@zeke-02/tinfoil 0.0.11 → 0.11.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/ai-sdk-provider.browser.d.ts +12 -0
- package/dist/ai-sdk-provider.browser.d.ts.map +1 -0
- package/dist/{esm/ai-sdk-provider.mjs → ai-sdk-provider.browser.js} +9 -5
- package/dist/ai-sdk-provider.browser.js.map +1 -0
- package/dist/ai-sdk-provider.d.ts +6 -1
- package/dist/ai-sdk-provider.d.ts.map +1 -0
- package/dist/ai-sdk-provider.js +12 -11
- package/dist/ai-sdk-provider.js.map +1 -0
- package/dist/config.d.ts +2 -1
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +3 -5
- package/dist/config.js.map +1 -0
- package/dist/encrypted-body-fetch.d.ts +8 -2
- package/dist/encrypted-body-fetch.d.ts.map +1 -0
- package/dist/encrypted-body-fetch.js +27 -26
- package/dist/encrypted-body-fetch.js.map +1 -0
- package/dist/env.d.ts +1 -0
- package/dist/env.d.ts.map +1 -0
- package/dist/env.js +2 -4
- package/dist/env.js.map +1 -0
- package/dist/index.browser.d.ts +8 -7
- package/dist/index.browser.d.ts.map +1 -0
- package/dist/index.browser.js +8 -28
- package/dist/index.browser.js.map +1 -0
- package/dist/index.d.ts +9 -8
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +10 -47
- package/dist/index.js.map +1 -0
- package/dist/pinned-tls-fetch.d.ts +1 -0
- package/dist/pinned-tls-fetch.d.ts.map +1 -0
- package/dist/pinned-tls-fetch.js +13 -17
- package/dist/pinned-tls-fetch.js.map +1 -0
- package/dist/router.d.ts +1 -0
- package/dist/router.d.ts.map +1 -0
- package/dist/router.js +6 -7
- package/dist/router.js.map +1 -0
- package/dist/{esm/secure-client.d.ts → secure-client.browser.d.ts} +2 -1
- package/dist/secure-client.browser.d.ts.map +1 -0
- package/dist/{esm/secure-client.mjs → secure-client.browser.js} +46 -56
- package/dist/secure-client.browser.js.map +1 -0
- package/dist/secure-client.d.ts +2 -1
- package/dist/secure-client.d.ts.map +1 -0
- package/dist/secure-client.js +51 -65
- package/dist/secure-client.js.map +1 -0
- package/dist/secure-fetch.browser.d.ts +1 -0
- package/dist/secure-fetch.browser.d.ts.map +1 -0
- package/dist/secure-fetch.browser.js +4 -6
- package/dist/secure-fetch.browser.js.map +1 -0
- package/dist/secure-fetch.d.ts +1 -0
- package/dist/secure-fetch.d.ts.map +1 -0
- package/dist/secure-fetch.js +16 -8
- package/dist/secure-fetch.js.map +1 -0
- package/dist/{tinfoilai.d.ts → tinfoil-ai.browser.d.ts} +5 -2
- package/dist/tinfoil-ai.browser.d.ts.map +1 -0
- package/dist/{tinfoilai.js → tinfoil-ai.browser.js} +50 -39
- package/dist/tinfoil-ai.browser.js.map +1 -0
- package/dist/{esm/tinfoilai.d.ts → tinfoil-ai.d.ts} +5 -2
- package/dist/tinfoil-ai.d.ts.map +1 -0
- package/dist/{esm/tinfoilai.mjs → tinfoil-ai.js} +29 -11
- package/dist/tinfoil-ai.js.map +1 -0
- package/dist/unverified-client.d.ts +1 -2
- package/dist/unverified-client.d.ts.map +1 -0
- package/dist/unverified-client.js +10 -13
- package/dist/unverified-client.js.map +1 -0
- package/dist/verifier.d.ts +2 -141
- package/dist/verifier.d.ts.map +1 -0
- package/dist/verifier.js +2 -570
- package/dist/verifier.js.map +1 -0
- package/package.json +48 -41
- package/LICENSE +0 -661
- package/README.md +0 -183
- package/dist/__tests__/test-utils.d.ts +0 -1
- package/dist/__tests__/test-utils.js +0 -44
- package/dist/esm/__tests__/test-utils.d.ts +0 -1
- package/dist/esm/__tests__/test-utils.mjs +0 -38
- package/dist/esm/ai-sdk-provider.d.ts +0 -7
- package/dist/esm/config.d.ts +0 -13
- package/dist/esm/config.mjs +0 -13
- package/dist/esm/encrypted-body-fetch.d.ts +0 -13
- package/dist/esm/encrypted-body-fetch.mjs +0 -105
- package/dist/esm/env.d.ts +0 -5
- package/dist/esm/env.mjs +0 -17
- package/dist/esm/fetch-adapter.d.ts +0 -21
- package/dist/esm/fetch-adapter.mjs +0 -23
- package/dist/esm/index.browser.d.ts +0 -7
- package/dist/esm/index.browser.mjs +0 -8
- package/dist/esm/index.d.ts +0 -9
- package/dist/esm/index.mjs +0 -13
- package/dist/esm/pinned-tls-fetch.d.ts +0 -1
- package/dist/esm/pinned-tls-fetch.mjs +0 -110
- package/dist/esm/router.d.ts +0 -11
- package/dist/esm/router.mjs +0 -33
- package/dist/esm/secure-fetch.browser.d.ts +0 -1
- package/dist/esm/secure-fetch.browser.mjs +0 -10
- package/dist/esm/secure-fetch.d.ts +0 -1
- package/dist/esm/secure-fetch.mjs +0 -12
- package/dist/esm/unverified-client.d.ts +0 -18
- package/dist/esm/unverified-client.mjs +0 -61
- package/dist/esm/verifier.d.ts +0 -141
- package/dist/esm/verifier.mjs +0 -532
- package/dist/esm/wasm-exec.js +0 -668
- package/dist/esm/wasm-exec.mjs +0 -668
- package/dist/fetch-adapter.d.ts +0 -21
- package/dist/fetch-adapter.js +0 -27
- package/dist/wasm-exec.js +0 -668
|
@@ -1,13 +1,7 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.TinfoilAI = void 0;
|
|
7
|
-
const openai_1 = __importDefault(require("openai"));
|
|
8
|
-
const secure_client_1 = require("./secure-client");
|
|
9
|
-
const config_1 = require("./config");
|
|
10
|
-
const env_1 = require("./env");
|
|
1
|
+
import OpenAI from "openai";
|
|
2
|
+
import { SecureClient } from "./secure-client.browser.js";
|
|
3
|
+
import { TINFOIL_CONFIG } from "./config.js";
|
|
4
|
+
import { isRealBrowser } from "./env.js";
|
|
11
5
|
function createAsyncProxy(promise) {
|
|
12
6
|
return new Proxy({}, {
|
|
13
7
|
get(target, prop) {
|
|
@@ -30,27 +24,45 @@ function createAsyncProxy(promise) {
|
|
|
30
24
|
},
|
|
31
25
|
});
|
|
32
26
|
}
|
|
33
|
-
class TinfoilAI {
|
|
27
|
+
export class TinfoilAI {
|
|
28
|
+
client;
|
|
29
|
+
clientPromise;
|
|
30
|
+
readyPromise;
|
|
31
|
+
configRepo;
|
|
32
|
+
secureClient;
|
|
33
|
+
verificationDocument;
|
|
34
|
+
useBearerToken;
|
|
35
|
+
apiKey;
|
|
36
|
+
bearerToken;
|
|
37
|
+
baseURL;
|
|
38
|
+
enclaveURL;
|
|
34
39
|
constructor(options = {}) {
|
|
35
40
|
const openAIOptions = { ...options };
|
|
41
|
+
// bearerToken is used for browser auth (e.g., JWT from your auth system)
|
|
42
|
+
// It automatically enables browser usage without dangerouslyAllowBrowser
|
|
43
|
+
this.useBearerToken = !!options.bearerToken;
|
|
36
44
|
// In browser builds, never read secrets from process.env to avoid
|
|
37
|
-
// leaking credentials into client bundles. Require explicit apiKey.
|
|
38
|
-
if (options.
|
|
45
|
+
// leaking credentials into client bundles. Require explicit apiKey or bearerToken.
|
|
46
|
+
if (options.bearerToken) {
|
|
47
|
+
openAIOptions.apiKey = options.bearerToken;
|
|
48
|
+
this.bearerToken = options.bearerToken;
|
|
49
|
+
}
|
|
50
|
+
else if (options.apiKey) {
|
|
39
51
|
openAIOptions.apiKey = options.apiKey;
|
|
40
52
|
}
|
|
41
|
-
else if (!
|
|
53
|
+
else if (!isRealBrowser() && process.env.TINFOIL_API_KEY) {
|
|
42
54
|
openAIOptions.apiKey = process.env.TINFOIL_API_KEY;
|
|
43
55
|
}
|
|
44
|
-
this.apiKey =
|
|
56
|
+
this.apiKey = options.apiKey;
|
|
45
57
|
this.baseURL = options.baseURL;
|
|
46
58
|
this.enclaveURL = options.enclaveURL;
|
|
47
|
-
this.configRepo = options.configRepo ||
|
|
48
|
-
this.secureClient = new
|
|
59
|
+
this.configRepo = options.configRepo || TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
|
|
60
|
+
this.secureClient = new SecureClient({
|
|
49
61
|
baseURL: this.baseURL,
|
|
50
62
|
enclaveURL: this.enclaveURL,
|
|
51
63
|
configRepo: this.configRepo,
|
|
52
64
|
});
|
|
53
|
-
this.clientPromise = this.
|
|
65
|
+
this.clientPromise = this.createOpenAIClient(openAIOptions);
|
|
54
66
|
}
|
|
55
67
|
async ready() {
|
|
56
68
|
if (!this.readyPromise) {
|
|
@@ -60,9 +72,6 @@ class TinfoilAI {
|
|
|
60
72
|
}
|
|
61
73
|
return this.readyPromise;
|
|
62
74
|
}
|
|
63
|
-
async initClient(options) {
|
|
64
|
-
return this.createOpenAIClient(options);
|
|
65
|
-
}
|
|
66
75
|
async createOpenAIClient(options = {}) {
|
|
67
76
|
await this.secureClient.ready();
|
|
68
77
|
this.verificationDocument = await this.secureClient.getVerificationDocument();
|
|
@@ -76,10 +85,12 @@ class TinfoilAI {
|
|
|
76
85
|
baseURL: baseURL,
|
|
77
86
|
fetch: this.secureClient.fetch,
|
|
78
87
|
};
|
|
79
|
-
|
|
88
|
+
// Automatically allow browser usage when bearerToken is used (e.g., JWT auth)
|
|
89
|
+
// or when explicitly requested via dangerouslyAllowBrowser
|
|
90
|
+
if (this.useBearerToken || options.dangerouslyAllowBrowser === true) {
|
|
80
91
|
clientOptions.dangerouslyAllowBrowser = true;
|
|
81
92
|
}
|
|
82
|
-
return new
|
|
93
|
+
return new OpenAI(clientOptions);
|
|
83
94
|
}
|
|
84
95
|
async ensureReady() {
|
|
85
96
|
await this.ready();
|
|
@@ -123,21 +134,21 @@ class TinfoilAI {
|
|
|
123
134
|
return createAsyncProxy(this.ensureReady().then((client) => client.beta));
|
|
124
135
|
}
|
|
125
136
|
}
|
|
126
|
-
exports.TinfoilAI = TinfoilAI;
|
|
127
137
|
// Namespace declaration merge to add OpenAI types to TinfoilAI
|
|
128
138
|
(function (TinfoilAI) {
|
|
129
|
-
TinfoilAI.Chat =
|
|
130
|
-
TinfoilAI.Audio =
|
|
131
|
-
TinfoilAI.Beta =
|
|
132
|
-
TinfoilAI.Batches =
|
|
133
|
-
TinfoilAI.Completions =
|
|
134
|
-
TinfoilAI.Embeddings =
|
|
135
|
-
TinfoilAI.Files =
|
|
136
|
-
TinfoilAI.FineTuning =
|
|
137
|
-
TinfoilAI.Images =
|
|
138
|
-
TinfoilAI.Models =
|
|
139
|
-
TinfoilAI.Moderations =
|
|
140
|
-
TinfoilAI.Responses =
|
|
141
|
-
TinfoilAI.Uploads =
|
|
142
|
-
TinfoilAI.VectorStores =
|
|
143
|
-
})(TinfoilAI || (
|
|
139
|
+
TinfoilAI.Chat = OpenAI.Chat;
|
|
140
|
+
TinfoilAI.Audio = OpenAI.Audio;
|
|
141
|
+
TinfoilAI.Beta = OpenAI.Beta;
|
|
142
|
+
TinfoilAI.Batches = OpenAI.Batches;
|
|
143
|
+
TinfoilAI.Completions = OpenAI.Completions;
|
|
144
|
+
TinfoilAI.Embeddings = OpenAI.Embeddings;
|
|
145
|
+
TinfoilAI.Files = OpenAI.Files;
|
|
146
|
+
TinfoilAI.FineTuning = OpenAI.FineTuning;
|
|
147
|
+
TinfoilAI.Images = OpenAI.Images;
|
|
148
|
+
TinfoilAI.Models = OpenAI.Models;
|
|
149
|
+
TinfoilAI.Moderations = OpenAI.Moderations;
|
|
150
|
+
TinfoilAI.Responses = OpenAI.Responses;
|
|
151
|
+
TinfoilAI.Uploads = OpenAI.Uploads;
|
|
152
|
+
TinfoilAI.VectorStores = OpenAI.VectorStores;
|
|
153
|
+
})(TinfoilAI || (TinfoilAI = {}));
|
|
154
|
+
//# sourceMappingURL=tinfoil-ai.browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tinfoil-ai.browser.js","sourceRoot":"","sources":["../src/tinfoil-ai.browser.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAa5B,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAE1D,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,SAAS,gBAAgB,CAAmB,OAAmB;IAC7D,OAAO,IAAI,KAAK,CAAC,EAAO,EAAE;QACxB,GAAG,CAAC,MAAM,EAAE,IAAI;YACd,OAAO,IAAI,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,EAAE;gBACzB,GAAG,CAAC,CAAC,EAAE,UAAU;oBACf,OAAO,CAAC,GAAG,IAAW,EAAE,EAAE,CACxB,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;wBACnB,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC;wBAC7C,OAAO,OAAO,KAAK,KAAK,UAAU;4BAChC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAE,GAAW,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC;4BACvC,CAAC,CAAC,KAAK,CAAC;oBACZ,CAAC,CAAC,CAAC;gBACP,CAAC;gBACD,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI;oBACf,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;wBAC1B,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;wBACjC,OAAO,OAAO,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBACtE,CAAC,CAAC,CAAC;gBACL,CAAC;aACF,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAWD,MAAM,OAAO,SAAS;IACZ,MAAM,CAAU;IAChB,aAAa,CAAkB;IAC/B,YAAY,CAAiB;IAC7B,UAAU,CAAU;IACpB,YAAY,CAAe;IAC3B,oBAAoB,CAAwB;IAC5C,cAAc,CAAU;IAEzB,MAAM,CAAU;IAChB,WAAW,CAAU;IACrB,OAAO,CAAU;IACjB,UAAU,CAAU;IAE3B,YAAY,UAA4B,EAAE;QACxC,MAAM,aAAa,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAErC,yEAAyE;QACzE,yEAAyE;QACzE,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE5C,kEAAkE;QAClE,mFAAmF;QACnF,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;YAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACzC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1B,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QACxC,CAAC;aAAM,IAAI,CAAC,aAAa,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;YAC3D,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC,oBAAoB,CAAC;QAE5E,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;gBAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,UAEI,EAAE;QAEN,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAEhC,IAAI,CAAC,oBAAoB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAC;QAC9E,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QAED,6EAA6E;QAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;QAE/D,MAAM,aAAa,GAA4C;YAC7D,GAAG,OAAO;YACV,OAAO,EAAE,OAAO;YAChB,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK;SAC/B,CAAC;QAEF,8EAA8E;QAC9E,2DAA2D;QAC3D,IAAI,IAAI,CAAC,cAAc,IAAK,OAAe,CAAC,uBAAuB,KAAK,IAAI,EAAE,CAAC;YAC7E,aAAa,CAAC,uBAAuB,GAAG,IAAI,CAAC;QAC/C,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,MAAO,CAAC;IACtB,CAAC;IAEM,KAAK,CAAC,uBAAuB;QAClC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,IAAI,IAAI;QACN,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,KAAK;QACP,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,KAAK;QACP,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,SAAS;QACX,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,WAAW;QACb,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,IAAI;QACN,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED,+DAA+D;AAC/D,WAAiB,SAAS;IACV,cAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACnB,eAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACrB,cAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACnB,iBAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,qBAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACjC,oBAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC/B,eAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACrB,oBAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC/B,gBAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACvB,gBAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACvB,qBAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACjC,mBAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC7B,iBAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,sBAAY,GAAG,MAAM,CAAC,YAAY,CAAC;AACnD,CAAC,EAfgB,SAAS,KAAT,SAAS,QAezB"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
import OpenAI from "openai";
|
|
2
2
|
import type { Audio, Beta, Chat, Embeddings, Files, FineTuning, Images, Models, Moderations, Responses } from "openai/resources";
|
|
3
|
-
import type { VerificationDocument } from "./verifier";
|
|
3
|
+
import type { VerificationDocument } from "./verifier.js";
|
|
4
4
|
interface TinfoilAIOptions {
|
|
5
5
|
apiKey?: string;
|
|
6
|
+
bearerToken?: string;
|
|
6
7
|
baseURL?: string;
|
|
7
8
|
enclaveURL?: string;
|
|
8
9
|
configRepo?: string;
|
|
@@ -15,12 +16,13 @@ export declare class TinfoilAI {
|
|
|
15
16
|
private configRepo?;
|
|
16
17
|
private secureClient;
|
|
17
18
|
private verificationDocument?;
|
|
19
|
+
private useBearerToken;
|
|
18
20
|
apiKey?: string;
|
|
21
|
+
bearerToken?: string;
|
|
19
22
|
baseURL?: string;
|
|
20
23
|
enclaveURL?: string;
|
|
21
24
|
constructor(options?: TinfoilAIOptions);
|
|
22
25
|
ready(): Promise<void>;
|
|
23
|
-
private initClient;
|
|
24
26
|
private createOpenAIClient;
|
|
25
27
|
private ensureReady;
|
|
26
28
|
getVerificationDocument(): Promise<VerificationDocument>;
|
|
@@ -52,3 +54,4 @@ export declare namespace TinfoilAI {
|
|
|
52
54
|
export import VectorStores = OpenAI.VectorStores;
|
|
53
55
|
}
|
|
54
56
|
export {};
|
|
57
|
+
//# sourceMappingURL=tinfoil-ai.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tinfoil-ai.d.ts","sourceRoot":"","sources":["../src/tinfoil-ai.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,KAAK,EACV,KAAK,EACL,IAAI,EACJ,IAAI,EACJ,UAAU,EACV,KAAK,EACL,UAAU,EACV,MAAM,EACN,MAAM,EACN,WAAW,EACX,SAAS,EACV,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,eAAe,CAAC;AA4B1D,UAAU,gBAAgB;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB;AAED,qBAAa,SAAS;IACpB,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,aAAa,CAAkB;IACvC,OAAO,CAAC,YAAY,CAAC,CAAgB;IACrC,OAAO,CAAC,UAAU,CAAC,CAAS;IAC5B,OAAO,CAAC,YAAY,CAAe;IACnC,OAAO,CAAC,oBAAoB,CAAC,CAAuB;IACpD,OAAO,CAAC,cAAc,CAAU;IAEzB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;gBAEf,OAAO,GAAE,gBAAqB;IAgC7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YASrB,kBAAkB;YA8BlB,WAAW;IAKZ,uBAAuB,IAAI,OAAO,CAAC,oBAAoB,CAAC;IAQrE,IAAI,IAAI,IAAI,IAAI,CAEf;IAED,IAAI,KAAK,IAAI,KAAK,CAEjB;IAED,IAAI,UAAU,IAAI,UAAU,CAI3B;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,KAAK,IAAI,KAAK,CAEjB;IAED,IAAI,SAAS,IAAI,SAAS,CAIzB;IAED,IAAI,UAAU,IAAI,UAAU,CAI3B;IAED,IAAI,MAAM,IAAI,MAAM,CAEnB;IAED,IAAI,WAAW,IAAI,WAAW,CAI7B;IAED,IAAI,IAAI,IAAI,IAAI,CAEf;CACF;AAGD,yBAAiB,SAAS,CAAC;IACzB,MAAM,QAAQ,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACjC,MAAM,QAAQ,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACjC,MAAM,QAAQ,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACvC,MAAM,QAAQ,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAC/C,MAAM,QAAQ,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC7C,MAAM,QAAQ,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACnC,MAAM,QAAQ,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC7C,MAAM,QAAQ,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,MAAM,QAAQ,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACrC,MAAM,QAAQ,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IAC/C,MAAM,QAAQ,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC3C,MAAM,QAAQ,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACvC,MAAM,QAAQ,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC;CAClD"}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import OpenAI from "openai";
|
|
2
|
-
import { SecureClient } from "./secure-client.
|
|
3
|
-
import { TINFOIL_CONFIG } from "./config.
|
|
4
|
-
import { isRealBrowser } from "./env.
|
|
2
|
+
import { SecureClient } from "./secure-client.js";
|
|
3
|
+
import { TINFOIL_CONFIG } from "./config.js";
|
|
4
|
+
import { isRealBrowser } from "./env.js";
|
|
5
5
|
function createAsyncProxy(promise) {
|
|
6
6
|
return new Proxy({}, {
|
|
7
7
|
get(target, prop) {
|
|
@@ -25,17 +25,35 @@ function createAsyncProxy(promise) {
|
|
|
25
25
|
});
|
|
26
26
|
}
|
|
27
27
|
export class TinfoilAI {
|
|
28
|
+
client;
|
|
29
|
+
clientPromise;
|
|
30
|
+
readyPromise;
|
|
31
|
+
configRepo;
|
|
32
|
+
secureClient;
|
|
33
|
+
verificationDocument;
|
|
34
|
+
useBearerToken;
|
|
35
|
+
apiKey;
|
|
36
|
+
bearerToken;
|
|
37
|
+
baseURL;
|
|
38
|
+
enclaveURL;
|
|
28
39
|
constructor(options = {}) {
|
|
29
40
|
const openAIOptions = { ...options };
|
|
41
|
+
// bearerToken is used for browser auth (e.g., JWT from your auth system)
|
|
42
|
+
// It automatically enables browser usage without dangerouslyAllowBrowser
|
|
43
|
+
this.useBearerToken = !!options.bearerToken;
|
|
30
44
|
// In browser builds, never read secrets from process.env to avoid
|
|
31
|
-
// leaking credentials into client bundles. Require explicit apiKey.
|
|
32
|
-
if (options.
|
|
45
|
+
// leaking credentials into client bundles. Require explicit apiKey or bearerToken.
|
|
46
|
+
if (options.bearerToken) {
|
|
47
|
+
openAIOptions.apiKey = options.bearerToken;
|
|
48
|
+
this.bearerToken = options.bearerToken;
|
|
49
|
+
}
|
|
50
|
+
else if (options.apiKey) {
|
|
33
51
|
openAIOptions.apiKey = options.apiKey;
|
|
34
52
|
}
|
|
35
53
|
else if (!isRealBrowser() && process.env.TINFOIL_API_KEY) {
|
|
36
54
|
openAIOptions.apiKey = process.env.TINFOIL_API_KEY;
|
|
37
55
|
}
|
|
38
|
-
this.apiKey =
|
|
56
|
+
this.apiKey = options.apiKey;
|
|
39
57
|
this.baseURL = options.baseURL;
|
|
40
58
|
this.enclaveURL = options.enclaveURL;
|
|
41
59
|
this.configRepo = options.configRepo || TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
|
|
@@ -44,7 +62,7 @@ export class TinfoilAI {
|
|
|
44
62
|
enclaveURL: this.enclaveURL,
|
|
45
63
|
configRepo: this.configRepo,
|
|
46
64
|
});
|
|
47
|
-
this.clientPromise = this.
|
|
65
|
+
this.clientPromise = this.createOpenAIClient(openAIOptions);
|
|
48
66
|
}
|
|
49
67
|
async ready() {
|
|
50
68
|
if (!this.readyPromise) {
|
|
@@ -54,9 +72,6 @@ export class TinfoilAI {
|
|
|
54
72
|
}
|
|
55
73
|
return this.readyPromise;
|
|
56
74
|
}
|
|
57
|
-
async initClient(options) {
|
|
58
|
-
return this.createOpenAIClient(options);
|
|
59
|
-
}
|
|
60
75
|
async createOpenAIClient(options = {}) {
|
|
61
76
|
await this.secureClient.ready();
|
|
62
77
|
this.verificationDocument = await this.secureClient.getVerificationDocument();
|
|
@@ -70,7 +85,9 @@ export class TinfoilAI {
|
|
|
70
85
|
baseURL: baseURL,
|
|
71
86
|
fetch: this.secureClient.fetch,
|
|
72
87
|
};
|
|
73
|
-
|
|
88
|
+
// Automatically allow browser usage when bearerToken is used (e.g., JWT auth)
|
|
89
|
+
// or when explicitly requested via dangerouslyAllowBrowser
|
|
90
|
+
if (this.useBearerToken || options.dangerouslyAllowBrowser === true) {
|
|
74
91
|
clientOptions.dangerouslyAllowBrowser = true;
|
|
75
92
|
}
|
|
76
93
|
return new OpenAI(clientOptions);
|
|
@@ -134,3 +151,4 @@ export class TinfoilAI {
|
|
|
134
151
|
TinfoilAI.Uploads = OpenAI.Uploads;
|
|
135
152
|
TinfoilAI.VectorStores = OpenAI.VectorStores;
|
|
136
153
|
})(TinfoilAI || (TinfoilAI = {}));
|
|
154
|
+
//# sourceMappingURL=tinfoil-ai.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tinfoil-ai.js","sourceRoot":"","sources":["../src/tinfoil-ai.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAa5B,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,SAAS,gBAAgB,CAAmB,OAAmB;IAC7D,OAAO,IAAI,KAAK,CAAC,EAAO,EAAE;QACxB,GAAG,CAAC,MAAM,EAAE,IAAI;YACd,OAAO,IAAI,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,EAAE;gBACzB,GAAG,CAAC,CAAC,EAAE,UAAU;oBACf,OAAO,CAAC,GAAG,IAAW,EAAE,EAAE,CACxB,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;wBACnB,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC;wBAC7C,OAAO,OAAO,KAAK,KAAK,UAAU;4BAChC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAE,GAAW,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC;4BACvC,CAAC,CAAC,KAAK,CAAC;oBACZ,CAAC,CAAC,CAAC;gBACP,CAAC;gBACD,KAAK,CAAC,CAAC,EAAE,EAAE,EAAE,IAAI;oBACf,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE;wBAC1B,MAAM,KAAK,GAAI,GAAW,CAAC,IAAI,CAAC,CAAC;wBACjC,OAAO,OAAO,KAAK,KAAK,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBACtE,CAAC,CAAC,CAAC;gBACL,CAAC;aACF,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;AACL,CAAC;AAWD,MAAM,OAAO,SAAS;IACZ,MAAM,CAAU;IAChB,aAAa,CAAkB;IAC/B,YAAY,CAAiB;IAC7B,UAAU,CAAU;IACpB,YAAY,CAAe;IAC3B,oBAAoB,CAAwB;IAC5C,cAAc,CAAU;IAEzB,MAAM,CAAU;IAChB,WAAW,CAAU;IACrB,OAAO,CAAU;IACjB,UAAU,CAAU;IAE3B,YAAY,UAA4B,EAAE;QACxC,MAAM,aAAa,GAAG,EAAE,GAAG,OAAO,EAAE,CAAC;QAErC,yEAAyE;QACzE,yEAAyE;QACzE,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE5C,kEAAkE;QAClE,mFAAmF;QACnF,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;YACxB,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;YAC3C,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACzC,CAAC;aAAM,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YAC1B,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QACxC,CAAC;aAAM,IAAI,CAAC,aAAa,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC;YAC3D,aAAa,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACrD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,IAAI,cAAc,CAAC,oBAAoB,CAAC;QAE5E,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAAC;YACnC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAC9D,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,CAAC,KAAK,IAAI,EAAE;gBAC9B,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC;YACzC,CAAC,CAAC,EAAE,CAAC;QACP,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAC9B,UAEI,EAAE;QAEN,MAAM,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;QAEhC,IAAI,CAAC,oBAAoB,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,CAAC;QAC9E,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QAED,6EAA6E;QAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,IAAI,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;QAE/D,MAAM,aAAa,GAA4C;YAC7D,GAAG,OAAO;YACV,OAAO,EAAE,OAAO;YAChB,KAAK,EAAE,IAAI,CAAC,YAAY,CAAC,KAAK;SAC/B,CAAC;QAEF,8EAA8E;QAC9E,2DAA2D;QAC3D,IAAI,IAAI,CAAC,cAAc,IAAK,OAAe,CAAC,uBAAuB,KAAK,IAAI,EAAE,CAAC;YAC7E,aAAa,CAAC,uBAAuB,GAAG,IAAI,CAAC;QAC/C,CAAC;QAED,OAAO,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC,MAAO,CAAC;IACtB,CAAC;IAEM,KAAK,CAAC,uBAAuB;QAClC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QACD,OAAO,IAAI,CAAC,oBAAoB,CAAC;IACnC,CAAC;IAED,IAAI,IAAI;QACN,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,KAAK;QACP,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,KAAK;QACP,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,IAAI,SAAS;QACX,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACtD,CAAC;IACJ,CAAC;IAED,IAAI,UAAU;QACZ,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CACvD,CAAC;IACJ,CAAC;IAED,IAAI,MAAM;QACR,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,WAAW;QACb,OAAO,gBAAgB,CACrB,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,WAAW,CAAC,CACxD,CAAC;IACJ,CAAC;IAED,IAAI,IAAI;QACN,OAAO,gBAAgB,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC5E,CAAC;CACF;AAED,+DAA+D;AAC/D,WAAiB,SAAS;IACV,cAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACnB,eAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACrB,cAAI,GAAG,MAAM,CAAC,IAAI,CAAC;IACnB,iBAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,qBAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACjC,oBAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC/B,eAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IACrB,oBAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IAC/B,gBAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACvB,gBAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IACvB,qBAAW,GAAG,MAAM,CAAC,WAAW,CAAC;IACjC,mBAAS,GAAG,MAAM,CAAC,SAAS,CAAC;IAC7B,iBAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,sBAAY,GAAG,MAAM,CAAC,YAAY,CAAC;AACnD,CAAC,EAfgB,SAAS,KAAT,SAAS,QAezB"}
|
|
@@ -1,14 +1,12 @@
|
|
|
1
1
|
interface UnverifiedClientOptions {
|
|
2
2
|
baseURL?: string;
|
|
3
3
|
enclaveURL?: string;
|
|
4
|
-
configRepo?: string;
|
|
5
4
|
}
|
|
6
5
|
export declare class UnverifiedClient {
|
|
7
6
|
private initPromise;
|
|
8
7
|
private _fetch;
|
|
9
8
|
private baseURL?;
|
|
10
9
|
private enclaveURL?;
|
|
11
|
-
private readonly configRepo;
|
|
12
10
|
constructor(options?: UnverifiedClientOptions);
|
|
13
11
|
ready(): Promise<void>;
|
|
14
12
|
private initUnverifiedClient;
|
|
@@ -16,3 +14,4 @@ export declare class UnverifiedClient {
|
|
|
16
14
|
get fetch(): typeof fetch;
|
|
17
15
|
}
|
|
18
16
|
export {};
|
|
17
|
+
//# sourceMappingURL=unverified-client.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"unverified-client.d.ts","sourceRoot":"","sources":["../src/unverified-client.ts"],"names":[],"mappings":"AAGA,UAAU,uBAAuB;IAC/B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,WAAW,CAA8B;IACjD,OAAO,CAAC,MAAM,CAA6B;IAE3C,OAAO,CAAC,OAAO,CAAC,CAAS;IACzB,OAAO,CAAC,UAAU,CAAC,CAAS;gBAEhB,OAAO,GAAE,uBAA4B;IAKpC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;YAOrB,oBAAoB;IAgCrB,uBAAuB,IAAI,OAAO,CAAC,IAAI,CAAC;IAUrD,IAAI,KAAK,IAAI,OAAO,KAAK,CAKxB;CACF"}
|
|
@@ -1,16 +1,13 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
1
|
+
import { createEncryptedBodyFetch } from "./encrypted-body-fetch.js";
|
|
2
|
+
import { fetchRouter } from "./router.js";
|
|
3
|
+
export class UnverifiedClient {
|
|
4
|
+
initPromise = null;
|
|
5
|
+
_fetch = null;
|
|
6
|
+
baseURL;
|
|
7
|
+
enclaveURL;
|
|
8
8
|
constructor(options = {}) {
|
|
9
|
-
this.initPromise = null;
|
|
10
|
-
this._fetch = null;
|
|
11
9
|
this.baseURL = options.baseURL;
|
|
12
10
|
this.enclaveURL = options.enclaveURL;
|
|
13
|
-
this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
|
|
14
11
|
}
|
|
15
12
|
async ready() {
|
|
16
13
|
if (!this.initPromise) {
|
|
@@ -21,7 +18,7 @@ class UnverifiedClient {
|
|
|
21
18
|
async initUnverifiedClient() {
|
|
22
19
|
// Only fetch router if neither baseURL nor enclaveURL is provided
|
|
23
20
|
if (!this.baseURL && !this.enclaveURL) {
|
|
24
|
-
const routerAddress = await
|
|
21
|
+
const routerAddress = await fetchRouter();
|
|
25
22
|
this.enclaveURL = `https://${routerAddress}`;
|
|
26
23
|
this.baseURL = `https://${routerAddress}/v1/`;
|
|
27
24
|
}
|
|
@@ -46,7 +43,7 @@ class UnverifiedClient {
|
|
|
46
43
|
throw new Error("Unable to determine enclaveURL: neither baseURL nor enclaveURL provided");
|
|
47
44
|
}
|
|
48
45
|
}
|
|
49
|
-
this._fetch =
|
|
46
|
+
this._fetch = createEncryptedBodyFetch(this.baseURL, undefined, this.enclaveURL);
|
|
50
47
|
}
|
|
51
48
|
async getVerificationDocument() {
|
|
52
49
|
if (!this.initPromise) {
|
|
@@ -62,4 +59,4 @@ class UnverifiedClient {
|
|
|
62
59
|
};
|
|
63
60
|
}
|
|
64
61
|
}
|
|
65
|
-
|
|
62
|
+
//# sourceMappingURL=unverified-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"unverified-client.js","sourceRoot":"","sources":["../src/unverified-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,MAAM,2BAA2B,CAAC;AACrE,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAO1C,MAAM,OAAO,gBAAgB;IACnB,WAAW,GAAyB,IAAI,CAAC;IACzC,MAAM,GAAwB,IAAI,CAAC;IAEnC,OAAO,CAAU;IACjB,UAAU,CAAU;IAE5B,YAAY,UAAmC,EAAE;QAC/C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC;QAC/B,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACvC,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,oBAAoB;QAChC,kEAAkE;QAClE,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtC,MAAM,aAAa,GAAG,MAAM,WAAW,EAAE,CAAC;YAC1C,IAAI,CAAC,UAAU,GAAG,WAAW,aAAa,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,GAAG,WAAW,aAAa,MAAM,CAAC;QAChD,CAAC;QAED,qDAAqD;QACrD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;gBACpB,+EAA+E;gBAC/E,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;gBAC5C,IAAI,CAAC,OAAO,GAAG,GAAG,UAAU,CAAC,MAAM,MAAM,CAAC;YAC5C,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;YAC1F,CAAC;QACH,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;gBACjB,+EAA+E;gBAC/E,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBACtC,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;YACnC,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;YAC7F,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,wBAAwB,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IACnF,CAAC;IAEM,KAAK,CAAC,uBAAuB;QAClC,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACrB,CAAC;QAED,MAAM,IAAI,CAAC,WAAW,CAAC;QAEvB,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;IACjG,CAAC;IAED,IAAI,KAAK;QACP,OAAO,KAAK,EAAE,KAAwB,EAAE,IAAkB,EAAE,EAAE;YAC5D,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,OAAO,IAAI,CAAC,MAAO,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACnC,CAAC,CAAC;IACJ,CAAC;CACF"}
|
package/dist/verifier.d.ts
CHANGED
|
@@ -1,141 +1,2 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
*/
|
|
4
|
-
export interface AttestationMeasurement {
|
|
5
|
-
type: string;
|
|
6
|
-
registers: string[];
|
|
7
|
-
}
|
|
8
|
-
/**
|
|
9
|
-
* Hardware measurement from TDX platform verification
|
|
10
|
-
*/
|
|
11
|
-
export interface HardwareMeasurement {
|
|
12
|
-
ID: string;
|
|
13
|
-
MRTD: string;
|
|
14
|
-
RTMR0: string;
|
|
15
|
-
}
|
|
16
|
-
/**
|
|
17
|
-
* Attestation response containing cryptographic keys and measurements
|
|
18
|
-
* At least one of tlsPublicKeyFingerprint or hpkePublicKey must be present
|
|
19
|
-
*/
|
|
20
|
-
export interface AttestationResponse {
|
|
21
|
-
tlsPublicKeyFingerprint?: string;
|
|
22
|
-
hpkePublicKey?: string;
|
|
23
|
-
measurement: AttestationMeasurement;
|
|
24
|
-
}
|
|
25
|
-
/**
|
|
26
|
-
* State of an intermediate verification step
|
|
27
|
-
*/
|
|
28
|
-
export interface VerificationStepState {
|
|
29
|
-
status: "pending" | "success" | "failed";
|
|
30
|
-
error?: string;
|
|
31
|
-
}
|
|
32
|
-
/**
|
|
33
|
-
* Full verification document produced by a verify() call
|
|
34
|
-
* Includes state tracking for all intermediate steps
|
|
35
|
-
*/
|
|
36
|
-
export interface VerificationDocument {
|
|
37
|
-
configRepo: string;
|
|
38
|
-
enclaveHost: string;
|
|
39
|
-
releaseDigest: string;
|
|
40
|
-
codeMeasurement: AttestationMeasurement;
|
|
41
|
-
enclaveMeasurement: AttestationResponse;
|
|
42
|
-
tlsPublicKey: string;
|
|
43
|
-
hpkePublicKey: string;
|
|
44
|
-
hardwareMeasurement?: HardwareMeasurement;
|
|
45
|
-
codeFingerprint: string;
|
|
46
|
-
enclaveFingerprint: string;
|
|
47
|
-
selectedRouterEndpoint: string;
|
|
48
|
-
securityVerified: boolean;
|
|
49
|
-
steps: {
|
|
50
|
-
fetchDigest: VerificationStepState;
|
|
51
|
-
verifyCode: VerificationStepState;
|
|
52
|
-
verifyEnclave: VerificationStepState;
|
|
53
|
-
compareMeasurements: VerificationStepState;
|
|
54
|
-
createTransport?: VerificationStepState;
|
|
55
|
-
verifyHPKEKey?: VerificationStepState;
|
|
56
|
-
otherError?: VerificationStepState;
|
|
57
|
-
};
|
|
58
|
-
}
|
|
59
|
-
/**
|
|
60
|
-
* Verifier performs attestation verification for Tinfoil enclaves
|
|
61
|
-
*
|
|
62
|
-
* The verifier loads a WebAssembly module (compiled from Go) that performs
|
|
63
|
-
* end-to-end attestation verification:
|
|
64
|
-
* 1. Fetches the latest code release digest from GitHub
|
|
65
|
-
* 2. Verifies code provenance using Sigstore/Rekor
|
|
66
|
-
* 3. Performs runtime attestation against the enclave
|
|
67
|
-
* 4. Verifies hardware measurements (for TDX platforms)
|
|
68
|
-
* 5. Compares code and runtime measurements using platform-specific logic
|
|
69
|
-
*
|
|
70
|
-
* Primary method: verify() - Returns AttestationResponse with cryptographic keys
|
|
71
|
-
* Verification details: getVerificationDocument() - Returns step-by-step results
|
|
72
|
-
*/
|
|
73
|
-
export declare class Verifier {
|
|
74
|
-
private static goInstance;
|
|
75
|
-
private static initializationPromise;
|
|
76
|
-
private static readonly defaultWasmUrl;
|
|
77
|
-
static originalFsWriteSync: ((fd: number, buf: Uint8Array) => number) | null;
|
|
78
|
-
static wasmLogsSuppressed: boolean;
|
|
79
|
-
static globalsInitialized: boolean;
|
|
80
|
-
private lastVerificationDocument?;
|
|
81
|
-
protected readonly serverURL: string;
|
|
82
|
-
protected readonly configRepo: string;
|
|
83
|
-
constructor(options?: {
|
|
84
|
-
serverURL?: string;
|
|
85
|
-
configRepo?: string;
|
|
86
|
-
});
|
|
87
|
-
/**
|
|
88
|
-
* Execute a function with a fresh WASM instance that auto-cleans up
|
|
89
|
-
* This ensures Go runtime doesn't keep the process alive
|
|
90
|
-
*/
|
|
91
|
-
private static executeWithWasm;
|
|
92
|
-
/**
|
|
93
|
-
* Perform end-to-end attestation verification
|
|
94
|
-
*
|
|
95
|
-
* This method performs all verification steps atomically via the Go WASM verify() function:
|
|
96
|
-
* 1. Fetches the latest code digest from GitHub releases
|
|
97
|
-
* 2. Verifies code provenance using Sigstore/Rekor
|
|
98
|
-
* 3. Performs runtime attestation against the enclave
|
|
99
|
-
* 4. Verifies hardware measurements (for TDX platforms)
|
|
100
|
-
* 5. Compares code and runtime measurements using platform-specific logic
|
|
101
|
-
*
|
|
102
|
-
* The WASM runtime is automatically initialized and cleaned up within this method.
|
|
103
|
-
* A detailed verification document is saved and can be accessed via getVerificationDocument().
|
|
104
|
-
*
|
|
105
|
-
* @returns AttestationResponse containing cryptographic keys (TLS/HPKE) and enclave measurement
|
|
106
|
-
* @throws Error if measurements don't match or verification fails at any step
|
|
107
|
-
*/
|
|
108
|
-
verify(): Promise<AttestationResponse>;
|
|
109
|
-
/**
|
|
110
|
-
* Save a failed verification document
|
|
111
|
-
*/
|
|
112
|
-
private saveFailedVerificationDocument;
|
|
113
|
-
/**
|
|
114
|
-
* Internal verification logic that runs within WASM context
|
|
115
|
-
*/
|
|
116
|
-
private verifyInternal;
|
|
117
|
-
/**
|
|
118
|
-
* Returns the verification document from the last verify() call
|
|
119
|
-
*
|
|
120
|
-
* The document contains detailed step-by-step verification results including:
|
|
121
|
-
* - Step status (pending/success/failed) for each verification phase
|
|
122
|
-
* - Measurements, fingerprints, and cryptographic keys
|
|
123
|
-
* - Error messages for any failed steps
|
|
124
|
-
*
|
|
125
|
-
* Available even if verification failed, allowing inspection of which step failed.
|
|
126
|
-
*
|
|
127
|
-
* @returns VerificationDocument with complete verification details, or undefined if verify() hasn't been called
|
|
128
|
-
*/
|
|
129
|
-
getVerificationDocument(): VerificationDocument | undefined;
|
|
130
|
-
}
|
|
131
|
-
/**
|
|
132
|
-
* Control WASM log output
|
|
133
|
-
*
|
|
134
|
-
* The Go WASM runtime outputs logs (stdout/stderr) through a polyfilled fs.writeSync.
|
|
135
|
-
* This function allows suppressing those logs without affecting other console output.
|
|
136
|
-
* By default, WASM logs are suppressed to reduce noise.
|
|
137
|
-
*
|
|
138
|
-
* @param suppress - Whether to suppress WASM logs (default: true)
|
|
139
|
-
* @returns void
|
|
140
|
-
*/
|
|
141
|
-
export declare function suppressWasmLogs(suppress?: boolean): void;
|
|
1
|
+
export * from '@tinfoilsh/verifier';
|
|
2
|
+
//# sourceMappingURL=verifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifier.d.ts","sourceRoot":"","sources":["../src/verifier.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAC"}
|