[CRE] [4/5] ConfidentialModule, config, DB migration, syncer routing

Core abstractions for confidential workflow execution:

- ConfidentialModule: implements host.ModuleV2, dispatches workflow
  execution to TEE enclave via the confidential-workflows capability
- Syncer routing: detects confidential workflows via on-chain attributes,
  routes to ConfidentialModule instead of local WASM engine
- Config: CRE.ConfidentialRelay TOML config for relay DON nodes
- DB migration: adds attributes column to workflow_specs_v2
- WorkflowSpec.Attributes: persists on-chain workflow attributes

Nothing is wired into CRE yet. Inert until PR 5/5.

Part of #21635

Author: nadahalli

core/config/cre_config.go

@@ -13,6 +13,7 @@ type CRE interface {
 	// When enabled, additional OTel tracing and logging is performed.
 	DebugMode() bool
 	LocalSecrets() map[string]string
+	ConfidentialRelay() CREConfidentialRelay
 }
 
 // WorkflowFetcher defines configuration for fetching workflow files
@@ -21,6 +22,13 @@ type WorkflowFetcher interface {
 	URL() string
 }
 
+// CREConfidentialRelay defines configuration for the confidential relay handler.
+type CREConfidentialRelay interface {
+	Enabled() bool
+	TrustedPCRs() string
+	CARootsPEM() string
+}
+
 // CRELinking defines configuration for connecting to the CRE linking service
 type CRELinking interface {
 	URL() string

core/config/toml/types.go

@@ -1895,14 +1895,24 @@ type CreConfig struct {
 	// Requires [Tracing].Enabled = true for traces to be exported (trace export is gated by
 	// Tracing.Enabled in initGlobals; Telemetry.Enabled is optional—traces work with or without it).
 	// WARNING: This is not suitable for production use due to performance overhead.
-	DebugMode *bool `toml:",omitempty"`
+	DebugMode         *bool                    `toml:",omitempty"`
+	ConfidentialRelay *ConfidentialRelayConfig `toml:",omitempty"`
 }
 
 // WorkflowFetcherConfig holds the configuration for fetching workflow files
 type WorkflowFetcherConfig struct {
 	URL *string `toml:",omitempty"`
 }
 
+// ConfidentialRelayConfig holds the configuration for the confidential relay handler.
+// When Enabled is true, the node participates in the confidential relay DON,
+// validating enclave attestations and proxying capability requests.
+type ConfidentialRelayConfig struct {
+	Enabled     *bool   `toml:",omitempty"`
+	TrustedPCRs *string `toml:",omitempty"`
+	CARootsPEM  *string `toml:",omitempty"`
+}
+
 // LinkingConfig holds the configuration for connecting to the CRE linking service
 type LinkingConfig struct {
 	URL        *string `toml:",omitempty"`
@@ -1956,6 +1966,21 @@ func (c *CreConfig) setFrom(f *CreConfig) {
 	if f.DebugMode != nil {
 		c.DebugMode = f.DebugMode
 	}
+
+	if f.ConfidentialRelay != nil {
+		if c.ConfidentialRelay == nil {
+			c.ConfidentialRelay = &ConfidentialRelayConfig{}
+		}
+		if v := f.ConfidentialRelay.Enabled; v != nil {
+			c.ConfidentialRelay.Enabled = v
+		}
+		if v := f.ConfidentialRelay.TrustedPCRs; v != nil {
+			c.ConfidentialRelay.TrustedPCRs = v
+		}
+		if v := f.ConfidentialRelay.CARootsPEM; v != nil {
+			c.ConfidentialRelay.CARootsPEM = v
+		}
+	}
 }
 
 func (w *WorkflowFetcherConfig) ValidateConfig() error {

core/scripts/go.mod

@@ -46,13 +46,13 @@ require (
 	github.com/shopspring/decimal v1.4.0
 	github.com/smartcontractkit/chainlink-automation v0.8.1
 	github.com/smartcontractkit/chainlink-ccip v0.1.1-solana.0.20260317185256-d5f7db87ae70
-	github.com/smartcontractkit/chainlink-common v0.11.0
+	github.com/smartcontractkit/chainlink-common v0.11.1-0.20260323163826-2c5b95089478
 	github.com/smartcontractkit/chainlink-common/keystore v1.0.2
 	github.com/smartcontractkit/chainlink-data-streams v0.1.13
 	github.com/smartcontractkit/chainlink-deployments-framework v0.86.3
 	github.com/smartcontractkit/chainlink-evm v0.3.4-0.20260320152158-2191d797b5ce
 	github.com/smartcontractkit/chainlink-evm/gethwrappers v0.0.0-20260119171452-39c98c3b33cd
-	github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260226130359-963f935e0396
+	github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260320153346-314ec8dbe5a4
 	github.com/smartcontractkit/chainlink-protos/job-distributor v0.18.0
 	github.com/smartcontractkit/chainlink-testing-framework/framework v0.15.5
 	github.com/smartcontractkit/chainlink-testing-framework/framework/components/dockercompose v0.1.20

core/scripts/go.sum

@@ -105,6 +105,35 @@ func (c *creConfig) Linking() config.CRELinking {
 	return &linkingConfig{url: url, tlsEnabled: tlsEnabled}
 }
 
+type confidentialRelayConfig struct {
+	enabled     bool
+	trustedPCRs string
+	caRootsPEM  string
+}
+
+func (cr *confidentialRelayConfig) Enabled() bool       { return cr.enabled }
+func (cr *confidentialRelayConfig) TrustedPCRs() string { return cr.trustedPCRs }
+func (cr *confidentialRelayConfig) CARootsPEM() string  { return cr.caRootsPEM }
+
+func (c *creConfig) ConfidentialRelay() config.CREConfidentialRelay {
+	if c.c.ConfidentialRelay == nil {
+		return &confidentialRelayConfig{}
+	}
+	enabled := false
+	if c.c.ConfidentialRelay.Enabled != nil {
+		enabled = *c.c.ConfidentialRelay.Enabled
+	}
+	trustedPCRs := ""
+	if c.c.ConfidentialRelay.TrustedPCRs != nil {
+		trustedPCRs = *c.c.ConfidentialRelay.TrustedPCRs
+	}
+	caRootsPEM := ""
+	if c.c.ConfidentialRelay.CARootsPEM != nil {
+		caRootsPEM = *c.c.ConfidentialRelay.CARootsPEM
+	}
+	return &confidentialRelayConfig{enabled: enabled, trustedPCRs: trustedPCRs, caRootsPEM: caRootsPEM}
+}
+
 func (c *creConfig) LocalSecrets() map[string]string {
 	return c.s.LocalSecrets
 }

core/services/chainlink/config_cre.go

@@ -930,6 +930,7 @@ type WorkflowSpec struct {
 	CreatedAt     time.Time          `toml:"-"`
 	UpdatedAt     time.Time          `toml:"-"`
 	SpecType      WorkflowSpecType   `toml:"spec_type" db:"spec_type"`
+	Attributes    []byte             `db:"attributes"`
 	sdkWorkflow   *sdk.WorkflowSpec
 	rawSpec       []byte
 	config        []byte

core/services/job/models.go

@@ -33,6 +33,8 @@ func GetCapabilityIDFromCommand(command string, config string) string {
 		return "http-trigger@1.0.0-alpha"
 	case "http_action":
 		return "http-actions@1.0.0-alpha" // plural "actions"
+	case "mock":
+		return "mock@1.0.0"
 	default:
 		return ""
 	}
@@ -52,6 +54,8 @@ func GetCommandFromCapabilityID(capabilityID string) string {
 		return "http_trigger"
 	case strings.HasPrefix(capabilityID, "http-actions"):
 		return "http_action"
+	case strings.HasPrefix(capabilityID, "mock"):
+		return "mock"
 	default:
 		return ""
 	}

core/services/standardcapabilities/conversions/conversions.go

@@ -63,7 +63,8 @@ func (orm *orm) UpsertWorkflowSpec(ctx context.Context, spec *job.WorkflowSpec)
 				config_url,
 				created_at,
 				updated_at,
-				spec_type
+				spec_type,
+				attributes
 			) VALUES (
 				:workflow,
 				:config,
@@ -76,7 +77,8 @@ func (orm *orm) UpsertWorkflowSpec(ctx context.Context, spec *job.WorkflowSpec)
 				:config_url,
 				:created_at,
 				:updated_at,
-				:spec_type
+				:spec_type,
+				:attributes
 			) ON CONFLICT (workflow_id) DO UPDATE
 			SET
 				workflow = EXCLUDED.workflow,
@@ -89,7 +91,8 @@ func (orm *orm) UpsertWorkflowSpec(ctx context.Context, spec *job.WorkflowSpec)
 				config_url = EXCLUDED.config_url,
 				created_at = EXCLUDED.created_at,
 				updated_at = EXCLUDED.updated_at,
-				spec_type = EXCLUDED.spec_type
+				spec_type = EXCLUDED.spec_type,
+				attributes = EXCLUDED.attributes
 			RETURNING id
 		`
 

core/services/workflows/artifacts/v2/orm.go

@@ -177,12 +177,20 @@ func newFileFetcher(basePath string, lggr logger.Logger) types.FetcherFunc {
 		if err != nil {
 			return nil, fmt.Errorf("invalid URL: %w", err)
 		}
-		fullPath := filepath.Clean(u.Path)
 
-		// ensure that the incoming request URL is either relative or absolute but within the basePath
-		if !filepath.IsAbs(fullPath) {
-			// If it's not absolute, we assume it's relative to the basePath
-			fullPath = filepath.Join(basePath, fullPath)
+		var fullPath string
+		if u.Scheme == "http" || u.Scheme == "https" {
+			// For HTTP(S) URLs, extract just the filename and resolve against basePath.
+			// This supports confidential workflows where the on-chain URL must be HTTP
+			// (so the enclave can fetch the binary), but the syncer reads from the local filesystem.
+			fullPath = filepath.Join(basePath, filepath.Base(u.Path))
+		} else {
+			fullPath = filepath.Clean(u.Path)
+			// ensure that the incoming request URL is either relative or absolute but within the basePath
+			if !filepath.IsAbs(fullPath) {
+				// If it's not absolute, we assume it's relative to the basePath
+				fullPath = filepath.Join(basePath, fullPath)
+			}
 		}
 		if !strings.HasPrefix(fullPath, basePath) {
 			return nil, fmt.Errorf("request URL %s is not within the basePath %s", fullPath, basePath)

core/services/workflows/syncer/fetcher.go

@@ -211,12 +211,20 @@ func newFileFetcher(basePath string, lggr logger.Logger) types.FetcherFunc {
 		if err != nil {
 			return nil, fmt.Errorf("invalid URL: %w", err)
 		}
-		fullPath := filepath.Clean(u.Path)
 
-		// ensure that the incoming request URL is either relative or absolute but within the basePath
-		if !filepath.IsAbs(fullPath) {
-			// If it's not absolute, we assume it's relative to the basePath
-			fullPath = filepath.Join(basePath, fullPath)
+		var fullPath string
+		if u.Scheme == "http" || u.Scheme == "https" {
+			// For HTTP(S) URLs, extract just the filename and resolve against basePath.
+			// This supports confidential workflows where the on-chain URL must be HTTP
+			// (so the enclave can fetch the binary), but the syncer reads from the local filesystem.
+			fullPath = filepath.Join(basePath, filepath.Base(u.Path))
+		} else {
+			fullPath = filepath.Clean(u.Path)
+			// ensure that the incoming request URL is either relative or absolute but within the basePath
+			if !filepath.IsAbs(fullPath) {
+				// If it's not absolute, we assume it's relative to the basePath
+				fullPath = filepath.Join(basePath, fullPath)
+			}
 		}
 		if !strings.HasPrefix(fullPath, basePath) {
 			return nil, fmt.Errorf("request URL %s is not within the basePath %s", fullPath, basePath)