Near

[AnthonyRonning]

---

Summary by CodeRabbit

• New Features
  • Near.AI integration: GLM‑5 support, client-side end‑to‑end encryption for requests/responses (including streaming), attestation verification (Intel TDX and NVIDIA NRAS), and periodic background model verification.
• Chores
  • Startup: added host mappings, traffic forwarders, and connection checks for Near.AI, NVIDIA NRAS, and Intel PCS.
  • Dependencies: added crypto/attestation libraries.
  • Data: appended new PCR history snapshots.
• Documentation
  • Deployment guide updated with Near.AI proxy and API key (KMS) instructions.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds Near.AI integration: attestation (Intel TDX + NVIDIA NRAS), client-side E2EE (ECIES/HKDF/AES-GCM), NearAiVerifier with caching and periodic checks, wiring into ProxyRouter/AppState and request/response flows, startup proxy host/forwarders, appended PCR history entries, and new crypto/attestation dependencies.

Changes

Cohort / File(s)	Summary
Dependencies Cargo.toml	Added hkdf, sha3, dcap-qvl to dependencies and p384 as a dev-dependency.
Startup & Networking entrypoint.sh	Added /etc/hosts entries, traffic forwarders, and startup connection tests for Near.AI Cloud API, NVIDIA NRAS, and Intel PCS.
PCR Histories pcrDevHistory.json, pcrProdHistory.json	Appended new PCR snapshot entries (timestamps and signatures).
Application wiring src/main.rs	Wired NearAiVerifier into AppState/AppStateBuilder, added retrieve_near_api_key, nearai_api_base/key handling, spawn_periodic_verification, and ApiError::ServiceUnavailable.
NearAI module root & types src/nearai/mod.rs, src/nearai/models.rs	New nearai module and serde-deserializable attestation types (AttestationReport, AttestationBaseInfo, AttestationInfo).
Error handling src/nearai/error.rs	Added public NearAiError enum with variants and From conversions for crypto/HTTP/JSON/JWT errors.
TDX attestation src/nearai/attestation.rs	New TDX verification, report-data binding, compose-manifest checks, pubkey/address verification, helpers, constants, and unit tests.
NRAS GPU verification src/nearai/nras.rs	NRAS JWKS fetching, GPU attestation POST flow, JWT extraction/ES384 validation, nonce/verdict checks, and tests.
Verifier & caching src/nearai/verifier.rs	New NearAiVerifier: attestation fetch, per-model verification, JWKS caching/refresh, per-model cache with TTL, concurrency guards, and periodic background verification.
E2EE crypto src/nearai/e2ee.rs	Client-side E2EE: prepare_e2ee_request, NearAiResponseCrypto, decrypt_chat_completion_json_in_place, HKDF-SHA256 + AES-256-GCM flows, helpers and tests.
Proxy routing & config src/proxy_config.rs	Extended ProxyRouter::new signature for Near.AI, added glm-5 mapping, redacted ProxyConfig Debug impl, updated static routes and tests.
Web/chat flow src/web/openai.rs	Added PreparedChatRequest, provider URL normalization, NearAI E2EE headers/flow for requests and streaming responses, and updated try_provider signature to accept extra headers.
Token limits src/tokens.rs	Added model context limits for glm-5 and zai-org/GLM-5-FP8 (202,000).

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Proxy as Proxy Server
    participant NearAI as NearAI Cloud API
    participant PCCS as Intel PCCS
    participant NRAS as NVIDIA NRAS
    participant JWKS as JWKS Endpoint

    Client->>Proxy: POST /chat/completions (NearAI model)
    Proxy->>Proxy: generate nonce
    Proxy->>NearAI: GET /attestation?nonce=...
    NearAI-->>Proxy: AttestationReport (TDX quote, nvidia_payload)

    rect rgba(100, 150, 200, 0.5)
      Note over Proxy,PCCS: TDX verification
      Proxy->>PCCS: Fetch collateral / TCB info
      PCCS-->>Proxy: Collateral / TCB
      Proxy->>Proxy: Verify TDX quote, extract report_data
    end

    rect rgba(150, 100, 200, 0.5)
      Note over Proxy,NRAS: GPU attestation
      Proxy->>NRAS: POST /verify (nvidia_payload, nonce)
      NRAS-->>Proxy: JWT response
      Proxy->>JWKS: GET JWKS
      JWKS-->>Proxy: JWKs
      Proxy->>Proxy: Verify NRAS JWT (ES384, kid, nonce, verdict)
    end

    Proxy->>Proxy: prepare_e2ee_request (derive ephemeral keys, encrypt body)
    Proxy->>NearAI: POST /chat/completions (encrypted body + x-client-pub-key headers)
    NearAI-->>Proxy: Streamed/response (encrypted)
    Proxy->>Proxy: decrypt_chat_completion_json_in_place (AES-GCM via shared secret)
    Proxy-->>Client: Decrypted chat response

Loading

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• Model routing #53 – Modifies proxy_config.rs model-routing and ProxyRouter signature; directly overlaps routing/signature changes here.
• Tinfoil proxy start #36 – Extends ProxyRouter/AppState wiring and startup proxy setup; touches the same initialization and entrypoint changes.
• Responses clean #101 – Alters core types in src/main.rs (ApiError, AppState/AppStateBuilder) and closely overlaps the main wiring additions here.

Poem

🐰 I nibbled at keys and quotes all day,

stitched nonces and headers in a gentle way,
TDX and NRAS gave their nod,
encrypted hops across the sod,
a rabbit hums — secure paths stay.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 59.09% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title "Near" is vague and generic, failing to clearly convey the primary change—which is integrating Near.AI support with attestation, E2EE, and proxy routing across multiple files.	Revise the title to be more specific and descriptive, such as 'Add Near.AI integration with TDX attestation, E2EE encryption, and proxy routing' to better reflect the scope of changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch near

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[devin-ai-integration]

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 7 additional findings.

[devin-ai-integration]

📝 Info: Periodic verification hardcodes model name, creating coupling with proxy_config

The spawn_periodic_verification call at src/main.rs:699-701 hardcodes "zai-org/GLM-5-FP8", while the canonical-to-provider mapping lives in proxy_config.rs:72 (get_model_name_for_provider). If someone adds a new Near.AI model or renames the mapping in proxy_config.rs, they must also update the hardcoded list in main.rs. There's no single source of truth for which Near.AI models should be pre-verified. Consider deriving the pre-verification list from the routing table.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/nearai/attestation.rs`:
- Around line 31-50: The code currently only enforces TDX status checks when
tdx_require_up_to_date() is true, but per Intel DCAP we must unconditionally
reject "REVOKED" and "OUT_OF_DATE"; modify the post-verify_tdx handling in the
attestation flow (around verify_tdx and the subsequent checks on verified.status
/ verified.platform_status / verified.qe_status) to first check if
verified.status == "REVOKED" or verified.status == "OUT_OF_DATE" and immediately
return Err(NearAiError::Tdx(...)) with a clear message including verified.status
and advisory_ids, and then keep the existing conditional check for
tdx_require_up_to_date() to enforce UpToDate when configured.

[coderabbitai]

🧹 Nitpick comments (1)

src/nearai/e2ee.rs (1)

85-97: Avoid redundant clone when encrypting string content.

The s.clone() on line 87 is unnecessary since s.as_bytes() can be called directly on the borrowed string.

♻️ Proposed fix

         Value::String(s) => {
             let plaintext_len = s.len();
-            let plaintext = s.clone();
-            let encrypted_hex = encrypt_ecies_hex(plaintext.as_bytes(), &model_pubkey)?;
+            let encrypted_hex = encrypt_ecies_hex(s.as_bytes(), &model_pubkey)?;
             trace!(
                 "Near.AI E2EE: encrypted messages[{}] role={} plaintext_len={} ciphertext_hex_len={}",
                 i,
                 role,
                 plaintext_len,
                 encrypted_hex.len()
             );

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/nearai/e2ee.rs` around lines 85 - 97, The Value::String arm currently
does an unnecessary clone (s.clone()) before encryption; instead keep the
borrowed string `s`, set `plaintext_len = s.len()`, and pass `s.as_bytes()`
directly into `encrypt_ecies_hex` (the call site of encrypt_ecies_hex) and
assign the resulting hex into `*content_val`; remove the `plaintext` local clone
to eliminate the redundant allocation while leaving the logging and
`encrypted_count` update unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@src/nearai/e2ee.rs`:
- Around line 223-244: The reviewer confirms the newline join behavior in
try_flatten_text_content_array is acceptable and no code change is required;
leave the function as-is (the function try_flatten_text_content_array should
still validate array elements are objects with "type" equal to "text" or
"input_text", extract "text" strings, and join them with "\n").

---

Nitpick comments:
In `@src/nearai/e2ee.rs`:
- Around line 85-97: The Value::String arm currently does an unnecessary clone
(s.clone()) before encryption; instead keep the borrowed string `s`, set
`plaintext_len = s.len()`, and pass `s.as_bytes()` directly into
`encrypt_ecies_hex` (the call site of encrypt_ecies_hex) and assign the
resulting hex into `*content_val`; remove the `plaintext` local clone to
eliminate the redundant allocation while leaving the logging and
`encrypted_count` update unchanged.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/nitro-deploy.md`:
- Around line 1352-1393: The headings "Near.AI Cloud API", "NVIDIA NRAS (GPU
Attestation)" and the following "Intel PCS (DCAP Collateral)" are using '####'
which creates a two-level jump under the enclosing '##' section; change those
headers from '####' to '###' so they are proper subsections (update the lines
containing "Near.AI Cloud API", "NVIDIA NRAS (GPU Attestation)", and "Intel PCS
(DCAP Collateral)" to use '###' heading markers) to restore correct hierarchy.
- Around line 1341-1399: The fenced code blocks in this section are missing
language tags (triggers MD040); update the blocks around the three address list,
the restart command, and each systemd unit snippet
(vsock-near-cloud-api-proxy.service, vsock-near-nras-proxy.service,
vsock-near-intel-pcs-proxy.service) by adding appropriate language identifiers
(e.g., yaml for the address list, sh for the sudo systemctl restart command, and
ini for the systemd unit files) so tooling and rendering treat them correctly.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add language tags to new fenced code blocks.

The new fenced blocks in this section omit language identifiers, which triggers MD040 and makes rendering/tooling less reliable. Add appropriate tags (e.g., sh, ini).

Proposed change

-```
+```yaml
 - {address: cloud-api.near.ai, port: 443}
 - {address: nras.attestation.nvidia.com, port: 443}
 - {address: api.trustedservices.intel.com, port: 443}

...
- +sh
sudo systemctl restart nitro-enclaves-vsock-proxy.service

...
-```
+```ini
[Unit]
Description=Vsock Near.AI Cloud API Proxy Service
After=network.target

[Service]
User=root
ExecStart=/usr/bin/vsock-proxy 8042 cloud-api.near.ai 443
Restart=always

[Install]
WantedBy=multi-user.target

...
- +ini
[Unit]
Description=Vsock NVIDIA NRAS Proxy Service
After=network.target

[Service]
User=root
ExecStart=/usr/bin/vsock-proxy 8043 nras.attestation.nvidia.com 443
Restart=always

[Install]
WantedBy=multi-user.target

...
-```
+```ini
[Unit]
Description=Vsock Intel PCS Proxy Service
After=network.target

[Service]
User=root
ExecStart=/usr/bin/vsock-proxy 8044 api.trustedservices.intel.com 443
Restart=always

[Install]
WantedBy=multi-user.target

</details>

<details>
<summary>🧰 Tools</summary>

<details>
<summary>🪛 markdownlint-cli2 (0.21.0)</summary>

[warning] 1341-1341: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 1348-1348: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 1352-1352: Heading levels should only increment by one level at a time
Expected: h3; Actual: h4

(MD001, heading-increment)

---

[warning] 1358-1358: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 1378-1378: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 1398-1398: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

</details>

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against the current code and only fix it if needed.

In @docs/nitro-deploy.md around lines 1341 - 1399, The fenced code blocks in
this section are missing language tags (triggers MD040); update the blocks
around the three address list, the restart command, and each systemd unit
snippet (vsock-near-cloud-api-proxy.service, vsock-near-nras-proxy.service,
vsock-near-intel-pcs-proxy.service) by adding appropriate language identifiers
(e.g., yaml for the address list, sh for the sudo systemctl restart command, and
ini for the systemd unit files) so tooling and rendering treat them correctly.

</details>

<!-- fingerprinting:phantom:triton:eagle -->

<!-- This is an auto-generated comment by CodeRabbit -->

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Fix heading level jump (use ### under the ## section).

#### Near.AI Cloud API introduces a two‑level jump from ##, which breaks heading hierarchy. Switch these #### headers to ### in this section.

Proposed change

-#### Near.AI Cloud API
+### Near.AI Cloud API
...
-#### NVIDIA NRAS (GPU Attestation)
+### NVIDIA NRAS (GPU Attestation)
...
-#### Intel PCS (DCAP Collateral)
+### Intel PCS (DCAP Collateral)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	#### Near.AI Cloud API
	```sh
	sudo vim /etc/systemd/system/vsock-near-cloud-api-proxy.service
	```
	Add the following content:
	```
	[Unit]
	Description=Vsock Near.AI Cloud API Proxy Service
	After=network.target
	[Service]
	User=root
	ExecStart=/usr/bin/vsock-proxy 8042 cloud-api.near.ai 443
	Restart=always
	[Install]
	WantedBy=multi-user.target
	```
	#### NVIDIA NRAS (GPU Attestation)
	```sh
	sudo vim /etc/systemd/system/vsock-near-nras-proxy.service
	```
	Add the following content:
	```
	[Unit]
	Description=Vsock NVIDIA NRAS Proxy Service
	After=network.target
	[Service]
	User=root
	ExecStart=/usr/bin/vsock-proxy 8043 nras.attestation.nvidia.com 443
	Restart=always
	[Install]
	WantedBy=multi-user.target
	```
	#### Intel PCS (DCAP Collateral)
	```sh
	### Near.AI Cloud API

🧰 Tools

🪛 markdownlint-cli2 (0.21.0)

[warning] 1352-1352: Heading levels should only increment by one level at a time
Expected: h3; Actual: h4

(MD001, heading-increment)

---

[warning] 1358-1358: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

[warning] 1378-1378: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/nitro-deploy.md` around lines 1352 - 1393, The headings "Near.AI Cloud
API", "NVIDIA NRAS (GPU Attestation)" and the following "Intel PCS (DCAP
Collateral)" are using '####' which creates a two-level jump under the enclosing
'##' section; change those headers from '####' to '###' so they are proper
subsections (update the lines containing "Near.AI Cloud API", "NVIDIA NRAS (GPU
Attestation)", and "Intel PCS (DCAP Collateral)" to use '###' heading markers)
to restore correct hierarchy.