# ElizaOS Developer Update ## Week of December 7 - December 13, 2025 ## Core Framework ### Major Codebase Refactoring A significant "de-slopping" effort was completed this week with the merge of PR #6213, removing technical debt across the entire codebase: - Fixed `any` and `unknown` type definitions with proper typing - Removed excessive try-catch blocks and sloppy comments - Eliminated dead files and code paths - **Impact**: 9,246 additions, 7,105 deletions across 150+ files ### Runtime Improvements - **Agent Settings Persistence**: Fixed critical bug preventing agent settings from persisting across restarts (#6106) - **Directory Auto-creation**: Plugin-sql now automatically creates required `.eliza` directories, eliminating manual setup step (#6202) - **Log Level Respect**: Standalone examples now properly respect user-defined `LOG_LEVEL` environment variable ## New Features ### ElizaOS Cloud Integration Major integration work is underway to tightly couple ElizaOS with cloud services: ```bash # New CLI flow encourages cloud adoption elizaos create # Now defaults to ElizaOS Cloud as first AI provider option # Includes browser-based login flow for seamless API key setup ``` Key changes in PR #6216: - Auto-login and API key provisioning - Streamlined create → deploy → publish → monetize workflow - MCP (Model Context Protocol) service integration ### JWT Authentication System Comprehensive JWT authentication implementation (PR #6200) introduces: ```typescript // Priority-based JWT verification const verifier = JWTVerifierFactory.create({ ed25519PublicKey: process.env.JWT_PUBLIC_KEY_ED25519, // Highest priority jwksUri: process.env.JWT_JWKS_URI, // Medium priority secret: process.env.JWT_SECRET // Lowest priority }); // Entity ID automatically derived from JWT sub claim const entityId = stringToUuid(payload.sub); ``` **Environment Variables**: ```bash ENABLE_DATA_ISOLATION=true # Enables JWT auth mode JWT_SECRET=your-secret-key # For HS256 symmetric verification JWT_PUBLIC_KEY_ED25519=... # For Ed25519 verification JWT_JWKS_URI=https://... # For external provider integration ``` ## Bug Fixes ### Critical Security Vulnerability Resolved **CVE Context**: ElizaOS server was exposing all environment variables via API endpoints without authentication. - **Issue**: `process.env` dumped into unencrypted settings instead of `settings.secrets` - **Timeline**: Introduced in v1.6.4, fixed in v1.6.5-alpha.8 (commit a1941c6) - **Resolution**: Authentication now mandatory by default with explicit opt-out for development ### Database and Plugin Fixes - **Foreign Key Constraints**: Resolved plugin-sql memory table constraint errors - **Migration Issues**: Fixed database migration failures in plugin-sql affecting new installations - **TypeScript Build**: Comprehensive TypeScript error resolution across all packages (PR #6218) ## API Changes ### Message Service Migration **Breaking Change**: Deprecated `MESSAGE_RECEIVED` event system replaced with new `messageService` API: ```typescript // OLD (deprecated) runtime.on('MESSAGE_RECEIVED', handleMessage); // NEW (required) await runtime.messageService.handleMessage(message); ``` ### Database Service Updates Plugin-sql migrated to new messageService API pattern, affecting: - Memory creation workflows - Message handling pipelines - Database connection management ## Social Media Integrations ### Twitter Plugin Performance Issues - **Problem**: Twitter agent consuming 50 API requests per call - **Temporary Workaround**: Setting agent not to reply reduces request consumption - **Status**: Investigation ongoing for permanent fix ### Cross-Platform Integration Discussion around integrating x402 payment capabilities into social media agents, though implementation is still in rollout phase. ## Model Provider Updates ### DeepSeek Integration Community guidance provided for DeepSeek API integration: ```bash # Via OpenRouter (recommended) OPENROUTER_API_KEY=your_openrouter_key # DeepSeek available as model option through OpenRouter # Direct Integration (alternative) # Use plugin-openai with modified endpoint OPENAI_API_KEY=your_deepseek_key OPENAI_BASE_URL=https://api.deepseek.com/v1 ``` ### Perplexity Sonar-Pro Support Integration possible through existing plugins: ```bash # Configure plugin-openai or plugin-openrouter # Modify environment variables to point to Perplexity endpoints ``` ## Breaking Changes ### V1 to V2 Migration Warnings 1. **Authentication Requirements**: `ENABLE_DATA_ISOLATION=true` now requires JWT authentication 2. **Message Service API**: All plugins must migrate from event-based to service-based message handling 3. **Directory Structure**: Plugin-sql now expects `.eliza` directory (auto-created in new versions) 4. **Environment Variables**: Some provider integrations require updated env var patterns ### Token Migration Issues Community reports ongoing issues with AI16Z to ElizaOS token migration, particularly affecting: - Korean users on Bithumb exchange - SafePal wallet holders - Users experiencing "Max reach" errors during migration **Resolution Path**: Direct users to #🎫-support-tickets channel for manual migration assistance. --- ## Links & Resources - [ElizaOS Documentation](https://docs.elizaos.ai) - [JWT Auth PR #6200](https://github.com/elizaos/eliza/pull/6200) - [Cloud Integration PR #6216](https://github.com/elizaos/eliza/pull/6216) - [Security Fix Details](https://github.com/elizaos/eliza/pull/6218) - [Plugin-SQL Migration Guide](https://github.com/elizaos/eliza/tree/develop/packages/plugin-sql)