# ElizaOS Developer Update (2026-05-03 → 2026-05-09) This update summarizes core framework and plugin ecosystem changes merged during the week leading into **2026-05-10**, plus notable developer discussions from Discord. --- ## 1) Core Framework ### Cross-platform secrets + runtime/settings integration: `@elizaos/vault` A new first-class secrets system landed in core: **`@elizaos/vault`** provides encryption-at-rest (AES-256-GCM) with OS-keychain master-key storage and a headless fallback for servers/CI. It is wired into both **agent runtime** and the **Settings UI**, so saving plugin credentials no longer depends on plaintext `config.env` as the primary persistence layer. - PR: **feat(vault): @elizaos/vault — cross-platform secrets vault + Settings UI integration** https://github.com/elizaos/eliza/pull/7197 Key runtime implications: - Sensitive plugin params saved via Settings are now *mirrored* into the vault (write-through). - “Reveal” routes consult the vault first. - Provider switching prefers `apiKeyRef` (vault reference) over raw `apiKey` (plaintext). Headless Linux stability fix (prevents native segfault when secret-service is unavailable): - PR: **fix(vault, confidant): skip OS keychain on headless Linux to prevent native segfault on agent boot** https://github.com/elizaos/eliza/pull/7230 - Related issue (referenced in weekly summary): **headless Linux segfault** https://github.com/elizaos/eliza/issues/7231 ### Self-hosted runtime hardening: CORS + bearer auth + build fixes Self-hosted deployments gained a more robust remote-dashboard connectivity path (CORS + bearer auth), plus cross-platform build fixes spanning agent runtime and app-core. - PR: **feat(self-hosted): CORS + bearer auth + cross-platform build fixes** https://github.com/elizaos/eliza/pull/7212 ### Monorepo consolidation: cloud + plugins; removal of legacy rust/python scaffolding A large repository consolidation landed, bringing Cloud and more plugins into the main tree and removing legacy multi-language scaffolding where it was no longer used. - PR: **chore: add cloud and plugins, remove rust and python** https://github.com/elizaos/eliza/pull/7235 --- ## 2) New Features ### Slack connector is now in the monorepo (`@elizaos/plugin-slack`) Slack is no longer a standalone plugin repo: it’s now located at `plugins/plugin-slack/`, aligned with current core types and plugin build conventions. - PR: **feat(slack): migrate plugin-slack into the monorepo** https://github.com/elizaos/eliza/pull/7375 What developers get: - Socket Mode service + message ingestion - 11 actions (send/edit/delete/react/pins/etc.) - 3 providers (channel state, member list, workspace info) - Test coverage migrated (120 unit tests) ### Cloud: monetized container app domains + app-scoped chat endpoint Cloud gained production paths for “agent-built apps”: - App-scoped chat: `POST /api/v1/apps/:appId/chat` - Cloudflare-managed domain lifecycle endpoints (check/buy/status/sync/verify) - Container control-plane improvements to reconcile deployment state - PR: **feat(cloud): support monetized container app domains** https://github.com/elizaos/eliza/pull/7376 - Docs added/updated in-repo (see PR files): `cloud/packages/docs/building-a-monetized-app.md`, `cloud/packages/docs/agent-skill-build-monetized-app.md` Example: calling the app-scoped chat endpoint (Cloud) ```bash curl -sS -X POST "https://api.elizacloud.ai/api/v1/apps/$APP_ID/chat" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $STEWARD_SESSION_JWT" \ -d '{ "messages": [{ "role": "user", "content": "Ship me a status page copy draft." }], "stream": false }' ``` ### n8n automations: clarification roundtrip + UX quick-pick The “needs clarification” loop is now end-to-end: - Host routes now accept/resolve clarification requests - UI renders a quick-pick panel when the workflow generator returns `needs_clarification` - PR: **feat(n8n): clarification roundtrip route** https://github.com/elizaos/eliza/pull/7316 - PR: **feat(automations): clarification quick-pick UI** https://github.com/elizaos/eliza/pull/7341 - PR: **feat(automations): hero centerpiece overview + UX restoration** https://github.com/elizaos/eliza/pull/7317 Example: clarification response shape (conceptual) ```ts type ClarificationRequest = { id: string; prompt: string; options?: Array<{ label: string; value: string }>; // paramPath may be missing for free-form clarifications (now supported) paramPath?: string; }; ``` ### Discord connector: connector target catalog (guild/channel enumeration) A new `ConnectorTargetCatalog` service surfaces real Discord guilds/channels for runtime-aware workflows (notably used by n8n clarification flows). - PR: **feat(app-core): connector-target-catalog service (Discord)** https://github.com/elizaos/eliza/pull/7315 --- ## 3) Bug Fixes (critical / developer-impacting) ### Vault + config env sentinel safety When vault integration is enabled, some settings flows store vault references/sentinels; the agent now avoids incorrectly copying those into `process.env`. - PR: **fix(agent): skip vault sentinels in applyConfigEnvToProcessEnv** https://github.com/elizaos/eliza/pull/7368 ### Automations delete semantics bugfix Fixes a mismatch between the trigger id used for deletion and the display name shown in confirmation, preventing incorrect deletes / confusing confirmations. - PR: **fix(automations): pass triggerName to onDeleteTrigger from detail pane** https://github.com/elizaos/eliza/pull/7340 ### Cloud auth & onboarding reliability fixes Multiple fixes landed to stabilize Steward/SIWE flows and CLI-login completion in Cloud: - PR: **fix(cloud/auth): unblock SIWE by bypassing the disabled cache singleton** https://github.com/elizaos/eliza/pull/7324 - PR: **fix(cloud/auth): pass c.env to getAppHost/getAppUrl on Worker (SIWE domain)** https://github.com/elizaos/eliza/pull/7327 - PR: **fix(cloud-frontend): cli-login completion effect deadlock** https://github.com/elizaos/eliza/pull/7367 - PR: **fix(cloud-frontend): cli-login active flag race on cleanup** https://github.com/elizaos/eliza/pull/7377 ### Windows CI packaging stability Fixes false-negative failures from Inno Setup on Windows Server 2025 runners. - PR: **fix(ci): handle bogus Inno Setup exit codes on Windows Server 2025** https://github.com/elizaos/eliza/pull/7232 ### Registry collision fix (plugin/app id conflict) Fixes a hard registry-load failure due to duplicate ids across app/plugin entries. - PR: **fix(registry): rename plugin polymarket id to avoid app/plugin collision** https://github.com/elizaos/eliza/pull/7314 --- ## 4) API Changes (developer-visible) ### Secrets & plugin settings APIs (vault-backed) Vault integration changes the effective behavior of Settings and credential reveal: - `PUT /api/plugins/:id` now mirrors sensitive values into the vault (in addition to legacy config persistence). Mirror failures are surfaced (not silently swallowed). - `POST /api/plugins/:id/reveal` is now **vault-first**, then falls back to legacy env/config. See implementation context in: - PR: https://github.com/elizaos/eliza/pull/7197 Practical implication: if you built tooling that scraped `config.env` directly, it may no longer reflect the *actual* credential source-of-truth after a user saves settings via UI. ### n8n clarification endpoints Host-side routes now support the full clarification roundtrip so external tooling can resolve clarifications rather than re-running workflow generation. - PR: https://github.com/elizaos/eliza/pull/7316 ### Cloud app-scoped chat New endpoint: - `POST /api/v1/apps/:appId/chat` - PR: https://github.com/elizaos/eliza/pull/7376 --- ## 5) Social Media Integrations (Twitter/X, Telegram, Discord, Farcaster) ### Twitter/X: X API is now required Discord discussion confirmed that **X API access is now required** for Twitter integration, and earlier “login-only” methods are no longer sufficient for posting flows. Pricing has reportedly become more affordable, but developers should assume API credentials are mandatory. - Discord context (2026-05-07): https://discord.com/channels/1253563208833433701/1300025221834739744 - Follow-up action item (docs): update integration docs to reflect the X API requirement and current pricing expectations. ### Telegram: reliability focus remains; watch for multi-poller configurations This week’s GitHub summaries emphasize Telegram reliability fixes (race conditions / polling behavior). If you maintain a custom wrapper around Telegram polling, ensure **only one poller consumes `getUpdates`** for a given bot token to avoid silent message loss (a previously observed failure mode). Related issue context (historical but relevant to self-hosters): - Issue: https://github.com/elizaos/eliza/issues/7245 ### Discord: connector target catalog support Discord integration now exposes a catalog of guild/channel targets for runtime-aware workflows: - PR: https://github.com/elizaos/eliza/pull/7315 ### Farcaster No Farcaster-specific code changes were surfaced in the provided activity for this week. --- ## 6) Model Provider Updates (OpenAI, Anthropic, DeepSeek, etc.) ### Anthropic SDK bump - PR: **fix(deps): update dependency @anthropic-ai/sdk to ^0.92.0** https://github.com/elizaos/eliza/pull/7218 If you depend on Anthropic provider behavior, re-run provider integration tests after upgrading since SDK updates can subtly change retry semantics, error shapes, and streaming event payloads. ### AI SDK (Vercel `ai`) and provider utilities updates Several Renovate bumps landed for `ai`, `@ai-sdk/provider`, `@ai-sdk/provider-utils`, and `@ai-sdk/openai` (multiple PRs in the week’s dependency stream). If you implement custom providers or rely on internal behavior of the AI SDK adapters, pin and validate versions carefully. (See merged dependency PRs in the week’s merged list; examples include `ai` and `@ai-sdk/openai` updates.) ### Vault-backed provider routing (`apiKeyRef`) With vault integration, provider switching and runtime operations increasingly prefer references over raw keys: - PR: https://github.com/elizaos/eliza/pull/7197 Developer implication: provider config payloads may now store `apiKeyRef`-style references, and your debugging workflow should include checking the vault backend rather than only env vars. --- ## 7) Breaking Changes / Migration Warnings (V1 → V2 and ecosystem drift) ### V2 / monorepo structural shifts (plugins + cloud) - Slack plugin moved into monorepo: update import paths, workspace references, and repo URLs accordingly. PR: https://github.com/elizaos/eliza/pull/7375 - Large consolidation PR removed legacy rust/python scaffolding in-tree; if your internal tooling expected those paths or multi-lang build steps, you may need to adjust CI. PR: https://github.com/elizaos/eliza/pull/7235 ### Secrets storage expectations have changed With `@elizaos/vault`, plaintext keys in `config.env` are no longer the primary mental model. - If you have scripts that provision credentials by writing config files only, consider either: 1) continuing to set env vars at process start, or 2) using the same plugin-settings endpoints the UI uses so secrets land in the vault. ### Plugin/app registry ids must be globally unique Registry loading enforces unique IDs across apps and plugins; collisions hard-fail. - PR: https://github.com/elizaos/eliza/pull/7314 ### Community-reported: Hyperfy plugin compatibility regression Discord reports indicate the Hyperfy starter/plugin was removed (404) due to **version mismatches** with current ElizaOS core and needs updates for compatibility. - Discord context (2026-05-07): https://discord.com/channels/1253563208833433701/1300025221834739744 Action item: either restore as a versioned plugin with a clear compatibility matrix, or publish a migration patch to align with current plugin APIs. --- ## Appendix: Notable Discord signals (engineering) - **X/Twitter integration requires X API** (cost/credential expectations changed). - **elizaos.github.io/summary/day page stuck since May 4** (daily summary generation likely broken). - **Unresolved dev help request**: movement implementation issues in a chat app with bubble UI (no technical follow-up in channel). - 2026-05-09 coders: https://discord.com/channels/1253563208833433701/1300025221834739744