Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Initial TEE Plugin #632

Merged
merged 7 commits into from
Nov 28, 2024
Merged

feat: Initial TEE Plugin #632

merged 7 commits into from
Nov 28, 2024

Conversation

HashWarlock
Copy link
Collaborator

Relates to:

Risks

Low as this is an optional plugin to include for TEE based agents.

Background

Create a boilerplate plugin for deploying agents in TEE and provide 2 key functions for agents:

  • Derive Key for deriving private keys within a TEE running the [Dstack SDK]
  • Remote Attestation for generating RA Quote on report data passed in as a parameter

Optimize Docker Container to reduce size from 11.1GB to <6GB based on comment from [tebayoso] (#293 (comment)) in original docker PR #293

What does this PR do?

Note: To run in TEE, you must have specialized hardware. Reach out to Phala Network for help getting started

  • Add Support for deploying docker containers in TEE
  • Create 3 new providers called derive key, remote attestation, and wallet provider
  • Optimize Dockerfile for deployments
  • Add docker-compose.yaml file to use docker compose up

What kind of change is this?

Features

Why are we doing this? Any context or related work?

Autonomous Agents that trade onchain have a root of trust problem that requires a human to generate a wallet and provide a private key as part of the environment variables. This is a problem since humans can easily inject themselves into the process and make it easy for them to build ruggable agents. This solution aims to give users some verifiability with remote attestation and allow agents to autonomously generate their wallet within the TEE based on a secret salt instead of a private key. Now agents have a the autonomy to perform actions onchain without the possibility of a human manipulating the wallet since the human can no longer know what the private key since it is generated within the TEE.

Documentation changes needed?

Testing

Where should a reviewer start?

First a developer should use a Ubuntu 24.04 linux machine for best simulation. Character file must include teePlugin.

Detailed testing steps

Run TEE Simultator with docker (make sure docker is started)

docker run --rm -p 8090:8090 phalanetwork/tappd-simulator:latest

Edit Character File to use teePlugin and install

pnpm install
cd packages/core
pnpm install
cd -

Build your project

pnpm build

(Optional) For users running on Mac or Windows update .env file

# If running pnpm start use this endpoint
DSTACK_SIMULATOR_ENDPOINT="http://localhost:8090"
# If using pnpm docker to launch agent
DSTACK_SIMULATOR_ENDPOINT="http://host.docker.internal:8090"

Launch your agent

# For local testing
pnpm start
# For docker testing
pnpm docker

If you want to run on Intel TDX Server

Reach out to Phala Network team or me @HashWarlock to help get you deployed on a real TEE server through our TaaS Force team.

@HashWarlock HashWarlock changed the title Initial TEE Plugin feat: Initial TEE Plugin Nov 27, 2024
@HashWarlock
Copy link
Collaborator Author

HashWarlock commented Nov 28, 2024
edited
Loading

Adding documentation and updating the plugin.

  • Documentation on TEE Plugin
  • Add functions to derive raw key, derive ed25519 key for Solana, derive ecdsa key for evm chains

@lalalune lalalune merged commit 95e8575 into elizaOS:main Nov 28, 2024
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lalalune lalalune lalalune approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@HashWarlock @lalalune