elizaOS TEE Plugin - Trusted Execution Environment integration for secure key management and remote attestation
Project description
elizaos-plugin-tee (Python)
Python implementation of the elizaOS TEE Plugin for Trusted Execution Environment integration.
Features
- 🔐 Remote Attestation - Prove agent execution in TEE
- 🔑 Key Derivation - Secure Ed25519 and ECDSA key derivation
- 🛡️ Vendor Support - Extensible vendor system (Phala Network)
- ⚡ Async - Full async/await support
- 🔒 Type Safe - Pydantic models with strict validation
Installation
pip install elizaos-plugin-tee
Quick Start
from elizaos_plugin_tee import TEEService, TeeMode
# Start the service
service = await TEEService.start(tee_mode="LOCAL")
# Derive Ed25519 keypair (for Solana)
solana_result = await service.derive_ed25519_keypair(
path="my-secret-salt",
subject="solana",
agent_id="agent-123"
)
print(f"Solana Public Key: {solana_result.public_key}")
# Derive ECDSA keypair (for EVM)
evm_result = await service.derive_ecdsa_keypair(
path="my-secret-salt",
subject="evm",
agent_id="agent-123"
)
print(f"EVM Address: {evm_result.address}")
# Stop the service
await service.stop()
Configuration
| Variable | Description | Required |
|---|---|---|
TEE_MODE |
Operation mode: LOCAL, DOCKER, PRODUCTION |
Yes |
WALLET_SECRET_SALT |
Secret for key derivation | Yes |
TEE_VENDOR |
Vendor name (default: phala) |
No |
API Reference
TEEService
Main service for TEE operations.
# Initialize
service = await TEEService.start(tee_mode="LOCAL")
# Derive keys
await service.derive_ed25519_keypair(path, subject, agent_id)
await service.derive_ecdsa_keypair(path, subject, agent_id)
await service.raw_derive_key(path, subject)
# Cleanup
await service.stop()
Remote Attestation
from elizaos_plugin_tee import (
PhalaRemoteAttestationProvider,
handle_remote_attestation,
)
# Using provider directly
provider = PhalaRemoteAttestationProvider("LOCAL")
quote = await provider.generate_attestation(report_data)
await provider.close()
# Using action handler
result = await handle_remote_attestation(
tee_mode="LOCAL",
agent_id="agent-123",
entity_id="entity-456",
room_id="room-789",
content="Message content"
)
Types
from elizaos_plugin_tee import (
TeeMode,
TeeVendor,
RemoteAttestationQuote,
Ed25519KeypairResult,
EcdsaKeypairResult,
)
Development
# Install dev dependencies
pip install -e ".[dev]"
# Run tests
pytest
# Type checking
mypy elizaos_plugin_tee
# Linting
ruff check .
ruff format .
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file elizaos_plugin_tee-2.0.0a4.tar.gz.
File metadata
- Download URL: elizaos_plugin_tee-2.0.0a4.tar.gz
- Upload date:
- Size: 12.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1cb07026e83f038bd4f7439dfa4f78f866e9baf7ffd2ab1bcbc88c544cca47b1
|
|
| MD5 |
b3f48fcf451d5779cf7eee597f9a9945
|
|
| BLAKE2b-256 |
59af7e36612cc1ca327d5c5555301d39db583eef07d0551271d573fda75f1c7f
|
File details
Details for the file elizaos_plugin_tee-2.0.0a4-py3-none-any.whl.
File metadata
- Download URL: elizaos_plugin_tee-2.0.0a4-py3-none-any.whl
- Upload date:
- Size: 15.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a7b528cf3294f41a1fd38e47f338ada875a6643de1e8db7c48fc93f293a9a467
|
|
| MD5 |
56eff2a6bbfbffabac2bc5ddbdc0f156
|
|
| BLAKE2b-256 |
1e44e60eba1d3df29bc51cf5e82f37f623822e366b2f40eba3f98079555abaea
|
