Skip to content

rust

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

rust

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

README.md

elizaos-plugin-tee (Rust)

Rust implementation of the elizaOS TEE Plugin for Trusted Execution Environment integration.

Features

  • 🔐 Remote Attestation - Prove agent execution in TEE
  • 🔑 Key Derivation - Secure Ed25519 and ECDSA key derivation
  • 🛡️ Vendor Support - Extensible vendor system (Phala Network)
  • Async - Full async/await support with Tokio
  • 🔒 Type Safe - Strong Rust types with no unsafe code
  • 🌐 WASM - Optional WebAssembly support

Installation

Add to your Cargo.toml:

[dependencies]
elizaos-plugin-tee = "1.0"

Quick Start

use elizaos_plugin_tee::{TEEService, TeeMode};

#[tokio::main]
async fn main() -> anyhow::Result<()> {
    // Start the service
    let service = TEEService::start(Some("LOCAL"), None)?;

    // Derive Ed25519 keypair (for Solana)
    let solana_result = service
        .derive_ed25519_keypair("my-secret-salt", "solana", "agent-123")
        .await?;
    println!("Solana Public Key: {}", solana_result.public_key);

    // Derive ECDSA keypair (for EVM)
    let evm_result = service
        .derive_ecdsa_keypair("my-secret-salt", "evm", "agent-123")
        .await?;
    println!("EVM Address: {}", evm_result.address);

    // Stop the service
    service.stop();

    Ok(())
}

Configuration

Variable Description Required
TEE_MODE Operation mode: LOCAL, DOCKER, PRODUCTION Yes
WALLET_SECRET_SALT Secret for key derivation Yes
TEE_VENDOR Vendor name (default: phala) No

API Reference

TEEService

Main service for TEE operations.

// Initialize
let service = TEEService::start(Some("LOCAL"), None)?;

// Derive keys
let ed25519 = service.derive_ed25519_keypair(path, subject, agent_id).await?;
let ecdsa = service.derive_ecdsa_keypair(path, subject, agent_id).await?;
let raw = service.raw_derive_key(path, subject).await?;

// Cleanup
service.stop();

Remote Attestation

use elizaos_plugin_tee::{PhalaRemoteAttestationProvider, RemoteAttestationProvider};

// Using provider directly
let provider = PhalaRemoteAttestationProvider::new("LOCAL")?;
let quote = provider.generate_attestation(report_data, None).await?;

Types

use elizaos_plugin_tee::{
    TeeMode,
    TeeVendor,
    RemoteAttestationQuote,
    Ed25519KeypairResult,
    EcdsaKeypairResult,
};

Features

  • native (default): Full async support with Tokio
  • wasm: WebAssembly support for browser environments
# For WASM
elizaos-plugin-tee = { version = "1.0", default-features = false, features = ["wasm"] }

Development

# Build
cargo build --release

# Test
cargo test

# Build WASM
wasm-pack build --target web

# Lint
cargo clippy --all-targets -- -D warnings

License

MIT