Skip to content

Commit 418b613

Browse files
Merge branch 'main' into resolve-conflicts
2 parents cda3c6c + a9d8417 commit 418b613

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+2762
-1584
lines changed

.env.example

+2-1
Original file line numberDiff line numberDiff line change
@@ -91,4 +91,5 @@ STARKNET_ADDRESS=
9191
STARKNET_PRIVATE_KEY=
9292
STARKNET_RPC_URL=
9393

94-
94+
# Coinbase Commerce
95+
COINBASE_COMMERCE_KEY=

SECURITY.md

+51-46
Original file line numberDiff line numberDiff line change
@@ -17,74 +17,79 @@ We take the security of Eliza seriously. If you believe you have found a securit
1717

1818
1. **DO NOT** create a public GitHub issue for the vulnerability
1919
2. Send an email to security@eliza.builders with:
20-
- A detailed description of the vulnerability
21-
- Steps to reproduce the issue
22-
- Potential impact of the vulnerability
23-
- Any possible mitigations you've identified
20+
- A detailed description of the vulnerability
21+
- Steps to reproduce the issue
22+
- Potential impact of the vulnerability
23+
- Any possible mitigations you've identified
2424

2525
### What to Expect
2626

27-
- **Initial Response**: Within 48 hours, you will receive an acknowledgment of your report
28-
- **Updates**: We will provide updates every 5 business days about the progress
29-
- **Resolution Timeline**: We aim to resolve critical issues within 15 days
30-
- **Disclosure**: We will coordinate with you on the public disclosure timing
27+
- **Initial Response**: Within 48 hours, you will receive an acknowledgment of your report
28+
- **Updates**: We will provide updates every 5 business days about the progress
29+
- **Resolution Timeline**: We aim to resolve critical issues within 15 days
30+
- **Disclosure**: We will coordinate with you on the public disclosure timing
3131

3232
## Security Best Practices
3333

3434
### For Contributors
3535

3636
1. **API Keys and Secrets**
37-
- Never commit API keys, passwords, or other secrets to the repository
38-
- Use environment variables as described in our secrets management guide
39-
- Rotate any accidentally exposed credentials immediately
37+
38+
- Never commit API keys, passwords, or other secrets to the repository
39+
- Use environment variables as described in our secrets management guide
40+
- Rotate any accidentally exposed credentials immediately
4041

4142
2. **Dependencies**
42-
- Keep all dependencies up to date
43-
- Review security advisories for dependencies regularly
44-
- Use `pnpm audit` to check for known vulnerabilities
43+
44+
- Keep all dependencies up to date
45+
- Review security advisories for dependencies regularly
46+
- Use `pnpm audit` to check for known vulnerabilities
4547

4648
3. **Code Review**
47-
- All code changes must go through pull request review
48-
- Security-sensitive changes require additional review
49-
- Enable branch protection on main branches
49+
- All code changes must go through pull request review
50+
- Security-sensitive changes require additional review
51+
- Enable branch protection on main branches
5052

5153
### For Users
5254

5355
1. **Environment Setup**
54-
- Follow our [secrets management guide](docs/guides/secrets-management.md) for secure configuration
55-
- Use separate API keys for development and production
56-
- Regularly rotate credentials
56+
57+
- Follow our [secrets management guide](docs/guides/secrets-management.md) for secure configuration
58+
- Use separate API keys for development and production
59+
- Regularly rotate credentials
5760

5861
2. **Model Provider Security**
59-
- Use appropriate rate limiting for API calls
60-
- Monitor usage patterns for unusual activity
61-
- Implement proper authentication for exposed endpoints
62+
63+
- Use appropriate rate limiting for API calls
64+
- Monitor usage patterns for unusual activity
65+
- Implement proper authentication for exposed endpoints
6266

6367
3. **Platform Integration**
64-
- Use separate bot tokens for different environments
65-
- Implement proper permission scoping for platform APIs
66-
- Regular audit of platform access and permissions
68+
- Use separate bot tokens for different environments
69+
- Implement proper permission scoping for platform APIs
70+
- Regular audit of platform access and permissions
6771

6872
## Security Features
6973

7074
### Current Implementation
7175

72-
- Environment variable based secrets management
73-
- Type-safe API implementations
74-
- Automated dependency updates via Renovate
75-
- Continuous Integration security checks
76+
- Environment variable based secrets management
77+
- Type-safe API implementations
78+
- Automated dependency updates via Renovate
79+
- Continuous Integration security checks
7680

7781
### Planned Improvements
7882

7983
1. **Q4 2024**
80-
- Automated security scanning in CI pipeline
81-
- Enhanced rate limiting implementation
82-
- Improved audit logging
84+
85+
- Automated security scanning in CI pipeline
86+
- Enhanced rate limiting implementation
87+
- Improved audit logging
8388

8489
2. **Q1 2025**
85-
- Security-focused documentation improvements
86-
- Enhanced platform permission management
87-
- Automated vulnerability scanning
90+
- Security-focused documentation improvements
91+
- Enhanced platform permission management
92+
- Automated vulnerability scanning
8893

8994
## Vulnerability Disclosure Policy
9095

@@ -100,21 +105,21 @@ We follow a coordinated disclosure process:
100105

101106
We believe in recognizing security researchers who help improve our security. Contributors who report valid security issues will be:
102107

103-
- Credited in our security acknowledgments (unless they wish to remain anonymous)
104-
- Added to our security hall of fame
105-
- Considered for our bug bounty program (coming soon)
108+
- Credited in our security acknowledgments (unless they wish to remain anonymous)
109+
- Added to our security hall of fame
110+
- Considered for our bug bounty program (coming soon)
106111

107112
## License Considerations
108113

109114
As an MIT licensed project, users should understand:
110115

111-
- The software is provided "as is"
112-
- No warranty is provided
113-
- Users are responsible for their own security implementations
114-
- Contributors grant perpetual license to their contributions
116+
- The software is provided "as is"
117+
- No warranty is provided
118+
- Users are responsible for their own security implementations
119+
- Contributors grant perpetual license to their contributions
115120

116121
## Contact
117122

118-
- Security Issues: security@eliza.builders
119-
- General Questions: Join our [Discord](https://discord.gg/ai16z)
120-
- Updates: Follow our [security advisory page](https://github.com/ai16z/eliza/security/advisories)
123+
- Security Issues: security@eliza.builders
124+
- General Questions: Join our [Discord](https://discord.gg/ai16z)
125+
- Updates: Follow our [security advisory page](https://github.com/ai16z/eliza/security/advisories)

agent/package.json

+1
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@
2525
"@ai16z/plugin-node": "workspace:*",
2626
"@ai16z/plugin-solana": "workspace:*",
2727
"@ai16z/plugin-starknet": "workspace:*",
28+
"@ai16z/plugin-coinbase": "workspace:*",
2829
"readline": "^1.3.0",
2930
"ws": "^8.18.0",
3031
"yargs": "17.7.2"

agent/src/index.ts

+5
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ import {
2525
import { bootstrapPlugin } from "@ai16z/plugin-bootstrap";
2626
import { solanaPlugin } from "@ai16z/plugin-solana";
2727
import { nodePlugin } from "@ai16z/plugin-node";
28+
import { coinbaseCommercePlugin } from "@ai16z/plugin-coinbase";
2829
import Database from "better-sqlite3";
2930
import fs from "fs";
3031
import readline from "readline";
@@ -249,6 +250,10 @@ export function createAgent(
249250
bootstrapPlugin,
250251
nodePlugin,
251252
character.settings.secrets?.WALLET_PUBLIC_KEY ? solanaPlugin : null,
253+
character.settings.secrets?.COINBASE_COMMERCE_KEY ||
254+
process.env.COINBASE_COMMERCE_KEY
255+
? coinbaseCommercePlugin
256+
: null,
252257
].filter(Boolean),
253258
providers: [],
254259
actions: [],

client/package.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@
2525
"devDependencies": {
2626
"@eslint/js": "^9.13.0",
2727
"@types/node": "22.8.4",
28-
"@types/react": "^18.3.12",
29-
"@types/react-dom": "^18.3.1",
28+
"@types/react": "18.3.12",
29+
"@types/react-dom": "18.3.1",
3030
"@vitejs/plugin-react": "^4.3.3",
3131
"autoprefixer": "^10.4.20",
3232
"eslint": "^9.13.0",

docs/docs/packages/plugins.md

+105
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,111 @@ const character = {
106106
};
107107
```
108108

109+
Here is the updated README with the Coinbase Commerce plugin information added:
110+
111+
---
112+
113+
# 🧩 Plugins
114+
115+
## Overview
116+
117+
Eliza's plugin system provides a modular way to extend the core functionality with additional features, actions, evaluators, and providers. Plugins are self-contained modules that can be easily added or removed to customize your agent's capabilities.
118+
119+
## Core Plugin Concepts
120+
121+
### Plugin Structure
122+
123+
Each plugin in Eliza must implement the `Plugin` interface with the following properties:
124+
125+
```typescript
126+
interface Plugin {
127+
name: string; // Unique identifier for the plugin
128+
description: string; // Brief description of plugin functionality
129+
actions?: Action[]; // Custom actions provided by the plugin
130+
evaluators?: Evaluator[]; // Custom evaluators for behavior assessment
131+
providers?: Provider[]; // Context providers for message generation
132+
services?: Service[]; // Additional services (optional)
133+
}
134+
```
135+
136+
### Available Plugins
137+
138+
#### 1. Bootstrap Plugin (`@eliza/plugin-bootstrap`)
139+
140+
The bootstrap plugin provides essential baseline functionality:
141+
142+
**Actions:**
143+
144+
- `continue` - Continue the current conversation flow
145+
- `followRoom` - Follow a room for updates
146+
- `unfollowRoom` - Unfollow a room
147+
- `ignore` - Ignore specific messages
148+
- `muteRoom` - Mute notifications from a room
149+
- `unmuteRoom` - Unmute notifications from a room
150+
151+
**Evaluators:**
152+
153+
- `fact` - Evaluate factual accuracy
154+
- `goal` - Assess goal completion
155+
156+
**Providers:**
157+
158+
- `boredom` - Manages engagement levels
159+
- `time` - Provides temporal context
160+
- `facts` - Supplies factual information
161+
162+
#### 2. Image Generation Plugin (`@eliza/plugin-image-generation`)
163+
164+
Enables AI image generation capabilities:
165+
166+
**Actions:**
167+
168+
- `GENERATE_IMAGE` - Create images based on text descriptions
169+
- Supports multiple image generation services (Anthropic, Together)
170+
- Auto-generates captions for created images
171+
172+
#### 3. Node Plugin (`@eliza/plugin-node`)
173+
174+
Provides core Node.js-based services:
175+
176+
**Services:**
177+
178+
- `BrowserService` - Web browsing capabilities
179+
- `ImageDescriptionService` - Image analysis
180+
- `LlamaService` - LLM integration
181+
- `PdfService` - PDF processing
182+
- `SpeechService` - Text-to-speech
183+
- `TranscriptionService` - Speech-to-text
184+
- `VideoService` - Video processing
185+
186+
#### 4. Solana Plugin (`@eliza/plugin-solana`)
187+
188+
Integrates Solana blockchain functionality:
189+
190+
**Evaluators:**
191+
192+
- `trustEvaluator` - Assess transaction trust scores
193+
194+
**Providers:**
195+
196+
- `walletProvider` - Wallet management
197+
- `trustScoreProvider` - Transaction trust metrics
198+
199+
#### 5. Coinbase Commerce Plugin (`@eliza/plugin-coinbase-commerce`)
200+
201+
Integrates Coinbase Commerce for payment and transaction management:
202+
203+
**Actions:**
204+
205+
- `CREATE_CHARGE` - Create a payment charge using Coinbase Commerce
206+
- `GET_ALL_CHARGES` - Fetch all payment charges
207+
- `GET_CHARGE_DETAILS` - Retrieve details for a specific charge
208+
209+
**Description:**
210+
This plugin enables Eliza to interact with the Coinbase Commerce API to create and manage payment charges, providing seamless integration with cryptocurrency-based payment systems.
211+
212+
---
213+
109214
### Writing Custom Plugins
110215

111216
Create a new plugin by implementing the Plugin interface:

docs/package.json

+2-2
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,8 @@
2525
"clsx": "2.1.0",
2626
"docusaurus-lunr-search": "^3.5.0",
2727
"prism-react-renderer": "2.3.1",
28-
"react": "18.2.0",
29-
"react-dom": "18.2.0",
28+
"react": "18.3.1",
29+
"react-dom": "18.3.1",
3030
"react-router-dom": "6.22.1"
3131
},
3232
"devDependencies": {

package.json

+2-1
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,8 @@
4747
"dependencies": {
4848
"ollama-ai-provider": "^0.16.1",
4949
"optional": "^0.1.4",
50-
"sharp": "^0.33.5"
50+
"sharp": "^0.33.5",
51+
"tslog": "^4.9.3"
5152
},
5253
"packageManager": "pnpm@9.12.3+sha512.cce0f9de9c5a7c95bef944169cc5dfe8741abfb145078c0d508b868056848a87c81e626246cb60967cbd7fd29a6c062ef73ff840d96b3c86c40ac92cf4a813ee"
5354
}

0 commit comments

Comments
 (0)