@axlabs/venice-e2ee is maintained by AxLabs.

If you discover a security vulnerability, please report it privately via GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

We aim to acknowledge receipt within 48 hours and to release a fix within 7 days for critical issues.

In scope for security reports:

• ECDH key exchange (secp256k1)
• HKDF-SHA256 key derivation
• AES-256-GCM encryption/decryption
• TDX attestation parsing and binding checks
• Per-chunk streaming decryption
• Session management and key zeroization

This library implements Venice AI's E2EE protocol. Users should understand the guarantees it does — and does not — provide:

• Level 1 binding checks (default). The library parses the TDX quote and verifies that the client nonce and the signing key's Ethereum address appear in REPORTDATA, and it rejects debug-mode TEEs. These checks confirm that fields inside a quote match client-supplied values, but on their own they do not prove the quote was issued by genuine Intel hardware. Always pair them with the DCAP verifier when a strong trust guarantee is required.
• Full DCAP verification (optional). Inject a verifier via createVeniceE2EE({ dcapVerifier }) to validate the PCK certificate chain, quote signatures, and TCB level.
• Code-measurement whitelisting is not yet performed. Even a fully signature-verified quote is not currently checked against a known-good TEE measurement (MRTD/RTMR). This is planned future work.
• Plaintext passthrough. Short, non-hex stream chunks (e.g. whitespace tokens) are surfaced as-is and are not authenticated by AES-GCM.

See ARCHITECTURE.md for the full verification design.