# ElizaOS Weekly Newsletter (2026-04-26 → 2026-05-02) ## 1) Executive Summary This week was a “platform hardening + roadmap clarity” combo: 1. **Cross-platform foundations leveled up**: a major modernization push continued across the stack (TypeScript/Node/Bun upgrades, modular architecture work, and Cloud platform migration), setting ElizaOS up for more predictable builds and smoother cross-device deployments. 2. **Secrets management got a serious upgrade**: `@elizaos/vault` landed upstream, bringing **encrypted-at-rest, OS-keychain-backed secret storage** with **Settings UI integration**—a big step toward safer self-hosting and better developer ergonomics. 3. **Self-hosted connectivity improved across web + mobile + desktop**: new CORS controls, bearer auth plumbing, and packaged-build fixes make it much easier to run agents remotely via HTTPS dashboards, Capacitor mobile, and Electrobun desktop builds. --- ## 2) Development Updates (Technical Highlights) ### Secure secrets: `@elizaos/vault` (new package + UI wiring) The biggest dev win this week was the merge of **`@elizaos/vault`** into `elizaos/eliza`: - **Encryption-at-rest (AES-256-GCM)** with OS keychain master key support (macOS Keychain / Windows Credential Manager / Linux Secret Service). - **Headless server fallback** via passphrase-derived master keys (useful for CI and Linux boxes without a secrets service). - **Settings UI integration** so saving provider keys no longer defaults to plaintext storage. - Vault-first reveal behavior and write-through mirroring (so the UI shows the real stored secret). - New CI coverage to validate cross-platform keychain behavior. **Why it matters:** this reduces one of the most common foot-guns in agent deployments—leaky API keys—and makes self-hosting more production-friendly. **Merged PR:** `elizaos/eliza#7197` --- ### Self-hosted runtime connectivity: web dashboards, Capacitor, Electrobun Self-hosting got more robust with improvements that span server, client, and build tooling: - New `ELIZA_ALLOWED_ORIGINS` support to control which domains can access a self-hosted agent over HTTPS. - Better handling for Capacitor/Ionic WebView origins. - Bearer token support unified into `fetchWithCsrf`, plus improved auth status signaling (`authenticated` field). - Build fixes for Windows desktop packaging, branding defaults, and missing template vars for Android builds. - Packaged build resilience (graceful handling when registry directories are absent). **Net effect:** fewer “works on my machine” problems when connecting to a remote runtime from different shells (browser, mobile wrapper, desktop wrapper). **Merged PR:** `elizaos/eliza#7212` --- ### Reliability + bug fixes that unblock real usage A few issues that can quietly break new installs were identified and closed quickly: - **Anthropic subscription auth path**: missing preload reference prevented the stealth interceptor from installing, leading to confusing 401s. (Now closed.) - **Issue:** `elizaos/eliza#7210` (closed) - **plugin-sql runtime migrator**: missing Drizzle `pgTable` definitions for `entity_identities`, `entity_merge_candidates`, and `fact_candidates` caused fresh PGLite databases to boot without required tables—prompt composition degraded and chat became unreliable. - **Issue:** `elizaos/eliza#7222` (closed) - **Test stability**: removed API module mocks in `app-core` tests to improve reliability and reduce brittle assumptions. - **Merged PR:** `elizaos/eliza#7226` --- ### Dependency + CI refresh Ongoing maintenance work continued across the stack: - Updates to key SDKs and tooling (e.g., `@anthropic-ai/sdk`, `@electric-sql/pglite`, `@biomejs/biome`, AI SDK packages). - CI/CD updates including Supabase Postgres docker tag bumps and GitHub action version refreshes. These aren’t flashy, but they reduce integration drift and keep builds reproducible. --- ## 3) Community Spotlight (Discord) ### “ElizaOS vs Orbofi” — positioning explained in plain language A great thread this week clarified ElizaOS’s role in the ecosystem: - **ElizaOS = developer-first agent framework / operating system** (the “Linux” analogy): open-source, extensible, designed for building serious agents from scratch. - **Orbofi = consumer-facing platform** (the “Shopify/App Store” analogy): marketplace + monetization + distribution layers for creators. - Also noted: with **Milady**, ElizaOS now has an **app-store layer** too—without losing its “full control” dev foundation. This is useful framing for newcomers evaluating where to build. **Discussion reference:** Discord `#discussion` (2026-05-01) --- ### Field report: “memory rot” in long-lived agents (and a production fix) In `#coders`, **sentient_dawn** shared a high-signal report on a failure mode that shows up after ~3 months in retrieval-heavy architectures (RAG/vector-store + LLM): - Old facts persist and become stale - Agents drift from the true state without noticing - Humans usually detect it only after contradictions accumulate A proposed (and reportedly production-proven) mitigation: - A **reconciliation pass** - **Freshness gates** on outward claims - **Periodic cross-source diffs** - **Re-embedding under the current ontology** The community asked for the full write-up—expect more here soon. **Discussion reference:** Discord `#coders` (2026-05-01) --- ### Robotics demo: ElizaOS in a Unitree robot Shaw shared a practical integration: ElizaOS wired into a **~$4k Unitree robot**, able to walk on command. It’s a strong reminder that “agent OS” doesn’t have to mean “chat-only”—hardware loops are on the table. --- ### AMA + community lifecycle moments - A **Twitter Space AMA** featuring Shaw (via Botdick) drew ~20 listeners. - One community member announced they’re stepping away due to a new job—wishing them well. --- ## 4) Token Economics (AI16z token + auto.fun) - **Exchange listings:** community asked about Coinbase / exchange expansion post-swap. The response was clear: **exchange conversations are under NDA and cannot be discussed publicly**. - **Buyback strategy:** Shaw reiterated that a **token buyback is planned, but contingent on profitability**—the emphasis is on building sustainable revenue first. - **Token philosophy:** the project is explicitly leaning away from “forced utility” mechanics and toward **culture + product + monetizable agent apps** (notably via Eliza Cloud). **auto.fun:** no concrete product updates surfaced in the provided activity this week. If there are specific auto.fun ship logs you want highlighted next time, share links and we’ll include them. --- ## 5) Coming Soon (What to Watch) Based on roadmap discussion and current merges: - **ElizaOS v3 runtime direction**: a full application runtime across devices/platforms, deeper social integrations (including iMessage), workflow creation/editing/execution, and subscription management. - **Eliza Cloud monetization**: continued work on hosting + monetizing runtime apps and agent workflows. - **Security + reliability initiatives**: local LLM data storage patterns, agent key security, and red-team swarm testing methodologies were raised—likely areas for upcoming engineering focus. - **Memory maintenance patterns**: expect follow-ups on the “memory rot” mitigation and a shareable field report. --- ## 6) Resources (Links & Pointers) ### Key PRs / Engineering - `@elizaos/vault` secrets vault + Settings UI: https://github.com/elizaos/eliza/pull/7197 - Self-hosted CORS + bearer auth + cross-platform build fixes: https://github.com/elizaos/eliza/pull/7212 - Test reliability (remove API mocks): https://github.com/elizaos/eliza/pull/7226 ### Notable closed issues - Missing Claude stealth preload / Anthropic subscription auth: https://github.com/elizaos/eliza/issues/7210 - plugin-sql migrator missing tables: https://github.com/elizaos/eliza/issues/7222 ### Weekly engineering summary (broader scope) - Overall Project Weekly Summary (Apr 26 – May 2): `github_summaries_week_latest_2026-04-26.md` (includes references like `elizaos/eliza#7172`, `elizaos/eliza#7204`, `elizaos/cloud#484`, and plugin work such as `registry#352`) ### Discord threads (for context) - `#discussion` (ElizaOS vs Orbofi; exchange NDA reminder): https://discord.com/channels/1253563208833433701/1253563209462448241 - `#coders` (memory rot field report): https://discord.com/channels/1253563208833433701/1300025221834739744