@elizaos/plugin-github 2.0.0-alpha.5 → 2.0.0-beta.1

package/dist/index.js

@@ -1,2064 +1,2362 @@
-// index.ts
-import { logger as logger9 } from "@elizaos/core";
+import "./chunk-KU2MGW2W.js";
 
-// actions/createBranch.ts
+// src/index.ts
 import {
-  logger as logger2
+  getConnectorAccountManager as getConnectorAccountManager2,
+  logger as logger7,
+  promoteSubactionsToActions
 } from "@elizaos/core";
 
-// generated/specs/specs.ts
-var coreActionsSpec = {
-  version: "1.0.0",
-  actions: [
-    {
-      name: "CREATE_GITHUB_BRANCH",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_COMMENT",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_ISSUE",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "MERGE_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "PUSH_GITHUB_CODE",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "REVIEW_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    }
-  ]
-};
-var allActionsSpec = {
-  version: "1.0.0",
-  actions: [
-    {
-      name: "CREATE_GITHUB_BRANCH",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_COMMENT",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_ISSUE",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "CREATE_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "MERGE_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "PUSH_GITHUB_CODE",
-      description: "",
-      parameters: []
-    },
-    {
-      name: "REVIEW_GITHUB_PULL_REQUEST",
-      description: "",
-      parameters: []
-    }
-  ]
-};
-var coreProvidersSpec = {
-  version: "1.0.0",
-  providers: [
-    {
-      name: "GITHUB_ISSUE_CONTEXT",
-      description: "Provides detailed context about a specific GitHub issue or pull request when referenced",
-      dynamic: true
-    },
-    {
-      name: "GITHUB_REPOSITORY_STATE",
-      description: "Provides context about the current GitHub repository including recent activity",
-      dynamic: true
-    }
-  ]
-};
-var allProvidersSpec = {
-  version: "1.0.0",
-  providers: [
-    {
-      name: "GITHUB_ISSUE_CONTEXT",
-      description: "Provides detailed context about a specific GitHub issue or pull request when referenced",
-      dynamic: true
-    },
-    {
-      name: "GITHUB_REPOSITORY_STATE",
-      description: "Provides context about the current GitHub repository including recent activity",
-      dynamic: true
-    }
-  ]
-};
-var coreEvaluatorsSpec = {
-  version: "1.0.0",
-  evaluators: []
-};
-var allEvaluatorsSpec = {
-  version: "1.0.0",
-  evaluators: []
-};
-var coreActionDocs = coreActionsSpec.actions;
-var allActionDocs = allActionsSpec.actions;
-var coreProviderDocs = coreProvidersSpec.providers;
-var allProviderDocs = allProvidersSpec.providers;
-var coreEvaluatorDocs = coreEvaluatorsSpec.evaluators;
-var allEvaluatorDocs = allEvaluatorsSpec.evaluators;
+// src/actions/issue-op.ts
+import { logger } from "@elizaos/core";
 
-// generated/specs/spec-helpers.ts
-var coreActionMap = new Map(coreActionDocs.map((doc) => [doc.name, doc]));
-var allActionMap = new Map(allActionDocs.map((doc) => [doc.name, doc]));
-var coreProviderMap = new Map(coreProviderDocs.map((doc) => [doc.name, doc]));
-var allProviderMap = new Map(allProviderDocs.map((doc) => [doc.name, doc]));
-var coreEvaluatorMap = new Map(coreEvaluatorDocs.map((doc) => [doc.name, doc]));
-var allEvaluatorMap = new Map(allEvaluatorDocs.map((doc) => [doc.name, doc]));
-function getActionSpec(name) {
-  return coreActionMap.get(name) ?? allActionMap.get(name);
-}
-function requireActionSpec(name) {
-  const spec = getActionSpec(name);
-  if (!spec) {
-    throw new Error(`Action spec not found: ${name}`);
+// src/connector-credential-refs.ts
+import {
+  CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE,
+  getConnectorAccountManager
+} from "@elizaos/core";
+var OAUTH_TOKENS_CREDENTIAL_TYPE = "oauth.tokens";
+async function persistConnectorCredentialRefs(params) {
+  const refs = [];
+  const vaultWriters = resolveVaultWriters(params.runtime, {
+    provider: params.provider,
+    accountId: params.accountIdForRef,
+    caller: params.caller
+  });
+  if (vaultWriters.length === 0) {
+    throw new Error(
+      `No durable connector credential store or vault writer is available for ${params.provider} account ${params.accountIdForRef}. Refusing to mark OAuth account connected without persisted credentials.`
+    );
+  }
+  if (!params.storageAccountId) {
+    throw new Error(
+      `No durable connector account id is available for ${params.provider} account ${params.accountIdForRef}. Refusing to mark OAuth account connected without persisted credential refs.`
+    );
+  }
+  const storageWriters = resolveCredentialRefWriters(
+    params.runtime,
+    params.manager,
+    params.storageAccountId
+  );
+  if (storageWriters.length === 0) {
+    throw new Error(
+      `No durable connector credential ref writer is available for ${params.provider} account ${params.storageAccountId}. Refusing to mark OAuth account connected without persisted credential refs.`
+    );
+  }
+  for (const credential of params.credentials) {
+    const plannedRef = buildConnectorCredentialVaultRef({
+      agentId: nonEmptyString(params.runtime.agentId) ?? "agent",
+      provider: params.provider,
+      accountId: params.accountIdForRef,
+      credentialType: credential.credentialType
+    });
+    const vaultRef = await writeWithFirstAvailableVault(
+      vaultWriters,
+      plannedRef,
+      credential
+    );
+    refs.push({
+      credentialType: credential.credentialType,
+      vaultRef,
+      ...credential.expiresAt !== void 0 ? { expiresAt: credential.expiresAt } : {},
+      ...credential.metadata ? { metadata: credential.metadata } : {}
+    });
   }
-  return spec;
+  if (refs.length > 0) {
+    await writeRefsToStorage(storageWriters, refs);
+  }
+  return {
+    refs,
+    vaultAvailable: vaultWriters.length > 0,
+    storageAvailable: storageWriters.length > 0
+  };
 }
-function getProviderSpec(name) {
-  return coreProviderMap.get(name) ?? allProviderMap.get(name);
+async function loadConnectorOAuthAccessToken(params) {
+  const { records } = await loadConnectorCredentialRecords(params);
+  const tokenRecord = records.find(
+    (record) => sameCredentialType(record.credentialType, OAUTH_TOKENS_CREDENTIAL_TYPE)
+  );
+  if (!tokenRecord) return null;
+  const raw = nonEmptyString(tokenRecord.value) ?? (tokenRecord.vaultRef ? await readCredentialSecret(
+    params.runtime,
+    tokenRecord.vaultRef,
+    params.caller
+  ) : void 0);
+  const parsed = raw ? parseMaybeJson(raw) : void 0;
+  const tokenSet = asRecord(parsed);
+  return nonEmptyString(tokenSet?.access_token) ?? null;
 }
-function requireProviderSpec(name) {
-  const spec = getProviderSpec(name);
-  if (!spec) {
-    throw new Error(`Provider spec not found: ${name}`);
+async function listConnectorAccounts(runtime, provider) {
+  try {
+    return await getConnectorAccountManager(runtime).listAccounts(provider);
+  } catch {
+    const storage = getService(
+      runtime,
+      CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE
+    );
+    if (typeof storage?.listAccounts === "function") {
+      return storage.listAccounts(provider);
+    }
   }
-  return spec;
+  return [];
 }
-
-// service.ts
-import { logger, Service } from "@elizaos/core";
-import { Octokit } from "@octokit/rest";
-
-// config.ts
-import { z as z2 } from "zod";
-
-// error.ts
-class GitHubError extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "GitHubError";
-    Object.setPrototypeOf(this, GitHubError.prototype);
-  }
-  isRetryable() {
-    return false;
-  }
-  retryAfterMs() {
-    return null;
+function credentialRefRecordsFromMetadata(metadata) {
+  const record = asRecord(metadata);
+  if (!record) return [];
+  const oauth = asRecord(record.oauth);
+  return [
+    ...credentialRefsFromUnknown(record.credentialRefs),
+    ...credentialRefsFromUnknown(record.oauthCredentialRefs),
+    ...credentialRefsFromUnknown(oauth?.credentialRefs)
+  ];
+}
+async function loadConnectorCredentialRecords(params) {
+  const accounts = await listConnectorAccounts(params.runtime, params.provider);
+  const account = accounts.find(
+    (candidate) => candidate.id === params.accountId || candidate.externalId === params.accountId || candidate.displayHandle === params.accountId
+  );
+  if (!account) return { records: [] };
+  const records = [...credentialRefRecordsFromMetadata(account.metadata)];
+  for (const source of [
+    getService(params.runtime, CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE),
+    params.runtime.adapter
+  ]) {
+    const reader = source;
+    if (typeof reader?.listConnectorAccountCredentialRefs === "function") {
+      records.push(
+        ...await reader.listConnectorAccountCredentialRefs({
+          accountId: account.id
+        })
+      );
+    } else if (typeof reader?.getConnectorAccountCredentialRef === "function") {
+      const ref = await reader.getConnectorAccountCredentialRef({
+        accountId: account.id,
+        credentialType: OAUTH_TOKENS_CREDENTIAL_TYPE
+      });
+      if (ref) records.push(ref);
+    }
   }
+  return { records };
 }
-class ConfigError extends GitHubError {
-  constructor(message) {
-    super(`Configuration error: ${message}`);
-    this.name = "ConfigError";
-    Object.setPrototypeOf(this, ConfigError.prototype);
+function credentialRefsFromUnknown(value) {
+  if (Array.isArray(value)) {
+    return value.flatMap((entry) => {
+      const ref = credentialRefFromRecord(asRecord(entry));
+      return ref ? [ref] : [];
+    });
   }
+  const record = asRecord(value);
+  if (!record) return [];
+  return Object.entries(record).flatMap(([credentialType, entry]) => {
+    const entryRecord = asRecord(entry);
+    if (entryRecord) {
+      const ref = credentialRefFromRecord({ credentialType, ...entryRecord });
+      return ref ? [ref] : [];
+    }
+    const vaultRef = nonEmptyString(entry);
+    return vaultRef ? [{ credentialType, vaultRef }] : [];
+  });
 }
-
-class MissingSettingError extends GitHubError {
-  settingName;
-  constructor(settingName) {
-    super(`Missing required setting: ${settingName}`);
-    this.name = "MissingSettingError";
-    this.settingName = settingName;
-    Object.setPrototypeOf(this, MissingSettingError.prototype);
+function credentialRefFromRecord(record) {
+  if (!record) return null;
+  const credentialType = nonEmptyString(
+    record.credentialType ?? record.type ?? record.name
+  );
+  const vaultRef = nonEmptyString(record.vaultRef ?? record.ref);
+  if (!credentialType || !vaultRef) return null;
+  return {
+    credentialType,
+    vaultRef,
+    metadata: asRecord(record.metadata) ?? null,
+    expiresAt: record.expiresAt,
+    updatedAt: record.updatedAt,
+    version: record.version ?? record.credentialVersion
+  };
+}
+async function readCredentialSecret(runtime, vaultRef, caller) {
+  for (const reader of resolveSecretReaders(runtime)) {
+    try {
+      const value = await readSecret(reader, vaultRef, caller, runtime);
+      const trimmed = nonEmptyString(value);
+      if (trimmed) return trimmed;
+    } catch {
+    }
   }
+  return void 0;
 }
-class FileNotFoundError extends GitHubError {
-  path;
-  constructor(path, owner, repo) {
-    super(`File not found: ${path} in ${owner}/${repo}`);
-    this.name = "FileNotFoundError";
-    this.path = path;
-    Object.setPrototypeOf(this, FileNotFoundError.prototype);
+function resolveVaultWriters(runtime, context) {
+  const writers = [];
+  const credentialStore = getFirstService(runtime, [
+    "connector_credential_store",
+    "CONNECTOR_CREDENTIAL_STORE",
+    "connectorCredentialStore",
+    "credential_store"
+  ]);
+  if (typeof credentialStore?.putSecret === "function") {
+    writers.push({
+      name: "connector_credential_store",
+      write: async (vaultRef, credential) => credentialStore.putSecret?.({
+        vaultRef,
+        agentId: nonEmptyString(runtime.agentId) ?? "agent",
+        provider: context.provider,
+        accountId: context.accountId,
+        credentialType: credential.credentialType,
+        value: credential.value,
+        caller: context.caller
+      }) ?? vaultRef
+    });
+  }
+  const vault = getFirstService(runtime, ["vault", "VAULT"]);
+  if (typeof vault?.set === "function") {
+    writers.push({
+      name: "vault",
+      write: async (vaultRef, credential) => {
+        await vault.set?.(vaultRef, credential.value, {
+          sensitive: true,
+          caller: context.caller
+        });
+        return vaultRef;
+      }
+    });
+  }
+  const secrets = getService(runtime, "SECRETS");
+  if (typeof secrets?.setGlobal === "function" || typeof secrets?.set === "function") {
+    writers.push({
+      name: "SECRETS",
+      write: async (vaultRef, credential) => {
+        if (typeof secrets.setGlobal === "function") {
+          await secrets.setGlobal(vaultRef, credential.value, {
+            sensitive: true
+          });
+          return vaultRef;
+        }
+        await secrets.set?.(
+          vaultRef,
+          credential.value,
+          { level: "global", agentId: runtime.agentId },
+          { sensitive: true }
+        );
+        return vaultRef;
+      }
+    });
   }
+  return writers;
 }
-
-// types.ts
-import { z } from "zod";
-var repositoryRefSchema = z.object({
-  owner: z.string().min(1, "Owner is required"),
-  repo: z.string().min(1, "Repo is required")
-});
-var fileRefSchema = repositoryRefSchema.extend({
-  path: z.string().min(1, "Path is required"),
-  branch: z.string().optional()
-});
-var createIssueSchema = repositoryRefSchema.extend({
-  title: z.string().min(1, "Title is required"),
-  body: z.string().optional(),
-  assignees: z.array(z.string()).optional(),
-  labels: z.array(z.string()).optional(),
-  milestone: z.number().optional()
-});
-var updateIssueSchema = repositoryRefSchema.extend({
-  issueNumber: z.number().min(1, "Issue number is required"),
-  title: z.string().optional(),
-  body: z.string().optional(),
-  state: z.enum(["open", "closed"]).optional(),
-  stateReason: z.enum(["completed", "not_planned", "reopened"]).optional(),
-  assignees: z.array(z.string()).optional(),
-  labels: z.array(z.string()).optional(),
-  milestone: z.number().nullable().optional()
-});
-var createPullRequestSchema = repositoryRefSchema.extend({
-  title: z.string().min(1, "Title is required"),
-  body: z.string().optional(),
-  head: z.string().min(1, "Head branch is required"),
-  base: z.string().min(1, "Base branch is required"),
-  draft: z.boolean().optional(),
-  maintainerCanModify: z.boolean().optional()
-});
-var createReviewSchema = repositoryRefSchema.extend({
-  pullNumber: z.number().min(1, "Pull request number is required"),
-  body: z.string().optional(),
-  event: z.enum(["APPROVE", "REQUEST_CHANGES", "COMMENT"]),
-  commitId: z.string().optional(),
-  comments: z.array(z.object({
-    path: z.string(),
-    line: z.number(),
-    body: z.string(),
-    side: z.enum(["LEFT", "RIGHT"]).optional(),
-    startLine: z.number().optional(),
-    startSide: z.enum(["LEFT", "RIGHT"]).optional()
-  })).optional()
-});
-var createCommentSchema = repositoryRefSchema.extend({
-  issueNumber: z.number().min(1, "Issue number is required"),
-  body: z.string().min(1, "Comment body is required")
-});
-var createBranchSchema = repositoryRefSchema.extend({
-  branchName: z.string().min(1, "Branch name is required"),
-  fromRef: z.string().min(1, "Source ref is required")
-});
-var createCommitSchema = repositoryRefSchema.extend({
-  message: z.string().min(1, "Commit message is required"),
-  files: z.array(z.object({
-    path: z.string().min(1, "File path is required"),
-    content: z.string(),
-    encoding: z.enum(["utf-8", "base64"]).optional(),
-    operation: z.enum(["add", "modify", "delete"]).optional()
-  })),
-  branch: z.string().min(1, "Branch is required"),
-  parentSha: z.string().optional(),
-  authorName: z.string().optional(),
-  authorEmail: z.string().optional()
-});
-var mergePullRequestSchema = repositoryRefSchema.extend({
-  pullNumber: z.number().min(1, "Pull request number is required"),
-  commitTitle: z.string().optional(),
-  commitMessage: z.string().optional(),
-  mergeMethod: z.enum(["merge", "squash", "rebase"]).optional(),
-  sha: z.string().optional()
-});
-var gitHubSettingsSchema = z.object({
-  apiToken: z.string().min(1, "API token is required"),
-  owner: z.string().optional(),
-  repo: z.string().optional(),
-  branch: z.string().optional(),
-  webhookSecret: z.string().optional(),
-  appId: z.string().optional(),
-  appPrivateKey: z.string().optional(),
-  installationId: z.string().optional()
-});
-function formatZodErrors(error) {
-  return z.prettifyError(error);
+function resolveSecretReaders(runtime) {
+  return [
+    getFirstService(runtime, [
+      "connector_credential_store",
+      "CONNECTOR_CREDENTIAL_STORE",
+      "connectorCredentialStore",
+      "credential_store"
+    ]),
+    getFirstService(runtime, ["vault", "VAULT"]),
+    getService(runtime, "SECRETS")
+  ].filter(Boolean);
 }
-
-// config.ts
-var configSchema = z2.object({
-  apiToken: z2.string().min(1, "API token is required"),
-  owner: z2.string().optional(),
-  repo: z2.string().optional(),
-  branch: z2.string().default("main"),
-  webhookSecret: z2.string().optional(),
-  appId: z2.string().optional(),
-  appPrivateKey: z2.string().optional(),
-  installationId: z2.string().optional()
-});
-
-class GitHubPluginConfig {
-  apiToken;
-  owner;
-  repo;
-  branch;
-  webhookSecret;
-  appId;
-  appPrivateKey;
-  installationId;
-  constructor(config) {
-    this.apiToken = config.apiToken;
-    this.owner = config.owner;
-    this.repo = config.repo;
-    this.branch = config.branch;
-    this.webhookSecret = config.webhookSecret;
-    this.appId = config.appId;
-    this.appPrivateKey = config.appPrivateKey;
-    this.installationId = config.installationId;
-  }
-  static fromRuntime(runtime) {
-    const apiToken = runtime.getSetting("GITHUB_API_TOKEN");
-    if (!apiToken) {
-      throw new MissingSettingError("GITHUB_API_TOKEN");
-    }
-    const rawConfig = {
-      apiToken,
-      owner: runtime.getSetting("GITHUB_OWNER") ?? undefined,
-      repo: runtime.getSetting("GITHUB_REPO") ?? undefined,
-      branch: runtime.getSetting("GITHUB_BRANCH") ?? "main",
-      webhookSecret: runtime.getSetting("GITHUB_WEBHOOK_SECRET") ?? undefined,
-      appId: runtime.getSetting("GITHUB_APP_ID") ?? undefined,
-      appPrivateKey: runtime.getSetting("GITHUB_APP_PRIVATE_KEY") ?? undefined,
-      installationId: runtime.getSetting("GITHUB_INSTALLATION_ID") ?? undefined
-    };
-    const result = configSchema.safeParse(rawConfig);
-    if (!result.success) {
-      throw new ConfigError(formatZodErrors(result.error));
-    }
-    return new GitHubPluginConfig(result.data);
+async function readSecret(reader, vaultRef, caller, runtime) {
+  const candidate = reader;
+  if (typeof candidate.reveal === "function") {
+    return candidate.reveal(vaultRef, caller);
   }
-  static fromSettings(settings) {
-    const result = configSchema.safeParse({
-      ...settings,
-      branch: settings.branch ?? "main"
+  if (typeof candidate.get !== "function") return null;
+  if (reader && reader.constructor?.name === "SecretsService") {
+    return candidate.get(vaultRef, {
+      level: "global",
+      agentId: runtime.agentId
     });
-    if (!result.success) {
-      throw new ConfigError(formatZodErrors(result.error));
-    }
-    return new GitHubPluginConfig(result.data);
   }
-  static fromEnv() {
-    const apiToken = process.env.GITHUB_API_TOKEN;
-    if (!apiToken) {
-      throw new MissingSettingError("GITHUB_API_TOKEN");
-    }
-    const rawConfig = {
-      apiToken,
-      owner: process.env.GITHUB_OWNER,
-      repo: process.env.GITHUB_REPO,
-      branch: process.env.GITHUB_BRANCH ?? "main",
-      webhookSecret: process.env.GITHUB_WEBHOOK_SECRET,
-      appId: process.env.GITHUB_APP_ID,
-      appPrivateKey: process.env.GITHUB_APP_PRIVATE_KEY,
-      installationId: process.env.GITHUB_INSTALLATION_ID
-    };
-    const result = configSchema.safeParse(rawConfig);
-    if (!result.success) {
-      throw new ConfigError(formatZodErrors(result.error));
+  return candidate.get(vaultRef, { reveal: true, caller });
+}
+function resolveCredentialRefWriters(runtime, manager, accountId) {
+  const candidates = [
+    manager?.getStorage?.(),
+    getService(runtime, CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE),
+    runtime.adapter
+  ].filter(Boolean);
+  const writers = [];
+  for (const candidate of candidates) {
+    const writer = candidate;
+    if (typeof writer.setConnectorAccountCredentialRef === "function") {
+      writers.push({
+        name: "setConnectorAccountCredentialRef",
+        write: async (ref) => {
+          await writer.setConnectorAccountCredentialRef?.({
+            accountId,
+            credentialType: ref.credentialType,
+            vaultRef: ref.vaultRef,
+            ...ref.metadata ? { metadata: ref.metadata } : {},
+            ...ref.expiresAt !== void 0 ? { expiresAt: ref.expiresAt } : {}
+          });
+        }
+      });
+    } else if (typeof writer.setCredentialRef === "function") {
+      writers.push({
+        name: "setCredentialRef",
+        write: async (ref) => {
+          await writer.setCredentialRef?.({
+            accountId,
+            credentialType: ref.credentialType,
+            vaultRef: ref.vaultRef,
+            ...ref.metadata ? { metadata: ref.metadata } : {},
+            ...ref.expiresAt !== void 0 ? { expiresAt: ref.expiresAt } : {}
+          });
+        }
+      });
     }
-    return new GitHubPluginConfig(result.data);
   }
-  getRepositoryRef(owner, repo) {
-    const resolvedOwner = owner ?? this.owner;
-    const resolvedRepo = repo ?? this.repo;
-    if (!resolvedOwner) {
-      throw new MissingSettingError("owner (GITHUB_OWNER)");
+  return writers;
+}
+async function writeWithFirstAvailableVault(writers, plannedRef, credential) {
+  const errors = [];
+  for (const writer of writers) {
+    try {
+      return await writer.write(plannedRef, credential);
+    } catch (error) {
+      errors.push(
+        `${writer.name}: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
-    if (!resolvedRepo) {
-      throw new MissingSettingError("repo (GITHUB_REPO)");
+  }
+  throw new Error(
+    `Failed to persist connector credential ref ${plannedRef}: ${errors.join("; ")}`
+  );
+}
+async function writeRefsToStorage(writers, refs) {
+  const errors = [];
+  for (const writer of writers) {
+    try {
+      for (const ref of refs) {
+        await writer.write(ref);
+      }
+      return;
+    } catch (error) {
+      errors.push(
+        `${writer.name}: ${error instanceof Error ? error.message : String(error)}`
+      );
     }
-    return { owner: resolvedOwner, repo: resolvedRepo };
   }
-  hasAppAuth() {
-    return !!(this.appId && this.appPrivateKey);
+  throw new Error(
+    `Failed to persist connector credential refs: ${errors.join("; ")}`
+  );
+}
+function buildConnectorCredentialVaultRef(params) {
+  return [
+    "connector",
+    normalizeVaultSegment(params.agentId),
+    normalizeVaultSegment(params.provider),
+    normalizeVaultSegment(params.accountId),
+    normalizeVaultSegment(params.credentialType)
+  ].join(".");
+}
+function normalizeVaultSegment(value) {
+  const normalized = value.trim().replace(/[^a-zA-Z0-9_-]+/g, "_").replace(/^_+|_+$/g, "");
+  return (normalized || "unknown").slice(0, 64);
+}
+function sameCredentialType(left, right) {
+  return left.toLowerCase() === right.toLowerCase();
+}
+function parseMaybeJson(value) {
+  const trimmed = value.trim();
+  if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) return void 0;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return void 0;
   }
-  validate() {
-    if (!this.apiToken.startsWith("ghp_") && !this.apiToken.startsWith("gho_") && !this.apiToken.startsWith("ghu_") && !this.apiToken.startsWith("ghs_") && !this.apiToken.startsWith("ghr_") && !this.apiToken.startsWith("github_pat_")) {
-      console.warn("GitHub API token format not recognized. Ensure it is a valid token.");
-    }
-    if (this.hasAppAuth() && !this.installationId) {
-      throw new ConfigError("GITHUB_INSTALLATION_ID is required when using GitHub App authentication");
-    }
+}
+function getFirstService(runtime, serviceTypes) {
+  for (const serviceType of serviceTypes) {
+    const service = getService(runtime, serviceType);
+    if (service) return service;
   }
-  toSettings() {
-    return {
-      apiToken: this.apiToken,
-      owner: this.owner,
-      repo: this.repo,
-      branch: this.branch,
-      webhookSecret: this.webhookSecret,
-      appId: this.appId,
-      appPrivateKey: this.appPrivateKey,
-      installationId: this.installationId
-    };
+  return null;
+}
+function getService(runtime, serviceType) {
+  try {
+    return runtime.getService?.(serviceType) ?? null;
+  } catch {
+    return null;
   }
 }
-function validateGitHubConfig(runtime) {
-  const config = GitHubPluginConfig.fromRuntime(runtime);
-  config.validate();
-  return config;
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : void 0;
+}
+function nonEmptyString(value) {
+  return typeof value === "string" && value.trim() ? value.trim() : void 0;
 }
 
-// service.ts
-var GITHUB_SERVICE_NAME = "github";
+// src/types.ts
+var GITHUB_SERVICE_TYPE = "github";
+var GitHubActions = {
+  GITHUB_ISSUE_OP: "GITHUB_ISSUE",
+  GITHUB_PR_OP: "GITHUB_PR",
+  GITHUB_NOTIFICATION_TRIAGE: "GITHUB_NOTIFICATION_TRIAGE"
+};
 
-class GitHubService extends Service {
-  static serviceType = GITHUB_SERVICE_NAME;
-  octokit = null;
-  _config = null;
-  capabilityDescription = "GitHub integration for repository management, issues, pull requests, and code reviews";
-  get name() {
-    return GITHUB_SERVICE_NAME;
-  }
-  getConfig() {
-    if (!this._config) {
-      throw new Error("GitHub service not initialized");
-    }
-    return this._config;
+// src/accounts.ts
+var DEFAULT_GITHUB_USER_ACCOUNT_ID = "user";
+var DEFAULT_GITHUB_AGENT_ACCOUNT_ID = "agent";
+function nonEmptyString2(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
+}
+function readSetting(runtime, key) {
+  return nonEmptyString2(runtime.getSetting(key));
+}
+function normalizeRole(value) {
+  return value === "user" || value === "agent" ? value : void 0;
+}
+function defaultGitHubAccountIdForRole(role) {
+  return role === "user" ? DEFAULT_GITHUB_USER_ACCOUNT_ID : DEFAULT_GITHUB_AGENT_ACCOUNT_ID;
+}
+function normalizeGitHubAccountId(value) {
+  return nonEmptyString2(value);
+}
+function resolveGitHubAccountSelection(options, defaultRole) {
+  const requestedAccountId = normalizeGitHubAccountId(options?.accountId);
+  const requestedRole = normalizeRole(options?.as);
+  return {
+    accountId: requestedAccountId,
+    role: requestedRole ?? normalizeRole(requestedAccountId) ?? defaultRole
+  };
+}
+function parseAccountsJson(raw) {
+  if (!raw) return [];
+  try {
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed)) {
+      return parsed.filter(
+        (item) => Boolean(item) && typeof item === "object" && !Array.isArray(item)
+      );
+    }
+    if (parsed && typeof parsed === "object") {
+      return Object.entries(parsed).filter(([, value]) => value && typeof value === "object").map(([id, value]) => ({
+        ...value,
+        accountId: value.accountId ?? id
+      }));
+    }
+  } catch {
+    return [];
   }
-  getClient() {
-    if (!this.octokit) {
-      throw new Error("GitHub service not initialized");
+  return [];
+}
+function readRawField(record, keys) {
+  const credentials = record.credentials && typeof record.credentials === "object" ? record.credentials : {};
+  const settings = record.settings && typeof record.settings === "object" ? record.settings : {};
+  for (const source of [record, credentials, settings]) {
+    for (const key of keys) {
+      const value = nonEmptyString2(source[key]);
+      if (value) return value;
     }
-    return this.octokit;
-  }
-  async start(runtime) {
-    logger.info("Starting GitHub service...");
-    this._config = validateGitHubConfig(runtime);
-    const settings = this._config.toSettings();
-    this.config = {
-      apiToken: settings.apiToken ?? "",
-      owner: settings.owner ?? undefined,
-      repo: settings.repo ?? undefined,
-      branch: settings.branch ?? "main",
-      webhookSecret: settings.webhookSecret ?? undefined,
-      appId: settings.appId ?? undefined,
-      appPrivateKey: settings.appPrivateKey ?? undefined,
-      installationId: settings.installationId ?? undefined
-    };
-    this.octokit = new Octokit({
-      auth: this._config.apiToken,
-      userAgent: "elizaos-plugin-github/1.0.0"
-    });
-    const { data: user } = await this.octokit.users.getAuthenticated();
-    logger.info(`GitHub service started - authenticated as ${user.login}`);
   }
-  async stop() {
-    logger.info("Stopping GitHub service...");
-    this.octokit = null;
-    this._config = null;
-    this.config = undefined;
-    logger.info("GitHub service stopped");
-  }
-  async getRepository(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.repos.get({ owner, repo });
-    return this.mapRepository(data);
-  }
-  async listRepositories(username, options) {
-    const client = this.getClient();
-    const { data } = username ? await client.repos.listForUser({
-      username,
-      type: options?.type ?? "owner",
-      per_page: options?.perPage ?? 30,
-      page: options?.page ?? 1
-    }) : await client.repos.listForAuthenticatedUser({
-      type: options?.type ?? "all",
-      per_page: options?.perPage ?? 30,
-      page: options?.page ?? 1
-    });
-    return data.map((r) => this.mapRepository(r));
-  }
-  async createIssue(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.create({
-      owner,
-      repo,
-      title: params.title,
-      body: params.body,
-      assignees: params.assignees,
-      labels: params.labels,
-      milestone: params.milestone
-    });
-    return this.mapIssue(data);
-  }
-  async getIssue(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.get({
-      owner,
-      repo,
-      issue_number: params.issueNumber
-    });
-    return this.mapIssue(data);
-  }
-  async updateIssue(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.update({
-      owner,
-      repo,
-      issue_number: params.issueNumber,
-      title: params.title,
-      body: params.body,
-      state: params.state,
-      state_reason: params.stateReason,
-      assignees: params.assignees,
-      labels: params.labels,
-      milestone: params.milestone ?? undefined
-    });
-    return this.mapIssue(data);
-  }
-  async listIssues(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.listForRepo({
-      owner,
-      repo,
-      state: params.state ?? "open",
-      labels: params.labels,
-      sort: params.sort ?? "created",
-      direction: params.direction ?? "desc",
-      assignee: params.assignee,
-      creator: params.creator,
-      mentioned: params.mentioned,
-      per_page: params.perPage ?? 30,
-      page: params.page ?? 1
-    });
-    return data.filter((issue) => !issue.pull_request).map((issue) => this.mapIssue(issue));
+  return void 0;
+}
+function accountFromRecord(record) {
+  const accountId = normalizeGitHubAccountId(
+    record.accountId ?? record.id ?? record.name
+  );
+  const role = normalizeRole(record.role) ?? normalizeRole(record.as) ?? normalizeRole(accountId);
+  const token = readRawField(record, [
+    "GITHUB_PAT",
+    "GITHUB_TOKEN",
+    "GITHUB_ACCESS_TOKEN",
+    "token",
+    "pat",
+    "accessToken",
+    "access"
+  ]);
+  if (!accountId || !role || !token) {
+    return null;
   }
-  async closeIssue(params) {
-    return this.updateIssue({
-      ...params,
-      state: "closed",
-      stateReason: params.reason ?? "completed"
-    });
+  return {
+    accountId,
+    role,
+    token,
+    label: nonEmptyString2(record.label ?? record.displayName)
+  };
+}
+function addAccount(accounts, account) {
+  if (account) {
+    accounts.set(account.accountId, account);
   }
-  async reopenIssue(params) {
-    return this.updateIssue({
-      ...params,
-      state: "open",
-      stateReason: "reopened"
-    });
+}
+function readGitHubAccounts(runtime) {
+  const accounts = /* @__PURE__ */ new Map();
+  const characterConfig = runtime.character?.settings?.github;
+  const characterAccounts = characterConfig?.accounts;
+  if (Array.isArray(characterAccounts)) {
+    for (const item of characterAccounts) {
+      if (item && typeof item === "object") {
+        addAccount(accounts, accountFromRecord(item));
+      }
+    }
+  } else if (characterAccounts && typeof characterAccounts === "object") {
+    for (const [id, value] of Object.entries(
+      characterAccounts
+    )) {
+      if (value && typeof value === "object") {
+        addAccount(
+          accounts,
+          accountFromRecord({
+            ...value,
+            accountId: value.accountId ?? id
+          })
+        );
+      }
+    }
   }
-  async createPullRequest(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.create({
-      owner,
-      repo,
-      title: params.title,
-      body: params.body,
-      head: params.head,
-      base: params.base,
-      draft: params.draft,
-      maintainer_can_modify: params.maintainerCanModify
-    });
-    return this.mapPullRequest(data);
-  }
-  async getPullRequest(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.get({
-      owner,
-      repo,
-      pull_number: params.pullNumber
-    });
-    return this.mapPullRequest(data);
-  }
-  async updatePullRequest(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.update({
-      owner,
-      repo,
-      pull_number: params.pullNumber,
-      title: params.title,
-      body: params.body,
-      state: params.state,
-      base: params.base,
-      maintainer_can_modify: params.maintainerCanModify
-    });
-    return this.mapPullRequest(data);
-  }
-  async listPullRequests(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.list({
-      owner,
-      repo,
-      state: params.state ?? "open",
-      head: params.head,
-      base: params.base,
-      sort: params.sort ?? "created",
-      direction: params.direction ?? "desc",
-      per_page: params.perPage ?? 30,
-      page: params.page ?? 1
-    });
-    return data.map((pr) => this.mapPullRequest(pr));
-  }
-  async mergePullRequest(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.merge({
-      owner,
-      repo,
-      pull_number: params.pullNumber,
-      commit_title: params.commitTitle,
-      commit_message: params.commitMessage,
-      merge_method: params.mergeMethod ?? "merge",
-      sha: params.sha
-    });
-    return {
-      sha: data.sha,
-      merged: data.merged,
-      message: data.message
-    };
+  for (const record of parseAccountsJson(
+    readSetting(runtime, "GITHUB_ACCOUNTS")
+  )) {
+    addAccount(accounts, accountFromRecord(record));
   }
-  async closePullRequest(params) {
-    return this.updatePullRequest({
-      ...params,
-      state: "closed"
-    });
+  addAccount(
+    accounts,
+    legacyAccount(
+      runtime,
+      "user",
+      readSetting(runtime, "GITHUB_USER_ACCOUNT_ID") ?? DEFAULT_GITHUB_USER_ACCOUNT_ID,
+      "GITHUB_USER_PAT",
+      "ELIZA_E2E_GITHUB_USER_PAT"
+    )
+  );
+  addAccount(
+    accounts,
+    legacyAccount(
+      runtime,
+      "agent",
+      readSetting(runtime, "GITHUB_AGENT_ACCOUNT_ID") ?? DEFAULT_GITHUB_AGENT_ACCOUNT_ID,
+      "GITHUB_AGENT_PAT",
+      "ELIZA_E2E_GITHUB_AGENT_PAT"
+    )
+  );
+  return Array.from(accounts.values());
+}
+async function readGitHubAccountsWithConnectorCredentials(runtime) {
+  const accounts = /* @__PURE__ */ new Map();
+  for (const account of readGitHubAccounts(runtime)) {
+    accounts.set(account.accountId, account);
   }
-  async createReview(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.createReview({
-      owner,
-      repo,
-      pull_number: params.pullNumber,
-      body: params.body,
-      event: params.event,
-      commit_id: params.commitId,
-      comments: params.comments?.map((c) => ({
-        path: c.path,
-        line: c.line,
-        body: c.body,
-        side: c.side,
-        start_line: c.startLine,
-        start_side: c.startSide
-      }))
+  const connectorAccounts = await listConnectorAccounts(
+    runtime,
+    GITHUB_SERVICE_TYPE
+  );
+  for (const account of connectorAccounts) {
+    if (account.status !== "connected") continue;
+    const token = await loadConnectorOAuthAccessToken({
+      runtime,
+      provider: GITHUB_SERVICE_TYPE,
+      accountId: account.id,
+      caller: "plugin-github"
     });
-    return this.mapReview(data);
-  }
-  async listReviews(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.pulls.listReviews({
-      owner,
-      repo,
-      pull_number: params.pullNumber
+    if (!token) continue;
+    accounts.set(account.id, {
+      accountId: account.id,
+      role: connectorRoleToIdentity(account.role),
+      token,
+      label: account.label ?? account.displayHandle
     });
-    return data.map((r) => this.mapReview(r));
-  }
-  async createComment(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.createComment({
-      owner,
-      repo,
-      issue_number: params.issueNumber,
-      body: params.body
-    });
-    return this.mapComment(data);
-  }
-  async listComments(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.issues.listComments({
-      owner,
-      repo,
-      issue_number: params.issueNumber,
-      per_page: params.perPage ?? 30,
-      page: params.page ?? 1
-    });
-    return data.map((c) => this.mapComment(c));
-  }
-  async createBranch(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    let sha;
-    if (params.fromRef.match(/^[0-9a-f]{40}$/i)) {
-      sha = params.fromRef;
-    } else {
-      const { data: refData } = await client.git.getRef({
-        owner,
-        repo,
-        ref: `heads/${params.fromRef}`
-      });
-      sha = refData.object.sha;
-    }
-    await client.git.createRef({
-      owner,
-      repo,
-      ref: `refs/heads/${params.branchName}`,
-      sha
-    });
-    return {
-      name: params.branchName,
-      sha,
-      protected: false
-    };
   }
-  async deleteBranch(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    await client.git.deleteRef({
-      owner,
-      repo,
-      ref: `heads/${params.branchName}`
-    });
+  return Array.from(accounts.values());
+}
+function legacyAccount(runtime, role, accountId, primaryKey, fallbackKey) {
+  const token = readSetting(runtime, primaryKey) ?? readSetting(runtime, fallbackKey);
+  if (!token) return null;
+  return { accountId, role, token };
+}
+function connectorRoleToIdentity(role) {
+  return typeof role === "string" && role.toUpperCase() === "AGENT" ? "agent" : "user";
+}
+function resolveGitHubAccount(accounts, selection) {
+  if (selection.accountId) {
+    const exact = accounts.find(
+      (account) => account.accountId === selection.accountId
+    );
+    if (exact) return exact;
+    return null;
   }
-  async listBranches(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.repos.listBranches({
-      owner,
-      repo,
-      per_page: params.perPage ?? 30,
-      page: params.page ?? 1
-    });
-    return data.map((b) => ({
-      name: b.name,
-      sha: b.commit.sha,
-      protected: b.protected
-    }));
-  }
-  async getFile(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.repos.getContent({
-      owner,
-      repo,
-      path: params.path,
-      ref: params.branch
-    });
-    if (Array.isArray(data)) {
-      throw new FileNotFoundError(`${params.path} is a directory, not a file`, owner, repo);
-    }
-    if (data.type !== "file") {
-      throw new FileNotFoundError(`${params.path} is not a file`, owner, repo);
-    }
-    let content = "";
-    if ("content" in data && data.content) {
-      content = Buffer.from(data.content, "base64").toString("utf-8");
-    }
-    return {
-      name: data.name,
-      path: data.path,
-      content,
-      sha: data.sha,
-      size: data.size,
-      type: data.type,
-      encoding: "encoding" in data ? data.encoding ?? "base64" : "base64",
-      htmlUrl: data.html_url ?? "",
-      downloadUrl: data.download_url
-    };
+  const legacyId = defaultGitHubAccountIdForRole(selection.role);
+  return accounts.find((account) => account.accountId === legacyId) ?? accounts.find((account) => account.role === selection.role) ?? null;
+}
+
+// src/action-helpers.ts
+function getClient(runtime, selection) {
+  const service = runtime.getService(GITHUB_SERVICE_TYPE);
+  if (!service) {
+    return null;
   }
-  async listDirectory(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const { data } = await client.repos.getContent({
-      owner,
-      repo,
-      path: params.path,
-      ref: params.branch
-    });
-    if (!Array.isArray(data)) {
-      throw new FileNotFoundError(`${params.path} is a file, not a directory`, owner, repo);
-    }
-    return data.map((entry) => ({
-      name: entry.name,
-      path: entry.path,
-      sha: entry.sha,
-      size: entry.size,
-      type: entry.type,
-      htmlUrl: entry.html_url ?? "",
-      downloadUrl: entry.download_url
-    }));
-  }
-  async createCommit(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    let parentSha = params.parentSha;
-    if (!parentSha) {
-      const { data: refData } = await client.git.getRef({
-        owner,
-        repo,
-        ref: `heads/${params.branch}`
-      });
-      parentSha = refData.object.sha;
-    }
-    const { data: parentCommit } = await client.git.getCommit({
-      owner,
-      repo,
-      commit_sha: parentSha
-    });
-    const treeItems = [];
-    for (const file of params.files) {
-      if (file.operation === "delete") {
-        continue;
-      }
-      const { data: blob } = await client.git.createBlob({
-        owner,
-        repo,
-        content: file.content,
-        encoding: file.encoding ?? "utf-8"
-      });
-      treeItems.push({
-        path: file.path,
-        mode: "100644",
-        type: "blob",
-        sha: blob.sha
-      });
-    }
-    const { data: newTree } = await client.git.createTree({
-      owner,
-      repo,
-      base_tree: parentCommit.tree.sha,
-      tree: treeItems
-    });
-    const { data: commit } = await client.git.createCommit({
-      owner,
-      repo,
-      message: params.message,
-      tree: newTree.sha,
-      parents: [parentSha],
-      author: params.authorName ? {
-        name: params.authorName,
-        email: params.authorEmail ?? `${params.authorName}@users.noreply.github.com`
-      } : undefined
-    });
-    await client.git.updateRef({
-      owner,
-      repo,
-      ref: `heads/${params.branch}`,
-      sha: commit.sha
-    });
-    return {
-      sha: commit.sha,
-      message: commit.message,
-      author: {
-        name: commit.author?.name ?? "Unknown",
-        email: commit.author?.email ?? "",
-        date: commit.author?.date ?? new Date().toISOString()
-      },
-      committer: {
-        name: commit.committer?.name ?? "Unknown",
-        email: commit.committer?.email ?? "",
-        date: commit.committer?.date ?? new Date().toISOString()
-      },
-      timestamp: commit.author?.date ?? new Date().toISOString(),
-      htmlUrl: commit.html_url,
-      parents: commit.parents.map((p) => p.sha)
-    };
+  return service.getOctokit(selection);
+}
+function requireString(options, key) {
+  const v = options?.[key];
+  return typeof v === "string" && v.length > 0 ? v : null;
+}
+function requireNumber(options, key) {
+  const v = options?.[key];
+  if (typeof v === "number" && Number.isInteger(v)) {
+    return v;
   }
-  async listCommits(params) {
-    const client = this.getClient();
-    const { owner, repo } = this.resolveRepoRef(params);
-    const branch = params.branch ?? this._config?.branch ?? "main";
-    const { data } = await client.repos.listCommits({
-      owner,
-      repo,
-      sha: branch,
-      path: params.path,
-      per_page: params.perPage ?? 30,
-      page: params.page ?? 1
-    });
-    return data.map((c) => ({
-      sha: c.sha,
-      message: c.commit.message,
-      author: {
-        name: c.commit.author?.name ?? "Unknown",
-        email: c.commit.author?.email ?? "",
-        date: c.commit.author?.date ?? ""
-      },
-      committer: {
-        name: c.commit.committer?.name ?? "Unknown",
-        email: c.commit.committer?.email ?? "",
-        date: c.commit.committer?.date ?? ""
-      },
-      timestamp: c.commit.author?.date ?? "",
-      htmlUrl: c.html_url,
-      parents: c.parents.map((p) => p.sha)
-    }));
-  }
-  async getAuthenticatedUser() {
-    const client = this.getClient();
-    const { data } = await client.users.getAuthenticated();
-    return this.mapUser(data);
-  }
-  async getUser(username) {
-    const client = this.getClient();
-    const { data } = await client.users.getByUsername({ username });
-    return this.mapUser(data);
-  }
-  resolveRepoRef(params) {
-    const owner = params.owner ?? this._config?.owner;
-    const repo = params.repo ?? this._config?.repo;
-    if (!owner || !repo) {
-      throw new Error("Repository owner and name are required. Configure defaults or provide them explicitly.");
+  if (typeof v === "string" && /^\d+$/.test(v)) {
+    return Number(v);
+  }
+  return null;
+}
+function requireStringArray(options, key) {
+  const v = options?.[key];
+  if (!Array.isArray(v)) {
+    return null;
+  }
+  const result = [];
+  for (const item of v) {
+    if (typeof item !== "string" || item.length === 0) {
+      return null;
     }
-    return { owner, repo };
+    result.push(item);
   }
-  mapRepository(data) {
-    const d = data;
-    const license = d.license;
-    return {
-      id: d.id,
-      name: d.name,
-      fullName: d.full_name,
-      owner: this.mapUser(d.owner),
-      description: d.description,
-      private: d.private,
-      fork: d.fork,
-      defaultBranch: d.default_branch,
-      language: d.language,
-      stargazersCount: d.stargazers_count,
-      forksCount: d.forks_count,
-      openIssuesCount: d.open_issues_count,
-      watchersCount: d.watchers_count,
-      htmlUrl: d.html_url,
-      cloneUrl: d.clone_url,
-      sshUrl: d.ssh_url,
-      createdAt: d.created_at,
-      updatedAt: d.updated_at,
-      pushedAt: d.pushed_at,
-      topics: d.topics ?? [],
-      license: license ? {
-        key: license.key,
-        name: license.name,
-        spdxId: license.spdx_id,
-        url: license.url
-      } : null
-    };
+  return result;
+}
+function optionalStringArray(options, key) {
+  const v = options?.[key];
+  if (v === void 0) {
+    return void 0;
   }
-  mapUser(data) {
-    const d = data;
-    return {
-      id: d.id,
-      login: d.login,
-      name: d.name ?? null,
-      avatarUrl: d.avatar_url,
-      htmlUrl: d.html_url,
-      type: d.type
-    };
+  return requireStringArray(options, key) ?? void 0;
+}
+function splitRepo(repo) {
+  const parts = repo.split("/");
+  if (parts.length !== 2 || !parts[0] || !parts[1]) {
+    return null;
   }
-  mapIssue(data) {
-    const d = data;
-    return {
-      number: d.number,
-      title: d.title,
-      body: d.body,
-      state: d.state,
-      stateReason: d.state_reason ?? null,
-      user: this.mapUser(d.user),
-      assignees: (d.assignees ?? []).map((a) => this.mapUser(a)),
-      labels: (d.labels ?? []).map((l) => this.mapLabel(l)),
-      milestone: d.milestone ? this.mapMilestone(d.milestone) : null,
-      createdAt: d.created_at,
-      updatedAt: d.updated_at,
-      closedAt: d.closed_at,
-      htmlUrl: d.html_url,
-      comments: d.comments,
-      isPullRequest: !!d.pull_request
-    };
+  return { owner: parts[0], name: parts[1] };
+}
+function isConfirmed(options) {
+  return options?.confirmed === true;
+}
+function needsClientError(selection) {
+  const accountSuffix = selection.accountId ? ` accountId "${selection.accountId}"` : ` ${selection.role} account`;
+  return `GitHub${accountSuffix} token not configured (set GITHUB_ACCOUNTS or ${selection.role === "user" ? "GITHUB_USER_PAT" : "GITHUB_AGENT_PAT"})`;
+}
+function getServiceOrNull(runtime) {
+  return runtime.getService(GITHUB_SERVICE_TYPE);
+}
+function buildResolvedClient(runtime, selection) {
+  if (!getServiceOrNull(runtime)) {
+    return { error: "GitHub service not available" };
   }
-  mapLabel(data) {
-    if (typeof data === "string") {
-      return {
-        id: 0,
-        name: data,
-        color: "",
-        description: null,
-        default: false
-      };
-    }
-    const d = data;
-    return {
-      id: d.id,
-      name: d.name,
-      color: d.color,
-      description: d.description,
-      default: d.default
-    };
+  const resolvedSelection = typeof selection === "string" ? { role: selection } : selection;
+  const client = getClient(runtime, resolvedSelection);
+  if (!client) {
+    return { error: needsClientError(resolvedSelection) };
   }
-  mapMilestone(data) {
-    const d = data;
-    return {
-      number: d.number,
-      title: d.title,
-      description: d.description,
-      state: d.state,
-      dueOn: d.due_on,
-      createdAt: d.created_at,
-      updatedAt: d.updated_at,
-      closedAt: d.closed_at,
-      openIssues: d.open_issues,
-      closedIssues: d.closed_issues
-    };
+  return {
+    client,
+    identity: resolvedSelection.role,
+    accountId: resolvedSelection.accountId
+  };
+}
+function resolveAccountSelection(options, defaultIdentity) {
+  return resolveGitHubAccountSelection(options, defaultIdentity);
+}
+function describeSelection(selection) {
+  return selection.accountId ? `${selection.role} (${selection.accountId})` : selection.role;
+}
+
+// src/rate-limit.ts
+function toErrorLike(value) {
+  if (typeof value !== "object" || value === null) {
+    return { message: String(value) };
   }
-  mapPullRequest(data) {
-    const d = data;
-    const head = d.head;
-    const base = d.base;
-    const headRepo = head.repo;
-    const baseRepo = base.repo;
-    const headRepoOwner = headRepo?.owner;
-    const baseRepoOwner = baseRepo?.owner;
-    return {
-      number: d.number,
-      title: d.title,
-      body: d.body,
-      state: d.state,
-      draft: d.draft ?? false,
-      merged: d.merged ?? false,
-      mergeable: d.mergeable,
-      mergeableState: d.mergeable_state ?? "unknown",
-      user: this.mapUser(d.user),
-      head: {
-        ref: head.ref,
-        label: head.label,
-        sha: head.sha,
-        repo: headRepo ? { owner: headRepoOwner?.login, repo: headRepo.name } : null
-      },
-      base: {
-        ref: base.ref,
-        label: base.label,
-        sha: base.sha,
-        repo: baseRepo ? { owner: baseRepoOwner?.login, repo: baseRepo.name } : null
-      },
-      assignees: (d.assignees ?? []).map((a) => this.mapUser(a)),
-      requestedReviewers: (d.requested_reviewers ?? []).map((r) => this.mapUser(r)),
-      labels: (d.labels ?? []).map((l) => this.mapLabel(l)),
-      milestone: d.milestone ? this.mapMilestone(d.milestone) : null,
-      createdAt: d.created_at,
-      updatedAt: d.updated_at,
-      closedAt: d.closed_at,
-      mergedAt: d.merged_at,
-      htmlUrl: d.html_url,
-      commits: d.commits ?? 0,
-      additions: d.additions ?? 0,
-      deletions: d.deletions ?? 0,
-      changedFiles: d.changed_files ?? 0
-    };
+  return value;
+}
+function headerNumber(headers, name) {
+  if (!headers) {
+    return null;
   }
-  mapReview(data) {
-    const d = data;
-    return {
-      id: d.id,
-      user: this.mapUser(d.user),
-      body: d.body,
-      state: d.state,
-      commitId: d.commit_id,
-      htmlUrl: d.html_url,
-      submittedAt: d.submitted_at
-    };
+  const raw = headers[name] ?? headers[name.toLowerCase()];
+  if (raw === void 0) {
+    return null;
   }
-  mapComment(data) {
-    const d = data;
-    return {
-      id: d.id,
-      body: d.body,
-      user: this.mapUser(d.user),
-      createdAt: d.created_at,
-      updatedAt: d.updated_at,
-      htmlUrl: d.html_url
-    };
+  const num = typeof raw === "number" ? raw : Number(raw);
+  return Number.isFinite(num) ? num : null;
+}
+function inspectRateLimit(err) {
+  const e = toErrorLike(err);
+  const headers = e.response?.headers;
+  const remaining = headerNumber(headers, "x-ratelimit-remaining");
+  const resetSeconds = headerNumber(headers, "x-ratelimit-reset");
+  const isRateLimited = e.status === 403 && remaining === 0;
+  return {
+    isRateLimited,
+    remaining,
+    resetAtMs: resetSeconds === null ? null : resetSeconds * 1e3
+  };
+}
+function formatRateLimitMessage(details) {
+  if (!details.isRateLimited) {
+    return "GitHub request failed";
+  }
+  if (details.resetAtMs === null) {
+    return "GitHub rate limit exhausted";
+  }
+  const reset = new Date(details.resetAtMs).toISOString();
+  return `GitHub rate limit exhausted; resets at ${reset}`;
+}
+function errorMessage(err) {
+  if (err instanceof Error) {
+    return err.message;
   }
+  if (typeof err === "string") {
+    return err;
+  }
+  const e = toErrorLike(err);
+  return e.message ?? "unknown error";
 }
 
-// actions/createBranch.ts
-var spec = requireActionSpec("CREATE_BRANCH");
-var examples = [
-  [
-    {
-      name: "{{user1}}",
-      content: {
-        text: "Create a branch called feature/new-feature from main"
-      }
-    },
-    {
-      name: "{{agent}}",
-      content: {
-        text: "I'll create the feature/new-feature branch from main.",
-        actions: ["CREATE_GITHUB_BRANCH"]
-      }
-    }
-  ],
-  [
-    {
-      name: "{{user1}}",
-      content: {
-        text: "Make a new branch fix/bug-123 based on develop"
-      }
-    },
-    {
-      name: "{{agent}}",
-      content: {
-        text: "Creating branch fix/bug-123 from develop.",
-        actions: ["CREATE_GITHUB_BRANCH"]
-      }
-    }
-  ]
-];
-var createBranchAction = {
-  name: "CREATE_GITHUB_BRANCH",
-  similes: spec.similes ? [...spec.similes] : [],
-  description: spec.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
-    }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("branch") || text.includes("fork") || text.includes("checkout");
-  },
-  handler: async (runtime, _message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger2.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
-    }
-    try {
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        branchName: state?.branchName ?? "",
-        fromRef: state?.fromRef ?? service.getConfig().branch ?? "main"
-      };
-      const validation = createBranchSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger2.error(`Invalid branch parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't create the branch due to missing information: ${errors}`
-          });
-        }
-        return { success: false };
-      }
-      const branch = await service.createBranch(params);
-      logger2.info(`Created branch ${branch.name} from ${params.fromRef}`);
-      if (callback) {
-        await callback({
-          text: `Created branch "${branch.name}" from ${params.fromRef}.
-
-Latest commit: ${branch.sha.slice(0, 7)}`
-        });
-      }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger2.error(`Failed to create branch: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to create the branch: ${errorMessage}`
-        });
-      }
-      return { success: false };
-    }
-  },
-  examples
-};
-// actions/createComment.ts
-import {
-  logger as logger3
-} from "@elizaos/core";
-var spec2 = requireActionSpec("CREATE_COMMENT");
-var examples2 = [
-  [
+// src/actions/issue-op.ts
+var SUPPORTED_OPS = /* @__PURE__ */ new Set([
+  "create",
+  "assign",
+  "close",
+  "reopen",
+  "comment",
+  "label"
+]);
+function parseOp(value) {
+  if (typeof value !== "string") return null;
+  return SUPPORTED_OPS.has(value) ? value : null;
+}
+function describeOp(op) {
+  switch (op) {
+    case "create":
+      return "create";
+    case "assign":
+      return "assign";
+    case "close":
+      return "close";
+    case "reopen":
+      return "reopen";
+    case "comment":
+      return "comment on";
+    case "label":
+      return "label";
+  }
+}
+async function runCreate(resolved, parts, repo, options, callback) {
+  const title = requireString(options, "title");
+  const body = requireString(options, "body");
+  const labels = optionalStringArray(options, "labels");
+  const assignees = optionalStringArray(options, "assignees");
+  if (!title) {
+    const err = "GITHUB_ISSUE_OP create requires title";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.create({
+    owner: parts.owner,
+    repo: parts.name,
+    title,
+    body: body ?? void 0,
+    labels,
+    assignees
+  });
+  await callback?.({
+    text: `Created issue ${repo}#${resp.data.number}: ${resp.data.html_url}`
+  });
+  return {
+    success: true,
+    data: {
+      op: "create",
+      number: resp.data.number,
+      url: resp.data.html_url
+    }
+  };
+}
+async function runAssign(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const assignees = requireStringArray(options, "assignees");
+  if (!number || !assignees || assignees.length === 0) {
+    const err = "GITHUB_ISSUE_OP assign requires number (integer) and assignees (non-empty string[])";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.addAssignees({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    assignees
+  });
+  const actual = (resp.data.assignees ?? []).map((a) => a?.login).filter((x) => typeof x === "string");
+  await callback?.({
+    text: `Assigned [${actual.join(", ")}] to ${repo}#${number}`
+  });
+  return {
+    success: true,
+    data: { op: "assign", number, assignees: actual }
+  };
+}
+async function runStateChange(resolved, parts, repo, options, callback, target) {
+  const number = requireNumber(options, "number");
+  if (!number) {
+    const err = `GITHUB_ISSUE_OP ${target === "closed" ? "close" : "reopen"} requires number (integer)`;
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.update({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    state: target
+  });
+  const verb = target === "closed" ? "Closed" : "Reopened";
+  await callback?.({ text: `${verb} ${repo}#${number}: ${resp.data.title}` });
+  return {
+    success: true,
+    data: {
+      op: target === "closed" ? "close" : "reopen",
+      number,
+      title: resp.data.title
+    }
+  };
+}
+async function runComment(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const body = requireString(options, "body");
+  if (!number || !body) {
+    const err = "GITHUB_ISSUE_OP comment requires number (integer) and body";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.createComment({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    body
+  });
+  await callback?.({
+    text: `Commented on ${repo}#${number}: ${resp.data.html_url}`
+  });
+  return {
+    success: true,
+    data: {
+      op: "comment",
+      number,
+      commentId: resp.data.id,
+      url: resp.data.html_url
+    }
+  };
+}
+async function runLabel(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const labels = requireStringArray(options, "labels");
+  if (!number || !labels || labels.length === 0) {
+    const err = "GITHUB_ISSUE_OP label requires number (integer) and labels (non-empty string[])";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.addLabels({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    labels
+  });
+  const applied = (resp.data ?? []).map((label) => typeof label === "string" ? label : label?.name ?? null).filter((x) => typeof x === "string");
+  await callback?.({
+    text: `Applied labels [${applied.join(", ")}] to ${repo}#${number}`
+  });
+  return {
+    success: true,
+    data: { op: "label", number, labels: applied }
+  };
+}
+function buildPreview(op, repo, identity, options) {
+  const number = requireNumber(options, "number");
+  const title = requireString(options, "title");
+  const body = requireString(options, "body");
+  const assignees = optionalStringArray(options, "assignees");
+  const labels = optionalStringArray(options, "labels");
+  const head = `About to ${describeOp(op)} ${repo}`;
+  const target = number ? `#${number}` : "";
+  const detail = (() => {
+    switch (op) {
+      case "create":
+        return ` issue: "${title ?? "(no title)"}"${labels ? ` [labels: ${labels.join(", ")}]` : ""}${assignees ? ` [assignees: ${assignees.join(", ")}]` : ""}`;
+      case "assign":
+        return ` with [${assignees?.join(", ") ?? ""}]`;
+      case "label":
+        return ` with [${labels?.join(", ") ?? ""}]`;
+      case "comment":
+        return body ? ` body: "${body.slice(0, 120)}"` : "";
+      default:
+        return "";
+    }
+  })();
+  return `${head}${target}${detail} as ${identity}. Re-invoke with confirmed: true to proceed.`;
+}
+var issueOpAction = {
+  name: GitHubActions.GITHUB_ISSUE_OP,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "CREATE_ISSUE",
+    "OPEN_ISSUE",
+    "FILE_ISSUE",
+    "GITHUB_CREATE_ISSUE",
+    "ASSIGN_ISSUE",
+    "ASSIGN_GITHUB_ISSUE",
+    "ADD_ASSIGNEE",
+    "CLOSE_ISSUE",
+    "REOPEN_ISSUE",
+    "COMMENT_ISSUE",
+    "ADD_ISSUE_COMMENT",
+    "LABEL_ISSUE",
+    "ADD_ISSUE_LABEL",
+    "MANAGE_ISSUES"
+  ],
+  description: "Single router for GitHub issue ops: create, assign, close, reopen, comment, label. Requires confirmed:true.",
+  descriptionCompressed: "GitHub issue ops: create, assign, close, reopen, comment, label.",
+  parameters: [
     {
-      name: "{{user1}}",
-      content: {
-        text: "Comment on issue #42 saying 'I'll take a look at this today'"
-      }
+      name: "subaction",
+      description: "Issue operation: create, assign, close, reopen, comment, or label.",
+      required: true,
+      schema: { type: "string", enum: [...SUPPORTED_OPS] }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll add that comment to issue #42.",
-        actions: ["CREATE_GITHUB_COMMENT"]
-      }
-    }
-  ],
-  [
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: true,
+      schema: { type: "string" }
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Reply to PR #15 with 'Thanks for the fix!'"
-      }
+      name: "number",
+      description: "Issue number for existing-issue operations.",
+      required: false,
+      schema: { type: "number" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "Adding your comment to pull request #15.",
-        actions: ["CREATE_GITHUB_COMMENT"]
-      }
-    }
-  ]
-];
-var createCommentAction = {
-  name: "CREATE_GITHUB_COMMENT",
-  similes: spec2.similes ? [...spec2.similes] : [],
-  description: spec2.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
-    }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("comment") || text.includes("reply") || text.includes("respond");
-  },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger3.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
-    }
-    try {
-      const content = message.content;
-      const text = content.text ?? "";
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        issueNumber: state?.issueNumber ?? 0,
-        body: state?.body ?? text
-      };
-      const validation = createCommentSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger3.error(`Invalid comment parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't create the comment due to missing information: ${errors}`
-          });
-        }
-        return { success: false };
-      }
-      const comment = await service.createComment(params);
-      logger3.info(`Created comment on #${params.issueNumber}`);
-      if (callback) {
-        await callback({
-          text: `Added comment to #${params.issueNumber}.
-
-View it at: ${comment.htmlUrl}`
-        });
-      }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger3.error(`Failed to create comment: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to create the comment: ${errorMessage}`
-        });
-      }
-      return { success: false };
-    }
-  },
-  examples: examples2
-};
-// actions/createIssue.ts
-import {
-  logger as logger4
-} from "@elizaos/core";
-var spec3 = requireActionSpec("CREATE_ISSUE");
-var examples3 = [
-  [
+      name: "title",
+      description: "Issue title for create.",
+      required: false,
+      schema: { type: "string" }
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Create an issue in my-org/my-repo with title 'Bug: Login fails' and body 'Users cannot log in after update'"
-      }
+      name: "body",
+      description: "Issue body or comment body.",
+      required: false,
+      schema: { type: "string" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll create that issue for you in my-org/my-repo.",
-        actions: ["CREATE_GITHUB_ISSUE"]
-      }
-    }
-  ],
-  [
+      name: "assignees",
+      description: "GitHub usernames to assign.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Open a new issue titled 'Add dark mode support' with labels 'enhancement' and 'ui'"
-      }
+      name: "labels",
+      description: "Labels to apply on create or label.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "Creating a new issue with the title 'Add dark mode support' and the specified labels.",
-        actions: ["CREATE_GITHUB_ISSUE"]
-      }
-    }
-  ]
-];
-var createIssueAction = {
-  name: "CREATE_GITHUB_ISSUE",
-  similes: spec3.similes ? [...spec3.similes] : [],
-  description: spec3.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true to perform the write operation.",
+      required: false,
+      schema: { type: "boolean", default: false }
     }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("issue") || text.includes("bug") || text.includes("report") || text.includes("ticket");
+  ],
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "agent");
+    return !("error" in r);
   },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger4.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
+  handler: async (runtime, _message, _state, options, callback) => {
+    const op = parseOp(options?.op);
+    if (!op) {
+      const err = "GITHUB_ISSUE_OP requires op (create|assign|close|reopen|comment|label)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const selection = resolveAccountSelection(options, "agent");
+    const repo = requireString(options, "repo");
+    if (!repo) {
+      const err = "GITHUB_ISSUE_OP requires repo (owner/name)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const parts = splitRepo(repo);
+    if (!parts) {
+      const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    if (!isConfirmed(options)) {
+      const preview = buildPreview(op, repo, describeSelection(selection), options);
+      await callback?.({ text: preview });
+      return { success: false, requiresConfirmation: true, preview };
+    }
+    const resolved = buildResolvedClient(runtime, selection);
+    if ("error" in resolved) {
+      await callback?.({ text: resolved.error });
+      return { success: false, error: resolved.error };
     }
     try {
-      const content = message.content;
-      const text = content.text ?? "";
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        title: state?.title ?? text.slice(0, 100),
-        body: state?.body ?? text,
-        labels: state?.labels ?? [],
-        assignees: state?.assignees ?? []
-      };
-      const validation = createIssueSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger4.error(`Invalid issue parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't create the issue due to missing information: ${errors}`
-          });
+      switch (op) {
+        case "create":
+          return await runCreate(resolved, parts, repo, options, callback);
+        case "assign":
+          return await runAssign(resolved, parts, repo, options, callback);
+        case "close":
+          return await runStateChange(
+            resolved,
+            parts,
+            repo,
+            options,
+            callback,
+            "closed"
+          );
+        case "reopen":
+          return await runStateChange(
+            resolved,
+            parts,
+            repo,
+            options,
+            callback,
+            "open"
+          );
+        case "comment":
+          return await runComment(resolved, parts, repo, options, callback);
+        case "label":
+          return await runLabel(resolved, parts, repo, options, callback);
+      }
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_ISSUE_OP ${op} failed: ${errorMessage(err)}`;
+      logger.warn({ message }, "[GitHub:GITHUB_ISSUE_OP]");
+      await callback?.({ text: message });
+      return { success: false, error: message };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: {
+          text: "Open an issue in elizaOS/eliza titled 'Docs gap'"
+        }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Created issue elizaOS/eliza#101"
         }
-        return { success: false };
-      }
-      const issue = await service.createIssue(params);
-      logger4.info(`Created issue #${issue.number}: ${issue.title}`);
-      if (callback) {
-        await callback({
-          text: `Created issue #${issue.number}: "${issue.title}"
-
-View it at: ${issue.htmlUrl}`
-        });
       }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger4.error(`Failed to create issue: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to create the issue: ${errorMessage}`
-        });
+    ],
+    [
+      {
+        name: "{{user1}}",
+        content: {
+          text: "Close issue elizaOS/eliza#42"
+        }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Closed elizaOS/eliza#42"
+        }
       }
-      return { success: false };
-    }
-  },
-  examples: examples3
+    ]
+  ]
 };
-// actions/createPullRequest.ts
-import {
-  logger as logger5
-} from "@elizaos/core";
-var spec4 = requireActionSpec("CREATE_PULL_REQUEST");
-var examples4 = [
-  [
+
+// src/actions/notification-triage.ts
+import { logger as logger2 } from "@elizaos/core";
+var REASON_SCORES = {
+  security_advisory: 100,
+  team_mention: 70,
+  author: 60,
+  mention: 55,
+  assign: 50,
+  review_requested: 80,
+  state_change: 20,
+  comment: 30,
+  subscribed: 10,
+  manual: 15,
+  invitation: 40,
+  ci_activity: 25
+};
+var SUBJECT_TYPE_SCORES = {
+  PullRequest: 20,
+  Issue: 15,
+  Release: 10,
+  Commit: 5,
+  Discussion: 8
+};
+var NOTIFICATION_TRIAGE_LIMIT = 25;
+function scoreNotification(params) {
+  const base = REASON_SCORES[params.reason] ?? 10;
+  const subject = SUBJECT_TYPE_SCORES[params.subjectType] ?? 0;
+  let freshness = 0;
+  if (params.repoPushedAtMs !== null) {
+    const ageHours = (params.nowMs - params.repoPushedAtMs) / (1e3 * 60 * 60);
+    if (ageHours < 1) freshness = 20;
+    else if (ageHours < 6) freshness = 15;
+    else if (ageHours < 24) freshness = 10;
+    else if (ageHours < 24 * 7) freshness = 5;
+  }
+  return base + subject + freshness;
+}
+var notificationTriageAction = {
+  name: GitHubActions.GITHUB_NOTIFICATION_TRIAGE,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: ["TRIAGE_GITHUB_NOTIFICATIONS", "GITHUB_INBOX"],
+  description: "Returns unread GitHub notifications sorted by a priority score derived from reason, subject type, and repo freshness.",
+  descriptionCompressed: "return unread GitHub notification sort priority score derive reason, subject type, repo freshness",
+  parameters: [
     {
-      name: spec4.name,
-      content: {
-        text: "Create a pull request from feature/dark-mode to main with title 'Add dark mode support'"
-      }
+      name: "as",
+      description: "Identity to use when reading notifications: user or agent.",
+      required: false,
+      schema: { type: "string", enum: ["user", "agent"], default: "user" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll create a pull request from feature/dark-mode to main.",
-        actions: ["CREATE_GITHUB_PULL_REQUEST"]
-      }
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
     }
   ],
-  [
-    {
-      name: "{{user1}}",
-      content: {
-        text: "Open a PR to merge my-branch into develop"
-      }
-    },
-    {
-      name: "{{agent}}",
-      content: {
-        text: "Creating a pull request to merge my-branch into develop.",
-        actions: ["CREATE_GITHUB_PULL_REQUEST"]
-      }
-    }
-  ]
-];
-var createPullRequestAction = {
-  name: "CREATE_GITHUB_PULL_REQUEST",
-  similes: spec4.similes ? [...spec4.similes] : [],
-  description: spec4.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
-    }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("pull request") || text.includes("pr") || text.includes("merge");
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "user");
+    return !("error" in r);
   },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger5.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
+  handler: async (runtime, _message, _state, options, callback) => {
+    const selection = resolveAccountSelection(options, "user");
+    const resolved = buildResolvedClient(runtime, selection);
+    if ("error" in resolved) {
+      await callback?.({ text: resolved.error });
+      return { success: false, error: resolved.error };
     }
     try {
-      const content = message.content;
-      const text = content.text ?? "";
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        title: state?.title ?? text.slice(0, 100),
-        body: state?.body ?? text,
-        head: state?.head ?? "",
-        base: state?.base ?? service.getConfig().branch ?? "main",
-        draft: state?.draft ?? false
-      };
-      const validation = createPullRequestSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger5.error(`Invalid pull request parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't create the pull request due to missing information: ${errors}`
-          });
+      const resp = await resolved.client.activity.listNotificationsForAuthenticatedUser({
+        all: false,
+        per_page: 50
+      });
+      const notifications = resp.data;
+      const nowMs = Date.now();
+      const triaged = notifications.map((n) => {
+        const repoPushedAt = n.repository?.pushed_at ?? null;
+        const repoPushedAtMs = typeof repoPushedAt === "string" ? Date.parse(repoPushedAt) : null;
+        const reason = typeof n.reason === "string" ? n.reason : "unknown";
+        const subjectType = typeof n.subject?.type === "string" ? n.subject.type : "Unknown";
+        return {
+          id: n.id,
+          reason,
+          repo: n.repository?.full_name ?? "unknown",
+          title: n.subject?.title ?? "(untitled)",
+          subjectType,
+          url: n.subject?.url ?? null,
+          updatedAt: n.updated_at,
+          score: scoreNotification({
+            reason,
+            subjectType,
+            repoPushedAtMs: repoPushedAtMs !== null && Number.isFinite(repoPushedAtMs) ? repoPushedAtMs : null,
+            nowMs
+          })
+        };
+      });
+      triaged.sort((a, b) => b.score - a.score);
+      const boundedTriaged = triaged.slice(0, NOTIFICATION_TRIAGE_LIMIT);
+      await callback?.({
+        text: `Triaged ${boundedTriaged.length} unread notification(s)`
+      });
+      return {
+        success: true,
+        data: {
+          notifications: boundedTriaged,
+          notificationLimit: NOTIFICATION_TRIAGE_LIMIT,
+          totalUnread: triaged.length
         }
-        return { success: false };
+      };
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_NOTIFICATION_TRIAGE failed: ${errorMessage(err)}`;
+      logger2.warn({ message }, "[GitHub:GITHUB_NOTIFICATION_TRIAGE]");
+      await callback?.({ text: message });
+      return { success: false, error: message };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "What's in my GitHub inbox?" }
+      },
+      {
+        name: "{{agentName}}",
+        content: { text: "Triaged 7 unread notification(s)" }
       }
-      const pr = await service.createPullRequest(params);
-      logger5.info(`Created pull request #${pr.number}: ${pr.title}`);
-      if (callback) {
-        await callback({
-          text: `Created pull request #${pr.number}: "${pr.title}"
-
-From: ${pr.head.ref}
-To: ${pr.base.ref}
+    ]
+  ]
+};
 
-View it at: ${pr.htmlUrl}`
-        });
-      }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger5.error(`Failed to create pull request: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to create the pull request: ${errorMessage}`
-        });
+// src/actions/pr-op.ts
+import { logger as logger3 } from "@elizaos/core";
+var SUPPORTED_OPS2 = /* @__PURE__ */ new Set(["list", "review"]);
+var EVENT_BY_ACTION = {
+  approve: "APPROVE",
+  "request-changes": "REQUEST_CHANGES",
+  comment: "COMMENT"
+};
+function parseOp2(value) {
+  if (typeof value !== "string") return null;
+  return SUPPORTED_OPS2.has(value) ? value : null;
+}
+function parseState(value) {
+  return value === "closed" || value === "all" ? value : "open";
+}
+function parseReviewAction(value) {
+  return value === "approve" || value === "request-changes" || value === "comment" ? value : null;
+}
+async function runList(runtime, options, callback) {
+  const selection = resolveAccountSelection(options, "agent");
+  const resolved = buildResolvedClient(runtime, selection);
+  if ("error" in resolved) {
+    await callback?.({ text: resolved.error });
+    return { success: false, error: resolved.error };
+  }
+  const state = parseState(options?.state);
+  const author = requireString(options, "author");
+  const repo = requireString(options, "repo");
+  const prs = [];
+  if (repo) {
+    const parts = splitRepo(repo);
+    if (!parts) {
+      const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const resp = await resolved.client.pulls.list({
+      owner: parts.owner,
+      repo: parts.name,
+      state,
+      per_page: 100
+    });
+    for (const pr of resp.data) {
+      if (author && pr.user?.login !== author) {
+        continue;
       }
-      return { success: false };
+      prs.push({
+        repo,
+        number: pr.number,
+        title: pr.title,
+        author: pr.user?.login ?? null,
+        state: pr.state,
+        url: pr.html_url
+      });
     }
-  },
-  examples: examples4
-};
-// actions/mergePullRequest.ts
-import {
-  logger as logger6
-} from "@elizaos/core";
-var spec5 = requireActionSpec("MERGE_PULL_REQUEST");
-var examples5 = [
-  [
+  } else {
+    const q = [
+      "is:pr",
+      state === "all" ? "" : `is:${state}`,
+      author ? `author:${author}` : ""
+    ].filter(Boolean).join(" ");
+    const resp = await resolved.client.search.issuesAndPullRequests({
+      q,
+      per_page: 50
+    });
+    for (const item of resp.data.items) {
+      const match = /\/repos\/([^/]+\/[^/]+)(?:\/|$)/.exec(item.repository_url);
+      const repoName = match?.[1] ?? item.repository_url;
+      prs.push({
+        repo: repoName,
+        number: item.number,
+        title: item.title,
+        author: item.user?.login ?? null,
+        state: item.state,
+        url: item.html_url
+      });
+    }
+  }
+  await callback?.({ text: `Found ${prs.length} pull request(s)` });
+  return { success: true, data: { op: "list", prs } };
+}
+async function runReview(runtime, options, callback) {
+  const selection = resolveAccountSelection(options, "user");
+  const repo = requireString(options, "repo");
+  const number = requireNumber(options, "number");
+  const action = parseReviewAction(options?.action);
+  const body = requireString(options, "body");
+  if (!repo || !number || !action) {
+    const err = "GITHUB_PR_OP review requires repo (owner/name), number (integer), and action (approve|request-changes|comment)";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const parts = splitRepo(repo);
+  if (!parts) {
+    const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  if (!isConfirmed(options)) {
+    const preview = `About to ${action.replace("-", " ")} PR ${repo}#${number}` + (body ? ` with body: "${body.slice(0, 120)}"` : "") + ` as ${describeSelection(selection)}. Re-invoke with confirmed: true to proceed.`;
+    await callback?.({ text: preview });
+    return { success: false, requiresConfirmation: true, preview };
+  }
+  if (action === "request-changes" && !body) {
+    const err = "request-changes review requires a body explaining the changes";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resolved = buildResolvedClient(runtime, selection);
+  if ("error" in resolved) {
+    await callback?.({ text: resolved.error });
+    return { success: false, error: resolved.error };
+  }
+  const resp = await resolved.client.pulls.createReview({
+    owner: parts.owner,
+    repo: parts.name,
+    pull_number: number,
+    event: EVENT_BY_ACTION[action],
+    body: body ?? void 0
+  });
+  await callback?.({ text: `Submitted ${action} review on ${repo}#${number}` });
+  return { success: true, data: { op: "review", id: resp.data.id } };
+}
+var prOpAction = {
+  name: GitHubActions.GITHUB_PR_OP,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "LIST_PRS",
+    "LIST_PULL_REQUESTS",
+    "SHOW_PRS",
+    "GITHUB_LIST_PRS",
+    "REVIEW_PR",
+    "APPROVE_PR",
+    "REQUEST_CHANGES",
+    "COMMENT_ON_PR"
+  ],
+  description: "Single router for GitHub PR ops: list and review. Review requires confirmed:true.",
+  descriptionCompressed: "GitHub PR ops: list pull requests, submit review with confirmation.",
+  parameters: [
     {
-      name: spec5.name,
-      content: {
-        text: "Merge pull request #42"
-      }
+      name: "subaction",
+      description: "PR operation: list or review.",
+      required: true,
+      schema: { type: "string", enum: [...SUPPORTED_OPS2] }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll merge pull request #42.",
-        actions: ["MERGE_GITHUB_PULL_REQUEST"]
-      }
-    }
-  ],
-  [
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: false,
+      schema: { type: "string" }
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Squash and merge PR #15 with title 'Feature: Add dark mode'"
-      }
+      name: "number",
+      description: "Pull request number for review.",
+      required: false,
+      schema: { type: "number" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "Squash merging pull request #15 with your custom commit title.",
-        actions: ["MERGE_GITHUB_PULL_REQUEST"]
-      }
-    }
-  ]
-];
-var mergePullRequestAction = {
-  name: "MERGE_GITHUB_PULL_REQUEST",
-  similes: spec5.similes ? [...spec5.similes] : [],
-  description: spec5.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
-    }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("merge");
-  },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger6.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
-    }
-    try {
-      const content = message.content;
-      const text = content.text?.toLowerCase() ?? "";
-      let mergeMethod = "merge";
-      if (text.includes("squash")) {
-        mergeMethod = "squash";
-      } else if (text.includes("rebase")) {
-        mergeMethod = "rebase";
-      }
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        pullNumber: state?.pullNumber ?? 0,
-        commitTitle: state?.commitTitle,
-        commitMessage: state?.commitMessage,
-        mergeMethod: state?.mergeMethod ?? mergeMethod
-      };
-      const validation = mergePullRequestSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger6.error(`Invalid merge parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't merge the pull request due to missing information: ${errors}`
-          });
-        }
-        return { success: false };
-      }
-      const result = await service.mergePullRequest(params);
-      if (result.merged) {
-        logger6.info(`Merged pull request #${params.pullNumber}`);
-        if (callback) {
-          await callback({
-            text: `Successfully merged pull request #${params.pullNumber}.
-
-Merge commit: ${result.sha.slice(0, 7)}
-Method: ${params.mergeMethod}`
-          });
-        }
-        return { success: true };
-      } else {
-        logger6.warn(`Pull request #${params.pullNumber} was not merged: ${result.message}`);
-        if (callback) {
-          await callback({
-            text: `Could not merge pull request #${params.pullNumber}: ${result.message}`
-          });
-        }
-        return { success: false };
-      }
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger6.error(`Failed to merge pull request: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to merge the pull request: ${errorMessage}`
-        });
+      name: "state",
+      description: "PR state for list.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["open", "closed", "all"],
+        default: "open"
       }
-      return { success: false };
-    }
-  },
-  examples: examples5
-};
-// actions/pushCode.ts
-import {
-  logger as logger7
-} from "@elizaos/core";
-var spec6 = requireActionSpec("PUSH_CODE");
-var examples6 = [
-  [
+    },
     {
-      name: spec6.name,
-      content: {
-        text: "Push the file changes to the feature/dark-mode branch with message 'Add dark mode styles'"
-      }
+      name: "author",
+      description: "Optional PR author username filter for list.",
+      required: false,
+      schema: { type: "string" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll commit and push those changes to feature/dark-mode.",
-        actions: ["PUSH_GITHUB_CODE"]
+      name: "action",
+      description: "Review action: approve, request-changes, or comment.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["approve", "request-changes", "comment"]
       }
-    }
-  ],
-  [
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Commit these files to main: README.md with content 'Hello World'"
-      }
+      name: "body",
+      description: "Review body for comment or request-changes.",
+      required: false,
+      schema: { type: "string" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "Committing README.md to main branch.",
-        actions: ["PUSH_GITHUB_CODE"]
-      }
-    }
-  ]
-];
-var pushCodeAction = {
-  name: "PUSH_GITHUB_CODE",
-  similes: spec6.similes ? [...spec6.similes] : [],
-  description: spec6.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true to submit a review.",
+      required: false,
+      schema: { type: "boolean", default: false }
     }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("push") || text.includes("commit") || text.includes("save") || text.includes("upload");
+  ],
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "agent");
+    return !("error" in r);
   },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger7.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
+  handler: async (runtime, _message, _state, options, callback) => {
+    const op = parseOp2(options?.op);
+    if (!op) {
+      const err = "GITHUB_PR_OP requires op (list|review)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
     }
     try {
-      const content = message.content;
-      const text = content.text ?? "";
-      const files = state?.files ?? [];
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        message: state?.message ?? text.slice(0, 100),
-        files,
-        branch: state?.branch ?? service.getConfig().branch ?? "main",
-        authorName: state?.authorName,
-        authorEmail: state?.authorEmail
-      };
-      const validation = createCommitSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger7.error(`Invalid commit parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't push the code due to missing information: ${errors}`
-          });
+      return op === "list" ? await runList(runtime, options, callback) : await runReview(runtime, options, callback);
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_PR_OP ${op} failed: ${errorMessage(err)}`;
+      logger3.warn({ message }, "[GitHub:GITHUB_PR_OP]");
+      await callback?.({ text: message });
+      return { success: false, error: message };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "Show me open PRs on elizaOS/eliza" }
+      },
+      {
+        name: "{{agentName}}",
+        content: { text: "Found 3 pull request(s)" }
+      }
+    ],
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "Approve PR #42 on elizaOS/eliza" }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Submitted approve review on elizaOS/eliza#42"
         }
-        return { success: false };
       }
-      const commit = await service.createCommit(params);
-      logger7.info(`Created commit ${commit.sha.slice(0, 7)} on ${params.branch}`);
-      if (callback) {
-        await callback({
-          text: `Pushed ${files.length} file(s) to ${params.branch}.
-
-Commit: ${commit.sha.slice(0, 7)}
-Message: ${commit.message}
+    ]
+  ]
+};
 
-View at: ${commit.htmlUrl}`
-        });
-      }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger7.error(`Failed to push code: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to push the code: ${errorMessage}`
-        });
-      }
-      return { success: false };
-    }
-  },
-  examples: examples6
+// src/actions/github.ts
+var GITHUB_ACTIONS = [
+  "pr_list",
+  "pr_review",
+  "issue_create",
+  "issue_assign",
+  "issue_close",
+  "issue_reopen",
+  "issue_comment",
+  "issue_label",
+  "notification_triage"
+];
+var ISSUE_OP_BY_ACTION = {
+  issue_create: "create",
+  issue_assign: "assign",
+  issue_close: "close",
+  issue_reopen: "reopen",
+  issue_comment: "comment",
+  issue_label: "label"
 };
-// actions/reviewPullRequest.ts
-import {
-  logger as logger8
-} from "@elizaos/core";
-var spec7 = requireActionSpec("REVIEW_PULL_REQUEST");
-var examples7 = [
-  [
+function readParameters(options) {
+  if (!options || typeof options !== "object") return {};
+  const record = options;
+  const params = record.parameters;
+  return params && typeof params === "object" && !Array.isArray(params) ? { ...params } : { ...record };
+}
+function readAction(options) {
+  const params = readParameters(options);
+  const raw = params.action ?? params.subaction ?? params.op ?? params.operation ?? params.verb;
+  if (typeof raw !== "string") return void 0;
+  const normalized = raw.trim().toLowerCase().replace(/[-\s]+/g, "_");
+  return GITHUB_ACTIONS.includes(normalized) ? normalized : void 0;
+}
+function withParameters(options, parameters) {
+  if (!options || typeof options !== "object") return { parameters };
+  return { ...options, parameters };
+}
+function delegate(target, runtime, message, state, options, callback) {
+  return target.handler(
+    runtime,
+    message,
+    state,
+    options,
+    callback
+  );
+}
+var githubAction = {
+  name: "GITHUB",
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "GITHUB_PR_OP",
+    "GITHUB_ISSUE_OP",
+    "GITHUB_NOTIFICATION_TRIAGE",
+    "GITHUB_PULL_REQUEST",
+    "GITHUB_ISSUE",
+    "GITHUB_NOTIFICATIONS"
+  ],
+  description: "GitHub umbrella for pull requests, issues, and notification triage. Use action=pr_list/pr_review/issue_create/issue_assign/issue_close/issue_reopen/issue_comment/issue_label/notification_triage.",
+  descriptionCompressed: "GitHub: pr_list|pr_review|issue_create|issue_assign|issue_close|issue_reopen|issue_comment|issue_label|notification_triage",
+  parameters: [
     {
-      name: spec7.name,
-      content: {
-        text: "Approve pull request #42 with comment 'LGTM!'"
-      }
+      name: "action",
+      description: "GitHub operation to run.",
+      required: true,
+      schema: { type: "string", enum: [...GITHUB_ACTIONS] }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll approve pull request #42 with that comment.",
-        actions: ["REVIEW_GITHUB_PULL_REQUEST"]
-      }
-    }
-  ],
-  [
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: false,
+      schema: { type: "string" }
+    },
     {
-      name: "{{user1}}",
-      content: {
-        text: "Request changes on PR #15 - the tests are failing"
-      }
+      name: "number",
+      description: "Pull request or issue number.",
+      required: false,
+      schema: { type: "number" }
     },
     {
-      name: "{{agent}}",
-      content: {
-        text: "I'll request changes on pull request #15 with your feedback.",
-        actions: ["REVIEW_GITHUB_PULL_REQUEST"]
-      }
-    }
-  ]
-];
-var reviewPullRequestAction = {
-  name: "REVIEW_GITHUB_PULL_REQUEST",
-  similes: spec7.similes ? [...spec7.similes] : [],
-  description: spec7.description,
-  validate: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return false;
+      name: "state",
+      description: "PR state for pr_list: open, closed, or all.",
+      required: false,
+      schema: { type: "string", enum: ["open", "closed", "all"], default: "open" }
+    },
+    {
+      name: "author",
+      description: "Optional PR author username filter for pr_list.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "review_action",
+      description: "For action=pr_review: approve, request-changes, or comment.",
+      required: false,
+      schema: { type: "string", enum: ["approve", "request-changes", "comment"] }
+    },
+    {
+      name: "title",
+      description: "Issue title for action=issue_create.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "body",
+      description: "Issue body, issue comment body, or PR review body.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "assignees",
+      description: "GitHub usernames to assign.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "labels",
+      description: "Labels to apply on issue create or issue_label.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true for GitHub write operations.",
+      required: false,
+      schema: { type: "boolean", default: false }
     }
-    const text = message.content.text?.toLowerCase() ?? "";
-    return text.includes("review") || text.includes("approve") || text.includes("request changes") || text.includes("lgtm");
-  },
-  handler: async (runtime, message, state, _options, callback) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      logger8.error("GitHub service not available");
-      if (callback) {
-        await callback({
-          text: "GitHub service is not available. Please ensure the plugin is properly configured."
-        });
-      }
-      return { success: false };
+  ],
+  validate: async (runtime, message, state) => await prOpAction.validate(runtime, message, state) || await issueOpAction.validate(runtime, message, state) || await notificationTriageAction.validate(runtime, message, state),
+  handler: async (runtime, message, state, options, callback) => {
+    const action = readAction(options);
+    const params = readParameters(options);
+    if (!action) {
+      return {
+        success: false,
+        text: "GITHUB requires action=pr_list/pr_review/issue_create/issue_assign/issue_close/issue_reopen/issue_comment/issue_label/notification_triage.",
+        data: { error: "MISSING_ACTION" }
+      };
     }
-    try {
-      const content = message.content;
-      const text = content.text ?? "";
-      let event = "COMMENT";
-      const lowerText = text.toLowerCase();
-      if (lowerText.includes("approve") || lowerText.includes("lgtm") || lowerText.includes("looks good")) {
-        event = "APPROVE";
-      } else if (lowerText.includes("request changes") || lowerText.includes("needs work") || lowerText.includes("fix")) {
-        event = "REQUEST_CHANGES";
-      }
-      const params = {
-        owner: state?.owner ?? service.getConfig().owner ?? "",
-        repo: state?.repo ?? service.getConfig().repo ?? "",
-        pullNumber: state?.pullNumber ?? 0,
-        body: state?.body ?? text,
-        event: state?.event ?? event
+    if (action === "notification_triage") {
+      return delegate(
+        notificationTriageAction,
+        runtime,
+        message,
+        state,
+        withParameters(options, params),
+        callback
+      );
+    }
+    if (action === "pr_list" || action === "pr_review") {
+      const childParams = {
+        ...params,
+        op: action === "pr_list" ? "list" : "review",
+        ...action === "pr_review" && params.review_action ? { action: params.review_action } : {}
       };
-      const validation = createReviewSchema.safeParse(params);
-      if (!validation.success) {
-        const errors = formatZodErrors(validation.error);
-        logger8.error(`Invalid review parameters: ${errors}`);
-        if (callback) {
-          await callback({
-            text: `I couldn't create the review due to missing information: ${errors}`
-          });
-        }
-        return { success: false };
-      }
-      const review = await service.createReview(params);
-      const eventLabel = review.state === "APPROVED" ? "approved" : review.state === "CHANGES_REQUESTED" ? "requested changes on" : "commented on";
-      logger8.info(`Created ${review.state} review on PR #${params.pullNumber}`);
-      if (callback) {
-        await callback({
-          text: `I've ${eventLabel} pull request #${params.pullNumber}.
-
-View the review at: ${review.htmlUrl}`
-        });
-      }
-      return { success: true };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      logger8.error(`Failed to create review: ${errorMessage}`);
-      if (callback) {
-        await callback({
-          text: `Failed to create the review: ${errorMessage}`
-        });
-      }
-      return { success: false };
+      return delegate(
+        prOpAction,
+        runtime,
+        message,
+        state,
+        withParameters(options, childParams),
+        callback
+      );
+    }
+    const issueOp = ISSUE_OP_BY_ACTION[action];
+    if (issueOp) {
+      return delegate(
+        issueOpAction,
+        runtime,
+        message,
+        state,
+        withParameters(options, { ...params, op: issueOp }),
+        callback
+      );
     }
-  },
-  examples: examples7
+    return {
+      success: false,
+      text: `Unsupported GITHUB action: ${action}`,
+      data: { error: "UNSUPPORTED_ACTION", action }
+    };
+  }
 };
-// actions/index.ts
-var allActions = [
-  createIssueAction,
-  createPullRequestAction,
-  reviewPullRequestAction,
-  createCommentAction,
-  createBranchAction,
-  pushCodeAction,
-  mergePullRequestAction
-];
 
-// providers/issueContext.ts
-function extractIssueNumber(text) {
-  const patterns = [/#(\d+)/, /issue\s*#?(\d+)/i, /pr\s*#?(\d+)/i, /pull\s*request\s*#?(\d+)/i];
-  for (const pattern of patterns) {
-    const match = text.match(pattern);
-    if (match?.[1]) {
-      return Number.parseInt(match[1], 10);
-    }
+// src/connector-account-provider.ts
+import {
+  logger as logger4
+} from "@elizaos/core";
+var GITHUB_AUTHORIZATION_ENDPOINT = "https://github.com/login/oauth/authorize";
+var GITHUB_TOKEN_ENDPOINT = "https://github.com/login/oauth/access_token";
+var GITHUB_USER_ENDPOINT = "https://api.github.com/user";
+var DEFAULT_PURPOSES = [
+  "posting",
+  "reading",
+  "admin"
+];
+function nonEmptyString3(value) {
+  if (typeof value !== "string") return void 0;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function readSetting2(runtime, key) {
+  return nonEmptyString3(runtime.getSetting?.(key));
+}
+function readClientConfig(runtime) {
+  const clientId = readSetting2(runtime, "GITHUB_OAUTH_CLIENT_ID");
+  const clientSecret = readSetting2(runtime, "GITHUB_OAUTH_CLIENT_SECRET");
+  const redirectUri = readSetting2(runtime, "GITHUB_OAUTH_REDIRECT_URI");
+  if (!clientId || !clientSecret || !redirectUri) {
+    throw new Error(
+      "GitHub OAuth requires GITHUB_OAUTH_CLIENT_ID, GITHUB_OAUTH_CLIENT_SECRET, and GITHUB_OAUTH_REDIRECT_URI to be configured."
+    );
   }
-  return null;
+  return { clientId, clientSecret, redirectUri };
 }
-var spec8 = requireProviderSpec("issueContext");
-var issueContextProvider = {
-  name: spec8.name,
-  description: "Provides detailed context about a specific GitHub issue or pull request when referenced",
-  get: async (runtime, message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return { text: null };
-    }
-    const text = message.content.text ?? "";
-    const issueNumber = extractIssueNumber(text);
-    if (!issueNumber) {
-      return { text: null };
-    }
-    try {
-      const config = service.getConfig();
-      if (!config.owner || !config.repo) {
-        return { text: null };
-      }
-      try {
-        const issue = await service.getIssue({
-          owner: config.owner,
-          repo: config.repo,
-          issueNumber
-        });
-        if (issue.isPullRequest) {
-          const pr = await service.getPullRequest({
-            owner: config.owner,
-            repo: config.repo,
-            pullNumber: issueNumber
-          });
-          const labels2 = pr.labels.map((l) => l.name).join(", ");
-          const assignees2 = pr.assignees.map((a) => a.login).join(", ");
-          const reviewers = pr.requestedReviewers.map((r) => r.login).join(", ");
-          const parts2 = [
-            `## Pull Request #${pr.number}: ${pr.title}`,
-            "",
-            `**State:** ${pr.state}${pr.draft ? " (Draft)" : ""}${pr.merged ? " (Merged)" : ""}`,
-            `**Author:** ${pr.user.login}`,
-            `**Branch:** ${pr.head.ref} → ${pr.base.ref}`,
-            `**Created:** ${pr.createdAt}`,
-            `**Updated:** ${pr.updatedAt}`
-          ];
-          if (labels2) {
-            parts2.push(`**Labels:** ${labels2}`);
-          }
-          if (assignees2) {
-            parts2.push(`**Assignees:** ${assignees2}`);
+function parseScopes(value) {
+  if (!value) return [];
+  return value.split(/[,\s]+/).map((scope) => scope.trim()).filter(Boolean);
+}
+function defaultRoleFromAccountId(accountId) {
+  if (accountId === DEFAULT_GITHUB_USER_ACCOUNT_ID) return "OWNER";
+  if (accountId === DEFAULT_GITHUB_AGENT_ACCOUNT_ID) return "AGENT";
+  return "OWNER";
+}
+function roleFromMetadata(metadata, accountId) {
+  const record = metadata && typeof metadata === "object" && !Array.isArray(metadata) ? metadata : {};
+  const raw = nonEmptyString3(record.role ?? record.accountRole);
+  const normalized = raw?.toUpperCase();
+  if (normalized === "OWNER" || normalized === "AGENT" || normalized === "TEAM") {
+    return normalized;
+  }
+  return defaultRoleFromAccountId(accountId);
+}
+async function exchangeCodeForToken(args) {
+  const response = await fetch(GITHUB_TOKEN_ENDPOINT, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json"
+    },
+    body: new URLSearchParams({
+      client_id: args.clientId,
+      client_secret: args.clientSecret,
+      code: args.code,
+      redirect_uri: args.redirectUri
+    }).toString()
+  });
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(
+      `GitHub token exchange failed with ${response.status}: ${body}`
+    );
+  }
+  const parsed = await response.json();
+  if (parsed.error) {
+    throw new Error(
+      `GitHub token exchange returned error ${parsed.error}: ${parsed.error_description ?? "no description"}`
+    );
+  }
+  if (!parsed.access_token) {
+    throw new Error("GitHub token exchange returned no access_token.");
+  }
+  return parsed;
+}
+async function fetchGitHubUser(accessToken) {
+  const response = await fetch(GITHUB_USER_ENDPOINT, {
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28"
+    }
+  });
+  if (!response.ok) {
+    throw new Error(`GitHub /user request failed with ${response.status}`);
+  }
+  const parsed = await response.json();
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error("GitHub /user returned an invalid payload.");
+  }
+  return parsed;
+}
+function synthesizeEnvAccounts(runtime) {
+  const now = Date.now();
+  return readGitHubAccounts(runtime).map((account) => ({
+    id: account.accountId,
+    provider: GITHUB_SERVICE_TYPE,
+    label: account.label ?? `GitHub ${account.role} (${account.accountId})`,
+    role: account.role === "user" ? "OWNER" : "AGENT",
+    purpose: DEFAULT_PURPOSES,
+    accessGate: "open",
+    status: "connected",
+    displayHandle: account.accountId,
+    createdAt: now,
+    updatedAt: now,
+    metadata: { authMethod: "pat", source: "env" }
+  }));
+}
+function createGitHubConnectorAccountProvider(runtime) {
+  return {
+    provider: GITHUB_SERVICE_TYPE,
+    label: "GitHub",
+    listAccounts: async (manager) => {
+      const stored = await manager.getStorage().listAccounts(GITHUB_SERVICE_TYPE);
+      if (stored.length > 0) return stored;
+      return synthesizeEnvAccounts(runtime);
+    },
+    createAccount: async (input, _manager) => {
+      return {
+        ...input,
+        provider: GITHUB_SERVICE_TYPE,
+        role: input.role ?? "OWNER",
+        purpose: input.purpose ?? DEFAULT_PURPOSES,
+        accessGate: input.accessGate ?? "open",
+        status: input.status ?? "pending"
+      };
+    },
+    patchAccount: async (_accountId, patch, _manager) => {
+      return { ...patch, provider: GITHUB_SERVICE_TYPE };
+    },
+    deleteAccount: async (_accountId, _manager) => {
+    },
+    startOAuth: async (request, _manager) => {
+      const config = readClientConfig(runtime);
+      const redirectUri = request.redirectUri ?? config.redirectUri;
+      const scopes = request.scopes && request.scopes.length > 0 ? request.scopes : ["repo", "read:user", "user:email", "notifications"];
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        state: request.flow.state,
+        scope: scopes.join(" "),
+        allow_signup: "false"
+      });
+      return {
+        authUrl: `${GITHUB_AUTHORIZATION_ENDPOINT}?${params.toString()}`,
+        metadata: {
+          ...request.metadata,
+          requestedScopes: scopes,
+          redirectUri
+        }
+      };
+    },
+    completeOAuth: async (request, manager) => {
+      const code = nonEmptyString3(request.code);
+      if (!code) {
+        throw new Error(
+          "GitHub OAuth callback is missing an authorization code."
+        );
+      }
+      const config = readClientConfig(runtime);
+      const redirectUri = nonEmptyString3(request.flow.redirectUri) ?? config.redirectUri;
+      const tokens = await exchangeCodeForToken({
+        clientId: config.clientId,
+        clientSecret: config.clientSecret,
+        redirectUri,
+        code
+      });
+      if (!tokens.access_token) {
+        throw new Error("GitHub token exchange returned no access_token.");
+      }
+      const user = await fetchGitHubUser(tokens.access_token);
+      const externalId = nonEmptyString3(user.id ? String(user.id) : void 0);
+      const login = nonEmptyString3(user.login);
+      if (!login) {
+        throw new Error("GitHub /user payload did not include a login.");
+      }
+      const expiresAt = typeof tokens.expires_in === "number" ? Date.now() + tokens.expires_in * 1e3 : void 0;
+      const oauthCredentialVersion = String(Date.now());
+      const accountMetadata = {
+        authMethod: "oauth",
+        login,
+        githubUserId: user.id ?? null,
+        email: nonEmptyString3(user.email) ?? null,
+        type: nonEmptyString3(user.type) ?? null,
+        tokenType: nonEmptyString3(tokens.token_type) ?? "bearer",
+        grantedScopes: parseScopes(tokens.scope),
+        hasRefreshToken: Boolean(tokens.refresh_token),
+        expiresAt,
+        oauthCredentialVersion
+      };
+      const pendingAccount = await manager.upsertAccount(
+        GITHUB_SERVICE_TYPE,
+        {
+          provider: GITHUB_SERVICE_TYPE,
+          role: roleFromMetadata(request.flow.metadata, request.flow.accountId),
+          purpose: DEFAULT_PURPOSES,
+          accessGate: "open",
+          status: "pending",
+          externalId: externalId ?? login,
+          displayHandle: login,
+          label: nonEmptyString3(user.name) ?? login,
+          metadata: accountMetadata
+        },
+        request.flow.accountId
+      );
+      const credentialPersist = await persistConnectorCredentialRefs({
+        runtime,
+        manager,
+        provider: GITHUB_SERVICE_TYPE,
+        accountIdForRef: pendingAccount.id,
+        storageAccountId: pendingAccount.id,
+        caller: "plugin-github",
+        credentials: [
+          {
+            credentialType: "oauth.tokens",
+            value: JSON.stringify({
+              access_token: tokens.access_token,
+              ...tokens.refresh_token ? { refresh_token: tokens.refresh_token } : {},
+              ...expiresAt !== void 0 ? { expires_at: expiresAt } : {},
+              token_type: nonEmptyString3(tokens.token_type) ?? "bearer",
+              scope: tokens.scope ?? ""
+            }),
+            ...expiresAt !== void 0 ? { expiresAt } : {},
+            metadata: {
+              provider: GITHUB_SERVICE_TYPE,
+              hasRefreshToken: Boolean(tokens.refresh_token)
+            }
           }
-          if (reviewers) {
-            parts2.push(`**Reviewers Requested:** ${reviewers}`);
+        ]
+      });
+      const accountPatch = {
+        ...pendingAccount,
+        id: pendingAccount.id,
+        provider: GITHUB_SERVICE_TYPE,
+        status: "connected",
+        metadata: {
+          ...accountMetadata,
+          credentialRefs: credentialPersist.refs,
+          credentialRefStorage: {
+            vaultAvailable: credentialPersist.vaultAvailable,
+            storageAvailable: credentialPersist.storageAvailable
           }
-          parts2.push("", `**Changes:** +${pr.additions} / -${pr.deletions} (${pr.changedFiles} files)`, "", "### Description", pr.body ?? "_No description provided_", "", `**URL:** ${pr.htmlUrl}`);
-          return { text: parts2.join(`
-`) };
-        }
-        const labels = issue.labels.map((l) => l.name).join(", ");
-        const assignees = issue.assignees.map((a) => a.login).join(", ");
-        const parts = [
-          `## Issue #${issue.number}: ${issue.title}`,
-          "",
-          `**State:** ${issue.state}${issue.stateReason ? ` (${issue.stateReason})` : ""}`,
-          `**Author:** ${issue.user.login}`,
-          `**Created:** ${issue.createdAt}`,
-          `**Updated:** ${issue.updatedAt}`,
-          `**Comments:** ${issue.comments}`
-        ];
-        if (labels) {
-          parts.push(`**Labels:** ${labels}`);
         }
-        if (assignees) {
-          parts.push(`**Assignees:** ${assignees}`);
-        }
-        if (issue.milestone) {
-          parts.push(`**Milestone:** ${issue.milestone.title}`);
-        }
-        parts.push("", "### Description", issue.body ?? "_No description provided_", "", `**URL:** ${issue.htmlUrl}`);
-        return { text: parts.join(`
-`) };
-      } catch {
-        return {
-          text: `Issue/PR #${issueNumber} not found in ${config.owner}/${config.repo}`
-        };
-      }
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      return { text: `Unable to fetch issue context: ${errorMessage}` };
+      };
+      logger4.info(
+        {
+          src: "plugin:github:connector",
+          login
+        },
+        "GitHub OAuth completed"
+      );
+      return {
+        account: accountPatch,
+        flow: { status: "completed" }
+      };
     }
+  };
+}
+
+// src/routes/github-routes.ts
+import { logger as logger5 } from "@elizaos/core";
+
+// src/github-credentials.ts
+import fs from "fs/promises";
+import path from "path";
+import { resolveStateDir } from "@elizaos/core";
+function getCredentialFilePath() {
+  return path.join(resolveStateDir(), "credentials", "github.json");
+}
+function isGitHubCredentials(value) {
+  if (!value || typeof value !== "object") return false;
+  const v = value;
+  return typeof v.token === "string" && typeof v.username === "string" && Array.isArray(v.scopes) && v.scopes.every((s) => typeof s === "string") && typeof v.savedAt === "number";
+}
+async function loadCredentials() {
+  const filePath = getCredentialFilePath();
+  let raw;
+  try {
+    raw = await fs.readFile(filePath, "utf-8");
+  } catch {
+    return null;
   }
-};
-// providers/repositoryState.ts
-var spec9 = requireProviderSpec("repositoryState");
-var repositoryStateProvider = {
-  name: spec9.name,
-  description: "Provides context about the current GitHub repository including recent activity",
-  get: async (runtime, _message, _state) => {
-    const service = runtime.getService(GITHUB_SERVICE_NAME);
-    if (!service) {
-      return { text: null };
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return null;
+  }
+  return isGitHubCredentials(parsed) ? parsed : null;
+}
+async function loadMetadata() {
+  const creds = await loadCredentials();
+  if (!creds) return null;
+  const { token: _token, ...metadata } = creds;
+  return metadata;
+}
+async function saveCredentials(creds) {
+  const filePath = getCredentialFilePath();
+  const directory = path.dirname(filePath);
+  await fs.mkdir(directory, { recursive: true, mode: 448 });
+  await fs.chmod(directory, 448);
+  const tmpPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  await fs.writeFile(tmpPath, JSON.stringify(creds, null, 2), {
+    mode: 384
+  });
+  await fs.rename(tmpPath, filePath);
+}
+async function clearCredentials() {
+  const filePath = getCredentialFilePath();
+  try {
+    await fs.unlink(filePath);
+  } catch (err) {
+    if (err.code === "ENOENT") return;
+    throw err;
+  }
+}
+function buildCredentialsFromUserResponse(token, user, scopes, now = Date.now()) {
+  return {
+    token,
+    username: user.login,
+    scopes,
+    savedAt: now
+  };
+}
+
+// src/routes/github-routes.ts
+var GITHUB_USER_URL = "https://api.github.com/user";
+var VALIDATION_TIMEOUT_MS = 1e4;
+var MAX_BODY_BYTES = 8 * 1024;
+async function readJsonBody(req) {
+  const chunks = [];
+  let total = 0;
+  for await (const chunk of req) {
+    const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    total += buf.length;
+    if (total > MAX_BODY_BYTES) return null;
+    chunks.push(buf);
+  }
+  if (chunks.length === 0) return null;
+  try {
+    const parsed = JSON.parse(Buffer.concat(chunks).toString("utf-8"));
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function sendJson(ctx, status, body) {
+  if (ctx.json) {
+    ctx.json(status, body);
+    return;
+  }
+  ctx.res.statusCode = status;
+  ctx.res.setHeader("Content-Type", "application/json; charset=utf-8");
+  ctx.res.end(JSON.stringify(body));
+}
+function metadataToStatus(metadata) {
+  if (!metadata) return { connected: false };
+  return {
+    connected: true,
+    username: metadata.username,
+    scopes: metadata.scopes,
+    savedAt: metadata.savedAt
+  };
+}
+async function validateToken(token, fetchImpl) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
+  let response;
+  try {
+    response = await fetchImpl(GITHUB_USER_URL, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.github+json",
+        "User-Agent": "eliza-github-connection"
+      },
+      signal: controller.signal
+    });
+  } finally {
+    clearTimeout(timer);
+  }
+  if (response.status === 401) {
+    throw new Error("Token rejected by GitHub: bad credentials.");
+  }
+  if (response.status === 403) {
+    throw new Error(
+      "Token rejected by GitHub: forbidden. Check the token has at least `read:user` scope."
+    );
+  }
+  if (!response.ok) {
+    throw new Error(
+      `GitHub returned ${response.status} validating the token. Try again or generate a new token.`
+    );
+  }
+  const body = await response.json();
+  if (typeof body?.login !== "string" || body.login.length === 0) {
+    throw new Error("GitHub /user response was missing the login field.");
+  }
+  const scopesHeader = response.headers.get("x-oauth-scopes") ?? "";
+  const scopes = scopesHeader.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+  return { user: body, scopes };
+}
+async function handleGetToken(ctx) {
+  const metadata = await loadMetadata();
+  sendJson(ctx, 200, metadataToStatus(metadata));
+  return true;
+}
+async function handlePostToken(ctx) {
+  const body = await readJsonBody(ctx.req);
+  const token = body && typeof body.token === "string" ? body.token.trim() : "";
+  if (token.length === 0) {
+    sendJson(ctx, 400, { error: "Missing `token` in request body." });
+    return true;
+  }
+  const fetchImpl = ctx.fetch ?? fetch;
+  let validated;
+  try {
+    validated = await validateToken(token, fetchImpl);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    logger5.warn(`[github-routes] token validation failed: ${message}`);
+    sendJson(ctx, 400, { error: message });
+    return true;
+  }
+  const credentials = buildCredentialsFromUserResponse(
+    token,
+    validated.user,
+    validated.scopes
+  );
+  await saveCredentials(credentials);
+  logger5.info(
+    `[github-routes] saved github token for @${validated.user.login} (scopes=${validated.scopes.join(",") || "(none)"})`
+  );
+  sendJson(ctx, 200, metadataToStatus(credentials));
+  return true;
+}
+async function handleDeleteToken(ctx) {
+  await clearCredentials();
+  logger5.info("[github-routes] cleared saved github token");
+  sendJson(ctx, 200, { connected: false });
+  return true;
+}
+async function handleGitHubRoutes(ctx) {
+  if (ctx.pathname !== "/api/github/token") return false;
+  switch (ctx.method) {
+    case "GET":
+      return handleGetToken(ctx);
+    case "POST":
+      return handlePostToken(ctx);
+    case "DELETE":
+      return handleDeleteToken(ctx);
+    default:
+      sendJson(ctx, 405, { error: "Method not allowed" });
+      return true;
+  }
+}
+
+// src/search-category.ts
+var GITHUB_PULL_REQUESTS_SEARCH_CATEGORY = {
+  category: "github_pull_requests",
+  label: "GitHub pull requests",
+  description: "Search GitHub pull requests in a repo or across accessible repositories.",
+  contexts: ["code", "automation"],
+  filters: [
+    { name: "query", label: "Query", type: "string" },
+    {
+      name: "repo",
+      label: "Repository",
+      description: "Repository in owner/name format. Omit to search accessible repositories.",
+      type: "string"
+    },
+    {
+      name: "state",
+      label: "State",
+      description: "Pull request state.",
+      type: "enum",
+      default: "open",
+      options: [
+        { label: "Open", value: "open" },
+        { label: "Closed", value: "closed" },
+        { label: "All", value: "all" }
+      ]
+    },
+    {
+      name: "author",
+      label: "Author",
+      description: "GitHub login to filter by.",
+      type: "string"
+    },
+    {
+      name: "as",
+      label: "Identity",
+      description: "Configured GitHub identity token to use.",
+      type: "enum",
+      default: "agent",
+      options: [
+        { label: "Agent", value: "agent" },
+        { label: "User", value: "user" }
+      ]
+    },
+    {
+      name: "accountId",
+      label: "Account",
+      description: "Optional configured GitHub account id. Defaults by identity role.",
+      type: "string"
+    },
+    {
+      name: "limit",
+      label: "Limit",
+      description: "Maximum pull requests to return.",
+      type: "number",
+      default: 50
     }
-    try {
-      const config = service.getConfig();
-      if (!config.owner || !config.repo) {
-        return {
-          text: "GitHub repository not configured. Please set GITHUB_OWNER and GITHUB_REPO."
-        };
-      }
-      const repo = await service.getRepository({
-        owner: config.owner,
-        repo: config.repo
-      });
-      const issues = await service.listIssues({
-        owner: config.owner,
-        repo: config.repo,
-        state: "open",
-        perPage: 5
-      });
-      const pullRequests = await service.listPullRequests({
-        owner: config.owner,
-        repo: config.repo,
-        state: "open",
-        perPage: 5
+  ],
+  resultSchemaSummary: "PRSummary[] with repo, number, title, author, state, and url.",
+  capabilities: ["pull-requests", "issues-search", "repositories"],
+  source: "plugin:github",
+  serviceType: "github"
+};
+function hasSearchCategory(runtime, category) {
+  try {
+    runtime.getSearchCategory(category, { includeDisabled: true });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function registerGitHubSearchCategory(runtime) {
+  if (!hasSearchCategory(runtime, GITHUB_PULL_REQUESTS_SEARCH_CATEGORY.category)) {
+    runtime.registerSearchCategory(GITHUB_PULL_REQUESTS_SEARCH_CATEGORY);
+  }
+}
+
+// src/services/github-service.ts
+import { logger as logger6, Service } from "@elizaos/core";
+import { Octokit } from "@octokit/rest";
+function normalizeSelector(selector) {
+  if (selector === "user" || selector === "agent") {
+    return { role: selector };
+  }
+  return {
+    accountId: typeof selector.accountId === "string" && selector.accountId.trim() ? selector.accountId.trim() : void 0,
+    role: selector.role ?? selector.as ?? "agent"
+  };
+}
+var GitHubService = class _GitHubService extends Service {
+  constructor(runtime, createClient = (auth) => new Octokit({ auth })) {
+    super(runtime);
+    this.createClient = createClient;
+  }
+  createClient;
+  static serviceType = GITHUB_SERVICE_TYPE;
+  capabilityDescription = "GitHub REST API integration for PRs, issues, and notifications";
+  clients = /* @__PURE__ */ new Map();
+  static async start(runtime, createClient) {
+    const service = new _GitHubService(runtime, createClient);
+    await service.initialize();
+    return service;
+  }
+  async initialize() {
+    if (!this.runtime) {
+      return;
+    }
+    const accounts = await readGitHubAccountsWithConnectorCredentials(this.runtime);
+    this.clients.clear();
+    for (const account of accounts) {
+      this.clients.set(account.accountId, {
+        account,
+        client: this.createClient(account.token)
       });
-      const parts = [
-        `## GitHub Repository: ${repo.fullName}`,
-        "",
-        `**Description:** ${repo.description ?? "No description"}`,
-        `**Default Branch:** ${repo.defaultBranch}`,
-        `**Language:** ${repo.language ?? "Not specified"}`,
-        `**Stars:** ${repo.stargazersCount} | **Forks:** ${repo.forksCount}`,
-        `**Open Issues:** ${repo.openIssuesCount}`,
-        ""
-      ];
-      if (issues.length > 0) {
-        parts.push("### Recent Open Issues");
-        for (const issue of issues) {
-          const labels = issue.labels.map((l) => l.name).join(", ");
-          parts.push(`- #${issue.number}: ${issue.title}${labels ? ` [${labels}]` : ""}`);
-        }
-        parts.push("");
-      }
-      if (pullRequests.length > 0) {
-        parts.push("### Recent Open Pull Requests");
-        for (const pr of pullRequests) {
-          const status = pr.draft ? "[DRAFT] " : "";
-          parts.push(`- #${pr.number}: ${status}${pr.title} (${pr.head.ref} → ${pr.base.ref})`);
-        }
-        parts.push("");
+    }
+    for (const role of ["user", "agent"]) {
+      if (!resolveGitHubAccount(accounts, { role })) {
+        logger6.info(
+          `[GitHubService] no GitHub ${role} account configured \u2014 ${role}-acting calls will be rejected`
+        );
       }
-      return { text: parts.join(`
-`) };
-    } catch (error) {
-      const errorMessage = error instanceof Error ? error.message : "Unknown error";
-      return {
-        text: `Unable to fetch GitHub repository state: ${errorMessage}`
-      };
     }
+    logger6.info(
+      `[GitHubService] configured ${this.clients.size} GitHub account(s)`
+    );
+  }
+  getOctokit(selector) {
+    const selection = normalizeSelector(selector);
+    const account = resolveGitHubAccount(
+      Array.from(this.clients.values()).map((record) => record.account),
+      selection
+    );
+    if (!account) {
+      return null;
+    }
+    return this.clients.get(account.accountId)?.client ?? null;
+  }
+  /**
+   * Allows tests to inject an Octokit-shaped mock without going through
+   * environment variables. Not part of the public runtime contract.
+   */
+  setClientForTesting(as, client, accountId = defaultGitHubAccountIdForRole(as)) {
+    if (!client) {
+      this.clients.delete(accountId);
+      return;
+    }
+    this.clients.set(accountId, {
+      account: { accountId, role: as, token: "test" },
+      client
+    });
+  }
+  async stop() {
+    this.clients.clear();
   }
 };
-// providers/index.ts
-var allProviders = [repositoryStateProvider, issueContextProvider];
 
-// index.ts
+// src/index.ts
+function createGitHubRouteHandler(method) {
+  return async (req, res, runtime) => {
+    const httpReq = req;
+    const httpRes = res;
+    const url = new URL(httpReq.url ?? "/api/github/token", "http://localhost");
+    void runtime;
+    await handleGitHubRoutes({
+      req: httpReq,
+      res: httpRes,
+      method,
+      pathname: url.pathname
+    });
+  };
+}
+var githubRoutes = [
+  {
+    type: "GET",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("GET")
+  },
+  {
+    type: "POST",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("POST")
+  },
+  {
+    type: "DELETE",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("DELETE")
+  }
+];
 var githubPlugin = {
   name: "github",
-  description: "GitHub integration for repository management, issues, pull requests, and code reviews",
+  description: "GitHub integration for pull requests, issues, and notification triage",
   services: [GitHubService],
-  actions: allActions,
-  providers: allProviders,
+  actions: [...promoteSubactionsToActions(githubAction)],
+  routes: githubRoutes,
   init: async (_config, runtime) => {
-    const token = runtime.getSetting("GITHUB_API_TOKEN");
-    const owner = runtime.getSetting("GITHUB_OWNER");
-    const repo = runtime.getSetting("GITHUB_REPO");
-    const branch = runtime.getSetting("GITHUB_BRANCH") ?? "main";
-    logger9.info(`GitHub Plugin - Token: ${token ? "configured" : "not configured"}, Owner: ${owner ?? "not set"}, Repo: ${repo ?? "not set"}, Branch: ${branch}`);
-    if (!token) {
-      logger9.warn("GitHub API Token not provided - plugin will not be functional");
+    registerGitHubSearchCategory(runtime);
+    try {
+      const manager = getConnectorAccountManager2(runtime);
+      manager.registerProvider(createGitHubConnectorAccountProvider(runtime));
+    } catch (err) {
+      logger7.warn(
+        {
+          src: "plugin:github",
+          err: err instanceof Error ? err.message : String(err)
+        },
+        "Failed to register GitHub provider with ConnectorAccountManager"
+      );
     }
   }
 };
-var typescript_default = githubPlugin;
+var index_default = githubPlugin;
 export {
-  typescript_default as default
+  DEFAULT_GITHUB_AGENT_ACCOUNT_ID,
+  DEFAULT_GITHUB_USER_ACCOUNT_ID,
+  GITHUB_SERVICE_TYPE,
+  GitHubActions,
+  GitHubService,
+  createGitHubConnectorAccountProvider,
+  index_default as default,
+  defaultGitHubAccountIdForRole,
+  githubAction,
+  githubPlugin,
+  issueOpAction,
+  normalizeGitHubAccountId,
+  notificationTriageAction,
+  prOpAction,
+  readGitHubAccounts,
+  readGitHubAccountsWithConnectorCredentials,
+  resolveGitHubAccount,
+  resolveGitHubAccountSelection,
+  scoreNotification
 };
-
-//# debugId=D24EE671934108D364756E2164756E21