Merge branch 'main' into ungate/dev

Author: VarKrishin

.env.example

@@ -91,10 +91,15 @@ STARKNET_ADDRESS=
 STARKNET_PRIVATE_KEY=
 STARKNET_RPC_URL=
 
+
 # runtime management of character agents
 FETCH_FROM_DB=false                         #During startup, fetch the characters from the database
 ENCRYPTION_KEY=                             #mandatory field if FETCH_FROM_DB or AGENT_RUNTIME_MANAGEMENT is true, 
                                             #used to encrypt the secrets of characters 
 AGENT_RUNTIME_MANAGEMENT=false              #Enable runtime management of character agents
 AGENT_PORT=3001                             #port for the runtime management of character agents if empty default 3001
 
+
+# Coinbase Commerce
+COINBASE_COMMERCE_KEY=
+

.github/workflows/ci.yaml

@@ -25,6 +25,9 @@ jobs:
             - name: Run Prettier
               run: pnpm run prettier --check .
 
+            - name: Run Linter
+              run: pnpm run lint
+
             - name: Create test env file
               run: |
                   echo "TEST_DATABASE_CLIENT=sqlite" > packages/core/.env.test

.husky/pre-commit

@@ -1 +1,2 @@
 pnpm run prettier-check
+pnpm run lint

SECURITY.md

@@ -0,0 +1,125 @@
+# Security Policy
+
+## Supported Versions
+
+Given the early stage of the project, we currently only support the latest version with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.0.x   | :white_check_mark: |
+| < 0.0.1 | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of Eliza seriously. If you believe you have found a security vulnerability, please report it to us following these steps:
+
+### Private Reporting Process
+
+1. **DO NOT** create a public GitHub issue for the vulnerability
+2. Send an email to security@eliza.builders with:
+    - A detailed description of the vulnerability
+    - Steps to reproduce the issue
+    - Potential impact of the vulnerability
+    - Any possible mitigations you've identified
+
+### What to Expect
+
+-   **Initial Response**: Within 48 hours, you will receive an acknowledgment of your report
+-   **Updates**: We will provide updates every 5 business days about the progress
+-   **Resolution Timeline**: We aim to resolve critical issues within 15 days
+-   **Disclosure**: We will coordinate with you on the public disclosure timing
+
+## Security Best Practices
+
+### For Contributors
+
+1. **API Keys and Secrets**
+
+    - Never commit API keys, passwords, or other secrets to the repository
+    - Use environment variables as described in our secrets management guide
+    - Rotate any accidentally exposed credentials immediately
+
+2. **Dependencies**
+
+    - Keep all dependencies up to date
+    - Review security advisories for dependencies regularly
+    - Use `pnpm audit` to check for known vulnerabilities
+
+3. **Code Review**
+    - All code changes must go through pull request review
+    - Security-sensitive changes require additional review
+    - Enable branch protection on main branches
+
+### For Users
+
+1. **Environment Setup**
+
+    - Follow our [secrets management guide](docs/guides/secrets-management.md) for secure configuration
+    - Use separate API keys for development and production
+    - Regularly rotate credentials
+
+2. **Model Provider Security**
+
+    - Use appropriate rate limiting for API calls
+    - Monitor usage patterns for unusual activity
+    - Implement proper authentication for exposed endpoints
+
+3. **Platform Integration**
+    - Use separate bot tokens for different environments
+    - Implement proper permission scoping for platform APIs
+    - Regular audit of platform access and permissions
+
+## Security Features
+
+### Current Implementation
+
+-   Environment variable based secrets management
+-   Type-safe API implementations
+-   Automated dependency updates via Renovate
+-   Continuous Integration security checks
+
+### Planned Improvements
+
+1. **Q4 2024**
+
+    - Automated security scanning in CI pipeline
+    - Enhanced rate limiting implementation
+    - Improved audit logging
+
+2. **Q1 2025**
+    - Security-focused documentation improvements
+    - Enhanced platform permission management
+    - Automated vulnerability scanning
+
+## Vulnerability Disclosure Policy
+
+We follow a coordinated disclosure process:
+
+1. Reporter submits vulnerability details
+2. Our team validates and assesses the report
+3. We develop and test a fix
+4. Fix is deployed to supported versions
+5. Public disclosure after 30 days or by mutual agreement
+
+## Recognition
+
+We believe in recognizing security researchers who help improve our security. Contributors who report valid security issues will be:
+
+-   Credited in our security acknowledgments (unless they wish to remain anonymous)
+-   Added to our security hall of fame
+-   Considered for our bug bounty program (coming soon)
+
+## License Considerations
+
+As an MIT licensed project, users should understand:
+
+-   The software is provided "as is"
+-   No warranty is provided
+-   Users are responsible for their own security implementations
+-   Contributors grant perpetual license to their contributions
+
+## Contact
+
+-   Security Issues: security@eliza.builders
+-   General Questions: Join our [Discord](https://discord.gg/ai16z)
+-   Updates: Follow our [security advisory page](https://github.com/ai16z/eliza/security/advisories)

agent/package.json

@@ -25,6 +25,7 @@
         "@ai16z/plugin-node": "workspace:*",
         "@ai16z/plugin-solana": "workspace:*",
         "@ai16z/plugin-starknet": "workspace:*",
+        "@ai16z/plugin-coinbase": "workspace:*",
         "readline": "^1.3.0",
         "ws": "^8.18.0",
         "yargs": "17.7.2"

agent/src/index.ts

@@ -25,6 +25,7 @@ import {
 import { bootstrapPlugin } from "@ai16z/plugin-bootstrap";
 import { solanaPlugin } from "@ai16z/plugin-solana";
 import { nodePlugin } from "@ai16z/plugin-node";
+import { coinbaseCommercePlugin } from "@ai16z/plugin-coinbase";
 import Database from "better-sqlite3";
 import fs from "fs";
 import readline from "readline";
@@ -256,6 +257,10 @@ export function createAgent(
             bootstrapPlugin,
             nodePlugin,
             character.settings.secrets?.WALLET_PUBLIC_KEY ? solanaPlugin : null,
+            character.settings.secrets?.COINBASE_COMMERCE_KEY ||
+            process.env.COINBASE_COMMERCE_KEY
+                ? coinbaseCommercePlugin
+                : null,
         ].filter(Boolean),
         providers: [],
         actions: [],

client/package.json

@@ -25,8 +25,8 @@
     "devDependencies": {
         "@eslint/js": "^9.13.0",
         "@types/node": "22.8.4",
-        "@types/react": "^18.3.12",
-        "@types/react-dom": "^18.3.1",
+        "@types/react": "18.3.12",
+        "@types/react-dom": "18.3.1",
         "@vitejs/plugin-react": "^4.3.3",
         "autoprefixer": "^10.4.20",
         "eslint": "^9.13.0",

docs/docs/packages/plugins.md

@@ -106,6 +106,111 @@ const character = {
 };
 ```
 
+Here is the updated README with the Coinbase Commerce plugin information added:
+
+---
+
+# 🧩 Plugins
+
+## Overview
+
+Eliza's plugin system provides a modular way to extend the core functionality with additional features, actions, evaluators, and providers. Plugins are self-contained modules that can be easily added or removed to customize your agent's capabilities.
+
+## Core Plugin Concepts
+
+### Plugin Structure
+
+Each plugin in Eliza must implement the `Plugin` interface with the following properties:
+
+```typescript
+interface Plugin {
+  name: string; // Unique identifier for the plugin
+  description: string; // Brief description of plugin functionality
+  actions?: Action[]; // Custom actions provided by the plugin
+  evaluators?: Evaluator[]; // Custom evaluators for behavior assessment
+  providers?: Provider[]; // Context providers for message generation
+  services?: Service[]; // Additional services (optional)
+}
+```
+
+### Available Plugins
+
+#### 1. Bootstrap Plugin (`@eliza/plugin-bootstrap`)
+
+The bootstrap plugin provides essential baseline functionality:
+
+**Actions:**
+
+- `continue` - Continue the current conversation flow
+- `followRoom` - Follow a room for updates
+- `unfollowRoom` - Unfollow a room
+- `ignore` - Ignore specific messages
+- `muteRoom` - Mute notifications from a room
+- `unmuteRoom` - Unmute notifications from a room
+
+**Evaluators:**
+
+- `fact` - Evaluate factual accuracy
+- `goal` - Assess goal completion
+
+**Providers:**
+
+- `boredom` - Manages engagement levels
+- `time` - Provides temporal context
+- `facts` - Supplies factual information
+
+#### 2. Image Generation Plugin (`@eliza/plugin-image-generation`)
+
+Enables AI image generation capabilities:
+
+**Actions:**
+
+- `GENERATE_IMAGE` - Create images based on text descriptions
+- Supports multiple image generation services (Anthropic, Together)
+- Auto-generates captions for created images
+
+#### 3. Node Plugin (`@eliza/plugin-node`)
+
+Provides core Node.js-based services:
+
+**Services:**
+
+- `BrowserService` - Web browsing capabilities
+- `ImageDescriptionService` - Image analysis
+- `LlamaService` - LLM integration
+- `PdfService` - PDF processing
+- `SpeechService` - Text-to-speech
+- `TranscriptionService` - Speech-to-text
+- `VideoService` - Video processing
+
+#### 4. Solana Plugin (`@eliza/plugin-solana`)
+
+Integrates Solana blockchain functionality:
+
+**Evaluators:**
+
+- `trustEvaluator` - Assess transaction trust scores
+
+**Providers:**
+
+- `walletProvider` - Wallet management
+- `trustScoreProvider` - Transaction trust metrics
+
+#### 5. Coinbase Commerce Plugin (`@eliza/plugin-coinbase-commerce`)
+
+Integrates Coinbase Commerce for payment and transaction management:
+
+**Actions:**
+
+- `CREATE_CHARGE` - Create a payment charge using Coinbase Commerce
+- `GET_ALL_CHARGES` - Fetch all payment charges
+- `GET_CHARGE_DETAILS` - Retrieve details for a specific charge
+
+**Description:**
+This plugin enables Eliza to interact with the Coinbase Commerce API to create and manage payment charges, providing seamless integration with cryptocurrency-based payment systems.
+
+---
+
 ### Writing Custom Plugins
 
 Create a new plugin by implementing the Plugin interface:

docs/package.json

@@ -25,8 +25,8 @@
     "clsx": "2.1.0",
     "docusaurus-lunr-search": "^3.5.0",
     "prism-react-renderer": "2.3.1",
-    "react": "18.2.0",
-    "react-dom": "18.2.0",
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
     "react-router-dom": "6.22.1"
   },
   "devDependencies": {

eslint.global.mjs

@@ -0,0 +1,71 @@
+import eslint from "@eslint/js";
+import tseslint from "@typescript-eslint/eslint-plugin";
+import typescript from "@typescript-eslint/parser";
+import prettier from "eslint-config-prettier";
+import vitest from "eslint-plugin-vitest"; // Add Vitest plugin
+
+export default [
+    // JavaScript and TypeScript files
+    {
+        files: ["src/**/*.js", "src/**/*.cjs", "src/**/*.mjs", "src/**/*.ts"],
+        languageOptions: {
+            parser: typescript,
+            parserOptions: {
+                ecmaVersion: "latest",
+                sourceType: "module",
+                project: "./tsconfig.json", // Make sure your tsconfig includes @types/node
+            },
+            globals: {
+                // Add Node.js globals
+                NodeJS: "readonly",
+                console: "readonly",
+                process: "readonly",
+                Buffer: "readonly",
+                __dirname: "readonly",
+                __filename: "readonly",
+                module: "readonly",
+                require: "readonly",
+            },
+        },
+        plugins: {
+            "@typescript-eslint": tseslint,
+        },
+        rules: {
+            ...eslint.configs.recommended.rules,
+            ...tseslint.configs.recommended.rules,
+            "prefer-const": "warn",
+            "no-constant-binary-expression": "error",
+
+            // Disable no-undef as TypeScript handles this better
+            "no-undef": "off",
+            "@typescript-eslint/no-unsafe-function-type": "off",
+            // Customize TypeScript rules
+            "@typescript-eslint/no-explicit-any": "off",
+            "@typescript-eslint/no-unused-vars": [
+                "error",
+                {
+                    argsIgnorePattern: "^_",
+                    varsIgnorePattern: "^_",
+                    ignoreRestSiblings: true,
+                },
+            ],
+        },
+    },
+    // Vitest configuration
+    {
+        files: [
+            "src/**/*.test.js",
+            "src/**/*.test.ts",
+            "src/**/*.spec.js",
+            "src/**/*.spec.ts",
+        ],
+        plugins: {
+            vitest, // Register Vitest plugin
+        },
+        rules: {
+            ...vitest.configs.recommended.rules,
+        },
+    },
+    // Add prettier as the last config to override other formatting rules
+    prettier,
+];