## Issue Triage — 2026-05-14

### 1) Discord moderation security incident: compromised admin accounts + active scammers
- **Issue Title & ID:** Discord Server Security: Compromised Admin Accounts & Scammer Activity (TRIAGE-2026-05-14-SEC-01)
- **Current Status:** Reported in Discord (2026-05-12); mitigation/investigation in progress; no linked GitHub issue yet.
- **Impact Assessment:**
  - **User Impact:** **Critical** (entire community server at risk)
  - **Functional Impact:** **Partial** (community support + onboarding channels become unsafe/unusable)
  - **Brand Impact:** **High** (public trust + reputation)
- **Technical Classification:**
  - **Issue Category:** Security
  - **Component Affected:** Community Ops / Discord
  - **Complexity:** Moderate effort (policy + tooling + incident response)
- **Resource Requirements:**
  - **Required Expertise:** Discord administration, incident response, account security, moderation tooling
  - **Dependencies:** Access to Discord audit logs; coordination with current moderators/admins
  - **Estimated Effort (1-5):** **3**
- **Recommended Priority:** **P0**
- **Specific Actionable Next Steps:**
  1. Immediately rotate/restore admin access: remove compromised admins, reset roles/permissions, enforce least privilege.
  2. Enable/require: 2FA for all mods/admins, verified email, and review OAuth-connected apps/bots.
  3. Audit: server audit logs for role changes/webhooks/invites; delete unknown webhooks; revoke suspicious invites.
  4. Implement anti-scam measures: auto-mod rules, link filtering, quarantine for new accounts, channel posting cooldowns.
  5. Publish a short incident notice + safety guidance in-announcements.
- **Potential Assignees:** **neuro023** (Moderator), **odilitime** (Moderator/Community Ops), plus any trusted Discord admins with audit access.

---

### 2) Plugin registry submission path broken (404s on registry repo + plugins.elizacloud.ai)
- **Issue Title & ID:** v2 Plugin Registry 404: elizaos-plugins/registry + plugins.elizacloud.ai unreachable (TRIAGE-2026-05-14-REG-01)
- **Current Status:** Reported (2026-05-12); investigation ongoing; policy rollback to direct PRs being considered.
- **Impact Assessment:**
  - **User Impact:** **High** (blocks third-party plugin distribution)
  - **Functional Impact:** **Partial** (core runs, but ecosystem contribution pipeline blocked)
  - **Brand Impact:** **High** (contributors perceive process as broken)
- **Technical Classification:**
  - **Issue Category:** Bug / Infrastructure
  - **Component Affected:** Plugin System (Registry), Web/Hosting, Repo permissions
  - **Complexity:** Moderate effort
- **Resource Requirements:**
  - **Required Expertise:** GitHub org/repo administration, DNS/hosting, CI/CD for registry publishing
  - **Dependencies:** Determine whether registry repo was renamed/privatized/removed; hosting status for plugins.elizacloud.ai
  - **Estimated Effort (1-5):** **3**
- **Recommended Priority:** **P0**
- **Specific Actionable Next Steps:**
  1. Confirm root cause: GitHub repo visibility/path, branch protection, DNS/hosting for `plugins.elizacloud.ai`.
  2. Restore access (either fix registry or publish a temporary fallback).
  3. Decide policy: registry-based submissions vs. direct PRs to `elizaos/eliza` (especially for BUSL-1.1 plugins).
  4. Update docs + pinned Discord message: “current supported submission path” + licensing guidance.
- **Potential Assignees:** **odilitime** (plugin process owner), **0xSolace** (ops/CI stabilization), **lalalune** (repo structure changes context).

---

### 3) Cloud app chat endpoint: auth errors misclassified as 500 + credit reconciliation/refund edge cases
- **Issue Title & ID:** Cloud Monetized App Chat: auth failures return 500; reconciliation can overcharge or refund after delivery (PR #7376 review findings) (ELIZA-PR-7376-P1)
- **Current Status:** Merged (PR #7376), but automated review flags multiple P1 regressions; needs immediate follow-up patch PR(s).
- **Impact Assessment:**
  - **User Impact:** **Critical** (app users receive wrong errors; billing correctness affected)
  - **Functional Impact:** **Yes** (breaks app-scoped chat reliability; can mis-handle paid usage)
  - **Brand Impact:** **High** (billing trust + “monetized apps” credibility)
- **Technical Classification:**
  - **Issue Category:** Bug / Security (financial correctness), Reliability
  - **Component Affected:** Cloud API (`/api/v1/apps/:id/chat`), Billing/Credits reconciliation, Auth middleware
  - **Complexity:** Complex solution (streaming lifecycle + transactional semantics)
- **Resource Requirements:**
  - **Required Expertise:** Cloud API (Hono/Workers), billing/credits accounting, streaming responses, error handling patterns
  - **Dependencies:** Understanding of global auth middleware bypass for API keys; credit reservation vs reconcile flow
  - **Estimated Effort (1-5):** **5**
- **Recommended Priority:** **P0**
- **Specific Actionable Next Steps:**
  1. Fix auth error classification: ensure `AuthenticationError/ForbiddenError` become **401/403** (not caught as 500), especially for API-key callers; remove risky `Promise.all` wrapping or handle typed errors explicitly.
  2. Streaming: prevent “refund after content delivered” on reconcile failure; reconcile should be best-effort but must not invalidate already-served output (introduce idempotent reconcile with a “delivered=true” guard).
  3. Non-streaming: on reconcile failure, return provider response (if already obtained) and enqueue retry, or perform immediate refund before returning error.
  4. Add tests that simulate transient DB failure at each reconcile step (stream + non-stream).
- **Potential Assignees:** **NubsCarson** (author), **standujar** (cloud auth/test stabilization), **0xSolace** (regression hardening).

---

### 4) Cloudflare domain sync never marks domain “verified” (CORS origins remain empty)
- **Issue Title & ID:** Cloud Domains Sync: status becomes active but `verified` never set true (breaks CORS origins) (PR #7376 review finding) (ELIZA-PR-7376-P1-DOMAINS)
- **Current Status:** Merged; needs follow-up fix.
- **Impact Assessment:**
  - **User Impact:** **High** (custom domain apps fail due to CORS/origin checks)
  - **Functional Impact:** **Yes** (blocks custom domain serving for monetized apps)
  - **Brand Impact:** **High**
- **Technical Classification:**
  - **Issue Category:** Bug
  - **Component Affected:** Cloud Domains (`/apps/:id/domains/sync`), CORS origin resolution
  - **Complexity:** Moderate effort
- **Resource Requirements:**
  - **Required Expertise:** Cloud domain lifecycle, DB state modeling, CORS/origin allowlists
  - **Dependencies:** Managed domains DB schema + syncStatus implementation
  - **Estimated Effort (1-5):** **3**
- **Recommended Priority:** **P0**
- **Specific Actionable Next Steps:**
  1. Patch sync route to set `verified: true` when registrar reports active and zone is provisioned.
  2. Add regression test: purchase while pending → later sync → verify allowlisted origins include domain.
- **Potential Assignees:** **NubsCarson**, **standujar**.

---

### 5) Slack connector: missing try/catch around user lookup can drop incoming messages
- **Issue Title & ID:** plugin-slack: unguarded `users.info` exception drops events (PR #7375 review finding) (ELIZA-PR-7375-P1)
- **Current Status:** Merged (PR #7375); review notes P1 defect on the inbound message path.
- **Impact Assessment:**
  - **User Impact:** **High** (Slack bots appear unreliable; messages lost)
  - **Functional Impact:** **Partial** (connector-specific, but core “agent replies” broken for Slack users)
  - **Brand Impact:** **Medium/High** (connectors perceived as unstable)
- **Technical Classification:**
  - **Issue Category:** Bug / Reliability
  - **Component Affected:** Plugin System → `@elizaos/plugin-slack` (`service.ts` event handlers)
  - **Complexity:** Simple fix
- **Resource Requirements:**
  - **Required Expertise:** TypeScript, Slack Bolt/Socket Mode error handling
  - **Dependencies:** None
  - **Estimated Effort (1-5):** **2**
- **Recommended Priority:** **P1**
- **Specific Actionable Next Steps:**
  1. Wrap `getUser()` calls in `try/catch`; on failure, proceed with minimal identity (fallback to user id) and still store memory + respond.
  2. Add tests for rate-limit/network failure simulation: event should still be processed and logged.
  3. (Hygiene) Update `repository.url` and remove unused `zod` dependency (P2 cleanup).
- **Potential Assignees:** **2-A-M** (plugin migration familiarity), **0xSolace** (stability pass), or the PR author **2-A-M** directly.

---

### 6) v3 roadmap ambiguity: unclear focus (stabilization vs public autonomous workflow stack) + AgentID integration status unknown
- **Issue Title & ID:** v3 Roadmap Clarity: stabilization vs release target; AgentID integration status (TRIAGE-2026-05-14-V3-01)
- **Current Status:** Raised on Discord (2026-05-13); unanswered publicly.
- **Impact Assessment:**
  - **User Impact:** **Medium** (affects builders planning integrations)
  - **Functional Impact:** **No** (not a runtime failure)
  - **Brand Impact:** **High** (signals lack of direction; increases churn)
- **Technical Classification:**
  - **Issue Category:** Documentation / UX (developer experience) / Project Management
  - **Component Affected:** Core Framework (v3 architecture), Identity/AgentID system
  - **Complexity:** Moderate effort (requires authoritative alignment)
- **Resource Requirements:**
  - **Required Expertise:** Core architecture owners, product roadmap communication
  - **Dependencies:** Internal decisions on v3 milestones; AgentID implementation state
  - **Estimated Effort (1-5):** **3**
- **Recommended Priority:** **P1**
- **Specific Actionable Next Steps:**
  1. Publish a short v3 status post: current milestone, what’s stabilized, what’s blocked, “next 2-4 weeks” plan.
  2. Explicitly answer: “Is AgentID in v3 yet? If partial, what surfaces use it (DB schema, runtime identity, plugin auth, etc.)?”
  3. Create/refresh a tracking issue/epic in GitHub linking sub-items (AgentID, workflow stack, infra hardening).
- **Potential Assignees:** **odilitime** (Core Dev/Comms), **lalalune** (repo/arch context), **standujar** (architecture/process), plus whichever core maintainer owns identity.

---

### 7) Plugin submission policy gap for BUSL-1.1 plugins (monorepo PRs blocked; registry currently broken)
- **Issue Title & ID:** BUSL plugin onboarding blocked by policy + broken registry (TRIAGE-2026-05-14-LIC-01)
- **Current Status:** Reported via Discord (2026-05-12); waiting on registry fix and/or policy change.
- **Impact Assessment:**
  - **User Impact:** **Medium/High** (third-party plugin authors blocked)
  - **Functional Impact:** **Partial**
  - **Brand Impact:** **Medium/High**
- **Technical Classification:**
  - **Issue Category:** Documentation / Process
  - **Component Affected:** Plugin System governance
  - **Complexity:** Moderate effort
- **Resource Requirements:**
  - **Required Expertise:** Maintainers, licensing/legal awareness, release engineering
  - **Dependencies:** Registry availability decision (Issue REG-01)
  - **Estimated Effort (1-5):** **2**
- **Recommended Priority:** **P1**
- **Specific Actionable Next Steps:**
  1. Define supported paths: (a) external registry listing (b) “verified third-party” org (c) direct PR exceptions.
  2. Document minimum metadata + security review expectations for closed/non-OSS licenses.
- **Potential Assignees:** **odilitime**, **0xSolace**.

---

### 8) GODL protocol integration proposal (skill.md compatible) — evaluate security boundaries (wallets/automation hooks)
- **Issue Title & ID:** GODL Integration: agent-managed wallets + websocket automation via skill.md (TRIAGE-2026-05-14-INTEG-01)
- **Current Status:** Discussed in Discord coders channel (2026-05-13); moving to DMs for docs; no implementation yet.
- **Impact Assessment:**
  - **User Impact:** **Low/Medium** (new integration opportunity)
  - **Functional Impact:** **No**
  - **Brand Impact:** **Medium** (partnership optics; risk if rushed)
- **Technical Classification:**
  - **Issue Category:** Feature Request / Security (wallet handling)
  - **Component Affected:** Plugin System, Solana integration, Tool/Skill ingestion
  - **Complexity:** Architectural change (if wallets + autonomous strategies are first-class)
- **Resource Requirements:**
  - **Required Expertise:** Solana, secure key management (vault), plugin/tool schema, websocket services
  - **Dependencies:** Security review requirements; wallet custody model; rate limiting / abuse prevention
  - **Estimated Effort (1-5):** **4**
- **Recommended Priority:** **P2**
- **Specific Actionable Next Steps:**
  1. Request GODL docs + skill.md + SDK API surface; map required actions/providers.
  2. Define security model: vault-backed keys only, explicit user consent, per-action spend limits, audit logs.
  3. Build a spike plugin with read-only + simulation mode before enabling real staking/mining actions.
- **Potential Assignees:** **blankey1717** (partner liaison), **odilitime** (skill.md compatibility), **zadayos** (Solana-savvy contributor), plus a security-minded reviewer (**NubsCarson** for vault/billing-style safeguards if applicable).

---

### 9) Multi-agent orchestrator (Python/claude-agent-sdk) test request — needs safe sandbox + OAuth procedure
- **Issue Title & ID:** Discord Sandbox Agent Testing: OAuth invite/whitelist + restricted permissions (TRIAGE-2026-05-14-OPS-01)
- **Current Status:** Requested 2026-05-11; odilitime offered OAuth help; pending execution.
- **Impact Assessment:**
  - **User Impact:** Medium (community experimentation)
  - **Functional Impact:** Partial (community platform capability)
  - **Brand Impact:** Medium (safety posture matters)
- **Technical Classification:**
  - **Issue Category:** UX / Process / Security
  - **Component Affected:** Community Ops, Discord bot permissions
  - **Complexity:** Moderate effort
- **Resource Requirements:**
  - **Required Expertise:** Discord OAuth/bot configuration, permission scoping, abuse prevention
  - **Dependencies:** Resolution of Discord security incident (SEC-01) before enabling new bots
  - **Estimated Effort (1-5):** 2
- **Recommended Priority:** **P2** (defer until SEC-01 mitigated)
- **Specific Actionable Next Steps:**
  1. After SEC-01: create a “Bot Lab” server or locked sandbox channel with explicit rules.
  2. Require: source repo link, bot intents list, logging policy, rate limits, kill-switch.
  3. Define a standard “bot onboarding checklist” for the community.
- **Potential Assignees:** **odilitime**, **neuro023**.

---

## Top 5–10 Highest-Priority Issues to Address Immediately
1. **P0:** Discord compromised admin accounts + scam activity (TRIAGE-2026-05-14-SEC-01)  
2. **P0:** Plugin registry 404 blocks plugin submissions (TRIAGE-2026-05-14-REG-01)  
3. **P0:** Cloud monetized chat endpoint auth/billing correctness regressions (ELIZA-PR-7376-P1)  
4. **P0:** Cloud domain sync never marks verified → breaks CORS/custom domains (ELIZA-PR-7376-P1-DOMAINS)  
5. **P1:** Slack connector can silently drop messages on Slack API error (ELIZA-PR-7375-P1)  
6. **P1:** v3 roadmap + AgentID integration status needs a public authoritative update (TRIAGE-2026-05-14-V3-01)  
7. **P1:** BUSL plugin submission pathway unclear/blocked (TRIAGE-2026-05-14-LIC-01)  
8. **P2:** New bot/orchestrator testing process (TRIAGE-2026-05-14-OPS-01)  
9. **P2:** GODL integration spike with strict wallet security boundaries (TRIAGE-2026-05-14-INTEG-01)

---

## Patterns / Themes Indicating Deeper Architectural Problems
- **“Silent failure” modes across surfaces:** message drops (Slack), broken submission pipeline (registry), and auth errors masked as 500 (Cloud) all reduce diagnosability and user trust.
- **Post-merge risk concentration in Cloud monetization paths:** billing/credits + streaming + auth require stricter transactional patterns and typed error handling to prevent financial/UX regressions.
- **Ecosystem scaling pressure:** plugin distribution governance (registry vs monorepo PRs) and licensing constraints need a stable, documented “source of truth” to keep third-party contributions flowing.
- **Roadmap ambiguity amplifies perceived instability:** unanswered v3/AgentID questions increase confusion even when engineering progress exists.

---

## Recommendations (Process Improvements)
1. **Require “no silent drop” guards on all connector inbound paths:** standardized wrapper for external API calls (retry/backoff, fallback identity, always store memory, always log structured error).
2. **Cloud endpoints: enforce typed error mapping + reconciliation invariants:** introduce shared helpers so `AuthenticationError/ForbiddenError` can’t become 500; add property-based tests for credit reserve/reconcile paths.
3. **Operational readiness gate for high-risk merges:** monetization/billing/auth changes should require (a) explicit rollback plan, (b) canary checklist, (c) failure-mode tests for transient DB/provider errors.
4. **Single, pinned “Plugin Submission SOP” with licensing branches:** include BUSL handling, registry status page, and fallback submission routes.
5. **Security incident runbook for community ops:** documented steps for compromised accounts, webhook audits, role lockdown, and post-incident communication templates.