POC:plugin-trikon

[AmriteshTrikon]

Relates to

Risks

Background

What does this PR do?

What kind of change is this?

Documentation changes needed?

Testing

Where should a reviewer start?

Detailed testing steps

Summary by CodeRabbit

• New Features

  • Introduced Trikon plugin for Eliza OS
  • Added token transfer action
  • Implemented wallet provider functionality

• Documentation

  • Created README for Trikon plugin
  • Added TypeScript configuration

• Chores

  • Set up package configuration for @elizaos/plugin-trikon
  • Added build and testing tools
  • Configured build and test scripts

[github-actions]

Hi @AmriteshTrikon! Welcome to the elizaOS community. Thanks for submitting your first pull request; your efforts are helping us accelerate towards AGI. We'll review it shortly. You are now an elizaOS contributor!

[coderabbitai]

Warning

There were issues while running some tools. Please review the errors and either fix the tool’s configuration or disable the tool if it’s a critical failure.

🔧 eslint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

packages/plugin-trikon/src/actions/trikon.ts

Oops! Something went wrong! :(

ESLint: 9.18.0

ESLint couldn't find an eslint.config.(js|mjs|cjs) file.

From ESLint v9.0.0, the default configuration file is now eslint.config.js.
If you are using a .eslintrc.* file, please follow the migration guide
to update your configuration file to the new format:

https://eslint.org/docs/latest/use/configure/migration-guide

If you still have problems after following the migration guide, please stop by
https://eslint.org/chat/help to chat with the team.

📝 Walkthrough

Walkthrough

This pull request introduces the @elizaos/plugin-trikon, a new package designed for token transfer actions within the Eliza OS ecosystem. It includes a package.json file with dependencies and scripts, a README for documentation, and TypeScript configuration. The package implements a wallet provider and defines a token transfer action with validation and handling logic, structured as a plugin for integration into the broader system.

Changes

File	Change Summary
packages/plugin-trikon/package.json	New package configuration with dependencies, scripts, and module exports
packages/plugin-trikon/readme.md	Initial documentation for the Trikon plugin
packages/plugin-trikon/src/actions/trikon.ts	Added token transfer action with validation and handler logic
packages/plugin-trikon/src/index.ts	Consolidated exports for plugin components
packages/plugin-trikon/src/plugins/trikonPlugin.ts	Created main plugin definition
packages/plugin-trikon/src/providers/wallet.ts	Implemented wallet provider with balance and address methods
packages/plugin-trikon/tsconfig.json	TypeScript configuration for the package
packages/plugin-trikon/tsup.config.ts	Build configuration for package bundling

Possibly related PRs

• feat: add Dex Screener plugin with token price action, evaluators, an… #1865: Introduces @elizaos/plugin-dexscreener with potential token-related functionalities
• feat: dexscreener trending #2325: Adds actions related to token handling, similar to the Trikon plugin
• feat: Solana plugin improvement for flawless transfers #2340: Enhances the Solana plugin with token transfer capabilities

Suggested labels

needs_documentation

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🧹 Nitpick comments (3)

packages/plugin-trikon/tsup.config.ts (1)

3-8: Basic configuration looks good, but consider CommonJS format.

The build configuration is well-structured. However, for better compatibility, consider adding CommonJS format.

-    format: ["esm"],
+    format: ["esm", "cjs"],

packages/plugin-trikon/src/plugins/trikonPlugin.ts (1)

5-13: Document the purpose of empty arrays

The plugin structure is clean, but please document why evaluators, services, and clients arrays are empty. Are these planned for future implementation?

packages/plugin-trikon/src/actions/trikon.ts (1)

1-170: Overall POC Status

This appears to be early-stage POC code with multiple security concerns and missing implementations. Before proceeding further:

1. Document the scope and limitations of this POC
2. Outline the path to production-ready code
3. Add comprehensive security measures for financial transactions

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3a69164 and 063eb60.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (8)

• packages/plugin-trikon/package.json (1 hunks)
• packages/plugin-trikon/readme.md (1 hunks)
• packages/plugin-trikon/src/actions/trikon.ts (1 hunks)
• packages/plugin-trikon/src/index.ts (1 hunks)
• packages/plugin-trikon/src/plugins/trikonPlugin.ts (1 hunks)
• packages/plugin-trikon/src/providers/wallet.ts (1 hunks)
• packages/plugin-trikon/tsconfig.json (1 hunks)
• packages/plugin-trikon/tsup.config.ts (1 hunks)

✅ Files skipped from review due to trivial changes (4)

• packages/plugin-trikon/readme.md
• packages/plugin-trikon/tsconfig.json
• packages/plugin-trikon/src/index.ts
• packages/plugin-trikon/package.json

🔇 Additional comments (4)

packages/plugin-trikon/tsup.config.ts (2)

1-26: Add documentation for the POC scope and purpose.

Since this is marked as a POC, please update the PR description to include:

1. The purpose of this plugin
2. Which dependencies are temporary/experimental
3. Security considerations and risks

---

15-17: Review security implications of direct network access.

The use of http, https, and agentkeepalive suggests direct network communication. Please ensure:

1. All network calls use HTTPS
2. Proper error handling is implemented
3. Timeouts are configured

packages/plugin-trikon/src/providers/wallet.ts (1)

15-15: Implementation timeline for TODOs

Multiple TODO comments indicate incomplete wallet functionality. Please provide an implementation timeline or mark this clearly as non-production code.

Also applies to: 22-22, 33-33

packages/plugin-trikon/src/actions/trikon.ts (1)

118-121: Implementation timeline for transfer logic

The actual transfer logic is missing. Given this is handling financial transactions, please provide:

1. Implementation timeline
2. Security review plan
3. Testing strategy

[wtfsayo]

@coderabbitai

new plugin should always be imported to agent/package.json and agent/src/index.ts

[coderabbitai]

@wtfsayo you're correct. the new plugin @elizaos/plugin-trikon needs to be added to:

1. agent/package.json:

"dependencies": {
  "@elizaos/plugin-trikon": "workspace:*",
  ...
}

2. agent/src/index.ts:

import { trikonplugin } from "@elizaos/plugin-trikon";
// add to plugins array in createagent function
plugins: [
  trikonplugin,
  ...
]

🔗 analysis chain

@wtfsayo thank you for pointing this out. i'll add this as a requirement for future plugin reviews.

🏁 scripts executed

the following scripts were executed for the analysis:

script:

#!/bin/bash
# check if the files exist and their content
echo "checking agent/package.json:"
cat agent/package.json 2>/dev/null || echo "file not found"
echo -e "\nchecking agent/src/index.ts:"
cat agent/src/index.ts 2>/dev/null || echo "file not found"

length of output: 55232

---

✏️ learnings added

learnt from: wtfsayo
url: https://github.com/elizaos/eliza/pull/2570

timestamp: 2025-01-21t10:42:58.000z
learning: new plugins must be added to both `agent/package.json` (as a workspace dependency) and `agent/src/index.ts` (imported and initialized in the plugins array) to be properly integrated into the system.

---

learnt from: wtfsayo
url: https://github.com/elizaos/eliza/pull/2570

timestamp: 2025-01-21t10:42:58.000z
learning: new plugins must be imported in both `agent/package.json` (as a dependency) and `agent/src/index.ts` (for initialization) to be properly integrated into the system.

note: learnings are effective only in the context of similar code segments. to apply general coding guidelines, please configure review instructions. you can manage existing learnings in the app.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 5

♻️ Duplicate comments (2)

packages/plugin-trikon/src/actions/trikon.ts (2)

29-45: ⚠️ Potential issue

Secure template processing.

The template string could be vulnerable to injection attacks. Consider using a structured format instead of free-form text.

---

56-59: ⚠️ Potential issue

Fix non-functional validation.

The validate method always returns false, effectively disabling all validation. This is a critical security issue for a financial transaction system.

🧹 Nitpick comments (1)

packages/plugin-trikon/src/actions/trikon.ts (1)

132-154: Enhance example coverage.

Add examples for:

• Failed transfers
• Invalid inputs
• Error scenarios

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 063eb60 and ac58141.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (2)

• packages/plugin-trikon/src/actions/trikon.ts (1 hunks)
• packages/plugin-trikon/src/providers/wallet.ts (1 hunks)

🔇 Additional comments (2)

packages/plugin-trikon/src/providers/wallet.ts (2)

1-8: Clean interface design!

The WalletProvider interface is well-structured with clear async method signatures.

---

14-18: Remove hardcoded wallet address

Hardcoding wallet addresses poses a security risk.

[coderabbitai]

⚠️ Potential issue

Add environment variable validation

Missing validation for environment variables could lead to runtime issues.

Apply this diff:

-            address: process.env.TRIKON_WALLET_ADDRESS || "0x4f2e63be8e7fe287836e29cde6f3d5cbc96eefd0c0e3f3747668faa2ae7324b0",
-            balance: process.env.TRIKON_INITIAL_BALANCE || "0",
-            getBalance: async () => process.env.TRIKON_INITIAL_BALANCE || "0",
-            getAddress: async () => process.env.TRIKON_WALLET_ADDRESS || "0x4f2e63be8e7fe287836e29cde6f3d5cbc96eefd0c0e3f3747668faa2ae7324b0"
+            address: validateAddress(process.env.TRIKON_WALLET_ADDRESS),
+            balance: validateBalance(process.env.TRIKON_INITIAL_BALANCE),
+            getBalance: async () => validateBalance(process.env.TRIKON_INITIAL_BALANCE),
+            getAddress: async () => validateAddress(process.env.TRIKON_WALLET_ADDRESS)

Add these validation functions:

function validateAddress(address: string | undefined): string {
    if (!address) {
        throw new Error('TRIKON_WALLET_ADDRESS environment variable is required');
    }
    if (!/^0x[a-fA-F0-9]{64}$/.test(address)) {
        throw new Error('Invalid wallet address format');
    }
    return address;
}

function validateBalance(balance: string | undefined): string {
    if (!balance) return "0";
    if (!/^\d+$/.test(balance)) {
        throw new Error('Invalid balance format');
    }
    return balance;
}

[coderabbitai]

🛠️ Refactor suggestion

Replace deprecated function usage.

The generateObjectDeprecated function is marked as deprecated. Consider using the current recommended alternative.

[coderabbitai]

⚠️ Potential issue

Implement transfer logic with proper security measures.

The TODO indicates missing core functionality. Ensure implementation includes:

• Input sanitization
• Transaction amount limits
• Rate limiting
• Proper error handling

Would you like me to provide a secure implementation template?

[coderabbitai]

⚠️ Potential issue

Enhance transfer content validation.

The current validation is too permissive for financial transactions:

• Add wallet address format validation
• Add amount range and format validation
• Remove debug logging from production code

 function isTransferContent(content: any): content is TransferContent {
-    elizaLogger.log("Content for transfer", content);
     return (
         typeof content.recipient === "string" &&
+        /^0x[a-fA-F0-9]{40}$/.test(content.recipient) &&
         (typeof content.amount === "string" ||
-            typeof content.amount === "number")
+            typeof content.amount === "number") &&
+        Number(content.amount) > 0
     );
 }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	export interface TransferContent extends Content {
	recipient: string;
	amount: string | number;
	}
	function isTransferContent(content: any): content is TransferContent {
	elizaLogger.log("Content for transfer", content);
	return (
	typeof content.recipient === "string" &&
	(typeof content.amount === "string" ||
	typeof content.amount === "number")
	);
	}
	export interface TransferContent extends Content {
	recipient: string;
	amount: string | number;
	}
	function isTransferContent(content: any): content is TransferContent {
	return (
	typeof content.recipient === "string" &&
	/^0x[a-fA-F0-9]{40}$/.test(content.recipient) &&
	(typeof content.amount === "string" ||
	typeof content.amount === "number") &&
	Number(content.amount) > 0
	);
	}