# ElizaOS Developer Update (2026-02-08 → 2026-02-14) This week focused on hardening multi-tenant security, reducing prompt/token overhead in large agents, and expanding the plugin ecosystem (finance/data/workflow automation). Community discussions also surfaced practical integration challenges (Moltbook verification, X/Twitter first-post `roomId` failures) and security concerns (memory injection). Relevant links: - Roadmap: https://github.com/elizaos/roadmap - Core docs (new/expanded): https://github.com/elizaos/eliza/pull/6356 - Env var reference (new): https://github.com/elizaos/eliza/pull/6377 --- ## 1) Core Framework ### JWT auth + multi-entity isolation (merged) ElizaOS shipped a robust JWT authentication and user management layer aimed at **data isolation / multi-entity** deployments. - PR: https://github.com/elizaos/eliza/pull/6200 - Related follow-ups in the same area: - CLI fix to load `.env` for remote auth token flows: https://github.com/elizaos/eliza/pull/6376 - MESSAGE_SENT emission fix (important for event-driven plugins): https://github.com/elizaos/eliza/pull/6378 **Operational note:** JWT mode is gated behind `ENABLE_DATA_ISOLATION=true` (per PR notes). This is a critical switch if you are hosting shared runtimes. ```bash # example server configuration (see docs/environment-variables.md) export ENABLE_DATA_ISOLATION=true export ELIZA_SERVER_AUTH_TOKEN="..." # if securing server API with token ``` ### Per-request entity settings via RequestContext (merged) A new request context mechanism (AsyncLocalStorage-backed) enables **per-request / per-entity setting resolution** without threading entity identifiers through every call. - PR: https://github.com/elizaos/eliza/pull/6457 This is foundational for: - Multi-tenant runtimes where different users need different provider keys (OpenAI/Anthropic/etc.) - Safer plugin execution in shared infrastructure (reducing “settings bleed”) Conceptually: ```ts import { RequestContext } from "@elizaos/core"; // Pseudocode: wrap inbound request handling await RequestContext.withEntitySettings(entityId, { OPENAI_API_KEY: process.env.OPENAI_API_KEY_FOR_ENTITY, // ... other per-entity secrets / configs }, async () => { // Anywhere inside this callback, runtime.getSetting() can resolve // entity-scoped settings first (then fall back to agent/global). await runtime.handleMessage(message); }); ``` ### ActionFilterService to reduce “prompt bloat” (merged) Large agents with hundreds of actions/providers now have an internal filtering service that selects a smaller relevant subset using: - vector similarity search, then - BM25 reranking - PR: https://github.com/elizaos/eliza/pull/6475 This directly targets: - lower token usage per turn - faster inference (less context) - better tool selection fidelity (less distraction) If you maintain custom action catalogs, validate that your action metadata (names/descriptions) is high-signal—filtering quality depends on it. --- ## 2) New Features ### Multi-language “next generation Eliza” (in review; not merged) Work continues on a V2 direction that introduces first-class **Rust + Python + TypeScript** core packages and native plugin variants. - PR (primary): https://github.com/elizaos/eliza/pull/6485 - Related large branch PRs: - https://github.com/elizaos/eliza/pull/6474 - https://github.com/elizaos/eliza/pull/6351 Notable design shifts called out in the PR description: - Removal of default app/client/server/CLI “non-essentials” in favor of a lean runtime-focused distribution - Integrated bootstrap with `basicCapabilities` enabled by default (optionally extended) - Message handling changes (e.g., initial memory creation in message handler) - Optional `planningMode` to skip planning and call a single action (useful for games/simple loops) - Actions support arguments (tool-like calls without extra steps) - **Agent can respond without `roomId`/`worldId`** (important given community-reported X posting `roomId` issues) Developers tracking V2 should start planning for packaging/deployment changes now (see “Breaking Changes” below). ### Plugin ecosystem expansion (merged across repos) Registry additions this week broadened real-world and financial capabilities: - Proofgate transaction guardrails: - https://github.com/elizaos-plugins/registry/pull/254 - MoltBazaar (AI agent job marketplace on Base): - https://github.com/elizaos-plugins/registry/pull/255 - Sportradar sports data plugin: - https://github.com/elizaos-plugins/registry/pull/250 Chain/plugin reliability and execution improvements: - Solana: cloud proxy routing and Token-2022 / swap refactors - https://github.com/elizaos-plugins/plugin-solana/pull/26 - https://github.com/elizaos-plugins/plugin-solana/pull/24 - EVM: multi-provider RPC abstraction + EVMService redesign (wallet/portfolio/multicall) - https://github.com/elizaos-plugins/plugin-evm/pull/25 - https://github.com/elizaos-plugins/plugin-evm/pull/24 - MCP plugin connection isolation to prevent cross-user leaks: - https://github.com/elizaos-plugins/plugin-mcp/pull/24 ### n8n workflow automation standardization (community decision + plugin shipped) Discord consensus was to consolidate around `plugin-n8n-workflow` (rather than maintaining a duplicate `plugin-n8n`), due to stronger capabilities: workflow preview/drafting, input-output autocorrection, OAuth handling, and cloud-friendly design. - Repo: https://github.com/elizaos-plugins/plugin-n8n-workflow - Release notes referenced in weekly summary: - v1.1.0 PRs: https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/14, https://github.com/elizaos-plugins/plugin-n8n-workflow/pull/15 Build note from Discord: some JSON artifacts are intentionally not committed; you must run the crawl generator locally when developing: ```bash # in plugin-n8n-workflow bun run crawl ``` --- ## 3) Bug Fixes (critical) ### MESSAGE_SENT event was not emitted for central bus submissions (fixed) Plugins relying on `EventType.MESSAGE_SENT` were silently broken when responses were submitted to the central messaging endpoint (`/api/messaging/submit`). - Fix PR: https://github.com/elizaos/eliza/pull/6378 - Original issue (closed): https://github.com/elizaos/eliza/issues/5216 **Impact:** event-driven observability, auditing, and downstream automations are restored for centralized message delivery flows. ### Crash fixes: `Object.entries` / null provider lists (fixed) Multiple hard crashes were caused by `Object.entries(null|undefined)` and similar patterns in runtime/provider utilities. - Core settings null guards: https://github.com/elizaos/eliza/pull/6471 - Bootstrap providers null guard (`runtime.providers`): https://github.com/elizaos/eliza/pull/6473 These manifested as: - agent crashes during context building - “IGNORE” behavior when context providers failed - runtime instability in sparse/partial state situations (common in early boot or partially configured agents) ### CLI creation reliability when linked from monorepo (fixed) `elizaos create` could fail due to alpha version resolution when developing from a linked monorepo; templates now use `latest` for `@elizaos/*` dependencies. - PR: https://github.com/elizaos/eliza/pull/6362 --- ## 4) API Changes (developer-facing) ### Settings resolution now supports request-scoped overrides With RequestContext (above), `runtime.getSetting()` behavior effectively changes in multi-tenant scenarios: it can prefer entity/request-scoped settings before agent/global defaults. - PR: https://github.com/elizaos/eliza/pull/6457 **Action:** if you previously relied on global settings in shared runtimes, verify that your request middleware sets (or intentionally does *not* set) entity context, to avoid unexpected provider-key selection. ### Server event semantics: MESSAGE_SENT is now consistent If your plugin listens for send/submit lifecycle events, re-test after the MESSAGE_SENT fix. - PR: https://github.com/elizaos/eliza/pull/6378 --- ## 5) Social Media Integrations (Twitter / Telegram / Discord / Farcaster) ### Twitter/X: first-post failures involving `roomId` (investigation ongoing) A developer reported an error preventing an agent’s first X post due to a `roomId`-related failure; more diagnostics are needed. - Discord (coders channel): https://discord.com/channels/1253563208833433701/1300025221834739744 **Developer guidance:** If you hit this, capture: - full stack trace - runtime version + plugin-twitter version - whether the agent has previously created a room/world or is “headless” posting This aligns with the V2 direction (“respond without needing roomId/worldId”) described in the multi-language PR draft: https://github.com/elizaos/eliza/pull/6485 ### Twitter plugin adoption in external projects Community feedback indicated Eliza’s Twitter plugin is being preferred over alternative implementations due to quality and reduced ban-risk patterns (reported integration into Openclaw via a fork to be published). - Discord context (2026-02-11 discussion): included in aggregated notes ### Moltbook anti-bot verification solver (community implementation) A notable real-world integration problem: Moltbook requires agents to solve obfuscated math challenges within 30 seconds with escalating penalties. Community solution (implemented by funboy): - intercept `verification_required` responses - extract the math challenge - solve via LLM (DeepSeek-chat) - POST the answer back to the verify endpoint with strict formatting (two decimals) Discord thread: https://discord.com/channels/1253563208833433701/1253563209462448241 Implementation sketch (pseudocode): ```ts async function handleMoltbookResponse(resp: any) { if (resp.type !== "verification_required") return resp; const challenge = resp.verification?.challenge; // e.g. "32-7" (obfuscated upstream) const answer = await deepseekSolveMath(challenge); // "25.00" await fetch(`${resp.verification.verify_url}`, { method: "POST", headers: { "content-type": "application/json" }, body: JSON.stringify({ answer }), }); return { ok: true }; } ``` **Note:** This is not yet a merged official plugin update in the aggregated GitHub data; treat it as a field-tested integration pattern pending upstreaming. --- ## 6) Model Provider Updates (OpenAI / Anthropic / DeepSeek / Ollama / etc.) ### OpenAI plugin: persistent media caching (merged) Caching for previously generated images/audio was introduced to reduce redundant calls, latency, and cost. - PR: https://github.com/elizaos-plugins/plugin-openai/pull/23 If your agents generate repeated assets (e.g., “same intro music” or recurring image templates), you should see meaningful savings. ### DeepSeek used for verification automation (community) DeepSeek-chat was successfully used as a fast solver in the Moltbook verification flow (see above). This highlights a practical pattern: **use a dedicated low-latency model for “verification/tooling” subroutines** rather than your full character loop model. ### Ollama plugin docs installation corrections (merged) - PR: https://github.com/elizaos-plugins/plugin-ollama/pull/15 ### Open issue: custom OpenAI-compatible endpoint support (not yet implemented) Developers requested the ability to specify a custom OpenAI endpoint URL to support OpenAI-compatible providers (e.g., SiliconFlow). - Issue: https://github.com/elizaos/eliza/issues/6490 --- ## 7) Breaking Changes / V1 → V2 Migration Warnings V2 work is active and large (multi-language core, packaging changes). The current V2 PR(s) explicitly remove several “default” components and reorganize bootstrap behavior: - V2 branch PRs (not merged): - https://github.com/elizaos/eliza/pull/6485 - https://github.com/elizaos/eliza/pull/6351 ### What to expect if you migrate early / track `next`: - **Distribution changes:** default app/server/CLI may no longer be present in the same form; you may need to adopt new starter projects/examples instead of relying on monorepo defaults. - **Runtime assumptions:** message/memory initialization points have shifted (per PR notes); if you hook into message services, re-validate memory creation timing. - **Room/world coupling:** V2 aims to reduce hard requirements for `roomId/worldId`, which may fix classes of “first message / first post” bugs, but could also change how conversation identity is derived. - **Planning vs single-action mode:** `planningMode=false` can skip planning; if you rely on multi-step planners, ensure your configs don’t disable it unintentionally. **Recommendation:** If you maintain production agents, stay on the stable V1 line until V2.0.0 is merged and a formal migration guide is published. Track V2 changes via the PRs above and the architecture docs added in: https://github.com/elizaos/eliza/pull/6356