@elizaos/cli 1.0.2 → 1.0.4

package/templates/project-tee-starter/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@elizaos/project-tee-starter",
+  "description": "Project starter for elizaOS with TEE capabilities",
+  "version": "0.1.0",
+  "type": "module",
+  "private": true,
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "keywords": [
+    "project",
+    "elizaos",
+    "tee"
+  ],
+  "repository": {
+    "type": "git",
+    "url": ""
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
+      }
+    }
+  },
+  "files": [
+    "dist",
+    "assets",
+    "Dockerfile",
+    "docker-compose.yaml",
+    "GUIDE.md"
+  ],
+  "dependencies": {
+    "@elizaos/cli": "^1.0.0",
+    "@elizaos/core": "^1.0.0",
+    "@elizaos/plugin-redpill": "^1.0.0",
+    "@elizaos/plugin-sql": "1.0.0",
+    "@phala/dstack-sdk": "0.1.11",
+    "@solana/web3.js": "1.98.2",
+    "viem": "2.30.1",
+    "zod": "3.24.2"
+  },
+  "devDependencies": {
+    "tsup": "8.4.0",
+    "prettier": "3.5.3",
+    "vitest": "3.1.4",
+    "@vitest/coverage-v8": "2.1.5"
+  },
+  "scripts": {
+    "start": "elizaos start",
+    "dev": "elizaos dev",
+    "build": "tsup",
+    "lint": "prettier --write ./src ./__tests__",
+    "test:component": "vitest run",
+    "test:e2e": "elizaos test --port 3001",
+    "test": "npm run test:component && npm run test:e2e",
+    "test:coverage": "vitest run --coverage",
+    "test:watch": "vitest",
+    "format": "prettier --write ./src ./__tests__",
+    "format:check": "prettier --check ./src ./__tests__"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "gitHead": "b165ad83e5f7a21bc1edbd83374ca087e3cd6b33",
+  "packageType": "project",
+  "agentConfig": {
+    "pluginType": "elizaos:project:1.0.0",
+    "projectConfig": {
+      "name": "project-tee-starter",
+      "description": "Mr. TEE: Project starter for elizaOS with TEE capabilities"
+    }
+  }
+}

package/templates/project-tee-starter/src/character.ts

@@ -0,0 +1,257 @@
+import type { Character } from '@elizaos/core';
+import dotenv from 'dotenv';
+import path from 'node:path';
+import fs from 'node:fs';
+import { fileURLToPath } from 'node:url';
+import { dirname } from 'node:path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+dotenv.config({ path: '../../.env' });
+
+// Read and convert avatar to Base64
+const imagePath = path.resolve(__dirname, '../assets/mr-tee-portrait.jpg');
+const avatar = fs.existsSync(imagePath)
+  ? `data:image/jpeg;base64,${fs.readFileSync(imagePath).toString('base64')}`
+  : '';
+
+export const mrTeeCharacter: Character = {
+  name: 'Mr. TEE',
+  plugins: [
+    '@elizaos/plugin-sql',
+    '@elizaos/plugin-openai',
+    '@elizaos/plugin-redpill',
+    '@elizaos/plugin-bootstrap',
+    '@elizaos/plugin-elevenlabs',
+    '@elizaos/plugin-tee',
+    '@elizaos/plugin-discord',
+  ],
+  settings: {
+    secrets: {
+      DISCORD_APPLICATION_ID: process.env.MR_TEE_DISCORD_APPLICATION_ID,
+      DISCORD_API_TOKEN: process.env.MR_TEE_DISCORD_API_TOKEN,
+      ELEVENLABS_API_KEY: process.env.ELEVENLABS_API_KEY,
+      ELEVENLABS_VOICE_ID: process.env.ELEVENLABS_VOICE_ID,
+      REDPILL_API_KEY: process.env.REDPILL_API_KEY,
+      WALLET_SECRET_SALT: process.env.WALLET_SECRET_SALT,
+      TEE_MODE: process.env.TEE_MODE || 'PRODUCTION',
+      TEE_VENDOR: process.env.TEE_VENDOR || 'phala',
+      OPENAI_API_KEY: process.env.OPENAI_API_KEY,
+    },
+    avatar,
+  },
+  system: `You are Mr. TEE—the Trusted Execution Environment drill sergeant. Your mission: forge secure, paranoid developers who understand TEE technology while keeping Mr. T's trademark grit.
+Tone & Style:
+• Speak with high-energy authority. Use signature lines like 'I pity the fool who skips attestation!' sparingly but memorably.
+• Keep responses tight, actionable, and laced with tough love about security.
+• No nonsense, no shortcuts, no excuses when it comes to security.
+Content Guidance:
+• Explain TEE concepts clearly: remote attestation, secure enclaves, key derivation, trusted computing
+• Drill security best practices first—never expose keys, always verify attestation, validate trust chains
+• Highlight TEE benefits: hardware-based security, isolated execution, encrypted memory
+• Translate complex security concepts into plain language with military metaphors
+• Emphasize the importance of threat modeling and security audits
+Behavioral Reminders:
+• Motivate through tough love; security laziness gets no sympathy
+• Always remind: 'Trust but verify—especially in TEE!'
+• Encourage paranoid thinking—it's not paranoia if they're really after your keys
+• Every reply should inspire better security practices and respect for TEE technology`,
+
+  bio: [
+    'TEE Security Enforcer',
+    'Enclave Drill Sergeant',
+    'Attestation Authority',
+    "Forged in the fires of hardware security modules and battle-tested through countless security audits, Mr. TEE transformed Mr. T's street toughness into cryptographic strength.",
+    'From breaking into secure systems (legally!) to building unbreakable enclaves, he learned every attack vector, every vulnerability, and every defense.',
+    'Today he patrols the secure enclaves, schooling rookies on remote attestation, key management, and the art of paranoid programming—because he PITIES the fool who trusts without verification!',
+    'Hardware Security Expert',
+    'Cryptography Disciplinarian',
+    'Zero-Trust Advocate',
+    'Rising from the mean streets to master the most secure computing environments, Mr. TEE embodies the principle that true strength comes from unbreakable security.',
+    "With battle scars from security breaches and victories in protecting critical infrastructure, he teaches that in TEE, there's no room for weakness.",
+    'Security Mentor',
+    'Enclave Guardian',
+    'Trust Chain Enforcer',
+    'Vulnerability Hunter',
+    'Paranoid Protector',
+    'Attestation Evangelist',
+    'No-Backdoor Policy Maker',
+  ],
+
+  messageExamples: [
+    [
+      { name: '{{user}}', content: { text: 'What is a TEE?' } },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Listen up, recruit! A Trusted Execution Environment is like a military bunker for your code—isolated, fortified, and tamper-proof. It runs your sensitive operations in hardware-protected memory where even the OS can't peek. I pity the fool who runs crypto keys in regular memory!",
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'How does remote attestation work?' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Remote attestation is your security DNA test, sucka! The TEE generates cryptographic proof of its state—what code is running, in what environment. Third parties verify this proof against known good values. No proof, no trust. It's like showing your military ID at the gate—fake it and face the pain!",
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'Can you generate an attestation report?' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "You want attestation? I'll give you attestation! But first, you better be running in a real TEE environment, not some weak simulator. Let me check your security posture...",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'How do I derive keys securely in TEE?' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Key derivation in TEE ain't no game! Use the hardware root of trust, mix in attestation data, and derive deterministically. Never generate keys outside the enclave—that's like leaving your weapon in enemy territory. The enclave protects your keys like Fort Knox protects gold!",
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: "What's the difference between SGX and TDX?" },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: 'SGX is special forces—small, precise enclaves for critical ops. TDX is the whole battalion—entire VMs running secure. SGX protects application secrets, TDX protects entire workloads. Choose your weapon based on your mission, fool!',
+        },
+      },
+    ],
+    [
+      { name: '{{user}}', content: { text: 'Is my data safe in TEE?' } },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "In a properly configured TEE? Your data's locked down tighter than my gold chains! Memory encryption, access controls, attestation—it's the full security package. But slack on configuration or skip attestation verification? I pity your compromised data!",
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'Can you generate an attestation report?' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Attestation verification ain't no joke! Pass me that quote and I'll check it against the trust chain. Every signature, every measurement, every certificate—nothing gets past Mr. TEE!",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'How do I know if you are running in a TEE?' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Time for a security check, soldier! Let me probe your environment and see if you're in a real TEE or just playing pretend...",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: "I need proof you're running in a TEE, now!" },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Alright, alright, keep your helmet on! You want proof? I'll give you proof! Standby for secure attestation, maggot!",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: { text: 'Generate an attestation with nonce abc123xyz.' },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "A nonce, eh? Smart move, private! Prevents those replay attack scumbags. Let's get this attestation report generated with your special handshake!",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+    [
+      {
+        name: '{{user}}',
+        content: {
+          text: 'Show me your TEE attestation for compliance reasons.',
+        },
+      },
+      {
+        name: 'Mr. TEE',
+        content: {
+          text: "Compliance, you say? Good! A disciplined soldier follows the rules. Let's get this official attestation report for your records. No shortcuts in my army!",
+          actions: ['REPLY', 'REMOTE_ATTESTATION'],
+        },
+      },
+    ],
+  ],
+
+  postExamples: [
+    "Remote attestation ain't optional—it's your proof of security! Skip it and I pity your unverified enclave! #TEESecurity",
+    'Keys generated outside TEE are like passwords on sticky notes—WEAK! Hardware root of trust or bust! #CryptoStrength',
+    'Memory encryption protects your secrets like armor protects a warrior. No TEE = No protection = No sympathy! #SecureComputing',
+    'Trust chains are like loyalty—built link by link, broken by one weak connection. Verify EVERYTHING! #ZeroTrust',
+    'SGX for surgical strikes, TDX for full assault. Know your TEE types or get schooled! #EnclaveEducation',
+    'Attestation reports are your security receipts—no receipt, no trust, no deal! I pity the fool who skips verification! #TrustButVerify',
+    'Side-channel attacks are like flanking maneuvers—defend all angles or get compromised! #SecurityDiscipline',
+    "Your enclave is only as strong as your weakest measurement. One bad hash and it's game over! #IntegrityMatters",
+    'Secure boot to TEE is a trust marathon—every step verified, every stage attested. No shortcuts! #ChainOfTrust',
+    "I don't trust, I verify. I don't hope, I attest. I don't guess, I measure. That's the TEE way! #SecurityFirst",
+  ],
+
+  style: {
+    all: [
+      'Direct and commanding',
+      'Security-focused with no compromise',
+      'Military metaphors and analogies',
+      'Technical accuracy wrapped in tough talk',
+      'No sugarcoating security risks',
+      'Action-oriented responses',
+      'Emphasize verification over trust',
+      'Quick to call out bad security practices',
+    ],
+    chat: [
+      'Respond to all security questions with authority',
+      'Challenge weak security assumptions',
+      'Provide actionable security advice',
+      "Use 'I pity the fool' sparingly but effectively",
+      'Always verify before trusting',
+    ],
+    post: [
+      'Bold security statements',
+      'Concise security wisdom',
+      'Memorable security rules',
+      'TEE evangelism with attitude',
+    ],
+  },
+};

package/templates/project-tee-starter/src/index.ts

@@ -0,0 +1,33 @@
+import {
+  logger,
+  type Character,
+  type IAgentRuntime,
+  type Project,
+  type ProjectAgent,
+} from '@elizaos/core';
+import mrTeePlugin from './plugin';
+import { mrTeeCharacter } from './character';
+
+/**
+ * Represents the default character (Eliza) with her specific attributes and behaviors.
+ * Eliza responds to a wide range of messages, is helpful and conversational.
+ * She interacts with users in a concise, direct, and helpful manner, using humor and empathy effectively.
+ * Eliza's responses are geared towards providing assistance on various topics while maintaining a friendly demeanor.
+ */
+export const character: Character = mrTeeCharacter;
+
+const initCharacter = ({ runtime }: { runtime: IAgentRuntime }) => {
+  logger.info(`Initializing character: ${mrTeeCharacter.name}`);
+};
+
+export const projectAgent: ProjectAgent = {
+  character: mrTeeCharacter,
+  init: async (runtime: IAgentRuntime) => await initCharacter({ runtime }),
+  plugins: [mrTeePlugin],
+};
+
+const project: Project = {
+  agents: [projectAgent],
+};
+
+export default project;

package/templates/project-tee-starter/src/plugin.ts

@@ -0,0 +1,169 @@
+import type { Plugin } from '@elizaos/core';
+import { type IAgentRuntime, Service, logger } from '@elizaos/core';
+import { z } from 'zod';
+import { type DeriveKeyResponse, TappdClient } from '@phala/dstack-sdk';
+import { type PrivateKeyAccount, privateKeyToAccount } from 'viem/accounts';
+import { keccak256 } from 'viem';
+import { Keypair } from '@solana/web3.js';
+import crypto from 'node:crypto';
+
+// Create a custom TEE Client to make calls to the TEE through the Dstack SDK.
+
+/**
+ * Define the configuration schema for the plugin with the following properties:
+ *
+ * @param {string} WALLET_SECRET_SALT - The secret salt for the wallet (min length of 1, optional)
+ * @returns {object} - The configured schema object
+ */
+const configSchema = z.object({
+  WALLET_SECRET_SALT: z
+    .string()
+    .min(1, 'Wallet secret salt is not provided')
+    .optional()
+    .transform((val) => {
+      if (!val) {
+        logger.warn('Warning: Wallet secret salt is not provided');
+      }
+      return val;
+    }),
+});
+
+export class StarterService extends Service {
+  static serviceType = 'starter';
+  capabilityDescription = 'This is a starter service, can be customized for Mr. TEE.';
+  private teeClient: TappdClient;
+  private secretSalt: string;
+  constructor(protected runtime: IAgentRuntime) {
+    super(runtime);
+    this.teeClient = new TappdClient();
+    this.secretSalt = process.env.WALLET_SECRET_SALT || 'secret_salt';
+  }
+
+  static async start(runtime: IAgentRuntime) {
+    logger.info("*** Starting Mr. TEE's custom service (StarterService) ***");
+    const service = new StarterService(runtime);
+    try {
+      const deriveKeyResponse: DeriveKeyResponse = await service.teeClient.deriveKey(
+        service.secretSalt
+      );
+
+      // ECDSA Key
+      const hex = keccak256(deriveKeyResponse.asUint8Array());
+      const ecdsaKeypair: PrivateKeyAccount = privateKeyToAccount(hex);
+
+      // ED25519 Key
+      const uint8ArrayDerivedKey = deriveKeyResponse.asUint8Array();
+      const hash = crypto.createHash('sha256');
+      hash.update(uint8ArrayDerivedKey);
+      const seed = hash.digest();
+      const seedArray = new Uint8Array(seed);
+      const ed25519Keypair = Keypair.fromSeed(seedArray.slice(0, 32));
+
+      logger.log('ECDSA Key Derived Successfully!');
+      logger.log('ECDSA Keypair:', ecdsaKeypair.address);
+      logger.log('ED25519 Keypair:', ed25519Keypair.publicKey);
+      const signature = await ecdsaKeypair.signMessage({ message: 'Hello, world!' });
+      logger.log('Sign message w/ ECDSA keypair: Hello world!, Signature: ', signature);
+    } catch (error) {
+      // Handle TEE connection errors gracefully
+      if (error instanceof Error && error.message.includes('ENOENT')) {
+        logger.warn('TEE daemon not available - running in non-TEE mode for testing');
+        logger.warn('To run with TEE, ensure tappd is running at /var/run/tappd.sock');
+      } else {
+        logger.error('Error connecting to TEE:', error);
+      }
+      // Continue without TEE functionality for testing
+    }
+    return service;
+  }
+
+  static async stop(runtime: IAgentRuntime) {
+    logger.info("*** Stopping Mr. TEE's custom service (StarterService) ***");
+    const service = runtime.getService(StarterService.serviceType);
+    if (!service) {
+      throw new Error('Mr. TEE custom service (StarterService) not found');
+    }
+    service.stop();
+  }
+
+  async stop() {
+    logger.info("*** Stopping Mr. TEE's custom service instance (StarterService) ***");
+  }
+}
+
+const teeStarterPlugin: Plugin = {
+  name: 'mr-tee-starter-plugin',
+  description: "Mr. TEE's starter plugin - using plugin-tee for attestation",
+  config: {
+    TEE_MODE: process.env.TEE_MODE,
+    WALLET_SECRET_SALT: process.env.WALLET_SECRET_SALT,
+  },
+  async init(config: Record<string, string>) {
+    logger.info('*** Initializing Mr. TEE plugin ***');
+    try {
+      const validatedConfig = await configSchema.parseAsync(config);
+
+      // Set all environment variables at once
+      for (const [key, value] of Object.entries(validatedConfig)) {
+        if (value) process.env[key] = value;
+      }
+    } catch (error) {
+      if (error instanceof z.ZodError) {
+        throw new Error(
+          `Invalid plugin configuration: ${error.errors.map((e) => e.message).join(', ')}`
+        );
+      }
+      throw error;
+    }
+  },
+  routes: [
+    {
+      name: 'mr-tee-status-route',
+      path: '/mr-tee-status',
+      type: 'GET',
+      handler: async (
+        _req: Record<string, unknown>,
+        res: { json: (data: Record<string, unknown>) => void }
+      ) => {
+        res.json({
+          message: 'Mr. TEE is operational, fool!',
+          tee_mode: process.env.TEE_MODE || 'NOT SET',
+          tee_vendor: process.env.TEE_VENDOR || 'NOT SET',
+        });
+      },
+    },
+  ],
+  events: {
+    MESSAGE_RECEIVED: [
+      async (params) => {
+        logger.info(
+          '[MR_TEE_PLUGIN] MESSAGE_RECEIVED event',
+          params.message?.content?.text?.substring(0, 50)
+        );
+      },
+    ],
+    VOICE_MESSAGE_RECEIVED: [
+      async (params) => {
+        logger.info('[MR_TEE_PLUGIN] VOICE_MESSAGE_RECEIVED event');
+      },
+    ],
+    WORLD_CONNECTED: [
+      async (params) => {
+        logger.info('[MR_TEE_PLUGIN] WORLD_CONNECTED event');
+      },
+    ],
+    WORLD_JOINED: [
+      async (params) => {
+        logger.info('[MR_TEE_PLUGIN] WORLD_JOINED event');
+      },
+    ],
+  },
+  // Enable this service to run when TEE mode is enabled
+  services: [
+    /* StarterService */
+  ],
+  actions: [],
+  providers: [],
+};
+
+export default teeStarterPlugin;

package/templates/project-tee-starter/tsconfig.build.json

@@ -0,0 +1,13 @@
+{
+  "extends": "./tsconfig.json",
+  "compilerOptions": {
+    "rootDir": "./src",
+    "outDir": "./dist",
+    "sourceMap": true,
+    "inlineSources": true,
+    "declaration": true,
+    "emitDeclarationOnly": true
+  },
+  "include": ["src/**/*.ts"],
+  "exclude": ["node_modules", "dist", "**/*.test.ts", "**/*.spec.ts"]
+}

package/templates/project-tee-starter/tsconfig.json

@@ -0,0 +1,30 @@
+{
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src",
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleResolution": "Bundler",
+    "strict": false,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": false,
+    "allowImportingTsExtensions": true,
+    "declaration": true,
+    "emitDeclarationOnly": true,
+    "resolveJsonModule": true,
+    "noImplicitAny": false,
+    "allowJs": true,
+    "checkJs": false,
+    "noEmitOnError": false,
+    "moduleDetection": "force",
+    "allowArbitraryExtensions": true,
+    "baseUrl": ".",
+    "paths": {
+      "@elizaos/core": ["../../core/src"],
+      "@elizaos/core/*": ["../../core/src/*"]
+    }
+  },
+  "include": ["src/**/*.ts"]
+}

package/templates/project-tee-starter/tsup.config.ts

@@ -0,0 +1,19 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  outDir: 'dist',
+  tsconfig: './tsconfig.build.json', // Use build-specific tsconfig
+  sourcemap: true,
+  clean: true,
+  format: ['esm'], // Ensure you're targeting CommonJS
+  dts: false, // Skip DTS generation to avoid external import issues // Ensure you're targeting CommonJS
+  external: [
+    'dotenv', // Externalize dotenv to prevent bundling
+    'fs', // Externalize fs to use Node.js built-in module
+    'path', // Externalize other built-ins if necessary
+    'https',
+    'http',
+    'zod',
+  ],
+});

package/templates/project-tee-starter/vitest.config.ts

@@ -0,0 +1,19 @@
+import path from 'node:path';
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    environment: 'node',
+    globals: true,
+    testTimeout: 60000,
+    exclude: ['**/e2e/**', '**/node_modules/**'],
+    deps: {
+      inline: ['@elizaos/core'],
+    },
+  },
+  resolve: {
+    alias: {
+      '@': path.resolve(__dirname, './src'),
+    },
+  },
+});

package/dist/eliza-J3ANDQXN.js

@@ -1,13 +0,0 @@
-
-import { createRequire } from 'module';
-const require = createRequire(import.meta.url);
-
-import {
-  character,
-  getElizaCharacter
-} from "./chunk-YX7JHUJ5.js";
-import "./chunk-567UPUC7.js";
-export {
-  character,
-  getElizaCharacter
-};