npm - @terminal3/t3n-sdk - Versions diffs - 0.7.0 → 0.10.0 - Mend

@terminal3/t3n-sdk 0.7.0 → 0.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/dist/src/wasm/quote-verifier-loader.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * TDX quote verifier backed by the Rust `signature` crate compiled to
+ * WASM. Full cryptographic verification: ECDSA P-256 attestation-key
+ * signature, PCK certificate chain walk to Intel's root CA, and
+ * report_data + RTMR comparison.
+ *
+ * The WASM bytes are inlined as base64 (see quote_verifier_bytes.ts)
+ * so the SDK works without bundler WASM plugins and without runtime
+ * asset URL resolution.
+ */
+export interface QuoteVerifyResult {
+    valid: boolean;
+    error?: string;
+    rtmr3?: string;
+    report_data?: string;
+}
+export interface PeerQuoteResult {
+    peer_id: string;
+    valid: boolean;
+    error?: string;
+    rtmr3?: string;
+}
+export interface DkgVerifyResult {
+    valid: boolean;
+    results: PeerQuoteResult[];
+    valid_count: number;
+    expected_count: number;
+    error?: string;
+}
+/**
+ * Verify a single TDX attestation quote with full cryptographic verification.
+ *
+ * @param quoteB64 - Base64-encoded raw TDX v4 quote
+ * @param attestationMsgB64 - Base64-encoded attestation message
+ *   (for DKG: encaps_key || sorted_peer_id_bytes)
+ * @param expectedRtmr3B64 - Optional base64-encoded 48-byte RTMR3
+ * @returns Verification result with extracted measurements
+ */
+export declare function verifyTdxQuote(quoteB64: string, attestationMsgB64: string, expectedRtmr3B64?: string): Promise<QuoteVerifyResult>;
+/**
+ * Verify a full DKG attestation bundle: multiple TDX quotes from all
+ * participating nodes, plus the binding between the quotes and the
+ * ML-KEM encapsulation key. Checks:
+ *   1. attestationMsg starts with encapsKey (server can't swap the key)
+ *   2. Every quote's ECDSA signature chains to Intel's SGX root CA
+ *   3. Every quote's report_data == keccak512(attestationMsg)
+ *   4. Optional RTMR3 pinning per quote
+ *
+ * @param encapsKeyB64 - Base64-encoded ML-KEM encapsulation key
+ *   (from `/status.encaps_key`)
+ * @param attestationMsgB64 - Base64-encoded raw attestation message
+ *   (from `/status.dkg_attestation.attestation_msg`)
+ * @param peerIds - Sorted array of base58 peer IDs
+ * @param quotes - Map of peer_id → base64-encoded TDX quote
+ * @param expectedRtmr3B64 - Optional base64-encoded 48-byte RTMR3
+ * @returns Per-peer verification results and overall validity
+ */
+export declare function verifyDkgAttestation(encapsKeyB64: string, attestationMsgB64: string, peerIds: string[], quotes: Record<string, string>, expectedRtmr3B64?: string): Promise<DkgVerifyResult>;

package/dist/wasm/generated/interfaces/host-session-interfaces-contract-dispatch.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface host:session-interfaces/contract-dispatch@1.0.0 /
2	+ export function executeAction(contract: string, version: string, functionName: string, did: string, payload: Uint8Array): Uint8Array;

package/dist/wasm/generated/interfaces/host-session-interfaces-entropy.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface host:session-interfaces/entropy@1.0.0 /
2	+ export function random(len: number): Uint8Array;

package/dist/wasm/generated/interfaces/host-session-interfaces-eth-signer.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface host:session-interfaces/eth-signer@1.0.0 /
2	+ export function ethSign(message: Uint8Array): Uint8Array;

package/dist/wasm/generated/interfaces/host-session-interfaces-kem.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+/** @module Interface host:session-interfaces/kem@1.0.0 **/
+export function mlKemPublicKey(): Uint8Array;
+export function decapsulate(ciphertext: Uint8Array): Uint8Array;

package/dist/wasm/generated/interfaces/host-session-interfaces-oidc-client.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface host:session-interfaces/oidc-client@1.0.0 /
2	+ export function getIdToken(provider: string, nonce: string): string;

package/dist/wasm/generated/interfaces/host-session-interfaces-oidc.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+/** @module Interface host:session-interfaces/oidc@1.0.0 **/
+export function fetchJwks(jwksUri: string): Uint8Array;
+export function fetchClientId(providerName: string): string;

package/dist/wasm/generated/interfaces/host-session-interfaces-session-ops.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/** @module Interface host:session-interfaces/session-ops@1.0.0 **/
+export function nowMs(): bigint;
+export function teeAddress(): Uint8Array;
+export function fetchOrCreateDid(authenticatorHashes: Array<Uint8Array>, did: string | undefined): string;
+export function fetchProviderConfig(providerId: string): Uint8Array;
+export function setCookie(cookieValue: string): void;
+export function registerScript(name: string, version: string, wasmBytes: Uint8Array, sourceHash: string | undefined): boolean;
+export function syncUserAuths(): Uint8Array;
+export function updateMeasurements(measurementsBase64: string): boolean;

package/dist/wasm/generated/interfaces/host-session-interfaces-transport.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface host:session-interfaces/transport@1.0.0 /
2	+ export function postRpc(method: string, sessionId: string, params: string): string;

package/dist/wasm/generated/interfaces/tee-session-client-auth.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/** @module Interface tee:session/client-auth@1.0.0 **/
+export function runEth(sessionKeys: Uint8Array, ethAddress: string, siweDomain: string | undefined, siweUrl: string | undefined, siweChainId: bigint | undefined): Outcome;
+export function runOidc(sessionKeys: Uint8Array, provider: string): Outcome;
+export interface Outcome {
+  did: string,
+  cookie?: string,
+}

package/dist/wasm/generated/interfaces/tee-session-client-handshake.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/** @module Interface tee:session/client-handshake@1.0.0 **/
+export function run(sid: Uint8Array, cookie: string | undefined): Outcome;
+export interface SessionKeys {
+  blob: Uint8Array,
+  sid: Uint8Array,
+}
+export interface Outcome {
+  keys: SessionKeys,
+  authenticated: boolean,
+  did?: string,
+  expirySec: bigint,
+}

package/dist/wasm/generated/interfaces/tee-session-cookie.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/** @module Interface tee:session/cookie@1.0.0 **/
+export function validate(value: string, teeAddress: Uint8Array, nowSec: bigint): Validation;
+export interface Validation {
+  authenticated: boolean,
+  did?: string,
+  exp: bigint,
+}

package/dist/wasm/generated/interfaces/tee-session-server-admin.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ / @module Interface tee:session/server-admin@1.0.0 /
2	+ export function run(headers: Array<[string, string]>, body: Uint8Array): Uint8Array;

package/dist/wasm/generated/interfaces/tee-session-server-auth.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/** @module Interface tee:session/server-auth@1.0.0 **/
+export function run(persistedStateBytes: Uint8Array | undefined, initialActionJson: Uint8Array, siwePolicyJson: Uint8Array): Outcome;
+export interface Outcome {
+  responseJson: Uint8Array,
+  stateBytes?: Uint8Array,
+  cookie?: string,
+  did?: string,
+  authenticatorsJson?: Uint8Array,
+  finalized: boolean,
+}

package/dist/wasm/generated/interfaces/tee-session-server-handshake.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/** @module Interface tee:session/server-handshake@1.0.0 **/
+export function run(sid: Uint8Array, ciphertext: Uint8Array, cookieValue: string | undefined): Outcome;
+export interface SessionKeys {
+  c2s: Uint8Array,
+  s2c: Uint8Array,
+  sid: Uint8Array,
+}
+export interface Outcome {
+  keys: SessionKeys,
+  rawSecret: Uint8Array,
+  authenticated: boolean,
+  did?: string,
+  expirySec: bigint,
+  refreshedCookie?: string,
+}

package/dist/wasm/generated/interfaces/tee-session-server-webhook.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/** @module Interface tee:session/server-webhook@1.0.0 **/
+export function run(providerId: string, headers: Array<[string, string]>, body: Uint8Array): Outcome;
+export interface Outcome {
+  replyJson: Uint8Array,
+  finalStateBytes: Uint8Array,
+}

package/dist/wasm/generated/interfaces/tee-session-session-crypto.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+/** @module Interface tee:session/session-crypto@1.0.0 **/
+export function encrypt(keys: Uint8Array, plaintext: Uint8Array): Uint8Array;
+export function decrypt(keys: Uint8Array, ciphertext: Uint8Array): Uint8Array;

package/dist/wasm/generated/session.core.wasm CHANGED Viewed

Binary file

package/dist/wasm/generated/session.core2.wasm ADDED Viewed

Binary file

package/dist/wasm/generated/session.core3.wasm ADDED Viewed

Binary file

package/dist/wasm/generated/session.d.ts CHANGED Viewed

@@ -1,13 +1,88 @@
 // world root:component/root
-export type * as WasiCliEnvironment029 from './interfaces/wasi-cli-environment.js'; // import wasi:cli/environment@0.2.9
-export type * as WasiCliExit029 from './interfaces/wasi-cli-exit.js'; // import wasi:cli/exit@0.2.9
-export type * as WasiCliStderr029 from './interfaces/wasi-cli-stderr.js'; // import wasi:cli/stderr@0.2.9
-export type * as WasiIoError029 from './interfaces/wasi-io-error.js'; // import wasi:io/error@0.2.9
-export type * as WasiIoStreams029 from './interfaces/wasi-io-streams.js'; // import wasi:io/streams@0.2.9
-export type * as WasiRandomRandom029 from './interfaces/wasi-random-random.js'; // import wasi:random/random@0.2.9
-export * as clientAuth from './interfaces/component-session-client-auth.js'; // export component:session/client-auth@0.1.0
-export * as serverAuth from './interfaces/component-session-server-auth.js'; // export component:session/server-auth@0.1.0
-export * as clientHandshake from './interfaces/component-session-client-handshake.js'; // export component:session/client-handshake@0.1.0
-export * as serverHandshake from './interfaces/component-session-server-handshake.js'; // export component:session/server-handshake@0.1.0
-export * as session from './interfaces/component-session-session.js'; // export component:session/session@0.1.0
-export * as cookie from './interfaces/component-session-cookie.js'; // export component:session/cookie@0.1.0
+import type * as HostSessionInterfacesContractDispatch from './interfaces/host-session-interfaces-contract-dispatch.js'; // host:session-interfaces/contract-dispatch@1.0.0
+import type * as HostSessionInterfacesEntropy from './interfaces/host-session-interfaces-entropy.js'; // host:session-interfaces/entropy@1.0.0
+import type * as HostSessionInterfacesEthSigner from './interfaces/host-session-interfaces-eth-signer.js'; // host:session-interfaces/eth-signer@1.0.0
+import type * as HostSessionInterfacesKem from './interfaces/host-session-interfaces-kem.js'; // host:session-interfaces/kem@1.0.0
+import type * as HostSessionInterfacesOidcClient from './interfaces/host-session-interfaces-oidc-client.js'; // host:session-interfaces/oidc-client@1.0.0
+import type * as HostSessionInterfacesOidc from './interfaces/host-session-interfaces-oidc.js'; // host:session-interfaces/oidc@1.0.0
+import type * as HostSessionInterfacesSessionOps from './interfaces/host-session-interfaces-session-ops.js'; // host:session-interfaces/session-ops@1.0.0
+import type * as HostSessionInterfacesTransport from './interfaces/host-session-interfaces-transport.js'; // host:session-interfaces/transport@1.0.0
+import type * as WasiCliEnvironment from './interfaces/wasi-cli-environment.js'; // wasi:cli/environment@0.2.9
+import type * as WasiCliExit from './interfaces/wasi-cli-exit.js'; // wasi:cli/exit@0.2.9
+import type * as WasiCliStderr from './interfaces/wasi-cli-stderr.js'; // wasi:cli/stderr@0.2.9
+import type * as WasiIoError from './interfaces/wasi-io-error.js'; // wasi:io/error@0.2.9
+import type * as WasiIoStreams from './interfaces/wasi-io-streams.js'; // wasi:io/streams@0.2.9
+import type * as WasiRandomRandom from './interfaces/wasi-random-random.js'; // wasi:random/random@0.2.9
+import type * as TeeSessionClientHandshake from './interfaces/tee-session-client-handshake.js'; // tee:session/client-handshake@1.0.0
+import type * as TeeSessionClientAuth from './interfaces/tee-session-client-auth.js'; // tee:session/client-auth@1.0.0
+import type * as TeeSessionServerHandshake from './interfaces/tee-session-server-handshake.js'; // tee:session/server-handshake@1.0.0
+import type * as TeeSessionServerAuth from './interfaces/tee-session-server-auth.js'; // tee:session/server-auth@1.0.0
+import type * as TeeSessionServerAdmin from './interfaces/tee-session-server-admin.js'; // tee:session/server-admin@1.0.0
+import type * as TeeSessionServerWebhook from './interfaces/tee-session-server-webhook.js'; // tee:session/server-webhook@1.0.0
+import type * as TeeSessionSessionCrypto from './interfaces/tee-session-session-crypto.js'; // tee:session/session-crypto@1.0.0
+import type * as TeeSessionCookie from './interfaces/tee-session-cookie.js'; // tee:session/cookie@1.0.0
+export interface ImportObject {
+  'host:session-interfaces/contract-dispatch@1.0.0': typeof HostSessionInterfacesContractDispatch,
+  'host:session-interfaces/entropy@1.0.0': typeof HostSessionInterfacesEntropy,
+  'host:session-interfaces/eth-signer@1.0.0': typeof HostSessionInterfacesEthSigner,
+  'host:session-interfaces/kem@1.0.0': typeof HostSessionInterfacesKem,
+  'host:session-interfaces/oidc-client@1.0.0': typeof HostSessionInterfacesOidcClient,
+  'host:session-interfaces/oidc@1.0.0': typeof HostSessionInterfacesOidc,
+  'host:session-interfaces/session-ops@1.0.0': typeof HostSessionInterfacesSessionOps,
+  'host:session-interfaces/transport@1.0.0': typeof HostSessionInterfacesTransport,
+  'wasi:cli/environment@0.2.9': typeof WasiCliEnvironment,
+  'wasi:cli/exit@0.2.9': typeof WasiCliExit,
+  'wasi:cli/stderr@0.2.9': typeof WasiCliStderr,
+  'wasi:io/error@0.2.9': typeof WasiIoError,
+  'wasi:io/streams@0.2.9': typeof WasiIoStreams,
+  'wasi:random/random@0.2.9': typeof WasiRandomRandom,
+}
+export interface Root {
+  'tee:session/client-handshake@1.0.0': typeof TeeSessionClientHandshake,
+  clientHandshake: typeof TeeSessionClientHandshake,
+  'tee:session/client-auth@1.0.0': typeof TeeSessionClientAuth,
+  clientAuth: typeof TeeSessionClientAuth,
+  'tee:session/server-handshake@1.0.0': typeof TeeSessionServerHandshake,
+  serverHandshake: typeof TeeSessionServerHandshake,
+  'tee:session/server-auth@1.0.0': typeof TeeSessionServerAuth,
+  serverAuth: typeof TeeSessionServerAuth,
+  'tee:session/server-admin@1.0.0': typeof TeeSessionServerAdmin,
+  serverAdmin: typeof TeeSessionServerAdmin,
+  'tee:session/server-webhook@1.0.0': typeof TeeSessionServerWebhook,
+  serverWebhook: typeof TeeSessionServerWebhook,
+  'tee:session/session-crypto@1.0.0': typeof TeeSessionSessionCrypto,
+  sessionCrypto: typeof TeeSessionSessionCrypto,
+  'tee:session/cookie@1.0.0': typeof TeeSessionCookie,
+  cookie: typeof TeeSessionCookie,
+}
+/**
+* Instantiates this component with the provided imports and
+* returns a map of all the exports of the component.
+*
+* This function is intended to be similar to the
+* `WebAssembly.instantiate` function. The second `imports`
+* argument is the "import object" for wasm, except here it
+* uses component-model-layer types instead of core wasm
+* integers/numbers/etc.
+*
+* The first argument to this function, `getCoreModule`, is
+* used to compile core wasm modules within the component.
+* Components are composed of core wasm modules and this callback
+* will be invoked per core wasm module. The caller of this
+* function is responsible for reading the core wasm module
+* identified by `path` and returning its compiled
+* `WebAssembly.Module` object. This would use `compileStreaming`
+* on the web, for example.
+*/
+export function instantiate(
+getCoreModule: (path: string) => WebAssembly.Module,
+imports: ImportObject,
+instantiateCore?: (module: WebAssembly.Module, imports: Record<string, any>) => WebAssembly.Instance
+): Root;
+export function instantiate(
+getCoreModule: (path: string) => WebAssembly.Module | Promise<WebAssembly.Module>,
+imports: ImportObject,
+instantiateCore?: (module: WebAssembly.Module, imports: Record<string, any>) => WebAssembly.Instance | Promise<WebAssembly.Instance>
+): Root | Promise<Root>;