@elizaos/agent 2.0.3-beta.2 → 2.0.3-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (381) hide show
  1. package/__tests__/view-user-journeys.d.ts.map +1 -1
  2. package/__tests__/view-user-journeys.js +52 -41
  3. package/actions/context-signal.d.ts +2 -2
  4. package/actions/files.d.ts +9 -0
  5. package/actions/files.d.ts.map +1 -0
  6. package/actions/files.js +183 -0
  7. package/actions/index.d.ts +17 -17
  8. package/api/accounts-routes.d.ts +1 -1
  9. package/api/accounts-routes.js +1 -1
  10. package/api/agent-admin-routes.d.ts +1 -1
  11. package/api/agent-admin-routes.js +2 -2
  12. package/api/agent-model.d.ts +1 -1
  13. package/api/agent-status-routes.d.ts +1 -3
  14. package/api/agent-status-routes.d.ts.map +1 -1
  15. package/api/agent-status-routes.js +0 -2
  16. package/api/approval-routes.d.ts +38 -0
  17. package/api/approval-routes.d.ts.map +1 -0
  18. package/api/approval-routes.js +223 -0
  19. package/api/background-routes.d.ts +13 -0
  20. package/api/background-routes.d.ts.map +1 -0
  21. package/api/background-routes.js +91 -0
  22. package/api/binance-skill-helpers.d.ts +2 -2
  23. package/api/binance-skill-helpers.js +2 -2
  24. package/api/builtin-views.d.ts.map +1 -1
  25. package/api/builtin-views.js +44 -4
  26. package/api/character-routes.d.ts +1 -1
  27. package/api/chat-augmentation.d.ts.map +1 -1
  28. package/api/chat-augmentation.js +17 -0
  29. package/api/chat-routes.d.ts +29 -2
  30. package/api/chat-routes.d.ts.map +1 -1
  31. package/api/chat-routes.js +76 -1
  32. package/api/commands-routes.d.ts +10 -8
  33. package/api/commands-routes.d.ts.map +1 -1
  34. package/api/commands-routes.js +17 -59
  35. package/api/config-routes.d.ts +1 -1
  36. package/api/config-routes.d.ts.map +1 -1
  37. package/api/config-routes.js +0 -2
  38. package/api/connector-routes.d.ts +1 -1
  39. package/api/conversation-metadata.d.ts +1 -1
  40. package/api/conversation-metadata.d.ts.map +1 -1
  41. package/api/conversation-metadata.js +0 -1
  42. package/api/conversation-routes.d.ts +4 -3
  43. package/api/conversation-routes.d.ts.map +1 -1
  44. package/api/conversation-routes.js +34 -1
  45. package/api/documents-service-loader.d.ts +0 -4
  46. package/api/documents-service-loader.d.ts.map +1 -1
  47. package/api/documents-service-loader.js +0 -2
  48. package/api/files-routes.d.ts +14 -0
  49. package/api/files-routes.d.ts.map +1 -0
  50. package/api/files-routes.js +47 -0
  51. package/api/first-run-routes.d.ts +1 -1
  52. package/api/health-routes.d.ts +2 -2
  53. package/api/index.d.ts +40 -39
  54. package/api/index.d.ts.map +1 -1
  55. package/api/index.js +1 -0
  56. package/api/interactions-routes.d.ts +33 -0
  57. package/api/interactions-routes.d.ts.map +1 -0
  58. package/api/interactions-routes.js +63 -0
  59. package/api/media-runtime.d.ts +2 -1
  60. package/api/media-runtime.d.ts.map +1 -1
  61. package/api/media-runtime.js +64 -7
  62. package/api/media-store.d.ts +36 -0
  63. package/api/media-store.d.ts.map +1 -1
  64. package/api/media-store.js +141 -2
  65. package/api/memory-bounds.d.ts +0 -1
  66. package/api/memory-bounds.d.ts.map +1 -1
  67. package/api/memory-bounds.js +0 -1
  68. package/api/misc-routes.d.ts +1 -1
  69. package/api/model-provider-helpers.d.ts +2 -2
  70. package/api/model-provider-helpers.js +2 -2
  71. package/api/permissions-routes-extra.d.ts +1 -1
  72. package/api/permissions-routes.d.ts +1 -1
  73. package/api/permissions-routes.d.ts.map +1 -1
  74. package/api/permissions-routes.js +8 -7
  75. package/api/plugin-discovery-helpers.d.ts +5 -6
  76. package/api/plugin-discovery-helpers.d.ts.map +1 -1
  77. package/api/plugin-discovery-helpers.js +3 -4
  78. package/api/plugin-runtime-apply.d.ts +2 -2
  79. package/api/plugin-runtime-apply.d.ts.map +1 -1
  80. package/api/plugin-runtime-apply.js +74 -0
  81. package/api/provider-switch-config.d.ts +1 -1
  82. package/api/provider-switch-routes.d.ts +2 -2
  83. package/api/registry-routes.d.ts +1 -1
  84. package/api/registry-service.d.ts +1 -1
  85. package/api/remote-capability-routes.d.ts +2 -2
  86. package/api/remote-capability-routes.d.ts.map +1 -1
  87. package/api/remote-capability-routes.js +19 -0
  88. package/api/server-autonomy-helpers.d.ts +2 -2
  89. package/api/server-helpers-auth.d.ts +10 -0
  90. package/api/server-helpers-auth.d.ts.map +1 -1
  91. package/api/server-helpers-auth.js +16 -210
  92. package/api/server-helpers-config.d.ts +1 -1
  93. package/api/server-helpers-mcp.d.ts +2 -2
  94. package/api/server-helpers-plugin.d.ts +1 -1
  95. package/api/server-helpers-swarm.d.ts +3 -3
  96. package/api/server-helpers-swarm.d.ts.map +1 -1
  97. package/api/server-helpers-swarm.js +15 -5
  98. package/api/server-helpers-wallet.d.ts +1 -1
  99. package/api/server-helpers.d.ts +4 -4
  100. package/api/server-lazy-routes.d.ts +40 -38
  101. package/api/server-lazy-routes.d.ts.map +1 -1
  102. package/api/server-lazy-routes.js +7 -0
  103. package/api/server-route-dispatch.d.ts +2 -2
  104. package/api/server-route-dispatch.d.ts.map +1 -1
  105. package/api/server-route-dispatch.js +7 -0
  106. package/api/server-types.d.ts +9 -7
  107. package/api/server-types.d.ts.map +1 -1
  108. package/api/server.d.ts +19 -19
  109. package/api/server.d.ts.map +1 -1
  110. package/api/server.js +111 -17
  111. package/api/static-file-server.d.ts +2 -2
  112. package/api/static-file-server.js +2 -2
  113. package/api/subscription-routes.d.ts +4 -4
  114. package/api/subscription-routes.js +3 -4
  115. package/api/suggestions-routes.d.ts +1 -1
  116. package/api/suggestions-routes.d.ts.map +1 -1
  117. package/api/suggestions-routes.js +2 -3
  118. package/api/terminal-execution-routing.d.ts +1 -1
  119. package/api/training-service-like.d.ts +1 -1
  120. package/api/trajectory-fallback-routes.d.ts.map +1 -1
  121. package/api/trajectory-fallback-routes.js +21 -1
  122. package/api/update-routes.d.ts +1 -1
  123. package/api/view-registry-types.d.ts +1 -1
  124. package/api/views-registry.d.ts +14 -4
  125. package/api/views-registry.d.ts.map +1 -1
  126. package/api/views-registry.js +107 -72
  127. package/api/views-routes.d.ts +1 -1
  128. package/api/views-routes.d.ts.map +1 -1
  129. package/api/views-routes.js +131 -14
  130. package/api/views-search-index.d.ts +1 -1
  131. package/api/wallet-capability.d.ts +3 -3
  132. package/api/wallet-rpc.d.ts +1 -1
  133. package/api/wallet.d.ts +3 -3
  134. package/api/wallet.d.ts.map +1 -1
  135. package/api/wallet.js +4 -3
  136. package/api/workbench-context.d.ts +1 -1
  137. package/api/workbench-helpers.d.ts +3 -3
  138. package/api/workbench-helpers.js +3 -3
  139. package/api/workbench-routes.d.ts +2 -2
  140. package/api/workbench-vfs-routes.d.ts +1 -1
  141. package/api/ws-event-replay.d.ts +1 -2
  142. package/api/ws-event-replay.d.ts.map +1 -1
  143. package/api/ws-event-replay.js +1 -2
  144. package/api/x-relay-routes.d.ts +2 -2
  145. package/api/x402-route-validation.d.ts +4 -0
  146. package/api/x402-route-validation.d.ts.map +1 -0
  147. package/api/x402-route-validation.js +6 -0
  148. package/assets/view-heroes/background.png +0 -0
  149. package/auth/account-storage.d.ts +1 -1
  150. package/auth/anthropic.d.ts +1 -1
  151. package/auth/credentials.d.ts +2 -2
  152. package/auth/index.d.ts +7 -7
  153. package/auth/oauth-flow.d.ts +2 -2
  154. package/auth/openai-codex.d.ts +1 -1
  155. package/awareness/index.d.ts +1 -1
  156. package/config/config.js +0 -1
  157. package/config/env-vars.d.ts +1 -1
  158. package/config/env-vars.d.ts.map +1 -1
  159. package/config/env-vars.js +0 -1
  160. package/config/index.d.ts +10 -10
  161. package/config/model-metadata.d.ts +1 -1
  162. package/config/owner-contacts.d.ts +1 -1
  163. package/config/schema.d.ts +1 -1
  164. package/hooks/discovery.d.ts +1 -1
  165. package/hooks/eligibility.d.ts +2 -2
  166. package/hooks/index.d.ts +2 -2
  167. package/hooks/loader.d.ts +2 -2
  168. package/hooks/registry.d.ts +1 -1
  169. package/index.d.ts +87 -85
  170. package/index.d.ts.map +1 -1
  171. package/index.js +11 -3
  172. package/package.json +54 -44
  173. package/providers/media-provider.d.ts +1 -1
  174. package/providers/page-scoped-context.d.ts.map +1 -1
  175. package/providers/page-scoped-context.js +1 -70
  176. package/providers/relevant-conversations.d.ts.map +1 -1
  177. package/providers/relevant-conversations.js +8 -9
  178. package/providers/workspace.d.ts +1 -1
  179. package/runtime/actions/web-fetch.d.ts.map +1 -1
  180. package/runtime/actions/web-fetch.js +23 -3
  181. package/runtime/actions/web-search.d.ts +32 -0
  182. package/runtime/actions/web-search.d.ts.map +1 -0
  183. package/runtime/actions/web-search.js +245 -0
  184. package/runtime/advanced-capabilities-config.d.ts +1 -1
  185. package/runtime/boot-telemetry.d.ts +1 -1
  186. package/runtime/conversation-compactor-runtime.d.ts +1 -1
  187. package/runtime/conversation-compactor-runtime.js +1 -1
  188. package/runtime/conversation-compactor.d.ts +1 -1
  189. package/runtime/core-plugins.d.ts.map +1 -1
  190. package/runtime/core-plugins.js +9 -0
  191. package/runtime/custom-actions.d.ts +18 -9
  192. package/runtime/custom-actions.d.ts.map +1 -1
  193. package/runtime/custom-actions.js +85 -23
  194. package/runtime/eliza-plugin.d.ts.map +1 -1
  195. package/runtime/eliza-plugin.js +15 -1
  196. package/runtime/eliza.d.ts +9 -7
  197. package/runtime/eliza.d.ts.map +1 -1
  198. package/runtime/eliza.js +86 -23
  199. package/runtime/first-time-setup.d.ts +1 -3
  200. package/runtime/first-time-setup.d.ts.map +1 -1
  201. package/runtime/first-time-setup.js +0 -2
  202. package/runtime/index.d.ts +18 -18
  203. package/runtime/load-plugin-from-vfs.d.ts +2 -2
  204. package/runtime/mobile-dns.d.ts.map +1 -1
  205. package/runtime/mobile-dns.js +2 -5
  206. package/runtime/operations/classifier.d.ts +1 -1
  207. package/runtime/operations/cold-strategy.d.ts +1 -1
  208. package/runtime/operations/health-checks.d.ts +1 -1
  209. package/runtime/operations/health.d.ts +1 -1
  210. package/runtime/operations/index.d.ts +10 -10
  211. package/runtime/operations/manager.d.ts +3 -3
  212. package/runtime/operations/reload-hot.d.ts +1 -1
  213. package/runtime/operations/repository.d.ts +1 -1
  214. package/runtime/operations/vault-bridge.d.ts +1 -1
  215. package/runtime/plugin-collector.d.ts +6 -1
  216. package/runtime/plugin-collector.d.ts.map +1 -1
  217. package/runtime/plugin-collector.js +11 -28
  218. package/runtime/plugin-lifecycle.d.ts.map +1 -1
  219. package/runtime/plugin-lifecycle.js +1 -0
  220. package/runtime/plugin-resolver.d.ts +2 -2
  221. package/runtime/plugin-resolver.d.ts.map +1 -1
  222. package/runtime/plugin-resolver.js +113 -65
  223. package/runtime/plugin-types.d.ts +1 -1
  224. package/runtime/prompt-optimization.d.ts +4 -4
  225. package/runtime/remote-coding-runner-gate.d.ts +7 -0
  226. package/runtime/remote-coding-runner-gate.d.ts.map +1 -0
  227. package/runtime/remote-coding-runner-gate.js +36 -0
  228. package/runtime/roles/src/index.d.ts +4 -4
  229. package/runtime/roles.d.ts +2 -2
  230. package/runtime/sandbox-character.d.ts +1 -1
  231. package/runtime/tool-call-cache/cache.d.ts +1 -1
  232. package/runtime/tool-call-cache/disk-store.d.ts +1 -1
  233. package/runtime/tool-call-cache/index.d.ts +6 -6
  234. package/runtime/tool-call-cache/key.d.ts +1 -1
  235. package/runtime/tool-call-cache/redact.d.ts +1 -1
  236. package/runtime/tool-call-cache/registry.d.ts +1 -1
  237. package/runtime/tool-call-cache-wrapper.d.ts +7 -9
  238. package/runtime/tool-call-cache-wrapper.d.ts.map +1 -1
  239. package/runtime/tool-call-cache-wrapper.js +6 -11
  240. package/runtime/trajectory-export.d.ts +3 -3
  241. package/runtime/trajectory-internals.d.ts +2 -1
  242. package/runtime/trajectory-internals.d.ts.map +1 -1
  243. package/runtime/trajectory-persistence.d.ts +5 -5
  244. package/runtime/trajectory-steps-reader.d.ts +1 -1
  245. package/runtime/trajectory-steps-writer.d.ts +1 -1
  246. package/runtime/trajectory-storage.d.ts +4 -4
  247. package/runtime/view-action-affinity.d.ts +18 -15
  248. package/runtime/view-action-affinity.d.ts.map +1 -1
  249. package/runtime/view-action-affinity.js +26 -29
  250. package/runtime/web-search-tools.d.ts +4 -1
  251. package/runtime/web-search-tools.d.ts.map +1 -1
  252. package/runtime/web-search-tools.js +37 -9
  253. package/security/index.d.ts +3 -3
  254. package/services/approval/index.d.ts +9 -0
  255. package/services/approval/index.d.ts.map +1 -0
  256. package/services/approval/index.js +8 -0
  257. package/services/approval/service.d.ts +35 -0
  258. package/services/approval/service.d.ts.map +1 -0
  259. package/services/approval/service.js +40 -0
  260. package/services/approval/sql.d.ts +18 -0
  261. package/services/approval/sql.d.ts.map +1 -0
  262. package/services/approval/sql.js +104 -0
  263. package/services/approval/store.d.ts +39 -0
  264. package/services/approval/store.d.ts.map +1 -0
  265. package/services/approval/store.js +534 -0
  266. package/services/approval/types.d.ts +207 -0
  267. package/services/approval/types.d.ts.map +1 -0
  268. package/services/approval/types.js +34 -0
  269. package/services/character-persistence.d.ts +2 -2
  270. package/services/client-chat-sender.d.ts +1 -1
  271. package/services/config-plugin-manager.d.ts +2 -2
  272. package/services/connector-setup-service.d.ts +1 -1
  273. package/services/cove-quote-x509.d.ts +1 -1
  274. package/services/cove-quote.d.ts +2 -2
  275. package/services/dstack-tee-provider.d.ts +1 -1
  276. package/services/file-storage.d.ts +20 -0
  277. package/services/file-storage.d.ts.map +1 -0
  278. package/services/file-storage.js +70 -0
  279. package/services/global-pause/index.d.ts +8 -0
  280. package/services/global-pause/index.d.ts.map +1 -0
  281. package/services/global-pause/index.js +7 -0
  282. package/services/global-pause/service.d.ts +29 -0
  283. package/services/global-pause/service.d.ts.map +1 -0
  284. package/services/global-pause/service.js +34 -0
  285. package/services/global-pause/store.d.ts +31 -0
  286. package/services/global-pause/store.d.ts.map +1 -0
  287. package/services/global-pause/store.js +83 -0
  288. package/services/handoff/index.d.ts +8 -0
  289. package/services/handoff/index.d.ts.map +1 -0
  290. package/services/handoff/index.js +7 -0
  291. package/services/handoff/service.d.ts +29 -0
  292. package/services/handoff/service.d.ts.map +1 -0
  293. package/services/handoff/service.js +34 -0
  294. package/services/handoff/store.d.ts +76 -0
  295. package/services/handoff/store.d.ts.map +1 -0
  296. package/services/handoff/store.js +148 -0
  297. package/services/index.d.ts +30 -31
  298. package/services/index.d.ts.map +1 -1
  299. package/services/index.js +0 -6
  300. package/services/js-runtime-bridge.d.ts.map +1 -1
  301. package/services/js-runtime-bridge.js +8 -2
  302. package/services/knowledge-graph/index.d.ts +4 -4
  303. package/services/knowledge-graph/service.d.ts +2 -2
  304. package/services/pending-prompts/index.d.ts +8 -0
  305. package/services/pending-prompts/index.d.ts.map +1 -0
  306. package/services/pending-prompts/index.js +7 -0
  307. package/services/pending-prompts/service.d.ts +34 -0
  308. package/services/pending-prompts/service.d.ts.map +1 -0
  309. package/services/pending-prompts/service.js +68 -0
  310. package/services/pending-prompts/store.d.ts +70 -0
  311. package/services/pending-prompts/store.d.ts.map +1 -0
  312. package/services/pending-prompts/store.js +191 -0
  313. package/services/plugin-compiler.d.ts +1 -1
  314. package/services/plugin-installer.d.ts.map +1 -1
  315. package/services/plugin-installer.js +21 -11
  316. package/services/plugin-manager-types.d.ts +1 -1
  317. package/services/proactive-interaction-decider.d.ts +62 -11
  318. package/services/proactive-interaction-decider.d.ts.map +1 -1
  319. package/services/proactive-interaction-decider.js +223 -35
  320. package/services/push/apns-provider.d.ts +1 -1
  321. package/services/push/fcm-provider.d.ts +1 -1
  322. package/services/push/notification-push-service.d.ts +2 -2
  323. package/services/registry-client-app-meta.d.ts +1 -1
  324. package/services/registry-client-endpoints.d.ts +2 -2
  325. package/services/registry-client-local.d.ts +1 -1
  326. package/services/registry-client-network.d.ts +1 -1
  327. package/services/registry-client-queries.d.ts +1 -1
  328. package/services/registry-client.d.ts +3 -3
  329. package/services/relationships-graph.d.ts +1 -1
  330. package/services/remote-capability-cloud-sandbox.d.ts +3 -3
  331. package/services/remote-capability-endpoint-conformance.d.ts +1 -1
  332. package/services/remote-capability-endpoint-provider.d.ts +4 -4
  333. package/services/remote-capability-url-endpoint-providers.d.ts +1 -1
  334. package/services/remote-plugin-adapter.d.ts.map +1 -1
  335. package/services/remote-plugin-adapter.js +3 -0
  336. package/services/remote-plugin-bridge.d.ts.map +1 -1
  337. package/services/remote-plugin-bridge.js +97 -26
  338. package/services/remote-signing-service.d.ts +4 -4
  339. package/services/research-task-executor.d.ts +1 -1
  340. package/services/sandbox-manager.d.ts +1 -1
  341. package/services/self-updater.d.ts +1 -1
  342. package/services/self-updater.d.ts.map +1 -1
  343. package/services/self-updater.js +23 -9
  344. package/services/shell-execution-router.d.ts +1 -1
  345. package/services/shell-execution-router.d.ts.map +1 -1
  346. package/services/shell-execution-router.js +19 -2
  347. package/services/tee-boot-gate-state.d.ts +1 -1
  348. package/services/tee-boot-gate.d.ts +4 -4
  349. package/services/tee-confidential-inference.d.ts +3 -3
  350. package/services/tee-key-release.d.ts +2 -2
  351. package/services/tee-model-key-boot.d.ts +4 -4
  352. package/services/tee-policy.d.ts +1 -1
  353. package/services/tee-production-profile.d.ts +1 -1
  354. package/services/tee-release-policy.d.ts +1 -1
  355. package/services/tee-revocation.d.ts +2 -2
  356. package/services/tee-runtime-config.d.ts +1 -1
  357. package/services/tee-sealed-volume.d.ts +3 -3
  358. package/services/tee-signer-backend.d.ts +3 -3
  359. package/services/update-checker.d.ts +1 -1
  360. package/services/vault-signer-backend.d.ts +1 -1
  361. package/services/vfs-git.d.ts +1 -1
  362. package/test-support/index.d.ts +3 -3
  363. package/triggers/runtime.d.ts +1 -1
  364. package/triggers/scheduling.d.ts +3 -22
  365. package/triggers/scheduling.d.ts.map +1 -1
  366. package/triggers/scheduling.js +2 -214
  367. package/tui/agent-terminal-tui.d.ts.map +1 -1
  368. package/tui/agent-terminal-tui.js +174 -72
  369. package/types/index.d.ts +3 -3
  370. package/api/nfa-routes.d.ts +0 -6
  371. package/api/nfa-routes.d.ts.map +0 -1
  372. package/api/nfa-routes.js +0 -125
  373. package/api/server-auth.d.ts +0 -46
  374. package/api/server-auth.d.ts.map +0 -1
  375. package/api/server-auth.js +0 -504
  376. package/runtime/restart.d.ts +0 -9
  377. package/runtime/restart.d.ts.map +0 -1
  378. package/runtime/restart.js +0 -8
  379. package/test-utils/sqlite-compat.d.ts +0 -23
  380. package/test-utils/sqlite-compat.d.ts.map +0 -1
  381. package/test-utils/sqlite-compat.js +0 -214
package/api/index.d.ts CHANGED
@@ -1,43 +1,44 @@
1
1
  export { type AppManagerLike, type AppsRouteContext, type FavoriteAppsStore, handleAppsRoutes, } from "@elizaos/plugin-app-manager";
2
2
  export type { WalletAddressesSnapshot, WalletRouteContext, WalletRouteDependencies, WalletRpcReadinessSnapshot, } from "@elizaos/plugin-wallet";
3
3
  export declare const handleWalletRoutes: typeof import("@elizaos/plugin-wallet").handleWalletRoutes;
4
- export * from "./accounts-routes.ts";
5
- export * from "./agent-admin-routes.ts";
6
- export * from "./agent-lifecycle-routes.ts";
7
- export * from "./agent-model.ts";
8
- export * from "./agent-transfer-routes.ts";
9
- export * from "./auth-routes.ts";
10
- export * from "./bug-report-routes.ts";
11
- export * from "./character-routes.ts";
12
- export * from "./compat-utils.ts";
13
- export * from "./connector-health.ts";
14
- export * from "./credit-detection.ts";
15
- export * from "./database.ts";
16
- export * from "./diagnostics-routes.ts";
17
- export { type DispatchRouteArgs, dispatchRoute, } from "./dispatch-route.ts";
18
- export * from "./documents-service-loader.ts";
19
- export * from "./early-logs.ts";
20
- export * from "./memory-bounds.ts";
21
- export * from "./memory-routes.ts";
22
- export * from "./models-routes.ts";
23
- export * from "./parse-action-block.ts";
24
- export * from "./permission-request-prompt.ts";
25
- export * from "./permissions-routes.ts";
26
- export * from "./plugin-validation.ts";
27
- export * from "./provider-switch-config.ts";
28
- export * from "./rate-limiter.ts";
29
- export * from "./registry-routes.ts";
30
- export * from "./registry-service.ts";
31
- export { matchPluginRoutePath, tryHandleRuntimePluginRoute, } from "./runtime-plugin-routes.ts";
32
- export * from "./subscription-routes.ts";
33
- export * from "./terminal-run-limits.ts";
34
- export * from "./training-backend-check.ts";
35
- export * from "./training-service-like.ts";
36
- export * from "./tx-service.ts";
37
- export * from "./wallet.ts";
38
- export * from "./wallet-evm-balance.ts";
39
- export * from "./wallet-rpc.ts";
40
- export * from "./wallet-trading-profile.ts";
41
- export * from "./workbench-vfs-routes.ts";
42
- export * from "./zip-utils.ts";
4
+ export * from "./accounts-routes.js";
5
+ export * from "./agent-admin-routes.js";
6
+ export * from "./agent-lifecycle-routes.js";
7
+ export * from "./agent-model.js";
8
+ export * from "./agent-transfer-routes.js";
9
+ export * from "./approval-routes.js";
10
+ export * from "./auth-routes.js";
11
+ export * from "./bug-report-routes.js";
12
+ export * from "./character-routes.js";
13
+ export * from "./compat-utils.js";
14
+ export * from "./connector-health.js";
15
+ export * from "./credit-detection.js";
16
+ export * from "./database.js";
17
+ export * from "./diagnostics-routes.js";
18
+ export { type DispatchRouteArgs, dispatchRoute, } from "./dispatch-route.js";
19
+ export * from "./documents-service-loader.js";
20
+ export * from "./early-logs.js";
21
+ export * from "./memory-bounds.js";
22
+ export * from "./memory-routes.js";
23
+ export * from "./models-routes.js";
24
+ export * from "./parse-action-block.js";
25
+ export * from "./permission-request-prompt.js";
26
+ export * from "./permissions-routes.js";
27
+ export * from "./plugin-validation.js";
28
+ export * from "./provider-switch-config.js";
29
+ export * from "./rate-limiter.js";
30
+ export * from "./registry-routes.js";
31
+ export * from "./registry-service.js";
32
+ export { matchPluginRoutePath, tryHandleRuntimePluginRoute, } from "./runtime-plugin-routes.js";
33
+ export * from "./subscription-routes.js";
34
+ export * from "./terminal-run-limits.js";
35
+ export * from "./training-backend-check.js";
36
+ export * from "./training-service-like.js";
37
+ export * from "./tx-service.js";
38
+ export * from "./wallet.js";
39
+ export * from "./wallet-evm-balance.js";
40
+ export * from "./wallet-rpc.js";
41
+ export * from "./wallet-trading-profile.js";
42
+ export * from "./workbench-vfs-routes.js";
43
+ export * from "./zip-utils.js";
43
44
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AAMrC,YAAY,EACV,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,eAAO,MAAM,kBAAkB,EAAE,cAAc,wBAAwB,EAAE,kBAItE,CAAC;AACJ,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kBAAkB,CAAC;AACjC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,KAAK,iBAAiB,EACtB,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gBAAgB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,gBAAgB,EACrB,KAAK,iBAAiB,EACtB,gBAAgB,GACjB,MAAM,6BAA6B,CAAC;AAMrC,YAAY,EACV,uBAAuB,EACvB,kBAAkB,EAClB,uBAAuB,EACvB,0BAA0B,GAC3B,MAAM,wBAAwB,CAAC;AAChC,eAAO,MAAM,kBAAkB,EAAE,cAAc,wBAAwB,EAAE,kBAItE,CAAC;AACJ,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kBAAkB,CAAC;AACjC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,sBAAsB,CAAC;AACrC,cAAc,kBAAkB,CAAC;AACjC,cAAc,wBAAwB,CAAC;AACvC,cAAc,uBAAuB,CAAC;AACtC,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,eAAe,CAAC;AAC9B,cAAc,yBAAyB,CAAC;AACxC,OAAO,EACL,KAAK,iBAAiB,EACtB,aAAa,GACd,MAAM,qBAAqB,CAAC;AAC7B,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,yBAAyB,CAAC;AACxC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yBAAyB,CAAC;AACxC,cAAc,wBAAwB,CAAC;AACvC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mBAAmB,CAAC;AAClC,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AAKtC,OAAO,EACL,oBAAoB,EACpB,2BAA2B,GAC5B,MAAM,4BAA4B,CAAC;AACpC,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,yBAAyB,CAAC;AACxC,cAAc,iBAAiB,CAAC;AAChC,cAAc,6BAA6B,CAAC;AAC5C,cAAc,2BAA2B,CAAC;AAC1C,cAAc,gBAAgB,CAAC"}
package/api/index.js CHANGED
@@ -12,6 +12,7 @@ export * from "./agent-admin-routes.js";
12
12
  export * from "./agent-lifecycle-routes.js";
13
13
  export * from "./agent-model.js";
14
14
  export * from "./agent-transfer-routes.js";
15
+ export * from "./approval-routes.js";
15
16
  export * from "./auth-routes.js";
16
17
  export * from "./bug-report-routes.js";
17
18
  export * from "./character-routes.js";
@@ -0,0 +1,33 @@
1
+ /**
2
+ * POST /api/interactions/shortcut — report a user-fired UI/keyboard shortcut so
3
+ * the agent observes it as a first-class interaction (#8792).
4
+ *
5
+ * The view-switch half of this contract lives in `views-routes.ts`
6
+ * (`POST /api/views/:id/navigate` → `VIEW_SWITCHED`). This is the keyboard /
7
+ * command-palette half: the client reports a stable `shortcutId` and the route
8
+ * emits `EventType.SHORTCUT_FIRED`, which the proactive-interaction decider
9
+ * consumes (governed by debounce / cooldown / daily-cap / model-judge-silent).
10
+ *
11
+ * Emission is fire-and-forget: a dropped event must never break the shortcut the
12
+ * user actually pressed. This route is auth+proxy thin — it records nothing and
13
+ * computes nothing beyond input validation.
14
+ */
15
+ import type http from "node:http";
16
+ import { type AgentRuntime } from "@elizaos/core";
17
+ export interface InteractionsRouteContext {
18
+ req: http.IncomingMessage;
19
+ res: http.ServerResponse;
20
+ method: string;
21
+ pathname: string;
22
+ json: (res: http.ServerResponse, data: unknown, status?: number) => void;
23
+ error: (res: http.ServerResponse, message: string, status?: number) => void;
24
+ runtime: AgentRuntime | null | undefined;
25
+ }
26
+ export interface ShortcutInteractionRequest {
27
+ shortcutId: string;
28
+ context?: string;
29
+ }
30
+ /** Parse + validate the shortcut report body; null on anything malformed. */
31
+ export declare function parseShortcutBody(raw: string): ShortcutInteractionRequest | null;
32
+ export declare function handleInteractionsRoutes(ctx: InteractionsRouteContext): Promise<boolean>;
33
+ //# sourceMappingURL=interactions-routes.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"interactions-routes.d.ts","sourceRoot":"","sources":["../../src/api/interactions-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EACL,KAAK,YAAY,EAGlB,MAAM,eAAe,CAAC;AAQvB,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC;IAC1B,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IACzE,KAAK,EAAE,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IAC5E,OAAO,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,CAAC;CAC1C;AAED,MAAM,WAAW,0BAA0B;IACzC,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,6EAA6E;AAC7E,wBAAgB,iBAAiB,CAC/B,GAAG,EAAE,MAAM,GACV,0BAA0B,GAAG,IAAI,CAoBnC;AAED,wBAAsB,wBAAwB,CAC5C,GAAG,EAAE,wBAAwB,GAC5B,OAAO,CAAC,OAAO,CAAC,CAuClB"}
@@ -0,0 +1,63 @@
1
+ import { EventType, readRequestBodyBuffer, } from "@elizaos/core";
2
+ const MAX_BODY_BYTES = 4 * 1024;
3
+ /** Stable shortcut id: kebab-case, bounded length (e.g. "open-command-palette"). */
4
+ const SHORTCUT_ID_PATTERN = /^[a-z][a-z0-9-]{1,48}$/;
5
+ const MAX_CONTEXT_CHARS = 120;
6
+ /** Parse + validate the shortcut report body; null on anything malformed. */
7
+ export function parseShortcutBody(raw) {
8
+ if (!raw.trim())
9
+ return null;
10
+ let parsed;
11
+ try {
12
+ parsed = JSON.parse(raw);
13
+ }
14
+ catch {
15
+ return null;
16
+ }
17
+ if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
18
+ return null;
19
+ }
20
+ const body = parsed;
21
+ const shortcutId = typeof body.shortcutId === "string" ? body.shortcutId.trim() : "";
22
+ if (!SHORTCUT_ID_PATTERN.test(shortcutId))
23
+ return null;
24
+ const context = typeof body.context === "string" && body.context.trim()
25
+ ? body.context.trim().slice(0, MAX_CONTEXT_CHARS)
26
+ : undefined;
27
+ return { shortcutId, ...(context ? { context } : {}) };
28
+ }
29
+ export async function handleInteractionsRoutes(ctx) {
30
+ const { req, res, method, pathname, json, error, runtime } = ctx;
31
+ if (pathname !== "/api/interactions/shortcut")
32
+ return false;
33
+ if (method !== "POST") {
34
+ error(res, "Method not allowed", 405);
35
+ return true;
36
+ }
37
+ const buffer = await readRequestBodyBuffer(req, {
38
+ maxBytes: MAX_BODY_BYTES,
39
+ returnNullOnTooLarge: true,
40
+ });
41
+ const request = parseShortcutBody(buffer?.toString("utf8") ?? "");
42
+ if (!request) {
43
+ error(res, "Invalid shortcut interaction body", 400);
44
+ return true;
45
+ }
46
+ // Emit the first-class SHORTCUT_FIRED interaction event (#8792). Fire-and-forget
47
+ // so the proactive decider can react without ever blocking the response.
48
+ if (runtime) {
49
+ void runtime
50
+ .emitEvent(EventType.SHORTCUT_FIRED, {
51
+ runtime,
52
+ source: "shortcut-interaction",
53
+ shortcutId: request.shortcutId,
54
+ ...(request.context ? { context: request.context } : {}),
55
+ initiatedBy: "user",
56
+ })
57
+ .catch((err) => {
58
+ runtime.logger?.debug?.({ src: "InteractionsRoutes", err }, "[InteractionsRoutes] SHORTCUT_FIRED emit failed");
59
+ });
60
+ }
61
+ json(res, { ok: true, shortcutId: request.shortcutId });
62
+ return true;
63
+ }
@@ -7,7 +7,7 @@
7
7
  * The pure store lives in `./media-store.ts`; this module only connects it to
8
8
  * the runtime (routes / pipeline hooks / tasks).
9
9
  */
10
- import type { IAgentRuntime, Route } from "@elizaos/core";
10
+ import type { IAgentRuntime, Memory, Route } from "@elizaos/core";
11
11
  /**
12
12
  * Public GET route for stored media. On HTTP platforms (browser, desktop,
13
13
  * Android) the pre-auth `serveMediaFile` handler answers first and this route
@@ -26,6 +26,7 @@ export declare const mediaFileRoute: Route;
26
26
  * to both the wire response and the saved memory.
27
27
  */
28
28
  export declare function registerMediaPipelineHook(runtime: IAgentRuntime): void;
29
+ export declare function collectReferencedMedia(memories: Memory[]): Set<string>;
29
30
  /**
30
31
  * Register the orphan-media GC: a daily task that diffs every live message
31
32
  * attachment URL against the store and deletes files no message references
@@ -1 +1 @@
1
- {"version":3,"file":"media-runtime.d.ts","sourceRoot":"","sources":["../../src/api/media-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAU,KAAK,EAAE,MAAM,eAAe,CAAC;AAYlE;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,EAAE,KAmB5B,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAyBtE;AAsBD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CA2ChE"}
1
+ {"version":3,"file":"media-runtime.d.ts","sourceRoot":"","sources":["../../src/api/media-runtime.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAkDlE;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,EAAE,KAmB5B,CAAC;AAEF;;;;;;;;GAQG;AACH,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAyCtE;AAMD,wBAAgB,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC,CAyBtE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CA2ChE"}
@@ -7,7 +7,38 @@
7
7
  * The pure store lives in `./media-store.ts`; this module only connects it to
8
8
  * the runtime (routes / pipeline hooks / tasks).
9
9
  */
10
- import { ensureThumbnailForStoredFile, gcUnreferencedMedia, handleMediaRouteRequest, isStoredMediaUrl, mediaFileNameFromUrl, persistAttachmentUrlIfInline, } from "./media-store.js";
10
+ import { fetchRemoteMedia, logger } from "@elizaos/core";
11
+ import { ensureThumbnailForStoredFile, gcUnreferencedMedia, handleMediaRouteRequest, isStoredMediaUrl, mediaFileNameFromUrl, persistAttachmentUrlIfInline, persistMediaBytes, } from "./media-store.js";
12
+ /** Cap on bytes pulled while rehosting a remote attachment into the store. */
13
+ const REHOST_MAX_BYTES = 50 * 1024 * 1024;
14
+ /** Media content types worth rehosting (skip `link` and unknown). */
15
+ const REHOSTABLE_CONTENT_TYPES = new Set([
16
+ "image",
17
+ "video",
18
+ "audio",
19
+ "document",
20
+ ]);
21
+ /**
22
+ * Rehost a remote (http/https) media URL into the content-addressed store via
23
+ * the SSRF-guarded fetcher (blocks private/loopback) with a hard size cap, so an
24
+ * agent-generated/provider URL that may expire becomes a durable, same-origin
25
+ * `/api/media/<hash>` URL. Returns the served URL, or null on any failure
26
+ * (blocked host, too large, unreachable) so the caller can keep the original.
27
+ */
28
+ async function rehostRemoteMediaUrl(url) {
29
+ try {
30
+ const { buffer, contentType } = await fetchRemoteMedia({
31
+ url,
32
+ maxBytes: REHOST_MAX_BYTES,
33
+ });
34
+ return persistMediaBytes(buffer, contentType ?? "application/octet-stream")
35
+ .url;
36
+ }
37
+ catch (err) {
38
+ logger.warn(`[media-persist] failed to rehost ${url}: ${err instanceof Error ? err.message : String(err)}`);
39
+ return null;
40
+ }
41
+ }
11
42
  const MEDIA_URL_PREFIX = "/api/media/";
12
43
  /**
13
44
  * Public GET route for stored media. On HTTP platforms (browser, desktop,
@@ -58,6 +89,22 @@ export function registerMediaPipelineHook(runtime) {
58
89
  if (attachment.url.startsWith("data:")) {
59
90
  attachment.url = persistAttachmentUrlIfInline(attachment.url);
60
91
  }
92
+ else if (/^https?:\/\//i.test(attachment.url) &&
93
+ !isStoredMediaUrl(attachment.url) &&
94
+ typeof attachment.contentType === "string" &&
95
+ REHOSTABLE_CONTENT_TYPES.has(attachment.contentType)) {
96
+ // Rehost remote agent-generated/outgoing media into the durable store
97
+ // so a provider URL that may expire doesn't leave a broken tile in
98
+ // history. SSRF-guarded + size-capped; on failure keep the original
99
+ // URL and mark it ephemeral so the UI can offer a retry.
100
+ const rehosted = await rehostRemoteMediaUrl(attachment.url);
101
+ if (rehosted) {
102
+ attachment.url = rehosted;
103
+ }
104
+ else {
105
+ attachment.ephemeral = true;
106
+ }
107
+ }
61
108
  // Pre-compute a thumbnail for stored images lacking one (generated
62
109
  // media). `ensureThumbnailForStoredFile` self-gates on image mime/size.
63
110
  if (!attachment.thumbnailUrl && isStoredMediaUrl(attachment.url)) {
@@ -75,15 +122,25 @@ export function registerMediaPipelineHook(runtime) {
75
122
  const MEDIA_GC_TASK_NAME = "MEDIA_GC";
76
123
  const MEDIA_GC_TAGS = ["queue", "repeat", "media-gc"];
77
124
  const MEDIA_GC_INTERVAL_MS = 24 * 60 * 60 * 1000; // daily
78
- function collectReferencedMedia(memories) {
125
+ export function collectReferencedMedia(memories) {
79
126
  const referenced = new Set();
80
127
  for (const memory of memories) {
81
128
  const attachments = memory.content?.attachments;
82
- if (!Array.isArray(attachments))
83
- continue;
84
- for (const attachment of attachments) {
85
- const url = typeof attachment?.url === "string" ? attachment.url : "";
86
- const name = mediaFileNameFromUrl(url);
129
+ if (Array.isArray(attachments)) {
130
+ for (const attachment of attachments) {
131
+ const url = typeof attachment?.url === "string" ? attachment.url : "";
132
+ const name = mediaFileNameFromUrl(url);
133
+ if (name)
134
+ referenced.add(name);
135
+ }
136
+ }
137
+ // Document-linked original-bytes files: a knowledge document references its
138
+ // stored original via `metadata.mediaUrl` (no content.attachments entry).
139
+ // Collect it so the file survives GC while the document still references it.
140
+ const mediaUrl = memory.metadata
141
+ ?.mediaUrl;
142
+ if (typeof mediaUrl === "string") {
143
+ const name = mediaFileNameFromUrl(mediaUrl);
87
144
  if (name)
88
145
  referenced.add(name);
89
146
  }
@@ -14,6 +14,22 @@
14
14
  * content-addressed pattern from the dedicated media directory.
15
15
  */
16
16
  import type http from "node:http";
17
+ /**
18
+ * MIME types that are safe to render inline in a browser context. Everything
19
+ * else — notably `image/svg+xml`, `text/html`, and unknown/active types — is
20
+ * served with `Content-Disposition: attachment` so it can never execute script
21
+ * on the dashboard origin (stored-XSS defence). SVG is deliberately excluded:
22
+ * it is an XML document that can carry `<script>` and event handlers.
23
+ */
24
+ export declare function isInlineSafeMime(mime: string): boolean;
25
+ /**
26
+ * Sniff the leading bytes for active XML/HTML markup. Returns the TRUE dangerous
27
+ * mime when the content is SVG or HTML, else null. Used to reconcile a declared
28
+ * "safe image" mime against bytes that are really markup, so the store records
29
+ * (and later serves) the truthful, attachment-served type — defence in depth on
30
+ * top of the strict extension map and the nosniff header.
31
+ */
32
+ export declare function sniffMarkupMime(buffer: Buffer): string | null;
17
33
  export interface MediaFileStat {
18
34
  name: string;
19
35
  size: number;
@@ -50,6 +66,26 @@ export declare function gcUnreferencedMedia(referenced: Set<string>): {
50
66
  removed: number;
51
67
  scanned: number;
52
68
  };
69
+ export interface MediaFileInfo {
70
+ fileName: string;
71
+ url: string;
72
+ hash: string;
73
+ mimeType: string;
74
+ size: number;
75
+ createdAt: number;
76
+ }
77
+ /**
78
+ * List every stored media file with derived metadata (size, mime, mtime) for
79
+ * the Files surface. Read-only directory scan; never throws (returns [] on
80
+ * failure). Metadata is derived (no separate index), matching the
81
+ * content-addressed model — original filenames aren't retained here.
82
+ */
83
+ export declare function listMediaFiles(): MediaFileInfo[];
84
+ /**
85
+ * Delete a stored media file by its strict content-addressed name. Returns true
86
+ * when removed. Validates the name + dir to defend against traversal.
87
+ */
88
+ export declare function deleteMediaFile(fileName: string): boolean;
53
89
  /**
54
90
  * Serve a media file for the IN-PROCESS route path (iOS, where no HTTP server
55
91
  * runs and requests are dispatched over `runtime.routes`). Returns a
@@ -1 +1 @@
1
- {"version":3,"file":"media-store.d.ts","sourceRoot":"","sources":["../../src/api/media-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAoGlC,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,aAAa,EAAE,EACtB,GAAG,EAAE,MAAM,GACV,MAAM,EAAE,CAYV;AAiDD,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC;IACZ,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,yFAAyF;AACzF,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,cAAc,CAShB;AAID,kFAAkF;AAClF,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAgBrE;AAED,4EAA4E;AAC5E,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAErD;AAED,yFAAyF;AACzF,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI/D;AAMD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAgCA;AA4DD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BpE;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAiET;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQxB;AAED;;;;GAIG;AACH,wBAAsB,4BAA4B,CAChD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAWxB;AAED,kFAAkF;AAClF,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAahE"}
1
+ {"version":3,"file":"media-store.d.ts","sourceRoot":"","sources":["../../src/api/media-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAsElC;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAStD;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiC7D;AAsDD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,aAAa,EAAE,EACtB,GAAG,EAAE,MAAM,GACV,MAAM,EAAE,CAYV;AAiDD,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC;IACZ,4DAA4D;IAC5D,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,yFAAyF;AACzF,wBAAgB,iBAAiB,CAC/B,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,cAAc,CAuBhB;AAID,kFAAkF;AAClF,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,cAAc,GAAG,IAAI,CAgBrE;AAED,4EAA4E;AAC5E,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAErD;AAED,yFAAyF;AACzF,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAI/D;AAMD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG;IAC5D,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB,CAgCA;AAOD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,IAAI,aAAa,EAAE,CA6BhD;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAWzD;AAwDD;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,GACb;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,CA2BpE;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,GAAG,EAAE,IAAI,CAAC,eAAe,EACzB,GAAG,EAAE,IAAI,CAAC,cAAc,EACxB,QAAQ,EAAE,MAAM,GACf,OAAO,CAkET;AAED;;;;GAIG;AACH,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAQxB;AAED;;;;GAIG;AACH,wBAAsB,4BAA4B,CAChD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAWxB;AAED,kFAAkF;AAClF,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAahE"}
@@ -79,6 +79,76 @@ const MIME_BY_EXT = {
79
79
  /** Strict content-addressed name: 64-hex sha256 + short alphanumeric extension. */
80
80
  const MEDIA_FILE_NAME = /^[a-f0-9]{64}\.[a-z0-9]{1,8}$/;
81
81
  const MEDIA_URL_PREFIX = "/api/media/";
82
+ /**
83
+ * MIME types that are safe to render inline in a browser context. Everything
84
+ * else — notably `image/svg+xml`, `text/html`, and unknown/active types — is
85
+ * served with `Content-Disposition: attachment` so it can never execute script
86
+ * on the dashboard origin (stored-XSS defence). SVG is deliberately excluded:
87
+ * it is an XML document that can carry `<script>` and event handlers.
88
+ */
89
+ export function isInlineSafeMime(mime) {
90
+ const m = (mime.split(";")[0] ?? "").trim().toLowerCase();
91
+ if (m === "image/svg+xml")
92
+ return false;
93
+ return ((m.startsWith("image/") && m !== "image/svg+xml") ||
94
+ m.startsWith("audio/") ||
95
+ m.startsWith("video/") ||
96
+ m === "application/pdf");
97
+ }
98
+ /**
99
+ * Sniff the leading bytes for active XML/HTML markup. Returns the TRUE dangerous
100
+ * mime when the content is SVG or HTML, else null. Used to reconcile a declared
101
+ * "safe image" mime against bytes that are really markup, so the store records
102
+ * (and later serves) the truthful, attachment-served type — defence in depth on
103
+ * top of the strict extension map and the nosniff header.
104
+ */
105
+ export function sniffMarkupMime(buffer) {
106
+ // Skip a leading UTF-8 BOM / whitespace before peeking at the first token.
107
+ let i = 0;
108
+ if (buffer.length >= 3 &&
109
+ buffer[0] === 0xef &&
110
+ buffer[1] === 0xbb &&
111
+ buffer[2] === 0xbf) {
112
+ i = 3;
113
+ }
114
+ while (i < buffer.length && i < 64) {
115
+ const c = buffer[i];
116
+ if (c === 0x20 || c === 0x09 || c === 0x0a || c === 0x0d) {
117
+ i += 1;
118
+ continue;
119
+ }
120
+ break;
121
+ }
122
+ const head = buffer
123
+ .subarray(i, Math.min(buffer.length, i + 512))
124
+ .toString("utf8")
125
+ .toLowerCase();
126
+ if (head.startsWith("<svg") ||
127
+ (head.startsWith("<?xml") && head.includes("<svg"))) {
128
+ return "image/svg+xml";
129
+ }
130
+ if (head.startsWith("<!doctype html") || head.startsWith("<html")) {
131
+ return "text/html";
132
+ }
133
+ return null;
134
+ }
135
+ /**
136
+ * Build the security headers for a served media response. Always sets
137
+ * `X-Content-Type-Options: nosniff` (so a mislabelled image is never sniffed to
138
+ * HTML) and a fully-sandboxed CSP (applies when the URL is navigated to as a
139
+ * document). Inline-safe types render inline; everything else (SVG, HTML,
140
+ * unknown/active) is forced to download so it cannot execute on this origin.
141
+ */
142
+ function mediaSecurityHeaders(fileName, contentType) {
143
+ const disposition = isInlineSafeMime(contentType)
144
+ ? "inline"
145
+ : `attachment; filename="${fileName}"`;
146
+ return {
147
+ "X-Content-Type-Options": "nosniff",
148
+ "Content-Disposition": disposition,
149
+ "Content-Security-Policy": "default-src 'none'; style-src 'unsafe-inline'; sandbox",
150
+ };
151
+ }
82
152
  let cachedMediaDir = null;
83
153
  function mediaDir() {
84
154
  if (cachedMediaDir)
@@ -173,8 +243,20 @@ function maybeEvict() {
173
243
  }
174
244
  /** Write bytes to the content-addressed store (idempotent) and return the served URL. */
175
245
  export function persistMediaBytes(buffer, mimeType) {
246
+ // Reconcile a declared "safe image" mime against bytes that are really active
247
+ // markup (SVG/HTML), so the store records the truthful type and the serve path
248
+ // forces an attachment download instead of inline rendering. Truthful active
249
+ // types declared up front are left as-is (still served as attachments).
250
+ let effectiveMime = mimeType;
251
+ if (isInlineSafeMime(mimeType)) {
252
+ const sniffed = sniffMarkupMime(buffer);
253
+ if (sniffed) {
254
+ logger.warn(`[media-store] declared ${mimeType} but content sniffed as ${sniffed}; storing as ${sniffed} (served as download)`);
255
+ effectiveMime = sniffed;
256
+ }
257
+ }
176
258
  const hash = crypto.createHash("sha256").update(buffer).digest("hex");
177
- const fileName = `${hash}.${extForMime(mimeType)}`;
259
+ const fileName = `${hash}.${extForMime(effectiveMime)}`;
178
260
  const filePath = path.join(mediaDir(), fileName);
179
261
  if (!fs.existsSync(filePath)) {
180
262
  fs.writeFileSync(filePath, buffer);
@@ -260,6 +342,61 @@ function mimeForFile(fileName) {
260
342
  const ext = fileName.split(".").pop()?.toLowerCase() ?? "bin";
261
343
  return MIME_BY_EXT[ext] ?? "application/octet-stream";
262
344
  }
345
+ /**
346
+ * List every stored media file with derived metadata (size, mime, mtime) for
347
+ * the Files surface. Read-only directory scan; never throws (returns [] on
348
+ * failure). Metadata is derived (no separate index), matching the
349
+ * content-addressed model — original filenames aren't retained here.
350
+ */
351
+ export function listMediaFiles() {
352
+ const out = [];
353
+ try {
354
+ const dir = mediaDir();
355
+ for (const name of fs.readdirSync(dir)) {
356
+ if (!MEDIA_FILE_NAME.test(name))
357
+ continue;
358
+ try {
359
+ const stat = fs.statSync(path.join(dir, name));
360
+ if (!stat.isFile())
361
+ continue;
362
+ out.push({
363
+ fileName: name,
364
+ url: `${MEDIA_URL_PREFIX}${name}`,
365
+ hash: name.split(".")[0] ?? name,
366
+ mimeType: mimeForFile(name),
367
+ size: stat.size,
368
+ createdAt: stat.mtimeMs,
369
+ });
370
+ }
371
+ catch {
372
+ // file vanished mid-scan — skip
373
+ }
374
+ }
375
+ }
376
+ catch (err) {
377
+ logger.warn(`[media-store] list failed: ${err instanceof Error ? err.message : String(err)}`);
378
+ }
379
+ return out;
380
+ }
381
+ /**
382
+ * Delete a stored media file by its strict content-addressed name. Returns true
383
+ * when removed. Validates the name + dir to defend against traversal.
384
+ */
385
+ export function deleteMediaFile(fileName) {
386
+ if (!MEDIA_FILE_NAME.test(fileName))
387
+ return false;
388
+ try {
389
+ const dir = mediaDir();
390
+ const filePath = path.join(dir, fileName);
391
+ if (path.dirname(filePath) !== dir)
392
+ return false;
393
+ fs.unlinkSync(filePath);
394
+ return true;
395
+ }
396
+ catch {
397
+ return false;
398
+ }
399
+ }
263
400
  // Touch-on-serve → LRU: bump the file's mtime when it's served so eviction
264
401
  // (oldest-mtime-first) keeps frequently-viewed media and drops the truly cold
265
402
  // files. Throttled per file so a burst of range requests doesn't thrash the fs.
@@ -307,7 +444,7 @@ function resolveMediaFile(pathname) {
307
444
  return { error: 404 };
308
445
  }
309
446
  touchOnServe(filePath);
310
- return { filePath, size: stat.size, contentType: mimeForFile(name) };
447
+ return { filePath, size: stat.size, contentType: mimeForFile(name), name };
311
448
  }
312
449
  /**
313
450
  * Serve a media file for the IN-PROCESS route path (iOS, where no HTTP server
@@ -337,6 +474,7 @@ export function handleMediaRouteRequest(pathname, method) {
337
474
  "Content-Type": resolved.contentType,
338
475
  "Cache-Control": "public, max-age=31536000, immutable",
339
476
  "Content-Length": String(resolved.size),
477
+ ...mediaSecurityHeaders(resolved.name, resolved.contentType),
340
478
  };
341
479
  if (method === "HEAD")
342
480
  return { status: 200, headers };
@@ -367,6 +505,7 @@ export function serveMediaFile(req, res, pathname) {
367
505
  "Content-Type": contentType,
368
506
  "Cache-Control": "public, max-age=31536000, immutable",
369
507
  "Accept-Ranges": "bytes",
508
+ ...mediaSecurityHeaders(resolved.name, contentType),
370
509
  };
371
510
  const range = req.headers.range;
372
511
  if (range && method === "GET") {
@@ -1,6 +1,5 @@
1
1
  /**
2
2
  * Pure helper functions for bounded in-memory data structures.
3
- * Extracted from server.ts so they can be unit-tested in isolation.
4
3
  *
5
4
  * @module
6
5
  */
@@ -1 +1 @@
1
- {"version":3,"file":"memory-bounds.d.ts","sourceRoot":"","sources":["../../src/api/memory-bounds.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,UAAU,cAAc;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,EAChC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,GAChB,IAAI,CAKN;AAID,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,gBAAgB,EAChE,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,EACnB,GAAG,EAAE,MAAM,GACV,MAAM,GAAG,IAAI,CAcf;AAID;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,MAAM,EAAE,CAAC,EAAE,EACX,KAAK,EAAE,CAAC,EACR,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,MAAM,CAMR;AAID,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,EAC/B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,MAAM,CAaR"}
1
+ {"version":3,"file":"memory-bounds.d.ts","sourceRoot":"","sources":["../../src/api/memory-bounds.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,UAAU,cAAc;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,cAAc,CAAC,EAChC,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,MAAM,GAChB,IAAI,CAKN;AAID,UAAU,gBAAgB;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,CAAC,SAAS,gBAAgB,EAChE,GAAG,EAAE,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,EACnB,GAAG,EAAE,MAAM,GACV,MAAM,GAAG,IAAI,CAcf;AAID;;;;;;;;GAQG;AACH,wBAAgB,kBAAkB,CAAC,CAAC,EAClC,MAAM,EAAE,CAAC,EAAE,EACX,KAAK,EAAE,CAAC,EACR,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,MAAM,CAMR;AAID,UAAU,UAAU;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,mBAAmB,CACjC,KAAK,EAAE,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,EAC9B,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,EAC/B,UAAU,EAAE,MAAM,EAClB,aAAa,EAAE,MAAM,GACpB,MAAM,CAaR"}
@@ -1,6 +1,5 @@
1
1
  /**
2
2
  * Pure helper functions for bounded in-memory data structures.
3
- * Extracted from server.ts so they can be unit-tested in isolation.
4
3
  *
5
4
  * @module
6
5
  */
@@ -1,7 +1,7 @@
1
1
  import type http from "node:http";
2
2
  import { type AgentRuntime } from "@elizaos/core";
3
3
  import type { ReadJsonBodyOptions } from "@elizaos/shared";
4
- import type { ElizaConfig } from "../config/config.ts";
4
+ import type { ElizaConfig } from "../config/config.js";
5
5
  interface StreamEventEnvelope {
6
6
  type: string;
7
7
  version: number;
@@ -1,8 +1,8 @@
1
1
  /**
2
2
  * Model and provider discovery helpers.
3
3
  *
4
- * Extracted from server.ts. Handles model listing, provider caching,
5
- * and inventory (chain/RPC) option resolution.
4
+ * Handles model listing, provider caching, and inventory (chain/RPC)
5
+ * option resolution.
6
6
  */
7
7
  type ModelOption = {
8
8
  id: string;
@@ -1,8 +1,8 @@
1
1
  /**
2
2
  * Model and provider discovery helpers.
3
3
  *
4
- * Extracted from server.ts. Handles model listing, provider caching,
5
- * and inventory (chain/RPC) option resolution.
4
+ * Handles model listing, provider caching, and inventory (chain/RPC)
5
+ * option resolution.
6
6
  */
7
7
  import fs from "node:fs";
8
8
  import path from "node:path";
@@ -1,6 +1,6 @@
1
1
  import type http from "node:http";
2
2
  import type { AgentAutomationMode, ReadJsonBodyOptions } from "@elizaos/shared";
3
- import type { ElizaConfig } from "../config/config.ts";
3
+ import type { ElizaConfig } from "../config/config.js";
4
4
  export interface PermissionsExtraRouteContext {
5
5
  req: http.IncomingMessage;
6
6
  res: http.ServerResponse;
@@ -1,6 +1,6 @@
1
1
  import type { AgentRuntime, RouteRequestContext } from "@elizaos/core";
2
2
  import type { PermissionState } from "@elizaos/shared";
3
- import type { AutonomousConfigLike } from "../types/config-like.ts";
3
+ import type { AutonomousConfigLike } from "../types/config-like.js";
4
4
  interface PermissionAutonomousConfigLike extends AutonomousConfigLike {
5
5
  features?: {
6
6
  shellEnabled?: boolean;