fix(os): correct shared scripts path after packages consolidation

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Shaw

packages/app-core/src/benchmark/server.ts

@@ -569,7 +569,7 @@ function normalizeLocaNativeMessages(
       normalized.push({
         role: "assistant",
         content: typeof message.content === "string" ? message.content : "",
-        ...(toolCalls.length > 0 ? { toolCalls } : {}),
+        ...(toolCalls.length > 0 ? { tool_calls: toolCalls } : {}),
       });
       continue;
     }
@@ -591,7 +591,7 @@ function normalizeLocaNativeMessages(
             : toolNamesById.get(toolCallId) || "tool";
       normalized.push({
         role: "tool",
-        id: toolCallId,
+        tool_call_id: toolCallId,
         name: toolName,
         content:
           typeof message.content === "string"

packages/core/src/capabilities/index.ts

@@ -1260,10 +1260,23 @@ export class RuntimeBrokerCapabilityRouter implements ElizaCapabilityRouter {
 		});
 		const object = requireObject(result, "plugin.asset.get");
 		const integrity = optionalString(object, "integrity", "plugin.asset.get");
+		const path = requireNonEmptyString(object, "path", "plugin.asset.get");
+		validateRemotePluginAssetPath(path, "path", "plugin.asset.get");
+		const contentType = requireNonEmptyString(
+			object,
+			"contentType",
+			"plugin.asset.get",
+		);
+		validateHeaderSafeString(contentType, "contentType", "plugin.asset.get");
+		const bodyBase64 = requireString(object, "bodyBase64", "plugin.asset.get");
+		validateBase64String(bodyBase64, "bodyBase64", "plugin.asset.get");
+		if (integrity !== undefined) {
+			validateHeaderSafeString(integrity, "integrity", "plugin.asset.get");
+		}
 		return {
-			path: requireString(object, "path", "plugin.asset.get"),
-			contentType: requireString(object, "contentType", "plugin.asset.get"),
-			bodyBase64: requireString(object, "bodyBase64", "plugin.asset.get"),
+			path,
+			contentType,
+			bodyBase64,
 			...(integrity === undefined ? {} : { integrity }),
 		};
 	}
@@ -2802,6 +2815,31 @@ function validateRemotePluginAssetPath(
 	}
 }
 
+function validateHeaderSafeString(
+	value: string,
+	key: string,
+	method: string,
+): void {
+	if (/[\r\n\0]/.test(value)) {
+		throw decodeError(method, `${key} must not contain control characters.`);
+	}
+}
+
+function validateBase64String(
+	value: string,
+	key: string,
+	method: string,
+): void {
+	if (
+		value.length > 0 &&
+		!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(
+			value,
+		)
+	) {
+		throw decodeError(method, `${key} must be valid base64.`);
+	}
+}
+
 function requirePluginActionResult(
 	value: JsonValue | undefined,
 	method: string,

packages/os/setup/package.json

@@ -5,9 +5,9 @@
   "description": "Electrobun desktop app for flashing elizaOS AOSP builds onto Pixel devices via ADB and fastboot.",
   "type": "module",
   "scripts": {
-    "predev": "node ../shared/scripts/sync-to-public.mjs ./public",
+    "predev": "node ../../shared/scripts/sync-to-public.mjs ./public",
     "dev": "vite",
-    "prebuild": "node ../shared/scripts/sync-to-public.mjs ./public",
+    "prebuild": "node ../../shared/scripts/sync-to-public.mjs ./public",
     "build": "tsc --noEmit -p tsconfig.json && tsc --noEmit -p tsconfig.main.json && vite build",
     "typecheck": "tsc --noEmit -p tsconfig.json && tsc --noEmit -p tsconfig.main.json",
     "test": "vitest run --config ./vitest.config.ts",

packages/os/usb-installer/package.json

@@ -14,9 +14,9 @@
     }
   },
   "scripts": {
-    "predev": "node ../shared/scripts/sync-to-public.mjs ./public --logos --favicons --ogembeds",
+    "predev": "node ../../shared/scripts/sync-to-public.mjs ./public --logos --favicons --ogembeds",
     "dev": "vite",
-    "prebuild": "node ../shared/scripts/sync-to-public.mjs ./public --logos --favicons --ogembeds",
+    "prebuild": "node ../../shared/scripts/sync-to-public.mjs ./public --logos --favicons --ogembeds",
     "build": "tsc --noEmit -p tsconfig.json && vite build",
     "typecheck": "tsc --noEmit -p tsconfig.json",
     "test": "vitest run --config ./vitest.config.ts",