Skip to content

add relay metadata fields for remote capability execution#1948

Merged
nadahalli merged 1 commit intotejaswi/tee-attestationfrom
tejaswi/relay-capability-metadata
Apr 1, 2026
Merged

add relay metadata fields for remote capability execution#1948
nadahalli merged 1 commit intotejaswi/tee-attestationfrom
tejaswi/relay-capability-metadata

Conversation

@nadahalli
Copy link
Copy Markdown
Contributor

@nadahalli nadahalli commented Mar 31, 2026

Summary

  • add owner, execution_id, and reference_id to confidential relay capability execution params
  • keep the wire contract aligned with confidential workflow remote capability execution needs
  • isolate the shared type change so chainlink and confidential-compute can consume it separately

Testing

  • make gomodtidy
  • make generate
  • go test ./pkg/capabilities/v2/actions/confidentialrelay

@nadahalli nadahalli requested a review from a team as a code owner March 31, 2026 15:58
@nadahalli nadahalli mentioned this pull request Mar 31, 2026
Open
5 tasks
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 31, 2026

✅ API Diff Results - github.com/smartcontractkit/chainlink-common

✅ Compatible Changes (3)

pkg/capabilities/v2/actions/confidentialrelay.CapabilityRequestParams (3)

  • ExecutionID — ➕ Added

  • Owner — ➕ Added

  • ReferenceID — ➕ Added

📄 View full apidiff report

@justinkaseman justinkaseman requested a review from Copilot March 31, 2026 17:32
Copilot AI reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the confidential relay JSON-RPC wire types to carry additional execution metadata needed for remote capability execution, keeping the request schema aligned across consumers (e.g., Chainlink and confidential-compute).

Changes:

  • Add owner, execution_id, and reference_id fields to CapabilityRequestParams for confidential.capability.execute.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pkg/capabilities/v2/actions/confidentialrelay/types.go
Comment on lines +44 to +46
Owner string `json:"owner,omitempty"`
ExecutionID string `json:"execution_id,omitempty"`
ReferenceID string `json:"reference_id,omitempty"`
Copy link

Copilot AI Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CapabilityRequestParams adds owner, execution_id, and reference_id but marks them omitempty. If these are part of the required wire contract for remote capability execution (as SecretsRequestParams already requires owner/execution_id), omitempty can silently drop them when empty, producing an invalid/ambiguous request and making it harder for the relay side to distinguish “missing” vs “present but empty”. Consider removing omitempty (and documenting expected formats like the secrets params), or switching to pointer types if the intent is to make presence/absence explicit.

Suggested change
Owner string `json:"owner,omitempty"`
ExecutionID string `json:"execution_id,omitempty"`
ReferenceID string `json:"reference_id,omitempty"`
Owner string `json:"owner"`
ExecutionID string `json:"execution_id"`
ReferenceID string `json:"reference_id"`

Copilot uses AI. Check for mistakes.
@nadahalli nadahalli merged commit 767c996 into tejaswi/tee-attestation Apr 1, 2026
21 of 23 checks passed
@nadahalli nadahalli deleted the tejaswi/relay-capability-metadata branch April 1, 2026 10:55
github-merge-queue Bot pushed a commit that referenced this pull request Apr 2, 2026
@nadahalli @mchain0
Add teeattestation package for TEE attestation validation (#1899)
0f3b462 
* Add teeattestation package for TEE attestation validation

* Remove caRootsPEM param from ValidateAttestation

ValidateAttestation now always uses the hardcoded AWS Nitro root cert.
ValidateAttestationWithRoots is available for testing with fake enclaves
that use self-signed CA roots.

* Fix lint: errors.New, rename FakeAttestor, nolint for CBOR tags

* Fix goimports alignment in CBOR struct tags

* Check PCR count before accessing indices

* Rename package fake to nitrofake

* Merge teeattestation into root module

* Use fmt.Sprintf for fixed-format PCR JSON in nitrofake

* add relay metadata fields for remote capability execution (#1948)

* Remove nitrite from Nitro attestation validation

* Run gomodtidy after cbor upgrade

---------

Co-authored-by: mchain0 <maciej.wisniewski@smartcontract.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@justinkaseman justinkaseman justinkaseman approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nadahalli @justinkaseman