@zeke-02/tinfoil 0.0.2

package/dist/index.browser.d.ts

@@ -0,0 +1,7 @@
+export { TinfoilAI } from "./tinfoilai";
+export { TinfoilAI as default } from "./tinfoilai";
+export * from "./verifier";
+export * from "./ai-sdk-provider";
+export * from "./config";
+export { SecureClient } from "./secure-client";
+export { UnverifiedClient } from "./unverified-client";

package/dist/index.browser.js

@@ -0,0 +1,29 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnverifiedClient = exports.SecureClient = exports.default = exports.TinfoilAI = void 0;
+// Browser-safe entry point: avoids Node built-ins
+var tinfoilai_1 = require("./tinfoilai");
+Object.defineProperty(exports, "TinfoilAI", { enumerable: true, get: function () { return tinfoilai_1.TinfoilAI; } });
+var tinfoilai_2 = require("./tinfoilai");
+Object.defineProperty(exports, "default", { enumerable: true, get: function () { return tinfoilai_2.TinfoilAI; } });
+__exportStar(require("./verifier"), exports);
+__exportStar(require("./ai-sdk-provider"), exports);
+__exportStar(require("./config"), exports);
+var secure_client_1 = require("./secure-client");
+Object.defineProperty(exports, "SecureClient", { enumerable: true, get: function () { return secure_client_1.SecureClient; } });
+var unverified_client_1 = require("./unverified-client");
+Object.defineProperty(exports, "UnverifiedClient", { enumerable: true, get: function () { return unverified_client_1.UnverifiedClient; } });

package/dist/index.d.ts

@@ -0,0 +1,8 @@
+export { TinfoilAI } from "./tinfoilai";
+export { TinfoilAI as default } from "./tinfoilai";
+export * from "./verifier";
+export * from "./ai-sdk-provider";
+export * from "./config";
+export { SecureClient } from "./secure-client";
+export { UnverifiedClient } from "./unverified-client";
+export { type Uploadable, toFile, APIPromise, PagePromise, OpenAIError, APIError, APIConnectionError, APIConnectionTimeoutError, APIUserAbortError, NotFoundError, ConflictError, RateLimitError, BadRequestError, AuthenticationError, InternalServerError, PermissionDeniedError, UnprocessableEntityError, } from "openai";

package/dist/index.js

@@ -0,0 +1,49 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnprocessableEntityError = exports.PermissionDeniedError = exports.InternalServerError = exports.AuthenticationError = exports.BadRequestError = exports.RateLimitError = exports.ConflictError = exports.NotFoundError = exports.APIUserAbortError = exports.APIConnectionTimeoutError = exports.APIConnectionError = exports.APIError = exports.OpenAIError = exports.PagePromise = exports.APIPromise = exports.toFile = exports.UnverifiedClient = exports.SecureClient = exports.default = exports.TinfoilAI = void 0;
+// Re-export the TinfoilAI class
+var tinfoilai_1 = require("./tinfoilai");
+Object.defineProperty(exports, "TinfoilAI", { enumerable: true, get: function () { return tinfoilai_1.TinfoilAI; } });
+var tinfoilai_2 = require("./tinfoilai");
+Object.defineProperty(exports, "default", { enumerable: true, get: function () { return tinfoilai_2.TinfoilAI; } });
+// Export verifier
+__exportStar(require("./verifier"), exports);
+__exportStar(require("./ai-sdk-provider"), exports);
+__exportStar(require("./config"), exports);
+var secure_client_1 = require("./secure-client");
+Object.defineProperty(exports, "SecureClient", { enumerable: true, get: function () { return secure_client_1.SecureClient; } });
+var unverified_client_1 = require("./unverified-client");
+Object.defineProperty(exports, "UnverifiedClient", { enumerable: true, get: function () { return unverified_client_1.UnverifiedClient; } });
+// Re-export OpenAI utility types and classes that users might need
+// Using public exports from the main OpenAI package instead of deep imports
+var openai_1 = require("openai");
+Object.defineProperty(exports, "toFile", { enumerable: true, get: function () { return openai_1.toFile; } });
+Object.defineProperty(exports, "APIPromise", { enumerable: true, get: function () { return openai_1.APIPromise; } });
+Object.defineProperty(exports, "PagePromise", { enumerable: true, get: function () { return openai_1.PagePromise; } });
+Object.defineProperty(exports, "OpenAIError", { enumerable: true, get: function () { return openai_1.OpenAIError; } });
+Object.defineProperty(exports, "APIError", { enumerable: true, get: function () { return openai_1.APIError; } });
+Object.defineProperty(exports, "APIConnectionError", { enumerable: true, get: function () { return openai_1.APIConnectionError; } });
+Object.defineProperty(exports, "APIConnectionTimeoutError", { enumerable: true, get: function () { return openai_1.APIConnectionTimeoutError; } });
+Object.defineProperty(exports, "APIUserAbortError", { enumerable: true, get: function () { return openai_1.APIUserAbortError; } });
+Object.defineProperty(exports, "NotFoundError", { enumerable: true, get: function () { return openai_1.NotFoundError; } });
+Object.defineProperty(exports, "ConflictError", { enumerable: true, get: function () { return openai_1.ConflictError; } });
+Object.defineProperty(exports, "RateLimitError", { enumerable: true, get: function () { return openai_1.RateLimitError; } });
+Object.defineProperty(exports, "BadRequestError", { enumerable: true, get: function () { return openai_1.BadRequestError; } });
+Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return openai_1.AuthenticationError; } });
+Object.defineProperty(exports, "InternalServerError", { enumerable: true, get: function () { return openai_1.InternalServerError; } });
+Object.defineProperty(exports, "PermissionDeniedError", { enumerable: true, get: function () { return openai_1.PermissionDeniedError; } });
+Object.defineProperty(exports, "UnprocessableEntityError", { enumerable: true, get: function () { return openai_1.UnprocessableEntityError; } });

package/dist/pinned-tls-fetch.d.ts

@@ -0,0 +1 @@
+export declare function createPinnedTlsFetch(baseURL: string, expectedFingerprintHex: string): typeof fetch;

package/dist/pinned-tls-fetch.js

@@ -0,0 +1,116 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPinnedTlsFetch = createPinnedTlsFetch;
+const https_1 = __importDefault(require("https"));
+const tls_1 = require("tls");
+const crypto_1 = require("crypto");
+const stream_1 = require("stream");
+function createPinnedTlsFetch(baseURL, expectedFingerprintHex) {
+    return (async (input, init) => {
+        // Normalize URL with base URL support
+        const makeURL = (value) => {
+            if (typeof value === "string")
+                return new URL(value, baseURL);
+            if (value instanceof URL)
+                return value;
+            return new URL(value.url, baseURL);
+        };
+        const url = makeURL(input);
+        if (url.protocol !== "https:") {
+            throw new Error(`HTTP connections are not allowed. Use HTTPS. URL: ${url.toString()}`);
+        }
+        // Gather method and headers
+        const method = (init?.method || input.method || "GET").toUpperCase();
+        const headers = new Headers(init?.headers || input?.headers || {});
+        const headerObj = {};
+        headers.forEach((v, k) => {
+            headerObj[k] = v;
+        });
+        // Resolve body
+        let body = init?.body;
+        if (!body && input instanceof Request) {
+            // If the original was a Request with a body, read it
+            try {
+                const buf = await input.arrayBuffer();
+                if (buf && buf.byteLength)
+                    body = Buffer.from(buf);
+            }
+            catch { }
+        }
+        // Convert web streams to Node streams if needed
+        if (body && typeof body.getReader === "function") {
+            body = stream_1.Readable.fromWeb(body);
+        }
+        if (body instanceof ArrayBuffer) {
+            body = Buffer.from(body);
+        }
+        if (ArrayBuffer.isView(body)) {
+            body = Buffer.from(body.buffer, body.byteOffset, body.byteLength);
+        }
+        const requestOptions = {
+            protocol: url.protocol,
+            hostname: url.hostname,
+            port: url.port ? Number(url.port) : 443,
+            path: `${url.pathname}${url.search}`,
+            method,
+            headers: headerObj,
+            checkServerIdentity: (host, cert) => {
+                const raw = cert.raw;
+                if (!raw) {
+                    return new Error("Certificate raw bytes are unavailable for pinning");
+                }
+                const x509 = new crypto_1.X509Certificate(raw);
+                const publicKeyDer = x509.publicKey.export({ type: "spki", format: "der" });
+                const fp = (0, crypto_1.createHash)("sha256").update(publicKeyDer).digest("hex");
+                if (fp !== expectedFingerprintHex) {
+                    return new Error(`Certificate public key fingerprint mismatch. Expected: ${expectedFingerprintHex}, Got: ${fp}`);
+                }
+                return (0, tls_1.checkServerIdentity)(host, cert);
+            },
+        };
+        const { signal } = init || {};
+        const res = await new Promise((resolve, reject) => {
+            const req = https_1.default.request(requestOptions, resolve);
+            req.on("error", reject);
+            if (signal) {
+                if (signal.aborted) {
+                    req.destroy(new Error("Request aborted"));
+                    return;
+                }
+                signal.addEventListener("abort", () => req.destroy(new Error("Request aborted")));
+            }
+            if (body === undefined || body === null) {
+                req.end();
+            }
+            else if (typeof body === "string" || Buffer.isBuffer(body) || ArrayBuffer.isView(body)) {
+                req.end(body);
+            }
+            else if (typeof body.pipe === "function") {
+                body.pipe(req);
+            }
+            else {
+                // Fallback: try to serialize objects
+                req.end(String(body));
+            }
+        });
+        const responseHeaders = new Headers();
+        for (const [k, v] of Object.entries(res.headers)) {
+            if (Array.isArray(v)) {
+                v.forEach(item => responseHeaders.append(k, item));
+            }
+            else if (v != null) {
+                responseHeaders.set(k, String(v));
+            }
+        }
+        // Convert Node stream to Web ReadableStream
+        const webStream = stream_1.Readable.toWeb(res);
+        return new Response(webStream, {
+            status: res.statusCode || 0,
+            statusText: res.statusMessage || "",
+            headers: responseHeaders,
+        });
+    });
+}

package/dist/secure-client.d.ts

@@ -0,0 +1,20 @@
+import type { VerificationDocument } from "./verifier";
+interface SecureClientOptions {
+    baseURL?: string;
+    enclaveURL?: string;
+    configRepo?: string;
+}
+export declare class SecureClient {
+    private initPromise;
+    private verificationDocument;
+    private _fetch;
+    private readonly baseURL?;
+    private readonly enclaveURL?;
+    private readonly configRepo?;
+    constructor(options?: SecureClientOptions);
+    ready(): Promise<void>;
+    private initSecureClient;
+    getVerificationDocument(): Promise<VerificationDocument>;
+    get fetch(): typeof fetch;
+}
+export {};

package/dist/secure-client.js

@@ -0,0 +1,127 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecureClient = void 0;
+const verifier_1 = require("./verifier");
+const config_1 = require("./config");
+const secure_fetch_1 = require("./secure-fetch");
+class SecureClient {
+    constructor(options = {}) {
+        this.initPromise = null;
+        this.verificationDocument = null;
+        this._fetch = null;
+        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
+        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
+    }
+    async ready() {
+        if (!this.initPromise) {
+            this.initPromise = this.initSecureClient();
+        }
+        return this.initPromise;
+    }
+    async initSecureClient() {
+        const verifier = new verifier_1.Verifier({
+            serverURL: this.enclaveURL,
+            configRepo: this.configRepo,
+        });
+        try {
+            await verifier.verify();
+            const doc = verifier.getVerificationDocument();
+            if (!doc) {
+                throw new Error("Verification document not available after successful verification");
+            }
+            this.verificationDocument = doc;
+            // Extract keys from the verification document
+            const { hpkePublicKey, tlsPublicKeyFingerprint } = this.verificationDocument.enclaveMeasurement;
+            try {
+                this._fetch = (0, secure_fetch_1.createSecureFetch)(this.baseURL, this.enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint);
+            }
+            catch (transportError) {
+                this.verificationDocument.steps.createTransport = {
+                    status: "failed",
+                    error: transportError.message,
+                };
+                this.verificationDocument.securityVerified = false;
+                throw transportError;
+            }
+        }
+        catch (error) {
+            const doc = verifier.getVerificationDocument();
+            if (doc) {
+                this.verificationDocument = doc;
+            }
+            else {
+                this.verificationDocument = {
+                    configRepo: this.configRepo,
+                    enclaveHost: new URL(this.enclaveURL).hostname,
+                    releaseDigest: "",
+                    codeMeasurement: { type: "", registers: [] },
+                    enclaveMeasurement: { measurement: { type: "", registers: [] } },
+                    securityVerified: false,
+                    steps: {
+                        fetchDigest: { status: "pending" },
+                        verifyCode: { status: "pending" },
+                        verifyEnclave: { status: "pending" },
+                        compareMeasurements: { status: "pending" },
+                        otherError: { status: "failed", error: error.message },
+                    },
+                };
+            }
+            throw error;
+        }
+    }
+    async getVerificationDocument() {
+        if (!this.initPromise) {
+            await this.ready();
+        }
+        await this.initPromise.catch(() => { });
+        if (!this.verificationDocument) {
+            throw new Error("Verification document unavailable: client not verified yet");
+        }
+        return this.verificationDocument;
+    }
+    get fetch() {
+        return async (input, init) => {
+            await this.ready();
+            try {
+                return await this._fetch(input, init);
+            }
+            catch (error) {
+                if (this.verificationDocument) {
+                    const errorMessage = error.message;
+                    if (errorMessage.includes("HPKE public key mismatch")) {
+                        this.verificationDocument.steps.verifyHPKEKey = {
+                            status: "failed",
+                            error: errorMessage,
+                        };
+                        this.verificationDocument.securityVerified = false;
+                    }
+                    else if (errorMessage.includes("Transport initialization failed") ||
+                        errorMessage.includes("Request initialization failed")) {
+                        this.verificationDocument.steps.createTransport = {
+                            status: "failed",
+                            error: errorMessage,
+                        };
+                        this.verificationDocument.securityVerified = false;
+                    }
+                    else if (errorMessage.includes("Failed to get HPKE key")) {
+                        this.verificationDocument.steps.verifyHPKEKey = {
+                            status: "failed",
+                            error: errorMessage,
+                        };
+                        this.verificationDocument.securityVerified = false;
+                    }
+                    else {
+                        this.verificationDocument.steps.otherError = {
+                            status: "failed",
+                            error: errorMessage,
+                        };
+                        this.verificationDocument.securityVerified = false;
+                    }
+                }
+                throw error;
+            }
+        };
+    }
+}
+exports.SecureClient = SecureClient;

package/dist/secure-fetch.browser.d.ts

@@ -0,0 +1 @@
+export declare function createSecureFetch(baseURL: string, enclaveURL?: string, hpkePublicKey?: string, tlsPublicKeyFingerprint?: string): typeof fetch;

package/dist/secure-fetch.browser.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureFetch = createSecureFetch;
+const encrypted_body_fetch_1 = require("./encrypted-body-fetch");
+function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
+    if (hpkePublicKey) {
+        return (0, encrypted_body_fetch_1.createEncryptedBodyFetch)(baseURL, hpkePublicKey, enclaveURL);
+    }
+    else {
+        throw new Error("HPKE public key not available and TLS-only verification is not supported in browsers. " +
+            "Only HPKE-enabled enclaves can be used in browser environments.");
+    }
+}

package/dist/secure-fetch.d.ts

@@ -0,0 +1 @@
+export declare function createSecureFetch(baseURL: string, enclaveURL?: string, hpkePublicKey?: string, tlsPublicKeyFingerprint?: string): typeof fetch;

package/dist/secure-fetch.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createSecureFetch = createSecureFetch;
+const encrypted_body_fetch_1 = require("./encrypted-body-fetch");
+const pinned_tls_fetch_1 = require("./pinned-tls-fetch");
+const env_1 = require("./env");
+function createSecureFetch(baseURL, enclaveURL, hpkePublicKey, tlsPublicKeyFingerprint) {
+    let fetchFunction;
+    if (hpkePublicKey) {
+        fetchFunction = (0, encrypted_body_fetch_1.createEncryptedBodyFetch)(baseURL, hpkePublicKey, enclaveURL);
+    }
+    else {
+        // HPKE not available: check if we're in a browser
+        if ((0, env_1.isRealBrowser)()) {
+            throw new Error("HPKE public key not available and TLS-only verification is not supported in browsers. " +
+                "Only HPKE-enabled enclaves can be used in browser environments.");
+        }
+        // Node.js environment: fall back to TLS-only verification using pinned TLS fetch
+        if (!tlsPublicKeyFingerprint) {
+            throw new Error("Neither HPKE public key nor TLS public key fingerprint available for verification");
+        }
+        fetchFunction = (0, pinned_tls_fetch_1.createPinnedTlsFetch)(baseURL, tlsPublicKeyFingerprint);
+    }
+    return fetchFunction;
+}

package/dist/tinfoilai.d.ts

@@ -0,0 +1,54 @@
+import OpenAI from "openai";
+import type { Audio, Beta, Chat, Embeddings, Files, FineTuning, Images, Models, Moderations, Responses } from "openai/resources";
+import type { VerificationDocument } from "./verifier";
+interface TinfoilAIOptions {
+    apiKey?: string;
+    baseURL?: string;
+    enclaveURL?: string;
+    configRepo?: string;
+    [key: string]: any;
+}
+export declare class TinfoilAI {
+    private client?;
+    private clientPromise;
+    private readyPromise?;
+    private configRepo?;
+    private secureClient;
+    private verificationDocument?;
+    apiKey?: string;
+    baseURL?: string;
+    enclaveURL?: string;
+    constructor(options?: TinfoilAIOptions);
+    ready(): Promise<void>;
+    private initClient;
+    private createOpenAIClient;
+    private ensureReady;
+    getVerificationDocument(): Promise<VerificationDocument>;
+    get chat(): Chat;
+    get files(): Files;
+    get fineTuning(): FineTuning;
+    get images(): Images;
+    get audio(): Audio;
+    get responses(): Responses;
+    get embeddings(): Embeddings;
+    get models(): Models;
+    get moderations(): Moderations;
+    get beta(): Beta;
+}
+export declare namespace TinfoilAI {
+    export import Chat = OpenAI.Chat;
+    export import Audio = OpenAI.Audio;
+    export import Beta = OpenAI.Beta;
+    export import Batches = OpenAI.Batches;
+    export import Completions = OpenAI.Completions;
+    export import Embeddings = OpenAI.Embeddings;
+    export import Files = OpenAI.Files;
+    export import FineTuning = OpenAI.FineTuning;
+    export import Images = OpenAI.Images;
+    export import Models = OpenAI.Models;
+    export import Moderations = OpenAI.Moderations;
+    export import Responses = OpenAI.Responses;
+    export import Uploads = OpenAI.Uploads;
+    export import VectorStores = OpenAI.VectorStores;
+}
+export {};

package/dist/tinfoilai.js

@@ -0,0 +1,141 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TinfoilAI = void 0;
+const openai_1 = __importDefault(require("openai"));
+const secure_client_1 = require("./secure-client");
+const config_1 = require("./config");
+const env_1 = require("./env");
+function createAsyncProxy(promise) {
+    return new Proxy({}, {
+        get(target, prop) {
+            return new Proxy(() => { }, {
+                get(_, nestedProp) {
+                    return (...args) => promise.then((obj) => {
+                        const value = obj[prop][nestedProp];
+                        return typeof value === "function"
+                            ? value.apply(obj[prop], args)
+                            : value;
+                    });
+                },
+                apply(_, __, args) {
+                    return promise.then((obj) => {
+                        const value = obj[prop];
+                        return typeof value === "function" ? value.apply(obj, args) : value;
+                    });
+                },
+            });
+        },
+    });
+}
+class TinfoilAI {
+    constructor(options = {}) {
+        const openAIOptions = { ...options };
+        // In browser builds, never read secrets from process.env to avoid
+        // leaking credentials into client bundles. Require explicit apiKey.
+        if (options.apiKey) {
+            openAIOptions.apiKey = options.apiKey;
+        }
+        else if (!(0, env_1.isRealBrowser)() && process.env.TINFOIL_API_KEY) {
+            openAIOptions.apiKey = process.env.TINFOIL_API_KEY;
+        }
+        this.apiKey = openAIOptions.apiKey;
+        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
+        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
+        this.secureClient = new secure_client_1.SecureClient({
+            baseURL: this.baseURL,
+            enclaveURL: this.enclaveURL,
+            configRepo: this.configRepo,
+        });
+        this.clientPromise = this.initClient(openAIOptions);
+    }
+    async ready() {
+        if (!this.readyPromise) {
+            this.readyPromise = (async () => {
+                this.client = await this.clientPromise;
+            })();
+        }
+        return this.readyPromise;
+    }
+    async initClient(options) {
+        return this.createOpenAIClient(options);
+    }
+    async createOpenAIClient(options = {}) {
+        await this.secureClient.ready();
+        this.verificationDocument = await this.secureClient.getVerificationDocument();
+        if (!this.verificationDocument) {
+            throw new Error("Verification document not available after successful verification");
+        }
+        const clientOptions = {
+            ...options,
+            baseURL: this.baseURL,
+            fetch: this.secureClient.fetch,
+        };
+        if ((0, env_1.isRealBrowser)() || options.dangerouslyAllowBrowser === true) {
+            clientOptions.dangerouslyAllowBrowser = true;
+        }
+        return new openai_1.default(clientOptions);
+    }
+    async ensureReady() {
+        await this.ready();
+        return this.client;
+    }
+    async getVerificationDocument() {
+        await this.ready();
+        if (!this.verificationDocument) {
+            throw new Error("Verification document unavailable: client not verified yet");
+        }
+        return this.verificationDocument;
+    }
+    get chat() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.chat));
+    }
+    get files() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.files));
+    }
+    get fineTuning() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.fineTuning));
+    }
+    get images() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.images));
+    }
+    get audio() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.audio));
+    }
+    get responses() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.responses));
+    }
+    get embeddings() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.embeddings));
+    }
+    get models() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.models));
+    }
+    get moderations() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.moderations));
+    }
+    get beta() {
+        return createAsyncProxy(this.ensureReady().then((client) => client.beta));
+    }
+}
+exports.TinfoilAI = TinfoilAI;
+// Namespace declaration merge to add OpenAI types to TinfoilAI
+(function (TinfoilAI) {
+    TinfoilAI.Chat = openai_1.default.Chat;
+    TinfoilAI.Audio = openai_1.default.Audio;
+    TinfoilAI.Beta = openai_1.default.Beta;
+    TinfoilAI.Batches = openai_1.default.Batches;
+    TinfoilAI.Completions = openai_1.default.Completions;
+    TinfoilAI.Embeddings = openai_1.default.Embeddings;
+    TinfoilAI.Files = openai_1.default.Files;
+    TinfoilAI.FineTuning = openai_1.default.FineTuning;
+    TinfoilAI.Images = openai_1.default.Images;
+    TinfoilAI.Models = openai_1.default.Models;
+    TinfoilAI.Moderations = openai_1.default.Moderations;
+    TinfoilAI.Responses = openai_1.default.Responses;
+    TinfoilAI.Uploads = openai_1.default.Uploads;
+    TinfoilAI.VectorStores = openai_1.default.VectorStores;
+})(TinfoilAI || (exports.TinfoilAI = TinfoilAI = {}));

package/dist/unverified-client.d.ts

@@ -0,0 +1,18 @@
+interface UnverifiedClientOptions {
+    baseURL?: string;
+    enclaveURL?: string;
+    configRepo?: string;
+}
+export declare class UnverifiedClient {
+    private initPromise;
+    private _fetch;
+    private readonly baseURL;
+    private readonly enclaveURL;
+    private readonly configRepo;
+    constructor(options?: UnverifiedClientOptions);
+    ready(): Promise<void>;
+    private initUnverifiedClient;
+    getVerificationDocument(): Promise<void>;
+    get fetch(): typeof fetch;
+}
+export {};

package/dist/unverified-client.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnverifiedClient = void 0;
+const config_1 = require("./config");
+const encrypted_body_fetch_1 = require("./encrypted-body-fetch");
+class UnverifiedClient {
+    constructor(options = {}) {
+        this.initPromise = null;
+        this._fetch = null;
+        this.baseURL = options.baseURL || config_1.TINFOIL_CONFIG.INFERENCE_BASE_URL;
+        this.enclaveURL = options.enclaveURL || config_1.TINFOIL_CONFIG.ENCLAVE_URL;
+        this.configRepo = options.configRepo || config_1.TINFOIL_CONFIG.INFERENCE_PROXY_REPO;
+    }
+    async ready() {
+        if (!this.initPromise) {
+            this.initPromise = this.initUnverifiedClient();
+        }
+        return this.initPromise;
+    }
+    async initUnverifiedClient() {
+        this._fetch = (0, encrypted_body_fetch_1.createEncryptedBodyFetch)(this.baseURL, undefined, this.enclaveURL);
+    }
+    async getVerificationDocument() {
+        if (!this.initPromise) {
+            await this.ready();
+        }
+        await this.initPromise;
+        throw new Error("Verification document unavailable: this version of the client is unverified");
+    }
+    get fetch() {
+        return async (input, init) => {
+            await this.ready();
+            return this._fetch(input, init);
+        };
+    }
+}
+exports.UnverifiedClient = UnverifiedClient;