secretvm-verify 0.1.0

package/README.md

@@ -0,0 +1,312 @@
+# secretvm-verify
+
+Attestation verification SDK for confidential computing environments. Verifies Intel TDX, AMD SEV-SNP, and NVIDIA GPU attestation quotes, with end-to-end Secret VM verification that validates CPU attestation, GPU attestation, and the cryptographic bindings between them.
+
+## What it verifies
+
+- **Intel TDX** — Parses a TDX Quote v4, verifies the ECDSA-P256 signature chain (PCK -> Intermediate -> Root), validates QE report binding, and checks TCB status against Intel's Provisioning Certification Service.
+- **AMD SEV-SNP** — Parses a SEV-SNP attestation report, fetches the VCEK certificate from AMD's Key Distribution Service, verifies the ECDSA-P384 report signature, and validates the certificate chain (VCEK -> ASK -> ARK).
+- **NVIDIA GPU** — Submits GPU attestation evidence to NVIDIA's Remote Attestation Service (NRAS), verifies the returned JWT signatures against NVIDIA's published JWKS keys, and extracts per-GPU attestation claims.
+- **SecretVM workload** — Given a TDX or SEV-SNP quote and a `docker-compose.yaml`, determines whether the quote was produced by a known SecretVM image and verifies the exact compose file that was booted.
+- **Secret VM** — End-to-end verification that connects to a VM's attestation endpoints, verifies CPU and GPU attestation, and validates TLS and GPU cryptographic bindings.
+- **ERC-8004 Agent verification** — End-to-end verification of on-chain AI agents registered under the [ERC-8004](https://eips.ethereum.org/EIPS/eip-8004) standard. Resolves agent metadata from any supported blockchain (Ethereum, Base, Arbitrum, Polygon, and 14 more), discovers the agent's TEE attestation endpoints, and runs the full verification flow. Three composable functions:
+  - **`resolveAgent`** — Queries the on-chain registry contract for the agent's metadata.
+  - **`verifyAgent`** — Takes agent metadata and runs full TEE verification against the agent's declared endpoints.
+  - **`checkAgent`** — End-to-end: resolves the agent on-chain, then verifies it.
+
+## Installation
+
+```bash
+npm install secretvm-verify
+```
+
+## Quick start
+
+### Verify a Secret VM (recommended)
+
+The simplest way to verify a VM — handles CPU detection, GPU detection, and all binding checks automatically.
+
+```typescript
+import { checkSecretVm } from 'secretvm-verify';
+
+const result = await checkSecretVm('my-vm.example.com');
+
+console.log(result.valid);           // true if all checks pass
+console.log(result.attestationType); // "SECRET-VM"
+console.log(result.checks);         // { tls_cert_obtained: true, cpu_attestation_valid: true, ... }
+console.log(result.report);         // { tls_fingerprint: "...", cpu: {...}, cpu_type: "TDX", ... }
+console.log(result.errors);         // [] if no errors
+```
+
+### Verify an ERC-8004 agent
+
+Verify an AI agent registered on-chain using the ERC-8004 standard. Supports 18 chains including Ethereum, Base, Arbitrum, and more.
+
+```typescript
+import { checkAgent } from 'secretvm-verify';
+
+// End-to-end: resolve on-chain + verify TEE attestation
+const result = await checkAgent(38114, 'base');
+
+console.log(result.valid);           // true if all checks pass
+console.log(result.attestationType); // "ERC-8004"
+console.log(result.checks);         // { agent_resolved: true, metadata_valid: true, ... }
+```
+
+You can also work with the individual steps:
+
+```typescript
+import { resolveAgent, verifyAgent } from 'secretvm-verify';
+
+// Step 1: Resolve agent metadata from the blockchain
+const metadata = await resolveAgent(38114, 'base');
+console.log(metadata.name);            // Agent name
+console.log(metadata.services);        // [{ name: "teequote", endpoint: "..." }, ...]
+console.log(metadata.supportedTrust);  // ["tee-attestation"]
+
+// Step 2: Verify the agent's TEE attestation
+const result = await verifyAgent(metadata);
+```
+
+**RPC configuration:** Set `SECRETVM_RPC_BASE` (or `SECRETVM_RPC_<CHAIN>`) environment variable to use your own RPC endpoint. Falls back to public RPCs if not set.
+
+### Resolve SecretVM version from a quote
+
+Given a TDX or SEV-SNP quote, determine which official SecretVM template and version produced it:
+
+```typescript
+import { resolveSecretVmVersion } from 'secretvm-verify';
+import { readFileSync } from 'fs';
+
+const result = resolveSecretVmVersion(readFileSync('cpu_quote.txt', 'utf8'));
+if (result) {
+  console.log(result.template_name); // e.g. "small"
+  console.log(result.artifacts_ver); // e.g. "v0.0.25"
+} else {
+  console.log('Not a known SecretVM');
+}
+```
+
+### Verify a workload (quote + docker-compose)
+
+Verify that a quote was produced by a known SecretVM *and* that it was running a specific `docker-compose.yaml`:
+
+```typescript
+import { verifyWorkload, formatWorkloadResult } from 'secretvm-verify';
+import { readFileSync } from 'fs';
+
+// Auto-detects TDX vs SEV-SNP:
+const result = verifyWorkload(
+  readFileSync('cpu_quote.txt', 'utf8'),
+  readFileSync('docker-compose.yaml', 'utf8'),
+);
+
+console.log(result.status);        // "authentic_match" | "authentic_mismatch" | "not_authentic"
+console.log(result.template_name); // e.g. "small"   (undefined when not_authentic)
+console.log(result.artifacts_ver); // e.g. "v0.0.25" (undefined when not_authentic)
+console.log(result.env);           // e.g. "prod"    (undefined when not_authentic)
+console.log(formatWorkloadResult(result)); // human-readable summary
+```
+
+### Verify a CPU quote (auto-detect TDX vs SEV-SNP)
+
+```typescript
+import { checkCpuAttestation } from 'secretvm-verify';
+import { readFileSync } from 'fs';
+
+const result = await checkCpuAttestation(readFileSync('cpu_quote.txt', 'utf8'));
+
+console.log(result.attestationType); // "TDX" or "SEV-SNP"
+console.log(result.valid);
+```
+
+## API reference
+
+### `AttestationResult`
+
+All functions return an `AttestationResult` with these fields:
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `valid` | `boolean` | Overall pass/fail |
+| `attestationType` | `string` | `"TDX"`, `"SEV-SNP"`, `"NVIDIA-GPU"`, or `"SECRET-VM"` |
+| `checks` | `Record<string, boolean>` | Individual verification steps |
+| `report` | `Record<string, any>` | Parsed attestation fields |
+| `errors` | `string[]` | Error messages for failed checks |
+
+### Functions
+
+#### `checkSecretVm(url, product?)`
+
+End-to-end Secret VM verification. Connects to `<url>:29343`, fetches CPU and GPU quotes, verifies both, and checks TLS and GPU bindings.
+
+**Parameters:**
+- `url` — VM address (e.g., `"my-vm.example.com"`, `"https://my-vm:29343"`)
+- `product` — AMD product name (`"Genoa"`, `"Milan"`, `"Turin"`). Only needed for SEV-SNP, auto-detected if omitted.
+
+#### `checkCpuAttestation(data, product?)`
+
+Auto-detects Intel TDX vs AMD SEV-SNP and delegates to the appropriate function.
+
+#### `checkTdxCpuAttestation(data)`
+
+Verifies an Intel TDX Quote v4.
+
+#### `checkSevCpuAttestation(data, product?)`
+
+Verifies an AMD SEV-SNP attestation report.
+
+#### `checkNvidiaGpuAttestation(data)`
+
+Verifies NVIDIA GPU attestation via NRAS.
+
+#### `resolveSecretVmVersion(data)`
+
+Looks up a quote in the SecretVM artifact registry. Returns the matching template name and version, or `null` if not found.
+
+#### `verifyWorkload(data, dockerComposeYaml)`
+
+Auto-detects quote type and verifies that it was produced by a known SecretVM running the given docker-compose.
+
+#### `verifyTdxWorkload(data, dockerComposeYaml)`
+
+TDX-specific workload verification.
+
+#### `verifySevWorkload(data, dockerComposeYaml)`
+
+SEV-SNP-specific workload verification.
+
+#### `formatWorkloadResult(result)`
+
+Formats a `WorkloadResult` as a human-readable string.
+
+### `WorkloadResult`
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `status` | `WorkloadStatus` | `"authentic_match"`, `"authentic_mismatch"`, or `"not_authentic"` |
+| `template_name` | `string \| undefined` | SecretVM template (e.g. `"small"`) |
+| `artifacts_ver` | `string \| undefined` | Artifacts version (e.g. `"v0.0.25"`) |
+| `env` | `string \| undefined` | Environment (e.g. `"prod"`) |
+
+### ERC-8004 Agent Functions
+
+#### `checkAgent(agentId, chain)`
+
+End-to-end ERC-8004 agent verification. Resolves agent metadata from the on-chain registry, then verifies TEE attestation.
+
+**Parameters:**
+- `agentId` — The agent's on-chain token ID (number)
+- `chain` — Chain name (e.g. `"base"`, `"ethereum"`, `"arbitrum"`)
+
+#### `resolveAgent(agentId, chain)`
+
+Resolves an agent's metadata from the on-chain registry contract. Returns an `AgentMetadata` object.
+
+#### `verifyAgent(metadata)`
+
+Verifies an ERC-8004 agent given its metadata. Discovers teequote/workload endpoints and runs the full verification flow.
+
+**Parameters:**
+- `metadata` — `AgentMetadata` object with `name`, `supportedTrust`, and `services`
+
+### `AgentMetadata`
+
+| Field | Type | Description |
+|-------|------|-------------|
+| `name` | `string` | Agent name |
+| `description` | `string \| undefined` | Agent description |
+| `supportedTrust` | `string[]` | Trust models (must include `"tee-attestation"`) |
+| `services` | `AgentService[]` | Service endpoints (`name` + `endpoint`) |
+
+### RPC Configuration
+
+An RPC URL **must** be provided via environment variable to use the ERC-8004 agent functions. No default RPCs are shipped with the package.
+
+Set one of:
+- `SECRETVM_RPC_<CHAIN>` — chain-specific (e.g. `SECRETVM_RPC_BASE`, `SECRETVM_RPC_ETHEREUM`)
+- `SECRETVM_RPC_URL` — generic fallback for all chains
+
+Example:
+```bash
+export SECRETVM_RPC_BASE="https://base-mainnet.g.alchemy.com/v2/YOUR_KEY"
+```
+
+Supported chains: ethereum, base, arbitrum, sepolia, polygon, bnb, gnosis, linea, taiko, celo, avalanche, optimism, abstract, megaeth, mantle, soneium, xlayer, metis.
+
+## CLI usage
+
+Install globally:
+
+```bash
+npm install -g secretvm-verify
+```
+
+Or from the repo:
+
+```bash
+cd node
+npm install && npm run build
+npm install -g .
+```
+
+Then use from anywhere:
+
+```bash
+# Verify a Secret VM (CPU + GPU + TLS binding)
+secretvm-verify --secretvm yellow-krill.vm.scrtlabs.com
+
+# Verify individual attestation quotes from files
+secretvm-verify --tdx cpu_quote.txt
+secretvm-verify --sev amd_cpu_quote.txt --product Genoa
+secretvm-verify --gpu gpu_attest.txt
+
+# Auto-detect CPU quote type (TDX vs SEV-SNP)
+secretvm-verify --cpu cpu_quote.txt
+
+# Resolve which SecretVM version produced a quote
+secretvm-verify --resolve-version cpu_quote.txt
+secretvm-verify -rv cpu_quote.txt
+
+# Verify a quote + docker-compose match
+secretvm-verify --verify-workload cpu_quote.txt --compose docker-compose.yaml
+secretvm-verify -vw cpu_quote.txt --compose docker-compose.yaml
+
+# JSON output (any command)
+secretvm-verify --secretvm yellow-krill.vm.scrtlabs.com --raw
+
+# Verbose output (all attestation fields)
+secretvm-verify --secretvm yellow-krill.vm.scrtlabs.com -v
+
+# Verify an ERC-8004 agent on-chain
+SECRETVM_RPC_BASE="https://..." secretvm-verify --check-agent 38114 --chain base
+secretvm-verify --check-agent 38114 --chain base -v
+
+# Verify an agent from a metadata JSON file
+secretvm-verify --agent metadata.json
+
+# A bare URL defaults to --secretvm
+secretvm-verify yellow-krill.vm.scrtlabs.com
+```
+
+## External services
+
+The library contacts these services during verification:
+
+| Service | Used by | Purpose |
+|---------|---------|---------|
+| [Intel PCS](https://api.trustedservices.intel.com) | TDX | TCB status lookup |
+| [AMD KDS](https://kdsintf.amd.com) | SEV-SNP | VCEK certificate and cert chain |
+| [NVIDIA NRAS](https://nras.attestation.nvidia.com) | GPU | GPU attestation verification |
+
+**Note:** AMD KDS has rate limits. If you encounter 429 errors, specify the `product` parameter to reduce the number of requests.
+
+## Requirements
+
+- Node.js >= 18 (uses built-in `crypto`, `fetch`)
+- `openssl` CLI (required for AMD SEV-SNP certificate chain verification)
+- `yaml` (npm dependency, included)
+
+## License
+
+MIT

package/dist/agent.d.ts

@@ -0,0 +1,29 @@
+import { AttestationResult } from "./types.js";
+import type { AgentMetadata } from "./types.js";
+/**
+ * Resolve an ERC-8004 agent's metadata from the on-chain registry.
+ *
+ * Queries the registry contract for the agent's tokenURI, fetches the
+ * metadata JSON, and returns a normalized AgentMetadata object.
+ *
+ * RPC URL resolution priority:
+ *   1. SECRETVM_RPC_<CHAIN> env var (e.g. SECRETVM_RPC_BASE)
+ *   2. SECRETVM_RPC_URL env var (generic fallback)
+ *   3. Default public RPC for the chain
+ */
+export declare function resolveAgent(agentId: number, chain: string): Promise<AgentMetadata>;
+/**
+ * Verify an ERC-8004 agent given its metadata.
+ *
+ * Discovers teequote and workload endpoints from the metadata, then runs
+ * the full verification flow: TLS cert, CPU quote, TLS binding, GPU quote,
+ * GPU binding, and workload verification.
+ */
+export declare function verifyAgent(metadata: AgentMetadata): Promise<AttestationResult>;
+/**
+ * End-to-end ERC-8004 agent verification.
+ *
+ * Resolves the agent's metadata from the on-chain registry, then runs
+ * the full verification flow via verifyAgent.
+ */
+export declare function checkAgent(agentId: number, chain: string): Promise<AttestationResult>;

package/dist/agent.js

@@ -0,0 +1,353 @@
+import crypto from "node:crypto";
+import tls from "node:tls";
+import { ethers } from "ethers";
+import { getChainConfig, getRpcUrl } from "./chains.js";
+import { makeResult } from "./types.js";
+import { checkCpuAttestation } from "./cpu.js";
+import { checkNvidiaGpuAttestation } from "./nvidia.js";
+import { verifyWorkload } from "./workload.js";
+const REGISTRY_ABI = [
+    "function tokenURI(uint256 tokenId) view returns (string)",
+    "function agentURI(uint256 agentId) view returns (string)",
+];
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function normalizeServices(raw) {
+    if (!Array.isArray(raw))
+        return [];
+    return raw.map((service, index) => {
+        const entry = (service ?? {});
+        const name = typeof entry.name === "string" ? entry.name : "";
+        const endpoint = typeof entry.endpoint === "string" ? entry.endpoint : "";
+        return {
+            name: name || `service-${index + 1}`,
+            endpoint,
+        };
+    });
+}
+function getTlsCertFingerprint(host, port) {
+    return new Promise((resolve, reject) => {
+        const socket = tls.connect({ host, port, rejectUnauthorized: true }, () => {
+            const cert = socket.getPeerX509Certificate();
+            if (!cert) {
+                socket.destroy();
+                return reject(new Error("No certificate received"));
+            }
+            const fingerprint = crypto
+                .createHash("sha256")
+                .update(cert.raw)
+                .digest();
+            socket.destroy();
+            resolve(fingerprint);
+        });
+        socket.on("error", reject);
+        socket.setTimeout(10_000, () => {
+            socket.destroy();
+            reject(new Error("TLS connection timed out"));
+        });
+    });
+}
+function extractDockerCompose(raw) {
+    let text = raw.trim();
+    const preMatch = text.match(/<pre>([\s\S]*?)<\/pre>/i);
+    if (preMatch)
+        text = preMatch[1];
+    text = text
+        .replace(/&#(\d+);/g, (_, code) => String.fromCharCode(Number(code)))
+        .replace(/&#x([0-9a-fA-F]+);/g, (_, hex) => String.fromCharCode(parseInt(hex, 16)))
+        .replace(/&amp;/g, "&")
+        .replace(/&lt;/g, "<")
+        .replace(/&gt;/g, ">")
+        .replace(/&quot;/g, '"')
+        .replace(/&apos;/g, "'");
+    text = text.replace(/[\u200B\u200C\u200D\uFEFF]/g, "");
+    return text;
+}
+function findTeequoteEndpoint(services) {
+    for (const s of services) {
+        if (s.name.toLowerCase() === "teequote" && s.endpoint)
+            return s.endpoint;
+    }
+    for (const s of services) {
+        if (s.endpoint && s.endpoint.includes(":29343"))
+            return s.endpoint;
+    }
+    return undefined;
+}
+function findWorkloadEndpoint(services) {
+    for (const s of services) {
+        if (s.name.toLowerCase() === "workload" && s.endpoint)
+            return s.endpoint;
+    }
+    return undefined;
+}
+function normalizeEndpoint(endpoint) {
+    if (!endpoint.startsWith("http://") && !endpoint.startsWith("https://")) {
+        return `https://${endpoint}`;
+    }
+    return endpoint;
+}
+// ---------------------------------------------------------------------------
+// Public: resolveAgent
+// ---------------------------------------------------------------------------
+/**
+ * Resolve an ERC-8004 agent's metadata from the on-chain registry.
+ *
+ * Queries the registry contract for the agent's tokenURI, fetches the
+ * metadata JSON, and returns a normalized AgentMetadata object.
+ *
+ * RPC URL resolution priority:
+ *   1. SECRETVM_RPC_<CHAIN> env var (e.g. SECRETVM_RPC_BASE)
+ *   2. SECRETVM_RPC_URL env var (generic fallback)
+ *   3. Default public RPC for the chain
+ */
+export async function resolveAgent(agentId, chain) {
+    const chainConfig = getChainConfig(chain);
+    const rpcUrl = getRpcUrl(chain);
+    const provider = new ethers.JsonRpcProvider(rpcUrl);
+    const contract = new ethers.Contract(chainConfig.registryAddress, REGISTRY_ABI, provider);
+    let tokenUri;
+    try {
+        tokenUri = await contract.tokenURI(agentId);
+    }
+    catch {
+        try {
+            tokenUri = await contract.agentURI(agentId);
+        }
+        catch {
+            throw new Error(`Could not find tokenURI or agentURI for agent ${agentId} on ${chainConfig.name}`);
+        }
+    }
+    if (!tokenUri || tokenUri.trim() === "") {
+        throw new Error(`Registry returned empty tokenURI for agent ${agentId}`);
+    }
+    let manifest;
+    if (tokenUri.startsWith("data:")) {
+        // Handle data URIs (e.g. data:application/json;base64,...)
+        const encoded = tokenUri.split(",", 2)[1];
+        manifest = JSON.parse(Buffer.from(encoded, "base64").toString("utf8"));
+    }
+    else {
+        let fetchUrl = tokenUri;
+        if (fetchUrl.startsWith("ipfs://")) {
+            fetchUrl = fetchUrl.replace("ipfs://", "https://ipfs.io/ipfs/");
+        }
+        const resp = await fetch(fetchUrl);
+        if (!resp.ok) {
+            throw new Error(`Failed to fetch agent metadata from ${fetchUrl}: HTTP ${resp.status}`);
+        }
+        manifest = (await resp.json());
+    }
+    const trust = manifest.supportedTrust ??
+        manifest.supported_trust ??
+        [];
+    return {
+        name: typeof manifest.name === "string" && manifest.name.trim()
+            ? manifest.name
+            : `Agent ${agentId}`,
+        description: typeof manifest.description === "string" ? manifest.description : undefined,
+        supportedTrust: Array.isArray(trust) ? trust : [],
+        services: normalizeServices(manifest.services ?? manifest.endpoints),
+    };
+}
+// ---------------------------------------------------------------------------
+// Public: verifyAgent
+// ---------------------------------------------------------------------------
+/**
+ * Verify an ERC-8004 agent given its metadata.
+ *
+ * Discovers teequote and workload endpoints from the metadata, then runs
+ * the full verification flow: TLS cert, CPU quote, TLS binding, GPU quote,
+ * GPU binding, and workload verification.
+ */
+export async function verifyAgent(metadata) {
+    const errors = [];
+    const checks = {};
+    const report = {};
+    report.agent_name = metadata.name;
+    // 1. Validate metadata
+    const hasTeeAttestation = metadata.supportedTrust
+        .map((t) => t.toLowerCase())
+        .includes("tee-attestation");
+    if (!hasTeeAttestation) {
+        errors.push("Agent does not support tee-attestation");
+        checks.metadata_valid = false;
+        return makeResult("ERC-8004", { checks, report, errors });
+    }
+    const teequoteEndpoint = findTeequoteEndpoint(metadata.services);
+    if (!teequoteEndpoint) {
+        errors.push("No teequote service endpoint found in agent metadata");
+        checks.metadata_valid = false;
+        return makeResult("ERC-8004", { checks, report, errors });
+    }
+    checks.metadata_valid = true;
+    // 2. Derive URLs
+    const baseUrl = normalizeEndpoint(teequoteEndpoint).replace(/\/+$/, "");
+    const cpuUrl = baseUrl.endsWith("/cpu") ? baseUrl : `${baseUrl}/cpu`;
+    const gpuUrl = baseUrl.endsWith("/cpu")
+        ? baseUrl.replace(/\/cpu$/, "/gpu")
+        : `${baseUrl}/gpu`;
+    const workloadService = findWorkloadEndpoint(metadata.services);
+    const workloadUrl = workloadService
+        ? normalizeEndpoint(workloadService)
+        : baseUrl.endsWith("/cpu")
+            ? baseUrl.replace(/\/cpu$/, "/docker-compose")
+            : `${baseUrl}/docker-compose`;
+    const parsed = new URL(cpuUrl.endsWith("/cpu") ? cpuUrl.replace(/\/cpu$/, "") : cpuUrl);
+    const host = parsed.hostname;
+    const port = parsed.port ? Number(parsed.port) : 443;
+    // 3. TLS certificate fingerprint
+    let tlsFingerprint;
+    try {
+        tlsFingerprint = await getTlsCertFingerprint(host, port);
+        checks.tls_cert_obtained = true;
+        report.tls_fingerprint = tlsFingerprint.toString("hex");
+    }
+    catch (e) {
+        errors.push(`Failed to get TLS certificate: ${e.message}`);
+        checks.tls_cert_obtained = false;
+        return makeResult("ERC-8004", { checks, report, errors });
+    }
+    // 4. Fetch and verify CPU quote
+    let cpuData;
+    try {
+        const resp = await fetch(cpuUrl);
+        if (!resp.ok)
+            throw new Error(`HTTP ${resp.status}`);
+        cpuData = await resp.text();
+        checks.cpu_quote_fetched = true;
+    }
+    catch (e) {
+        errors.push(`Failed to fetch CPU quote: ${e.message}`);
+        checks.cpu_quote_fetched = false;
+        return makeResult("ERC-8004", { checks, report, errors });
+    }
+    const cpuResult = await checkCpuAttestation(cpuData);
+    checks.cpu_attestation_valid = cpuResult.valid;
+    report.cpu = cpuResult.report;
+    report.cpu_type = cpuResult.attestationType;
+    if (!cpuResult.valid)
+        errors.push(...cpuResult.errors);
+    // 5. TLS binding
+    const reportDataHex = cpuResult.report.report_data ?? "";
+    if (reportDataHex.length >= 64) {
+        const firstHalf = reportDataHex.slice(0, 64);
+        checks.tls_binding = firstHalf === tlsFingerprint.toString("hex");
+        if (!checks.tls_binding) {
+            errors.push(`TLS binding failed: report_data first half (${firstHalf.slice(0, 16)}...) ` +
+                `!= TLS fingerprint (${tlsFingerprint.toString("hex").slice(0, 16)}...)`);
+        }
+    }
+    else {
+        checks.tls_binding = false;
+        errors.push("report_data too short for TLS binding check");
+    }
+    // 6. GPU quote (optional)
+    let gpuPresent = false;
+    let gpuData = "";
+    try {
+        const resp = await fetch(gpuUrl);
+        if (resp.ok) {
+            gpuData = await resp.text();
+            const gpuJson = JSON.parse(gpuData);
+            if ("error" in gpuJson) {
+                checks.gpu_quote_fetched = false;
+            }
+            else {
+                gpuPresent = true;
+                checks.gpu_quote_fetched = true;
+            }
+        }
+        else {
+            checks.gpu_quote_fetched = false;
+        }
+    }
+    catch {
+        checks.gpu_quote_fetched = false;
+    }
+    if (gpuPresent) {
+        const gpuResult = await checkNvidiaGpuAttestation(gpuData);
+        checks.gpu_attestation_valid = gpuResult.valid;
+        report.gpu = gpuResult.report;
+        if (!gpuResult.valid)
+            errors.push(...gpuResult.errors);
+        const gpuJson = JSON.parse(gpuData);
+        const gpuNonce = gpuJson.nonce ?? "";
+        if (reportDataHex.length >= 128) {
+            const secondHalf = reportDataHex.slice(64, 128);
+            checks.gpu_binding = secondHalf === gpuNonce;
+            if (!checks.gpu_binding) {
+                errors.push(`GPU binding failed: report_data second half (${secondHalf.slice(0, 16)}...) ` +
+                    `!= GPU nonce (${gpuNonce.slice(0, 16)}...)`);
+            }
+        }
+        else {
+            checks.gpu_binding = false;
+            errors.push("report_data too short for GPU binding check");
+        }
+    }
+    // 7. Workload verification
+    try {
+        const resp = await fetch(workloadUrl);
+        if (!resp.ok)
+            throw new Error(`HTTP ${resp.status}`);
+        const dockerCompose = extractDockerCompose(await resp.text());
+        checks.workload_fetched = true;
+        const workloadResult = verifyWorkload(cpuData, dockerCompose);
+        checks.workload_verified = workloadResult.status === "authentic_match";
+        report.workload = workloadResult;
+        if (workloadResult.status === "authentic_mismatch") {
+            errors.push("Workload mismatch: VM is authentic but docker-compose does not match");
+        }
+        else if (workloadResult.status === "not_authentic") {
+            errors.push("Workload verification failed: not an authentic SecretVM");
+        }
+    }
+    catch (e) {
+        errors.push(`Failed to fetch workload: ${e.message}`);
+        checks.workload_fetched = false;
+    }
+    // Overall validity
+    const requiredChecks = [
+        checks.metadata_valid,
+        checks.tls_cert_obtained,
+        checks.cpu_quote_fetched,
+        checks.cpu_attestation_valid,
+        checks.tls_binding,
+        !!checks.workload_verified,
+    ];
+    if (gpuPresent) {
+        requiredChecks.push(!!checks.gpu_attestation_valid);
+        requiredChecks.push(!!checks.gpu_binding);
+    }
+    const valid = requiredChecks.every(Boolean);
+    return makeResult("ERC-8004", { valid, checks, report, errors });
+}
+// ---------------------------------------------------------------------------
+// Public: checkAgent
+// ---------------------------------------------------------------------------
+/**
+ * End-to-end ERC-8004 agent verification.
+ *
+ * Resolves the agent's metadata from the on-chain registry, then runs
+ * the full verification flow via verifyAgent.
+ */
+export async function checkAgent(agentId, chain) {
+    const errors = [];
+    const checks = {};
+    let metadata;
+    try {
+        metadata = await resolveAgent(agentId, chain);
+        checks.agent_resolved = true;
+    }
+    catch (e) {
+        errors.push(`Failed to resolve agent: ${e.message}`);
+        checks.agent_resolved = false;
+        return makeResult("ERC-8004", { checks, errors });
+    }
+    const result = await verifyAgent(metadata);
+    result.checks = { agent_resolved: true, ...result.checks };
+    return result;
+}
+//# sourceMappingURL=agent.js.map