## Developer Update — ElizaOS (2026-02-09 → 2026-02-15) This update summarizes GitHub activity across `elizaos/eliza` and key plugin repos, plus notable developer Discord discussions impacting implementation and operations. --- ## 1) Core Framework ### Per-request **Entity Settings** via Request Context (multi-tenant readiness) A new request-scoped context layer enables resolving settings (API keys, OAuth tokens, per-tenant configuration) without threading parameters through every call path. - PR: **feat(core): add request context for per-user entity settings** — https://github.com/elizaos/eliza/pull/6457 - Related discussion: PR **#6470** bundled additional request-context-related work beyond the described null-check fix (review feedback highlighted scope creep): https://github.com/elizaos/eliza/pull/6470 **What changed (conceptually)** - `runtime.getSetting(key)` now checks request context first, then falls back to agent/runtime settings. - Enables shared runtimes serving multiple end-users safely (especially relevant with JWT auth + data isolation). **Practical example (TypeScript)** ```ts import { RequestContext } from "@elizaos/core"; async function handleInboundWebhook(req, runtime) { const entitySettings = { OPENAI_API_KEY: req.headers["x-openai-key"], TELEGRAM_BOT_TOKEN: req.headers["x-telegram-token"], }; return RequestContext.withEntitySettings(entitySettings, async () => { // Inside this closure, runtime.getSetting() will prefer entitySettings. const key = runtime.getSetting("OPENAI_API_KEY"); return runtime.processMessage({ text: req.body.text }); }); } ``` ### Action selection cost controls: **ActionFilterService** (prompt bloat reduction) The new ActionFilterService reduces the set of actions/providers shown to the model by relevance (vector search + BM25 re-ranking), which is especially important for agents with large plugin surfaces. - PR: **feat: ActionFilterService — vector search + BM25 reranking** — https://github.com/elizaos/eliza/pull/6475 **Developer impact** - Lower token usage by trimming tool/action context from 100–200+ actions to ~10–20 relevant candidates. - Improves “tool confusion” failure modes (models selecting irrelevant actions due to excessive tool menus). ### V2 workstreams: multi-language runtime direction (Rust + Python + TypeScript) Ongoing V2 branches consolidate the runtime and move away from bundling “everything” (app/server/CLI) inside core. - PR: **feat: next generation multi-language Eliza with Rust, Python and TypeScript support** — https://github.com/elizaos/eliza/pull/6485 - PR: **next** — https://github.com/elizaos/eliza/pull/6474 - PR: **V2.0.0 (working branch)** — https://github.com/elizaos/eliza/pull/6351 - Tests/engine work (V2): **dynamic execution engine** — https://github.com/elizaos/eliza/pull/6384 Key V2 notes called out in PR descriptions: - Agents can respond without `roomId` / `worldId` in some flows (see also ongoing Discord reports of roomId-related posting issues). - `planningMode` toggle: ability to skip planning and execute a single action (useful for games / constrained agents). - Tool/action calls with arguments: actions become closer to “callable tools” without an extra step. --- ## 2) New Features ### JWT Authentication & User Management (server + client) JWT auth introduces proper multi-user isolation when `ENABLE_DATA_ISOLATION=true`. - PR: **feat(auth): implement JWT authentication and user management** — https://github.com/elizaos/eliza/pull/6200 - Env var docs (helps teams deploy correctly): **docs: add environment variables documentation** — https://github.com/elizaos/eliza/pull/6377 **Operational notes** - This work is foundational for Eliza Cloud-style multi-tenant deployments and safer hosted runtimes. - It also changes how developers should approach “shared server” deployments (assume authenticated sessions, not anonymous global state). **Example configuration** ```bash # Server export ENABLE_DATA_ISOLATION=true export ELIZA_SERVER_AUTH_TOKEN="your-server-token" # plus JWT verifier settings per docs/environment-variables.md ``` ### Plugin bootstrap improvements (performance + robustness) Plugin bootstrap continued hardening and optimization. - PR: **feat(plugin-bootstrap): comprehensive optimization and robustness improvements** — https://github.com/elizaos/eliza/pull/6476 This work pairs with a set of defensive null-check fixes (see Bug Fixes) that prevent runtime crashes from malformed metadata or partial provider state. ### Eliza Cloud operational tooling (Discord-derived implementation details) While not shipped as a PR in the provided dataset, Discord surfaced concrete operational mechanics used by the core team: - Cloud credits can be granted via direct DB updates (identified UX/admin gap for support tooling). - OAuth-created accounts may not be searchable by email immediately; org slug or Account ID are necessary for lookup (important for internal admin scripts). (Discord context: 2026-02-14 discussion logs in `💬-discussion`.) --- ## 3) Bug Fixes (critical & developer-facing) ### Prevent agent crashes from `Object.entries(null|undefined)` in core + bootstrap Multiple reports indicated agent failures when providers encounter null metadata or non-object state. - PR: **fix: add null checks to Object.entries calls in settings utilities** — https://github.com/elizaos/eliza/pull/6471 - PR: **fix(plugin-bootstrap): add null check for runtime.providers** — https://github.com/elizaos/eliza/pull/6473 - PR (open, but includes related fixes + additional scope): **fix: Add null/undefined checks… in plugin-bootstrap** — https://github.com/elizaos/eliza/pull/6470 **Why it mattered** - These crashes often surfaced as agents emitting `IGNORE` actions or failing to hydrate context providers, leading to broken conversation continuity and/or failed tool invocation. ### Server event lifecycle correctness: `MESSAGE_SENT` emission after bus send A missing event caused downstream consumers to miss post-send hooks. - PR: **fix(server): emit MESSAGE_SENT event after sending to central server** — https://github.com/elizaos/eliza/pull/6378 - Fixes issue: https://github.com/elizaos/eliza/issues/5216 (referenced in PR body) ### CLI reliability fixes for real-world deployment Remote auth and local dev linking were common failure points. - PR: **fix(cli): load .env files in agent commands for authentication** — https://github.com/elizaos/eliza/pull/6376 - PR: **fix(cli): always use 'latest' for @elizaos deps in created projects** — https://github.com/elizaos/eliza/pull/6362 - PR: **fix(cli): validate directory path in ensureDir** — https://github.com/elizaos/eliza/pull/6379 These fixes reduce “works in monorepo but not in user projects” issues and improve first-run success. ### Open issue to watch: duplicate LLM calls when message contains a URL This is an active cost/UX bug: the same message is processed twice (text + attachment preview), duplicating tokens and streaming output. - Issue: **[Bug] URL in message triggers duplicate LLM calls** — https://github.com/elizaos/eliza/issues/6486 ### Open issue to watch: images stripped from cloud chat LLM requests Cloud `/api/v1/chat/completions` path appears to drop image content during UI message conversion. - Issue: **Image content stripped from LLM requests in cloud chat** — https://github.com/elizaos/eliza/issues/6494 --- ## 4) API Changes (developer-visible) ### Settings resolution order (Request Context) With request context enabled, settings resolution is now effectively: 1. **Request/entity settings** (AsyncLocalStorage scope) 2. Agent/runtime settings (existing behavior) If you rely on global env-based settings and suddenly see different keys being used under load, audit any middleware/wrappers that set per-request entity settings. - PR: https://github.com/elizaos/eliza/pull/6457 ### Auth-protected endpoints and client flows (JWT auth) JWT auth introduces new expectations for: - Socket authentication - Protected routes in the web client - Server middleware chains - PR: https://github.com/elizaos/eliza/pull/6200 - Docs: https://github.com/elizaos/eliza/pull/6377 --- ## 5) Social Media Integrations (Twitter / Telegram / Discord / Farcaster) ### Twitter (X) plugin: auth retry-loop fix + media upload support A major stability fix plus capability expansion landed in the Twitter plugin. - PR: **plugin-twitter#48** — (referenced in contributor activity summary; if you maintain deployments, pull latest) Context: resolves an authentication retry loop and adds media upload paths. **Developer implications** - If you have custom tweet/post pipelines, re-test auth refresh behavior and media upload MIME handling after updating. ### Discord operational security (community moderation impacting dev support) Discord saw active scam attempts via fake support tickets/threads, prompting operational action items: - Restrict thread creation permissions (to reduce attacker surface) - Ban reported scammer account ID `364718078946312192` While not a code change, this directly affects how developers and users should seek support: do not trust ad-hoc “tickets” created in threads; official support will not redirect you to other servers/Zoom calls. (Discord logs: 2026-02-15 `💬-discussion` / `💬-coders`.) --- ## 6) Model Provider Updates (OpenAI / Anthropic / DeepSeek / etc.) ### OpenAI provider: custom endpoint request (OpenAI-compatible vendors) Developers requested support for overriding the OpenAI base URL to use OpenAI-compatible providers (e.g., SiliconFlow). - Issue: **Support custom OpenAI endpoint URL for OpenAI provider** — https://github.com/elizaos/eliza/issues/6490 **Suggested direction** - Add `OPENAI_BASE_URL` (or provider-level config) and ensure it propagates through both TS runtime and any cloud proxy layers. ### DeepSeek used for automated anti-bot challenge solving (integration pattern) A community implementation for Moltbook’s `verification_required` flow used **DeepSeek-chat** to solve obfuscated math prompts and respond to a verification endpoint within 30 seconds. While this is not yet tracked as a PR in the provided dataset, it’s a useful pattern for “LLM-as-parser” middleware: - intercept server response - extract challenge - solve out-of-band (outside the character loop) - POST normalized answer (e.g., formatting floats `"25.00"`) (Discord logs: 2026-02-13.) --- ## 7) Breaking Changes / V1 → V2 Migration Warnings ### V2 branch removes “non-essentials” and restructures the stack Multiple V2 PRs explicitly remove or decouple: - default app - server - CLI from the core distribution in favor of a lean runtime across Rust/Python/TypeScript. - PR: https://github.com/elizaos/eliza/pull/6351 - PR: https://github.com/elizaos/eliza/pull/6485 - PR: https://github.com/elizaos/eliza/pull/6474 **Migration risk areas** - **Project scaffolding**: if you depend on `elizaos create` templates from V1, expect template and dependency semantics to change under V2. - **Runtime assumptions**: code that requires `roomId/worldId` may need to adapt (V2 aims to support responses without them in some flows). - **Plugin portability**: “critical plugins ported” implies some plugins will have language-specific implementations; ensure your deployment pins compatible plugin/runtime versions. ### Community-facing but operationally important: token migration closed Token migration (ai16z → elizaOS) is closed (deadline Feb 4). This isn’t a code breaking change, but it has created elevated support load and increased phishing risk, which affects developer operations and community trust channels. (Discord logs: 2026-02-14 and 2026-02-15.) --- ## References / Docs - Core docs PR: https://github.com/elizaos/eliza/pull/6356 - Environment variables doc PR: https://github.com/elizaos/eliza/pull/6377 - Architecture & concepts (from docs PR): - https://github.com/elizaos/eliza/blob/main/docs/ARCHITECTURE.md - https://github.com/elizaos/eliza/blob/main/docs/CORE_CONCEPTS.md - https://github.com/elizaos/eliza/blob/main/docs/PLUGIN_DEVELOPMENT.md ---