Skip to content

Add on-chain TEE registry discovery with TLS certificate pinning#6

Merged
adambalogh merged 2 commits intomainfrom
claude/add-tee-registry-ts-a56Wn
May 5, 2026
Merged

Add on-chain TEE registry discovery with TLS certificate pinning#6
adambalogh merged 2 commits intomainfrom
claude/add-tee-registry-ts-a56Wn

Conversation

@adambalogh
Copy link
Copy Markdown
Contributor

@adambalogh adambalogh commented May 5, 2026

Summary

This PR introduces on-chain TEE registry integration to dynamically discover active LLM proxy endpoints with TLS certificate pinning, replacing hardcoded server URLs. The client now resolves TEE endpoints from the registry by default, with optional fallback to static URLs for development/self-hosted scenarios.

Key Changes

  • New TEE Registry Integration (teeRegistry.ts):

    • TEERegistry class queries the on-chain TEE Registry contract to fetch active TEE endpoints and their DER-encoded TLS certificates
    • Implements getActiveTEEsByType() to retrieve all active TEEs of a given type and getLLMTEE() to select a random active LLM proxy
    • Converts hex-encoded certificate data from the contract into Uint8Array format for TLS pinning

  • New TEE Connection Abstraction (teeConnection.ts):

    • TEEConnection interface provides a common contract for static and registry-backed TEE connections
    • StaticTEEConnection for hardcoded endpoints (dev/self-hosted) with disabled TLS verification
    • RegistryTEEConnection for registry-backed discovery with:
      • TLS certificate pinning via buildPinnedAgent() (creates undici Agent with pinned CA certificate)
      • Optional background health check loop (5-minute interval) to detect stale TEE registrations
      • Automatic reconnection and retry on connection failures
    • Proper resource cleanup via close() method for dispatchers and timers

  • Updated LLM Client (llm.ts):

    • Replaced hardcoded serverUrl and streamingServerUrl config with connection: TEEConnection
    • Refactored request flow: requestWithRetry() handles TEE resolution and single-retry-on-failure logic
    • sendOnce() builds a paid fetch with the TEE's pinned dispatcher injected into every request
    • Added close() method to tear down resources

  • Updated Client Factory (client.ts):

    • Automatically creates RegistryTEEConnection by default (queries registry via RPC)
    • Falls back to StaticTEEConnection when llmServerUrl is provided
    • Accepts optional rpcUrl and teeRegistryAddress overrides
    • Added close() method for cleanup

  • Configuration Updates (types.ts, defaults.ts):

    • Removed llmStreamingServerUrl config (both chat and streaming use the same endpoint)
    • Updated llmServerUrl documentation to clarify it disables registry lookup
    • Added rpcUrl and teeRegistryAddress config options
    • Changed defaults from hardcoded LLM URLs to registry RPC URL and contract address

  • Public API Exports (index.ts):

    • Exported TEERegistry, TEEEndpoint, TEE_TYPE_* constants
    • Exported TEEConnection, ActiveTEE, RegistryTEEConnection, StaticTEEConnection, buildPinnedAgent

Notable Implementation Details

  • TLS Certificate Pinning: Instead of trust-on-first-use (TOFU), the client fetches the certificate submitted during TEE registration and pins to it, rejecting any mismatched certificates
  • Hostname Verification Disabled: TEE servers are typically addressed by IP while certificates may be issued for different hostnames; the pinned certificate itself serves as the trust anchor
  • Graceful Degradation: Connection failures trigger a registry refresh and single retry; if the TEE is no longer active, a fresh one is selected
  • Resource Management: Background timers are marked as non-blocking (unref()) and all resources are properly cleaned up on close()
  • Version Bump: Package version updated to 2.1.0

https://claude.ai/code/session_01Nvpzd6GMuRCcgfuFZgotUk

@adambalogh
Add on-chain TEE registry + TLS cert pinning for LLM endpoints
9b5f197 
Brings the TS SDK in line with the Python SDK: the LLM endpoint is now
discovered by querying the on-chain TEERegistry contract instead of a
hardcoded URL, and the TEE's TLS certificate is pinned to the value
stored at registration time (no TOFU).

- src/abi/teeRegistry.ts: minimal read-only ABI for getActiveTEEs.
- src/teeRegistry.ts: TEERegistry class wrapping the contract via viem
  (getActiveTEEsByType, getLLMTEE).
- src/teeConnection.ts: StaticTEEConnection (hardcoded URL, TLS
  verification disabled) and RegistryTEEConnection (registry-resolved,
  pinned TLS cert via undici Agent, lazy connect, 5-min health check
  with automatic failover).
- src/llm.ts: refactored to drive requests through a TEEConnection,
  injecting the pinned dispatcher into the x402-paid fetch and retrying
  once on connection failure with a fresh TEE.
- src/client.ts: registry is now the default; passing llmServerUrl
  switches to a static connection.
- types.ts/defaults.ts/index.ts: new ClientConfig fields (rpcUrl,
  teeRegistryAddress), registry defaults, and re-exports.
- package.json: declare viem and undici as direct deps; bump to 2.1.0.
@socket-security
Copy link
Copy Markdown

socket-security Bot commented May 5, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedundici@​6.25.07210010098100

View full report

@adambalogh adambalogh merged commit 7377767 into main May 5, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adambalogh @claude