@elizaos/plugin-tee 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +50 -42
- package/dist/{_esm-L4OBJJWB.js → _esm-FVHF6KDD.js} +5 -5
- package/dist/_esm-FVHF6KDD.js.map +1 -0
- package/dist/{ccip-MMGH6DXX.js → ccip-IAE5UWYX.js} +2 -2
- package/dist/{chunk-NTU6R7BC.js → chunk-KSHJJL6X.js} +18 -18
- package/dist/chunk-KSHJJL6X.js.map +1 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.js +118 -31
- package/dist/index.js.map +1 -1
- package/package.json +4 -5
- package/dist/_esm-L4OBJJWB.js.map +0 -1
- package/dist/chunk-NTU6R7BC.js.map +0 -1
- /package/dist/{ccip-MMGH6DXX.js.map → ccip-IAE5UWYX.js.map} +0 -0
package/dist/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Plugin } from '@elizaos/core';
|
|
2
2
|
import { Keypair } from '@solana/web3.js';
|
|
3
|
-
import { DeriveKeyResponse } from '@phala/dstack-sdk';
|
|
3
|
+
import { DeriveKeyResponse, TdxQuoteHashAlgorithms } from '@phala/dstack-sdk';
|
|
4
4
|
import { PrivateKeyAccount } from 'viem';
|
|
5
5
|
|
|
6
6
|
declare enum TEEMode {
|
|
@@ -33,7 +33,7 @@ declare class DeriveKeyProvider {
|
|
|
33
33
|
declare class RemoteAttestationProvider {
|
|
34
34
|
private client;
|
|
35
35
|
constructor(teeMode?: string);
|
|
36
|
-
generateAttestation(reportData: string): Promise<RemoteAttestationQuote>;
|
|
36
|
+
generateAttestation(reportData: string, hashAlgorithm?: TdxQuoteHashAlgorithms): Promise<RemoteAttestationQuote>;
|
|
37
37
|
}
|
|
38
38
|
|
|
39
39
|
declare const teePlugin: Plugin;
|
package/dist/index.js
CHANGED
|
@@ -41,10 +41,13 @@ import {
|
|
|
41
41
|
toHex,
|
|
42
42
|
trim,
|
|
43
43
|
wrapConstructor
|
|
44
|
-
} from "./chunk-
|
|
44
|
+
} from "./chunk-KSHJJL6X.js";
|
|
45
45
|
import "./chunk-PR4QN5HX.js";
|
|
46
46
|
|
|
47
47
|
// src/providers/remoteAttestationProvider.ts
|
|
48
|
+
import {
|
|
49
|
+
elizaLogger
|
|
50
|
+
} from "@elizaos/core";
|
|
48
51
|
import { TappdClient } from "@phala/dstack-sdk";
|
|
49
52
|
|
|
50
53
|
// src/types/tee.ts
|
|
@@ -64,19 +67,19 @@ var RemoteAttestationProvider = class {
|
|
|
64
67
|
switch (teeMode) {
|
|
65
68
|
case "LOCAL" /* LOCAL */:
|
|
66
69
|
endpoint = "http://localhost:8090";
|
|
67
|
-
|
|
70
|
+
elizaLogger.log(
|
|
68
71
|
"TEE: Connecting to local simulator at localhost:8090"
|
|
69
72
|
);
|
|
70
73
|
break;
|
|
71
74
|
case "DOCKER" /* DOCKER */:
|
|
72
75
|
endpoint = "http://host.docker.internal:8090";
|
|
73
|
-
|
|
76
|
+
elizaLogger.log(
|
|
74
77
|
"TEE: Connecting to simulator via Docker at host.docker.internal:8090"
|
|
75
78
|
);
|
|
76
79
|
break;
|
|
77
80
|
case "PRODUCTION" /* PRODUCTION */:
|
|
78
81
|
endpoint = void 0;
|
|
79
|
-
|
|
82
|
+
elizaLogger.log(
|
|
80
83
|
"TEE: Running in production mode without simulator"
|
|
81
84
|
);
|
|
82
85
|
break;
|
|
@@ -87,12 +90,12 @@ var RemoteAttestationProvider = class {
|
|
|
87
90
|
}
|
|
88
91
|
this.client = endpoint ? new TappdClient(endpoint) : new TappdClient();
|
|
89
92
|
}
|
|
90
|
-
async generateAttestation(reportData) {
|
|
93
|
+
async generateAttestation(reportData, hashAlgorithm) {
|
|
91
94
|
try {
|
|
92
|
-
|
|
93
|
-
const tdxQuote = await this.client.tdxQuote(reportData);
|
|
95
|
+
elizaLogger.log("Generating attestation for: ", reportData);
|
|
96
|
+
const tdxQuote = await this.client.tdxQuote(reportData, hashAlgorithm);
|
|
94
97
|
const rtmrs = tdxQuote.replayRtmrs();
|
|
95
|
-
|
|
98
|
+
elizaLogger.log(
|
|
96
99
|
`rtmr0: ${rtmrs[0]}
|
|
97
100
|
rtmr1: ${rtmrs[1]}
|
|
98
101
|
rtmr2: ${rtmrs[2]}
|
|
@@ -102,7 +105,7 @@ rtmr3: ${rtmrs[3]}f`
|
|
|
102
105
|
quote: tdxQuote.quote,
|
|
103
106
|
timestamp: Date.now()
|
|
104
107
|
};
|
|
105
|
-
|
|
108
|
+
elizaLogger.log("Remote attestation quote: ", quote);
|
|
106
109
|
return quote;
|
|
107
110
|
} catch (error) {
|
|
108
111
|
console.error("Error generating remote attestation:", error);
|
|
@@ -118,8 +121,8 @@ var remoteAttestationProvider = {
|
|
|
118
121
|
const provider = new RemoteAttestationProvider(teeMode);
|
|
119
122
|
const agentId = runtime.agentId;
|
|
120
123
|
try {
|
|
121
|
-
|
|
122
|
-
const attestation = await provider.generateAttestation(agentId);
|
|
124
|
+
elizaLogger.log("Generating attestation for: ", agentId);
|
|
125
|
+
const attestation = await provider.generateAttestation(agentId, "raw");
|
|
123
126
|
return `Your Agent's remote attestation is: ${JSON.stringify(attestation)}`;
|
|
124
127
|
} catch (error) {
|
|
125
128
|
console.error("Error in remote attestation provider:", error);
|
|
@@ -131,6 +134,9 @@ var remoteAttestationProvider = {
|
|
|
131
134
|
};
|
|
132
135
|
|
|
133
136
|
// src/providers/deriveKeyProvider.ts
|
|
137
|
+
import {
|
|
138
|
+
elizaLogger as elizaLogger2
|
|
139
|
+
} from "@elizaos/core";
|
|
134
140
|
import { Keypair } from "@solana/web3.js";
|
|
135
141
|
import crypto from "crypto";
|
|
136
142
|
import { TappdClient as TappdClient2 } from "@phala/dstack-sdk";
|
|
@@ -1349,19 +1355,19 @@ var DeriveKeyProvider = class {
|
|
|
1349
1355
|
switch (teeMode) {
|
|
1350
1356
|
case "LOCAL" /* LOCAL */:
|
|
1351
1357
|
endpoint = "http://localhost:8090";
|
|
1352
|
-
|
|
1358
|
+
elizaLogger2.log(
|
|
1353
1359
|
"TEE: Connecting to local simulator at localhost:8090"
|
|
1354
1360
|
);
|
|
1355
1361
|
break;
|
|
1356
1362
|
case "DOCKER" /* DOCKER */:
|
|
1357
1363
|
endpoint = "http://host.docker.internal:8090";
|
|
1358
|
-
|
|
1364
|
+
elizaLogger2.log(
|
|
1359
1365
|
"TEE: Connecting to simulator via Docker at host.docker.internal:8090"
|
|
1360
1366
|
);
|
|
1361
1367
|
break;
|
|
1362
1368
|
case "PRODUCTION" /* PRODUCTION */:
|
|
1363
1369
|
endpoint = void 0;
|
|
1364
|
-
|
|
1370
|
+
elizaLogger2.log(
|
|
1365
1371
|
"TEE: Running in production mode without simulator"
|
|
1366
1372
|
);
|
|
1367
1373
|
break;
|
|
@@ -1379,35 +1385,37 @@ var DeriveKeyProvider = class {
|
|
|
1379
1385
|
publicKey
|
|
1380
1386
|
};
|
|
1381
1387
|
const reportdata = JSON.stringify(deriveKeyData);
|
|
1382
|
-
|
|
1388
|
+
elizaLogger2.log(
|
|
1389
|
+
"Generating Remote Attestation Quote for Derive Key..."
|
|
1390
|
+
);
|
|
1383
1391
|
const quote = await this.raProvider.generateAttestation(reportdata);
|
|
1384
|
-
|
|
1392
|
+
elizaLogger2.log("Remote Attestation Quote generated successfully!");
|
|
1385
1393
|
return quote;
|
|
1386
1394
|
}
|
|
1387
1395
|
async rawDeriveKey(path, subject) {
|
|
1388
1396
|
try {
|
|
1389
1397
|
if (!path || !subject) {
|
|
1390
|
-
|
|
1398
|
+
elizaLogger2.error(
|
|
1391
1399
|
"Path and Subject are required for key derivation"
|
|
1392
1400
|
);
|
|
1393
1401
|
}
|
|
1394
|
-
|
|
1402
|
+
elizaLogger2.log("Deriving Raw Key in TEE...");
|
|
1395
1403
|
const derivedKey = await this.client.deriveKey(path, subject);
|
|
1396
|
-
|
|
1404
|
+
elizaLogger2.log("Raw Key Derived Successfully!");
|
|
1397
1405
|
return derivedKey;
|
|
1398
1406
|
} catch (error) {
|
|
1399
|
-
|
|
1407
|
+
elizaLogger2.error("Error deriving raw key:", error);
|
|
1400
1408
|
throw error;
|
|
1401
1409
|
}
|
|
1402
1410
|
}
|
|
1403
1411
|
async deriveEd25519Keypair(path, subject, agentId) {
|
|
1404
1412
|
try {
|
|
1405
1413
|
if (!path || !subject) {
|
|
1406
|
-
|
|
1414
|
+
elizaLogger2.error(
|
|
1407
1415
|
"Path and Subject are required for key derivation"
|
|
1408
1416
|
);
|
|
1409
1417
|
}
|
|
1410
|
-
|
|
1418
|
+
elizaLogger2.log("Deriving Key in TEE...");
|
|
1411
1419
|
const derivedKey = await this.client.deriveKey(path, subject);
|
|
1412
1420
|
const uint8ArrayDerivedKey = derivedKey.asUint8Array();
|
|
1413
1421
|
const hash = crypto.createHash("sha256");
|
|
@@ -1419,21 +1427,21 @@ var DeriveKeyProvider = class {
|
|
|
1419
1427
|
agentId,
|
|
1420
1428
|
keypair.publicKey.toBase58()
|
|
1421
1429
|
);
|
|
1422
|
-
|
|
1430
|
+
elizaLogger2.log("Key Derived Successfully!");
|
|
1423
1431
|
return { keypair, attestation };
|
|
1424
1432
|
} catch (error) {
|
|
1425
|
-
|
|
1433
|
+
elizaLogger2.error("Error deriving key:", error);
|
|
1426
1434
|
throw error;
|
|
1427
1435
|
}
|
|
1428
1436
|
}
|
|
1429
1437
|
async deriveEcdsaKeypair(path, subject, agentId) {
|
|
1430
1438
|
try {
|
|
1431
1439
|
if (!path || !subject) {
|
|
1432
|
-
|
|
1440
|
+
elizaLogger2.error(
|
|
1433
1441
|
"Path and Subject are required for key derivation"
|
|
1434
1442
|
);
|
|
1435
1443
|
}
|
|
1436
|
-
|
|
1444
|
+
elizaLogger2.log("Deriving ECDSA Key in TEE...");
|
|
1437
1445
|
const deriveKeyResponse = await this.client.deriveKey(path, subject);
|
|
1438
1446
|
const hex = keccak256(deriveKeyResponse.asUint8Array());
|
|
1439
1447
|
const keypair = privateKeyToAccount(hex);
|
|
@@ -1441,10 +1449,10 @@ var DeriveKeyProvider = class {
|
|
|
1441
1449
|
agentId,
|
|
1442
1450
|
keypair.address
|
|
1443
1451
|
);
|
|
1444
|
-
|
|
1452
|
+
elizaLogger2.log("ECDSA Key Derived Successfully!");
|
|
1445
1453
|
return { keypair, attestation };
|
|
1446
1454
|
} catch (error) {
|
|
1447
|
-
|
|
1455
|
+
elizaLogger2.error("Error deriving ecdsa key:", error);
|
|
1448
1456
|
throw error;
|
|
1449
1457
|
}
|
|
1450
1458
|
}
|
|
@@ -1456,7 +1464,7 @@ var deriveKeyProvider = {
|
|
|
1456
1464
|
const agentId = runtime.agentId;
|
|
1457
1465
|
try {
|
|
1458
1466
|
if (!runtime.getSetting("WALLET_SECRET_SALT")) {
|
|
1459
|
-
|
|
1467
|
+
elizaLogger2.error(
|
|
1460
1468
|
"Wallet secret salt is not configured in settings"
|
|
1461
1469
|
);
|
|
1462
1470
|
return "";
|
|
@@ -1478,22 +1486,101 @@ var deriveKeyProvider = {
|
|
|
1478
1486
|
evm: evmKeypair.keypair.address
|
|
1479
1487
|
});
|
|
1480
1488
|
} catch (error) {
|
|
1481
|
-
|
|
1489
|
+
elizaLogger2.error("Error creating PublicKey:", error);
|
|
1482
1490
|
return "";
|
|
1483
1491
|
}
|
|
1484
1492
|
} catch (error) {
|
|
1485
|
-
|
|
1493
|
+
elizaLogger2.error("Error in derive key provider:", error.message);
|
|
1486
1494
|
return `Failed to fetch derive key information: ${error instanceof Error ? error.message : "Unknown error"}`;
|
|
1487
1495
|
}
|
|
1488
1496
|
}
|
|
1489
1497
|
};
|
|
1490
1498
|
|
|
1499
|
+
// src/actions/remoteAttestation.ts
|
|
1500
|
+
import { fetch } from "undici";
|
|
1501
|
+
function hexToUint8Array(hex) {
|
|
1502
|
+
hex = hex.trim();
|
|
1503
|
+
if (!hex) {
|
|
1504
|
+
throw new Error("Invalid hex string");
|
|
1505
|
+
}
|
|
1506
|
+
if (hex.startsWith("0x")) {
|
|
1507
|
+
hex = hex.substring(2);
|
|
1508
|
+
}
|
|
1509
|
+
if (hex.length % 2 !== 0) {
|
|
1510
|
+
throw new Error("Invalid hex string");
|
|
1511
|
+
}
|
|
1512
|
+
const array = new Uint8Array(hex.length / 2);
|
|
1513
|
+
for (let i = 0; i < hex.length; i += 2) {
|
|
1514
|
+
const byte = parseInt(hex.slice(i, i + 2), 16);
|
|
1515
|
+
if (isNaN(byte)) {
|
|
1516
|
+
throw new Error("Invalid hex string");
|
|
1517
|
+
}
|
|
1518
|
+
array[i / 2] = byte;
|
|
1519
|
+
}
|
|
1520
|
+
return array;
|
|
1521
|
+
}
|
|
1522
|
+
async function uploadUint8Array(data) {
|
|
1523
|
+
const blob = new Blob([data], { type: "application/octet-stream" });
|
|
1524
|
+
const formData = new FormData();
|
|
1525
|
+
formData.append("file", blob, "quote.bin");
|
|
1526
|
+
return await fetch("https://proof.t16z.com/api/upload", {
|
|
1527
|
+
method: "POST",
|
|
1528
|
+
body: formData
|
|
1529
|
+
});
|
|
1530
|
+
}
|
|
1531
|
+
var remoteAttestationAction = {
|
|
1532
|
+
name: "REMOTE_ATTESTATION",
|
|
1533
|
+
similes: ["REMOTE_ATTESTATION", "TEE_REMOTE_ATTESTATION", "TEE_ATTESTATION"],
|
|
1534
|
+
description: "Generate a remote attestation to prove that the agent is running in a TEE",
|
|
1535
|
+
handler: async (runtime, _message, _state, _options, callback) => {
|
|
1536
|
+
try {
|
|
1537
|
+
const agentId = runtime.agentId;
|
|
1538
|
+
const teeMode = runtime.getSetting("TEE_MODE");
|
|
1539
|
+
const provider = new RemoteAttestationProvider(teeMode);
|
|
1540
|
+
const attestation = await provider.generateAttestation(agentId, "raw");
|
|
1541
|
+
const attestationData = hexToUint8Array(attestation.quote);
|
|
1542
|
+
const response = await uploadUint8Array(attestationData);
|
|
1543
|
+
const data = await response.json();
|
|
1544
|
+
callback({
|
|
1545
|
+
text: `Here's my \u{1F9FE} RA Quote \u{1FAE1}
|
|
1546
|
+
https://proof.t16z.com/reports/${data.checksum}`,
|
|
1547
|
+
action: "NONE"
|
|
1548
|
+
});
|
|
1549
|
+
return true;
|
|
1550
|
+
} catch (error) {
|
|
1551
|
+
console.error("Failed to fetch remote attestation: ", error);
|
|
1552
|
+
return false;
|
|
1553
|
+
}
|
|
1554
|
+
},
|
|
1555
|
+
validate: async (_runtime) => {
|
|
1556
|
+
return true;
|
|
1557
|
+
},
|
|
1558
|
+
examples: [
|
|
1559
|
+
[
|
|
1560
|
+
{
|
|
1561
|
+
user: "{{user1}}",
|
|
1562
|
+
content: {
|
|
1563
|
+
text: "If you are running in a TEE, generate a remote attestation"
|
|
1564
|
+
}
|
|
1565
|
+
},
|
|
1566
|
+
{
|
|
1567
|
+
user: "{{user2}}",
|
|
1568
|
+
content: {
|
|
1569
|
+
text: "Of course, one second...",
|
|
1570
|
+
action: "REMOTE_ATTESTATION"
|
|
1571
|
+
}
|
|
1572
|
+
}
|
|
1573
|
+
]
|
|
1574
|
+
]
|
|
1575
|
+
};
|
|
1576
|
+
|
|
1491
1577
|
// src/index.ts
|
|
1492
1578
|
var teePlugin = {
|
|
1493
1579
|
name: "tee",
|
|
1494
1580
|
description: "TEE plugin with actions to generate remote attestations and derive keys",
|
|
1495
1581
|
actions: [
|
|
1496
1582
|
/* custom actions */
|
|
1583
|
+
remoteAttestationAction
|
|
1497
1584
|
],
|
|
1498
1585
|
evaluators: [
|
|
1499
1586
|
/* custom evaluators */
|