feat: Add plugin-dcap (#2638)

* Dcap -- fix lock conflict (#4)

* move the position of action field inside examples

* fix pnpm-lock

* add initilization

---------

Co-authored-by: junkwarrior87 <115852752+junkwarrior87@users.noreply.github.com>
Co-authored-by: ChenYe <git@0xdf.com>
Co-authored-by: Sayo <hi@sayo.wtf>

Author: 4 people

.env.example

@@ -884,4 +884,8 @@ ANKR_TIMEOUT=5000
 ANKR_GRANULAR_LOG=true
 ANKR_LOG_LEVEL=debug
 ANKR_RUNTIME_CHECK_MODE=false
-ANKR_SPASH=true
+ANKR_SPASH=true
+
+# DCAP Plugin Configuration
+DCAP_EVM_PRIVATE_KEY=
+DCAP_MODE=                       # Options: OFF, PLUGIN-SGX, PLUGIN-TEE, MOCK

agent/package.json

@@ -134,6 +134,7 @@
 		"@elizaos/plugin-ethstorage": "workspace:*",
 		"@elizaos/plugin-mina": "workspace:*",
         "@elizaos/plugin-email-automation": "workspace:*",
+        "@elizaos/plugin-dcap": "workspace:*",
         "@elizaos/plugin-form": "workspace:*",
 		"@elizaos/plugin-ankr": "workspace:*",
 		"readline": "1.3.0",

agent/src/index.ts

@@ -21,7 +21,7 @@ import { agentKitPlugin } from "@elizaos/plugin-agentkit"
 import { PrimusAdapter } from "@elizaos/plugin-primus"
 import { lightningPlugin } from "@elizaos/plugin-lightning"
 import { elizaCodeinPlugin, onchainJson } from "@elizaos/plugin-iq6900"
-
+import { dcapPlugin } from "@elizaos/plugin-dcap"
 import {
     AgentRuntime,
     CacheManager,
@@ -853,6 +853,7 @@ export async function createAgent(character: Character, db: IDatabaseAdapter, ca
 			getSecret(character, "MINA_PRIVATE_KEY") ? minaPlugin : null,
             getSecret(character, "FORM_PRIVATE_KEY") ? formPlugin : null,
             getSecret(character, "ANKR_WALLET") ? ankrPlugin : null,
+			getSecret(character, "DCAP_EVM_PRIVATE_KEY") && getSecret(character, "DCAP_MODE") ? dcapPlugin : null,
 		].filter(Boolean),
 		providers: [],
 		managers: [],

packages/plugin-dcap/README.md

@@ -0,0 +1,88 @@
+# @elizaos/plugin-dcap
+
+A plugin for verifying DCAP attestation on-chain built based on the [automata-dcap-attestation](https://github.com/automata-network/automata-dcap-attestation).
+
+## Features
+
+This plugin provides the following features:
+- Generate DCAP attestation on TDX using the `remoteAttestationProvider` provided by the [plugin-tee](https://github.com/elizaOS/eliza/tree/develop/packages/plugin-tee).
+- Generate DCAP attestation on SGX using the `sgxAttestationProvider` provided by the [plugin-sgx](https://github.com/elizaOS/eliza/tree/develop/packages/plugin-sgx).
+- Submit and verify DCAP attestation on-chain.
+
+## Future Features (coming soon)
+- Support to verify DCAP attestation on more EVM networks.
+- Support to verify DCAP attestation on Solana.
+- Support to verify DCAP attestation using ZKVM and verify the zk proof on-chain.
+- Support to topup the wallet before submitting the DCAP attestation on testnets.
+
+## Installation
+
+```bash
+pnpm install @elizaos/plugin-dcap
+```
+
+## Configuration
+1. Set up your environment variables:
+```env
+EVM_PRIVATE_KEY=your-private-key-here
+DCAP_MODE=PLUGIN-SGX|PLUGIN-TEE|MOCK
+```
+The EVM_PRIVATE_KEY used to submit the DCAP attestation on evm networks, please make sure it has enough balance to pay for the transaction fee.
+
+The DCAP_MODE is used to specify the mode of generating DCAP attestation, it can be:
+- PLUGIN-SGX: Use the `sgxAttestationProvider` in `plugin-sgx` to generate the DCAP attestation.
+- PLUGIN-TEE: Use the `remoteAttestationProvider` in `plugin-tee` to generate the DCAP attestation.
+- MOCK: Use a predefined attestation, this option is only for testing purposes.
+
+Check the docs of `plugin-sgx` and `plugin-tee` for how to run your agent in TEE before using the SGX or TDX mode.
+
+2. Register the plugin in your Eliza configuration:
+```typescript
+import { dcapPlugin } from "@elizaos/plugin-dcap";
+
+// In your Eliza configuration
+plugins: [
+    dcapPlugin,
+    // ... other plugins
+];
+```
+
+## Usage
+The plugin provides an action `dcapOnChainVerifyAction` which will be triggered by natural languages like:
+```plaintext
+"Verify the DCAP attestation on-chain"
+"Generate a DCAP attestation and verify it on-chain"
+"DCAP_ON_CHAIN" # The keyword will also trigger the action
+```
+
+## Development
+
+1. Clone the repository
+2. Install dependencies:
+
+```bash
+pnpm install
+```
+
+3. Build the plugin:
+
+```bash
+pnpm run build
+```
+
+4. Run tests:
+
+```bash
+pnpm test
+```
+
+We are welcom to any feedback and contributions!
+
+## Credits
+- [Automata Network](https://ata.network): Provided the on-chain DCAP verification, enabling the decentralized verification of TEE attestations.
+- [Phala Network](https://phala.network): Provided support for running agents in TDX environment and contributed the `plugin-tee` for generating DCAP attestation on TDX.
+- [Gramine](https://gramineproject.io/): Provided support for running agents in SGX environment.
+
+## License
+
+This plugin is part of the Eliza project. See the main project repository for license information.

packages/plugin-dcap/package.json

@@ -0,0 +1,23 @@
+{
+    "name": "@elizaos/plugin-dcap",
+    "version": "0.1.9-alpha.1",
+    "type": "module",
+    "main": "dist/index.js",
+    "module": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "dependencies": {
+        "@elizaos/core": "workspace:*",
+        "@elizaos/plugin-sgx": "workspace:*",
+        "@elizaos/plugin-tee": "workspace:*",
+        "ethers": "^6.13.5"
+    },
+    "devDependencies": {
+        "@types/node": "^20.0.0",
+        "tsup": "8.3.5"
+    },
+    "scripts": {
+        "build": "tsup --format esm --dts",
+        "dev": "tsup --format esm --dts --watch",
+        "lint": "eslint --fix  --cache ."
+    }
+}

packages/plugin-dcap/src/actions/on-chain.ts

@@ -0,0 +1,111 @@
+import type { Action } from "@elizaos/core";
+import { verifyAndAttestOnChain } from "../dcap.js";
+import { getQuote } from "../quote.js";
+import { DCAPMode } from "../types.js";
+import {
+    getDCAPMode,
+    getTEEMode,
+    hasPrivateKey,
+    hasTEEMode,
+} from "../utils.js";
+
+export const dcapOnChainVerifyAction: Action = {
+    name: "DCAP_ON_CHAIN",
+    description:
+        "This plugin is used to generate DCAP attestation and verify it on-chain. The user can also use the keyword DCAP_ON_CHAIN to trigger this action.",
+    similes: [
+        "DCAP",
+        "DCAP_ATTESTATION",
+        "DCAP_TEE",
+        "DCAP_SGX",
+        "DCAP_TDX",
+        "VERIFY_ATTESTATION",
+        "VERIFY_DCAP",
+        "DCAP_VERIFICATION",
+        "ATTESTATION",
+        "GENERATE_ATTESTATION",
+    ],
+    examples: [
+        [
+            {
+                user: "{{user1}}",
+                content: {
+                    text: "Generate a DCAP attestation and verify it on-chain",
+                    action: "DCAP_ON_CHAIN",
+                },
+            },
+            {
+                user: "{{user2}}",
+                content: {
+                    text: "Of course, hanlding it now...",
+                },
+            },
+        ],
+        [
+            {
+                user: "{{user1}}",
+                content: { text: "Verify the DCAP attestation on-chain" },
+                action: "DCAP_ON_CHAIN",
+            },
+            {
+                user: "{{user2}}",
+                content: {
+                    text: "Of course, hanlding it now...",
+                },
+            },
+        ],
+        [
+            {
+                user: "{{user1}}",
+                content: { text: "DCAP_ON_CHAIN" },
+                action: "DCAP_ON_CHAIN",
+            },
+            {
+                user: "{{user2}}",
+                content: {
+                    text: "Of course, hanlding it now...",
+                },
+            },
+        ],
+    ],
+    async validate(runtime, message) {
+        if (!hasPrivateKey(runtime)) return false;
+        const mode = getDCAPMode(runtime);
+        if (!mode) return false;
+        if (mode === DCAPMode.PLUGIN_TEE) return hasTEEMode(runtime);
+        return true;
+    },
+    async handler(runtime, message, state, options, callback) {
+        const { agentId } = runtime;
+        const { userId, roomId, content } = message;
+        const quote = await getQuote(
+            // Attestation will be generated based on the message info
+            JSON.stringify({
+                agentId,
+                timestamp: Date.now(),
+                message: { userId, roomId, content: content.text },
+            }),
+            getDCAPMode(runtime),
+            getTEEMode(runtime)
+        );
+
+        const reply = (text: string) =>
+            callback({
+                text,
+                // source: quote,
+                action: "DCAP_ON_CHAIN",
+            });
+        try {
+            const tx = await verifyAndAttestOnChain(
+                runtime.getSetting("EVM_PRIVATE_KEY")!,
+                quote
+            );
+            reply("Verified! Transaction hash: " + tx.hash);
+            return true;
+        } catch (e) {
+            reply(e instanceof Error ? e.message : "Attestation failed");
+            return false;
+        }
+    },
+    suppressInitialMessage: true,
+};

packages/plugin-dcap/src/dcap.ts

@@ -0,0 +1,48 @@
+import { TransactionResponse } from "ethers";
+import { Contract, JsonRpcProvider, Wallet } from "ethers";
+
+export namespace Chain {
+    export enum Testnet {
+        AUTOMATA = "automata_testnet",
+    }
+
+    export enum Mainnet {}
+
+    export const Config: Record<Chain, { rpcUrl: string; address: string }> = {
+        [Testnet.AUTOMATA]: {
+            rpcUrl: "https://1rpc.io/ata/testnet",
+            address: "0x6D67Ae70d99A4CcE500De44628BCB4DaCfc1A145",
+        },
+    };
+}
+export type Chain = Chain.Testnet | Chain.Mainnet;
+
+export async function verifyAndAttestOnChain(
+    privateKey: string,
+    rawQuote: string,
+    chain: Chain = Chain.Testnet.AUTOMATA
+) {
+    const { rpcUrl, address } = Chain.Config[chain];
+    const provider = new JsonRpcProvider(rpcUrl);
+    const wallet = new Wallet(privateKey, provider);
+    const contract = new Contract(
+        address,
+        [
+            "function getBp() public view returns (uint16)",
+            "function verifyAndAttestOnChain(bytes calldata rawQuote) external payable returns (bool success, bytes memory output)",
+        ],
+        wallet
+    );
+    const estimateGas = async (value: bigint) =>
+        await contract.verifyAndAttestOnChain.estimateGas(rawQuote, { value });
+
+    const $bp = contract.getBp();
+    const $fee = provider.getFeeData();
+    const gas = await estimateGas(await provider.getBalance(wallet));
+    const bp = await $bp;
+    const { gasPrice, maxFeePerGas } = await $fee;
+    const tx = await contract.verifyAndAttestOnChain(rawQuote, {
+        value: (gas * (gasPrice || maxFeePerGas)! * bp * 105n) / 1000000n,
+    });
+    return await (tx as TransactionResponse).wait();
+}

packages/plugin-dcap/src/index.ts

@@ -0,0 +1,8 @@
+import type { Plugin } from "@elizaos/core";
+import { dcapOnChainVerifyAction } from "./actions/on-chain";
+
+export const dcapPlugin: Plugin = {
+    name: "dcap",
+    description: "Basic DCAP attestation plugin",
+    actions: [dcapOnChainVerifyAction],
+};

packages/plugin-dcap/src/quote.ts

@@ -0,0 +1,26 @@
+import { describe, expect, it } from "vitest";
+import { Chain, verifyAndAttestOnChain } from "../dcap";
+import { DEFAULT_QUOTE } from "../quote";
+
+const privateKey =
+    "0xc4389080437072a09215803a6b540f1e054797eeda2eec6d49076760d48e7589";
+const chain = Chain.Testnet.AUTOMATA;
+
+describe("Verify rawQuote", () => {
+    it("should verify rawQuote", async () => {
+        const tx = await verifyAndAttestOnChain(
+            privateKey,
+            DEFAULT_QUOTE,
+            chain
+        );
+        expect(tx).toBeDefined();
+    });
+});
+
+describe("Verify random hex will fail", () => {
+    it("should not verify random hex", async () => {
+        await expect(
+            verifyAndAttestOnChain(privateKey, "0x1234", chain)
+        ).rejects.toThrow();
+    });
+});

packages/plugin-dcap/src/tests/on-chain.ts

@@ -0,0 +1,6 @@
+export enum DCAPMode {
+    OFF = "OFF",
+    PLUGIN_SGX = "PLUGIN-SGX",
+    PLUGIN_TEE = "PLUGIN-TEE",
+    MOCK = "MOCK",
+}

packages/plugin-dcap/src/types.ts

@@ -0,0 +1,41 @@
+import { IAgentRuntime } from "@elizaos/core";
+import { TEEMode } from "@elizaos/plugin-tee";
+import { DCAPMode } from "./types";
+
+export const is0xString = (s: string) =>
+    typeof s === "string" && s.startsWith("0x");
+
+export function hasPrivateKey(runtime: IAgentRuntime) {
+    try {
+        return is0xString(runtime.getSetting("EVM_PRIVATE_KEY"));
+    } catch {
+        return false;
+    }
+}
+
+export function getDCAPMode(runtime: IAgentRuntime) {
+    try {
+        const mode = runtime.getSetting("DCAP_MODE");
+        if (!mode) return;
+        switch (mode.toUpperCase()) {
+            case DCAPMode.PLUGIN_SGX:
+                return DCAPMode.PLUGIN_SGX;
+            case DCAPMode.PLUGIN_TEE:
+                return DCAPMode.PLUGIN_TEE;
+            case DCAPMode.MOCK:
+                return DCAPMode.MOCK;
+        }
+    } catch {}
+}
+
+export const getTEEMode = (runtime: IAgentRuntime) =>
+    runtime.getSetting("TEE_MODE") as TEEMode;
+
+export function hasTEEMode(runtime: IAgentRuntime) {
+    try {
+        const mode = getTEEMode(runtime);
+        return mode && mode !== TEEMode.OFF;
+    } catch {
+        return false;
+    }
+}