fix: stop enforcing SCONE as unique TEE framework

[PierreJeanjacquot]

No description provided.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	eslint@​8.57.0 ⏵ 8.56.0	+1
	@​typescript-eslint/​parser@​6.10.0 ⏵ 6.20.0
	@​typescript-eslint/​parser@​6.10.0 ⏵ 8.30.1	+1		+1
	eslint-config-prettier@​9.0.0 ⏵ 9.1.0	+1		+1
	@​nomicfoundation/​hardhat-toolbox@​6.1.0
	@​typescript-eslint/​eslint-plugin@​6.10.0 ⏵ 6.20.0	+1		+1
	@​typescript-eslint/​eslint-plugin@​6.10.0 ⏵ 8.30.1	+1		+1
	@​types/​node@​20.11.13
	rimraf@​5.0.10 ⏵ 5.0.5	+1		+1
	eslint-plugin-sonarjs@​0.21.0 ⏵ 0.23.0	+1		+1
	@​swc/​jest@​0.2.36 ⏵ 0.2.34	+1			+2
	eslint-plugin-import@​2.29.0 ⏵ 2.29.1	+1
	typescript@​5.3.3
	@​swc/​core@​1.7.3 ⏵ 1.3.107			+26	-1
	prettier@​2.8.8 ⏵ 3.2.4	-3			+1
	eslint-plugin-jest@​27.6.0 ⏵ 27.6.3	+1		+1

View full report

[Copilot]

Pull request overview

This pull request removes the enforcement of SCONE as the only supported TEE framework, making the SDK more flexible to support multiple TEE frameworks. The changes transition from a hardcoded SCONE-specific tag (['tee', 'scone']) to a generic TEE tag (['tee']), allowing the system to work with any TEE framework.

Changes:

• Replaced SCONE_TAG constant with TEE_TAG throughout the codebase, changing from ['tee', 'scone'] to ['tee']
• Removed TEE framework inference logic that parsed app MREnclave to determine if it's a SCONE app
• Updated processProtectedData to fetch app orders first and dynamically use the app's tag for workerpool order matching
• Removed validation that rejected non-TEE apps, now only verifying that an app or whitelist contract is deployed
• Updated tests to reflect the new behavior and removed tests specific to non-TEE app rejection
• Updated iexec dependency from ^8.22.4 to ^8.22.5

Reviewed changes

Copilot reviewed 11 out of 12 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/sdk/src/config/config.ts	Changed SCONE_TAG to TEE_TAG, reducing tag specificity from ['tee', 'scone'] to ['tee']
packages/sdk/src/lib/dataProtectorCore/grantAccess.ts	Removed inferTagFromAppMREnclave() function and framework validation, now using generic TEE_TAG for all apps
packages/sdk/src/lib/dataProtectorCore/protectData.ts	Removed teeFramework parameter from pushDatasetSecret() call and status updates
packages/sdk/src/lib/dataProtectorCore/processProtectedData.ts	Changed to fetch app order first to determine TEE framework dynamically, using app's tag for workerpool orders
packages/sdk/src/lib/dataProtectorCore/processBulkRequest.ts	Updated to use TEE_TAG instead of SCONE_TAG, removed maxTag parameter
packages/sdk/src/lib/dataProtectorCore/prepareBulkRequest.ts	Updated to use TEE_TAG instead of SCONE_TAG
packages/sdk/tests/unit/dataProtectorCore/protectData.test.ts	Removed teeFramework payload from test expectations for SMS push operations
packages/sdk/tests/unit/dataProtectorCore/processProtectedData/processProtectedData.test.ts	Updated to expect any(String) for minTag instead of hardcoded SCONE_TAG
packages/sdk/tests/e2e/dataProtectorCore/grantAccess.test.ts	Updated test descriptions and expectations, removed non-TEE app test, updated error messages and expected tag values
packages/sdk/tests/e2e/dataProtectorCore/getGrantedAccess.test.ts	Updated to use TEE_TAG instead of hardcoded SCONE tag value, reorganized imports
packages/sdk/package.json	Updated iexec dependency from ^8.22.4 to ^8.22.5
packages/sdk/package-lock.json	Updated dependency tree for iexec and its transitive dependencies

Files not reviewed (1)

• packages/sdk/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[abbesBenayache]

LGTM