{
  "interval": {
    "intervalStart": "2026-02-13T00:00:00.000Z",
    "intervalEnd": "2026-02-14T00:00:00.000Z",
    "intervalType": "day"
  },
  "repository": "elizaos/eliza",
  "overview": "From 2026-02-13 to 2026-02-14, elizaos/eliza had 3 new PRs (0 merged), 0 new issues, and 3 active contributors.",
  "topIssues": [],
  "topPRs": [
    {
      "id": "PR_kwDOMT5cIs7DkvY3",
      "title": "feat: add Mint Club V2 plugin — bonding curve token trading on Base",
      "author": "h1-hunt",
      "number": 6497,
      "body": "## Summary\n\nAdds `@elizaos/plugin-mintclub` — a plugin for trading [Mint Club V2](https://mint.club) bonding curve tokens on Base.\n\n## What it does\n\nEnables ElizaOS agents to:\n- **Query** token prices, info, and wallet balances\n- **Trade** bonding curve tokens with smart routing (auto-picks buy/sell/zap/swap)\n- **Swap** any token pair via Uniswap V3/V4\n\n## Actions\n\n| Action | Description |\n|--------|-------------|\n| `TOKEN_INFO` | Get token info (supply, reserve, price, bonding curve) |\n| `TOKEN_PRICE` | Get token price in reserve + USD |\n| `SWAP` | Smart swap — auto-routes via bonding curve or Uniswap |\n| `WALLET_BALANCE` | Show wallet address and balances |\n\n## How it works\n\nWraps the [`mint.club-cli`](https://www.npmjs.com/package/mint.club-cli) (`mc` command) via shell execution. The CLI handles wallet management, auto routing, ERC-20 approvals, and transaction confirmation.\n\n## Setup\n\n```bash\nnpm install -g mint.club-cli\n```\n\nSet `PRIVATE_KEY` in the agent's environment variables.\n\n## Links\n\n- [Mint Club V2 Docs](https://docs.mint.club)\n- [CLI on npm](https://www.npmjs.com/package/mint.club-cli)\n- [MCP Server](https://www.npmjs.com/package/mintclub-mcp)\n- [Agent Skill on ClawHub](https://clawhub.com/skills/mintclub)\n\n<!-- greptile_comment -->\n\n<h2>Greptile Overview</h2>\n\n<h3>Greptile Summary</h3>\n\nAdds `@elizaos/plugin-mintclub` plugin that wraps the `mint.club-cli` (`mc` command) to enable bonding curve token trading on Base. Provides 4 actions (TOKEN_INFO, TOKEN_PRICE, SWAP, WALLET_BALANCE) and 1 provider.\n\n**Critical Issues:**\n- Uses Node.js `execSync` from `child_process` which violates CRITICAL project rule requiring `Bun.spawn()` or `bun-exec` utility\n- Command injection vulnerability: user input (token names, amounts) inserted directly into shell commands without sanitization\n- Violates plugin architecture: external CLI should be wrapped in a Service class, not called directly from actions\n- WALLET_BALANCE action validates all messages (always returns true), will trigger on every user input\n\n**Architecture Issues:**\n- Missing Service layer for CLI integration\n- Fragile regex parsing for swap commands won't handle natural language variations\n- No tests included for security-critical code\n\n**Minor Issues:**\n- README recommends `npm` instead of required `bun`\n- Missing TypeScript devDependencies\n\n<h3>Confidence Score: 1/5</h3>\n\n- NOT safe to merge - contains critical security vulnerability and violates multiple project architectural rules\n- Score of 1 reflects: (1) command injection vulnerability allowing arbitrary shell execution, (2) violation of CRITICAL project rule against Node.js child_process APIs, (3) architectural violations requiring Service layer, (4) validation logic bug causing WALLET_BALANCE to trigger on all messages. These issues require immediate fixes before merge.\n- packages/plugin-mintclub/src/plugin.ts requires complete refactor to address security vulnerabilities, use Bun.spawn() instead of execSync, implement Service architecture, and fix validation logic\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/plugin-mintclub/src/plugin.ts | Uses Node.js child_process.execSync violating CRITICAL project rule requiring Bun.spawn(); command injection vulnerability in user input parsing; missing Service architecture; incorrect action validation logic |\n| packages/plugin-mintclub/package.json | Uses workspace:* correctly for @elizaos/core; missing devDependencies for TypeScript; peerDependency on CLI tool is unusual |\n| packages/plugin-mintclub/README.md | Clear documentation with setup instructions and examples |\n\n</details>\n\n\n\n<h3>Sequence Diagram</h3>\n\n```mermaid\nsequenceDiagram\n    participant User\n    participant Agent\n    participant Action\n    participant execSync\n    participant mc CLI\n    participant Base Chain\n\n    User->>Agent: \"swap 100 from ETH to MINT\"\n    Agent->>Action: validate message\n    Action->>Action: regex parse (from/to/amount)\n    Agent->>Action: handler()\n    Action->>execSync: mc swap -i ETH -o MINT -a 100\n    Note over execSync: ⚠️ Command injection risk<br/>⚠️ Uses forbidden execSync\n    execSync->>mc CLI: spawn process\n    mc CLI->>mc CLI: load PRIVATE_KEY from env\n    mc CLI->>Base Chain: execute swap transaction\n    Base Chain-->>mc CLI: transaction result\n    mc CLI-->>execSync: output text\n    execSync-->>Action: result string\n    Action->>User: callback with result text\n```\n\n<sub>Last reviewed commit: 351aed7</sub>\n\n<!-- greptile_other_comments_section -->\n\n<sub>(3/5) Reply to the agent's comments like \"Can you suggest a fix for this @greptileai?\" or ask follow-up questions!</sub>\n\n**Context used:**\n\n- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=8ef4c9a3-e221-4aef-8556-8c9b88bf6bbb))\n- Context from `dashboard` - packages/plugin-starter/CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=7d041dea-d552-4802-9188-567d4fe8086b))\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-13T14:40:47Z",
      "mergedAt": null,
      "additions": 1473,
      "deletions": 50
    },
    {
      "id": "PR_kwDOMT5cIs7Dd5VJ",
      "title": "build and local for chat example",
      "author": "odilitime",
      "number": 6496,
      "body": "<!-- CURSOR_SUMMARY -->\n> [!NOTE]\n> **Medium Risk**\n> Touches monorepo dependency management and adds/changes build tooling and dependencies, which can affect installs and CI; runtime code changes are mostly isolated to an example and type-only additions.\n> \n> **Overview**\n> The TypeScript chat example now supports **local LLM providers** (`@elizaos/plugin-ollama`, `@elizaos/plugin-local-ai`) with a two-pass provider selection: prefer explicitly configured env vars (API keys or local URLs), then auto-detect Ollama on localhost before falling back to cloud providers; messaging output was updated to separate local vs cloud setup guidance.\n> \n> Repo tooling is expanded with a new `scripts/fix-workspace-deps.mjs` and root `fix-deps` scripts to enforce/verify/restore `workspace:*` references across workspace packages, plus small build/dependency adjustments (use `bunx buf` for `generate:types`, add `@bufbuild/buf`, add several deps to `@elizaos/core`, bump `@pixi/react`, and minor TS/config/package.json cleanups including a `Character` type extension for `advancedPlanning`/`advancedMemory` and a couple import path fixes).\n> \n> <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit ff04809aef072c2ca92be9e903bda505472e8577. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>\n<!-- /CURSOR_SUMMARY -->\n\n<!-- greptile_comment -->\n\n<h2>Greptile Overview</h2>\n\n<h3>Greptile Summary</h3>\n\nThis PR adds Ollama and local-ai support to the chat example with intelligent provider detection, and introduces a comprehensive workspace dependency management system.\n\n**Key Changes:**\n- **Chat example enhancements**: Added support for local LLM providers (Ollama, local-ai) with two-pass detection (explicit config → auto-detection fallback). The example now prioritizes local providers and auto-detects Ollama running on `localhost:11434`.\n- **Workspace dependency fixes**: New `fix-workspace-deps.mjs` script enforces `workspace:*` references across all 86 package.json files, preventing dependency loops and stale version issues in the monorepo.\n- **Type additions**: Added `advancedPlanning` and `advancedMemory` optional properties to the `Character` type.\n- **Import path corrections**: Fixed incorrect imports in `autonomy/service.ts` and `testing/index.ts`.\n- **Dependency additions**: Added missing dependencies (`drizzle-orm`, `esbuild`, `sharp`, `undici`, `yaml`) to typescript package.\n\n**Pattern Applied:**\nAll plugin package.json files were updated to use `workspace:*` for internal dependencies (dependencies, devDependencies, and peerDependencies), with consistent formatting applied to arrays and objects.\n\n<h3>Confidence Score: 5/5</h3>\n\n- This PR is safe to merge with minimal risk\n- The changes are well-structured and focused: (1) chat example improvements add valuable local LLM support with proper error handling and fallback logic, (2) the fix-workspace-deps.mjs script systematically addresses monorepo dependency management issues, (3) minor type additions and import fixes are straightforward, (4) all changes follow consistent patterns across 86 files without introducing breaking changes\n- No files require special attention\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| examples/chat/typescript/chat.ts | Added Ollama and local-ai support with smart provider detection (explicit config → auto-detection fallback) |\n| examples/chat/typescript/package.json | Added plugin-ollama and plugin-local-ai dependencies using workspace:* |\n| scripts/fix-workspace-deps.mjs | New utility script to enforce workspace:* references across monorepo, preventing dependency loops |\n| packages/typescript/src/types/agent.ts | Added advancedPlanning and advancedMemory optional properties to Character type |\n| packages/typescript/package.json | Added missing dependencies: drizzle-orm, esbuild, sharp, undici, yaml |\n| package.json | Added fix-deps scripts and @bufbuild/buf dependency, updated generate:types to use bunx |\n\n</details>\n\n\n\n<h3>Sequence Diagram</h3>\n\n```mermaid\nsequenceDiagram\n    participant User\n    participant ChatApp as chat.ts\n    participant LoadLLM as loadLLMPlugin()\n    participant Local as Local Providers\n    participant Cloud as Cloud Providers\n    \n    User->>ChatApp: Start chat example\n    ChatApp->>LoadLLM: Detect LLM provider\n    \n    Note over LoadLLM: Pass 1: Check explicit config\n    LoadLLM->>Local: Check env vars (OLLAMA_API_URL, LOCAL_AI_URL)\n    alt Local env var set\n        Local->>LoadLLM: Ping detectUrl to verify server\n        alt Server reachable\n            LoadLLM->>Local: Load plugin\n            Local-->>LoadLLM: Return plugin\n        else Server not reachable\n            Local-->>LoadLLM: Skip with warning\n        end\n    end\n    \n    LoadLLM->>Cloud: Check API keys (OPENAI_API_KEY, etc)\n    alt API key found\n        LoadLLM->>Cloud: Load plugin\n        Cloud-->>LoadLLM: Return plugin\n    end\n    \n    Note over LoadLLM: Pass 2: Auto-detect local servers\n    alt No explicit config found\n        LoadLLM->>Local: Ping localhost:11434 (Ollama)\n        alt Ollama running\n            LoadLLM->>Local: Load ollama plugin\n            Local-->>LoadLLM: Return plugin\n        end\n    end\n    \n    LoadLLM-->>ChatApp: Return selected plugin\n    ChatApp->>User: Start chat with detected provider\n```\n\n<sub>Last reviewed commit: 3839ed7</sub>\n\n<!-- greptile_other_comments_section -->\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-13T05:32:07Z",
      "mergedAt": null,
      "additions": 551,
      "deletions": 36
    },
    {
      "id": "PR_kwDOMT5cIs7Dk8rJ",
      "title": "feat: add Mint Club V2 plugin — bonding curve token trading on Base",
      "author": "h1-hunt",
      "number": 6498,
      "body": "## Summary\n\nAdds `@elizaos/plugin-mintclub` — a plugin for trading [Mint Club V2](https://mint.club) bonding curve tokens on Base.\n\n## Changes\n\nOnly adds `packages/plugin-mintclub/` (5 files) — no other changes.\n\n## What it does\n\nEnables ElizaOS agents to:\n- **Query** token prices, info, and wallet balances\n- **Trade** bonding curve tokens with smart routing (auto-picks buy/sell/zap/swap)\n- **Swap** any token pair via Uniswap V3/V4\n\n## Actions\n\n| Action | Description |\n|--------|-------------|\n| `TOKEN_INFO` | Get token info (supply, reserve, price, bonding curve) |\n| `TOKEN_PRICE` | Get token price in reserve + USD |\n| `SWAP` | Smart swap — auto-routes via bonding curve or Uniswap |\n| `WALLET_BALANCE` | Show wallet address and balances |\n\n## How it works\n\nWraps the [`mint.club-cli`](https://www.npmjs.com/package/mint.club-cli) (`mc` command) via shell execution. The CLI handles wallet management, auto routing, ERC-20 approvals, and transaction confirmation.\n\n## Setup\n\n```bash\nnpm install -g mint.club-cli\n```\n\nSet `PRIVATE_KEY` in the agent's environment variables.\n\n## Links\n\n- [Mint Club V2](https://mint.club) | [Docs](https://docs.mint.club)\n- [CLI on npm](https://www.npmjs.com/package/mint.club-cli)\n- [MCP Server](https://www.npmjs.com/package/mintclub-mcp)\n- [Agent Skill on ClawHub](https://clawhub.com/skills/mintclub)\n\n<!-- greptile_comment -->\n\n<h2>Greptile Overview</h2>\n\n<h3>Greptile Summary</h3>\n\nAdds Mint Club V2 plugin enabling ElizaOS agents to trade bonding curve tokens on Base by wrapping the `mint.club-cli` (`mc` command) via shell execution.\n\n**Critical Issues Found:**\n- Uses banned `execSync` from `child_process` module (violates CLAUDE.md policy requiring `Bun.spawn()` or `bunExec()` utility)\n- Command injection vulnerability: concatenates unsanitized user input directly into shell commands without proper escaping\n- `WALLET_BALANCE` action's `validate()` returns `true` for all messages, triggering on unrelated user input\n\n**Other Issues:**\n- README instructs users to install with `npm` instead of project-required `bun` package manager\n\n**Positive Aspects:**\n- Correctly uses `workspace:*` for internal `@elizaos/core` dependency\n- Proper plugin structure with actions and provider\n- Clear documentation and examples\n\n<h3>Confidence Score: 0/5</h3>\n\n- This PR has critical security vulnerabilities and cannot be merged safely\n- Two critical issues block merging: (1) uses banned `execSync` API violating established project policy, and (2) command injection vulnerability allowing arbitrary code execution through malicious user input. The `WALLET_BALANCE` validation bug would trigger false positives. These must be resolved before merge.\n- Pay critical attention to `packages/plugin-mintclub/src/plugin.ts` - requires complete refactoring of command execution to use `bunExec()` with argument arrays\n\n<h3>Important Files Changed</h3>\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/plugin-mintclub/src/plugin.ts | Critical security issues: uses banned `execSync` API and has command injection vulnerability from unsanitized user input. `WALLET_BALANCE` validate always returns true. |\n| packages/plugin-mintclub/README.md | Setup instructions use `npm` instead of required `bun` package manager |\n\n</details>\n\n\n\n<h3>Sequence Diagram</h3>\n\n```mermaid\nsequenceDiagram\n    participant User\n    participant Agent\n    participant Plugin\n    participant CLI as mc CLI\n    participant Base as Base Network\n\n    User->>Agent: \"Swap 100 from ETH to MINT\"\n    Agent->>Plugin: SWAP action handler\n    Plugin->>Plugin: Parse input/output/amount from text\n    Plugin->>Plugin: runMcCommand(\"mc swap -i ETH -o MINT -a 100\")\n    Plugin->>CLI: execSync shell command\n    CLI->>CLI: Load wallet from PRIVATE_KEY\n    CLI->>Base: Sign and submit transaction\n    Base-->>CLI: Transaction result\n    CLI-->>Plugin: Command output\n    Plugin-->>Agent: ActionResult with text\n    Agent-->>User: \"Swapping 100 ETH to MINT...\"\n```\n\n<sub>Last reviewed commit: f9c105e</sub>\n\n<!-- greptile_other_comments_section -->\n\n<sub>(4/5) You can add custom instructions or style guidelines for the agent [here](https://app.greptile.com/review/github)!</sub>\n\n**Context used:**\n\n- Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=8ef4c9a3-e221-4aef-8556-8c9b88bf6bbb))\n\n<!-- /greptile_comment -->",
      "repository": "elizaos/eliza",
      "createdAt": "2026-02-13T14:54:08Z",
      "mergedAt": null,
      "additions": 423,
      "deletions": 0
    }
  ],
  "codeChanges": {
    "additions": 0,
    "deletions": 0,
    "files": 0,
    "commitCount": 6
  },
  "completedItems": [],
  "topContributors": [
    {
      "username": "h1-hunt",
      "avatarUrl": "https://avatars.githubusercontent.com/u/260165794?u=73efc04d5c05a1af9903686d9bb90265cc06ab45&v=4",
      "totalScore": 78.106107534656,
      "prScore": 77.668107534656,
      "issueScore": 0,
      "reviewScore": 0,
      "commentScore": 0.43799999999999994,
      "summary": "h1-hunt: Focused on feature and bugfix work, opening two PRs (elizaos/eliza#6498, elizaos/eliza#6497) related to adding a Mint Club V2 plugin, and modified 7 files with a significant net addition of 423 lines, primarily in config and code files."
    },
    {
      "username": "odilitime",
      "avatarUrl": "https://avatars.githubusercontent.com/u/16395496?u=c9bac48e632aae594a0d85aaf9e9c9c69b674d8b&v=4",
      "totalScore": 45.88363473949313,
      "prScore": 45.88363473949313,
      "issueScore": 0,
      "reviewScore": 0,
      "commentScore": 0,
      "summary": "odilitime: Focused on feature and bugfix work, modifying 23 files with a net addition of 609 lines, primarily in configuration files, and has an open PR, elizaos/eliza#6496, for a chat example."
    },
    {
      "username": "greptile-apps",
      "avatarUrl": "https://avatars.githubusercontent.com/in/867647?v=4",
      "totalScore": 13.7,
      "prScore": 0,
      "issueScore": 0,
      "reviewScore": 13.5,
      "commentScore": 0.2,
      "summary": "greptile-apps: No activity today."
    }
  ],
  "newPRs": 3,
  "mergedPRs": 0,
  "newIssues": 0,
  "closedIssues": 0,
  "activeContributors": 3
}