Skip to content

Commit 8b6cc8d

Browse files
committed
Merge branch 'main' into dev/starknet-cleanup
2 parents 3a30ce4 + 0355ab6 commit 8b6cc8d

File tree

324 files changed

+24462
-3970
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

324 files changed

+24462
-3970
lines changed

.env.example

+30
Original file line numberDiff line numberDiff line change
@@ -92,3 +92,33 @@ STARKNET_PRIVATE_KEY=
9292
STARKNET_RPC_URL=
9393

9494

95+
# Farcaster
96+
FARCASTER_HUB_URL=
97+
FARCASTER_FID=
98+
FARCASTER_PRIVATE_KEY=
99+
100+
# Coinbase
101+
COINBASE_COMMERCE_KEY= # from coinbase developer portal
102+
COINBASE_API_KEY= # from coinbase developer portal
103+
COINBASE_PRIVATE_KEY= # from coinbase developer portal
104+
# if not configured it will be generated and written to runtime.character.settings.secrets.COINBASE_GENERATED_WALLET_ID and runtime.character.settings.secrets.COINBASE_GENERATED_WALLET_HEX_SEED
105+
COINBASE_GENERATED_WALLET_ID= # not your address but the wallet id from generating a wallet through the plugin
106+
COINBASE_GENERATED_WALLET_HEX_SEED= # not your address but the wallet hex seed from generating a wallet through the plugin and calling export
107+
108+
# Conflux Configuration
109+
CONFLUX_CORE_PRIVATE_KEY=
110+
CONFLUX_CORE_SPACE_RPC_URL=
111+
CONFLUX_ESPACE_PRIVATE_KEY=
112+
CONFLUX_ESPACE_RPC_URL=
113+
CONFLUX_MEME_CONTRACT_ADDRESS=
114+
115+
#ZeroG
116+
ZEROG_INDEXER_RPC=
117+
ZEROG_EVM_RPC=
118+
ZEROG_PRIVATE_KEY=
119+
ZEROG_FLOW_ADDRESS=
120+
121+
122+
# Coinbase Commerce
123+
COINBASE_COMMERCE_KEY=
124+

.github/workflows/ci.yaml

+5-2
Original file line numberDiff line numberDiff line change
@@ -25,13 +25,16 @@ jobs:
2525
- name: Run Prettier
2626
run: pnpm run prettier --check .
2727

28+
- name: Run Linter
29+
run: pnpm run lint
30+
2831
- name: Create test env file
2932
run: |
3033
echo "TEST_DATABASE_CLIENT=sqlite" > packages/core/.env.test
3134
echo "NODE_ENV=test" >> packages/core/.env.test
3235
33-
# - name: Run tests
34-
# run: cd packages/core && pnpm test // YOLO FOR NOW
36+
- name: Run tests
37+
run: cd packages/core && pnpm test
3538

3639
- name: Build packages
3740
run: pnpm run build

.gitignore

+2
Original file line numberDiff line numberDiff line change
@@ -40,3 +40,5 @@ characters/
4040
packages/core/src/providers/cache
4141
packages/core/src/providers/cache/*
4242
cache/*
43+
packages/plugin-coinbase/src/plugins/transactions.csv
44+
packages/plugin-coinbase/package-lock.json

.husky/commit-msg

-12
This file was deleted.

.husky/pre-commit

-1
This file was deleted.

SECURITY.md

+125
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,125 @@
1+
# Security Policy
2+
3+
## Supported Versions
4+
5+
Given the early stage of the project, we currently only support the latest version with security updates:
6+
7+
| Version | Supported |
8+
| ------- | ------------------ |
9+
| 0.0.x | :white_check_mark: |
10+
| < 0.0.1 | :x: |
11+
12+
## Reporting a Vulnerability
13+
14+
We take the security of Eliza seriously. If you believe you have found a security vulnerability, please report it to us following these steps:
15+
16+
### Private Reporting Process
17+
18+
1. **DO NOT** create a public GitHub issue for the vulnerability
19+
2. Send an email to security@eliza.builders with:
20+
- A detailed description of the vulnerability
21+
- Steps to reproduce the issue
22+
- Potential impact of the vulnerability
23+
- Any possible mitigations you've identified
24+
25+
### What to Expect
26+
27+
- **Initial Response**: Within 48 hours, you will receive an acknowledgment of your report
28+
- **Updates**: We will provide updates every 5 business days about the progress
29+
- **Resolution Timeline**: We aim to resolve critical issues within 15 days
30+
- **Disclosure**: We will coordinate with you on the public disclosure timing
31+
32+
## Security Best Practices
33+
34+
### For Contributors
35+
36+
1. **API Keys and Secrets**
37+
38+
- Never commit API keys, passwords, or other secrets to the repository
39+
- Use environment variables as described in our secrets management guide
40+
- Rotate any accidentally exposed credentials immediately
41+
42+
2. **Dependencies**
43+
44+
- Keep all dependencies up to date
45+
- Review security advisories for dependencies regularly
46+
- Use `pnpm audit` to check for known vulnerabilities
47+
48+
3. **Code Review**
49+
- All code changes must go through pull request review
50+
- Security-sensitive changes require additional review
51+
- Enable branch protection on main branches
52+
53+
### For Users
54+
55+
1. **Environment Setup**
56+
57+
- Follow our [secrets management guide](docs/guides/secrets-management.md) for secure configuration
58+
- Use separate API keys for development and production
59+
- Regularly rotate credentials
60+
61+
2. **Model Provider Security**
62+
63+
- Use appropriate rate limiting for API calls
64+
- Monitor usage patterns for unusual activity
65+
- Implement proper authentication for exposed endpoints
66+
67+
3. **Platform Integration**
68+
- Use separate bot tokens for different environments
69+
- Implement proper permission scoping for platform APIs
70+
- Regular audit of platform access and permissions
71+
72+
## Security Features
73+
74+
### Current Implementation
75+
76+
- Environment variable based secrets management
77+
- Type-safe API implementations
78+
- Automated dependency updates via Renovate
79+
- Continuous Integration security checks
80+
81+
### Planned Improvements
82+
83+
1. **Q4 2024**
84+
85+
- Automated security scanning in CI pipeline
86+
- Enhanced rate limiting implementation
87+
- Improved audit logging
88+
89+
2. **Q1 2025**
90+
- Security-focused documentation improvements
91+
- Enhanced platform permission management
92+
- Automated vulnerability scanning
93+
94+
## Vulnerability Disclosure Policy
95+
96+
We follow a coordinated disclosure process:
97+
98+
1. Reporter submits vulnerability details
99+
2. Our team validates and assesses the report
100+
3. We develop and test a fix
101+
4. Fix is deployed to supported versions
102+
5. Public disclosure after 30 days or by mutual agreement
103+
104+
## Recognition
105+
106+
We believe in recognizing security researchers who help improve our security. Contributors who report valid security issues will be:
107+
108+
- Credited in our security acknowledgments (unless they wish to remain anonymous)
109+
- Added to our security hall of fame
110+
- Considered for our bug bounty program (coming soon)
111+
112+
## License Considerations
113+
114+
As an MIT licensed project, users should understand:
115+
116+
- The software is provided "as is"
117+
- No warranty is provided
118+
- Users are responsible for their own security implementations
119+
- Contributors grant perpetual license to their contributions
120+
121+
## Contact
122+
123+
- Security Issues: security@eliza.builders
124+
- General Questions: Join our [Discord](https://discord.gg/ai16z)
125+
- Updates: Follow our [security advisory page](https://github.com/ai16z/eliza/security/advisories)

agent/package.json

+6-3
Original file line numberDiff line numberDiff line change
@@ -21,16 +21,19 @@
2121
"@ai16z/client-twitter": "workspace:*",
2222
"@ai16z/eliza": "workspace:*",
2323
"@ai16z/plugin-bootstrap": "workspace:*",
24+
"@ai16z/plugin-conflux": "workspace:*",
2425
"@ai16z/plugin-image-generation": "workspace:*",
2526
"@ai16z/plugin-node": "workspace:*",
2627
"@ai16z/plugin-solana": "workspace:*",
28+
"@ai16z/plugin-0g": "workspace:*",
2729
"@ai16z/plugin-starknet": "workspace:*",
28-
"readline": "^1.3.0",
29-
"ws": "^8.18.0",
30+
"@ai16z/plugin-coinbase": "workspace:*",
31+
"readline": "1.3.0",
32+
"ws": "8.18.0",
3033
"yargs": "17.7.2"
3134
},
3235
"devDependencies": {
3336
"ts-node": "10.9.2",
34-
"tsup": "^8.3.5"
37+
"tsup": "8.3.5"
3538
}
3639
}

agent/src/index.ts

+25-3
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,14 @@ import {
2323
validateCharacterConfig,
2424
} from "@ai16z/eliza";
2525
import { bootstrapPlugin } from "@ai16z/plugin-bootstrap";
26+
import { confluxPlugin } from "@ai16z/plugin-conflux";
2627
import { solanaPlugin } from "@ai16z/plugin-solana";
28+
import { zgPlugin } from "@ai16z/plugin-0g";
2729
import { nodePlugin } from "@ai16z/plugin-node";
30+
import {
31+
coinbaseCommercePlugin,
32+
coinbaseMassPaymentsPlugin,
33+
} from "@ai16z/plugin-coinbase";
2834
import Database from "better-sqlite3";
2935
import fs from "fs";
3036
import readline from "readline";
@@ -177,6 +183,7 @@ function initializeDatabase(dataDir: string) {
177183
if (process.env.POSTGRES_URL) {
178184
const db = new PostgresDatabaseAdapter({
179185
connectionString: process.env.POSTGRES_URL,
186+
parseInputs: true,
180187
});
181188
return db;
182189
} else {
@@ -228,6 +235,10 @@ export async function initializeClients(
228235
return clients;
229236
}
230237

238+
function getSecret(character: Character, secret: string) {
239+
return character.settings.secrets?.[secret] || process.env[secret];
240+
}
241+
231242
export function createAgent(
232243
character: Character,
233244
db: IDatabaseAdapter,
@@ -247,8 +258,19 @@ export function createAgent(
247258
character,
248259
plugins: [
249260
bootstrapPlugin,
261+
getSecret(character, "CONFLUX_CORE_PRIVATE_KEY")
262+
? confluxPlugin
263+
: null,
250264
nodePlugin,
251-
character.settings.secrets?.WALLET_PUBLIC_KEY ? solanaPlugin : null,
265+
getSecret(character, "WALLET_PUBLIC_KEY") ? solanaPlugin : null,
266+
getSecret(character, "ZEROG_PRIVATE_KEY") ? zgPlugin : null,
267+
getSecret(character, "COINBASE_COMMERCE_KEY")
268+
? coinbaseCommercePlugin
269+
: null,
270+
getSecret(character, "COINBASE_API_KEY") &&
271+
getSecret(character, "COINBASE_PRIVATE_KEY")
272+
? coinbaseMassPaymentsPlugin
273+
: null,
252274
].filter(Boolean),
253275
providers: [],
254276
actions: [],
@@ -270,7 +292,7 @@ function intializeDbCache(character: Character, db: IDatabaseCacheAdapter) {
270292
return cache;
271293
}
272294

273-
async function startAgent(character: Character, directClient: DirectClient) {
295+
async function startAgent(character: Character, directClient: any) {
274296
try {
275297
character.id ??= stringToUuid(character.name);
276298
character.username ??= character.name;
@@ -320,7 +342,7 @@ const startAgents = async () => {
320342

321343
try {
322344
for (const character of characters) {
323-
await startAgent(character, directClient as DirectClient);
345+
await startAgent(character, directClient as any);
324346
}
325347
} catch (error) {
326348
elizaLogger.error("Error starting agents:", error);

client/README.md

-50
This file was deleted.

client/index.html

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<meta charset="UTF-8" />
55
<link rel="icon" type="image/svg+xml" href="/vite.svg" />
66
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
7-
<title>Vite + React + TS</title>
7+
<title>Eliza</title>
88
</head>
99
<body>
1010
<div id="root"></div>

0 commit comments

Comments
 (0)