export { getComposeHash } from './get-compose-hash.js'; export { VerifyOptions, verifyEnvEncryptPublicKey, verifyEnvEncryptPublicKeyLegacy } from './verify-env-encrypt-public-key.js'; interface GetTlsKeyResponse { __name__: Readonly<'GetTlsKeyResponse'>; key: string; certificate_chain: string[]; asUint8Array: (max_length?: number) => Uint8Array; } interface GetKeyResponse { __name__: Readonly<'GetKeyResponse'>; key: Uint8Array; signature_chain: Uint8Array[]; } interface SignResponse { __name__: Readonly<'SignResponse'>; signature: Uint8Array; signature_chain: Uint8Array[]; public_key: Uint8Array; } interface VerifyResponse { __name__: Readonly<'VerifyResponse'>; valid: boolean; } type Hex = `${string}`; type TdxQuoteHashAlgorithms = 'sha256' | 'sha384' | 'sha512' | 'sha3-256' | 'sha3-384' | 'sha3-512' | 'keccak256' | 'keccak384' | 'keccak512' | 'raw'; interface EventLog { imr: number; event_type: number; digest: string; event: string; event_payload: string; } interface TcbInfo { mrtd: string; rtmr0: string; rtmr1: string; rtmr2: string; rtmr3: string; app_compose: string; event_log: EventLog[]; } type TcbInfoV03x = TcbInfo & { rootfs_hash?: string; }; type TcbInfoV05x = TcbInfo & { mr_aggregated: string; os_image_hash: string; compose_hash: string; device_id: string; }; interface InfoResponse { app_id: string; instance_id: string; app_cert: string; tcb_info: VersionTcbInfo; app_name: string; device_id: string; mr_aggregated?: string; os_image_hash?: string; key_provider_info: string; compose_hash: string; vm_config?: string; cloud_vendor?: string; cloud_product?: string; } interface GetQuoteResponse { quote: Hex; event_log: string; report_data?: Hex; vm_config?: string; replayRtmrs: () => string[]; } interface AttestResponse { __name__: Readonly<'AttestResponse'>; attestation: Hex; } interface VersionResponse { __name__: Readonly<'VersionResponse'>; version: string; rev: string; } declare function to_hex(data: string | Buffer | Uint8Array): string; interface TlsKeyOptions { path?: string; subject?: string; altNames?: string[]; usageRaTls?: boolean; usageServerAuth?: boolean; usageClientAuth?: boolean; notBefore?: number; notAfter?: number; withAppInfo?: boolean; } declare class DstackClient { protected endpoint: string; constructor(endpoint?: string | undefined); private ensureAlgorithmSupported; private ensureTlsKeyOptionsSupported; getKey(path?: string, purpose?: string, algorithm?: string): Promise; getTlsKey(options?: TlsKeyOptions): Promise; getQuote(report_data: string | Buffer | Uint8Array): Promise; attest(report_data: string | Buffer | Uint8Array): Promise; info(): Promise>; /** * Query the guest-agent version. * * Returns the version on OS >= 0.5.7. * Throws on older OS versions that lack the Version RPC. */ version(): Promise; isReachable(): Promise; /** * Emit an event. This extends the event to RTMR3 on TDX platform. * * Requires dstack OS 0.5.0 or later. * * @param event The event name * @param payload The event data as string or Buffer or Uint8Array */ emitEvent(event: string, payload: string | Buffer | Uint8Array): Promise; /** * Signs a payload using a derived key. * @param algorithm The algorithm to use (e.g., "ed25519", "secp256k1", "secp256k1_prehashed") * @param data The data to sign. If algorithm is "secp256k1_prehashed", this must be a 32-byte hash. * @returns A SignResponse containing the signature, signature chain, and public key. */ sign(algorithm: string, data: string | Buffer | Uint8Array): Promise; /** * Verifies a payload signature. * @param algorithm The algorithm to use (e.g., "ed25519", "secp256k1", "secp256k1_prehashed") * @param data The data that was signed. * @param signature The signature to verify. * @param publicKey The public key to use for verification. * @returns A VerifyResponse indicating if the signature is valid. */ verify(algorithm: string, data: string | Buffer | Uint8Array, signature: string | Buffer | Uint8Array, publicKey: string | Buffer | Uint8Array): Promise; /** * @deprecated Use getKey instead. * @param path The path to the key. * @param subject The subject of the key. * @param altNames The alternative names of the key. * @returns The key. */ deriveKey(path?: string, subject?: string, altNames?: string[]): Promise; /** * @deprecated Use getQuote instead. * @param report_data The report data. * @param hash_algorithm The hash algorithm. * @returns The quote. */ tdxQuote(report_data: string | Buffer | Uint8Array, hash_algorithm?: TdxQuoteHashAlgorithms): Promise; } declare class TappdClient extends DstackClient { constructor(endpoint?: string | undefined); /** * @deprecated Use getKey instead. * @param path The path to the key. * @param subject The subject of the key. * @param altNames The alternative names of the key. * @returns The key. */ deriveKey(path?: string, subject?: string, alt_names?: string[]): Promise; /** * @deprecated Use getQuote instead. * @param report_data The report data. * @param hash_algorithm The hash algorithm. * @returns The quote. */ tdxQuote(report_data: string | Buffer | Uint8Array, hash_algorithm?: TdxQuoteHashAlgorithms): Promise; isReachable(): Promise; } export { type AttestResponse, DstackClient, type EventLog, type GetKeyResponse, type GetQuoteResponse, type GetTlsKeyResponse, type Hex, type InfoResponse, type SignResponse, TappdClient, type TcbInfo, type TcbInfoV03x, type TcbInfoV05x, type TdxQuoteHashAlgorithms, type TlsKeyOptions, type VerifyResponse, type VersionResponse, to_hex };