@elizaos/plugin-tee 2.0.3-beta.5 → 2.0.3-beta.7

package/dist/node/providers/deriveKey.js

@@ -0,0 +1,145 @@
+import crypto from "node:crypto";
+import { logger, } from "@elizaos/core";
+import { TappdClient, } from "@phala/dstack-sdk";
+import { Keypair } from "@solana/web3.js";
+import { keccak256 } from "viem";
+import { privateKeyToAccount } from "viem/accounts";
+import { getTeeEndpoint } from "../utils";
+import { DeriveKeyProvider } from "./base";
+import { PhalaRemoteAttestationProvider } from "./remoteAttestation";
+export class PhalaDeriveKeyProvider extends DeriveKeyProvider {
+    client;
+    raProvider;
+    constructor(teeMode) {
+        super();
+        const endpoint = getTeeEndpoint(teeMode);
+        logger.info(endpoint
+            ? `TEE: Connecting to key derivation service at ${endpoint}`
+            : "TEE: Running key derivation in production mode");
+        this.client = endpoint ? new TappdClient(endpoint) : new TappdClient();
+        this.raProvider = new PhalaRemoteAttestationProvider(teeMode);
+    }
+    async generateDeriveKeyAttestation(agentId, publicKey, subject) {
+        const deriveKeyData = {
+            agentId,
+            publicKey,
+            subject,
+        };
+        return this.raProvider.generateAttestation(JSON.stringify(deriveKeyData));
+    }
+    async rawDeriveKey(path, subject) {
+        if (!path || !subject) {
+            throw new Error("Path and subject are required for key derivation");
+        }
+        try {
+            const response = await this.client.deriveKey(path, subject);
+            return {
+                key: response.asUint8Array(),
+                certificateChain: [],
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error deriving raw key: ${message}`);
+            throw error;
+        }
+    }
+    async rawDeriveKeyResponse(path, subject) {
+        if (!path || !subject) {
+            throw new Error("Path and subject are required for key derivation");
+        }
+        return this.client.deriveKey(path, subject);
+    }
+    async deriveEd25519Keypair(path, subject, agentId) {
+        if (!path || !subject) {
+            throw new Error("Path and subject are required for key derivation");
+        }
+        try {
+            const derivedKey = await this.client.deriveKey(path, subject);
+            const uint8ArrayDerivedKey = derivedKey.asUint8Array();
+            const hash = crypto.createHash("sha256");
+            hash.update(uint8ArrayDerivedKey);
+            const seed = new Uint8Array(hash.digest());
+            const keypair = Keypair.fromSeed(seed.slice(0, 32));
+            const attestation = await this.generateDeriveKeyAttestation(agentId, keypair.publicKey.toBase58(), subject);
+            return { keypair, attestation };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error deriving Ed25519 key: ${message}`);
+            throw error;
+        }
+    }
+    async deriveEcdsaKeypair(path, subject, agentId) {
+        if (!path || !subject) {
+            throw new Error("Path and subject are required for key derivation");
+        }
+        try {
+            const derivedKey = await this.client.deriveKey(path, subject);
+            const hex = keccak256(derivedKey.asUint8Array());
+            const keypair = privateKeyToAccount(hex);
+            const attestation = await this.generateDeriveKeyAttestation(agentId, keypair.address, subject);
+            return { keypair, attestation };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error deriving ECDSA key: ${message}`);
+            throw error;
+        }
+    }
+}
+export const phalaDeriveKeyProvider = {
+    name: "phala-derive-key",
+    dynamic: true,
+    contexts: ["secrets", "agent_internal"],
+    contextGate: { anyOf: ["secrets", "agent_internal"] },
+    cacheStable: false,
+    cacheScope: "turn",
+    get: async (runtime, _message) => {
+        const teeModeRaw = runtime.getSetting("TEE_MODE");
+        if (!teeModeRaw) {
+            return {
+                values: {},
+                text: "TEE_MODE is not configured",
+            };
+        }
+        const teeMode = typeof teeModeRaw === "string" ? teeModeRaw : String(teeModeRaw);
+        const secretSaltRaw = runtime.getSetting("WALLET_SECRET_SALT");
+        if (!secretSaltRaw) {
+            logger.error("WALLET_SECRET_SALT is not configured");
+            return {
+                values: {},
+                text: "WALLET_SECRET_SALT is not configured in settings",
+            };
+        }
+        const secretSalt = typeof secretSaltRaw === "string" ? secretSaltRaw : String(secretSaltRaw);
+        const provider = new PhalaDeriveKeyProvider(teeMode);
+        const agentId = runtime.agentId;
+        try {
+            const solanaKeypair = await provider.deriveEd25519Keypair(secretSalt, "solana", agentId);
+            const evmKeypair = await provider.deriveEcdsaKeypair(secretSalt, "evm", agentId);
+            const walletData = {
+                solana: solanaKeypair.keypair.publicKey.toBase58(),
+                evm: evmKeypair.keypair.address,
+            };
+            const values = {
+                solana_public_key: solanaKeypair.keypair.publicKey.toBase58(),
+                evm_address: evmKeypair.keypair.address,
+            };
+            const text = `Solana Public Key: ${values.solana_public_key}\nEVM Address: ${values.evm_address}`;
+            return {
+                data: walletData,
+                values,
+                text,
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error in derive key provider: ${message}`);
+            return {
+                values: {},
+                text: `Failed to derive keys: ${message}`,
+            };
+        }
+    },
+};

package/dist/node/providers/index.d.ts

@@ -0,0 +1,4 @@
+export { DeriveKeyProvider, RemoteAttestationProvider } from "./base";
+export { PhalaDeriveKeyProvider, phalaDeriveKeyProvider } from "./deriveKey";
+export { PhalaRemoteAttestationProvider, phalaRemoteAttestationProvider, } from "./remoteAttestation";
+//# sourceMappingURL=index.d.ts.map

package/dist/node/providers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/providers/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,QAAQ,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,sBAAsB,EAAE,MAAM,aAAa,CAAC;AAC7E,OAAO,EACL,8BAA8B,EAC9B,8BAA8B,GAC/B,MAAM,qBAAqB,CAAC"}

package/dist/node/providers/index.js

@@ -0,0 +1,3 @@
+export { DeriveKeyProvider, RemoteAttestationProvider } from "./base";
+export { PhalaDeriveKeyProvider, phalaDeriveKeyProvider } from "./deriveKey";
+export { PhalaRemoteAttestationProvider, phalaRemoteAttestationProvider, } from "./remoteAttestation";

package/dist/node/providers/remoteAttestation.d.ts

@@ -0,0 +1,10 @@
+import { type Provider } from "@elizaos/core";
+import type { RemoteAttestationQuote, TdxQuoteHashAlgorithm } from "../types";
+import { RemoteAttestationProvider } from "./base";
+export declare class PhalaRemoteAttestationProvider extends RemoteAttestationProvider {
+    private readonly client;
+    constructor(teeMode: string);
+    generateAttestation(reportData: string, hashAlgorithm?: TdxQuoteHashAlgorithm): Promise<RemoteAttestationQuote>;
+}
+export declare const phalaRemoteAttestationProvider: Provider;
+//# sourceMappingURL=remoteAttestation.d.ts.map

package/dist/node/providers/remoteAttestation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"remoteAttestation.d.ts","sourceRoot":"","sources":["../../../src/providers/remoteAttestation.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,KAAK,QAAQ,EACd,MAAM,eAAe,CAAC;AAMvB,OAAO,KAAK,EAEV,sBAAsB,EACtB,qBAAqB,EAEtB,MAAM,UAAU,CAAC;AAElB,OAAO,EAAE,yBAAyB,EAAE,MAAM,QAAQ,CAAC;AACnD,qBAAa,8BAA+B,SAAQ,yBAAyB;IAC3E,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAc;gBAEzB,OAAO,EAAE,MAAM;IAarB,mBAAmB,CACvB,UAAU,EAAE,MAAM,EAClB,aAAa,CAAC,EAAE,qBAAqB,GACpC,OAAO,CAAC,sBAAsB,CAAC;CAiBnC;AAED,eAAO,MAAM,8BAA8B,EAAE,QAyD5C,CAAC"}

package/dist/node/providers/remoteAttestation.js

@@ -0,0 +1,77 @@
+import { logger, } from "@elizaos/core";
+import { TappdClient, } from "@phala/dstack-sdk";
+import { getTeeEndpoint } from "../utils";
+import { RemoteAttestationProvider } from "./base";
+export class PhalaRemoteAttestationProvider extends RemoteAttestationProvider {
+    client;
+    constructor(teeMode) {
+        super();
+        const endpoint = getTeeEndpoint(teeMode);
+        logger.info(endpoint
+            ? `TEE: Connecting to simulator at ${endpoint}`
+            : "TEE: Running in production mode without simulator");
+        this.client = endpoint ? new TappdClient(endpoint) : new TappdClient();
+    }
+    async generateAttestation(reportData, hashAlgorithm) {
+        try {
+            const tdxQuote = await this.client.tdxQuote(reportData, hashAlgorithm);
+            return {
+                quote: tdxQuote.quote,
+                timestamp: Date.now(),
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error generating remote attestation: ${message}`);
+            throw new Error(`Failed to generate TDX Quote: ${message}`);
+        }
+    }
+}
+export const phalaRemoteAttestationProvider = {
+    name: "phala-remote-attestation",
+    dynamic: true,
+    contexts: ["secrets", "agent_internal"],
+    contextGate: { anyOf: ["secrets", "agent_internal"] },
+    cacheStable: false,
+    cacheScope: "turn",
+    get: async (runtime, message) => {
+        const teeModeRaw = runtime.getSetting("TEE_MODE");
+        if (!teeModeRaw) {
+            return {
+                values: {},
+                text: "TEE_MODE is not configured",
+            };
+        }
+        const teeMode = typeof teeModeRaw === "string" ? teeModeRaw : String(teeModeRaw);
+        const provider = new PhalaRemoteAttestationProvider(teeMode);
+        const agentId = runtime.agentId;
+        try {
+            const attestationMessage = {
+                agentId,
+                timestamp: Date.now(),
+                message: {
+                    entityId: message.entityId,
+                    roomId: message.roomId,
+                    content: message.content.text ?? "",
+                },
+            };
+            const attestation = await provider.generateAttestation(JSON.stringify(attestationMessage));
+            return {
+                data: {
+                    quote: attestation.quote,
+                    timestamp: attestation.timestamp.toString(),
+                },
+                values: {
+                    quote: attestation.quote,
+                    timestamp: attestation.timestamp.toString(),
+                },
+                text: `Remote attestation: ${attestation.quote.substring(0, 64)}...`,
+            };
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            logger.error(`Error in remote attestation provider: ${message}`);
+            throw new Error(`Failed to generate TDX Quote: ${message}`);
+        }
+    },
+};

package/dist/node/services/index.d.ts

@@ -0,0 +1,2 @@
+export { TEEService } from "./tee";
+//# sourceMappingURL=index.d.ts.map

package/dist/node/services/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/services/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC"}

package/dist/node/services/index.js

@@ -0,0 +1 @@
+export { TEEService } from "./tee";

package/dist/node/services/tee.d.ts

@@ -0,0 +1,24 @@
+import { type IAgentRuntime, type Metadata, Service, type UUID } from "@elizaos/core";
+import type { GetTlsKeyResponse as DeriveKeyResponse } from "@phala/dstack-sdk";
+import type { Keypair } from "@solana/web3.js";
+import type { PrivateKeyAccount } from "viem";
+import type { RemoteAttestationQuote, TeeServiceConfig } from "../types";
+export declare class TEEService extends Service {
+    private provider;
+    static serviceType: "tee";
+    capabilityDescription: string;
+    config?: Metadata;
+    constructor(runtime?: IAgentRuntime, config?: Partial<TeeServiceConfig>);
+    static start(runtime: IAgentRuntime): Promise<TEEService>;
+    stop(): Promise<void>;
+    deriveEcdsaKeypair(path: string, subject: string, agentId: UUID): Promise<{
+        keypair: PrivateKeyAccount;
+        attestation: RemoteAttestationQuote;
+    }>;
+    deriveEd25519Keypair(path: string, subject: string, agentId: UUID): Promise<{
+        keypair: Keypair;
+        attestation: RemoteAttestationQuote;
+    }>;
+    rawDeriveKey(path: string, subject: string): Promise<DeriveKeyResponse>;
+}
+//# sourceMappingURL=tee.d.ts.map

package/dist/node/services/tee.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tee.d.ts","sourceRoot":"","sources":["../../../src/services/tee.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAElB,KAAK,QAAQ,EACb,OAAO,EAEP,KAAK,IAAI,EACV,MAAM,eAAe,CAAC;AACvB,OAAO,KAAK,EAAE,iBAAiB,IAAI,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAChF,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC/C,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAE9C,OAAO,KAAK,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC;AAGzE,qBAAa,UAAW,SAAQ,OAAO;IACrC,OAAO,CAAC,QAAQ,CAAyB;IACzC,MAAM,CAAC,WAAW,QAAmB;IAC9B,qBAAqB,SACgC;IAC7C,MAAM,CAAC,EAAE,QAAQ,CAAC;gBAErB,OAAO,CAAC,EAAE,aAAa,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,gBAAgB,CAAC;WAuB1D,KAAK,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC;IASzD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAIrB,kBAAkB,CACtB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,IAAI,GACZ,OAAO,CAAC;QACT,OAAO,EAAE,iBAAiB,CAAC;QAC3B,WAAW,EAAE,sBAAsB,CAAC;KACrC,CAAC;IAII,oBAAoB,CACxB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EACf,OAAO,EAAE,IAAI,GACZ,OAAO,CAAC;QACT,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,sBAAsB,CAAC;KACrC,CAAC;IAII,YAAY,CAChB,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,GACd,OAAO,CAAC,iBAAiB,CAAC;CAG9B"}

package/dist/node/services/tee.js

@@ -0,0 +1,42 @@
+import { logger, Service, ServiceType, } from "@elizaos/core";
+import { PhalaDeriveKeyProvider } from "../providers/deriveKey";
+import { TeeMode, TeeVendor } from "../types";
+export class TEEService extends Service {
+    provider;
+    static serviceType = ServiceType.TEE;
+    capabilityDescription = "Trusted Execution Environment for secure key management";
+    constructor(runtime, config) {
+        super(runtime);
+        const teeModeRaw = config?.mode ?? runtime?.getSetting("TEE_MODE") ?? TeeMode.LOCAL;
+        const teeMode = typeof teeModeRaw === "string" ? teeModeRaw : TeeMode.LOCAL;
+        const vendor = config?.vendor ?? TeeVendor.PHALA;
+        const secretSaltRaw = config?.secretSalt ?? runtime?.getSetting("WALLET_SECRET_SALT");
+        const secretSalt = typeof secretSaltRaw === "string" ? secretSaltRaw : undefined;
+        // Set config as Metadata-compatible object
+        this.config = {
+            mode: teeMode,
+            vendor,
+            ...(secretSalt ? { secretSalt } : {}),
+        };
+        this.provider = new PhalaDeriveKeyProvider(teeMode);
+    }
+    static async start(runtime) {
+        const teeModeRaw = runtime.getSetting("TEE_MODE") ?? TeeMode.LOCAL;
+        const teeMode = typeof teeModeRaw === "string" ? teeModeRaw : TeeMode.LOCAL;
+        logger.info(`Starting TEE service with mode: ${teeMode}`);
+        const service = new TEEService(runtime, { mode: teeMode });
+        return service;
+    }
+    async stop() {
+        logger.info("Stopping TEE service");
+    }
+    async deriveEcdsaKeypair(path, subject, agentId) {
+        return this.provider.deriveEcdsaKeypair(path, subject, agentId);
+    }
+    async deriveEd25519Keypair(path, subject, agentId) {
+        return this.provider.deriveEd25519Keypair(path, subject, agentId);
+    }
+    async rawDeriveKey(path, subject) {
+        return this.provider.rawDeriveKeyResponse(path, subject);
+    }
+}

package/dist/node/types/index.d.ts

@@ -0,0 +1,59 @@
+export declare enum TeeMode {
+    LOCAL = "LOCAL",
+    DOCKER = "DOCKER",
+    PRODUCTION = "PRODUCTION"
+}
+export declare enum TeeVendor {
+    PHALA = "phala"
+}
+export declare enum TeeType {
+    SGX_GRAMINE = "sgx_gramine",
+    TDX_DSTACK = "tdx_dstack"
+}
+export interface RemoteAttestationQuote {
+    readonly quote: string;
+    readonly timestamp: number;
+}
+export interface DeriveKeyAttestationData {
+    readonly agentId: string;
+    readonly publicKey: string;
+    readonly subject?: string;
+}
+export interface RemoteAttestationMessage {
+    readonly agentId: string;
+    readonly timestamp: number;
+    readonly message: {
+        readonly entityId: string;
+        readonly roomId: string;
+        readonly content: string;
+    };
+}
+export interface DeriveKeyResult {
+    readonly key: Uint8Array;
+    readonly certificateChain: string[];
+}
+export interface Ed25519KeypairResult {
+    readonly publicKey: string;
+    readonly secretKey: Uint8Array;
+    readonly attestation: RemoteAttestationQuote;
+}
+export interface EcdsaKeypairResult {
+    readonly address: string;
+    readonly privateKey: Uint8Array;
+    readonly attestation: RemoteAttestationQuote;
+}
+export interface TeeServiceConfig {
+    readonly mode: TeeMode;
+    readonly vendor: TeeVendor;
+    readonly secretSalt?: string;
+}
+export interface TeeProviderResult {
+    readonly data?: ProviderDataRecord;
+    readonly values: Record<string, ProviderValue>;
+    readonly text: string;
+}
+export type TdxQuoteHashAlgorithm = "sha256" | "sha384" | "sha512" | "raw";
+export declare function parseTeeMode(mode: string): TeeMode;
+export declare function parseTeeVendor(vendor: string): TeeVendor;
+import type { ProviderDataRecord, ProviderValue } from "@elizaos/core";
+//# sourceMappingURL=index.d.ts.map

package/dist/node/types/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":"AAAA,oBAAY,OAAO;IACjB,KAAK,UAAU;IACf,MAAM,WAAW;IACjB,UAAU,eAAe;CAC1B;AAED,oBAAY,SAAS;IACnB,KAAK,UAAU;CAChB;AAED,oBAAY,OAAO;IACjB,WAAW,gBAAgB;IAC3B,UAAU,eAAe;CAC1B;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,OAAO,EAAE;QAChB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;QACxB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;KAC1B,CAAC;CACH;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;IACzB,QAAQ,CAAC,gBAAgB,EAAE,MAAM,EAAE,CAAC;CACrC;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC;IAC/B,QAAQ,CAAC,WAAW,EAAE,sBAAsB,CAAC;CAC9C;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;IAChC,QAAQ,CAAC,WAAW,EAAE,sBAAsB,CAAC;CAC9C;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;IACvB,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC;IAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,IAAI,CAAC,EAAE,kBAAkB,CAAC;IACnC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IAC/C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,MAAM,qBAAqB,GAAG,QAAQ,GAAG,QAAQ,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE3E,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAalD;AAED,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAOxD;AAED,OAAO,KAAK,EAAE,kBAAkB,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC"}

package/dist/node/types/index.js

@@ -0,0 +1,35 @@
+export var TeeMode;
+(function (TeeMode) {
+    TeeMode["LOCAL"] = "LOCAL";
+    TeeMode["DOCKER"] = "DOCKER";
+    TeeMode["PRODUCTION"] = "PRODUCTION";
+})(TeeMode || (TeeMode = {}));
+export var TeeVendor;
+(function (TeeVendor) {
+    TeeVendor["PHALA"] = "phala";
+})(TeeVendor || (TeeVendor = {}));
+export var TeeType;
+(function (TeeType) {
+    TeeType["SGX_GRAMINE"] = "sgx_gramine";
+    TeeType["TDX_DSTACK"] = "tdx_dstack";
+})(TeeType || (TeeType = {}));
+export function parseTeeMode(mode) {
+    switch (mode.toUpperCase()) {
+        case "LOCAL":
+            return TeeMode.LOCAL;
+        case "DOCKER":
+            return TeeMode.DOCKER;
+        case "PRODUCTION":
+            return TeeMode.PRODUCTION;
+        default:
+            throw new Error(`Invalid TEE_MODE: ${mode}. Must be one of: LOCAL, DOCKER, PRODUCTION`);
+    }
+}
+export function parseTeeVendor(vendor) {
+    switch (vendor.toLowerCase()) {
+        case "phala":
+            return TeeVendor.PHALA;
+        default:
+            throw new Error(`Invalid TEE_VENDOR: ${vendor}. Must be one of: phala`);
+    }
+}

package/dist/node/utils/index.d.ts

@@ -0,0 +1,9 @@
+export declare function hexToUint8Array(hex: string): Uint8Array;
+export declare function uint8ArrayToHex(bytes: Uint8Array): string;
+export declare function calculateSHA256(input: string): Buffer;
+export declare function sha256Bytes(input: Uint8Array): Uint8Array;
+export declare function getTeeEndpoint(mode: string): string | undefined;
+export declare function uploadAttestationQuote(data: Uint8Array): Promise<{
+    checksum: string;
+}>;
+//# sourceMappingURL=index.d.ts.map

package/dist/node/utils/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/utils/index.ts"],"names":[],"mappings":"AAEA,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAkBvD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIzD;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIrD;AAED,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,GAAG,UAAU,CAIzD;AAED,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAa/D;AAED,wBAAsB,sBAAsB,CAC1C,IAAI,EAAE,UAAU,GACf,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAmB/B"}

package/dist/node/utils/index.js

@@ -0,0 +1,61 @@
+import { createHash } from "node:crypto";
+export function hexToUint8Array(hex) {
+    const hexString = hex.trim().replace(/^0x/, "");
+    if (!hexString) {
+        throw new Error("Invalid hex string: empty after stripping prefix");
+    }
+    if (hexString.length % 2 !== 0) {
+        throw new Error("Invalid hex string: odd number of characters");
+    }
+    const array = new Uint8Array(hexString.length / 2);
+    for (let i = 0; i < hexString.length; i += 2) {
+        const byte = Number.parseInt(hexString.slice(i, i + 2), 16);
+        if (Number.isNaN(byte)) {
+            throw new Error(`Invalid hex string: invalid byte at position ${i}`);
+        }
+        array[i / 2] = byte;
+    }
+    return array;
+}
+export function uint8ArrayToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+export function calculateSHA256(input) {
+    const hash = createHash("sha256");
+    hash.update(input);
+    return hash.digest();
+}
+export function sha256Bytes(input) {
+    const hash = createHash("sha256");
+    hash.update(input);
+    return new Uint8Array(hash.digest());
+}
+export function getTeeEndpoint(mode) {
+    switch (mode.toUpperCase()) {
+        case "LOCAL":
+            return "http://localhost:8090";
+        case "DOCKER":
+            return "http://host.docker.internal:8090";
+        case "PRODUCTION":
+            return undefined;
+        default:
+            throw new Error(`Invalid TEE_MODE: ${mode}. Must be one of: LOCAL, DOCKER, PRODUCTION`);
+    }
+}
+export async function uploadAttestationQuote(data) {
+    const blob = new Blob([data], {
+        type: "application/octet-stream",
+    });
+    const formData = new FormData();
+    formData.append("file", blob, "quote.bin");
+    const response = await fetch("https://proof.t16z.com/api/upload", {
+        method: "POST",
+        body: formData,
+    });
+    if (!response.ok) {
+        throw new Error(`Failed to upload attestation quote: ${response.statusText}`);
+    }
+    return response.json();
+}

package/dist/node/vendors/index.d.ts

@@ -0,0 +1,5 @@
+import { type TeeVendorInterface, type TeeVendorName } from "./types";
+export declare function getVendor(type: TeeVendorName): TeeVendorInterface;
+export { PhalaVendor } from "./phala";
+export { type TeeVendorInterface, type TeeVendorName, TeeVendorNames, } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/node/vendors/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/vendors/index.ts"],"names":[],"mappings":"AACA,OAAO,EACL,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAEnB,MAAM,SAAS,CAAC;AAMjB,wBAAgB,SAAS,CAAC,IAAI,EAAE,aAAa,GAAG,kBAAkB,CAMjE;AAED,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AACtC,OAAO,EACL,KAAK,kBAAkB,EACvB,KAAK,aAAa,EAClB,cAAc,GACf,MAAM,SAAS,CAAC"}

package/dist/node/vendors/index.js

@@ -0,0 +1,14 @@
+import { PhalaVendor } from "./phala";
+import { TeeVendorNames, } from "./types";
+const vendors = {
+    [TeeVendorNames.PHALA]: new PhalaVendor(),
+};
+export function getVendor(type) {
+    const vendor = vendors[type];
+    if (!vendor) {
+        throw new Error(`Unsupported TEE vendor: ${type}`);
+    }
+    return vendor;
+}
+export { PhalaVendor } from "./phala";
+export { TeeVendorNames, } from "./types";

package/dist/node/vendors/phala.d.ts

@@ -0,0 +1,10 @@
+import type { Action, Provider } from "@elizaos/core";
+import { type TeeVendorInterface } from "./types";
+export declare class PhalaVendor implements TeeVendorInterface {
+    readonly type: "phala";
+    getActions(): Action[];
+    getProviders(): Provider[];
+    getName(): string;
+    getDescription(): string;
+}
+//# sourceMappingURL=phala.d.ts.map

package/dist/node/vendors/phala.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"phala.d.ts","sourceRoot":"","sources":["../../../src/vendors/phala.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAKtD,OAAO,EAAE,KAAK,kBAAkB,EAAkB,MAAM,SAAS,CAAC;AAElE,qBAAa,WAAY,YAAW,kBAAkB;IACpD,QAAQ,CAAC,IAAI,UAAwB;IAErC,UAAU,IAAI,MAAM,EAAE;IAItB,YAAY,IAAI,QAAQ,EAAE;IAI1B,OAAO,IAAI,MAAM;IAIjB,cAAc,IAAI,MAAM;CAGzB"}

package/dist/node/vendors/phala.js

@@ -0,0 +1,17 @@
+import { phalaDeriveKeyProvider, phalaRemoteAttestationProvider, } from "../providers";
+import { TeeVendorNames } from "./types";
+export class PhalaVendor {
+    type = TeeVendorNames.PHALA;
+    getActions() {
+        return [];
+    }
+    getProviders() {
+        return [phalaDeriveKeyProvider, phalaRemoteAttestationProvider];
+    }
+    getName() {
+        return "phala-tee-plugin";
+    }
+    getDescription() {
+        return "Phala Network TEE for secure agent execution";
+    }
+}

package/dist/node/vendors/types.d.ts

@@ -0,0 +1,13 @@
+import type { Action, Provider } from "@elizaos/core";
+export declare const TeeVendorNames: {
+    readonly PHALA: "phala";
+};
+export type TeeVendorName = (typeof TeeVendorNames)[keyof typeof TeeVendorNames];
+export interface TeeVendorInterface {
+    readonly type: TeeVendorName;
+    getActions(): Action[];
+    getProviders(): Provider[];
+    getName(): string;
+    getDescription(): string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/node/vendors/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/vendors/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEtD,eAAO,MAAM,cAAc;;CAEjB,CAAC;AAEX,MAAM,MAAM,aAAa,GACvB,CAAC,OAAO,cAAc,CAAC,CAAC,MAAM,OAAO,cAAc,CAAC,CAAC;AAEvD,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC;IAC7B,UAAU,IAAI,MAAM,EAAE,CAAC;IACvB,YAAY,IAAI,QAAQ,EAAE,CAAC;IAC3B,OAAO,IAAI,MAAM,CAAC;IAClB,cAAc,IAAI,MAAM,CAAC;CAC1B"}

package/dist/node/vendors/types.js

@@ -0,0 +1,3 @@
+export const TeeVendorNames = {
+    PHALA: "phala",
+};

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "@elizaos/plugin-tee",
-  "version": "2.0.3-beta.5",
+  "version": "2.0.3-beta.7",
   "type": "module",
   "main": "dist/node/index.js",
   "module": "dist/node/index.js",
-  "types": "dist/index.d.ts",
+  "types": "dist/node/index.d.ts",
   "description": "Trusted Execution Environment (TEE) integration plugin for elizaOS - Multi-language support (TypeScript, Python, Rust)",
   "repository": {
     "type": "git",
@@ -13,7 +13,7 @@
   "exports": {
     "./package.json": "./package.json",
     ".": {
-      "types": "./dist/index.d.ts",
+      "types": "./dist/node/index.d.ts",
       "eliza-source": {
         "types": "./src/index.ts",
         "import": "./src/index.ts",
@@ -32,9 +32,9 @@
     },
     "./*.css": "./dist/*.css",
     "./*": {
-      "types": "./dist/*.d.ts",
-      "import": "./dist/*.js",
-      "default": "./dist/*.js"
+      "types": "./dist/node/*.d.ts",
+      "import": "./dist/node/*.js",
+      "default": "./dist/node/*.js"
     }
   },
   "files": [
@@ -45,7 +45,7 @@
   ],
   "sideEffects": false,
   "dependencies": {
-    "@elizaos/core": "2.0.3-beta.5",
+    "@elizaos/core": "2.0.3-beta.7",
     "@phala/dstack-sdk": "^0.5.7",
     "@solana/web3.js": "1.98.4",
     "viem": "^2.48.8"
@@ -74,7 +74,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "ff6157011c9459670021cc28a6797592a78b8817",
+  "gitHead": "61094f10458d11055c75b3dd0bae374e3f66bac5",
   "agentConfig": {
     "pluginType": "elizaos:plugin:1.0.0",
     "pluginParameters": {