# Issue Triage for 2025-09-14 ## 1. Critical Security Issue: Hardcoded Supabase Credentials **Issue Title & ID**: Hardcoded Supabase Credentials in plugin-sql (From Discord) **Current Status**: Identified in Discord by CJFT, not formally tracked in GitHub **Impact Assessment**: - User Impact: Medium (affects security but not widespread) - Functional Impact: No (doesn't block core functionality) - Brand Impact: High (security issues damage trust) **Technical Classification**: - Issue Category: Security - Component Affected: Plugin System (plugin-sql) - Complexity: Simple fix **Resource Requirements**: - Required Expertise: Database access, security best practices - Dependencies: None - Estimated Effort: 1 **Recommended Priority**: P0 (Critical security issue) **Next Steps**: 1. Create formal GitHub issue 2. Remove hardcoded credentials immediately 3. Implement environment variable-based configuration 4. Rotate Supabase credentials as a precaution **Potential Assignees**: CJFT (committed to fix in upcoming PR) ## 2. Browser Integration for ElizaOS **Issue Title & ID**: Implement browser SDK for ElizaOS (From Discord) **Current Status**: In development by CJFT **Impact Assessment**: - User Impact: High (enables new deployment scenarios) - Functional Impact: No (enhances rather than fixes) - Brand Impact: High (key for ElizaOS 2.0) **Technical Classification**: - Issue Category: Feature Request - Component Affected: Core Framework - Complexity: Architectural change **Resource Requirements**: - Required Expertise: Browser APIs, WebAssembly, Database in browser - Dependencies: PGLite WASM - Estimated Effort: 5 **Recommended Priority**: P1 (High-impact feature with active development) **Next Steps**: 1. Create formal GitHub issue with technical design 2. Complete implementation of AgentRuntime and DB in browser 3. Add MODEL_ENDPOINT capability for SaaS integration 4. Set up comprehensive testing framework **Potential Assignees**: CJFT ## 3. Authentication System Overhaul **Issue Title & ID**: Implement proper JWT authentication system (From Discord) **Current Status**: Discussed in Discord, needs implementation **Impact Assessment**: - User Impact: Medium (improves security posture) - Functional Impact: Partial (authentication is core to platform) - Brand Impact: Medium (security is important for adoption) **Technical Classification**: - Issue Category: Security - Component Affected: API - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: Authentication patterns, JWT implementation - Dependencies: None identified - Estimated Effort: 3 **Recommended Priority**: P1 (Important security enhancement) **Next Steps**: 1. Create formal GitHub issue 2. Design JWT authentication flow 3. Implement JWT generation and validation 4. Deprecate X-API-KEY approach with migration path **Potential Assignees**: sayonara (based on authentication knowledge) ## 4. Feature Request: Add CometAPI Provider Support **Issue Title & ID**: #5973 - Feature Request: Add CometAPI Provider Support **Current Status**: OPEN with no comments **Impact Assessment**: - User Impact: Medium (adds new model options) - Functional Impact: No (enhances capabilities) - Brand Impact: Medium (expands compatibility) **Technical Classification**: - Issue Category: Feature Request - Component Affected: Model Integration - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: API integration, model providers - Dependencies: None - Estimated Effort: 2 **Recommended Priority**: P2 (Useful enhancement but not urgent) **Next Steps**: 1. Review CometAPI documentation 2. Design integration approach 3. Create implementation plan 4. Implement provider support **Potential Assignees**: TensorNull (issue reporter) ## 5. Ollama Default Issue **Issue Title & ID**: Fix Ollama default issue (From Discord) **Current Status**: Reported in Discord by CJFT **Impact Assessment**: - User Impact: Medium (affects users with custom setup) - Functional Impact: Partial (environment variable handling) - Brand Impact: Low (internal implementation detail) **Technical Classification**: - Issue Category: Bug - Component Affected: Model Integration - Complexity: Simple fix **Resource Requirements**: - Required Expertise: Environment configuration, Ollama integration - Dependencies: None - Estimated Effort: 1 **Recommended Priority**: P2 (Medium impact issue) **Next Steps**: 1. Create formal GitHub issue 2. Debug environment variable handling 3. Fix Ollama default behavior when OpenAI env is set 4. Add test case to verify fix **Potential Assignees**: CJFT (identified issue), Kenk (mentioned in issue) ## 6. Farcaster Character Development **Issue Title & ID**: Build "frok" Farcaster character (From Discord) **Current Status**: In planning, Stan and sayonara collaborating **Impact Assessment**: - User Impact: Low (marketing initiative) - Functional Impact: No (external to core functionality) - Brand Impact: Medium (marketing and awareness) **Technical Classification**: - Issue Category: Feature Request - Component Affected: External Integration - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: Farcaster integration, agent development - Dependencies: None - Estimated Effort: 3 **Recommended Priority**: P2 (Moderate impact, has assigned resources) **Next Steps**: 1. Create formal GitHub issue 2. Design character specifications and persona 3. Implement integration with Farcaster 4. Deploy and monitor performance **Potential Assignees**: Stan and sayonara (already collaborating) ## 7. TTS Integration Options **Issue Title & ID**: Add support for local TTS models (From Discord) **Current Status**: Shaw shared links to alternatives **Impact Assessment**: - User Impact: Medium (improves user experience) - Functional Impact: No (enhances rather than fixes) - Brand Impact: Medium (improves product quality) **Technical Classification**: - Issue Category: Feature Request - Component Affected: API - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: TTS integration, browser APIs - Dependencies: None - Estimated Effort: 3 **Recommended Priority**: P2 (Enhances user experience) **Next Steps**: 1. Create formal GitHub issue 2. Evaluate VITS-web and HeadTTS as alternatives 3. Implement browser-based TTS integration 4. Add configuration options to toggle between services **Potential Assignees**: shaw (shared expertise) ## 8. Add Documentation for Agent Webhook Communication **Issue Title & ID**: #5649 - Add docs for sending message as agent to any chat via webhook / routes in plugins **Current Status**: CLOSED after being open for approximately 7 weeks **Impact Assessment**: - User Impact: Medium (documentation helps all users) - Functional Impact: No (documentation only) - Brand Impact: Medium (improves usability) **Technical Classification**: - Issue Category: Documentation - Component Affected: Plugin System - Complexity: Simple fix **Resource Requirements**: - Required Expertise: Plugin system knowledge, documentation writing - Dependencies: None - Estimated Effort: 1 **Recommended Priority**: CLOSED (already resolved) **Next Steps**: None required (issue closed) **Potential Assignees**: N/A (completed) ## 9. NPM Package Management Issues **Issue Title & ID**: Issues with the "elizaos" NPM package (From Discord on Sep 12) **Current Status**: Team working on fixing **Impact Assessment**: - User Impact: Medium (affects installation) - Functional Impact: Partial (affects getting started) - Brand Impact: Medium (first impression) **Technical Classification**: - Issue Category: Bug - Component Affected: CLI - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: NPM package management, CI/CD - Dependencies: None - Estimated Effort: 2 **Recommended Priority**: P1 (Affects user onboarding) **Next Steps**: 1. Create formal GitHub issue if not already tracked 2. Regenerate NPM tokens for security 3. Add second NPM token in CI for elizaos package 4. Transfer elizaos package to organization **Potential Assignees**: shaw, cjft (mentioned in Discord) ## 10. Streaming Implementation **Issue Title & ID**: Implement SSE/streaming capabilities (From Discord) **Current Status**: Mentioned by CJFT as needed **Impact Assessment**: - User Impact: High (improves user experience) - Functional Impact: No (enhances capabilities) - Brand Impact: Medium (modern expected feature) **Technical Classification**: - Issue Category: Feature Request - Component Affected: API - Complexity: Moderate effort **Resource Requirements**: - Required Expertise: Server-sent events, streaming APIs - Dependencies: None identified - Estimated Effort: 3 **Recommended Priority**: P2 (Enhances user experience significantly) **Next Steps**: 1. Create formal GitHub issue 2. Design streaming architecture 3. Implement SSE endpoints 4. Add client-side support for streaming responses **Potential Assignees**: CJFT (identified need) ## Summary of Highest Priority Issues 1. **P0: Hardcoded Supabase Credentials in plugin-sql** - Critical security issue requiring immediate attention to remove credentials from codebase. 2. **P1: Browser Integration for ElizaOS** - Key architectural evolution for ElizaOS 2.0, enabling new deployment scenarios with browser-based runtime. 3. **P1: Authentication System Overhaul** - Important security enhancement to replace X-API-KEY with proper JWT implementation. 4. **P1: NPM Package Management Issues** - Affects user onboarding experience; needs token regeneration and organization transfer. 5. **P2: Ollama Default Issue** - Environment variable handling bug affecting users with custom setups. 6. **P2: Farcaster Character Development** - Marketing initiative already assigned to Stan and sayonara. 7. **P2: TTS Integration Options** - User experience enhancement to support local TTS models. 8. **P2: Feature Request: Add CometAPI Provider Support** - Expands model compatibility options. 9. **P2: Streaming Implementation** - Modern expected feature for improved user experience. ## Common Patterns and Architectural Issues 1. **Security Fundamentals** - Multiple security-related issues (hardcoded credentials, authentication system) suggest a need for a security review and establishing better security practices. 2. **Architectural Evolution** - The browser integration effort represents a significant architectural shift for ElizaOS 2.0, moving from a server-based to a client-capable system. 3. **Package Management Complexity** - Issues with NPM packages indicate complexity in managing the package ecosystem that could benefit from standardization. 4. **Documentation Gaps** - Several issues relate to missing or unclear documentation, suggesting a need for documentation improvement processes. 5. **Discord-to-GitHub Workflow Gap** - Many issues are discussed in Discord but not formally tracked in GitHub, creating potential for lost information and follow-up. ## Process Improvement Recommendations 1. **Formalize Discord-to-GitHub Process** - Implement a bot or process to automatically create GitHub issues from actionable Discord discussions. 2. **Security Review Schedule** - Establish regular security reviews to identify issues like hardcoded credentials before they become problems. 3. **Documentation Coverage Metrics** - Implement documentation coverage metrics to ensure features have corresponding documentation. 4. **Release Testing Process** - Enhance testing of published NPM packages to catch issues before users encounter them. 5. **Feature Flag System** - Implement a feature flag system to better manage the rollout of architectural changes like browser integration.