{ "prompt_name": "discord-announcement", "category": "comms", "date": "2026-05-13", "generated_text": "\ud83d\ude80 Big momentum this week: we\u2019re unblocking the next wave of third\u2011party plugins while tightening up infra + community testing paths!\n\n**Week recap (2026-05-07 \u2192 2026-05-13):**\n- \ud83e\udde9 **Plugin Registry v2:** Third\u2011party submissions hit a blocker \u2014 `elizaos-plugins/registry` and `plugins.elizacloud.ai` are returning **404s**. Core devs are investigating, and we may **temporarily revert to PRs directly to `elizaOS/eliza`** for faster shipping.\n- \ud83d\udce6 **Plugin submission edge cases:** A ready-to-ship plugin (`plugin-undesirables@2.0.3`) highlighted **BUSL-1.1 licensing constraints** (can\u2019t PR into the monorepo), reinforcing why the registry path matters.\n- \ud83e\udd1d **Sandbox agent testing:** A community dev requested approval to test a **Python multi-agent orchestrator** (A2A read-only research agent + MCP tools like Tavily/DDG/arXiv) in a **locked-down sandbox channel**. OAuth/whitelisting flow is being coordinated.\n- \ud83d\udee1\ufe0f **Discord security:** Mods flagged **scammer activity / possible compromised accounts**. Team is actively reviewing server safety and permissions.\n- \ud83d\udcb8 **Ops note:** Running an Eliza Twitter bot can be as low as **~$10/month** depending on reply volume/config.\n\n**Community highlights**\n- \ud83d\udc4b New builder intros (AI + full-stack folks joining with a strong \u201cproduction > hype\u201d mindset).\n- \ud83e\udde0 Healthy discussion around registry policy + safe bot testing practices.\n\n**AI16Z / auto.fun**\n- \ud83e\ude99 No official AI16Z update this week (community questions popped up\u2014team will share clarity when available).\n- \ud83e\uddea No new auto.fun launch notes in the log this week.\n\n**Next up:** fix registry access, publish the finalized plugin submission path, and kick off the sandbox orchestrator test with clear guardrails.", "source_references": [ "2026-05-13\n---\n2026-05-12.md\n---\n# elizaOS Discord - 2026-05-12\n\n## Summary\n\n### Plugin Registry Infrastructure\n\nThe v2 registry infrastructure for third-party Eliza plugins encountered technical issues. Plugin-undesirables@2.0.3 was prepared for submission with generated JSON metadata, but attempts to access the elizaos-plugins/registry repository and plugins.elizacloud.ai resulted in 404 errors. The plugin uses BUSL-1.1 licensing which prevents direct PRs to the monorepo. Investigation into the registry access issues is ongoing, with potential policy changes being considered to revert back to PRs directly to the elizaOS/eliza repository.\n\n### Community Introductions\n\nNew community members introduced themselves in the discussion channel. One member shared their background in AI and full-stack development, emphasizing expertise in practical problem-solving, clean code practices, and production-ready systems with focus on efficiency, accuracy, user experience, maintainability, and security.\n\n### Security Concerns\n\nDiscord server security issues were identified with compromised admin accounts and ongoing scammer activity requiring attention from moderators.\n\n## FAQ\n\n**Q: How do I submit a plugin to the v2 registry?**\nA: The v2 registry submission process is currently under investigation due to 404 errors when accessing the elizaos-plugins/registry repo and plugins.elizacloud.ai. A potential policy change may revert the process back to PRs directly to the elizaOS/eliza repository.\n\n**Q: Can I submit a plugin with BUSL-1.1 licensing to the monorepo?**\nA: No, BUSL-1.1 licensing prevents direct PRs to the monorepo. Alternative submission methods through the v2 registry are being developed.\n\n**Q: Why am I getting 404 errors when trying to access the plugin registry?**\nA: This is a known issue currently under investigation by the development team. The registry infrastructure may have been accidentally affected.\n\n## Help Interactions\n\n**Helper:** odilitime\n**Helpee:** thegreatluna8713\n**Resolution:** Acknowledged the 404 errors on elizaos-plugins/registry repo and plugins.elizacloud.ai. Investigation initiated to determine if the issue was accidental. Mentioned potential policy change to revert to PRs directly to elizaOS/eliza repository. Resolution pending.\n\n## Action Items\n\n### Technical\n\n- Investigate 404 errors on elizaos-plugins/registry repo and plugins.elizacloud.ai (mentioned by odilitime)\n- Address compromised admin accounts and scammer activity in Discord server (mentioned by shrektwo, odilitime)\n- Determine final policy for plugin submission process between v2 registry and direct PRs (mentioned by odilitime)\n\n### Documentation\n\n- Clarify plugin submission process for BUSL-1.1 licensed plugins once registry issues are resolved (mentioned by thegreatluna8713)\n---\n2026-05-11.md\n---\n# elizaOS Discord - 2026-05-11\n\n## Summary\n\n### Service Introductions and Self Promotion\n\nMultiple engineers introduced themselves and advertised their technical capabilities in the discussion channel. _ky0078 specializes in autonomous agents using LangChain, AutoGen, and CrewAI, with experience in multimodal AI including voice assistants and trading bots. harry346165 focuses on Next.js 15, React 19, and TypeScript combined with AI tools like LangChain and LangGraph. fabio7311 emphasized over 10 years of machine learning experience with expertise in GANs, SOMs, DBNs, PINNs, and SNNs for production systems. trace.g highlighted project management capabilities for LLM systems and RAG implementations.\n\n### Multi Agent Orchestrator Testing Request\n\nA developer sought permission to test a Python-based multi-agent orchestrator built with claude-agent-sdk on the ElizaOS Discord server. The system features an A2A-protocol read-only research agent with integrations for Tavily, fetch, DuckDuckGo, and arXiv via Model Context Protocol. The agent would operate in a sandbox channel with restricted permissions including read-only access, no direct messages, and response only to @-mentions. The developer had previously contacted the official email and was seeking OAuth invite/whitelist procedures.\n\n### Token and Project Concerns\n\nCommunity member .chomppp raised concerns about ElizaOS token support and noted that Shaw had removed ElizaOS from his X bio. This observation received no response from other community members.\n\n### Market Commentary\n\nBrief comments from satsbased mentioned favorable market conditions and the need for a catalyst, though no detailed discussion followed.\n\n## FAQ\n\n**Q: What integrations does the multi-agent orchestrator support?**\nA: The orchestrator includes integrations for Tavily, fetch, DuckDuckGo, and arXiv via Model Context Protocol (MCP).\n\n**Q: What permissions would the research agent have in the Discord server?**\nA: The agent would have read-only access, no direct message capabilities, and would only respond to @-mentions in a sandbox channel.\n\n**Q: Does the multi-agent orchestrator need to be ported to Eliza?**\nA: The developer expressed willingness to port the Python solution to Eliza if required by the community, though it was initially built using claude-agent-sdk.\n\n**Q: Who handles OAuth setup for testing agents on the ElizaOS Discord?**\nA: odilitime handles OAuth setup and offered to assist via direct message.\n\n## Help Interactions\n\n**Helper:** odilitime\n**Helpee:** rma_bot\n**Resolution:** odilitime offered to handle OAuth setup via direct message for testing the multi-agent orchestrator on the Discord server, providing the administrative support needed to proceed with the sandbox testing.\n\n## Action Items\n\n### Technical\n\n- Test multi-agent orchestrator with A2A-protocol research agent in sandbox channel (mentioned by rma_bot)\n- Set up OAuth invite/whitelist for research agent testing (mentioned by rma_bot, to be handled by odilitime)\n- Potentially port Python-based orchestrator to Eliza framework if community requires (mentioned by rma_bot)\n---\n2026-05-10.md\n---\n# elizaOS Discord - 2026-05-10\n\n## Summary\n\n### Social Interactions and Community Engagement\n\nThe discussion channel saw primarily casual social interactions on May 10, 2026. Community members exchanged greetings including variations of \"hi,\" \"hey,\" \"GM\" (good morning), and \"hello\" throughout the day. One member, mdmnvest, shared a Mother's Day greeting with the community. User rsn6958 posted a self-introduction describing their background in AI and full-stack development, emphasizing their focus on practical solutions, clean code, and production-ready systems, though this was not part of any active technical discussion.\n\n### Bot Operational Costs\n\nThe coders channel discussed the financial aspects of running an Eliza Twitter bot. The conversation revealed that operational costs have decreased significantly over time, from approximately $100 per month to around $10 per month currently. The actual costs vary considerably depending on configuration choices and usage patterns, with the volume of replies generated by the bot being a primary cost driver.\n\n### Security Concerns\n\nA brief security-related question was raised in the coders channel when gokumaster64 asked if something had been compromised, though this concern was not elaborated upon or addressed in the available conversation.\n\n## FAQ\n\n**Q: What are the monthly operational costs for running an Eliza Twitter bot?**\nA: The costs have decreased from approximately $100 per month to around $10 per month currently. However, actual costs vary significantly based on configuration options and usage patterns, particularly the volume of replies the bot generates.\n\n**Q: What factors affect the operational costs of an Eliza Twitter bot?**\nA: The primary factors are configuration options and usage patterns, with the volume of replies generated by the bot being a significant cost driver.\n\n## Help Interactions\n\nNo structured help interactions with clear resolutions were documented in the available conversations. The security concern raised by gokumaster64 about potential compromise was not addressed or resolved in the visible discussion.\n\n## Action Items\n\n### Technical\n\n- Investigate the security concern raised about potential compromise (mentioned by gokumaster64)\n---\n2026-05-12.json\n---\nelizaosDailySummary\n---\nDaily Report - 2026-05-12\n---\nElizaOS Discord Community Activity - May 12, 2026\n---\nIn the general discussion channel, a developer named Ginga introduced themselves as a builder of AI and full-stack systems, emphasizing practical software delivery over hype, with a focus on clean, maintainable, and secure production-ready systems. The introduction received a positive reaction from the community. Separately, a user named DON DADA greeted the channel and asked if anyone needed chatters.\n---\nhttps://discord.com/channels/1253563208833433701/1253563209462448241\n---\nhttps://cdn.elizaos.news/posters/1778637429341-o9uk7i.jpg\n---\nIn the coders channel, a developer named sailorpepe.eth reported that the v2 plugin registry infrastructure appears to be unavailable, with both the elizaos-plugins/registry repo and plugins.elizacloud.ai returning 404 errors. They had a third-party plugin ready for submission and asked whether to hold their pull request until the repo goes public or if a staging area exists. Core developer Odilitime acknowledged the issue and suggested the team may revert to accepting pull requests directly to the elizaOS/eliza repository. Additionally, community members flagged suspicious activity in the Discord, with one user suggesting an admin account may have been compromised. Odilitime clarified that the project has no admins and attributed the suspicious activity to scammers.\n---\nhttps://discord.com/channels/1253563208833433701/1300025221834739744\n---\nhttps://cdn.elizaos.news/posters/1778637453552-ty1sr.png\n---\ndiscordrawdata\n---\nActivity Summary for 2026-05-12\n---\nNo activity was recorded for the date 2026-05-12. There are no events, updates, or notable occurrences to report for this period.\n---\nhttps://elizaos.github.io/api/summaries/overall/day/2026-05-12.json\n---\nmiscellaneous\n---\n1386045358768918679\n---\ndondada0420\n---\nTrader\n---\nDesigner\n---\nutility\n---\neliza\n---\n283082734979514370\n---\nbrickolascage\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n800764682150477845\n---\nrsn6958\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n580487826420793364\n---\nodilitime\n---\nGod\n---\nplatform - self assign\n---\npartner portal - self assign\n---\nCommunity Ops\n---\nCreator\n---\nModerator\n---\n[WG] degenspartan\n---\npmairca - self assign\n---\nVerified\n---\nBooster\n---\nHoplite\n---\nMigration Support\n---\nHelper\n---\nGithub - Contributor\n---\nLabs Alumni\n---\nTrader\n---\nContributor\n---\nmerch - self assign\n---\nevents - self-assign\n---\n[WG] Elizacon - granted\n---\nSpartan Dev\n---\nCore Dev\n---\nCoder\n---\n212762270080434177\n---\nshrektwo\n---\nVerified\n---\n920440808509931560\n---\nthegreatluna8713\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n1443150982945968259\n---\nscottnuttall_\n---\nHelper\n---\nTrader\n---\nCreator\n---\n[WG] degenspartan\n---\nDesigner\n---\nFr\n---\nutility\n---\nCoder\n---\neliza\n---\n2026-05-12.md\n---\n## ElizaOS Community Activity - May 12, 2026\n\n## General Discussion\n\n- Developer Ginga introduced themselves as a builder of AI and full-stack systems, with a focus on practical software delivery, clean, maintainable, and secure production-ready systems\n- The introduction received a positive response from the community\n\n## Developer Activity\n\n### Plugin Registry Infrastructure\n\n- Developer sailorpepe.eth reported that the v2 plugin registry infrastructure is returning 404 errors, affecting both the elizaos-plugins/registry repo and plugins.elizacloud.ai\n- A third-party plugin was prepared and ready for submission\n- Core developer Odilitime acknowledged the issue and indicated the team may revert to accepting pull requests directly to the elizaOS/eliza repository\n\n### Security\n\n- Community members flagged suspicious activity in the Discord server\n- Odilitime clarified that the project has no admins and attributed the activity to scammers\n---\n2026-05-12.json\n---\nelizaOS\n---\nelizaOS Discord - 2026-05-12\n---\n1253563209462448241\n---\n\ud83d\udcac-discussion\n---\nThis Discord chat segment contains minimal substantive technical discussion. The conversation consists primarily of introductory messages and casual greetings. User rsn6958 posted a self-introduction describing their background in AI and full-stack development, emphasizing practical problem-solving, clean code practices, and production-ready systems. The message highlights focus areas including efficiency, accuracy, user experience, maintainability, and security. User brickolascage made a brief comment about someone's computer skills, though the context is unclear. User dondada0420 greeted the channel and inquired about chatters. No technical problems were solved, no architectural decisions were made, and no concrete implementations were discussed. The segment lacks meaningful technical discourse, code reviews, debugging sessions, or collaborative problem-solving that would typically characterize active development discussions.\n---\n1300025221834739744\n---\n\ud83d\udcac-coders\n---\nThe main technical discussion centered on v2 registry infrastructure for third-party Eliza plugins. thegreatluna8713 reported that plugin-undesirables@2.0.3 is ready for submission to the v2 registry but encountered 404 errors when attempting to access the elizaos-plugins/registry repo and plugins.elizacloud.ai. They have generated JSON metadata prepared and noted their plugin uses BUSL-1.1 licensing, preventing direct PR to the monorepo. odilitime acknowledged the issue and indicated they would investigate, suggesting it might be accidental. They also mentioned a potential policy change to revert back to PRs directly to elizaOS/eliza repository. The conversation was interrupted by security concerns when shrektwo noticed suspicious activity, identifying compromised admin accounts. odilitime confirmed ongoing scammer issues in the Discord. The technical resolution for the registry submission process remains pending investigation.\n---\nI've got a third-party plugin (plugin-undesirables@2.0.3) ready for the v2 registry. The target elizaos-plugins/registry repo and plugins.elizacloud.ai are returning 404s. Is the v2 registry infra still private pending the 2.0.0-beta launch? Should I hold my PR until the repo goes public?\n---\nthegreatluna8713\n---\nodilitime\n---\nodilitime\n---\nthegreatluna8713\n---\nUnable to access v2 registry infrastructure (404 errors on elizaos-plugins/registry and plugins.elizacloud.ai) for third-party plugin submission\n---\nAcknowledged the issue and committed to investigating; suggested potential policy change to revert to PRs to elizaOS/eliza\n---\nTechnical\n---\nInvestigate 404 errors on elizaos-plugins/registry repo and plugins.elizacloud.ai for v2 registry access\n---\nodilitime\n---\nTechnical\n---\nDetermine final submission process for v2 third-party plugins and communicate to plugin developers\n---\nodilitime\n---\nTechnical\n---\nAddress Discord security issues with compromised admin accounts\n---\nshrektwo\n---\n1386045358768918679\n---\ndondada0420\n---\nTrader\n---\nDesigner\n---\nutility\n---\neliza\n---\n283082734979514370\n---\nbrickolascage\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n800764682150477845\n---\nrsn6958\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n580487826420793364\n---\nodilitime\n---\nGod\n---\nplatform - self assign\n---\npartner portal - self assign\n---\nCommunity Ops\n---\nCreator\n---\nModerator\n---\n[WG] degenspartan\n---\npmairca - self assign\n---\nVerified\n---\nBooster\n---\nHoplite\n---\nMigration Support\n---\nHelper\n---\nGithub - Contributor\n---\nLabs Alumni\n---\nTrader\n---\nContributor\n---\nmerch - self assign\n---\nevents - self-assign\n---\n[WG] Elizacon - granted\n---\nSpartan Dev\n---\nCore Dev\n---\nCoder\n---\n212762270080434177\n---\nshrektwo\n---\nVerified\n---\n920440808509931560\n---\nthegreatluna8713\n---\nVerified\n---\nCoder\n---\nutility\n---\neliza\n---\n1443150982945968259\n---\nscottnuttall_\n---\nHelper\n---\nTrader\n---\nCreator\n---\n[WG] degenspartan\n---\nDesigner\n---\nFr\n---\nutility\n---\nCoder\n---\neliza\n---\n2026-05-12.md\n---\n# elizaOS Discord - 2026-05-12\n\n## Summary\n\n### Plugin Registry Infrastructure\n\nThe v2 registry infrastructure for third-party Eliza plugins encountered technical issues. Plugin-undesirables@2.0.3 was prepared for submission with generated JSON metadata, but attempts to access the elizaos-plugins/registry repository and plugins.elizacloud.ai resulted in 404 errors. The plugin uses BUSL-1.1 licensing which prevents direct PRs to the monorepo. Investigation into the registry access issues is ongoing, with potential policy changes being considered to revert back to PRs directly to the elizaOS/eliza repository.\n\n### Community Introductions\n\nNew community members introduced themselves in the discussion channel. One member shared their background in AI and full-stack development, emphasizing expertise in practical problem-solving, clean code practices, and production-ready systems with focus on efficiency, accuracy, user experience, maintainability, and security.\n\n### Security Concerns\n\nDiscord server security issues were identified with compromised admin accounts and ongoing scammer activity requiring attention from moderators.\n\n## FAQ\n\n**Q: How do I submit a plugin to the v2 registry?**\nA: The v2 registry submission process is currently under investigation due to 404 errors when accessing the elizaos-plugins/registry repo and plugins.elizacloud.ai. A potential policy change may revert the process back to PRs directly to the elizaOS/eliza repository.\n\n**Q: Can I submit a plugin with BUSL-1.1 licensing to the monorepo?**\nA: No, BUSL-1.1 licensing prevents direct PRs to the monorepo. Alternative submission methods through the v2 registry are being developed.\n\n**Q: Why am I getting 404 errors when trying to access the plugin registry?**\nA: This is a known issue currently under investigation by the development team. The registry infrastructure may have been accidentally affected.\n\n## Help Interactions\n\n**Helper:** odilitime\n**Helpee:** thegreatluna8713\n**Resolution:** Acknowledged the 404 errors on elizaos-plugins/registry repo and plugins.elizacloud.ai. Investigation initiated to determine if the issue was accidental. Mentioned potential policy change to revert to PRs directly to elizaOS/eliza repository. Resolution pending.\n\n## Action Items\n\n### Technical\n\n- Investigate 404 errors on elizaos-plugins/registry repo and plugins.elizacloud.ai (mentioned by odilitime)\n- Address compromised admin accounts and scammer activity in Discord server (mentioned by shrektwo, odilitime)\n- Determine final policy for plugin submission process between v2 registry and direct PRs (mentioned by odilitime)\n\n### Documentation\n\n- Clarify plugin submission process for BUSL-1.1 licensed plugins once registry issues are resolved (mentioned by thegreatluna8713)\n---\n2026-05-13.md\n---\nFile not found\n---\n2026-05-03.md\n---\n# Overall Project Weekly Summary (May 3 - 9, 2026)\n\n## Executive Summary\nThis week, the ElizaOS team focused on hardening the framework\u2019s core infrastructure to ensure reliable, long-term performance across diverse environments. By resolving critical stability issues and streamlining our monorepo architecture, we have successfully laid a more robust foundation for future multi-agent orchestration and cloud-native growth.\n\n### Key Strategic Initiatives & Outcomes\n\n**Strengthening System Reliability**\n_Goal: We prioritized fixing core stability issues to ensure that agents run consistently without crashing, regardless of the hosting environment._\n* Resolved critical system crashes on Linux servers, ensuring agents remain active and reliable ([elizaos/eliza](https://github.com/elizaos/eliza), [elizaos-plugins/plugin-n8n-workflow](https://github.com/elizaos-plugins/plugin-n8n-workflow)).\n* Fixed communication conflicts in Telegram integrations to prevent bot service interruptions ([elizaos/eliza](https://github.com/elizaos/eliza), [elizaos-plugins/plugin-n8n-workflow](https://github.com/elizaos-plugins/plugin-n8n-workflow)).\n\n**Enhancing Agent Intelligence and Interaction**\n_Goal: We improved how agents process information and interact with users to make automated workflows more precise and intuitive._\n* Introduced structured interaction rules and clearer prompt directives, allowing agents to handle complex workflow logic with greater accuracy ([elizaos-plugins/plugin-n8n-workflow](https://github.com/elizaos-plugins/plugin-n8n-workflow)).\n* Refined the user interface for automations, making it easier for humans to clarify requests and track agent progress ([elizaos/eliza](https://github.com/elizaos/eliza)).\n\n**Scaling Cloud-Native Capabilities**\n_Goal: We updated our infrastructure to better support monetization and secure access for cloud-based agent deployments._\n* Implemented support for monetized container app domains, enabling new pathways for project sustainability ([elizaos/eliza](https://github.com/elizaos/eliza)).\n* Streamlined authentication and billing processes to ensure a smoother, more secure experience for new users ([elizaos/eliza](https://github.com/elizaos/eliza)).\n\n### Cross-Repository Coordination\n* **Monorepo Consolidation:** The team synchronized efforts to migrate the Slack plugin ([elizaos/eliza#7375](https://github.com/elizaos/eliza/pull/7375)) and remove legacy code, significantly simplifying our development pipeline and improving overall project maintainability.\n* **Unified Stability Fixes:** By coordinating fixes for authentication and process-level stability across both the core framework and the n8n plugin, we ensured that the agent runtime remains consistent across all integrated services.\n\n## Repository Spotlights\n\n### elizaos/eliza\n* **Infrastructure Hardening:** Resolved critical headless Linux segfaults ([#7231](https://github.com/elizaos/eliza/issues/7231)) and fixed race conditions in Telegram polling ([#7245](https://github.com/elizaos/eliza/issues/7245)) to improve uptime.\n* **Cloud & Monetization:** Added support for monetized container app domains ([#7376](https://github.com/elizaos/eliza/pull/7376)) and resolved authentication deadlocks to improve the user onboarding experience ([#7327](https://github.com/elizaos/eliza/pull/7327), [#7367](https://github.com/elizaos/eliza/pull/7367)).\n* **UX Improvements:** Restored the \"Automations Overview\" surface ([#7317](https://github.com/elizaos/eliza/pull/7317)) and added new clarification panels to help users better interact with their agents ([#7315](https://github.com/elizaos/eliza/pull/7315)).\n* **Maintenance:** Performed major dependency updates, including React 19.2.5 and Python 3.14, to keep the framework modern and secure ([#7235](https://github.com/elizaos/eliza/pull/7235)).\n\n### elizaos-plugins/plugin-n8n-workflow\n* **Workflow Logic:** Implemented ID-based directives and structured clarification rules to improve how agents execute complex tasks ([#28](https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/28), [#27](https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/27)).\n* **Authentication Updates:** Updated token handling logic to support modern access token formats, ensuring seamless routing for new installations ([#7238](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7238), [#7243](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7243)).\n* **Codebase Cleanup:** Removed duplicate class definitions to ensure domain methods are correctly applied, preventing potential runtime errors ([#7233](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7233), [#7244](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7244)).\n---\n2026-05-01.md\n---\n# Overall Project Monthly Summary (May 2026)\n\n## Executive Summary\nMay 2026 was a month of foundational hardening for ElizaOS, focused on stabilizing our core framework and ensuring seamless compatibility across diverse computing environments. By resolving critical infrastructure bottlenecks and standardizing how our plugins interact with the core system, we have significantly improved the reliability and security of our AI agent deployments.\n\n### Key Strategic Initiatives & Outcomes\n\n**Strengthening Core Reliability and Cross-Platform Stability**\n*Goal: To ensure our agents run consistently and securely on any server or operating system.*\n- We hardened the agent runtime for headless environments, preventing system crashes on Linux and Windows servers ([elizaos/eliza](https://github.com/elizaos/eliza)).\n- We implemented a new, secure way to manage sensitive information across different platforms, making it easier to integrate with our settings interface ([elizaos/eliza](https://github.com/elizaos/eliza)).\n- We resolved complex system-level errors that previously hindered reliable agent performance in headless deployments ([elizaos-plugins/plugin-n8n-workflow](https://github.com/elizaos-plugins/plugin-n8n-workflow)).\n\n**Modernizing Our Build Architecture**\n*Goal: To align our plugin ecosystem with modern web standards for better performance and easier maintenance.*\n- We transitioned multiple plugins ([plugin-ollama](https://github.com/elizaos-plugins/plugin-ollama), [plugin-openrouter](https://github.com/elizaos-plugins/plugin-openrouter), [plugin-pdf](https://github.com/elizaos-plugins/plugin-pdf), and [plugin-openai](https://github.com/elizaos-plugins/plugin-openai)) to a modern, modular build structure, eliminating runtime conflicts with the core framework.\n\n**Ensuring Secure and Reliable Integrations**\n*Goal: To maintain high security and service continuity for our decentralized exchange and communication tools.*\n- We migrated our Jupiter integration to the official API endpoint and implemented mandatory security key authentication to keep our decentralized trading features compliant and reliable ([elizaos-plugins/plugin-jupiter](https://github.com/elizaos-plugins/plugin-jupiter)).\n- We refined configuration management for Telegram and Discord plugins to ensure that agent settings are applied correctly and consistently during runtime ([elizaos-plugins/plugin-telegram](https://github.com/elizaos-plugins/plugin-telegram), [elizaos-plugins/plugin-discord](https://github.com/elizaos-plugins/plugin-discord)).\n\n### Cross-Repository Coordination\n- **Shared Framework Alignment**: A major project-wide effort was undertaken to align all plugins with the ESM-first architecture of the core framework. By removing legacy code formats across multiple repositories, we ensured that the entire ElizaOS ecosystem remains compatible, modular, and free of runtime errors.\n- **Unified Runtime Fixes**: Coordination between the core framework and the n8n-workflow plugin allowed us to resolve deep-seated issues regarding authentication and message handling, ensuring that user settings propagate correctly from the dashboard to the agent runtime.\n\n## Repository Spotlights\n\n### elizaos/eliza\n- Hardened the runtime for headless servers by bypassing unavailable system secret services ([#7230](https://github.com/elizaos/eliza/pull/7230)).\n- Introduced `@elizaos/vault` to enable secure, cross-platform secrets management ([#7197](https://github.com/elizaos/eliza/pull/7197)).\n- Fixed critical authentication regressions, including SIWE failures and bot token bridging ([#7288](https://github.com/elizaos/eliza/pull/7288), [#7327](https://github.com/elizaos/eliza/pull/7327)).\n- Improved user interaction by adding clarification workflows for n8n and better context integration for Discord ([#7316](https://github.com/elizaos/eliza/pull/7316), [#7315](https://github.com/elizaos/eliza/pull/7315)).\n\n### elizaos-plugins/plugin-n8n-workflow\n- Formalized how agents request missing information from users by implementing `ClarificationRequest` structures ([#27](https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/27)).\n- Improved prompt routing reliability by switching to ID-based directives ([#28](https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/28)).\n- Resolved critical runtime crashes and message loss issues that affected Telegram bot polling ([#7244](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7244), [#7245](https://github.com/elizaos-plugins/plugin-n8n-workflow/issues/7245)).\n\n### elizaos-plugins/plugin-jupiter\n- Successfully migrated to the official `api.jup.ag` endpoint to ensure service continuity ([#4](https://github.com/elizaos-plugins/plugin-jupiter/pull/4)).\n- Implemented mandatory API key authentication to meet modern security standards for swap requests ([#4](https://github.com/elizaos-plugins/plugin-jupiter/pull/4)).\n\n### elizaos-plugins/plugin-discord\n- Addressed configuration inconsistencies where voice modules bypassed standard auto-reply settings ([#49](https://github.com/elizaos-plugins/plugin-discord/issues/49), [#50](https://github.com/elizaos-plugins/plugin-discord/pull/50)).\n\n### elizaos-plugins/plugin-telegram\n- Fixed a configuration issue to ensure Telegram setup tokens are correctly applied during runtime execution ([#29](https://github.com/elizaos-plugins/plugin-telegram/pull/29)).\n---\n{\n \"interval\": {\n \"intervalStart\": \"2026-05-01T00:00:00.000Z\",\n \"intervalEnd\": \"2026-06-01T00:00:00.000Z\",\n \"intervalType\": \"month\"\n },\n \"repository\": \"elizaos/eliza\",\n \"overview\": \"From 2026-05-01 to 2026-06-01, elizaos/eliza had 144 new PRs (90 merged), 14 new issues, and 15 active contributors.\",\n \"topIssues\": [\n {\n \"id\": \"I_kwDOMT5cIs8AAAABA4Rdow\",\n \"title\": \"build: dev-ui.mjs references `./claude-code-stealth.mjs` preload that doesn't exist on fresh clone\",\n \"author\": \"Sw4pIO\",\n \"number\": 7210,\n \"repository\": \"elizaos/eliza\",\n \"body\": \"## Summary\\n\\n`packages/app-core/scripts/dev-ui.mjs` declares `./claude-code-stealth.mjs` as a Bun `--preload` entry when the user has an Anthropic subscription, but **no build step generates that file** and **it isn't checked in**. The script's existence check (`existsSync(path.join(cwd, filePath))`) silently filters the missing file out of the preload list, so the stealth fetch interceptor never installs.\\n\\nThe interceptor is what prepends the Claude Code system prefix and identity headers (`anthropic-beta`, `user-agent: claude-cli/...`, `x-app: cli`) that Anthropic's API requires for OAuth subscription tokens. Without it, every `api.anthropic.com` request from a subscription user gets `401 Invalid authentication credentials` even though the token is valid and registered correctly.\\n\\nThe TypeScript source is at `packages/agent/src/auth/claude-code-stealth.ts` and exports `installClaudeCodeStealthFetchInterceptor()`, but the dev preload expects a different file at the **repo root**, named `.mjs`, that auto-runs on import.\\n\\n## Reproduction\\n\\nOn a fresh clone of any consumer repo (e.g. milady on `develop`):\\n\\n1. Sign in to an Anthropic subscription via `POST /api/subscription/anthropic/start` + `/exchange` so `~/.eliza/auth/anthropic-subscription.json` is written.\\n2. Manually enable `@elizaos/plugin-anthropic` in `~/./.json` (auto-enable refuses for subscription-only).\\n3. Set `ANTHROPIC_AUTH_MODE=oauth` and `CLAUDE_CODE_OAUTH_TOKEN=` in the runtime env.\\n4. `bun run dev`\\n5. Boot log shows:\\n ```\\n [milady] Stealth imports enabled: \\n ```\\n (notice \u2014 empty list because the file doesn't exist; it was silently filtered)\\n6. Send any chat message \u2192 backend retries 3\u00d7 with `AI_APICallError: Invalid authentication credentials` and surfaces the parse error to the user.\\n\\n## Diagnostic trail\\n\\n- `packages/app-core/scripts/dev-ui.mjs:785` declares the preload:\\n ```js\\n if (stealth.claude) nodeStealthImports.push(\\\"./claude-code-stealth.mjs\\\");\\n ```\\n- Then filters by existence:\\n ```js\\n const resolvedStealthImports = nodeStealthImports.filter((filePath) =>\\n existsSync(path.join(cwd, filePath)),\\n );\\n ```\\n- `find . -name claude-code-stealth.mjs -not -path '*/node_modules/*'` returns nothing on a fresh clone.\\n- The TS source exists at `packages/agent/src/auth/claude-code-stealth.ts` and exports `installClaudeCodeStealthFetchInterceptor()`. Nothing builds it into the expected location.\\n\\n## Suggested fix\\n\\nEither of:\\n\\n1. **Check in / generate the `.mjs`** at the repo root (or wherever `cwd` resolves to in `dev-ui.mjs`), with a self-installing call at the bottom. I verified locally that creating this file unblocks the Anthropic subscription auth path end-to-end (successful chat turns, zero 401s, model calls confirmed via `[stealth] \u2192anthropic` debug logs with `ELIZA_STEALTH_DEBUG=1`).\\n\\n2. **Fail loud instead of silent**: in `dev-ui.mjs`, when `stealth.claude === true` but the resolved preload file is missing, log a clear warning so users know what's wrong instead of chasing parse errors.\\n\\nBoth would help; (1) makes the feature work out of the box, (2) prevents the same multi-hour debug hunt for the next person.\\n\\n## Why this matters\\n\\nWithout the stealth interceptor, subscription auth is **completely non-functional** on the runtime side, which:\\n- Makes the `/api/subscription/anthropic/*` flow look broken (it works correctly, but the runtime that consumes its credentials can't actually use them).\\n- Forces users to either get a paid API key or sign up for Eliza Cloud \u2014 even though the codebase clearly intends to support direct subscription OAuth via the stealth path.\\n\\n## Environment\\n- bun 1.3.13\\n- eliza submodule HEAD: `4e650ca0ad`\\n- Discovered while booting milady on `develop`\",\n \"createdAt\": \"2026-04-29T22:09:53Z\",\n \"closedAt\": \"2026-05-01T20:04:54Z\",\n \"state\": \"CLOSED\",\n \"commentCount\": 1\n },\n {\n \"id\": \"I_kwDOMT5cIs8AAAABBDbGSw\",\n \"title\": \"plugin-sql runtime-migrator missing drizzle pgTable defs for entity_identities, entity_merge_candidates, fact_candidates\",\n \"author\": \"Sw4pIO\",\n \"number\": 7222,\n \"repository\": \"elizaos/eliza\",\n \"body\": \"## Summary\\n\\nThe abstract schema declarations at `packages/typescript/src/schemas/entity-identity.ts` declare three tables (`entity_identities`, `entity_merge_candidates`, `fact_candidates`) which are:\\n\\n- Exported through the schemas barrel (`packages/typescript/src/schemas/index.ts`)\\n- Actively queried by `packages/typescript/src/services/relationships.ts` and the `RELATIONSHIP_EXTRACTION` evaluator\\n- Referenced by the `RECENT_MESSAGES` provider and `longTermMemoryProvider`\\n\\nBut the corresponding **drizzle `pgTable` definitions in `plugins/plugin-sql/typescript/schema/` were never added**. The runtime-migrator (`plugins/plugin-sql/typescript/runtime-migrator/`) only emits `CREATE TABLE` from drizzle pgTables \u2014 it does not consume the abstract `SchemaTable` definitions \u2014 so on every fresh PGLite boot, these three tables silently never get created.\\n\\n## Symptoms\\n\\nOn every chat turn the runtime emits 5+ errors per message:\\n\\n```\\nError #agent:Chen [AGENT] Provider failed during state composition (provider=RECENT_MESSAGES,\\n error=Failed query: SELECT entity_id, platform, handle\\n FROM entity_identities\\n WHERE agent_id = '' AND entity_id IN ('')\\n params: )\\n\\nError [PROVIDER:MEMORY] Error in longTermMemoryProvider (err=Failed query: SELECT entity_id, platform, handle FROM entity_identities ...)\\n\\nError [EVALUATOR:MEMORY] Error during long-term memory extraction (err=Failed query: ...)\\n```\\n\\nThe agent still appears to respond, but the prompt is composed from a half-empty state (no recent messages, no entity facts, no long-term memory), so:\\n\\n- The model receives essentially an empty user message\\n- It replies \\\"I don't see a specific user message \u2014 could you provide...\\\"\\n- The structured-output parser fails to find required XML tags\\n- 3\u00d7 retries, all empty\\n- Surfaces to the user as: `I hit an internal parsing error while preparing the reply. Reason: No structured output could be parsed from the model response.`\\n\\nThis makes chat **completely unusable** on a fresh PGLite database.\\n\\n## Reproduction\\n\\n1. Fresh clone of any consumer (e.g. milady on `develop` or `alice` post-PR#105)\\n2. `bun install && bun run dev`\\n3. Complete onboarding, send any chat message\\n4. Boot log: `[PLUGIN:SQL] Executing SQL statements (pluginName=@elizaos/plugin-sql, statementCount=83)`\\n5. Subsequent chat turns: continuous `Failed query: SELECT entity_id, platform, handle FROM entity_identities ...` errors\\n\\n## Diagnostic trail\\n\\n- Schema declared: `packages/typescript/src/schemas/entity-identity.ts:13` (`entityIdentitySchema`), `:134` (`entityMergeCandidateSchema`), `:243` (`factCandidateSchema`)\\n- Schema exported: `packages/typescript/src/schemas/index.ts:28-31, :61-65`\\n- Service consuming: `packages/typescript/src/services/relationships.ts:347` (and many more), with `entity_identities` referenced 30+ times in that file alone\\n- Drizzle schema directory listing (`plugins/plugin-sql/typescript/schema/`): contains 25 schema files for agent, cache, channel, channelParticipant, component, embedding, entity, log, longTermMemories, memory, memoryAccessLogs, message, messageServer, messageServerAgent, pairingAllowlist, pairingRequest, participant, relationship, room, server, sessionSummaries, tasks, world. **Three tables missing: `entityIdentity`, `entityMergeCandidate`, `factCandidate`.**\\n\\n## Fix\\n\\nAdd `plugins/plugin-sql/typescript/schema/entityIdentity.ts` mirroring all three abstract schemas as drizzle `pgTable` definitions, including:\\n\\n- All columns with their types/defaults/notNull constraints (matches `entity-identity.ts` column-for-column)\\n- All indexes (`idx_entity_identities_entity`, `idx_entity_identities_platform_handle`, `idx_entity_merge_candidates_status`, `idx_entity_merge_candidates_pair`, `idx_fact_candidates_status`, `idx_fact_candidates_entity`)\\n- All foreign keys to `entities` and `agents` with `onDelete: \\\"cascade\\\"` (6 FKs total)\\n- Unique constraint `unique_entity_identity` on `(entity_id, platform, handle, agent_id)` for `entity_identities`\\n\\nThen export from `schema/index.ts`.\\n\\nI verified the fix locally: statement count goes from **83 \u2192 99** on next migration (3 tables + 6 indexes + 6 FKs + 1 unique = 16 new statements). Zero `entity_identities` query failures during chat after the fix. State composition succeeds, `RELATIONSHIP_EXTRACTION` evaluator completes without errors.\\n\\nI have a working diff \u2014 happy to PR.\\n\\n## Why this slipped through\\n\\nThe abstract `SchemaTable` shape and drizzle `pgTable` definitions are two parallel schema sources of truth that drifted apart. The migration generator only reads drizzle, so adding a new abstract schema produces no warning at build time, no runtime check at boot, and no error until application code actually queries the missing table \u2014 which can be far later in the user journey (after onboarding, on first chat).\\n\\nWorth considering: a sanity check at plugin-sql init that verifies every name in the abstract schemas barrel has a corresponding drizzle pgTable in the runtime-migrator's schema set, and warns/errors loudly otherwise. Would have caught this immediately.\\n\\n## Environment\\n\\n- `bun 1.3.13`\\n- `node \u2265 22`\\n- PGLite (via `@elizaos/plugin-sql` runtime-migrator)\\n- Discovered booting milady on alice (eliza submodule pinned at `05c636c004bf8c59e1b698ae755bdddfc7431ed5`)\",\n \"createdAt\": \"2026-05-01T17:09:58Z\",\n \"closedAt\": \"2026-05-01T20:04:44Z\",\n \"state\": \"CLOSED\",\n \"commentCount\": 1\n },\n {\n \"id\": \"I_kwDOMT5cIs8AAAABBHeRuA\",\n \"title\": \"telegram: milady wrapper + @elizaos/plugin-telegram both poll the same bot \u2014 race causes silent message loss\",\n \"author\": \"Sw4pIO\",\n \"number\": 7245,\n \"repository\": \"elizaos/eliza\",\n \"body\": \"## Summary\\n\\nTwo independent Telegraf consumers run against the same bot token concurrently:\\n\\n1. **`@elizaos/plugin-telegram`** \u2014 auto-enabled when `connectors.telegram.enabled === true`. Spawns its own Telegraf instance and starts long-polling.\\n2. **milady's standalone wrapper** at `packages/app-core/src/runtime/eliza.ts:534` (function `ensureTelegramBotPolling`) \u2014 spawns a *second* Telegraf instance with the same token, calls `bot.startPolling()`.\\n\\nTelegram's `getUpdates` long-poll API delivers each update to **exactly one consumer**. Whichever long-poll wins the race for a given message gets it; the other sees nothing. Updates routed to the upstream plugin go through elizaOS message handling \u2014 which on milady is not wired to a Telegram-channel-aware agent \u2014 and silently drop. Updates routed to milady's wrapper go through `useModel` directly and reply correctly.\\n\\nEnd result: **every other Telegram message (roughly) gets dropped silently**. From the user's perspective, the bot replies sometimes, ignores others.\\n\\n## Why both exist\\n\\nThe wrapper was added with this comment (`packages/app-core/src/runtime/eliza.ts:531-533`):\\n\\n> *\\\"Ensure Telegram bot is polling. The upstream plugin's `bot.launch()` is not awaited and silently fails on bun/Windows. We create a standalone Telegraf instance with proper lifecycle management.\\\"*\\n\\nSo milady spawns its own Telegraf to work around #7241 (Bun + Telegraf 4.16.3 `launch()` readonly-property bug). But it never disables the upstream plugin to avoid the duplicate poller.\\n\\n## Symptoms\\n\\n- Inconsistent: bot replies to ~50% of messages, ignores the rest.\\n- Logs show `[milady] Telegram bot polling started` AND `[PLUGIN:TELEGRAM] Starting Telegram bot` on boot.\\n- `curl https://api.telegram.org/bot/getUpdates` returns empty (something *did* consume them) but no `[milady] Telegram message from @user: ...` log entry for the dropped messages.\\n\\n## Reproduction\\n\\n1. Fresh milady, telegram connector enabled with a valid bot token.\\n2. `bun run dev` \u2014 both pollers start.\\n3. From a Telegram client, DM the bot 5 messages back to back.\\n4. ~2-3 will get a reply, ~2-3 will be silently dropped depending on which poller wins each `getUpdates` race.\\n\\n## Workaround (verified locally)\\n\\nDisable the upstream plugin so milady's wrapper is the only consumer:\\n\\n```json\\n// ~/.milady/milady.json\\n{\\n \\\"plugins\\\": {\\n \\\"entries\\\": {\\n \\\"@elizaos/plugin-telegram\\\": { \\\"enabled\\\": false },\\n \\\"telegram\\\": { \\\"enabled\\\": false }\\n }\\n },\\n \\\"connectors\\\": {\\n \\\"telegram\\\": { \\\"enabled\\\": false /* still want the bot active */ }\\n }\\n}\\n```\\n\\nAfter restart: only one Telegraf polls, every inbound message routes through milady's wrapper, every message gets a reply. Verified with 4 back-to-back messages \u2014 4 logged inbound, 4 logged replies.\\n\\n## Suggested fix\\n\\nTwo paths:\\n\\n1. **Mutually exclusive at config time.** When milady spawns its own wrapper (`ensureTelegramBotPolling`), it should also force-disable the upstream `@elizaos/plugin-telegram` and the `connectors.telegram` auto-enable. One owner per bot token, no exceptions.\\n\\n2. **Remove the wrapper, fix the upstream plugin.** Address the `launch()` Bun bug at the source (#7241). Then the wrapper becomes unnecessary and `@elizaos/plugin-telegram` is the single source of truth.\\n\\nOption 2 is the cleaner architectural fix. Option 1 is the right tactical fix until the upstream Bun issue is resolved. Either way, the current \\\"both run, hope for the best\\\" state is not OK because **silent message loss looks like working software** to the user.\\n\\n## Why this matters\\n\\nCombined with #7240 (token bridge bug) and #7241 (Telegraf launch bug), the Telegram setup path is currently unable to deliver \\\"I sent 5 messages and got 5 replies\\\" reliably out of the box. Even with the user's token correctly bridged into the env and the launch bug worked around, the dual-poller race means inconsistent delivery \u2014 a user-facing failure mode that's nearly impossible to diagnose without log access.\\n\\n## Environment\\n\\n- bun 1.3.13\\n- telegraf 4.16.3\\n- @elizaos/plugin-telegram (current alice submodule pin)\\n- milady on `alice` (PR #105 sync)\",\n \"createdAt\": \"2026-05-02T20:12:34Z\",\n \"closedAt\": \"2026-05-03T07:12:53Z\",\n \"state\": \"CLOSED\",\n \"commentCount\": 1\n },\n {\n \"id\": \"I_kwDOMT5cIs8AAAABBHd_Yw\",\n \"title\": \"duplicate MiladyClient class \u2014 augmenter prototypes attach to never-instantiated class, all client.X methods undefined at runtime\",\n \"author\": \"Sw4pIO\",\n \"number\": 7244,\n \"repository\": \"elizaos/eliza\",\n \"body\": \"## Summary\\n\\n`packages/app-core/src/api/` has **two** `export class MiladyClient` declarations:\\n\\n- `client-base.ts:36` \u2014 the one all 7 augmenter files import (`client-agent`, `client-skills`, `client-chat`, `client-cloud`, `client-vincent`, `client-wallet`, `client-browser-workspace`)\\n- `client.ts:2277` \u2014 the one the live `client` instance is built from (`export const client = new MiladyClient()` at `client.ts:6504`)\\n\\nEach augmenter does `MiladyClient.prototype.X = ...` to attach domain methods (e.g. `listAppRuns`, `listCodingAgentTaskThreads`, `sendMessage`, ~155 methods total). Because they import from `client-base.ts` and the instance is built from `client.ts`'s class, **none of those 155 methods land on the live instance**.\\n\\n## Symptoms\\n\\n- UI throws `client.listCodingAgentTaskThreads is not a function`, `client.listAppRuns is not a function`, etc. on every page that uses these methods.\\n- Errors bubble through React error boundary \u2192 chat surface freezes \u2192 text input becomes unresponsive (it's `disabled` because the surrounding state crashed).\\n- 343 methods present on prototype (the inline `client.ts` ones) \u2014 but the augmenter set is missing entirely.\\n\\n## Reproduction\\n\\n1. Fresh milady (alice, post-PR#105 sync), `bun run dev`.\\n2. Open dashboard \u2192 Chat or Apps tab.\\n3. Browser console:\\n ```js\\n const m = await import('/@fs/Users/.../packages/app-core/src/api/index.ts');\\n ({\\n listAppRuns: typeof m.client.listAppRuns, // 'undefined' \u274c\\n listCodingAgentTaskThreads: typeof m.client.listCodingAgentTaskThreads, // 'undefined' \u274c\\n methodCount: Object.getOwnPropertyNames(Object.getPrototypeOf(m.client)).length, // 343\\n })\\n ```\\n4. UI bubbles `is not a function` errors.\\n\\n## Root cause / context\\n\\n`client-base.ts` was originally introduced (per its own header comment):\\n\\n> *\\\"Separated from client.ts so domain augmentation files can import the class without circular dependency issues.\\\"*\\n\\nAt some point during the alice merge, `client.ts` had its own `export class MiladyClient` added inline (likely a refactor that consolidated methods back into one file) \u2014 but `client-base.ts` was left in place. The 7 augmenters still target `client-base.ts`. Two separate classes, two separate prototypes. The augmenters silently augment the wrong one.\\n\\nThere's no compile-time error because both files export a class with the same name and same shape. TypeScript happily lets `MiladyClient.prototype.X = ...` succeed on either.\\n\\n## Fix (verified locally)\\n\\nReplace `client-base.ts` body with a one-line re-export shim:\\n\\n```ts\\nexport { MiladyClient } from \\\"./client\\\";\\n```\\n\\nVerified locally: method count goes 343 \u2192 500 (157 augmenter methods now land on the live instance). All `is not a function` errors disappear. Chat hydrates cleanly.\\n\\n## Side-effect imports also needed\\n\\n`packages/app-core/src/api/index.ts` was also missing side-effect imports for the augmenter files. Even with the re-export shim, the augmenters need to be **loaded** for their `MiladyClient.prototype.X = ...` statements to execute:\\n\\n```ts\\nexport * from \\\"./client\\\";\\n\\n// Side-effect imports: each augments MiladyClient.prototype with methods.\\nimport \\\"./client-agent\\\";\\nimport \\\"./client-browser-workspace\\\";\\nimport \\\"./client-chat\\\";\\nimport \\\"./client-cloud\\\";\\nimport \\\"./client-skills\\\";\\nimport \\\"./client-vincent\\\";\\nimport \\\"./client-wallet\\\";\\n```\\n\\nThese were dropped in the alice merge as well \u2014 possibly because they appear redundant after `export * from \\\"./client\\\"`, but they're not (imports of side-effect-only modules need explicit `import \\\"...\\\"` statements).\\n\\n## Environment\\n\\n- bun 1.3.13\\n- milady on `alice` (PR #105 sync)\\n- React 19 + Vite dev server\",\n \"createdAt\": \"2026-05-02T20:10:27Z\",\n \"closedAt\": \"2026-05-03T07:12:56Z\",\n \"state\": \"CLOSED\",\n \"commentCount\": 1\n },\n {\n \"id\": \"I_kwDOMT5cIs8AAAABBHdQ7Q\",\n \"title\": \"auth: hasCodexCliSubscriptionAuth misses modern `tokens.access_token` shape \u2014 falsely reports 'install required'\",\n \"author\": \"Sw4pIO\",\n \"number\": 7243,\n \"repository\": \"elizaos/eliza\",\n \"body\": \"## Summary\\n\\n`packages/agent/src/auth/credentials.ts:210-225` \u2014 `hasCodexCliSubscriptionAuth()` only matches the **legacy** `~/.codex/auth.json` layout:\\n\\n```ts\\nconst data = JSON.parse(fs.readFileSync(authPath, \\\"utf-8\\\")) as {\\n auth_mode?: string;\\n OPENAI_API_KEY?: string;\\n};\\nreturn Boolean(\\n data.OPENAI_API_KEY?.trim() &&\\n data.auth_mode?.trim() &&\\n data.auth_mode.trim().toLowerCase() !== \\\"api-key\\\",\\n);\\n```\\n\\nModern `codex-cli` (\u2265 0.93.0) writes a different shape \u2014 no top-level `OPENAI_API_KEY`, no `auth_mode`, just a `tokens` object:\\n\\n```json\\n{\\n \\\"tokens\\\": {\\n \\\"id_token\\\": \\\"eyJhbGciOiJSUzI1NiIs...\\\",\\n \\\"access_token\\\": \\\"eyJhbGciOiJSUzI1NiIs...\\\",\\n \\\"refresh_token\\\": \\\"...\\\",\\n \\\"account_id\\\": \\\"...\\\"\\n },\\n \\\"last_refresh\\\": \\\"...\\\"\\n}\\n```\\n\\nDetection returns `false` \u2192 milady reports the user's Codex subscription as \\\"install required\\\" on the Settings \u2192 Connectors panel and the auto-enable map for `@elizaos/plugin-openai` is skipped. The `subscriptionProvider` resolution silently falls through, so chat routes to whatever else is configured (or fails).\\n\\n## Symptoms\\n\\n- User has a valid `codex login` session (verifiable: `codex --version` works, `~/.codex/auth.json` exists with `tokens` block, manual API calls with `tokens.access_token` succeed).\\n- Milady dashboard shows **Codex: install required** even though the CLI is installed and authenticated.\\n- Boot log lacks `Auto-enabled plugin: @elizaos/plugin-openai (subscription: openai-codex)`.\\n- Chat falls back to \\\"Sorry, I'm having a provider issue\\\" because routing thinks no provider is available.\\n\\n## Reproduction\\n\\n1. `brew install codex-cli` (or already installed \u2014 version \u2265 0.93.0)\\n2. `codex login` \u2014 authenticates and writes `~/.codex/auth.json` in the new format\\n3. `cat ~/.codex/auth.json | python3 -c \\\"import json,sys; d=json.load(sys.stdin); print({'OPENAI_API_KEY': d.get('OPENAI_API_KEY'), 'auth_mode': d.get('auth_mode'), 'has_tokens': bool(d.get('tokens'))})\\\"` \u2192\\n ```\\n {'OPENAI_API_KEY': None, 'auth_mode': None, 'has_tokens': True}\\n ```\\n4. Boot milady \u2192 log shows no Codex auto-enable.\\n5. Settings \u2192 Connectors \u2192 Codex shows \\\"install required\\\".\\n\\n## Workaround (verified locally)\\n\\nManually translate `~/.codex/auth.json` into the milady-side `~/.eliza/auth/openai-codex.json` shape:\\n\\n```python\\nrecord = {\\n 'id': 'default',\\n 'providerId': 'openai-codex',\\n 'label': 'Codex CLI',\\n 'source': 'codex-cli',\\n 'credentials': {\\n 'access': tokens['access_token'],\\n 'refresh': tokens['refresh_token'],\\n 'expires': now_ms + 3600 * 1000,\\n },\\n 'createdAt': now_ms,\\n 'updatedAt': now_ms,\\n}\\n```\\n\\nAfter writing this file + restart, milady detects the subscription and `@elizaos/plugin-openai` auto-enables.\\n\\n## Suggested fix\\n\\nUpdate `hasCodexCliSubscriptionAuth()` to recognize **both** shapes:\\n\\n```ts\\nfunction hasCodexCliSubscriptionAuth(): boolean {\\n const authPath = path.join(os.homedir(), \\\".codex\\\", \\\"auth.json\\\");\\n try {\\n const data = JSON.parse(fs.readFileSync(authPath, \\\"utf-8\\\")) as {\\n auth_mode?: string;\\n OPENAI_API_KEY?: string;\\n tokens?: {\\n access_token?: string;\\n refresh_token?: string;\\n };\\n };\\n\\n // Modern codex-cli (>= 0.93.0): tokens block present.\\n if (data.tokens?.access_token?.trim()) return true;\\n\\n // Legacy: OPENAI_API_KEY + non-\\\"api-key\\\" auth_mode.\\n return Boolean(\\n data.OPENAI_API_KEY?.trim() &&\\n data.auth_mode?.trim() &&\\n data.auth_mode.trim().toLowerCase() !== \\\"api-key\\\",\\n );\\n } catch {\\n return false;\\n }\\n}\\n```\\n\\nThen update the credential-import path (`importCodexCliCredentials` or wherever it lives) to translate `tokens.access_token`/`tokens.refresh_token` \u2192 `OAuthCredentials.{access,refresh,expires}` when the legacy fields are absent.\\n\\n## Why it matters\\n\\nEvery user on a fresh install with a current `codex-cli` will hit this. The codex CLI changed its auth file format and milady's detection didn't get updated. From the user's perspective: \\\"I logged in with codex, milady says I didn't\\\" \u2192 confusion.\\n\\n## Environment\\n- bun 1.3.13\\n- codex-cli 0.93.0 (the one written by the modern CLI)\\n- macOS arm64\\n- milady on `alice` (PR #105 sync)\",\n \"createdAt\": \"2026-05-02T20:06:05Z\",\n \"closedAt\": \"2026-05-03T07:12:59Z\",\n \"state\": \"CLOSED\",\n \"commentCount\": 1\n }\n ],\n \"topPRs\": [\n {\n \"id\": \"PR_kwDOMT5cIs7XooKA\",\n \"title\": \"chore: add cloud and plugins, remove rust and python\",\n \"author\": \"lalalune\",\n \"number\": 7235,\n \"body\": \"This PR simplifies and consolidates\",\n \"repository\": \"elizaos/eliza\",\n \"createdAt\": \"2026-05-02T11:46:07Z\",\n \"mergedAt\": \"2026-05-03T00:50:22Z\",\n \"additions\": 1307096,\n \"deletions\": 248884\n },\n {\n \"id\": \"PR_kwDOMT5cIs7X8Akl\",\n \"title\": \"Add ilfeops code + analysis mode\",\n \"author\": \"lalalune\",\n \"number\": 7356,\n \"body\": \"This adds some code to make things more interesting\",\n \"repository\": \"elizaos/eliza\",\n \"createdAt\": \"2026-05-04T08:56:25Z\",\n \"mergedAt\": \"2026-05-04T10:24:03Z\",\n \"additions\": 28474,\n \"deletions\": 1876\n },\n {\n \"id\": \"PR_kwDOMT5cIs7WsOJC\",\n \"title\": \"feat(vault): @elizaos/vault \u2014 cross-platform secrets vault + Settings UI integration\",\n \"author\": \"Dexploarer\",\n \"number\": 7197,\n \"body\": \"# Relates to\\n\\nThis is the upstream-targeting twin of milady-ai/eliza#6. The vault feature originated in the Milady fork; this PR lands the upstream-relevant slice on `elizaOS/eliza:develop`.\\n\\n# Risks\\n\\n**Low.** The vault is an additive workspace package; the runtime + Settings UI integration is a write-through mirror over the existing `config.env.X` storage path, so disabling it is a one-line change in `plugins-compat-routes.ts` (`mirrorPluginSensitiveToVault` \u2192 no-op). Cross-platform secret-service behaviour is exercised by a new dedicated CI workflow (macOS Keychain / Windows Credential Manager / Linux libsecret) so the headline portability claim is verifiable on every PR. The legacy `config.env.X` write path is unchanged \u2014 even if every vault call failed, plugin saves would still persist.\\n\\n# Background\\n\\n## What does this PR do?\\n\\nAdds **`@elizaos/vault`** \u2014 a cross-platform secrets/config vault \u2014 and wires it into the agent runtime + Settings UI so the existing \\\"save my OpenAI key\\\" flow stops storing plaintext in `config.env` and starts encrypting at rest with a key from the OS keychain.\\n\\n### `@elizaos/vault` (new package, `packages/vault/`)\\n\\n- **Encryption-at-rest** with AES-256-GCM, secret-id-as-AAD (so a leaked ciphertext can't be replayed against a different key).\\n- **Master key in the OS keychain by default** \u2014 macOS Keychain, Windows Credential Manager, Linux Secret Service via `@napi-rs/keyring`.\\n- **Headless fallback**: `passphraseMasterKey()` / `passphraseMasterKeyFromEnv(\\\"MILADY_VAULT_PASSPHRASE\\\")` derives the master key with `scrypt` for Linux servers and CI without a Secret Service agent.\\n- `defaultMasterKey()` chains keychain \u2192 passphrase \u2192 throws `MasterKeyUnavailableError` whose message names every remediation path.\\n- **One API for sensitive and non-sensitive config** \u2014 `vault.set(key, value, { sensitive: true })` vs `vault.set(key, value)`.\\n- **Password-manager references are first-class** \u2014 values can live in 1Password / Proton Pass / Bitwarden, the vault stores only the resolver reference.\\n- **`SecretsManager`** layer routes per-key writes/reads to the user-selected backend (`in-house`, `1password`, `bitwarden`, `protonpass`), with detection + preferences API at `/api/secrets/manager/{backends,preferences}`.\\n- **Audit log** at `audit/vault.jsonl` per write.\\n- **Testing harness** (`@elizaos/vault/testing#createTestVault`) that produces a vault wired to an in-memory master key for downstream tests.\\n\\n### Runtime + Settings UI integration\\n\\n- **Write-through mirror in `/api/plugins/:id` PUT**: when a sensitive plugin field is saved, the value is mirrored into the vault (encrypted at rest) on top of the existing `config.env.X` write. Mirror failures are surfaced to the UI under `vaultMirrorFailures` rather than silently swallowed.\\n- **Vault-first reveal**: `POST /api/plugins/:id/reveal` consults `sharedVault().get(key)` before falling back to `process.env` / `config.env`, so a freshly-saved key is the value the user sees.\\n- **Per-process cached `sharedVault()`** so concurrent saves share `VaultImpl.mutate()`'s mutex; a per-request `createVault()` would race and silently lose entries.\\n- **Broader credential heuristic** \u2014 `pickPrimaryCredentialParam()` walks a priority-ordered regex list (`API_KEY` \u2192 `API_TOKEN` \u2192 `BOT_TOKEN` \u2192 `ACCESS_TOKEN` \u2192 `SECRET_KEY` \u2192 `PRIVATE_KEY` \u2192 `CLIENT_SECRET`) instead of only matching `*_API_KEY$`, with an explicit fallback to the first sensitive parameter. Closes the bug where typing a model field before the API-key field caused `Object.values(config).find()` to pick up the model slug; also fixes connectors whose primary credential is a bot token / private key / client secret.\\n- **Settings UI** \u2014 `SecretsManagerSection` + `ApiKeyConfig` with inline prefix validation and validation warnings, keyboard shortcut `\u2318\u2325\u2303V` (Mac) / `Ctrl+Alt+Shift+V` (Win/Linux), global modal mount, application menu accelerator.\\n- **Cloud disconnect orphan-route patch**: `/api/cloud/disconnect` now nulls every routed service (`llmText`, `tts`, `media`, `embeddings`, `rpc`) instead of just `llmText`, so disconnect doesn't leave silently-401'ing voice/image/embedding features routed at the dead `cloud-proxy \u2192 elizacloud`. Plus `linkedAccounts.elizacloud.status=\\\"unlinked\\\"` to prevent the in-memory state from overwriting the canonical unlinked state on next `saveElizaConfig`.\\n\\n### Runtime-ops \u00d7 vault\\n\\n- `ProviderSwitchIntent.apiKeyRef` replaces plaintext `apiKey` end-to-end. The provider-switch route writes the vault entry, persists only the reference, and resolves through the vault when the runtime reload-hot needs the key.\\n- Legacy ops with plaintext `apiKey` are auto-migrated to `apiKeyRef` on hydrate.\\n- Repository pruning suite (retention, cap, idempotency, hydrate; 6 tests).\\n- A `simplify` pass that dedupes utility code, removes ghost phases, and consolidates state.\\n\\n## What kind of change is this?\\n\\n**Features** \u2014 non-breaking. `@elizaos/vault` is new. The runtime/Settings wiring is additive on top of the existing config-write path, controlled by feature presence rather than a flag. The provider-switch `apiKeyRef` replaces `apiKey` but a hydrate-time migration upgrades legacy ops in place.\\n\\n# Documentation changes needed?\\n\\nMy changes do not require a change to the project documentation. New package documentation lives inline in `packages/vault/README.md` and the public API surface is documented via TSDoc. The Settings UI changes are user-facing but match the existing settings pattern.\\n\\n# Testing\\n\\n## Where should a reviewer start?\\n\\n1. **`packages/vault/`** \u2014 start with `src/vault.ts` (the public API), then `src/master-key.ts` (the keychain/passphrase chain), then `src/manager.ts` (the multi-backend router). Tests in `test/{vault,master-key,manager,store,envelope,references,keyring}.test.ts` exercise every public path; `test/master-key.test.ts` covers the headless-fallback chain explicitly.\\n2. **`packages/app-core/src/services/vault-mirror.ts`** + `packages/app-core/src/services/vault-mirror.test.ts` \u2014 the write-through mirror is small, isolated, and has a focused test that includes failure-collection and a source-text guard for the vault-first reveal ordering.\\n3. **`packages/app-core/src/api/plugins-compat-routes.ts`** \u2014 the `PUT /api/plugins/:id` handler and `/reveal` route, where the vault wiring sits next to the existing legacy code path.\\n4. **`packages/agent/src/runtime/operations/`** \u2014 `vault-bridge.ts`, `vault-integration.test.ts`, and `health.test.ts` show the `apiKeyRef` migration. The 22-case integration suite is the strongest evidence that the runtime path keeps working.\\n\\n## Detailed testing steps\\n\\nAutomated tests are acceptable.\\n\\n- **Vault unit suite (cross-platform)**: `bun run --cwd packages/vault test` \u2014 64 tests covering vault, master-key (incl. passphrase fallback), manager, store, envelope, references, keyring round-trips. The new `vault-ci` workflow runs this matrix on `ubuntu-latest`, `macos-latest`, `windows-latest` so the OS-keychain claim is checked on every PR.\\n- **App-core wiring suite**: `bun run --cwd packages/app-core test` \u2014 37 wiring tests (vault-mirror unit + source-text guards, secrets-manager-routes integration via real `http.Server`, usePluginsSkillsState heuristic priority list, useSecretsManagerShortcut Mac/Win/Linux chord matching, server.cloud-disconnect orphan-route guard).\\n- **Runtime-ops vault integration**: 22 cases in `packages/agent/src/runtime/operations/vault-integration.test.ts` proving the `apiKeyRef` path works end-to-end.\\n- **End-to-end save-flow**: `provider-switch-routes.e2e.test.ts` stands up a real `http.Server` and exercises Settings PUT \u2192 mirror \u2192 reveal \u2192 provider switch against an in-memory vault.\\n- **Cross-platform CI**: the new `vault-ci` workflow (`.github/workflows/vault-ci.yaml`) runs the vault suite on macOS / Linux / Windows runners; an `app-core-wiring` job runs the wiring tests on `ubuntu-latest` with proto generation as a prerequisite.\\n\\n### Manual smoke (UI)\\n\\n1. Open the desktop app \u2192 **Settings \u2192 Plugins \u2192 OpenAI** (or any AI provider).\\n2. Enter an API key, save.\\n3. The plugin row should turn green and reload the agent. Open `~/.milady/vault.json` \u2014 the value is encrypted; the OS keychain holds the master key under `service: \\\"milady\\\"`, `account: \\\"vault.masterKey\\\"`.\\n4. Open the **Secrets Vault** modal via `\u2318\u2325\u2303V` (or **Edit \u2192 Secrets Vault** menu). Switch the routing for `OPENAI_API_KEY` to a different backend, save. Subsequent reveals fetch from the new backend.\\n\\n## Deploy notes\\n\\n- **`@elizaos/vault` is a new workspace package** \u2014 `bun install` at the repo root picks it up; nothing extra to do.\\n- **No database changes.**\\n- **No breaking changes** to existing config files. Legacy `config.env.X` writes still happen alongside the vault mirror; vault values shadow `process.env` only in the reveal path. The `apiKeyRef` migration on the runtime-ops side is in-place on hydrate (no operator action required).\\n\\n---\\n\\n\ud83e\udd16 Generated with [Claude Code](https://claude.com/claude-code)\\n\",\n \"repository\": \"elizaos/eliza\",\n \"createdAt\": \"2026-04-29T11:25:51Z\",\n \"mergedAt\": \"2026-05-01T03:12:42Z\",\n \"additions\": 22472,\n \"deletions\": 677\n },\n {\n \"id\": \"PR_kwDOMT5cIs7YJahe\",\n \"title\": \"feat(slack): migrate plugin-slack into the monorepo\",\n \"author\": \"2-A-M\",\n \"number\": 7375,\n \"body\": \"## Summary\\n\\nBrings \\\\`@elizaos/plugin-slack\\\\` from [elizaos-plugins/plugin-slack](https://github.com/elizaos-plugins/plugin-slack) into the monorepo at \\\\`plugins/plugin-slack/\\\\` alongside the other connector plugins already living here (discord, telegram, signal, whatsapp, wechat, xmtp, instagram, matrix, line, feishu, google-chat, imessage, x, twitch, bluesky, bluebubbles, farcaster, nostr).\\n\\nSlack was the last major-platform connector still living standalone. The standalone repo is at \\\\`v2.0.0-alpha\\\\` with the same \\\\`typescript/python/rust\\\\` layout as plugin-elizacloud and friends, so it was already migration-ready \u2014 just hadn't been picked up by the migration sweep.\\n\\nThe source matches the standalone repo's \\\\`next\\\\` branch tip plus the multi-message handling fix from [elizaos-plugins/plugin-slack#1](https://github.com/elizaos-plugins/plugin-slack/pull/1) (\\\\`d50e802\\\\`), which has been sitting on standalone with an APPROVED review since 2026-02-28. That PR will close as superseded by this one.\\n\\n## What lands\\n\\n- \\\\`src/\\\\` \u2014 service, accounts, formatting, config, index, types, plus:\\n - \\\\`actions/\\\\` \u2014 sendMessage, editMessage, deleteMessage, listChannels, readChannel, pinMessage, unpinMessage, listPins, reactToMessage, emojiList, getUserInfo (11 actions)\\n - \\\\`providers/\\\\` \u2014 channelState, memberList, workspaceInfo (3 providers)\\n- \\\\`__tests__/\\\\` \u2014 \\\\`accounts.test.ts\\\\` (98 tests), \\\\`formatting.test.ts\\\\` (22 tests)\\n- \\\\`package.json\\\\` \u2014 workspace-aware: \\\\`@elizaos/core: workspace:*\\\\`, version bumped to \\\\`2.0.0-alpha.537\\\\` to match sibling plugins, scripts aligned with monorepo conventions (biome from root \\\\`node_modules\\\\`)\\n- \\\\`tsconfig.json\\\\` (modeled on plugin-discord), \\\\`build.ts\\\\` (unchanged from standalone), \\\\`README.md\\\\`, \\\\`LICENSE\\\\`\\n\\n## API drift fixes (alpha.3 \u2192 alpha.537)\\n\\nThe standalone \\\\`peerDependencies\\\\` pinned \\\\`@elizaos/core: 2.0.0-alpha.3\\\\`. The monorepo is at alpha.537, and the core API has moved in two specific ways the slack plugin needed updates for:\\n\\n- **\\\\`State.recentMessagesData\\\\` typing.** Providers in \\\\`channelState.ts\\\\`, \\\\`memberList.ts\\\\`, \\\\`workspaceInfo.ts\\\\` read \\\\`state?.recentMessagesData\\\\`, which is now typed as the broader \\\\`StateValue\\\\` union (\\\\`string | number | bigint | true | object\\\\`) rather than \\\\`Memory[]\\\\` directly. Cast the field to \\\\`Memory[] | undefined\\\\` at the read site so \\\\`validateActionKeywords\\\\` / \\\\`validateActionRegex\\\\` get the expected shape. Behavior unchanged.\\n- **\\\\`MentionContext\\\\` shape.** \\\\`service.ts\\\\` was constructing \\\\`{ isMention: true }\\\\`; the type now requires \\\\`isReply\\\\` and \\\\`isThread\\\\` too. Filled with \\\\`false\\\\` for the mention-only path. Behavior unchanged for the existing mention handling.\\n\\n## Verified\\n\\n- \u2705 \\\\`tsc --noEmit -p plugins/plugin-slack/tsconfig.json\\\\` clean\\n- \u2705 120/120 unit tests pass (\\\\`bun test plugins/plugin-slack/__tests__/\\\\`)\\n- \u2705 \\\\`bun run build.ts\\\\` produces \\\\`dist/index.js\\\\` + \\\\`.d.ts\\\\` cleanly\\n\\n## Follow-ups (not in this PR)\\n\\n- Close [elizaos-plugins/plugin-slack#1](https://github.com/elizaos-plugins/plugin-slack/pull/1) as superseded once this lands.\\n- The standalone repo itself can be archived or kept as a thin re-export, mirroring how the other migrated plugin repos are handled.\\n- The CodeRabbit P2 nitpick on the multi-message handling fix (channel_type undefined edge case) is preserved as-is from the standalone PR \u2014 landing the existing fix verbatim, leaving any further hardening to a follow-up.\\n\\n## Test plan\\n- [x] Typecheck clean\\n- [x] Unit tests green (120/120)\\n- [x] Build artifact produced\\n- [ ] Wire-up smoke test against a live Slack workspace \u2014 out of scope for this PR; happy to follow up if maintainers want it before merge\\n\\n\ud83e\udd16 Generated with [Claude Code](https://claude.com/claude-code)\\n\\n\\n\\n

Greptile Summary

\\n\\nThis PR migrates `@elizaos/plugin-slack` from its standalone repository into the monorepo, adding 11 actions, 3 providers, a Socket Mode service, and 120 passing unit tests. The alpha API drift fixes (`State.recentMessagesData` cast and `MentionContext` shape) are correctly applied.\\n\\n- **P1 \u2013 silent message drops**: `getUser()` in `handleMessage` and `handleAppMention` calls `client.users.info` without a try/catch. A Slack API error (rate-limit, deactivated user, network) will throw through the entire Bolt event handler, causing the message to be lost with no memory stored and no agent reply.\\n- **P2 \u2013 stale `repository.url`**: `package.json` still points to the old `elizaos-plugins/plugin-slack` standalone repo instead of the monorepo.\\n- **P2 \u2013 unused `zod` runtime dependency**: `zod` is declared in `dependencies` but never imported in any source file.\\n\\n

Confidence Score: 3/5

\\n\\nNot safe to merge without fixing the missing try/catch around getUser() \u2014 incoming messages are silently dropped on any Slack API error during user lookup.\\n\\nOne P1 defect (unguarded getUser throws drop live messages) plus two P2 hygiene issues (stale repo URL, unused zod dependency). The P1 is on the critical incoming-message path so the score is pulled below the ceiling.\\n\\nplugins/plugin-slack/src/service.ts (handleMessage and handleAppMention event handlers); plugins/plugin-slack/package.json\\n\\n

Important Files Changed

\\n\\n| Filename | Overview |\\n|----------|----------|\\n| plugins/plugin-slack/src/service.ts | Core Slack service with Socket Mode integration \u2014 contains a P1 missing try/catch around `getUser()` in event handlers (messages silently dropped on API errors), and a P2 channel-type mapping where both MPIM and public channels collapse to `ChannelType.GROUP`. |\\n| plugins/plugin-slack/package.json | Package metadata has two P2 issues: `repository.url` still points to the old standalone repo and `zod` is declared as a runtime dependency but is never imported in source. |\\n| plugins/plugin-slack/src/index.ts | Plugin registration and re-exports; token validation and masked logging look correct. Imports/exports are well-organized. |\\n| plugins/plugin-slack/src/actions/sendMessage.ts | Action handler with LLM-extracted parameters; the generated `validate` wrapper is verbose but functionally correct; channel resolution and fallback logic are sound. |\\n| plugins/plugin-slack/src/providers/channelState.ts | Channel state provider with correct `Memory[] | undefined` cast for `recentMessagesData`; relevance-gating and fallback paths look correct. |\\n| plugins/plugin-slack/src/types.ts | Comprehensive Slack type definitions, error classes, and utility functions; looks correct and well-structured. |\\n| plugins/plugin-slack/src/accounts.ts | Multi-account resolution helpers with token validation logic; parallel type definitions to `config.ts` but scoped correctly to `accounts.ts` exports only. |\\n\\n\\n\\n

Sequence Diagram

\\n\\n```mermaid\\nsequenceDiagram\\n participant Slack as Slack (Socket Mode)\\n participant Bolt as @slack/bolt App\\n participant SVC as SlackService\\n participant RT as IAgentRuntime\\n participant Agent as MessageService\\n\\n Slack->>Bolt: message / app_mention event\\n Bolt->>SVC: handleMessage() / handleAppMention()\\n SVC->>SVC: isChannelAllowed()\\n SVC->>RT: getEntityById(entityId)\\n SVC->>Slack: users.info (getUser) \u26a0\ufe0f no try/catch\\n SVC->>RT: createEntity()\\n SVC->>RT: createMemory(memory, \\\"messages\\\")\\n SVC->>RT: emitEvent(SLACK_MESSAGE_RECEIVED)\\n SVC->>Agent: messageService.handleMessage(memory, callback)\\n Agent-->>SVC: callback(response)\\n SVC->>Slack: chat.postMessage (sendMessage)\\n SVC->>RT: createMemory(responseMemory)\\n SVC->>RT: emitEvent(SLACK_MESSAGE_SENT)\\n```\\n\\nReviews (1): Last reviewed commit: [\\\"feat(slack): migrate plugin-slack into m...\\\"](https://github.com/elizaos/eliza/commit/32b5ec0448c0943d5ccdbaa1ed00047fb7d94310) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=30739102)\\n\\n> Greptile also left **4 inline comments** on this PR.\\n\\n\",\n \"repository\": \"elizaos/eliza\",\n \"createdAt\": \"2026-05-04T19:59:56Z\",\n \"mergedAt\": \"2026-05-04T20:03:13Z\",\n \"additions\": 7299,\n \"deletions\": 0\n },\n {\n \"id\": \"PR_kwDOMT5cIs7YL89f\",\n \"title\": \"feat(cloud): support monetized container app domains\",\n \"author\": \"NubsCarson\",\n \"number\": 7376,\n \"body\": \"# Relates to\\n\\nCloud app/domain monetization build path.\\n\\n# Risks\\n\\nLarge. This touches Cloud app auth, app-scoped chat, Cloudflare domain management, and container deployment status handling. Review should focus on route ownership checks, billing/error behavior, and deployment lifecycle state transitions.\\n\\n# Background\\n\\n## What does this PR do?\\n\\nAdds the production Cloud path needed for agent-built monetized apps:\\n\\n- App-scoped chat endpoint support at `/api/v1/apps/:appId/chat`, routed through the configured provider/AI Gateway with app monetization metadata.\\n- Cloudflare-managed app domain support, including check/buy/status/sync flows and app-domain ownership checks.\\n- App auth callback/session handling needed for generated apps to complete OAuth-style sign-in and return to the app.\\n- Local container control-plane deployment support and immediate monitor reconciliation so a healthy container is marked `running` instead of staying stuck in `deploying`.\\n- Skill docs aligned with the Cloud container/OAuth/monetized-chat/domain lifecycle.\\n\\n## What kind of change is this?\\n\\nFeatures and bug fixes.\\n\\n# Documentation changes needed?\\n\\nUpdated included skill documentation for Cloud app builds and app domain lifecycle behavior.\\n\\n# Testing\\n\\n## Where should a reviewer start?\\n\\nStart with Cloud app/domain route changes, then the container deployment status monitor, then the skill docs.\\n\\n## Detailed testing steps\\n\\n- `bun run --cwd cloud/apps/api typecheck`\\n- `bun run --cwd cloud/services/container-control-plane typecheck`\\n- `bun test cloud/packages/tests/unit/domains/domain-pricing.test.ts cloud/packages/tests/unit/domains/cloudflare-dns-stub.test.ts cloud/packages/tests/unit/domains/cloudflare-registrar-stub.test.ts`\\n- Local Discord e2e with normal app prompts spawned Codex, registered Cloud apps, enabled app-scoped monetized chat, completed OAuth-style app auth, offered Cloudflare domains, and verified unsigned chat returns `401 not_signed_in`.\\n- Local custom-domain e2e verified `nubilio.org` against the local Cloud stack and confirmed the app auth entry point returns Cloud HTML.\\n\\n# Deploy Notes\\n\\nRequires the Cloud API/frontend/control-plane deploy together. Configure Cloudflare registrar/DNS env vars and the AI Gateway/provider env already expected by Cloud. Container deployment status depends on the container control-plane service being reachable.\\n\\n## Database changes\\n\\nIncludes Cloud domain/app-domain state changes from the Cloud codepath. Run the Cloud migrations before enabling the new domain/app routes in prod.\\n\\n## Deployment instructions\\n\\nDeploy Cloud API, frontend, and container control-plane from the same revision. Do not enable automatic domain purchase without the existing user confirmation step.\\n\\n\\n\\n

Greptile Summary

\\n\\nThis PR adds the production Cloud path for agent-built monetized apps: app-scoped chat at `/api/v1/apps/:id/chat` with credit debit/reconcile, Cloudflare-managed domain buy/check/status/sync/verify flows, an app OAuth-style auth callback, and a new Node container control-plane sidecar with an immediate deploy-monitor reconciliation on container creation.\\n\\n- **P1 \u2014 Auth errors return 500 on the chat endpoint:** `requireAuthOrApiKeyWithOrg` is called inside `Promise.all`. For API-key callers (where the global middleware skips validation), any `AuthenticationError` or `ForbiddenError` is caught by the outer catch and returned as HTTP 500 instead of 401/403.\\n- **P1 \u2014 Sync never marks a Cloudflare domain as `verified` after zone provisioning:** When a domain is purchased while zone creation is still pending (`verified: false`), calling `/sync` later sets `status: \\\\\\\"active\\\\\\\"` but omits `verified: true`, leaving `listVerifiedAppOrigins` (used for CORS) permanently empty for that domain.\\n\\n

Confidence Score: 3/5

\\n\\nNot safe to merge without addressing the two P1s; auth misclassification and broken CORS sync compound the already-flagged credit/refund issues from the prior review round.\\n\\nMultiple P1 findings across core paths (auth, CORS, and credit reconciliation from prior round) pull the score below the P1 ceiling.\\n\\ncloud/apps/api/v1/apps/[id]/chat/route.ts (auth error handling), cloud/apps/api/v1/apps/[id]/domains/sync/route.ts (verified flag), cloud/apps/api/v1/apps/[id]/domains/buy/route.ts (credit refund on DB failure)\\n\\n

Important Files Changed

\\n\\n\\n\\n\\n| Filename | Overview |\\n|----------|----------|\\n| cloud/apps/api/v1/apps/[id]/chat/route.ts | New app-scoped monetized chat endpoint; auth errors from API-key callers are swallowed as 500 inside Promise.all; streaming/non-streaming credit reconciliation edge cases already flagged in previous reviews. |\\n| cloud/apps/api/v1/apps/[id]/domains/sync/route.ts | New domain sync endpoint; does not pass verified: true to syncStatus when a pending Cloudflare domain becomes active, leaving CORS origin lists stale. |\\n| cloud/apps/api/v1/apps/[id]/domains/buy/route.ts | New atomic domain-buy flow; DB write failure after successful registration leaves credits consumed with no refund (flagged in prior review). |\\n| cloud/services/container-control-plane/src/index.ts | New Node container control-plane; requireInternalToken is a no-op when CONTAINER_CONTROL_PLANE_TOKEN env var is absent (flagged in prior review). |\\n| cloud/packages/lib/services/managed-domains.ts | New managed-domains service; upsert/insert/syncStatus logic is solid; org-ownership guard correctly rejects cross-org conflicts. |\\n\\n\\n\\n\\n\\n

Sequence Diagram

\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant CloudAPI as Cloud API\\n participant CF as Cloudflare Registrar\\n participant DB as managed_domains DB\\n\\n Note over Client,DB: Domain Sync (BUG)\\n Client->>CloudAPI: POST /apps/:id/domains/sync\\n CloudAPI->>CF: getRegistrationStatus\\n CF-->>CloudAPI: status=active\\n CloudAPI->>DB: syncStatus(status=active, isLive=true)\\n Note right of DB: verified stays false!\\n CloudAPI-->>Client: verified=false (broken CORS)\\n```\\n\\n\\n

Comments Outside Diff (3)

\\n\\n1. `cloud/apps/api/v1/apps/[id]/chat/route.ts`, line 498-558 ([link](https://github.com/elizaos/eliza/blob/2692d06ba732110606be388695e1a3d3e659c5f3/cloud/apps/api/v1/apps/[id]/chat/route.ts#L498-L558)) \\n\\n \\\"P1\\\" **Full refund issued after stream content is already delivered**\\n\\n `writerClosed` is set to `true` at line 498 and `writer.close()` is called at line 499. If any subsequent await \u2014 `calculateCost` or `appCreditsService.reconcileCredits` \u2014 throws (e.g., transient DB error), the outer `catch` at line 559 calls `reconcileCredits` with `actualBaseCost: 0`, issuing a full refund for a stream that was already successfully delivered to the user. Users can receive inference for free whenever the reconciliation step fails.\\n\\n2. `cloud/apps/api/v1/apps/[id]/chat/route.ts`, line 637-669 ([link](https://github.com/elizaos/eliza/blob/7dd117f331e62045f271c441fed1aaa6f2b12ff8/cloud/apps/api/v1/apps/[id]/chat/route.ts#L637-L669)) \\n\\n \\\"P1\\\" **Non-streaming reconciliation failure: user charged, no response returned, no refund**\\n\\n If `reconcileCredits` at line 637 throws (transient DB error, network blip), execution falls to the outer `catch` at line 670, which returns a 500 to the user. At that point credits have been deducted at 1.5\u00d7 the estimate, the provider already delivered a successful response (consumed via `providerResponse.json()` at line 606), and no refund is issued. The user is overcharged by the full reserved amount and receives neither the AI response nor their credits back.\\n\\n Add a try/catch around the reconciliation that attempts a full refund and still returns the provider's response to the user.\\n\\n3. `cloud/apps/api/v1/apps/[id]/chat/route.ts`, line 165-169 ([link](https://github.com/elizaos/eliza/blob/1c07ef5b8264ab48fcafb5f80c9c1e0d80f3f327/cloud/apps/api/v1/apps/[id]/chat/route.ts#L165-L169)) \\n\\n \\\"P1\\\" **Auth errors masked as 500 for API-key callers**\\n\\n `requireAuthOrApiKeyWithOrg` is called inside `Promise.all` at line 165. When the global auth middleware bypasses cookie auth for API-key requests (`if (apiKey || elizaBearer) { next(); }`), the per-route key validation runs here. If the key is invalid or expired, `AuthenticationError` or `ForbiddenError` is thrown, falls into the outer `catch` at line 670, and is returned to the caller as `status: 500` with `code: \\\"internal_server_error\\\"` instead of 401/403. Clients that retry on 401 will never retry, and the error message gives no hint of the actual cause.\\n\\n
\\n\\n\\n\\nReviews (4): Last reviewed commit: [\\\"fix(cloud): respect noble hashes package...\\\"](https://github.com/elizaos/eliza/commit/1c07ef5b8264ab48fcafb5f80c9c1e0d80f3f327) | [Re-trigger Greptile](https://app.greptile.com/api/retrigger?id=30759652)\\n\\n> Greptile also left **1 inline comment** on this PR.\\n\\n\",\n \"repository\": \"elizaos/eliza\",\n \"createdAt\": \"2026-05-04T22:15:44Z\",\n \"mergedAt\": \"2026-05-04T23:22:42Z\",\n \"additions\": 5571,\n \"deletions\": 437\n }\n ],\n \"codeChanges\": {\n \"additions\": 30795,\n \"deletions\": 4107,\n \"files\": 378,\n \"commitCount\": 814\n },\n \"completedItems\": [\n {\n \"title\": \"feat(vault): @elizaos/vault \u2014 cross-platform secrets vault + Settings UI integration\",\n \"prNumber\": 7197,\n \"type\": \"feature\",\n \"body\": \"# Relates to\\n\\nThis is the upstream-targeting twin of milady-ai/eliza#6. The vault feature originated in the Milady fork; this PR lands the upstream-relevant slice on `elizaOS/eliza:develop`.\\n\\n# Risks\\n\\n**Low.** The vault is an additive works\",\n \"files\": [\n \".github/actions/setup-bun-workspace/action.yml\",\n \".github/workflows/apple-store-release.yml\",\n \".github/workflows/mobile-build-smoke.yml\",\n \".github/workflows/nightly.yml\",\n \".github/workflows/quality-fork.yml\",\n \".github/workflows/test-electrobun-release.yml\",\n \".github/workflows/vault-ci.yaml\",\n \".github/workflows/windows-dev-smoke.yml\",\n \"apps/app/.env.example\",\n \"apps/app/.gitignore\",\n \"apps/app/README.md\",\n \"apps/app/app.config.ts\",\n \"apps/app/capacitor.config.ts\",\n \"apps/app/electrobun/.gitignore\",\n \"apps/app/index.html\",\n \"apps/app/package.json\",\n \"apps/app/playwright.electrobun.packaged.config.ts\",\n \"apps/app/playwright.ui-packaged.config.ts\",\n \"apps/app/playwright.ui-smoke.config.ts\",\n \"apps/app/playwright.web-views.config.ts\",\n \"apps/app/public/android-chrome-192x192.png\",\n \"apps/app/public/android-chrome-512x512.png\",\n \"apps/app/public/apple-touch-icon.png\",\n \"apps/app/public/favicon-16x16.png\",\n \"apps/app/public/favicon-32x32.png\",\n \"apps/app/public/favicon.ico\",\n \"apps/app/public/logos/anthropic-icon-white.png\",\n \"apps/app/public/logos/anthropic-icon.png\",\n \"apps/app/public/logos/claude-icon.png\",\n \"apps/app/public/logos/deepseek-icon.png\",\n \"apps/app/public/logos/elizaos-icon.png\",\n \"apps/app/public/logos/gemini-icon.png\",\n \"apps/app/public/logos/grok-icon-white.png\",\n \"apps/app/public/logos/grok-icon.png\",\n \"apps/app/public/logos/groq-icon-white.png\",\n \"apps/app/public/logos/groq-icon.png\",\n \"apps/app/public/logos/mistral-icon.png\",\n \"apps/app/public/logos/ollama-icon-white.png\",\n \"apps/app/public/logos/ollama-icon.png\",\n \"apps/app/public/logos/openai-icon-white.png\",\n \"apps/app/public/logos/openai-icon.png\",\n \"apps/app/public/logos/openrouter-icon-white.png\",\n \"apps/app/public/logos/openrouter-icon.png\",\n \"apps/app/public/logos/together-ai-icon.png\",\n \"apps/app/public/logos/zai-icon-white.png\",\n \"apps/app/public/logos/zai-icon.png\",\n \"apps/app/public/og-image.png\",\n \"apps/app/public/splash-bg.jpg\",\n \"apps/app/scripts/build.mjs\",\n \"apps/app/scripts/capacitor-plugin-names.mjs\"\n ]\n },\n {\n \"title\": \"chore(deps): update supabase/postgres docker tag to v17.6.1.113\",\n \"prNumber\": 7219,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Update | Change |\\n|---|---|---|\\n| supabase/postgres | patch | `17.6.1.112` \u2192 `17.6.1.113` |\\n\\n---\\n\\n> [!WARNING]\\n> Some dependencies could not be looked up. Check the [Dependency Dashboard]\",\n \"files\": [\n \"packages/app-core/deploy/docker-compose.supabase-db.yml\"\n ]\n },\n {\n \"title\": \"fix(deps): update dependency @anthropic-ai/sdk to ^0.92.0\",\n \"prNumber\": 7218,\n \"type\": \"bugfix\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@anthropic-ai/sdk](https://redirect.gi\",\n \"files\": [\n \"packages/typescript/package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency ai to v6.0.172\",\n \"prNumber\": 7217,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [ai](https://ai-sdk.dev/docs) ([source]\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency @ai-sdk/provider-utils to v4.0.25\",\n \"prNumber\": 7216,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@ai-sdk/provider-utils](https://ai-sdk\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency @ai-sdk/provider to v3.0.10\",\n \"prNumber\": 7215,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@ai-sdk/provider](https://ai-sdk.dev/d\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency @ai-sdk/openai to v3.0.55\",\n \"prNumber\": 7214,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@ai-sdk/openai](https://ai-sdk.dev/doc\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"feat(self-hosted): CORS + bearer auth + cross-platform build fixes\",\n \"prNumber\": 7212,\n \"type\": \"feature\",\n \"body\": \"# Relates to\\n\\nSelf-hosting cross-platform connectivity. The runtime now serves browser dashboards over HTTPS at a custom domain, App Store-style mobile builds (Capacitor), and Electrobun desktop builds \u2014 all routed through a remote agent vi\",\n \"files\": [\n \"package.json\",\n \"packages/agent/src/api/experience-routes.test.ts\",\n \"packages/agent/src/api/experience-routes.ts\",\n \"packages/agent/src/runtime/plugin-lifecycle.ts\",\n \"packages/app-core/platforms/android/variables.gradle\",\n \"packages/app-core/platforms/electrobun/assets/brand-config.json\",\n \"packages/app-core/platforms/electrobun/electrobun.config.ts\",\n \"packages/app-core/scripts/desktop-build.mjs\",\n \"packages/app-core/src/App.tsx\",\n \"packages/app-core/src/api/auth-client.ts\",\n \"packages/app-core/src/api/auth-pairing-compat-routes.ts\",\n \"packages/app-core/src/api/auth-session-routes.ts\",\n \"packages/app-core/src/api/client-agent.ts\",\n \"packages/app-core/src/api/client-base.test.ts\",\n \"packages/app-core/src/api/client-base.ts\",\n \"packages/app-core/src/api/csrf-client.test.ts\",\n \"packages/app-core/src/api/csrf-client.ts\",\n \"packages/app-core/src/api/server-cors.test.ts\",\n \"packages/app-core/src/api/server-cors.ts\",\n \"packages/app-core/src/api/server.ts\",\n \"packages/app-core/src/components/pages/ChatView.tsx\",\n \"packages/app-core/src/components/shell/RuntimeGate.tsx\",\n \"packages/app-core/src/registry/index.ts\",\n \"packages/app-core/src/state/persistence.ts\",\n \"packages/app-core/src/state/startup-phase-poll.ts\",\n \"packages/app-core/src/state/startup-phase-restore.ts\",\n \"packages/app-core/src/state/startup-phase-runtime.ts\",\n \"plugins/plugin-agent-skills\",\n \"plugins/plugin-anthropic\",\n \"plugins/plugin-cli\",\n \"plugins/plugin-commands\",\n \"plugins/plugin-cron\",\n \"plugins/plugin-discord\",\n \"plugins/plugin-edge-tts\",\n \"plugins/plugin-elizacloud\",\n \"plugins/plugin-evm\",\n \"plugins/plugin-google-genai\",\n \"plugins/plugin-groq\",\n \"plugins/plugin-local-ai\",\n \"plugins/plugin-local-embedding\",\n \"plugins/plugin-ollama\",\n \"plugins/plugin-openai\",\n \"plugins/plugin-openrouter\",\n \"plugins/plugin-pdf\",\n \"plugins/plugin-shell\",\n \"plugins/plugin-solana\",\n \"plugins/plugin-sql\",\n \"plugins/plugin-whatsapp\",\n \"plugins/plugin-agent-orchestrator\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency ai to v6.0.174\",\n \"prNumber\": 7229,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [ai](https://ai-sdk.dev/docs) ([source]\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency @biomejs/biome to v2.4.14\",\n \"prNumber\": 7228,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@biomejs/biome](https://biomejs.dev) (\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"chore(deps): update dependency @ai-sdk/openai to v3.0.58\",\n \"prNumber\": 7227,\n \"type\": \"other\",\n \"body\": \"This PR contains the following updates:\\n\\n| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\\n|---|---|---|---|\\n| [@ai-sdk/openai](https://ai-sdk.dev/doc\",\n \"files\": [\n \"package.json\"\n ]\n },\n {\n \"title\": \"test(app-core): remove api module mocks\",\n \"prNumber\": 7226,\n \"type\": \"tests\",\n \"body\": \"\\r\\n\\r\\n# Relates to\\r\\n\\r\\n\\r\\n\\r\\n