[[ ":$PATH:" != *":$HOME/.bky:"* ]] && export PATH="$PATH:$HOME/.bky"
ln -sf "$HOME/.bky/bky-as-v0.1.0-beta.12" "$HOME/.bky/bky-as"

# Getting Started with Blocky AS

The Blocky Attestation Service (Blocky AS) gives you access to verifiable
serverless computing. You can use it to create
[TEE attestations](/attestation-service/v0.1.0-beta.12/concepts#attestations-in-the-blocky-attestation-service)
over [function calls](#attesting-wasm-function-calls).
You can also
verify these attestations [on chain](#verifying-attested-function-calls-on-chain)
in your smart contracts or [locally](/attestation-service/v0.1.0-beta.12/verification).

## Setup

To use Blocky AS, you need to install and configure the
[Blocky AS CLI](https://github.com/blocky/attestation-service-cli),
`bky-as`, and configure it.
You'll also need to install the
[Blocky Compiler](https://github.com/blocky/compiler)
and several utility tools, if you don't have them already on your system.

1. Install `bky-as` by running:
curl -s https://raw.githubusercontent.com/blocky/attestation-service-cli/refs/tags/v0.1.0-beta.12/install.sh | bash
Although you can run `bky-as` from the current directory, we recommend you
move it into your `$PATH`, so that you can run it from any directory,
including the directories used in our examples throughout the documentation.
You can put `bky-as` in `/usr/local/bin` by running:

```bash
sudo mv bky-as /usr/local/bin
```
2. The `bky-as` install script also downloads `config.toml`, the default
`bky-as` configuration file. Set the code measurement of the current release
of the Blocky AS server application in the `acceptable_measurements` section
of `config.toml` by running:
CODE_MEASUREMENT=$(curl -s https://docs.blocky.rocks/v0.1.0-beta.12/code_measurement.toml)
RELEASE_CODE=$(grep -oP 'code\s*=\s*"\K[^"]+' <<<"$CODE_MEASUREMENT")
sed -i "s/[0]{96}.[0]{96}.[0]{96}/$RELEASE_CODE/" config.toml
> The [releases](/releases) page documents the code measurements of
the Blocky AS server application for each release. You can learn more
about the role of code measurements in the
[verification](/attestation-service/v0.1.0-beta.12/verification) process.
3. (Optional) Configure `config.toml` to call Blocky AS on cloud TEE servers. Go
to the [Blocky Developer Portal](https://portal.bky.sh) to create an account
and get your free Blocky AS API key. Set the API key and the URL of the
Blocky AS server in `config.toml` by running:

```bash
BKY_AS_API_KEY=your_api_key_here
BKY_AS_HOST=http://api.bky.sh/prod/delphi/v0.1.0-beta.12
sed -i \
   -e "s|^\(auth_token *= *\)\".*\"|\1\"$BKY_AS_API_KEY\"|" \
   -e "s|^\(host *= *\)\".*\"|\1\"$BKY_AS_HOST\"|" \
   config.toml
```
> Note that if you skip this step and leave the `host="local-server"` in
`config.toml`, `bky-as` will start a local, non-TEE server for local
testing and development.
4. (Recommended) Move `config.toml` to a well-known location. The `bky-as` command
will look for `config.toml` in the current directory,
`./configs`, `$HOME/.config/bky/bky-as` or you can specify the location using
the `--config` command line argument to `bky-as`. You can move `config.toml`
to `$HOME/.config/bky/bky-as` by running:

```bash
mkdir -p $HOME/.config/bky/bky-as
mv config.toml $HOME/.config/bky/bky-as/
```
5. Install the [Blocky Compiler](https://github.com/blocky/compiler), `bky-c`,
to compile your code to WebAssembly (WASM) for execution by Blocky AS.
curl -s https://raw.githubusercontent.com/blocky/compiler/refs/heads/main/install.sh 
| bash -s -- -v v0.1.0-beta.2
Although you can run `bky-c` from the current directory, we recommend you
move it into your `$PATH`, so that you can run it from any directory,
including the directories used in our examples throughout the documentation.
You can put `bky-c` in `/usr/local/bin` by running:

```bash
sudo mv bky-c /usr/local/bin
```
6. If you don't have it already on your system, install
[jq](https://jqlang.org/) to parse JSON data.
7. If you don't have it already on your system, install
[npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm)
to run smart contract tests.


## Attesting WASM Function Calls

The Attestation Service CLI supports the `attest-fn-call` command
which allows you to send [WebAssembly (WASM)](https://webassembly.org/)
functions for execution on a TEE in a serverless compute model. Use the
`attest-fn-call` command to execute resource-intensive tasks over API data
to accelerate your smart contracts and lower your gas costs.


```mermaid
%%{init: {'theme':'neutral'}}%%
%%{init: { 'sequence': {'mirrorActors': false} }}%%
sequenceDiagram
    actor user as User
    participant AS as Blocky <br> Attestation Service
    participant api as web2 API

    note left of user: Invoke attest-fn-call
    user ->> AS: WASM Function <br> Encrypted Environment
    activate AS
    loop WASM Runtime
    AS ->> api: Request
    api --) AS: Response
    end
    
    AS --) user: Attestation
    deactivate AS
```

At a high level, a User invokes the `attest-fn-call` command and sends a
compiled WASM Function and an Encrypted Environment, containing function
parameters, to the Attestation Service running on a TEE. The Attestation Service
decrypts the Environment, starts a WASM Runtime, and invokes the user Function
with the decrypted parameters. As a part of its execution, the function may also
make requests to external web2 APIs. Finally, the Attestation Service returns a
TEE Attestation over the WASM function execution and its results to the User.

To attest a simple function call using Blocky AS, follow these steps:

1. Clone the Blocky AS
[examples repository](https://github.com/blocky/attestation-service-examples/tree/release/v0.1.0-beta.12)
and navigate to the `attest_fn_call` directory:
git clone --branch v0.1.0-beta.12 git@github.com:blocky/attestation-service-examples.git
cd attestation-service-examples/attest_fn_call
2. Inspect the `helloWorld` function in
[main.go](https://github.com/blocky/attestation-service-examples/tree/release/v0.1.0-beta.12/attest_fn_call/main.go):

3. Compile
[main.go](https://github.com/blocky/attestation-service-examples/tree/release/v0.1.0-beta.12/attest_fn_call/main.go)
to WASM:
bky-c build --reproducible . ./main.wasm
4. Invoke the function on a Blocky AS server with the `bky-as` CLI and save
its response to `out.json`:
cat fn-call.json | bky-as attest-fn-call > out.json
5. Parse the attested function call output from `out.json`:
jq -r ".transitive_attested_function_call.claims.output | @base64d" out.json


To learn more the about the `attest-fn-call` command, explore
[Attesting Function Calls](/attestation-service/v0.1.0-beta.12/attest-fn-call) page.

## Verifying Attested Function Calls On Chain

You can bring attested function calls onchain and trustlessly verify them in
your smart contracts to bring the power of TEEs into your dApp or ecosystem to
unlock developer creativity.


```mermaid
%%{init: {'theme':'neutral'}}%%
%%{init: { 'sequence': {'mirrorActors': false} }}%%
%%{init: { 'sequence': {'actorMargin': 150} }}%%
sequenceDiagram
    actor user as User
    participant AS as Blocky 
    participant sc as Smart Contract

    user ->> AS: Invocation
    activate AS
    AS --) user: Attestation
    deactivate AS


    user ->> sc: Attestation #nbsp; #nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp;#nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; #nbsp; 
    activate sc
    deactivate sc
```

At a high level, the User invokes the Blocky Attestation Service and obtains a
TEE Attestation. The User calls a Smart Contract with the serialized
Attestation as a parameter. Finally, the Smart Contract verifies the Attestation
and makes use of the attested data.

To verify a Blocky AS function call attestation in a smart contract, follow these steps:

1. Change to the `on_chain` directory of the `attestation-service-examples` repository:
cd ../on_chain
2. Install dependencies by running:
npm install
3. Invoke the
[contracts/User.sol](https://github.com/blocky/attestation-service-examples/tree/release/v0.1.0-beta.12/on_chain/contracts/User.sol)
contract to verify the attestations you created
in [Attesting WASM Function Calls](#attesting-wasm-function-calls):
TA_FILE=$(realpath ../attest_fn_call/out.json) npx hardhat test --grep "User contract"
The call runs a Hardhat test that starts a local Ethereum testnet,
deploys the
[User](https://github.com/blocky/attestation-service-examples/tree/release/v0.1.0-beta.12/on_chain/contracts/User.sol),
contract and calls it with the attested function call as calldata.


To learn more the about bringing attestations on chain, explore
[Bringing Attestations On Chain](/attestation-service/v0.1.0-beta.12/on-chain) page.

rm -f bky-as
rm -f config.toml
rm -f bky-c
rm -rf attestation-service-examples