From 177ddc60abbe2ba5545122a332ec35adeecb1014 Mon Sep 17 00:00:00 2001 From: Tejaswi Nadahalli Date: Tue, 24 Feb 2026 23:54:19 +0100 Subject: [PATCH 1/3] Add confidential-workflows capability codegen Generated Go types and server from the new confidential-workflows proto in chainlink-protos. Types: SecretIdentifier, WorkflowExecution, ConfidentialWorkflowRequest, ConfidentialWorkflowResponse. Server implements ClientCapability interface with Execute method. --- go.mod | 2 +- go.sum | 4 +- .../actions/confidentialworkflow/client.pb.go | 340 ++++++++++++++++++ .../actions/confidentialworkflow/generate.go | 2 + .../server/client_server_gen.go | 142 ++++++++ 5 files changed, 487 insertions(+), 3 deletions(-) create mode 100644 pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go create mode 100644 pkg/capabilities/v2/actions/confidentialworkflow/generate.go create mode 100644 pkg/capabilities/v2/actions/confidentialworkflow/server/client_server_gen.go diff --git a/go.mod b/go.mod index 8c1823c19..1f59a51fc 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.89 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10 github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260217043601-5cc966896c4f + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80 github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260205130626-db2a2aab956b github.com/smartcontractkit/chainlink-protos/storage-service v0.3.0 diff --git a/go.sum b/go.sum index ce76fc673..6f4492ca9 100644 --- a/go.sum +++ b/go.sum @@ -332,8 +332,8 @@ github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10 h1:FJAFgXS9 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10/go.mod h1:oiDa54M0FwxevWwyAX773lwdWvFYYlYHHQV1LQ5HpWY= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 h1:GCzrxDWn3b7jFfEA+WiYRi8CKoegsayiDoJBCjYkneE= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4/go.mod h1:HHGeDUpAsPa0pmOx7wrByCitjQ0mbUxf0R9v+g67uCA= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260217043601-5cc966896c4f h1:MHlgzqiDPyDV397bZkzS9TtWXb3FR9Pb8FR9cP9h0As= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260217043601-5cc966896c4f/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80 h1:j+ZaE8Lbe1EV7fXxJRBZt+cZtDhxPjE2lHapycr8O3o= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b h1:QuI6SmQFK/zyUlVWEf0GMkiUYBPY4lssn26nKSd/bOM= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b/go.mod h1:qSTSwX3cBP3FKQwQacdjArqv0g6QnukjV4XuzO6UyoY= github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260205130626-db2a2aab956b h1:36knUpKHHAZ86K4FGWXtx8i/EQftGdk2bqCoEu/Cha8= diff --git a/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go b/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go new file mode 100644 index 000000000..0ce3c53b9 --- /dev/null +++ b/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go @@ -0,0 +1,340 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc v5.29.3 +// source: capabilities/compute/confidentialworkflow/v1alpha/client.proto + +package confidentialworkflow + +import ( + _ "github.com/smartcontractkit/chainlink-protos/cre/go/tools/generator" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type SecretIdentifier struct { + state protoimpl.MessageState `protogen:"open.v1"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Owner *string `protobuf:"bytes,3,opt,name=owner,proto3,oneof" json:"owner,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecretIdentifier) Reset() { + *x = SecretIdentifier{} + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecretIdentifier) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecretIdentifier) ProtoMessage() {} + +func (x *SecretIdentifier) ProtoReflect() protoreflect.Message { + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SecretIdentifier.ProtoReflect.Descriptor instead. +func (*SecretIdentifier) Descriptor() ([]byte, []int) { + return file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescGZIP(), []int{0} +} + +func (x *SecretIdentifier) GetKey() string { + if x != nil { + return x.Key + } + return "" +} + +func (x *SecretIdentifier) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *SecretIdentifier) GetOwner() string { + if x != nil && x.Owner != nil { + return *x.Owner + } + return "" +} + +// WorkflowExecution is the public data sent to the enclave. +// Becomes ComputeRequest.PublicData after proto serialization. +type WorkflowExecution struct { + state protoimpl.MessageState `protogen:"open.v1"` + // workflow_id identifies the workflow to execute. + WorkflowId string `protobuf:"bytes,1,opt,name=workflow_id,json=workflowId,proto3" json:"workflow_id,omitempty"` + // binary_url is the URL from which the enclave fetches the compiled WASM binary. + BinaryUrl string `protobuf:"bytes,2,opt,name=binary_url,json=binaryUrl,proto3" json:"binary_url,omitempty"` + // binary_hash is the expected SHA-256 hash of the WASM binary, for integrity verification. + BinaryHash []byte `protobuf:"bytes,3,opt,name=binary_hash,json=binaryHash,proto3" json:"binary_hash,omitempty"` + // execute_request is a serialized sdk.v1alpha.ExecuteRequest proto. + // Contains either a subscribe request or a trigger execution request. + ExecuteRequest []byte `protobuf:"bytes,4,opt,name=execute_request,json=executeRequest,proto3" json:"execute_request,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *WorkflowExecution) Reset() { + *x = WorkflowExecution{} + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WorkflowExecution) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkflowExecution) ProtoMessage() {} + +func (x *WorkflowExecution) ProtoReflect() protoreflect.Message { + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkflowExecution.ProtoReflect.Descriptor instead. +func (*WorkflowExecution) Descriptor() ([]byte, []int) { + return file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescGZIP(), []int{1} +} + +func (x *WorkflowExecution) GetWorkflowId() string { + if x != nil { + return x.WorkflowId + } + return "" +} + +func (x *WorkflowExecution) GetBinaryUrl() string { + if x != nil { + return x.BinaryUrl + } + return "" +} + +func (x *WorkflowExecution) GetBinaryHash() []byte { + if x != nil { + return x.BinaryHash + } + return nil +} + +func (x *WorkflowExecution) GetExecuteRequest() []byte { + if x != nil { + return x.ExecuteRequest + } + return nil +} + +// ConfidentialWorkflowRequest is the input provided to the confidential workflows capability. +// It combines a WorkflowExecution with secrets from VaultDON. +type ConfidentialWorkflowRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + VaultDonSecrets []*SecretIdentifier `protobuf:"bytes,1,rep,name=vault_don_secrets,json=vaultDonSecrets,proto3" json:"vault_don_secrets,omitempty"` + Execution *WorkflowExecution `protobuf:"bytes,2,opt,name=execution,proto3" json:"execution,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ConfidentialWorkflowRequest) Reset() { + *x = ConfidentialWorkflowRequest{} + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ConfidentialWorkflowRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConfidentialWorkflowRequest) ProtoMessage() {} + +func (x *ConfidentialWorkflowRequest) ProtoReflect() protoreflect.Message { + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConfidentialWorkflowRequest.ProtoReflect.Descriptor instead. +func (*ConfidentialWorkflowRequest) Descriptor() ([]byte, []int) { + return file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescGZIP(), []int{2} +} + +func (x *ConfidentialWorkflowRequest) GetVaultDonSecrets() []*SecretIdentifier { + if x != nil { + return x.VaultDonSecrets + } + return nil +} + +func (x *ConfidentialWorkflowRequest) GetExecution() *WorkflowExecution { + if x != nil { + return x.Execution + } + return nil +} + +// ConfidentialWorkflowResponse is the output from the confidential workflows capability. +type ConfidentialWorkflowResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // execution_result is a serialized sdk.v1alpha.ExecutionResult proto. + ExecutionResult []byte `protobuf:"bytes,1,opt,name=execution_result,json=executionResult,proto3" json:"execution_result,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ConfidentialWorkflowResponse) Reset() { + *x = ConfidentialWorkflowResponse{} + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ConfidentialWorkflowResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConfidentialWorkflowResponse) ProtoMessage() {} + +func (x *ConfidentialWorkflowResponse) ProtoReflect() protoreflect.Message { + mi := &file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConfidentialWorkflowResponse.ProtoReflect.Descriptor instead. +func (*ConfidentialWorkflowResponse) Descriptor() ([]byte, []int) { + return file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescGZIP(), []int{3} +} + +func (x *ConfidentialWorkflowResponse) GetExecutionResult() []byte { + if x != nil { + return x.ExecutionResult + } + return nil +} + +var File_capabilities_compute_confidentialworkflow_v1alpha_client_proto protoreflect.FileDescriptor + +const file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc = "" + + "\n" + + ">capabilities/compute/confidentialworkflow/v1alpha/client.proto\x121capabilities.compute.confidentialworkflow.v1alpha\x1a*tools/generator/v1alpha/cre_metadata.proto\"g\n" + + "\x10SecretIdentifier\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x1c\n" + + "\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x19\n" + + "\x05owner\x18\x03 \x01(\tH\x00R\x05owner\x88\x01\x01B\b\n" + + "\x06_owner\"\x9d\x01\n" + + "\x11WorkflowExecution\x12\x1f\n" + + "\vworkflow_id\x18\x01 \x01(\tR\n" + + "workflowId\x12\x1d\n" + + "\n" + + "binary_url\x18\x02 \x01(\tR\tbinaryUrl\x12\x1f\n" + + "\vbinary_hash\x18\x03 \x01(\fR\n" + + "binaryHash\x12'\n" + + "\x0fexecute_request\x18\x04 \x01(\fR\x0eexecuteRequest\"\xf2\x01\n" + + "\x1bConfidentialWorkflowRequest\x12o\n" + + "\x11vault_don_secrets\x18\x01 \x03(\v2C.capabilities.compute.confidentialworkflow.v1alpha.SecretIdentifierR\x0fvaultDonSecrets\x12b\n" + + "\texecution\x18\x02 \x01(\v2D.capabilities.compute.confidentialworkflow.v1alpha.WorkflowExecutionR\texecution\"I\n" + + "\x1cConfidentialWorkflowResponse\x12)\n" + + "\x10execution_result\x18\x01 \x01(\fR\x0fexecutionResult2\xe1\x01\n" + + "\x06Client\x12\xaa\x01\n" + + "\aExecute\x12N.capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowRequest\x1aO.capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowResponse\x1a*\x82\xb5\x18&\b\x01\x12\"confidential-workflows@1.0.0-alphab\x06proto3" + +var ( + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescOnce sync.Once + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescData []byte +) + +func file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescGZIP() []byte { + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescOnce.Do(func() { + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc), len(file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc))) + }) + return file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDescData +} + +var file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_goTypes = []any{ + (*SecretIdentifier)(nil), // 0: capabilities.compute.confidentialworkflow.v1alpha.SecretIdentifier + (*WorkflowExecution)(nil), // 1: capabilities.compute.confidentialworkflow.v1alpha.WorkflowExecution + (*ConfidentialWorkflowRequest)(nil), // 2: capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowRequest + (*ConfidentialWorkflowResponse)(nil), // 3: capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowResponse +} +var file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_depIdxs = []int32{ + 0, // 0: capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowRequest.vault_don_secrets:type_name -> capabilities.compute.confidentialworkflow.v1alpha.SecretIdentifier + 1, // 1: capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowRequest.execution:type_name -> capabilities.compute.confidentialworkflow.v1alpha.WorkflowExecution + 2, // 2: capabilities.compute.confidentialworkflow.v1alpha.Client.Execute:input_type -> capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowRequest + 3, // 3: capabilities.compute.confidentialworkflow.v1alpha.Client.Execute:output_type -> capabilities.compute.confidentialworkflow.v1alpha.ConfidentialWorkflowResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_init() } +func file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_init() { + if File_capabilities_compute_confidentialworkflow_v1alpha_client_proto != nil { + return + } + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes[0].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc), len(file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc)), + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_goTypes, + DependencyIndexes: file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_depIdxs, + MessageInfos: file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_msgTypes, + }.Build() + File_capabilities_compute_confidentialworkflow_v1alpha_client_proto = out.File + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_goTypes = nil + file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_depIdxs = nil +} diff --git a/pkg/capabilities/v2/actions/confidentialworkflow/generate.go b/pkg/capabilities/v2/actions/confidentialworkflow/generate.go new file mode 100644 index 000000000..ddadaf6e4 --- /dev/null +++ b/pkg/capabilities/v2/actions/confidentialworkflow/generate.go @@ -0,0 +1,2 @@ +//go:generate go run ../../gen --pkg=github.com/smartcontractkit/chainlink-common/pkg/capabilities/v2/actions/confidentialworkflow --file=capabilities/compute/confidentialworkflow/v1alpha/client.proto +package confidentialworkflow diff --git a/pkg/capabilities/v2/actions/confidentialworkflow/server/client_server_gen.go b/pkg/capabilities/v2/actions/confidentialworkflow/server/client_server_gen.go new file mode 100644 index 000000000..c98f8a5dc --- /dev/null +++ b/pkg/capabilities/v2/actions/confidentialworkflow/server/client_server_gen.go @@ -0,0 +1,142 @@ +// Code generated by github.com/smartcontractkit/chainlink-common/pkg/capabilities/v2/protoc, DO NOT EDIT. + +package server + +import ( + "context" + "fmt" + "time" + + "github.com/smartcontractkit/chainlink-common/pkg/capabilities/v2/actions/confidentialworkflow" + "google.golang.org/protobuf/types/known/emptypb" + + "github.com/smartcontractkit/chainlink-common/pkg/capabilities" + caperrors "github.com/smartcontractkit/chainlink-common/pkg/capabilities/errors" + "github.com/smartcontractkit/chainlink-common/pkg/types/core" +) + +// Avoid unused imports if there is configuration type +var _ = emptypb.Empty{} + +type ClientCapability interface { + Execute(ctx context.Context, metadata capabilities.RequestMetadata, input *confidentialworkflow.ConfidentialWorkflowRequest) (*capabilities.ResponseAndMetadata[*confidentialworkflow.ConfidentialWorkflowResponse], caperrors.Error) + + Start(ctx context.Context) error + Close() error + HealthReport() map[string]error + Name() string + Description() string + Ready() error + Initialise(ctx context.Context, dependencies core.StandardCapabilitiesDependencies) error +} + +func NewClientServer(capability ClientCapability) *ClientServer { + stopCh := make(chan struct{}) + return &ClientServer{ + clientCapability: clientCapability{ClientCapability: capability, stopCh: stopCh}, + stopCh: stopCh, + } +} + +type ClientServer struct { + clientCapability + capabilityRegistry core.CapabilitiesRegistry + stopCh chan struct{} +} + +func (c *ClientServer) Initialise(ctx context.Context, dependencies core.StandardCapabilitiesDependencies) error { + if err := c.ClientCapability.Initialise(ctx, dependencies); err != nil { + return fmt.Errorf("error when initializing capability: %w", err) + } + + c.capabilityRegistry = dependencies.CapabilityRegistry + + if err := dependencies.CapabilityRegistry.Add(ctx, &clientCapability{ + ClientCapability: c.ClientCapability, + }); err != nil { + return fmt.Errorf("error when adding %s to the registry: %w", "confidential-workflows@1.0.0-alpha", err) + } + + return nil +} + +func (c *ClientServer) Close() error { + ctx, cancel := context.WithTimeout(context.Background(), time.Second) + defer cancel() + + if c.capabilityRegistry != nil { + if err := c.capabilityRegistry.Remove(ctx, "confidential-workflows@1.0.0-alpha"); err != nil { + return err + } + } + + if c.stopCh != nil { + close(c.stopCh) + } + + return c.clientCapability.Close() +} + +func (c *ClientServer) Infos(ctx context.Context) ([]capabilities.CapabilityInfo, error) { + info, err := c.clientCapability.Info(ctx) + if err != nil { + return nil, err + } + return []capabilities.CapabilityInfo{info}, nil +} + +type clientCapability struct { + ClientCapability + stopCh chan struct{} +} + +func (c *clientCapability) Info(ctx context.Context) (capabilities.CapabilityInfo, error) { + // Maybe we do need to split it out, even if the user doesn't see it + return capabilities.NewCapabilityInfo("confidential-workflows@1.0.0-alpha", capabilities.CapabilityTypeCombined, c.ClientCapability.Description()) +} + +var _ capabilities.ExecutableAndTriggerCapability = (*clientCapability)(nil) + +const ClientID = "confidential-workflows@1.0.0-alpha" + +func (c *clientCapability) RegisterTrigger(ctx context.Context, request capabilities.TriggerRegistrationRequest) (<-chan capabilities.TriggerResponse, error) { + return nil, fmt.Errorf("trigger %s not found", request.Method) +} + +func (c *clientCapability) UnregisterTrigger(ctx context.Context, request capabilities.TriggerRegistrationRequest) error { + return fmt.Errorf("trigger %s not found", request.Method) +} + +func (c *clientCapability) AckEvent(ctx context.Context, triggerId string, eventId string, method string) error { + return fmt.Errorf("trigger %s not found", method) +} + +func (c *clientCapability) RegisterToWorkflow(ctx context.Context, request capabilities.RegisterToWorkflowRequest) error { + return nil +} + +func (c *clientCapability) UnregisterFromWorkflow(ctx context.Context, request capabilities.UnregisterFromWorkflowRequest) error { + return nil +} + +func (c *clientCapability) Execute(ctx context.Context, request capabilities.CapabilityRequest) (capabilities.CapabilityResponse, error) { + response := capabilities.CapabilityResponse{} + switch request.Method { + case "Execute": + input := &confidentialworkflow.ConfidentialWorkflowRequest{} + config := &emptypb.Empty{} + wrapped := func(ctx context.Context, metadata capabilities.RequestMetadata, input *confidentialworkflow.ConfidentialWorkflowRequest, _ *emptypb.Empty) (*confidentialworkflow.ConfidentialWorkflowResponse, capabilities.ResponseMetadata, error) { + output, err := c.ClientCapability.Execute(ctx, metadata, input) + if err != nil { + return nil, capabilities.ResponseMetadata{}, err + } + if output == nil { + return nil, capabilities.ResponseMetadata{}, fmt.Errorf("output and error is nil for method Execute(..) (if output is nil error must be present)") + } + return output.Response, output.ResponseMetadata, err + } + return capabilities.Execute(ctx, request, input, config, wrapped) + default: + return response, fmt.Errorf("method %s not found", request.Method) + } +} From 5a11a4483c740d1ba1e5fcb8f86c2fb2460b482b Mon Sep 17 00:00:00 2001 From: Tejaswi Nadahalli Date: Wed, 25 Feb 2026 21:03:24 +0100 Subject: [PATCH 2/3] Bump chainlink-protos to v1alpha.22, regen confidential-workflows Removes owner field from SecretIdentifier per reviewer feedback. --- go.mod | 2 +- go.sum | 6 ++-- .../actions/confidentialworkflow/client.pb.go | 29 +++++++------------ 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 1f59a51fc..b1b126659 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( github.com/smartcontractkit/chain-selectors v1.0.89 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10 github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 - github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80 + github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260225200009-1450f741ef1c github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260205130626-db2a2aab956b github.com/smartcontractkit/chainlink-protos/storage-service v0.3.0 diff --git a/go.sum b/go.sum index 6f4492ca9..46b2ff04d 100644 --- a/go.sum +++ b/go.sum @@ -332,8 +332,10 @@ github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10 h1:FJAFgXS9 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10/go.mod h1:oiDa54M0FwxevWwyAX773lwdWvFYYlYHHQV1LQ5HpWY= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 h1:GCzrxDWn3b7jFfEA+WiYRi8CKoegsayiDoJBCjYkneE= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4/go.mod h1:HHGeDUpAsPa0pmOx7wrByCitjQ0mbUxf0R9v+g67uCA= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80 h1:j+ZaE8Lbe1EV7fXxJRBZt+cZtDhxPjE2lHapycr8O3o= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224225152-d15e712c0c80/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224231504-2fedc0c56894 h1:F7DkprQU5szdkOaFDL7iI8WuQS+AJBdQHKfLH0iga/k= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224231504-2fedc0c56894/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260225200009-1450f741ef1c h1:VQWksaR97/ca3DtRdLBGW/Ef/A6lDPY1pU9hsnk/TfA= +github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260225200009-1450f741ef1c/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b h1:QuI6SmQFK/zyUlVWEf0GMkiUYBPY4lssn26nKSd/bOM= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b/go.mod h1:qSTSwX3cBP3FKQwQacdjArqv0g6QnukjV4XuzO6UyoY= github.com/smartcontractkit/chainlink-protos/node-platform v0.0.0-20260205130626-db2a2aab956b h1:36knUpKHHAZ86K4FGWXtx8i/EQftGdk2bqCoEu/Cha8= diff --git a/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go b/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go index 0ce3c53b9..afa45a98f 100644 --- a/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go +++ b/pkg/capabilities/v2/actions/confidentialworkflow/client.pb.go @@ -23,10 +23,10 @@ const ( ) type SecretIdentifier struct { - state protoimpl.MessageState `protogen:"open.v1"` - Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` - Owner *string `protobuf:"bytes,3,opt,name=owner,proto3,oneof" json:"owner,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + // namespace defaults to "main" when unset. + Namespace *string `protobuf:"bytes,2,opt,name=namespace,proto3,oneof" json:"namespace,omitempty"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -69,15 +69,8 @@ func (x *SecretIdentifier) GetKey() string { } func (x *SecretIdentifier) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *SecretIdentifier) GetOwner() string { - if x != nil && x.Owner != nil { - return *x.Owner + if x != nil && x.Namespace != nil { + return *x.Namespace } return "" } @@ -261,12 +254,12 @@ var File_capabilities_compute_confidentialworkflow_v1alpha_client_proto protoref const file_capabilities_compute_confidentialworkflow_v1alpha_client_proto_rawDesc = "" + "\n" + - ">capabilities/compute/confidentialworkflow/v1alpha/client.proto\x121capabilities.compute.confidentialworkflow.v1alpha\x1a*tools/generator/v1alpha/cre_metadata.proto\"g\n" + + ">capabilities/compute/confidentialworkflow/v1alpha/client.proto\x121capabilities.compute.confidentialworkflow.v1alpha\x1a*tools/generator/v1alpha/cre_metadata.proto\"U\n" + "\x10SecretIdentifier\x12\x10\n" + - "\x03key\x18\x01 \x01(\tR\x03key\x12\x1c\n" + - "\tnamespace\x18\x02 \x01(\tR\tnamespace\x12\x19\n" + - "\x05owner\x18\x03 \x01(\tH\x00R\x05owner\x88\x01\x01B\b\n" + - "\x06_owner\"\x9d\x01\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12!\n" + + "\tnamespace\x18\x02 \x01(\tH\x00R\tnamespace\x88\x01\x01B\f\n" + + "\n" + + "_namespace\"\x9d\x01\n" + "\x11WorkflowExecution\x12\x1f\n" + "\vworkflow_id\x18\x01 \x01(\tR\n" + "workflowId\x12\x1d\n" + From 4e664c277ce04656546f8713c5830f46183f7d4f Mon Sep 17 00:00:00 2001 From: Tejaswi Nadahalli Date: Wed, 25 Feb 2026 21:06:33 +0100 Subject: [PATCH 3/3] Run make gomodtidy --- go.sum | 2 -- 1 file changed, 2 deletions(-) diff --git a/go.sum b/go.sum index 46b2ff04d..bbc0c7d99 100644 --- a/go.sum +++ b/go.sum @@ -332,8 +332,6 @@ github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10 h1:FJAFgXS9 github.com/smartcontractkit/chainlink-common/pkg/chipingress v0.0.10/go.mod h1:oiDa54M0FwxevWwyAX773lwdWvFYYlYHHQV1LQ5HpWY= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4 h1:GCzrxDWn3b7jFfEA+WiYRi8CKoegsayiDoJBCjYkneE= github.com/smartcontractkit/chainlink-protos/billing/go v0.0.0-20251024234028-0988426d98f4/go.mod h1:HHGeDUpAsPa0pmOx7wrByCitjQ0mbUxf0R9v+g67uCA= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224231504-2fedc0c56894 h1:F7DkprQU5szdkOaFDL7iI8WuQS+AJBdQHKfLH0iga/k= -github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260224231504-2fedc0c56894/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260225200009-1450f741ef1c h1:VQWksaR97/ca3DtRdLBGW/Ef/A6lDPY1pU9hsnk/TfA= github.com/smartcontractkit/chainlink-protos/cre/go v0.0.0-20260225200009-1450f741ef1c/go.mod h1:Jqt53s27Tr0jDl8mdBXg1xhu6F8Fci8JOuq43tgHOM8= github.com/smartcontractkit/chainlink-protos/linking-service/go v0.0.0-20251002192024-d2ad9222409b h1:QuI6SmQFK/zyUlVWEf0GMkiUYBPY4lssn26nKSd/bOM=