{ "interval": { "intervalStart": "2026-04-07T00:00:00.000Z", "intervalEnd": "2026-04-08T00:00:00.000Z", "intervalType": "day" }, "repository": "elizaos/eliza", "overview": "From 2026-04-07 to 2026-04-08, elizaos/eliza had 1 new PRs (0 merged), 2 new issues, and 4 active contributors.", "topIssues": [ { "id": "I_kwDOMT5cIs77bCZZ", "title": "Delegation chains for autonomous agents — scoped authority, spend limits, cascade revocation", "author": "aeoess", "number": 6711, "repository": "elizaos/eliza", "body": "Eliza agents operate autonomously, often with access to wallets and APIs. The current trust model is binary: an agent either has a token/key or it doesn't. There's no way to express \"this agent can spend up to $50 from this wallet\" or \"this agent can post to Twitter but not delete tweets\" or \"this delegation expires in 24 hours.\"\n\nWhen an agent misbehaves or gets compromised, the only option is to revoke the entire key. There's no granular scope, no cascade revocation for downstream agents, and no signed proof of what the agent was authorized to do.\n\nDelegation chains with monotonic narrowing fix this:\n\n```typescript\nimport { issuePassport, createDelegation, verifyDelegation } from 'agent-passport-system'\n\n// Each Eliza agent gets an Ed25519 identity\nconst passport = issuePassport({ name: 'trading-agent-01', model: 'gpt-4o' })\n\n// Owner delegates: trade on Uniswap, max $500/day, 7 days\nconst delegation = createDelegation({\n delegatedTo: passport.publicKey,\n delegatedBy: ownerKey,\n scope: ['commerce:trade', 'defi:swap'],\n spendLimit: 50000, // cents\n expiresAt: new Date(Date.now() + 7 * 86400_000),\n maxDepth: 1 // can't sub-delegate\n})\n\n// Agent can sub-delegate to a helper, but ONLY narrower\n// Trying to escalate scope or spend → cryptographic rejection\nconst subDelegation = createDelegation({\n delegatedTo: helperKey,\n delegatedBy: passport.privateKey,\n scope: ['defi:swap'], // narrower than parent\n spendLimit: 10000, // less than parent\n parentDelegation: delegation\n})\n// verifyDelegation(subDelegation) checks the full chain\n```\n\nIf the trading agent gets compromised:\n\n```typescript\nimport { cascadeRevoke } from 'agent-passport-system'\n// One call kills the agent AND all its sub-delegations\ncascadeRevoke(delegation.delegationId, ownerKey)\n```\n\nEvery action the agent takes through the governance layer produces a signed receipt — Ed25519 proof of what was authorized, what was attempted, and what happened. The receipts are append-only and tamper-evident.\n\n`npm install agent-passport-system` (v1.36.2, Apache-2.0) or `pip install agent-passport-system` (v0.8.0).\n\nThe character/plugin architecture maps well here — governance could be a plugin that wraps action execution, checking delegation scope before every external call. The receipt trail gives operators forensic evidence when agents interact with real money.\n", "createdAt": "2026-04-07T13:57:35Z", "closedAt": null, "state": "OPEN", "commentCount": 0 }, { "id": "I_kwDOMT5cIs77aVut", "title": "Your MCP server earned an A security grade on Loaditout", "author": "loaditoutadmin", "number": 6710, "repository": "elizaos/eliza", "body": "Hi there,\n\nYour MCP server **eliza** passed all 7 criteria in our automated security grading system and earned an **A grade** on [Loaditout](https://loaditout.ai). Only 20.5% of the 20,000+ MCP servers we scanned earn this grade.\n\n## Add a security badge to your README\n\n```markdown\n[![Loaditout Security Grade](https://loaditout.ai/badge/elizaOS/eliza)](https://loaditout.ai/skills/elizaOS/eliza)\n```\n\nPreview: ![Loaditout Security Grade](https://loaditout.ai/badge/elizaOS/eliza)\n\n## Your listing\n\nhttps://loaditout.ai/skills/elizaOS/eliza\n\n## The 7 criteria\n\n1. Zero prompt injection flags\n2. Zero capability flags (no shell, exec, sudo, filesystem, process.env)\n3. README present\n4. Description present\n5. Committed within 12 months\n6. At least 5 GitHub stars\n7. No secret env vars required\n\nThanks for building a secure tool. Feel free to close this issue if you are not interested.\n\n-- [Anand Jain](https://loaditout.ai) / [@loaditoutai](https://x.com/loaditoutai)", "createdAt": "2026-04-07T13:28:08Z", "closedAt": null, "state": "OPEN", "commentCount": 0 } ], "topPRs": [ { "id": "PR_kwDOMT5cIs7Qb6X5", "title": "Fix/toon action params", "author": "NubsCarson", "number": 6709, "body": "# Relates to\r\n\r\nn/a, found while testing milady's discord connector\r\n\r\n# Risks\r\n\r\nlow. both changes are additive. no api changes, no breaking changes.\r\n\r\n# Background\r\n\r\n## What does this PR do?\r\n\r\ntwo related fixes in DefaultMessageService:\r\n\r\n1. **toon action params**: added a `params` field to the response schema so the LLM is asked to output action parameters in toon format. without this, actions with required params (like RUN_IN_TERMINAL's `command`) never get their values from connectors using toon. the xml path already extracts inline params, the toon path didn't because the schema never asked for them. prompts.ts already documents this format, schema field was the missing piece.\r\n\r\n2. **async action terminal set**: added CREATE_TASK, START_CODING_TASK, CODE_TASK, SPAWN_AGENT, and SPAWN_CODING_AGENT to shouldContinueAfterActions. these actions hand off to PTY sessions and complete async, the handler returns fast while real work runs in the background. without this the continuation loop fires repeatedly while the task runs, generating noisy filler responses on top of the actual final result.\r\n\r\n## What kind of change is this?\r\n\r\nbug fixes\r\n\r\n# Documentation changes needed?\r\n\r\nno, schema now matches the existing prompt template docs\r\n\r\n# Testing\r\n\r\n## Where should a reviewer start?\r\n\r\n`packages/typescript/src/services/message.ts`:\r\n- params field in schema (around line 1985)\r\n- terminalActions Set in shouldContinueAfterActions (around line 257)\r\n\r\n## Detailed testing steps\r\n\r\n**toon params bug:**\r\n1. set up an agent with a toon-encapsulation connector (discord, milady)\r\n2. register an action with required params (RUN_IN_TERMINAL)\r\n3. trigger via connector\r\n4. before fix: handler gets no params, action fails silently\r\n5. after fix: toon output includes `params: { RUN_IN_TERMINAL: { command: \"...\" } }`, handler runs\r\n\r\n**continuation loop bug:**\r\n1. trigger CREATE_TASK from plugin-agent-orchestrator via discord\r\n2. before fix: continuation fires every ~30s while PTY runs, spams filler responses\r\n3. after fix: loop terminates after CREATE_TASK, single clean result from synthesis\r\n\r\nend-to-end verified via discord on milady, task completes with one clean message.\r\n\r\n35/35 startup-coordinator tests pass, 9/9 onboarding tests pass.\r\n\r\n## Discord username\r\n\r\n1gig\n\n\n\n

Greptile Summary

\n\nFixes two bugs in `DefaultMessageService`: (1) adds a `params` field to the single-shot TOON schema so LLM responses on non-streaming connectors carry action parameters, and (2) adds `CREATE_TASK`, `START_CODING_TASK`, `CODE_TASK`, `SPAWN_AGENT`, and `SPAWN_CODING_AGENT` to the terminal-action set that suppresses post-action continuation loops. The PR also lands supporting changes: inline attachment handling and sanitization, a new `GenerateTextAttachment` type, deterministic prompt-name generation, a TOON utility module, and a large-scale migration of templates from XML to TOON format.\n\n

Confidence Score: 4/5

\n\nSafe to merge; both fixes are additive with no breaking API changes, but a minor indentation defect in the param-repair block is worth cleaning up.\n\nBoth core bug fixes are logically sound and well-tested (tests pass). The `shouldContinueAfterActions` change correctly classifies async task actions as terminal. The `params` schema addition lands on the right path for non-streaming connectors. One P2 indentation issue in the repair code block does not affect runtime behavior. The wider template migration and deterministic-naming refactor are large but orthogonal to the stated fixes.\n\npackages/typescript/src/services/message.ts around lines 2267–2274 (indentation inconsistency in param-repair block)\n\n

Important Files Changed

\n\n| Filename | Overview |\n|----------|----------|\n| packages/typescript/src/services/message.ts | Core bug fixes: adds `params` field to TOON schema and expands terminal action set; also adds inline attachment support. Minor indentation inconsistency in repair block. |\n| packages/typescript/src/utils/toon.ts | New utility providing TOON encode/decode helpers and `parseToonActionParams` for structured action parameter extraction. |\n| packages/typescript/src/utils/deterministic.ts | New utility replacing Math.random() with a seeded deterministic PRNG for reproducible prompt name generation. |\n| packages/typescript/src/prompts.ts | Refactored from XML to TOON prompt format across all templates; auto-generated from packages/prompts/prompts/*.txt. |\n| packages/typescript/src/actions.ts | Updated `parseActionParams` to accept `unknown` and try TOON format first; action examples switched to deterministic shuffling. |\n| packages/typescript/src/types/model.ts | New `GenerateTextAttachment` interface and `attachments` field on `GenerateTextParams` for multimodal support. |\n| packages/typescript/src/utils.ts | `parseKeyValueXml` now tries TOON before XML fallback; template compilation cached; names generated deterministically. |\n| packages/typescript/src/types/runtime.ts | Added `toon` as valid option for `preferredEncapsulation` and `forceFormat` in `dynamicPromptExecFromState`. |\n\n\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant Connector as Discord/Milady Connector\n participant MsgSvc as DefaultMessageService\n participant LLM as LLM (TEXT_LARGE)\n participant Actions as Action Handler\n\n Connector->>MsgSvc: handleMessage (no onStreamChunk)\n Note over MsgSvc: preferredEncapsulation = \"toon\"\n MsgSvc->>LLM: runSingleShotCore (schema includes params field)\n LLM-->>MsgSvc: TOON response\\nparams: { RUN_IN_TERMINAL: { command: \"...\" } }\n MsgSvc->>MsgSvc: parseActionParams(responseContent.params)\n Note over MsgSvc: shouldContinueAfterActions?\n alt action is CREATE_TASK / SPAWN_AGENT / etc.\n Note over MsgSvc: terminalActions → return false (no loop)\n MsgSvc->>Actions: execute action once\n Actions-->>Connector: single clean result\n else action is non-terminal\n MsgSvc->>MsgSvc: continuation loop fires\n end\n```\n\nReviews (1): Last reviewed commit: [\"fix: stop continuation loop after async ...\"](https://github.com/elizaos/eliza/commit/2676b1fc95e3c0bb6fb232ebe5e4e79101fd6ca0) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=27562392)\n\n> Greptile also left **1 inline comment** on this PR.\n\n(4/5) You can add custom instructions or style guidelines for the agent [here](https://app.greptile.com/review/github)!\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-07T09:02:10Z", "mergedAt": null, "additions": 3650, "deletions": 3460 } ], "codeChanges": { "additions": 0, "deletions": 0, "files": 0, "commitCount": 1 }, "completedItems": [], "topContributors": [ { "username": "NubsCarson", "avatarUrl": "https://avatars.githubusercontent.com/u/192162056?u=d2be9082dbee60fcbad21d32bf6e662ab1af3674&v=4", "totalScore": 43.5437738965761, "prScore": 43.5437738965761, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": "NubsCarson: Focused on improving system reliability by addressing parameter handling in elizaos/eliza via PR #6709. This work involved a targeted bugfix across 18 lines of code, emphasizing a commitment to codebase stability." }, { "username": "dutchiono", "avatarUrl": "https://avatars.githubusercontent.com/u/86275975?u=0d8badaa81aa47682651f87dc2d363837876de98&v=4", "totalScore": 37.974773896576096, "prScore": 37.974773896576096, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": "dutchiono: Focused on resolving environment-specific compatibility issues by opening PR #25 in elizaos-plugins/plugin-openrouter to remove PGlite artifacts blocking Windows git checkouts. This effort involved a significant cleanup of 4,270 files, demonstrating a dedicated focus on cross-platform bugfix work." }, { "username": "greptile-apps", "avatarUrl": "https://avatars.githubusercontent.com/in/867647?v=4", "totalScore": 4.5, "prScore": 0, "issueScore": 0, "reviewScore": 4.5, "commentScore": 0, "summary": "greptile-apps: No activity today." }, { "username": "loaditoutadmin", "avatarUrl": "https://avatars.githubusercontent.com/u/268400134?v=4", "totalScore": 2, "prScore": 0, "issueScore": 2, "reviewScore": 0, "commentScore": 0, "summary": "loaditoutadmin: Focused on security oversight for the project, opening issue #6710 in elizaos/eliza to report an A security grade for the MCP server." }, { "username": "aeoess", "avatarUrl": "https://avatars.githubusercontent.com/u/171286556?u=6c84bd29793495ac607e088d40286cf0c99b35b0&v=4", "totalScore": 2, "prScore": 0, "issueScore": 2, "reviewScore": 0, "commentScore": 0, "summary": "aeoess: Focused on architectural planning for autonomous agent capabilities by opening issue #6711 in elizaos/eliza to propose delegation chains and scoped authority. This contribution centers on the design and governance of autonomous agent workflows." } ], "newPRs": 1, "mergedPRs": 0, "newIssues": 2, "closedIssues": 0, "activeContributors": 4 }