{ "interval": { "intervalStart": "2026-01-05T00:00:00.000Z", "intervalEnd": "2026-01-06T00:00:00.000Z", "intervalType": "day" }, "repository": "elizaos/eliza", "overview": "From 2026-01-05 to 2026-01-06, elizaos/eliza had 5 new PRs (5 merged), 2 new issues, and 10 active contributors.", "topIssues": [ { "id": "I_kwDOMT5cIs7Ki_w6", "title": "Lifecycle & Utilities", "author": "borisudovicic", "number": 5929, "repository": "elizaos/eliza", "body": "* Add hooks for agent lifecycle management (useAgentList, useStartAgent, useStopAgent).\n* Provide mock client for frontend testing without a live server.", "createdAt": "2025-09-09T12:16:36Z", "closedAt": "2026-01-05T13:29:07Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7Ki_p_", "title": "Core Hooks", "author": "borisudovicic", "number": 5928, "repository": "elizaos/eliza", "body": "* Implement useEliza hook (agent access, plugin state).\n* Implement useElizaChat hook (sendMessage, messages, loading, error).", "createdAt": "2025-09-09T12:16:26Z", "closedAt": "2026-01-05T12:27:36Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7LDUNt", "title": "SDK-first Hooks Mode", "author": "borisudovicic", "number": 5966, "repository": "elizaos/eliza", "body": "* Support instantiating Eliza directly in browser via hooks (SDK-first, no REST).\n* Provide separate server hooks (useElizaServerChat) for REST/SSE integration.", "createdAt": "2025-09-11T13:45:48Z", "closedAt": "2026-01-05T12:27:29Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7gvLo3", "title": "Messaging API - Fix double processing & align transports", "author": "linear", "number": 6298, "repository": "elizaos/eliza", "body": "The current messaging API has several architectural issues:\n\n1. **Double/triple** - `createMessage()` always emits to `internalMessageBus`, even for HTTP/SSE which also call `elizaOS.handleMessage()` directly\n\n2\\. **Dead code** - handleWebSocketMode() in response-handlers does nothinG useful\n\n3\\. Duplication - Sessions and Channels duplicate the same sending logiC", "createdAt": "2025-12-30T15:01:23Z", "closedAt": "2026-01-05T12:27:13Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7hZU_n", "title": "JWT authentication and user management", "author": "linear", "number": 6327, "repository": "elizaos/eliza", "body": "", "createdAt": "2026-01-05T13:30:51Z", "closedAt": "2026-01-07T18:56:43Z", "state": "CLOSED", "commentCount": 0 } ], "topPRs": [ { "id": "PR_kwDOMT5cIs67Avaq", "title": "feat: unified hooks with multi-transport support (HTTP/SSE/WebSocket)", "author": "standujar", "number": 6300, "body": "This PR introduces unified client hooks with multi-transport support and aligns transport naming between `api-client` and `server` packages.\r\n\r\n### Key Changes\r\n\r\n**Client Hooks (packages/client)**\r\n- New `useElizaChat` hook - unified interface for all transport types (websocket, sse, http)\r\n- New `useEliza` hook - simplified hook combining chat, agents, and server state\r\n- Transport-specific hooks: `useSocketChat`, `useSSEChat`, `useHTTPChat`\r\n- Lifecycle callbacks for custom side effects (onMessageAdded, onMessageUpdated, onError)\r\n\r\n**Server Transport Alignment (packages/server)**\r\n- Renamed `mode` → `transport` parameter across messaging endpoints\r\n- Transport types: `\"http\"` (sync), `\"sse\"` (streaming), `\"websocket\"` (async via Socket.IO)\r\n- Legacy `mode` parameter still supported for backward compatibility (deprecated)\r\n- Fixed double/triple message processing by separating DB persistence from bus emission\r\n\r\n**API Client (packages/api-client)**\r\n- Added `TransportType` export aligned with server\r\n- Updated session service to use transport types\r\n\r\n**Tests**\r\n- Integration tests for all 3 transports (http, sse, websocket)\r\n- Unit tests for response handlers and transport validation\r\n- Tests for new client hooks (useHTTPChat, useSSEChat)\r\n\r\n**Test Exemple**\r\n![IMG_0035](https://github.com/user-attachments/assets/9748f7f1-5763-4a67-ac52-7f981a22ed82)\r\n\r\n## Test plan\r\n\r\n- [x] Run server unit tests: `bun test packages/server/src/__tests__/unit/api/`\r\n- [x] Run client hook tests\n\n\n\n

Greptile Summary

\n\n\n- Unifies client-side chat hooks providing a single interface for all transport types (websocket, sse, http) with lifecycle callbacks for custom side effects\n- Renames `mode` parameter to `transport` across messaging endpoints with backward compatibility mapping (sync→http, stream→sse) via `LEGACY_MODE_MAP` \n- Fixes critical double/triple message processing issue by moving message bus emission to `onWebSocketTransport` callback for websocket transport only\n\n

Important Files Changed

\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/client/src/hooks/use-eliza-chat.ts | New unified hook supporting websocket, sse, and http transports with lifecycle callbacks and consistent interface |\n| packages/server/src/api/messaging/sessions.ts | Updated to use transport parameter, added onWebSocketTransport callback to emit to message bus, fixing double message processing |\n| packages/server/src/api/shared/validation.ts | Added validateTransport with legacy mode mapping support (sync→http, stream→sse) for backward compatibility |\n| packages/server/src/api/shared/constants.ts | Defined TransportType with LEGACY_MODE_MAP for backward compatibility mapping |\n\n

Confidence score: 5/5

\n\n\n- This PR is safe to merge with excellent backward compatibility and thorough test coverage\n- The refactoring maintains full backward compatibility through legacy mode mapping, includes comprehensive unit and integration tests for all transport types, follows consistent naming conventions, and properly fixes the double message processing issue\n- No files require special attention\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant User as User\n participant Client as Client App\n participant Router as Sessions Router\n participant ElizaOS as ElizaOS\n participant Agent as Agent Runtime\n participant Database as Database\n participant MessageBus as Message Bus\n\n User->>Client: \"Send message\"\n Client->>Router: \"POST /api/messaging/sessions/{sessionId}/messages\"\n Router->>Database: \"Create message record\"\n Database-->>Router: \"Message created\"\n Router->>ElizaOS: \"handleMessage(agentId, messageMemory)\"\n ElizaOS->>Agent: \"Process message\"\n Agent->>Agent: \"Generate response\"\n Agent-->>ElizaOS: \"Response content\"\n ElizaOS-->>Router: \"Processing result\"\n Router->>MessageBus: \"Emit new_message event\"\n Router-->>Client: \"HTTP response with userMessage\"\n MessageBus->>Agent: \"Process for agent response\"\n Agent->>Agent: \"Generate agent reply\"\n Agent-->>Client: \"Agent response via WebSocket\"\n Client-->>User: \"Display conversation\"\n```\n\n\n\n

Context used (3)

\n\n- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=8ef4c9a3-e221-4aef-8556-8c9b88bf6bbb))\n- Context from `dashboard` - .cursorrules ([source](https://app.greptile.com/review/custom-context?memory=00074882-001f-44b1-89c4-859ed3656db9))\n- Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=51febe90-8918-4f18-be1f-d43bb68d696c))\n
\n\n\n", "repository": "elizaos/eliza", "createdAt": "2025-12-30T18:53:17Z", "mergedAt": "2026-01-05T08:58:04Z", "additions": 3009, "deletions": 529 }, { "id": "PR_kwDOMT5cIs67jFlF", "title": "feat(plugin-sql): add CachedDatabaseAdapter with LRU caching and serv…", "author": "0xbbjoker", "number": 6329, "body": "DRAFT PR. DO NOT MERGE. \n\n\n---\n\n> [!NOTE]\n> Introduces a caching wrapper and runtime optimization to reduce DB and model calls.\n> \n> - **New `CachedDatabaseAdapter`**: L1 in-memory LRU with optional L2 external cache; read-through on misses, targeted invalidation on mutations; supports agents, entities, rooms, worlds, participants, components, relationships, tasks; passthrough for high-volume memory ops; exposed via `index.ts`.\n> - **External cache support**: Pluggable adapter interface with key prefixing; factory `createCachedAdapter`.\n> - **Runtime optimization**: `AgentRuntime` now caches embedding dimension; adds `getEmbeddingDimension()`/`setEmbeddingDimension()` (validated against `VECTOR_DIMS`); init uses pre-set dimension or falls back to probing when embedding model exists.\n> - **Tests**: Extensive integration coverage (TTL expiry, invalidation paths, batch ops, external cache) in `cached-adapter.test.ts`.\n> \n> Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 0ca8e4e8afb9838c82f799ca1afd450cb67eac91. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).\n\n\n\n\n

Greptile Summary

\n\n\nThis PR adds a `CachedDatabaseAdapter` wrapper that provides LRU caching with optional external cache support (Redis/Upstash) for serverless environments, plus embedding dimension caching in the runtime to avoid redundant model calls.\n\n**Key Changes:**\n- New `CachedDatabaseAdapter` class implementing two-tier caching strategy (in-memory L1 + optional external L2)\n- Runtime embedding dimension is now cached and can be pre-configured via `setEmbeddingDimension()`\n- Automatic cache invalidation on mutations (updates, deletes, creates)\n- Comprehensive test coverage (1,530 lines) covering all caching scenarios, TTL expiration, and external cache integration\n- Smart invalidation strategy: individual entity caches are updated on mutation, while aggregate caches (like `entitiesForRoom`) are cleared\n\n**Cache Strategy:**\n- Read-through caching: Check L1 → L2 → Database, populating caches on miss\n- Write-through invalidation: Mutations invalidate affected cache entries\n- Configurable TTL per cache type with LRU eviction\n- Memory operations (high volume) are NOT cached to avoid excessive memory usage\n\n**Note:** This is marked as a DRAFT PR and should NOT be merged yet.\n\n

Confidence Score: 3/5

\n\n\n- This PR introduces significant caching infrastructure but has syntax issues and potential logic bugs that need resolution before merging\n- Score reflects excellent test coverage and well-designed caching architecture, but is reduced due to: (1) syntax errors in optional method declarations that will cause TypeScript compilation issues, (2) unsafe type casting in `createAgent` that could cache incomplete data, and (3) this being a DRAFT PR explicitly marked \"DO NOT MERGE\". The core caching logic is sound and thoroughly tested, but the syntax issues must be fixed for production readiness.\n- `packages/plugin-sql/src/cached-adapter.ts` requires syntax fixes for optional method declarations (lines 870-909) and logic review for type casting on line 297\n\n

Important Files Changed

\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/core/src/runtime.ts | Added embedding dimension caching with getter/setter methods to optimize serverless environments by avoiding redundant model calls |\n| packages/plugin-sql/src/cached-adapter.ts | New LRU cache wrapper for database adapter with two-tier caching (in-memory + optional external cache like Redis/Upstash) for serverless optimization |\n| packages/plugin-sql/src/__tests__/integration/cached-adapter.test.ts | Comprehensive integration tests covering all caching scenarios, invalidation logic, TTL expiration, and external cache adapter support |\n| packages/plugin-sql/src/index.ts | Exported new cached adapter types and factory function for public API |\n\n\n\n\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant Runtime as AgentRuntime\n participant CachedAdapter as CachedDatabaseAdapter\n participant L1Cache as In-Memory LRU Cache\n participant L2Cache as External Cache (Redis/Upstash)\n participant BaseAdapter as Base Database Adapter\n participant DB as PostgreSQL/PGLite\n\n Note over Runtime: Initialization\n Runtime->>Runtime: Check embeddingDimension cache\n alt Pre-configured dimension\n Runtime->>CachedAdapter: ensureEmbeddingDimension(dimension)\n CachedAdapter->>BaseAdapter: ensureEmbeddingDimension(dimension)\n BaseAdapter->>DB: Configure vector dimension\n else Dimension not cached\n Runtime->>Runtime: getModel(TEXT_EMBEDDING)\n Runtime->>Runtime: Generate test embedding\n Runtime->>Runtime: Cache embedding.length\n Runtime->>CachedAdapter: ensureEmbeddingDimension(embedding.length)\n CachedAdapter->>BaseAdapter: ensureEmbeddingDimension(embedding.length)\n BaseAdapter->>DB: Configure vector dimension\n end\n\n Note over Runtime,DB: Read Operations (Cache Hit)\n Runtime->>CachedAdapter: getAgent(agentId)\n CachedAdapter->>L1Cache: get(agentId)\n L1Cache-->>CachedAdapter: Agent data\n CachedAdapter-->>Runtime: Agent data\n\n Note over Runtime,DB: Read Operations (L1 Miss, L2 Hit)\n Runtime->>CachedAdapter: getRoom(roomId)\n CachedAdapter->>L1Cache: get(roomId)\n L1Cache-->>CachedAdapter: undefined\n CachedAdapter->>L2Cache: get(cacheKey)\n L2Cache-->>CachedAdapter: Room data\n CachedAdapter->>L1Cache: set(roomId, room)\n CachedAdapter-->>Runtime: Room data\n\n Note over Runtime,DB: Read Operations (Cache Miss)\n Runtime->>CachedAdapter: getEntity(entityId)\n CachedAdapter->>L1Cache: get(entityId)\n L1Cache-->>CachedAdapter: undefined\n CachedAdapter->>L2Cache: get(cacheKey)\n L2Cache-->>CachedAdapter: undefined\n CachedAdapter->>BaseAdapter: getEntity(entityId)\n BaseAdapter->>DB: SELECT entity\n DB-->>BaseAdapter: Entity data\n BaseAdapter-->>CachedAdapter: Entity data\n CachedAdapter->>L1Cache: set(entityId, entity)\n CachedAdapter->>L2Cache: set(cacheKey, entity, ttl)\n CachedAdapter-->>Runtime: Entity data\n\n Note over Runtime,DB: Write Operations (Cache Invalidation)\n Runtime->>CachedAdapter: updateAgent(agentId, updates)\n CachedAdapter->>BaseAdapter: updateAgent(agentId, updates)\n BaseAdapter->>DB: UPDATE agent\n DB-->>BaseAdapter: Success\n BaseAdapter-->>CachedAdapter: Success\n CachedAdapter->>L1Cache: delete(agentId)\n CachedAdapter->>L2Cache: delete(cacheKey)\n CachedAdapter-->>Runtime: Success\n\n Note over Runtime,DB: Batch Operations\n Runtime->>CachedAdapter: getRoomsByIds([id1, id2, id3])\n CachedAdapter->>L1Cache: get(id1)\n L1Cache-->>CachedAdapter: Room1\n CachedAdapter->>L1Cache: get(id2)\n L1Cache-->>CachedAdapter: undefined\n CachedAdapter->>L1Cache: get(id3)\n L1Cache-->>CachedAdapter: undefined\n CachedAdapter->>BaseAdapter: getRoomsByIds([id2, id3])\n BaseAdapter->>DB: SELECT rooms WHERE id IN (...)\n DB-->>BaseAdapter: [Room2, Room3]\n BaseAdapter-->>CachedAdapter: [Room2, Room3]\n CachedAdapter->>L1Cache: set(id2, Room2)\n CachedAdapter->>L1Cache: set(id3, Room3)\n CachedAdapter-->>Runtime: [Room1, Room2, Room3]\n```\n\n\n\n", "repository": "elizaos/eliza", "createdAt": "2026-01-05T14:54:36Z", "mergedAt": null, "additions": 2594, "deletions": 7 }, { "id": "PR_kwDOMT5cIs67X5TM", "title": "fix(plugin-sql): use sql.raw() for SET LOCAL to avoid parameterizatio…", "author": "0xbbjoker", "number": 6316, "body": "PostgreSQL SET commands do not support parameterized queries. The previous\r\nimplementation used Drizzle's sql tagged template which auto-parameterizes\r\nvalues, causing \"syntax error at or near $1\" when ENABLE_DATA_ISOLATION=true.\r\n\r\n- Change sql`SET LOCAL app.entity_id = ${entityId}` to sql.raw() with inline value\r\n- Add unit tests for withEntityContext in manager.test.ts\r\n- Add integration test to verify fix against real PostgreSQL\r\n\r\nFixes critical bug that broke all database operations with data isolation enabled.", "repository": "elizaos/eliza", "createdAt": "2026-01-03T15:40:43Z", "mergedAt": "2026-01-05T08:17:01Z", "additions": 278, "deletions": 1 }, { "id": "PR_kwDOMT5cIs67fGcl", "title": "fix(plugin-sql): add pool config, error handler, and fix PGLite shutdown", "author": "wtfsayo", "number": 6323, "body": "## Summary\n\nFixes critical issues in plugin-sql that could cause runtime crashes and connection problems.\n\n### Changes\n\n1. **Fix `null as T` return** (`pglite/adapter.ts`)\n - Throw error instead of returning null cast as generic type T\n - Prevents type-unsafe null values from crashing callers expecting arrays/objects\n\n2. **Use pool-based database instance** (`pg/adapter.ts`)\n - Use shared pool-backed `this.db` from manager (set once in constructor)\n - Pool handles per-query connection management internally\n - Simplifies connection handling\n\n3. **Add production-optimized pool configuration** (`pg/manager.ts`)\n - `connectionTimeoutMillis: 5000` (was 0 = infinite wait!)\n - `idleTimeoutMillis: 30000` (balance cleanup vs reconnection)\n - `keepAlive: true` with 10s delay (essential for cloud environments)\n - `max: 20, min: 2` (reasonable defaults)\n\n4. **Add pool error handler** (`pg/manager.ts`)\n - Handle pool 'error' events to prevent Node.js crashes\n - Pool emits errors when idle connections die (DB restart, network issues)\n\n### Issue Details\n\n| Issue | Severity | Status |\n|-------|----------|--------|\n| `null as T` return on shutdown | CRITICAL | Fixed |\n| Pool config missing timeouts | CRITICAL | Fixed |\n| No pool error handler | HIGH | Fixed |\n\n### Testing\n\n- [x] All 147 unit tests pass\n- [x] Package builds successfully (`bun run build`)\n- [x] TypeScript compilation passes\n\n### Breaking Changes\n\n- `PgliteDatabaseAdapter.withDatabase()` now throws on shutdown instead of returning null\n - This is technically breaking but fixes incorrect behavior that would crash downstream code anyway\n\n### Pool Configuration Details\n\n```typescript\n{\n max: 20, // Max connections\n min: 2, // Min warm connections\n idleTimeoutMillis: 30000, // 30s idle timeout\n connectionTimeoutMillis: 5000, // 5s connect timeout (was infinite!)\n keepAlive: true, // Detect dead connections\n keepAliveInitialDelayMillis: 10000,\n}\n```\n\n### Note on Migration Transaction\n\nThe original PR attempted to wrap migrations in `db.transaction()` for atomicity, but this was reverted because:\n- PGLite handles parameterized queries differently inside transactions\n- The existing try-catch approach with idempotent operations is correct\n- Each migration operation checks state before modifying and can be safely re-run\n\n\n---\n\n> [!NOTE]\n> Strengthens connection handling and safety across PostgreSQL and PGLite adapters.\n> \n> - Pg adapter: use shared pool-backed `this.db` in `withDatabase`, removing manual client acquisition; supports safe concurrent ops\n> - Pg manager: add production pool config (`max/min`, timeouts, `keepAlive`) and `'error'` handler; keep `drizzle` DB from pool\n> - Entity context: validate UUID via `validateUuid` before `SET LOCAL app.entity_id = ...` to prevent SQL injection\n> - PGLite adapter: `withDatabase` now throws a descriptive error when shutting down and logs a warning\n> - Tests: add pool-based and concurrency tests for Pg adapter; update manager tests to include pool `on` handler; add shutdown tests for PGLite adapter\n> \n> Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b4ffdd7f55ef3d6322521ee102100d90a0525496. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).\n", "repository": "elizaos/eliza", "createdAt": "2026-01-05T08:14:45Z", "mergedAt": "2026-01-05T12:31:13Z", "additions": 186, "deletions": 20 }, { "id": "PR_kwDOMT5cIs67gIj5", "title": "feat(ci): upgrade Claude workflows with Opus 4.5 and add security/maintenance jobs", "author": "wtfsayo", "number": 6324, "body": "## Summary\n\nThis PR upgrades all Claude-powered CI workflows to use stable v1 action and Opus 4.5 model, plus adds two new automated workflows.\n\n## Changes\n\n### 🔄 Updated: `claude.yml` (interactive @claude mentions)\n\n| Change | Before | After |\n|--------|--------|-------|\n| Action version | `@beta` | `@v1` (stable) |\n| Model | Sonnet 4 (default) | **Opus 4.5** |\n| Checkout | `v4` | `v5` |\n| Permissions | `pull-requests: read` | `pull-requests: write` |\n\n### 🔄 Updated: `claude-code-review.yml` (automated PR reviews)\n\n| Change | Before | After |\n|--------|--------|-------|\n| Action version | `@beta` | `@v1` (stable) |\n| Model | Sonnet 4 (default) | **Opus 4.5** |\n| Checkout | `v4` | `v5` |\n| Permissions | `pull-requests: read` | `pull-requests: write` |\n| Progress tracking | ❌ | ✅ `track_progress: true` |\n| Triggers | 3 types | Added `reopened` |\n| Allowed tools | `Bash(*)` | Scoped to PR commands |\n\n### 🆕 Added: `security-review.yml`\n\nUses [anthropics/claude-code-security-review](https://github.com/anthropics/claude-code-security-review) for AI-powered security scanning:\n\n- 🔐 Detects injection attacks, auth issues, data exposure\n- 🔒 Scans for hardcoded secrets and crypto issues\n- 📝 Inline PR comments for findings\n- 🎯 Path filtering for code files only\n- ⏭️ Skip with `[skip-security]` in PR title\n\n### 🆕 Added: `weekly-maintenance.yml`\n\nAutomated weekly maintenance (Sunday midnight UTC):\n\n- 📦 Check outdated dependencies (`bun outdated`)\n- 🔒 Security vulnerability scan\n- 🐛 Review stale issues (>90 days)\n- 📝 Find TODO/FIXME comments\n- 📚 Verify documentation status\n- 📋 Creates summary issue with findings\n\n## Model Upgrade\n\nAll 4 workflows now use **Claude Opus 4.5** (`claude-opus-4-5-20251101`) for:\n- Enhanced coding capabilities\n- Improved agentic task handling\n- Better long-context reasoning\n- Deeper security analysis\n\n## Files Changed\n\n| File | Status |\n|------|--------|\n| `claude.yml` | Modified |\n| `claude-code-review.yml` | Modified |\n| `security-review.yml` | Added |\n| `weekly-maintenance.yml` | Added |\n\n## Testing\n\n- [ ] Workflows pass YAML validation\n- [ ] Secrets (`ANTHROPIC_API_KEY`) are configured\n- [ ] Manual trigger works via `workflow_dispatch`\n\n\n\n

Greptile Summary

\n\n\nThis PR modernizes the Claude-powered CI infrastructure by upgrading to stable action versions and Claude Opus 4.5, while introducing two new automation workflows.\n\n## Key Changes\n\n- **`claude-code-review.yml` upgraded**: Moved from `@beta` to stable `@v1` action, upgraded model to Opus 4.5, added `track_progress: true`, included `reopened` PR trigger, changed permissions to `pull-requests: write`, upgraded checkout to v5, and scoped `allowed_tools` to specific PR commands for better security\n- **`security-review.yml` added**: New dedicated security scanning workflow using `claude-code-security-review@main` action with Opus 4.5, includes path filtering for code files, skip conditions for drafts/`[skip-security]` tags, and proper security-events permissions\n- **`weekly-maintenance.yml` added**: Scheduled Sunday maintenance workflow that checks dependencies, audits security, reviews stale issues, scans TODOs, verifies docs, and creates summary issues using Opus 4.5\n\n## Benefits\n\nThe model upgrade to Opus 4.5 provides enhanced coding capabilities, improved agentic task handling, and better long-context reasoning. The scoped tool permissions in the review workflow improve security by limiting available commands. The new workflows automate important maintenance tasks that were previously manual.\n\n## Considerations\n\nCheck that `ANTHROPIC_API_KEY` secret is configured in repository settings for all workflows to function. The `claude.yml` workflow (interactive `@claude` mentions) remains on `@beta` - consider upgrading in a follow-up PR for consistency.\n\n

Confidence Score: 5/5

\n\n\n- This PR is safe to merge with minimal risk - improves CI infrastructure with stable actions and enhanced model\n- All changes are configuration-only, upgrading to stable action versions and adding new security/maintenance workflows. The model upgrade to Opus 4.5 provides better capabilities, scoped tool permissions improve security, and the new workflows add valuable automated checks without any risk to the codebase\n- No files require special attention\n\n

Important Files Changed

\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| .github/workflows/claude-code-review.yml | Upgraded to stable v1 action, added Opus 4.5 model, scoped tool permissions, added progress tracking and `reopened` trigger |\n| .github/workflows/security-review.yml | New workflow using specialized security review action with Opus 4.5, path filtering, and skip conditions |\n| .github/workflows/weekly-maintenance.yml | New scheduled maintenance workflow with Opus 4.5, performs dependency audits, issue reviews, and doc checks |\n\n\n\n\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant Dev as Developer\n participant GH as GitHub\n participant CRW as Claude Review Workflow\n participant SRW as Security Review Workflow\n participant MNT as Weekly Maintenance\n participant Claude as Claude Opus 4.5\n\n Note over Dev,Claude: PR Creation Flow\n Dev->>GH: Create/Update PR\n GH->>CRW: Trigger (opened/synchronize/reopened)\n CRW->>Claude: Run code review with scoped tools\n Claude->>Claude: Analyze PR changes\n Claude->>GH: Post inline comments & feedback\n \n Note over Dev,Claude: Security Scanning Flow\n GH->>SRW: Trigger (if code files changed)\n SRW->>Claude: Run security scan\n Claude->>Claude: Analyze for vulnerabilities\n Claude->>GH: Post security findings\n Claude->>GH: Upload SARIF results\n \n Note over Dev,Claude: Weekly Maintenance Flow\n GH->>MNT: Cron trigger (Sunday 00:00 UTC)\n MNT->>Claude: Run maintenance tasks\n Claude->>Claude: Check dependencies (bun outdated)\n Claude->>Claude: Audit security (bun audit)\n Claude->>Claude: Review stale issues (>90 days)\n Claude->>Claude: Scan TODO/FIXME comments\n Claude->>Claude: Verify docs status\n Claude->>GH: Create summary issue\n \n Note over CRW,Claude: All workflows use claude-opus-4-5-20251101\n```\n\n\n\n**Context used:**\n\n- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=8ef4c9a3-e221-4aef-8556-8c9b88bf6bbb))\n- Context from `dashboard` - .cursorrules ([source](https://app.greptile.com/review/custom-context?memory=00074882-001f-44b1-89c4-859ed3656db9))\n\n\n\n\n---\n\n> [!NOTE]\n> Modernizes CI automation and expands coverage with security and maintenance workflows.\n> \n> - **Upgrade to stable actions and Opus 4.5**: `claude.yml` and `claude-code-review.yml` now use `anthropics/claude-code-action@v1`, `actions/checkout@v5`, and `--model claude-opus-4-5-20251101`; `pull-requests` permission elevated to `write`.\n> - **Review workflow enhancements**: Adds `reopened` trigger, enables `track_progress`, replaces `direct_prompt` with structured `prompt`, and scopes `--allowedTools` to PR and inline comment commands in `claude-code-review.yml`.\n> - **New security review**: Adds `claude-security-review.yml` using `anthropics/claude-code-security-review@main` with path filtering, draft/`[skip-security]` guard, PR commenting, SARIF uploads, and Opus 4.5.\n> - **Weekly maintenance**: Adds `weekly-maintenance.yml` scheduled job using Bun to check dependencies, run security audit, review stale issues, scan TODOs, verify docs, and open a summary issue; uses Opus 4.5 with restricted tools.\n> \n> Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit b578eea4e7fa8a6571c7666d9017342cdd996db2. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).\n", "repository": "elizaos/eliza", "createdAt": "2026-01-05T10:00:01Z", "mergedAt": "2026-01-05T13:44:44Z", "additions": 142, "deletions": 43 } ], "codeChanges": { "additions": 3624, "deletions": 595, "files": 58, "commitCount": 57 }, "completedItems": [ { "title": "feat: unified hooks with multi-transport support (HTTP/SSE/WebSocket)", "prNumber": 6300, "type": "feature", "body": "This PR introduces unified client hooks with multi-transport support and aligns transport naming between `api-client` and `server` packages.\r\n\r\n### Key Changes\r\n\r\n**Client Hooks (packages/client)**\r\n- New `useElizaChat` hook - unified inter", "files": [ "packages/api-client/src/__tests__/services/sessions.test.ts", "packages/api-client/src/services/sessions.ts", "packages/api-client/src/types/sessions.ts", "packages/client/src/components/agent-card.cy.tsx", "packages/client/src/components/agent-card.tsx", "packages/client/src/components/agent-log-viewer.tsx", "packages/client/src/components/agent-sidebar.tsx", "packages/client/src/components/chat.tsx", "packages/client/src/components/profile-overlay.tsx", "packages/client/src/components/server-management.tsx", "packages/client/src/hooks/__tests__/use-dm-channels.test.ts", "packages/client/src/hooks/__tests__/use-http-chat.test.ts", "packages/client/src/hooks/__tests__/use-sse-chat.test.ts", "packages/client/src/hooks/index.ts", "packages/client/src/hooks/use-agent-management.ts", "packages/client/src/hooks/use-elevenlabs-voices.ts", "packages/client/src/hooks/use-eliza-chat.ts", "packages/client/src/hooks/use-eliza.ts", "packages/client/src/hooks/use-http-chat.ts", "packages/client/src/hooks/use-query-hooks.ts", "packages/client/src/hooks/use-socket-chat.ts", "packages/client/src/hooks/use-sse-chat.ts", "packages/client/src/lib/api-type-mappers.ts", "packages/client/src/lib/utils.ts", "packages/client/src/routes/agent-detail.tsx", "packages/client/src/routes/agent-list.tsx", "packages/client/src/routes/agent-settings.tsx", "packages/client/src/routes/chat.tsx", "packages/client/src/routes/home.tsx", "packages/client/src/types.ts", "packages/client/src/types/index.ts", "packages/server/src/__tests__/fixtures/socketio-client.fixture.ts", "packages/server/src/__tests__/integration/http-transport.test.ts", "packages/server/src/__tests__/integration/socketio-infrastructure.test.ts", "packages/server/src/__tests__/integration/sse-transport.test.ts", "packages/server/src/__tests__/integration/websocket-transport.test.ts", "packages/server/src/__tests__/unit/api/channels-mode.test.ts", "packages/server/src/__tests__/unit/api/response-handlers.test.ts", "packages/server/src/__tests__/unit/api/sessions.test.ts", "packages/server/src/__tests__/unit/features/socketio-router.test.ts", "packages/server/src/api/messaging/channels.ts", "packages/server/src/api/messaging/sessions.ts", "packages/server/src/api/shared/constants.ts", "packages/server/src/api/shared/response-handlers.ts", "packages/server/src/api/shared/validation.ts", "packages/server/src/index.ts", "packages/server/src/socketio/index.ts" ] }, { "title": "fix(plugin-sql): use sql.raw() for SET LOCAL to avoid parameterizatio…", "prNumber": 6316, "type": "bugfix", "body": "PostgreSQL SET commands do not support parameterized queries. The previous\r\nimplementation used Drizzle's sql tagged template which auto-parameterizes\r\nvalues, causing \"syntax error at or near $1\" when ENABLE_DATA_ISOLATION=true.\r\n\r\n- Chang", "files": [ "packages/plugin-sql/src/__tests__/integration/postgres/withEntityContext.test.ts", "packages/plugin-sql/src/__tests__/unit/pg/manager.test.ts", "packages/plugin-sql/src/pg/manager.ts" ] }, { "title": "fix(ci): allow cursor bot to trigger Claude workflows", "prNumber": 6328, "type": "bugfix", "body": "## Summary\n- Add `allowed_bots: \"cursor\"` to `claude-code-review.yml` and `claude.yml`\n- Add `github.actor != 'cursor[bot]'` condition to `claude-security-review.yml` (this action doesn't support the `allowed_bots` parameter)\n\nFixes workflo", "files": [ ".github/workflows/claude-code-review.yml", ".github/workflows/claude-security-review.yml", ".github/workflows/claude.yml" ] }, { "title": "feat(ci): upgrade Claude workflows with Opus 4.5 and add security/maintenance jobs", "prNumber": 6324, "type": "feature", "body": "## Summary\n\nThis PR upgrades all Claude-powered CI workflows to use stable v1 action and Opus 4.5 model, plus adds two new automated workflows.\n\n## Changes\n\n### 🔄 Updated: `claude.yml` (interactive @claude mentions)\n\n| Change | Before | Af", "files": [ ".github/workflows/claude-code-review.yml", ".github/workflows/claude-security-review.yml", ".github/workflows/claude.yml", ".github/workflows/weekly-maintenance.yml" ] }, { "title": "fix(plugin-sql): add pool config, error handler, and fix PGLite shutdown", "prNumber": 6323, "type": "bugfix", "body": "## Summary\n\nFixes critical issues in plugin-sql that could cause runtime crashes and connection problems.\n\n### Changes\n\n1. **Fix `null as T` return** (`pglite/adapter.ts`)\n - Throw error instead of returning null cast as generic type T\n ", "files": [ "packages/plugin-sql/src/__tests__/unit/pg/adapter.test.ts", "packages/plugin-sql/src/__tests__/unit/pg/manager.test.ts", "packages/plugin-sql/src/__tests__/unit/pglite/adapter.test.ts", "packages/plugin-sql/src/pg/adapter.ts", "packages/plugin-sql/src/pg/manager.ts", "packages/plugin-sql/src/pglite/adapter.ts" ] } ], "topContributors": [ { "username": "wtfsayo", "avatarUrl": "https://avatars.githubusercontent.com/u/82053242?u=98209a1f10456f42d4d2fa71db4d5bf4a672cbc3&v=4", "totalScore": 139.6150097019045, "prScore": 130.17700970190452, "issueScore": 0, "reviewScore": 9, "commentScore": 0.43799999999999994, "summary": null }, { "username": "madjin", "avatarUrl": "https://avatars.githubusercontent.com/u/32600939?u=cdcf89f44c7a50906c7a80d889efa85023af2049&v=4", "totalScore": 36.760682865573564, "prScore": 36.760682865573564, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "standujar", "avatarUrl": "https://avatars.githubusercontent.com/u/16385918?u=718bdcd1585be8447bdfffb8c11ce249baa7532d&v=4", "totalScore": 32.70765816258659, "prScore": 27.769658162586587, "issueScore": 0, "reviewScore": 4.5, "commentScore": 0.43799999999999994, "summary": null }, { "username": "greptile-apps", "avatarUrl": "https://avatars.githubusercontent.com/in/867647?v=4", "totalScore": 27.2, "prScore": 0, "issueScore": 0, "reviewScore": 27, "commentScore": 0.2, "summary": null }, { "username": "0xbbjoker", "avatarUrl": "https://avatars.githubusercontent.com/u/54844437?u=90fe1762420de6ad493a1c1582f1f70c0d87d8e2&v=4", "totalScore": 22.81750955863044, "prScore": 22.81750955863044, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "linear", "avatarUrl": "https://avatars.githubusercontent.com/in/20150?v=4", "totalScore": 4, "prScore": 0, "issueScore": 4, "reviewScore": 0, "commentScore": 0, "summary": null } ], "newPRs": 5, "mergedPRs": 5, "newIssues": 2, "closedIssues": 4, "activeContributors": 10 }