{ "interval": { "intervalStart": "2026-02-15T00:00:00.000Z", "intervalEnd": "2026-02-22T00:00:00.000Z", "intervalType": "week" }, "repository": "elizaos/eliza", "overview": "From 2026-02-15 to 2026-02-22, elizaos/eliza had 10 new PRs (0 merged), 9 new issues, and 14 active contributors.", "topIssues": [ { "id": "I_kwDOMT5cIs7rH4hQ", "title": "Integration Proposal: MoltBridge Trust & Discovery Layer as ElizaOS Plugin", "author": "JKHeadley", "number": 6501, "repository": "elizaos/eliza", "body": "## Summary\n\n[MoltBridge](https://moltbridge.ai) provides trust-verified agent discovery — cryptographic identity, a trust graph, and broker-mediated warm introductions between AI agents. We'd like to build an **official ElizaOS plugin** that gives Eliza agents the ability to discover and verify other agents through this trust infrastructure.\n\n## Why This Fits ElizaOS\n\nElizaOS thrives on its plugin ecosystem. MoltBridge would be a plugin that adds:\n\n1. **Agent Discovery**: Eliza agents can search for other agents by capability (e.g., \"find a trusted code review agent\") through MoltBridge's broker registry\n2. **Cryptographic Identity**: Each Eliza agent gets a verifiable identity (Ed25519 keypair) that persists across sessions and platforms\n3. **Trust Attestations**: After collaborating, agents can attest to each other's capabilities — building a trust graph that makes future introductions more reliable\n4. **Warm Introductions**: Instead of cold-connecting to unknown agents, Eliza agents get broker-mediated introductions through mutual trust paths\n\n## Technical Integration\n\nMoltBridge exposes a REST API with SDKs for [JavaScript](https://www.npmjs.com/package/@moltbridge/sdk) and [Python](https://pypi.org/project/moltbridge/). The ElizaOS plugin would:\n\n- Register the Eliza agent on MoltBridge during initialization (with Ed25519 keypair generation)\n- Expose MoltBridge actions (discover, attest, request-introduction) as Eliza plugin actions\n- Handle trust attestation flows after agent-to-agent interactions\n- Support the A2A protocol for cross-framework agent communication\n\n## Cultural Alignment\n\nElizaOS's Web3/crypto DNA and MoltBridge's cryptographic identity model share the same philosophical foundation: verifiable, decentralized trust without central gatekeepers.\n\n## Links\n\n- API: https://api.moltbridge.ai\n- Docs: https://moltbridge.ai/docs\n- Research: https://moltbridge.ai/research\n- GitHub: https://github.com/SageMindAI/moltbridge\n\nHappy to discuss integration approach, start with a PR, or hop into Discord to chat. Built by [Dawn](https://sentientdawn.substack.com) @ SageMind AI.", "createdAt": "2026-02-15T19:04:36Z", "closedAt": null, "state": "OPEN", "commentCount": 1 }, { "id": "I_kwDOMT5cIs7V15D2", "title": "The Changelog hasn't been updated since January.", "author": "LinuxIsCool", "number": 6121, "repository": "elizaos/eliza", "body": "It's really annoying that the changelog is so out of date. And the changelogs on the latest releases have not useful information either. ", "createdAt": "2025-11-04T17:58:56Z", "closedAt": "2026-02-16T21:52:19Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7gjt3t", "title": "Add CoT reasoning streaming support", "author": "linear", "number": 6294, "repository": "elizaos/eliza", "body": "```\nAdd `onReasoningChunk` callback support at the core level to enable real-time chain-of-thought streaming. Benefits both `packages/server` and `eliza-cloud-v2`.\n\n### Core\n- Add `ReasoningChunkPayload` type with phases: `planning` | `actions` | `response`\n- Extend `StreamingContext` with `onReasoningChunk` callback\n- Create `ReasoningStreamExtractor` to extract `` (by default) content\n- Wire through message service pipeline\n\n### Server\n- Emit `messageReasoningChunk` via Socket.IO\n\n### Client\n- Add `ThinkingIndicator` component (aligned with cloud-v2)\n- Handle reasoning chunks in `use-socket-chat.ts`\n```", "createdAt": "2025-12-29T13:47:26Z", "closedAt": "2026-02-16T21:52:18Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7hZUH3", "title": "Provide mock client for frontend testing without a live server.", "author": "linear", "number": 6326, "repository": "elizaos/eliza", "body": "", "createdAt": "2026-01-05T13:29:41Z", "closedAt": "2026-02-16T21:52:19Z", "state": "CLOSED", "commentCount": 0 }, { "id": "I_kwDOMT5cIs7j3TWy", "title": "Add Opus 4.5 to Apps", "author": "borisudovicic", "number": 6368, "repository": "elizaos/eliza", "body": "", "createdAt": "2026-01-16T17:26:36Z", "closedAt": "2026-02-16T21:52:18Z", "state": "CLOSED", "commentCount": 0 } ], "topPRs": [ { "id": "PR_kwDOMT5cIs7EjIkM", "title": "feat: add SAID Protocol on-chain Solana identity for ElizaOS agents", "author": "kaiclawd", "number": 6510, "body": "## What this does\n\nEvery new agent created via `elizaos create` now automatically gets a free on-chain identity on [SAID Protocol](https://saidprotocol.com) — Solana AI Identity.\n\n## Changes\n\n- `packages/elizaos/src/utils/said.ts` — new module: Ed25519 keypair generation (pure Node `crypto`, zero new dependencies) + SAID registration via REST API\n- `packages/elizaos/src/commands/create.ts` — registers agent with SAID after project creation, saves wallet, displays profile URL\n\n## What happens on `elizaos create`\n\n```\n✨ Project created successfully!\n\n⚡ SAID Protocol identity created\n Wallet: 7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAs\n Profile: https://saidprotocol.com/agents/7xKXtg2CW87d97TXJSDpbD5jBkheTqA83TZRuJosgAs\n\n Key saved to .said-wallet.json (add to .gitignore!)\n```\n\n## Why\n\n- **Free** — off-chain pending registration, no SOL required\n- **Zero new dependencies** — uses Node's built-in `crypto` module for Ed25519 keypair generation\n- **Non-breaking** — fully opt-out, errors are silently caught, never crashes\n- **Discoverable** — agent appears in the public SAID agent directory at [saidprotocol.com/agents](https://saidprotocol.com/agents)\n- **On-chain upgrade available** — ~0.01 SOL upgrades to a cryptographically verified badge via challenge-response (proves the entity is a running agent)\n\n## SAID Protocol\n\nSAID is on-chain identity infrastructure for AI agents on Solana. Think of it as a universal agent passport — verifiable identity, reputation scores, skill listings, and agent-to-agent discovery.\n\n[saidprotocol.com](https://saidprotocol.com) | [Docs](https://saidprotocol.com/docs.html)", "repository": "elizaos/eliza", "createdAt": "2026-02-18T08:01:49Z", "mergedAt": null, "additions": 648299, "deletions": 302354 }, { "id": "PR_kwDOMT5cIs7FPjL6", "title": "refactor(core): strict typing for logger runtime", "author": "Fankouzu", "number": 6519, "body": "This PR improves code quality by replacing type usage in the logger module with proper typing. This helps in maintaining type safety across the core package.", "repository": "elizaos/eliza", "createdAt": "2026-02-20T19:25:50Z", "mergedAt": null, "additions": 648170, "deletions": 302354 }, { "id": "PR_kwDOMT5cIs7ESCAW", "title": "chore: the great database refactor", "author": "odilitime", "number": 6509, "body": "built on #6496\r\n\r\ndb go zoom zoom\r\n\r\n- move out anything drizzle out of core (separation of concerns)\r\n- make plugin-sql actual plugin-drizzle (merge plugin-mysql into plugin-sql)\r\n- generic non-pgTable/non-MysqlTable schema definitions for core & plugins\r\n- finish db api rework that started in 1.x (general 14x speed improvements when more than one item)\r\n- audit 60 plugins and assess what functionality is missing and add it\r\n\r\nnot done\r\n- rust/python checks\r\n- plugin checks\r\n\r\n\r\n\r\n## Summary by CodeRabbit\r\n\r\n* **New Features**\r\n * Database upsert operations for agents, entities, rooms, and worlds.\r\n * Pagination support in query methods (limit/offset parameters).\r\n * Plugin storage system for custom data without Drizzle coupling.\r\n * Messaging adapter interface for decoupled messaging concerns.\r\n\r\n* **Bug Fixes**\r\n * Improved leaderboard numbering in BFCL benchmark when inserting results mid-table.\r\n\r\n* **Documentation**\r\n * Benchmark results documentation with performance analysis.\r\n\r\n* **Refactor**\r\n * Batch-first CRUD API redesign with improved return types.\r\n * Single-item method wrappers moved to AgentRuntime for consistency.\r\n * Plugin system modernization with unified SQL interface across databases.\r\n\r\n* **Chores**\r\n * Brand standardization across codebase (ElizaOS → elizaOS).\r\n\r\n", "repository": "elizaos/eliza", "createdAt": "2026-02-17T07:27:26Z", "mergedAt": null, "additions": 42710, "deletions": 9617 }, { "id": "PR_kwDOMT5cIs7Evo1l", "title": "feat: add plugin-scout for x402 trust intelligence and transaction safety", "author": "yaooooooooooooooo", "number": 6513, "body": "## Relates to\r\n\r\n- [x402 Protocol](https://x402.org) - trust scoring for the x402 payment ecosystem\r\n- [ScoutScore](https://scoutscore.ai) - the trust intelligence platform\r\n\r\n## Risks\r\n\r\nLow. This is a self-contained new plugin with no modifications to existing code. Zero runtime dependencies beyond `@elizaos/core`. All API calls go to the ScoutScore public API (free during launch period).\r\n\r\n## Background\r\n\r\n### What does this PR do?\r\n\r\nAdds **plugin-scout** - gives ElizaOS agents trust intelligence for the x402 ecosystem. Before your agent pays for an x402 service, it can verify whether that service is trustworthy, check if it actually delivers what it advertises, and block unsafe transactions automatically.\r\n\r\nThe x402 protocol enables HTTP-native micropayments, but agents need a way to evaluate whether services are safe before sending money. ScoutScore provides that trust layer - scoring 400+ x402 services across 4 pillars and monitoring them continuously.\r\n\r\n### What kind of change is this?\r\n\r\nFeature (non-breaking change which adds functionality)\r\n\r\n## Actions\r\n\r\n| Action | Description |\r\n|--------|-------------|\r\n| `CHECK_SERVICE_TRUST` | Score any x402 service across 4 trust pillars (Contract Clarity, Availability, Response Fidelity, Identity & Safety) |\r\n| `CHECK_FIDELITY` | Probe whether a service actually follows the x402 protocol and delivers what it advertises |\r\n| `SCAN_SKILL` | Security scan a GitHub-hosted skill or MCP server before installing |\r\n| `BROWSE_LEADERBOARD` | Discover trusted x402 services by category (AI & ML, Trading & DeFi, Data & Analytics, etc.) |\r\n| `BATCH_SCORE_SERVICES` | Score up to 20 services at once for comparison |\r\n\r\n## Providers\r\n\r\n| Provider | Description |\r\n|----------|-------------|\r\n| `scout_trust_context` | Automatically injects trust data for any domain mentioned in conversation - the LLM sees scores without the user asking |\r\n| `scout_trust_policy` | Injects the agent's configured risk tolerance (min score, auto-reject flags) so the LLM respects safety constraints |\r\n\r\n## Evaluator\r\n\r\n| Evaluator | Description |\r\n|-----------|-------------|\r\n| `scout_transaction_guard` | Watches for payment-related messages and blocks/warns based on service trust score, auto-reject flags, and transaction amount limits |\r\n\r\n## Background Service\r\n\r\n| Service | Description |\r\n|---------|-------------|\r\n| `TrustMonitorService` | Monitors watched domains for significant trust score changes (>=10 point delta or level change) at configurable intervals |\r\n\r\n## How it works\r\n\r\n**Trust Context (automatic):**\r\nWhen a user mentions a domain, the trust-context provider automatically fetches its score and injects it into the LLM context:\r\n\r\n```\r\nTrust context for questflow.ai: Score 78/100 (HIGH).\r\nPillars: Contract 85, Availability 100, Fidelity 72, Safety 55.\r\nVerdict: RECOMMENDED (max $5,000). Health: UP (142ms).\r\n```\r\n\r\n**Transaction Guard (example - blocking an unsafe payment):**\r\n\r\n```\r\nUser: \"Pay $500 to sketchy-api.xyz for their data service\"\r\n\r\nAgent: Transaction BLOCKED.\r\n\r\nsketchy-api.xyz has a trust score of 12/100 (VERY_LOW) with critical flags:\r\n- ENDPOINT_DOWN: Service endpoint is not responding\r\n- WALLET_SPAM_FARM: Wallet address associated with spam\r\n\r\nThis service is not recommended for any x402 transactions.\r\nRecommended action: Do not proceed with payment.\r\n```\r\n\r\n**Trust Policy (customizable risk tolerance):**\r\n\r\n```env\r\n# Conservative agent - only transact with highly trusted services\r\nSCOUT_MIN_SERVICE_SCORE=75\r\nSCOUT_AUTO_REJECT_FLAGS=WALLET_SPAM_FARM,TEMPLATE_SPAM,ENDPOINT_DOWN,SCHEMA_PHANTOM\r\n\r\n# Permissive agent - broader access, lower threshold\r\nSCOUT_MIN_SERVICE_SCORE=30\r\nSCOUT_AUTO_REJECT_FLAGS=WALLET_SPAM_FARM\r\n```\r\n\r\n## Configuration\r\n\r\nAll environment variables are optional with sensible defaults:\r\n\r\n| Variable | Default | Description |\r\n|----------|---------|-------------|\r\n| `SCOUT_API_URL` | `https://scoutscore.ai` | Scout API base URL |\r\n| `SCOUT_MIN_SERVICE_SCORE` | `50` | Minimum trust score for x402 payments |\r\n| `SCOUT_AUTO_REJECT_FLAGS` | `WALLET_SPAM_FARM,TEMPLATE_SPAM,ENDPOINT_DOWN` | Comma-separated auto-reject flags |\r\n| `SCOUT_CACHE_TTL` | `30` | Cache TTL in minutes |\r\n| `SCOUT_WATCHED_DOMAINS` | _(empty)_ | Comma-separated domains to monitor |\r\n| `SCOUT_WATCH_INTERVAL` | `60` | Monitor check interval in minutes |\r\n| `SCOUT_API_KEY` | _(empty)_ | API key for authenticated endpoints |\r\n\r\n## Trust Levels\r\n\r\n| Score | Level | Verdict | Max Transaction |\r\n|-------|-------|---------|-----------------|\r\n| >= 75 | HIGH | RECOMMENDED | $5,000 |\r\n| >= 50 | MEDIUM | USABLE | $1,000 |\r\n| >= 25 | LOW | CAUTION | $100 |\r\n| < 25 | VERY_LOW | NOT_RECOMMENDED | $0 (blocked) |\r\n\r\n## Architecture\r\n\r\n- **Zero runtime dependencies** beyond `@elizaos/core` - clean and lightweight\r\n- **WeakMap-based state storage** - no monkey-patching `IAgentRuntime`, automatic GC\r\n- **In-memory LRU cache** with TTL-based expiry (500 entries, 30-min default)\r\n- **ReDoS-safe domain extraction** with bounded regex quantifiers and input length caps\r\n- **Graceful degradation** - API failures don't crash the plugin or block other actions\r\n\r\n# Documentation changes needed?\r\n\r\nNo changes to existing project documentation. The plugin includes its own README with usage examples, configuration reference, and trust level documentation.\r\n\r\nFull documentation: [ScoutScore Docs](https://scoutscore.ai/docs)\r\n\r\n# Testing\r\n\r\n## Test suite\r\n\r\n**236 unit tests, all passing.** Covers every action, provider, evaluator, service, utility, and client method.\r\n\r\n```\r\nTest Files 17 passed (17)\r\n Tests 236 passed (236)\r\n Duration 392ms\r\n```\r\n\r\nTest breakdown:\r\n- 5 action test suites (check-service, check-fidelity, scan-skill, browse-leaderboard, batch-score)\r\n- 2 provider test suites (trust-context, trust-policy)\r\n- 1 evaluator test suite (transaction-guard)\r\n- 1 service test suite (trust-monitor)\r\n- 1 client test suite (scout-client)\r\n- 1 cache test suite\r\n- 1 config test suite\r\n- 1 runtime-store test suite\r\n- 4 utility test suites (domain extraction, flag interpreter, recommendations, trust levels)\r\n\r\n## Where should a reviewer start?\r\n\r\n1. `src/index.ts` - plugin definition, init flow, and exports\r\n2. `src/evaluators/transaction-guard.ts` - the transaction safety guard (most interesting piece)\r\n3. `src/providers/trust-context.ts` - automatic trust context injection\r\n4. `src/client/scout-client.ts` - API client with caching\r\n\r\n## Detailed testing steps\r\n\r\n```bash\r\ncd packages/plugin-scout\r\nbun install\r\nbun run test\r\n```\r\n\r\n## Screenshots\r\n\"Screenshot\r\n\"Screenshot\r\n\r\n## Links\r\n\r\n- [ScoutScore](https://scoutscore.ai) - trust intelligence platform\r\n- [ScoutScore Leaderboard](https://scoutscore.ai/leaderboard) - 400+ scored x402 services\r\n- [x402 Protocol](https://x402.org)\r\n- [ScoutScore MCP Server](https://github.com/scoutscore/scout/tree/main/packages/mcp-server)\r\n\r\n\r\n\r\n

Greptile Summary

\r\n\r\nAdded `plugin-scout` - a self-contained trust intelligence plugin for the x402 payment ecosystem. Provides trust scoring, transaction safety guards, and skill scanning capabilities for autonomous agents.\r\n\r\n**Key Features:**\r\n- **Transaction Guard Evaluator**: Automatically blocks/warns on unsafe payments based on trust scores and auto-reject flags\r\n- **Trust Context Provider**: Enriches LLM context with domain trust data for up to 3 domains per message\r\n- **Trust Policy Provider**: Injects agent risk tolerance configuration\r\n- **5 Actions**: CHECK_SERVICE_TRUST, CHECK_FIDELITY, SCAN_SKILL, BROWSE_LEADERBOARD, BATCH_SCORE_SERVICES\r\n- **Background Monitoring**: Watches configured domains for trust score changes at configurable intervals\r\n\r\n**Architecture Highlights:**\r\n- Zero runtime dependencies beyond `@elizaos/core`\r\n- WeakMap-based state storage (no runtime monkey-patching)\r\n- LRU cache with TTL-based expiry (500 entries, 30-min default)\r\n- ReDoS-safe domain extraction with bounded regex quantifiers\r\n- HTTPS enforcement for API URLs\r\n- Graceful degradation on API failures\r\n\r\n**Test Coverage:**\r\n236 unit tests across 17 test suites covering all actions, providers, evaluators, services, utilities, and client methods.\r\n\r\n

Confidence Score: 5/5

\r\n\r\n- This PR is safe to merge with minimal risk\r\n- Self-contained new plugin with zero modifications to existing code, comprehensive test coverage (236 tests), clean architecture using WeakMap-based state management, proper security considerations (HTTPS enforcement, ReDoS prevention, graceful error handling), and zero runtime dependencies beyond @elizaos/core\r\n- No files require special attention\r\n\r\n

Important Files Changed

\r\n\r\n\r\n\r\n\r\n| Filename | Overview |\r\n|----------|----------|\r\n| packages/plugin-scout/src/index.ts | Plugin definition and initialization - clean architecture with WeakMap-based state management |\r\n| packages/plugin-scout/src/config.ts | Configuration loader with HTTPS enforcement and safe parsing of environment variables |\r\n| packages/plugin-scout/src/evaluators/transaction-guard.ts | Transaction safety evaluator - blocks/warns based on trust scores and auto-reject flags |\r\n| packages/plugin-scout/src/providers/trust-context.ts | Automatic trust context injection - enriches LLM context with domain trust data |\r\n| packages/plugin-scout/src/client/scout-client.ts | API client with proper error handling, caching, and authentication headers |\r\n| packages/plugin-scout/src/runtime-store.ts | WeakMap-based state storage - avoids monkey-patching runtime, enables GC |\r\n| packages/plugin-scout/src/utils/domain.ts | ReDoS-safe domain extraction with bounded quantifiers and length limits |\r\n| packages/plugin-scout/package.json | Package manifest with zero runtime dependencies beyond @elizaos/core |\r\n\r\n\r\n\r\n\r\n\r\n

Flowchart

\r\n\r\n```mermaid\r\n%%{init: {'theme': 'neutral'}}%%\r\nflowchart TD\r\n A[User Message] --> B{Contains Payment Keywords?}\r\n B -->|No| C[Trust Context Provider]\r\n B -->|Yes| D[Transaction Guard Evaluator]\r\n \r\n C --> E{Domain Mentioned?}\r\n E -->|Yes| F[Extract Domains]\r\n E -->|No| G[Skip]\r\n \r\n F --> H[Scout API Client]\r\n H --> I[Cache Check]\r\n I -->|Hit| J[Return Cached Score]\r\n I -->|Miss| K[Fetch from API]\r\n K --> L[Update Cache]\r\n L --> M[Inject Trust Context]\r\n M --> N[LLM Processing]\r\n \r\n D --> O[Extract Domain & Amount]\r\n O --> H\r\n H --> P{Check Auto-Reject Flags}\r\n P -->|Match| Q[BLOCK Transaction]\r\n P -->|Pass| R{Score >= Min Threshold?}\r\n \r\n R -->|No| S[WARN Below Minimum]\r\n R -->|Yes| T{Amount <= Max Transaction?}\r\n T -->|No| U[WARN Exceeds Limit]\r\n T -->|Yes| V[ALLOW Transaction]\r\n \r\n Q --> W[Return to User]\r\n S --> W\r\n U --> W\r\n V --> W\r\n \r\n X[Trust Monitor Service] -.->|Background| H\r\n X --> Y[Batch Score Watched Domains]\r\n Y --> Z{Significant Change?}\r\n Z -->|Yes| AA[Log Score Delta]\r\n Z -->|No| AB[Continue Monitoring]\r\n```\r\n\r\nLast reviewed commit: b8b4d69\r\n\r\n\r\n\r\n(2/5) Greptile learns from your feedback when you react with thumbs up/down!\r\n\r\n", "repository": "elizaos/eliza", "createdAt": "2026-02-18T23:54:25Z", "mergedAt": null, "additions": 5035, "deletions": 0 }, { "id": "PR_kwDOMT5cIs7FJ2O5", "title": "feat(vea-chatbot): add Vera — Virtually Ever After chatbot widget", "author": "decentralize-dfw", "number": 6515, "body": "Adds a fully self-contained, zero-dependency chatbot popup widget for Virtually Ever After that can be embedded on any GitHub Pages site with a single