@elizaos/plugin-tee 1.0.1 → 2.0.0-alpha.1

package/dist/node/types/index.js

@@ -0,0 +1,35 @@
+export var TeeMode;
+(function (TeeMode) {
+    TeeMode["LOCAL"] = "LOCAL";
+    TeeMode["DOCKER"] = "DOCKER";
+    TeeMode["PRODUCTION"] = "PRODUCTION";
+})(TeeMode || (TeeMode = {}));
+export var TeeVendor;
+(function (TeeVendor) {
+    TeeVendor["PHALA"] = "phala";
+})(TeeVendor || (TeeVendor = {}));
+export var TeeType;
+(function (TeeType) {
+    TeeType["SGX_GRAMINE"] = "sgx_gramine";
+    TeeType["TDX_DSTACK"] = "tdx_dstack";
+})(TeeType || (TeeType = {}));
+export function parseTeeMode(mode) {
+    switch (mode.toUpperCase()) {
+        case "LOCAL":
+            return TeeMode.LOCAL;
+        case "DOCKER":
+            return TeeMode.DOCKER;
+        case "PRODUCTION":
+            return TeeMode.PRODUCTION;
+        default:
+            throw new Error(`Invalid TEE_MODE: ${mode}. Must be one of: LOCAL, DOCKER, PRODUCTION`);
+    }
+}
+export function parseTeeVendor(vendor) {
+    switch (vendor.toLowerCase()) {
+        case "phala":
+            return TeeVendor.PHALA;
+        default:
+            throw new Error(`Invalid TEE_VENDOR: ${vendor}. Must be one of: phala`);
+    }
+}

package/dist/node/utils/index.d.ts

@@ -0,0 +1,9 @@
+export declare function hexToUint8Array(hex: string): Uint8Array;
+export declare function uint8ArrayToHex(bytes: Uint8Array): string;
+export declare function calculateSHA256(input: string): Buffer;
+export declare function sha256Bytes(input: Uint8Array): Uint8Array;
+export declare function getTeeEndpoint(mode: string): string | undefined;
+export declare function uploadAttestationQuote(data: Uint8Array): Promise<{
+    checksum: string;
+}>;
+//# sourceMappingURL=index.d.ts.map

package/dist/node/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":"AAEA,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAkBvD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIrD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAIzD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAW/D;AAED,wBAAsB,sBAAsB,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAiB5F"}

package/dist/node/utils/index.js

@@ -0,0 +1,61 @@
+import { createHash } from "node:crypto";
+export function hexToUint8Array(hex) {
+    const hexString = hex.trim().replace(/^0x/, "");
+    if (!hexString) {
+        throw new Error("Invalid hex string: empty after stripping prefix");
+    }
+    if (hexString.length % 2 !== 0) {
+        throw new Error("Invalid hex string: odd number of characters");
+    }
+    const array = new Uint8Array(hexString.length / 2);
+    for (let i = 0; i < hexString.length; i += 2) {
+        const byte = Number.parseInt(hexString.slice(i, i + 2), 16);
+        if (Number.isNaN(byte)) {
+            throw new Error(`Invalid hex string: invalid byte at position ${i}`);
+        }
+        array[i / 2] = byte;
+    }
+    return array;
+}
+export function uint8ArrayToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+export function calculateSHA256(input) {
+    const hash = createHash("sha256");
+    hash.update(input);
+    return hash.digest();
+}
+export function sha256Bytes(input) {
+    const hash = createHash("sha256");
+    hash.update(input);
+    return new Uint8Array(hash.digest());
+}
+export function getTeeEndpoint(mode) {
+    switch (mode.toUpperCase()) {
+        case "LOCAL":
+            return "http://localhost:8090";
+        case "DOCKER":
+            return "http://host.docker.internal:8090";
+        case "PRODUCTION":
+            return undefined;
+        default:
+            throw new Error(`Invalid TEE_MODE: ${mode}. Must be one of: LOCAL, DOCKER, PRODUCTION`);
+    }
+}
+export async function uploadAttestationQuote(data) {
+    const blob = new Blob([data], {
+        type: "application/octet-stream",
+    });
+    const formData = new FormData();
+    formData.append("file", blob, "quote.bin");
+    const response = await fetch("https://proof.t16z.com/api/upload", {
+        method: "POST",
+        body: formData,
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to upload attestation quote: ${response.statusText}`);
+    }
+    return response.json();
+}

package/dist/node/vendors/index.d.ts

@@ -0,0 +1,5 @@
+import { type TeeVendorInterface, type TeeVendorName } from "./types";
+export declare function getVendor(type: TeeVendorName): TeeVendorInterface;
+export { PhalaVendor } from "./phala";
+export { type TeeVendorInterface, type TeeVendorName, TeeVendorNames } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/node/vendors/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/vendors/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,KAAK,kBAAkB,EAAE,KAAK,aAAa,EAAkB,MAAM,SAAS,CAAC;AAMtF,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,kBAAkB,CAMjE;AAED,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,OAAO,EAAE,KAAK,kBAAkB,EAAE,KAAK,aAAa,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC"}

package/dist/node/vendors/index.js

@@ -0,0 +1,14 @@
+import { PhalaVendor } from "./phala";
+import { TeeVendorNames } from "./types";
+const vendors = {
+    [TeeVendorNames.PHALA]: new PhalaVendor(),
+};
+export function getVendor(type) {
+    const vendor = vendors[type];
+    if (!vendor) {
+        throw new Error(`Unsupported TEE vendor: ${type}`);
+    }
+    return vendor;
+}
+export { PhalaVendor } from "./phala";
+export { TeeVendorNames } from "./types";

package/dist/node/vendors/phala.d.ts

@@ -0,0 +1,10 @@
+import type { Action, Provider } from "@elizaos/core";
+import { type TeeVendorInterface } from "./types";
+export declare class PhalaVendor implements TeeVendorInterface {
+    readonly type: "phala";
+    getActions(): Action[];
+    getProviders(): Provider[];
+    getName(): string;
+    getDescription(): string;
+}
+//# sourceMappingURL=phala.d.ts.map

package/dist/node/vendors/phala.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"phala.d.ts","sourceRoot":"","sources":["../../../src/vendors/phala.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAGtD,OAAO,EAAE,KAAK,kBAAkB,EAAkB,MAAM,SAAS,CAAC;AAElE,qBAAa,WAAY,YAAW,kBAAkB;IACpD,QAAQ,CAAC,IAAI,UAAwB;IAErC,UAAU,IAAI,MAAM,EAAE;IAItB,YAAY,IAAI,QAAQ,EAAE;IAI1B,OAAO,IAAI,MAAM;IAIjB,cAAc,IAAI,MAAM;CAGzB"}

package/dist/node/vendors/phala.js

@@ -0,0 +1,18 @@
+import { remoteAttestationAction } from "../actions/remoteAttestation";
+import { phalaDeriveKeyProvider, phalaRemoteAttestationProvider } from "../providers";
+import { TeeVendorNames } from "./types";
+export class PhalaVendor {
+    type = TeeVendorNames.PHALA;
+    getActions() {
+        return [remoteAttestationAction];
+    }
+    getProviders() {
+        return [phalaDeriveKeyProvider, phalaRemoteAttestationProvider];
+    }
+    getName() {
+        return "phala-tee-plugin";
+    }
+    getDescription() {
+        return "Phala Network TEE for secure agent execution";
+    }
+}

package/dist/node/vendors/types.d.ts

@@ -0,0 +1,13 @@
+import type { Action, Provider } from "@elizaos/core";
+export declare const TeeVendorNames: {
+    readonly PHALA: "phala";
+};
+export type TeeVendorName = (typeof TeeVendorNames)[keyof typeof TeeVendorNames];
+export interface TeeVendorInterface {
+    readonly type: TeeVendorName;
+    getActions(): Action[];
+    getProviders(): Provider[];
+    getName(): string;
+    getDescription(): string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/node/vendors/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/vendors/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEtD,eAAO,MAAM,cAAc;;CAEjB,CAAC;AAEX,MAAM,MAAM,aAAa,GAAG,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC;AAEjF,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,UAAU,IAAI,MAAM,EAAE,CAAC;IACvB,YAAY,IAAI,QAAQ,EAAE,CAAC;IAC3B,OAAO,IAAI,MAAM,CAAC;IAClB,cAAc,IAAI,MAAM,CAAC;CAC1B"}

package/dist/node/vendors/types.js

@@ -0,0 +1,3 @@
+export const TeeVendorNames = {
+    PHALA: "phala",
+};

package/package.json

@@ -1,29 +1,63 @@
 {
   "name": "@elizaos/plugin-tee",
-  "version": "1.0.1",
-  "main": "dist/index.js",
+  "version": "2.0.0-alpha.1",
   "type": "module",
+  "main": "dist/node/index.js",
+  "module": "dist/node/index.js",
   "types": "dist/index.d.ts",
+  "description": "Trusted Execution Environment (TEE) integration plugin for elizaOS - Multi-language support (TypeScript, Python, Rust)",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/elizaos-plugins/plugin-tee.git"
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./dist/index.d.ts",
+      "node": {
+        "types": "./dist/node/index.d.ts",
+        "import": "./dist/node/index.js",
+        "default": "./dist/node/index.js"
+      },
+      "bun": {
+        "types": "./dist/node/index.d.ts",
+        "default": "./dist/node/index.js"
+      },
+      "default": "./dist/node/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "sideEffects": false,
   "dependencies": {
-    "@elizaos/core": "^1.0.0",
+    "@elizaos/core": "workspace:*",
     "@phala/dstack-sdk": "0.1.11",
     "@solana/web3.js": "1.98.2",
     "viem": "2.29.4"
   },
   "devDependencies": {
-    "@types/node": "^22.15.3",
-    "prettier": "3.5.3",
-    "tsup": "8.5.0",
-    "typescript": "5.8.3",
-    "vitest": "^3.1.3"
+    "@types/node": "^25.0.3",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.0",
+    "@biomejs/biome": "^2.3.11"
   },
   "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "lint": "prettier --write ./src",
+    "build:typescript": "tsc -p tsconfig.build.json",
+    "dev": "bun --hot build.ts",
     "clean": "rm -rf dist .turbo node_modules .turbo-tsconfig.json tsconfig.tsbuildinfo",
-    "format": "prettier --write ./src",
-    "format:check": "prettier --check ./src"
+    "format": "bunx @biomejs/biome format --write .",
+    "format:check": "bunx @biomejs/biome format .",
+    "typecheck": "tsc --noEmit -p tsconfig.json",
+    "test": "bun run test:typescript",
+    "test:typescript": "vitest run src/__tests__/",
+    "test:watch": "vitest",
+    "lint": "bunx @biomejs/biome check --write --unsafe .",
+    "lint:check": "bunx @biomejs/biome check .",
+    "build": "bun run build.ts",
+    "build:ts": "bun run build.ts"
   },
   "publishConfig": {
     "access": "public"
@@ -34,26 +68,24 @@
     "pluginParameters": {
       "TEE_MODE": {
         "type": "string",
-        "description": "Determines the Trusted Execution Environment operation mode (LOCAL, DOCKER, PRODUCTION) which controls how the provider connects to the TEE simulator or production environment.",
+        "description": "Determines the Trusted Execution Environment operation mode (LOCAL, DOCKER, PRODUCTION) and is referenced in error handling to validate provided modes.",
         "required": true,
         "sensitive": false
       },
+      "TEE_VENDOR": {
+        "type": "string",
+        "description": "Specifies which Trusted Execution Environment vendor to initialize (defaults to PHALA).",
+        "required": false,
+        "default": "PHALA",
+        "sensitive": false
+      },
       "WALLET_SECRET_SALT": {
         "type": "string",
-        "description": "Secret salt used as input to deterministically derive Solana and EVM keypairs inside the TEE.",
+        "description": "Secret salt used to deterministically derive Solana and EVM keypairs inside the TEE.",
         "required": true,
         "default": "secret_salt",
         "sensitive": true
       }
     }
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/elizaos-plugins/plugin-tee.git"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ]
+  }
 }

package/README.md

@@ -1,128 +0,0 @@
-# TEE Core Plugin for Eliza
-
-The TEE Core Plugin for Eliza provides foundational capabilities for agents operating within a Trusted Execution Environment (TEE). It enables agents to perform remote attestation to prove their execution within a secure enclave and manage cryptographic keys securely.
-
-## Background
-
-For Eliza agents running in a TEE, it's crucial to demonstrate this secure execution environment to external parties. Remote attestation allows an agent to generate a verifiable report, proving it's running genuine code within a specific TEE (like Intel TDX). This plugin provides the mechanisms for agents to leverage these TEE features, enhancing trust and security. Secure key derivation within the TEE is also essential for managing sensitive cryptographic operations.
-
-## Requirements
-
-- A TEE-enabled environment is required (e.g., Intel TDX) use [Phala Cloud](https://cloud.phala.network) for easy deployment.
-- Configuration within Eliza to enable and utilize this plugin's features.
-
-The plugin requires the following environment variables:
-
-```env
-# For the environment you are running the TEE plugin. For local and container development, use `LOCAL` or `DOCKER`. For production deployments, use `PRODUCTION`.
-TEE_MODE=LOCAL|DOCKER|PRODUCTION
-# Secret salt for your default agent to generate a key from through the derive key provider
-WALLET_SECRET_SALT=your_secret_salt
-# TEE_VENDOR only supports Phala at this time, but adding a vendor is easy and can be done to support more TEE Vendors in the TEE Plugin
-TEE_VENDOR=phala
-
-## Features
-
-This plugin offers the following core TEE functionalities:
-
-1.  **Remote Attestation**:
-
-    - Provides actions and providers (`remoteAttestationAction`, `remoteAttestationProvider`) allowing agents to request and receive remote attestation reports.
-    - These reports can be presented to third parties to verify the agent's TEE residency.
-    - Includes support for specific TEE vendors/attestation services (e.g., Phala Network).
-
-2.  **Key Derivation**:
-    - Offers a `deriveKeyProvider` for securely deriving cryptographic keys within the TEE.
-    - Ensures that key material is generated and managed within the protected enclave memory.
-
-## Components
-
-Based on the source code (`src/`):
-
-- **Actions**:
-  - `remoteAttestationAction.ts`: Likely handles agent requests to initiate the remote attestation process.
-- **Providers**:
-  - `remoteAttestationProvider.ts`: Implements the logic for interacting with the underlying TEE platform or attestation service (like Phala) to generate the attestation report.
-  - `deriveKeyProvider.ts`: Implements the logic for TEE-specific key derivation.
-- **Services**
-  - `service.ts`: TEE Service to allow agents to generate keys from `deriveKeyProvider` for EVM, Solana, and raw `DeriveKeyResponse` that will return the `key`, `certificate_chain` and the `Uint8Array` with `asUint8Array(max_length?: number)`.
-- **Vendors**:
-  - `vendors/phala.ts`: Contains specific implementation details for interacting with the Phala Network's attestation services.
-  - `vendors/index.ts`, `vendors/types.ts`: Support vendor integration.
-- **Utilities & Types**:
-  - `utils.ts`, `types.ts`: Contain helper functions and type definitions for the plugin.
-- **Tests**:
-  - `__tests__/`: Includes unit tests for key derivation, remote attestation, etc.
-
-## Usage
-
-_(This section may need further refinement based on how the plugin is integrated into the core Eliza system)_
-
-To utilize the features of this plugin:
-
-1.  **Ensure the plugin is enabled** in your Eliza agent's configuration.
-2.  **Configure the TEE vendor** (e.g., specify 'phala' if using Phala Network attestation) if required by the environment setup.
-3.  **Call the relevant actions or services** provided by this plugin from other agent logic or plugins when remote attestation or secure key derivation is needed.
-
-Example (Conceptual):
-
-```typescript
-import import { PhalaDeriveKeyProvider, PhalaRemoteAttestationProvider } from '@elizaos/tee-plugin';
-// Assuming access to the runtime and its services/actions
-
-// Requesting remote attestation
-async function getAttestation(
-  runtime: IAgentRuntime,
-  userData: string
-): Promise<AttestationReport | null> {
-  try {
-    const provider = new PhalaRemoteAttestationProvider(teeMode);
-
-    const attestation = await provider.generateAttestation(userData);
-    const attestationData = hexToUint8Array(attestation.quote);
-    const raQuote = await uploadUint8Array(attestationData);
-    return attestation;
-  } catch (error) {
-    console.error('Failed to get remote attestation:', error);
-    return null;
-  }
-}
-
-// Deriving a key
-async function deriveAgentKeys(
-  runtime: IAgentRuntime, salt: string
-  ): Promise<ProviderResult | null> {
-  try {
-    // Potentially using a service/provider interface
-    const provider = new PhalaDeriveKeyProvider(teeMode)
-    const secretSalt = runtime.getSetting('WALLET_SECRET_SALT') || 'secret_salt';
-    const solanaKeypair = await provider.deriveEd25519Keypair(secretSalt, 'solana', agentId);
-    const evmKeypair = await provider.deriveEcdsaKeypair(secretSalt, 'evm', agentId);
-
-    // Original data structure
-    const walletData = {
-      solana: solanaKeypair.keypair.publicKey,
-      evm: evmKeypair.keypair.address,
-    };
-
-    // Values for template injection
-    const values = {
-      solana_public_key: solanaKeypair.keypair.publicKey.toString(),
-      evm_address: evmKeypair.keypair.address,
-    };
-
-    // Text representation
-    const text = `Solana Public Key: ${values.solana_public_key}\nEVM Address: ${values.evm_address}`;
-
-    return {
-      data: walletData,
-      values: values,
-      text: text,
-    };
-    return key;
-  } catch (error) {
-    console.error('Failed to derive key:', error);
-    return null;
-  }
-}
-```

package/dist/index.d.ts

@@ -1,9 +0,0 @@
-import { Plugin } from '@elizaos/core';
-export { TeeVendorConfig } from '@elizaos/core';
-
-/**
- * TEE plugin for Trusted Execution Environment integration
- **/
-declare const teePlugin: Plugin;
-
-export { teePlugin as default, teePlugin };