@zeke-02/tinfoil 0.0.2 → 0.0.4

package/dist/index.d.ts

@@ -5,4 +5,5 @@ export * from "./ai-sdk-provider";
 export * from "./config";
 export { SecureClient } from "./secure-client";
 export { UnverifiedClient } from "./unverified-client";
+export { fetchRouter } from "./router";
 export { type Uploadable, toFile, APIPromise, PagePromise, OpenAIError, APIError, APIConnectionError, APIConnectionTimeoutError, APIUserAbortError, NotFoundError, ConflictError, RateLimitError, BadRequestError, AuthenticationError, InternalServerError, PermissionDeniedError, UnprocessableEntityError, } from "openai";

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.UnprocessableEntityError = exports.PermissionDeniedError = exports.InternalServerError = exports.AuthenticationError = exports.BadRequestError = exports.RateLimitError = exports.ConflictError = exports.NotFoundError = exports.APIUserAbortError = exports.APIConnectionTimeoutError = exports.APIConnectionError = exports.APIError = exports.OpenAIError = exports.PagePromise = exports.APIPromise = exports.toFile = exports.UnverifiedClient = exports.SecureClient = exports.default = exports.TinfoilAI = void 0;
+exports.UnprocessableEntityError = exports.PermissionDeniedError = exports.InternalServerError = exports.AuthenticationError = exports.BadRequestError = exports.RateLimitError = exports.ConflictError = exports.NotFoundError = exports.APIUserAbortError = exports.APIConnectionTimeoutError = exports.APIConnectionError = exports.APIError = exports.OpenAIError = exports.PagePromise = exports.APIPromise = exports.toFile = exports.fetchRouter = exports.UnverifiedClient = exports.SecureClient = exports.default = exports.TinfoilAI = void 0;
 // Re-export the TinfoilAI class
 var tinfoilai_1 = require("./tinfoilai");
 Object.defineProperty(exports, "TinfoilAI", { enumerable: true, get: function () { return tinfoilai_1.TinfoilAI; } });
@@ -28,6 +28,8 @@ var secure_client_1 = require("./secure-client");
 Object.defineProperty(exports, "SecureClient", { enumerable: true, get: function () { return secure_client_1.SecureClient; } });
 var unverified_client_1 = require("./unverified-client");
 Object.defineProperty(exports, "UnverifiedClient", { enumerable: true, get: function () { return unverified_client_1.UnverifiedClient; } });
+var router_1 = require("./router");
+Object.defineProperty(exports, "fetchRouter", { enumerable: true, get: function () { return router_1.fetchRouter; } });
 // Re-export OpenAI utility types and classes that users might need
 // Using public exports from the main OpenAI package instead of deep imports
 var openai_1 = require("openai");

package/dist/router.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Router utilities for fetching available Tinfoil routers
+ */
+/**
+ * Fetches the list of available routers from the ATC API
+ * and returns a randomly selected address.
+ *
+ * @returns Promise<string> A randomly selected router address
+ * @throws Error if no routers are found or if the request fails
+ */
+export declare function fetchRouter(): Promise<string>;

package/dist/router.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchRouter = fetchRouter;
+const config_1 = require("./config");
+/**
+ * Router utilities for fetching available Tinfoil routers
+ */
+/**
+ * Fetches the list of available routers from the ATC API
+ * and returns a randomly selected address.
+ *
+ * @returns Promise<string> A randomly selected router address
+ * @throws Error if no routers are found or if the request fails
+ */
+async function fetchRouter() {
+    const routersUrl = config_1.TINFOIL_CONFIG.ATC_API_URL;
+    try {
+        const response = await fetch(routersUrl);
+        if (!response.ok) {
+            throw new Error(`Failed to fetch routers: ${response.status} ${response.statusText}`);
+        }
+        const routers = await response.json();
+        if (!Array.isArray(routers) || routers.length === 0) {
+            throw new Error("No routers found in the response");
+        }
+        // Return a randomly selected router
+        const randomIndex = Math.floor(Math.random() * routers.length);
+        return routers[randomIndex];
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            throw new Error(`Failed to fetch router: ${error.message}`);
+        }
+        throw new Error("Failed to fetch router: Unknown error");
+    }
+}

package/dist/secure-client.d.ts

@@ -8,13 +8,14 @@ export declare class SecureClient {
     private initPromise;
     private verificationDocument;
     private _fetch;
-    private readonly baseURL?;
-    private readonly enclaveURL?;
+    private baseURL?;
+    private enclaveURL?;
     private readonly configRepo?;
     constructor(options?: SecureClientOptions);
     ready(): Promise<void>;
     private initSecureClient;
     getVerificationDocument(): Promise<VerificationDocument>;
+    getBaseURL(): string | undefined;
     get fetch(): typeof fetch;
 }
 export {};

package/dist/secure-client.js

@@ -4,13 +4,14 @@ exports.SecureClient = void 0;
 const verifier_1 = require("./verifier");
 const config_1 = require("./config");
 const secure_fetch_1 = require("./secure-fetch");
+const router_1 = require("./router");
 class SecureClient {
     constructor(options = {}) {
         this.initPromise = null;
         this.verificationDocument = null;
         this._fetch = null;
-        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
-        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.baseURL = options.baseURL;
+        this.enclaveURL = options.enclaveURL;
         this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
     }
     async ready() {
@@ -20,6 +21,33 @@ class SecureClient {
         return this.initPromise;
     }
     async initSecureClient() {
+        // Only fetch router if neither baseURL nor enclaveURL is provided
+        if (!this.baseURL && !this.enclaveURL) {
+            const routerAddress = await (0, router_1.fetchRouter)();
+            this.enclaveURL = `https://${routerAddress}`;
+            this.baseURL = `https://${routerAddress}/v1/`;
+        }
+        // Ensure both baseURL and enclaveURL are initialized
+        if (!this.baseURL) {
+            if (this.enclaveURL) {
+                // If enclaveURL is provided but baseURL is not, derive baseURL from enclaveURL
+                const enclaveUrl = new URL(this.enclaveURL);
+                this.baseURL = `${enclaveUrl.origin}/v1/`;
+            }
+            else {
+                throw new Error("Unable to determine baseURL: neither baseURL nor enclaveURL provided");
+            }
+        }
+        if (!this.enclaveURL) {
+            if (this.baseURL) {
+                // If baseURL is provided but enclaveURL is not, derive enclaveURL from baseURL
+                const baseUrl = new URL(this.baseURL);
+                this.enclaveURL = baseUrl.origin;
+            }
+            else {
+                throw new Error("Unable to determine enclaveURL: neither baseURL nor enclaveURL provided");
+            }
+        }
         const verifier = new verifier_1.Verifier({
             serverURL: this.enclaveURL,
             configRepo: this.configRepo,
@@ -80,6 +108,9 @@ class SecureClient {
         }
         return this.verificationDocument;
     }
+    getBaseURL() {
+        return this.baseURL;
+    }
     get fetch() {
         return async (input, init) => {
             await this.ready();

package/dist/tinfoilai.js

@@ -42,8 +42,8 @@ class TinfoilAI {
             openAIOptions.apiKey = process.env.TINFOIL_API_KEY;
         }
         this.apiKey = openAIOptions.apiKey;
-        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
-        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.baseURL = options.baseURL;
+        this.enclaveURL = options.enclaveURL;
         this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
         this.secureClient = new secure_client_1.SecureClient({
             baseURL: this.baseURL,
@@ -69,9 +69,11 @@ class TinfoilAI {
         if (!this.verificationDocument) {
             throw new Error("Verification document not available after successful verification");
         }
+        // Use the provided baseURL, or get it from SecureClient after initialization
+        const baseURL = this.baseURL || this.secureClient.getBaseURL();
         const clientOptions = {
             ...options,
-            baseURL: this.baseURL,
+            baseURL: baseURL,
             fetch: this.secureClient.fetch,
         };
         if ((0, env_1.isRealBrowser)() || options.dangerouslyAllowBrowser === true) {

package/dist/unverified-client.d.ts

@@ -6,8 +6,8 @@ interface UnverifiedClientOptions {
 export declare class UnverifiedClient {
     private initPromise;
     private _fetch;
-    private readonly baseURL;
-    private readonly enclaveURL;
+    private baseURL?;
+    private enclaveURL?;
     private readonly configRepo;
     constructor(options?: UnverifiedClientOptions);
     ready(): Promise<void>;

package/dist/unverified-client.js

@@ -3,12 +3,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.UnverifiedClient = void 0;
 const config_1 = require("./config");
 const encrypted_body_fetch_1 = require("./encrypted-body-fetch");
+const router_1 = require("./router");
 class UnverifiedClient {
     constructor(options = {}) {
         this.initPromise = null;
         this._fetch = null;
-        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
-        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.baseURL = options.baseURL;
+        this.enclaveURL = options.enclaveURL;
         this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
     }
     async ready() {
@@ -18,6 +19,33 @@ class UnverifiedClient {
         return this.initPromise;
     }
     async initUnverifiedClient() {
+        // Only fetch router if neither baseURL nor enclaveURL is provided
+        if (!this.baseURL && !this.enclaveURL) {
+            const routerAddress = await (0, router_1.fetchRouter)();
+            this.enclaveURL = `https://${routerAddress}`;
+            this.baseURL = `https://${routerAddress}/v1/`;
+        }
+        // Ensure both baseURL and enclaveURL are initialized
+        if (!this.baseURL) {
+            if (this.enclaveURL) {
+                // If enclaveURL is provided but baseURL is not, derive baseURL from enclaveURL
+                const enclaveUrl = new URL(this.enclaveURL);
+                this.baseURL = `${enclaveUrl.origin}/v1/`;
+            }
+            else {
+                throw new Error("Unable to determine baseURL: neither baseURL nor enclaveURL provided");
+            }
+        }
+        if (!this.enclaveURL) {
+            if (this.baseURL) {
+                // If baseURL is provided but enclaveURL is not, derive enclaveURL from baseURL
+                const baseUrl = new URL(this.baseURL);
+                this.enclaveURL = baseUrl.origin;
+            }
+            else {
+                throw new Error("Unable to determine enclaveURL: neither baseURL nor enclaveURL provided");
+            }
+        }
         this._fetch = (0, encrypted_body_fetch_1.createEncryptedBodyFetch)(this.baseURL, undefined, this.enclaveURL);
     }
     async getVerificationDocument() {

package/dist/verifier.d.ts

@@ -87,7 +87,7 @@ export declare class Verifier {
     private static executeWithWasm;
     /**
      * Fetch the latest release digest from GitHub
-     * @param configRepo - Repository name (e.g., "tinfoilsh/confidential-inference-proxy")
+     * @param configRepo - Repository name (e.g., "tinfoilsh/confidential-model-router")
      * @returns The digest hash
      */
     fetchLatestDigest(configRepo?: string): Promise<string>;

package/dist/verifier.js

@@ -151,7 +151,8 @@ function compareMeasurementsError(codeMeasurement, runtimeMeasurement) {
     }
     if (codeMeasurement.type === PLATFORM_TYPES.SNP_TDX_MULTI_PLATFORM_V1) {
         switch (runtimeMeasurement.type) {
-            case PLATFORM_TYPES.TDX_GUEST_V1: {
+            case PLATFORM_TYPES.TDX_GUEST_V1:
+            case PLATFORM_TYPES.TDX_GUEST_V2: {
                 if (codeMeasurement.registers.length < 3 ||
                     runtimeMeasurement.registers.length < 4) {
                     return new Error(MEASUREMENT_ERROR_MESSAGES.FEW_REGISTERS);
@@ -223,8 +224,10 @@ function compareMeasurements(codeMeasurement, runtimeMeasurement) {
  */
 class Verifier {
     constructor(options) {
-        const serverURL = options?.serverURL ?? config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
-        this.serverURL = new URL(serverURL).hostname;
+        if (!options?.serverURL) {
+            throw new Error("serverURL is required for Verifier");
+        }
+        this.serverURL = new URL(options.serverURL).hostname;
         this.configRepo =
             options?.configRepo ?? config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
     }
@@ -287,7 +290,7 @@ class Verifier {
     }
     /**
      * Fetch the latest release digest from GitHub
-     * @param configRepo - Repository name (e.g., "tinfoilsh/confidential-inference-proxy")
+     * @param configRepo - Repository name (e.g., "tinfoilsh/confidential-model-router")
      * @returns The digest hash
      */
     async fetchLatestDigest(configRepo) {

package/package.json

@@ -1,58 +1,64 @@
 {
   "name": "@zeke-02/tinfoil",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "Tinfoil secure OpenAI client wrapper for Tauri v2",
   "main": "dist/index.js",
-  "module": "dist/esm/index.js",
+  "module": "dist/esm/index.mjs",
   "types": "dist/index.d.ts",
   "browser": {
-    "./dist/index.js": "./dist/esm/index.browser.js",
-    "./dist/esm/index.js": "./dist/esm/index.browser.js"
+    "./dist/index.js": "./dist/esm/index.browser.mjs",
+    "./dist/esm/index.mjs": "./dist/esm/index.browser.mjs"
   },
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
-      "browser": "./dist/esm/index.browser.js",
-      "import": "./dist/esm/index.js",
+      "browser": "./dist/esm/index.browser.mjs",
+      "import": "./dist/esm/index.mjs",
       "require": "./dist/index.js",
-      "default": "./dist/index.js"
+      "default": "./dist/esm/index.browser.mjs"
     },
     "./client": {
       "types": "./dist/client.d.ts",
-      "import": "./dist/esm/client.js",
+      "import": "./dist/esm/client.mjs",
       "require": "./dist/client.js"
     },
     "./ai-sdk-provider": {
       "types": "./dist/ai-sdk-provider.d.ts",
-      "import": "./dist/esm/ai-sdk-provider.js",
+      "import": "./dist/esm/ai-sdk-provider.mjs",
       "require": "./dist/ai-sdk-provider.js"
     },
     "./verifier": {
       "types": "./dist/verifier.d.ts",
-      "import": "./dist/esm/verifier.js",
+      "import": "./dist/esm/verifier.mjs",
       "require": "./dist/verifier.js"
     },
     "./config": {
       "types": "./dist/config.d.ts",
-      "import": "./dist/esm/config.js",
+      "import": "./dist/esm/config.mjs",
       "require": "./dist/config.js"
     },
     "./secure-client": {
       "types": "./dist/secure-client.d.ts",
-      "import": "./dist/esm/secure-client.js",
+      "import": "./dist/esm/secure-client.mjs",
       "require": "./dist/secure-client.js"
     },
     "./secure-fetch": {
       "types": "./dist/secure-fetch.d.ts",
-      "browser": "./dist/esm/secure-fetch.browser.js",
-      "import": "./dist/esm/secure-fetch.js",
-      "require": "./dist/secure-fetch.js"
+      "browser": "./dist/esm/secure-fetch.browser.mjs",
+      "import": "./dist/esm/secure-fetch.mjs",
+      "require": "./dist/secure-fetch.js",
+      "default": "./dist/esm/secure-fetch.browser.mjs"
+    },
+    "./router": {
+      "types": "./dist/router.d.ts",
+      "import": "./dist/esm/router.mjs",
+      "require": "./dist/router.js"
     }
   },
   "scripts": {
     "build": "npm run build:cjs && npm run build:esm",
     "build:cjs": "tsc && cp src/wasm-exec.js dist/",
-    "build:esm": "tsc -p tsconfig.esm.json && cp src/wasm-exec.js dist/esm/",
+    "build:esm": "tsc -p tsconfig.esm.json && node scripts/convert-to-mjs.js && cp src/wasm-exec.js dist/esm/",
     "test": "bash -lc 'rm -rf dist .node-tests && npm run build:cjs && tsc -p tsconfig.node-test.json && cp src/wasm-exec.js .node-tests/ && node --test $(find .node-tests -name \"*.test.js\" -print)'",
     "lint": "eslint src/**/*.ts",
     "prepublishOnly": "npm run build"

package/dist/esm/index.browser.js

@@ -1,8 +0,0 @@
-// Browser-safe entry point: avoids Node built-ins
-export { TinfoilAI } from "./tinfoilai";
-export { TinfoilAI as default } from "./tinfoilai";
-export * from "./verifier";
-export * from "./ai-sdk-provider";
-export * from "./config";
-export { SecureClient } from "./secure-client";
-export { UnverifiedClient } from "./unverified-client";

package/dist/esm/unverified-client.js

@@ -1,33 +0,0 @@
-import { TINFOIL_CONFIG } from "./config";
-import { createEncryptedBodyFetch } from "./encrypted-body-fetch";
-export class UnverifiedClient {
-    constructor(options = {}) {
-        this.initPromise = null;
-        this._fetch = null;
-        this.baseURL = options.baseURL || TINFOIL_CONFIG.INFERENCE_BASE_URL;
-        this.enclaveURL = options.enclaveURL || TINFOIL_CONFIG.ENCLAVE_URL;
-        this.configRepo = options.configRepo || TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
-    }
-    async ready() {
-        if (!this.initPromise) {
-            this.initPromise = this.initUnverifiedClient();
-        }
-        return this.initPromise;
-    }
-    async initUnverifiedClient() {
-        this._fetch = createEncryptedBodyFetch(this.baseURL, undefined, this.enclaveURL);
-    }
-    async getVerificationDocument() {
-        if (!this.initPromise) {
-            await this.ready();
-        }
-        await this.initPromise;
-        throw new Error("Verification document unavailable: this version of the client is unverified");
-    }
-    get fetch() {
-        return async (input, init) => {
-            await this.ready();
-            return this._fetch(input, init);
-        };
-    }
-}