npm - @elizaos/plugin-elizacloud - Versions diffs - 2.0.0-alpha.7 → 2.0.0-beta.1 - Mend

@elizaos/plugin-elizacloud 2.0.0-alpha.7 → 2.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/LICENSE +21 -0
package/README.md +220 -0
package/auto-enable.ts +17 -0
package/dist/browser/index.browser.js +2 -21
package/dist/browser/index.browser.js.map +5 -37
package/dist/cjs/index.d.ts +2 -2
package/dist/cjs/index.node.cjs +12173 -2271
package/dist/cjs/index.node.js.map +135 -27
package/dist/cloud/auth.d.ts +19 -0
package/dist/cloud/auth.d.ts.map +1 -0
package/dist/cloud/auth.js +330 -0
package/dist/cloud/auth.js.map +12 -0
package/dist/cloud/backup.d.ts +18 -0
package/dist/cloud/backup.d.ts.map +1 -0
package/dist/cloud/backup.js +63 -0
package/dist/cloud/backup.js.map +10 -0
package/dist/cloud/base-url.d.ts +3 -0
package/dist/cloud/base-url.d.ts.map +1 -0
package/dist/cloud/base-url.js +77 -0
package/dist/cloud/base-url.js.map +10 -0
package/dist/cloud/bridge-client.d.ts +126 -0
package/dist/cloud/bridge-client.d.ts.map +1 -0
package/dist/cloud/bridge-client.js +432 -0
package/dist/cloud/bridge-client.js.map +11 -0
package/dist/cloud/cloud-api-key.d.ts +26 -0
package/dist/cloud/cloud-api-key.d.ts.map +1 -0
package/dist/cloud/cloud-api-key.js +60 -0
package/dist/cloud/cloud-api-key.js.map +10 -0
package/dist/cloud/cloud-manager.d.ts +33 -0
package/dist/cloud/cloud-manager.d.ts.map +1 -0
package/dist/cloud/cloud-manager.js +853 -0
package/dist/cloud/cloud-manager.js.map +16 -0
package/dist/cloud/cloud-proxy.d.ts +20 -0
package/dist/cloud/cloud-proxy.d.ts.map +1 -0
package/dist/cloud/cloud-proxy.js +54 -0
package/dist/cloud/cloud-proxy.js.map +10 -0
package/dist/cloud/cloud-wallet.d.ts +94 -0
package/dist/cloud/cloud-wallet.d.ts.map +1 -0
package/dist/cloud/cloud-wallet.js +5195 -0
package/dist/cloud/cloud-wallet.js.map +92 -0
package/dist/cloud/index.d.ts +9 -0
package/dist/cloud/index.d.ts.map +1 -0
package/dist/cloud/index.js +30 -0
package/dist/cloud/index.js.map +9 -0
package/dist/cloud/reconnect.d.ts +26 -0
package/dist/cloud/reconnect.d.ts.map +1 -0
package/dist/cloud/reconnect.js +104 -0
package/dist/cloud/reconnect.js.map +10 -0
package/dist/cloud/validate-url.d.ts +2 -0
package/dist/cloud/validate-url.d.ts.map +1 -0
package/dist/cloud/validate-url.js +174 -0
package/dist/cloud/validate-url.js.map +10 -0
package/dist/cloud-providers/cloud-status.d.ts.map +1 -1
package/dist/cloud-providers/cloud-status.js +78 -0
package/dist/cloud-providers/cloud-status.js.map +10 -0
package/dist/cloud-providers/container-health.d.ts.map +1 -1
package/dist/cloud-providers/container-health.js +74 -0
package/dist/cloud-providers/container-health.js.map +10 -0
package/dist/cloud-providers/credit-balance.d.ts.map +1 -1
package/dist/cloud-providers/credit-balance.js +85 -0
package/dist/cloud-providers/credit-balance.js.map +10 -0
package/dist/cloud-providers/index.d.ts.map +1 -1
package/dist/cloud-providers/index.js +24 -0
package/dist/cloud-providers/index.js.map +9 -0
package/dist/cloud-providers/model-registry.d.ts.map +1 -1
package/dist/cloud-providers/model-registry.js +71 -0
package/dist/cloud-providers/model-registry.js.map +10 -0
package/dist/index.browser.d.ts +4 -2
package/dist/index.browser.d.ts.map +1 -1
package/dist/index.d.ts +18 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +12851 -0
package/dist/index.js.map +145 -0
package/dist/index.node.d.ts +15 -2
package/dist/index.node.d.ts.map +1 -1
package/dist/init.d.ts.map +1 -1
package/dist/init.js +169 -0
package/dist/init.js.map +12 -0
package/dist/lib/cloud-connection.d.ts +78 -0
package/dist/lib/cloud-connection.d.ts.map +1 -0
package/dist/lib/cloud-connection.js +731 -0
package/dist/lib/cloud-connection.js.map +14 -0
package/dist/lib/cloud-secrets.d.ts +23 -0
package/dist/lib/cloud-secrets.d.ts.map +1 -0
package/dist/lib/cloud-secrets.js +64 -0
package/dist/lib/cloud-secrets.js.map +10 -0
package/dist/lib/config-env.d.ts +5 -0
package/dist/lib/config-env.d.ts.map +1 -0
package/dist/lib/config-env.js +191 -0
package/dist/lib/config-env.js.map +11 -0
package/dist/lib/config-like.d.ts +40 -0
package/dist/lib/config-like.d.ts.map +1 -0
package/dist/lib/config-like.js +103 -0
package/dist/lib/config-like.js.map +10 -0
package/dist/lib/credential-type-map.d.ts +53 -0
package/dist/lib/credential-type-map.d.ts.map +1 -0
package/dist/lib/credential-type-map.js +88 -0
package/dist/lib/credential-type-map.js.map +10 -0
package/dist/lib/feature-flags.d.ts +2 -0
package/dist/lib/feature-flags.d.ts.map +1 -0
package/dist/lib/feature-flags.js +40 -0
package/dist/lib/feature-flags.js.map +10 -0
package/dist/lib/http.d.ts +22 -0
package/dist/lib/http.d.ts.map +1 -0
package/dist/lib/http.js +107 -0
package/dist/lib/http.js.map +10 -0
package/dist/lib/server-cloud-tts.d.ts +34 -0
package/dist/lib/server-cloud-tts.d.ts.map +1 -0
package/dist/lib/server-cloud-tts.js +549 -0
package/dist/lib/server-cloud-tts.js.map +13 -0
package/dist/lib/state-paths.d.ts +4 -0
package/dist/lib/state-paths.d.ts.map +1 -0
package/dist/lib/state-paths.js +52 -0
package/dist/lib/state-paths.js.map +10 -0
package/dist/lib/tts-debug.d.ts +4 -0
package/dist/lib/tts-debug.d.ts.map +1 -0
package/dist/lib/tts-debug.js +57 -0
package/dist/lib/tts-debug.js.map +10 -0
package/dist/models/embeddings.d.ts.map +1 -1
package/dist/models/embeddings.js +319 -0
package/dist/models/embeddings.js.map +13 -0
package/dist/models/image.d.ts.map +1 -1
package/dist/models/image.js +374 -0
package/dist/models/image.js.map +14 -0
package/dist/models/index.d.ts +1 -2
package/dist/models/index.d.ts.map +1 -1
package/dist/models/index.js +1386 -0
package/dist/models/index.js.map +20 -0
package/dist/models/research.d.ts.map +1 -1
package/dist/models/research.js +324 -0
package/dist/models/research.js.map +13 -0
package/dist/models/speech.d.ts.map +1 -1
package/dist/models/speech.js +273 -0
package/dist/models/speech.js.map +13 -0
package/dist/models/text.d.ts +5 -2
package/dist/models/text.d.ts.map +1 -1
package/dist/models/text.js +803 -0
package/dist/models/text.js.map +15 -0
package/dist/models/tokenization.d.ts.map +1 -1
package/dist/models/tokenization.js +65 -0
package/dist/models/tokenization.js.map +10 -0
package/dist/models/transcription.d.ts.map +1 -1
package/dist/models/transcription.js +283 -0
package/dist/models/transcription.js.map +13 -0
package/dist/node/index.d.ts +2 -2
package/dist/node/index.node.js +12171 -2266
package/dist/node/index.node.js.map +135 -27
package/dist/onboarding.d.ts +35 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +883 -0
package/dist/onboarding.js.map +14 -0
package/dist/plugin.d.ts +20 -0
package/dist/plugin.d.ts.map +1 -0
package/dist/plugin.js +7611 -0
package/dist/plugin.js.map +104 -0
package/dist/providers/openai.d.ts.map +1 -1
package/dist/providers/openai.js +127 -0
package/dist/providers/openai.js.map +11 -0
package/dist/register-routes.d.ts +2 -0
package/dist/register-routes.d.ts.map +1 -0
package/dist/register-routes.js +7612 -0
package/dist/register-routes.js.map +105 -0
package/dist/routes/cloud-billing-routes.d.ts +9 -0
package/dist/routes/cloud-billing-routes.d.ts.map +1 -0
package/dist/routes/cloud-billing-routes.js +807 -0
package/dist/routes/cloud-billing-routes.js.map +14 -0
package/dist/routes/cloud-compat-routes.d.ts +10 -0
package/dist/routes/cloud-compat-routes.d.ts.map +1 -0
package/dist/routes/cloud-compat-routes.js +538 -0
package/dist/routes/cloud-compat-routes.js.map +14 -0
package/dist/routes/cloud-features-routes.d.ts +9 -0
package/dist/routes/cloud-features-routes.d.ts.map +1 -0
package/dist/routes/cloud-features-routes.js +124 -0
package/dist/routes/cloud-features-routes.js.map +11 -0
package/dist/routes/cloud-provisioning.d.ts +14 -0
package/dist/routes/cloud-provisioning.d.ts.map +1 -0
package/dist/routes/cloud-provisioning.js +37 -0
package/dist/routes/cloud-provisioning.js.map +10 -0
package/dist/routes/cloud-relay-routes.d.ts +22 -0
package/dist/routes/cloud-relay-routes.d.ts.map +1 -0
package/dist/routes/cloud-relay-routes.js +60 -0
package/dist/routes/cloud-relay-routes.js.map +10 -0
package/dist/routes/cloud-routes-autonomous.d.ts +83 -0
package/dist/routes/cloud-routes-autonomous.d.ts.map +1 -0
package/dist/routes/cloud-routes-autonomous.js +6134 -0
package/dist/routes/cloud-routes-autonomous.js.map +97 -0
package/dist/routes/cloud-routes.d.ts +35 -0
package/dist/routes/cloud-routes.d.ts.map +1 -0
package/dist/routes/cloud-routes.js +6888 -0
package/dist/routes/cloud-routes.js.map +100 -0
package/dist/routes/cloud-status-routes-autonomous.d.ts +15 -0
package/dist/routes/cloud-status-routes-autonomous.d.ts.map +1 -0
package/dist/routes/cloud-status-routes-autonomous.js +396 -0
package/dist/routes/cloud-status-routes-autonomous.js.map +13 -0
package/dist/routes/cloud-status-routes.d.ts +4 -0
package/dist/routes/cloud-status-routes.d.ts.map +1 -0
package/dist/routes/cloud-status-routes.js +771 -0
package/dist/routes/cloud-status-routes.js.map +15 -0
package/dist/services/cloud-auth.d.ts +140 -5
package/dist/services/cloud-auth.d.ts.map +1 -1
package/dist/services/cloud-auth.js +363 -0
package/dist/services/cloud-auth.js.map +12 -0
package/dist/services/cloud-backup.d.ts.map +1 -1
package/dist/services/cloud-backup.js +176 -0
package/dist/services/cloud-backup.js.map +11 -0
package/dist/services/cloud-bootstrap.d.ts +38 -0
package/dist/services/cloud-bootstrap.d.ts.map +1 -0
package/dist/services/cloud-bootstrap.js +84 -0
package/dist/services/cloud-bootstrap.js.map +10 -0
package/dist/services/cloud-bridge.d.ts +1 -1
package/dist/services/cloud-bridge.d.ts.map +1 -1
package/dist/services/cloud-bridge.js +308 -0
package/dist/services/cloud-bridge.js.map +11 -0
package/dist/services/cloud-container.d.ts.map +1 -1
package/dist/services/cloud-container.js +241 -0
package/dist/services/cloud-container.js.map +11 -0
package/dist/services/cloud-credential-provider.d.ts +55 -0
package/dist/services/cloud-credential-provider.d.ts.map +1 -0
package/dist/services/cloud-credential-provider.js +190 -0
package/dist/services/cloud-credential-provider.js.map +11 -0
package/dist/services/cloud-managed-gateway-relay.d.ts +38 -0
package/dist/services/cloud-managed-gateway-relay.d.ts.map +1 -0
package/dist/services/cloud-managed-gateway-relay.js +479 -0
package/dist/services/cloud-managed-gateway-relay.js.map +10 -0
package/dist/services/cloud-model-registry.d.ts.map +1 -1
package/dist/services/cloud-model-registry.js +175 -0
package/dist/services/cloud-model-registry.js.map +10 -0
package/dist/services/index.d.ts +3 -1
package/dist/services/index.d.ts.map +1 -1
package/dist/services/index.js +29 -0
package/dist/services/index.js.map +9 -0
package/dist/types/cloud.d.ts +41 -19
package/dist/types/cloud.d.ts.map +1 -1
package/dist/types/cloud.js +52 -0
package/dist/types/cloud.js.map +10 -0
package/dist/types/index.d.ts +1 -1
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +24 -0
package/dist/types/index.js.map +9 -0
package/dist/utils/cloud-api.d.ts +2 -27
package/dist/utils/cloud-api.d.ts.map +1 -1
package/dist/utils/cloud-api.js +33 -0
package/dist/utils/cloud-api.js.map +10 -0
package/dist/utils/cloud-sdk/client.d.ts +133 -0
package/dist/utils/cloud-sdk/client.d.ts.map +1 -0
package/dist/utils/cloud-sdk/client.js +3561 -0
package/dist/utils/cloud-sdk/client.js.map +13 -0
package/dist/utils/cloud-sdk/http.d.ts +37 -0
package/dist/utils/cloud-sdk/http.d.ts.map +1 -0
package/dist/utils/cloud-sdk/http.js +237 -0
package/dist/utils/cloud-sdk/http.js.map +11 -0
package/dist/utils/cloud-sdk/index.d.ts +6 -0
package/dist/utils/cloud-sdk/index.d.ts.map +1 -0
package/dist/utils/cloud-sdk/index.js +29 -0
package/dist/utils/cloud-sdk/index.js.map +9 -0
package/dist/utils/cloud-sdk/public-routes.d.ts +5377 -0
package/dist/utils/cloud-sdk/public-routes.d.ts.map +1 -0
package/dist/utils/cloud-sdk/public-routes.js +2950 -0
package/dist/utils/cloud-sdk/public-routes.js.map +10 -0
package/dist/utils/cloud-sdk/types.cloud-api.d.ts +101 -0
package/dist/utils/cloud-sdk/types.cloud-api.d.ts.map +1 -0
package/dist/utils/cloud-sdk/types.cloud-api.js +2 -0
package/dist/utils/cloud-sdk/types.cloud-api.js.map +9 -0
package/dist/utils/cloud-sdk/types.d.ts +655 -0
package/dist/utils/cloud-sdk/types.d.ts.map +1 -0
package/dist/utils/cloud-sdk/types.js +29 -0
package/dist/utils/cloud-sdk/types.js.map +10 -0
package/dist/utils/config.d.ts +7 -3
package/dist/utils/config.d.ts.map +1 -1
package/dist/utils/config.js +137 -0
package/dist/utils/config.js.map +10 -0
package/dist/utils/events.d.ts.map +1 -1
package/dist/utils/events.js +43 -0
package/dist/utils/events.js.map +10 -0
package/dist/utils/helpers.d.ts.map +1 -1
package/dist/utils/helpers.js +103 -0
package/dist/utils/helpers.js.map +10 -0
package/dist/utils/responses-output.d.ts +13 -0
package/dist/utils/responses-output.d.ts.map +1 -0
package/dist/utils/responses-output.js +102 -0
package/dist/utils/responses-output.js.map +10 -0
package/dist/utils/sdk-client.d.ts +5 -0
package/dist/utils/sdk-client.d.ts.map +1 -0
package/dist/utils/sdk-client.js +144 -0
package/dist/utils/sdk-client.js.map +11 -0
package/package.json +108 -19
package/src/cloud/auth.ts +175 -0
package/src/cloud/backup.ts +46 -0
package/src/cloud/base-url.ts +62 -0
package/src/cloud/bridge-client.ts +602 -0
package/src/cloud/cloud-api-key.ts +80 -0
package/src/cloud/cloud-manager.ts +163 -0
package/src/cloud/cloud-proxy.ts +52 -0
package/src/cloud/cloud-wallet.ts +341 -0
package/src/cloud/index.ts +28 -0
package/src/cloud/reconnect.ts +111 -0
package/src/cloud/validate-url.ts +181 -0
package/src/cloud-providers/cloud-status.ts +75 -0
package/src/cloud-providers/container-health.ts +68 -0
package/src/cloud-providers/credit-balance.ts +70 -0
package/src/cloud-providers/index.ts +3 -0
package/src/cloud-providers/model-registry.ts +74 -0
package/src/index.browser.ts +10 -0
package/src/index.node.ts +39 -0
package/src/index.ts +347 -0
package/src/init.ts +39 -0
package/src/lib/cloud-connection.ts +663 -0
package/src/lib/cloud-secrets.ts +58 -0
package/src/lib/config-env.ts +168 -0
package/src/lib/config-like.ts +149 -0
package/src/lib/credential-type-map.ts +130 -0
package/src/lib/feature-flags.ts +26 -0
package/src/lib/http.ts +139 -0
package/src/lib/server-cloud-tts.ts +609 -0
package/src/lib/state-paths.ts +28 -0
package/src/lib/tts-debug.ts +34 -0
package/src/models/embeddings.ts +234 -0
package/src/models/image.ts +219 -0
package/src/models/index.ts +16 -0
package/src/models/research.ts +265 -0
package/src/models/speech.ts +78 -0
package/src/models/text.ts +899 -0
package/src/models/tokenization.ts +67 -0
package/src/models/transcription.ts +97 -0
package/src/onboarding.ts +396 -0
package/src/plugin.ts +243 -0
package/src/providers/openai.ts +16 -0
package/src/register-routes.ts +6 -0
package/src/routes/cloud-billing-routes.ts +754 -0
package/src/routes/cloud-compat-routes.ts +314 -0
package/src/routes/cloud-features-routes.ts +57 -0
package/src/routes/cloud-provisioning.ts +37 -0
package/src/routes/cloud-relay-routes.ts +89 -0
package/src/routes/cloud-routes-autonomous.ts +996 -0
package/src/routes/cloud-routes.ts +576 -0
package/src/routes/cloud-status-routes-autonomous.ts +234 -0
package/src/routes/cloud-status-routes.ts +73 -0
package/src/services/cloud-auth.ts +567 -0
package/src/services/cloud-backup.ts +208 -0
package/src/services/cloud-bootstrap.ts +108 -0
package/src/services/cloud-bridge.ts +386 -0
package/src/services/cloud-container.ts +297 -0
package/src/services/cloud-credential-provider.ts +210 -0
package/src/services/cloud-managed-gateway-relay.ts +663 -0
package/src/services/cloud-model-registry.ts +202 -0
package/src/services/index.ts +17 -0
package/{types → src/types}/cloud.ts +52 -29
package/{types → src/types}/index.ts +6 -0
package/src/utils/cloud-api.ts +10 -0
package/src/utils/cloud-sdk/client.ts +735 -0
package/src/utils/cloud-sdk/http.ts +291 -0
package/src/utils/cloud-sdk/index.ts +23 -0
package/src/utils/cloud-sdk/public-routes.ts +5070 -0
package/src/utils/cloud-sdk/types.cloud-api.ts +120 -0
package/src/utils/cloud-sdk/types.ts +762 -0
package/src/utils/config.ts +174 -0
package/src/utils/events.ts +37 -0
package/src/utils/helpers.ts +107 -0
package/src/utils/responses-output.ts +115 -0
package/src/utils/sdk-client.ts +37 -0
package/dist/actions/check-credits.d.ts +0 -6
package/dist/actions/check-credits.d.ts.map +0 -1
package/dist/actions/freeze-agent.d.ts +0 -9
package/dist/actions/freeze-agent.d.ts.map +0 -1
package/dist/actions/index.d.ts +0 -5
package/dist/actions/index.d.ts.map +0 -1
package/dist/actions/provision-agent.d.ts +0 -8
package/dist/actions/provision-agent.d.ts.map +0 -1
package/dist/actions/resume-agent.d.ts +0 -9
package/dist/actions/resume-agent.d.ts.map +0 -1
package/dist/build.d.ts +0 -3
package/dist/build.d.ts.map +0 -1
package/dist/generated/specs/specs.d.ts +0 -55
package/dist/generated/specs/specs.d.ts.map +0 -1
package/dist/models/object.d.ts +0 -4
package/dist/models/object.d.ts.map +0 -1
package/dist/utils/forwarded-settings.d.ts +0 -8
package/dist/utils/forwarded-settings.d.ts.map +0 -1

package/src/lib/cloud-connection.ts ADDED Viewed

@@ -0,0 +1,663 @@
+import {
+  isCloudInferenceSelectedInConfig,
+  isElizaSettingsDebugEnabled,
+  migrateLegacyRuntimeConfig,
+  settingsDebugCloudSummary,
+} from "@elizaos/core";
+import { resolveCloudApiBaseUrl as resolveCanonicalCloudApiBaseUrl } from "../cloud/base-url.js";
+import { validateCloudBaseUrl } from "../cloud/validate-url.js";
+import type { AgentRuntime } from "@elizaos/core";
+import { logger } from "@elizaos/core";
+import {
+  applyCanonicalOnboardingConfig,
+  type ElizaConfig,
+  normalizeEnvValue,
+} from "./config-like";
+import {
+  clearCloudSecrets,
+  getCloudSecret,
+  scrubCloudSecretsFromEnv,
+} from "./cloud-secrets";
+const DEFAULT_CLOUD_API_BASE_URL = "https://www.elizacloud.ai/api/v1";
+export const CLOUD_BILLING_URL =
+  "https://www.elizacloud.ai/dashboard/settings?tab=billing";
+const CLOUD_ENV_KEYS = [
+  "ELIZAOS_CLOUD_API_KEY",
+  "ELIZAOS_CLOUD_ENABLED",
+  "ELIZAOS_CLOUD_BASE_URL",
+  "ELIZAOS_CLOUD_NANO_MODEL",
+  "ELIZAOS_CLOUD_MEDIUM_MODEL",
+  "ELIZAOS_CLOUD_SMALL_MODEL",
+  "ELIZAOS_CLOUD_LARGE_MODEL",
+  "ELIZAOS_CLOUD_MEGA_MODEL",
+  "ELIZAOS_CLOUD_RESPONSE_HANDLER_MODEL",
+  "ELIZAOS_CLOUD_SHOULD_RESPOND_MODEL",
+  "ELIZAOS_CLOUD_ACTION_PLANNER_MODEL",
+  "ELIZAOS_CLOUD_PLANNER_MODEL",
+  "ELIZAOS_CLOUD_USE_INFERENCE",
+  "ELIZAOS_CLOUD_USE_TTS",
+  "ELIZAOS_CLOUD_USE_MEDIA",
+  "ELIZAOS_CLOUD_USE_EMBEDDINGS",
+  "ELIZAOS_CLOUD_USE_RPC",
+] as const;
+const CLOUD_RUNTIME_SECRET_KEYS = [
+  "ELIZAOS_CLOUD_API_KEY",
+  "ELIZAOS_CLOUD_ENABLED",
+  "ELIZAOS_CLOUD_BASE_URL",
+  "ELIZAOS_CLOUD_NANO_MODEL",
+  "ELIZAOS_CLOUD_MEDIUM_MODEL",
+  "ELIZAOS_CLOUD_SMALL_MODEL",
+  "ELIZAOS_CLOUD_LARGE_MODEL",
+  "ELIZAOS_CLOUD_MEGA_MODEL",
+  "ELIZAOS_CLOUD_RESPONSE_HANDLER_MODEL",
+  "ELIZAOS_CLOUD_SHOULD_RESPOND_MODEL",
+  "ELIZAOS_CLOUD_ACTION_PLANNER_MODEL",
+  "ELIZAOS_CLOUD_PLANNER_MODEL",
+  "ELIZA_CLOUD_AUTH_TOKEN",
+  "ELIZA_CLOUD_USER_ID",
+  "ELIZA_CLOUD_ORGANIZATION_ID",
+] as const;
+const CLOUD_RUNTIME_SETTING_KEYS = [
+  "ELIZA_CLOUD_AUTH_TOKEN",
+  "ELIZA_CLOUD_USER_ID",
+  "ELIZA_CLOUD_ORGANIZATION_ID",
+] as const;
+const CLOUD_AUTH_CLEAR_METHODS = [
+  "disconnect",
+  "logout",
+  "signOut",
+  "signout",
+  "clearSession",
+  "clearAuth",
+  "resetAuth",
+  "reset",
+] as const;
+type CloudClientLike = {
+  get?: (path: string) => Promise<unknown>;
+};
+export type CloudAuthLike = {
+  authenticateWithApiKey?: (input: {
+    apiKey: string;
+    organizationId?: string;
+    userId?: string;
+  }) => unknown;
+  isAuthenticated?: () => boolean;
+  getUserId?: () => string | undefined;
+  getOrganizationId?: () => string | undefined;
+  getClient?: () => CloudClientLike | null;
+} & Partial<
+  Record<
+    (typeof CLOUD_AUTH_CLEAR_METHODS)[number],
+    (() => Promise<unknown>) | (() => unknown)
+  >
+>;
+export type RuntimeCloudLike = AgentRuntime & {
+  agentId: string;
+  character: {
+    secrets?: Record<string, string | number | boolean>;
+    settings?: Record<string, unknown>;
+  };
+  updateAgent?: (
+    agentId: string,
+    update: { secrets: Record<string, string | number | boolean> },
+  ) => Promise<unknown>;
+  setSetting?: (key: string, value: string | null) => unknown;
+  getService?: (name: string) => unknown;
+};
+type CloudManagerLike = {
+  disconnect?: () => Promise<void>;
+} | null;
+export type CloudConnectionSnapshot = {
+  apiKey: string | undefined;
+  authConnected: boolean;
+  cloudAuth: CloudAuthLike | null;
+  connected: boolean;
+  enabled: boolean;
+  hasApiKey: boolean;
+  organizationId: string | undefined;
+  userId: string | undefined;
+};
+type CloudCreditsResponse = {
+  balance: number | null;
+  connected: boolean;
+  authRejected?: boolean;
+  critical?: boolean;
+  error?: string;
+  low?: boolean;
+  topUpUrl?: string;
+};
+/** Thrown when the credits endpoint returns 401 — same credential path as chat completions. */
+export class CloudCreditsAuthRejectedError extends Error {
+  override readonly name = "CloudCreditsAuthRejectedError";
+  constructor(message = "Eliza Cloud API key was rejected") {
+    super(message);
+  }
+}
+function cloudCreditsHttpErrorMessage(
+  status: number,
+  creditResponse: { error?: unknown },
+): string {
+  const err = creditResponse.error;
+  if (typeof err === "string" && err.trim()) {
+    return err.trim();
+  }
+  if (err && typeof err === "object" && "message" in err) {
+    const msg = (err as { message?: unknown }).message;
+    if (typeof msg === "string" && msg.trim()) {
+      return msg.trim();
+    }
+  }
+  return `HTTP ${status}`;
+}
+function asRuntimeCloud(runtime: AgentRuntime | null): RuntimeCloudLike | null {
+  return runtime as RuntimeCloudLike | null;
+}
+export function getCloudAuth(
+  runtime: AgentRuntime | null,
+): CloudAuthLike | null {
+  const runtimeWithServices = asRuntimeCloud(runtime);
+  if (typeof runtimeWithServices?.getService !== "function") {
+    return null;
+  }
+  const service = runtimeWithServices.getService("CLOUD_AUTH");
+  return service && typeof service === "object"
+    ? (service as CloudAuthLike)
+    : null;
+}
+function resolvePersistedCloudIdentity(runtime: AgentRuntime | null): {
+  organizationId: string | undefined;
+  userId: string | undefined;
+} {
+  const runtimeWithCloud = asRuntimeCloud(runtime);
+  return {
+    organizationId:
+      normalizeEnvValue(
+        runtimeWithCloud?.getSetting?.("ELIZA_CLOUD_ORGANIZATION_ID") as
+          | string
+          | undefined,
+      ) ??
+      normalizeEnvValue(
+        runtimeWithCloud?.character?.secrets?.ELIZA_CLOUD_ORGANIZATION_ID as
+          | string
+          | undefined,
+      ),
+    userId:
+      normalizeEnvValue(
+        runtimeWithCloud?.getSetting?.("ELIZA_CLOUD_USER_ID") as
+          | string
+          | undefined,
+      ) ??
+      normalizeEnvValue(
+        runtimeWithCloud?.character?.secrets?.ELIZA_CLOUD_USER_ID as
+          | string
+          | undefined,
+      ),
+  };
+}
+export function resolveCloudApiBaseUrl(rawBaseUrl?: string): string {
+  return (
+    resolveCanonicalCloudApiBaseUrl(rawBaseUrl ?? DEFAULT_CLOUD_API_BASE_URL) ??
+    DEFAULT_CLOUD_API_BASE_URL
+  );
+}
+export function resolveCloudApiKey(
+  config: Pick<ElizaConfig, "cloud"> | Record<string, unknown>,
+  runtime?: {
+    character?: { secrets?: Record<string, unknown> };
+    getSetting?: (key: string) => unknown;
+  } | null,
+): string | undefined {
+  migrateLegacyRuntimeConfig(config as Record<string, unknown>);
+  // 1. Config file (disk)
+  const configApiKey = normalizeEnvValue(
+    (config as { cloud?: { apiKey?: string } }).cloud?.apiKey,
+  );
+  if (configApiKey) return configApiKey;
+  if (!isCloudInferenceSelectedInConfig(config as Record<string, unknown>)) {
+    // A linked cloud account is represented by the persisted disk key above.
+    // Do not resurrect cloud from sealed/env/runtime fallbacks when the
+    // canonical connection is local, remote, or unset.
+    return undefined;
+  }
+  // 2. Sealed in-process secret store
+  const sealedKey = normalizeEnvValue(getCloudSecret("ELIZAOS_CLOUD_API_KEY"));
+  if (sealedKey) return sealedKey;
+  // 3. Process environment (may not be scrubbed yet)
+  const envKey = normalizeEnvValue(process.env.ELIZAOS_CLOUD_API_KEY);
+  if (envKey) return envKey;
+  // 4. Runtime settings (persisted in database, survives restarts)
+  const runtimeSettingKey = normalizeEnvValue(
+    runtime?.getSetting?.("ELIZAOS_CLOUD_API_KEY") as string | undefined,
+  );
+  if (runtimeSettingKey) return runtimeSettingKey;
+  // 5. Runtime character secrets (persisted in database, survives restarts)
+  const runtimeKey = normalizeEnvValue(
+    runtime?.character?.secrets?.ELIZAOS_CLOUD_API_KEY as string | undefined,
+  );
+  if (runtimeKey) return runtimeKey;
+  return undefined;
+}
+export function resolveCloudConnectionSnapshot(
+  config: Partial<ElizaConfig>,
+  runtime: AgentRuntime | null,
+): CloudConnectionSnapshot {
+  migrateLegacyRuntimeConfig(config as Record<string, unknown>);
+  const _cloudRecord =
+    config.cloud && typeof config.cloud === "object"
+      ? (config.cloud as Record<string, unknown>)
+      : undefined;
+  const enabled = isCloudInferenceSelectedInConfig(
+    config as Record<string, unknown>,
+  );
+  const apiKey = resolveCloudApiKey(config, runtime);
+  const cloudAuth = getCloudAuth(runtime);
+  const authConnected = Boolean(cloudAuth?.isAuthenticated?.());
+  const hasApiKey = Boolean(apiKey);
+  const persistedIdentity = resolvePersistedCloudIdentity(runtime);
+  const shouldExposeIdentity = authConnected || hasApiKey;
+  return {
+    apiKey,
+    authConnected,
+    cloudAuth,
+    connected: authConnected || hasApiKey,
+    enabled,
+    hasApiKey,
+    organizationId: shouldExposeIdentity
+      ? (normalizeEnvValue(cloudAuth?.getOrganizationId?.()) ??
+        persistedIdentity.organizationId)
+      : undefined,
+    userId: shouldExposeIdentity
+      ? (normalizeEnvValue(cloudAuth?.getUserId?.()) ??
+        persistedIdentity.userId)
+      : undefined,
+  };
+}
+/**
+ * Coerce an Eliza Cloud `balance` field into a number. The cloud API
+ * returns `balance` as `string | number` (per the Bridge client + config
+ * type definitions) — string when the upstream is using a fixed-precision
+ * decimal, number when it's been arithmetic'd. Treat both as the same
+ * dollar amount; reject anything else as an unexpected response.
+ */
+function coerceCloudBalance(value: unknown): number | null {
+  if (typeof value === "number" && Number.isFinite(value)) {
+    return value;
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!trimmed) return null;
+    const parsed = Number.parseFloat(trimmed);
+    return Number.isFinite(parsed) ? parsed : null;
+  }
+  return null;
+}
+async function fetchCloudCreditsByApiKey(
+  baseUrl: string,
+  apiKey: string,
+): Promise<number | null> {
+  const response = await fetch(`${baseUrl}/credits/balance`, {
+    headers: {
+      Accept: "application/json",
+      Authorization: `Bearer ${apiKey}`,
+    },
+    redirect: "manual",
+    signal: AbortSignal.timeout(10_000),
+  });
+  if (response.status >= 300 && response.status < 400) {
+    throw new Error(
+      "Cloud credits request was redirected; redirects are not allowed",
+    );
+  }
+  const creditResponse = (await response.json().catch((err: unknown) => {
+    console.warn(
+      "[cloud-connection] Failed to parse credit balance response JSON:",
+      err,
+    );
+    return {};
+  })) as {
+    balance?: unknown;
+    data?: { balance?: unknown };
+    error?: unknown;
+  };
+  if (response.status === 401) {
+    throw new CloudCreditsAuthRejectedError(
+      cloudCreditsHttpErrorMessage(401, creditResponse),
+    );
+  }
+  if (!response.ok) {
+    throw new Error(
+      cloudCreditsHttpErrorMessage(response.status, creditResponse),
+    );
+  }
+  const balance =
+    coerceCloudBalance(creditResponse.balance) ??
+    coerceCloudBalance(creditResponse.data?.balance);
+  return balance;
+}
+/** Configurable credit thresholds. Override via env vars if defaults don't fit. */
+const CREDIT_LOW_THRESHOLD = Number(
+  process.env.ELIZA_CREDIT_LOW_THRESHOLD ?? "2.0",
+);
+const CREDIT_CRITICAL_THRESHOLD = Number(
+  process.env.ELIZA_CREDIT_CRITICAL_THRESHOLD ?? "0.5",
+);
+function withCreditFlags(balance: number): CloudCreditsResponse {
+  return {
+    connected: true,
+    balance,
+    low: balance < CREDIT_LOW_THRESHOLD,
+    critical: balance < CREDIT_CRITICAL_THRESHOLD,
+    topUpUrl: CLOUD_BILLING_URL,
+  };
+}
+export async function fetchCloudCredits(
+  config: Partial<ElizaConfig>,
+  runtime: AgentRuntime | null,
+): Promise<CloudCreditsResponse> {
+  const snapshot = resolveCloudConnectionSnapshot(config, runtime);
+  let authenticatedFailure: string | null = null;
+  let authenticatedUnexpectedResponse = false;
+  if (!snapshot.connected) {
+    return { balance: null, connected: false };
+  }
+  const cloudClient = snapshot.cloudAuth?.getClient?.();
+  if (snapshot.authConnected && typeof cloudClient?.get === "function") {
+    try {
+      const creditResponse = (await cloudClient.get("/credits/balance")) as {
+        balance?: unknown;
+        data?: { balance?: unknown };
+      };
+      const rawBalance =
+        coerceCloudBalance(creditResponse?.balance) ??
+        coerceCloudBalance(creditResponse?.data?.balance);
+      if (typeof rawBalance === "number") {
+        return withCreditFlags(rawBalance);
+      }
+      authenticatedUnexpectedResponse = true;
+      logger.debug(
+        `[cloud/credits] Unexpected authenticated response shape: ${JSON.stringify(creditResponse)}`,
+      );
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : "cloud API unreachable";
+      authenticatedFailure = msg;
+      logger.debug(
+        `[cloud/credits] Authenticated balance fetch failed: ${msg}`,
+      );
+    }
+  }
+  if (!snapshot.apiKey) {
+    return {
+      balance: null,
+      connected: snapshot.connected,
+      error:
+        authenticatedFailure ??
+        (authenticatedUnexpectedResponse
+          ? "unexpected response"
+          : "missing cloud api key"),
+    };
+  }
+  const resolvedBaseUrl = resolveCloudApiBaseUrl(config.cloud?.baseUrl);
+  const baseUrlRejection = await validateCloudBaseUrl(resolvedBaseUrl);
+  if (baseUrlRejection) {
+    return {
+      balance: null,
+      connected: true,
+      error: baseUrlRejection,
+    };
+  }
+  try {
+    const balance = await fetchCloudCreditsByApiKey(
+      resolvedBaseUrl,
+      snapshot.apiKey,
+    );
+    if (typeof balance !== "number") {
+      return {
+        balance: null,
+        connected: true,
+        error: "unexpected response",
+      };
+    }
+    return withCreditFlags(balance);
+  } catch (err) {
+    if (err instanceof CloudCreditsAuthRejectedError) {
+      logger.debug(`[cloud/credits] API key rejected: ${err.message}`);
+      return {
+        balance: null,
+        connected: true,
+        authRejected: true,
+        error: err.message,
+        topUpUrl: CLOUD_BILLING_URL,
+      };
+    }
+    const msg = err instanceof Error ? err.message : "cloud API unreachable";
+    logger.debug(`[cloud/credits] Failed to fetch balance via API key: ${msg}`);
+    return {
+      balance: null,
+      connected: true,
+      error: msg,
+    };
+  }
+}
+export async function clearCloudAuthService(
+  cloudAuth: CloudAuthLike | null,
+): Promise<void> {
+  if (!cloudAuth) {
+    return;
+  }
+  const seen = new Set<(...args: never[]) => unknown>();
+  for (const methodName of CLOUD_AUTH_CLEAR_METHODS) {
+    const method = cloudAuth[methodName];
+    if (typeof method !== "function" || seen.has(method)) {
+      continue;
+    }
+    seen.add(method);
+    try {
+      await method.call(cloudAuth);
+      // First successful clear method is sufficient — stop trying remaining ones.
+      break;
+    } catch (err) {
+      logger.warn(
+        `[cloud/disconnect] Failed to invoke CLOUD_AUTH.${methodName}: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+  }
+}
+function clearCloudEnv(): void {
+  for (const key of CLOUD_ENV_KEYS) {
+    delete process.env[key];
+  }
+  clearCloudSecrets();
+  scrubCloudSecretsFromEnv();
+}
+async function clearRuntimeCloudState(
+  runtime: AgentRuntime | null,
+): Promise<void> {
+  const runtimeWithCloud = asRuntimeCloud(runtime);
+  if (!runtimeWithCloud) {
+    return;
+  }
+  const existingSecrets = runtimeWithCloud.character.secrets ?? {};
+  const nextSecrets = { ...existingSecrets };
+  for (const key of CLOUD_RUNTIME_SECRET_KEYS) {
+    delete nextSecrets[key];
+  }
+  runtimeWithCloud.character.secrets = nextSecrets;
+  if (
+    runtimeWithCloud.character.settings &&
+    typeof runtimeWithCloud.character.settings === "object"
+  ) {
+    for (const key of CLOUD_RUNTIME_SETTING_KEYS) {
+      delete runtimeWithCloud.character.settings[key];
+    }
+  }
+  if (typeof runtimeWithCloud.setSetting === "function") {
+    for (const key of CLOUD_RUNTIME_SETTING_KEYS) {
+      try {
+        runtimeWithCloud.setSetting(key, null);
+      } catch (err) {
+        logger.warn(
+          `[cloud/disconnect] Failed to clear runtime setting ${key}: ${
+            err instanceof Error ? err.message : String(err)
+          }`,
+        );
+      }
+    }
+  }
+  if (typeof runtimeWithCloud.updateAgent === "function") {
+    try {
+      await runtimeWithCloud.updateAgent(runtimeWithCloud.agentId, {
+        secrets: { ...nextSecrets },
+      });
+    } catch (err) {
+      logger.warn(
+        `[cloud/disconnect] Failed to clear cloud secrets from agent DB: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+  }
+}
+export async function disconnectCloudConnection(args: {
+  cloudManager?: CloudManagerLike;
+  config: Partial<ElizaConfig>;
+  runtime: AgentRuntime | null;
+  saveConfig?: (config: Partial<ElizaConfig>) => void;
+}): Promise<void> {
+  const { cloudManager = null, config, runtime, saveConfig } = args;
+  if (isElizaSettingsDebugEnabled()) {
+    const c = config.cloud as Record<string, unknown> | undefined;
+    logger.debug(
+      `[eliza][settings][cloud] disconnectCloudConnection start cloud=${JSON.stringify(settingsDebugCloudSummary(c))}`,
+    );
+  }
+  if (typeof cloudManager?.disconnect === "function") {
+    try {
+      await cloudManager.disconnect();
+    } catch (err) {
+      logger.warn(
+        `[cloud/disconnect] Failed to disconnect cloud manager: ${
+          err instanceof Error ? err.message : String(err)
+        }`,
+      );
+    }
+  }
+  await clearCloudAuthService(getCloudAuth(runtime));
+  const nextCloud = { ...(config.cloud ?? {}) };
+  delete nextCloud.apiKey;
+  config.cloud = nextCloud;
+  applyCanonicalOnboardingConfig(config as ElizaConfig, {
+    deploymentTarget: { runtime: "local" },
+    linkedAccounts: {
+      elizacloud: {
+        status: "unlinked",
+        source: "api-key",
+      },
+    },
+    clearRoutes: ["llmText", "tts", "media", "embeddings", "rpc"],
+  });
+  migrateLegacyRuntimeConfig(config as Record<string, unknown>);
+  try {
+    saveConfig?.(config);
+    if (isElizaSettingsDebugEnabled()) {
+      const c = config.cloud as Record<string, unknown> | undefined;
+      logger.debug(
+        `[eliza][settings][cloud] disconnectCloudConnection saveConfig OK cloud=${JSON.stringify(settingsDebugCloudSummary(c))}`,
+      );
+    }
+  } catch (err) {
+    logger.warn(
+      `[cloud/disconnect] Failed to save cloud disconnect state: ${
+        err instanceof Error ? err.message : String(err)
+      }`,
+    );
+  }
+  clearCloudEnv();
+  await clearRuntimeCloudState(runtime);
+  if (isElizaSettingsDebugEnabled()) {
+    logger.debug(
+      "[eliza][settings][cloud] disconnectCloudConnection done (env cleared + runtime cloud state cleared)",
+    );
+  }
+}
+export const disconnectUnifiedCloudConnection = disconnectCloudConnection;
+/** Matches `reason` from GET /api/cloud/status when connected via API key without CLOUD_AUTH. */
+const CLOUD_STATUS_API_KEY_ONLY_REASONS: ReadonlySet<string> = new Set([
+  "api_key_present_not_authenticated",
+  "api_key_present_runtime_not_started",
+]);
+export function isCloudStatusReasonApiKeyOnly(
+  reason: string | null | undefined,
+): boolean {
+  return (
+    typeof reason === "string" && CLOUD_STATUS_API_KEY_ONLY_REASONS.has(reason)
+  );
+}

package/src/lib/cloud-secrets.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Sealed in-process secret store for cloud credentials.
+ *
+ * Cloud API keys are scrubbed from process.env after login and stored
+ * here so they are not visible in environment dumps, child processes,
+ * or /proc/self/environ.
+ *
+ * This module has NO external dependencies so it can be imported by
+ * any module without pulling in host-layer packages.
+ */
+const _cloudSecrets: Record<string, string | undefined> = Object.create(null);
+Object.defineProperty(_cloudSecrets, Symbol.toStringTag, {
+  value: "CloudSecrets",
+  enumerable: false,
+});
+/**
+ * Read a cloud secret without exposing it in process.env.
+ * Falls back to process.env for backwards compatibility with code that
+ * sets the key before this module loads (e.g. docker entrypoints).
+ */
+export function getCloudSecret(
+  key: "ELIZAOS_CLOUD_API_KEY" | "ELIZAOS_CLOUD_ENABLED",
+): string | undefined {
+  return _cloudSecrets[key] ?? process.env[key];
+}
+/** Scrub cloud secrets from process.env and capture into the sealed store. */
+export function scrubCloudSecretsFromEnv(): void {
+  for (const key of [
+    "ELIZAOS_CLOUD_API_KEY",
+    "ELIZAOS_CLOUD_ENABLED",
+  ] as const) {
+    if (process.env[key] !== undefined) {
+      _cloudSecrets[key] = process.env[key];
+      delete process.env[key];
+    }
+  }
+}
+/** Clear any sealed cloud secrets after an explicit disconnect. */
+export function clearCloudSecrets(): void {
+  for (const key of [
+    "ELIZAOS_CLOUD_API_KEY",
+    "ELIZAOS_CLOUD_ENABLED",
+  ] as const) {
+    delete _cloudSecrets[key];
+  }
+}
+/** Reset the sealed secret store. Test-only. */
+export function _resetCloudSecretsForTesting(): void {
+  for (const key of Object.keys(_cloudSecrets)) {
+    delete _cloudSecrets[key];
+  }
+}