/* ====================================================================
   agents-pay-service — Security tab (TEE + ZK + quorum signing)
   Attached to window so content-aps.jsx can reference it.
   ==================================================================== */

function APS_Security() {
  return (
    <>
      <Callout kind="cyan" label="why this tab exists">
        Custodial wallets are a security responsibility the operator can't
        outrun with disclaimers. This tab is the engineering answer:
        hardware-isolated keys (TEE), zero-knowledge proofs of correct
        settlement, and an MPC-style signing quorum so no single host —
        including ours — can spend on its own.
      </Callout>

      <H2 id="sec-threat" n={1}>Threat model · custodial wallets</H2>
      <p>
        agents-pay-service holds the macaroon/seed material that signs
        Lightning payments on behalf of an agent fleet. The defaults are:
        an <code>admin_key</code> can drain its wallet, the server process
        sees plaintext signing material, and an attacker with root on the
        server box can in principle steal everything.
      </p>
      <p>
        The mitigations on this page <strong>remove</strong> the
        single-host attacker advantage and add cryptographic proofs the
        operator can't tamper with after the fact.
      </p>

      <Grid cols={3}>
        <div className="card">
          <h3 style={{color:'var(--red)'}}>Without these mitigations</h3>
          <p style={{margin:0}}>Server compromise = full key exfiltration. Operator can silently mis-settle. Users must trust the operator's good behaviour.</p>
        </div>
        <div className="card">
          <h3 style={{color:'var(--amber)'}}>TEE only</h3>
          <p style={{margin:0}}>Keys live inside SGX / Nitro enclave. Server box compromise no longer leaks them. Operator still chooses what to sign.</p>
        </div>
        <div className="card">
          <h3 style={{color:'var(--green)'}}>TEE + ZK + quorum</h3>
          <p style={{margin:0}}>Keys never assemble in any one place. Every settlement carries a ZK proof that the spend matched the policy the user agreed to. Trust collapses to math.</p>
        </div>
      </Grid>

      <H2 id="sec-tee" n={2}>TEE-isolated key store</H2>
      <p>
        Signing key material is generated and held inside a Trusted
        Execution Environment — Intel SGX, AMD SEV-SNP, or AWS Nitro
        Enclave — depending on the deployment target. The host OS,
        including the operator with root, cannot read it.
      </p>

      <Mermaid>{`
flowchart LR
  classDef host fill:#10172c,stroke:#FFD86B,color:#FFD86B,font-weight:600;
  classDef tee  fill:#0e1424,stroke:#5EEAD4,stroke-width:2px,color:#5EEAD4,font-weight:700;
  classDef lnd  fill:#0a0f1a,stroke:#2a3760,color:#cdd5e8;
  classDef red  fill:#0a0f1a,stroke:#fb7185,color:#fb7185;

  api["agents-pay-service<br/>HTTP / REST"]:::host
  tee["TEE enclave (SGX / Nitro)<br/>signs without exposing key"]:::tee
  lnd["lnd backend<br/>HTLC routing"]:::lnd
  root["root attacker<br/>OS · disk · memory"]:::red

  api -- "sign(payload)" --> tee
  tee -- "signature" --> api
  api --> lnd
  root -. "sees nothing<br/>memory encrypted" .-> tee
      `}</Mermaid>

      <Grid cols={2}>
        <div className="card">
          <h3>Remote attestation</h3>
          <p style={{margin:0}}>Before trusting a TEE, a client verifies an attestation quote signed by the CPU vendor. The quote includes a measurement of the enclave's code — so the user can confirm they're talking to the same signing logic we open-sourced, not a malicious replacement.</p>
        </div>
        <div className="card">
          <h3>Sealed storage</h3>
          <p style={{margin:0}}>Long-term key material is sealed to the enclave identity. On reboot it can be unsealed only inside the same enclave; a copy taken to another machine is unreadable.</p>
        </div>
      </Grid>

      <H2 id="sec-zk" n={3}>ZKP payment attestation</H2>
      <p>
        Each settlement that leaves the wallet emits a zero-knowledge proof
        — generated by <code>loka-zk-middleware</code> — that the spend
        matches the policy attached to the agent's session token. The proof
        commits to:
      </p>
      <ul>
        <li>the agent's session ID and policy hash</li>
        <li>the amount and recipient</li>
        <li>the preimage hash (linking the proof to the LN payment)</li>
        <li><em>without revealing</em> the agent's identity, the merchant
        domain, or any unrelated session state</li>
      </ul>

      <Mermaid>{`
sequenceDiagram
  autonumber
  participant U as User / Agent
  participant W as Wallet (TEE)
  participant Z as ZK prover
  participant L as Public ledger

  U->>W: pay(intent, policy P)
  W->>W: settle via lnd<br/>get preimage
  W->>Z: prove(intent · P · preimage)
  Z-->>W: ZK proof π
  W-->>U: payment receipt + π
  W->>L: anchor(commitment, π)
  Note over L: anyone can later verify π<br/>without seeing intent
      `}</Mermaid>

      <Callout kind="gold" label="what this buys you">
        Auditors can verify, days later, that the wallet operator only
        moved funds in accordance with the policy each agent signed —
        without seeing what those policies were. This is the difference
        between "trust the operator's logs" and "the operator can't lie".
      </Callout>

      <H2 id="sec-quorum" n={4}>Multi-party quorum signing</H2>
      <p>
        For high-value wallets, the signing key is never assembled in any
        one place. We use threshold ECDSA / Schnorr signing — a 2-of-3 or
        3-of-5 split across independently-operated TEEs.
      </p>
      <Grid cols={3}>
        <div className="card">
          <h3>Share A</h3>
          <p style={{margin:0}}><code>loka</code>-operated TEE in EU region.</p>
        </div>
        <div className="card">
          <h3>Share B</h3>
          <p style={{margin:0}}><code>loka</code>-operated TEE in US region. Separate failure domain.</p>
        </div>
        <div className="card">
          <h3>Share C</h3>
          <p style={{margin:0}}>User-held — e.g. on a passkey, hardware wallet, or self-run enclave. Required to sign anything beyond a low daily-limit policy.</p>
        </div>
      </Grid>
      <p>
        A single-region outage doesn't stop signing (any two shares
        suffice). But <strong>no single operator</strong>, including Loka
        itself, can spend without the user's share — exactly the property
        you want from a "custodial" wallet that protects against the
        operator going rogue.
      </p>

      <H2 id="sec-audit" n={5}>Auditable settlement trail</H2>
      <p>
        Every payment writes an append-only entry to the wallet's audit
        log that bundles:
      </p>
      <Code lang="json">{`{
  "ts":          "2026-04-30T14:21:08.443Z",
  "wallet_id":   "wallet_…",
  "amount_msat": 1000,
  "preimage":    "0x…",       // links to LN settlement
  "policy_hash": "0x…",       // policy the agent agreed to
  "zk_proof":    "0x…",       // proof of policy compliance
  "tee_quote":   "0x…",       // attestation that the TEE signed this
  "share_set":   ["A", "C"]   // which quorum shares co-signed
}`}</Code>
      <p>
        The bundle is hashed into a Merkle root that's periodically
        anchored on-chain. The result: any third party can later
        challenge a payment, demand the proof bundle, and verify it
        offline — without needing to trust Loka's servers, logs, or even
        Loka's continued existence.
      </p>

      <Callout kind="cyan" label="related projects">
        The ZK proving back-end lives in{' '}
        <a className="link" href="https://github.com/loka-network/loka-zk-middleware" target="_blank">
          loka-zk-middleware
        </a>. Agent identity / session policy is established via{' '}
        <a className="link" href="https://github.com/loka-network/agent-did-8004" target="_blank">
          agent-did-8004
        </a>. Both sit one layer below this wallet service.
      </Callout>
    </>
  );
}

window.APS_Security = APS_Security;