# ElizaOS Developer Update (2026-05-02 → 2026-05-08) This week focused on monorepo consolidation (Cloud + plugin migrations), secrets management hardening, new Cloud monetization primitives, and continued stabilization of connector runtimes. --- ## 1) Core Framework ### Cloud consolidated into main repo + container-first hosting ElizaCloud has been consolidated into the primary repository, `elizaOS/eliza`, and the hosting approach is shifting away from Vercel toward cheaper containerized deployments (Discord discussion, 2026-05-06). This impacts how you should reason about: - CI/workflows (now centralized) - Cloud service build artifacts (container-oriented) - Local development (Cloud services live in-tree under `cloud/`) **Repo:** https://github.com/elizaOS/eliza ### Cross-platform secrets: `@elizaos/vault` A major core addition landed this week: **`@elizaos/vault`**, providing encrypted-at-rest secret storage with OS-keychain-backed master keys (and headless fallbacks), wired into both runtime and Settings UI. - **PR:** `feat(vault): @elizaos/vault — cross-platform secrets vault + Settings UI integration` https://github.com/elizaOS/eliza/pull/7197 - **Critical follow-up fix (headless Linux segfault):** `fix(vault, confidant): skip OS keychain on headless Linux...` https://github.com/elizaOS/eliza/pull/7230 Key architectural points: - Secrets are **mirrored** from plugin config saves into the vault (write-through), rather than only persisting plaintext in `config.env`. - Reveal paths become **vault-first**, falling back to `process.env/config.env`. - Runtime ops migrate toward **reference-based credentials** (e.g., `apiKeyRef`) instead of plaintext propagation. --- ## 2) New Features ### A) Monetized Cloud apps: app-scoped chat + managed domains Cloud gained the production path for monetized container apps: - App-scoped chat endpoint: `POST /api/v1/apps/:appId/chat` - Managed Cloudflare domains: check/buy/status/sync/verify flows - Container deployment lifecycle reconciliation improvements **PR:** `feat(cloud): support monetized container app domains` https://github.com/elizaOS/eliza/pull/7376 **Docs added/updated in-tree:** `cloud/packages/docs/*` (see PR files list) **Example: calling app-scoped chat** ```bash curl -sS -X POST "https://api.elizacloud.ai/api/v1/apps/$APP_ID/chat" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $ELIZA_BEARER" \ -d '{ "messages": [{ "role": "user", "content": "Ship a concise release note for my app." }], "stream": false }' ``` **Operational note:** Greptile review flagged edge cases in auth error classification + domain verification state transitions in this area. If you are building against these endpoints, ensure your client handles potential `500` responses that may actually be auth-related until the route-level error mapping is hardened (see PR review notes embedded on #7376). --- ### B) Slack connector migrated into the monorepo `@elizaos/plugin-slack` is now hosted inside `elizaOS/eliza` under `plugins/plugin-slack`. **PR:** `feat(slack): migrate plugin-slack into the monorepo` https://github.com/elizaOS/eliza/pull/7375 This migration also included API drift fixes to align with core `2.0.0-alpha.*` changes: - `State.recentMessagesData` typing is now broader → plugin casts to `Memory[] | undefined` - `MentionContext` now requires `isReply` and `isThread` in addition to `isMention` **Developer action:** update any direct Git submodules or dependency references that still point at the standalone plugin repo. --- ### C) Automations: clarification round-trip + UX surfacing (n8n) The clarifications loop for workflow generation is now end-to-end: - Host route supports clarification resolution - UI renders inline clarification prompts Key PRs: - `feat(n8n): clarification roundtrip route` https://github.com/elizaOS/eliza/pull/7316 - `feat(automations): clarification quick-pick UI` https://github.com/elizaOS/eliza/pull/7341 - `fix(automations): support free-form clarifications in resolve flow` https://github.com/elizaOS/eliza/pull/7370 **Example: clarification response shape (conceptual)** ```ts type ClarificationRequest = { prompt: string; choices?: Array<{ label: string; value: string }>; // paramPath may be omitted for free-form clarifications (fixed in #7370) paramPath?: string; }; ``` --- ### D) Payments: x402 default payment methods ElizaOS and DegenAI were added as **default payment methods** for **x402 routes** (Discord discussion, 2026-05-06). If you maintain monetized routes, verify your x402 handler(s) correctly recognize these defaults after updating. --- ## 3) Bug Fixes (Critical) ### A) Headless Linux crash when keychain unavailable A process-level segfault occurred on headless Linux hosts when the `libsecret` backend could not reach D-Bus Secret Service. This is now mitigated by skipping OS keychain access on headless Linux and using safe fallback paths. - **PR:** https://github.com/elizaOS/eliza/pull/7230 **Impact:** prevents non-catchable boot crashes in server/CI environments; vault/confidant master key acquisition becomes deterministic. --- ### B) Vault sentinel values incorrectly exported into runtime env A runtime/config edge case caused vault sentinel/reference placeholders to be written into `process.env` during config hydration, which could break provider auth resolution. - **PR:** `fix(agent): skip vault sentinels in applyConfigEnvToProcessEnv` https://github.com/elizaOS/eliza/pull/7368 **Developer impact:** if you previously saw providers attempting to use non-credential strings (refs/sentinels) as keys, this should be resolved after upgrade. --- ### C) Telegram polling race causing silent message loss (resolved earlier in week) A critical connector issue was identified where two Telegraf long-poll consumers could run concurrently against the same bot token, causing updates to be split and silently dropped. The issue is tracked here: - **Issue:** https://github.com/elizaOS/eliza/issues/7245 (closed) If you are maintaining custom wrappers around `@elizaos/plugin-telegram`, ensure you only have **one** polling owner per token. --- ### D) n8n workflow generation JSON parsing robustness The n8n workflow generator occasionally produced valid JSON followed by trailing prose; parsing now tolerates this. - **PR:** https://github.com/elizaOS/eliza/pull/7369 --- ## 4) API Changes (Developer-facing) ### A) Cloud: new app-scoped chat route - **New:** `POST /api/v1/apps/:appId/chat` (Cloud) - **PR:** https://github.com/elizaOS/eliza/pull/7376 If you previously used only user/org-scoped chat endpoints, you now have an app-scoped surface designed for monetized apps (credits metadata + app ownership checks). --- ### B) Secrets management routes + vault-first reveal Vault integration changes the behavior of plugin credential storage and reveal: - `PUT /api/plugins/:id` now mirrors sensitive fields into the vault (in addition to legacy writes). - `POST /api/plugins/:id/reveal` resolves **vault-first**. **PR:** https://github.com/elizaOS/eliza/pull/7197 **Practical consequence:** if you maintain tooling that scrapes `config.env` directly, you may no longer see plaintext secrets there (depending on user flows); use the official reveal/manager APIs where possible. --- ## 5) Social Media Integrations ### Twitter/X: X API is now required Discord discussions confirmed a policy/implementation shift: **the X (Twitter) API is now required** for Twitter integration; prior “login method” approaches are no longer sufficient. - Discussion references: https://discord.com/channels/1253563208833433701/1300025221834739744 https://discord.com/channels/1253563208833433701/1253563209462448241 **Developer action:** ensure your deployment supplies X API credentials and budget expectations align with current X pricing tiers (noted as “much cheaper than before,” but still required). --- ### Telegram: stability focus continues In addition to the earlier race fix (#7245), the Telegram ecosystem continues receiving config correctness fixes (noted in monthly summary; see plugin-telegram runtime token application fix): - `elizaos-plugins/plugin-telegram#29` (referenced in project summaries) --- ### Slack: now in monorepo See **New Features → Slack migration** (#7375). --- ## 6) Model Provider Updates ### Anthropic SDK updated - **PR:** `fix(deps): update dependency @anthropic-ai/sdk to ^0.92.0` https://github.com/elizaOS/eliza/pull/7218 If you maintain custom provider adapters or rely on specific Anthropic SDK behavior, validate streaming/event shapes after the bump. ### eliza-1 model training notes (R&D) Discord notes (2026-05-05) indicate ongoing internal model work: - Base model: **Qwen** - Optimizations: **dflash speculative decoding**, **caveman compression** for thinking, **turboquant** quantization - A `v2.0.0-beta.0` milestone was mentioned in context of the training cycle These are not yet exposed as stable provider surfaces, but they inform upcoming defaults and performance profiles. --- ## 7) Breaking Changes / V1 → V2 Migration Warnings ### A) Twitter integration break: X API required If you are migrating bots from older auth flows, treat this as a breaking operational requirement (credentials + billing). Plan to rotate configs accordingly. ### B) Plugin compatibility drift (Hyperfy starter removed) A Hyperfy plugin/starter (`eliza-3d-hyperfy-starter`) was reported as removed (404) due to core/plugin version mismatch; a zip workaround was shared privately in Discord while compatibility is addressed. - Discord context: https://discord.com/channels/1253563208833433701/1300025221834739744 **Migration implication:** if you have downstream plugins pinned to older core APIs (common in V1→V2 transitions), expect breakage as core types/runtime contracts evolve. Align plugin versions to the monorepo’s current `@elizaos/core` alpha line and avoid relying on removed starters without vendor pinning. ### C) Secrets storage expectations changed with `@elizaos/vault` Even though the vault integration was designed to be additive, it changes practical assumptions: - plaintext keys may no longer be present where you previously inspected them - preference toward `apiKeyRef`-style indirection is increasing **PR:** https://github.com/elizaOS/eliza/pull/7197 --- ## Documentation / Site Reliability Notes - The public summary page appears stuck since May 4: `https://elizaos.github.io/summary/day` (Discord report, 2026-05-07). Root cause suspected to be GitHub account/config related; still under investigation. - A docs-site infra PR was opened to improve env var typing/handling via an `ImportMetaENV` interface in `next.config.js` (reported in daily dev activity for `elizaos.github.io`). **Docs repo:** https://github.com/elizaOS/elizaos.github.io