# elizaOS Discord - 2025-12-08 ## Overall Discussion Highlights ### Critical Security Incident & Infrastructure The elizaos.ai website suffered a security breach through a Next.js RCE vulnerability (versions 15.3.0-15.3.6), with attackers deploying an XMR cryptocurrency miner. Odilitime led the incident response, discovering that fresh deployments were immediately re-compromised, confirming the vulnerability. The team identified multiple Next.js CVEs including critical RCE, cache poisoning, and SSRF issues. The solution involved updating Next.js from 15.3.1 to 16.0.7, deploying to a fresh VPS, and configuring nginx websocket settings. cjft submitted PR #3 with fixes and recommended migrating to Vercel for managed security with auto-patching. The incident was resolved within hours, with the team noting the attacker was fortunate to only deploy a miner rather than a phishing UI targeting wallets. ### Twitter/X API Integration Crisis Twitter's deprecation of user/pass authentication created a major crisis for the platform. SecretRecipe reported the free tier allows only 50 mentions checks, consuming 50% of monthly limits immediately on first run. Odilitime confirmed user/pass is legally prohibited now and suggested forking plugin-twitter 1.0.7 for those willing to risk legal issues. The team is negotiating with X for per-request pricing to make agents more affordable. Multiple accounts including degenspartanai (25k followers) were suspended. SecretRecipe reported Twitter integration is now "convoluted" with unclear ENV arguments preventing posting functionality. jin committed to fixing the posting issues immediately. ### AI16Z to ELIZAOS Migration Challenges The migration created significant technical and economic problems. The swap ratio was 1 AI16Z β†’ 6 ELIZAOS, increasing total supply from 6.6B to 11B tokens. Circulating supply jumped from 6.6B to 7.4B immediately. The snapshot mechanism caused users on exchanges like Kraken to scramble for last-minute migrations. Cryptologos criticized the anti-arbitrage approach, arguing arbitrageurs provide price stability during migrations. Multiple exchanges haven't completed migration, with Kraken still evaluating. Kenk explained the 13% supply increase at migration was for liquidity and exchanges, with remaining 27% on a 3-year unlock schedule. ### Codebase Quality & Development Practices Shaw initiated a major cleanup effort via PR #6213, performing project-wide "deslopping" to remove AI-generated code artifacts. This included type fixes (converting `any` to `unknown`), removing excessive try-catch blocks, cleaning up comments, and adding test coverage. The PR touched numerous files and was completed using Claude Opus 4.5 with aggressive prompting. Discussion revealed the team's AI-assisted development workflow, with recommendations to use Opus over Sonnet for quality despite cost differences. Odilitime noted that Opus 4.5 pricing returned to normal (5x) over the weekend after briefly matching Sonnet pricing. ### Platform Development Status **Eliza Cloud:** In active development but missed its November deadline. Odilitime stated "we're busy working on it, I think devs will really like it" but provided no specific launch date. **Babylon Prediction Market:** Has 272k-275k registered users but no launch date announced. Kenk confirmed it's progressing well but provided no timeline. The team is developing autonomous agents for the Babylon ecosystem with infrastructure partners. **Version 1.7.0:** Will include streaming features and Eliza as MCP (Model Context Protocol) integration, representing a significant feature upgrade from the originally planned 1.6.5. ### Tokenomics & Network Utility Concerns DorianD repeatedly criticized the lack of network tokenomics, stating there's "0 utility" and "no reason to buy besides pure speculation." He argued sophisticated investors won't engage without proper network token usage. The community expressed concerns about token dilution and lack of use cases. DorianD proposed implementing network tokenomics to create utility and composability for agents, along with guarantees of 24x7 uptime similar to smart contracts. ### Technical Integrations & Plugins **Database Extensions:** velsaria confirmed that existing PostgreSQL databases can be extended to accommodate ElizaOS core SQL plugin requirements, with reference implementations available in the otaku repository gamification plugin. **Market Data:** Skelzor raised concerns about the removal of the dexscreener plugin from the plugin directory. Andrea recommended alchemy.com for offchain data retrieval, highlighting its fast performance and generous free tier. **Monetization Infrastructure:** DorianD explored x402 integration for monetizing ElizaOS inference with verified payment proofs, suggesting this could form a proof-of-concept network. Shaw confirmed Jeju platform will include x402 and Ethereum interop layer exposing web2 to web3 with credit redemption for elizaOS. ### Strategic Planning & Vision Kenk shared a comprehensive Eliza Labs roadmap on Notion for team review, with plans to move it to the main elizaOS repo and schedule a review session before Christmas break. The team discussed recovering the elizaos X (Twitter) account, with Phenowin suggesting timing this with a potential Q1/Q2 2026 bull run to maximize investor attention. DorianD proposed that the real power of blockchain lies in AI agents that can run autonomously without being easily shut down, combined with futarchy/prediction markets to effect real-world changes. This led to philosophical discussion about AI governance as an alternative to traditional state power. A practical example was discussed: an AI-controlled smart fridge with camera and scale integration, with Odilitime noting that Neo has already developed home automation technology for elizaOS. ### Technical Improvements & Optimizations The team discussed memory plugin upgrades, with Odilitime creating a detailed upgrade suggestion document on HackMD. Technical discussions included self-hosting LLMs using Strix Halo mini PCs (gmktec evo-x2 128gb recommended for running larger models like gpt-oss 120b). The team explored new serialization formats (TOON and POML) but concluded existing JSON/XML formats remain superior for model compatibility. A technical note was shared about `composeState` causing infinite loops when called from action validators with incorrect parameters. ## Key Questions & Answers **Q: Is the Twitter user/pass authentication method coming back?** (asked by SecretRecipe) A: No, it's legally not allowed now. You can fork plugin-twitter 1.0.7 and maintain it yourself but expect X's lawyers and no help from the team. (answered by Odilitime) **Q: How many reads does Eliza consume on Twitter free tier?** (asked by SecretRecipe) A: First run checks 50 mentions and burns through 50% of the limit immediately for post reads. (answered by SecretRecipe) **Q: What was the AI16Z to ELIZAOS swap ratio?** (asked by Charlie Huntsman) A: 1 AI16Z β†’ 6 ELIZAOS, raising total supply from 6.6 billion to 11 billion tokens. (answered by Charlie Huntsman) **Q: When will Eliza Cloud launch?** (asked by averma) A: We're busy working on it, devs will really like it. No specific date given. (answered by Odilitime) **Q: When is Babylon launching?** (asked by joaz0502) A: It's going really well, but no launch date announced yet. If we had announced it, you'd know about it. (answered by Kenk) **Q: How many people are registered for Babylon?** (asked by joaz0502) A: 272k-275k registered users. (answered by joaz0502/community) **Q: Why is elizaos.ai showing 502 bad gateway?** (asked by jasyn_bjorn) A: The site was hacked with an XMR miner exploiting Next.js RCE vulnerability in version 15.3.1 (answered by Odilitime) **Q: What is the vulnerability that allowed the hack?** (asked by jasyn_bjorn) A: Next.js versions 15.3.0-15.3.6 have a critical RCE vulnerability in React flight protocol (GHSA-9qr9-h5gf-34mp) plus cache poisoning, SSRF, and content injection issues (answered by Odilitime) **Q: What's the solution to fix the website?** (asked by jasyn_bjorn) A: Update package.json to Next.js 16.0.7, deploy to fresh VPS, and configure nginx for websockets (answered by cjft) **Q: Should we deploy to Vercel instead?** (asked by cjft) A: Yes, Vercel provides managed security with auto-patching of CVEs (answered by cjft) **Q: Can I extend my existing PostgreSQL database to store elizaos core sql plugin needs?** (asked by velsaria) A: Yes, it's possible. Reference implementation available in the otaku repository gamification plugin. (answered by sayonara) **Q: What plugin would you recommend to fetch offchain market data?** (asked by Skelzor) A: alchemy.com is recommended for offchain data with a generous free tier. (answered by Andrea) **Q: Is it in our 2026 plans to recover our elizaos x account?** (asked by Phenowin) A: Still planning on getting it back (answered by Odilitime) **Q: Do you waste time not using Opus?** (asked by Odilitime) A: Now that Opus 4.5 costs same as Sonnet 4.5, yes; it's worth having everyone use Opus more than hiring more people (answered by shaw) **Q: Any benefit to using TOON/POML in monorepo?** (asked by Stan) A: Not really; they're more efficient than JSON/XML but don't beat CSV for density, and dumber models are better trained on XML/JSON (answered by Odilitime) **Q: Is ELIZAOS available on Kraken now?** (asked by TJ) A: No, Kraken sent emails saying they're considering migration and will keep ai16z holders informed over the next weeks. (answered by Serikiki) **Q: Why did supply increase during migration?** (asked by averma) A: Supply increased 13% at migration for liquidity and exchanges. There's a 3 year unlock schedule for the remaining 27%. (answered by Kenk) ## Community Help & Collaboration **Security Incident Response:** Odilitime and cjft collaborated to resolve the website hack, with cjft identifying the Next.js CVEs, submitting PR #3 with fixes, and recommending infrastructure improvements. The team worked together to deploy to a fresh VPS and configure nginx settings. **Twitter Integration Support:** jin committed to immediately fixing Twitter posting functionality issues reported by SecretRecipe. Odilitime acknowledged the need to optimize Twitter API integration to reduce rate limit consumption. **Database Extension Guidance:** sayonara helped velsaria confirm the feasibility of extending existing PostgreSQL databases for ElizaOS and provided reference code from the otaku repository gamification plugin. **Market Data Solutions:** Andrea assisted Skelzor in finding alternatives to the removed dexscreener plugin by recommending alchemy.com with its generous free tier and fast performance. **Plugin Discovery:** 0xbbjoker helped Hβ–³RDSHELL locate the Telegram plugin by providing the direct GitHub link to the elizaos-plugins repository. **Migration Support:** Kenk helped averma understand the supply increase mechanics during migration, explaining the 13% increase for liquidity/exchanges with a 3-year unlock schedule. Serikiki assisted TJ with information about Kraken's migration status. **Airdrop Guidance:** DorianD advised 𝗣π—₯π—œπ—‘π—–π—˜ on getting Babylon airdrops while holding on exchanges, recommending moving to a personal wallet (Ledger or Keystone). **Hardware Donation Suggestions:** The Light suggested SecretRecipe donate excess hardware (30 GPUs, servers, PCs) to schools or kids who can't afford PCs, noting it could change a kid's life. **Development Workflow:** shaw shared insights on using Claude Opus 4.5 for codebase cleanup, helping the team understand best practices for AI-assisted development and the value proposition of using higher-quality models. **Self-Hosting LLMs:** jin recommended the Strix Halo mini PC (gmktec evo-x2 128gb) for efficiently running larger models like gpt-oss 120b, helping the team with self-hosting infrastructure decisions. ## Action Items ### Technical - Update Next.js from 15.3.1 to 16.0.7 to patch critical RCE vulnerability (Mentioned by: Odilitime) - Deploy website to fresh VPS to remove any malicious installations (Mentioned by: cjft) - Rotate PAT (Personal Access Token) after security breach (Mentioned by: Odilitime) - Optimize Twitter API integration to reduce rate limit consumption from 50 reads on first run (Mentioned by: Odilitime) - Fix Twitter posting functionality that's not working despite settings being enabled (Mentioned by: jin) - Implement per-request pricing model with X/Twitter to make agents more affordable (Mentioned by: Odilitime) - Complete Eliza Cloud platform development (missed November deadline) (Mentioned by: Odilitime) - Launch Babylon prediction market (275k users registered, no date set) (Mentioned by: Kenk) - Implement network tokenomics to create utility and composability for agents (Mentioned by: DorianD) - Create guarantee of 24x7 uptime for agents similar to smart contracts (Mentioned by: DorianD) - Make agents more easily composable across the ecosystem (Mentioned by: DorianD) - Review and merge PR #6213 for codebase deslopping (type fixes, test coverage, comment cleanup) (Mentioned by: shaw) - Favor using JSON5 over JSON in codebase (Mentioned by: Odilitime) - Complete streaming implementation for version 1.7.0 (Mentioned by: Stan) - Implement Eliza as MCP for version 1.7.0 (Mentioned by: cjft) - Implement memory plugin upgrades per HackMD document (Mentioned by: Odilitime) - Add TOON and POML formats to dynamic executor (Mentioned by: Odilitime) - Fix composeState infinite loop issue when called from action validators (Mentioned by: Odilitime) - Investigate why dexscreener plugin was removed from plugin directory and document alternatives (Mentioned by: Skelzor) - Recover elizaos X (Twitter) account (Mentioned by: Phenowin, Odilitime) ### Feature - Migrate elizaos.ai to Vercel for managed security and auto-patching (Mentioned by: cjft) - Establish communications advisory board to review decisions before implementation (Mentioned by: DorianD) - Create token use cases and utility beyond pure speculation (Mentioned by: averma) - Develop autonomous agents for Babylon ecosystem with infrastructure partners (Mentioned by: Kenk) - Build prediction agents with ELIZAOS for sapience hackathon (Mentioned by: Omid Sa) - Investigate x402 integration for monetizing ElizaOS inference with verified payment proofs (Mentioned by: DorianD) - Explore Oasis ROFL for distributed ElizaOS agent processing network (Mentioned by: DorianD) - Transition to Jeju platform with cloud integration, payment infrastructure (x402), and Ethereum interop layer (Mentioned by: shaw) - Build "clean-my-wallet" app to sell all meme coins in single transaction (Mentioned by: cjft) - Explore AI agents running autonomously on blockchain combined with futarchy/prediction markets (Mentioned by: DorianD) - AI agent for smart fridge control with camera and scale integration (home automation expansion) (Mentioned by: DorianD) ### Documentation - Publish blog/documentation on protocol layer monetization strategy and OSI stack positioning (Mentioned by: DorianD) - Provide clear communication and timeline updates for Eliza Cloud and Babylon launches (Mentioned by: averma) - Review Eliza Labs roadmap on Notion and leave comments (Mentioned by: Kenk) - Move roadmap to main elizaOS repo (Mentioned by: Kenk) - Schedule session on roadmap before Christmas break (Mentioned by: Kenk) - Review and respond to pull request #240 in elizaos-plugins registry (Mentioned by: Stepz)