# ElizaOS Developer Update (2025-12-11 → 2025-12-17) This update summarizes core framework work, developer-facing features, fixes, and ongoing migration notes based on GitHub activity in `elizaos/eliza` and developer Discord discussions. --- ## 1) Core Framework ### Unified “ElizaOS” API surface (core package) Work continues on consolidating a first-class API entrypoint in `@elizaos/core` to support serverless and Node runtimes: - **Unified API (serverless + NodeJS)**: `feat: Unified API - serverless - nodejs` ([PR #6201](https://github.com/elizaos/eliza/pull/6201)) - Adds/extends `packages/core/src/elizaos.ts` and types in `packages/core/src/types/elizaos.ts` - Adds coverage for send-message flows (`__tests__/elizaos-sendmessage.test.ts`) This is a foundational step toward consistent programmatic usage across: - self-hosted server - serverless deployments - CLI-driven agent lifecycle ### Runtime + types hardening (“deslop” & TS build health) A large cleanup pass landed to reduce unsafe types, remove dead code, and improve maintainability across packages: - **Type hygiene + dead code removal**: `Shaw/chore/deslop` ([PR #6213](https://github.com/elizaos/eliza/pull/6213), merged) - **Follow-up TS build error fixes (first step)**: `fix: resolve TypeScript build errors in every packages - first step` ([PR #6218](https://github.com/elizaos/eliza/pull/6218)) Impact for plugin/agent developers: - Fewer `any`/`unknown` leakages in public-facing types (notably `api-client` and core runtime types), which should improve IDE autocomplete and reduce runtime edge-cases caused by incorrect assumptions. --- ## 2) New Features ### ElizaOS Cloud as a first-class CLI provider The CLI now surfaces ElizaOS Cloud as the recommended/default AI provider option during project creation and streamlines login/API key provisioning: - **Cloud as default provider + browser login flow**: `feat: Add ElizaOS Cloud as Default AI Provider in CLI` ([PR #6208](https://github.com/elizaos/eliza/pull/6208)) Practical usage: ```bash # Create a new agent project and select ElizaOS Cloud during provider selection elizaos create # Explicitly authenticate (browser-based flow) elizaos login ``` What changed technically: - `elizaos create` model/provider selection now prioritizes Cloud - CLI provisions/reads config via `packages/cli/src/utils/get-config.ts` - Test coverage added/updated for selection + cloud config behaviors Related in-progress work (large): - **Tighter Cloud integration + MCP/A2A starter wiring**: `Eliza Cloud Integration, add MCP + A2A service starter...` ([PR #6216](https://github.com/elizaos/eliza/pull/6216), open) - Adds a guided create → deploy → publish/monetize workflow - Integrates CLI + starter projects more “end-to-end” - If you are building on Cloud: expect follow-up docs and potential small CLI UX/API adjustments as this PR is reviewed. ### JWT authentication & multi-tenant direction (server) A comprehensive JWT auth system is proposed and under review: - **JWT auth + user management**: `feat(auth): implement JWT authentication and user management` ([PR #6200](https://github.com/elizaos/eliza/pull/6200), open) Highlights (as designed in the PR): - Multiple verification strategies via factory priority: **Ed25519 > JWKS > Secret** - `entityId` derived from JWT `sub` claim (`stringToUuid(payload.sub)`) - Dual-mode auth: - `ENABLE_DATA_ISOLATION=true`: JWT required - `ENABLE_DATA_ISOLATION=false`: legacy `X-Entity-Id` header mode If you run the server in production and plan to enable isolation, start validating your identity provider’s `sub` format now (Auth0/Clerk/Google/Supabase/Privy compatible per PR notes). --- ## 3) Bug Fixes (with technical context) ### plugin-sql: directory bootstrapping + modern message ingestion Two related fixes improve “from scratch” developer experience and align examples with the newer message pipeline: - **Auto-create PGLite directories + migrate to `messageService` API**: `fix(plugin-sql): migrate to messageService API and auto-create PGLite directories` ([PR #6202](https://github.com/elizaos/eliza/pull/6202)) Why it matters: - A common failure mode when booting a minimal agent was missing local `.eliza` / PGLite directories, forcing developers to manually create them (see issue: [#6204](https://github.com/elizaos/eliza/issues/6204), closed). - Example projects previously relied on a deprecated event-based flow (notably `MESSAGE_RECEIVED`) and are now updated to the service-based handling. ### plugin-sql: safer upgrades, RLS handling, and migration robustness Significant work landed to improve migration reliability across versions and environments: - **Optimize pre-1.6.5 → 1.6.5+ migration + RLS + schema organization**: ([PR #6215](https://github.com/elizaos/eliza/pull/6215)) This directly relates to ongoing community reports of migration friction when using local Postgres (Discord: persistent migration issues, permissions/public schema concerns). If your migrations fail locally: - ensure the configured DB user can `CREATE` in `public` schema (or your configured schema) - if you’re not a superuser (common in managed Postgres/Neon), validate schema privileges explicitly Minimal permission check (example): ```sql -- Run as an admin (or a role with privileges) GRANT USAGE, CREATE ON SCHEMA public TO your_app_user; ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO your_app_user; ``` ### Core/server: character secret encryption ordering A fix landed to ensure secrets are encrypted in the correct order (preventing mismatched ciphertext/metadata flows during CRUD and runtime use): - **Fix encryption order for character secrets**: ([PR #6217](https://github.com/elizaos/eliza/pull/6217)) ### CLI test breakage from signature drift - **Fix `startAgents` API signature mismatch in CLI e2e**: ([PR #6207](https://github.com/elizaos/eliza/pull/6207)) If you maintain downstream tooling around the CLI test harness, re-sync with the updated signature and renamed mocks (`getElizaCharacter` → `getDefaultCharacter` per PR notes). ### Client: markdown spacing improvements If you embed the client UI or reuse its markdown rendering styles, note these display fixes: - Compact spacing fix: ([PR #6159](https://github.com/elizaos/eliza/pull/6159)) - Additional spacing adjustments: ([PR #6197](https://github.com/elizaos/eliza/pull/6197)) --- ## 4) API Changes (developer-visible) ### Message ingestion: event → service API The canonical path for ingesting messages is now the message service API, and examples have been migrated accordingly: - `MESSAGE_RECEIVED` event-based flows are deprecated in examples - Prefer `messageService.handleMessage(...)` (see [PR #6202](https://github.com/elizaos/eliza/pull/6202)) Illustrative pattern (high-level): ```ts // Pseudocode (exact types may differ by runtime) await runtime.messageService.handleMessage({ roomId, entityId, content: { text }, source: "cli" // or "discord", "twitter", etc. }); ``` ### Auth mode switching (pending, but important) If/when [PR #6200](https://github.com/elizaos/eliza/pull/6200) merges, server authentication behavior becomes environment-driven: - `ENABLE_DATA_ISOLATION=true` will enforce Bearer JWT authentication - legacy `X-Entity-Id` remains for non-isolated mode Plan for this now if you: - run multi-tenant services - expose the API publicly - integrate Socket.IO clients (PR includes Socket.IO auth changes) --- ## 5) Social Media Integrations (Twitter / Telegram / Discord / Farcaster) No merged PRs this week explicitly modify the Twitter/Telegram/Discord/Farcaster plugins in `elizaos/eliza`. However, two integration-adjacent items surfaced: - **DB failures on Twitter replies** (Discord discussion): foreign key constraint failures were reported; community guidance suggests “latest codebase has SQL fixes” (likely addressed by the plugin-sql migration/compat work landing across [PR #6215](https://github.com/elizaos/eliza/pull/6215) and related SQL/plugin changes). - **Cloud social publishing direction** (Discord, product direction): cloud platform is targeting create → publish → monetize → promote loops, including “social publishing features” (no code PR linked in the provided dataset; expect upcoming PRs). If you are debugging social ingestion pipelines: - ensure your DB schema is fully migrated (especially if upgrading from older camelCase schemas pre-1.6.5) - validate foreign keys for message/thread entities after upgrades --- ## 6) Model Provider Updates (OpenAI, Anthropic, DeepSeek, etc.) ### Cloud provider positioning in CLI - ElizaOS Cloud is now presented as the default/recommended provider in the CLI ([PR #6208](https://github.com/elizaos/eliza/pull/6208)). ### DeepSeek status - Community asked about DeepSeek API support; the request is tracked and closed in GitHub issues: **“can i use deepseek api?”** ([Issue #6156](https://github.com/elizaos/eliza/issues/6156), closed). - No new DeepSeek provider PR is included in the provided data for this week; treat DeepSeek support as “not newly implemented this week” unless you’re already using an OpenAI-compatible endpoint path from prior releases. --- ## 7) Breaking Changes / Migration Warnings (V1 → V2 and compatibility) ### Breaking-ish: message pipeline migration for integrators If you built custom adapters around the old event model, you may need to update: - **Old**: subscribe to `MESSAGE_RECEIVED` and manually route - **New**: call `messageService.handleMessage()` (examples updated in [PR #6202](https://github.com/elizaos/eliza/pull/6202)) This is especially relevant for: - custom CLI loops - bespoke Discord/Twitter ingestion bridges - “agent-as-a-service” wrappers ### Data isolation & auth: opt-in now, but plan for it JWT auth is gated behind `ENABLE_DATA_ISOLATION=true` (per [PR #6200](https://github.com/elizaos/eliza/pull/6200)), but once teams start enabling it broadly: - clients must send `Authorization: Bearer ` - `entityId` semantics change from “caller-supplied header” to “derived from `sub`” - service-to-service internal bypass uses a process-local secret (review your deployment topology if you rely on multiple processes/pods) ### Dependency upgrades across the monorepo - **drizzle-kit / drizzle-orm alignment**: `feat: bump deps, fix drizzle-kit across ecosystem` ([PR #6210](https://github.com/elizaos/eliza/pull/6210)) - If you maintain external packages pinned to older drizzle versions, re-check lockfile resolution and migration tooling. --- ## References (PRs / Issues / Docs) - Cloud default provider in CLI: https://github.com/elizaos/eliza/pull/6208 - Unified API (serverless + Node): https://github.com/elizaos/eliza/pull/6201 - plugin-sql messageService migration + auto-create dirs: https://github.com/elizaos/eliza/pull/6202 - plugin-sql migration/RLS improvements: https://github.com/elizaos/eliza/pull/6215 - JWT auth system (open): https://github.com/elizaos/eliza/pull/6200 - Secret encryption ordering fix: https://github.com/elizaos/eliza/pull/6217 - TS cleanup (“deslop”): https://github.com/elizaos/eliza/pull/6213 - DeepSeek question (closed): https://github.com/elizaos/eliza/issues/6156 - `.eliza` directory friction (closed): https://github.com/elizaos/eliza/issues/6204 - Docs UI request (closed): https://github.com/elizaos/eliza/issues/6128 ---