@elizaos/plugin-tee 2.0.0-alpha.5 → 2.0.0-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +141 -0
- package/dist/index.js +31460 -0
- package/dist/index.js.map +204 -0
- package/dist/node/index.d.ts +9 -0
- package/dist/node/index.d.ts.map +1 -0
- package/dist/node/index.js +34 -0
- package/dist/node/providers/base.d.ts +8 -0
- package/dist/node/providers/base.d.ts.map +1 -0
- package/dist/node/providers/base.js +4 -0
- package/dist/node/providers/deriveKey.d.ts +24 -0
- package/dist/node/providers/deriveKey.d.ts.map +1 -0
- package/dist/node/providers/deriveKey.js +148 -0
- package/dist/node/providers/index.d.ts +4 -0
- package/dist/node/providers/index.d.ts.map +1 -0
- package/dist/node/providers/index.js +3 -0
- package/dist/node/providers/remoteAttestation.d.ts +10 -0
- package/dist/node/providers/remoteAttestation.d.ts.map +1 -0
- package/dist/node/providers/remoteAttestation.js +78 -0
- package/dist/node/services/index.d.ts +2 -0
- package/dist/node/services/index.d.ts.map +1 -0
- package/dist/node/services/index.js +1 -0
- package/dist/node/services/tee.d.ts +24 -0
- package/dist/node/services/tee.d.ts.map +1 -0
- package/dist/node/services/tee.js +42 -0
- package/dist/node/types/index.d.ts +58 -0
- package/dist/node/types/index.d.ts.map +1 -0
- package/dist/node/types/index.js +35 -0
- package/dist/node/utils/index.d.ts +9 -0
- package/dist/node/utils/index.d.ts.map +1 -0
- package/dist/node/utils/index.js +61 -0
- package/dist/node/vendors/index.d.ts +5 -0
- package/dist/node/vendors/index.d.ts.map +1 -0
- package/dist/node/vendors/index.js +14 -0
- package/dist/node/vendors/phala.d.ts +10 -0
- package/dist/node/vendors/phala.d.ts.map +1 -0
- package/dist/node/vendors/phala.js +17 -0
- package/dist/node/vendors/types.d.ts +13 -0
- package/dist/node/vendors/types.d.ts.map +1 -0
- package/dist/node/vendors/types.js +3 -0
- package/package.json +13 -13
package/README.md
ADDED
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
# @elizaos/plugin-tee
|
|
2
|
+
|
|
3
|
+
Trusted Execution Environment (TEE) integration plugin for elizaOS, providing secure key management and remote attestation capabilities.
|
|
4
|
+
|
|
5
|
+
## Features
|
|
6
|
+
|
|
7
|
+
- 🔐 **Remote Attestation** - Generate verifiable proofs that your agent is running in a secure TEE
|
|
8
|
+
- 🔑 **Key Derivation** - Securely derive Ed25519 (Solana) and ECDSA (EVM) keypairs within the TEE
|
|
9
|
+
- 🛡️ **Vendor Support** - Extensible vendor system (currently supports Phala Network)
|
|
10
|
+
- ⚡ **Type Safe** - Strong typing with TypeScript
|
|
11
|
+
|
|
12
|
+
## Quick Start
|
|
13
|
+
|
|
14
|
+
### TypeScript
|
|
15
|
+
|
|
16
|
+
```typescript
|
|
17
|
+
import { teePlugin, TEEService } from "@elizaos/plugin-tee";
|
|
18
|
+
import { AgentRuntime } from "@elizaos/core";
|
|
19
|
+
|
|
20
|
+
// Register the plugin
|
|
21
|
+
const runtime = new AgentRuntime({
|
|
22
|
+
plugins: [teePlugin],
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
// Or use the service directly
|
|
26
|
+
const service = await TEEService.start(runtime);
|
|
27
|
+
const solanaKeys = await service.deriveEd25519Keypair(
|
|
28
|
+
"salt",
|
|
29
|
+
"solana",
|
|
30
|
+
agentId,
|
|
31
|
+
);
|
|
32
|
+
const evmKeys = await service.deriveEcdsaKeypair("salt", "evm", agentId);
|
|
33
|
+
```
|
|
34
|
+
## Configuration
|
|
35
|
+
|
|
36
|
+
### Environment Variables
|
|
37
|
+
|
|
38
|
+
| Variable | Description | Required | Default |
|
|
39
|
+
| -------------------- | ----------------------------------------------- | -------- | ------- |
|
|
40
|
+
| `TEE_MODE` | Operation mode: `LOCAL`, `DOCKER`, `PRODUCTION` | Yes | - |
|
|
41
|
+
| `WALLET_SECRET_SALT` | Secret salt for deterministic key derivation | Yes | - |
|
|
42
|
+
| `TEE_VENDOR` | TEE vendor to use | No | `phala` |
|
|
43
|
+
|
|
44
|
+
### TEE Modes
|
|
45
|
+
|
|
46
|
+
- **LOCAL**: Development mode using simulator at `localhost:8090`
|
|
47
|
+
- **DOCKER**: Docker development mode using simulator at `host.docker.internal:8090`
|
|
48
|
+
- **PRODUCTION**: Production mode connecting to real TEE infrastructure
|
|
49
|
+
|
|
50
|
+
## Components
|
|
51
|
+
|
|
52
|
+
### Actions
|
|
53
|
+
|
|
54
|
+
| Action | Description |
|
|
55
|
+
| -------------------- | --------------------------------------------------------------------- |
|
|
56
|
+
| `REMOTE_ATTESTATION` | Generate and upload a remote attestation quote to prove TEE execution |
|
|
57
|
+
|
|
58
|
+
### Providers
|
|
59
|
+
|
|
60
|
+
| Provider | Description |
|
|
61
|
+
| -------------------------- | ----------------------------------------------- |
|
|
62
|
+
| `phala-derive-key` | Derive Solana and EVM keypairs with attestation |
|
|
63
|
+
| `phala-remote-attestation` | Generate remote attestation quotes |
|
|
64
|
+
|
|
65
|
+
### Services
|
|
66
|
+
|
|
67
|
+
| Service | Description |
|
|
68
|
+
| ------------ | ---------------------------------------------- |
|
|
69
|
+
| `TEEService` | Main service for key derivation and management |
|
|
70
|
+
|
|
71
|
+
## API Reference
|
|
72
|
+
|
|
73
|
+
### TEEService
|
|
74
|
+
|
|
75
|
+
```typescript
|
|
76
|
+
class TEEService {
|
|
77
|
+
// Derive Ed25519 keypair for Solana
|
|
78
|
+
async deriveEd25519Keypair(
|
|
79
|
+
path: string,
|
|
80
|
+
subject: string,
|
|
81
|
+
agentId: UUID,
|
|
82
|
+
): Promise<{ keypair: Keypair; attestation: RemoteAttestationQuote }>;
|
|
83
|
+
|
|
84
|
+
// Derive ECDSA keypair for EVM
|
|
85
|
+
async deriveEcdsaKeypair(
|
|
86
|
+
path: string,
|
|
87
|
+
subject: string,
|
|
88
|
+
agentId: UUID,
|
|
89
|
+
): Promise<{
|
|
90
|
+
keypair: PrivateKeyAccount;
|
|
91
|
+
attestation: RemoteAttestationQuote;
|
|
92
|
+
}>;
|
|
93
|
+
|
|
94
|
+
// Derive raw key for custom use cases
|
|
95
|
+
async rawDeriveKey(path: string, subject: string): Promise<DeriveKeyResponse>;
|
|
96
|
+
}
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### Remote Attestation
|
|
100
|
+
|
|
101
|
+
```typescript
|
|
102
|
+
class PhalaRemoteAttestationProvider {
|
|
103
|
+
// Generate attestation quote
|
|
104
|
+
async generateAttestation(
|
|
105
|
+
reportData: string,
|
|
106
|
+
hashAlgorithm?: TdxQuoteHashAlgorithm,
|
|
107
|
+
): Promise<RemoteAttestationQuote>;
|
|
108
|
+
}
|
|
109
|
+
```
|
|
110
|
+
|
|
111
|
+
## Directory Structure
|
|
112
|
+
|
|
113
|
+
```
|
|
114
|
+
plugins/plugin-tee/
|
|
115
|
+
├── typescript/ # TypeScript implementation
|
|
116
|
+
│ ├── src/
|
|
117
|
+
│ │ ├── actions/ # Remote attestation action
|
|
118
|
+
│ │ ├── providers/ # Key derivation & attestation providers
|
|
119
|
+
│ │ ├── services/ # TEE service
|
|
120
|
+
│ │ ├── types/ # Type definitions
|
|
121
|
+
│ │ ├── vendors/ # Vendor implementations
|
|
122
|
+
│ │ └── index.ts # Main entry point
|
|
123
|
+
│ └── __tests__/ # Unit tests
|
|
124
|
+
├── package.json # NPM manifest
|
|
125
|
+
└── README.md # This file
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
## Development
|
|
129
|
+
|
|
130
|
+
### Building
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
bun run build
|
|
134
|
+
bun run test
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
### Linting
|
|
138
|
+
|
|
139
|
+
```bash
|
|
140
|
+
# TypeScript
|
|
141
|
+
bun run format:check
|