tlsnotary · heeckhau · May 30, 2025 · May 28, 2025 · May 28, 2025 · May 28, 2025
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -13,7 +13,7 @@ jobs:
       RELEASE_MODE: 'dry-run' # dry-run by default, will be set to 'publish' for release builds
     services:
       notary-server:
-        image: ghcr.io/tlsnotary/tlsn/notary-server:v0.1.0-alpha.10
+        image: ghcr.io/tlsnotary/tlsn/notary-server:v0.1.0-alpha.11
         env:
           NOTARY_SERVER__TLS__ENABLED: false
         ports:

diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     services:
       notary-server:
-        image: ghcr.io/tlsnotary/tlsn/notary-server:v0.1.0-alpha.10
+        image: ghcr.io/tlsnotary/tlsn/notary-server:v0.1.0-alpha.11
         env:
           NOTARY_SERVER__TLS__ENABLED: false
         ports:

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,6 +1,6 @@
 {
     "rust-analyzer.linkedProjects": [
-        "interactive-demo/verifier-rs/Cargo.toml",
-        "interactive-demo/prover-rs/Cargo.toml"
+        "demo/interactive-demo/verifier-rs/Cargo.toml",
+        "demo/interactive-demo/prover-rs/Cargo.toml"
     ],
 }
diff --git a/demo/interactive-demo/prover-rs/Cargo.toml b/demo/interactive-demo/prover-rs/Cargo.toml
@@ -25,7 +25,8 @@ tracing-subscriber = { version ="0.3.18", features = ["env-filter"] }
 uuid = { version = "1.4.1", features = ["v4", "fast-rng"] }
 ws_stream_tungstenite = { version = "0.13", features = ["tokio_io"] }
 
-tlsn-core = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-core" }
-tlsn-prover = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-prover" }
-tlsn-common = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-common" }
+tlsn-core = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-core" }
+tlsn-prover = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-prover" }
+tlsn-common = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-common" }
 spansy = {git = "https://github.com/tlsnotary/tlsn-utils", package = "spansy", branch = "dev"}
+rangeset = "0.2.0"
diff --git a/demo/interactive-demo/prover-rs/src/main.rs b/demo/interactive-demo/prover-rs/src/main.rs
@@ -2,14 +2,15 @@ use async_tungstenite::{tokio::connect_async_with_config, tungstenite::protocol:
 use http_body_util::Empty;
 use hyper::{body::Bytes, Request, StatusCode, Uri};
 use hyper_util::rt::TokioIo;
+use rangeset::RangeSet;
 use spansy::{
     http::parse_response,
     json::{self},
     Spanned,
 };
 use tlsn_common::config::ProtocolConfig;
-use tlsn_core::transcript::Idx;
-use tlsn_prover::{state::Prove, Prover, ProverConfig};
+use tlsn_core::ProveConfig;
+use tlsn_prover::{Prover, ProverConfig};
 use tokio::io::{AsyncRead, AsyncWrite};
 use tokio_util::compat::{FuturesAsyncReadCompatExt, TokioAsyncReadCompatExt};
 use tracing::{debug, info};
@@ -27,7 +28,7 @@ const MAX_RECV_DATA: usize = 1 << 14;
 
 const SECRET: &str = "TLSNotary's private key 🤡";
 /// Make sure the following url's domain is the same as SERVER_DOMAIN on the verifier side
-const SERVER_URL: &str = "https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.10/crates/server-fixture/server/src/data/1kb.json";
+const SERVER_URL: &str = "https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.11/crates/server-fixture/server/src/data/1kb.json";
 
 #[tokio::main]
 async fn main() {
@@ -42,7 +43,7 @@ async fn main() {
 async fn run_prover(verifier_host: &str, verifier_port: u16, server_uri: &str) {
     info!("Sending websocket request...");
     let request = http::Request::builder()
-        .uri(format!("ws://{}:{}/verify", verifier_host, verifier_port,))
+        .uri(format!("ws://{verifier_host}:{verifier_port}/verify",))
         .header("Host", verifier_host)
         .header("Sec-WebSocket-Key", uuid::Uuid::new_v4().to_string())
         .header("Sec-WebSocket-Version", "13")
@@ -129,22 +130,27 @@ async fn prover<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(verifier_soc
     assert!(response.status() == StatusCode::OK);
 
     // Create proof for the Verifier.
-    let mut prover = prover_task.await.unwrap().unwrap().start_prove();
+    let mut prover = prover_task.await.unwrap().unwrap();
 
-    let idx_sent = redact_and_reveal_sent_data(&mut prover);
-    let idx_recv = redact_and_reveal_received_data(&mut prover);
+    let mut builder: tlsn_core::ProveConfigBuilder<'_> = ProveConfig::builder(prover.transcript());
 
-    // Reveal parts of the transcript
-    prover.prove_transcript(idx_sent, idx_recv).await.unwrap();
+    // Reveal the DNS name.
+    builder.server_identity();
 
-    // Finalize.
-    prover.finalize().await.unwrap()
+    let sent_rangeset = redact_and_reveal_sent_data(prover.transcript().sent());
+    let _ = builder.reveal_sent(&sent_rangeset);
+
+    let recv_rangeset = redact_and_reveal_received_data(prover.transcript().received());
+    let _ = builder.reveal_recv(&recv_rangeset);
+
+    let config = builder.build().unwrap();
+
+    prover.prove(&config).await.unwrap();
+    prover.close().await.unwrap();
 }
 
 /// Redacts and reveals received data to the verifier.
-fn redact_and_reveal_received_data(prover: &mut Prover<Prove>) -> Idx {
-    let recv_transcript = prover.transcript().received();
-
+fn redact_and_reveal_received_data(recv_transcript: &[u8]) -> RangeSet<usize> {
     // Get the some information from the received data.
     let received_string = String::from_utf8(recv_transcript.to_vec()).unwrap();
     debug!("Received data: {}", received_string);
@@ -164,12 +170,11 @@ fn redact_and_reveal_received_data(prover: &mut Prover<Prove>) -> Idx {
     let street_start = street.span().indices().min().unwrap() - 11; // 11 is the length of "street: "
     let street_end = street.span().indices().max().unwrap() + 1; // include `"`
 
-    Idx::new([name_start..name_end + 1, street_start..street_end + 1])
+    [name_start..name_end + 1, street_start..street_end + 1].into()
 }
 
 /// Redacts and reveals sent data to the verifier.
-fn redact_and_reveal_sent_data(prover: &mut Prover<Prove>) -> Idx {
-    let sent_transcript = prover.transcript().sent();
+fn redact_and_reveal_sent_data(sent_transcript: &[u8]) -> RangeSet<usize> {
     let sent_transcript_len = sent_transcript.len();
 
     let sent_string: String = String::from_utf8(sent_transcript.to_vec()).unwrap();
@@ -178,8 +183,9 @@ fn redact_and_reveal_sent_data(prover: &mut Prover<Prove>) -> Idx {
     debug!("Send data: {}", sent_string);
 
     // Reveal everything except for the SECRET.
-    Idx::new([
+    [
         0..secret_start,
         secret_start + SECRET.len()..sent_transcript_len,
-    ])
+    ]
+    .into()
 }
diff --git a/demo/interactive-demo/prover-ts/src/app.tsx b/demo/interactive-demo/prover-ts/src/app.tsx
@@ -17,7 +17,7 @@ const root = createRoot(container!);
 
 root.render(<App />);
 
-const serverUrl = 'https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.10/crates/server-fixture/server/src/data/1kb.json';
+const serverUrl = 'https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.11/crates/server-fixture/server/src/data/1kb.json';
 // const websocketProxyUrl = `wss://notary.pse.dev/proxy`;
 const websocketProxyUrl = 'ws://localhost:55688';
 const verifierProxyUrl = 'ws://localhost:9816/verify';

diff --git a/demo/interactive-demo/verifier-rs/Cargo.toml b/demo/interactive-demo/verifier-rs/Cargo.toml
@@ -32,7 +32,7 @@ tracing = "0.1.40"
 tracing-subscriber = { version ="0.3.18", features = ["env-filter"] }
 ws_stream_tungstenite = { version = "0.13", features = ["tokio_io"] }
 
-tlsn-core = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-core" }
-tlsn-verifier = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-verifier" }
-tlsn-common = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.10", package = "tlsn-common" }
+tlsn-core = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-core" }
+tlsn-verifier = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-verifier" }
+tlsn-common = { git = "https://github.com/tlsnotary/tlsn.git", tag = "v0.1.0-alpha.11", package = "tlsn-common" }
 tower-util = "0.3.1"
diff --git a/demo/interactive-demo/verifier-rs/README.md b/demo/interactive-demo/verifier-rs/README.md
@@ -3,7 +3,7 @@
 An implementation of the interactive verifier server in Rust.
 
 ## Running the server
-1. Configure this server setting via the global variables defined in [main.rs](./src/main.rs) — please ensure that the hardcoded `SERVER_DOMAIN` and `VERIFICATION_SESSION_ID` have the same values on the prover side.
+1. Configure this server setting via the global variables defined in [main.rs](./src/main.rs) — please ensure that the hardcoded `SERVER_DOMAIN` has the same value on the prover side.
 2. Start the server by running the following in a terminal at the root of this crate.
 ```bash
 cargo run --release

diff --git a/demo/interactive-demo/verifier-rs/src/lib.rs b/demo/interactive-demo/verifier-rs/src/lib.rs
@@ -13,7 +13,8 @@ use std::{
     sync::Arc,
 };
 use tlsn_common::config::ProtocolConfigValidator;
-use tlsn_verifier::{SessionInfo, Verifier, VerifierConfig};
+use tlsn_core::{VerifierOutput, VerifyConfig};
+use tlsn_verifier::{Verifier, VerifierConfig};
 
 use tokio::{
     io::{AsyncRead, AsyncWrite},
@@ -105,10 +106,10 @@ async fn handle_socket(socket: WebSocket, verifier_globals: VerifierGlobals) {
     let stream = WsStream::new(socket.into_inner());
 
     match verifier(stream, &verifier_globals.server_domain).await {
-        Ok((sent, received, _session_info)) => {
+        Ok((sent, received)) => {
             info!("Successfully verified {}", &verifier_globals.server_domain);
             info!("Verified sent data:\n{}", sent,);
-            println!("Verified received data:\n{}", received,);
+            println!("Verified received data:\n{received}",);
         }
         Err(err) => {
             error!("Failed verification using websocket: {err}");
@@ -119,7 +120,7 @@ async fn handle_socket(socket: WebSocket, verifier_globals: VerifierGlobals) {
 async fn verifier<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
     socket: T,
     server_domain: &str,
-) -> Result<(String, String, SessionInfo), eyre::ErrReport> {
+) -> Result<(String, String), eyre::ErrReport> {
     debug!("Starting verification...");
 
     // Setup Verifier.
@@ -135,38 +136,53 @@ async fn verifier<T: AsyncWrite + AsyncRead + Send + Unpin + 'static>(
         .unwrap();
     let verifier = Verifier::new(verifier_config);
 
-    // Verify MPC-TLS and wait for (redacted) data.
+    // Receive authenticated data.
     debug!("Starting MPC-TLS verification...");
-    // Verify MPC-TLS and wait for (redacted) data.
-    let (mut partial_transcript, session_info) = verifier.verify(socket.compat()).await.unwrap();
-    partial_transcript.set_unauthed(0);
+
+    let verify_config = VerifyConfig::default();
+    let VerifierOutput {
+        server_name,
+        transcript,
+        ..
+    } = verifier
+        .verify(socket.compat(), &verify_config)
+        .await
+        .unwrap();
+
+    let transcript = transcript.expect("prover should have revealed transcript data");
 
     // Check sent data: check host.
     debug!("Starting sent data verification...");
-    let sent = partial_transcript.sent_unsafe().to_vec();
+    let sent = transcript.sent_unsafe().to_vec();
     let sent_data = String::from_utf8(sent.clone()).expect("Verifier expected sent data");
     sent_data
         .find(server_domain)
         .ok_or_else(|| eyre!("Verification failed: Expected host {}", server_domain))?;
 
     // Check received data: check json and version number.
     debug!("Starting received data verification...");
-    let received = partial_transcript.received_unsafe().to_vec();
+    let received = transcript.received_unsafe().to_vec();
     let response = String::from_utf8(received.clone()).expect("Verifier expected received data");
 
     debug!("Received data: {:?}", response);
     response
         .find("123 Elm Street")
         .ok_or_else(|| eyre!("Verification failed: missing data in received data"))?;
+
     // Check Session info: server name.
-    if session_info.server_name.as_str() != server_domain {
-        return Err(eyre!("Verification failed: server name mismatches"));
+    if let Some(server_name) = server_name {
+        if server_name.as_str() != server_domain {
+            return Err(eyre!("Verification failed: server name mismatches"));
+        }
+    } else {
+        // TODO: https://github.com/tlsnotary/tlsn-js/issues/110
+        // return Err(eyre!("Verification failed: server name is missing"));
     }
 
     let sent_string = bytes_to_redacted_string(&sent)?;
     let received_string = bytes_to_redacted_string(&received)?;
 
-    Ok((sent_string, received_string, session_info))
+    Ok((sent_string, received_string))
 }
 
 /// Render redacted bytes as `🙈`.

diff --git a/demo/react-ts-webpack/README.md b/demo/react-ts-webpack/README.md
@@ -51,7 +51,7 @@ If you want to use the hosted PSE notary and proxy:
 1. Open `app.tsx` in your editor.
 2. Replace the notary URL:
     ```ts
-    notaryUrl: 'https://notary.pse.dev/v0.1.0-alpha.10',
+    notaryUrl: 'https://notary.pse.dev/v0.1.0-alpha.11',
     ```
     This uses the [PSE](https://pse.dev) notary server to notarize the API request. You can use a different or [local notary](#run-a-local-notary-server); a local server will be faster due to the high bandwidth and low network latency.
 3. Replace the websocket proxy URL:

diff --git a/demo/react-ts-webpack/src/app.tsx b/demo/react-ts-webpack/src/app.tsx
@@ -26,13 +26,13 @@ root.render(<App />);
 const local = true; // Toggle between local and remote notary
 const notaryUrl = local
   ? 'http://localhost:7047'
-  : 'https://notary.pse.dev/v0.1.0-alpha.10';
+  : 'https://notary.pse.dev/v0.1.0-alpha.11';
 const websocketProxyUrl = local
   ? 'ws://localhost:55688'
   : 'wss://notary.pse.dev/proxy?token=raw.githubusercontent.com';
 const loggingLevel = 'Info'; // https://github.com/tlsnotary/tlsn/blob/main/crates/wasm/src/log.rs#L8
 
-const serverUrl = 'https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.10/crates/server-fixture/server/src/data/1kb.json';
+const serverUrl = 'https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.11/crates/server-fixture/server/src/data/1kb.json';
 const serverDns = 'raw.githubusercontent.com';
 
 function App(): ReactElement {
@@ -170,8 +170,8 @@ function App(): ReactElement {
         const notaryKey = await notary.publicKey('hex');
         const verifierOutput = await proof.verify();
         const transcript = new Transcript({
-          sent: verifierOutput.transcript.sent,
-          recv: verifierOutput.transcript.recv,
+          sent: verifierOutput.transcript?.sent || [],
+          recv: verifierOutput.transcript?.recv || [],
         });
         const vk = await proof.verifyingKey();
         setResult({
@@ -201,7 +201,7 @@ function App(): ReactElement {
         </p>
         <p>
           <a
-            href="https://docs.tlsnotary.org/quick_start/tlsn-js.html"
+            href="https://tlsnotary.org/docs/quick_start/tlsn-js/"
             className="text-blue-500 hover:underline"
           >
             More info

diff --git a/demo/web-to-web-p2p/src/app.tsx b/demo/web-to-web-p2p/src/app.tsx
@@ -29,7 +29,7 @@ let verifierLogs: string[] = [];
 const p2pProxyUrl = 'ws://localhost:3001';
 const serverDns = 'raw.githubusercontent.com';
 const webSocketProxy = `wss://notary.pse.dev/proxy?token=${serverDns}`;
-const requestUrl = `https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.10/crates/server-fixture/server/src/data/1kb.json`;
+const requestUrl = `https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.11/crates/server-fixture/server/src/data/1kb.json`;
 
 function App(): ReactElement {
   const [ready, setReady] = useState(false);
@@ -207,8 +207,8 @@ function App(): ReactElement {
     addVerifierLog('Verification completed');
 
     const t = new Transcript({
-      sent: result.transcript.sent,
-      recv: result.transcript.recv,
+      sent: result.transcript?.sent || [],
+      recv: result.transcript?.recv || [],
     });
 
     addVerifierLog('Verified data:');
@@ -225,7 +225,7 @@ function App(): ReactElement {
           This demo showcases peer-to-peer communication between a web prover
           and a web verifier using TLSNotary. The prover fetches data from{' '}
           <a
-            href="https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.10/crates/server-fixture/server/src/data/1kb.json"
+            href="https://raw.githubusercontent.com/tlsnotary/tlsn/refs/tags/v0.1.0-alpha.11/crates/server-fixture/server/src/data/1kb.json"
             target="_blank"
             rel="noopener noreferrer"
             className="underline text-blue-400 hover:text-blue-300"

diff --git a/package-lock.json b/package-lock.json