feat: Implement a plugin that can retrieve Marlin TEE remote attestations

[roshanrags]

Risks

Low.

Background

What does this PR do?

This PR aims to add a plugin that makes Eliza verifiable through the use of TEEs. The plugin leverages the Marlin Oyster platform and SDKs. More concretely, it adds an action that lets Eliza respond with remote attestations when asked. It is expected to be followed up with additional PRs for other aspects as well.

What kind of change is this?

Features.

Why are we doing this? Any context or related work?

It's important for AI agents to be verifiable in Web3 so users can verify behaviors and responses of an agent they are interacting with. A performant way of accomplishing this is running the agent in a TEE and providing remote attestation infrastructure for verification by users. Additionally, TEEs provide privacy protections to users' interactions with agents.

It is similar in spirit to plugin-tee but targets the Marlin Oyster stack instead.

Documentation changes needed?

Yes. A section on the plugin has been added.

Testing

Where should a reviewer start?

The README of the plugin. It specifies the .env settings as well as how to run a mock attestation server for local testing.

Detailed testing steps

1. Run the mock attestation server, simplest way is docker - docker run --init --rm -p 1350:1350 marlinorg/attestation-server-custom-mock
2. Set configs corresponding to the plugin, just TEE_MARLIN=yes should suffice.
3. Chat with Eliza and ask for a remote attestation, I have tried various phrasings like "attest yourself", "get me a remote attestation", etc which seem to work.

Discord username

roshanroshan

[HashWarlock]

Hey! Nice to see another TEE option here. We should talk more on how we want to document and educate developers on TEE and the different options available for devs to get started.

Some comments:

• Can you add the lint file?

eslint.config.mjs

import eslintGlobalConfig from "../../eslint.config.mjs";

export default [...eslintGlobalConfig];

package.json

"scripts": {
        "build": "tsup --format esm --dts",
        "dev": "tsup --format esm --dts --watch",
        "lint": "eslint . --fix"
},

[roshanrags]

Rebased on latest main and added linting.

cc: @odilitime

[HashWarlock]

Hey @roshanrags, sorry for the delay here. I have a coupl of questions:

• Is the expectation that the Eliza Agent will be running inside the TEE Oyster on Marlin? And if so, will the eliza agent be connecting through a websocket or via http request to get the RA Quote?
• If Eliza is not running in the TEE Oyster, can a user trust the RA Quote since it is not executed in a TEE?

[roshanrags]

Rebased on latest develop.

[roshanrags]

• Is the expectation that the Eliza Agent will be running inside the TEE Oyster on Marlin?

Yes.

And if so, will the eliza agent be connecting through a websocket or via http request to get the RA Quote?

It makes a HTTP request to fetch attestations.

• If Eliza is not running in the TEE Oyster, can a user trust the RA Quote since it is not executed in a TEE?

The attestation would not verify properly in this case. A valid production attestation should fully verify and be anchored to AWS's root certificate. The mock server generates valid attestations but they are anchored to a custom root certificate instead.

[roshanrags]

Any idea what's failing here? https://github.com/ai16z/eliza/actions/runs/12367420001/job/34515692344?pr=935

The chat interface seems to set itself up just fine 🤔

[HashWarlock]

LGTM @roshanrags the failure here is probably a bug in develop and not introduced by you, but we can get this merged

[roshanrags]

Rebased on the latest develop.

[roshanrags]

The lockfile wants things to be ordered alphabetically, the elizaos rename seems to have messed that up btw.

[HashWarlock]

LGTM. Is this good to go @odilitime?