feat: add Rust tee-launcher crate

Cargo.toml

@@ -27,6 +27,7 @@ members = [
     "crates/primitives",
     "crates/tee-authority",
     "crates/tee-context",
+    "crates/tee-launcher",
     "crates/test-migration-contract",
     "crates/test-parallel-contract",
     "crates/test-port-allocator",

crates/tee-launcher/Cargo.toml

@@ -0,0 +1,37 @@
+[package]
+name = "tee-launcher"
+readme = "README.md"
+version = { workspace = true }
+license = { workspace = true }
+edition = { workspace = true }
+
+[[bin]]
+name = "tee-launcher"
+path = "src/main.rs"
+
+[features]
+external-services-tests = []
+
+[dependencies]
+backon = { workspace = true }
+clap = { workspace = true }
+dstack-sdk = { workspace = true }
+launcher-interface = { workspace = true }
+near-mpc-bounded-collections = { workspace = true }
+reqwest = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tempfile = { workspace = true }
+thiserror = { workspace = true }
+tokio = { workspace = true }
+toml = { workspace = true }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+url = { workspace = true, features = ["serde"] }
+
+[dev-dependencies]
+assert_matches = { workspace = true }
+httpmock = { workspace = true }
+
+[lints]
+workspace = true

crates/tee-launcher/README.md

@@ -0,0 +1,109 @@
+# TEE Launcher (Rust)
+
+Secure launcher for initializing and attesting a Docker-based MPC node inside a TEE-enabled environment (e.g., Intel TDX via dstack).
+
+Replaces the previous Python launcher (`tee_launcher/launcher.py`).
+
+## What it does
+
+1. Loads a TOML configuration file from `/tapp/user_config`
+2. Selects an approved MPC image hash (from on-disk approved list, override, or default)
+3. Validates the image by resolving it through the Docker registry and pulling by digest
+4. In TEE mode: extends RTMR3 by emitting the image digest to dstack
+5. Writes the MPC node config to a shared volume
+6. Launches the MPC container via `docker compose up -d`
+
+## CLI Arguments
+
+All arguments are read from environment variables (set via docker-compose `environment`):
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `PLATFORM` | Yes | `TEE` or `NONTEE` |
+| `DOCKER_CONTENT_TRUST` | Yes | Must be `1` |
+| `DEFAULT_IMAGE_DIGEST` | Yes | Fallback `sha256:...` digest when the approved-hashes file is absent |
+
+## Configuration (TOML)
+
+The launcher reads its configuration from `/tapp/user_config` as a TOML file. This is a change from the previous Python launcher which used a `.env`-style file.
+
+```toml
+[launcher_config]
+image_tags = ["latest"]
+image_name = "nearone/mpc-node"
+registry = "registry.hub.docker.com"
+rpc_request_timeout_secs = 10
+rpc_request_interval_secs = 1
+rpc_max_attempts = 20
+# Optional: force selection of a specific digest (must be in approved list)
+# mpc_hash_override = "sha256:abcd..."
+port_mappings = [
+  { host = 11780, container = 11780 },
+  { host = 2200, container = 2200 },
+]
+
+# Opaque MPC node configuration.
+# The launcher does not interpret these fields — they are re-serialized
+# to TOML and mounted into the container at /mnt/shared/mpc-config.toml
+# for the MPC binary to consume via `start-with-config-file`.
+[mpc_node_config]
+# ... any fields the MPC node expects
+```
+
+### `[launcher_config]`
+
+| Field | Required | Description |
+|-------|----------|-------------|
+| `image_tags` | Yes | Docker image tags to search, e.g. `["3.7.0"]` |
+| `image_name` | Yes | Docker image name, e.g. `"nearone/mpc-node"` |
+| `registry` | Yes | Docker registry hostname, e.g. `"registry.hub.docker.com"` |
+| `rpc_request_timeout_secs` | Yes | Per-request timeout for registry API calls (seconds) |
+| `rpc_request_interval_secs` | Yes | Initial retry interval for registry API calls (seconds) |
+| `rpc_max_attempts` | Yes | Maximum registry API retry attempts |
+| `mpc_hash_override` | No | Force a specific `sha256:` digest (must appear in approved list) |
+| `port_mappings` | Yes | Port mappings forwarded to the MPC container (`{ host, container }` pairs) |
+
+### `[mpc_node_config]`
+
+Arbitrary TOML table passed through to the MPC node. The launcher writes this verbatim to `/mnt/shared/mpc-config.toml`, which the container reads on startup.
+
+## Image Hash Selection
+
+Priority order:
+1. If the approved hashes file (`/mnt/shared/image-digest.bin`) exists and `mpc_hash_override` is set: use the override (must be in the approved list)
+2. If the approved hashes file exists: use the newest approved hash (first in list)
+3. If the file is absent: fall back to `DEFAULT_IMAGE_DIGEST`
+
+## File Locations
+
+| Path | Description |
+|------|-------------|
+| `/tapp/user_config` | TOML configuration file |
+| `/mnt/shared/image-digest.bin` | JSON file with approved image hashes (written by the MPC node) |
+| `/mnt/shared/mpc-config.toml` | MPC node config (written by the launcher) |
+| `/var/run/dstack.sock` | dstack unix socket (TEE mode only) |
+
+## Key Differences from the Python Launcher
+
+| Aspect | Python (`launcher.py`) | Rust (`tee-launcher`) |
+|--------|----------------------|----------------------|
+| Config format | `.env` key-value file | TOML |
+| MPC node config | Environment variables passed to container | TOML file mounted into container |
+| Container launch | `docker run` with flags | `docker compose up -d` with rendered template |
+| RTMR3 extension | `curl` to unix socket | `dstack-sdk` native client |
+
+## Building
+
+```bash
+cargo build -p tee-launcher --profile=reproducible
+```
+
+## Testing
+
+```bash
+# Unit tests
+cargo nextest run --cargo-profile=test-release -p tee-launcher
+
+# Integration tests (requires network access and Docker Hub)
+cargo nextest run --cargo-profile=test-release -p tee-launcher --features external-services-tests
+```

crates/tee-launcher/assets/mpc-node-docker-compose.tee.template.yml

@@ -0,0 +1,21 @@
+services:
+  mpc-node:
+    image: "{{IMAGE_NAME}}@{{MANIFEST_DIGEST}}"
+    container_name: "{{CONTAINER_NAME}}"
+    security_opt:
+      - no-new-privileges:true
+    ports: {{PORTS}}
+    environment:
+      - "DSTACK_ENDPOINT={{DSTACK_UNIX_SOCKET}}"
+    volumes:
+      - /tapp:/tapp:ro
+      - shared-volume:/mnt/shared
+      - mpc-data:/data
+      - "{{DSTACK_UNIX_SOCKET}}:{{DSTACK_UNIX_SOCKET}}"
+    command: ["/app/mpc-node", "start-with-config-file", "{{MPC_CONFIG_SHARED_PATH}}"]
+
+volumes:
+  shared-volume:
+    name: shared-volume
+  mpc-data:
+    name: mpc-data

crates/tee-launcher/assets/mpc-node-docker-compose.template.yml

@@ -0,0 +1,18 @@
+services:
+  mpc-node:
+    image: "{{IMAGE_NAME}}@{{MANIFEST_DIGEST}}"
+    container_name: "{{CONTAINER_NAME}}"
+    security_opt:
+      - no-new-privileges:true
+    ports: {{PORTS}}
+    volumes:
+      - /tapp:/tapp:ro
+      - shared-volume:/mnt/shared
+      - mpc-data:/data
+    command: ["/app/mpc-node", "start-with-config-file", "{{MPC_CONFIG_SHARED_PATH}}"]
+
+volumes:
+  shared-volume:
+    name: shared-volume
+  mpc-data:
+    name: mpc-data

crates/tee-launcher/src/constants.rs

@@ -0,0 +1,8 @@
+pub(crate) const MPC_CONTAINER_NAME: &str = "mpc-node";
+pub(crate) const IMAGE_DIGEST_FILE: &str = "/mnt/shared/image-digest.bin";
+pub(crate) const DSTACK_UNIX_SOCKET: &str = "/var/run/dstack.sock";
+pub(crate) const DSTACK_USER_CONFIG_FILE: &str = "/tapp/user_config";
+
+/// Path on the shared volume where the launcher writes the MPC config and the
+/// MPC container reads it.  Both containers mount `shared-volume` at `/mnt/shared`.
+pub(crate) const MPC_CONFIG_SHARED_PATH: &str = "/mnt/shared/mpc-config.toml";

crates/tee-launcher/src/docker_types.rs

@@ -0,0 +1,160 @@
+use launcher_interface::types::DockerSha256Digest;
+use serde::{Deserialize, Serialize};
+
+/// Partial response <https://auth.docker.io/token>
+///
+/// `Debug` is manually implemented to redact the bearer token from logs.
+#[derive(Deserialize)]
+pub(crate) struct DockerTokenResponse {
+    pub(crate) token: String,
+}
+
+impl std::fmt::Debug for DockerTokenResponse {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("DockerTokenResponse")
+            .field("token", &"[REDACTED]")
+            .finish()
+    }
+}
+
+/// Response from `GET /v2/{name}/manifests/{reference}`.
+///
+/// The `mediaType` field determines the variant:
+/// - OCI image index → multi-platform manifest with a list of platform entries
+/// - Docker V2 / OCI manifest → single-platform manifest with a config digest
+#[derive(Debug, Deserialize, Serialize)]
+#[serde(tag = "mediaType")]
+pub(crate) enum ManifestResponse {
+    /// Multi-platform manifest (OCI image index).
+    #[serde(rename = "application/vnd.oci.image.index.v1+json")]
+    ImageIndex { manifests: Vec<ManifestEntry> },
+
+    /// Single-platform Docker V2 manifest.
+    #[serde(rename = "application/vnd.docker.distribution.manifest.v2+json")]
+    DockerV2 { config: ManifestConfig },
+
+    /// Single-platform OCI manifest.
+    #[serde(rename = "application/vnd.oci.image.manifest.v1+json")]
+    OciManifest { config: ManifestConfig },
+}
+
+#[derive(Debug, Deserialize, Serialize)]
+pub(crate) struct ManifestEntry {
+    pub(crate) digest: String,
+    pub(crate) platform: ManifestPlatform,
+}
+
+#[derive(Debug, Deserialize, Serialize, PartialEq, Eq)]
+pub(crate) struct ManifestPlatform {
+    pub(crate) architecture: String,
+    pub(crate) os: String,
+}
+
+#[derive(Debug, Deserialize, Serialize)]
+pub(crate) struct ManifestConfig {
+    pub(crate) digest: DockerSha256Digest,
+}
+
+#[cfg(test)]
+mod tests {
+    use assert_matches::assert_matches;
+
+    use super::*;
+
+    fn sample_digest_str() -> String {
+        format!("sha256:{}", "ab".repeat(32))
+    }
+
+    #[test]
+    fn image_index_deserializes() {
+        // given
+        let json = serde_json::json!({
+            "mediaType": "application/vnd.oci.image.index.v1+json",
+            "manifests": [
+                {
+                    "digest": "sha256:abc123",
+                    "platform": { "architecture": "amd64", "os": "linux" }
+                },
+                {
+                    "digest": "sha256:def456",
+                    "platform": { "architecture": "arm64", "os": "linux" }
+                }
+            ]
+        });
+
+        // when
+        let result = serde_json::from_value::<ManifestResponse>(json);
+
+        // then
+        assert_matches!(result, Ok(ManifestResponse::ImageIndex { manifests }) => {
+            assert_eq!(manifests.len(), 2);
+            assert_eq!(manifests[0].platform, ManifestPlatform {
+                architecture: "amd64".into(),
+                os: "linux".into(),
+            });
+        });
+    }
+
+    #[test]
+    fn docker_v2_manifest_deserializes() {
+        // given
+        let json = serde_json::json!({
+            "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+            "config": { "digest": sample_digest_str() }
+        });
+
+        // when
+        let result = serde_json::from_value::<ManifestResponse>(json);
+
+        // then
+        assert_matches!(result, Ok(ManifestResponse::DockerV2 { config }) => {
+            assert_eq!(config.digest.to_string(), sample_digest_str());
+        });
+    }
+
+    #[test]
+    fn oci_manifest_deserializes() {
+        // given
+        let json = serde_json::json!({
+            "mediaType": "application/vnd.oci.image.manifest.v1+json",
+            "config": { "digest": sample_digest_str() }
+        });
+
+        // when
+        let result = serde_json::from_value::<ManifestResponse>(json);
+
+        // then
+        assert_matches!(result, Ok(ManifestResponse::OciManifest { config }) => {
+            assert_eq!(config.digest.to_string(), sample_digest_str());
+        });
+    }
+
+    #[test]
+    fn unknown_media_type_is_rejected() {
+        // given
+        let json = serde_json::json!({
+            "mediaType": "application/vnd.unknown.format",
+            "config": { "digest": sample_digest_str() }
+        });
+
+        // when
+        let result = serde_json::from_value::<ManifestResponse>(json);
+
+        // then
+        assert_matches!(result, Err(_));
+    }
+
+    #[test]
+    fn docker_token_response_deserializes() {
+        // given
+        let json = serde_json::json!({ "token": "abc.def.ghi" });
+
+        // when
+        let result = serde_json::from_value::<DockerTokenResponse>(json);
+
+        // then
+        assert_matches!(result, Ok(resp) => {
+            assert_eq!(resp.token, "abc.def.ghi");
+        });
+    }
+}