feat: Add TEE Mode to Solana Plugin

[HashWarlock]

Relates to:

TEE Plugin

Risks

medium
This PR should go through extra testing to ensure the Solana Plugin does not break with the addition of the TEE Plugin for key derivation and remote attestations.

Background

Currently the Solana and EVM Plugin are not aware of the TEE Plugin and a lot of custom code and configuration must be done to add deployment of Eliza agents in a TEE. This PR solves this issue by making the TEE Plugin an opt-in feature that allows developers to build a TEE compatible Eliza Agent to deploy in a Intel TDX Server running the Dstack SDK.

What does this PR do?

This PR adds a new env variable called TEE_MODE with values of OFF, LOCAL, DOCKER, PRODUCTION. When the TEE_MODE is set to an option other than OFF or undefined then the agent will utilize the TEE Plugin to handle wallet generations for the Solana Plugin.

Every time a key is derived to generate a wallet in the Solana Plugin the following happens:

• Derives an ed25519 key based on the value of the WALLET_SECRET_SALT
• Generates a Remote Attestation Quote with the reportdata that includes a JSON string of {agentId: ${agentId}, publicKey: ${publicKey}}
• In the logs, a user can take the RA Quote and the reportdata to verify publicly at https://ra-quote-explorer.vercel.app/

What kind of change is this?

Feature

Documentation changes needed?

My changes require a change to the project documentation. There will be another step in this PR to add documentation within the advanced section to step developers through setting up their Eliza Agent to be TEE compatible. This documentation will take developers through the process of

• Building an Agent locally with TEE_MODE enabled
• Run the TEE Simulator against a locally deployed Eliza Agent
• Run the TEE Simulator against a docker container of the Eliza Agent
• Run the Eliza Agent within a Real TEE via Phala Network's Dstack Dashboard
• How to verify a Remote Attestation on https://ra-quote-explorer.vercel.app/ and validate the reportdata passed into the RA Quote

Testing

Run through existing Solana Plugin tests before merge.

Where should a reviewer start?

A reviewer should start by running the existing codebase with TEE_MODE set to OFF to ensure functionality hasn't broken.

Detailed testing steps

• Run existing test sets that have TEE_MODE set OFF or undefined and pass all tests
• Set TEE_MODE to LOCAL and run through a local test by launching the docker TEE Simulator then building and starting the project on the development machine where the docker TEE Simulator is running
• Set TEE_MODE to DOCKER and run through a docker test by launching the docker TEE Simulator then building a docker image on a linux/amd64 platform where the docker TEE Simulator is running
• (Optional: I can record a start from scratch video) Set TEE_MODE to PRODUCTION and run through a production deployment by launching in an Intel TDX Server with Dstack SDK setup to deploy via a dashboard

Screenshots

Ask Eliza Agent about their wallet info

Generate RA Quote with reportdata of AgentID + Derived Solana Pub Key

Verify in the TEE RA Explorer (This is a simulator so is should say unverified, but we can still validate the rtmrs

Verify the rtmrs in the quote

[HashWarlock]

Ready for review. I added docs for using TEE Plugin as well

[HashWarlock]

@lalalune could someone take a look at this? Keeping up with new conflicts when new merges are done can get tedious.

[HashWarlock]

I have also run through the Developer Journey of setting TEE_MODE to OFF and set the values for SOLANA_PUBLIC_KEY and SOLANA_PRIVATE_KEY. These tests pass successfully.

Request Wallet info:

Request Transfer Order:

[shakkernerd]

Hi @HashWarlock I will take a look and review.

[HashWarlock]

Hi @HashWarlock I will take a look and review.

Thank you! I can remove the banner image given the conversation we had on the call earlier

[shakkernerd]

Hi @HashWarlock I left some comments that I think needs to be addressed and then we good to go.

[shakkernerd]

Changes well implemented and looks good to me.
We good to go!