feat(contracts): TEE-attested service approval commitments (#117)

Workstream C from the Tangle Cloud app-store program plan
(docs/blueprint-app-store-program-plan.md in dapp).

Operators may now commit to a specific TEE backend + measurement +
nonce-binding at approval time. Blueprints (or off-chain provisioning
oracles) cross-check the live attestation against the committed value
before accepting the provision result.

Types (`src/libraries/Types.sol`)
- `enum TeeBackend { Phala, AwsNitro, GcpConfidential, AzureSkr, DirectTdx }`
  — append-only; `DirectTdx` recognised but rejected at approval (mirror
  of ai-agent-sandbox-blueprint #50 policy).
- `struct TeeAttestationCommitment { backend, expectedMeasurement, nonceBinding, expiresAt }`.

Approval entrypoint (`src/core/ServicesApprovals.sol`)
- `approveServiceWithTeeCommitments(requestId, AssetSecurityCommitment[],
  blsPubkey, popSignature, TeeAttestationCommitment[])` — validates each
  TEE commitment (rejects DirectTdx, rejects past expiries), stores the
  per-operator array in `_requestTeeCommitments`, and emits
  `TeeCommitmentRecorded`.

Activation persistence (`src/facets/tangle/TangleServicesFacet.sol`)
- `_activateService` calls `_persistTeeCommitments`, copying every
  approving operator's commitment list onto `_serviceTeeCommitments[serviceId]`.
- New view `getTeeCommitment(serviceId, operator)` exposes the array
  for blueprint provisioning hooks. Selector list grows 7 → 9.

Storage (`src/TangleStorage.sol`)
- Two new mappings: `_requestTeeCommitments[requestId][operator]` and
  `_serviceTeeCommitments[serviceId][operator]`. `__gap` reduced 44 → 42.

Errors (`src/libraries/Errors.sol`)
- `DirectTdxNotPermitted`, `TeeCommitmentExpired(uint64,uint64)`,
  `MeasurementMismatch(bytes32,bytes32)`, `TeeCommitmentLengthMismatch(uint256,uint256)`.

Interface (`src/interfaces/ITangleServices.sol`)
- New entrypoint declaration.

Tests (`test/tangle/TeeCommitmentApprovalTest.t.sol`, 9 cases)
- Happy path: Nitro commitment recorded, fetched via view.
- DirectTdx rejected at first slot and at later slot.
- Past-expiry and at-current-timestamp expiry rejected.
- Future expiry persists through activation.
- Empty TEE array passes through with no persistence.
- Multiple operators with distinct backends persisted per-operator.
- Unknown-operator view returns empty array.

Why this surface and not the existing `OperatorSecurityCommitment`:
TEE commitments have a different shape (backend enum + 32-byte
measurement + 32-byte nonce + uint64 expiry) and a different lifecycle
(expiry checked at approval; cross-check against live attestation by
blueprint). Folding into the existing AssetSecurityCommitment array
would require a discriminant tag and would muddle the per-asset vs
per-attestation storage layouts. A parallel storage slot keeps both
clean.

Author: drewstone

src/TangleStorage.sol

@@ -369,11 +369,24 @@ abstract contract TangleStorage {
     /// @notice Request ID => Resource requirements for this service request
     mapping(uint64 => Types.ResourceCommitment[]) internal _requestResourceRequirements;
 
+    // ═══════════════════════════════════════════════════════════════════════════
+    // TEE ATTESTATION COMMITMENTS
+    // ═══════════════════════════════════════════════════════════════════════════
+
+    /// @notice Request ID => Operator => TEE attestation commitments captured at approval.
+    /// @dev Transferred to `_serviceTeeCommitments` on activation; not used afterwards.
+    mapping(uint64 => mapping(address => Types.TeeAttestationCommitment[])) internal _requestTeeCommitments;
+
+    /// @notice Service ID => Operator => TEE attestation commitments persisted at activation.
+    /// @dev Read by blueprint contracts during their provisioning hooks to cross-check the
+    ///      live TEE attestation against the operator's on-chain commitment.
+    mapping(uint64 => mapping(address => Types.TeeAttestationCommitment[])) internal _serviceTeeCommitments;
+
     // ═══════════════════════════════════════════════════════════════════════════
     // RESERVED STORAGE GAP
     // ═══════════════════════════════════════════════════════════════════════════
 
     /// @dev Reserved storage slots for future upgrades
     /// @dev Standard gap size is 50 slots. When adding new storage, decrease this gap accordingly.
-    uint256[44] private __gap;
+    uint256[42] private __gap;
 }

src/core/ServicesApprovals.sol

@@ -22,6 +22,15 @@ abstract contract ServicesApprovals is Base {
     event ServiceApproved(uint64 indexed requestId, address indexed operator);
     event ServiceRejected(uint64 indexed requestId, address indexed operator);
 
+    /// @notice Emitted when an operator's TEE attestation commitment is recorded at approval.
+    /// @param requestId The service request ID being approved.
+    /// @param operator The approving operator (msg.sender).
+    /// @param backend Which TEE backend the operator commits to.
+    /// @param expectedMeasurement Measurement the live attestation must match off-chain.
+    event TeeCommitmentRecorded(
+        uint64 indexed requestId, address indexed operator, Types.TeeBackend backend, bytes32 expectedMeasurement
+    );
+
     // ═══════════════════════════════════════════════════════════════════════════
     // SERVICE APPROVAL
     // ═══════════════════════════════════════════════════════════════════════════
@@ -169,6 +178,159 @@ abstract contract ServicesApprovals is Base {
         _approveServiceWithCommitmentsInternal(requestId, commitments, blsPubkey);
     }
 
+    /// @notice Approve a service request with both security commitments, BLS public key,
+    ///         and TEE attestation commitments. Each TEE commitment is stored per-operator
+    ///         so blueprints can cross-check it against the live attestation produced when
+    ///         the workload provisions.
+    /// @dev `teeCommitments` may be empty if the request does not require a TEE workload;
+    ///      otherwise every entry MUST set a non-`DirectTdx` backend and (if `expiresAt != 0`)
+    ///      a future expiry. The list is interpreted as the operator's set of acceptable
+    ///      attestation profiles — any one matching at provisioning time satisfies the policy.
+    /// @param requestId The service request ID
+    /// @param commitments Per-asset security commitments (matches `approveServiceWithCommitments`)
+    /// @param blsPubkey BLS G2 pubkey [x0, x1, y0, y1] (zero pubkey allowed if BLS not used)
+    /// @param popSignature G1 proof-of-possession (only validated when blsPubkey is non-zero)
+    /// @param teeCommitments TEE attestation commitments to record for `msg.sender`
+    function approveServiceWithTeeCommitments(
+        uint64 requestId,
+        Types.AssetSecurityCommitment[] calldata commitments,
+        uint256[4] calldata blsPubkey,
+        uint256[2] calldata popSignature,
+        Types.TeeAttestationCommitment[] calldata teeCommitments
+    )
+        external
+        whenNotPaused
+        nonReentrant
+    {
+        // Authorize FIRST so an unauthorized caller never reaches the per-commitment
+        // SSTORE loop. Pure validation (no state change) of the commitment shape and
+        // BLS PoP follows; storage writes happen only after both gates pass.
+        _requireApprovingOperator(requestId);
+        _validateTeeCommitments(requestId, teeCommitments);
+        if (_isNonZeroBlsPubkey(blsPubkey)) {
+            _requireBlsProofOfPossession(msg.sender, blsPubkey, popSignature);
+        }
+        // Store TEE commitments BEFORE the internal approval flow triggers activation.
+        // `_approveServiceWithCommitmentsInternal` will call `_activateService` when this
+        // is the final approval, and the activation hook copies `_requestTeeCommitments`
+        // into `_serviceTeeCommitments`. Order matters: write to the request first.
+        _storeRequestTeeCommitments(requestId, msg.sender, teeCommitments);
+        _approveServiceWithCommitmentsInternal(requestId, commitments, blsPubkey);
+    }
+
+    /// @notice Per-operator cap on TEE attestation commitments at approval.
+    /// @dev Cold SSTORE per pushed entry is ~20K gas across 3 slots (~60K gas/entry).
+    ///      Without a cap, a malicious operator can submit a list large enough to
+    ///      gas-brick `_persistTeeCommitments` during the final operator's activation
+    ///      call, permanently stalling the service. 8 is well above any realistic
+    ///      number of acceptable backends an operator would commit to.
+    uint256 internal constant MAX_TEE_COMMITMENTS_PER_OPERATOR = 8;
+
+    /// @notice Maximum TTL on an operator's TEE attestation commitment.
+    /// @dev Without an upper bound, a commitment with `expiresAt = type(uint64).max`
+    ///      is effectively never-expiring, which defeats the "expiry forces
+    ///      re-attestation" intent of the field. 90 days is enough headroom for any
+    ///      realistic service lifetime; longer-lived services should re-commit on
+    ///      a renewal cadence rather than pin a single attestation indefinitely.
+    uint64 internal constant MAX_TEE_COMMITMENT_TTL = 90 days;
+
+    /// @notice Pre-flight authorization for an operator approving a request.
+    /// @dev Mirrors the auth gates inside `_approveServiceWithCommitmentsInternal`
+    ///      (request-not-rejected, operator-active, operator-in-request, not-already-approved).
+    ///      Hoisted up so storage-mutating paths in newer entrypoints can fail fast.
+    function _requireApprovingOperator(uint64 requestId) internal view {
+        Types.ServiceRequest storage req = _getServiceRequest(requestId);
+        if (req.rejected) revert Errors.ServiceRequestAlreadyProcessed(requestId);
+        if (!_staking.isOperatorActive(msg.sender)) revert Errors.OperatorNotActive(msg.sender);
+
+        bool isOperator = false;
+        address[] storage ops = _requestOperators[requestId];
+        for (uint256 i = 0; i < ops.length; i++) {
+            if (ops[i] == msg.sender) {
+                isOperator = true;
+                break;
+            }
+        }
+        if (!isOperator) revert Errors.Unauthorized();
+
+        if (_requestApprovals[requestId][msg.sender]) {
+            revert Errors.AlreadyApproved(requestId, msg.sender);
+        }
+    }
+
+    /// @notice Validate operator-supplied TEE attestation commitments.
+    /// @dev Reverts on: list too long; `Unset` or `DirectTdx` backend; wrong
+    ///      `nonceBinding` (not the request-derived value); zero expected-measurement;
+    ///      expiry in the past or further out than `MAX_TEE_COMMITMENT_TTL`. Empty
+    ///      array is allowed (operator opts out of TEE binding for this approval).
+    /// @param requestId The service request being approved — used to derive the
+    ///        canonical nonce that every commitment must carry.
+    /// @param teeCommitments Operator-supplied TEE attestation commitments.
+    function _validateTeeCommitments(
+        uint64 requestId,
+        Types.TeeAttestationCommitment[] calldata teeCommitments
+    )
+        internal
+        view
+    {
+        if (teeCommitments.length > MAX_TEE_COMMITMENTS_PER_OPERATOR) {
+            revert Errors.TooManyTeeCommitments(teeCommitments.length, MAX_TEE_COMMITMENTS_PER_OPERATOR);
+        }
+        bytes32 expectedNonce = teeNonceFor(requestId);
+        uint64 nowTs = uint64(block.timestamp);
+        uint64 maxExpiresAt = nowTs + MAX_TEE_COMMITMENT_TTL;
+        for (uint256 i = 0; i < teeCommitments.length; i++) {
+            Types.TeeBackend backend = teeCommitments[i].backend;
+            if (backend == Types.TeeBackend.Unset) revert Errors.UnsetTeeBackend();
+            if (backend == Types.TeeBackend.DirectTdx) revert Errors.DirectTdxNotPermitted();
+            // The attestation document the operator commits to must contain the
+            // request-derived nonce. The contract has no off-chain verifier so it
+            // enforces the binding directly: any other value (including zero) is
+            // rejected, eliminating cross-request replay at the source.
+            if (teeCommitments[i].nonceBinding != expectedNonce) {
+                revert Errors.InvalidNonceBinding();
+            }
+            // Zero measurement is not a real hash output. Either always-fail or
+            // always-trivially-pass under the off-chain comparator — reject the
+            // ambiguity at approval rather than discover it at provision time.
+            if (teeCommitments[i].expectedMeasurement == bytes32(0)) {
+                revert Errors.InvalidExpectedMeasurement();
+            }
+            uint64 expiresAt = teeCommitments[i].expiresAt;
+            if (expiresAt != 0) {
+                if (expiresAt <= nowTs) revert Errors.TeeCommitmentExpired(expiresAt, nowTs);
+                if (expiresAt > maxExpiresAt) revert Errors.TeeCommitmentExpiryTooFar(expiresAt, maxExpiresAt);
+            }
+        }
+    }
+
+    /// @notice Canonical TEE nonce binding for `requestId` on this chain/contract.
+    /// @dev Operators must use exactly this value as `nonceBinding` in any
+    ///      `TeeAttestationCommitment` for the request. Anyone (operator, client,
+    ///      verifier, indexer) can derive it deterministically.
+    /// @param requestId The service request ID.
+    /// @return The 32-byte nonce that uniquely binds an attestation to this
+    ///         request on this contract on this chain.
+    function teeNonceFor(uint64 requestId) public view returns (bytes32) {
+        return keccak256(abi.encode("tangle.tee.nonce", requestId, address(this), block.chainid));
+    }
+
+    /// @notice Persist validated TEE commitments and emit recording events.
+    function _storeRequestTeeCommitments(
+        uint64 requestId,
+        address operator,
+        Types.TeeAttestationCommitment[] calldata teeCommitments
+    )
+        internal
+    {
+        for (uint256 i = 0; i < teeCommitments.length; i++) {
+            _requestTeeCommitments[requestId][operator].push(teeCommitments[i]);
+            emit TeeCommitmentRecorded(
+                requestId, operator, teeCommitments[i].backend, teeCommitments[i].expectedMeasurement
+            );
+        }
+    }
+
     /// @notice Internal implementation for approving with commitments and optional BLS key
     function _approveServiceWithCommitmentsInternal(
         uint64 requestId,
@@ -242,13 +404,7 @@ abstract contract ServicesApprovals is Base {
     ///         to register a public key. Bound to chainId + verifying contract + operator
     ///         address so a PoP from one chain or operator cannot be replayed.
     function blsPopMessage(address operator, uint256[4] memory blsPubkey) public view returns (bytes memory) {
-        return abi.encode(
-            "TANGLE_BLS_POP_v1",
-            block.chainid,
-            address(this),
-            operator,
-            blsPubkey
-        );
+        return abi.encode("TANGLE_BLS_POP_v1", block.chainid, address(this), operator, blsPubkey);
     }
 
     /// @dev Reverts unless `popSignature` is a valid BLS G1 signature over `blsPopMessage`
@@ -258,7 +414,10 @@ abstract contract ServicesApprovals is Base {
         address operator,
         uint256[4] memory blsPubkey,
         uint256[2] memory popSignature
-    ) internal view {
+    )
+        internal
+        view
+    {
         if (!_isNonZeroBlsPubkey(blsPubkey)) revert Errors.InvalidBLSSignature();
 
         bool ok = BN254.verifyBls(

src/facets/tangle/TangleServicesFacet.sol

@@ -16,7 +16,7 @@ contract TangleServicesFacet is ServicesApprovals, IFacetSelectors {
     using EnumerableSet for EnumerableSet.AddressSet;
 
     function selectors() external pure returns (bytes4[] memory selectorList) {
-        selectorList = new bytes4[](7);
+        selectorList = new bytes4[](10);
         selectorList[0] = this.approveService.selector;
         selectorList[1] = bytes4(keccak256("approveServiceWithCommitments(uint64,((uint8,address),uint16)[])"));
         selectorList[2] = this.rejectService.selector;
@@ -26,6 +26,33 @@ contract TangleServicesFacet is ServicesApprovals, IFacetSelectors {
         );
         selectorList[5] = this.getOperatorBlsPubkey.selector;
         selectorList[6] = this.blsPopMessage.selector;
+        selectorList[7] = bytes4(
+            keccak256(
+                "approveServiceWithTeeCommitments(uint64,((uint8,address),uint16)[],uint256[4],uint256[2],(uint8,bytes32,bytes32,uint64)[])"
+            )
+        );
+        selectorList[8] = this.getTeeCommitment.selector;
+        selectorList[9] = this.teeNonceFor.selector;
+    }
+
+    /// @notice Read the operator's TEE attestation commitments for a service.
+    /// @dev Empty array if the operator approved without TEE commitments.
+    /// @param serviceId The active service ID
+    /// @param operator The operator whose commitments to read
+    /// @return commitments Array of recorded TEE commitments (matches storage order)
+    function getTeeCommitment(
+        uint64 serviceId,
+        address operator
+    )
+        external
+        view
+        returns (Types.TeeAttestationCommitment[] memory commitments)
+    {
+        Types.TeeAttestationCommitment[] storage stored = _serviceTeeCommitments[serviceId][operator];
+        commitments = new Types.TeeAttestationCommitment[](stored.length);
+        for (uint256 i = 0; i < stored.length; i++) {
+            commitments[i] = stored[i];
+        }
     }
 
     /// @notice Get operator's BLS public key for a service
@@ -66,6 +93,9 @@ contract TangleServicesFacet is ServicesApprovals, IFacetSelectors {
         // Persist resource commitments from request to service (hash per operator)
         _persistResourceCommitments(serviceId, requestId);
 
+        // Persist TEE attestation commitments from request to service (per operator).
+        _persistTeeCommitments(serviceId, requestId);
+
         (uint16[] memory exposures, uint256 totalExposure) = _assignOperatorsFromRequest(serviceId, requestId);
 
         _grantPermittedCallers(serviceId, requestId, req.requester);
@@ -301,4 +331,19 @@ contract TangleServicesFacet is ServicesApprovals, IFacetSelectors {
             }
         }
     }
+
+    /// @notice Copy TEE attestation commitments from request to service for every operator.
+    /// @dev Skips operators that did not record commitments at approval time.
+    function _persistTeeCommitments(uint64 serviceId, uint64 requestId) private {
+        address[] storage requestOperators = _requestOperators[requestId];
+        for (uint256 i = 0; i < requestOperators.length; i++) {
+            address op = requestOperators[i];
+            Types.TeeAttestationCommitment[] storage src = _requestTeeCommitments[requestId][op];
+            uint256 len = src.length;
+            if (len == 0) continue;
+            for (uint256 j = 0; j < len; j++) {
+                _serviceTeeCommitments[serviceId][op].push(src[j]);
+            }
+        }
+    }
 }

src/interfaces/ITangleServices.sol

@@ -131,7 +131,8 @@ interface ITangleServices {
         uint8 stakingPercent,
         uint256[4] calldata blsPubkey,
         uint256[2] calldata popSignature
-    ) external;
+    )
+        external;
 
     /// @notice Approve a service request with both security commitments and BLS public key
     /// @param requestId The service request ID
@@ -146,6 +147,38 @@ interface ITangleServices {
     )
         external;
 
+    /// @notice Approve a service request with security commitments, BLS pubkey, and TEE
+    ///         attestation commitments. Each commitment binds the operator to a specific
+    ///         backend + measurement that must match the live attestation off-chain.
+    /// @param requestId The service request ID
+    /// @param commitments Security commitments matching the request requirements
+    /// @param blsPubkey The operator's BLS G2 public key (zero pubkey allowed if BLS unused)
+    /// @param popSignature G1 proof-of-possession signature (only validated when blsPubkey != 0)
+    /// @param teeCommitments TEE attestation commitments to record for the caller
+    function approveServiceWithTeeCommitments(
+        uint64 requestId,
+        Types.AssetSecurityCommitment[] calldata commitments,
+        uint256[4] calldata blsPubkey,
+        uint256[2] calldata popSignature,
+        Types.TeeAttestationCommitment[] calldata teeCommitments
+    )
+        external;
+
+    /// @notice Read recorded TEE commitments for an operator on an active service.
+    function getTeeCommitment(
+        uint64 serviceId,
+        address operator
+    )
+        external
+        view
+        returns (Types.TeeAttestationCommitment[] memory);
+
+    /// @notice Canonical TEE attestation nonce binding for `requestId` on this
+    ///         contract on this chain. Operators MUST submit this exact value as
+    ///         `nonceBinding` in any `TeeAttestationCommitment` for the request —
+    ///         it eliminates cross-request attestation replay at approval time.
+    function teeNonceFor(uint64 requestId) external view returns (bytes32);
+
     /// @notice Build the canonical message an operator must sign with their BLS secret key
     ///         to register a public key. Bound to chainId + verifying contract + operator.
     function blsPopMessage(address operator, uint256[4] memory blsPubkey) external view returns (bytes memory);