# Issue Triage — 2025-12-27 (elizaOS) ## 1) Snapshot Eligibility + Tangem Wallet Not Supported + Discord Impersonation Risk — #6211 - **Issue Title & ID:** “Snapshot Eligibility Issue + Tangem Wallet Connection Not Supported (Discord Support Compromised)” — elizaos/eliza **#6211** - **Current Status:** **OPEN** (1 comment). User cannot connect Tangem via WalletConnect; reports Discord impersonators attempting token theft. - **Impact Assessment:** - **User Impact:** **High** (affects any users whose snapshot wallet cannot connect; migration is time-sensitive) - **Functional Impact:** **Partial** (blocks token migration flow for a subset; also impacts support channel reliability) - **Brand Impact:** **High** (public claim of compromised support; potential losses via scams) - **Technical Classification:** - **Category:** **Security + UX + Documentation** - **Component Affected:** **Migration Portal / Support Operations / WalletConnect integration** - **Complexity:** **Moderate effort** (product + comms + potential tooling changes) - **Resource Requirements:** - **Required Expertise:** Wallet integration (WalletConnect), backend allowlisting policy, security/ops for Discord moderation - **Dependencies:** Migration portal capabilities; policy decision on manual migrations/whitelists - **Estimated Effort (1–5):** **4** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Publish an **official GitHub/Docs “Migration Safety” notice**: never DM, never request transfers; list official links. 2. Provide an **official stance** for non-connectable snapshot wallets (Tangem/keycard wallets): - either **supported path** (read-only proof + manual migration), or explicit “not supported” with rationale. 3. Add a **migration portal FAQ** entry: snapshot wallet must be connectable; what to do if not. 4. Implement a **support-verification flow** (GitHub Discussions pinned post + signed announcements; Discord “Support” roles + ticket bot hardening). 5. If feasible, implement **“proof-of-ownership” manual claim** (signed message / on-chain proof) reviewed by admins. - **Potential Assignees:** - **odilitime** (ecosystem coordination; Discord ops visibility) - **standujar** (server/auth + API changes if a manual claim endpoint is needed) - **lalalune** (cloud/migration flow context) - Security moderation support: **Hexx 🌐** (community security warnings seen), plus a dedicated ops maintainer --- ## 2) OpenAI Streaming Broken Due to Wrong Core Dependencies — PR #22 (plugin-openai) / Core Streaming Regression - **Issue Title & ID:** “Streaming functionality broken in the core due to wrong dependencies” — **Referenced in Discord core-devs**, fix in **plugin-openai PR #22** - **Current Status:** **Known regression; fix in progress (PR #22 mentioned), not confirmed merged** - **Impact Assessment:** - **User Impact:** **High** (anyone relying on streaming UX) - **Functional Impact:** **Partial** (chat still works but degraded; may break apps expecting streaming tokens/events) - **Brand Impact:** **High** (launch period; streaming is a headline capability) - **Technical Classification:** - **Category:** **Bug** - **Component Affected:** **Model Integration (OpenAI plugin) + Core dependency graph** - **Complexity:** **Moderate effort** (dependency alignment + integration testing) - **Resource Requirements:** - **Required Expertise:** Node/Bun packaging, monorepo dependency management, streaming/SSE semantics - **Dependencies:** Correct core version constraints; CI passing; client compatibility - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. **Review + merge PR #22** (or port fix into core if needed). 2. Add an **integration test** that asserts streaming events are emitted end-to-end (server → client). 3. Pin/align plugin peer dependencies to prevent “wrong core” installs. 4. Release a **patch version** and announce “Streaming fixed” with upgrade notes. - **Potential Assignees:** - **Stan ⚡ (standujar)** (already driving related fixes/PRs) - **wtfsayo** (recent streaming-related work) - Reviewer: **0xbbjoker** (strong review throughput) --- ## 3) ElizaCloud Login “Application Error” Blocking Access - **Issue Title & ID:** “Application error when logging into ElizaCloud” — **Discord report (DorianD)** - **Current Status:** **Unresolved** (users reporting inability to log in; others can deploy successfully) - **Impact Assessment:** - **User Impact:** **High** (blocks access to Cloud) - **Functional Impact:** **Yes** (cannot use Cloud product) - **Brand Impact:** **High** (immediately visible at Cloud launch) - **Technical Classification:** - **Category:** **Bug / UX** - **Component Affected:** **ElizaOS Cloud Auth + Frontend** - **Complexity:** **Moderate effort** (likely auth/session handling, edge cases, client error boundary) - **Resource Requirements:** - **Required Expertise:** Web auth flows, session/cookie/JWT, frontend error handling/observability - **Dependencies:** May relate to SSO/JWT work; needs logs/telemetry - **Estimated Effort (1–5):** **4** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Capture **repro details**: provider, browser, region, console error, request IDs. 2. Add **structured client-side logging** (correlation ID) + server tracing for auth endpoints. 3. Identify whether failure is **identity creation**, **token exchange**, or **session persistence**. 4. Ship a hotfix with improved error messaging (avoid generic “application error”). - **Potential Assignees:** - **odilitime** (SSO/auth direction) - **standujar** (JWT/auth implementation background; server) - **lalalune** (Cloud integration flow familiarity) --- ## 4) Agent Deployment Failure: “username null” Error - **Issue Title & ID:** “Resolve agent deployment error with username null” — **Discord report (DorianD)** - **Current Status:** **Unresolved** - **Impact Assessment:** - **User Impact:** **Medium–High** (affects new deployments; likely a common onboarding path) - **Functional Impact:** **Yes** (blocks deploying/using an agent) - **Brand Impact:** **High** (first-run experience failure) - **Technical Classification:** - **Category:** **Bug** - **Component Affected:** **ElizaOS Cloud Deployment / User Profile / Agent Runtime provisioning** - **Complexity:** **Simple fix → Moderate** (depends on whether this is missing DB constraint vs auth mapping) - **Resource Requirements:** - **Required Expertise:** Backend validation, DB constraints, auth/user provisioning - **Dependencies:** Ties into unified identity/SSO decisions - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps:** 1. Add validation: **username required** (or auto-generate) at account creation. 2. Backfill existing users with null usernames using deterministic default. 3. Add deployment pipeline guardrails: fail early with a clear “complete profile” prompt. - **Potential Assignees:** - **standujar** (server validation + user model) - **odilitime** (identity policy) - QA assist: **borisudovicic** (strong at capturing UX issues) --- ## 5) CI/Automation Failures Due to Claude Billing Top-Up (GitHub Actions) - **Issue Title & ID:** “GitHub Actions job failure due to Claude billing needing a top-up” — **Discord report (2025-12-24)** - **Current Status:** **Intermittent/Blocked** (automation failing) - **Impact Assessment:** - **User Impact:** **Medium** (indirect; slows releases and fixes) - **Functional Impact:** **Partial** (blocks merges/releases; reduces velocity) - **Brand Impact:** **Medium** (contributors see red CI; hurts confidence) - **Technical Classification:** - **Category:** **Infrastructure** - **Component Affected:** **CI/CD** - **Complexity:** **Simple fix** - **Resource Requirements:** - **Required Expertise:** DevOps/CI administration - **Dependencies:** Billing/account access - **Estimated Effort (1–5):** **1** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps:** 1. Top up billing / rotate keys; add **billing alerting**. 2. Add CI fallbacks: skip Claude-dependent steps on forks; degrade gracefully. 3. Document “what to do when AI-lint jobs fail” for maintainers. - **Potential Assignees:** - **odilitime** (ops) - **standujar** (maintainer-level access likely) - **ChristopherTrimboli** (has touched workflows/deps) --- ## 6) Custom SSO to Unify Authentication & Identity Across Ecosystem - **Issue Title & ID:** “Implement custom SSO solution to unify authentication and identity” — **Discord core-devs proposal** - **Current Status:** **Proposed / Under discussion** - **Impact Assessment:** - **User Impact:** **High** (reduces login friction; prevents identity mismatch causing deployment/login bugs) - **Functional Impact:** **Partial** (not required for all paths, but increasingly necessary as Cloud grows) - **Brand Impact:** **High** (auth reliability is a baseline expectation) - **Technical Classification:** - **Category:** **Feature / Architecture** - **Component Affected:** **Cloud Auth, Core Server, CLI login flow** - **Complexity:** **Architectural change** - **Resource Requirements:** - **Required Expertise:** Auth architecture (OIDC/JWT), multi-tenant identity, secure session handling - **Dependencies:** Existing JWT work (see PR #6200); Cloud login flow (CLI + web) - **Estimated Effort (1–5):** **5** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps:** 1. Decide on target: **OIDC-compliant SSO** vs custom JWT issuer. 2. Define canonical identity fields (username/displayName/entityId) and migration strategy. 3. Create an RFC and implementation milestones (CLI → Cloud → plugins). 4. Add threat model + security review checklist. - **Potential Assignees:** - **standujar** (auth/JWT PR experience) - **lalalune** (Cloud integration) - Reviewer: **0xbbjoker** (security-minded review) --- ## 7) File Upload Optimization for Agents (Performance + Reliability) - **Issue Title & ID:** “Optimize file uploads for agents” — **Discord (Borko)** - **Current Status:** **In progress** (50MB limit confirmed; multi-MD supported; optimization ongoing) - **Impact Assessment:** - **User Impact:** **Medium** (builders uploading knowledge; common workflow) - **Functional Impact:** **Partial** (works but may be slow/flaky) - **Brand Impact:** **Medium** - **Technical Classification:** - **Category:** **Performance / UX** - **Component Affected:** **Cloud uploads / Knowledge ingestion** - **Complexity:** **Moderate effort** - **Resource Requirements:** - **Required Expertise:** Upload pipelines, chunking/resumable uploads, storage backends - **Dependencies:** Cloud storage design; possible future custom model hosting - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps:** 1. Implement chunked/resumable uploads; show progress UI. 2. Validate file types and provide clear errors (size/format). 3. Add load tests and telemetry for upload failure rates. - **Potential Assignees:** - **Borko** (already working on it) - **lalalune** (Cloud flow) - **wtfsayo** (client-side improvements) --- ## 8) Broken Plugin: Parsing Points / “Unruggable SDK” Integration Issues - **Issue Title & ID:** “Fix plugin issues with parsing points and unruggable SDK” — **Discord (FenrirFawks)** - **Current Status:** **Unresolved troubleshooting** - **Impact Assessment:** - **User Impact:** **Medium** (subset using this plugin path) - **Functional Impact:** **Partial** (plugin-specific breakage) - **Brand Impact:** **Medium** (plugin ecosystem quality signal) - **Technical Classification:** - **Category:** **Bug** - **Component Affected:** **Plugin System / Third-party SDK integration** - **Complexity:** **Moderate effort** - **Resource Requirements:** - **Required Expertise:** Plugin runtime, SDK integration, parsing/serialization - **Dependencies:** SDK versioning; reproducible test case needed - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps:** 1. Request a minimal repro + logs + exact versions. 2. Add a regression test in plugin repo once fixed. 3. Clarify supported SDK versions and pin if necessary. - **Potential Assignees:** - **odilitime** (offered help; plugin work) - **0xbbjoker** (debug/review) - **FenrirFawks** (as reporting contributor, pair-debug) --- ## 9) PR Hygiene / Release Risk: Large Open PRs Need Triage (Server Routes + Workflow Retry Logic) - **Issue Title & ID:** - “Standardizing message server route naming” — elizaos/eliza **PR #6285** (open) - “Enhanced multi-step workflow with retry logic + parameter extraction” — elizaos/eliza **PR #6286** (open) - **Current Status:** **OPEN (not merged)** - **Impact Assessment:** - **User Impact:** **Medium** (route stability affects API consumers; retry logic improves reliability) - **Functional Impact:** **Partial** - **Brand Impact:** **Medium** (API consistency, fewer flaky workflows) - **Technical Classification:** - **Category:** **Bug/Refactor (6285)**; **Feature/Reliability (6286)** - **Component Affected:** **API / Core workflows** - **Complexity:** **Moderate effort** - **Resource Requirements:** - **Required Expertise:** Server routing, backwards compatibility, workflow engine semantics - **Dependencies:** CI green; need migration notes if route names change - **Estimated Effort (1–5):** **2–3** - **Recommended Priority:** **P2** (unless route changes are breaking—then elevate) - **Specific Actionable Next Steps:** 1. Ensure **backward compatibility** or provide redirects/deprecation. 2. Require changelog + API notes. 3. Add/confirm tests for route naming + workflow retry behavior. - **Potential Assignees:** - **standujar** (author of #6285) - **wtfsayo** (author of #6286) - Reviewer: **ChristopherTrimboli** (testing discipline) --- ## Highest-Priority Summary (Top 5–10 to Address Now) 1. **P0:** elizaos/eliza **#6211** — Tangem migration blocked + Discord impersonation risk (security/brand emergency). 2. **P0:** **OpenAI streaming broken** (fix via **plugin-openai PR #22**) — restore streaming reliability immediately. 3. **P0:** **ElizaCloud login “application error”** — blocks Cloud adoption at launch. 4. **P1:** **“username null” deployment failure** — breaks first-run deployment flow. 5. **P1:** **CI failures due to Claude billing** — unblock merges/releases; add alerting. 6. **P1:** **Custom SSO / unified identity** — reduce recurring auth/profile-related failures; plan + milestones. 7. **P2:** **File upload optimization** — improve builder workflow reliability and retention. 8. **P2:** **Broken plugin (points/unruggable SDK)** — stabilize plugin ecosystem quality. 9. **P2:** **Review/merge PR #6285/#6286 with compatibility checks** — reduce API churn and workflow flakiness. --- ## Patterns / Themes Indicating Deeper Architectural Problems - **Identity fragmentation:** Multiple symptoms (login errors, username null, SSO proposal) suggest unclear canonical identity/user profile lifecycle across CLI ↔ Cloud ↔ server. - **Dependency/version drift between core and plugins:** Streaming break attributed to “wrong dependencies” indicates insufficient enforcement of peer dependency compatibility and release synchronization. - **Operational maturity gaps during product launch:** CI failures due to billing and security issues in support channels indicate missing runbooks, monitoring, and incident response process. --- ## Process Improvement Recommendations 1. **Security + Support Hardening** - Pin a GitHub “Official Support & Safety” page; require signed/verified announcements. - Discord: strict role-based support, disable DMs for support bots, add automated scam link detection and ticket workflow controls. 2. **Compatibility & Release Discipline** - Add a **plugin-core compatibility matrix** (documented + CI-validated). - Enforce **peerDependency ranges** and add automated checks preventing publishing mismatched versions. 3. **Auth/Identity Reliability** - Create an **Auth/Identity RFC** (single source of truth for entityId/username) and a migration plan. - Add end-to-end tests for: signup/login → deploy agent → chat → streaming. 4. **Observability First** - Standardize error reporting: correlation IDs, structured logs, and a minimal dashboard for Cloud auth/deploy failures. 5. **PR Risk Management** - Require changelog + “breaking change?” checkbox + migration notes for route/API changes. - Add lightweight “Launch-critical” label to prioritize Cloud-blocking issues in triage.