@elizaos/plugin-elizacloud 2.0.0-alpha.8 → 2.0.0-beta.1

package/dist/cloud/auth.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Eliza Cloud login flow — reuses the CLI auth session pattern:
+ * create session, open browser, poll until authenticated, return API key.
+ */
+export interface CloudLoginResult {
+    apiKey: string;
+    keyPrefix: string;
+    expiresAt: string | null;
+}
+export interface CloudLoginOptions {
+    baseUrl?: string;
+    timeoutMs?: number;
+    requestTimeoutMs?: number;
+    pollIntervalMs?: number;
+    onBrowserUrl?: (url: string) => void;
+    onPollStatus?: (status: string) => void;
+}
+export declare function cloudLogin(options?: CloudLoginOptions): Promise<CloudLoginResult>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/cloud/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/cloud/auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAOH,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IACrC,YAAY,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACzC;AA2BD,wBAAsB,UAAU,CAC9B,OAAO,GAAE,iBAAsB,GAC9B,OAAO,CAAC,gBAAgB,CAAC,CA0H3B"}

package/dist/cloud/auth.js

@@ -0,0 +1,330 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/cloud/base-url.ts
+function isLoopbackHost(hostname) {
+  const normalized = hostname.toLowerCase();
+  return normalized === "localhost" || normalized === "::1" || normalized === "0:0:0:0:0:0:0:1" || normalized.startsWith("127.");
+}
+function trimApiPath(pathname) {
+  const normalized = pathname.trim().replace(/\/+$/, "");
+  if (!normalized)
+    return "";
+  if (normalized === "/api/v1")
+    return "";
+  if (normalized.endsWith("/api/v1")) {
+    return normalized.slice(0, -"/api/v1".length);
+  }
+  return normalized;
+}
+function normalizeCloudSiteUrl(rawUrl) {
+  const envOverride = process.env.ELIZAOS_CLOUD_BASE_URL?.trim();
+  const candidate = envOverride || rawUrl?.trim() || DEFAULT_CLOUD_SITE_URL;
+  try {
+    const parsed = new URL(candidate);
+    const pathname = trimApiPath(parsed.pathname);
+    const host = parsed.hostname.toLowerCase();
+    const preserveLocalOrigin = isLoopbackHost(host);
+    parsed.hash = "";
+    parsed.search = "";
+    if (!preserveLocalOrigin) {
+      parsed.protocol = "https:";
+      parsed.port = "";
+    }
+    parsed.pathname = pathname;
+    if (LEGACY_CLOUD_HOST_ALIASES.has(host)) {
+      parsed.hostname = "www.elizacloud.ai";
+      parsed.pathname = "";
+    }
+    return parsed.toString().replace(/\/{1,1024}$/, "");
+  } catch {
+    const safeCandidate = candidate.length > 8192 ? candidate.slice(0, 8192) : candidate;
+    return safeCandidate.replace(/\/{1,1024}$/, "");
+  }
+}
+function resolveCloudApiBaseUrl(rawUrl) {
+  return `${normalizeCloudSiteUrl(rawUrl)}/api/v1`;
+}
+var DEFAULT_CLOUD_SITE_URL = "https://www.elizacloud.ai", LEGACY_CLOUD_HOST_ALIASES;
+var init_base_url = __esm(() => {
+  LEGACY_CLOUD_HOST_ALIASES = new Set([
+    "elizacloud.ai",
+    "www.elizacloud.ai"
+  ]);
+});
+
+// src/cloud/validate-url.ts
+import dns from "node:dns";
+import net from "node:net";
+import { promisify } from "node:util";
+function normalizeHostLike(value) {
+  return value.trim().toLowerCase().replace(/^\[|\]$/g, "");
+}
+function decodeIpv6MappedHex(mapped) {
+  const parts = mapped.split(":");
+  if (parts.length < 1 || parts.length > 2)
+    return null;
+  const parsed = parts.map((part) => {
+    if (!/^[0-9a-f]{1,4}$/i.test(part))
+      return Number.NaN;
+    return Number.parseInt(part, 16);
+  });
+  if (parsed.some((value) => !Number.isFinite(value)))
+    return null;
+  const [hi, lo] = parsed.length === 1 ? [0, parsed[0]] : parsed;
+  const octets = [hi >> 8, hi & 255, lo >> 8, lo & 255];
+  return octets.join(".");
+}
+function canonicalizeIpv6(ip) {
+  try {
+    return new URL(`http://[${ip}]/`).hostname.replace(/^\[|\]$/g, "");
+  } catch {
+    return null;
+  }
+}
+function normalizeIpForPolicy(ip) {
+  const base = normalizeHostLike(ip).split("%")[0];
+  if (!base)
+    return base;
+  let normalized = base;
+  if (net.isIP(normalized) === 6) {
+    normalized = canonicalizeIpv6(normalized) ?? normalized;
+  }
+  let mapped = null;
+  if (normalized.startsWith("::ffff:")) {
+    mapped = normalized.slice("::ffff:".length);
+  } else if (normalized.startsWith("0:0:0:0:0:ffff:")) {
+    mapped = normalized.slice("0:0:0:0:0:ffff:".length);
+  }
+  if (!mapped)
+    return normalized;
+  if (net.isIP(mapped) === 4)
+    return mapped;
+  return decodeIpv6MappedHex(mapped) ?? normalized;
+}
+function cidrV4(base, prefix) {
+  const parsed = parseIpv4ToInt(base);
+  if (parsed === null) {
+    throw new Error(`Invalid CIDR base IPv4 address: ${base}`);
+  }
+  const shift = 32 - prefix;
+  const mask = shift === 32 ? 0 : 4294967295 << shift >>> 0;
+  return { base: parsed & mask, mask };
+}
+function parseIpv4ToInt(ip) {
+  const parts = ip.split(".");
+  if (parts.length !== 4)
+    return null;
+  let value = 0;
+  for (const part of parts) {
+    if (!/^\d{1,3}$/.test(part))
+      return null;
+    const octet = Number.parseInt(part, 10);
+    if (!Number.isInteger(octet) || octet < 0 || octet > 255)
+      return null;
+    value = value << 8 | octet;
+  }
+  return value >>> 0;
+}
+function isBlockedIpv4(ip) {
+  const asInt = parseIpv4ToInt(ip);
+  if (asInt === null)
+    return true;
+  return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);
+}
+function isBlockedIpv6(ip) {
+  const normalized = ip.toLowerCase();
+  return normalized === "::" || normalized === "::1" || /^fe[89ab][0-9a-f]:/.test(normalized) || /^f[cd][0-9a-f]{2}:/i.test(normalized) || normalized.startsWith("ff");
+}
+function isBlockedIp(ip) {
+  const normalized = normalizeIpForPolicy(ip);
+  const family = net.isIP(normalized);
+  if (family === 4)
+    return isBlockedIpv4(normalized);
+  if (family === 6)
+    return isBlockedIpv6(normalized);
+  return false;
+}
+async function validateCloudBaseUrl(rawUrl) {
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (parsed.protocol !== "https:") {
+    return `Cloud base URL must use HTTPS, got "${parsed.protocol}" in "${rawUrl}"`;
+  }
+  const hostname = normalizeHostLike(parsed.hostname);
+  if (!hostname) {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (hostname === "localhost" || hostname.endsWith(".localhost") || hostname.endsWith(".local")) {
+    return `Cloud base URL "${rawUrl}" points to a blocked local hostname.`;
+  }
+  if (true) {
+    return null;
+  }
+  if (isBlockedIp(hostname)) {
+    return `Cloud base URL "${rawUrl}" points to a blocked address.`;
+  }
+  try {
+    const results = await dnsLookupAll(hostname, { all: true });
+    const addresses = Array.isArray(results) ? results : [results];
+    for (const entry of addresses) {
+      const ip = typeof entry === "string" ? entry : entry.address;
+      if (isBlockedIp(ip)) {
+        return `Cloud base URL "${rawUrl}" resolves to ${ip}, ` + "which is a blocked internal/metadata address.";
+      }
+    }
+  } catch {
+    return `Cloud base URL "${rawUrl}" could not be resolved via DNS.`;
+  }
+  return null;
+}
+var dnsLookupAll, BLOCKED_IPV4_CIDRS;
+var init_validate_url = __esm(() => {
+  dnsLookupAll = promisify(dns.lookup);
+  BLOCKED_IPV4_CIDRS = [
+    cidrV4("0.0.0.0", 8),
+    cidrV4("10.0.0.0", 8),
+    cidrV4("172.16.0.0", 12),
+    cidrV4("192.168.0.0", 16),
+    cidrV4("100.64.0.0", 10),
+    cidrV4("127.0.0.0", 8),
+    cidrV4("169.254.0.0", 16),
+    cidrV4("192.0.0.0", 24),
+    cidrV4("198.18.0.0", 15),
+    cidrV4("192.0.2.0", 24),
+    cidrV4("198.51.100.0", 24),
+    cidrV4("203.0.113.0", 24),
+    cidrV4("224.0.0.0", 4),
+    cidrV4("240.0.0.0", 4)
+  ];
+});
+
+// src/cloud/auth.ts
+init_base_url();
+init_validate_url();
+import crypto from "node:crypto";
+import { logger } from "@elizaos/core";
+var DEFAULT_CLOUD_REQUEST_TIMEOUT_MS = 1e4;
+function isRedirectResponse(response) {
+  return response.status >= 300 && response.status < 400;
+}
+function isTimeoutError(err) {
+  if (!(err instanceof Error))
+    return false;
+  if (err.name === "TimeoutError" || err.name === "AbortError")
+    return true;
+  const msg = err.message.toLowerCase();
+  return msg.includes("timed out") || msg.includes("timeout");
+}
+async function fetchWithTimeout(input, init, timeoutMs) {
+  return fetch(input, {
+    ...init,
+    redirect: "manual",
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+}
+async function cloudLogin(options = {}) {
+  const baseUrl = normalizeCloudSiteUrl(options.baseUrl);
+  const urlError = await validateCloudBaseUrl(baseUrl);
+  if (urlError) {
+    throw new Error(urlError);
+  }
+  const timeoutMs = options.timeoutMs ?? 300000;
+  const requestTimeoutMs = options.requestTimeoutMs ?? DEFAULT_CLOUD_REQUEST_TIMEOUT_MS;
+  const pollIntervalMs = options.pollIntervalMs ?? 2000;
+  const sessionId = crypto.randomUUID();
+  logger.info("[cloud-auth] Creating auth session...");
+  let createResponse;
+  try {
+    createResponse = await fetchWithTimeout(`${baseUrl}/api/auth/cli-session`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ sessionId })
+    }, requestTimeoutMs);
+  } catch (err) {
+    if (isTimeoutError(err)) {
+      throw new Error(`Cloud login request timed out while creating session (>${requestTimeoutMs}ms).`);
+    }
+    throw new Error(`Failed to create auth session: ${String(err)}`);
+  }
+  if (!createResponse.ok) {
+    if (isRedirectResponse(createResponse)) {
+      throw new Error("Cloud login request was redirected; redirects are not allowed.");
+    }
+    const errorText = await createResponse.text();
+    throw new Error(`Failed to create auth session (HTTP ${createResponse.status}): ${errorText}`);
+  }
+  const browserUrl = `${baseUrl}/auth/cli-login?session=${encodeURIComponent(sessionId)}`;
+  logger.info(`[cloud-auth] Browser URL: ${browserUrl}`);
+  options.onBrowserUrl?.(browserUrl);
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    const remainingBeforeSleep = deadline - Date.now();
+    if (remainingBeforeSleep <= 0)
+      break;
+    await new Promise((resolve) => setTimeout(resolve, Math.min(pollIntervalMs, remainingBeforeSleep)));
+    const remaining = deadline - Date.now();
+    if (remaining <= 0)
+      break;
+    let pollResponse;
+    try {
+      pollResponse = await fetchWithTimeout(`${baseUrl}/api/auth/cli-session/${encodeURIComponent(sessionId)}`, {}, Math.min(requestTimeoutMs, remaining));
+    } catch (err) {
+      if (isTimeoutError(err)) {
+        if (remaining <= requestTimeoutMs) {
+          break;
+        }
+        throw new Error(`Cloud login polling request timed out (>${Math.min(requestTimeoutMs, remaining)}ms).`);
+      }
+      throw new Error(`Cloud login polling failed: ${String(err)}`);
+    }
+    if (!pollResponse.ok) {
+      if (isRedirectResponse(pollResponse)) {
+        throw new Error("Cloud login polling request was redirected; redirects are not allowed.");
+      }
+      if (pollResponse.status === 404) {
+        throw new Error("Auth session expired or not found. Please try again.");
+      }
+      options.onPollStatus?.("error");
+      continue;
+    }
+    const data = await pollResponse.json();
+    options.onPollStatus?.(data.status);
+    if (data.status === "authenticated" && data.apiKey) {
+      logger.info("[cloud-auth] Authentication complete");
+      return {
+        apiKey: data.apiKey,
+        keyPrefix: data.keyPrefix ?? "",
+        expiresAt: data.expiresAt ?? null
+      };
+    }
+    if (data.status === "authenticated" && !data.apiKey) {
+      throw new Error("Auth session was completed but the API key was already retrieved. Please try logging in again.");
+    }
+  }
+  throw new Error(`Cloud login timed out. The browser login was not completed within ${Math.round(timeoutMs / 1000)} seconds.`);
+}
+export {
+  cloudLogin
+};
+
+//# debugId=FE8D7066E15F125A64756E2164756E21

package/dist/cloud/auth.js.map

@@ -0,0 +1,12 @@
+{
+  "version": 3,
+  "sources": ["../src/cloud/base-url.ts", "../src/cloud/validate-url.ts", "../src/cloud/auth.ts"],
+  "sourcesContent": [
+    "const DEFAULT_CLOUD_SITE_URL = \"https://www.elizacloud.ai\";\n\nconst LEGACY_CLOUD_HOST_ALIASES = new Set([\n  \"elizacloud.ai\",\n  \"www.elizacloud.ai\",\n]);\n\nfunction isLoopbackHost(hostname: string): boolean {\n  const normalized = hostname.toLowerCase();\n  return (\n    normalized === \"localhost\" ||\n    normalized === \"::1\" ||\n    normalized === \"0:0:0:0:0:0:0:1\" ||\n    normalized.startsWith(\"127.\")\n  );\n}\n\nfunction trimApiPath(pathname: string): string {\n  const normalized = pathname.trim().replace(/\\/+$/, \"\");\n  if (!normalized) return \"\";\n  if (normalized === \"/api/v1\") return \"\";\n  if (normalized.endsWith(\"/api/v1\")) {\n    return normalized.slice(0, -\"/api/v1\".length);\n  }\n  return normalized;\n}\n\nexport function normalizeCloudSiteUrl(rawUrl?: string): string {\n  // Allow cloud-provisioned containers to override the base URL via env var\n  const envOverride = process.env.ELIZAOS_CLOUD_BASE_URL?.trim();\n  const candidate = envOverride || rawUrl?.trim() || DEFAULT_CLOUD_SITE_URL;\n\n  try {\n    const parsed = new URL(candidate);\n    const pathname = trimApiPath(parsed.pathname);\n    const host = parsed.hostname.toLowerCase();\n    const preserveLocalOrigin = isLoopbackHost(host);\n\n    parsed.hash = \"\";\n    parsed.search = \"\";\n    if (!preserveLocalOrigin) {\n      parsed.protocol = \"https:\";\n      parsed.port = \"\";\n    }\n    parsed.pathname = pathname;\n\n    if (LEGACY_CLOUD_HOST_ALIASES.has(host)) {\n      parsed.hostname = \"www.elizacloud.ai\";\n      parsed.pathname = \"\";\n    }\n\n    return parsed.toString().replace(/\\/{1,1024}$/, \"\");\n  } catch {\n    const safeCandidate =\n      candidate.length > 8192 ? candidate.slice(0, 8192) : candidate;\n    return safeCandidate.replace(/\\/{1,1024}$/, \"\");\n  }\n}\n\nexport function resolveCloudApiBaseUrl(rawUrl?: string): string {\n  return `${normalizeCloudSiteUrl(rawUrl)}/api/v1`;\n}\n",
+    "import dns from \"node:dns\";\nimport net from \"node:net\";\nimport { promisify } from \"node:util\";\n\nconst dnsLookupAll = promisify(dns.lookup);\n\nconst BLOCKED_IPV4_CIDRS: Array<{ base: number; mask: number }> = [\n  cidrV4(\"0.0.0.0\", 8),\n  cidrV4(\"10.0.0.0\", 8),\n  cidrV4(\"172.16.0.0\", 12),\n  cidrV4(\"192.168.0.0\", 16),\n  cidrV4(\"100.64.0.0\", 10),\n  cidrV4(\"127.0.0.0\", 8),\n  cidrV4(\"169.254.0.0\", 16),\n  cidrV4(\"192.0.0.0\", 24),\n  cidrV4(\"198.18.0.0\", 15),\n  cidrV4(\"192.0.2.0\", 24),\n  cidrV4(\"198.51.100.0\", 24),\n  cidrV4(\"203.0.113.0\", 24),\n  cidrV4(\"224.0.0.0\", 4),\n  cidrV4(\"240.0.0.0\", 4),\n];\n\nfunction normalizeHostLike(value: string): string {\n  return value\n    .trim()\n    .toLowerCase()\n    .replace(/^\\[|\\]$/g, \"\");\n}\n\nfunction decodeIpv6MappedHex(mapped: string): string | null {\n  const parts = mapped.split(\":\");\n  if (parts.length < 1 || parts.length > 2) return null;\n\n  const parsed = parts.map((part) => {\n    if (!/^[0-9a-f]{1,4}$/i.test(part)) return Number.NaN;\n    return Number.parseInt(part, 16);\n  });\n  if (parsed.some((value) => !Number.isFinite(value))) return null;\n\n  const [hi, lo] = parsed.length === 1 ? [0, parsed[0]] : parsed;\n  const octets = [hi >> 8, hi & 0xff, lo >> 8, lo & 0xff];\n  return octets.join(\".\");\n}\n\nfunction canonicalizeIpv6(ip: string): string | null {\n  try {\n    return new URL(`http://[${ip}]/`).hostname.replace(/^\\[|\\]$/g, \"\");\n  } catch {\n    return null;\n  }\n}\n\nfunction normalizeIpForPolicy(ip: string): string {\n  const base = normalizeHostLike(ip).split(\"%\")[0];\n  if (!base) return base;\n\n  let normalized = base;\n  if (net.isIP(normalized) === 6) {\n    normalized = canonicalizeIpv6(normalized) ?? normalized;\n  }\n\n  let mapped: string | null = null;\n  if (normalized.startsWith(\"::ffff:\")) {\n    mapped = normalized.slice(\"::ffff:\".length);\n  } else if (normalized.startsWith(\"0:0:0:0:0:ffff:\")) {\n    mapped = normalized.slice(\"0:0:0:0:0:ffff:\".length);\n  }\n  if (!mapped) return normalized;\n\n  if (net.isIP(mapped) === 4) return mapped;\n  return decodeIpv6MappedHex(mapped) ?? normalized;\n}\n\nfunction cidrV4(base: string, prefix: number): { base: number; mask: number } {\n  const parsed = parseIpv4ToInt(base);\n  if (parsed === null) {\n    throw new Error(`Invalid CIDR base IPv4 address: ${base}`);\n  }\n  const shift = 32 - prefix;\n  const mask = shift === 32 ? 0 : (0xffffffff << shift) >>> 0;\n  return { base: parsed & mask, mask };\n}\n\nfunction parseIpv4ToInt(ip: string): number | null {\n  const parts = ip.split(\".\");\n  if (parts.length !== 4) return null;\n\n  let value = 0;\n  for (const part of parts) {\n    if (!/^\\d{1,3}$/.test(part)) return null;\n    const octet = Number.parseInt(part, 10);\n    if (!Number.isInteger(octet) || octet < 0 || octet > 255) return null;\n    value = (value << 8) | octet;\n  }\n\n  return value >>> 0;\n}\n\nfunction isBlockedIpv4(ip: string): boolean {\n  const asInt = parseIpv4ToInt(ip);\n  if (asInt === null) return true;\n  return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);\n}\n\nfunction isBlockedIpv6(ip: string): boolean {\n  const normalized = ip.toLowerCase();\n  return (\n    normalized === \"::\" ||\n    normalized === \"::1\" ||\n    /^fe[89ab][0-9a-f]:/.test(normalized) ||\n    /^f[cd][0-9a-f]{2}:/i.test(normalized) ||\n    normalized.startsWith(\"ff\")\n  );\n}\n\nfunction isBlockedIp(ip: string): boolean {\n  const normalized = normalizeIpForPolicy(ip);\n  const family = net.isIP(normalized);\n  if (family === 4) return isBlockedIpv4(normalized);\n  if (family === 6) return isBlockedIpv6(normalized);\n  return false;\n}\n\nexport async function validateCloudBaseUrl(\n  rawUrl: string,\n): Promise<string | null> {\n  let parsed: URL;\n  try {\n    parsed = new URL(rawUrl);\n  } catch {\n    return `Invalid cloud base URL: \"${rawUrl}\"`;\n  }\n\n  if (parsed.protocol !== \"https:\") {\n    return `Cloud base URL must use HTTPS, got \"${parsed.protocol}\" in \"${rawUrl}\"`;\n  }\n\n  const hostname = normalizeHostLike(parsed.hostname);\n  if (!hostname) {\n    return `Invalid cloud base URL: \"${rawUrl}\"`;\n  }\n\n  if (\n    hostname === \"localhost\" ||\n    hostname.endsWith(\".localhost\") ||\n    hostname.endsWith(\".local\")\n  ) {\n    return `Cloud base URL \"${rawUrl}\" points to a blocked local hostname.`;\n  }\n\n  // Dev-mode bypass: skip IP-range blocking but keep URL format checks above.\n  if (process.env.NODE_ENV === \"development\" || process.env.ELIZA_DEV) {\n    return null;\n  }\n\n  if (isBlockedIp(hostname)) {\n    return `Cloud base URL \"${rawUrl}\" points to a blocked address.`;\n  }\n\n  try {\n    const results = await dnsLookupAll(hostname, { all: true });\n    const addresses = Array.isArray(results) ? results : [results];\n    for (const entry of addresses) {\n      const ip =\n        typeof entry === \"string\"\n          ? entry\n          : (entry as { address: string }).address;\n      if (isBlockedIp(ip)) {\n        return (\n          `Cloud base URL \"${rawUrl}\" resolves to ${ip}, ` +\n          \"which is a blocked internal/metadata address.\"\n        );\n      }\n    }\n  } catch {\n    return `Cloud base URL \"${rawUrl}\" could not be resolved via DNS.`;\n  }\n\n  return null;\n}\n",
+    "/**\n * Eliza Cloud login flow — reuses the CLI auth session pattern:\n * create session, open browser, poll until authenticated, return API key.\n */\n\nimport crypto from \"node:crypto\";\nimport { logger } from \"@elizaos/core\";\nimport { normalizeCloudSiteUrl } from \"./base-url.js\";\nimport { validateCloudBaseUrl } from \"./validate-url.js\";\n\nexport interface CloudLoginResult {\n  apiKey: string;\n  keyPrefix: string;\n  expiresAt: string | null;\n}\n\nexport interface CloudLoginOptions {\n  baseUrl?: string;\n  timeoutMs?: number;\n  requestTimeoutMs?: number;\n  pollIntervalMs?: number;\n  onBrowserUrl?: (url: string) => void;\n  onPollStatus?: (status: string) => void;\n}\n\nconst DEFAULT_CLOUD_REQUEST_TIMEOUT_MS = 10_000;\n\nfunction isRedirectResponse(response: Response): boolean {\n  return response.status >= 300 && response.status < 400;\n}\n\nfunction isTimeoutError(err: unknown): boolean {\n  if (!(err instanceof Error)) return false;\n  if (err.name === \"TimeoutError\" || err.name === \"AbortError\") return true;\n  const msg = err.message.toLowerCase();\n  return msg.includes(\"timed out\") || msg.includes(\"timeout\");\n}\n\nasync function fetchWithTimeout(\n  input: string,\n  init: RequestInit,\n  timeoutMs: number,\n): Promise<Response> {\n  return fetch(input, {\n    ...init,\n    redirect: \"manual\",\n    signal: AbortSignal.timeout(timeoutMs),\n  });\n}\n\nexport async function cloudLogin(\n  options: CloudLoginOptions = {},\n): Promise<CloudLoginResult> {\n  const baseUrl = normalizeCloudSiteUrl(options.baseUrl);\n  const urlError = await validateCloudBaseUrl(baseUrl);\n  if (urlError) {\n    throw new Error(urlError);\n  }\n  const timeoutMs = options.timeoutMs ?? 300_000;\n  const requestTimeoutMs =\n    options.requestTimeoutMs ?? DEFAULT_CLOUD_REQUEST_TIMEOUT_MS;\n  const pollIntervalMs = options.pollIntervalMs ?? 2_000;\n  const sessionId = crypto.randomUUID();\n\n  logger.info(\"[cloud-auth] Creating auth session...\");\n\n  let createResponse: Response;\n  try {\n    createResponse = await fetchWithTimeout(\n      `${baseUrl}/api/auth/cli-session`,\n      {\n        method: \"POST\",\n        headers: { \"Content-Type\": \"application/json\" },\n        body: JSON.stringify({ sessionId }),\n      },\n      requestTimeoutMs,\n    );\n  } catch (err) {\n    if (isTimeoutError(err)) {\n      throw new Error(\n        `Cloud login request timed out while creating session (>${requestTimeoutMs}ms).`,\n      );\n    }\n    throw new Error(`Failed to create auth session: ${String(err)}`);\n  }\n\n  if (!createResponse.ok) {\n    if (isRedirectResponse(createResponse)) {\n      throw new Error(\n        \"Cloud login request was redirected; redirects are not allowed.\",\n      );\n    }\n    const errorText = await createResponse.text();\n    throw new Error(\n      `Failed to create auth session (HTTP ${createResponse.status}): ${errorText}`,\n    );\n  }\n\n  const browserUrl = `${baseUrl}/auth/cli-login?session=${encodeURIComponent(sessionId)}`;\n  logger.info(`[cloud-auth] Browser URL: ${browserUrl}`);\n  options.onBrowserUrl?.(browserUrl);\n\n  const deadline = Date.now() + timeoutMs;\n\n  while (Date.now() < deadline) {\n    const remainingBeforeSleep = deadline - Date.now();\n    if (remainingBeforeSleep <= 0) break;\n    await new Promise((resolve) =>\n      setTimeout(resolve, Math.min(pollIntervalMs, remainingBeforeSleep)),\n    );\n\n    const remaining = deadline - Date.now();\n    if (remaining <= 0) break;\n\n    let pollResponse: Response;\n    try {\n      pollResponse = await fetchWithTimeout(\n        `${baseUrl}/api/auth/cli-session/${encodeURIComponent(sessionId)}`,\n        {},\n        Math.min(requestTimeoutMs, remaining),\n      );\n    } catch (err) {\n      if (isTimeoutError(err)) {\n        if (remaining <= requestTimeoutMs) {\n          break;\n        }\n        throw new Error(\n          `Cloud login polling request timed out (>${Math.min(requestTimeoutMs, remaining)}ms).`,\n        );\n      }\n      throw new Error(`Cloud login polling failed: ${String(err)}`);\n    }\n\n    if (!pollResponse.ok) {\n      if (isRedirectResponse(pollResponse)) {\n        throw new Error(\n          \"Cloud login polling request was redirected; redirects are not allowed.\",\n        );\n      }\n      if (pollResponse.status === 404) {\n        throw new Error(\"Auth session expired or not found. Please try again.\");\n      }\n      options.onPollStatus?.(\"error\");\n      continue;\n    }\n\n    const data = (await pollResponse.json()) as {\n      status: string;\n      apiKey?: string;\n      keyPrefix?: string;\n      expiresAt?: string;\n    };\n\n    options.onPollStatus?.(data.status);\n\n    if (data.status === \"authenticated\" && data.apiKey) {\n      logger.info(\"[cloud-auth] Authentication complete\");\n      return {\n        apiKey: data.apiKey,\n        keyPrefix: data.keyPrefix ?? \"\",\n        expiresAt: data.expiresAt ?? null,\n      };\n    }\n\n    if (data.status === \"authenticated\" && !data.apiKey) {\n      throw new Error(\n        \"Auth session was completed but the API key was already retrieved. Please try logging in again.\",\n      );\n    }\n  }\n\n  throw new Error(\n    `Cloud login timed out. The browser login was not completed within ${Math.round(timeoutMs / 1000)} seconds.`,\n  );\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAOA,SAAS,cAAc,CAAC,UAA2B;AAAA,EACjD,MAAM,aAAa,SAAS,YAAY;AAAA,EACxC,OACE,eAAe,eACf,eAAe,SACf,eAAe,qBACf,WAAW,WAAW,MAAM;AAAA;AAIhC,SAAS,WAAW,CAAC,UAA0B;AAAA,EAC7C,MAAM,aAAa,SAAS,KAAK,EAAE,QAAQ,QAAQ,EAAE;AAAA,EACrD,IAAI,CAAC;AAAA,IAAY,OAAO;AAAA,EACxB,IAAI,eAAe;AAAA,IAAW,OAAO;AAAA,EACrC,IAAI,WAAW,SAAS,SAAS,GAAG;AAAA,IAClC,OAAO,WAAW,MAAM,GAAG,CAAC,UAAU,MAAM;AAAA,EAC9C;AAAA,EACA,OAAO;AAAA;AAGF,SAAS,qBAAqB,CAAC,QAAyB;AAAA,EAE7D,MAAM,cAAc,QAAQ,IAAI,wBAAwB,KAAK;AAAA,EAC7D,MAAM,YAAY,eAAe,QAAQ,KAAK,KAAK;AAAA,EAEnD,IAAI;AAAA,IACF,MAAM,SAAS,IAAI,IAAI,SAAS;AAAA,IAChC,MAAM,WAAW,YAAY,OAAO,QAAQ;AAAA,IAC5C,MAAM,OAAO,OAAO,SAAS,YAAY;AAAA,IACzC,MAAM,sBAAsB,eAAe,IAAI;AAAA,IAE/C,OAAO,OAAO;AAAA,IACd,OAAO,SAAS;AAAA,IAChB,IAAI,CAAC,qBAAqB;AAAA,MACxB,OAAO,WAAW;AAAA,MAClB,OAAO,OAAO;AAAA,IAChB;AAAA,IACA,OAAO,WAAW;AAAA,IAElB,IAAI,0BAA0B,IAAI,IAAI,GAAG;AAAA,MACvC,OAAO,WAAW;AAAA,MAClB,OAAO,WAAW;AAAA,IACpB;AAAA,IAEA,OAAO,OAAO,SAAS,EAAE,QAAQ,eAAe,EAAE;AAAA,IAClD,MAAM;AAAA,IACN,MAAM,gBACJ,UAAU,SAAS,OAAO,UAAU,MAAM,GAAG,IAAI,IAAI;AAAA,IACvD,OAAO,cAAc,QAAQ,eAAe,EAAE;AAAA;AAAA;AAI3C,SAAS,sBAAsB,CAAC,QAAyB;AAAA,EAC9D,OAAO,GAAG,sBAAsB,MAAM;AAAA;AAAA,IA5DlC,yBAAyB,6BAEzB;AAAA;AAAA,8BAA4B,IAAI,IAAI;AAAA,IACxC;AAAA,IACA;AAAA,EACF,CAAC;AAAA;;;ACLD;AACA;AACA;AAqBA,SAAS,iBAAiB,CAAC,OAAuB;AAAA,EAChD,OAAO,MACJ,KAAK,EACL,YAAY,EACZ,QAAQ,YAAY,EAAE;AAAA;AAG3B,SAAS,mBAAmB,CAAC,QAA+B;AAAA,EAC1D,MAAM,QAAQ,OAAO,MAAM,GAAG;AAAA,EAC9B,IAAI,MAAM,SAAS,KAAK,MAAM,SAAS;AAAA,IAAG,OAAO;AAAA,EAEjD,MAAM,SAAS,MAAM,IAAI,CAAC,SAAS;AAAA,IACjC,IAAI,CAAC,mBAAmB,KAAK,IAAI;AAAA,MAAG,OAAO,OAAO;AAAA,IAClD,OAAO,OAAO,SAAS,MAAM,EAAE;AAAA,GAChC;AAAA,EACD,IAAI,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,SAAS,KAAK,CAAC;AAAA,IAAG,OAAO;AAAA,EAE5D,OAAO,IAAI,MAAM,OAAO,WAAW,IAAI,CAAC,GAAG,OAAO,EAAE,IAAI;AAAA,EACxD,MAAM,SAAS,CAAC,MAAM,GAAG,KAAK,KAAM,MAAM,GAAG,KAAK,GAAI;AAAA,EACtD,OAAO,OAAO,KAAK,GAAG;AAAA;AAGxB,SAAS,gBAAgB,CAAC,IAA2B;AAAA,EACnD,IAAI;AAAA,IACF,OAAO,IAAI,IAAI,WAAW,MAAM,EAAE,SAAS,QAAQ,YAAY,EAAE;AAAA,IACjE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAIX,SAAS,oBAAoB,CAAC,IAAoB;AAAA,EAChD,MAAM,OAAO,kBAAkB,EAAE,EAAE,MAAM,GAAG,EAAE;AAAA,EAC9C,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAElB,IAAI,aAAa;AAAA,EACjB,IAAI,IAAI,KAAK,UAAU,MAAM,GAAG;AAAA,IAC9B,aAAa,iBAAiB,UAAU,KAAK;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAwB;AAAA,EAC5B,IAAI,WAAW,WAAW,SAAS,GAAG;AAAA,IACpC,SAAS,WAAW,MAAM,UAAU,MAAM;AAAA,EAC5C,EAAO,SAAI,WAAW,WAAW,iBAAiB,GAAG;AAAA,IACnD,SAAS,WAAW,MAAM,kBAAkB,MAAM;AAAA,EACpD;AAAA,EACA,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EAEpB,IAAI,IAAI,KAAK,MAAM,MAAM;AAAA,IAAG,OAAO;AAAA,EACnC,OAAO,oBAAoB,MAAM,KAAK;AAAA;AAGxC,SAAS,MAAM,CAAC,MAAc,QAAgD;AAAA,EAC5E,MAAM,SAAS,eAAe,IAAI;AAAA,EAClC,IAAI,WAAW,MAAM;AAAA,IACnB,MAAM,IAAI,MAAM,mCAAmC,MAAM;AAAA,EAC3D;AAAA,EACA,MAAM,QAAQ,KAAK;AAAA,EACnB,MAAM,OAAO,UAAU,KAAK,IAAK,cAAc,UAAW;AAAA,EAC1D,OAAO,EAAE,MAAM,SAAS,MAAM,KAAK;AAAA;AAGrC,SAAS,cAAc,CAAC,IAA2B;AAAA,EACjD,MAAM,QAAQ,GAAG,MAAM,GAAG;AAAA,EAC1B,IAAI,MAAM,WAAW;AAAA,IAAG,OAAO;AAAA,EAE/B,IAAI,QAAQ;AAAA,EACZ,WAAW,QAAQ,OAAO;AAAA,IACxB,IAAI,CAAC,YAAY,KAAK,IAAI;AAAA,MAAG,OAAO;AAAA,IACpC,MAAM,QAAQ,OAAO,SAAS,MAAM,EAAE;AAAA,IACtC,IAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ;AAAA,MAAK,OAAO;AAAA,IACjE,QAAS,SAAS,IAAK;AAAA,EACzB;AAAA,EAEA,OAAO,UAAU;AAAA;AAGnB,SAAS,aAAa,CAAC,IAAqB;AAAA,EAC1C,MAAM,QAAQ,eAAe,EAAE;AAAA,EAC/B,IAAI,UAAU;AAAA,IAAM,OAAO;AAAA,EAC3B,OAAO,mBAAmB,KAAK,CAAC,UAAU,QAAQ,KAAK,UAAU,KAAK,IAAI;AAAA;AAG5E,SAAS,aAAa,CAAC,IAAqB;AAAA,EAC1C,MAAM,aAAa,GAAG,YAAY;AAAA,EAClC,OACE,eAAe,QACf,eAAe,SACf,qBAAqB,KAAK,UAAU,KACpC,sBAAsB,KAAK,UAAU,KACrC,WAAW,WAAW,IAAI;AAAA;AAI9B,SAAS,WAAW,CAAC,IAAqB;AAAA,EACxC,MAAM,aAAa,qBAAqB,EAAE;AAAA,EAC1C,MAAM,SAAS,IAAI,KAAK,UAAU;AAAA,EAClC,IAAI,WAAW;AAAA,IAAG,OAAO,cAAc,UAAU;AAAA,EACjD,IAAI,WAAW;AAAA,IAAG,OAAO,cAAc,UAAU;AAAA,EACjD,OAAO;AAAA;AAGT,eAAsB,oBAAoB,CACxC,QACwB;AAAA,EACxB,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,SAAS,IAAI,IAAI,MAAM;AAAA,IACvB,MAAM;AAAA,IACN,OAAO,4BAA4B;AAAA;AAAA,EAGrC,IAAI,OAAO,aAAa,UAAU;AAAA,IAChC,OAAO,uCAAuC,OAAO,iBAAiB;AAAA,EACxE;AAAA,EAEA,MAAM,WAAW,kBAAkB,OAAO,QAAQ;AAAA,EAClD,IAAI,CAAC,UAAU;AAAA,IACb,OAAO,4BAA4B;AAAA,EACrC;AAAA,EAEA,IACE,aAAa,eACb,SAAS,SAAS,YAAY,KAC9B,SAAS,SAAS,QAAQ,GAC1B;AAAA,IACA,OAAO,mBAAmB;AAAA,EAC5B;AAAA,EAGA,IAAI,MAAiE;AAAA,IACnE,OAAO;AAAA,EACT;AAAA,EAEA,IAAI,YAAY,QAAQ,GAAG;AAAA,IACzB,OAAO,mBAAmB;AAAA,EAC5B;AAAA,EAEA,IAAI;AAAA,IACF,MAAM,UAAU,MAAM,aAAa,UAAU,EAAE,KAAK,KAAK,CAAC;AAAA,IAC1D,MAAM,YAAY,MAAM,QAAQ,OAAO,IAAI,UAAU,CAAC,OAAO;AAAA,IAC7D,WAAW,SAAS,WAAW;AAAA,MAC7B,MAAM,KACJ,OAAO,UAAU,WACb,QACC,MAA8B;AAAA,MACrC,IAAI,YAAY,EAAE,GAAG;AAAA,QACnB,OACE,mBAAmB,uBAAuB,SAC1C;AAAA,MAEJ;AAAA,IACF;AAAA,IACA,MAAM;AAAA,IACN,OAAO,mBAAmB;AAAA;AAAA,EAG5B,OAAO;AAAA;AAAA,IA/KH,cAEA;AAAA;AAAA,EAFA,eAAe,UAAU,IAAI,MAAM;AAAA,EAEnC,qBAA4D;AAAA,IAChE,OAAO,WAAW,CAAC;AAAA,IACnB,OAAO,YAAY,CAAC;AAAA,IACpB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,aAAa,CAAC;AAAA,IACrB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,aAAa,EAAE;AAAA,IACtB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,aAAa,EAAE;AAAA,IACtB,OAAO,gBAAgB,EAAE;AAAA,IACzB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,aAAa,CAAC;AAAA,IACrB,OAAO,aAAa,CAAC;AAAA,EACvB;AAAA;;;ACdA;AACA;AAHA;AACA;AAmBA,IAAM,mCAAmC;AAEzC,SAAS,kBAAkB,CAAC,UAA6B;AAAA,EACvD,OAAO,SAAS,UAAU,OAAO,SAAS,SAAS;AAAA;AAGrD,SAAS,cAAc,CAAC,KAAuB;AAAA,EAC7C,IAAI,EAAE,eAAe;AAAA,IAAQ,OAAO;AAAA,EACpC,IAAI,IAAI,SAAS,kBAAkB,IAAI,SAAS;AAAA,IAAc,OAAO;AAAA,EACrE,MAAM,MAAM,IAAI,QAAQ,YAAY;AAAA,EACpC,OAAO,IAAI,SAAS,WAAW,KAAK,IAAI,SAAS,SAAS;AAAA;AAG5D,eAAe,gBAAgB,CAC7B,OACA,MACA,WACmB;AAAA,EACnB,OAAO,MAAM,OAAO;AAAA,OACf;AAAA,IACH,UAAU;AAAA,IACV,QAAQ,YAAY,QAAQ,SAAS;AAAA,EACvC,CAAC;AAAA;AAGH,eAAsB,UAAU,CAC9B,UAA6B,CAAC,GACH;AAAA,EAC3B,MAAM,UAAU,sBAAsB,QAAQ,OAAO;AAAA,EACrD,MAAM,WAAW,MAAM,qBAAqB,OAAO;AAAA,EACnD,IAAI,UAAU;AAAA,IACZ,MAAM,IAAI,MAAM,QAAQ;AAAA,EAC1B;AAAA,EACA,MAAM,YAAY,QAAQ,aAAa;AAAA,EACvC,MAAM,mBACJ,QAAQ,oBAAoB;AAAA,EAC9B,MAAM,iBAAiB,QAAQ,kBAAkB;AAAA,EACjD,MAAM,YAAY,OAAO,WAAW;AAAA,EAEpC,OAAO,KAAK,uCAAuC;AAAA,EAEnD,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,iBAAiB,MAAM,iBACrB,GAAG,gCACH;AAAA,MACE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,MAC9C,MAAM,KAAK,UAAU,EAAE,UAAU,CAAC;AAAA,IACpC,GACA,gBACF;AAAA,IACA,OAAO,KAAK;AAAA,IACZ,IAAI,eAAe,GAAG,GAAG;AAAA,MACvB,MAAM,IAAI,MACR,0DAA0D,sBAC5D;AAAA,IACF;AAAA,IACA,MAAM,IAAI,MAAM,kCAAkC,OAAO,GAAG,GAAG;AAAA;AAAA,EAGjE,IAAI,CAAC,eAAe,IAAI;AAAA,IACtB,IAAI,mBAAmB,cAAc,GAAG;AAAA,MACtC,MAAM,IAAI,MACR,gEACF;AAAA,IACF;AAAA,IACA,MAAM,YAAY,MAAM,eAAe,KAAK;AAAA,IAC5C,MAAM,IAAI,MACR,uCAAuC,eAAe,YAAY,WACpE;AAAA,EACF;AAAA,EAEA,MAAM,aAAa,GAAG,kCAAkC,mBAAmB,SAAS;AAAA,EACpF,OAAO,KAAK,6BAA6B,YAAY;AAAA,EACrD,QAAQ,eAAe,UAAU;AAAA,EAEjC,MAAM,WAAW,KAAK,IAAI,IAAI;AAAA,EAE9B,OAAO,KAAK,IAAI,IAAI,UAAU;AAAA,IAC5B,MAAM,uBAAuB,WAAW,KAAK,IAAI;AAAA,IACjD,IAAI,wBAAwB;AAAA,MAAG;AAAA,IAC/B,MAAM,IAAI,QAAQ,CAAC,YACjB,WAAW,SAAS,KAAK,IAAI,gBAAgB,oBAAoB,CAAC,CACpE;AAAA,IAEA,MAAM,YAAY,WAAW,KAAK,IAAI;AAAA,IACtC,IAAI,aAAa;AAAA,MAAG;AAAA,IAEpB,IAAI;AAAA,IACJ,IAAI;AAAA,MACF,eAAe,MAAM,iBACnB,GAAG,gCAAgC,mBAAmB,SAAS,KAC/D,CAAC,GACD,KAAK,IAAI,kBAAkB,SAAS,CACtC;AAAA,MACA,OAAO,KAAK;AAAA,MACZ,IAAI,eAAe,GAAG,GAAG;AAAA,QACvB,IAAI,aAAa,kBAAkB;AAAA,UACjC;AAAA,QACF;AAAA,QACA,MAAM,IAAI,MACR,2CAA2C,KAAK,IAAI,kBAAkB,SAAS,OACjF;AAAA,MACF;AAAA,MACA,MAAM,IAAI,MAAM,+BAA+B,OAAO,GAAG,GAAG;AAAA;AAAA,IAG9D,IAAI,CAAC,aAAa,IAAI;AAAA,MACpB,IAAI,mBAAmB,YAAY,GAAG;AAAA,QACpC,MAAM,IAAI,MACR,wEACF;AAAA,MACF;AAAA,MACA,IAAI,aAAa,WAAW,KAAK;AAAA,QAC/B,MAAM,IAAI,MAAM,sDAAsD;AAAA,MACxE;AAAA,MACA,QAAQ,eAAe,OAAO;AAAA,MAC9B;AAAA,IACF;AAAA,IAEA,MAAM,OAAQ,MAAM,aAAa,KAAK;AAAA,IAOtC,QAAQ,eAAe,KAAK,MAAM;AAAA,IAElC,IAAI,KAAK,WAAW,mBAAmB,KAAK,QAAQ;AAAA,MAClD,OAAO,KAAK,sCAAsC;AAAA,MAClD,OAAO;AAAA,QACL,QAAQ,KAAK;AAAA,QACb,WAAW,KAAK,aAAa;AAAA,QAC7B,WAAW,KAAK,aAAa;AAAA,MAC/B;AAAA,IACF;AAAA,IAEA,IAAI,KAAK,WAAW,mBAAmB,CAAC,KAAK,QAAQ;AAAA,MACnD,MAAM,IAAI,MACR,gGACF;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAM,IAAI,MACR,qEAAqE,KAAK,MAAM,YAAY,IAAI,YAClG;AAAA;",
+  "debugId": "FE8D7066E15F125A64756E2164756E21",
+  "names": []
+}

package/dist/cloud/backup.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Periodic state backup scheduler for cloud sandboxes.
+ * Default interval: 60s. Configurable via cloud.backup.autoBackupIntervalMs.
+ */
+import type { ElizaCloudClient } from "./bridge-client.js";
+export declare class BackupScheduler {
+    private client;
+    private agentId;
+    private intervalMs;
+    private timer;
+    private running;
+    constructor(client: ElizaCloudClient, agentId: string, intervalMs?: number);
+    start(): void;
+    stop(): void;
+    isRunning(): boolean;
+    finalSnapshot(): Promise<void>;
+}
+//# sourceMappingURL=backup.d.ts.map

package/dist/cloud/backup.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"backup.d.ts","sourceRoot":"","sources":["../../src/cloud/backup.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAE3D,qBAAa,eAAe;IAKxB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,OAAO;IACf,OAAO,CAAC,UAAU;IANpB,OAAO,CAAC,KAAK,CAA+C;IAC5D,OAAO,CAAC,OAAO,CAAS;gBAGd,MAAM,EAAE,gBAAgB,EACxB,OAAO,EAAE,MAAM,EACf,UAAU,GAAE,MAAe;IAGrC,KAAK,IAAI,IAAI;IAUb,IAAI,IAAI,IAAI;IAQZ,SAAS,IAAI,OAAO;IAId,aAAa,IAAI,OAAO,CAAC,IAAI,CAAC;CAKrC"}

package/dist/cloud/backup.js

@@ -0,0 +1,63 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/cloud/backup.ts
+import { logger } from "@elizaos/core";
+
+class BackupScheduler {
+  client;
+  agentId;
+  intervalMs;
+  timer = null;
+  running = false;
+  constructor(client, agentId, intervalMs = 60000) {
+    this.client = client;
+    this.agentId = agentId;
+    this.intervalMs = intervalMs;
+  }
+  start() {
+    if (this.timer)
+      return;
+    this.running = true;
+    this.timer = setInterval(() => {
+      this.client.snapshot(this.agentId).catch((err) => {
+        logger.warn(`[cloud-backup] Auto-backup failed: ${String(err)}`);
+      });
+    }, this.intervalMs);
+  }
+  stop() {
+    if (this.timer) {
+      clearInterval(this.timer);
+      this.timer = null;
+    }
+    this.running = false;
+  }
+  isRunning() {
+    return this.running;
+  }
+  async finalSnapshot() {
+    await this.client.snapshot(this.agentId).catch((err) => {
+      logger.warn(`[cloud-backup] Final snapshot failed: ${String(err)}`);
+    });
+  }
+}
+export {
+  BackupScheduler
+};
+
+//# debugId=60D6AF2255AAB74B64756E2164756E21

package/dist/cloud/backup.js.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/cloud/backup.ts"],
+  "sourcesContent": [
+    "/**\n * Periodic state backup scheduler for cloud sandboxes.\n * Default interval: 60s. Configurable via cloud.backup.autoBackupIntervalMs.\n */\n\nimport { logger } from \"@elizaos/core\";\nimport type { ElizaCloudClient } from \"./bridge-client.js\";\n\nexport class BackupScheduler {\n  private timer: ReturnType<typeof setInterval> | null = null;\n  private running = false;\n\n  constructor(\n    private client: ElizaCloudClient,\n    private agentId: string,\n    private intervalMs: number = 60_000,\n  ) {}\n\n  start(): void {\n    if (this.timer) return;\n    this.running = true;\n    this.timer = setInterval(() => {\n      this.client.snapshot(this.agentId).catch((err) => {\n        logger.warn(`[cloud-backup] Auto-backup failed: ${String(err)}`);\n      });\n    }, this.intervalMs);\n  }\n\n  stop(): void {\n    if (this.timer) {\n      clearInterval(this.timer);\n      this.timer = null;\n    }\n    this.running = false;\n  }\n\n  isRunning(): boolean {\n    return this.running;\n  }\n\n  async finalSnapshot(): Promise<void> {\n    await this.client.snapshot(this.agentId).catch((err) => {\n      logger.warn(`[cloud-backup] Final snapshot failed: ${String(err)}`);\n    });\n  }\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAKA;AAAA;AAGO,MAAM,gBAAgB;AAAA,EAKjB;AAAA,EACA;AAAA,EACA;AAAA,EANF,QAA+C;AAAA,EAC/C,UAAU;AAAA,EAElB,WAAW,CACD,QACA,SACA,aAAqB,OAC7B;AAAA,IAHQ;AAAA,IACA;AAAA,IACA;AAAA;AAAA,EAGV,KAAK,GAAS;AAAA,IACZ,IAAI,KAAK;AAAA,MAAO;AAAA,IAChB,KAAK,UAAU;AAAA,IACf,KAAK,QAAQ,YAAY,MAAM;AAAA,MAC7B,KAAK,OAAO,SAAS,KAAK,OAAO,EAAE,MAAM,CAAC,QAAQ;AAAA,QAChD,OAAO,KAAK,sCAAsC,OAAO,GAAG,GAAG;AAAA,OAChE;AAAA,OACA,KAAK,UAAU;AAAA;AAAA,EAGpB,IAAI,GAAS;AAAA,IACX,IAAI,KAAK,OAAO;AAAA,MACd,cAAc,KAAK,KAAK;AAAA,MACxB,KAAK,QAAQ;AAAA,IACf;AAAA,IACA,KAAK,UAAU;AAAA;AAAA,EAGjB,SAAS,GAAY;AAAA,IACnB,OAAO,KAAK;AAAA;AAAA,OAGR,cAAa,GAAkB;AAAA,IACnC,MAAM,KAAK,OAAO,SAAS,KAAK,OAAO,EAAE,MAAM,CAAC,QAAQ;AAAA,MACtD,OAAO,KAAK,yCAAyC,OAAO,GAAG,GAAG;AAAA,KACnE;AAAA;AAEL;",
+  "debugId": "60D6AF2255AAB74B64756E2164756E21",
+  "names": []
+}

package/dist/cloud/base-url.d.ts

@@ -0,0 +1,3 @@
+export declare function normalizeCloudSiteUrl(rawUrl?: string): string;
+export declare function resolveCloudApiBaseUrl(rawUrl?: string): string;
+//# sourceMappingURL=base-url.d.ts.map

package/dist/cloud/base-url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"base-url.d.ts","sourceRoot":"","sources":["../../src/cloud/base-url.ts"],"names":[],"mappings":"AA2BA,wBAAgB,qBAAqB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CA8B7D;AAED,wBAAgB,sBAAsB,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,CAE9D"}

package/dist/cloud/base-url.js

@@ -0,0 +1,77 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/cloud/base-url.ts
+function isLoopbackHost(hostname) {
+  const normalized = hostname.toLowerCase();
+  return normalized === "localhost" || normalized === "::1" || normalized === "0:0:0:0:0:0:0:1" || normalized.startsWith("127.");
+}
+function trimApiPath(pathname) {
+  const normalized = pathname.trim().replace(/\/+$/, "");
+  if (!normalized)
+    return "";
+  if (normalized === "/api/v1")
+    return "";
+  if (normalized.endsWith("/api/v1")) {
+    return normalized.slice(0, -"/api/v1".length);
+  }
+  return normalized;
+}
+function normalizeCloudSiteUrl(rawUrl) {
+  const envOverride = process.env.ELIZAOS_CLOUD_BASE_URL?.trim();
+  const candidate = envOverride || rawUrl?.trim() || DEFAULT_CLOUD_SITE_URL;
+  try {
+    const parsed = new URL(candidate);
+    const pathname = trimApiPath(parsed.pathname);
+    const host = parsed.hostname.toLowerCase();
+    const preserveLocalOrigin = isLoopbackHost(host);
+    parsed.hash = "";
+    parsed.search = "";
+    if (!preserveLocalOrigin) {
+      parsed.protocol = "https:";
+      parsed.port = "";
+    }
+    parsed.pathname = pathname;
+    if (LEGACY_CLOUD_HOST_ALIASES.has(host)) {
+      parsed.hostname = "www.elizacloud.ai";
+      parsed.pathname = "";
+    }
+    return parsed.toString().replace(/\/{1,1024}$/, "");
+  } catch {
+    const safeCandidate = candidate.length > 8192 ? candidate.slice(0, 8192) : candidate;
+    return safeCandidate.replace(/\/{1,1024}$/, "");
+  }
+}
+function resolveCloudApiBaseUrl(rawUrl) {
+  return `${normalizeCloudSiteUrl(rawUrl)}/api/v1`;
+}
+var DEFAULT_CLOUD_SITE_URL = "https://www.elizacloud.ai", LEGACY_CLOUD_HOST_ALIASES;
+var init_base_url = __esm(() => {
+  LEGACY_CLOUD_HOST_ALIASES = new Set([
+    "elizacloud.ai",
+    "www.elizacloud.ai"
+  ]);
+});
+init_base_url();
+
+export {
+  resolveCloudApiBaseUrl,
+  normalizeCloudSiteUrl
+};
+
+//# debugId=2F65A77CD700E43164756E2164756E21

package/dist/cloud/base-url.js.map

@@ -0,0 +1,10 @@
+{
+  "version": 3,
+  "sources": ["../src/cloud/base-url.ts"],
+  "sourcesContent": [
+    "const DEFAULT_CLOUD_SITE_URL = \"https://www.elizacloud.ai\";\n\nconst LEGACY_CLOUD_HOST_ALIASES = new Set([\n  \"elizacloud.ai\",\n  \"www.elizacloud.ai\",\n]);\n\nfunction isLoopbackHost(hostname: string): boolean {\n  const normalized = hostname.toLowerCase();\n  return (\n    normalized === \"localhost\" ||\n    normalized === \"::1\" ||\n    normalized === \"0:0:0:0:0:0:0:1\" ||\n    normalized.startsWith(\"127.\")\n  );\n}\n\nfunction trimApiPath(pathname: string): string {\n  const normalized = pathname.trim().replace(/\\/+$/, \"\");\n  if (!normalized) return \"\";\n  if (normalized === \"/api/v1\") return \"\";\n  if (normalized.endsWith(\"/api/v1\")) {\n    return normalized.slice(0, -\"/api/v1\".length);\n  }\n  return normalized;\n}\n\nexport function normalizeCloudSiteUrl(rawUrl?: string): string {\n  // Allow cloud-provisioned containers to override the base URL via env var\n  const envOverride = process.env.ELIZAOS_CLOUD_BASE_URL?.trim();\n  const candidate = envOverride || rawUrl?.trim() || DEFAULT_CLOUD_SITE_URL;\n\n  try {\n    const parsed = new URL(candidate);\n    const pathname = trimApiPath(parsed.pathname);\n    const host = parsed.hostname.toLowerCase();\n    const preserveLocalOrigin = isLoopbackHost(host);\n\n    parsed.hash = \"\";\n    parsed.search = \"\";\n    if (!preserveLocalOrigin) {\n      parsed.protocol = \"https:\";\n      parsed.port = \"\";\n    }\n    parsed.pathname = pathname;\n\n    if (LEGACY_CLOUD_HOST_ALIASES.has(host)) {\n      parsed.hostname = \"www.elizacloud.ai\";\n      parsed.pathname = \"\";\n    }\n\n    return parsed.toString().replace(/\\/{1,1024}$/, \"\");\n  } catch {\n    const safeCandidate =\n      candidate.length > 8192 ? candidate.slice(0, 8192) : candidate;\n    return safeCandidate.replace(/\\/{1,1024}$/, \"\");\n  }\n}\n\nexport function resolveCloudApiBaseUrl(rawUrl?: string): string {\n  return `${normalizeCloudSiteUrl(rawUrl)}/api/v1`;\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAOA,SAAS,cAAc,CAAC,UAA2B;AAAA,EACjD,MAAM,aAAa,SAAS,YAAY;AAAA,EACxC,OACE,eAAe,eACf,eAAe,SACf,eAAe,qBACf,WAAW,WAAW,MAAM;AAAA;AAIhC,SAAS,WAAW,CAAC,UAA0B;AAAA,EAC7C,MAAM,aAAa,SAAS,KAAK,EAAE,QAAQ,QAAQ,EAAE;AAAA,EACrD,IAAI,CAAC;AAAA,IAAY,OAAO;AAAA,EACxB,IAAI,eAAe;AAAA,IAAW,OAAO;AAAA,EACrC,IAAI,WAAW,SAAS,SAAS,GAAG;AAAA,IAClC,OAAO,WAAW,MAAM,GAAG,CAAC,UAAU,MAAM;AAAA,EAC9C;AAAA,EACA,OAAO;AAAA;AAGF,SAAS,qBAAqB,CAAC,QAAyB;AAAA,EAE7D,MAAM,cAAc,QAAQ,IAAI,wBAAwB,KAAK;AAAA,EAC7D,MAAM,YAAY,eAAe,QAAQ,KAAK,KAAK;AAAA,EAEnD,IAAI;AAAA,IACF,MAAM,SAAS,IAAI,IAAI,SAAS;AAAA,IAChC,MAAM,WAAW,YAAY,OAAO,QAAQ;AAAA,IAC5C,MAAM,OAAO,OAAO,SAAS,YAAY;AAAA,IACzC,MAAM,sBAAsB,eAAe,IAAI;AAAA,IAE/C,OAAO,OAAO;AAAA,IACd,OAAO,SAAS;AAAA,IAChB,IAAI,CAAC,qBAAqB;AAAA,MACxB,OAAO,WAAW;AAAA,MAClB,OAAO,OAAO;AAAA,IAChB;AAAA,IACA,OAAO,WAAW;AAAA,IAElB,IAAI,0BAA0B,IAAI,IAAI,GAAG;AAAA,MACvC,OAAO,WAAW;AAAA,MAClB,OAAO,WAAW;AAAA,IACpB;AAAA,IAEA,OAAO,OAAO,SAAS,EAAE,QAAQ,eAAe,EAAE;AAAA,IAClD,MAAM;AAAA,IACN,MAAM,gBACJ,UAAU,SAAS,OAAO,UAAU,MAAM,GAAG,IAAI,IAAI;AAAA,IACvD,OAAO,cAAc,QAAQ,eAAe,EAAE;AAAA;AAAA;AAI3C,SAAS,sBAAsB,CAAC,QAAyB;AAAA,EAC9D,OAAO,GAAG,sBAAsB,MAAM;AAAA;AAAA,IA5DlC,yBAAyB,6BAEzB;AAAA;AAAA,8BAA4B,IAAI,IAAI;AAAA,IACxC;AAAA,IACA;AAAA,EACF,CAAC;AAAA;",
+  "debugId": "2F65A77CD700E43164756E2164756E21",
+  "names": []
+}