陌讯skills聚合平台

eigen-compute

📁 zeeshan8281/eigen-skills 📅 7 days ago
2
总安装量
2
周安装量
#75613
全站排名
安装命令
npx skills add https://github.com/zeeshan8281/eigen-skills --skill eigen-compute

Agent 安装分布

opencode 2
gemini-cli 2
antigravity 2
github-copilot 2
codex 2
kimi-cli 2

Skill 文档

EigenCompute Skill

Deploy, manage, and attest applications running inside EigenCompute TEE (Trusted Execution Environment) powered by Intel TDX.

What is EigenCompute?

EigenCompute runs your Docker containers inside hardware-isolated Intel TDX TEEs. Each deployed app gets:

  • Encrypted memory — the host cannot read your app’s data
  • Unique wallet — cryptographic identity per deployment
  • KMS signing key — at /usr/local/bin/kms-signing-public-key.pem
  • Sealed secrets — env vars are unsealed inside the TEE at runtime
  • Cryptographic attestation — verifiable proof of what code is running

Prerequisites

Install the ecloud CLI:

npm install -g @layr-labs/ecloud-cli

When to use this skill

Use when the user asks about:

  • Deploying to EigenCompute / TEE / EigenCloud
  • Checking app status, logs, or info
  • TEE attestation or verification
  • Managing EigenCompute apps (start, stop, terminate)
  • Dockerfile setup for TEE deployment
  • KMS signing or sealed secrets
  • EigenCompute troubleshooting

How to use

Authentication

# Login with existing key
ecloud auth login

# Or generate a new key
ecloud auth generate --store

# Check who you're authenticated as
ecloud auth whoami

Create a new app from template

ecloud compute app create --name my-app --language typescript
# Languages: typescript, python, golang, rust

Deploy from Dockerfile (recommended)

ecloud compute app deploy
  • Select “Build and deploy from Dockerfile” (most reliable method)
  • Choose Linux/AMD64 (standard TEE architecture)
  • Estimated cost: ~0.008 ETH per deploy (Sepolia testnet)

IMPORTANT: “Deploy from registry” method is unreliable — apps often end up in Status: Unknown with no error. Always use “Build from Dockerfile”.

Check app status

# List all your apps
ecloud compute app list

# Get info for a specific app
ecloud compute app info <APP_ID>

# View logs (may require admin permissions)
ecloud compute app logs <APP_ID>

Set environment variables (sealed secrets)

ecloud compute app env set \
  MY_SECRET="value" \
  API_KEY="key"

Note: You cannot inspect sealed secrets after they’re set. Verify through your app’s logging.

App lifecycle

# Start a stopped app
ecloud compute app start <APP_ID>

# Stop a running app
ecloud compute app stop <APP_ID>

# Terminate (permanent — creates new App ID on redeploy)
ecloud compute app terminate <APP_ID>

Upgrade (update running app)

ecloud compute app upgrade <APP_ID>

TEE Container Internals

Inside the TEE container, these are available:

Path What
/usr/local/bin/compute-source-env.sh Sources sealed env vars at runtime
/usr/local/bin/kms-signing-public-key.pem KMS signing public key
/usr/local/bin/kms-client KMS signing client binary

Entrypoint pattern for TEE

#!/bin/bash
# Source sealed secrets
if [ -f "/usr/local/bin/compute-source-env.sh" ]; then
    source /usr/local/bin/compute-source-env.sh
fi

# Start your app
node server.js

Dockerfile pattern for TEE

FROM node:20-slim
WORKDIR /app
COPY package*.json ./
RUN npm ci --production
COPY . .
EXPOSE 3000
ENTRYPOINT ["bash", "entrypoint.sh"]

TEE Attestation

Collect attestation data to prove your app runs in a real TEE:

const crypto = require('crypto');
const fs = require('fs');

function getAttestation() {
    return {
        appId: process.env.ECLOUD_APP_ID || null,
        platform: 'Intel TDX (EigenCompute)',
        kmsKeyFingerprint: getKMSFingerprint(),
        nodeVersion: process.version,
        uptimeSeconds: Math.floor(process.uptime()),
        timestamp: new Date().toISOString(),
    };
}

function getKMSFingerprint() {
    try {
        const pem = fs.readFileSync('/usr/local/bin/kms-signing-public-key.pem', 'utf-8');
        return 'sha256:' + crypto.createHash('sha256').update(pem.trim()).digest('hex');
    } catch { return null; }
}

Verify at: https://verify-sepolia.eigencloud.xyz

Known Issues & Workarounds

  • 429 rate limiting — The API rate-limits aggressively after deploys. Wait 30-60s before running app list or app info.
  • Logs 403 — Even with “admin viewable” selected, app logs may return 403. Add logging within your app and expose it via HTTP as a workaround.
  • IP changes on every deploy — No static IP. Don’t hardcode IPs in DNS or webhooks.
  • App ID changes on terminate + redeploy — No persistent identity across deploys.
  • Secret rotation requires full redeploy — No way to update env vars without terminate + deploy.

Programmatic Usage

const EigenCompute = require('eigen-skills/skills/eigen-compute/scripts/compute-api');
const compute = new EigenCompute();

// These are wrappers around the ecloud CLI
const apps = await compute.listApps();
const info = await compute.getAppInfo('APP_ID');
const attestation = compute.collectAttestation();
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。