@zeke-02/tinfoil 0.0.11 → 0.11.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai-sdk-provider.browser.d.ts +12 -0
- package/dist/ai-sdk-provider.browser.d.ts.map +1 -0
- package/dist/{esm/ai-sdk-provider.mjs → ai-sdk-provider.browser.js} +9 -5
- package/dist/ai-sdk-provider.browser.js.map +1 -0
- package/dist/ai-sdk-provider.d.ts +6 -1
- package/dist/ai-sdk-provider.d.ts.map +1 -0
- package/dist/ai-sdk-provider.js +12 -11
- package/dist/ai-sdk-provider.js.map +1 -0
- package/dist/config.d.ts +2 -1
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +3 -5
- package/dist/config.js.map +1 -0
- package/dist/encrypted-body-fetch.d.ts +8 -2
- package/dist/encrypted-body-fetch.d.ts.map +1 -0
- package/dist/encrypted-body-fetch.js +27 -26
- package/dist/encrypted-body-fetch.js.map +1 -0
- package/dist/env.d.ts +1 -0
- package/dist/env.d.ts.map +1 -0
- package/dist/env.js +2 -4
- package/dist/env.js.map +1 -0
- package/dist/index.browser.d.ts +8 -7
- package/dist/index.browser.d.ts.map +1 -0
- package/dist/index.browser.js +8 -28
- package/dist/index.browser.js.map +1 -0
- package/dist/index.d.ts +9 -8
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +10 -47
- package/dist/index.js.map +1 -0
- package/dist/pinned-tls-fetch.d.ts +1 -0
- package/dist/pinned-tls-fetch.d.ts.map +1 -0
- package/dist/pinned-tls-fetch.js +13 -17
- package/dist/pinned-tls-fetch.js.map +1 -0
- package/dist/router.d.ts +1 -0
- package/dist/router.d.ts.map +1 -0
- package/dist/router.js +6 -7
- package/dist/router.js.map +1 -0
- package/dist/{esm/secure-client.d.ts → secure-client.browser.d.ts} +2 -1
- package/dist/secure-client.browser.d.ts.map +1 -0
- package/dist/{esm/secure-client.mjs → secure-client.browser.js} +46 -56
- package/dist/secure-client.browser.js.map +1 -0
- package/dist/secure-client.d.ts +2 -1
- package/dist/secure-client.d.ts.map +1 -0
- package/dist/secure-client.js +51 -65
- package/dist/secure-client.js.map +1 -0
- package/dist/secure-fetch.browser.d.ts +1 -0
- package/dist/secure-fetch.browser.d.ts.map +1 -0
- package/dist/secure-fetch.browser.js +4 -6
- package/dist/secure-fetch.browser.js.map +1 -0
- package/dist/secure-fetch.d.ts +1 -0
- package/dist/secure-fetch.d.ts.map +1 -0
- package/dist/secure-fetch.js +16 -8
- package/dist/secure-fetch.js.map +1 -0
- package/dist/{tinfoilai.d.ts → tinfoil-ai.browser.d.ts} +5 -2
- package/dist/tinfoil-ai.browser.d.ts.map +1 -0
- package/dist/{tinfoilai.js → tinfoil-ai.browser.js} +50 -39
- package/dist/tinfoil-ai.browser.js.map +1 -0
- package/dist/{esm/tinfoilai.d.ts → tinfoil-ai.d.ts} +5 -2
- package/dist/tinfoil-ai.d.ts.map +1 -0
- package/dist/{esm/tinfoilai.mjs → tinfoil-ai.js} +29 -11
- package/dist/tinfoil-ai.js.map +1 -0
- package/dist/unverified-client.d.ts +1 -2
- package/dist/unverified-client.d.ts.map +1 -0
- package/dist/unverified-client.js +10 -13
- package/dist/unverified-client.js.map +1 -0
- package/dist/verifier.d.ts +2 -141
- package/dist/verifier.d.ts.map +1 -0
- package/dist/verifier.js +2 -570
- package/dist/verifier.js.map +1 -0
- package/package.json +48 -41
- package/LICENSE +0 -661
- package/README.md +0 -183
- package/dist/__tests__/test-utils.d.ts +0 -1
- package/dist/__tests__/test-utils.js +0 -44
- package/dist/esm/__tests__/test-utils.d.ts +0 -1
- package/dist/esm/__tests__/test-utils.mjs +0 -38
- package/dist/esm/ai-sdk-provider.d.ts +0 -7
- package/dist/esm/config.d.ts +0 -13
- package/dist/esm/config.mjs +0 -13
- package/dist/esm/encrypted-body-fetch.d.ts +0 -13
- package/dist/esm/encrypted-body-fetch.mjs +0 -105
- package/dist/esm/env.d.ts +0 -5
- package/dist/esm/env.mjs +0 -17
- package/dist/esm/fetch-adapter.d.ts +0 -21
- package/dist/esm/fetch-adapter.mjs +0 -23
- package/dist/esm/index.browser.d.ts +0 -7
- package/dist/esm/index.browser.mjs +0 -8
- package/dist/esm/index.d.ts +0 -9
- package/dist/esm/index.mjs +0 -13
- package/dist/esm/pinned-tls-fetch.d.ts +0 -1
- package/dist/esm/pinned-tls-fetch.mjs +0 -110
- package/dist/esm/router.d.ts +0 -11
- package/dist/esm/router.mjs +0 -33
- package/dist/esm/secure-fetch.browser.d.ts +0 -1
- package/dist/esm/secure-fetch.browser.mjs +0 -10
- package/dist/esm/secure-fetch.d.ts +0 -1
- package/dist/esm/secure-fetch.mjs +0 -12
- package/dist/esm/unverified-client.d.ts +0 -18
- package/dist/esm/unverified-client.mjs +0 -61
- package/dist/esm/verifier.d.ts +0 -141
- package/dist/esm/verifier.mjs +0 -532
- package/dist/esm/wasm-exec.js +0 -668
- package/dist/esm/wasm-exec.mjs +0 -668
- package/dist/fetch-adapter.d.ts +0 -21
- package/dist/fetch-adapter.js +0 -27
- package/dist/wasm-exec.js +0 -668
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { VerificationDocument } from "./verifier";
|
|
1
|
+
import type { VerificationDocument } from "./verifier.js";
|
|
2
2
|
interface SecureClientOptions {
|
|
3
3
|
baseURL?: string;
|
|
4
4
|
enclaveURL?: string;
|
|
@@ -19,3 +19,4 @@ export declare class SecureClient {
|
|
|
19
19
|
get fetch(): typeof fetch;
|
|
20
20
|
}
|
|
21
21
|
export {};
|
|
22
|
+
//# sourceMappingURL=secure-client.browser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-client.browser.d.ts","sourceRoot":"","sources":["../src/secure-client.browser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAK1D,UAAU,mBAAmB;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,oBAAoB,CAAqC;IACjE,OAAO,CAAC,MAAM,CAA6B;IAE3C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAS;gBAEzB,OAAO,GAAE,mBAAwB;IAMhC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAOrB,gBAAgB;IA6EjB,uBAAuB,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAa9D,UAAU,IAAI,MAAM,GAAG,SAAS;IAIvC,IAAI,KAAK,IAAI,OAAO,KAAK,CAwCxB;CACF"}
|
|
@@ -1,12 +1,15 @@
|
|
|
1
|
-
import { Verifier } from "./verifier.
|
|
2
|
-
import { TINFOIL_CONFIG } from "./config.
|
|
3
|
-
import { createSecureFetch } from "./secure-fetch.
|
|
4
|
-
import { fetchRouter } from "./router.
|
|
1
|
+
import { Verifier } from "./verifier.js";
|
|
2
|
+
import { TINFOIL_CONFIG } from "./config.js";
|
|
3
|
+
import { createSecureFetch } from "./secure-fetch.browser.js";
|
|
4
|
+
import { fetchRouter } from "./router.js";
|
|
5
5
|
export class SecureClient {
|
|
6
|
+
initPromise = null;
|
|
7
|
+
verificationDocument = null;
|
|
8
|
+
_fetch = null;
|
|
9
|
+
baseURL;
|
|
10
|
+
enclaveURL;
|
|
11
|
+
configRepo;
|
|
6
12
|
constructor(options = {}) {
|
|
7
|
-
this.initPromise = null;
|
|
8
|
-
this.verificationDocument = null;
|
|
9
|
-
this._fetch = null;
|
|
10
13
|
this.baseURL = options.baseURL;
|
|
11
14
|
this.enclaveURL = options.enclaveURL;
|
|
12
15
|
this.configRepo = options.configRepo || TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
|
|
@@ -18,32 +21,19 @@ export class SecureClient {
|
|
|
18
21
|
return this.initPromise;
|
|
19
22
|
}
|
|
20
23
|
async initSecureClient() {
|
|
21
|
-
//
|
|
22
|
-
if (!this.
|
|
24
|
+
// Fetch router address if enclaveURL is not provided
|
|
25
|
+
if (!this.enclaveURL) {
|
|
23
26
|
const routerAddress = await fetchRouter();
|
|
24
27
|
this.enclaveURL = `https://${routerAddress}`;
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
if (!this.baseURL) {
|
|
29
|
-
if (this.enclaveURL) {
|
|
30
|
-
// If enclaveURL is provided but baseURL is not, derive baseURL from enclaveURL
|
|
31
|
-
const enclaveUrl = new URL(this.enclaveURL);
|
|
32
|
-
this.baseURL = `${enclaveUrl.origin}/v1/`;
|
|
33
|
-
}
|
|
34
|
-
else {
|
|
35
|
-
throw new Error("Unable to determine baseURL: neither baseURL nor enclaveURL provided");
|
|
28
|
+
// Only set baseURL from router if not already provided
|
|
29
|
+
if (!this.baseURL) {
|
|
30
|
+
this.baseURL = `https://${routerAddress}/v1/`;
|
|
36
31
|
}
|
|
37
32
|
}
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
this.enclaveURL = baseUrl.origin;
|
|
43
|
-
}
|
|
44
|
-
else {
|
|
45
|
-
throw new Error("Unable to determine enclaveURL: neither baseURL nor enclaveURL provided");
|
|
46
|
-
}
|
|
33
|
+
// If baseURL still not set, derive from enclaveURL
|
|
34
|
+
if (!this.baseURL) {
|
|
35
|
+
const enclaveUrl = new URL(this.enclaveURL);
|
|
36
|
+
this.baseURL = `${enclaveUrl.origin}/v1/`;
|
|
47
37
|
}
|
|
48
38
|
const verifier = new Verifier({
|
|
49
39
|
serverURL: this.enclaveURL,
|
|
@@ -63,8 +53,8 @@ export class SecureClient {
|
|
|
63
53
|
}
|
|
64
54
|
catch (transportError) {
|
|
65
55
|
this.verificationDocument.steps.createTransport = {
|
|
66
|
-
status:
|
|
67
|
-
error: transportError.message
|
|
56
|
+
status: 'failed',
|
|
57
|
+
error: transportError.message
|
|
68
58
|
};
|
|
69
59
|
this.verificationDocument.securityVerified = false;
|
|
70
60
|
throw transportError;
|
|
@@ -79,25 +69,25 @@ export class SecureClient {
|
|
|
79
69
|
this.verificationDocument = {
|
|
80
70
|
configRepo: this.configRepo,
|
|
81
71
|
enclaveHost: new URL(this.enclaveURL).hostname,
|
|
82
|
-
releaseDigest:
|
|
83
|
-
codeMeasurement: { type:
|
|
84
|
-
enclaveMeasurement: { measurement: { type:
|
|
85
|
-
tlsPublicKey:
|
|
86
|
-
hpkePublicKey:
|
|
72
|
+
releaseDigest: '',
|
|
73
|
+
codeMeasurement: { type: '', registers: [] },
|
|
74
|
+
enclaveMeasurement: { measurement: { type: '', registers: [] } },
|
|
75
|
+
tlsPublicKey: '',
|
|
76
|
+
hpkePublicKey: '',
|
|
87
77
|
hardwareMeasurement: undefined,
|
|
88
|
-
codeFingerprint:
|
|
89
|
-
enclaveFingerprint:
|
|
78
|
+
codeFingerprint: '',
|
|
79
|
+
enclaveFingerprint: '',
|
|
90
80
|
selectedRouterEndpoint: new URL(this.enclaveURL).hostname,
|
|
91
81
|
securityVerified: false,
|
|
92
82
|
steps: {
|
|
93
|
-
fetchDigest: { status:
|
|
94
|
-
verifyCode: { status:
|
|
95
|
-
verifyEnclave: { status:
|
|
96
|
-
compareMeasurements: { status:
|
|
83
|
+
fetchDigest: { status: 'pending' },
|
|
84
|
+
verifyCode: { status: 'pending' },
|
|
85
|
+
verifyEnclave: { status: 'pending' },
|
|
86
|
+
compareMeasurements: { status: 'pending' },
|
|
97
87
|
createTransport: undefined,
|
|
98
88
|
verifyHPKEKey: undefined,
|
|
99
|
-
otherError: { status:
|
|
100
|
-
}
|
|
89
|
+
otherError: { status: 'failed', error: error.message },
|
|
90
|
+
}
|
|
101
91
|
};
|
|
102
92
|
}
|
|
103
93
|
throw error;
|
|
@@ -125,32 +115,31 @@ export class SecureClient {
|
|
|
125
115
|
catch (error) {
|
|
126
116
|
if (this.verificationDocument) {
|
|
127
117
|
const errorMessage = error.message;
|
|
128
|
-
if (errorMessage.includes(
|
|
118
|
+
if (errorMessage.includes('HPKE public key mismatch')) {
|
|
129
119
|
this.verificationDocument.steps.verifyHPKEKey = {
|
|
130
|
-
status:
|
|
131
|
-
error: errorMessage
|
|
120
|
+
status: 'failed',
|
|
121
|
+
error: errorMessage
|
|
132
122
|
};
|
|
133
123
|
this.verificationDocument.securityVerified = false;
|
|
134
124
|
}
|
|
135
|
-
else if (errorMessage.includes(
|
|
136
|
-
errorMessage.includes("Request initialization failed")) {
|
|
125
|
+
else if (errorMessage.includes('Transport initialization failed') || errorMessage.includes('Request initialization failed')) {
|
|
137
126
|
this.verificationDocument.steps.createTransport = {
|
|
138
|
-
status:
|
|
139
|
-
error: errorMessage
|
|
127
|
+
status: 'failed',
|
|
128
|
+
error: errorMessage
|
|
140
129
|
};
|
|
141
130
|
this.verificationDocument.securityVerified = false;
|
|
142
131
|
}
|
|
143
|
-
else if (errorMessage.includes(
|
|
132
|
+
else if (errorMessage.includes('Failed to get HPKE key')) {
|
|
144
133
|
this.verificationDocument.steps.verifyHPKEKey = {
|
|
145
|
-
status:
|
|
146
|
-
error: errorMessage
|
|
134
|
+
status: 'failed',
|
|
135
|
+
error: errorMessage
|
|
147
136
|
};
|
|
148
137
|
this.verificationDocument.securityVerified = false;
|
|
149
138
|
}
|
|
150
139
|
else {
|
|
151
140
|
this.verificationDocument.steps.otherError = {
|
|
152
|
-
status:
|
|
153
|
-
error: errorMessage
|
|
141
|
+
status: 'failed',
|
|
142
|
+
error: errorMessage
|
|
154
143
|
};
|
|
155
144
|
this.verificationDocument.securityVerified = false;
|
|
156
145
|
}
|
|
@@ -160,3 +149,4 @@ export class SecureClient {
|
|
|
160
149
|
};
|
|
161
150
|
}
|
|
162
151
|
}
|
|
152
|
+
//# sourceMappingURL=secure-client.browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-client.browser.js","sourceRoot":"","sources":["../src/secure-client.browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQ1C,MAAM,OAAO,YAAY;IACf,WAAW,GAAyB,IAAI,CAAC;IACzC,oBAAoB,GAAgC,IAAI,CAAC;IACzD,MAAM,GAAwB,IAAI,CAAC;IAEnC,OAAO,CAAU;IACjB,UAAU,CAAU;IACX,UAAU,CAAU;IAErC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC,oBAAoB,CAAC;IAC9E,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,qDAAqD;QACrD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,aAAa,GAAG,MAAM,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,WAAW,aAAa,EAAE,CAAC;YAE7C,uDAAuD;YACvD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,CAAC,OAAO,GAAG,WAAW,aAAa,MAAM,CAAC;YAChD,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAI,CAAC,OAAO,GAAG,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC;QAC5C,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;YACvF,CAAC;YACD,IAAI,CAAC,oBAAoB,GAAG,GAAG,CAAC;YAEhC,8CAA8C;YAC9C,MAAM,EAAE,aAAa,EAAE,uBAAuB,EAAE,GAAG,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,CAAC;YAEhG,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,uBAAuB,CAAC,CAAC;YACzG,CAAC;YAAC,OAAO,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,eAAe,GAAG;oBAChD,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAG,cAAwB,CAAC,OAAO;iBACzC,CAAC;gBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;gBACnD,MAAM,cAAc,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAC;YAC/C,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,oBAAoB,GAAG,GAAG,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,oBAAoB,GAAG;oBAC1B,UAAU,EAAE,IAAI,CAAC,UAAW;oBAC5B,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,UAAW,CAAC,CAAC,QAAQ;oBAC/C,aAAa,EAAE,EAAE;oBACjB,eAAe,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;oBAC5C,kBAAkB,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;oBAChE,YAAY,EAAE,EAAE;oBAChB,aAAa,EAAE,EAAE;oBACjB,mBAAmB,EAAE,SAAS;oBAC9B,eAAe,EAAE,EAAE;oBACnB,kBAAkB,EAAE,EAAE;oBACtB,sBAAsB,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,UAAW,CAAC,CAAC,QAAQ;oBAC1D,gBAAgB,EAAE,KAAK;oBACvB,KAAK,EAAE;wBACL,WAAW,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBAClC,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBACjC,aAAa,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBACpC,mBAAmB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBAC1C,eAAe,EAAE,SAAS;wBAC1B,aAAa,EAAE,SAAS;wBACxB,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE;qBAClE;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,uBAAuB;QAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QAED,MAAM,IAAI,CAAC,WAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAI,KAAK;QACP,OAAO,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAE,EAAE;YAC5D,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YAEnB,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,MAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;oBAC9B,MAAM,YAAY,GAAI,KAAe,CAAC,OAAO,CAAC;oBAE9C,IAAI,YAAY,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;wBACtD,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,aAAa,GAAG;4BAC9C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,iCAAiC,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,+BAA+B,CAAC,EAAE,CAAC;wBAC9H,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,eAAe,GAAG;4BAChD,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;wBAC3D,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,aAAa,GAAG;4BAC9C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,UAAU,GAAG;4BAC3C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;gBACH,CAAC;gBAED,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;CACF"}
|
package/dist/secure-client.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { VerificationDocument } from "./verifier";
|
|
1
|
+
import type { VerificationDocument } from "./verifier.js";
|
|
2
2
|
interface SecureClientOptions {
|
|
3
3
|
baseURL?: string;
|
|
4
4
|
enclaveURL?: string;
|
|
@@ -19,3 +19,4 @@ export declare class SecureClient {
|
|
|
19
19
|
get fetch(): typeof fetch;
|
|
20
20
|
}
|
|
21
21
|
export {};
|
|
22
|
+
//# sourceMappingURL=secure-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-client.d.ts","sourceRoot":"","sources":["../src/secure-client.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AAK1D,UAAU,mBAAmB;IAC3B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,YAAY;IACvB,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,oBAAoB,CAAqC;IACjE,OAAO,CAAC,MAAM,CAA6B;IAE3C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAS;gBAEzB,OAAO,GAAE,mBAAwB;IAMhC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAOrB,gBAAgB;IA6EjB,uBAAuB,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAa9D,UAAU,IAAI,MAAM,GAAG,SAAS;IAIvC,IAAI,KAAK,IAAI,OAAO,KAAK,CAwCxB;CACF"}
|
package/dist/secure-client.js
CHANGED
|
@@ -1,18 +1,18 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
1
|
+
import { Verifier } from "./verifier.js";
|
|
2
|
+
import { TINFOIL_CONFIG } from "./config.js";
|
|
3
|
+
import { createSecureFetch } from "./secure-fetch.js";
|
|
4
|
+
import { fetchRouter } from "./router.js";
|
|
5
|
+
export class SecureClient {
|
|
6
|
+
initPromise = null;
|
|
7
|
+
verificationDocument = null;
|
|
8
|
+
_fetch = null;
|
|
9
|
+
baseURL;
|
|
10
|
+
enclaveURL;
|
|
11
|
+
configRepo;
|
|
9
12
|
constructor(options = {}) {
|
|
10
|
-
this.initPromise = null;
|
|
11
|
-
this.verificationDocument = null;
|
|
12
|
-
this._fetch = null;
|
|
13
13
|
this.baseURL = options.baseURL;
|
|
14
14
|
this.enclaveURL = options.enclaveURL;
|
|
15
|
-
this.configRepo = options.configRepo ||
|
|
15
|
+
this.configRepo = options.configRepo || TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
|
|
16
16
|
}
|
|
17
17
|
async ready() {
|
|
18
18
|
if (!this.initPromise) {
|
|
@@ -21,34 +21,21 @@ class SecureClient {
|
|
|
21
21
|
return this.initPromise;
|
|
22
22
|
}
|
|
23
23
|
async initSecureClient() {
|
|
24
|
-
//
|
|
25
|
-
if (!this.
|
|
26
|
-
const routerAddress = await
|
|
24
|
+
// Fetch router address if enclaveURL is not provided
|
|
25
|
+
if (!this.enclaveURL) {
|
|
26
|
+
const routerAddress = await fetchRouter();
|
|
27
27
|
this.enclaveURL = `https://${routerAddress}`;
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
if (!this.baseURL) {
|
|
32
|
-
if (this.enclaveURL) {
|
|
33
|
-
// If enclaveURL is provided but baseURL is not, derive baseURL from enclaveURL
|
|
34
|
-
const enclaveUrl = new URL(this.enclaveURL);
|
|
35
|
-
this.baseURL = `${enclaveUrl.origin}/v1/`;
|
|
36
|
-
}
|
|
37
|
-
else {
|
|
38
|
-
throw new Error("Unable to determine baseURL: neither baseURL nor enclaveURL provided");
|
|
28
|
+
// Only set baseURL from router if not already provided
|
|
29
|
+
if (!this.baseURL) {
|
|
30
|
+
this.baseURL = `https://${routerAddress}/v1/`;
|
|
39
31
|
}
|
|
40
32
|
}
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
this.enclaveURL = baseUrl.origin;
|
|
46
|
-
}
|
|
47
|
-
else {
|
|
48
|
-
throw new Error("Unable to determine enclaveURL: neither baseURL nor enclaveURL provided");
|
|
49
|
-
}
|
|
33
|
+
// If baseURL still not set, derive from enclaveURL
|
|
34
|
+
if (!this.baseURL) {
|
|
35
|
+
const enclaveUrl = new URL(this.enclaveURL);
|
|
36
|
+
this.baseURL = `${enclaveUrl.origin}/v1/`;
|
|
50
37
|
}
|
|
51
|
-
const verifier = new
|
|
38
|
+
const verifier = new Verifier({
|
|
52
39
|
serverURL: this.enclaveURL,
|
|
53
40
|
configRepo: this.configRepo,
|
|
54
41
|
});
|
|
@@ -62,12 +49,12 @@ class SecureClient {
|
|
|
62
49
|
// Extract keys from the verification document
|
|
63
50
|
const { hpkePublicKey, tlsPublicKeyFingerprint } = this.verificationDocument.enclaveMeasurement;
|
|
64
51
|
try {
|
|
65
|
-
this._fetch =
|
|
52
|
+
this._fetch = createSecureFetch(this.baseURL, this.enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint);
|
|
66
53
|
}
|
|
67
54
|
catch (transportError) {
|
|
68
55
|
this.verificationDocument.steps.createTransport = {
|
|
69
|
-
status:
|
|
70
|
-
error: transportError.message
|
|
56
|
+
status: 'failed',
|
|
57
|
+
error: transportError.message
|
|
71
58
|
};
|
|
72
59
|
this.verificationDocument.securityVerified = false;
|
|
73
60
|
throw transportError;
|
|
@@ -82,25 +69,25 @@ class SecureClient {
|
|
|
82
69
|
this.verificationDocument = {
|
|
83
70
|
configRepo: this.configRepo,
|
|
84
71
|
enclaveHost: new URL(this.enclaveURL).hostname,
|
|
85
|
-
releaseDigest:
|
|
86
|
-
codeMeasurement: { type:
|
|
87
|
-
enclaveMeasurement: { measurement: { type:
|
|
88
|
-
tlsPublicKey:
|
|
89
|
-
hpkePublicKey:
|
|
72
|
+
releaseDigest: '',
|
|
73
|
+
codeMeasurement: { type: '', registers: [] },
|
|
74
|
+
enclaveMeasurement: { measurement: { type: '', registers: [] } },
|
|
75
|
+
tlsPublicKey: '',
|
|
76
|
+
hpkePublicKey: '',
|
|
90
77
|
hardwareMeasurement: undefined,
|
|
91
|
-
codeFingerprint:
|
|
92
|
-
enclaveFingerprint:
|
|
78
|
+
codeFingerprint: '',
|
|
79
|
+
enclaveFingerprint: '',
|
|
93
80
|
selectedRouterEndpoint: new URL(this.enclaveURL).hostname,
|
|
94
81
|
securityVerified: false,
|
|
95
82
|
steps: {
|
|
96
|
-
fetchDigest: { status:
|
|
97
|
-
verifyCode: { status:
|
|
98
|
-
verifyEnclave: { status:
|
|
99
|
-
compareMeasurements: { status:
|
|
83
|
+
fetchDigest: { status: 'pending' },
|
|
84
|
+
verifyCode: { status: 'pending' },
|
|
85
|
+
verifyEnclave: { status: 'pending' },
|
|
86
|
+
compareMeasurements: { status: 'pending' },
|
|
100
87
|
createTransport: undefined,
|
|
101
88
|
verifyHPKEKey: undefined,
|
|
102
|
-
otherError: { status:
|
|
103
|
-
}
|
|
89
|
+
otherError: { status: 'failed', error: error.message },
|
|
90
|
+
}
|
|
104
91
|
};
|
|
105
92
|
}
|
|
106
93
|
throw error;
|
|
@@ -128,32 +115,31 @@ class SecureClient {
|
|
|
128
115
|
catch (error) {
|
|
129
116
|
if (this.verificationDocument) {
|
|
130
117
|
const errorMessage = error.message;
|
|
131
|
-
if (errorMessage.includes(
|
|
118
|
+
if (errorMessage.includes('HPKE public key mismatch')) {
|
|
132
119
|
this.verificationDocument.steps.verifyHPKEKey = {
|
|
133
|
-
status:
|
|
134
|
-
error: errorMessage
|
|
120
|
+
status: 'failed',
|
|
121
|
+
error: errorMessage
|
|
135
122
|
};
|
|
136
123
|
this.verificationDocument.securityVerified = false;
|
|
137
124
|
}
|
|
138
|
-
else if (errorMessage.includes(
|
|
139
|
-
errorMessage.includes("Request initialization failed")) {
|
|
125
|
+
else if (errorMessage.includes('Transport initialization failed') || errorMessage.includes('Request initialization failed')) {
|
|
140
126
|
this.verificationDocument.steps.createTransport = {
|
|
141
|
-
status:
|
|
142
|
-
error: errorMessage
|
|
127
|
+
status: 'failed',
|
|
128
|
+
error: errorMessage
|
|
143
129
|
};
|
|
144
130
|
this.verificationDocument.securityVerified = false;
|
|
145
131
|
}
|
|
146
|
-
else if (errorMessage.includes(
|
|
132
|
+
else if (errorMessage.includes('Failed to get HPKE key')) {
|
|
147
133
|
this.verificationDocument.steps.verifyHPKEKey = {
|
|
148
|
-
status:
|
|
149
|
-
error: errorMessage
|
|
134
|
+
status: 'failed',
|
|
135
|
+
error: errorMessage
|
|
150
136
|
};
|
|
151
137
|
this.verificationDocument.securityVerified = false;
|
|
152
138
|
}
|
|
153
139
|
else {
|
|
154
140
|
this.verificationDocument.steps.otherError = {
|
|
155
|
-
status:
|
|
156
|
-
error: errorMessage
|
|
141
|
+
status: 'failed',
|
|
142
|
+
error: errorMessage
|
|
157
143
|
};
|
|
158
144
|
this.verificationDocument.securityVerified = false;
|
|
159
145
|
}
|
|
@@ -163,4 +149,4 @@ class SecureClient {
|
|
|
163
149
|
};
|
|
164
150
|
}
|
|
165
151
|
}
|
|
166
|
-
|
|
152
|
+
//# sourceMappingURL=secure-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-client.js","sourceRoot":"","sources":["../src/secure-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEzC,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AACtD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAQ1C,MAAM,OAAO,YAAY;IACf,WAAW,GAAyB,IAAI,CAAC;IACzC,oBAAoB,GAAgC,IAAI,CAAC;IACzD,MAAM,GAAwB,IAAI,CAAC;IAEnC,OAAO,CAAU;IACjB,UAAU,CAAU;IACX,UAAU,CAAU;IAErC,YAAY,UAA+B,EAAE;QAC3C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC,oBAAoB,CAAC;IAC9E,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAC7C,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,gBAAgB;QAC5B,qDAAqD;QACrD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,aAAa,GAAG,MAAM,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,WAAW,aAAa,EAAE,CAAC;YAE7C,uDAAuD;YACvD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,IAAI,CAAC,OAAO,GAAG,WAAW,aAAa,MAAM,CAAC;YAChD,CAAC;QACH,CAAC;QAED,mDAAmD;QACnD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC5C,IAAI,CAAC,OAAO,GAAG,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC;QAC5C,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC;YAC5B,SAAS,EAAE,IAAI,CAAC,UAAU;YAC1B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC;YACxB,MAAM,GAAG,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,EAAE,CAAC;gBACT,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;YACvF,CAAC;YACD,IAAI,CAAC,oBAAoB,GAAG,GAAG,CAAC;YAEhC,8CAA8C;YAC9C,MAAM,EAAE,aAAa,EAAE,uBAAuB,EAAE,GAAG,IAAI,CAAC,oBAAoB,CAAC,kBAAkB,CAAC;YAEhG,IAAI,CAAC;gBACH,IAAI,CAAC,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,EAAE,aAAa,EAAE,uBAAuB,CAAC,CAAC;YACzG,CAAC;YAAC,OAAO,cAAc,EAAE,CAAC;gBACxB,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,eAAe,GAAG;oBAChD,MAAM,EAAE,QAAQ;oBAChB,KAAK,EAAG,cAAwB,CAAC,OAAO;iBACzC,CAAC;gBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;gBACnD,MAAM,cAAc,CAAC;YACvB,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,QAAQ,CAAC,uBAAuB,EAAE,CAAC;YAC/C,IAAI,GAAG,EAAE,CAAC;gBACR,IAAI,CAAC,oBAAoB,GAAG,GAAG,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,oBAAoB,GAAG;oBAC1B,UAAU,EAAE,IAAI,CAAC,UAAW;oBAC5B,WAAW,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,UAAW,CAAC,CAAC,QAAQ;oBAC/C,aAAa,EAAE,EAAE;oBACjB,eAAe,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;oBAC5C,kBAAkB,EAAE,EAAE,WAAW,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,EAAE;oBAChE,YAAY,EAAE,EAAE;oBAChB,aAAa,EAAE,EAAE;oBACjB,mBAAmB,EAAE,SAAS;oBAC9B,eAAe,EAAE,EAAE;oBACnB,kBAAkB,EAAE,EAAE;oBACtB,sBAAsB,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC,UAAW,CAAC,CAAC,QAAQ;oBAC1D,gBAAgB,EAAE,KAAK;oBACvB,KAAK,EAAE;wBACL,WAAW,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBAClC,UAAU,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBACjC,aAAa,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBACpC,mBAAmB,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE;wBAC1C,eAAe,EAAE,SAAS;wBAC1B,aAAa,EAAE,SAAS;wBACxB,UAAU,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAG,KAAe,CAAC,OAAO,EAAE;qBAClE;iBACF,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,uBAAuB;QAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QAED,MAAM,IAAI,CAAC,WAAY,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAEM,UAAU;QACf,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAI,KAAK;QACP,OAAO,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAE,EAAE;YAC5D,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YAEnB,IAAI,CAAC;gBACH,OAAO,MAAM,IAAI,CAAC,MAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YACzC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;oBAC9B,MAAM,YAAY,GAAI,KAAe,CAAC,OAAO,CAAC;oBAE9C,IAAI,YAAY,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;wBACtD,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,aAAa,GAAG;4BAC9C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,iCAAiC,CAAC,IAAI,YAAY,CAAC,QAAQ,CAAC,+BAA+B,CAAC,EAAE,CAAC;wBAC9H,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,eAAe,GAAG;4BAChD,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,IAAI,YAAY,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE,CAAC;wBAC3D,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,aAAa,GAAG;4BAC9C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,UAAU,GAAG;4BAC3C,MAAM,EAAE,QAAQ;4BAChB,KAAK,EAAE,YAAY;yBACpB,CAAC;wBACF,IAAI,CAAC,oBAAoB,CAAC,gBAAgB,GAAG,KAAK,CAAC;oBACrD,CAAC;gBACH,CAAC;gBAED,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;CACF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-fetch.browser.d.ts","sourceRoot":"","sources":["../src/secure-fetch.browser.ts"],"names":[],"mappings":"AAEA,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,uBAAuB,CAAC,EAAE,MAAM,GAAG,OAAO,KAAK,CAS9I"}
|
|
@@ -1,13 +1,11 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
exports.createSecureFetch = createSecureFetch;
|
|
4
|
-
const encrypted_body_fetch_1 = require("./encrypted-body-fetch");
|
|
5
|
-
function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
|
|
1
|
+
import { createEncryptedBodyFetch } from "./encrypted-body-fetch.js";
|
|
2
|
+
export function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
|
|
6
3
|
if (hpkePublicKey) {
|
|
7
|
-
return
|
|
4
|
+
return createEncryptedBodyFetch(baseURL, hpkePublicKey, enclaveURL);
|
|
8
5
|
}
|
|
9
6
|
else {
|
|
10
7
|
throw new Error("HPKE public key not available and TLS-only verification is not supported in browsers. " +
|
|
11
8
|
"Only HPKE-enabled enclaves can be used in browser environments.");
|
|
12
9
|
}
|
|
13
10
|
}
|
|
11
|
+
//# sourceMappingURL=secure-fetch.browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-fetch.browser.js","sourceRoot":"","sources":["../src/secure-fetch.browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AAErE,MAAM,UAAU,iBAAiB,CAAC,OAAe,EAAE,UAAmB,EAAE,aAAsB,EAAE,uBAAgC;IAC5H,IAAI,aAAa,EAAE,CAAC;QAChB,OAAO,wBAAwB,CAAC,OAAO,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IACxE,CAAC;SAAM,CAAC;QACJ,MAAM,IAAI,KAAK,CACX,wFAAwF;YACxF,iEAAiE,CACpE,CAAC;IACN,CAAC;AACL,CAAC"}
|
package/dist/secure-fetch.d.ts
CHANGED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-fetch.d.ts","sourceRoot":"","sources":["../src/secure-fetch.ts"],"names":[],"mappings":"AAIA,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,EAAE,uBAAuB,CAAC,EAAE,MAAM,GAAG,OAAO,KAAK,CAuB9I"}
|
package/dist/secure-fetch.js
CHANGED
|
@@ -1,15 +1,23 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
|
|
1
|
+
import { createEncryptedBodyFetch } from "./encrypted-body-fetch.js";
|
|
2
|
+
import { createPinnedTlsFetch } from "./pinned-tls-fetch.js";
|
|
3
|
+
import { isRealBrowser } from "./env.js";
|
|
4
|
+
export function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
|
|
6
5
|
let fetchFunction;
|
|
7
6
|
if (hpkePublicKey) {
|
|
8
|
-
fetchFunction =
|
|
7
|
+
fetchFunction = createEncryptedBodyFetch(baseURL, hpkePublicKey, enclaveURL);
|
|
9
8
|
}
|
|
10
9
|
else {
|
|
11
|
-
|
|
12
|
-
|
|
10
|
+
// HPKE not available: check if we're in a browser
|
|
11
|
+
if (isRealBrowser()) {
|
|
12
|
+
throw new Error("HPKE public key not available and TLS-only verification is not supported in browsers. " +
|
|
13
|
+
"Only HPKE-enabled enclaves can be used in browser environments.");
|
|
14
|
+
}
|
|
15
|
+
// Node.js environment: fall back to TLS-only verification using pinned TLS fetch
|
|
16
|
+
if (!tlsPublicKeyFingerprint) {
|
|
17
|
+
throw new Error("Neither HPKE public key nor TLS public key fingerprint available for verification");
|
|
18
|
+
}
|
|
19
|
+
fetchFunction = createPinnedTlsFetch(baseURL, tlsPublicKeyFingerprint);
|
|
13
20
|
}
|
|
14
21
|
return fetchFunction;
|
|
15
22
|
}
|
|
23
|
+
//# sourceMappingURL=secure-fetch.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secure-fetch.js","sourceRoot":"","sources":["../src/secure-fetch.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,UAAU,iBAAiB,CAAC,OAAe,EAAE,UAAmB,EAAE,aAAsB,EAAE,uBAAgC;IAChI,IAAI,aAA2B,CAAC;IAE5B,IAAI,aAAa,EAAE,CAAC;QAClB,aAAa,GAAG,wBAAwB,CAAC,OAAO,EAAE,aAAa,EAAE,UAAU,CAAC,CAAC;IAC/E,CAAC;SAAM,CAAC;QACN,kDAAkD;QAClD,IAAI,aAAa,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CACb,wFAAwF;gBACxF,iEAAiE,CAClE,CAAC;QACJ,CAAC;QAED,iFAAiF;QACjF,IAAI,CAAC,uBAAuB,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CACb,mFAAmF,CACpF,CAAC;QACJ,CAAC;QACD,aAAa,GAAG,oBAAoB,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC;IACzE,CAAC;IACD,OAAO,aAAa,CAAA;AACxB,CAAC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import OpenAI from "openai";
|
|
2
2
|
import type { Audio, Beta, Chat, Embeddings, Files, FineTuning, Images, Models, Moderations, Responses } from "openai/resources";
|
|
3
|
-
import type { VerificationDocument } from "./verifier";
|
|
3
|
+
import type { VerificationDocument } from "./verifier.js";
|
|
4
4
|
interface TinfoilAIOptions {
|
|
5
5
|
apiKey?: string;
|
|
6
|
+
bearerToken?: string;
|
|
6
7
|
baseURL?: string;
|
|
7
8
|
enclaveURL?: string;
|
|
8
9
|
configRepo?: string;
|
|
@@ -15,12 +16,13 @@ export declare class TinfoilAI {
|
|
|
15
16
|
private configRepo?;
|
|
16
17
|
private secureClient;
|
|
17
18
|
private verificationDocument?;
|
|
19
|
+
private useBearerToken;
|
|
18
20
|
apiKey?: string;
|
|
21
|
+
bearerToken?: string;
|
|
19
22
|
baseURL?: string;
|
|
20
23
|
enclaveURL?: string;
|
|
21
24
|
constructor(options?: TinfoilAIOptions);
|
|
22
25
|
ready(): Promise<void>;
|
|
23
|
-
private initClient;
|
|
24
26
|
private createOpenAIClient;
|
|
25
27
|
private ensureReady;
|
|
26
28
|
getVerificationDocument(): Promise<VerificationDocument>;
|
|
@@ -52,3 +54,4 @@ export declare namespace TinfoilAI {
|
|
|
52
54
|
export import VectorStores = OpenAI.VectorStores;
|
|
53
55
|
}
|
|
54
56
|
export {};
|
|
57
|
+
//# sourceMappingURL=tinfoil-ai.browser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tinfoil-ai.browser.d.ts","sourceRoot":"","sources":["../src/tinfoil-ai.browser.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,EACV,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,UAAU,EACV,KAAK,EACL,UAAU,EACV,MAAM,EACN,MAAM,EACN,WAAW,EACX,SAAS,EACV,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AA4B1D,UAAU,gBAAgB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,aAAa,CAAkB;IACvC,OAAO,CAAC,YAAY,CAAC,CAAgB;IACrC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,oBAAoB,CAAC,CAAuB;IACpD,OAAO,CAAC,cAAc,CAAU;IAEzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;gBAEf,OAAO,GAAE,gBAAqB;IAgC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YASrB,kBAAkB;YA8BlB,WAAW;IAKZ,uBAAuB,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAQrE,IAAI,IAAI,IAAI,IAAI,CAEf;IAED,IAAI,KAAK,IAAI,KAAK,CAEjB;IAED,IAAI,UAAU,IAAI,UAAU,CAI3B;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,KAAK,IAAI,KAAK,CAEjB;IAED,IAAI,SAAS,IAAI,SAAS,CAIzB;IAED,IAAI,UAAU,IAAI,UAAU,CAI3B;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,WAAW,IAAI,WAAW,CAI7B;IAED,IAAI,IAAI,IAAI,IAAI,CAEf;CACF;AAGD,yBAAiB,SAAS,CAAC;IACzB,MAAM,QAAQ,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACjC,MAAM,QAAQ,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACjC,MAAM,QAAQ,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACvC,MAAM,QAAQ,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAC/C,MAAM,QAAQ,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC7C,MAAM,QAAQ,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC7C,MAAM,QAAQ,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,MAAM,QAAQ,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,MAAM,QAAQ,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAC/C,MAAM,QAAQ,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC3C,MAAM,QAAQ,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACvC,MAAM,QAAQ,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;CAClD"}
|