🎯 fix: Actions Allowed Domains Handling (#11215)

* 🔧 fix: Update domain handling in ActionsInput components for SSRF validation

- Refactored domain extraction logic in ActionsInput components to include protocol in the domain metadata for proper SSRF validation.
- Ensured that the domain is constructed as `${parsedUrl.protocol}//${parsedUrl.hostname}` to enhance security and prevent potential vulnerabilities.

This change improves the handling of user-provided domains and aligns with best practices for security in URL processing.

* 🔧 fix: Include missing `actions` field in AppService configuration

packages/data-schemas/src/app/service.ts

@@ -62,6 +62,7 @@ export const AppService = async (params?: {
 
   const mcpServersConfig = config.mcpServers || null;
   const mcpSettings = config.mcpSettings || null;
+  const actions = config.actions;
   const registration = config.registration ?? configDefaults.registration;
   const interfaceConfig = await loadDefaultInterface({ config, configDefaults });
   const turnstileConfig = loadTurnstileConfig(config, configDefaults);
@@ -74,6 +75,7 @@ export const AppService = async (params?: {
     memory,
     speech,
     balance,
+    actions,
     transactions,
     mcpConfig: mcpServersConfig,
     mcpSettings,
@@ -103,9 +105,9 @@ export const AppService = async (params?: {
 
   const loadedEndpoints = loadEndpoints(config, agentsDefaults);
 
-  const appConfig = {
+  const appConfig: AppConfig = {
     ...defaultConfig,
-    fileConfig: config?.fileConfig,
+    fileConfig: config?.fileConfig as AppConfig['fileConfig'],
     secureImageLinks: config?.secureImageLinks,
     modelSpecs: processModelSpecs(config?.endpoints, config.modelSpecs, interfaceConfig),
     endpoints: loadedEndpoints,