npm - @elizaos/plugin-elizacloud - Versions diffs - 2.0.0-alpha.7 → 2.0.0-beta.1 - Mend

@elizaos/plugin-elizacloud 2.0.0-alpha.7 → 2.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (378) hide show

package/LICENSE +21 -0
package/README.md +220 -0
package/auto-enable.ts +17 -0
package/dist/browser/index.browser.js +2 -21
package/dist/browser/index.browser.js.map +5 -37
package/dist/cjs/index.d.ts +2 -2
package/dist/cjs/index.node.cjs +12173 -2271
package/dist/cjs/index.node.js.map +135 -27
package/dist/cloud/auth.d.ts +19 -0
package/dist/cloud/auth.d.ts.map +1 -0
package/dist/cloud/auth.js +330 -0
package/dist/cloud/auth.js.map +12 -0
package/dist/cloud/backup.d.ts +18 -0
package/dist/cloud/backup.d.ts.map +1 -0
package/dist/cloud/backup.js +63 -0
package/dist/cloud/backup.js.map +10 -0
package/dist/cloud/base-url.d.ts +3 -0
package/dist/cloud/base-url.d.ts.map +1 -0
package/dist/cloud/base-url.js +77 -0
package/dist/cloud/base-url.js.map +10 -0
package/dist/cloud/bridge-client.d.ts +126 -0
package/dist/cloud/bridge-client.d.ts.map +1 -0
package/dist/cloud/bridge-client.js +432 -0
package/dist/cloud/bridge-client.js.map +11 -0
package/dist/cloud/cloud-api-key.d.ts +26 -0
package/dist/cloud/cloud-api-key.d.ts.map +1 -0
package/dist/cloud/cloud-api-key.js +60 -0
package/dist/cloud/cloud-api-key.js.map +10 -0
package/dist/cloud/cloud-manager.d.ts +33 -0
package/dist/cloud/cloud-manager.d.ts.map +1 -0
package/dist/cloud/cloud-manager.js +853 -0
package/dist/cloud/cloud-manager.js.map +16 -0
package/dist/cloud/cloud-proxy.d.ts +20 -0
package/dist/cloud/cloud-proxy.d.ts.map +1 -0
package/dist/cloud/cloud-proxy.js +54 -0
package/dist/cloud/cloud-proxy.js.map +10 -0
package/dist/cloud/cloud-wallet.d.ts +94 -0
package/dist/cloud/cloud-wallet.d.ts.map +1 -0
package/dist/cloud/cloud-wallet.js +5195 -0
package/dist/cloud/cloud-wallet.js.map +92 -0
package/dist/cloud/index.d.ts +9 -0
package/dist/cloud/index.d.ts.map +1 -0
package/dist/cloud/index.js +30 -0
package/dist/cloud/index.js.map +9 -0
package/dist/cloud/reconnect.d.ts +26 -0
package/dist/cloud/reconnect.d.ts.map +1 -0
package/dist/cloud/reconnect.js +104 -0
package/dist/cloud/reconnect.js.map +10 -0
package/dist/cloud/validate-url.d.ts +2 -0
package/dist/cloud/validate-url.d.ts.map +1 -0
package/dist/cloud/validate-url.js +174 -0
package/dist/cloud/validate-url.js.map +10 -0
package/dist/cloud-providers/cloud-status.d.ts.map +1 -1
package/dist/cloud-providers/cloud-status.js +78 -0
package/dist/cloud-providers/cloud-status.js.map +10 -0
package/dist/cloud-providers/container-health.d.ts.map +1 -1
package/dist/cloud-providers/container-health.js +74 -0
package/dist/cloud-providers/container-health.js.map +10 -0
package/dist/cloud-providers/credit-balance.d.ts.map +1 -1
package/dist/cloud-providers/credit-balance.js +85 -0
package/dist/cloud-providers/credit-balance.js.map +10 -0
package/dist/cloud-providers/index.d.ts.map +1 -1
package/dist/cloud-providers/index.js +24 -0
package/dist/cloud-providers/index.js.map +9 -0
package/dist/cloud-providers/model-registry.d.ts.map +1 -1
package/dist/cloud-providers/model-registry.js +71 -0
package/dist/cloud-providers/model-registry.js.map +10 -0
package/dist/index.browser.d.ts +4 -2
package/dist/index.browser.d.ts.map +1 -1
package/dist/index.d.ts +18 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +12851 -0
package/dist/index.js.map +145 -0
package/dist/index.node.d.ts +15 -2
package/dist/index.node.d.ts.map +1 -1
package/dist/init.d.ts.map +1 -1
package/dist/init.js +169 -0
package/dist/init.js.map +12 -0
package/dist/lib/cloud-connection.d.ts +78 -0
package/dist/lib/cloud-connection.d.ts.map +1 -0
package/dist/lib/cloud-connection.js +731 -0
package/dist/lib/cloud-connection.js.map +14 -0
package/dist/lib/cloud-secrets.d.ts +23 -0
package/dist/lib/cloud-secrets.d.ts.map +1 -0
package/dist/lib/cloud-secrets.js +64 -0
package/dist/lib/cloud-secrets.js.map +10 -0
package/dist/lib/config-env.d.ts +5 -0
package/dist/lib/config-env.d.ts.map +1 -0
package/dist/lib/config-env.js +191 -0
package/dist/lib/config-env.js.map +11 -0
package/dist/lib/config-like.d.ts +40 -0
package/dist/lib/config-like.d.ts.map +1 -0
package/dist/lib/config-like.js +103 -0
package/dist/lib/config-like.js.map +10 -0
package/dist/lib/credential-type-map.d.ts +53 -0
package/dist/lib/credential-type-map.d.ts.map +1 -0
package/dist/lib/credential-type-map.js +88 -0
package/dist/lib/credential-type-map.js.map +10 -0
package/dist/lib/feature-flags.d.ts +2 -0
package/dist/lib/feature-flags.d.ts.map +1 -0
package/dist/lib/feature-flags.js +40 -0
package/dist/lib/feature-flags.js.map +10 -0
package/dist/lib/http.d.ts +22 -0
package/dist/lib/http.d.ts.map +1 -0
package/dist/lib/http.js +107 -0
package/dist/lib/http.js.map +10 -0
package/dist/lib/server-cloud-tts.d.ts +34 -0
package/dist/lib/server-cloud-tts.d.ts.map +1 -0
package/dist/lib/server-cloud-tts.js +549 -0
package/dist/lib/server-cloud-tts.js.map +13 -0
package/dist/lib/state-paths.d.ts +4 -0
package/dist/lib/state-paths.d.ts.map +1 -0
package/dist/lib/state-paths.js +52 -0
package/dist/lib/state-paths.js.map +10 -0
package/dist/lib/tts-debug.d.ts +4 -0
package/dist/lib/tts-debug.d.ts.map +1 -0
package/dist/lib/tts-debug.js +57 -0
package/dist/lib/tts-debug.js.map +10 -0
package/dist/models/embeddings.d.ts.map +1 -1
package/dist/models/embeddings.js +319 -0
package/dist/models/embeddings.js.map +13 -0
package/dist/models/image.d.ts.map +1 -1
package/dist/models/image.js +374 -0
package/dist/models/image.js.map +14 -0
package/dist/models/index.d.ts +1 -2
package/dist/models/index.d.ts.map +1 -1
package/dist/models/index.js +1386 -0
package/dist/models/index.js.map +20 -0
package/dist/models/research.d.ts.map +1 -1
package/dist/models/research.js +324 -0
package/dist/models/research.js.map +13 -0
package/dist/models/speech.d.ts.map +1 -1
package/dist/models/speech.js +273 -0
package/dist/models/speech.js.map +13 -0
package/dist/models/text.d.ts +5 -2
package/dist/models/text.d.ts.map +1 -1
package/dist/models/text.js +803 -0
package/dist/models/text.js.map +15 -0
package/dist/models/tokenization.d.ts.map +1 -1
package/dist/models/tokenization.js +65 -0
package/dist/models/tokenization.js.map +10 -0
package/dist/models/transcription.d.ts.map +1 -1
package/dist/models/transcription.js +283 -0
package/dist/models/transcription.js.map +13 -0
package/dist/node/index.d.ts +2 -2
package/dist/node/index.node.js +12171 -2266
package/dist/node/index.node.js.map +135 -27
package/dist/onboarding.d.ts +35 -0
package/dist/onboarding.d.ts.map +1 -0
package/dist/onboarding.js +883 -0
package/dist/onboarding.js.map +14 -0
package/dist/plugin.d.ts +20 -0
package/dist/plugin.d.ts.map +1 -0
package/dist/plugin.js +7611 -0
package/dist/plugin.js.map +104 -0
package/dist/providers/openai.d.ts.map +1 -1
package/dist/providers/openai.js +127 -0
package/dist/providers/openai.js.map +11 -0
package/dist/register-routes.d.ts +2 -0
package/dist/register-routes.d.ts.map +1 -0
package/dist/register-routes.js +7612 -0
package/dist/register-routes.js.map +105 -0
package/dist/routes/cloud-billing-routes.d.ts +9 -0
package/dist/routes/cloud-billing-routes.d.ts.map +1 -0
package/dist/routes/cloud-billing-routes.js +807 -0
package/dist/routes/cloud-billing-routes.js.map +14 -0
package/dist/routes/cloud-compat-routes.d.ts +10 -0
package/dist/routes/cloud-compat-routes.d.ts.map +1 -0
package/dist/routes/cloud-compat-routes.js +538 -0
package/dist/routes/cloud-compat-routes.js.map +14 -0
package/dist/routes/cloud-features-routes.d.ts +9 -0
package/dist/routes/cloud-features-routes.d.ts.map +1 -0
package/dist/routes/cloud-features-routes.js +124 -0
package/dist/routes/cloud-features-routes.js.map +11 -0
package/dist/routes/cloud-provisioning.d.ts +14 -0
package/dist/routes/cloud-provisioning.d.ts.map +1 -0
package/dist/routes/cloud-provisioning.js +37 -0
package/dist/routes/cloud-provisioning.js.map +10 -0
package/dist/routes/cloud-relay-routes.d.ts +22 -0
package/dist/routes/cloud-relay-routes.d.ts.map +1 -0
package/dist/routes/cloud-relay-routes.js +60 -0
package/dist/routes/cloud-relay-routes.js.map +10 -0
package/dist/routes/cloud-routes-autonomous.d.ts +83 -0
package/dist/routes/cloud-routes-autonomous.d.ts.map +1 -0
package/dist/routes/cloud-routes-autonomous.js +6134 -0
package/dist/routes/cloud-routes-autonomous.js.map +97 -0
package/dist/routes/cloud-routes.d.ts +35 -0
package/dist/routes/cloud-routes.d.ts.map +1 -0
package/dist/routes/cloud-routes.js +6888 -0
package/dist/routes/cloud-routes.js.map +100 -0
package/dist/routes/cloud-status-routes-autonomous.d.ts +15 -0
package/dist/routes/cloud-status-routes-autonomous.d.ts.map +1 -0
package/dist/routes/cloud-status-routes-autonomous.js +396 -0
package/dist/routes/cloud-status-routes-autonomous.js.map +13 -0
package/dist/routes/cloud-status-routes.d.ts +4 -0
package/dist/routes/cloud-status-routes.d.ts.map +1 -0
package/dist/routes/cloud-status-routes.js +771 -0
package/dist/routes/cloud-status-routes.js.map +15 -0
package/dist/services/cloud-auth.d.ts +140 -5
package/dist/services/cloud-auth.d.ts.map +1 -1
package/dist/services/cloud-auth.js +363 -0
package/dist/services/cloud-auth.js.map +12 -0
package/dist/services/cloud-backup.d.ts.map +1 -1
package/dist/services/cloud-backup.js +176 -0
package/dist/services/cloud-backup.js.map +11 -0
package/dist/services/cloud-bootstrap.d.ts +38 -0
package/dist/services/cloud-bootstrap.d.ts.map +1 -0
package/dist/services/cloud-bootstrap.js +84 -0
package/dist/services/cloud-bootstrap.js.map +10 -0
package/dist/services/cloud-bridge.d.ts +1 -1
package/dist/services/cloud-bridge.d.ts.map +1 -1
package/dist/services/cloud-bridge.js +308 -0
package/dist/services/cloud-bridge.js.map +11 -0
package/dist/services/cloud-container.d.ts.map +1 -1
package/dist/services/cloud-container.js +241 -0
package/dist/services/cloud-container.js.map +11 -0
package/dist/services/cloud-credential-provider.d.ts +55 -0
package/dist/services/cloud-credential-provider.d.ts.map +1 -0
package/dist/services/cloud-credential-provider.js +190 -0
package/dist/services/cloud-credential-provider.js.map +11 -0
package/dist/services/cloud-managed-gateway-relay.d.ts +38 -0
package/dist/services/cloud-managed-gateway-relay.d.ts.map +1 -0
package/dist/services/cloud-managed-gateway-relay.js +479 -0
package/dist/services/cloud-managed-gateway-relay.js.map +10 -0
package/dist/services/cloud-model-registry.d.ts.map +1 -1
package/dist/services/cloud-model-registry.js +175 -0
package/dist/services/cloud-model-registry.js.map +10 -0
package/dist/services/index.d.ts +3 -1
package/dist/services/index.d.ts.map +1 -1
package/dist/services/index.js +29 -0
package/dist/services/index.js.map +9 -0
package/dist/types/cloud.d.ts +41 -19
package/dist/types/cloud.d.ts.map +1 -1
package/dist/types/cloud.js +52 -0
package/dist/types/cloud.js.map +10 -0
package/dist/types/index.d.ts +1 -1
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +24 -0
package/dist/types/index.js.map +9 -0
package/dist/utils/cloud-api.d.ts +2 -27
package/dist/utils/cloud-api.d.ts.map +1 -1
package/dist/utils/cloud-api.js +33 -0
package/dist/utils/cloud-api.js.map +10 -0
package/dist/utils/cloud-sdk/client.d.ts +133 -0
package/dist/utils/cloud-sdk/client.d.ts.map +1 -0
package/dist/utils/cloud-sdk/client.js +3561 -0
package/dist/utils/cloud-sdk/client.js.map +13 -0
package/dist/utils/cloud-sdk/http.d.ts +37 -0
package/dist/utils/cloud-sdk/http.d.ts.map +1 -0
package/dist/utils/cloud-sdk/http.js +237 -0
package/dist/utils/cloud-sdk/http.js.map +11 -0
package/dist/utils/cloud-sdk/index.d.ts +6 -0
package/dist/utils/cloud-sdk/index.d.ts.map +1 -0
package/dist/utils/cloud-sdk/index.js +29 -0
package/dist/utils/cloud-sdk/index.js.map +9 -0
package/dist/utils/cloud-sdk/public-routes.d.ts +5377 -0
package/dist/utils/cloud-sdk/public-routes.d.ts.map +1 -0
package/dist/utils/cloud-sdk/public-routes.js +2950 -0
package/dist/utils/cloud-sdk/public-routes.js.map +10 -0
package/dist/utils/cloud-sdk/types.cloud-api.d.ts +101 -0
package/dist/utils/cloud-sdk/types.cloud-api.d.ts.map +1 -0
package/dist/utils/cloud-sdk/types.cloud-api.js +2 -0
package/dist/utils/cloud-sdk/types.cloud-api.js.map +9 -0
package/dist/utils/cloud-sdk/types.d.ts +655 -0
package/dist/utils/cloud-sdk/types.d.ts.map +1 -0
package/dist/utils/cloud-sdk/types.js +29 -0
package/dist/utils/cloud-sdk/types.js.map +10 -0
package/dist/utils/config.d.ts +7 -3
package/dist/utils/config.d.ts.map +1 -1
package/dist/utils/config.js +137 -0
package/dist/utils/config.js.map +10 -0
package/dist/utils/events.d.ts.map +1 -1
package/dist/utils/events.js +43 -0
package/dist/utils/events.js.map +10 -0
package/dist/utils/helpers.d.ts.map +1 -1
package/dist/utils/helpers.js +103 -0
package/dist/utils/helpers.js.map +10 -0
package/dist/utils/responses-output.d.ts +13 -0
package/dist/utils/responses-output.d.ts.map +1 -0
package/dist/utils/responses-output.js +102 -0
package/dist/utils/responses-output.js.map +10 -0
package/dist/utils/sdk-client.d.ts +5 -0
package/dist/utils/sdk-client.d.ts.map +1 -0
package/dist/utils/sdk-client.js +144 -0
package/dist/utils/sdk-client.js.map +11 -0
package/package.json +108 -19
package/src/cloud/auth.ts +175 -0
package/src/cloud/backup.ts +46 -0
package/src/cloud/base-url.ts +62 -0
package/src/cloud/bridge-client.ts +602 -0
package/src/cloud/cloud-api-key.ts +80 -0
package/src/cloud/cloud-manager.ts +163 -0
package/src/cloud/cloud-proxy.ts +52 -0
package/src/cloud/cloud-wallet.ts +341 -0
package/src/cloud/index.ts +28 -0
package/src/cloud/reconnect.ts +111 -0
package/src/cloud/validate-url.ts +181 -0
package/src/cloud-providers/cloud-status.ts +75 -0
package/src/cloud-providers/container-health.ts +68 -0
package/src/cloud-providers/credit-balance.ts +70 -0
package/src/cloud-providers/index.ts +3 -0
package/src/cloud-providers/model-registry.ts +74 -0
package/src/index.browser.ts +10 -0
package/src/index.node.ts +39 -0
package/src/index.ts +347 -0
package/src/init.ts +39 -0
package/src/lib/cloud-connection.ts +663 -0
package/src/lib/cloud-secrets.ts +58 -0
package/src/lib/config-env.ts +168 -0
package/src/lib/config-like.ts +149 -0
package/src/lib/credential-type-map.ts +130 -0
package/src/lib/feature-flags.ts +26 -0
package/src/lib/http.ts +139 -0
package/src/lib/server-cloud-tts.ts +609 -0
package/src/lib/state-paths.ts +28 -0
package/src/lib/tts-debug.ts +34 -0
package/src/models/embeddings.ts +234 -0
package/src/models/image.ts +219 -0
package/src/models/index.ts +16 -0
package/src/models/research.ts +265 -0
package/src/models/speech.ts +78 -0
package/src/models/text.ts +899 -0
package/src/models/tokenization.ts +67 -0
package/src/models/transcription.ts +97 -0
package/src/onboarding.ts +396 -0
package/src/plugin.ts +243 -0
package/src/providers/openai.ts +16 -0
package/src/register-routes.ts +6 -0
package/src/routes/cloud-billing-routes.ts +754 -0
package/src/routes/cloud-compat-routes.ts +314 -0
package/src/routes/cloud-features-routes.ts +57 -0
package/src/routes/cloud-provisioning.ts +37 -0
package/src/routes/cloud-relay-routes.ts +89 -0
package/src/routes/cloud-routes-autonomous.ts +996 -0
package/src/routes/cloud-routes.ts +576 -0
package/src/routes/cloud-status-routes-autonomous.ts +234 -0
package/src/routes/cloud-status-routes.ts +73 -0
package/src/services/cloud-auth.ts +567 -0
package/src/services/cloud-backup.ts +208 -0
package/src/services/cloud-bootstrap.ts +108 -0
package/src/services/cloud-bridge.ts +386 -0
package/src/services/cloud-container.ts +297 -0
package/src/services/cloud-credential-provider.ts +210 -0
package/src/services/cloud-managed-gateway-relay.ts +663 -0
package/src/services/cloud-model-registry.ts +202 -0
package/src/services/index.ts +17 -0
package/{types → src/types}/cloud.ts +52 -29
package/{types → src/types}/index.ts +6 -0
package/src/utils/cloud-api.ts +10 -0
package/src/utils/cloud-sdk/client.ts +735 -0
package/src/utils/cloud-sdk/http.ts +291 -0
package/src/utils/cloud-sdk/index.ts +23 -0
package/src/utils/cloud-sdk/public-routes.ts +5070 -0
package/src/utils/cloud-sdk/types.cloud-api.ts +120 -0
package/src/utils/cloud-sdk/types.ts +762 -0
package/src/utils/config.ts +174 -0
package/src/utils/events.ts +37 -0
package/src/utils/helpers.ts +107 -0
package/src/utils/responses-output.ts +115 -0
package/src/utils/sdk-client.ts +37 -0
package/dist/actions/check-credits.d.ts +0 -6
package/dist/actions/check-credits.d.ts.map +0 -1
package/dist/actions/freeze-agent.d.ts +0 -9
package/dist/actions/freeze-agent.d.ts.map +0 -1
package/dist/actions/index.d.ts +0 -5
package/dist/actions/index.d.ts.map +0 -1
package/dist/actions/provision-agent.d.ts +0 -8
package/dist/actions/provision-agent.d.ts.map +0 -1
package/dist/actions/resume-agent.d.ts +0 -9
package/dist/actions/resume-agent.d.ts.map +0 -1
package/dist/build.d.ts +0 -3
package/dist/build.d.ts.map +0 -1
package/dist/generated/specs/specs.d.ts +0 -55
package/dist/generated/specs/specs.d.ts.map +0 -1
package/dist/models/object.d.ts +0 -4
package/dist/models/object.d.ts.map +0 -1
package/dist/utils/forwarded-settings.d.ts +0 -8
package/dist/utils/forwarded-settings.d.ts.map +0 -1

package/src/routes/cloud-routes-autonomous.ts ADDED Viewed

@@ -0,0 +1,996 @@
+import fs from "node:fs/promises";
+import type http from "node:http";
+import path from "node:path";
+import {
+  isCloudInferenceSelectedInConfig,
+  migrateLegacyRuntimeConfig,
+} from "@elizaos/core";
+import { logger } from "@elizaos/core";
+import { normalizeCloudSiteUrl } from "../cloud/base-url.js";
+import type {
+  CloudChainType,
+  CloudWalletDescriptor,
+  CloudWalletProvider,
+} from "../cloud/bridge-client.js";
+import {
+  ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV,
+  getOrCreateClientAddressKey,
+  persistCloudWalletCache,
+  provisionCloudWallets,
+} from "../cloud/cloud-wallet.js";
+import { validateCloudBaseUrl } from "../cloud/validate-url.js";
+import { persistConfigEnv } from "../lib/config-env";
+import {
+  applyCanonicalOnboardingConfig,
+  isTimeoutError,
+} from "../lib/config-like";
+import { isCloudWalletEnabled } from "../lib/feature-flags";
+import {
+  readJsonBody as parseJsonBody,
+  sendJson,
+  sendJsonError,
+} from "../lib/http";
+import { resolveStateDir } from "../lib/state-paths";
+export interface CloudConfigLike {
+  cloud?: {
+    enabled?: boolean;
+    apiKey?: string;
+    baseUrl?: string;
+  };
+}
+interface CloudClientLike {
+  listAgents: () => Promise<unknown>;
+  createAgent: (args: {
+    agentName: string;
+    agentConfig?: Record<string, unknown>;
+    environmentVars?: Record<string, string>;
+  }) => Promise<unknown>;
+  deleteAgent: (agentId: string) => Promise<unknown>;
+  getAgentWallet: (
+    agentId: string,
+    chain: CloudChainType,
+  ) => Promise<CloudWalletDescriptor>;
+  provisionWallet: (input: {
+    chainType: CloudChainType;
+    clientAddress: string;
+  }) => Promise<{
+    walletId: string;
+    address: string;
+    chainType: CloudChainType;
+    provider: CloudWalletProvider;
+  }>;
+}
+interface ConnectedCloudAgentLike {
+  agentName: string;
+}
+interface CloudManagerLike {
+  init?: () => Promise<void>;
+  replaceApiKey?: (apiKey: string) => Promise<void>;
+  getClient: () => CloudClientLike | null;
+  connect: (agentId: string) => Promise<ConnectedCloudAgentLike>;
+  disconnect: () => Promise<void>;
+  getStatus: () => unknown;
+  getActiveAgentId: () => string | null;
+}
+interface RuntimeLike {
+  agentId: string;
+  character?: {
+    secrets?: Record<string, string | number | boolean>;
+  };
+  getService?: (name: string) => unknown;
+  setSetting?: (key: string, value: string | null) => unknown;
+  updateAgent?: (
+    agentId: string,
+    update: {
+      secrets: Record<string, string | number | boolean>;
+    },
+  ) => Promise<unknown>;
+}
+interface IntegrationTelemetrySpanLike {
+  success: (args?: { statusCode?: number }) => void;
+  failure: (args?: {
+    statusCode?: number;
+    error?: unknown;
+    errorKind?: string;
+  }) => void;
+}
+interface CloudAuthLike {
+  authenticateWithApiKey?: (input: {
+    apiKey: string;
+    organizationId?: string;
+    userId?: string;
+  }) => unknown;
+  clearAuth?: () => unknown;
+}
+type CreateTelemetrySpanLike = (meta: {
+  boundary: "cloud";
+  operation: string;
+  timeoutMs?: number;
+}) => IntegrationTelemetrySpanLike | null | undefined;
+export interface CloudRouteState {
+  config: CloudConfigLike;
+  cloudManager: CloudManagerLike | null;
+  runtime: RuntimeLike | null;
+  saveConfig?: (config: CloudConfigLike) => void;
+  createTelemetrySpan?: CreateTelemetrySpanLike;
+  /**
+   * Optional runtime restart hook. When Phase 8 lands the cloud-wallet
+   * provisioning integration, the cloud-login handler will call this to
+   * rebind plugin-wallet to the cloud provider. Threaded
+   * from server.ts the same way provider-switch-routes does.
+   */
+  restartRuntime?: (reason: string) => Promise<boolean> | boolean;
+}
+const UUID_RE =
+  /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+const CLOUD_LOGIN_CREATE_TIMEOUT_MS = 10_000;
+const CLOUD_LOGIN_POLL_TIMEOUT_MS = 10_000;
+const CONFIG_ENV_FILENAME = "config.env";
+const CONFIG_ENV_BAK_SUFFIX = ".bak";
+const CLOUD_WALLET_ROLLBACK_ENV_KEYS = [
+  ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV,
+  "ELIZA_CLOUD_EVM_ADDRESS",
+  "ELIZA_CLOUD_SOLANA_ADDRESS",
+  "ENABLE_EVM_PLUGIN",
+  "WALLET_SOURCE_EVM",
+  "WALLET_SOURCE_SOLANA",
+] as const;
+type CloudWalletRollbackEnvKey =
+  (typeof CLOUD_WALLET_ROLLBACK_ENV_KEYS)[number];
+interface ConfigEnvRollbackSnapshot {
+  bakPath: string;
+  filePath: string;
+  originalRaw: string | null;
+  previousEnv: Partial<Record<CloudWalletRollbackEnvKey, string>>;
+}
+function extractAgentId(pathname: string): string | null {
+  const id = pathname.split("/")[4];
+  return id && UUID_RE.test(id) ? id : null;
+}
+function replaceMutableRoot<T extends object>(target: T, snapshot: T): void {
+  const targetRecord = target as Record<string, unknown>;
+  for (const key of Object.keys(targetRecord)) {
+    delete targetRecord[key];
+  }
+  Object.assign(
+    targetRecord,
+    structuredClone(snapshot as Record<string, unknown>),
+  );
+}
+function getCloudAuth(runtime: RuntimeLike | null): CloudAuthLike | null {
+  if (typeof runtime?.getService !== "function") {
+    return null;
+  }
+  const service = runtime.getService("CLOUD_AUTH");
+  return service && typeof service === "object"
+    ? (service as CloudAuthLike)
+    : null;
+}
+function clearCloudAuth(runtime: RuntimeLike | null): CloudAuthLike | null {
+  const cloudAuth = getCloudAuth(runtime);
+  if (typeof cloudAuth?.clearAuth === "function") {
+    cloudAuth.clearAuth();
+  }
+  return cloudAuth;
+}
+async function captureConfigEnvRollbackSnapshot(): Promise<ConfigEnvRollbackSnapshot> {
+  const filePath = path.join(resolveStateDir(), CONFIG_ENV_FILENAME);
+  const bakPath = `${filePath}${CONFIG_ENV_BAK_SUFFIX}`;
+  let originalRaw: string | null = null;
+  try {
+    originalRaw = await fs.readFile(filePath, "utf8");
+  } catch (err) {
+    if ((err as NodeJS.ErrnoException).code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const previousEnv = Object.fromEntries(
+    CLOUD_WALLET_ROLLBACK_ENV_KEYS.flatMap((key) => {
+      const value = process.env[key];
+      return typeof value === "string" ? ([[key, value]] as const) : [];
+    }),
+  ) as Partial<Record<CloudWalletRollbackEnvKey, string>>;
+  return {
+    bakPath,
+    filePath,
+    originalRaw,
+    previousEnv,
+  };
+}
+async function restoreConfigEnvRollbackSnapshot(
+  snapshot: ConfigEnvRollbackSnapshot,
+): Promise<void> {
+  await fs.mkdir(path.dirname(snapshot.filePath), { recursive: true });
+  if (snapshot.originalRaw === null) {
+    await fs.rm(snapshot.filePath, { force: true });
+    await fs.rm(snapshot.bakPath, { force: true });
+  } else {
+    await fs.writeFile(snapshot.filePath, snapshot.originalRaw, {
+      encoding: "utf8",
+      mode: 0o600,
+    });
+    await fs.writeFile(snapshot.bakPath, snapshot.originalRaw, {
+      encoding: "utf8",
+      mode: 0o600,
+    });
+  }
+  for (const key of CLOUD_WALLET_ROLLBACK_ENV_KEYS) {
+    const previousValue = snapshot.previousEnv[key];
+    if (typeof previousValue === "string") {
+      process.env[key] = previousValue;
+    } else {
+      delete process.env[key];
+    }
+  }
+}
+function saveConfigOrThrow(state: CloudRouteState): void {
+  if (!state.saveConfig) {
+    throw new Error("saveConfig not available");
+  }
+  state.saveConfig(state.config);
+}
+async function readJsonBody<T = Record<string, unknown>>(
+  req: http.IncomingMessage,
+  res: http.ServerResponse,
+): Promise<T | null> {
+  return (await parseJsonBody(req, res, {
+    maxBytes: 1_048_576,
+    tooLargeMessage: "Request body too large",
+    destroyOnTooLarge: true,
+  })) as T | null;
+}
+function isRedirectResponse(response: Response): boolean {
+  return response.status >= 300 && response.status < 400;
+}
+function createNoopTelemetrySpan(): IntegrationTelemetrySpanLike {
+  return {
+    success: () => {},
+    failure: () => {},
+  };
+}
+function getTelemetrySpan(
+  state: CloudRouteState,
+  meta: {
+    boundary: "cloud";
+    operation: string;
+    timeoutMs?: number;
+  },
+): IntegrationTelemetrySpanLike {
+  return state.createTelemetrySpan?.(meta) ?? createNoopTelemetrySpan();
+}
+async function fetchWithTimeout(
+  input: string,
+  init: RequestInit,
+  timeoutMs: number,
+): Promise<Response> {
+  return fetch(input, {
+    ...init,
+    redirect: "manual",
+    signal: AbortSignal.timeout(timeoutMs),
+  });
+}
+export async function handleCloudRoute(
+  req: http.IncomingMessage,
+  res: http.ServerResponse,
+  pathname: string,
+  method: string,
+  state: CloudRouteState,
+): Promise<boolean> {
+  if (method === "POST" && pathname === "/api/cloud/login") {
+    const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);
+    const urlError = await validateCloudBaseUrl(baseUrl);
+    if (urlError) {
+      sendJsonError(res, urlError);
+      return true;
+    }
+    const sessionId = crypto.randomUUID();
+    const loginCreateSpan = getTelemetrySpan(state, {
+      boundary: "cloud",
+      operation: "login_create_session",
+      timeoutMs: CLOUD_LOGIN_CREATE_TIMEOUT_MS,
+    });
+    let createRes: Response;
+    try {
+      createRes = await fetchWithTimeout(
+        `${baseUrl}/api/auth/cli-session`,
+        {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ sessionId }),
+        },
+        CLOUD_LOGIN_CREATE_TIMEOUT_MS,
+      );
+    } catch (err) {
+      if (isTimeoutError(err)) {
+        loginCreateSpan.failure({ error: err, statusCode: 504 });
+        sendJsonError(res, "Eliza Cloud login request timed out", 504);
+        return true;
+      }
+      loginCreateSpan.failure({ error: err, statusCode: 502 });
+      sendJsonError(res, "Failed to reach Eliza Cloud", 502);
+      return true;
+    }
+    if (isRedirectResponse(createRes)) {
+      loginCreateSpan.failure({
+        statusCode: createRes.status,
+        errorKind: "redirect_response",
+      });
+      sendJsonError(
+        res,
+        "Eliza Cloud login request was redirected; redirects are not allowed",
+        502,
+      );
+      return true;
+    }
+    if (!createRes.ok) {
+      loginCreateSpan.failure({
+        statusCode: createRes.status,
+        errorKind: "http_error",
+      });
+      sendJsonError(res, "Failed to create auth session with Eliza Cloud", 502);
+      return true;
+    }
+    loginCreateSpan.success({ statusCode: createRes.status });
+    sendJson(res, {
+      ok: true,
+      sessionId,
+      browserUrl: `${baseUrl}/auth/cli-login?session=${encodeURIComponent(sessionId)}`,
+    });
+    return true;
+  }
+  if (method === "GET" && pathname.startsWith("/api/cloud/login/status")) {
+    const url = new URL(
+      req.url ?? "/",
+      `http://${req.headers.host ?? "localhost"}`,
+    );
+    const sessionId = url.searchParams.get("sessionId");
+    if (!sessionId) {
+      sendJsonError(res, "sessionId query parameter is required");
+      return true;
+    }
+    const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);
+    const urlError = await validateCloudBaseUrl(baseUrl);
+    if (urlError) {
+      sendJsonError(res, urlError);
+      return true;
+    }
+    const loginPollSpan = getTelemetrySpan(state, {
+      boundary: "cloud",
+      operation: "login_poll_status",
+      timeoutMs: CLOUD_LOGIN_POLL_TIMEOUT_MS,
+    });
+    let pollRes: Response;
+    try {
+      pollRes = await fetchWithTimeout(
+        `${baseUrl}/api/auth/cli-session/${encodeURIComponent(sessionId)}`,
+        {},
+        CLOUD_LOGIN_POLL_TIMEOUT_MS,
+      );
+    } catch (err) {
+      if (isTimeoutError(err)) {
+        loginPollSpan.failure({ error: err, statusCode: 504 });
+        sendJson(
+          res,
+          {
+            status: "error",
+            error: "Eliza Cloud status request timed out",
+          },
+          504,
+        );
+        return true;
+      }
+      loginPollSpan.failure({ error: err, statusCode: 502 });
+      sendJson(
+        res,
+        {
+          status: "error",
+          error: "Failed to reach Eliza Cloud",
+        },
+        502,
+      );
+      return true;
+    }
+    if (isRedirectResponse(pollRes)) {
+      loginPollSpan.failure({
+        statusCode: pollRes.status,
+        errorKind: "redirect_response",
+      });
+      sendJson(
+        res,
+        {
+          status: "error",
+          error:
+            "Eliza Cloud status request was redirected; redirects are not allowed",
+        },
+        502,
+      );
+      return true;
+    }
+    if (!pollRes.ok) {
+      loginPollSpan.failure({
+        statusCode: pollRes.status,
+        errorKind: "http_error",
+      });
+      sendJson(
+        res,
+        pollRes.status === 404
+          ? { status: "expired", error: "Session not found or expired" }
+          : {
+              status: "error",
+              error: `Eliza Cloud returned HTTP ${pollRes.status}`,
+            },
+      );
+      return true;
+    }
+    let data: {
+      status: string;
+      apiKey?: string;
+      keyPrefix?: string;
+      organizationId?: string;
+      userId?: string;
+    };
+    try {
+      data = (await pollRes.json()) as {
+        status: string;
+        apiKey?: string;
+        keyPrefix?: string;
+        organizationId?: string;
+        userId?: string;
+      };
+    } catch (parseErr) {
+      loginPollSpan.failure({ error: parseErr, statusCode: pollRes.status });
+      sendJson(
+        res,
+        { status: "error", error: "Eliza Cloud returned invalid JSON" },
+        502,
+      );
+      return true;
+    }
+    loginPollSpan.success({ statusCode: pollRes.status });
+    if (data.status === "authenticated" && data.apiKey) {
+      const organizationId =
+        typeof data.organizationId === "string"
+          ? data.organizationId.trim()
+          : undefined;
+      const userId =
+        typeof data.userId === "string" ? data.userId.trim() : undefined;
+      const cloudAuth = clearCloudAuth(state.runtime);
+      migrateLegacyRuntimeConfig(state.config as Record<string, unknown>);
+      const cloud = (state.config.cloud ?? {}) as NonNullable<
+        CloudConfigLike["cloud"]
+      >;
+      cloud.apiKey = data.apiKey;
+      (state.config as Record<string, unknown>).cloud = cloud;
+      applyCanonicalOnboardingConfig(state.config as never, {
+        linkedAccounts: {
+          elizacloud: {
+            status: "linked",
+            source: "api-key",
+          },
+        },
+      });
+      const cloudInferenceSelected = isCloudInferenceSelectedInConfig(
+        state.config as Record<string, unknown>,
+      );
+      migrateLegacyRuntimeConfig(state.config as Record<string, unknown>);
+      try {
+        if (state.saveConfig) {
+          state.saveConfig(state.config);
+        } else {
+          logger.warn(
+            "[cloud-login] saveConfig not available — config not persisted",
+          );
+        }
+        logger.info("[cloud-login] API key saved to config file");
+      } catch (saveErr) {
+        logger.error(`[cloud-login] Failed to save config: ${String(saveErr)}`);
+        sendJson(
+          res,
+          { status: "error", error: "Authenticated but failed to save config" },
+          500,
+        );
+        return true;
+      }
+      process.env.ELIZAOS_CLOUD_API_KEY = data.apiKey;
+      if (cloudInferenceSelected) {
+        process.env.ELIZAOS_CLOUD_ENABLED = "true";
+      } else {
+        delete process.env.ELIZAOS_CLOUD_ENABLED;
+      }
+      if (state.runtime) {
+        const character = state.runtime.character ?? {};
+        state.runtime.character = character;
+        if (!character.secrets) {
+          character.secrets = {};
+        }
+        const secrets = character.secrets as Record<string, string>;
+        secrets.ELIZAOS_CLOUD_API_KEY = data.apiKey;
+        if (userId) {
+          secrets.ELIZA_CLOUD_USER_ID = userId;
+        } else {
+          delete secrets.ELIZA_CLOUD_USER_ID;
+        }
+        if (organizationId) {
+          secrets.ELIZA_CLOUD_ORGANIZATION_ID = organizationId;
+        } else {
+          delete secrets.ELIZA_CLOUD_ORGANIZATION_ID;
+        }
+        if (cloudInferenceSelected) {
+          secrets.ELIZAOS_CLOUD_ENABLED = "true";
+        } else {
+          delete secrets.ELIZAOS_CLOUD_ENABLED;
+        }
+        if (typeof state.runtime.setSetting === "function") {
+          state.runtime.setSetting("ELIZA_CLOUD_USER_ID", userId ?? null);
+          state.runtime.setSetting(
+            "ELIZA_CLOUD_ORGANIZATION_ID",
+            organizationId ?? null,
+          );
+        }
+        if (typeof state.runtime.updateAgent === "function") {
+          await state.runtime.updateAgent(state.runtime.agentId, {
+            secrets: { ...secrets },
+          });
+          logger.info("[cloud-login] API key persisted to agent DB record");
+        } else {
+          logger.warn(
+            "[cloud-login] runtime.updateAgent not available — agent DB secrets not persisted",
+          );
+        }
+      }
+      if (
+        state.cloudManager &&
+        typeof state.cloudManager.replaceApiKey === "function"
+      ) {
+        await state.cloudManager.replaceApiKey(data.apiKey);
+      } else if (
+        state.cloudManager &&
+        !state.cloudManager.getClient() &&
+        typeof state.cloudManager.init === "function"
+      ) {
+        await state.cloudManager.init();
+      }
+      if (typeof cloudAuth?.authenticateWithApiKey === "function") {
+        cloudAuth.authenticateWithApiKey({
+          apiKey: data.apiKey,
+          organizationId,
+          userId,
+        });
+      }
+      // Cloud-wallet remote-signing bridge (gated by ENABLE_CLOUD_WALLET).
+      // Failures here do NOT abort the cloud-login response — the API key
+      // is already saved. We log, rollback the partial wallet bind, and
+      // fall through so the user stays logged in.
+      if (isCloudWalletEnabled()) {
+        const rollbackConfigSnapshot = structuredClone(
+          state.config as Record<string, unknown>,
+        ) as CloudConfigLike;
+        const rollbackEnvSnapshot = await captureConfigEnvRollbackSnapshot();
+        try {
+          const bridge = state.cloudManager?.getClient();
+          const agentId = state.runtime?.agentId;
+          if (!bridge) {
+            throw new Error("cloud-wallet bridge unavailable");
+          }
+          if (!agentId) {
+            throw new Error("cloud-wallet runtime agentId missing");
+          }
+          const { address: clientAddress, minted } =
+            await getOrCreateClientAddressKey();
+          if (minted) {
+            logger.info(
+              `[cloud-login] cloud-wallet: minted client_address ${clientAddress}`,
+            );
+          }
+          const descriptors = await provisionCloudWallets(bridge, {
+            agentId,
+            clientAddress,
+          });
+          persistCloudWalletCache(
+            state.config as Record<string, unknown>,
+            descriptors,
+          );
+          const cloudCfg = (state.config.cloud ?? {}) as Record<
+            string,
+            unknown
+          >;
+          cloudCfg.clientAddressPublicKey = clientAddress;
+          (state.config as Record<string, unknown>).cloud = cloudCfg;
+          saveConfigOrThrow(state);
+          if (descriptors.evm?.walletAddress) {
+            process.env.ELIZA_CLOUD_EVM_ADDRESS = descriptors.evm.walletAddress;
+            await persistConfigEnv(
+              "ELIZA_CLOUD_EVM_ADDRESS",
+              descriptors.evm.walletAddress,
+            );
+          }
+          if (descriptors.solana?.walletAddress) {
+            process.env.ELIZA_CLOUD_SOLANA_ADDRESS =
+              descriptors.solana.walletAddress;
+            await persistConfigEnv(
+              "ELIZA_CLOUD_SOLANA_ADDRESS",
+              descriptors.solana.walletAddress,
+            );
+          }
+          await persistConfigEnv("ENABLE_EVM_PLUGIN", "1");
+          if (descriptors.evm) {
+            await persistConfigEnv("WALLET_SOURCE_EVM", "cloud");
+          }
+          if (descriptors.solana) {
+            await persistConfigEnv("WALLET_SOURCE_SOLANA", "cloud");
+          }
+          const wallet = ((state.config as Record<string, unknown>).wallet ??
+            {}) as Record<string, unknown>;
+          const primary = {
+            ...((wallet.primary ?? {}) as Record<string, string>),
+          };
+          if (descriptors.evm) primary.evm = "cloud";
+          if (descriptors.solana) primary.solana = "cloud";
+          wallet.primary = primary;
+          (state.config as Record<string, unknown>).wallet = wallet;
+          saveConfigOrThrow(state);
+          logger.info(
+            `[cloud-login] cloud-wallet: provisioned ${Object.keys(descriptors).join(", ")} — applying runtime reload`,
+          );
+          const restarted = state.restartRuntime
+            ? await Promise.resolve(state.restartRuntime("cloud-wallet-bound"))
+            : false;
+          if (!restarted) {
+            logger.warn(
+              "[cloud-login] cloud-wallet: restartRuntime not wired or restart declined — user must restart manually",
+            );
+          }
+        } catch (cloudWalletErr) {
+          try {
+            await restoreConfigEnvRollbackSnapshot(rollbackEnvSnapshot);
+          } catch (rollbackErr) {
+            logger.error(
+              `[cloud-login] cloud-wallet rollback failed: ${String(
+                rollbackErr,
+              )}`,
+            );
+          }
+          replaceMutableRoot(state.config, rollbackConfigSnapshot);
+          try {
+            saveConfigOrThrow(state);
+          } catch (saveRollbackErr) {
+            logger.error(
+              `[cloud-login] cloud-wallet config rollback failed: ${String(
+                saveRollbackErr,
+              )}`,
+            );
+          }
+          logger.error(
+            `[cloud-login] cloud-wallet provision failed: ${String(
+              cloudWalletErr,
+            )}`,
+          );
+        }
+      }
+      // Return the cloud API key to the renderer so it can populate
+      // `globalThis.__ELIZA_CLOUD_AUTH_TOKEN__` and use the direct cloud
+      // path (`/api/v1/eliza/agents`) for agent creation/provisioning.
+      // Without this, every cloud op falls back to the proxy compat path,
+      // which creates agents in a namespace whose queue never drains
+      // (agents stay `status: "queued"` forever — onboarding hangs).
+      //
+      // ## Security trade-off — token in HTTP response body
+      //
+      // Sending an API key in the response body is a deliberate choice
+      // for our architecture, NOT an oversight:
+      //   - The agent process and the renderer (Electrobun WebView) live
+      //     on the same machine.  They communicate over loopback HTTP
+      //     (`127.0.0.1`).  Any process that can sniff the loopback
+      //     interface (tcpdump, attached debugger) already has the
+      //     ambient privilege to read the renderer's memory or the
+      //     vault directly — the HTTP body is not the weakest link.
+      //   - The key IS the user's own secret (not server-owned), and
+      //     the response only goes to the renderer the user is
+      //     actively using.
+      //   - Returning a short-lived "handle" that the renderer
+      //     exchanges for the real token would just shift the same
+      //     cleartext transit one hop, not eliminate it.
+      //
+      // The principled fix is to push the token over an Electrobun RPC
+      // channel (the same IPC the api-base-owner module uses for
+      // `pushApiBaseToRenderer`).  That requires routing the cloud
+      // login outcome from the agent process to the Electrobun main
+      // process and back to the renderer — three-process choreography
+      // that doesn't fit this PR.  Tracked as a follow-up.
+      logger.info(
+        `[cloud-login] sending API key to loopback renderer (single-user desktop trust model)`,
+      );
+      sendJson(res, {
+        status: "authenticated",
+        token: data.apiKey,
+        keyPrefix: data.keyPrefix,
+        organizationId,
+        userId,
+      });
+    } else {
+      sendJson(res, { status: data.status });
+    }
+    return true;
+  }
+  if (method === "GET" && pathname === "/api/cloud/agents") {
+    const client = state.cloudManager?.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    sendJson(res, { ok: true, agents: await client.listAgents() });
+    return true;
+  }
+  if (method === "POST" && pathname === "/api/cloud/agents") {
+    const client = state.cloudManager?.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    const body = await readJsonBody<{
+      agentName?: string;
+      agentConfig?: Record<string, unknown>;
+      environmentVars?: Record<string, string>;
+    }>(req, res);
+    if (!body) return true;
+    if (!body.agentName?.trim()) {
+      sendJsonError(res, "agentName is required");
+      return true;
+    }
+    let agent: unknown;
+    try {
+      agent = await client.createAgent({
+        agentName: body.agentName,
+        agentConfig: body.agentConfig,
+        environmentVars: body.environmentVars,
+      });
+    } catch (err) {
+      logger.error(`[cloud] createAgent failed: ${String(err)}`);
+      sendJson(
+        res,
+        { ok: false, error: `Cloud createAgent failed: ${String(err)}` },
+        502,
+      );
+      return true;
+    }
+    sendJson(res, { ok: true, agent }, 201);
+    return true;
+  }
+  if (
+    method === "POST" &&
+    pathname.startsWith("/api/cloud/agents/") &&
+    pathname.endsWith("/provision")
+  ) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    let proxy: { agentName?: string };
+    try {
+      proxy = await state.cloudManager.connect(agentId);
+    } catch (err) {
+      logger.error(`[cloud] provision/connect failed: ${String(err)}`);
+      sendJson(
+        res,
+        { ok: false, error: `Cloud provision failed: ${String(err)}` },
+        502,
+      );
+      return true;
+    }
+    sendJson(res, {
+      ok: true,
+      agentId,
+      agentName: proxy.agentName,
+      status: state.cloudManager.getStatus(),
+    });
+    return true;
+  }
+  if (
+    method === "POST" &&
+    pathname.startsWith("/api/cloud/agents/") &&
+    pathname.endsWith("/shutdown")
+  ) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    const client = state.cloudManager.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    try {
+      if (state.cloudManager.getActiveAgentId() === agentId) {
+        await state.cloudManager.disconnect();
+      }
+      await client.deleteAgent(agentId);
+    } catch (err) {
+      logger.error(`[cloud] shutdown/deleteAgent failed: ${String(err)}`);
+      sendJson(
+        res,
+        { ok: false, error: `Cloud shutdown failed: ${String(err)}` },
+        502,
+      );
+      return true;
+    }
+    sendJson(res, { ok: true, agentId, status: "stopped" });
+    return true;
+  }
+  if (
+    method === "POST" &&
+    pathname.startsWith("/api/cloud/agents/") &&
+    pathname.endsWith("/connect")
+  ) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    let proxy: { agentName?: string };
+    try {
+      if (state.cloudManager.getActiveAgentId()) {
+        await state.cloudManager.disconnect();
+      }
+      proxy = await state.cloudManager.connect(agentId);
+    } catch (err) {
+      logger.error(`[cloud] connect failed: ${String(err)}`);
+      sendJson(
+        res,
+        { ok: false, error: `Cloud connect failed: ${String(err)}` },
+        502,
+      );
+      return true;
+    }
+    sendJson(res, {
+      ok: true,
+      agentId,
+      agentName: proxy.agentName,
+      status: state.cloudManager.getStatus(),
+    });
+    return true;
+  }
+  if (method === "POST" && pathname === "/api/cloud/disconnect") {
+    if (state.cloudManager) {
+      await state.cloudManager.disconnect();
+    }
+    const cloud = (state.config.cloud ?? {}) as NonNullable<
+      CloudConfigLike["cloud"]
+    >;
+    delete cloud.apiKey;
+    (state.config as Record<string, unknown>).cloud = cloud;
+    applyCanonicalOnboardingConfig(state.config as never, {
+      deploymentTarget: { runtime: "local" },
+      linkedAccounts: {
+        elizacloud: {
+          status: "unlinked",
+          source: "api-key",
+        },
+      },
+      clearRoutes: ["llmText", "tts", "media", "embeddings", "rpc"],
+    });
+    migrateLegacyRuntimeConfig(state.config as Record<string, unknown>);
+    try {
+      if (state.saveConfig) {
+        state.saveConfig(state.config);
+      } else {
+        logger.warn(
+          "[cloud-disconnect] saveConfig not available — config not persisted",
+        );
+      }
+    } catch (saveErr) {
+      logger.error(
+        `[cloud-disconnect] Failed to save config: ${String(saveErr)}`,
+      );
+      sendJson(
+        res,
+        { ok: false, error: "Disconnected but failed to save config" },
+        500,
+      );
+      return true;
+    }
+    delete process.env.ELIZAOS_CLOUD_API_KEY;
+    delete process.env.ELIZAOS_CLOUD_ENABLED;
+    if (state.runtime) {
+      const character = state.runtime.character ?? {};
+      state.runtime.character = character;
+      if (!character.secrets) {
+        character.secrets = {};
+      }
+      const secrets = character.secrets as Record<
+        string,
+        string | number | boolean
+      >;
+      delete secrets.ELIZAOS_CLOUD_API_KEY;
+      delete secrets.ELIZAOS_CLOUD_ENABLED;
+      if (typeof state.runtime.updateAgent === "function") {
+        await state.runtime.updateAgent(state.runtime.agentId, {
+          secrets: { ...secrets },
+        });
+      } else {
+        logger.warn(
+          "[cloud-disconnect] updateAgent not available — runtime secrets not persisted",
+        );
+      }
+    }
+    sendJson(res, { ok: true, status: "disconnected" });
+    return true;
+  }
+  return false;
+}