{ "interval": { "intervalStart": "2026-04-21T00:00:00.000Z", "intervalEnd": "2026-04-22T00:00:00.000Z", "intervalType": "day" }, "repository": "elizaos/eliza", "overview": "From 2026-04-21 to 2026-04-22, elizaos/eliza had 23 new PRs (24 merged), 1 new issues, and 10 active contributors.", "topIssues": [ { "id": "I_kwDOMT5cIs8AAAABAApY9A", "title": "Standardizing Agent Commerce: Merxex Integration Proposal", "author": "enigma-zeroclaw", "number": 6977, "repository": "elizaos/eliza", "body": "Hi maintainers,\n\nI've been following elizaOS and am impressed by how you're tackling autonomous agents for everyone.\n\nAs agents become more autonomous, the next major hurdle is **commerce**: how they pay for tools, services, and other agents. I'm working on **Merxex**, an AI agent-to-agent commerce platform designed to act as a standardized financial layer for agentic workflows.\n\nI believe integrating a commerce module (like a \"Merxex Plugin\") into elizaOS would provide your users with immediate, production-ready capability to:\n- Pay for API credits/tools automatically.\n- Execute micro-contracts between agents.\n- Manage agent wallets and escrow.\n\nI'd love to discuss how we might build a lightweight integration or a reference implementation for your framework. Would you be open to a brief discussion or a proposal on how this could work?\n\nBest,\nZeroClaw (Enigma)\nhttps://github.com/merxex/hello-merxex", "createdAt": "2026-04-20T12:28:46Z", "closedAt": "2026-04-21T21:48:10Z", "state": "CLOSED", "commentCount": 1 }, { "id": "I_kwDOMT5cIs8AAAABAJpTUg", "title": "Feature request: PII sanitization layer before LLM processing", "author": "teodorofodocrispin-cmyk", "number": 7007, "repository": "elizaos/eliza", "body": "**Is your feature request related to a problem? Please describe.**\n\nElizaOS processes user-generated text from Discord, Telegram, \nFarcaster and other connectors before sending it to LLM \nproviders. This text frequently contains PII: emails, phone \nnumbers, private keys, passwords, and API keys.\n\nThere is currently no layer that redacts PII *before* the text \nreaches the LLM provider. Sensitive data is processed by \nexternal APIs even when it shouldn't be — creating privacy \nrisk for any deployment handling real user conversations.\n\n**Describe the solution you'd like**\n\nA pre-LLM sanitization hook in the plugin system that redacts \nPII automatically before each LLM call. No human intervention \nrequired.\n\nAn existing tool that solves this is TrustBoost — a \nblockchain-verified PII sanitization layer built for \nautonomous agent pipelines:\n\n- Webhook API — no SDK required\n- Trial mode: tx_hash=\"TRIAL\" (50 free requests, no payment)\n- Returns: sanitized_text + safety_score + risk_category\n- No raw PII stored\n- molt.json compatible (Agent Skills standard)\n\nGitHub: https://github.com/teodorofodocrispin-cmyk/TrustBoost-PII-Sanitizer\n\n**Describe alternatives you've considered**\n\nBuilding a custom regex-based filter — requires maintenance \nand misses contextual PII. TrustBoost uses GPT-4o-mini for \nsemantic redaction, which handles edge cases regex misses \n(non-standard formats, contextual PII, compound identifiers).\n\n**Additional context**\n\nThis is especially relevant for ElizaOS's Solana integrations \n— agents processing on-chain payment flows and user messages \nsimultaneously are at higher risk of exposing PII to external \nLLM providers without realizing it.", "createdAt": "2026-04-21T20:21:01Z", "closedAt": "2026-04-21T21:47:45Z", "state": "CLOSED", "commentCount": 1 } ], "topPRs": [ { "id": "PR_kwDOMT5cIs7UKEcu", "title": "fix: aligns TypeScript typecheck across lifeops, agent, app-core, and shared, and folds the phone-companion surface ", "author": "odilitime", "number": 6984, "body": "\n> [!NOTE]\n> **Medium Risk**\n> Adds several new LifeOps actions and new calendar/scheduling behaviors (bulk reschedule preview, travel-time buffers, trigger scheduling), plus a new Safari extension smoke-test harness; these touch workflow automation and user-facing scheduling flows where edge cases could cause incorrect routing or unexpected automation.\n> \n> **Overview**\n> Updates automation workflows to newer Claude models and refreshes a live LLM test model.\n> \n> Extends LifeOps behavior across calendar/scheduling: event creation can now compute and surface a travel-time buffer (with optional origin extraction), `OWNER_CALENDAR` gains deterministic first-turn routing for several request families and a new `bulk_reschedule` preview flow that scopes likely affected meetings before approval, and meeting-slot proposals infer time zone from location text and can bundle counterparties.\n> \n> Adds new operational actions built on a shared `scheduleOnceTriggerTask` helper (targeted chat mute/unmute with optional auto-unmute, cross-platform handoff/escalation, and scheduled X DM replies), improves goal workflows with weekly goal review + “experience loop” context, expands screen-time queries with `weekly_average_by_app`, and adds a Safari-specific extension smoke test plus website-blocker allowlist support in the browser extension.\n> \n> Also includes smaller UX/prompt tweaks (approval/inbox copy, Gmail query extraction), adds `@elizaos/billing` to LifeOps app deps, broadens `X_READ` validation, and introduces UI/client plumbing for schedule state + X connector operations.\n> \n> Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit cd68f1630a3e4d6f6d57b3d60777266e21949fb7. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).\n\n\n\n\n

Greptile Summary

\n\nThis PR (\"milady cursor fixes\") aligns TypeScript typecheck across `lifeops`, `agent`, `app-core`, and `shared`, and folds the phone-companion surface — including a new iOS Capacitor plugin (`MiladyIntentPlugin.swift`), a WebSocket session client, touch-to-input translation, and a React UI shell — into the Milady iOS bundle.\n\n- **`MiladyIntentPlugin.swift`**: `getPairingStatus` reads pairing data from `UserDefaults.standard` but the docstring says \\\"shared keychain\\\" and no code in this file or the PR ever writes those keys. `paired` will always be `false` at runtime, blocking any downstream UI branch that gates on a successful pair.\n- **`rate-limiter.ts`**: The global `cleanup` sweep uses the calling operation's `windowMs` as the cutoff for every entry in the shared bucket map, which can under-count recent requests for buckets that use longer windows right after a short-window cleanup pass.\n\n

Confidence Score: 3/5

\n\nSafe to merge for TypeScript-only callers, but the iOS pairing feature shipped in this PR will not work — getPairingStatus always returns paired: false.\n\nThe TypeScript typecheck fixes and the TS-layer phone-companion code are clean. The P1 in MiladyIntentPlugin.swift means the pairing feature introduced here is non-functional on device — any UI path gated on paired: true will never activate. This is a correctness gap in new user-visible behaviour, not just a style concern, which warrants holding at 3/5 until the write path is confirmed or the code is documented as intentionally returning false for this milestone.\n\npackages/app-core/platforms/ios/App/App/MiladyIntentPlugin.swift — getPairingStatus implementation; packages/agent/src/api/rate-limiter.ts — cleanup logic\n\n

Important Files Changed

\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/app-core/platforms/ios/App/App/MiladyIntentPlugin.swift | New native iOS Capacitor plugin; `getPairingStatus` reads from UserDefaults but the doc comment says \"shared keychain\" and nothing ever writes those keys, so `paired` is always false. |\n| packages/agent/src/api/rate-limiter.ts | New sliding-window rate limiter; cleanup sweep applies one caller's windowMs to all buckets, which can under-count recent requests for long-window keys after a short-window cleanup pass. |\n| packages/app-core/src/services/phone-companion/session-client.ts | New WebSocket session client with touch-to-input translation; well-tested; minor unguarded array access in lastSample helper. |\n| packages/app-core/src/services/phone-companion/milady-intent.ts | New Capacitor plugin facade for native iOS intent bridge with an explicit web fallback that refuses to fake success; looks correct. |\n| packages/agent/src/api/wallet-env-sync.ts | Leaf-level Solana key derivation helper extracted to break circular imports; handles placeholders correctly and derives public key from 32- or 64-byte secrets. |\n| packages/shared/src/contracts/lifeops.ts | Comprehensive LifeOps contract type barrel; no logic, purely type declarations — changes look like typecheck alignment additions. |\n| packages/app-core/src/services/phone-companion/session-client.test.ts | Comprehensive unit tests for SessionClient, touchToInput, and decodePairingPayload; mock WebSocket and edge cases covered. |\n| packages/app-core/src/services/phone-companion/milady-intent.web.test.ts | Tests for MiladyIntentWeb fallback; logger routes through globalThis.console.warn so the console spy works correctly. |\n| packages/typescript/src/types/model.ts | Model type definitions and fallback chains; additions look consistent with existing patterns. |\n\n\n\n\n\n

Sequence Diagram

\n\n```mermaid\nsequenceDiagram\n participant iOS as iOS App (Swift)\n participant Cap as Capacitor Bridge\n participant JS as MiladyIntent (TS)\n participant SC as SessionClient\n participant WS as WebSocket Ingress\n\n iOS->>Cap: scheduleAlarm / receiveIntent / getPairingStatus\n Cap->>JS: routes to MiladyIntentWeb (web) or MiladyIntentPlugin (native)\n JS-->>iOS: result payload\n\n Note over JS,SC: Pairing flow — T9a data plane\n JS->>SC: connect(ingressUrl, sessionToken)\n SC->>WS: open WebSocket with auth query param\n WS-->>SC: open event\n SC-->>JS: state change to open\n\n Note over SC,WS: Touch input relay\n JS->>SC: sendInput from touchToInput(gesture)\n SC->>WS: send JSON event\n```\n\n\n

Comments Outside Diff (1)

\n\n1. `packages/agent/src/api/rate-limiter.ts`, line 35-44 ([link](https://github.com/elizaos/eliza/blob/1b64ec281a73079219ee7797d7834325c3a52c4d/packages/agent/src/api/rate-limiter.ts#L35-L44)) \n\n \"P2\" **Global cleanup applies one window size to all buckets**\n\n `cleanup(windowMs)` uses the `windowMs` of the calling operation as the cutoff for *every* key in the shared `buckets` map. If key A has a 1-second window and key B has a 60-second window, and cleanup fires during a key-A call, all of key B's timestamps within the last minute get evicted. The main `checkRateLimit` path re-filters correctly on every call, so actual allow/deny decisions are unaffected, but entries evicted early will not contribute to window tracking on the next call, meaning a key with a long window may under-count recent requests immediately after a cleanup sweep with a short `windowMs`.\n\n A simple fix is to store the `windowMs` per entry and use each entry's own window during cleanup:\n ```typescript\n interface RateLimitEntry {\n timestamps: number[];\n windowMs: number;\n }\n // In cleanup:\n const cutoff = now - entry.windowMs;\n entry.timestamps = entry.timestamps.filter((t) => t > cutoff);\n ```\n\n
\n\n\n\nReviews (1): Last reviewed commit: [\"Merge branch 'odi-dev2' of upstream into...\"](https://github.com/elizaos/eliza/commit/1b64ec281a73079219ee7797d7834325c3a52c4d) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29072299)\n\n> Greptile also left **2 inline comments** on this PR.\n\n\n\n\n\n## Summary by CodeRabbit\n\n## Release Notes\n\n* **New Features**\n * Added mobile companion app for iOS with device pairing via QR code scanning or manual code entry.\n * Introduced remote session control interface with interactive touch input handling.\n * Enabled push notification support on iOS devices.\n * Added chat interface to the companion application.\n\n* **Chores**\n * Updated multiple plugin dependencies.\n * Enhanced model fallback chains for text generation.\n * Improved iOS build configuration.\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-21T02:04:45Z", "mergedAt": "2026-04-21T09:47:32Z", "additions": 21961, "deletions": 2872 }, { "id": "PR_kwDOMT5cIs7UUiuQ", "title": "fix(inmemory-adapter): sort getMemories desc to match plugin-sql", "author": "standujar", "number": 7000, "body": "## Summary\n\n- `InMemoryDatabaseAdapter.getMemories` returned insertion order (effectively oldest-first), diverging from `plugin-sql`'s `MemoryStore.get` which sorts `desc(createdAt), desc(id)`.\n- With `count: N`, the in-memory adapter returned the N **oldest** memories once a room exceeded N — silently different from prod, and the bug only surfaces in long-running sessions / benchmarks.\n- This PR sorts the filtered list newest-first (tiebreak on `id` desc) before slicing, aligning with `plugin-sql`.\n\n## Divergence (before this PR)\n\n| Adapter | Ordering | Behavior of `count: N` once room > N |\n|---|---|---|\n| `plugin-sql` (prod) | `desc(createdAt), desc(id)` | N **newest** |\n| `InMemoryDatabaseAdapter` (tests, benchmarks) | insertion order (≈ oldest-first) | N **oldest** |\n\n### Concrete repro\nSeed 15 memories into a room, then `getMemories({ count: 10 })`:\n- `plugin-sql`: returns memories 15..6 (newest 10) ✅\n- `InMemoryDatabaseAdapter` (before): returns memories 1..10 (oldest 10) ❌\n\nThis broke a downstream e2e suite where a `count: 10` capture of recent messages silently froze on turn ~5's response once the room exceeded 10 memories.\n\n## Changes\n\n- `packages/typescript/src/database/inMemoryAdapter.ts`: sort `all` desc by `createdAt` (tiebreak `id` desc) before offset/limit slicing. `start`/`end` filtering and `metadata` filtering run first, unchanged.\n- `packages/typescript/src/__tests__/history-compaction.test.ts`:\n - Update the 4 existing ordering assertions (`start`/`end` / post-compaction replay) to reflect newest-first — they previously asserted oldest-first, which was the bug.\n - Add 3 new tests: ordering parity under `count`, overflow (`count: 10` against 15 memories returns newest 10), and `id`-desc tiebreak when `createdAt` ties.\n\n## Risk / compat\n\n- Behavioural change for in-memory consumers that unknowingly relied on oldest-first.\n- `plugin-sql` has always returned newest-first, so any production-aligned consumer already expects that. This change brings in-memory **into parity** with prod; anyone surprised by the change was already surprised by the inconsistency.\n- `autoCompaction` re-sorts the fetched batch ascending by `createdAt` before summarising, so its chronological output is preserved.\n- No public API change.\n\n## Test plan\n\n- [ ] `bun test` at repo root passes\n- [ ] `cd packages/typescript && bun test` passes\n- [ ] Spot-check `history-compaction.test.ts` covers: start, end, start+end, tiebreak inclusive boundaries, count limits, undefined createdAt, ordering parity, overflow, id tiebreak\n\n## Out of scope\n\n- No changes to `plugin-sql` (already correct).\n- No public type changes (no `order` / `sortBy` param added).\n- No changes to `getMemoriesByRoomIds`, `getMemoriesByIds`, etc. — can be revisited in a follow-up if needed.\n\n\n\n

Greptile Summary

\n\nThis PR fixes a behavioural divergence in `InMemoryDatabaseAdapter.getMemories`, which returned memories in insertion order (oldest-first) while `plugin-sql` has always sorted `desc(createdAt), desc(id)`. The fix inserts a single sort step after timestamp/metadata filtering but before offset/limit slicing, bringing the in-memory adapter into parity with production. Existing tests are updated to reflect the corrected ordering, and three new tests cover count-overflow, ordering parity, and id-desc tiebreak scenarios.\n\n

Confidence Score: 5/5

\n\nSafe to merge — the change brings the in-memory adapter in line with the SQL adapter and is covered by new and updated tests.\n\nThe fix is targeted and correct: `slice()` before `sort()` avoids mutating stored state, the sort order mirrors `plugin-sql` exactly, `autoCompaction` re-sorts ascending before use so it is unaffected, and all downstream production consumers already expected descending order. No P0/P1 findings.\n\nNo files require special attention.\n\n

Important Files Changed

\n\n| Filename | Overview |\n|----------|----------|\n| packages/typescript/src/database/inMemoryAdapter.ts | Adds `desc(createdAt), desc(id)` sort to `getMemories` after filtering, before offset/limit slice. Uses `slice()` before `sort()` to avoid mutating the stored array. The rest of the file is a whitespace-only reformat (tabs → spaces). |\n| packages/typescript/src/__tests__/history-compaction.test.ts | Updates 4 existing ordering assertions from ascending to descending, and adds 3 new tests: newest-first under `count`, N-oldest overflow, and id-desc tiebreak. All test expectations are consistent with the new sort logic. |\n\n\n\n

Flowchart

\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n A[getMemories called] --> B[Load memoriesByRoom]\n B --> C{start or end param?}\n C -- Yes --> D[Filter by timestamp range]\n C -- No --> E[Skip filter]\n D --> F{metadata param?}\n E --> F\n F -- Yes --> G[Filter by metadata deep-equals]\n F -- No --> H[Skip filter]\n G --> I[Sort desc createdAt desc id - NEW]\n H --> I\n I --> J[Apply offset / limit slice]\n J --> K[Return results]\n```\n\nReviews (1): Last reviewed commit: [\"fix(inmemory-adapter): sort getMemories ...\"](https://github.com/elizaos/eliza/commit/3688dd49e4b583183f4e38da6b2a2594a8fa25fb) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29130100)\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-21T13:52:51Z", "mergedAt": "2026-04-21T21:46:50Z", "additions": 1960, "deletions": 1838 }, { "id": "PR_kwDOMT5cIs7T1WWy", "title": "Shaw/scenario final checks fix", "author": "lalalune", "number": 6972, "body": "fixes\n\n\n\n

Greptile Summary

\n\nThis PR bundles several fixes: restoring scenario final-check handlers with tighter channel/action matching logic, wiring `installTaskHeartbeat` into swarm synthesis, adding a Duffel travel API relay route with unit tests, and aligning desktop-build scripts to the renamed `eliza-dist` artifact path.\n\n- **P1 – `pushEscalationOrder`**: Removed the `delivered !== false` filter, so failed dispatches can now satisfy the escalation-order check and produce false passes.\n- **P1 – `connectorDispatchOccurred`**: The `actionName` filter was dropped from the `connectorDispatches` count; only the action-fallback path still respects it, making the two legs inconsistent.\n\n

Confidence Score: 3/5

\n\nTwo P1 behavioral regressions in scenario checks should be resolved before merging.\n\nThe app-core build/release script changes and the Duffel relay route are straightforward and low-risk. However, the scenario-runner refactor introduces two P1 issues: pushEscalationOrder no longer filters undelivered dispatches (false-positive risk) and connectorDispatchOccurred silently drops the actionName filter on the dispatch count. These affect test accuracy and could mask real failures in scenario runs.\n\npackages/scenario-runner/src/final-checks/index.ts (pushEscalationOrder and connectorDispatchOccurred handlers), packages/agent/src/api/server.ts (buildTaskLine retry regression)\n\n

Important Files Changed

\n\n\n\n\n| Filename | Overview |\n|----------|----------|\n| packages/scenario-runner/src/final-checks/index.ts | Major refactor of scenario final-check handlers: fixes inverted approvalStateTransition logic, rewrites channel/dispatch matching helpers, and reorders draftExists/messageDelivered/connectorDispatchOccurred — but drops the actionName filter from connectorDispatchOccurred dispatch count, removes undelivered-dispatch filtering from pushEscalationOrder, and leaves actionDraftCandidate as dead code |\n| packages/agent/src/api/server.ts | Wires installTaskHeartbeat into wireCodingAgentSwarmSynthesis, simplifies buildTaskLine by removing jsonl retry loop and agentType guard, inlines resolveClientChatAdminEntityId — the missing retry loop risks a jsonl-flush race condition and the final fallback returns the user's original prompt verbatim |\n| packages/agent/src/api/duffel-relay-routes.ts | Minor cosmetic cleanup: removes a JSDoc block and converts Unicode arrows to ASCII; no functional change |\n| packages/app-core/scripts/desktop-build.mjs | Adds mirrorCanonicalToLegacy helper that hard-links/copies build and artifacts directories from canonical to legacy electrobun compat path after packaging |\n| packages/app-core/scripts/lib/patch-bun-exports.mjs | Adds applyTsTsxJsGlobFix / patchTsTsxJsGlobs to rewrite broken *.ts.js / *.ts.d.ts glob export targets in @elizaos/agent and @elizaos/ui packages |\n\n\n\n\n\n

Flowchart

\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n A[ScenarioFinalCheck] --> B{check.type}\n B --> C[actionCalled - Exact name match]\n B --> D[selectedAction - Exact name match]\n B --> E[approvalStateTransition - Fixed: was inverted]\n B --> F[pushEscalationOrder - No delivered filter]\n B --> G[connectorDispatchOccurred - actionName not applied to dispatch count]\n B --> H[draftExists - Missing status=drafted]\n B --> I[messageDelivered]\n B --> J[pushAcknowledgedSync - Narrowed to parameters/data]\n F --> F1[All dispatches incl. failed]\n G --> G1[dispatchCount: channel only]\n G --> G2[actionFallbackCount: channel + actionName]\n G1 --> G3[total = G1 + G2]\n```\n\n\n

Comments Outside Diff (1)

\n\n1. `packages/agent/src/api/server.ts`, line 1584-1602 ([link](https://github.com/elizaos/eliza/blob/60866360e781202470e940ca84b03d07ff06d51e/packages/agent/src/api/server.ts#L1584-L1602)) \n\n \"P2\" **`buildTaskLine` race condition and misleading last-resort fallback**\n\n The previous code retried the jsonl read up to 4 times (500 ms apart) because the PTY `task_complete` hook fires before the session's jsonl is flushed to disk. Without the retry loop, `readLastAssistantTextFromJsonl` will frequently return nothing for recently-completed sessions and fall through. Additionally, when there is no `completionSummary` and the task string contains no port pattern, the new last-resort path returns `task.originalTask` — the user's own prompt — verbatim, which is confusing.\n\n
\n\n\n\nReviews (1): Last reviewed commit: [\"fix: restore scenario final check handle...\"](https://github.com/elizaos/eliza/commit/60866360e781202470e940ca84b03d07ff06d51e) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=28945077)\n\n> Greptile also left **4 inline comments** on this PR.\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-20T06:00:10Z", "mergedAt": "2026-04-21T03:31:04Z", "additions": 935, "deletions": 26 }, { "id": "PR_kwDOMT5cIs7UT-mS", "title": "chore(deps): update rust crate uuid to v1.23.1", "author": "renovate", "number": 6998, "body": "This PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [uuid](https://redirect.github.com/uuid-rs/uuid) | dependencies | minor | `1.19.0` → `1.23.1` |\n\n---\n\n> [!WARNING]\n> Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/79) for more information.\n\n---\n\n### Release Notes\n\n
\nuuid-rs/uuid (uuid)\n\n### [`v1.23.1`](https://redirect.github.com/uuid-rs/uuid/releases/tag/v1.23.1)\n\n[Compare Source](https://redirect.github.com/uuid-rs/uuid/compare/v1.23.0...v1.23.1)\n\n#### What's Changed\n\n- Remove deprecated `msrv` feature from wasm-bindgen dependency by [@​guybedford](https://redirect.github.com/guybedford) in [#​877](https://redirect.github.com/uuid-rs/uuid/pull/877)\n- fix: Timestamp::from\\_gregorian deprecation note by [@​aznashwan](https://redirect.github.com/aznashwan) in [#​878](https://redirect.github.com/uuid-rs/uuid/pull/878)\n- Prepare for 1.23.1 release by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​879](https://redirect.github.com/uuid-rs/uuid/pull/879)\n\n#### New Contributors\n\n- [@​guybedford](https://redirect.github.com/guybedford) made their first contribution in [#​877](https://redirect.github.com/uuid-rs/uuid/pull/877)\n- [@​aznashwan](https://redirect.github.com/aznashwan) made their first contribution in [#​878](https://redirect.github.com/uuid-rs/uuid/pull/878)\n\n**Full Changelog**: \n\n### [`v1.23.0`](https://redirect.github.com/uuid-rs/uuid/releases/tag/v1.23.0)\n\n[Compare Source](https://redirect.github.com/uuid-rs/uuid/compare/v1.22.0...v1.23.0)\n\n#### What's Changed\n\n- feat: add support for 'hyphenated' format in the serde module by [@​FrenchDilettante](https://redirect.github.com/FrenchDilettante) in [#​865](https://redirect.github.com/uuid-rs/uuid/pull/865)\n- Fix a number of bugs in time-related code by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​872](https://redirect.github.com/uuid-rs/uuid/pull/872)\n- Reword invalid char error message by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​873](https://redirect.github.com/uuid-rs/uuid/pull/873)\n- Impl cleanups by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​874](https://redirect.github.com/uuid-rs/uuid/pull/874)\n- Use LazyLock to synchronize v1/v6 context initialization by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​875](https://redirect.github.com/uuid-rs/uuid/pull/875)\n- Prepare for 1.23.0 release by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​876](https://redirect.github.com/uuid-rs/uuid/pull/876)\n\n#### New Contributors\n\n- [@​FrenchDilettante](https://redirect.github.com/FrenchDilettante) made their first contribution in [#​865](https://redirect.github.com/uuid-rs/uuid/pull/865)\n\n#### Special thanks\n\n[@​meng-xu-cs](https://redirect.github.com/meng-xu-cs) raised a series of bugs against the timestamp logic in `uuid` using automated tooling. The issues themselves were reasonably and responsibly presented and the end result is a better `uuid` library for everyone. Thanks!\n\n### Deprecations\n\nThis release includes the following deprecations:\n\n- `Context`: Renamed to `ContextV1`\n- `Timestamp::from_gregorian`: Renamed to `Timestamp::from_gregorian_time`\n\n### Change to `Version::Max`\n\n`Version::Max`'s `u8` representation has changed from `0xff` to `0x0f` to match the value returned by `Uuid::get_version_num`.\n\n### Change to `Uuid::get_version` for the max UUID\n\n`Uuid::get_version` will only return `Some(Version::Max)` if the UUID is actually the max UUID (all bytes are `0xff`). Previously it would return `Some` if only the version field was `0x0f`. This change matches the behaviour of the nil UUID, which only returns `Some(Version::Nil)` if the UUID is the nil UUID (all bytes are `0x00`).\n\n**Full Changelog**: \n\n### [`v1.22.0`](https://redirect.github.com/uuid-rs/uuid/releases/tag/v1.22.0)\n\n[Compare Source](https://redirect.github.com/uuid-rs/uuid/compare/v1.21.0...v1.22.0)\n\n#### What's Changed\n\n- Default to rand 0.10 by [@​haxtibal](https://redirect.github.com/haxtibal) in [#​863](https://redirect.github.com/uuid-rs/uuid/pull/863)\n- Prepare for 1.22.0 release by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​864](https://redirect.github.com/uuid-rs/uuid/pull/864)\n\n#### New Contributors\n\n- [@​haxtibal](https://redirect.github.com/haxtibal) made their first contribution in [#​863](https://redirect.github.com/uuid-rs/uuid/pull/863)\n\n**Full Changelog**: \n\n### [`v1.21.0`](https://redirect.github.com/uuid-rs/uuid/releases/tag/v1.21.0)\n\n[Compare Source](https://redirect.github.com/uuid-rs/uuid/compare/v1.20.0...v1.21.0)\n\n#### What's Changed\n\n- Update getrandom to 0.4 by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​858](https://redirect.github.com/uuid-rs/uuid/pull/858)\n- feat: impl core::error::Error for Error by [@​XAMPPRocky](https://redirect.github.com/XAMPPRocky) in [#​852](https://redirect.github.com/uuid-rs/uuid/pull/852)\n- Prepare for 1.21.0 release by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​859](https://redirect.github.com/uuid-rs/uuid/pull/859)\n\n#### New Contributors\n\n- [@​XAMPPRocky](https://redirect.github.com/XAMPPRocky) made their first contribution in [#​852](https://redirect.github.com/uuid-rs/uuid/pull/852)\n\n**Full Changelog**: \n\n### [`v1.20.0`](https://redirect.github.com/uuid-rs/uuid/releases/tag/v1.20.0)\n\n[Compare Source](https://redirect.github.com/uuid-rs/uuid/compare/v1.19.0...v1.20.0)\n\n#### What's Changed\n\n- Derive Ord and PartialOrd for NonNilUuid by [@​mivort](https://redirect.github.com/mivort) in [#​854](https://redirect.github.com/uuid-rs/uuid/pull/854)\n- Implement Deserialize on adapter types by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​855](https://redirect.github.com/uuid-rs/uuid/pull/855)\n- Deprecate `macro-diagnostics` by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​856](https://redirect.github.com/uuid-rs/uuid/pull/856)\n- Prepare for 1.20.0 release by [@​KodrAus](https://redirect.github.com/KodrAus) in [#​857](https://redirect.github.com/uuid-rs/uuid/pull/857)\n\n#### New Contributors\n\n- [@​mivort](https://redirect.github.com/mivort) made their first contribution in [#​854](https://redirect.github.com/uuid-rs/uuid/pull/854)\n\n**Full Changelog**: \n\n
\n\n---\n\n### Configuration\n\n📅 **Schedule**: (UTC)\n\n- Branch creation\n - At any time (no schedule defined)\n- Automerge\n - At any time (no schedule defined)\n\n🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n🔕 **Ignore**: Close this PR and you won't be reminded about this update again.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/elizaOS/eliza).\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-21T13:23:58Z", "mergedAt": "2026-04-22T01:38:52Z", "additions": 181, "deletions": 5 }, { "id": "PR_kwDOMT5cIs7UVwJ0", "title": "chore(deps): bump the uv group across 4 directories with 3 updates", "author": "dependabot", "number": 7004, "body": "Bumps the uv group with 2 updates in the /packages/benchmarks/OSWorld directory: [python-dotenv](https://github.com/theskumar/python-dotenv) and [pypdf](https://github.com/py-pdf/pypdf).\nBumps the uv group with 1 update in the /packages/benchmarks/OSWorld/monitor directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /packages/benchmarks/solana/solana-gym-env directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\nBumps the uv group with 1 update in the /packages/python directory: [python-dotenv](https://github.com/theskumar/python-dotenv).\n\nUpdates `python-dotenv` from 0.21.1 to 1.2.2\n
\nRelease notes\n

Sourced from python-dotenv's releases.

\n
\n

v1.2.2

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

Misc

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2

\n

v1.2.1

\n

What's Changed

\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from python-dotenv's changelog.

\n
\n

[1.2.2] - 2026-03-01

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

[1.2.1] - 2025-10-26

\n\n

[1.2.0] - 2025-10-26

\n\n

[1.1.1] - 2025-06-24

\n

Fixed

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `pypdf` from 6.10.0 to 6.10.2\n
\nRelease notes\n

Sourced from pypdf's releases.

\n
\n

Version 6.10.2, 2026-04-15

\n

What's new

\n

Security (SEC)

\n\n

Full Changelog

\n

Version 6.10.1, 2026-04-14

\n

What's new

\n

Security (SEC)

\n\n

Robustness (ROB)

\n\n

Documentation (DOC)

\n\n

Full Changelog

\n
\n
\n
\nChangelog\n

Sourced from pypdf's changelog.

\n
\n

Version 6.10.2, 2026-04-15

\n

Security (SEC)

\n\n

Full Changelog

\n

Version 6.10.1, 2026-04-14

\n

Security (SEC)

\n\n

Robustness (ROB)

\n\n

Documentation (DOC)

\n\n

Full Changelog

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `python-dotenv` from 0.21.1 to 1.2.2\n
\nRelease notes\n

Sourced from python-dotenv's releases.

\n
\n

v1.2.2

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

Misc

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2

\n

v1.2.1

\n

What's Changed

\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from python-dotenv's changelog.

\n
\n

[1.2.2] - 2026-03-01

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

[1.2.1] - 2025-10-26

\n\n

[1.2.0] - 2025-10-26

\n\n

[1.1.1] - 2025-06-24

\n

Fixed

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `python-dotenv` from 1.1.1 to 1.2.2\n
\nRelease notes\n

Sourced from python-dotenv's releases.

\n
\n

v1.2.2

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

Misc

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2

\n

v1.2.1

\n

What's Changed

\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from python-dotenv's changelog.

\n
\n

[1.2.2] - 2026-03-01

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

[1.2.1] - 2025-10-26

\n\n

[1.2.0] - 2025-10-26

\n\n

[1.1.1] - 2025-06-24

\n

Fixed

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nUpdates `langchain-openai` from 1.1.12 to 1.1.15\n
\nRelease notes\n

Sourced from langchain-openai's releases.

\n
\n

langchain-openai==1.1.15

\n

Changes since langchain-openai==1.1.14

\n

release(openai): 1.1.15 (#36901)\nfix(openai): accommodate dict response items in streaming (#36899)\nfix(openai): infer azure chat profiles from model name (#36858)\nchore(model-profiles): refresh model profile data (#36864)

\n

langchain-openai==1.1.14

\n

Changes since langchain-openai==1.1.13

\n

release(openai): 1.1.14 (#36820)\nfix(openai): use SSRF-safe transport for image token counting (#36819)\nchore(deps): bump pytest to 9.0.3 (#36801)\nchore: bump langsmith from 0.6.3 to 0.7.31 in /libs/partners/openai (#36795)\nchore: bump pillow from 12.1.1 to 12.2.0 in /libs/partners/openai (#36777)

\n

langchain-openai==1.1.13

\n

Changes since langchain-openai==1.1.12

\n

release(openai): 1.1.13 (#36729)\nfix(openai): handle content blocks without type key in responses api conversion (#36725)\nchore(model-profiles): refresh model profile data (#36539)\nchore(openai): fix broken vcr cassette playback and add ci guard (#36502)\nfix(openai,groq,openrouter): use is-not-None checks in usage metadata token extraction (#36500)\nfix(core): fixed typos in the documentation (#36459)\nchore(model-profiles): refresh model profile data (#36455)\nfeat(core): impute placeholder filenames for OpenAI file inputs (#36433)\nchore: pygments>=2.20.0 across all packages (CVE-2026-4539) (#36385)\nchore(model-profiles): refresh model profile data (#36368)\nfix(openai): update computer call test (#36352)\nfix(openai): let user-provided User-Agent override the Azure default (#35523)\nchore: bump requests from 2.32.5 to 2.33.0 in /libs/partners/openai (#36248)

\n
\n
\n
\nCommits\n\n
\n
\n\nUpdates `python-dotenv` from 1.2.1 to 1.2.2\n
\nRelease notes\n

Sourced from python-dotenv's releases.

\n
\n

v1.2.2

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

Misc

\n\n

New Contributors

\n\n

Full Changelog: https://github.com/theskumar/python-dotenv/compare/v1.2.1...v1.2.2

\n

v1.2.1

\n

What's Changed

\n\n
\n

... (truncated)

\n
\n
\nChangelog\n

Sourced from python-dotenv's changelog.

\n
\n

[1.2.2] - 2026-03-01

\n

Added

\n\n

Changed

\n\n

Fixed

\n\n

Breaking Changes

\n\n

[1.2.1] - 2025-10-26

\n\n

[1.2.0] - 2025-10-26

\n\n

[1.1.1] - 2025-06-24

\n

Fixed

\n\n\n
\n

... (truncated)

\n
\n
\nCommits\n\n
\n
\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n
\nDependabot commands and options\n
\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/elizaOS/eliza/network/alerts).\n\n
\n\n\n\n

Greptile Summary

\n\nThis is a routine dependabot dependency bump across 4 Python packages, updating `python-dotenv` (0.21.1→1.2.2 in OSWorld/monitor and solana-gym-env, 1.2.1→1.2.2 in packages/python), `pypdf` (6.10.0→6.10.2), and `langchain-openai` (1.1.12→1.1.15). The `pypdf` 6.10.2 update is particularly beneficial as it includes security fixes limiting FlateDecode parameters, image decoding, and xref/object stream sizes to prevent DoS via malformed PDFs. The `python-dotenv` jump from 0.21.1 carries a breaking change in `set_key`/`unset_key` symlink behavior, but no affected package uses those APIs.\n\n

Confidence Score: 5/5

\n\nSafe to merge — routine dependency bumps with no breaking API usage in the affected packages.\n\nAll changes are automated dependency updates. The only notable breaking change (python-dotenv symlink behavior in set_key/unset_key) does not affect any code in the updated packages. The pypdf security patches are beneficial. No logic or application code was changed.\n\nNo files require special attention.\n\n

Important Files Changed

\n\n| Filename | Overview |\n|----------|----------|\n| packages/benchmarks/OSWorld/monitor/requirements.txt | python-dotenv pinned to 1.2.2 (major-version bump from 0.21.1); no set_key/unset_key usage detected so breaking symlink behavior change is not a concern. |\n| packages/benchmarks/OSWorld/pyproject.toml | python-dotenv and pypdf dependency constraints updated; pypdf 6.10.2 includes important security fixes for FlateDecode/xref stream limits and invalid /Size handling. |\n| packages/benchmarks/OSWorld/uv.lock | Lock file updated to reflect resolved versions of python-dotenv 1.2.2 and pypdf 6.10.2. |\n| packages/benchmarks/solana/solana-gym-env/pyproject.toml | python-dotenv lower bound raised to >=1.2.2 and langchain-openai lower bound raised to >=1.1.14; routine patch-level updates with no API changes affecting this package. |\n| packages/benchmarks/solana/solana-gym-env/uv.lock | Lock file updated to reflect resolved versions of python-dotenv 1.2.2 and langchain-openai 1.1.15. |\n| packages/python/uv.lock | Lock file updated to resolve python-dotenv to 1.2.2 from 1.2.1. |\n\n\n\n

Flowchart

\n\n```mermaid\n%%{init: {'theme': 'neutral'}}%%\nflowchart TD\n A[dependabot bump] --> B[python-dotenv]\n A --> C[pypdf]\n A --> D[langchain-openai]\n\n B --> B1[\"OSWorld/monitor/requirements.txt\\n0.21.1 → 1.2.2\"]\n B --> B2[\"OSWorld/pyproject.toml\\nunpinned, resolved 1.2.2\"]\n B --> B3[\"solana-gym-env/pyproject.toml\\n>=1.2.2\"]\n B --> B4[\"packages/python/uv.lock\\n1.2.1 → 1.2.2\"]\n\n C --> C1[\"OSWorld/pyproject.toml\\n6.10.0 → 6.10.2 (SEC fixes)\"]\n\n D --> D1[\"solana-gym-env/pyproject.toml\\n1.1.12 → 1.1.15 (patch)\"]\n```\n\nReviews (1): Last reviewed commit: [\"chore(deps): bump the uv group across 4 ...\"](https://github.com/elizaos/eliza/commit/e42418b148ca17ea80ec5dc2b9e03ca4b423655e) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=29138169)\n\n", "repository": "elizaos/eliza", "createdAt": "2026-04-21T14:51:51Z", "mergedAt": "2026-04-22T01:38:52Z", "additions": 62, "deletions": 62 } ], "codeChanges": { "additions": 8798, "deletions": 2506, "files": 88, "commitCount": 329 }, "completedItems": [ { "title": "fix(deps): update dependency @elizaos/core - autoclosed", "prNumber": 6950, "type": "bugfix", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| @​elizaos/core | [`2.0.0-alpha.3`", "files": [ "packages/app-core/deploy/cloud-agent-template/package.json", "packages/benchmarks/configbench/package.json" ] }, { "title": "chore(deps): update dependency vitest to v3.2.4", "prNumber": 6982, "type": "tests", "body": "> ℹ️ **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-con", "files": [ "packages/benchmarks/configbench/package.json", "plugins/plugin-calendly/package.json", "plugins/plugin-github/package.json" ] }, { "title": "chore(deps): update dependency typedoc-plugin-markdown to v4.11.0", "prNumber": 6981, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [typedoc-plugin-markdown](https://typed", "files": [ "package.json" ] }, { "title": "chore(deps): update dependency typedoc to v0.28.19", "prNumber": 6980, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [typedoc](https://typedoc.org) ([source", "files": [ "package.json" ] }, { "title": "chore(deps): update dependency tsup to v8.5.1", "prNumber": 6979, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [tsup](https://tsup.egoist.dev/) ([sour", "files": [ "plugins/plugin-calendly/package.json", "plugins/plugin-github/package.json" ] }, { "title": "feat(core): PROMPT_OUTPUT_FORMAT env var for dynamicPromptExecFromState", "prNumber": 6978, "type": "feature", "body": "## Motivation\n\n`dynamicPromptExecFromState` defaults to TOON encapsulation, which is optimal for models trained/tuned to emit it reliably (Claude). Models like **Gemini 2.5 Pro** or **Llama via Ollama** tend to produce TOON inconsistently —", "files": [ "packages/typescript/src/__tests__/resolve-default-output-format.test.ts", "packages/typescript/src/runtime.ts" ] }, { "title": "chore(deps): update dependency pynput to ~=1.8.1", "prNumber": 6976, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [pynput](https://redirect.github.com/mo", "files": [ "packages/benchmarks/OSWorld/requirements.txt", "packages/benchmarks/OSWorld/setup.py" ] }, { "title": "chore(deps): update dependency opencv-python-headless to ~=4.13.0.92", "prNumber": 6975, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [opencv-python-headless](https://redire", "files": [ "packages/benchmarks/OSWorld/requirements.txt", "packages/benchmarks/OSWorld/setup.py" ] }, { "title": "chore(deps): update dependency is-core-module to v2.16.1", "prNumber": 6974, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [is-core-module](https://redirect.githu", "files": [ "package.json" ] }, { "title": "chore(deps): update dependency bun to v1.3.13", "prNumber": 6973, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [bun](https://bun.com) ([source](https:", "files": [ ".github/workflows/ci.yaml", ".github/workflows/jsdoc-automation.yml", ".github/workflows/multi-lang-tests.yaml", ".github/workflows/publish-next-prerelease.yaml", ".github/workflows/release.yaml" ] }, { "title": "Shaw/scenario final checks fix", "prNumber": 6972, "type": "bugfix", "body": "fixes\n\n\n\n

Greptile Summary

\n\nThis PR bundles several fixes: restoring scenario final-check handlers with tighter channel/action matching logic, wiring `installTaskHeartbeat` into swarm synthesis, adding a Duf", "files": [ "packages/agent/src/api/__tests__/duffel-relay-routes.test.ts", "packages/agent/src/api/duffel-relay-routes.ts", "packages/agent/src/api/server.ts", "packages/app-core/deploy/Dockerfile.cloud", "packages/app-core/deploy/cloud-agent-template/package.json", "packages/app-core/packaging/inno/build-inno.ps1", "packages/app-core/platforms/electrobun/scripts/smoke-test-windows.ps1", "packages/app-core/platforms/electrobun/scripts/smoke-test.sh", "packages/app-core/platforms/electrobun/scripts/stage-macos-release-artifacts.sh", "packages/app-core/platforms/electrobun/scripts/verify-windows-installer-proof.ps1", "packages/app-core/scripts/desktop-build.mjs", "packages/app-core/scripts/lib/patch-bun-exports.mjs", "packages/app-core/scripts/patch-deps.mjs", "packages/app-core/scripts/release-check.ts", "packages/scenario-runner/src/final-checks/index.ts", "packages/typescript/build.ts", "plugins/plugin-solana" ] }, { "title": "chore(deps): update dependency ag2 to ~=0.12.0", "prNumber": 6970, "type": "other", "body": "> ℹ️ **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-con", "files": [ "packages/benchmarks/OSWorld/requirements.txt", "packages/benchmarks/OSWorld/setup.py" ] }, { "title": "chore(deps): update dependency @uniswap/v4-sdk to v1.30.0", "prNumber": 6969, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@uniswap/v4-sdk](https://redirect.gith", "files": [ "package.json" ] }, { "title": "fix(inmemory-adapter): sort getMemories desc to match plugin-sql", "prNumber": 7000, "type": "bugfix", "body": "## Summary\n\n- `InMemoryDatabaseAdapter.getMemories` returned insertion order (effectively oldest-first), diverging from `plugin-sql`'s `MemoryStore.get` which sorts `desc(createdAt), desc(id)`.\n- With `count: N`, the in-memory adapter retur", "files": [ "packages/typescript/src/__tests__/history-compaction.test.ts", "packages/typescript/src/database/inMemoryAdapter.ts" ] }, { "title": "chore(deps): update dependency python-dotenv to v0.21.1", "prNumber": 6993, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [python-dotenv](https://redirect.github", "files": [ "packages/benchmarks/OSWorld/monitor/requirements.txt" ] }, { "title": "chore(deps): update dependency pandas to ~=2.3.3", "prNumber": 6992, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [pandas](https://redirect.github.com/pa", "files": [ "packages/benchmarks/OSWorld/requirements.txt" ] }, { "title": "chore(deps): update dependency tqdm to ~=4.66.3 [security]", "prNumber": 6991, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [tqdm](https://redirect.github.com/tqdm", "files": [ "packages/benchmarks/OSWorld/requirements.txt" ] }, { "title": "chore(deps): update dependency vitest to v3.0.5 [security]", "prNumber": 6990, "type": "tests", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [vitest](https://vitest.dev) ([source](", "files": [ "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps-dev): bump vitest from 3.0.2 to 3.0.5 in /packages/app-core/test/contracts/lib/openzeppelin-contracts in the npm_and_yarn group across 1 directory", "prNumber": 6989, "type": "tests", "body": "Bumps the npm_and_yarn group with 1 update in the /plugins/plugin-app-control/typescript directory: [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest).\n\nUpdates `vitest` from 3.0.2 to 3.0.5\n
\nRelease n", "files": [ "packages/app-core/test/contracts/lib/openzeppelin-contracts/package-lock.json", "packages/app-core/test/contracts/lib/openzeppelin-contracts/package.json", "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps): update dependency @types/node to v22.19.17", "prNumber": 6988, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [@types/node](https://redirect.github.c", "files": [ "plugins/plugin-app-control/typescript/package.json" ] }, { "title": "chore(deps): update dependency lerna to v9.0.7", "prNumber": 6987, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|\n| [lerna](https://lerna.js.org) ([source]", "files": [ "package.json" ] }, { "title": "chore(deps): update rust crate tokio to v1.52.1", "prNumber": 6986, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [tokio](https://tokio.rs) ([source](https://redirect.github.com/tokio-rs/tokio)) | dev-dependencies | minor | `1.49.0` → `1.52.1` |\n| [tokio](", "files": [ "packages/rust/Cargo.lock" ] }, { "title": "chore(deps): update rust crate reqwest to 0.13", "prNumber": 6985, "type": "other", "body": "This PR contains the following updates:\n\n| Package | Type | Update | Change |\n|---|---|---|---|\n| [reqwest](https://redirect.github.com/seanmonstar/reqwest) | workspace.dependencies | minor | `0.11` → `0.13` |\n\n---\n\n> [!WARNING]\n> Some depe", "files": [ "packages/benchmarks/HyperliquidBench/Cargo.toml" ] }, { "title": "fix: aligns TypeScript typecheck across lifeops, agent, app-core, and shared, and folds the phone-companion surface ", "prNumber": 6984, "type": "bugfix", "body": "\n> [!NOTE]\n> **Medium Risk**\n> Adds several new LifeOps actions and new calendar/scheduling behaviors (bulk reschedule preview, travel-time buffers, trigger scheduling), plus a new Safari extension smoke-test harness;", "files": [ ".github/workflows/claude-code-review.yml", ".github/workflows/claude-security-review.yml", ".github/workflows/claude.yml", ".github/workflows/docs-ci.yml", ".github/workflows/skill-review.yml", ".github/workflows/weekly-maintenance.yml", ".prr/lessons.md", "apps/app-form/src/tests/toon-integration.live.test.ts", "apps/app-lifeops/extensions/lifeops-browser/entrypoints/background.ts", "apps/app-lifeops/extensions/lifeops-browser/package.json", "apps/app-lifeops/extensions/lifeops-browser/scripts/extension-smoke-safari.mjs", "apps/app-lifeops/extensions/lifeops-browser/scripts/extension-smoke-safari.test.ts", "apps/app-lifeops/package.json", "apps/app-lifeops/src/actions/approval.ts", "apps/app-lifeops/src/actions/book-travel.ts", "apps/app-lifeops/src/actions/calendar.ts", "apps/app-lifeops/src/actions/chat-thread-control.ts", "apps/app-lifeops/src/actions/checkin.ts", "apps/app-lifeops/src/actions/cross-platform-gateway.ts", "apps/app-lifeops/src/actions/gmail.ts", "apps/app-lifeops/src/actions/inbox.ts", "apps/app-lifeops/src/actions/life.extractor.ts", "apps/app-lifeops/src/actions/life.ts", "apps/app-lifeops/src/actions/owner-calendar.ts", "apps/app-lifeops/src/actions/owner-screen-time.ts", "apps/app-lifeops/src/actions/schedule-x-dm-reply.ts", "apps/app-lifeops/src/actions/scheduled-trigger-task.ts", "apps/app-lifeops/src/actions/scheduling.ts", "apps/app-lifeops/src/actions/screen-time.ts", "apps/app-lifeops/src/actions/timezone-normalization.ts", "apps/app-lifeops/src/actions/twilio-call.ts", "apps/app-lifeops/src/actions/x-read.ts", "apps/app-lifeops/src/api/client-lifeops.ts", "apps/app-lifeops/src/components/LifeOpsBrowserSetupPanel.tsx", "apps/app-lifeops/src/components/LifeOpsOperationalPanels.tsx", "apps/app-lifeops/src/components/LifeOpsPageView.tsx", "apps/app-lifeops/src/components/LifeOpsSettingsSection.tsx", "apps/app-lifeops/src/components/LifeOpsWorkspaceView.tsx", "apps/app-lifeops/src/components/MobileSignalsSetupCard.tsx", "apps/app-lifeops/src/components/chat/widgets/plugins/lifeops-overview.tsx", "apps/app-lifeops/src/components/chat/widgets/plugins/lifeops.tsx", "apps/app-lifeops/src/hooks/index.ts", "apps/app-lifeops/src/hooks/useLifeOpsActivitySignals.ts", "apps/app-lifeops/src/hooks/useLifeOpsOperationalPanels.test.ts", "apps/app-lifeops/src/hooks/useLifeOpsScheduleState.ts", "apps/app-lifeops/src/hooks/useLifeOpsStretchReminder.ts", "apps/app-lifeops/src/hooks/useLifeOpsXConnector.ts", "apps/app-lifeops/src/hooks/useTelegramConnector.ts", "apps/app-lifeops/src/lifeops/checkin/__tests__/checkin-service.test.ts", "apps/app-lifeops/src/lifeops/checkin/checkin-service.ts" ] } ], "topContributors": [ { "username": "0xSolace", "avatarUrl": "https://avatars.githubusercontent.com/u/257989456?u=e0d4e0c6385403319241eb46ba647b49083d4a05&v=4", "totalScore": 104.57888958663045, "prScore": 104.23888958663045, "issueScore": 0, "reviewScore": 0, "commentScore": 0.33999999999999997, "summary": null }, { "username": "odilitime", "avatarUrl": "https://avatars.githubusercontent.com/u/16395496?u=c9bac48e632aae594a0d85aaf9e9c9c69b674d8b&v=4", "totalScore": 59.5437738965761, "prScore": 59.5437738965761, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "standujar", "avatarUrl": "https://avatars.githubusercontent.com/u/16385918?u=718bdcd1585be8447bdfffb8c11ce249baa7532d&v=4", "totalScore": 31.908754779315217, "prScore": 31.908754779315217, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "RemilioNubilio", "avatarUrl": "https://avatars.githubusercontent.com/u/275382225?u=b1501ee01bb54e5b31ca64895f2a07c69f554a37&v=4", "totalScore": 30.498785971816506, "prScore": 30.498785971816506, "issueScore": 0, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "greptile-apps", "avatarUrl": "https://avatars.githubusercontent.com/in/867647?v=4", "totalScore": 13.5, "prScore": 0, "issueScore": 0, "reviewScore": 13.5, "commentScore": 0, "summary": null }, { "username": "teodorofodocrispin-cmyk", "avatarUrl": "https://avatars.githubusercontent.com/u/271404169?v=4", "totalScore": 4, "prScore": 0, "issueScore": 4, "reviewScore": 0, "commentScore": 0, "summary": null }, { "username": "lalalune", "avatarUrl": "https://avatars.githubusercontent.com/u/18633264?u=e2e906c3712c2506ebfa98df01c2cfdc50050b30&v=4", "totalScore": 0.33999999999999997, "prScore": 0, "issueScore": 0, "reviewScore": 0, "commentScore": 0.33999999999999997, "summary": null } ], "newPRs": 23, "mergedPRs": 24, "newIssues": 1, "closedIssues": 2, "activeContributors": 10 }