blocklock agent

Author: CluEleSsUK

.dockerignore

@@ -0,0 +1,3 @@
+node_modules
+**/node_modules
+out

.github/workflows/build-and-push.yml

@@ -0,0 +1,94 @@
+name: build-and-push
+on:
+  push:
+    branches:
+      # all branches, docker image is only pushed on main
+      - "*"
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+*'
+  pull_request:
+
+env:
+  SERVICE_ACCOUNT: [email protected]
+  DOCKER_REGISTRY: europe-west1-docker.pkg.dev/randamu-prod/candyland
+  IMAGE_MAINTAINER: "Randamu"
+  IMAGE_VENDOR: "Randamu"
+
+jobs:
+  build-and-push:
+    runs-on: "ubuntu-latest"
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
+      - name: Update submodules
+        run: git submodule update --init --recursive --remote
+        
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '>=22.5.0'
+
+      - name: Login to Artifact Registry
+        uses: docker/login-action@v3
+        with:
+          registry: europe-west1-docker.pkg.dev
+          username: _json_key
+          password: ${{ secrets.GCP_SERVICE_ACCOUNT_TOKEN }}
+
+      - name: Install
+        run: npm install && npm install -g yarn
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
+      - name: Build
+        run: yarn build
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.DOCKER_REGISTRY }}/blocklock-agent
+          labels: |
+            maintainer=${{ env.IMAGE_MAINTAINER }}
+            org.opencontainers.image.title=blocklock-agent
+            org.opencontainers.image.description="an agent for uploading signatures to blockchains"
+            org.opencontainers.image.vendor=${{ env.IMAGE_VENDOR }}
+          flavor: |
+            latest=false
+            prefix=
+            suffix=
+          tags: |
+            type=sha,prefix=
+            type=ref,event=branch,suffix=-latest,enable=${{ startsWith(github.ref, 'refs/heads/') }}
+            type=semver,pattern={{version}},event=tag,enable=${{ startsWith(github.ref, 'refs/tags/') }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          # this might not work at all, but might work and 
+          # allow us to bypass dockerhub ratelimit
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["mirror.gcr.io"]
+          ## this does work to avoid the dockerhub ratelimit
+          driver-opts: |
+            image=mirror.gcr.io/moby/buildkit:buildx-stable-1
+            network=host
+
+      - id: docker-push-tagged
+        name: Tag Docker image and push to Google Artifact Registry
+        uses: docker/build-push-action@v6
+        with:
+          push: ${{ github.ref == 'refs/heads/main' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: |
+            type=registry,ref=${{ env.DOCKER_REGISTRY }}/blocklock-agent-cache:${{ steps.meta.outputs.version }}
+            type=registry,ref=${{ env.DOCKER_REGISTRY }}/blocklock-agent-cache:main-latest
+          cache-to: type=registry,ref=${{ env.DOCKER_REGISTRY }}/blocklock-agent-cache:${{ steps.meta.outputs.version }},mode=max
+

.gitignore

@@ -0,0 +1,6 @@
+index.js
+index.cjs
+index.d.ts
+src/generated/**
+node_modules
+state.json

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "blocklock-solidity"]
+	path = blocklock-solidity
+	url = https://github.com/randa-mu/blocklock-solidity.git

Dockerfile

@@ -0,0 +1,30 @@
+# Set ARG for Node.js version
+ARG ARCH=linux/amd64
+ARG NODE_VERSION=22.3
+
+# TODO: install foundry on our node images
+FROM --platform=${ARCH} node:${NODE_VERSION} AS node
+
+FROM --platform=${ARCH} ghcr.io/foundry-rs/foundry:latest AS build
+
+# foundry recently changed their dockerfile permissions so we need this to build now
+USER root
+
+# we copy the bin from the node image to foundry (which uses alpine)
+COPY --from=node /usr/lib /usr/lib
+COPY --from=node /usr/local/lib /usr/local/lib
+COPY --from=node /usr/local/include /usr/local/include
+COPY --from=node /usr/local/bin /usr/local/bin
+
+WORKDIR /app
+
+COPY . .
+
+RUN npm install
+RUN npm run build
+
+FROM --platform=${ARCH} node:${NODE_VERSION} AS runner
+# Define the command to run the application
+WORKDIR /app
+COPY --from=build /app/index.cjs .
+CMD ["node", "/app/index.cjs"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Randamu
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,122 @@
+## @randamu/blocklock-agent
+
+The `blocklock-agent` is a blockchain-based timelock decryption and signature agent leveraging BLS signatures and blocklock mechanisms on the Ethereum-compatible Filecoin network. This agent listens for decryption requests and processes them based on predefined conditions.
+
+### Features
+
+- **Event Listener**: Listens for `DecryptionRequested` events from the `DecryptionSender` smart contract.
+- **BLS Cryptography**: Utilizes BLS signatures for secure and efficient cryptographic operations.
+- **IBE Decryption**: Implements identity-based encryption (IBE) to handle requests securely.
+- **Health Check**: Provides an HTTP health-check endpoint.
+- **Event Replay**: Replays past unfulfilled decryption requests upon startup.
+
+### Requirements
+
+- Node.js version 16+.
+- An Ethereum-compatible blockchain node (e.g., Filecoin calibration network).
+- Access to the deployed `DecryptionSender` contract address.
+
+### Installation
+
+1. Clone the repository:
+    ```bash
+    git clone <repository-url>
+    cd blocklock-agent
+    ```
+
+2. Install dependencies:
+    ```bash
+    npm install
+    ```
+
+### Configuration
+
+The agent can be configured using command-line arguments, environment variables, or a combination of both. Below are the available options:
+
+| Option                   | Default Value                                 | Environment Variable                           | Description                                                                                                        |
+|--------------------------|-----------------------------------------------|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------|
+| `--port`                 | `8080`                                        | `BLOCKLOCK_PORT`                               | The port to host the health-check HTTP server.                                                                     |
+| `--rpc-url`              | `https://api.calibration.node.glif.io/rpc/v1` | `BLOCKLOCK_RPC_URL`                            | Blockchain RPC URL.                                                                                                |
+| `--private-key`          | `<Default Private Key>`                       | `BLOCKLOCK_PRIVATE_KEY`                        | Private key for transaction signing.                                                                               |
+| `--bls-key`              | `<Default BLS Key>`                           | `BLOCKLOCK_BLS_PRIVATE_KEY`                    | BLS private key for signing.                                                                                       |
+| `--decryptionSenderAddr` | `<Deployed Contract Address>`                 | `BLOCKLOCK_DECRYPTION_SENDER_CONTRACT_ADDRESS` | Address of the deployed `DecryptionSender` contract.                                                               |
+| `--state-path`           | `./state.json`                                | `BLOCKLOCK_STATE_PATH`                         | A JSON file containing the `chainHeight` at which to start processing events. Empty will start from current block. |
+| `--polling-interval`     | 1000                                          | `BLOCKLOCK_POLLING_INTERVAL`                   | How frequently in milliseconds to call the RPC for the latest events/state.                                        |
+| `--log-level`            | info                                          | `BLOCKLOCK_LOG_LEVEL`                          | The logging level for structured JSON logging. Can be "info", "debug", "error", or "trace".                        |
+
+### Usage
+
+To start the `blocklock-agent`, run the following command:
+
+```bash
+npm run start [options]
+```
+
+For example, to specify a custom RPC URL and state file, run:
+
+```bash
+npm run start --rpc-url http://localhost:8545 --state-file /home/cooluser/state.json
+```
+
+The agent will store its state periodically to the provided state file. If a state file doesn't exist, it will start from the current chain height.
+If you wish to bootstrap it with a custom state file, an example format is the following:
+```{ "chainHeight": 123456 }```
+
+### How It Works
+
+1. **Initialization**:
+   - Connects to the specified RPC URL.
+   - Configures the agent with the provided private and BLS keys.
+   - Loads the state file to determine which chain height to start from, 
+   - Retrieves past `DecryptionRequested` events from the `chainHeight` specified in the state file
+   - Listens for future `DecryptionRequested` events
+
+2. **Event Processing**:
+   - For each `DecryptionRequested` event:
+     - Verifies the scheme ID (`BN254-BLS-BLOCKLOCK`).
+     - Computes the BLS signature for the request condition.
+     - Processes the ciphertext and fulfills the request via the `DecryptionSender` contract.
+
+3. **Health Check**:
+   - Hosts a lightweight HTTP server on the configured port to indicate the agent's health.
+
+4. **Keep Alive**:
+   - The agent remains active, continuously listening for new events and processing them in real-time.
+
+### Development
+
+#### Scripts
+
+- Build the project:
+    ```bash
+    npm run build
+    ```
+
+### Directory Structure
+
+- **`crypto/`**: Contains cryptographic implementations (BLS and IBE).
+- **`generated/`**: Auto-generated smart contract TypeScript bindings / factories and type definitions.
+- **`provider.ts`**: Utilities for blockchain provider creation and retry logic.
+- **`index.ts`**: Entry point of the application.
+
+### Testing
+
+To test the agent, you can simulate `DecryptionRequested` events on a local blockchain, e.g., [Anvil](https://book.getfoundry.sh/reference/anvil/).
+Note that the required smart contracts will need to be deployed on the local chain, i.e., DecryptionSender, BlocklockSender and the user contract from where the on-chain timelock encryption / decryption requests will be made.
+See the [blocklock-solidity repository](github.com/randa-mu/blocklock-solidity.git) for more.
+
+### Troubleshooting
+
+- **Error: `missing revert data`**:
+  Ensure the contract address, private key, and RPC URL are correctly configured. Ensure that the Ciphertext is correctly generated. There's an example [here](github.com/randa-mu/blocklock-solidity/blob/main/scripts/chain-interaction.ts)
+  
+- **Unhandled Exception**:
+  Check the blockchain node for connectivity issues or misconfigured start block.
+
+### Contributing
+
+Contributions are welcome! Please submit issues or pull requests to improve the project.
+
+### License
+
+This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.

blocklock-solidity/.env.example

@@ -0,0 +1,18 @@
+# Private key for contract deployment and interaction
+PRIVATE_KEY=
+
+# RPC 
+RPC_URL=
+
+# Threshold network BLS Point G2 public key x and y coordinates (all uints) used to construct the public key as a G2 point
+BLS_PUBLIC_KEY_X0=
+BLS_PUBLIC_KEY_X1=
+BLS_PUBLIC_KEY_Y0=
+BLS_PUBLIC_KEY_Y1=
+
+# Contract upgrades 
+IS_UPGRADE=
+
+# Contract verification
+ETHERSCAN_API_KEY=
+

blocklock-solidity/.github/workflows/test.yml

@@ -0,0 +1,54 @@
+name: Foundry
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  check:
+    strategy:
+      fail-fast: true
+
+    name: Foundry project
+    runs-on: ubuntu-latest
+      
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+      
+      - name: Install hardhat
+        run: |
+          yarn add --dev hardhat
+        id: hardhat-install
+
+      - name: Show Forge version
+        run: |
+          forge --version
+
+      - name: Run Forge fmt
+        run: |
+          forge fmt --check
+        id: fmt
+
+      - name: Run Forge build
+        run: |
+          forge build --force --skip test --sizes
+        id: build
+
+      - name: Run Forge tests
+        run: |
+          FOUNDRY_PROFILE=test forge test --gas-report
+        id: forge-test
+      
+      - name: Run foundry coverage
+        run: FOUNDRY_PROFILE=coverage forge coverage --report summary
+
+      - name: Run Hardhat tests
+        run: |
+          npx hardhat test
+        id: hardhat-test