Deployment (TEE)

Deploying to Phala Network (Redpill Container)

To ensure the agent is "Unruggable," it must run inside a Trusted Execution Environment (TEE). We use Phala Network's infrastructure.

Deployment Steps:

  1. Dockerize: Wrap the ElizaOS agent in a Docker container using the phala/redpill-template.

  2. Upload: Push the image to the Phala decentralized cloud.

  3. Lease Worker: Rent a TEE worker node using PHA tokens.

  4. Boot: Start the container. Upon boot, the CVM (Confidential Virtual Machine) generates the Solana Keypair.

Managing Agent Keys (Non-Custodial Keygen)

Crucial Security Concept: The developer never sees the private key.

  • Key Generation: Occurs inside the SGX Enclave during the first boot sequence.

  • Key Storage: The key is encrypted and stored in the TEE's sealed storage.

  • Key Usage: The ElizaOS runtime requests a signature. The TEE validates the request against the agent.config.json rules. If valid, it signs and returns the transaction signature.

Remote Attestation: Verifying Secure Code

How do users know the agent is really in a TEE?

Verification Process:

  1. Quote Generation: The TEE hardware produces a "Quote" containing the hash of the running code (MRENCLAVE).

  2. On-Chain Registry: CogniFi publishes the expected hash of the open-source agent code on Solana.

  3. Client-Side Check: The CogniTerminal frontend fetches the live quote from the agent and compares it to the on-chain registry.

    • Green Checkmark: The agent is running verified, immutable code.

    • Red Warning: The code has been tampered with or is running on insecure hardware.

PreviousCustom Actions (The Logic)NextMarket Mechanics

Last updated