|
| 1 | +# dstack KMS auth-mock |
| 2 | + |
| 3 | +a mock implementation of the dstack KMS backend using bun + hono + zod. **this backend always returns success for all authentication requests** and does not interact with any blockchain. |
| 4 | + |
| 5 | +## features |
| 6 | + |
| 7 | +- 🚀 fast and lightweight with bun runtime |
| 8 | +- 🔧 modern web framework with hono.js |
| 9 | +- ✅ type-safe validation with zod.js |
| 10 | +- 📦 single file implementation |
| 11 | +- 🎭 **mock behavior**: all authentications succeed |
| 12 | +- 🚫 **no blockchain interaction**: no dependencies on ethereum/contracts |
| 13 | + |
| 14 | +## use cases |
| 15 | + |
| 16 | +- 🧪 **development & testing**: test applications without blockchain setup |
| 17 | +- 🚀 **rapid prototyping**: quickly validate integration workflows |
| 18 | +- 🔍 **debugging**: isolate issues by removing blockchain dependencies |
| 19 | +- 📚 **demos**: showcase functionality without complex infrastructure |
| 20 | + |
| 21 | +## installation |
| 22 | + |
| 23 | +```bash |
| 24 | +# install dependencies |
| 25 | +bun install |
| 26 | +``` |
| 27 | + |
| 28 | +## usage |
| 29 | + |
| 30 | +### development |
| 31 | +```bash |
| 32 | +# run with hot reload |
| 33 | +bun run dev |
| 34 | +``` |
| 35 | + |
| 36 | +### production |
| 37 | +```bash |
| 38 | +# run directly |
| 39 | +bun run start |
| 40 | + |
| 41 | +# or build first |
| 42 | +bun run build |
| 43 | +``` |
| 44 | + |
| 45 | +### testing |
| 46 | +```bash |
| 47 | +# run tests (watch mode) |
| 48 | +bun run test |
| 49 | + |
| 50 | +# run tests once |
| 51 | +bun run test:run |
| 52 | +``` |
| 53 | + |
| 54 | +### code quality |
| 55 | +```bash |
| 56 | +# run linter |
| 57 | +bun run lint |
| 58 | + |
| 59 | +# run linter and fix issues |
| 60 | +bun run lint:fix |
| 61 | + |
| 62 | +# format code |
| 63 | +bun run format |
| 64 | + |
| 65 | +# run full check (lint + tests) |
| 66 | +bun run check |
| 67 | +``` |
| 68 | + |
| 69 | +## environment variables |
| 70 | + |
| 71 | +- `KMS_CONTRACT_ADDR` - mock contract address (default: 0xmockcontract1234567890123456789012345678) |
| 72 | +- `PORT` - server port (default: 3000) |
| 73 | + |
| 74 | +## API endpoints |
| 75 | + |
| 76 | +### GET / |
| 77 | +health check and mock system information |
| 78 | + |
| 79 | +**response includes a `note` field indicating this is a mock backend** |
| 80 | + |
| 81 | +### POST /bootAuth/app |
| 82 | +application boot authentication - **always returns isAllowed=true** |
| 83 | + |
| 84 | +### POST /bootAuth/kms |
| 85 | +KMS boot authentication - **always returns isAllowed=true** |
| 86 | + |
| 87 | +## request format |
| 88 | + |
| 89 | +identical to the real backend: |
| 90 | + |
| 91 | +```json |
| 92 | +{ |
| 93 | + "mrAggregated": "string", |
| 94 | + "osImageHash": "string", |
| 95 | + "appId": "string", |
| 96 | + "composeHash": "string", |
| 97 | + "instanceId": "string", |
| 98 | + "deviceId": "string", |
| 99 | + "tcbStatus": "string (optional)", |
| 100 | + "advisoryIds": ["string (optional)"], |
| 101 | + "mrSystem": "string (optional)" |
| 102 | +} |
| 103 | +``` |
| 104 | + |
| 105 | +## response format |
| 106 | + |
| 107 | +```json |
| 108 | +{ |
| 109 | + "isAllowed": true, |
| 110 | + "reason": "mock app always allowed" | "mock KMS always allowed", |
| 111 | + "gatewayAppId": "0xmockgateway1234567890123456789012345678" |
| 112 | +} |
| 113 | +``` |
| 114 | + |
| 115 | +## mock behavior |
| 116 | + |
| 117 | +### ✅ always succeeds |
| 118 | +- all POST requests return `isAllowed: true` |
| 119 | +- no validation against blockchain |
| 120 | +- no actual security checks |
| 121 | + |
| 122 | +### 📝 logs requests |
| 123 | +- logs incoming requests with key identifiers |
| 124 | +- helps with debugging and monitoring |
| 125 | + |
| 126 | +### 🎯 consistent responses |
| 127 | +- predictable mock values for testing |
| 128 | +- same response format as real backend |
| 129 | + |
| 130 | +## API compatibility |
| 131 | + |
| 132 | +this implementation is fully API-compatible with the real backend: |
| 133 | + |
| 134 | +- **request/response schemas**: identical to production API |
| 135 | +- **OpenAPI specification**: available in `openapi.json` |
| 136 | +- **comprehensive testing**: vitest test suite validates behavior |
| 137 | +- **backward compatibility**: supports both minimal and full BootInfo formats |
| 138 | + |
| 139 | +### differences from real backend |
| 140 | + |
| 141 | +| aspect | real backend | mock backend | |
| 142 | +|--------|-------------|--------------| |
| 143 | +| blockchain interaction | ✅ calls smart contracts | ❌ no blockchain | |
| 144 | +| authentication logic | ✅ validates against chain | ❌ always allows | |
| 145 | +| security | ✅ enforces policies | ❌ bypasses all checks | |
| 146 | +| performance | 🐌 depends on network | 🚀 instant responses | |
| 147 | +| setup complexity | 🔧 requires ethereum setup | ✅ zero config | |
| 148 | + |
| 149 | +## warnings |
| 150 | + |
| 151 | +⚠️ **never use in production** - this backend bypasses all security checks |
| 152 | + |
| 153 | +⚠️ **development only** - intended for testing and development environments |
| 154 | + |
| 155 | +⚠️ **no security** - all requests are approved regardless of validity |
| 156 | + |
| 157 | +## transitioning to real backend |
| 158 | + |
| 159 | +to switch from mock to real backend: |
| 160 | + |
| 161 | +1. replace `kms/auth-mock` with `kms/auth-eth-bun` |
| 162 | +2. configure ethereum RPC endpoint |
| 163 | +3. deploy smart contracts |
| 164 | +4. update environment variables |
| 165 | + |
| 166 | +the API remains identical, so no client code changes are needed. |
0 commit comments