# ElizaOS Intel — 2026-04-15 ## 1) Data Pattern Recognition ### Development velocity (rolling month-to-date: 2026-04-01 → 2026-05-01) - PRs: **4 opened / 3 merged** - Issues: **7 opened / 1 closed** - Contributors: **14 active** - Code churn: **+6,785 / -3,732 across 81 files**; **70 commits** - Change profile: **high-leverage core-runtime + dev-experience work**, plus **ecosystem/plugin proposals** concentrated around agent finance and authorization. ### Trend signals - **Strategic gravity shift** continues toward “agent economy primitives” (wallet, safety checks, marketplaces, economic memory) and **cryptographic identity/authorization** (AgentID, capability tokens). - **Core message/runtime reliability work** is accelerating (timeouts, logging, memory controls, TOON formatting, group routing). Several changes are “behavior-shaping” (when agents speak, what gets persisted), increasing regression risk and the need for hard acceptance criteria. - **Onboarding friction** is rising as a visible pain point (macOS Bun dependency behavior; workspace/submodule dev flow risk). ### Community engagement patterns (what users are asking for) - Plugin proposals are heavily skewed to **financial operations + risk controls**: - Marketplace & swaps / GPU rental (MAXIA proposal, #6700) - Pre-trade token safety blocking (SafeAgent proposal, #6706) - Incentive layer for tool contributions ($AIGEN, #6708) - Capability-token enforcement for tool calls (SINT, #6707) - Implication: community demand is converging on a single question: **“Can agents act in the world safely and verifiably?”** (authz + audit + risk checks) rather than “Can agents chat on protocol X?” ### Feature adoption / usage indicators (inferred from PRs/issues) - **TOON encapsulation** is being used by connectors (Discord/Milady), and missing schema fields caused real failures (PR #6709). - **Async task actions** (CREATE_TASK, SPAWN_AGENT, etc.) are used in production-like flows; incorrect continuation behavior produced spam (PR #6709). - **Group-room behavior** is a priority (PR #6712) to reduce multi-agent loop/ping-pong and incorrect addressee responses. --- ## 2) User Experience Intelligence ### Feedback & issues categorized by theme and impact #### A) Onboarding / setup failures (High impact, High urgency) - **Issue #6704:** `elizaos create` fails on macOS with “Bun's postinstall script was not run”. - Root cause: `bun` included as a runtime dependency via CLI/bootstrap; Bun package manager behavior + postinstall expectations create broken local bun binary stubs. - User impact: **hard-stop** (project creation fails and cleans up directory), high frustration, blocks first-time users. **Implementation opportunity** - Remove `bun` from runtime deps; move types to devDeps; update CLI template behavior so “create” never leaves the user with nothing. - Add **preflight checks + actionable error UX**: detect `--ignore-scripts`/pnpm/bun mismatch and offer a guided fix rather than deleting output. #### B) Core correctness & data integrity (High impact, Medium-to-high urgency) - In merged PR #6562 (core hardening/logging/memory controls), automated review flagged: - **IGNORE persistence bug** when `ALLOW_MEMORY_SOURCE_IDS` configured (logic uses `agent_response` hardcoded). - **Zero-vector embedding fallback** risks silent semantic-memory corruption (stored but unretrievable). - **Timeout default change** may affect latency distributions in existing deployments. **Implementation opportunity** - Treat these as **post-merge hotfix candidates** with unit tests and explicit migration/behavior notes. #### C) Conversation routing / “when should the agent speak?” (High impact, Medium urgency) - PR #6712 introduces deterministic group addressee routing and anti-loop prompt guidance. - Review flags a **P1 logic bug in aliasing** for agents where `entityId != agentId`, potentially disabling the feature entirely in real multi-agent rooms. **Usage pattern vs. intended design** - Intended: deterministic routing reduces unnecessary LLM calls and prevents responding to messages addressed to others. - Actual risk: name registry ambiguity makes addressee resolution return null; system falls back to LLM or incorrect defaults, reintroducing noise/loops. #### D) Plugin quality variance + security posture (Medium-to-high impact, Medium urgency) - PR #6701 (`plugin-mnemopay`) proposes “economic memory” but review highlights: - No persistence (in-memory only), unbounded growth, NaN reputation corruption risk, null-deref hazards, ambiguous action triggers, no tests. - Multiple marketplace/safety/economy proposals are arriving faster than the core can standardize verification/authz. **Sentiment snapshot (inferred)** - Positive: community is energized to build economic/security plugins. - Negative risk: if core/plugin registry accepts fragile finance plugins, user trust can be damaged quickly (agents handling money demand correctness, auditability, and safe defaults). --- ## 3) Strategic Prioritization (Impact × Risk × Dependency) ### Priority 0 (Immediate, 0–3 days): Stop-the-bleeding onboarding fixes 1) **Fix `elizaos create` macOS Bun failure** (#6704) - User impact: blocks new users entirely. - Technical risk: low (dependency graph + CLI behavior), high ROI. **Recommended actions** - Move `bun` to devDependency; rely on system bun; update templates. - Change CLI cleanup behavior: on failure, **leave directory + write a “NEXT_STEPS.md”** with exact remediation. **Success metric** - `elizaos create` success rate on macOS (Apple Silicon) in CI smoke test: **>95%**. - Time-to-first-run median: reduce by **>30%** (baseline needed). --- ### Priority 1 (This week, 3–7 days): Core correctness hotfixes (memory + routing) 2) **Hotfix core memory integrity issues** (post-merge from #6562) - Fix IGNORE persistence allowlist logic. - Replace “zero-vector embedding fallback” with a safer policy: - Option A: do not persist memory if embedding fails (with retry queue). - Option B: persist but mark `embeddingStatus=failed` and exclude from similarity search until re-embedded. **Success metric** - New unit tests covering: - ALLOW_MEMORY_SOURCE_IDS + IGNORE path persistence. - Embedding failure path does not silently poison recall. - Observability: log counters for embedding failures and memory writes skipped. 3) **Unblock PR #6712 by fixing aliasEntity ambiguity and adding tests** - Dependency: multi-agent/group-room experience quality. - Add coverage for `entityId != agentId` case (currently not caught). **Success metric** - Deterministic addressee resolution works for: - agentId-only - entityId-only - agentId != entityId with aliasing - Reduced “responded in threads not addressed to me” incidents (needs telemetry, even if minimal). --- ### Priority 2 (Next 1–2 weeks): Standardize “Agent Trust & Authorization” lane 4) **Define the authorization “spine”: AgentID + capability-based tool calls** - Inputs: - AgentID direction (strategic focus) - SINT capability token plugin proposal (#6707) - Goal: converge on a minimal interoperable contract rather than multiple competing schemes. **Recommended decisions** - Publish a short spec: “Tool Call Authorization v0” - Identity binding (AgentID or agent key) - Capability token format (ed25519 envelope, claims, expiry) - Evidence ledger/audit hooks (hash-chained events) - Human-in-the-loop tiers for irreversible actions (T2/T3) **Critical-path dependency** - Without this, finance plugins (wallet, marketplace, safety checks) cannot be safely composed. **Success metric** - One reference implementation (core or blessed plugin) intercepting tool calls with: - allow/deny - tiered approvals - auditable decision record --- ### Priority 3 (Ongoing): Plugin ecosystem gating for agent finance 5) **Introduce “Finance Plugin Acceptance Checklist” for registry inclusion** - Motivated by: - SafeAgent proposal (#6706) - MAXIA marketplace proposal (#6700) - AIGEN incentives (#6708) - MnemoPay PR quality gaps (#6701) **Checklist (minimum)** - Persistence story (if claiming “memory” or “reputation”) - Bounded resource usage (caps/eviction/backpressure) - Deterministic validation (avoid ambiguous keyword triggers) - Tests (unit + mock integration) - Secure defaults (fail closed on safety checks, explicit user consent for spend) - Audit logging compatibility (events emitted) **Resource allocation** - Assign one maintainer to create templates + CI gates; this scales better than ad-hoc review. **Success metric** - Reduced “review churn” time per plugin PR; increased merge confidence; fewer production regressions. --- ## Recommended Resource Allocation (next 7 days) - **1 engineer (DX/onboarding):** resolve #6704 + add CLI preflight + smoke tests. - **1 engineer (core runtime):** ship memory hotfixes + add guardrails/telemetry. - **1 engineer (messaging/group behavior):** fix #6712 bug + expand tests + validate on a real group connector. - **0.5 engineer (ecosystem/standards):** draft “Tool Call Authorization v0” + plugin finance checklist; schedule community review. --- ## Risks & Watchlist - **Behavior-shaping prompt/template changes** (TOON migration, shouldRespond changes) can cause subtle regressions; require golden tests for: - “agent stays silent” cases - “agent responds once” cases (no continuation spam) - group reply-thread disambiguation - **Economic layer hype vs. safety reality:** multiple incentive/marketplace proposals increase reputational risk if merged without authz/audit primitives. - **Latency regressions** from timeout default changes; track P95/P99 and provider failure rates after releases. --- ## Key Actions to Execute (copy/paste) 1) Ship fix for #6704 (bun dependency) + CLI failure UX improvements. 2) Patch core memory bugs (IGNORE allowlist, embedding failure policy) + tests. 3) Fix PR #6712 aliasEntity ambiguity + add coverage for entityId/agentId mismatch. 4) Publish “Tool Call Authorization v0” draft aligning AgentID + capability tokens. 5) Add finance plugin acceptance checklist + CI-required test baseline for registry-bound plugins.