security(sdk): 0.19.2 worker-key binding + SIWE validation + verdict hashes; fix wallet SIWE regression#135
Merged
Conversation
… verdict hashes; fix wallet SIWE regression SDK (same end-to-end hardening the wallet got, now in the published package so LightChallenge and every SDK user can rely on it): - openSession/runInference bind the session key to the worker's CHAIN-REGISTERED encryption key (new verifyWorkerKeyOnChain, read from WorkerRegistry) instead of trusting the gateway's copy. A hostile proxy that substitutes its own key is now rejected, closing a prompt/answer MITM. Verified live on mainnet: the real gateway key matches the chain, so genuine inference is unaffected. - assertSafeChallenge validates the gateway's SIWE auth challenge (this account, a trusted gateway domain) before signing, so a proxy cannot harvest a signature scoped elsewhere. - RunInferenceResult exposes responseHash + ciphertextHash (the worker's on-chain commitments from JobCompleted) so an attestor can anchor the verdict. Wallet SIWE REGRESSION FIX: the assertSafeChallenge I added in #129 hard-failed unless the challenge domain equalled 'lightnode.app', but the live gateway signs as chat-api.<net>.lightchain.ai even through the proxy - so #129 broke the wallet's AI chat. Accept the lightchain.ai gateway family (verified against the live challenge). The address check (the real anti-replay protection) stays. 515 root tests + 156 wallet tests; tsc + builds clean; live mainnet run confirms binding + SIWE + hashes all work.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Foundation for migrating LightChallenge to the SDK: the SDK had the same worker-key MITM I fixed in the wallet, and it didn't expose the on-chain hashes an attestor needs. This fixes both, plus a live wallet regression.
SDK 0.19.2
openSession/runInferencenow bind the session key to the worker's CHAIN-REGISTERED encryption key (newverifyWorkerKeyOnChain, read from WorkerRegistry) instead of trusting the gateway's copy. A hostile proxy substituting its own key is rejected, closing a prompt/answer MITM. Verified live on mainnet: the real gateway key matches the chain, so genuine inference is unaffected (full run returned a verdict in ~55s).assertSafeChallengechecks the gateway auth challenge names this account and a trusted gateway domain before signing, so a proxy can't harvest a signature scoped elsewhere.RunInferenceResultnow carriesresponseHash+ciphertextHash(the worker's on-chain commitments from JobCompleted) so a challenge protocol can anchor the verdict on-chain without a second read.Wallet SIWE regression fix (from #129)
The
assertSafeChallengeI added in #129 hard-failed unless the challenge domain equalledlightnode.app- but I checked the live gateway and it signs aschat-api.<net>.lightchain.aieven through the proxy. So #129 broke the wallet's AI chat. Now the lightchain.ai gateway family is accepted (the address anti-replay check stays). The deployed wallet zip needs refreshing after this.Verification
515 root tests (+7 new binding/SIWE), 156 wallet tests, tsc + SDK + wxt builds clean, and a live mainnet run confirming the binding accepts the real key, SIWE passes, and both hashes are returned.