# Issue Triage — 2026-04-16 (elizaOS) ## P0 / P1 / P2 Issues (actionable, high-signal) --- ### 1) `elizaos create` fails on macOS due to transitive `bun` runtime dependency - **Issue Title & ID:** `elizaos create fails with "Bun's postinstall script was not run" on macOS` — elizaos/eliza **#6704** - **Current Status:** **OPEN** (no comments yet) - **Impact Assessment:** - **User Impact:** **High** (blocks first-time setup; likely hits many macOS + bun users) - **Functional Impact:** **Yes** (project creation/bootstrap fails; directory gets cleaned up) - **Brand Impact:** **High** (onboarding failure is highly visible) - **Technical Classification:** - **Category:** Bug / DX - **Component:** **CLI / plugin-bootstrap / packaging** - **Complexity:** **Moderate effort** (dependency graph + release) - **Resource Requirements:** - **Required Expertise:** Node/bun packaging, workspace publishing, CLI templates - **Dependencies:** Requires coordinated changes in `@elizaos/cli` and `@elizaos/plugin-bootstrap` + release cut - **Estimated Effort:** **3/5** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Audit `package.json` for `@elizaos/cli` and `@elizaos/plugin-bootstrap`: move `bun` from runtime deps → dev deps (keep only `@types/bun` if needed). 2. Add CI smoke test: `bun install -g @elizaos/cli && elizaos create ... && bun run build` on macOS (arm64). 3. Update docs: supported install paths (bun vs npm) and explicit note to avoid transitive bun binary installs. 4. Cut patch release(s) and announce in Discord. - **Potential Assignees:** **dirtybits** (reporter; has root-cause), **odilitime** (core/packaging), a release maintainer for `@elizaos/cli`. --- ### 2) Regression: IGNORE decisions silently not persisted when `ALLOW_MEMORY_SOURCE_IDS` is set - **Issue Title & ID:** `IGNORE memory persistence dropped under ALLOW_MEMORY_SOURCE_IDS (agent_response hardcoded)` — **needs tracking issue** (found in merged PR) - **Source:** elizaos/eliza **PR #6562** (merged 2026-04-08), flagged by Greptile review - **Current Status:** **Untracked regression** (code is merged; requires hotfix PR) - **Impact Assessment:** - **User Impact:** **Medium → High** (any deployment using `ALLOW_MEMORY_SOURCE_IDS`) - **Functional Impact:** **Partial** (memory/behavior correctness; can break “ignore/closure” behavior and analytics) - **Brand Impact:** **Medium** (hard-to-debug “why didn’t it remember” issues) - **Technical Classification:** - **Category:** Bug - **Component:** **Core Framework / Message Service (memory pipeline)** - **Complexity:** **Simple fix** (logic parity with regular response persistence path) - **Resource Requirements:** - **Required Expertise:** Core runtime/message pipeline, memory source IDs - **Dependencies:** None (but should ship with tests) - **Estimated Effort:** **2/5** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Create GitHub issue with minimal repro: set `ALLOW_MEMORY_SOURCE_IDS` to something non-empty; trigger IGNORE; confirm no memory entry. 2. Patch `message.ts` IGNORE path to **not** require `allowedSources.includes("agent_response")` (or correctly use the response’s real `sourceId`). 3. Add unit test: IGNORE persistence works both with/without `ALLOW_MEMORY_SOURCE_IDS`. 4. Release patch version. - **Potential Assignees:** **odilitime** (authored PR #6562), **NubsCarson** (message-service changes recently), **greptile-apps** as reviewer signal (not assignee). --- ### 3) Regression: zero-vector embedding fallback silently corrupts semantic memory retrieval - **Issue Title & ID:** `Embedding failure persists zero-vector, making stored memories unretrievable` — **needs tracking issue** - **Source:** elizaos/eliza **PR #6562** (merged), flagged by Greptile review (`runtime.ts` fallback) - **Current Status:** **Untracked regression** (merged code; needs fix) - **Impact Assessment:** - **User Impact:** **Medium** (hits users with intermittent embedding failures/timeouts/rate limits) - **Functional Impact:** **Partial** (memory appears saved but cannot be recalled via similarity search) - **Brand Impact:** **High** (silent data loss / “memory doesn’t work” perception) - **Technical Classification:** - **Category:** Bug / Data integrity - **Component:** **Core Framework / Runtime / Memory + embeddings** - **Complexity:** **Moderate effort** (design decision: skip persist vs mark as pending vs retry) - **Resource Requirements:** - **Required Expertise:** embedding pipeline, memory store schema, retrieval semantics - **Dependencies:** Consider interaction with any vector DB adapters and caching - **Estimated Effort:** **3/5** - **Recommended Priority:** **P0** - **Specific Actionable Next Steps:** 1. Decide policy: **do not write** memory entries without a valid embedding (preferred), or store with `embeddingStatus: "failed"` and exclude from vector search until re-embedded. 2. Implement: on embedding failure, either (a) abort persist, or (b) persist text-only but **do not** inject a zero vector; queue retry job. 3. Add tests: embedding failure → no zero-vector persisted; retrieval behavior remains consistent. 4. Add observability: log metric/counter for embedding failure rate. - **Potential Assignees:** **odilitime** (core runtime), a maintainer familiar with memory adapters/vector stores. --- ### 4) PR-blocker: group addressee routing breaks for agents where `agentId !== entityId` - **Issue Title & ID:** `aliasEntity causes ambiguous token resolution; group addressee routing fails for split agentId/entityId` — elizaos/eliza **PR #6712** (open) - **Current Status:** **OPEN PR** with a highlighted P1 logic bug (Greptile) - **Impact Assessment:** - **User Impact:** **High** for multi-agent/group-room deployments (Discord/Telegram rooms, reply threads) - **Functional Impact:** **Yes (for the new feature)**; can misroute responses / fail to detect addressed-to-self/other - **Brand Impact:** **Medium** (chatty/incorrect multi-party behavior is visible) - **Technical Classification:** - **Category:** Bug (pre-merge) - **Component:** **Core Framework / Group routing / shouldRespond** - **Complexity:** **Moderate effort** - **Resource Requirements:** - **Required Expertise:** identity model (`agentId` vs `entityId`), group room routing, tokenizer/registry logic - **Dependencies:** Needs improved tests before merge - **Estimated Effort:** **3/5** - **Recommended Priority:** **P1** (must fix before merging PR #6712) - **Specific Actionable Next Steps:** 1. Fix `aliasEntity` so it does **not** poison `tokenToEntities` sets (avoid multi-entity ambiguity for a single token). 2. Add unit tests covering: - agent with `entityId !== agentId` - two agents with similar names - reply-thread parent author routing 3. Re-run integration sanity check in a real group connector (Discord) to confirm no regressions in speak/silence decisions. - **Potential Assignees:** **odilitime** (PR author), plus a reviewer with connector experience (e.g., **NubsCarson**). --- ### 5) Install/CI risk after dev-harness merge: submodule workspace/lockfile consistency - **Issue Title & ID:** `Fresh clone may fail due to submodule workspace paths / bun.lock mismatch after agent/ harness merge` — related to elizaos/eliza **PR #6702** (merged 2026-04-09) - **Current Status:** **Needs verification** (was flagged as P1 risk during review; PR is merged) - **Impact Assessment:** - **User Impact:** **Medium → High** (any contributor cloning repo; CI reliability; dev onboarding) - **Functional Impact:** **Partial** (repo install/dev script breakage) - **Brand Impact:** **Medium** (contributor experience) - **Technical Classification:** - **Category:** Bug / Build & Tooling - **Component:** **Repo tooling / workspaces / bun.lock** - **Complexity:** **Moderate effort** - **Resource Requirements:** - **Required Expertise:** bun workspaces, lockfile hygiene, git submodules - **Dependencies:** May require updating scripts and documenting submodule workflow - **Estimated Effort:** **3/5** - **Recommended Priority:** **P1** - **Specific Actionable Next Steps:** 1. Validate on a clean environment (no submodules initialized): - `bun install` - `bun run dev` - minimal “agent harness” run 2. If failure reproduces: open issue with exact error logs and fix either: - ensure committed `package.json` has no mandatory workspace paths that require submodules, and/or - ensure `scripts/dev.mjs` reliably initializes and wires workspaces before any install. 3. Align `agent/package.json` dependency declarations with `bun.lock` (regenerate lockfile in the intended mode). - **Potential Assignees:** **odilitime** (authored), a build/CI maintainer. --- ### 6) PR quality/security-of-state: plugin-mnemopay lacks persistence, has null-deref risks, and can corrupt reputation - **Issue Title & ID:** `feat: add plugin-mnemopay — economic memory for AI agents` — elizaos/eliza **PR #6701** - **Current Status:** **OPEN PR** with multiple blocking findings (Greptile confidence 1/5) - **Impact Assessment:** - **User Impact:** **Low (until merged)**, but high risk if merged as-is - **Functional Impact:** **Yes (for plugin correctness)**; doesn’t meet stated purpose (memory wiped on restart) - **Brand Impact:** **Medium** (shipping “economic memory” that isn’t persistent damages trust) - **Technical Classification:** - **Category:** Bug / Feature (PR hardening) - **Component:** **Plugin System / plugin-mnemopay** - **Complexity:** **Complex solution** (persistence + eviction + tests + action disambiguation) - **Resource Requirements:** - **Required Expertise:** plugin patterns (Service/Provider/Evaluator), persistence adapters, action validation patterns - **Dependencies:** Decide/standardize plugin persistence approach (SQLite, core memory store, etc.) - **Estimated Effort:** **4/5** - **Recommended Priority:** **P2** (block merge; not a core outage) - **Specific Actionable Next Steps:** 1. Add persistence (choose one): - use existing DB adapter (SQL plugin), or - integrate with core memory store (preferred for consistency). 2. Guard config parsing: reject/replace NaN `MNEMOPAY_REPUTATION_DELTA`. 3. Add null checks in every handler/evaluator path (`getService()` can be null). 4. Resolve action trigger ambiguity (`remember` keyword overlap). 5. Add memory eviction/limits (and document them). 6. Add a minimal unit test suite validating persistence and action routing. - **Potential Assignees:** **t49qnsx7qt-kpanks** (author), with support from a core plugin reviewer (e.g., **odilitime**). --- ### 7) Developer workflow correctness: merge and release PR for toon action params + async action continuation suppression - **Issue Title & ID:** `Fix/toon action params` — elizaos/eliza **PR #6709** - **Current Status:** **OPEN PR** (appears ready; well-tested) - **Impact Assessment:** - **User Impact:** **Medium** (toon connectors like Discord/Milady; actions with required params; async task spam) - **Functional Impact:** **Partial** (actions fail silently; noisy message loops) - **Brand Impact:** **Medium** - **Technical Classification:** - **Category:** Bugfix - **Component:** **Core Framework / Message Service / Connectors** - **Complexity:** **Simple fix** - **Resource Requirements:** - **Required Expertise:** message pipeline, action schema formatting (TOON) - **Dependencies:** None - **Estimated Effort:** **2/5** - **Recommended Priority:** **P1** (merge this sprint) - **Specific Actionable Next Steps:** 1. Final review focusing on message schema and continuation-loop behavior. 2. Merge and ship patch release. 3. Add/keep regression tests for toon param extraction and async terminal actions. - **Potential Assignees:** **NubsCarson** (author), reviewer: **odilitime**. --- ## Lower-priority (but important) items to track ### 8) Capability token enforcement proposal (authorization layer) - **Issue Title & ID:** `Plugin proposal: @sint/eliza-plugin — capability token enforcement for Eliza agent tool calls` — elizaos/eliza **#6707** - **Current Status:** **OPEN** (proposal) - **Impact Assessment:** User Impact **Medium** (future safety), Functional Impact **No** (not a regression), Brand Impact **High** (safety posture) - **Technical Classification:** Feature Request / Security architecture; Core + Plugin System; **Architectural change** - **Effort:** **5/5** - **Priority:** **P3** (but should be reviewed/design-triaged soon given financial tooling direction) - **Next Steps:** schedule design review; align with AgentID (#6688); define minimal MVP (policy hook points + audit log contract). - **Potential Assignees:** **pshkv** (proposer), core security-minded maintainer, **odilitime** for integration points. ### 9) Token safety plugin proposal (pre-trade scam/rug detection) - **Issue Title & ID:** `Plugin: SafeAgent — Token safety checks before trading` — elizaos/eliza **#6706** - **Status:** **OPEN** (proposal) - **Priority:** **P3** (valuable ecosystem plugin; not core breakage) - **Next Steps:** direct to plugins registry submission path; define security review checklist (network calls, caching, oracle trust, rate limits). - **Potential Assignees:** **CryptoGenesisSecurity** (author), plugins registry maintainers. ### 10) Marketplace / incentives proposals - **Issue Title & ID:** `Plugin: MAXIA AI Marketplace...` — **#6700** (P4) - **Issue Title & ID:** `AIGEN Protocol — Earn $AIGEN tokens...` — **#6708** (P4) - **Notes:** Require governance/security review; avoid coupling core to token incentives without threat modeling and reputation/identity primitives. --- # Conclusion ## 1) Top 5–10 highest-priority items to address immediately 1. **P0:** elizaos/eliza **#6704** — `elizaos create` fails on macOS (onboarding blocker). 2. **P0:** **(new issue)** IGNORE memory persistence regression from **PR #6562**. 3. **P0:** **(new issue)** zero-vector embedding fallback data-integrity regression from **PR #6562**. 4. **P1:** elizaos/eliza **PR #6709** — toon params + async continuation spam fix (merge & release). 5. **P1:** elizaos/eliza **PR #6712** — fix `aliasEntity` ambiguity bug before merge. 6. **P1:** **(verify + possibly new issue)** fresh-clone install/CI risk from **PR #6702** workspace/submodule/lockfile consistency. 7. **P2:** elizaos/eliza **PR #6701** — plugin-mnemopay rework (persistence, null safety, tests). 8. **P3:** elizaos/eliza **#6707** — capability token enforcement (design triage; aligns with AgentID direction). 9. **P3:** elizaos/eliza **#6706** — SafeAgent plugin (ecosystem/security review path). 10. **P4:** elizaos/eliza **#6700** / **#6708** — marketplace/incentives proposals (governance track). ## 2) Patterns/themes indicating deeper architectural problems - **Regressions slipping through in core runtime/memory pipeline:** PR #6562 merged with logic/data-integrity issues, suggesting missing “must-pass” tests for memory persistence and embedding failure semantics. - **Identity/model ambiguity (`agentId` vs `entityId`):** PR #6712 bug highlights unclear invariants. This will recur as AgentID work expands unless the canonical identity model is formalized and tested. - **Tooling/install fragility:** bun/workspace/submodule patterns and transitive runtime deps (bun package) are causing onboarding pain (CLI create) and potential contributor friction (fresh clone). ## 3) Recommendations for process improvements - **Add a “Core invariants” test suite gate** for: - memory persistence under allowlists, - embedding failure handling (no silent corruption), - shouldRespond/group routing invariants (agentId/entityId permutations). - **Require “fresh clone” CI job** (no submodules, empty caches) that runs `bun install` + minimal `bun run dev`/harness smoke test. - **Adopt release-blocking checklist for merged core PRs** touching runtime/message/memory: - explicit migration notes for default timeouts/settings, - data-integrity review (what happens on failure paths), - at least one new regression test per bugfix claim. - **Formalize identity semantics** in docs + types: define when `agentId` and `entityId` may differ, and how name/address resolution must behave in that case.