## Intel Brief — 2026-04-22 (covering activity through 2026-04-21)

### Key Signals (last 72h)
- **Security/support risk escalating in community channels:** repeated scam/phishing incidents + “support ticket” fraud pattern; users losing funds post token-migration closure.
- **Shipping continues at high velocity in core + LifeOps:** unified auth (wallet+GitHub), silent-logout fix via server-side Steward refresh, LifeOps feature expansion (calendar/travel/gateway), model-compat improvements (`PROMPT_OUTPUT_FORMAT`), and broad dependency upgrades.
- **Ecosystem expansion blocked by infra misconfig:** plugin registry PR **#346** stalled due to **OIDC permission misconfiguration** in `claude-code-action` workflow (repo config issue).

---

## 1) Data Pattern Recognition

### Development velocity & trend
- **Monthly repo throughput (elizaos/eliza, 2026-04-01 → 2026-05-01):**
  - **258 PRs opened / 220 merged** (≈ **85.3% merge rate**)
  - **45 new issues / 142 closed** (net issue burn-down, signaling active maintenance)
  - **47 active contributors**
  - Net code churn (reported): **+40,111 / -10,866 across 566 files**
- **Work profile trend:** heavy **maintenance + dependency modernization** alongside feature delivery (notably LifeOps + auth). This increases integration risk and makes CI stability and release hygiene a critical constraint.

### Community engagement patterns
- Discord engagement clustered around:
  1) **Trust & legitimacy** (lawsuit discussion, response confidence anchored on “code + documentation”)
  2) **Security triage** (scam warnings, bans, “airdrop tags are always scams” guidance)
  3) **Practical build/use questions** (examples directory guidance; unresolved provider-plugin request)

### Feature adoption / ecosystem signals
- **Elisym marketplace integration plugin released** (`@elisym/plugin-elizaos`), with strong engineering signals:
  - **110 tests**, CI on every PR, GitHub Actions provenance
  - Enables agent monetization via Nostr capability cards + encrypted job requests + **SOL payments**
- **v3 narrative traction:** “agents can generate revenue” positioning emerging; community interest likely to convert into higher plugin submissions + support load.

### Pain point correlation across channels
- **Scams ↔ token migration closure ↔ support confusion**:
  - Migration window closure created “urgent support” demand.
  - Scammers exploited that demand with fake tickets/DMs.
- **Infra friction ↔ ecosystem growth**:
  - Registry workflow config (OIDC permissions) blocking PR review/merge directly delays plugin adoption and contributor momentum.

---

## 2) User Experience Intelligence

### Feedback themes (categorized by impact)
**High impact (trust/safety)**
- **Scam/phishing incidents recurring** (airdrop links, impersonation, fake support tickets).
- Users asking “Is there a ticket here?” indicates confusion about official support flows and where to seek help safely.

**High impact (access/account stability)**
- **Silent logout issues** addressed via server-side Steward token refresh (positive), but indicates prior UX pain in auth/session continuity.

**Medium impact (product clarity)**
- Confusion around **ElizaOK vs elizacloud vs token**; clarification provided but business model details deferred.

**Medium impact (developer experience)**
- Users need clearer “how to build examples” on docs site vs repo examples folder.
- Open ask: **MiniMax token plan key integration as provider plugin** remained unresolved (signals missing provider/plugin template or docs gap).

### Usage patterns vs intended design
- Users treat Discord as **primary support desk** during high-stress events (migration, legal news), which increases scam surface area and moderator burden.
- Ecosystem contributors are building monetization and security tooling (Elisym plugin; “plugin for scammers”), suggesting demand for:
  - **official trust/safety primitives** (identity, receipts, allowlists)
  - **marketplace rails** (payments, capability discovery)

### Sentiment (qualitative)
- **Mixed confidence externally**, but **internally confident** messaging on lawsuit (“without merit,” “we have code documentation”).
- Community anxiety spikes correlate with scams and migration lockouts more than with technical product issues.

---

## 3) Strategic Prioritization (impact × risk × dependency)

### Critical path blockers (do now)
1) **Unblock plugin registry CI (PR #346)**
   - Root cause: missing workflow permissions for OIDC (`id-token: write`) or `github_token` configuration.
   - Impact: restores contributor throughput, avoids “false red CI” discouraging ecosystem PRs.
   - Risk: low technical risk; high leverage.

2) **Harden community support surface**
   - Immediate: reduce scam conversion by clarifying official support channels + disabling common scam vectors.
   - Risk: moderate operational overhead; high trust ROI.

### High-impact initiatives (next 1–2 sprints)
1) **Ship ElizaOS v3 revenue capabilities with guardrails**
   - Impact: major adoption driver; aligns with marketplace plugins like Elisym.
   - Key dependency: stable auth/session + clear monetization primitives + safety posture.

2) **Formalize “Provider Plugin” pathway (DX)**
   - Address recurring asks like MiniMax integration with a documented template + acceptance criteria.
   - Lowers repeated support load and accelerates integrations.

3) **Security-by-default for agents interacting with money**
   - Given scam environment + revenue agents, prioritize:
     - identity / provenance hooks
     - receipt logging
     - permission-scoped actions (spend limits, allowlists)
   - Coordinate with existing ecosystem directions (e.g., provenance signing, marketplace job encryption).

### Technical debt vs new features (resource balance)
- Current pace of dependency upgrades is valuable but increases regression risk.
- Recommendation: **timebox dependency churn** and add **release gates** (smoke + auth + key workflows) so feature work (v3, marketplace, provider plugins) doesn’t stall behind CI instability.

---

## Quantitative Watchlist (operational KPIs to track)
- **Registry PR lead time:** median time-to-green CI + time-to-merge (PR #346 is a current outlier due to config).
- **Security incidents/week in Discord:** count of scam reports + bans; track conversion signals (users reporting losses).
- **Auth stability:** silent logout reports after Steward refresh rollout (should trend to zero).
- **Plugin adoption:** new registry entries/week + failed CI rate attributable to infra vs code.

---

## Actionable Recommendations (ordered)

### Within 24 hours
- **Fix `elizaos-plugins/registry` workflow permissions** for OIDC:
  - Ensure workflow/job includes `permissions: id-token: write` (and appropriate `contents` scope) and confirm `github_token` usage in `claude-code-action`.
- **Pin an “Official Support” message** across key channels:
  - “No DMs, no tickets via random bots, no airdrops; only links from official announcements; migration closed.”
- **Add a single authoritative migration-closure FAQ** to reduce repeated questions that scammers exploit.

### Within 72 hours
- **Ship a minimal anti-scam plugin or bot rulepack** (even v0):
  - heuristics: suspicious keyword triggers, brand impersonation detection, link quarantine for new accounts, auto-warn banners.
- **Docs patch:** add “Build examples” quickstart linking directly to `github.com/elizaOS/eliza/tree/v2.0.0/examples` from docs site.

### Next sprint
- **Provider plugin framework + docs** (addresses MiniMax-style requests):
  - standard interface, secret management guidance, test harness, registry checklist.
- **Monetization safety baseline for v3:**
  - recommended receipts/provenance, scoped permissions, and user-visible audit logs for paid jobs.