Releases: Ashwin-3cS/nautilus-ops
v0.0.7
MemWal relayer template support + nautilus-ops CLI integration
New in this update:
nautilus-memwal-relayer template
Hybrid Rust + TypeScript (relayer + sidecar) TEE inside one enclave:
Rust server (Axum) spawns TypeScript sidecar (Node 22 + tsx/Express)
Single-secret config pattern: MEMWAL_ENV_FILE GitHub secret
BCS-signed API responses (recall/remember/analyze) verifiable on-chain via verify_signed_payload
Endpoints: /api/recall, /api/remember, /api/analyze, /health, /get_attestation, /logs
Integrations:
- Supabase Postgres with pgvector (1024-dim embeddings)
- Upstash Redis for rate limiting (rediss:// TLS)
- Sui testnet for attestation + package storage
- Walrus for blob archival
- OpenRouter LLM (free tier)
- Jina embeddings API
- SEAL decryption (optional)
nautilus-ops CLI additions:
Template detection: Cargo.toml + src/relayer/scripts/ → memwal-relayer
nautilus init --template memwal-relayer
nautilus init-ci auto-generates GitHub Actions workflow with:
Docker build + stagex EIF generation
VSOCK bridge + outbound systemd proxies (Postgres, Redis, Sui, Walrus, OpenAI, SEAL, embedding)
Config delivery via single MEMWAL_ENV_FILE secret → VSOCK:7000
Health check with 130s startup window
Serial console capture in debug mode for troubleshooting
Infrastructure:
- Loopback /8 routing for inter-process TCP (127.0.0.1/8)
- Initramfs mount points (/proc, /sys, /dev/pts, /dev/shm, /run)
- Cargo.lock + sqlx TLS (rustls) + redis TLS (rustls) for musl static builds
- Node 22 + tsx inside Alpine container with musl C++ runtime libs
Documentation:
README updated with memwal-relayer in template table
Config detection logic documented
Security group rules added
CLI reference updated
Reference implementations section expanded
v0.0.6
nautilus status + nautilus logs + messaging-relayer template support
New in this update:
- nautilus status --host <EC2_IP>
Template-aware enclave observability in one command:- health check against the correct endpoint for each template
- attestation fetch + COSE_Sign1 CBOR parsing
- PCR + public key extraction
- on-chain EnclaveConfig lookup through Sui JSON-RPC
- PCR match / mismatch reporting
- enclave registration visibility
- nautilus logs --host <EC2_IP> [-n lines] [--follow]
Unified log access over HTTP:- fetch recent enclave logs
- follow mode with polling
- consistent JSON contract across templates: {"lines": [...], "count": N}
Templates covered:
- Rust: tracing-backed in-memory ring buffer
- TypeScript: Hono log buffer with console interception
- Python: thread-safe deque ring buffer
- Messaging relayer: enclave logs, membership sync activity, Walrus sync activity
Also included:
- messaging-relayer added as a first-class nautilus-ops template
- nautilus init --template messaging-relayer
- nautilus init-ci --template messaging-relayer
- CI wiring for:
- RELAYER_SUI_RPC_URL
- RELAYER_GROUPS_PACKAGE_ID
- RELAYER_WALRUS_PUBLISHER_URL
- RELAYER_WALRUS_AGGREGATOR_URL
- optional Walrus sync tuning
- automatic host-side inbound/outbound enclave networking for the relayer template
- relayer E2E flow verified:
- encrypted send / fetch / decrypt
- enclave-signed delivery responses
- Walrus archival confirmed live
- fixed --template passthrough and relayer-specific CLI handling
- READMEs updated across the repos
v0.0.5
nautilus status + nautilus logs — enclave observability
New commands:
nautilus status --host <EC2_IP>
Single dashboard showing enclave health, attestation, and on-chain config:
• Health check — hits template-aware endpoint (/health or /health_check)
• Attestation — fetches COSE_Sign1 CBOR, parses PCRs + public key
• On-chain — queries EnclaveConfig via Sui JSON-RPC, compares PCRs with live enclave
• Reports PCR match/mismatch and enclave registration status
nautilus logs --host <EC2_IP> [-n lines] [--follow]
Fetch and follow enclave logs via HTTP:
• GET /logs?lines=N endpoint added to all 3 templates (rust, ts, python)
• Rust: in-memory ring buffer with custom tracing layer (dual stdout + buffer)
• TypeScript: LogBuffer with console.log/error interception in Hono framework
• Python: thread-safe deque-based ring buffer with request logging
• CLI: fetch recent logs or poll continuously with --follow (2s interval)
• All templates return same JSON contract: {"lines": [...], "count": N}
Also:
• Fixed --template flag passthrough for attest, register-enclave, and verify-signature
• READMEs updated across all 4 repos
v0.0.4
New command: nautilus init --template <rust|ts|python> [project-name]
One command to bootstrap a new TEE project:
- Clones the template repo from GitHub (shallow, no history)
- Writes .nautilus.toml with the template configured
- Auto-generates the CI/CD deployment workflow
- Prints setup steps (EC2, GitHub Secrets, first push)
No Rust toolchain, no interactive prompts — just pick a template and go.
Example:
nautilus init --template python my-enclave-app
cd my-enclave-app
git init && git remote add origin
Add GitHub Secrets, push to main → enclave deploys
Templates:
rust -> github.com/Ashwin-3cS/nautilus-rust
ts -> github.com/Ashwin-3cS/nautilus-ts
python -> github.com/Ashwin-3cS/nautilus-python
Also:
README updated with init workflow, CLI reference, and repo structure.
v0.0.3
Multi-template CLI — adds Python template support (pynacl + stdlib HTTP server), dynamic CID bridge resolution, Containerfile auto-detection, stale EIF cleanup. All three templates (Rust, TypeScript, Python) tested end-to-end on Sui testnet.
What's New
- Python template — Full CLI support across all commands: attest, build, init-ci, register-enclave, update-pcrs, verify-signature. Uses pynacl for Ed25519, direct NSM ioctl (0xC0200A00, iovec struct) for attestation, Python stdlib HTTP server on port 5000
- Template auto-detection — Python projects detected via requirements.txt + app.py. Containerfile auto-detected when Dockerfile doesn't exist
- Dynamic CID bridge — Python VSOCK bridge resolves enclave CID at service start via wrapper script, survives enclave relaunches without manual fix
- Stale EIF cleanup — All templates rm -rf out before build, preventing failed builds from launching old artifacts
v0.0.2
Multi-template CLI — adds TypeScript template support (Bun + argonaut), CBOR attestation parsing, verify_signed_data on-chain, AL2023 compatibility (dnf/yum auto-detection), sidecar removed. Both Rust and TS templates tested end-to-end.
v0.0.1
Rust template CLI — end-to-end TEE workflow (build, deploy, attest, register, verify-signature) with nautilus-enclave library, on-chain Move contract, and CI/CD pipeline for AWS Nitro Enclaves on Sui.