X Account encumbrance with Twitter Agent Service

This post provides a detailed breakdown of how we encumbered a Twitter (X.com) account using the Twitter Agent Service, an AI-powered solution designed to securely manage and expose Twitter API keys and access tokens inside an Oyster Enclave. Through this setup, we were able to facilitate verifiable tweeting while ensuring sensitive credentials remained protected.

What is an Encumbered Twitter Account?

An encumbered Twitter account is an account that, once entrusted to the Twitter Agent Service, can no longer be accessed or recovered by its original user. Instead, the Twitter Agent Service becomes the sole controller of the account, securely managing its credentials and handling all interactions. This setup ensures that tweets can only be posted under predefined conditions, providing a structured and verifiable mechanism for automated engagement while eliminating the risk of unauthorized access or human intervention.

In the next few steps, we’ll walk through the entire process—how we set up the necessary accounts, deployed the service on Marlin CVM, and integrated it into an application to post tweets from an encumbered account.

1. Creating an Email & Twitter Account

The first step was to create a new Tuta email account, which was required to register a Twitter account. Tuta was chosen because:

• It doesn’t require a backup email during signup.
• The recovery phrase (the sole recovery method) can be regenerated, making it impossible for the original user to restore account access once it’s handed over to the twitter-agent-service.

Using this Tuta email, we registered a Twitter account and created an application on the Twitter Developer Portal. This Twitter application will be used by the twitter-agent-service to fetch access tokens and API keys for API interactions.

2. Ensuring Account Encumbrance with Twitter Agent Service

To enforce account encumbrance and prevent unauthorized access, we developed the Twitter Agent Service, which operates inside the Oyster Enclave. This service acts as a fully automated intermediary that:

• Manages Twitter account credentials
• Resets email and Twitter passwords
• Regenerates API keys and access tokens

How Twitter Agent Service Works

The Twitter Agent Service utilizes browser-use, an AI agent that interacts with Tuta and Twitter through a browser. It performs the following operations:

1. Resetting the Tuta Email Password

   • Logs into the Tuta email account.
   • Regenerates the recovery phrase.
   • Updates the password using a KMS-generated password, ensuring the old password is discarded.

2. Resetting the Twitter Password

   • Logs into the Twitter account via browser-use.
   • Updates the Twitter password with a new KMS-generated password.

3. Regenerating Twitter API Keys & Access Tokens

   • Logs into the Twitter Developer Portal.
   • Revokes old API keys and access tokens.
   • Generates new API credentials, ensuring previous keys become obsolete.
   • Stores the newly generated credentials securely inside the enclave.

Secure Password Management with Marlin KMS for Twitter Account Recovery

Marlin KMS (Key Management System) ensures that the Twitter account password is securely managed and restored without being exposed to anyone.

• Deterministic Password Generation:
  The twitter-agent-service fetches binary data from the Marlin KMS endpoint, hashes it, and uses the hashed value as the password for the email and Twitter account.

• Consistent Access Across Boots:
  As long as the .env file credentials remain unchanged, Marlin KMS will return the same binary data on every boot. This ensures that the twitter-agent-service maintains access to the account between reboots without storing the password persistently.

• Complete Isolation & Security:
  Since the password is derived dynamically from KMS and never stored, it remains completely secure, ensuring account recovery without exposure to any external entity.

  For more details, refer to the Marlin KMS Documentation.

All of these actions are executed within the Oyster Enclave using browser-use, ensuring zero human intervention. Since passwords and keys are reset, no external entity can gain access to the account once the new token and API key generation process is completed.

3. Tweet Posting via Smart Contract Using Twitter Agent Service

With API credentials securely managed inside the enclave, we developed the Tweet-with-Contract application, which listens for on-chain events and posts tweets accordingly.

Tweet Posting Workflow

1. A user calls the tweet function on a smart contract, passing the tweet as a string.
2. The contract emits a NewTweet event, broadcasting the tweet content.
3. The Tweet-with-Contract application, running inside the enclave, listens for this event.
4. It fetches the API keys and access tokens generated by the Twitter Agent Service.
5. The tweet is posted using the Twitter API, ensuring all operations remain inside the enclave for security.

Deploying the Setup

To run the Twitter Agent Service and the Tweet-with-Contract application in a secure enclave environment, deployment was carried out on Marlin CVM using the following steps:

1. The TweetWithOysterAgentService.sol smart contract was deployed on Arbitrum Sepolia.

   Note: The contract charges 0.0001 ETH per tweet, transferring the fee to the contract deployer.

2. The tweet-with-contract repository was cloned, and environment variable files were configured as follows:

   • .env

     USERNAME=
     USER_EMAIL=
     X_APP_NAME=
     

   • .env.secrets

     OPENAI_API_KEY=
     USER_PASSWORD=
     USER_EMAIL_PASSWORD=
     

   • .env.twc

     CONTRACT_ADDRESS=
     PORT=
     

   • .env.twc.secrets

     RPC_URL=
     

3. The entire setup was deployed on Marlin CVM with the help of the CLI:

   oyster-cvm deploy --wallet-private-key *** \
     --pcr-preset base/blue/v1.0.0/amd64 \
     --duration-in-minutes 60 \
     --docker-compose docker-compose.yml \
     --operator *** \
     --instance-type r6i.xlarge \
     --image-url https://artifacts.marlin.org/oyster/eifs/base-blue_v1.0.0_linux_amd64.eif \
     --init-params ".env:1:0:file:.env" \
     --init-params ".env.secrets:1:0:file:.env.secrets" \
     --init-params ".env.twc:0:1:file:.env.twc" \
     --init-params ".env.twc.secrets:0:1:file:.env.twc.secrets"
   

4. API keys and Access tokens were generated inside the enclave using the following endpoint

    curl {oyster-enclave-ip}:{tweet-with-contract-port}/generate_access_keys
   

   This endpoint only generates keys within the enclave; it does not return them.

5. The event listener for the smart contract event was started using the following endpoint

   curl {oyster-enclave-ip}:{tweet-with-contract-port}/start_listening_for_tweet_events
   

With this deployment, the Tweet-with-Contract service became fully operational, allowing tweets to be posted via smart contract calls while ensuring API keys remained securely managed inside the enclave.

Sample tweet from an encumbered twitter account : https://x.com/juliussalad88/status/1906578632329568398

4. Verifying Encumbrance

To confirm that our encumbrance mechanisms were effective, we executed a verification request:

curl {oyster_enclave_ip}:8888/verify_encumbrance  

This endpoint provides the following guarantees:

• The password for the Twitter account is known only to the enclave.
• The password for the email account is known only to the enclave.
• The Twitter account cannot be recovered as there is no backup email and the email matches the provided email ID.
• There is only one app on the X developer portal, and its name matches the enclave-provided app name.
• The access tokens and API keys for the twitter account were regenerated.

5. Conclusion

In conclusion, the Twitter Agent Service, deployed within the Oyster Enclave, successfully enables verifiable and automated tweeting while maintaining strict encumbrance of Twitter account credentials. By leveraging browser-use, the service ensures that sensitive information—such as passwords, API keys, and access tokens—remains inaccessible to external entities.

Through smart contract integration, the Tweet-with-Contract application allows users to trigger tweets directly from an on-chain transaction. This approach not only secures Twitter account credentials but also demonstrates a robust method for trustless, enclave-based social media automation.