feat: add TEE verification pallet support

package.json

@@ -1,6 +1,6 @@
 {
   "name": "zkverifyjs",
-  "version": "2.2.0",
+  "version": "2.3.0",
   "description": "Submit proofs to zkVerify and query proof state with ease using our npm package.",
   "author": "zkVerify <web3-platform@zkverify.io>",
   "license": "GPL-3.0",
@@ -48,12 +48,14 @@
     "pack-and-install": "npm run build && npm pack && rm -rf node_modules/zkverifyjs && npm install ./$(npm pack | tail -n 1) --no-save",
     "bump-version": "npm version $npm_config_level && git add . && git commit -S -m \"chore: bump version to $npm_package_version\" && git push && npm run build",
     "push-tag": "git checkout main && git pull && git tag -s -m $npm_package_version $npm_package_version && git push origin $npm_package_version",
+    "pretest": "node tests/common/scripts/refresh-tee-tcb.mjs",
     "test": "jest",
-    "test:coverage": "jest --coverage",
+    "test:coverage": "npm run refresh-tee-tcb && jest --coverage",
     "test:file:coverage": "node -e 'const path = process.argv[1]; require(\"child_process\").execSync(`jest --coverage --collectCoverageFrom=\"${path}/index.ts\" ${path}/index.test.ts`, { stdio: \"inherit\" });' --",
     "lint": "eslint 'src/**/*.ts' --fix --ignore-pattern '**/*.test.ts'",
     "format": "prettier --write 'src/**/*.ts'",
     "generate-readme-for-docs": "node ci/generateDocsReadme.js",
+    "refresh-tee-tcb": "node tests/common/scripts/refresh-tee-tcb.mjs",
     "prepare": "husky"
   },
   "lint-staged": {

src/config/index.ts

@@ -12,6 +12,7 @@ import {
   Plonky2Processor,
   Risc0Processor,
   SP1Processor,
+  TEEProcessor,
   UltraHonkProcessor,
   UltraPlonkProcessor,
 } from '../proofTypes';
@@ -58,6 +59,7 @@ export enum ProofType {
   sp1 = 'sp1',
   ultrahonk = 'ultrahonk',
   ultraplonk = 'ultraplonk',
+  tee = 'tee',
   // ADD_NEW_PROOF_TYPE
 }
 
@@ -99,6 +101,10 @@ export const proofConfigurations: Record<ProofType, ProofConfig> = {
     pallet: 'settlementUltrahonkPallet',
     processor: UltraHonkProcessor,
   },
+  [ProofType.tee]: {
+    pallet: 'settlementTeePallet',
+    processor: TEEProcessor,
+  },
   // ADD_NEW_PROOF_TYPE - configurations
 };
 
@@ -171,6 +177,10 @@ export const zkvTypes = {
   EzklVk: {
     vkBytes: 'Bytes',
   },
+  TeeVk: {
+    tcbResponse: 'Bytes',
+    certificates: 'Bytes',
+  },
 };
 
 export const zkvRpc = {
@@ -279,6 +289,16 @@ export const zkvRpc = {
       ],
       type: 'H256',
     },
+    tee: {
+      description: 'Get the hash of a TEE verification key',
+      params: [
+        {
+          name: 'vk',
+          type: 'TeeVk',
+        },
+      ],
+      type: 'H256',
+    },
     // ADD_NEW_PROOF_TYPE
   },
 };

src/enums.ts

@@ -85,6 +85,7 @@ export enum Destination {
 
 export enum RuntimeVersion {
   V1_3_0 = 1003000,
+  V1_5_0 = 1005000,
 }
 
 export const PUBLIC_ZK_VERIFY_EVENTS: ZkVerifyEvents[] = [

src/proofTypes/index.ts

@@ -6,4 +6,5 @@ export { default as UltraPlonkProcessor } from './ultraplonk/processor';
 export { default as Plonky2Processor } from './plonky2/processor';
 export { default as SP1Processor } from './sp1/processor';
 export { default as UltraHonkProcessor } from './ultrahonk/processor';
+export { default as TEEProcessor } from './tee/processor';
 // ADD_NEW_PROOF_TYPE

src/proofTypes/tee/formatter/index.ts

@@ -0,0 +1,38 @@
+import { TeeProof, TeeVk } from '../types';
+
+export function formatProof(proof: TeeProof['proof']): string {
+  return validateHexString(proof);
+}
+
+export function formatVk(vk: TeeVk['vk']): {
+  tcbResponse: string;
+  certificates: string;
+} {
+  if (typeof vk !== 'object' || vk === null) {
+    throw new Error(
+      'Invalid TEE VK format: expected object with tcbResponse and certificates properties',
+    );
+  }
+
+  if (!('tcbResponse' in vk) || !('certificates' in vk)) {
+    throw new Error(
+      'Invalid TEE VK format: expected object with tcbResponse and certificates properties',
+    );
+  }
+
+  const tcbResponse = validateHexString(vk.tcbResponse);
+  const certificates = validateHexString(vk.certificates);
+
+  return { tcbResponse, certificates };
+}
+
+export function formatPubs(): string {
+  return '0x';
+}
+
+function validateHexString(input: string): string {
+  if (!input.startsWith('0x')) {
+    throw new Error('Invalid format: string input must be 0x-prefixed.');
+  }
+  return input;
+}

src/proofTypes/tee/processor/index.ts

@@ -0,0 +1,19 @@
+import { ProofProcessor } from '../../../types';
+import { TeeVk } from '../types';
+import * as formatter from '../formatter';
+
+class TEEProcessor implements ProofProcessor {
+  formatProof(proof: string): string {
+    return formatter.formatProof(proof);
+  }
+
+  formatVk(vk: TeeVk['vk']): { tcbResponse: string; certificates: string } {
+    return formatter.formatVk(vk);
+  }
+
+  formatPubs(): string {
+    return formatter.formatPubs();
+  }
+}
+
+export default new TEEProcessor();

src/proofTypes/tee/types.ts

@@ -0,0 +1,14 @@
+export interface TeeProof {
+  proof: string;
+}
+
+export interface TeeVk {
+  vk: {
+    tcbResponse: string;
+    certificates: string;
+  };
+}
+
+export interface TeePubs {
+  pubs: string;
+}

src/session/types.ts

@@ -46,6 +46,7 @@ type GenericProofMethodMap<TBuilder> = {
   sp1: () => TBuilder;
   ultrahonk: (options?: UltrahonkConfig | null) => TBuilder;
   ultraplonk: (options: UltraplonkConfig) => TBuilder;
+  tee: () => TBuilder;
   // ADD_NEW_PROOF_TYPE
 };
 

src/session/validator/index.ts

@@ -79,6 +79,13 @@ export function validateProofTypeOptions(
     case ProofType.sp1:
       // No specific options required for these proof types
       break;
+    case ProofType.tee:
+      requireVersionAtLeast(
+        runtimeSpec,
+        RuntimeVersion.V1_5_0,
+        'TEE proof type',
+      );
+      break;
     // ADD_NEW_PROOF_TYPE config validation per proof type
     // ADD RUNTIME SPECIFIC RULE IF NEEDED USING requireVersionAtLeast
 

tests/common/runners.ts

@@ -162,6 +162,10 @@ export const generateTestPromises = (
                 promises.push(runTest({ proofType }));
                 break;
 
+            case ProofType.tee:
+                promises.push(runTest({ proofType }));
+                break;
+
             // ADD_NEW_PROOF_TYPE - generateTestPromises
         }
     });

tests/common/scripts/refresh-tee-tcb.mjs

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+
+/**
+ * Fetches fresh Intel TDX TCB info and updates the TEE test fixture.
+ *
+ * The TCB info expires roughly every 30 days, so this script should be run
+ * before TEE integration tests to ensure the fixture data is current.
+ *
+ * Usage: node tests/common/scripts/refresh-tee-tcb.mjs
+ */
+
+import { readFileSync, writeFileSync } from 'fs';
+import { get } from 'https';
+import { resolve, dirname } from 'path';
+import { fileURLToPath } from 'url';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+const TCB_URL =
+  'https://api.trustedservices.intel.com/tdx/certification/v4/tcb?fmspc=B0C06F000000&update=standard';
+const TEE_JSON_PATH = resolve(__dirname, '../data/tee.json');
+
+function fetchTcbInfo() {
+  return new Promise((resolve, reject) => {
+    get(TCB_URL, (res) => {
+      if (res.statusCode !== 200) {
+        reject(new Error(`Intel TCB API returned status ${res.statusCode}`));
+        return;
+      }
+      const chunks = [];
+      res.on('data', (chunk) => chunks.push(chunk));
+      res.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+      res.on('error', reject);
+    }).on('error', reject);
+  });
+}
+
+const tcbJson = await fetchTcbInfo();
+const parsed = JSON.parse(tcbJson);
+
+console.log(
+  `TCB issueDate: ${parsed.tcbInfo.issueDate}, nextUpdate: ${parsed.tcbInfo.nextUpdate}`,
+);
+
+const tcbHex = '0x' + Buffer.from(tcbJson, 'utf8').toString('hex');
+
+const teeData = JSON.parse(readFileSync(TEE_JSON_PATH, 'utf8'));
+teeData.vk.tcbResponse = tcbHex;
+writeFileSync(TEE_JSON_PATH, JSON.stringify(teeData, null, 2) + '\n');
+
+console.log(`Updated ${TEE_JSON_PATH}`);

tests/common/utils.ts

@@ -66,6 +66,10 @@ export function getProofFilenameComponents(proofOptions: ProofOptions): string[]
             // No Config
             break;
         }
+        case ProofType.tee: {
+            // No Config
+            break;
+        }
         // ADD_NEW_PROOF_TYPE
     }
 
@@ -567,6 +571,8 @@ export function dispatchBuilder<T>(
             return methodMap.fflonk();
         case ProofType.sp1:
             return methodMap.sp1();
+        case ProofType.tee:
+            return methodMap.tee();
         // ADD_NEW_PROOF_TYPE - used for tests.
         default:
             throw new Error(`Unsupported proof type: ${proofOptions.proofType}`);