aaronrene / knowtation public
icp-attestation-principal.mjs
63 lines 2.1 KB
Raw
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago
1 #!/usr/bin/env node
2 /**
3 * Utility: derive the ICP Principal from ICP_ATTESTATION_KEY.
4 *
5 * Usage:
6 * ICP_ATTESTATION_KEY=<hex> node scripts/icp-attestation-principal.mjs
7 *
8 * Or with .env loaded:
9 * node scripts/icp-attestation-principal.mjs
10 *
11 * Output: the Principal text that must be passed to the attestation canister's
12 * setAuthorizedCallers method after deploy:
13 *
14 * dfx canister call attestation setAuthorizedCallers \
15 * '(vec { principal "<printed-principal>" })' --network ic
16 */
17
18 import { existsSync, readFileSync } from 'fs';
19 import { resolve, dirname } from 'path';
20 import { fileURLToPath } from 'url';
21
22 const __dirname = dirname(fileURLToPath(import.meta.url));
23 const envPath = resolve(__dirname, '..', '.env');
24 if (existsSync(envPath)) {
25 const lines = readFileSync(envPath, 'utf8').split('\n');
26 for (const line of lines) {
27 const trimmed = line.trim();
28 if (!trimmed || trimmed.startsWith('#')) continue;
29 const eqIdx = trimmed.indexOf('=');
30 if (eqIdx < 0) continue;
31 const key = trimmed.slice(0, eqIdx).trim();
32 let val = trimmed.slice(eqIdx + 1).trim();
33 if ((val.startsWith('"') && val.endsWith('"')) || (val.startsWith("'") && val.endsWith("'"))) {
34 val = val.slice(1, -1);
35 }
36 if (!process.env[key]) process.env[key] = val;
37 }
38 }
39
40 const keyHex = process.env.ICP_ATTESTATION_KEY;
41 if (!keyHex || keyHex.trim().length < 64) {
42 console.error(
43 'Error: ICP_ATTESTATION_KEY must be set (64-char hex string, 32 bytes).\n' +
44 'Generate one: openssl rand -hex 32\n' +
45 'Set in .env or export before running.',
46 );
47 process.exit(1);
48 }
49
50 const { Secp256k1KeyIdentity } = await import('@icp-sdk/core/identity/secp256k1');
51
52 const seed = Uint8Array.from(Buffer.from(keyHex.trim(), 'hex'));
53 const identity = Secp256k1KeyIdentity.fromSecretKey(seed);
54 const principal = identity.getPrincipal().toText();
55
56 console.log('Gateway identity Principal:');
57 console.log(principal);
58 console.log('');
59 console.log('After deploying the attestation canister, run:');
60 console.log('');
61 console.log(
62 ` cd hub/icp && dfx canister call attestation setAuthorizedCallers '(vec { principal "${principal}" })' --network ic`,
63 );
File History 2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor 1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 1 day ago