npm - @elizaos/plugin-github - Versions diffs - 2.0.3-beta.6 → 2.0.3-beta.7 - Mend

@elizaos/plugin-github 2.0.3-beta.6 → 2.0.3-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,2405 @@
+// src/index.ts
+import {
+  getConnectorAccountManager as getConnectorAccountManager2,
+  logger as logger7,
+  promoteSubactionsToActions
+} from "@elizaos/core";
+// src/actions/issue-op.ts
+import { logger, requireConfirmation } from "@elizaos/core";
+// src/connector-credential-refs.ts
+import {
+  CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE,
+  getConnectorAccountManager
+} from "@elizaos/core";
+var OAUTH_TOKENS_CREDENTIAL_TYPE = "oauth.tokens";
+async function persistConnectorCredentialRefs(params) {
+  const refs = [];
+  const vaultWriters = resolveVaultWriters(params.runtime, {
+    provider: params.provider,
+    accountId: params.accountIdForRef,
+    caller: params.caller
+  });
+  if (vaultWriters.length === 0) {
+    throw new Error(
+      `No durable connector credential store or vault writer is available for ${params.provider} account ${params.accountIdForRef}. Refusing to mark OAuth account connected without persisted credentials.`
+    );
+  }
+  if (!params.storageAccountId) {
+    throw new Error(
+      `No durable connector account id is available for ${params.provider} account ${params.accountIdForRef}. Refusing to mark OAuth account connected without persisted credential refs.`
+    );
+  }
+  const storageWriters = resolveCredentialRefWriters(
+    params.runtime,
+    params.manager,
+    params.storageAccountId
+  );
+  if (storageWriters.length === 0) {
+    throw new Error(
+      `No durable connector credential ref writer is available for ${params.provider} account ${params.storageAccountId}. Refusing to mark OAuth account connected without persisted credential refs.`
+    );
+  }
+  for (const credential of params.credentials) {
+    const plannedRef = buildConnectorCredentialVaultRef({
+      agentId: nonEmptyString(params.runtime.agentId) ?? "agent",
+      provider: params.provider,
+      accountId: params.accountIdForRef,
+      credentialType: credential.credentialType
+    });
+    const vaultRef = await writeWithFirstAvailableVault(
+      vaultWriters,
+      plannedRef,
+      credential
+    );
+    refs.push({
+      credentialType: credential.credentialType,
+      vaultRef,
+      ...credential.expiresAt !== void 0 ? { expiresAt: credential.expiresAt } : {},
+      ...credential.metadata ? { metadata: credential.metadata } : {}
+    });
+  }
+  if (refs.length > 0) {
+    await writeRefsToStorage(storageWriters, refs);
+  }
+  return {
+    refs,
+    vaultAvailable: vaultWriters.length > 0,
+    storageAvailable: storageWriters.length > 0
+  };
+}
+async function loadConnectorOAuthAccessToken(params) {
+  const { records } = await loadConnectorCredentialRecords(params);
+  const tokenRecord = records.find(
+    (record) => sameCredentialType(record.credentialType, OAUTH_TOKENS_CREDENTIAL_TYPE)
+  );
+  if (!tokenRecord) return null;
+  const raw = nonEmptyString(tokenRecord.value) ?? (tokenRecord.vaultRef ? await readCredentialSecret(
+    params.runtime,
+    tokenRecord.vaultRef,
+    params.caller
+  ) : void 0);
+  const parsed = raw ? parseMaybeJson(raw) : void 0;
+  const tokenSet = asRecord(parsed);
+  return nonEmptyString(tokenSet?.access_token) ?? null;
+}
+async function listConnectorAccounts(runtime, provider) {
+  try {
+    return await getConnectorAccountManager(runtime).listAccounts(provider);
+  } catch {
+    const storage = getService(
+      runtime,
+      CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE
+    );
+    if (typeof storage?.listAccounts === "function") {
+      return storage.listAccounts(provider);
+    }
+  }
+  return [];
+}
+function credentialRefRecordsFromMetadata(metadata) {
+  const record = asRecord(metadata);
+  if (!record) return [];
+  const oauth = asRecord(record.oauth);
+  return [
+    ...credentialRefsFromUnknown(record.credentialRefs),
+    ...credentialRefsFromUnknown(record.oauthCredentialRefs),
+    ...credentialRefsFromUnknown(oauth?.credentialRefs)
+  ];
+}
+async function loadConnectorCredentialRecords(params) {
+  const accounts = await listConnectorAccounts(params.runtime, params.provider);
+  const account = accounts.find(
+    (candidate) => candidate.id === params.accountId || candidate.externalId === params.accountId || candidate.displayHandle === params.accountId
+  );
+  if (!account) return { records: [] };
+  const records = [...credentialRefRecordsFromMetadata(account.metadata)];
+  for (const source of [
+    getService(params.runtime, CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE),
+    params.runtime.adapter
+  ]) {
+    const reader = source;
+    if (typeof reader?.listConnectorAccountCredentialRefs === "function") {
+      records.push(
+        ...await reader.listConnectorAccountCredentialRefs({
+          accountId: account.id
+        })
+      );
+    } else if (typeof reader?.getConnectorAccountCredentialRef === "function") {
+      const ref = await reader.getConnectorAccountCredentialRef({
+        accountId: account.id,
+        credentialType: OAUTH_TOKENS_CREDENTIAL_TYPE
+      });
+      if (ref) records.push(ref);
+    }
+  }
+  return { records };
+}
+function credentialRefsFromUnknown(value) {
+  if (Array.isArray(value)) {
+    return value.flatMap((entry) => {
+      const ref = credentialRefFromRecord(asRecord(entry));
+      return ref ? [ref] : [];
+    });
+  }
+  const record = asRecord(value);
+  if (!record) return [];
+  return Object.entries(record).flatMap(([credentialType, entry]) => {
+    const entryRecord = asRecord(entry);
+    if (entryRecord) {
+      const ref = credentialRefFromRecord({ credentialType, ...entryRecord });
+      return ref ? [ref] : [];
+    }
+    const vaultRef = nonEmptyString(entry);
+    return vaultRef ? [{ credentialType, vaultRef }] : [];
+  });
+}
+function credentialRefFromRecord(record) {
+  if (!record) return null;
+  const credentialType = nonEmptyString(
+    record.credentialType ?? record.type ?? record.name
+  );
+  const vaultRef = nonEmptyString(record.vaultRef ?? record.ref);
+  if (!credentialType || !vaultRef) return null;
+  return {
+    credentialType,
+    vaultRef,
+    metadata: asRecord(record.metadata) ?? null,
+    expiresAt: record.expiresAt,
+    updatedAt: record.updatedAt,
+    version: record.version ?? record.credentialVersion
+  };
+}
+async function readCredentialSecret(runtime, vaultRef, caller) {
+  for (const reader of resolveSecretReaders(runtime)) {
+    try {
+      const value = await readSecret(reader, vaultRef, caller, runtime);
+      const trimmed = nonEmptyString(value);
+      if (trimmed) return trimmed;
+    } catch {
+    }
+  }
+  return void 0;
+}
+function resolveVaultWriters(runtime, context) {
+  const writers = [];
+  const credentialStore = getFirstService(runtime, [
+    "connector_credential_store",
+    "CONNECTOR_CREDENTIAL_STORE",
+    "connectorCredentialStore",
+    "credential_store"
+  ]);
+  if (typeof credentialStore?.putSecret === "function") {
+    writers.push({
+      name: "connector_credential_store",
+      write: async (vaultRef, credential) => credentialStore.putSecret?.({
+        vaultRef,
+        agentId: nonEmptyString(runtime.agentId) ?? "agent",
+        provider: context.provider,
+        accountId: context.accountId,
+        credentialType: credential.credentialType,
+        value: credential.value,
+        caller: context.caller
+      }) ?? vaultRef
+    });
+  }
+  const vault = getFirstService(runtime, ["vault", "VAULT"]);
+  if (typeof vault?.set === "function") {
+    writers.push({
+      name: "vault",
+      write: async (vaultRef, credential) => {
+        await vault.set?.(vaultRef, credential.value, {
+          sensitive: true,
+          caller: context.caller
+        });
+        return vaultRef;
+      }
+    });
+  }
+  const secrets = getService(runtime, "SECRETS");
+  if (typeof secrets?.setGlobal === "function" || typeof secrets?.set === "function") {
+    writers.push({
+      name: "SECRETS",
+      write: async (vaultRef, credential) => {
+        if (typeof secrets.setGlobal === "function") {
+          await secrets.setGlobal(vaultRef, credential.value, {
+            sensitive: true
+          });
+          return vaultRef;
+        }
+        await secrets.set?.(
+          vaultRef,
+          credential.value,
+          { level: "global", agentId: runtime.agentId },
+          { sensitive: true }
+        );
+        return vaultRef;
+      }
+    });
+  }
+  return writers;
+}
+function resolveSecretReaders(runtime) {
+  return [
+    getFirstService(runtime, [
+      "connector_credential_store",
+      "CONNECTOR_CREDENTIAL_STORE",
+      "connectorCredentialStore",
+      "credential_store"
+    ]),
+    getFirstService(runtime, ["vault", "VAULT"]),
+    getService(runtime, "SECRETS")
+  ].filter(Boolean);
+}
+async function readSecret(reader, vaultRef, caller, runtime) {
+  const candidate = reader;
+  if (typeof candidate.reveal === "function") {
+    return candidate.reveal(vaultRef, caller);
+  }
+  if (typeof candidate.get !== "function") return null;
+  if (reader && reader.constructor?.name === "SecretsService") {
+    return candidate.get(vaultRef, {
+      level: "global",
+      agentId: runtime.agentId
+    });
+  }
+  return candidate.get(vaultRef, { reveal: true, caller });
+}
+function resolveCredentialRefWriters(runtime, manager, accountId) {
+  const candidates = [
+    manager?.getStorage?.(),
+    getService(runtime, CONNECTOR_ACCOUNT_STORAGE_SERVICE_TYPE),
+    runtime.adapter
+  ].filter(Boolean);
+  const writers = [];
+  for (const candidate of candidates) {
+    const writer = candidate;
+    if (typeof writer.setConnectorAccountCredentialRef === "function") {
+      writers.push({
+        name: "setConnectorAccountCredentialRef",
+        write: async (ref) => {
+          await writer.setConnectorAccountCredentialRef?.({
+            accountId,
+            credentialType: ref.credentialType,
+            vaultRef: ref.vaultRef,
+            ...ref.metadata ? { metadata: ref.metadata } : {},
+            ...ref.expiresAt !== void 0 ? { expiresAt: ref.expiresAt } : {}
+          });
+        }
+      });
+    } else if (typeof writer.setCredentialRef === "function") {
+      writers.push({
+        name: "setCredentialRef",
+        write: async (ref) => {
+          await writer.setCredentialRef?.({
+            accountId,
+            credentialType: ref.credentialType,
+            vaultRef: ref.vaultRef,
+            ...ref.metadata ? { metadata: ref.metadata } : {},
+            ...ref.expiresAt !== void 0 ? { expiresAt: ref.expiresAt } : {}
+          });
+        }
+      });
+    }
+  }
+  return writers;
+}
+async function writeWithFirstAvailableVault(writers, plannedRef, credential) {
+  const errors = [];
+  for (const writer of writers) {
+    try {
+      return await writer.write(plannedRef, credential);
+    } catch (error) {
+      errors.push(
+        `${writer.name}: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  throw new Error(
+    `Failed to persist connector credential ref ${plannedRef}: ${errors.join("; ")}`
+  );
+}
+async function writeRefsToStorage(writers, refs) {
+  const errors = [];
+  for (const writer of writers) {
+    try {
+      for (const ref of refs) {
+        await writer.write(ref);
+      }
+      return;
+    } catch (error) {
+      errors.push(
+        `${writer.name}: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+  throw new Error(
+    `Failed to persist connector credential refs: ${errors.join("; ")}`
+  );
+}
+function buildConnectorCredentialVaultRef(params) {
+  return [
+    "connector",
+    normalizeVaultSegment(params.agentId),
+    normalizeVaultSegment(params.provider),
+    normalizeVaultSegment(params.accountId),
+    normalizeVaultSegment(params.credentialType)
+  ].join(".");
+}
+function normalizeVaultSegment(value) {
+  const normalized = value.trim().replace(/[^a-zA-Z0-9_-]+/g, "_").replace(/^_+|_+$/g, "");
+  return (normalized || "unknown").slice(0, 64);
+}
+function sameCredentialType(left, right) {
+  return left.toLowerCase() === right.toLowerCase();
+}
+function parseMaybeJson(value) {
+  const trimmed = value.trim();
+  if (!trimmed.startsWith("{") && !trimmed.startsWith("[")) return void 0;
+  try {
+    return JSON.parse(trimmed);
+  } catch {
+    return void 0;
+  }
+}
+function getFirstService(runtime, serviceTypes) {
+  for (const serviceType of serviceTypes) {
+    const service = getService(runtime, serviceType);
+    if (service) return service;
+  }
+  return null;
+}
+function getService(runtime, serviceType) {
+  try {
+    return runtime.getService?.(serviceType) ?? null;
+  } catch {
+    return null;
+  }
+}
+function asRecord(value) {
+  return value && typeof value === "object" && !Array.isArray(value) ? value : void 0;
+}
+function nonEmptyString(value) {
+  return typeof value === "string" && value.trim() ? value.trim() : void 0;
+}
+// src/types.ts
+var GITHUB_SERVICE_TYPE = "github";
+var GitHubActions = {
+  GITHUB_ISSUE_OP: "GITHUB_ISSUE",
+  GITHUB_PR_OP: "GITHUB_PR",
+  GITHUB_NOTIFICATION_TRIAGE: "GITHUB_NOTIFICATION_TRIAGE"
+};
+// src/accounts.ts
+var DEFAULT_GITHUB_USER_ACCOUNT_ID = "user";
+var DEFAULT_GITHUB_AGENT_ACCOUNT_ID = "agent";
+function nonEmptyString2(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : void 0;
+}
+function readSetting(runtime, key) {
+  return nonEmptyString2(runtime.getSetting(key));
+}
+function normalizeRole(value) {
+  return value === "user" || value === "agent" ? value : void 0;
+}
+function defaultGitHubAccountIdForRole(role) {
+  return role === "user" ? DEFAULT_GITHUB_USER_ACCOUNT_ID : DEFAULT_GITHUB_AGENT_ACCOUNT_ID;
+}
+function normalizeGitHubAccountId(value) {
+  return nonEmptyString2(value);
+}
+function resolveGitHubAccountSelection(options, defaultRole) {
+  const requestedAccountId = normalizeGitHubAccountId(options?.accountId);
+  const requestedRole = normalizeRole(options?.as);
+  return {
+    accountId: requestedAccountId,
+    role: requestedRole ?? normalizeRole(requestedAccountId) ?? defaultRole
+  };
+}
+function parseAccountsJson(raw) {
+  if (!raw) return [];
+  try {
+    const parsed = JSON.parse(raw);
+    if (Array.isArray(parsed)) {
+      return parsed.filter(
+        (item) => Boolean(item) && typeof item === "object" && !Array.isArray(item)
+      );
+    }
+    if (parsed && typeof parsed === "object") {
+      return Object.entries(parsed).filter(([, value]) => value && typeof value === "object").map(([id, value]) => ({
+        ...value,
+        accountId: value.accountId ?? id
+      }));
+    }
+  } catch {
+    return [];
+  }
+  return [];
+}
+function readRawField(record, keys) {
+  const credentials = record.credentials && typeof record.credentials === "object" ? record.credentials : {};
+  const settings = record.settings && typeof record.settings === "object" ? record.settings : {};
+  for (const source of [record, credentials, settings]) {
+    for (const key of keys) {
+      const value = nonEmptyString2(source[key]);
+      if (value) return value;
+    }
+  }
+  return void 0;
+}
+function accountFromRecord(record) {
+  const accountId = normalizeGitHubAccountId(
+    record.accountId ?? record.id ?? record.name
+  );
+  const role = normalizeRole(record.role) ?? normalizeRole(record.as) ?? normalizeRole(accountId);
+  const token = readRawField(record, [
+    "GITHUB_PAT",
+    "GITHUB_TOKEN",
+    "GITHUB_ACCESS_TOKEN",
+    "token",
+    "pat",
+    "accessToken",
+    "access"
+  ]);
+  if (!accountId || !role || !token) {
+    return null;
+  }
+  return {
+    accountId,
+    role,
+    token,
+    label: nonEmptyString2(record.label ?? record.displayName)
+  };
+}
+function addAccount(accounts, account) {
+  if (account) {
+    accounts.set(account.accountId, account);
+  }
+}
+function readGitHubAccounts(runtime) {
+  const accounts = /* @__PURE__ */ new Map();
+  const characterConfig = runtime.character?.settings?.github;
+  const characterAccounts = characterConfig?.accounts;
+  if (Array.isArray(characterAccounts)) {
+    for (const item of characterAccounts) {
+      if (item && typeof item === "object") {
+        addAccount(accounts, accountFromRecord(item));
+      }
+    }
+  } else if (characterAccounts && typeof characterAccounts === "object") {
+    for (const [id, value] of Object.entries(
+      characterAccounts
+    )) {
+      if (value && typeof value === "object") {
+        addAccount(
+          accounts,
+          accountFromRecord({
+            ...value,
+            accountId: value.accountId ?? id
+          })
+        );
+      }
+    }
+  }
+  for (const record of parseAccountsJson(
+    readSetting(runtime, "GITHUB_ACCOUNTS")
+  )) {
+    addAccount(accounts, accountFromRecord(record));
+  }
+  addAccount(
+    accounts,
+    legacyAccount(
+      runtime,
+      "user",
+      readSetting(runtime, "GITHUB_USER_ACCOUNT_ID") ?? DEFAULT_GITHUB_USER_ACCOUNT_ID,
+      "GITHUB_USER_PAT",
+      "ELIZA_E2E_GITHUB_USER_PAT"
+    )
+  );
+  addAccount(
+    accounts,
+    legacyAccount(
+      runtime,
+      "agent",
+      readSetting(runtime, "GITHUB_AGENT_ACCOUNT_ID") ?? DEFAULT_GITHUB_AGENT_ACCOUNT_ID,
+      "GITHUB_AGENT_PAT",
+      "ELIZA_E2E_GITHUB_AGENT_PAT"
+    )
+  );
+  return Array.from(accounts.values());
+}
+async function readGitHubAccountsWithConnectorCredentials(runtime) {
+  const accounts = /* @__PURE__ */ new Map();
+  for (const account of readGitHubAccounts(runtime)) {
+    accounts.set(account.accountId, account);
+  }
+  const connectorAccounts = await listConnectorAccounts(
+    runtime,
+    GITHUB_SERVICE_TYPE
+  );
+  for (const account of connectorAccounts) {
+    if (account.status !== "connected") continue;
+    const token = await loadConnectorOAuthAccessToken({
+      runtime,
+      provider: GITHUB_SERVICE_TYPE,
+      accountId: account.id,
+      caller: "plugin-github"
+    });
+    if (!token) continue;
+    accounts.set(account.id, {
+      accountId: account.id,
+      role: connectorRoleToIdentity(account.role),
+      token,
+      label: account.label ?? account.displayHandle
+    });
+  }
+  return Array.from(accounts.values());
+}
+function legacyAccount(runtime, role, accountId, primaryKey, fallbackKey) {
+  const token = readSetting(runtime, primaryKey) ?? readSetting(runtime, fallbackKey);
+  if (!token) return null;
+  return { accountId, role, token };
+}
+function connectorRoleToIdentity(role) {
+  return typeof role === "string" && role.toUpperCase() === "AGENT" ? "agent" : "user";
+}
+function resolveGitHubAccount(accounts, selection) {
+  if (selection.accountId) {
+    const exact = accounts.find(
+      (account) => account.accountId === selection.accountId
+    );
+    if (exact) return exact;
+    return null;
+  }
+  const legacyId = defaultGitHubAccountIdForRole(selection.role);
+  return accounts.find((account) => account.accountId === legacyId) ?? accounts.find((account) => account.role === selection.role) ?? null;
+}
+// src/action-helpers.ts
+function getClient(runtime, selection) {
+  const service = runtime.getService(GITHUB_SERVICE_TYPE);
+  if (!service) {
+    return null;
+  }
+  return service.getOctokit(selection);
+}
+function requireString(options, key) {
+  const v = options?.[key];
+  return typeof v === "string" && v.length > 0 ? v : null;
+}
+function requireNumber(options, key) {
+  const v = options?.[key];
+  if (typeof v === "number" && Number.isInteger(v)) {
+    return v;
+  }
+  if (typeof v === "string" && /^\d+$/.test(v)) {
+    return Number(v);
+  }
+  return null;
+}
+function requireStringArray(options, key) {
+  const v = options?.[key];
+  if (!Array.isArray(v)) {
+    return null;
+  }
+  const result = [];
+  for (const item of v) {
+    if (typeof item !== "string" || item.length === 0) {
+      return null;
+    }
+    result.push(item);
+  }
+  return result;
+}
+function optionalStringArray(options, key) {
+  const v = options?.[key];
+  if (v === void 0) {
+    return void 0;
+  }
+  return requireStringArray(options, key) ?? void 0;
+}
+function splitRepo(repo) {
+  const parts = repo.split("/");
+  if (parts.length !== 2 || !parts[0] || !parts[1]) {
+    return null;
+  }
+  return { owner: parts[0], name: parts[1] };
+}
+function needsClientError(selection) {
+  const accountSuffix = selection.accountId ? ` accountId "${selection.accountId}"` : ` ${selection.role} account`;
+  return `GitHub${accountSuffix} token not configured (set GITHUB_ACCOUNTS or ${selection.role === "user" ? "GITHUB_USER_PAT" : "GITHUB_AGENT_PAT"})`;
+}
+function getServiceOrNull(runtime) {
+  return runtime.getService(GITHUB_SERVICE_TYPE);
+}
+function buildResolvedClient(runtime, selection) {
+  if (!getServiceOrNull(runtime)) {
+    return { error: "GitHub service not available" };
+  }
+  const resolvedSelection = typeof selection === "string" ? { role: selection } : selection;
+  const client = getClient(runtime, resolvedSelection);
+  if (!client) {
+    return { error: needsClientError(resolvedSelection) };
+  }
+  return {
+    client,
+    identity: resolvedSelection.role,
+    accountId: resolvedSelection.accountId
+  };
+}
+function resolveAccountSelection(options, defaultIdentity) {
+  return resolveGitHubAccountSelection(options, defaultIdentity);
+}
+function describeSelection(selection) {
+  return selection.accountId ? `${selection.role} (${selection.accountId})` : selection.role;
+}
+// src/rate-limit.ts
+function toErrorLike(value) {
+  if (typeof value !== "object" || value === null) {
+    return { message: String(value) };
+  }
+  return value;
+}
+function headerNumber(headers, name) {
+  if (!headers) {
+    return null;
+  }
+  const raw = headers[name] ?? headers[name.toLowerCase()];
+  if (raw === void 0) {
+    return null;
+  }
+  const num = typeof raw === "number" ? raw : Number(raw);
+  return Number.isFinite(num) ? num : null;
+}
+function inspectRateLimit(err) {
+  const e = toErrorLike(err);
+  const headers = e.response?.headers;
+  const remaining = headerNumber(headers, "x-ratelimit-remaining");
+  const resetSeconds = headerNumber(headers, "x-ratelimit-reset");
+  const isRateLimited = e.status === 403 && remaining === 0;
+  return {
+    isRateLimited,
+    remaining,
+    resetAtMs: resetSeconds === null ? null : resetSeconds * 1e3
+  };
+}
+function formatRateLimitMessage(details) {
+  if (!details.isRateLimited) {
+    return "GitHub request failed";
+  }
+  if (details.resetAtMs === null) {
+    return "GitHub rate limit exhausted";
+  }
+  const reset = new Date(details.resetAtMs).toISOString();
+  return `GitHub rate limit exhausted; resets at ${reset}`;
+}
+function errorMessage(err) {
+  if (err instanceof Error) {
+    return err.message;
+  }
+  if (typeof err === "string") {
+    return err;
+  }
+  const e = toErrorLike(err);
+  return e.message ?? "unknown error";
+}
+// src/actions/issue-op.ts
+var SUPPORTED_OPS = /* @__PURE__ */ new Set([
+  "create",
+  "assign",
+  "close",
+  "reopen",
+  "comment",
+  "label"
+]);
+function parseOp(value) {
+  if (typeof value !== "string") return null;
+  return SUPPORTED_OPS.has(value) ? value : null;
+}
+function describeOp(op) {
+  switch (op) {
+    case "create":
+      return "create";
+    case "assign":
+      return "assign";
+    case "close":
+      return "close";
+    case "reopen":
+      return "reopen";
+    case "comment":
+      return "comment on";
+    case "label":
+      return "label";
+  }
+}
+async function runCreate(resolved, parts, repo, options, callback) {
+  const title = requireString(options, "title");
+  const body = requireString(options, "body");
+  const labels = optionalStringArray(options, "labels");
+  const assignees = optionalStringArray(options, "assignees");
+  if (!title) {
+    const err = "GITHUB_ISSUE_OP create requires title";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.create({
+    owner: parts.owner,
+    repo: parts.name,
+    title,
+    body: body ?? void 0,
+    labels,
+    assignees
+  });
+  await callback?.({
+    text: `Created issue ${repo}#${resp.data.number}: ${resp.data.html_url}`
+  });
+  return {
+    success: true,
+    data: {
+      op: "create",
+      number: resp.data.number,
+      url: resp.data.html_url
+    }
+  };
+}
+async function runAssign(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const assignees = requireStringArray(options, "assignees");
+  if (!number || !assignees || assignees.length === 0) {
+    const err = "GITHUB_ISSUE_OP assign requires number (integer) and assignees (non-empty string[])";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.addAssignees({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    assignees
+  });
+  const actual = (resp.data.assignees ?? []).map((a) => a?.login).filter((x) => typeof x === "string");
+  await callback?.({
+    text: `Assigned [${actual.join(", ")}] to ${repo}#${number}`
+  });
+  return {
+    success: true,
+    data: { op: "assign", number, assignees: actual }
+  };
+}
+async function runStateChange(resolved, parts, repo, options, callback, target) {
+  const number = requireNumber(options, "number");
+  if (!number) {
+    const err = `GITHUB_ISSUE_OP ${target === "closed" ? "close" : "reopen"} requires number (integer)`;
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.update({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    state: target
+  });
+  const verb = target === "closed" ? "Closed" : "Reopened";
+  await callback?.({ text: `${verb} ${repo}#${number}: ${resp.data.title}` });
+  return {
+    success: true,
+    data: {
+      op: target === "closed" ? "close" : "reopen",
+      number,
+      title: resp.data.title
+    }
+  };
+}
+async function runComment(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const body = requireString(options, "body");
+  if (!number || !body) {
+    const err = "GITHUB_ISSUE_OP comment requires number (integer) and body";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.createComment({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    body
+  });
+  await callback?.({
+    text: `Commented on ${repo}#${number}: ${resp.data.html_url}`
+  });
+  return {
+    success: true,
+    data: {
+      op: "comment",
+      number,
+      commentId: resp.data.id,
+      url: resp.data.html_url
+    }
+  };
+}
+async function runLabel(resolved, parts, repo, options, callback) {
+  const number = requireNumber(options, "number");
+  const labels = requireStringArray(options, "labels");
+  if (!number || !labels || labels.length === 0) {
+    const err = "GITHUB_ISSUE_OP label requires number (integer) and labels (non-empty string[])";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resp = await resolved.client.issues.addLabels({
+    owner: parts.owner,
+    repo: parts.name,
+    issue_number: number,
+    labels
+  });
+  const applied = (resp.data ?? []).map((label) => typeof label === "string" ? label : label?.name ?? null).filter((x) => typeof x === "string");
+  await callback?.({
+    text: `Applied labels [${applied.join(", ")}] to ${repo}#${number}`
+  });
+  return {
+    success: true,
+    data: { op: "label", number, labels: applied }
+  };
+}
+function buildPreview(op, repo, identity, options) {
+  const number = requireNumber(options, "number");
+  const title = requireString(options, "title");
+  const body = requireString(options, "body");
+  const assignees = optionalStringArray(options, "assignees");
+  const labels = optionalStringArray(options, "labels");
+  const head = `About to ${describeOp(op)} ${repo}`;
+  const target = number ? `#${number}` : "";
+  const detail = (() => {
+    switch (op) {
+      case "create":
+        return ` issue: "${title ?? "(no title)"}"${labels ? ` [labels: ${labels.join(", ")}]` : ""}${assignees ? ` [assignees: ${assignees.join(", ")}]` : ""}`;
+      case "assign":
+        return ` with [${assignees?.join(", ") ?? ""}]`;
+      case "label":
+        return ` with [${labels?.join(", ") ?? ""}]`;
+      case "comment":
+        return body ? ` body: "${body.slice(0, 120)}"` : "";
+      default:
+        return "";
+    }
+  })();
+  return `${head}${target}${detail} as ${identity}. Re-invoke with confirmed: true to proceed.`;
+}
+var issueOpAction = {
+  name: GitHubActions.GITHUB_ISSUE_OP,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "CREATE_ISSUE",
+    "OPEN_ISSUE",
+    "FILE_ISSUE",
+    "GITHUB_CREATE_ISSUE",
+    "ASSIGN_ISSUE",
+    "ASSIGN_GITHUB_ISSUE",
+    "ADD_ASSIGNEE",
+    "CLOSE_ISSUE",
+    "REOPEN_ISSUE",
+    "COMMENT_ISSUE",
+    "ADD_ISSUE_COMMENT",
+    "LABEL_ISSUE",
+    "ADD_ISSUE_LABEL",
+    "MANAGE_ISSUES"
+  ],
+  description: "Single router for GitHub issue ops: create, assign, close, reopen, comment, label. Requires confirmed:true.",
+  descriptionCompressed: "GitHub issue ops: create, assign, close, reopen, comment, label.",
+  parameters: [
+    {
+      name: "subaction",
+      description: "Issue operation: create, assign, close, reopen, comment, or label.",
+      required: true,
+      schema: { type: "string", enum: [...SUPPORTED_OPS] }
+    },
+    {
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: true,
+      schema: { type: "string" }
+    },
+    {
+      name: "number",
+      description: "Issue number for existing-issue operations.",
+      required: false,
+      schema: { type: "number" }
+    },
+    {
+      name: "title",
+      description: "Issue title for create.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "body",
+      description: "Issue body or comment body.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "assignees",
+      description: "GitHub usernames to assign.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "labels",
+      description: "Labels to apply on create or label.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true to perform the write operation.",
+      required: false,
+      schema: { type: "boolean", default: false }
+    }
+  ],
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "agent");
+    return !("error" in r);
+  },
+  handler: async (runtime, message, _state, options, callback) => {
+    const op = parseOp(options?.op);
+    if (!op) {
+      const err = "GITHUB_ISSUE_OP requires op (create|assign|close|reopen|comment|label)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const selection = resolveAccountSelection(options, "agent");
+    const repo = requireString(options, "repo");
+    if (!repo) {
+      const err = "GITHUB_ISSUE_OP requires repo (owner/name)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const parts = splitRepo(repo);
+    if (!parts) {
+      const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const preview = buildPreview(
+      op,
+      repo,
+      describeSelection(selection),
+      options
+    );
+    const decision = await requireConfirmation({
+      runtime,
+      message,
+      actionName: "GITHUB_ISSUE_OP",
+      pendingKey: `${op}:${repo}`,
+      prompt: `${preview} Reply yes to confirm or no to cancel.`,
+      callback
+    });
+    if (decision.status === "pending") {
+      return {
+        success: false,
+        requiresConfirmation: true,
+        preview
+      };
+    }
+    if (decision.status === "cancelled") {
+      const cancelMessage = "GitHub issue operation cancelled.";
+      await callback?.({ text: cancelMessage });
+      return { success: false, error: cancelMessage };
+    }
+    const resolved = buildResolvedClient(runtime, selection);
+    if ("error" in resolved) {
+      await callback?.({ text: resolved.error });
+      return { success: false, error: resolved.error };
+    }
+    try {
+      switch (op) {
+        case "create":
+          return await runCreate(resolved, parts, repo, options, callback);
+        case "assign":
+          return await runAssign(resolved, parts, repo, options, callback);
+        case "close":
+          return await runStateChange(
+            resolved,
+            parts,
+            repo,
+            options,
+            callback,
+            "closed"
+          );
+        case "reopen":
+          return await runStateChange(
+            resolved,
+            parts,
+            repo,
+            options,
+            callback,
+            "open"
+          );
+        case "comment":
+          return await runComment(resolved, parts, repo, options, callback);
+        case "label":
+          return await runLabel(resolved, parts, repo, options, callback);
+      }
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message2 = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_ISSUE_OP ${op} failed: ${errorMessage(err)}`;
+      logger.warn({ message: message2 }, "[GitHub:GITHUB_ISSUE_OP]");
+      await callback?.({ text: message2 });
+      return { success: false, error: message2 };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: {
+          text: "Open an issue in elizaOS/eliza titled 'Docs gap'"
+        }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Created issue elizaOS/eliza#101"
+        }
+      }
+    ],
+    [
+      {
+        name: "{{user1}}",
+        content: {
+          text: "Close issue elizaOS/eliza#42"
+        }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Closed elizaOS/eliza#42"
+        }
+      }
+    ]
+  ]
+};
+// src/actions/notification-triage.ts
+import { logger as logger2 } from "@elizaos/core";
+var REASON_SCORES = {
+  security_advisory: 100,
+  team_mention: 70,
+  author: 60,
+  mention: 55,
+  assign: 50,
+  review_requested: 80,
+  state_change: 20,
+  comment: 30,
+  subscribed: 10,
+  manual: 15,
+  invitation: 40,
+  ci_activity: 25
+};
+var SUBJECT_TYPE_SCORES = {
+  PullRequest: 20,
+  Issue: 15,
+  Release: 10,
+  Commit: 5,
+  Discussion: 8
+};
+var NOTIFICATION_TRIAGE_LIMIT = 25;
+function scoreNotification(params) {
+  const base = REASON_SCORES[params.reason] ?? 10;
+  const subject = SUBJECT_TYPE_SCORES[params.subjectType] ?? 0;
+  let freshness = 0;
+  if (params.repoPushedAtMs !== null) {
+    const ageHours = (params.nowMs - params.repoPushedAtMs) / (1e3 * 60 * 60);
+    if (ageHours < 1) freshness = 20;
+    else if (ageHours < 6) freshness = 15;
+    else if (ageHours < 24) freshness = 10;
+    else if (ageHours < 24 * 7) freshness = 5;
+  }
+  return base + subject + freshness;
+}
+var notificationTriageAction = {
+  name: GitHubActions.GITHUB_NOTIFICATION_TRIAGE,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: ["TRIAGE_GITHUB_NOTIFICATIONS", "GITHUB_INBOX"],
+  description: "Returns unread GitHub notifications sorted by a priority score derived from reason, subject type, and repo freshness.",
+  descriptionCompressed: "unread GitHub notifications sorted by reason|subject|repo freshness",
+  parameters: [
+    {
+      name: "as",
+      description: "Identity to use when reading notifications: user or agent.",
+      required: false,
+      schema: { type: "string", enum: ["user", "agent"], default: "user" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    }
+  ],
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "user");
+    return !("error" in r);
+  },
+  handler: async (runtime, _message, _state, options, callback) => {
+    const selection = resolveAccountSelection(options, "user");
+    const resolved = buildResolvedClient(runtime, selection);
+    if ("error" in resolved) {
+      await callback?.({ text: resolved.error });
+      return { success: false, error: resolved.error };
+    }
+    try {
+      const resp = await resolved.client.activity.listNotificationsForAuthenticatedUser({
+        all: false,
+        per_page: 50
+      });
+      const notifications = resp.data;
+      const nowMs = Date.now();
+      const triaged = notifications.map((n) => {
+        const repoPushedAt = n.repository?.pushed_at ?? null;
+        const repoPushedAtMs = typeof repoPushedAt === "string" ? Date.parse(repoPushedAt) : null;
+        const reason = typeof n.reason === "string" ? n.reason : "unknown";
+        const subjectType = typeof n.subject?.type === "string" ? n.subject.type : "Unknown";
+        return {
+          id: n.id,
+          reason,
+          repo: n.repository?.full_name ?? "unknown",
+          title: n.subject?.title ?? "(untitled)",
+          subjectType,
+          url: n.subject?.url ?? null,
+          updatedAt: n.updated_at,
+          score: scoreNotification({
+            reason,
+            subjectType,
+            repoPushedAtMs: repoPushedAtMs !== null && Number.isFinite(repoPushedAtMs) ? repoPushedAtMs : null,
+            nowMs
+          })
+        };
+      });
+      triaged.sort((a, b) => b.score - a.score);
+      const boundedTriaged = triaged.slice(0, NOTIFICATION_TRIAGE_LIMIT);
+      await callback?.({
+        text: `Triaged ${boundedTriaged.length} unread notification(s)`
+      });
+      return {
+        success: true,
+        data: {
+          notifications: boundedTriaged,
+          notificationLimit: NOTIFICATION_TRIAGE_LIMIT,
+          totalUnread: triaged.length
+        }
+      };
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_NOTIFICATION_TRIAGE failed: ${errorMessage(err)}`;
+      logger2.warn({ message }, "[GitHub:GITHUB_NOTIFICATION_TRIAGE]");
+      await callback?.({ text: message });
+      return { success: false, error: message };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "What's in my GitHub inbox?" }
+      },
+      {
+        name: "{{agentName}}",
+        content: { text: "Triaged 7 unread notification(s)" }
+      }
+    ]
+  ]
+};
+// src/actions/pr-op.ts
+import { logger as logger3, requireConfirmation as requireConfirmation2 } from "@elizaos/core";
+var SUPPORTED_OPS2 = /* @__PURE__ */ new Set(["list", "review"]);
+var EVENT_BY_ACTION = {
+  approve: "APPROVE",
+  "request-changes": "REQUEST_CHANGES",
+  comment: "COMMENT"
+};
+function parseOp2(value) {
+  if (typeof value !== "string") return null;
+  return SUPPORTED_OPS2.has(value) ? value : null;
+}
+function parseState(value) {
+  return value === "closed" || value === "all" ? value : "open";
+}
+function parseReviewAction(value) {
+  return value === "approve" || value === "request-changes" || value === "comment" ? value : null;
+}
+async function runList(runtime, options, callback) {
+  const selection = resolveAccountSelection(options, "agent");
+  const resolved = buildResolvedClient(runtime, selection);
+  if ("error" in resolved) {
+    await callback?.({ text: resolved.error });
+    return { success: false, error: resolved.error };
+  }
+  const state = parseState(options?.state);
+  const author = requireString(options, "author");
+  const repo = requireString(options, "repo");
+  const prs = [];
+  if (repo) {
+    const parts = splitRepo(repo);
+    if (!parts) {
+      const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    const resp = await resolved.client.pulls.list({
+      owner: parts.owner,
+      repo: parts.name,
+      state,
+      per_page: 100
+    });
+    for (const pr of resp.data) {
+      if (author && pr.user?.login !== author) {
+        continue;
+      }
+      prs.push({
+        repo,
+        number: pr.number,
+        title: pr.title,
+        author: pr.user?.login ?? null,
+        state: pr.state,
+        url: pr.html_url
+      });
+    }
+  } else {
+    const q = [
+      "is:pr",
+      state === "all" ? "" : `is:${state}`,
+      author ? `author:${author}` : ""
+    ].filter(Boolean).join(" ");
+    const resp = await resolved.client.search.issuesAndPullRequests({
+      q,
+      per_page: 50
+    });
+    for (const item of resp.data.items) {
+      const match = /\/repos\/([^/]+\/[^/]+)(?:\/|$)/.exec(item.repository_url);
+      const repoName = match?.[1] ?? item.repository_url;
+      prs.push({
+        repo: repoName,
+        number: item.number,
+        title: item.title,
+        author: item.user?.login ?? null,
+        state: item.state,
+        url: item.html_url
+      });
+    }
+  }
+  await callback?.({ text: `Found ${prs.length} pull request(s)` });
+  return { success: true, data: { op: "list", prs } };
+}
+async function runReview(runtime, message, options, callback) {
+  const selection = resolveAccountSelection(options, "user");
+  const repo = requireString(options, "repo");
+  const number = requireNumber(options, "number");
+  const action = parseReviewAction(options?.action);
+  const body = requireString(options, "body");
+  if (!repo || !number || !action) {
+    const err = "GITHUB_PR_OP review requires repo (owner/name), number (integer), and action (approve|request-changes|comment)";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const parts = splitRepo(repo);
+  if (!parts) {
+    const err = `Invalid repo "${repo}" \u2014 expected "owner/name"`;
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const preview = `About to ${action.replace("-", " ")} PR ${repo}#${number}` + (body ? ` with body: "${body.slice(0, 120)}"` : "") + ` as ${describeSelection(selection)}.`;
+  const decision = await requireConfirmation2({
+    runtime,
+    message,
+    actionName: GitHubActions.GITHUB_PR_OP,
+    pendingKey: `review:${repo}:${number}:${action}`,
+    prompt: `${preview} Reply yes to confirm or no to cancel.`,
+    callback
+  });
+  if (decision.status === "pending") {
+    const text = `${preview} Reply yes to confirm or no to cancel.`;
+    await callback?.({ text });
+    return {
+      success: true,
+      text,
+      data: { requiresConfirmation: true, preview, awaitingUserInput: true }
+    };
+  }
+  if (decision.status === "cancelled") {
+    const text = "GitHub PR review cancelled.";
+    await callback?.({ text });
+    return { success: true, text, data: { cancelled: true } };
+  }
+  if (action === "request-changes" && !body) {
+    const err = "request-changes review requires a body explaining the changes";
+    await callback?.({ text: err });
+    return { success: false, error: err };
+  }
+  const resolved = buildResolvedClient(runtime, selection);
+  if ("error" in resolved) {
+    await callback?.({ text: resolved.error });
+    return { success: false, error: resolved.error };
+  }
+  const resp = await resolved.client.pulls.createReview({
+    owner: parts.owner,
+    repo: parts.name,
+    pull_number: number,
+    event: EVENT_BY_ACTION[action],
+    body: body ?? void 0
+  });
+  await callback?.({ text: `Submitted ${action} review on ${repo}#${number}` });
+  return { success: true, data: { op: "review", id: resp.data.id } };
+}
+var prOpAction = {
+  name: GitHubActions.GITHUB_PR_OP,
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "LIST_PRS",
+    "LIST_PULL_REQUESTS",
+    "SHOW_PRS",
+    "GITHUB_LIST_PRS",
+    "REVIEW_PR",
+    "APPROVE_PR",
+    "REQUEST_CHANGES",
+    "COMMENT_ON_PR"
+  ],
+  description: "Single router for GitHub PR ops: list and review. Review requires confirmed:true.",
+  descriptionCompressed: "GitHub PR ops: list pull requests, submit review with confirmation.",
+  parameters: [
+    {
+      name: "subaction",
+      description: "PR operation: list or review.",
+      required: true,
+      schema: { type: "string", enum: [...SUPPORTED_OPS2] }
+    },
+    {
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "number",
+      description: "Pull request number for review.",
+      required: false,
+      schema: { type: "number" }
+    },
+    {
+      name: "state",
+      description: "PR state for list.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["open", "closed", "all"],
+        default: "open"
+      }
+    },
+    {
+      name: "author",
+      description: "Optional PR author username filter for list.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "action",
+      description: "Review action: approve, request-changes, or comment.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["approve", "request-changes", "comment"]
+      }
+    },
+    {
+      name: "body",
+      description: "Review body for comment or request-changes.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true to submit a review.",
+      required: false,
+      schema: { type: "boolean", default: false }
+    }
+  ],
+  validate: async (runtime, _message) => {
+    const r = buildResolvedClient(runtime, "agent");
+    return !("error" in r);
+  },
+  handler: async (runtime, message, _state, options, callback) => {
+    const op = parseOp2(options?.op);
+    if (!op) {
+      const err = "GITHUB_PR_OP requires op (list|review)";
+      await callback?.({ text: err });
+      return { success: false, error: err };
+    }
+    try {
+      return op === "list" ? await runList(runtime, options, callback) : await runReview(runtime, message, options, callback);
+    } catch (err) {
+      const rl = inspectRateLimit(err);
+      const message2 = rl.isRateLimited ? formatRateLimitMessage(rl) : `GITHUB_PR_OP ${op} failed: ${errorMessage(err)}`;
+      logger3.warn({ message: message2 }, "[GitHub:GITHUB_PR_OP]");
+      await callback?.({ text: message2 });
+      return { success: false, error: message2 };
+    }
+  },
+  examples: [
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "Show me open PRs on elizaOS/eliza" }
+      },
+      {
+        name: "{{agentName}}",
+        content: { text: "Found 3 pull request(s)" }
+      }
+    ],
+    [
+      {
+        name: "{{user1}}",
+        content: { text: "Approve PR #42 on elizaOS/eliza" }
+      },
+      {
+        name: "{{agentName}}",
+        content: {
+          text: "Submitted approve review on elizaOS/eliza#42"
+        }
+      }
+    ]
+  ]
+};
+// src/actions/github.ts
+var GITHUB_ACTIONS = [
+  "pr_list",
+  "pr_review",
+  "issue_create",
+  "issue_assign",
+  "issue_close",
+  "issue_reopen",
+  "issue_comment",
+  "issue_label",
+  "notification_triage"
+];
+var ISSUE_OP_BY_ACTION = {
+  issue_create: "create",
+  issue_assign: "assign",
+  issue_close: "close",
+  issue_reopen: "reopen",
+  issue_comment: "comment",
+  issue_label: "label"
+};
+function readParameters(options) {
+  if (!options || typeof options !== "object") return {};
+  const record = options;
+  const params = record.parameters;
+  return params && typeof params === "object" && !Array.isArray(params) ? { ...params } : { ...record };
+}
+function readAction(options) {
+  const params = readParameters(options);
+  const raw = params.action ?? params.subaction ?? params.op ?? params.operation ?? params.verb;
+  if (typeof raw !== "string") return void 0;
+  const normalized = raw.trim().toLowerCase().replace(/[-\s]+/g, "_");
+  return GITHUB_ACTIONS.includes(normalized) ? normalized : void 0;
+}
+function delegate(target, runtime, message, state, options, callback) {
+  return target.handler(
+    runtime,
+    message,
+    state,
+    options,
+    callback
+  );
+}
+var githubAction = {
+  name: "GITHUB",
+  contexts: ["code", "tasks", "connectors", "automation"],
+  contextGate: { anyOf: ["code", "tasks", "connectors", "automation"] },
+  roleGate: { minRole: "USER" },
+  similes: [
+    "GITHUB_PR_OP",
+    "GITHUB_ISSUE_OP",
+    "GITHUB_NOTIFICATION_TRIAGE",
+    "GITHUB_PULL_REQUEST",
+    "GITHUB_ISSUE",
+    "GITHUB_NOTIFICATIONS"
+  ],
+  description: "GitHub umbrella for pull requests, issues, and notification triage. Use action=pr_list/pr_review/issue_create/issue_assign/issue_close/issue_reopen/issue_comment/issue_label/notification_triage.",
+  descriptionCompressed: "GitHub pr_list|pr_review|issue_create|assign|close|reopen|comment|label|triage",
+  parameters: [
+    {
+      name: "action",
+      description: "GitHub operation to run.",
+      required: true,
+      schema: { type: "string", enum: [...GITHUB_ACTIONS] }
+    },
+    {
+      name: "repo",
+      description: "Repository in owner/name form.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "number",
+      description: "Pull request or issue number.",
+      required: false,
+      schema: { type: "number" }
+    },
+    {
+      name: "state",
+      description: "PR state for pr_list: open, closed, or all.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["open", "closed", "all"],
+        default: "open"
+      }
+    },
+    {
+      name: "author",
+      description: "Optional PR author username filter for pr_list.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "review_action",
+      description: "For action=pr_review: approve, request-changes, or comment.",
+      required: false,
+      schema: {
+        type: "string",
+        enum: ["approve", "request-changes", "comment"]
+      }
+    },
+    {
+      name: "title",
+      description: "Issue title for action=issue_create.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "body",
+      description: "Issue body, issue comment body, or PR review body.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "assignees",
+      description: "GitHub usernames to assign.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "labels",
+      description: "Labels to apply on issue create or issue_label.",
+      required: false,
+      schema: { type: "array", items: { type: "string" } }
+    },
+    {
+      name: "as",
+      description: "Identity to use: agent or user.",
+      required: false,
+      schema: { type: "string", enum: ["agent", "user"], default: "agent" }
+    },
+    {
+      name: "accountId",
+      description: "Optional GitHub account id from GITHUB_ACCOUNTS. Defaults by role.",
+      required: false,
+      schema: { type: "string" }
+    },
+    {
+      name: "confirmed",
+      description: "Must be true for GitHub write operations.",
+      required: false,
+      schema: { type: "boolean", default: false }
+    }
+  ],
+  validate: async (runtime, message, state) => await prOpAction.validate(runtime, message, state) || await issueOpAction.validate(runtime, message, state) || await notificationTriageAction.validate(runtime, message, state),
+  handler: async (runtime, message, state, options, callback) => {
+    const action = readAction(options);
+    const params = readParameters(options);
+    if (!action) {
+      return {
+        success: false,
+        text: "GITHUB requires action=pr_list/pr_review/issue_create/issue_assign/issue_close/issue_reopen/issue_comment/issue_label/notification_triage.",
+        data: { error: "MISSING_ACTION" }
+      };
+    }
+    if (action === "notification_triage") {
+      return delegate(
+        notificationTriageAction,
+        runtime,
+        message,
+        state,
+        params,
+        callback
+      );
+    }
+    if (action === "pr_list" || action === "pr_review") {
+      const childParams = {
+        ...params,
+        op: action === "pr_list" ? "list" : "review",
+        ...action === "pr_review" && params.review_action ? { action: params.review_action } : {}
+      };
+      return delegate(
+        prOpAction,
+        runtime,
+        message,
+        state,
+        childParams,
+        callback
+      );
+    }
+    const issueOp = ISSUE_OP_BY_ACTION[action];
+    if (issueOp) {
+      return delegate(
+        issueOpAction,
+        runtime,
+        message,
+        state,
+        { ...params, op: issueOp },
+        callback
+      );
+    }
+    return {
+      success: false,
+      text: `Unsupported GITHUB action: ${action}`,
+      data: { error: "UNSUPPORTED_ACTION", action }
+    };
+  }
+};
+// src/connector-account-provider.ts
+import {
+  logger as logger4
+} from "@elizaos/core";
+var GITHUB_AUTHORIZATION_ENDPOINT = "https://github.com/login/oauth/authorize";
+var GITHUB_TOKEN_ENDPOINT = "https://github.com/login/oauth/access_token";
+var GITHUB_USER_ENDPOINT = "https://api.github.com/user";
+var DEFAULT_PURPOSES = [
+  "posting",
+  "reading",
+  "admin"
+];
+function nonEmptyString3(value) {
+  if (typeof value !== "string") return void 0;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : void 0;
+}
+function readSetting2(runtime, key) {
+  return nonEmptyString3(runtime.getSetting?.(key));
+}
+function readClientConfig(runtime) {
+  const clientId = readSetting2(runtime, "GITHUB_OAUTH_CLIENT_ID");
+  const clientSecret = readSetting2(runtime, "GITHUB_OAUTH_CLIENT_SECRET");
+  const redirectUri = readSetting2(runtime, "GITHUB_OAUTH_REDIRECT_URI");
+  if (!clientId || !clientSecret || !redirectUri) {
+    throw new Error(
+      "GitHub OAuth requires GITHUB_OAUTH_CLIENT_ID, GITHUB_OAUTH_CLIENT_SECRET, and GITHUB_OAUTH_REDIRECT_URI to be configured."
+    );
+  }
+  return { clientId, clientSecret, redirectUri };
+}
+function parseScopes(value) {
+  if (!value) return [];
+  return value.split(/[,\s]+/).map((scope) => scope.trim()).filter(Boolean);
+}
+function defaultRoleFromAccountId(accountId) {
+  if (accountId === DEFAULT_GITHUB_USER_ACCOUNT_ID) return "OWNER";
+  if (accountId === DEFAULT_GITHUB_AGENT_ACCOUNT_ID) return "AGENT";
+  return "OWNER";
+}
+function roleFromMetadata(metadata, accountId) {
+  const record = metadata && typeof metadata === "object" && !Array.isArray(metadata) ? metadata : {};
+  const raw = nonEmptyString3(record.role ?? record.accountRole);
+  const normalized = raw?.toUpperCase();
+  if (normalized === "OWNER" || normalized === "AGENT" || normalized === "TEAM") {
+    return normalized;
+  }
+  return defaultRoleFromAccountId(accountId);
+}
+async function exchangeCodeForToken(args) {
+  const response = await fetch(GITHUB_TOKEN_ENDPOINT, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json"
+    },
+    body: new URLSearchParams({
+      client_id: args.clientId,
+      client_secret: args.clientSecret,
+      code: args.code,
+      redirect_uri: args.redirectUri
+    }).toString()
+  });
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(
+      `GitHub token exchange failed with ${response.status}: ${body}`
+    );
+  }
+  const parsed = await response.json();
+  if (parsed.error) {
+    throw new Error(
+      `GitHub token exchange returned error ${parsed.error}: ${parsed.error_description ?? "no description"}`
+    );
+  }
+  if (!parsed.access_token) {
+    throw new Error("GitHub token exchange returned no access_token.");
+  }
+  return parsed;
+}
+async function fetchGitHubUser(accessToken) {
+  const response = await fetch(GITHUB_USER_ENDPOINT, {
+    headers: {
+      Authorization: `Bearer ${accessToken}`,
+      Accept: "application/vnd.github+json",
+      "X-GitHub-Api-Version": "2022-11-28"
+    }
+  });
+  if (!response.ok) {
+    throw new Error(`GitHub /user request failed with ${response.status}`);
+  }
+  const parsed = await response.json();
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error("GitHub /user returned an invalid payload.");
+  }
+  return parsed;
+}
+function synthesizeEnvAccounts(runtime) {
+  const now = Date.now();
+  return readGitHubAccounts(runtime).map((account) => ({
+    id: account.accountId,
+    provider: GITHUB_SERVICE_TYPE,
+    label: account.label ?? `GitHub ${account.role} (${account.accountId})`,
+    role: account.role === "user" ? "OWNER" : "AGENT",
+    purpose: DEFAULT_PURPOSES,
+    accessGate: "open",
+    status: "connected",
+    displayHandle: account.accountId,
+    createdAt: now,
+    updatedAt: now,
+    metadata: { authMethod: "pat", source: "env" }
+  }));
+}
+function createGitHubConnectorAccountProvider(runtime) {
+  return {
+    provider: GITHUB_SERVICE_TYPE,
+    label: "GitHub",
+    listAccounts: async (manager) => {
+      const stored = await manager.getStorage().listAccounts(GITHUB_SERVICE_TYPE);
+      if (stored.length > 0) return stored;
+      return synthesizeEnvAccounts(runtime);
+    },
+    createAccount: async (input, _manager) => {
+      return {
+        ...input,
+        provider: GITHUB_SERVICE_TYPE,
+        role: input.role ?? "OWNER",
+        purpose: input.purpose ?? DEFAULT_PURPOSES,
+        accessGate: input.accessGate ?? "open",
+        status: input.status ?? "pending"
+      };
+    },
+    patchAccount: async (_accountId, patch, _manager) => {
+      return { ...patch, provider: GITHUB_SERVICE_TYPE };
+    },
+    deleteAccount: async (_accountId, _manager) => {
+    },
+    startOAuth: async (request, _manager) => {
+      const config = readClientConfig(runtime);
+      const redirectUri = request.redirectUri ?? config.redirectUri;
+      const scopes = request.scopes && request.scopes.length > 0 ? request.scopes : ["repo", "read:user", "user:email", "notifications"];
+      const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: redirectUri,
+        state: request.flow.state,
+        scope: scopes.join(" "),
+        allow_signup: "false"
+      });
+      return {
+        authUrl: `${GITHUB_AUTHORIZATION_ENDPOINT}?${params.toString()}`,
+        metadata: {
+          ...request.metadata,
+          requestedScopes: scopes,
+          redirectUri
+        }
+      };
+    },
+    completeOAuth: async (request, manager) => {
+      const code = nonEmptyString3(request.code);
+      if (!code) {
+        throw new Error(
+          "GitHub OAuth callback is missing an authorization code."
+        );
+      }
+      const config = readClientConfig(runtime);
+      const redirectUri = nonEmptyString3(request.flow.redirectUri) ?? config.redirectUri;
+      const tokens = await exchangeCodeForToken({
+        clientId: config.clientId,
+        clientSecret: config.clientSecret,
+        redirectUri,
+        code
+      });
+      if (!tokens.access_token) {
+        throw new Error("GitHub token exchange returned no access_token.");
+      }
+      const user = await fetchGitHubUser(tokens.access_token);
+      const externalId = nonEmptyString3(user.id ? String(user.id) : void 0);
+      const login = nonEmptyString3(user.login);
+      if (!login) {
+        throw new Error("GitHub /user payload did not include a login.");
+      }
+      const expiresAt = typeof tokens.expires_in === "number" ? Date.now() + tokens.expires_in * 1e3 : void 0;
+      const oauthCredentialVersion = String(Date.now());
+      const accountMetadata = {
+        authMethod: "oauth",
+        login,
+        githubUserId: user.id ?? null,
+        email: nonEmptyString3(user.email) ?? null,
+        type: nonEmptyString3(user.type) ?? null,
+        tokenType: nonEmptyString3(tokens.token_type) ?? "bearer",
+        grantedScopes: parseScopes(tokens.scope),
+        hasRefreshToken: Boolean(tokens.refresh_token),
+        expiresAt,
+        oauthCredentialVersion
+      };
+      const pendingAccount = await manager.upsertAccount(
+        GITHUB_SERVICE_TYPE,
+        {
+          provider: GITHUB_SERVICE_TYPE,
+          role: roleFromMetadata(request.flow.metadata, request.flow.accountId),
+          purpose: DEFAULT_PURPOSES,
+          accessGate: "open",
+          status: "pending",
+          externalId: externalId ?? login,
+          displayHandle: login,
+          label: nonEmptyString3(user.name) ?? login,
+          metadata: accountMetadata
+        },
+        request.flow.accountId
+      );
+      const credentialPersist = await persistConnectorCredentialRefs({
+        runtime,
+        manager,
+        provider: GITHUB_SERVICE_TYPE,
+        accountIdForRef: pendingAccount.id,
+        storageAccountId: pendingAccount.id,
+        caller: "plugin-github",
+        credentials: [
+          {
+            credentialType: "oauth.tokens",
+            value: JSON.stringify({
+              access_token: tokens.access_token,
+              ...tokens.refresh_token ? { refresh_token: tokens.refresh_token } : {},
+              ...expiresAt !== void 0 ? { expires_at: expiresAt } : {},
+              token_type: nonEmptyString3(tokens.token_type) ?? "bearer",
+              scope: tokens.scope ?? ""
+            }),
+            ...expiresAt !== void 0 ? { expiresAt } : {},
+            metadata: {
+              provider: GITHUB_SERVICE_TYPE,
+              hasRefreshToken: Boolean(tokens.refresh_token)
+            }
+          }
+        ]
+      });
+      const accountPatch = {
+        ...pendingAccount,
+        id: pendingAccount.id,
+        provider: GITHUB_SERVICE_TYPE,
+        status: "connected",
+        metadata: {
+          ...accountMetadata,
+          credentialRefs: credentialPersist.refs,
+          credentialRefStorage: {
+            vaultAvailable: credentialPersist.vaultAvailable,
+            storageAvailable: credentialPersist.storageAvailable
+          }
+        }
+      };
+      logger4.info(
+        {
+          src: "plugin:github:connector",
+          login
+        },
+        "GitHub OAuth completed"
+      );
+      return {
+        account: accountPatch,
+        flow: { status: "completed" }
+      };
+    }
+  };
+}
+// src/routes/github-routes.ts
+import { logger as logger5 } from "@elizaos/core";
+// src/github-credentials.ts
+import fs from "fs/promises";
+import path from "path";
+import { resolveStateDir } from "@elizaos/core";
+function getCredentialFilePath() {
+  return path.join(resolveStateDir(), "credentials", "github.json");
+}
+function isGitHubCredentials(value) {
+  if (!value || typeof value !== "object") return false;
+  const v = value;
+  return typeof v.token === "string" && typeof v.username === "string" && Array.isArray(v.scopes) && v.scopes.every((s) => typeof s === "string") && typeof v.savedAt === "number";
+}
+async function loadCredentials() {
+  const filePath = getCredentialFilePath();
+  let raw;
+  try {
+    raw = await fs.readFile(filePath, "utf-8");
+  } catch {
+    return null;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return null;
+  }
+  return isGitHubCredentials(parsed) ? parsed : null;
+}
+async function loadMetadata() {
+  const creds = await loadCredentials();
+  if (!creds) return null;
+  const { token: _token, ...metadata } = creds;
+  return metadata;
+}
+async function saveCredentials(creds) {
+  const filePath = getCredentialFilePath();
+  const directory = path.dirname(filePath);
+  await fs.mkdir(directory, { recursive: true, mode: 448 });
+  await fs.chmod(directory, 448);
+  const tmpPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  await fs.writeFile(tmpPath, JSON.stringify(creds, null, 2), {
+    mode: 384
+  });
+  await fs.rename(tmpPath, filePath);
+}
+async function clearCredentials() {
+  const filePath = getCredentialFilePath();
+  try {
+    await fs.unlink(filePath);
+  } catch (err) {
+    if (err.code === "ENOENT") return;
+    throw err;
+  }
+}
+function buildCredentialsFromUserResponse(token, user, scopes, now = Date.now()) {
+  return {
+    token,
+    username: user.login,
+    scopes,
+    savedAt: now
+  };
+}
+// src/routes/github-routes.ts
+var GITHUB_USER_URL = "https://api.github.com/user";
+var VALIDATION_TIMEOUT_MS = 1e4;
+var MAX_BODY_BYTES = 8 * 1024;
+async function readJsonBody(req) {
+  const chunks = [];
+  let total = 0;
+  for await (const chunk of req) {
+    const buf = Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+    total += buf.length;
+    if (total > MAX_BODY_BYTES) return null;
+    chunks.push(buf);
+  }
+  if (chunks.length === 0) return null;
+  try {
+    const parsed = JSON.parse(Buffer.concat(chunks).toString("utf-8"));
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : null;
+  } catch {
+    return null;
+  }
+}
+function sendJson(ctx, status, body) {
+  if (ctx.json) {
+    ctx.json(status, body);
+    return;
+  }
+  ctx.res.statusCode = status;
+  ctx.res.setHeader("Content-Type", "application/json; charset=utf-8");
+  ctx.res.end(JSON.stringify(body));
+}
+function metadataToStatus(metadata) {
+  if (!metadata) return { connected: false };
+  return {
+    connected: true,
+    username: metadata.username,
+    scopes: metadata.scopes,
+    savedAt: metadata.savedAt
+  };
+}
+async function validateToken(token, fetchImpl) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), VALIDATION_TIMEOUT_MS);
+  let response;
+  try {
+    response = await fetchImpl(GITHUB_USER_URL, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.github+json",
+        "User-Agent": "eliza-github-connection"
+      },
+      signal: controller.signal
+    });
+  } finally {
+    clearTimeout(timer);
+  }
+  if (response.status === 401) {
+    throw new Error("Token rejected by GitHub: bad credentials.");
+  }
+  if (response.status === 403) {
+    throw new Error(
+      "Token rejected by GitHub: forbidden. Check the token has at least `read:user` scope."
+    );
+  }
+  if (!response.ok) {
+    throw new Error(
+      `GitHub returned ${response.status} validating the token. Try again or generate a new token.`
+    );
+  }
+  const body = await response.json();
+  if (typeof body?.login !== "string" || body.login.length === 0) {
+    throw new Error("GitHub /user response was missing the login field.");
+  }
+  const scopesHeader = response.headers.get("x-oauth-scopes") ?? "";
+  const scopes = scopesHeader.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+  return { user: body, scopes };
+}
+async function handleGetToken(ctx) {
+  const metadata = await loadMetadata();
+  sendJson(ctx, 200, metadataToStatus(metadata));
+  return true;
+}
+async function handlePostToken(ctx) {
+  const body = await readJsonBody(ctx.req);
+  const token = body && typeof body.token === "string" ? body.token.trim() : "";
+  if (token.length === 0) {
+    sendJson(ctx, 400, { error: "Missing `token` in request body." });
+    return true;
+  }
+  const fetchImpl = ctx.fetch ?? fetch;
+  let validated;
+  try {
+    validated = await validateToken(token, fetchImpl);
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    logger5.warn(`[github-routes] token validation failed: ${message}`);
+    sendJson(ctx, 400, { error: message });
+    return true;
+  }
+  const credentials = buildCredentialsFromUserResponse(
+    token,
+    validated.user,
+    validated.scopes
+  );
+  await saveCredentials(credentials);
+  logger5.info(
+    `[github-routes] saved github token for @${validated.user.login} (scopes=${validated.scopes.join(",") || "(none)"})`
+  );
+  sendJson(ctx, 200, metadataToStatus(credentials));
+  return true;
+}
+async function handleDeleteToken(ctx) {
+  await clearCredentials();
+  logger5.info("[github-routes] cleared saved github token");
+  sendJson(ctx, 200, { connected: false });
+  return true;
+}
+async function handleGitHubRoutes(ctx) {
+  if (ctx.pathname !== "/api/github/token") return false;
+  switch (ctx.method) {
+    case "GET":
+      return handleGetToken(ctx);
+    case "POST":
+      return handlePostToken(ctx);
+    case "DELETE":
+      return handleDeleteToken(ctx);
+    default:
+      sendJson(ctx, 405, { error: "Method not allowed" });
+      return true;
+  }
+}
+// src/search-category.ts
+var GITHUB_PULL_REQUESTS_SEARCH_CATEGORY = {
+  category: "github_pull_requests",
+  label: "GitHub pull requests",
+  description: "Search GitHub pull requests in a repo or across accessible repositories.",
+  contexts: ["code", "automation"],
+  filters: [
+    { name: "query", label: "Query", type: "string" },
+    {
+      name: "repo",
+      label: "Repository",
+      description: "Repository in owner/name format. Omit to search accessible repositories.",
+      type: "string"
+    },
+    {
+      name: "state",
+      label: "State",
+      description: "Pull request state.",
+      type: "enum",
+      default: "open",
+      options: [
+        { label: "Open", value: "open" },
+        { label: "Closed", value: "closed" },
+        { label: "All", value: "all" }
+      ]
+    },
+    {
+      name: "author",
+      label: "Author",
+      description: "GitHub login to filter by.",
+      type: "string"
+    },
+    {
+      name: "as",
+      label: "Identity",
+      description: "Configured GitHub identity token to use.",
+      type: "enum",
+      default: "agent",
+      options: [
+        { label: "Agent", value: "agent" },
+        { label: "User", value: "user" }
+      ]
+    },
+    {
+      name: "accountId",
+      label: "Account",
+      description: "Optional configured GitHub account id. Defaults by identity role.",
+      type: "string"
+    },
+    {
+      name: "limit",
+      label: "Limit",
+      description: "Maximum pull requests to return.",
+      type: "number",
+      default: 50
+    }
+  ],
+  resultSchemaSummary: "PRSummary[] with repo, number, title, author, state, and url.",
+  capabilities: ["pull-requests", "issues-search", "repositories"],
+  source: "plugin:github",
+  serviceType: "github"
+};
+function hasSearchCategory(runtime, category) {
+  try {
+    runtime.getSearchCategory(category, { includeDisabled: true });
+    return true;
+  } catch {
+    return false;
+  }
+}
+function registerGitHubSearchCategory(runtime) {
+  if (!hasSearchCategory(runtime, GITHUB_PULL_REQUESTS_SEARCH_CATEGORY.category)) {
+    runtime.registerSearchCategory(GITHUB_PULL_REQUESTS_SEARCH_CATEGORY);
+  }
+}
+// src/services/github-service.ts
+import { logger as logger6, Service } from "@elizaos/core";
+import { Octokit } from "@octokit/rest";
+function normalizeSelector(selector) {
+  if (selector === "user" || selector === "agent") {
+    return { role: selector };
+  }
+  return {
+    accountId: typeof selector.accountId === "string" && selector.accountId.trim() ? selector.accountId.trim() : void 0,
+    role: selector.role ?? selector.as ?? "agent"
+  };
+}
+var GitHubService = class _GitHubService extends Service {
+  constructor(runtime, createClient = (auth) => new Octokit({ auth })) {
+    super(runtime);
+    this.createClient = createClient;
+  }
+  createClient;
+  static serviceType = GITHUB_SERVICE_TYPE;
+  capabilityDescription = "GitHub REST API integration for PRs, issues, and notifications";
+  clients = /* @__PURE__ */ new Map();
+  static async start(runtime, createClient) {
+    const service = new _GitHubService(runtime, createClient);
+    await service.initialize();
+    return service;
+  }
+  async initialize() {
+    if (!this.runtime) {
+      return;
+    }
+    const accounts = await readGitHubAccountsWithConnectorCredentials(
+      this.runtime
+    );
+    this.clients.clear();
+    for (const account of accounts) {
+      this.clients.set(account.accountId, {
+        account,
+        client: this.createClient(account.token)
+      });
+    }
+    for (const role of ["user", "agent"]) {
+      if (!resolveGitHubAccount(accounts, { role })) {
+        logger6.info(
+          `[GitHubService] no GitHub ${role} account configured \u2014 ${role}-acting calls will be rejected`
+        );
+      }
+    }
+    logger6.info(
+      `[GitHubService] configured ${this.clients.size} GitHub account(s)`
+    );
+  }
+  getOctokit(selector) {
+    const selection = normalizeSelector(selector);
+    const account = resolveGitHubAccount(
+      Array.from(this.clients.values()).map((record) => record.account),
+      selection
+    );
+    if (!account) {
+      return null;
+    }
+    return this.clients.get(account.accountId)?.client ?? null;
+  }
+  /**
+   * Allows tests to inject an Octokit-shaped mock without going through
+   * environment variables. Not part of the public runtime contract.
+   */
+  setClientForTesting(as, client, accountId = defaultGitHubAccountIdForRole(as)) {
+    if (!client) {
+      this.clients.delete(accountId);
+      return;
+    }
+    this.clients.set(accountId, {
+      account: { accountId, role: as, token: "test" },
+      client
+    });
+  }
+  async stop() {
+    this.clients.clear();
+  }
+};
+// src/index.ts
+function createGitHubRouteHandler(method) {
+  return async (req, res, runtime) => {
+    const httpReq = req;
+    const httpRes = res;
+    const url = new URL(httpReq.url ?? "/api/github/token", "http://localhost");
+    void runtime;
+    await handleGitHubRoutes({
+      req: httpReq,
+      res: httpRes,
+      method,
+      pathname: url.pathname
+    });
+  };
+}
+var githubRoutes = [
+  {
+    type: "GET",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("GET")
+  },
+  {
+    type: "POST",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("POST")
+  },
+  {
+    type: "DELETE",
+    path: "/api/github/token",
+    rawPath: true,
+    handler: createGitHubRouteHandler("DELETE")
+  }
+];
+var githubPlugin = {
+  name: "github",
+  description: "GitHub integration for pull requests, issues, and notification triage",
+  services: [GitHubService],
+  actions: [...promoteSubactionsToActions(githubAction)],
+  routes: githubRoutes,
+  init: async (_config, runtime) => {
+    registerGitHubSearchCategory(runtime);
+    try {
+      const manager = getConnectorAccountManager2(runtime);
+      manager.registerProvider(createGitHubConnectorAccountProvider(runtime));
+    } catch (err) {
+      logger7.warn(
+        {
+          src: "plugin:github",
+          err: err instanceof Error ? err.message : String(err)
+        },
+        "Failed to register GitHub provider with ConnectorAccountManager"
+      );
+    }
+  },
+  async dispose(runtime) {
+    const svc = runtime.getService(GitHubService.serviceType);
+    await svc?.stop();
+  }
+};
+var index_default = githubPlugin;
+export {
+  DEFAULT_GITHUB_AGENT_ACCOUNT_ID,
+  DEFAULT_GITHUB_USER_ACCOUNT_ID,
+  GITHUB_SERVICE_TYPE,
+  GitHubActions,
+  GitHubService,
+  createGitHubConnectorAccountProvider,
+  index_default as default,
+  defaultGitHubAccountIdForRole,
+  githubAction,
+  githubPlugin,
+  issueOpAction,
+  normalizeGitHubAccountId,
+  notificationTriageAction,
+  prOpAction,
+  readGitHubAccounts,
+  readGitHubAccountsWithConnectorCredentials,
+  resolveGitHubAccount,
+  resolveGitHubAccountSelection,
+  scoreNotification
+};