# ElizaOS Developer Update - November 25, 2025

## 1. Core Framework

### Entity-Level Row-Level Security
A major security enhancement is in the final review stage with PR [#6167](https://github.com/elizaos/eliza/pull/6167), adding PostgreSQL row-level security (RLS) for entity-based data isolation. This implementation provides:

- Automatic data isolation at the database level with two strategies:
  - Direct ownership tables with `entityId` or `authorId` columns
  - Shared access tables with `roomId` that join to `participants`
- Full backward compatibility with existing deployments
- Zero configuration required - policies apply automatically

```typescript
// New optimized participant checking methods
async isRoomParticipant(entityId: UUID, roomId: UUID): Promise<boolean> {
  return this.withEntityContext(null, async (tx) => {
    const result = await tx
      .select({ exists: sql<number>`1` })
      .from(participantTable)
      .where(
        and(
          eq(participantTable.roomId, roomId),
          eq(participantTable.entityId, entityId)
        )
      )
      .limit(1);
    return result.length > 0;
  });
}
```

### Plugin Name Format Improvements
Merged PR [#6164](https://github.com/elizaos/eliza/pull/6164) adds enhanced dependency resolution that handles both scoped package names and short names, providing:

- Name normalization for `@elizaos/plugin-*` and `plugin-*` formats
- Deduped queuing to prevent redundant loads
- Backward compatibility with existing plugin references

### Dependency Modernization
To address deprecation issues, we've migrated from LangChain v0.3 to `@langchain/textsplitters` v1.0 in PR [#6152](https://github.com/elizaos/eliza/pull/6152), ensuring long-term stability.

## 2. New Features

### ElizaOS Reference in Runtime
PR [#6111](https://github.com/elizaos/eliza/pull/6111) adds a direct ElizaOS reference to the runtime, enabling more streamlined framework interactions:

```typescript
// Before: complex access patterns
const agentId = "agent-123";
const agent = await runtime.getAgent(agentId);
if (!agent) throw new Error("Agent not found");
const agents = runtime.getAgentManager().getAgents();

// After: simplified unified access
if (runtime.hasElizaOS()) {
  const elizaOS = runtime.getElizaOS();
  const agent = await elizaOS.getAgent(agentId);
  const agents = await elizaOS.getAgents();
}
```

### Skip Migrations Option
PR [#6132](https://github.com/elizaos/eliza/pull/6132) adds an optional `skipMigrations` parameter to `runtime.initialize()`, allowing services to conditionally bypass plugin migrations in controlled environments:

```typescript
// Standard initialization with migrations
await runtime.initialize();

// Skip migrations for specialized scenarios
await runtime.initialize({ skipMigrations: true });
```

## 3. Bug Fixes

### Timeline Action Spans Fix
PR [#6167](https://github.com/elizaos/eliza/pull/6167) resolves the missing action details in timeline views by properly including `action_event` logs in run timelines:

```typescript
// Previous implementation missed action_event logs
const directlyRelated = logs.filter((l) => {
  const body = l.body as { runId?: UUID; parentRunId?: UUID };
  return body.runId === runId || body.parentRunId === runId;
});

// Enhanced implementation captures all related events
const actionRunIds = new Set(
  directlyRelated
    .filter((l) => l.type === 'action')
    .map((l) => (l.body as { runId?: UUID }).runId)
    .filter((id): id is UUID => !!id)
);

// Now including action_event logs with matching runIds
const related = logs.filter((l) => {
  const body = l.body as { runId?: UUID; parentRunId?: UUID };
  if (body.runId === runId || body.parentRunId === runId) {
    return true;
  }
  if (l.type === 'action_event' && body.runId && actionRunIds.has(body.runId)) {
    return true;
  }
  return false;
});
```

### Environment Variables Loading
PR [#6141](https://github.com/elizaos/eliza/pull/6141) fixes an issue where `runtime.getSetting("ANY_VARIABLES")` returned `undefined` when environment variables were exported on the host instead of being defined in a `.env` file. Now variables are correctly loaded from `process.env`.

### RLS Validation Checks
PR [#6139](https://github.com/elizaos/eliza/pull/6139) addresses a bug where RLS (Row-Level Security) `server_id` validation checks were blocking all users when RLS isolation was disabled.

## 4. API Changes

### Semantic Clarity Refactoring
PR [#6167](https://github.com/elizaos/eliza/pull/6167) renames `serverId` to `messageServerId` for improved semantic clarity:

```typescript
// Before: ambiguous naming
const room = await adapter.getRoom({ serverId, roomId });
await adapter.getRoomsByServerId(serverId);

// After: clear semantic meaning
const room = await adapter.getRoom({ messageServerId, roomId });
await adapter.getRoomsByMessageServerId(messageServerId);
```

> **Note**: This change maintains backward compatibility with existing code through TypeScript aliases, but developers should update to the new naming convention.

### OpenRouter Embedding Support
PR [#6142](https://github.com/elizaos/eliza/pull/6142) adds native embedding support for OpenRouter in the CLI, eliminating the need for users to configure a separate embedding provider.

## 5. Social Media Integrations

### Farcaster Integration
A new feature request [#6161](https://github.com/elizaos/eliza/issues/6161) has been opened to support Farcaster and Base applications, which is currently being planned for implementation.

### Discord Plugin Improvements
PR [elizaos-plugins/plugin-discord#25](https://github.com/elizaos-plugins/plugin-discord/pull/25) prevents sending empty Discord messages, improving reliability of the integration.

## 6. Model Provider Updates

### OpenRouter Text Embedding
Merged PR [elizaos-plugins/plugin-openrouter#19](https://github.com/elizaos-plugins/plugin-openrouter/pull/19) adds comprehensive documentation for the recently implemented `TEXT_EMBEDDING` models support in OpenRouter.

### Anthropic Top-P Support
PR [#6166](https://github.com/elizaos/eliza/pull/6166) adds top-P support for Anthropic models, enhancing control over response randomness.

## 7. Breaking Changes

The Babylon project is being considered for a spin-out as "Babylon Labs" with potential integration of Eliza as an API service. Key points from core developer discussions:

- High traffic on Babylon (60k+ waitlist signups) is causing significant Vercel costs ($1k) due to inefficient API code
- Performance optimizations are being implemented:
  - Adding caching to waitlist leaderboard
  - Implementing pagination and reducing fetch size from 100 to 10
  - Optimizing bandwidth usage (currently at 3.42TB, 99.4% of allocation)

Developers building with the Babylon integration should prepare for potential architectural changes as this transition occurs.

---

For any technical questions or support, join the #core-devs channel in our Discord. The team is actively monitoring for the Sha1-Hulud pt2 vulnerability in dependencies, so please report any suspicious behavior immediately.