@praecise/tere
Version:
Trusted Execution Runtime Environment SDK
528 lines (527 loc) • 9.68 kB
TypeScript
/**
* TERE client options
*/
export interface TereOptions {
/**
* API endpoint URL
* @default 'https://api.tere.praecise.com'
*/
endpoint?: string;
/**
* API key for authentication
*/
apiKey?: string;
/**
* Request timeout in milliseconds
* @default 30000
*/
timeout?: number;
}
/**
* Options for deploying a TERE script
*/
export interface DeployOptions {
/**
* Name of the script
*/
name: string;
/**
* The compiled TERE binary
*/
tereBinary: Buffer | string;
/**
* Optional description
*/
description?: string;
/**
* Optional deployment configuration
*/
config?: DeploymentConfig;
}
/**
* Deployment configuration options
*/
export interface DeploymentConfig {
/**
* Type of TEE to use
*/
teeType?: 'confidential_vm' | 'confidential_gke';
/**
* Cloud provider to use
*/
provider?: string;
/**
* Region or zone
*/
location?: string;
/**
* Resource limits
*/
resourceLimits?: ResourceLimits;
/**
* Security settings
*/
securitySettings?: SecuritySettings;
/**
* Network configuration
*/
networkConfig?: NetworkConfig;
}
/**
* Resource limits for TEE instances
*/
export interface ResourceLimits {
/**
* Number of CPU cores
*/
cpuCores?: number;
/**
* Memory in megabytes
*/
memoryMb?: number;
/**
* Storage in gigabytes
*/
storageGb?: number;
}
/**
* Security settings for TEE instances
*/
export interface SecuritySettings {
/**
* Enable secure boot
*/
secureBoot?: boolean;
/**
* Enable integrity monitoring
*/
integrityMonitoring?: boolean;
/**
* Enable vTPM
*/
vtpm?: boolean;
/**
* Confidential compute type
*/
confidentialComputeType?: 'SEV' | 'SEV_SNP' | 'TDX';
/**
* Minimum firmware version
*/
minFirmwareVersion?: string;
/**
* Enable Hardware Security Module (HSM) support
*/
enableHsm?: boolean;
/**
* HSM key ring name
*/
hsmKeyRing?: string;
}
/**
* Network configuration for TEE instances
*/
export interface NetworkConfig {
/**
* VPC network to use
*/
network?: string;
/**
* Subnet to use
*/
subnet?: string;
/**
* Whether to use public IP
*/
usePublicIp?: boolean;
/**
* Network tags
*/
networkTags?: string[];
}
/**
* Response to a deploy request
*/
export interface DeployResponse {
/**
* ID of the deployed script
*/
scriptId: string;
/**
* Attestation proof for the TEE
*/
attestation: string;
/**
* Instance information
*/
instanceInfo: InstanceInfo;
}
/**
* Information about the deployed TEE instance
*/
export interface InstanceInfo {
/**
* Type of TEE
*/
teeType: string;
/**
* Region or zone
*/
location: string;
/**
* URL to verify attestation
*/
attestationVerificationUrl: string;
/**
* Additional details
*/
details: Record<string, string>;
}
/**
* Options for executing a function in a deployed script
*/
export interface ExecuteOptions {
/**
* ID of the deployed script
*/
scriptId: string;
/**
* Function to call
*/
function: string;
/**
* Arguments to pass to the function
*/
arguments: unknown[] | string | unknown;
/**
* Whether to wait for the result (or return a job ID)
*/
waitForResult?: boolean;
/**
* Optional caller identity
*/
callerId?: string;
/**
* Nonce for attestation freshness
*/
nonce?: string;
/**
* HSM key ID to use for operations requiring hardware protection
*/
hsmKeyId?: string;
}
/**
* Response from script execution
*/
export interface ExecuteResponse {
/**
* Result from the function
*/
result: unknown;
/**
* Attestation proof that the execution happened in a TEE
*/
attestation: string;
/**
* Resource usage information
*/
resourceUsage?: ResourceUsage;
/**
* Job ID if async execution
*/
jobId?: string;
/**
* HSM attestation if using hardware security module
*/
hsmAttestation?: string;
}
/**
* Resource usage information
*/
export interface ResourceUsage {
/**
* Gas used during execution
*/
gasUsed: number;
/**
* Execution time in milliseconds
*/
executionTimeMs: number;
/**
* Memory usage in bytes
*/
memoryBytes: number;
}
/**
* Script information
*/
export interface ScriptInfo {
/**
* ID of the script
*/
id: string;
/**
* Name of the script
*/
name: string;
/**
* Description of the script
*/
description: string;
/**
* Cloud provider (e.g., 'gcp', 'azure', 'aws')
*/
provider: string;
/**
* Type of TEE (e.g., 'confidential_vm', 'confidential_gke')
*/
teeType: string;
/**
* Location (region/zone)
*/
location: string;
/**
* When the script was deployed
*/
creationTime: Date;
/**
* Status of the script
*/
status: string;
/**
* Whether HSM is enabled for this script
*/
hsmEnabled?: boolean;
}
/**
* Options for verifying attestation
*/
export interface VerifyAttestationOptions {
/**
* The attestation to verify
*/
attestation: string;
/**
* Expected nonce for verifying attestation freshness
*/
expectedNonce?: string;
}
/**
* Result of attestation verification
*/
export interface VerifyAttestationResult {
/**
* Whether the attestation is valid
*/
valid: boolean;
/**
* Detailed attestation information
*/
details?: AttestationDetails;
}
/**
* Detailed attestation information
*/
export interface AttestationDetails {
/**
* Type of TEE
*/
teeType: string;
/**
* Cloud provider
*/
provider: string;
/**
* Instance ID
*/
instanceId: string;
/**
* Timestamp of the attestation
*/
timestamp: Date;
/**
* Whether secure boot is enabled
*/
secureBoot: boolean;
/**
* Whether integrity verification passed
*/
integrityVerified: boolean;
/**
* Firmware version
*/
firmwareVersion?: string;
/**
* HSM information if available
*/
hsmInfo?: HsmInfo;
}
/**
* HSM information
*/
export interface HsmInfo {
/**
* Whether HSM is enabled
*/
enabled: boolean;
/**
* HSM protection level
*/
protectionLevel: string;
/**
* HSM key details
*/
keyDetails?: Record<string, unknown>;
}
/**
* Information about a HSM key
*/
export interface HsmKeyInfo {
/**
* ID of the key
*/
id: string;
/**
* Full name of the key
*/
name: string;
/**
* Purpose of the key (encrypt, sign, decrypt)
*/
purpose: string;
/**
* Algorithm used by the key
*/
algorithm: string;
/**
* Protection level (HSM)
*/
protectionLevel: string;
/**
* Creation time of the key
*/
createTime: Date;
/**
* Current status of the key
*/
status: string;
}
/**
* Options for crypto provider
*/
export interface CryptoProviderOptions {
/**
* Provider type ('software' or 'hsm')
*/
provider?: 'software' | 'hsm';
/**
* Key ID for HSM operations
*/
keyId?: string;
/**
* Protection level for key
*/
protection?: 'software' | 'hsm';
/**
* Key ring for HSM keys
*/
keyRing?: string;
/**
* Location for HSM keys
*/
location?: string;
/**
* Additional provider-specific options
*/
[key: string]: unknown;
}
/**
* Options for packaging a TERE script
*/
export interface PackageOptions {
/**
* The code to package
*/
code: string;
/**
* Unique ID for the script (optional, will be generated if not provided)
*/
id?: string;
/**
* Name of the script
*/
name: string;
/**
* Version of the script
*/
version: string;
/**
* Author of the script
*/
author?: string;
/**
* Description of the script
*/
description?: string;
/**
* Exported functions
*/
functions?: string[];
}
/**
* Script metadata structure for TERE packages
*/
export interface ScriptMetadata {
/**
* Unique ID for the script
*/
id: string;
/**
* Name of the script
*/
name: string;
/**
* Version of the script
*/
version: string;
/**
* Timestamp when the script was packaged
*/
timestamp: string;
/**
* Author of the script
*/
author: string;
/**
* Description of the script
*/
description: string;
/**
* List of exported functions
*/
functions: string[];
/**
* SHA-256 hash of the code
*/
sha256: string;
}
/**
* Custom error class for TERE SDK
*/
export declare class TereError extends Error {
/**
* Error code
*/
code: string;
/**
* HTTP status code (if applicable)
*/
statusCode: number;
/**
* Request ID for debugging
*/
requestId?: string;
/**
* Create a new TereError
*/
constructor(message: string, code: string, statusCode: number, requestId?: string);
}