Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Implement a plugin that can retrieve Marlin TEE remote attestations #935

Merged
merged 3 commits into from
Jan 5, 2025

Conversation

roshanrags
Copy link
Contributor

Risks

Low.

Background

What does this PR do?

This PR aims to add a plugin that makes Eliza verifiable through the use of TEEs. The plugin leverages the Marlin Oyster platform and SDKs. More concretely, it adds an action that lets Eliza respond with remote attestations when asked. It is expected to be followed up with additional PRs for other aspects as well.

What kind of change is this?

Features.

Why are we doing this? Any context or related work?

It's important for AI agents to be verifiable in Web3 so users can verify behaviors and responses of an agent they are interacting with. A performant way of accomplishing this is running the agent in a TEE and providing remote attestation infrastructure for verification by users. Additionally, TEEs provide privacy protections to users' interactions with agents.

It is similar in spirit to plugin-tee but targets the Marlin Oyster stack instead.

Documentation changes needed?

Yes. A section on the plugin has been added.

Testing

Where should a reviewer start?

The README of the plugin. It specifies the .env settings as well as how to run a mock attestation server for local testing.

Detailed testing steps

  1. Run the mock attestation server, simplest way is docker - docker run --init --rm -p 1350:1350 marlinorg/attestation-server-custom-mock
  2. Set configs corresponding to the plugin, just TEE_MARLIN=yes should suffice.
  3. Chat with Eliza and ask for a remote attestation, I have tried various phrasings like "attest yourself", "get me a remote attestation", etc which seem to work.

Discord username

roshanroshan

@roshanrags roshanrags changed the title Implement a plugin that can retrieve Marlin TEE remote attestations feat: Implement a plugin that can retrieve Marlin TEE remote attestations Dec 9, 2024
odilitime
odilitime previously approved these changes Dec 10, 2024
@odilitime odilitime added the Plugin_new Mark PRs that are a new plugin label Dec 10, 2024
@HashWarlock
Copy link
Collaborator

Hey! Nice to see another TEE option here. We should talk more on how we want to document and educate developers on TEE and the different options available for devs to get started.

Some comments:

  • Can you add the lint file?

eslint.config.mjs

import eslintGlobalConfig from "../../eslint.config.mjs";

export default [...eslintGlobalConfig];

package.json

"scripts": {
        "build": "tsup --format esm --dts",
        "dev": "tsup --format esm --dts --watch",
        "lint": "eslint . --fix"
},

@roshanrags
Copy link
Contributor Author

roshanrags commented Dec 11, 2024

Rebased on latest main and added linting.

cc: @odilitime

@lalalune lalalune changed the base branch from main to develop December 14, 2024 22:56
@HashWarlock
Copy link
Collaborator

Hey @roshanrags, sorry for the delay here. I have a coupl of questions:

  • Is the expectation that the Eliza Agent will be running inside the TEE Oyster on Marlin? And if so, will the eliza agent be connecting through a websocket or via http request to get the RA Quote?
  • If Eliza is not running in the TEE Oyster, can a user trust the RA Quote since it is not executed in a TEE?

@odilitime odilitime deleted the branch elizaOS:develop December 17, 2024 02:33
@odilitime odilitime closed this Dec 17, 2024
@odilitime odilitime reopened this Dec 17, 2024
@shakkernerd shakkernerd deleted the branch elizaOS:develop December 17, 2024 03:45
@odilitime odilitime reopened this Dec 17, 2024
@roshanrags roshanrags force-pushed the roshan/plugin-tee-marlin branch from da2b663 to bea8456 Compare December 17, 2024 06:11
@roshanrags
Copy link
Contributor Author

Rebased on latest develop.

@roshanrags
Copy link
Contributor Author

  • Is the expectation that the Eliza Agent will be running inside the TEE Oyster on Marlin?

Yes.

And if so, will the eliza agent be connecting through a websocket or via http request to get the RA Quote?

It makes a HTTP request to fetch attestations.

  • If Eliza is not running in the TEE Oyster, can a user trust the RA Quote since it is not executed in a TEE?

The attestation would not verify properly in this case. A valid production attestation should fully verify and be anchored to AWS's root certificate. The mock server generates valid attestations but they are anchored to a custom root certificate instead.

@roshanrags
Copy link
Contributor Author

Any idea what's failing here? https://github.com/ai16z/eliza/actions/runs/12367420001/job/34515692344?pr=935

The chat interface seems to set itself up just fine 🤔

@HashWarlock HashWarlock self-requested a review December 18, 2024 00:55
HashWarlock
HashWarlock previously approved these changes Dec 18, 2024
Copy link
Collaborator

@HashWarlock HashWarlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM @roshanrags the failure here is probably a bug in develop and not introduced by you, but we can get this merged

@shakkernerd shakkernerd deleted the branch elizaOS:develop December 22, 2024 07:01
@odilitime odilitime reopened this Dec 22, 2024
@roshanrags roshanrags force-pushed the roshan/plugin-tee-marlin branch 2 times, most recently from ccbff80 to bbdd4e0 Compare December 24, 2024 06:00
@roshanrags
Copy link
Contributor Author

Rebased on the latest develop.

@roshanrags roshanrags force-pushed the roshan/plugin-tee-marlin branch from bbdd4e0 to c55fa3c Compare December 24, 2024 06:07
@roshanrags
Copy link
Contributor Author

The lockfile wants things to be ordered alphabetically, the elizaos rename seems to have messed that up btw.

@roshanrags roshanrags force-pushed the roshan/plugin-tee-marlin branch 2 times, most recently from 0e635af to a261b6b Compare December 26, 2024 11:32
Copy link
Collaborator

@HashWarlock HashWarlock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Is this good to go @odilitime?

@lalalune lalalune merged commit 943d1be into elizaOS:develop Jan 5, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Plugin_new Mark PRs that are a new plugin
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants