# ElizaOS Developer Update (Week of 2026-05-03 to 2026-05-09) This week focused on framework hardening (runtime stability, secrets handling), monorepo consolidation (Cloud + plugins), and restoring end-to-end automation UX (n8n clarification loop). Social integrations saw notable movement: Slack is now first-class in the monorepo, Telegram reliability issues were addressed, and the community confirmed Twitter/X now requires the paid X API. --- ## 1) Core Framework ### Monorepo consolidation: Cloud + plugins unified A major structural change landed that consolidates Cloud and a large set of plugins into the primary repo, while removing legacy Rust/Python surfaces: - **PR:** `chore: add cloud and plugins, remove rust and python` ([elizaos/eliza#7235](https://github.com/elizaos/eliza/pull/7235)) **Why this matters (developer impact):** - Build/test workflows are now centered on the TypeScript/Bun toolchain for the mainline developer experience. - Cloud codepaths and plugin sources-of-truth now live alongside core runtime code, reducing version skew but increasing the need to pin revisions carefully for downstream consumers. ### Cross-platform secrets vault + Settings UI integration Secrets management moved from plaintext `config.env` patterns toward encrypted-at-rest storage with OS keychain integration: - **PR:** `feat(vault): @elizaos/vault — cross-platform secrets vault + Settings UI integration` ([elizaos/eliza#7197](https://github.com/elizaos/eliza/pull/7197)) - **Bugfix (headless stability):** skip OS keychain on headless Linux to prevent native segfaults ([elizaos/eliza#7230](https://github.com/elizaos/eliza/pull/7230)) **Key architectural changes:** - New workspace package: `@elizaos/vault` - Runtime + Settings routes mirror sensitive plugin configuration fields into the vault. - Vault-first reveal path: `/api/plugins/:id/reveal` prefers the vault value over `process.env` / `config.env`. - Headless Linux fallback avoids `libsecret`/DBus pitfalls by bypassing OS keychain if unavailable (prevents process-level segfault). **Minimal usage example (vault API):** ```ts import { sharedVault } from "@elizaos/vault"; // Store a secret encrypted at rest await sharedVault().set("OPENAI_API_KEY", process.env.OPENAI_API_KEY!, { sensitive: true, }); // Retrieve it later const key = await sharedVault().get("OPENAI_API_KEY"); ``` ### Self-hosted runtime improvements (CORS + bearer auth) If you embed the dashboard or run remote agent control-plane style deployments: - **PR:** `feat(self-hosted): CORS + bearer auth + cross-platform build fixes` ([elizaos/eliza#7212](https://github.com/elizaos/eliza/pull/7212)) This improves cross-platform connectivity for self-hosting scenarios where the runtime must serve browser dashboards over HTTPS/custom domains and support bearer-authenticated access patterns. --- ## 2) New Features ### Slack connector is now in the monorepo Slack is no longer a standalone plugin repo; it lives at `plugins/plugin-slack/`: - **PR:** `feat(slack): migrate plugin-slack into the monorepo` ([elizaos/eliza#7375](https://github.com/elizaos/eliza/pull/7375)) **What shipped:** - Socket Mode service implementation - 11 Slack actions (send/edit/delete, pins, reactions, channel read/list, etc.) - 3 providers (channel state, workspace info, member list) - 120 unit tests included with the plugin **Developer note:** The PR explicitly addressed API drift against core `2.0.0-alpha.*`: - `State.recentMessagesData` now requires casting at read sites - `MentionContext` requires `isReply` and `isThread` **Example: enabling Slack plugin** ```jsonc { "plugins": { "entries": { "@elizaos/plugin-slack": { "enabled": true } } }, "env": { "SLACK_BOT_TOKEN": "xoxb-***", "SLACK_APP_TOKEN": "xapp-***" } } ``` ### n8n automations: end-to-end clarification loop is now productized This week restored the “ask clarifying questions” workflow from LLM → host routes → UI. Core pieces: - **Route layer:** clarification roundtrip handling ([elizaos/eliza#7316](https://github.com/elizaos/eliza/pull/7316)) - **UI layer:** inline clarification “quick-pick” panel ([elizaos/eliza#7341](https://github.com/elizaos/eliza/pull/7341)) - **Plugin prompt rules:** structured `ClarificationRequest` + name→id directives ([elizaos/eliza#7373](https://github.com/elizaos/eliza/pull/7373)) **What’s new technically:** - `POST /api/n8n/workflows/generate` can return `needs_clarification` payloads. - Clarifications can be either: - **Param-mapped** (writes into workflow fields), or - **Free-form** (no `paramPath`), now supported by resolve flow ([elizaos/eliza#7370](https://github.com/elizaos/eliza/pull/7370)). **Example: handling a clarification response in a client** ```ts type GenerateWorkflowResult = | { status: "ok"; workflow: unknown } | { status: "needs_clarification"; questions: Array<{ id: string; prompt: string; options?: string[] }> }; const res = (await fetch("/api/n8n/workflows/generate", { method: "POST" }).then(r => r.json())) as GenerateWorkflowResult; if (res.status === "needs_clarification") { // render buttons / free-form input console.log(res.questions); } ``` ### Cloud: monetized container app domains + app-scoped chat endpoints Cloud added production pathways for agent-built monetized apps: - **PR:** `feat(cloud): support monetized container app domains` ([elizaos/eliza#7376](https://github.com/elizaos/eliza/pull/7376)) Highlights: - App-scoped chat endpoint: `POST /api/v1/apps/:appId/chat` - Managed domains flows: check/buy/status/sync/verify (Cloudflare-backed) - Container deployment status reconciliation improvements (avoid “stuck deploying”) - OAuth-style app auth callback/session flow for generated apps **If you are building app-scoped chat:** ```bash curl -sS -X POST "https:///api/v1/apps/$APP_ID/chat" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $APP_USER_TOKEN" \ -d '{"messages":[{"role":"user","content":"hello from my app"}]}' ``` --- ## 3) Bug Fixes (Critical) ### Headless Linux segfault on boot (keychain/libsecret) A process-level crash on headless Linux was eliminated by skipping OS keychain where Secret Service is unavailable: - **PR:** [elizaos/eliza#7230](https://github.com/elizaos/eliza/pull/7230) - Related stability goal referenced in weekly summary: headless Linux reliability (see issue context [elizaos/eliza#7231](https://github.com/elizaos/eliza/issues/7231)) **Technical root cause:** native keyring backend (`libsecret` via DBus) can segfault when no Secret Service agent is reachable. The fix ensures vault/confidant don’t attempt that path in headless environments. ### Telegram message loss via duplicate pollers Telegram reliability problems were addressed this week across core + plugin integration (weekly summary mentions race condition fixes): - Issue context: dual long-poll consumers cause silent message loss ([elizaos/eliza#7245](https://github.com/elizaos/eliza/issues/7245)) **Failure mode:** Telegram `getUpdates` long-poll delivers each update to exactly one consumer; running two Telegraf instances against the same token makes delivery nondeterministic (messages appear “randomly ignored”). **What to validate in your deployment:** ensure only one poller owns a given bot token (either the connector plugin or a wrapper, never both). ### SQL plugin: missing tables break memory/relationships on fresh DBs Fresh PGLite boots could fail to create several relationship tables, causing state composition failures and downstream structured-output parsing errors: - Issue context: missing drizzle pgTable defs for `entity_identities`, `entity_merge_candidates`, `fact_candidates` ([elizaos/eliza#7222](https://github.com/elizaos/eliza/issues/7222)) **Impact:** repeated query failures in providers/evaluators lead to half-empty state → model responses don’t match expected structured format → retries → user-visible “parsing error”. ### UI client runtime: duplicate client class prevents prototype augmentation A duplicate client class led to undefined methods at runtime (chat/apps surfaces breaking): - Issue context: duplicate `MiladyClient` class breaks augmenter prototype attachment ([elizaos/eliza#7244](https://github.com/elizaos/eliza/issues/7244)) **Symptom:** `client.listAppRuns is not a function` and similar errors, often freezing UI flows. ### Automation UX correctness fixes - Delete trigger now passes correct `triggerName` in detail pane confirmation flows ([elizaos/eliza#7340](https://github.com/elizaos/eliza/pull/7340)) - Free-form clarifications supported (no `paramPath`) ([elizaos/eliza#7370](https://github.com/elizaos/eliza/pull/7370)) - n8n parsing hardening: tolerate prose-trailed JSON ([elizaos/eliza#7369](https://github.com/elizaos/eliza/pull/7369)) --- ## 4) API Changes ### Secrets & plugin config Introduced/expanded routes and semantics around secrets storage and reveal: - Vault + Settings integration ([elizaos/eliza#7197](https://github.com/elizaos/eliza/pull/7197)) - Sentinel handling in env application logic (skip vault sentinels) ([elizaos/eliza#7368](https://github.com/elizaos/eliza/pull/7368)) **Behavior change developers should note:** - Saving plugin config via `PUT /api/plugins/:id` may now write to both legacy env storage and the vault mirror. - Reveals will prefer vault-backed values, which can differ from `process.env` if you are debugging locally. ### Cloud app APIs New Cloud endpoints (for monetized apps + domains) were added in: - [elizaos/eliza#7376](https://github.com/elizaos/eliza/pull/7376) These introduce app-scoped chat and domain lifecycle endpoints; if you maintain a Cloud client, ensure your SDK/typing layer models these routes. ### n8n clarification roundtrip endpoints - Clarification routes and client types were added/extended ([elizaos/eliza#7316](https://github.com/elizaos/eliza/pull/7316)) --- ## 5) Social Media Integrations ### Twitter/X: X API is now required Discord guidance this week confirmed a policy change: - Community discussion (2026-05-07): X API is **required** for Twitter integration; prior login methods are no longer sufficient. Pricing was reported as “more affordable than previously,” but it is still a paid dependency. (Discord thread summary: [2026-05-07](https://discord.com/channels/1253563208833433701/1253563209462448241)) **Action for developers:** update deployment/runbooks to include X API credentials explicitly, and avoid relying on legacy auth paths. ### Telegram: stability and config correctness Weekly summary notes Telegram conflict fixes to prevent interruptions (see also issue context [#7245](https://github.com/elizaos/eliza/issues/7245)). If you operate Telegram bots, verify: - only one poller is active - connector config is applied at runtime (see monthly context in prior work: plugin-telegram config application fix referenced in May summaries) ### Slack: new first-class plugin location Slack is now part of the monorepo at `plugins/plugin-slack` ([#7375](https://github.com/elizaos/eliza/pull/7375)), reducing version mismatch risk between core and connector. ### Hyperfy plugin: removed due to version mismatches (community advisory) Discord (2026-05-07) reported the Hyperfy plugin disappeared (404) due to compatibility drift between plugin and core; a zip was shared as a temporary workaround. Treat this integration as **unstable** until the plugin is updated and restored publicly. --- ## 6) Model Provider Updates ### Anthropic SDK bumped - **PR:** update `@anthropic-ai/sdk` to `^0.92.0` ([elizaos/eliza#7218](https://github.com/elizaos/eliza/pull/7218)) If you maintain provider wrappers or rely on Anthropic message schemas, re-run typechecks and verify streaming behavior and request headers for your environment. ### AI SDK & provider utils updates Multiple Renovate bumps landed for `ai` and `@ai-sdk/*` packages (e.g. [#7214](https://github.com/elizaos/eliza/pull/7214), [#7217](https://github.com/elizaos/eliza/pull/7217), [#7229](https://github.com/elizaos/eliza/pull/7229)). If you pin provider behavior tightly, watch for subtle changes in: - tool calling serialization - streaming chunk formats - error normalization ### Payment infrastructure note (x402 routes) Discord (2026-05-06) announced: **elizaOS and DegenAI added as default payment methods for x402 routes**. If you build paid agent flows, confirm your route handlers and billing middleware reflect the updated defaults. --- ## 7) Breaking Changes / Migration Warnings (V1 → V2) ### Monorepo & runtime surface changes can break downstream assumptions - Consolidation PR ([#7235](https://github.com/elizaos/eliza/pull/7235)) removed Rust/Python components from the mainline repo structure. If your V1 integration depended on those subprojects or their build artifacts, you’ll need to migrate to: - the TypeScript/Bun-first toolchain, and/or - the new monorepo plugin locations as sources of truth. ### Secrets handling: plaintext env patterns are increasingly legacy With vault mirroring ([#7197](https://github.com/elizaos/eliza/pull/7197)), V1-style “read from config.env directly” debugging and provisioning will not fully reflect runtime behavior: - New installs may store sensitive values encrypted at rest. - Reveal routes will prefer vault values. - Headless Linux behavior differs intentionally (no OS keychain) ([#7230](https://github.com/elizaos/eliza/pull/7230)). **Migration guidance:** if you ship a plugin/config UI, treat secrets as references (vault-first) rather than expecting raw env propagation. ### Twitter/X integration now requires X API credentials If you are migrating a V1 Twitter bot deployment that used legacy auth methods, it may fail silently or stop posting. Update configs to use X API and budget accordingly (Discord: 2026-05-07 discussion). --- ## References & Follow-ups - DeFi plugin registry security docs: add SafeAgent to registry (awaiting review) - **PR:** [elizaos/docs#84](https://github.com/elizaos/docs/pull/84) - Website/docs automation issue reported: daily summary page stuck since May 4 (Discord: 2026-05-07). If you rely on those generated summaries, consider monitoring the generation workflow and GitHub Pages deploy pipeline. - Hyperfy plugin restore/update remains an open ecosystem task (Discord: 2026-05-07).