Skip to content

feat: official x api #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: official x api #3

wants to merge 1 commit into from

Conversation

ktn1234
Copy link
Contributor

@ktn1234 ktn1234 commented Mar 24, 2025

Description

This PR introduces a significant rework of the plugin-x package. The plugin will now support the official X API instead of using the agent-twitter-client package developed by the ElizaOS team. The reasoning for this change is twofold:

  1. Security Concerns
    Accessing Twitter via agent-twitter-client typically requires passing raw account credentials to the package. This is an undesirable practice, as it necessitates a high level of trust and prevents the creation of secure, decentralized launchpads. Users integrating their accounts into such launchpads must currently hand over their login credentials, which is a major security risk.

  2. Account Ban Risk
    The agent-twitter-client package presents a significant liability, as even normal to moderate usage can result in account bans on X. While our implementation of the official X API adheres to X’s terms of use, the risk of misuse always exists. However, as it stands, the official X plugin and its intended features will not lead to bans.

What's Different?

  • Official X API Support
    The plugin now fully integrates with the official X API, providing a more reliable and compliant way to interact with X.

  • Improved Authentication Flow
    We've implemented a much more secure authentication mechanism using OAuth. This benefits both developers building launchpads and users who want to connect their agents to X without compromising their credentials. Instead of handing over login credentials, users will authenticate via X’s OAuth flow, similar to "Sign in with X." This allows them to revoke access at any time, providing better security for their X accounts.

  • OAuth Integration for Launchpads
    Launchpad developers can now integrate an OAuth flow, allowing users to generate and hand over OAuth tokens. The internal plugin will then use these tokens on behalf of the agent, eliminating the need for direct credential sharing.

  • Local OAuth Flow Implementation
    A simple OAuth flow has been implemented for local development. This will need to be extended for compatibility in hosted environments.

image Screenshot 2025-03-06 at 11 47 37 AM

image

This sign in flow has been included as a script, pnpm maiar-x-login, so that new logins can occur before the agent has been started. This way, you can test with different accounts. It also serves as a simple example for how someone might implement this in a hosted environment with a frontend interface.

Architecture Experiment

We also continually get requests for certain features to be added to plugins. Though plugin-based triggers and executors can always be extended with more executors, the problem remains that if we implement a useful service class, such as xService we have here, this service is not registered in the runtime for generic use throughout plugins. While we work on the ability to do this, we've implemented a pattern that will allow you to extend and modify the default plugin behavior.

In this iteration, the plugin configuration for X will now accept executors and triggers as initialization params:

new PluginX({
      client_id: process.env.X_CLIENT_ID as string,
      client_secret: process.env.X_CLIENT_SECRET as string,
      callback_url: process.env.X_CALLBACK_URL as string,
      // You can customize which executors and triggers to use
      // If not specified, all default ones will be used automatically
      customExecutors: [
        createPostExecutor
      ],
      customTriggers: [
        periodicPostTrigger
      ]
})

We export some widely used triggers from the package itself: createPostExecutor and periodicPostTrigger. Use these as examples to create your own triggers and executors to modify behavior.

Related Issues

This solves #37 by making it obsolete.

Changes Made

  • Feature added
  • Bug fixed
  • Code refactored
  • Documentation updated

How to Test

You will need to create an X developer account, an X application (the default one it gives you works fine) and enable client authentication in the application panel. Your client id and client secret are how your application communicates to get user tokens from X. All the relevant documentation for setting up an X app can be found here.

Checklist

  • Code follows project style guidelines
  • Tests have been added/updated if needed
  • Documentation has been updated if necessary
  • Ready for review 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ktn1234