Skip to main content

TL;DR

  • ERC-8004 gives us onchain primitives to register and discover trustless agents.
  • To make those registrations meaningful, you want verifiable runtime evidence, not just a signature.
  • Confidential VMs (CVMs) running dstack to deliver deterministic key derivation + remote attestation so your agent can prove where it executed.
  • Phala Cloud wraps this in a bow: VibeVM templates, an onchain KMS/registry workflow, and (optionally) confidential inference (GPU TEE) support.
  • This post walks the whole flow: deploy a CVM → produce attestation → register identity on Sepolia → verify via TEERegistry.

Why Trustless Agents Matter

Distributed systems increasingly outsource work to off-chain agents—indexers, oracles, model inference, payment relays. When an agent signs a statement or moves value, a bare signature only proves key possession, not execution context. The missing link is provenance: did this response come from the runtime I expect? ERC-8004 gives us a compact onchain model for agent identity and discovery. Pair it with TEE-backed CVMs and you get the runtime receipts you’ve been wishing for: attested execution. Explore more confidential AI agent use cases and implementations.

What’s broken today (and how we fix it)

  • Agents are usually deployed ad hoc; signed responses alone don’t say anything about where the code ran.
  • Keys can be copied; logs can be forged; environments can be jailbroken.
  • What agents actually need:
    1. Deterministic key material derived inside the runtime.
    2. Remote attestation that binds keys + code measurements to a platform identity.
    3. Onchain discovery so other contracts/clients can programmatically verify them.
ERC-8004 covers the onchain identity/registry. TEEs + CVMs supply runtime evidence. Phala Cloud ties it all together with templates, SDKs, and an onchain governance/KMS model.

Deploy Your ERC-8004 Agent in TEE

Pre-reqs

  • Phala Cloud account
  • GitHub account (token only needed if cloning private repos)
  • Wallet with ETH Sepolia funds for registration/funding

1) Deploy VibeVM: the TEE coding environment

2) Configure the CVM

  • OS: dstack-dev-0.5.x or newer
  • Instance: Large TDX, 4 vCPU, 8 GB RAM, >40 GB storage
  • Set Encrypted Secrets (remember to change the password): 
    VIBEVM_AUTH_ENABLED=true
VIBEVM_USERNAME=vibe
VIBEVM_PASSWORD=vibevm4454
GITHUB_REPO=https://github.com/Phala-Network/erc-8004-tee-agent
# optional if the repo is private
GH_TOKEN=<token>
CVM Configuration
Tip: GH_TOKEN only needed for private repos.

3) Deploy & open VibeVM

  • Click Deploy and let provisioning finish.
  • Open View details → Networks and click the URL with port 8080 to open the frontend.
Network Details

4) Sign into the VibeVM frontend

  • Use the credentials you set.
  • You’ll land in a VSCode server with the repo already cloned.
VibeVM Login

5) Prep the agent

In the VSCode server terminal: 
cd erc-8004-tee-agent
cp .env.example .env
# Edit .env:
# AGENT_DOMAIN=<your-domain>
# REDPILL_API_KEY=<your-key>  # generate in Phala dashboard: /dashboard/confidential-ai-api
Environment Configuration

6) Build & run

pip3 install -e .
python3 deployment/local_agent_server.py
Service should come up at: 
https://<dstack-app-id>-8000.<dstack-gateway-domain>
Agent Running

7) Register & fund the agent

Agent Registration Registration Transaction

8) Verify attestation via TEERegistry

TEERegistry Verification

9) Talk to the agent

  • Hit the Agent API. You should get signed responses whose key matches what you registered, and whose runtime is backed by the TEE attestation onchain.

Architecture

Conclusion

ERC-8004 + TEE on Phala Cloud give you a practical path to trustless agents: deterministic keys, remote attestations, and onchain identity—wrapped in a dev flow that feels like spinning up a regular VM, just with superpowers.

Resources