## Issue Triage — 2026-04-09 ### 1) `elizaos create` fails with “Bun's postinstall script was not run” on macOS — **#6704 (elizaos/eliza)** - **Current Status:** OPEN (no comments); reproducible on macOS Apple Silicon; CLI deletes created project directory on failure. - **Impact Assessment** - **User Impact:** **High** (blocks new users on a common dev platform) - **Functional Impact:** **Yes** (blocks core onboarding / project creation) - **Brand Impact:** **High** (first-run failure; “it doesn’t work” perception) - **Technical Classification** - **Issue Category:** Bug / DX - **Component Affected:** CLI / Project bootstrap templates / Dependency management (Bun) - **Complexity:** **Moderate effort** - **Resource Requirements** - **Required Expertise:** Node/Bun packaging; monorepo dependency hygiene; CLI scaffolding - **Dependencies:** Validate against current CLI version; ensure fix doesn’t break non-bun installs (npm/pnpm) - **Estimated Effort (1-5):** **3** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps** 1. Reproduce on fresh macOS (aarch64) with current `@elizaos/cli` and Bun. 2. Remove `bun` from **runtime** deps in `@elizaos/cli` and `@elizaos/plugin-bootstrap` (move to dev-only types, or eliminate entirely). 3. Ensure template build step does not require `bun` as an npm dependency (use system bun). 4. Change `elizaos create` failure behavior: **do not delete** the project directory automatically; keep logs + partial output for debugging. 5. Add CI smoke test: “create project” on macOS runner (or at least a dependency graph check preventing `bun` runtime dependency regression). - **Potential Assignees** - **odilitime** (core dev; CLI/dev workflow changes) - **dirtybits** (reporter; can validate fix on macOS) - **0xcrackedev** (new fullstack contributor; can help with repro + patch PR) --- ### 2) Agent safety: no clear mechanism to prevent unsafe tool execution (Discord: “how do you prevent your agent from doing something unsafe?”) — **(Operational gap; aligns with #6688 AgentID + #6707 SINT plugin proposal + #6711 delegation chains)** - **Current Status:** Unresolved question in Discord; multiple parallel proposals exist but no consolidated plan. - **Impact Assessment** - **User Impact:** **Critical** (anyone deploying agents with wallets/social/tooling) - **Functional Impact:** **Partial** (core runtime works, but unsafe-by-default for high-stakes actions) - **Brand Impact:** **High** (safety posture is central for agent frameworks) - **Technical Classification** - **Issue Category:** Security / Architecture - **Component Affected:** Core Framework (tool execution pipeline), Guardrails/Policy layer, Agent identity & authorization - **Complexity:** **Architectural change** - **Resource Requirements** - **Required Expertise:** Security engineering; policy/authorization design; cryptographic identity; runtime internals; threat modeling - **Dependencies:** Define baseline “capability policy” interface in core; align with AgentID work (#6688) and delegation/scoped authority (#6711) - **Estimated Effort (1-5):** **5** - **Recommended Priority:** **P0** (define and ship a minimum viable safety/authorization layer; even if advanced features remain P1/P2) - **Specific Actionable Next Steps** 1. Write a 1-page **threat model** for Eliza tool calls (wallet tx, swaps, posting, file ops, terminals, MCP, etc.). 2. Define a **core policy hook**: pre-tool-call `authorize(tool, params, context) -> allow | deny | require_approval`. 3. Add a default “deny high-risk by default” policy template (wallet transfers, terminal exec, arbitrary HTTP). 4. Establish “human approval” plumbing (even minimal: callback/queue + timeout + audit log). 5. Publish “Safety Guidelines for Plugin Authors” (required metadata: risk level, irreversible actions, required approvals). - **Potential Assignees** - **odilitime** (core runtime + v3 direction) - **pshkv** (auth/capability proposal author #6707) - **aeoess** (delegation/scoped authority #6711) - **loaditoutadmin** (security oversight signal; can advise guardrail requirements) --- ### 3) Plugin proposal: capability token enforcement for tool calls — **#6707 (elizaos/eliza)** - **Current Status:** OPEN; proposal with implementation sketch; ties explicitly to AgentID (#6688). - **Impact Assessment** - **User Impact:** **High** (would standardize safe execution for many deployments) - **Functional Impact:** **Partial** (adds safety layer; not required for basic chat) - **Brand Impact:** **High** (clear security story) - **Technical Classification** - **Issue Category:** Security / Feature Request - **Component Affected:** Core Framework tool call interception; Plugin System; Audit/evidence logging - **Complexity:** **Complex solution** (but can be phased; MVP feasible) - **Resource Requirements** - **Required Expertise:** Cryptographic capabilities; policy engines; core tool execution pipeline - **Dependencies:** Requires or benefits from the “core policy hook” decision (see safety P0 above) - **Estimated Effort (1-5):** **4** - **Recommended Priority:** **P1** (prototype + integration plan this sprint; align with core safety hook) - **Specific Actionable Next Steps** 1. Convert proposal into an RFC: required interfaces, how tokens are issued/stored/rotated, approval UX. 2. Implement MVP plugin: intercept tool calls; enforce allow/deny; emit audit event (no TEE requirement for MVP). 3. Provide example policies for: `solana://transfer`, `evm://swap`, `terminal://exec`, `twitter://post`. 4. Decide schema compatibility path with AgentID (#6688): shared agent identity + evidence log formats. - **Potential Assignees** - **pshkv** (primary implementer/maintainer) - **odilitime** (core integration guidance) - **aeoess** (authority scoping alignment) --- ### 4) v3 (2.x) agents in testing; release readiness + quality gates — **(Discord / develop branch status)** - **Current Status:** In testing; integrated into “milady”; release/announcement pending test completion. - **Impact Assessment** - **User Impact:** **High** (release affects many users; regressions would be widespread) - **Functional Impact:** **Yes** (next major version; blockers can stall roadmap) - **Brand Impact:** **High** (public release quality) - **Technical Classification** - **Issue Category:** Release / QA - **Component Affected:** Core Framework; connectors (Discord/Milady); model integration; runtime composition - **Complexity:** **Complex solution** (test matrix + stabilization) - **Resource Requirements** - **Required Expertise:** Release engineering; integration testing; connector/runtime debugging - **Dependencies:** Requires resolving known messaging/action execution issues (see PR #6709 below); requires clear safety baseline (above) for “agent actions” - **Estimated Effort (1-5):** **4** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps** 1. Define “release criteria” checklist: onboarding works, connector parity, safety defaults, minimal docs. 2. Run a standardized integration suite on Milady + Discord connector scenarios (tool calls with params; async task actions). 3. Create a “Known Issues” section for release notes (avoid surprise regressions). - **Potential Assignees** - **odilitime** (release owner) - **NubsCarson** (connector-related reliability work) - **scottnuttall_ / community testers** (validation on varied stacks) --- ### 5) TOON connectors: missing action params + continuation loop spam (fix pending) — **PR #6709 (elizaos/eliza)** - **Current Status:** OPEN PR; tested by author; large diff but core fixes are targeted. - **Impact Assessment** - **User Impact:** **High** (affects Discord/Milady and any non-streaming connector using TOON encapsulation) - **Functional Impact:** **Yes** (actions with required params fail; async task actions cause spam/filler responses) - **Brand Impact:** **High** (visible “spammy agent” + broken tool calls) - **Technical Classification** - **Issue Category:** Bug - **Component Affected:** Core Framework (DefaultMessageService), Connectors, Prompt encapsulation (TOON/XML) - **Complexity:** **Moderate effort** (review + safe merge; potentially split PR) - **Resource Requirements** - **Required Expertise:** Core runtime; prompt formats; connector behavior; regression testing - **Dependencies:** Should be validated against v3 testing; ensure template migration doesn’t introduce regressions - **Estimated Effort (1-5):** **3** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps** 1. Ask author to split PR if possible: (a) schema + continuation loop fix, (b) template migrations/utilities. 2. Run connector integration tests (Discord/Milady): required params extraction + async task no-spam. 3. Resolve minor code quality nits flagged in review (indentation/repair block). - **Potential Assignees** - **NubsCarson** (author) - **odilitime** (merge/release coordination) --- ### 6) Dev harness PR introduces submodule workspace/lockfile inconsistencies that can break fresh clones — **PR #6702 (elizaos/eliza)** - **Current Status:** OPEN PR; review flags mismatch between committed `package.json` workspaces and actual submodule availability; `bun.lock` out of sync. - **Impact Assessment** - **User Impact:** **Medium → High** (would break contributors/CI if merged; impacts onboarding for devs) - **Functional Impact:** **Partial** (dev workflow broken; production runtime unaffected unless adopted) - **Brand Impact:** **Medium** (contributor experience) - **Technical Classification** - **Issue Category:** Bug / DX / Build - **Component Affected:** Monorepo workspace config; scripts; dev harness (`agent/`) - **Complexity:** **Moderate effort** - **Resource Requirements** - **Required Expertise:** Bun workspaces; repo tooling; CI - **Dependencies:** Must decide policy: submodules optional vs required; how to encode in workspaces safely - **Estimated Effort (1-5):** **3** - **Recommended Priority:** **P1** (block merge until fixed) - **Specific Actionable Next Steps** 1. Ensure committed state passes “fresh clone → bun install → tests” **without** requiring submodule init. 2. Remove/guard workspace entries for submodule paths in committed `package.json`, or provide fallback packages. 3. Regenerate `bun.lock` after resolving `workspace:*` vs registry tags. 4. Fix REPL loop logic (`break` vs `continue`) to avoid permanent exit if messageService not ready. - **Potential Assignees** - **odilitime** (author/owner) - **nativesatoshi / other infra-minded contributors** (CI validation) --- ### 7) Security dependency updates (multiple CVEs in routing/globbing/template libs) — **PR #6694 (dependabot, elizaos/eliza)** - **Current Status:** OPEN dependabot PR; includes path-to-regexp CVEs (CVE-2026-4926, CVE-2026-4923) and other security patches. - **Impact Assessment** - **User Impact:** **Medium** (depends whether affected packages are exposed to untrusted input in deployed contexts) - **Functional Impact:** **No** (should be safe bump; risk is regression) - **Brand Impact:** **Medium → High** (security posture; responsiveness to advisories) - **Technical Classification** - **Issue Category:** Security / Maintenance - **Component Affected:** computeruse packages (routing/globbing/templating deps) - **Complexity:** **Simple fix** - **Resource Requirements** - **Required Expertise:** Dependency management; regression testing - **Dependencies:** Confirm usage surfaces: are these reachable via external/untrusted route patterns or user-supplied globs/templates? - **Estimated Effort (1-5):** **2** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps** 1. Identify whether any of the affected libraries process **untrusted patterns** at runtime (routes/globs). 2. Run unit/integration tests for the `packages/computeruse/*` areas touched. 3. Merge promptly if green; if not, pin minimal safe versions and open follow-up issue for regressions. - **Potential Assignees** - **odilitime** (merge authority) - **any maintainer familiar with computeruse** (triage regressions if present) --- ### 8) Documentation gap: v3 agent technical stack unclear (“What’s the stack lookin’ like?” unanswered) — **(Discord request; doc action item)** - **Current Status:** Unanswered in Discord; no canonical doc linked. - **Impact Assessment** - **User Impact:** **Medium** (slows contributors; increases repeated questions) - **Functional Impact:** **No** - **Brand Impact:** **Medium** (perceived opacity during release ramp) - **Technical Classification** - **Issue Category:** Documentation / UX (developer UX) - **Component Affected:** Docs / README / release notes - **Complexity:** **Simple fix** - **Resource Requirements** - **Required Expertise:** Ability to summarize architecture accurately; familiarity with v3 changes - **Dependencies:** Align with actual develop branch implementation + release messaging - **Estimated Effort (1-5):** **2** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps** 1. Create “Eliza v3 (2.x) Architecture Overview” doc: runtime, prompt encapsulation, connectors, plugin loading, database adapters. 2. Add “Migration notes” from prior version if applicable. 3. Link doc from Discord pinned messages and GitHub repo root. - **Potential Assignees** - **odilitime** (accuracy) - **scottnuttall_** (asked; could help draft) - **0xcrackedev** (doc contributions) --- ### 9) ai-news data regeneration: add fallback models + credit usage monitoring — **(Discord dev log: dankvr)** - **Current Status:** In progress; planned improvements mentioned, not tracked as GitHub issue in provided data. - **Impact Assessment** - **User Impact:** **Medium** (service reliability/continuity) - **Functional Impact:** **Partial** (content pipeline reliability) - **Brand Impact:** **Low → Medium** - **Technical Classification** - **Issue Category:** Performance / Reliability - **Component Affected:** Model integration / monitoring / data pipeline - **Complexity:** **Moderate effort** - **Resource Requirements** - **Required Expertise:** Observability; model fallback logic; quota/credit tracking - **Dependencies:** Choose monitoring stack; define alert thresholds - **Estimated Effort (1-5):** **3** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps** 1. Create tracking issue: “ai-news fallback + credit monitoring”. 2. Implement fallback ordering + circuit breaker when credits low. 3. Add metrics: spend per model, request count, error rates; alerting. - **Potential Assignees** - **dankvr** (owner) - **odilitime** (infra alignment) --- ### 10) Plugin/initiative proposals (triage for acceptance path) #### 10a) Plugin: MAXIA AI Marketplace — swap, GPU rental & AI services — **#6700 (elizaos/eliza)** - **Current Status:** OPEN (1 comment); proposal seeking feedback before PR. - **Impact Assessment:** User Impact **Medium**, Functional Impact **Partial**, Brand Impact **Medium** - **Technical Classification:** Feature Request; Plugin System / External API integration; **Complex solution** - **Effort (1-5):** **4** - **Recommended Priority:** **P3** - **Next Steps:** Ask proposer for minimal MVP scope; require security review for escrow/swap endpoints; define registry acceptance checklist (rate limits, auth, failure modes). - **Potential Assignees:** **majorelalexis-stack** (maintainer), **odilitime** (plugin governance) #### 10b) Plugin: SafeAgent — token safety checks before trading — **#6706 (elizaos/eliza)** - **Current Status:** OPEN; repo provided; claims multi-chain safety scans. - **Impact Assessment:** User Impact **Medium → High** (for trading agents), Functional Impact **Partial**, Brand Impact **Medium** - **Technical Classification:** Security / Feature Request; Plugin System; **Moderate effort** - **Effort (1-5):** **3** - **Recommended Priority:** **P2** - **Next Steps:** Validate methodology (DEX simulation safety, caching, latency); ensure plugin cannot trigger unsafe swaps itself; add disclaimers + thresholds; consider pairing with core “pre-trade authorization” hook. - **Potential Assignees:** **CryptoGenesisSecurity** (author), **loaditoutadmin** (security review) #### 10c) AIGEN Protocol incentive program — **#6708 (elizaos/eliza)** - **Current Status:** OPEN; incentive/economy narrative. - **Impact Assessment:** User Impact **Low → Medium**, Functional Impact **No**, Brand Impact **Medium** (risk of “token-first” optics) - **Technical Classification:** Feature Request / Community - **Effort (1-5):** **2** - **Recommended Priority:** **P4** - **Next Steps:** Clarify governance and separation from core roadmap; require security/compliance review before any “official” endorsement. - **Potential Assignees:** **odilitime** (comms/governance), community ops team --- ## Top 5–10 Highest-Priority Items to Address Immediately 1. **#6704** — macOS `elizaos create` failure (onboarding blocker) (**P0**) 2. **Core agent safety/authorization gap** (tool calls can do unsafe actions; align with AgentID/delegation/capabilities) (**P0**) 3. **#6707** — capability token enforcement plugin proposal → turn into RFC + MVP aligned with core safety hook (**P1**) 4. **v3 (2.x) release readiness** — define quality gates + complete test matrix before announcement (**P1**) 5. **PR #6709** — TOON action params + continuation loop spam fix (connector reliability) (**P1**) 6. **PR #6702** — prevent merge until workspace/submodule/lockfile consistency is fixed (fresh clone/CI safety) (**P1**) 7. **PR #6694** — merge security dependency bumps after confirming exposure + tests (**P1**) 8. **SafeAgent plugin (#6706)** — evaluate/accept into registry with security review path (**P2**) 9. **v3 stack documentation** — publish short architecture doc to reduce support load (**P2**) 10. **ai-news fallback + credit monitoring** — create tracking issue and implement guardrails (**P2**) --- ## Patterns / Themes Suggesting Deeper Issues - **Safety/authorization is not yet a first-class runtime primitive:** multiple discussions (Discord) and proposals (#6707, AgentID #6688, delegation #6711) point to a missing unified “policy gate” for irreversible actions. - **Onboarding and dev workflow fragility from tooling choices (Bun/workspaces/submodules):** #6704 and PR #6702 both indicate that dependency/workspace management can break first-run experiences. - **Connector + prompt encapsulation complexity is growing (TOON/XML migrations):** PR #6709 highlights that small schema mismatches can silently break action execution across connectors. --- ## Process Improvements (Prevention) 1. **Add “Fresh Clone” CI job**: `bun install` + minimal runtime tests on a repo checkout with **no submodules initialized**, to prevent PR #6702-style breakage. 2. **Add “Create Project” smoke test** for the CLI on macOS + Linux (and ideally Windows): catches #6704 regressions early. 3. **Establish a security design RFC track** for agent tool execution: - Required: threat model, default-deny policy for high-risk tools, audit logging, approval flows. 4. **Plugin acceptance checklist** (especially finance/trading): permissions metadata, irreversible action flags, rate limiting, safe defaults, and dependency provenance. 5. **Release gating checklist for v3**: required docs, connector parity tests, safety baseline, and regression suite sign-off before public announcement.