Merge branch 'main' into dev/starknet-cleanup

Author: milancermak

.env.example

@@ -92,3 +92,33 @@ STARKNET_PRIVATE_KEY=
 STARKNET_RPC_URL=
 
 
+# Farcaster
+FARCASTER_HUB_URL=
+FARCASTER_FID=
+FARCASTER_PRIVATE_KEY=
+
+# Coinbase
+COINBASE_COMMERCE_KEY= # from coinbase developer portal
+COINBASE_API_KEY= # from coinbase developer portal
+COINBASE_PRIVATE_KEY= # from coinbase developer portal
+# if not configured it will be generated and written to runtime.character.settings.secrets.COINBASE_GENERATED_WALLET_ID and runtime.character.settings.secrets.COINBASE_GENERATED_WALLET_HEX_SEED
+COINBASE_GENERATED_WALLET_ID= # not your address but the wallet id from generating a wallet through the plugin
+COINBASE_GENERATED_WALLET_HEX_SEED= # not your address but the wallet hex seed from generating a wallet through the plugin and calling export
+
+# Conflux Configuration
+CONFLUX_CORE_PRIVATE_KEY=
+CONFLUX_CORE_SPACE_RPC_URL=
+CONFLUX_ESPACE_PRIVATE_KEY=
+CONFLUX_ESPACE_RPC_URL=
+CONFLUX_MEME_CONTRACT_ADDRESS=
+
+#ZeroG
+ZEROG_INDEXER_RPC=
+ZEROG_EVM_RPC=
+ZEROG_PRIVATE_KEY=
+ZEROG_FLOW_ADDRESS=
+
+
+# Coinbase Commerce
+COINBASE_COMMERCE_KEY=
+

.github/workflows/ci.yaml

@@ -25,13 +25,16 @@ jobs:
             - name: Run Prettier
               run: pnpm run prettier --check .
 
+            - name: Run Linter
+              run: pnpm run lint
+
             - name: Create test env file
               run: |
                   echo "TEST_DATABASE_CLIENT=sqlite" > packages/core/.env.test
                   echo "NODE_ENV=test" >> packages/core/.env.test
 
-            # - name: Run tests
-            # run: cd packages/core && pnpm test // YOLO FOR NOW
+            - name: Run tests
+              run: cd packages/core && pnpm test
 
             - name: Build packages
               run: pnpm run build

.gitignore

@@ -40,3 +40,5 @@ characters/
 packages/core/src/providers/cache
 packages/core/src/providers/cache/*
 cache/*
+packages/plugin-coinbase/src/plugins/transactions.csv
+packages/plugin-coinbase/package-lock.json

.husky/commit-msg

@@ -0,0 +1,125 @@
+# Security Policy
+
+## Supported Versions
+
+Given the early stage of the project, we currently only support the latest version with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.0.x   | :white_check_mark: |
+| < 0.0.1 | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of Eliza seriously. If you believe you have found a security vulnerability, please report it to us following these steps:
+
+### Private Reporting Process
+
+1. **DO NOT** create a public GitHub issue for the vulnerability
+2. Send an email to security@eliza.builders with:
+    - A detailed description of the vulnerability
+    - Steps to reproduce the issue
+    - Potential impact of the vulnerability
+    - Any possible mitigations you've identified
+
+### What to Expect
+
+-   **Initial Response**: Within 48 hours, you will receive an acknowledgment of your report
+-   **Updates**: We will provide updates every 5 business days about the progress
+-   **Resolution Timeline**: We aim to resolve critical issues within 15 days
+-   **Disclosure**: We will coordinate with you on the public disclosure timing
+
+## Security Best Practices
+
+### For Contributors
+
+1. **API Keys and Secrets**
+
+    - Never commit API keys, passwords, or other secrets to the repository
+    - Use environment variables as described in our secrets management guide
+    - Rotate any accidentally exposed credentials immediately
+
+2. **Dependencies**
+
+    - Keep all dependencies up to date
+    - Review security advisories for dependencies regularly
+    - Use `pnpm audit` to check for known vulnerabilities
+
+3. **Code Review**
+    - All code changes must go through pull request review
+    - Security-sensitive changes require additional review
+    - Enable branch protection on main branches
+
+### For Users
+
+1. **Environment Setup**
+
+    - Follow our [secrets management guide](docs/guides/secrets-management.md) for secure configuration
+    - Use separate API keys for development and production
+    - Regularly rotate credentials
+
+2. **Model Provider Security**
+
+    - Use appropriate rate limiting for API calls
+    - Monitor usage patterns for unusual activity
+    - Implement proper authentication for exposed endpoints
+
+3. **Platform Integration**
+    - Use separate bot tokens for different environments
+    - Implement proper permission scoping for platform APIs
+    - Regular audit of platform access and permissions
+
+## Security Features
+
+### Current Implementation
+
+-   Environment variable based secrets management
+-   Type-safe API implementations
+-   Automated dependency updates via Renovate
+-   Continuous Integration security checks
+
+### Planned Improvements
+
+1. **Q4 2024**
+
+    - Automated security scanning in CI pipeline
+    - Enhanced rate limiting implementation
+    - Improved audit logging
+
+2. **Q1 2025**
+    - Security-focused documentation improvements
+    - Enhanced platform permission management
+    - Automated vulnerability scanning
+
+## Vulnerability Disclosure Policy
+
+We follow a coordinated disclosure process:
+
+1. Reporter submits vulnerability details
+2. Our team validates and assesses the report
+3. We develop and test a fix
+4. Fix is deployed to supported versions
+5. Public disclosure after 30 days or by mutual agreement
+
+## Recognition
+
+We believe in recognizing security researchers who help improve our security. Contributors who report valid security issues will be:
+
+-   Credited in our security acknowledgments (unless they wish to remain anonymous)
+-   Added to our security hall of fame
+-   Considered for our bug bounty program (coming soon)
+
+## License Considerations
+
+As an MIT licensed project, users should understand:
+
+-   The software is provided "as is"
+-   No warranty is provided
+-   Users are responsible for their own security implementations
+-   Contributors grant perpetual license to their contributions
+
+## Contact
+
+-   Security Issues: security@eliza.builders
+-   General Questions: Join our [Discord](https://discord.gg/ai16z)
+-   Updates: Follow our [security advisory page](https://github.com/ai16z/eliza/security/advisories)

.husky/pre-commit

@@ -21,16 +21,19 @@
         "@ai16z/client-twitter": "workspace:*",
         "@ai16z/eliza": "workspace:*",
         "@ai16z/plugin-bootstrap": "workspace:*",
+        "@ai16z/plugin-conflux": "workspace:*",
         "@ai16z/plugin-image-generation": "workspace:*",
         "@ai16z/plugin-node": "workspace:*",
         "@ai16z/plugin-solana": "workspace:*",
+        "@ai16z/plugin-0g": "workspace:*",
         "@ai16z/plugin-starknet": "workspace:*",
-        "readline": "^1.3.0",
-        "ws": "^8.18.0",
+        "@ai16z/plugin-coinbase": "workspace:*",
+        "readline": "1.3.0",
+        "ws": "8.18.0",
         "yargs": "17.7.2"
     },
     "devDependencies": {
         "ts-node": "10.9.2",
-        "tsup": "^8.3.5"
+        "tsup": "8.3.5"
     }
 }

SECURITY.md

@@ -23,8 +23,14 @@ import {
     validateCharacterConfig,
 } from "@ai16z/eliza";
 import { bootstrapPlugin } from "@ai16z/plugin-bootstrap";
+import { confluxPlugin } from "@ai16z/plugin-conflux";
 import { solanaPlugin } from "@ai16z/plugin-solana";
+import { zgPlugin } from "@ai16z/plugin-0g";
 import { nodePlugin } from "@ai16z/plugin-node";
+import {
+    coinbaseCommercePlugin,
+    coinbaseMassPaymentsPlugin,
+} from "@ai16z/plugin-coinbase";
 import Database from "better-sqlite3";
 import fs from "fs";
 import readline from "readline";
@@ -177,6 +183,7 @@ function initializeDatabase(dataDir: string) {
     if (process.env.POSTGRES_URL) {
         const db = new PostgresDatabaseAdapter({
             connectionString: process.env.POSTGRES_URL,
+            parseInputs: true,
         });
         return db;
     } else {
@@ -228,6 +235,10 @@ export async function initializeClients(
     return clients;
 }
 
+function getSecret(character: Character, secret: string) {
+    return character.settings.secrets?.[secret] || process.env[secret];
+}
+
 export function createAgent(
     character: Character,
     db: IDatabaseAdapter,
@@ -247,8 +258,19 @@ export function createAgent(
         character,
         plugins: [
             bootstrapPlugin,
+            getSecret(character, "CONFLUX_CORE_PRIVATE_KEY")
+                ? confluxPlugin
+                : null,
             nodePlugin,
-            character.settings.secrets?.WALLET_PUBLIC_KEY ? solanaPlugin : null,
+            getSecret(character, "WALLET_PUBLIC_KEY") ? solanaPlugin : null,
+            getSecret(character, "ZEROG_PRIVATE_KEY") ? zgPlugin : null,
+            getSecret(character, "COINBASE_COMMERCE_KEY")
+                ? coinbaseCommercePlugin
+                : null,
+            getSecret(character, "COINBASE_API_KEY") &&
+                getSecret(character, "COINBASE_PRIVATE_KEY")
+                ? coinbaseMassPaymentsPlugin
+                : null,
         ].filter(Boolean),
         providers: [],
         actions: [],
@@ -270,7 +292,7 @@ function intializeDbCache(character: Character, db: IDatabaseCacheAdapter) {
     return cache;
 }
 
-async function startAgent(character: Character, directClient: DirectClient) {
+async function startAgent(character: Character, directClient: any) {
     try {
         character.id ??= stringToUuid(character.name);
         character.username ??= character.name;
@@ -320,7 +342,7 @@ const startAgents = async () => {
 
     try {
         for (const character of characters) {
-            await startAgent(character, directClient as DirectClient);
+            await startAgent(character, directClient as any);
         }
     } catch (error) {
         elizaLogger.error("Error starting agents:", error);

agent/package.json

@@ -4,7 +4,7 @@
         <meta charset="UTF-8" />
         <link rel="icon" type="image/svg+xml" href="/vite.svg" />
         <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-        <title>Vite + React + TS</title>
+        <title>Eliza</title>
     </head>
     <body>
         <div id="root"></div>