@elizaos/plugin-tee 2.0.0-alpha.6 → 2.0.3-beta.2

package/README.md

@@ -0,0 +1,83 @@
+# @elizaos/plugin-tee
+
+Trusted Execution Environment (TEE) integration plugin for elizaOS. Adds secure key derivation and remote attestation to Eliza agents running inside a TEE.
+
+## What it does
+
+- **Remote attestation** — generates a verifiable TDX quote proving an agent is executing inside a real TEE (Phala Network / dstack).
+- **Key derivation** — deterministically derives Ed25519 (Solana) and ECDSA (EVM) keypairs from a secret salt inside the TEE, with per-derivation attestation.
+- **TEEService** — a runtime service (`ServiceType.TEE`) that other plugins can call to derive keys without going through providers.
+
+## Quick start
+
+```typescript
+import { teePlugin, TEEService } from "@elizaos/plugin-tee";
+
+const runtime = new AgentRuntime({
+  plugins: [teePlugin],
+  // TEE_MODE defaults to LOCAL; set WALLET_SECRET_SALT for key derivation
+});
+
+// Access via service
+const svc = runtime.getService<TEEService>(TEEService.serviceType);
+const { keypair, attestation } = await svc.deriveEd25519Keypair("salt", "solana", agentId);
+const { keypair: evmKeypair } = await svc.deriveEcdsaKeypair("salt", "evm", agentId);
+```
+
+## Configuration
+
+| Variable | Required | Default | Description |
+|----------|----------|---------|-------------|
+| `TEE_MODE` | no | `LOCAL` | Operation mode: `LOCAL`, `DOCKER`, or `PRODUCTION`. `init` defaults to `LOCAL` when unset and throws only on a present-but-invalid value. |
+| `WALLET_SECRET_SALT` | **yes** | — | Secret salt used as the derivation path for all keypairs. Sensitive — treat as a private key. |
+| `TEE_VENDOR` | no | `PHALA` | TEE vendor. Only `PHALA` is supported. |
+
+### TEE modes
+
+| Mode | dstack endpoint | Use |
+|------|----------------|-----|
+| `LOCAL` | `http://localhost:8090` | Local simulator |
+| `DOCKER` | `http://host.docker.internal:8090` | Docker simulator |
+| `PRODUCTION` | (TappdClient default) | Real TEE hardware |
+
+Run the Phala dstack simulator for `LOCAL`/`DOCKER` development: see [Phala dstack docs](https://github.com/Phala-Network/dstack).
+
+## Providers registered
+
+| Provider | Description |
+|----------|-------------|
+| `phala-derive-key` | Derives Solana public key and EVM address from `WALLET_SECRET_SALT`; injects `solana_public_key` and `evm_address` into agent context. |
+| `phala-remote-attestation` | Generates a TDX quote over the current message payload; injects `quote` and `timestamp`. |
+
+Both providers are dynamic and gated to `secrets` / `agent_internal` contexts.
+
+## TEEService API
+
+```typescript
+class TEEService {
+  static serviceType: ServiceType.TEE;
+
+  // Derive Ed25519 keypair (Solana)
+  deriveEd25519Keypair(path: string, subject: string, agentId: UUID):
+    Promise<{ keypair: Keypair; attestation: RemoteAttestationQuote }>;
+
+  // Derive ECDSA keypair (EVM)
+  deriveEcdsaKeypair(path: string, subject: string, agentId: UUID):
+    Promise<{ keypair: PrivateKeyAccount; attestation: RemoteAttestationQuote }>;
+
+  // Derive raw key bytes
+  rawDeriveKey(path: string, subject: string): Promise<DeriveKeyResponse>;
+}
+```
+
+## Enabling the plugin
+
+Add `@elizaos/plugin-tee` to your agent character's `plugins` array and set the required environment variables. The plugin is opt-in and not auto-loaded.
+
+## Development
+
+```bash
+bun run --cwd plugins/plugin-tee build          # compile
+bun run --cwd plugins/plugin-tee test           # run tests
+bun run --cwd plugins/plugin-tee format:check   # lint
+```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@elizaos/plugin-tee",
-  "version": "2.0.0-alpha.6",
+  "version": "2.0.3-beta.2",
   "type": "module",
   "main": "dist/node/index.js",
   "module": "dist/node/index.js",
@@ -14,6 +14,11 @@
     "./package.json": "./package.json",
     ".": {
       "types": "./dist/index.d.ts",
+      "eliza-source": {
+        "types": "./src/index.ts",
+        "import": "./src/index.ts",
+        "default": "./src/index.ts"
+      },
       "node": {
         "types": "./dist/node/index.d.ts",
         "import": "./dist/node/index.js",
@@ -24,6 +29,12 @@
         "default": "./dist/node/index.js"
       },
       "default": "./dist/node/index.js"
+    },
+    "./*.css": "./dist/*.css",
+    "./*": {
+      "types": "./dist/*.d.ts",
+      "import": "./dist/*.js",
+      "default": "./dist/*.js"
     }
   },
   "files": [
@@ -33,26 +44,26 @@
   ],
   "sideEffects": false,
   "dependencies": {
-    "@elizaos/core": "2.0.0-alpha.3",
-    "@phala/dstack-sdk": "0.1.11",
+    "@elizaos/core": "2.0.3-beta.2",
+    "@phala/dstack-sdk": "^0.5.7",
     "@solana/web3.js": "1.98.4",
-    "viem": "2.29.4"
+    "viem": "^2.48.8"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.3.11",
+    "@biomejs/biome": "^2.4.14",
     "@types/node": "^25.0.3",
-    "typescript": "^5.9.3",
+    "typescript": "^6.0.3",
     "vitest": "^4.0.0"
   },
   "scripts": {
-    "build:typescript": "tsc -p tsconfig.build.json",
+    "build:typescript": "tsc --noCheck -p tsconfig.build.json",
     "dev": "bun --hot build.ts",
-    "clean": "rm -rf dist .turbo node_modules .turbo-tsconfig.json tsconfig.tsbuildinfo",
+    "clean": "rm -rf dist .turbo .turbo-tsconfig.json tsconfig.tsbuildinfo",
     "format": "bunx @biomejs/biome format --write .",
     "format:check": "bunx @biomejs/biome format .",
     "typecheck": "echo \"Typecheck skipped for release\"",
     "test": "bun run test:typescript",
-    "test:typescript": "vitest run src/__tests__/ --config vitest.config.ts --passWithNoTests",
+    "test:typescript": "vitest run src/__tests__/ --config vitest.config.ts",
     "test:watch": "vitest",
     "lint": "echo \"Lint skipped for release\"",
     "lint:check": "bun run lint",
@@ -62,7 +73,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "646c632924826e2b75c2304a75ee56959fe4a460",
+  "gitHead": "82fe0f44215954c2417328203f5bd6510985c1fc",
   "agentConfig": {
     "pluginType": "elizaos:plugin:1.0.0",
     "pluginParameters": {
@@ -88,7 +99,7 @@
       }
     }
   },
-  "milady": {
+  "eliza": {
     "platforms": [
       "node"
     ],