## Issue Triage — 2026-04-11 (elizaOS) ### 1) IGNORE-memory persistence broken when `ALLOW_MEMORY_SOURCE_IDS` is set - **Issue Title & ID:** IGNORE decisions silently not persisted with `ALLOW_MEMORY_SOURCE_IDS` allowlist (introduced via merged PR **#6562**; reported by Greptile review) - **Current Status:** **Untracked (no issue opened)**; behavior likely present in current `develop` after merge on 2026-04-08 - **Impact Assessment:** - **User Impact:** **High** (any deployment using memory allowlisting + relying on IGNORE traces) - **Functional Impact:** **Partial** (memory/audit trail correctness; can affect safety, debugging, and conversation state) - **Brand Impact:** **High** (silent correctness bug; contradicts documented behavior) - **Technical Classification:** - **Issue Category:** Bug - **Component Affected:** Core Framework → TypeScript runtime → `DefaultMessageService` memory pipeline - **Complexity:** Simple fix - **Resource Requirements:** - **Required Expertise:** TypeScript core runtime + message/memory service - **Dependencies:** None (pure logic fix) - **Estimated Effort (1–5):** **2** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Add a regression test covering: `ALLOW_MEMORY_SOURCE_IDS` set + message leads to `IGNORE` + verify IGNORE memory persisted as designed. 2. Fix logic to avoid checking `allowedSources.includes("agent_response")` for IGNORE path (align with normal response path behavior). 3. Patch release + changelog note (silent correctness bug). - **Potential Assignees:** **odilitime** (core), **NubsCarson** (message service familiarity) --- ### 2) Zero-vector embedding fallback causes silent “stored-but-unretrievable” memories - **Issue Title & ID:** Embedding failure persists memories with **zero vectors** (introduced/identified in merged PR **#6562**; reported by Greptile review) - **Current Status:** **Untracked (no issue opened)**; likely in current `develop` - **Impact Assessment:** - **User Impact:** **Critical** (corrupts semantic retrieval for affected memories; silent data loss) - **Functional Impact:** **Yes** (breaks core memory retrieval semantics for affected records) - **Brand Impact:** **High** (trust hit: “memory stored” but never retrievable) - **Technical Classification:** - **Issue Category:** Bug - **Component Affected:** Core Framework → Runtime memory/embedding pipeline (`runtime.ts`) - **Complexity:** Moderate effort (needs decision on policy + migration/marking) - **Resource Requirements:** - **Required Expertise:** Embeddings, vector stores, memory persistence semantics - **Dependencies:** Decision on fallback strategy (skip persist vs mark as non-semantic vs retry queue) - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Change behavior: on embedding failure, **do not** write a semantic vector; instead (a) skip semantic index write, (b) mark memory `embeddingStatus=FAILED`, (c) queue retry. 2. Add metrics/logging: count embedding failures, retry outcomes, and rate-limit. 3. Add repair script for existing zero-vector memories (identify vectors with norm=0; re-embed or exclude). - **Potential Assignees:** **odilitime**, **0xSolace** (if involved in infra), any contributor owning vector DB integration --- ### 3) `elizaos create` fails on macOS with “Bun’s postinstall script was not run” - **Issue Title & ID:** `elizaos create` fails on macOS due to `bun` package dependency / postinstall behavior (**#6704**) - **Current Status:** **OPEN** (no PR linked yet) - **Impact Assessment:** - **User Impact:** **High** (blocks new project creation on a common platform) - **Functional Impact:** **Yes** (blocks onboarding/core CLI workflow) - **Brand Impact:** **High** (first-run failure; creates “project is broken” impression) - **Technical Classification:** - **Issue Category:** Bug / DX - **Component Affected:** CLI + bootstrap template dependency graph (`@elizaos/cli`, `@elizaos/plugin-bootstrap`) - **Complexity:** Simple fix - **Resource Requirements:** - **Required Expertise:** Node/Bun packaging, workspace dependency management - **Dependencies:** Verify impact on other OS/package managers - **Estimated Effort (1–5):** **2** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Remove `bun` from runtime dependencies where not required; use `@types/bun` in devDependencies only (as proposed in issue). 2. Add a CLI preflight check that detects broken bun stub and prints a non-destructive error (do not delete project dir on failure). 3. Add CI job: macOS + `elizaos create` smoke test. - **Potential Assignees:** **dirtybits** (reporter; likely can contribute fix), **odilitime** (release), **dutchiono** (packaging hygiene) --- ### 4) Group addressee routing PR has a P1 logic bug that breaks name resolution when `agentId !== entityId` - **Issue Title & ID:** `aliasEntity` introduces ambiguity so addressee resolution returns null (PR **#6712**; Greptile P1) - **Current Status:** **OPEN PR**; should not merge until fixed - **Impact Assessment:** - **User Impact:** **High** (multi-agent/group rooms; misrouting replies; increased noise or missed responses) - **Functional Impact:** **Partial** (core shouldRespond behavior in group contexts) - **Brand Impact:** **High** (agents responding incorrectly in public rooms looks “broken”) - **Technical Classification:** - **Issue Category:** Bug - **Component Affected:** Core Framework → addressee routing / shouldRespond path - **Complexity:** Moderate effort - **Resource Requirements:** - **Required Expertise:** TypeScript core, entity identity model (agentId vs entityId), deterministic routing - **Dependencies:** Add/extend unit tests to cover `agentId !== entityId` case - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P1** (block merge this sprint) - **Specific Actionable Next Steps:** 1. Update `NameVariationRegistry` token mapping so aliasing does not create multi-entity collisions for a single token. 2. Add unit tests that explicitly cover agents where `agentId` and `entityId` differ (should resolve addressed-to-self correctly). 3. Re-run behavioral tests in a real group-room connector (Discord/milady). - **Potential Assignees:** **odilitime** (author), **NubsCarson** (review/test), **baogerbao** (integration feedback) --- ### 5) Missing canonical documentation for ElizaOS v2 Socket.IO messaging protocol (types, schemas, auth, DM creation) - **Issue Title & ID:** Document v2 Socket.IO protocol (message type enum, payload schemas, `{entityId}` auth, programmatic DM channel creation) (**DISCORD: shah0406 — 2026-04-10**) - **Current Status:** **Untracked (no GitHub issue linked)**; workaround is “read code / use Cursor” - **Impact Assessment:** - **User Impact:** **Medium–High** (all custom dashboards/integrations; recurring) - **Functional Impact:** **Partial** (blocks third-party integrations; increases support load) - **Brand Impact:** **Medium** (perception of poor DX/documentation) - **Technical Classification:** - **Issue Category:** Documentation / UX (developer experience) - **Component Affected:** API / Realtime messaging (v2) - **Complexity:** Moderate effort (spec extraction + examples) - **Resource Requirements:** - **Required Expertise:** Socket.IO server implementation, message enums + payload structures, auth flow - **Dependencies:** Confirm v2 support stance vs v3 focus; avoid documenting soon-to-be-removed behavior without disclaimers - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps:** 1. Open a docs issue and add a “v2 Realtime (Socket.IO)” page with: - event name (`message`) - `type` enum list (at least 1=ROOM_JOINING, 2=SEND_MESSAGE, plus all others) - required/optional payload fields per type (JSON schema tables) - auth requirement: `{ entityId: UUID }` in socket options - DM channel discovery/creation API approach (or explicit “not supported”) 2. Provide a minimal reference client snippet (polling fallback included). 3. Add a version banner: “v2 protocol; v3 may differ; last validated commit hash”. - **Potential Assignees:** **odilitime** (context), **theredwizarddev** (coder support), **shah0406** (reporter can validate) --- ### 6) Wallet verification failures with Collab.land (community access/support blocker) - **Issue Title & ID:** Collab.land wallet verification failing for users (**DISCORD: huey79ng — 2026-04-10**) - **Current Status:** **Unresolved in Discord**; unclear if platform-side outage or config - **Impact Assessment:** - **User Impact:** **Medium** (affects onboarding/role gating; likely multiple users) - **Functional Impact:** **No** (does not block framework runtime, but blocks community participation) - **Brand Impact:** **Medium** (users perceive disorganization / lack of support) - **Technical Classification:** - **Issue Category:** UX / Ops - **Component Affected:** Community Ops tooling (Collab.land configuration) - **Complexity:** Moderate effort (triage + runbook) - **Resource Requirements:** - **Required Expertise:** Discord admin, Collab.land setup, wallet verification flows - **Dependencies:** Access to Collab.land admin panel + logs - **Estimated Effort (1–5):** **2** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps:** 1. Create a support runbook: common failure reasons, steps, screenshots, escalation path. 2. Add a dedicated Discord support channel/thread template + collect error screenshots/tx/wallet provider. 3. Verify Collab.land config: chain(s), required signatures, role mappings, rate limits. - **Potential Assignees:** **odilitime** (Community Ops role), **brunonatan0397** / **sebasvenom** (helpers), **huey79ng** (reporter for reproduction) --- ### 7) Agent safety controls: prevent unsafe operations (capability-based authorization) - **Issue Title & ID:** Agent safety concerns: preventing unsafe operations (**DISCORD: 2026-04-08 safety concern**) + aligns with capability-token proposals (**#6707**, AgentID **#6688** referenced) - **Current Status:** Partially tracked via open proposals (**#6707**, **#6688**); Discord question unresolved - **Impact Assessment:** - **User Impact:** **High** (anyone deploying agents that can transact/post/execute) - **Functional Impact:** **Partial** today; becomes **Yes** as financial/ops plugins expand - **Brand Impact:** **High** (safety incidents are reputationally catastrophic) - **Technical Classification:** - **Issue Category:** Security - **Component Affected:** Core Framework guardrails/tool execution pipeline; Plugin System authorization model - **Complexity:** Architectural change - **Resource Requirements:** - **Required Expertise:** Security engineering, authZ design (capabilities), cryptographic identity, threat modeling - **Dependencies:** Directional decision: AgentID baseline + plugin-level enforcement interface - **Estimated Effort (1–5):** **5** - **Recommended Priority:** **P1** (design must progress this sprint even if implementation spans multiple) - **Specific Actionable Next Steps:** 1. Convert Discord concern into a formal “Safety Model / Tool Authorization” meta-issue, linking **#6688**, **#6707**, and any delegation work. 2. Define minimum viable policy layer: - per-tool allow/deny + human approval tiers - audit logging requirements - default-deny for irreversible actions 3. Publish a “Safe Tooling Guidelines” doc for plugin authors (required hooks, risk tiers). - **Potential Assignees:** **odilitime**, **pshkv** (proposal author #6707), **aeoess** (authority/delegation work) --- ### 8) MnemoPay plugin PR is not safe to merge (no persistence, null deref risk, NaN corruption) - **Issue Title & ID:** `plugin-mnemopay` has critical correctness gaps (PR **#6701**; Greptile Confidence 1/5) - **Current Status:** **OPEN PR** - **Impact Assessment:** - **User Impact:** **Low** currently (not merged), **High** if merged (runtime crashes + misleading “economic memory” claims) - **Functional Impact:** **Partial** (plugin-specific), but can crash agents if enabled - **Brand Impact:** **Medium** (merging a broken flagship-style plugin harms credibility) - **Technical Classification:** - **Issue Category:** Bug / Feature quality gate - **Component Affected:** Plugin System (community plugin in core repo path) - **Complexity:** Complex solution (persistence design + validation + tests) - **Resource Requirements:** - **Required Expertise:** Plugin architecture, persistence (sqlite/kv), action validation patterns, testing - **Dependencies:** Decide whether plugin belongs in core repo vs external registry - **Estimated Effort (1–5):** **4** - **Recommended Priority:** **P2** (block merge; schedule remediation if strategically important) - **Specific Actionable Next Steps:** 1. Require minimum merge gates: persistence, input validation (NaN guard), null-safety in handlers, memory eviction policy, tests. 2. If not meeting bar soon: move to external repo + registry submission once stable. 3. Add action keyword disambiguation so `RECALL_MEMORIES` and `REMEMBER_OUTCOME` don’t both fire. - **Potential Assignees:** **t49qnsx7qt-kpanks** (author), **odilitime** (merge gatekeeper), **dutchiono** (tests/quality) --- ### 9) v3 focus vs v2 support: lack of explicit support policy causing repeated integration/documentation churn - **Issue Title & ID:** No clear published support window for v2 Socket.IO vs v3 (implied in Discord: “deep in v3 development”) - **Current Status:** **Untracked** - **Impact Assessment:** - **User Impact:** **Medium** (integrators don’t know where to invest) - **Functional Impact:** **No** direct, but increases support burden and community frustration - **Brand Impact:** **Medium–High** (appears disorganized / moving target) - **Technical Classification:** - **Issue Category:** Documentation / Project management - **Component Affected:** Docs + Release process - **Complexity:** Moderate effort (policy + comms) - **Resource Requirements:** - **Required Expertise:** Release management, docs - **Dependencies:** v3 release timeline confidence - **Estimated Effort (1–5):** **2** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps:** 1. Publish a short version policy: “v2 supported until date/major v3 release + N weeks”. 2. Label docs pages clearly with version selectors and “last validated”. 3. Add deprecation notices where appropriate. - **Potential Assignees:** **odilitime**, **Community Ops** volunteers --- ### 10) Token utility / buybacks / gas fee comms gaps driving community frustration - **Issue Title & ID:** Missing public roadmap clarity for token utility (buybacks, Jeju gas fee timing, airdrop details) (**DISCORD: 2026-04-10**) - **Current Status:** Ongoing; questions repeatedly unanswered - **Impact Assessment:** - **User Impact:** **High** (broad community) - **Functional Impact:** **No** - **Brand Impact:** **High** (trust/credibility erosion) - **Technical Classification:** - **Issue Category:** Documentation / Communications - **Component Affected:** Public roadmap/docs - **Complexity:** Moderate effort - **Resource Requirements:** - **Required Expertise:** Project leadership + comms - **Dependencies:** Alignment on what can be disclosed and when - **Estimated Effort (1–5):** **3** - **Recommended Priority:** **P2** - **Specific Actionable Next Steps:** 1. Create a single canonical “Token Utility Status” page with dated updates (even if “TBD”). 2. Provide a FAQ with explicit non-commitment language where needed (“no date committed”). 3. Route repeated Discord questions to the canonical page; reduce ad-hoc responses. - **Potential Assignees:** **odilitime** (moderator), designated comms lead --- ## Top 5–10 Highest-Priority Issues (Immediate Attention) 1. **P0:** IGNORE-memory persistence broken with `ALLOW_MEMORY_SOURCE_IDS` (post-merge regression from **#6562**). 2. **P0:** Zero-vector embedding fallback corrupts semantic memory retrieval (post-merge regression from **#6562**). 3. **P0:** `elizaos create` macOS failure due to bun dependency/postinstall behavior (**#6704**). 4. **P1:** Group addressee routing PR **#6712** has `aliasEntity` ambiguity bug—must fix before merge. 5. **P1:** Establish/advance capability-based authorization / agent safety model (ties Discord safety concern to **#6688/#6707**). 6. **P1:** Canonical v2 Socket.IO protocol documentation (message types, schemas, auth, DM creation) to unblock integrators. 7. **P2:** Collab.land wallet verification runbook + escalation to reduce community support dead-ends. 8. **P2:** Block merge or remediate `plugin-mnemopay` PR **#6701** (persistence, safety, tests). 9. **P2:** Publish v2 vs v3 support/deprecation policy to stop repeated integration confusion. 10. **P2:** Centralize token-utility communications to address repeated public frustration. --- ## Patterns / Themes Indicating Deeper Architectural Problems - **Silent failure modes in core data planes (memory/embeddings):** Two high-severity items are “looks fine but is wrong” (dropped IGNORE memory; zero-vector semantic corruption). This suggests insufficient invariants/telemetry around persistence and retrieval correctness. - **Identity model ambiguity (agentId vs entityId):** The **#6712** bug indicates the system lacks a consistently enforced contract for identity mapping. This will recur as AgentID work expands unless formalized. - **Docs-as-code gaps for integration protocols:** Socket.IO behavior exists but isn’t specified; integrators reverse-engineer via trial/error. This will repeat for other connectors unless protocol specs are generated from source. - **Quality gates for large PRs/features:** Big merged changes (e.g., logging/memory controls) shipped with logic hazards; plugin PRs propose substantial features without tests/persistence. --- ## Process Improvements (Prevention) 1. **Add “Correctness Invariants” tests for memory + embeddings** - Regression tests for allowlists, IGNORE persistence, embedding failure policy, and retrieval behavior (no zero-norm vectors in semantic index). 2. **Introduce a “No Silent Corruption” policy** - If embeddings fail, require explicit status/telemetry + retry; disallow storing semantically invalid vectors without marking. 3. **Require identity-contract tests whenever touching routing/addressee logic** - Standard fixture for `agentId !== entityId` + group-room participants; must pass before merge. 4. **Adopt a lightweight RFC + spec generation for external protocols** - For Socket.IO (and future), generate enum + JSON schema docs from code at build time; publish with commit hash. 5. **Stricter merge gates for new plugins added to core** - Minimum requirements: persistence strategy (if claiming memory/reputation), null-safety, bounded growth, and baseline tests. If unmet, keep in external repo until stable.