type { TunnelMessage } from '#src/proto/api.ts';
3
- import type { AcceptNewConnectionOpts, BGPListener, IAttestorServerSocket } from '#src/types/index.ts';
4
- import { AttestorSocket } from '#src/utils/socket-base.ts';
2
+ import type { TunnelMessage } from '../proto/api.ts';
3
+ import type { AcceptNewConnectionOpts, BGPListener, IAttestorServerSocket } from '../types/index.ts';
4
+ import { AttestorSocket } from '../utils/socket-base.ts';
5
5
  export declare class AttestorServerSocket extends AttestorSocket implements IAttestorServerSocket {
6
6
  tunnels: IAttestorServerSocket['tunnels'];
7
7
  readonly sessionId: number;
8
8
  readonly bgpListener: BGPListener | undefined;
9
9
  private constructor();
10
- getTunnel(tunnelId: number): import("#src/types/index.ts").Tunnel<import("#src/types/index.ts").TCPSocketProperties>;
10
+ getTunnel(tunnelId: number): import("../types/index.ts").Tunnel<import("../types/index.ts").TCPSocketProperties>;
11
11
  removeTunnel(tunnelId: TunnelMessage['tunnelId']): void;
12
12
  static acceptConnection(socket: WS, { req, logger, bgpListener }: AcceptNewConnectionOpts): Promise<AttestorServerSocket | undefined>;
13
13
  }
package/lib/server/tunnels/make-tcp-tunnel.d.ts CHANGED
@@ -1,6 +1,6 @@
1
- import type { CreateTunnelRequest } from '#src/proto/api.ts';
2
- import type { Logger } from '#src/types/index.ts';
3
- import type { MakeTunnelFn, TCPSocketProperties } from '#src/types/index.ts';
1
+ import type { CreateTunnelRequest } from '../../proto/api.ts';
2
+ import type { Logger } from '../../types/index.ts';
3
+ import type { MakeTunnelFn, TCPSocketProperties } from '../../types/index.ts';
4
4
  type ExtraOpts = Omit<CreateTunnelRequest, 'id' | 'initialMessage'> & {
5
5
  logger: Logger;
6
6
  };
package/lib/server/utils/assert-valid-claim-request.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  import type { ZKEngine } from '@reclaimprotocol/zk-symmetric-crypto';
2
- import type { InitRequest, ProviderClaimInfo } from '#src/proto/api.ts';
3
- import { ClaimTunnelRequest } from '#src/proto/api.ts';
4
- import type { IDecryptedTranscript, Logger, OPRFRawReplacement, ProviderCtx, TCPSocketProperties, Transcript } from '#src/types/index.ts';
2
+ import type { InitRequest, ProviderClaimInfo } from '../../proto/api.ts';
3
+ import { ClaimTunnelRequest } from '../../proto/api.ts';
4
+ import type { IDecryptedTranscript, Logger, OPRFRawReplacement, ProviderCtx, TCPSocketProperties, Transcript } from '../../types/index.ts';
5
5
  /**
6
6
  * Asserts that the claim request is valid.
7
7
  *
@@ -15,7 +15,7 @@ import type { IDecryptedTranscript, Logger, OPRFRawReplacement, ProviderCtx, TCP
15
15
  *
16
16
  * If any of these steps fail, we throw an error.
17
17
  */
18
- export declare function assertValidClaimRequest(request: ClaimTunnelRequest, metadata: InitRequest, logger: Logger): Promise<import("#src/proto/api.ts").ClaimRequestData>;
18
+ export declare function assertValidClaimRequest(request: ClaimTunnelRequest, metadata: InitRequest, logger: Logger): Promise<import("../../proto/api.ts").ClaimRequestData>;
19
19
  /**
20
20
  * Verify that the transcript contains a valid claim
21
21
  * for the provider.
package/lib/server/utils/gcp-attestation.d.ts CHANGED
@@ -2,7 +2,7 @@
2
2
  * GCP attestation validation utilities
3
3
  * Validates JWT tokens from Google Confidential Computing
4
4
  */
5
- import type { Logger } from '#src/types/general.ts';
5
+ import type { Logger } from '../../types/general.ts';
6
6
  export interface GcpValidationResult {
7
7
  isValid: boolean;
8
8
  errors: string[];
package/lib/server/utils/generics.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import type { IncomingMessage } from 'http';
2
- import type { ServiceSignatureType } from '#src/proto/api.ts';
2
+ import type { ServiceSignatureType } from '../../proto/api.ts';
3
3
  /**
4
4
  * Sign message using the PRIVATE_KEY env var.
5
5
  */
@@ -19,5 +19,11 @@ export declare function niceParseJsonObject(data: string, key: string): any;
19
19
  * Extract any initial messages sent via the query string,
20
20
  * in the `messages` parameter.
21
21
  */
22
- export declare function getInitialMessagesFromQuery(req: IncomingMessage): import("#src/proto/api.ts").RPCMessage[];
22
+ export declare function getInitialMessagesFromQuery(req: IncomingMessage): import("../../proto/api.ts").RPCMessage[];
23
23
  export declare function getPublicAddresses(host: string): Promise<string[]>;
24
+ /**
25
+ * Match a host against a whitelist pattern. Patterns may be an exact
26
+ * hostname or a leading-wildcard form like `*.example.com`, which matches
27
+ * the apex and any subdomain depth. Comparison is case-insensitive.
28
+ */
29
+ export declare function matchesHostPattern(pattern: string, host: string): boolean;
package/lib/server/utils/oprf-raw.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { MessageReveal_OPRFRawMarker as OPRFRawMarker } from '#src/proto/api.ts';
2
- import type { Logger } from '#src/types/index.ts';
1
+ import type { MessageReveal_OPRFRawMarker as OPRFRawMarker } from '../../proto/api.ts';
2
+ import type { Logger } from '../../types/index.ts';
3
3
  export type OPRFRawResult = {
4
4
  /** Location of the data that was OPRF'd */
5
5
  dataLocation: {
package/lib/server/utils/process-handshake.d.ts CHANGED
@@ -1,5 +1,5 @@
1
- import type { ClaimTunnelRequest } from '#src/proto/api.ts';
2
- import type { Logger } from '#src/types/index.ts';
1
+ import type { ClaimTunnelRequest } from '../../proto/api.ts';
2
+ import type { Logger } from '../../types/index.ts';
3
3
  /**
4
4
  * Verifies server cert chain and removes handshake messages from transcript
5
5
  * @param receipt