# ElizaOS Developer Update
**Week of November 27, 2025**

## 1. Core Framework

### Entity-Level Row Level Security (RLS)
We've implemented PostgreSQL RLS policies for enhanced data isolation at the entity level. This provides automated database-level security controls that isolate data by user, agent, or bot within the same database.

```typescript
// New entity context management in core
await runtime.withEntityContext(userId, async () => {
  // All database operations in this context are automatically filtered
  // Only data owned by or accessible to userId is returned
  const memories = await runtime.getMemories();
});
```

Key features:
- Database-level enforcement prevents accidental data leaks
- Automatic filtering based on entity context
- Two isolation strategies:
  - Direct ownership (tables with `entityId` or `authorId`)
  - Shared access (tables with `roomId` joining to `participants`)

### Plugin System Improvements
Enhanced plugin dependency resolution now supports both scoped and short names for plugins:

```typescript
// All these formats now work consistently
"@elizaos/plugin-sql"
"plugin-sql"
"sql"
```

The system implements proper dependency queuing with deduplication to ensure plugins load in the correct order with no duplicates.

### Runtime Type Safety Enhancement
Fixed a critical TypeScript declaration build error caused by `instanceof` checks on generic types. We've introduced a new `isPlainObject` type guard:

```typescript
// New utility function in utils/type-guards.ts
export function isPlainObject(value: unknown): value is Record<string, unknown> {
  return typeof value === 'object' && value !== null && !Array.isArray(value);
}

// Using this instead of instanceof checks
if (isPlainObject(params)) {
  // Type-safe operations on params
}
```

## 2. New Features

### Top-P Parameter Support
We've added `topP` as a configurable model parameter for all providers, with specific support for Anthropic models:

```typescript
// Configure models with topP parameter
const response = await runtime.generate({
  messages: [...],
  model: "anthropic/claude-3-opus",
  params: {
    topP: 0.8  // Controls diversity of completions
  }
});
```

Default settings are provider-specific but configurable at the system level.

### Skip Database Migrations Option
Added a new `skipMigrations` parameter to `runtime.initialize()` for faster server startup in specific scenarios:

```typescript
// Initialize runtime without running migrations
await runtime.initialize({
  skipMigrations: true,
  // other options...
});
```

This is particularly useful for containerized deployments where migrations are managed separately or read-only environments.

### Environment Variable Loading Enhancement
Fixed environment variable loading to properly handle both `.env` files and `process.env` exports:

```bash
# Both these methods now work consistently
# Method 1: .env file
OPENAI_API_KEY=sk-...

# Method 2: Export in shell
export OPENAI_API_KEY=sk-...
```

This ensures consistent behavior across different deployment environments and development workflows.

## 3. Bug Fixes

### TypeScript instanceof Error (Critical)
Fixed a build-breaking TypeScript error (TS2358) caused by `instanceof` checks on generic types:

```typescript
// Before - caused TS2358 error
if (params instanceof ModelParamsMap[model]) {
  // Type 'T' is not correctly matched with instanceof
}

// After - using type guard
if (isPlainObject(params) && hasRequiredProperties(params, model)) {
  // Type-safe operations
}
```

This fix resolves compilation errors when building TypeScript declarations.

### Agent Settings Persistence
Fixed a critical issue where agent settings were not persisting across restarts:

```typescript
// Previously, runtime-generated configurations were lost on restart
// Now correctly preserved in the database
agent.settings.customValue = "important-setting";
await runtime.updateAgent(agent);
// Will now be available after server restart
```

### RLS Validation Checks
Fixed an issue where RLS (Row-Level Security) server_id validation was incorrectly blocking all users when RLS isolation was disabled:

```typescript
// Previous implementation failed closed even with RLS disabled
// New implementation properly checks if RLS is enabled first
export function validateServerOwnership(req: Request, item: { server_id?: string }) {
  if (!process.env.ENABLE_RLS_ISOLATION) return true;
  // Rest of validation logic
}
```

### Dependency Updates
Migrated from LangChain v0.3 to @langchain/textsplitters v1.0:

```typescript
// Before
import { RecursiveCharacterTextSplitter } from 'langchain/text_splitter';

// After
import { RecursiveCharacterTextSplitter } from '@langchain/textsplitters';
```

This ensures compatibility with current packages and removes outdated resolutions.

## 4. API Changes

### Semantic Clarity Improvements
Renamed `serverId` to `messageServerId` for clarity to distinguish between ElizaOS server instances and external messaging platforms:

```typescript
// Old API (still supported but deprecated)
await adapter.getRoom({ serverId: "discord-guild-123", roomId });

// New API (preferred)
await adapter.getRoom({ messageServerId: "discord-guild-123", roomId });
```

This change maintains backward compatibility while making API intent clearer.

### Optimized Participant Checking
Added efficient database methods for checking room/channel participation:

```typescript
// Old method: O(n) complexity, loads all participants
const participants = await runtime.getParticipantsForRoom(roomId);
const isParticipant = participants.some(p => p === entityId);

// New method: O(1) complexity, direct DB query
const isParticipant = await runtime.isRoomParticipant(entityId, roomId);
```

Both old and new methods are available, but the new ones provide significant performance improvements.

## 5. Social Media Integrations

### Discord Plugin Improvements
Fixed empty message prevention in the Discord plugin:

```typescript
// Now properly checks for message content before sending
if (!messageContent.trim() && !message.attachments?.length) {
  logger.warn("Prevented sending empty Discord message");
  return;
}
```

### Messaging Architecture
Improved overall messaging stability:
- Fixed race conditions in the message emit pipeline
- Enhanced Socket.IO router to use ElizaOS getters instead of direct agent maps
- Updated message flow tests to match new event/filter semantics

## 6. Model Provider Updates

### OpenRouter Integration
Added native embedding support for OpenRouter in the CLI, eliminating the need for configuring a separate embedding provider:

```bash
# Simple setup with OpenRouter
elizaos create --provider openrouter

# Now handles embeddings automatically with the same API key
```

### Anthropic Parameter Support
Added explicit support for Anthropic-specific parameters:

```typescript
// Now correctly passes topP to Anthropic models
await runtime.generate({
  messages: [...],
  model: "anthropic/claude-3-opus",
  params: {
    topP: 0.8,
    temperature: 0.7
  }
});
```

## 7. Breaking Changes

There are no breaking changes in this update. All changes maintain backward compatibility:

- `serverId` still works but is deprecated in favor of `messageServerId`
- Original participant checking methods still function alongside new optimized ones
- Environment variables work from both `.env` files and `process.env`

The DB migration system handles all schema changes automatically.

---

Links to key PRs:
- [PR #6170: Fix TypeScript instanceof error](https://github.com/elizaOS/eliza/pull/6170)
- [PR #6166: Add topP support for Anthropic](https://github.com/elizaOS/eliza/pull/6166)
- [PR #6165: Update MessageBusService integration tests](https://github.com/elizaOS/eliza/pull/6165)
- [PR #6167: Entity-level RLS & Security Improvements](https://github.com/elizaOS/eliza/pull/6167)