@elizaos/plugin-elizacloud 2.0.0-alpha.8 → 2.0.11-beta.7

package/dist/routes/cloud-routes-autonomous.js

@@ -0,0 +1,1252 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/cloud/base-url.ts
+import { normalizeCloudSiteUrl, resolveCloudApiBaseUrl } from "@elizaos/shared";
+var init_base_url = () => {};
+
+// src/cloud/validate-url.ts
+import dns from "node:dns";
+import net from "node:net";
+import { promisify } from "node:util";
+function normalizeHostLike(value) {
+  return value.trim().toLowerCase().replace(/^\[|\]$/g, "");
+}
+function decodeIpv6MappedHex(mapped) {
+  const parts = mapped.split(":");
+  if (parts.length < 1 || parts.length > 2)
+    return null;
+  const parsed = parts.map((part) => {
+    if (!/^[0-9a-f]{1,4}$/i.test(part))
+      return Number.NaN;
+    return Number.parseInt(part, 16);
+  });
+  if (parsed.some((value) => !Number.isFinite(value)))
+    return null;
+  const [hi, lo] = parsed.length === 1 ? [0, parsed[0]] : parsed;
+  const octets = [hi >> 8, hi & 255, lo >> 8, lo & 255];
+  return octets.join(".");
+}
+function canonicalizeIpv6(ip) {
+  try {
+    return new URL(`http://[${ip}]/`).hostname.replace(/^\[|\]$/g, "");
+  } catch {
+    return null;
+  }
+}
+function normalizeIpForPolicy(ip) {
+  const base = normalizeHostLike(ip).split("%")[0];
+  if (!base)
+    return base;
+  let normalized = base;
+  if (net.isIP(normalized) === 6) {
+    normalized = canonicalizeIpv6(normalized) ?? normalized;
+  }
+  let mapped = null;
+  if (normalized.startsWith("::ffff:")) {
+    mapped = normalized.slice("::ffff:".length);
+  } else if (normalized.startsWith("0:0:0:0:0:ffff:")) {
+    mapped = normalized.slice("0:0:0:0:0:ffff:".length);
+  }
+  if (!mapped)
+    return normalized;
+  if (net.isIP(mapped) === 4)
+    return mapped;
+  return decodeIpv6MappedHex(mapped) ?? normalized;
+}
+function cidrV4(base, prefix) {
+  const parsed = parseIpv4ToInt(base);
+  if (parsed === null) {
+    throw new Error(`Invalid CIDR base IPv4 address: ${base}`);
+  }
+  const shift = 32 - prefix;
+  const mask = shift === 32 ? 0 : 4294967295 << shift >>> 0;
+  return { base: parsed & mask, mask };
+}
+function parseIpv4ToInt(ip) {
+  const parts = ip.split(".");
+  if (parts.length !== 4)
+    return null;
+  let value = 0;
+  for (const part of parts) {
+    if (!/^\d{1,3}$/.test(part))
+      return null;
+    const octet = Number.parseInt(part, 10);
+    if (!Number.isInteger(octet) || octet < 0 || octet > 255)
+      return null;
+    value = value << 8 | octet;
+  }
+  return value >>> 0;
+}
+function isBlockedIpv4(ip) {
+  const asInt = parseIpv4ToInt(ip);
+  if (asInt === null)
+    return true;
+  return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);
+}
+function isBlockedIpv6(ip) {
+  const normalized = ip.toLowerCase();
+  return normalized === "::" || normalized === "::1" || /^fe[89ab][0-9a-f]:/.test(normalized) || /^f[cd][0-9a-f]{2}:/i.test(normalized) || normalized.startsWith("ff");
+}
+function isBlockedIp(ip) {
+  const normalized = normalizeIpForPolicy(ip);
+  const family = net.isIP(normalized);
+  if (family === 4)
+    return isBlockedIpv4(normalized);
+  if (family === 6)
+    return isBlockedIpv6(normalized);
+  return false;
+}
+async function validateCloudBaseUrl(rawUrl) {
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (parsed.protocol !== "https:") {
+    return `Cloud base URL must use HTTPS, got "${parsed.protocol}" in "${rawUrl}"`;
+  }
+  const hostname = normalizeHostLike(parsed.hostname);
+  if (!hostname) {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (hostname === "localhost" || hostname.endsWith(".localhost") || hostname.endsWith(".local")) {
+    return `Cloud base URL "${rawUrl}" points to a blocked local hostname.`;
+  }
+  const elizaDev = process.env.ELIZA_DEV?.trim().toLowerCase();
+  if (true) {
+    return null;
+  }
+  if (isBlockedIp(hostname)) {
+    return `Cloud base URL "${rawUrl}" points to a blocked address.`;
+  }
+  try {
+    const results = await dnsLookupAll(hostname, { all: true });
+    const addresses = Array.isArray(results) ? results : [results];
+    for (const entry of addresses) {
+      const ip = typeof entry === "string" ? entry : entry.address;
+      if (isBlockedIp(ip)) {
+        return `Cloud base URL "${rawUrl}" resolves to ${ip}, ` + "which is a blocked internal/metadata address.";
+      }
+    }
+  } catch {
+    return `Cloud base URL "${rawUrl}" could not be resolved via DNS.`;
+  }
+  return null;
+}
+var dnsLookupAll, BLOCKED_IPV4_CIDRS;
+var init_validate_url = __esm(() => {
+  dnsLookupAll = promisify(dns.lookup);
+  BLOCKED_IPV4_CIDRS = [
+    cidrV4("0.0.0.0", 8),
+    cidrV4("10.0.0.0", 8),
+    cidrV4("172.16.0.0", 12),
+    cidrV4("192.168.0.0", 16),
+    cidrV4("100.64.0.0", 10),
+    cidrV4("127.0.0.0", 8),
+    cidrV4("169.254.0.0", 16),
+    cidrV4("192.0.0.0", 24),
+    cidrV4("198.18.0.0", 15),
+    cidrV4("192.0.2.0", 24),
+    cidrV4("198.51.100.0", 24),
+    cidrV4("203.0.113.0", 24),
+    cidrV4("224.0.0.0", 4),
+    cidrV4("240.0.0.0", 4)
+  ];
+});
+
+// src/lib/state-paths.ts
+import fs from "node:fs";
+import path from "node:path";
+import {
+  getElizaNamespace,
+  resolveStateDir,
+  resolveUserPath
+} from "@elizaos/core";
+function resolveConfigPath(env = process.env, stateDirPath = resolveStateDir(env)) {
+  const override = env.ELIZA_CONFIG_PATH?.trim();
+  if (override)
+    return resolveUserPath(override);
+  const namespace = getElizaNamespace(env);
+  const primaryPath = path.join(stateDirPath, `${namespace}.json`);
+  if (fs.existsSync(primaryPath))
+    return primaryPath;
+  if (namespace !== "eliza") {
+    const legacyPath = path.join(stateDirPath, "eliza.json");
+    if (fs.existsSync(legacyPath))
+      return legacyPath;
+  }
+  return primaryPath;
+}
+var init_state_paths = () => {};
+
+// src/lib/config-env.ts
+import fs2 from "node:fs/promises";
+import path2 from "node:path";
+function parseConfigEnv(contents) {
+  const lines = contents.length === 0 ? [] : contents.split(/\r?\n/);
+  if (lines.length > 0 && lines[lines.length - 1] === "") {
+    lines.pop();
+  }
+  const index = new Map;
+  for (let i = 0;i < lines.length; i += 1) {
+    const line = lines[i] ?? "";
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#"))
+      continue;
+    const eq = line.indexOf("=");
+    if (eq <= 0)
+      continue;
+    const key = line.slice(0, eq).trim();
+    if (KEY_PATTERN.test(key))
+      index.set(key, i);
+  }
+  return { lines, index };
+}
+function serialiseConfigEnv(parsed) {
+  return parsed.lines.length === 0 ? "" : `${parsed.lines.join(`
+`)}
+`;
+}
+function encodeValue(value) {
+  if (value === "")
+    return "";
+  const needsQuoting = /[\s#"'\\]|^\s|\s$/.test(value) || /\n|\r/.test(value);
+  if (!needsQuoting)
+    return value;
+  const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/\n/g, "\\n").replace(/\r/g, "\\r");
+  return `"${escaped}"`;
+}
+function validateKey(key) {
+  if (!KEY_PATTERN.test(key)) {
+    throw new Error(`persistConfigEnv: invalid key "${key}" - must match /^[A-Z][A-Z0-9_]*$/`);
+  }
+  if (BLOCKED_CONFIG_ENV_KEYS.has(key)) {
+    throw new Error(`persistConfigEnv: key "${key}" is a shell/runtime hijack vector and cannot be written`);
+  }
+}
+async function readIfExists(filePath) {
+  try {
+    return await fs2.readFile(filePath, "utf8");
+  } catch (error) {
+    if (error.code === "ENOENT")
+      return null;
+    throw error;
+  }
+}
+async function writeAtomic(filePath, contents) {
+  const tmpPath = `${filePath}${TMP_SUFFIX}`;
+  const handle = await fs2.open(tmpPath, "w", 384);
+  try {
+    await handle.writeFile(contents, "utf8");
+    await handle.sync();
+  } finally {
+    await handle.close();
+  }
+  await fs2.rename(tmpPath, filePath);
+}
+function serialise(fn) {
+  const next = writeChain.then(fn, fn);
+  writeChain = next.catch(() => {
+    return;
+  });
+  return next;
+}
+function resolveConfigEnvPath(stateDir) {
+  return path2.join(stateDir ?? resolveStateDir(), CONFIG_ENV_FILENAME);
+}
+async function persistConfigEnv(key, value, opts = {}) {
+  validateKey(key);
+  await serialise(async () => {
+    const filePath = resolveConfigEnvPath(opts.stateDir);
+    await fs2.mkdir(path2.dirname(filePath), { recursive: true });
+    const existing = await readIfExists(filePath) ?? "";
+    const parsed = parseConfigEnv(existing);
+    const existingIdx = parsed.index.get(key);
+    const isDelete = value === "";
+    if (isDelete) {
+      if (existingIdx === undefined) {
+        delete process.env[key];
+        return;
+      }
+      parsed.lines.splice(existingIdx, 1);
+    } else {
+      const encoded = `${key}=${encodeValue(value)}`;
+      if (existingIdx === undefined) {
+        parsed.lines.push(encoded);
+      } else {
+        parsed.lines[existingIdx] = encoded;
+      }
+    }
+    if (existing.length > 0) {
+      await fs2.writeFile(`${filePath}${BAK_SUFFIX}`, existing, {
+        encoding: "utf8",
+        mode: 384
+      });
+    }
+    await writeAtomic(filePath, serialiseConfigEnv(parsed));
+    if (isDelete) {
+      delete process.env[key];
+    } else {
+      process.env[key] = value;
+    }
+  });
+}
+var CONFIG_ENV_FILENAME = "config.env", BAK_SUFFIX = ".bak", TMP_SUFFIX = ".tmp", KEY_PATTERN, BLOCKED_CONFIG_ENV_KEYS, writeChain;
+var init_config_env = __esm(() => {
+  init_state_paths();
+  KEY_PATTERN = /^[A-Z][A-Z0-9_]*$/;
+  BLOCKED_CONFIG_ENV_KEYS = new Set([
+    "NODE_OPTIONS",
+    "NODE_EXTRA_CA_CERTS",
+    "NODE_TLS_REJECT_UNAUTHORIZED",
+    "NODE_PATH",
+    "LD_PRELOAD",
+    "LD_LIBRARY_PATH",
+    "DYLD_INSERT_LIBRARIES",
+    "DYLD_LIBRARY_PATH",
+    "DYLD_FRAMEWORK_PATH",
+    "DYLD_FALLBACK_FRAMEWORK_PATH",
+    "DYLD_FALLBACK_LIBRARY_PATH",
+    "PATH",
+    "HOME",
+    "SHELL",
+    "HTTP_PROXY",
+    "HTTPS_PROXY",
+    "ALL_PROXY",
+    "NO_PROXY",
+    "SSL_CERT_FILE",
+    "SSL_CERT_DIR",
+    "CURL_CA_BUNDLE"
+  ]);
+  writeChain = Promise.resolve();
+});
+
+// src/lib/feature-flags.ts
+function readBoolFlag(name, fallback = false) {
+  const raw = process.env[name];
+  if (raw === undefined || raw === null || raw === "")
+    return fallback;
+  const trimmed = String(raw).trim().toLowerCase();
+  if (trimmed === "1" || trimmed === "true" || trimmed === "yes" || trimmed === "on") {
+    return true;
+  }
+  if (trimmed === "0" || trimmed === "false" || trimmed === "no" || trimmed === "off") {
+    return false;
+  }
+  return fallback;
+}
+function isCloudWalletEnabled() {
+  return readBoolFlag("ENABLE_CLOUD_WALLET");
+}
+
+// src/cloud/cloud-wallet.ts
+import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
+function ensureFlag() {
+  if (!isCloudWalletEnabled()) {
+    throw new CloudWalletFlagDisabledError;
+  }
+}
+function normalizePrivateKey(raw) {
+  const trimmed = raw.trim();
+  const hex = trimmed.startsWith("0x") ? trimmed.slice(2) : trimmed;
+  if (!/^[0-9a-fA-F]{64}$/.test(hex)) {
+    throw new Error(`Malformed ${ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV}: expected 32-byte hex`);
+  }
+  return `0x${hex.toLowerCase()}`;
+}
+async function getOrCreateClientAddressKey(opts = {}) {
+  ensureFlag();
+  const existing = process.env[ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV];
+  if (existing && existing.trim().length > 0) {
+    const privateKey2 = normalizePrivateKey(existing);
+    const account2 = privateKeyToAccount(privateKey2);
+    return { privateKey: privateKey2, address: account2.address, minted: false };
+  }
+  const privateKey = generatePrivateKey();
+  const account = privateKeyToAccount(privateKey);
+  process.env[ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV] = privateKey;
+  await persistConfigEnv(ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV, privateKey, {
+    stateDir: opts.stateDir
+  });
+  return { privateKey, address: account.address, minted: true };
+}
+function inflightKey(agentId, chain) {
+  return `${agentId}::${chain}`;
+}
+async function provisionOne(bridge, agentId, chain, clientAddress) {
+  try {
+    return await bridge.getAgentWallet(agentId, chain);
+  } catch (error) {
+    if (!isMissingCloudWalletError(error, chain)) {
+      throw error;
+    }
+  }
+  const provisioned = await bridge.provisionWallet({
+    chainType: chain,
+    clientAddress
+  });
+  return {
+    agentWalletId: provisioned.walletId,
+    walletAddress: provisioned.address,
+    walletProvider: provisioned.provider,
+    chainType: chain
+  };
+}
+function isMissingCloudWalletError(error, chain) {
+  if (error instanceof Error && new RegExp(`no cloud ${chain} wallet provisioned`, "i").test(error.message)) {
+    return true;
+  }
+  return typeof error === "object" && error !== null && "name" in error && error.name === "CloudBridgeError" && typeof error.status === "number" && error.status === 404;
+}
+function formatProvisionWarning(chain, error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return `Cloud ${chain} wallet import failed: ${message}`;
+}
+async function provisionCloudWalletsBestEffort(bridge, opts) {
+  ensureFlag();
+  const chains = opts.chains ?? ["evm", "solana"];
+  const results = await Promise.all(chains.map((chain) => {
+    const key = inflightKey(opts.agentId, chain);
+    const pending = inflight.get(key);
+    if (pending) {
+      return pending.then((descriptor) => ({
+        chain,
+        ok: true,
+        descriptor
+      }), (error) => ({
+        chain,
+        ok: false,
+        error
+      }));
+    }
+    const p = provisionOne(bridge, opts.agentId, chain, opts.clientAddress).finally(() => {
+      inflight.delete(key);
+    });
+    inflight.set(key, p);
+    return p.then((descriptor) => ({
+      chain,
+      ok: true,
+      descriptor
+    }), (error) => ({
+      chain,
+      ok: false,
+      error
+    }));
+  }));
+  const out = {};
+  const failures = [];
+  for (const result of results) {
+    if ("descriptor" in result) {
+      out[result.chain] = result.descriptor;
+      continue;
+    }
+    failures.push({ chain: result.chain, error: result.error });
+  }
+  return {
+    descriptors: out,
+    failures,
+    warnings: failures.map(({ chain, error }) => formatProvisionWarning(chain, error))
+  };
+}
+async function provisionCloudWallets(bridge, opts) {
+  const result = await provisionCloudWalletsBestEffort(bridge, opts);
+  if (result.failures.length > 0 && Object.keys(result.descriptors).length === 0) {
+    const firstFailure = result.failures[0];
+    if (firstFailure?.error instanceof Error) {
+      throw firstFailure.error;
+    }
+    throw new Error(result.warnings[0] ?? "Failed to provision cloud wallets");
+  }
+  return result.descriptors;
+}
+function persistCloudWalletCache(config, descriptors) {
+  ensureFlag();
+  const wallet = config.wallet ?? {};
+  const cloud = { ...wallet.cloud ?? {} };
+  if (descriptors.evm)
+    cloud.evm = descriptors.evm;
+  if (descriptors.solana)
+    cloud.solana = descriptors.solana;
+  wallet.cloud = cloud;
+  config.wallet = wallet;
+}
+function __resetCloudWalletModuleForTests() {
+  inflight.clear();
+  delete process.env[ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV];
+}
+var ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV = "ELIZA_CLOUD_CLIENT_ADDRESS_KEY", CloudWalletFlagDisabledError, inflight;
+var init_cloud_wallet = __esm(() => {
+  init_config_env();
+  CloudWalletFlagDisabledError = class CloudWalletFlagDisabledError extends Error {
+    constructor() {
+      super("ENABLE_CLOUD_WALLET is off; cloud wallet code paths are inactive");
+      this.name = "CloudWalletFlagDisabledError";
+    }
+  };
+  inflight = new Map;
+});
+
+// src/lib/http.ts
+function scrubStackFields(value) {
+  if (value instanceof Error) {
+    return { error: value.message || "Internal error" };
+  }
+  if (Array.isArray(value)) {
+    return value.map(scrubStackFields);
+  }
+  if (value && typeof value === "object") {
+    const out = {};
+    for (const [key, nested] of Object.entries(value)) {
+      if (key === "stack" || key === "stackTrace")
+        continue;
+      out[key] = scrubStackFields(nested);
+    }
+    return out;
+  }
+  return value;
+}
+function sendJson(res, body, status = 200) {
+  if (res.headersSent)
+    return;
+  res.statusCode = status;
+  res.setHeader("content-type", "application/json; charset=utf-8");
+  res.end(JSON.stringify(scrubStackFields(body)));
+}
+function sendJsonError(res, message, status = 400) {
+  sendJson(res, { error: message }, status);
+}
+async function readRequestBody(req, options) {
+  const maxBytes = options.maxBytes ?? 1048576;
+  const chunks = [];
+  let size = 0;
+  for await (const chunk of req) {
+    const buffer = typeof chunk === "string" ? Buffer.from(chunk) : chunk;
+    size += buffer.length;
+    if (size > maxBytes) {
+      if (options.destroyOnTooLarge)
+        req.destroy();
+      throw new Error(options.tooLargeMessage ?? "Request body too large");
+    }
+    chunks.push(buffer);
+  }
+  if (chunks.length === 0)
+    return null;
+  return Buffer.concat(chunks).toString("utf8");
+}
+async function readJsonBody(req, res, options = {}) {
+  const cached = req.body;
+  if (cached !== undefined) {
+    if (options.requireObject !== false && (!cached || typeof cached !== "object" || Array.isArray(cached))) {
+      sendJsonError(res, "Request body must be a JSON object", 400);
+      return null;
+    }
+    return cached;
+  }
+  let raw;
+  try {
+    raw = await readRequestBody(req, options);
+  } catch (error) {
+    sendJsonError(res, error instanceof Error ? error.message : "Failed to read request body", 413);
+    return null;
+  }
+  if (!raw?.trim()) {
+    const empty = {};
+    req.body = empty;
+    return empty;
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    sendJsonError(res, "Invalid JSON in request body", 400);
+    return null;
+  }
+  if (options.requireObject !== false && (!parsed || typeof parsed !== "object" || Array.isArray(parsed))) {
+    sendJsonError(res, "Request body must be a JSON object", 400);
+    return null;
+  }
+  req.body = parsed;
+  return parsed;
+}
+
+// src/lib/config-like.ts
+function ensureLinkedAccounts(config) {
+  config.linkedAccounts ??= {};
+  return config.linkedAccounts;
+}
+function ensureServiceRouting(config) {
+  config.serviceRouting ??= {};
+  return config.serviceRouting;
+}
+function persistDeploymentTarget(config, deploymentTarget) {
+  if (!deploymentTarget) {
+    delete config.deploymentTarget;
+    return;
+  }
+  config.deploymentTarget = { ...deploymentTarget };
+}
+function persistLinkedAccounts(config, linkedAccounts) {
+  if (!linkedAccounts)
+    return;
+  const existing = ensureLinkedAccounts(config);
+  for (const [accountId, account] of Object.entries(linkedAccounts)) {
+    if (!account || Object.keys(account).length === 0) {
+      delete existing[accountId];
+      continue;
+    }
+    existing[accountId] = {
+      ...existing[accountId],
+      ...account
+    };
+  }
+  if (Object.keys(existing).length === 0) {
+    delete config.linkedAccounts;
+  }
+}
+function persistServiceRouting(config, serviceRouting, clearRoutes = []) {
+  const existing = ensureServiceRouting(config);
+  for (const capability of clearRoutes) {
+    delete existing[capability];
+  }
+  if (serviceRouting) {
+    for (const [capability, route] of Object.entries(serviceRouting)) {
+      const serviceKey = capability;
+      if (!route || Object.keys(route).length === 0) {
+        delete existing[serviceKey];
+        continue;
+      }
+      existing[serviceKey] = { ...route };
+    }
+  }
+  if (Object.keys(existing).length === 0) {
+    delete config.serviceRouting;
+  }
+}
+function applyCanonicalSetupConfig(config, args) {
+  if (args.deploymentTarget !== undefined) {
+    persistDeploymentTarget(config, args.deploymentTarget);
+  }
+  if (args.linkedAccounts !== undefined) {
+    persistLinkedAccounts(config, args.linkedAccounts);
+  }
+  if (args.serviceRouting !== undefined || args.clearRoutes?.length) {
+    persistServiceRouting(config, args.serviceRouting, args.clearRoutes);
+  }
+}
+function normalizeEnvValue(value) {
+  if (typeof value !== "string")
+    return;
+  const trimmed = value.trim();
+  return trimmed || undefined;
+}
+function isTimeoutError(error) {
+  if (!(error instanceof Error))
+    return false;
+  if (error.name === "TimeoutError" || error.name === "AbortError")
+    return true;
+  const message = error.message.toLowerCase();
+  return message.includes("timed out") || message.includes("timeout");
+}
+
+// src/routes/cloud-routes-autonomous.ts
+import fs3 from "node:fs/promises";
+import path3 from "node:path";
+import {
+  isCloudInferenceSelectedInConfig,
+  migrateLegacyRuntimeConfig
+} from "@elizaos/core";
+import { logger } from "@elizaos/core";
+function extractAgentId(pathname) {
+  const id = pathname.split("/")[4];
+  return id && UUID_RE.test(id) ? id : null;
+}
+function replaceMutableRoot(target, snapshot) {
+  const targetRecord = target;
+  for (const key of Object.keys(targetRecord)) {
+    delete targetRecord[key];
+  }
+  Object.assign(targetRecord, structuredClone(snapshot));
+}
+function getCloudAuth(runtime) {
+  if (typeof runtime?.getService !== "function") {
+    return null;
+  }
+  const service = runtime.getService("CLOUD_AUTH");
+  return service && typeof service === "object" ? service : null;
+}
+function clearCloudAuth(runtime) {
+  const cloudAuth = getCloudAuth(runtime);
+  if (typeof cloudAuth?.clearAuth === "function") {
+    cloudAuth.clearAuth();
+  }
+  return cloudAuth;
+}
+async function captureConfigEnvRollbackSnapshot() {
+  const filePath = path3.join(resolveStateDir(), CONFIG_ENV_FILENAME2);
+  const bakPath = `${filePath}${CONFIG_ENV_BAK_SUFFIX}`;
+  let originalRaw = null;
+  try {
+    originalRaw = await fs3.readFile(filePath, "utf8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw err;
+    }
+  }
+  const previousEnv = Object.fromEntries(CLOUD_WALLET_ROLLBACK_ENV_KEYS.flatMap((key) => {
+    const value = process.env[key];
+    return typeof value === "string" ? [[key, value]] : [];
+  }));
+  return {
+    bakPath,
+    filePath,
+    originalRaw,
+    previousEnv
+  };
+}
+async function restoreConfigEnvRollbackSnapshot(snapshot) {
+  await fs3.mkdir(path3.dirname(snapshot.filePath), { recursive: true });
+  if (snapshot.originalRaw === null) {
+    await fs3.rm(snapshot.filePath, { force: true });
+    await fs3.rm(snapshot.bakPath, { force: true });
+  } else {
+    await fs3.writeFile(snapshot.filePath, snapshot.originalRaw, {
+      encoding: "utf8",
+      mode: 384
+    });
+    await fs3.writeFile(snapshot.bakPath, snapshot.originalRaw, {
+      encoding: "utf8",
+      mode: 384
+    });
+  }
+  for (const key of CLOUD_WALLET_ROLLBACK_ENV_KEYS) {
+    const previousValue = snapshot.previousEnv[key];
+    if (typeof previousValue === "string") {
+      process.env[key] = previousValue;
+    } else {
+      delete process.env[key];
+    }
+  }
+}
+function saveConfigOrThrow(state) {
+  if (!state.saveConfig) {
+    throw new Error("saveConfig not available");
+  }
+  state.saveConfig(state.config);
+}
+async function readJsonBody2(req, res) {
+  return await readJsonBody(req, res, {
+    maxBytes: 1048576,
+    tooLargeMessage: "Request body too large",
+    destroyOnTooLarge: true
+  });
+}
+function isRedirectResponse(response) {
+  return response.status >= 300 && response.status < 400;
+}
+function createNoopTelemetrySpan() {
+  return {
+    success: () => {},
+    failure: () => {}
+  };
+}
+function getTelemetrySpan(state, meta) {
+  return state.createTelemetrySpan?.(meta) ?? createNoopTelemetrySpan();
+}
+async function fetchWithTimeout(input, init, timeoutMs) {
+  return fetch(input, {
+    ...init,
+    redirect: "manual",
+    signal: AbortSignal.timeout(timeoutMs)
+  });
+}
+async function handleCloudRoute(req, res, pathname, method, state) {
+  if (method === "POST" && pathname === "/api/cloud/login") {
+    const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);
+    const urlError = await validateCloudBaseUrl(baseUrl);
+    if (urlError) {
+      sendJsonError(res, urlError);
+      return true;
+    }
+    const sessionId = crypto.randomUUID();
+    const loginCreateSpan = getTelemetrySpan(state, {
+      boundary: "cloud",
+      operation: "login_create_session",
+      timeoutMs: CLOUD_LOGIN_CREATE_TIMEOUT_MS
+    });
+    let createRes;
+    try {
+      createRes = await fetchWithTimeout(`${baseUrl}/api/auth/cli-session`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ sessionId })
+      }, CLOUD_LOGIN_CREATE_TIMEOUT_MS);
+    } catch (err) {
+      if (isTimeoutError(err)) {
+        loginCreateSpan.failure({ error: err, statusCode: 504 });
+        sendJsonError(res, "Eliza Cloud login request timed out", 504);
+        return true;
+      }
+      loginCreateSpan.failure({ error: err, statusCode: 502 });
+      sendJsonError(res, "Failed to reach Eliza Cloud", 502);
+      return true;
+    }
+    if (isRedirectResponse(createRes)) {
+      loginCreateSpan.failure({
+        statusCode: createRes.status,
+        errorKind: "redirect_response"
+      });
+      sendJsonError(res, "Eliza Cloud login request was redirected; redirects are not allowed", 502);
+      return true;
+    }
+    if (!createRes.ok) {
+      loginCreateSpan.failure({
+        statusCode: createRes.status,
+        errorKind: "http_error"
+      });
+      sendJsonError(res, "Failed to create auth session with Eliza Cloud", 502);
+      return true;
+    }
+    loginCreateSpan.success({ statusCode: createRes.status });
+    sendJson(res, {
+      ok: true,
+      sessionId,
+      browserUrl: `${baseUrl}/auth/cli-login?session=${encodeURIComponent(sessionId)}`
+    });
+    return true;
+  }
+  if (method === "GET" && pathname.startsWith("/api/cloud/login/status")) {
+    const url = new URL(req.url ?? "/", `http://${req.headers.host ?? "localhost"}`);
+    const sessionId = url.searchParams.get("sessionId");
+    if (!sessionId) {
+      sendJsonError(res, "sessionId query parameter is required");
+      return true;
+    }
+    const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);
+    const urlError = await validateCloudBaseUrl(baseUrl);
+    if (urlError) {
+      sendJsonError(res, urlError);
+      return true;
+    }
+    const loginPollSpan = getTelemetrySpan(state, {
+      boundary: "cloud",
+      operation: "login_poll_status",
+      timeoutMs: CLOUD_LOGIN_POLL_TIMEOUT_MS
+    });
+    let pollRes;
+    try {
+      pollRes = await fetchWithTimeout(`${baseUrl}/api/auth/cli-session/${encodeURIComponent(sessionId)}`, {}, CLOUD_LOGIN_POLL_TIMEOUT_MS);
+    } catch (err) {
+      if (isTimeoutError(err)) {
+        loginPollSpan.failure({ error: err, statusCode: 504 });
+        sendJson(res, {
+          status: "error",
+          error: "Eliza Cloud status request timed out"
+        }, 504);
+        return true;
+      }
+      loginPollSpan.failure({ error: err, statusCode: 502 });
+      sendJson(res, {
+        status: "error",
+        error: "Failed to reach Eliza Cloud"
+      }, 502);
+      return true;
+    }
+    if (isRedirectResponse(pollRes)) {
+      loginPollSpan.failure({
+        statusCode: pollRes.status,
+        errorKind: "redirect_response"
+      });
+      sendJson(res, {
+        status: "error",
+        error: "Eliza Cloud status request was redirected; redirects are not allowed"
+      }, 502);
+      return true;
+    }
+    if (!pollRes.ok) {
+      loginPollSpan.failure({
+        statusCode: pollRes.status,
+        errorKind: "http_error"
+      });
+      sendJson(res, pollRes.status === 404 ? { status: "expired", error: "Session not found or expired" } : {
+        status: "error",
+        error: `Eliza Cloud returned HTTP ${pollRes.status}`
+      });
+      return true;
+    }
+    let data;
+    try {
+      data = await pollRes.json();
+    } catch (parseErr) {
+      loginPollSpan.failure({ error: parseErr, statusCode: pollRes.status });
+      sendJson(res, { status: "error", error: "Eliza Cloud returned invalid JSON" }, 502);
+      return true;
+    }
+    loginPollSpan.success({ statusCode: pollRes.status });
+    if (data.status === "authenticated" && data.apiKey) {
+      const organizationId = typeof data.organizationId === "string" ? data.organizationId.trim() : undefined;
+      const userId = typeof data.userId === "string" ? data.userId.trim() : undefined;
+      const cloudAuth = clearCloudAuth(state.runtime);
+      migrateLegacyRuntimeConfig(state.config);
+      const cloud = state.config.cloud ?? {};
+      cloud.apiKey = data.apiKey;
+      state.config.cloud = cloud;
+      applyCanonicalSetupConfig(state.config, {
+        linkedAccounts: {
+          elizacloud: {
+            status: "linked",
+            source: "api-key"
+          }
+        }
+      });
+      const cloudInferenceSelected = isCloudInferenceSelectedInConfig(state.config);
+      migrateLegacyRuntimeConfig(state.config);
+      try {
+        if (state.saveConfig) {
+          state.saveConfig(state.config);
+        } else {
+          logger.warn("[cloud-login] saveConfig not available — config not persisted");
+        }
+        logger.info("[cloud-login] API key saved to config file");
+      } catch (saveErr) {
+        logger.error(`[cloud-login] Failed to save config: ${String(saveErr)}`);
+        sendJson(res, { status: "error", error: "Authenticated but failed to save config" }, 500);
+        return true;
+      }
+      process.env.ELIZAOS_CLOUD_API_KEY = data.apiKey;
+      if (cloudInferenceSelected) {
+        process.env.ELIZAOS_CLOUD_ENABLED = "true";
+      } else {
+        delete process.env.ELIZAOS_CLOUD_ENABLED;
+      }
+      if (state.runtime) {
+        const character = state.runtime.character ?? {};
+        state.runtime.character = character;
+        if (!character.secrets) {
+          character.secrets = {};
+        }
+        const secrets = character.secrets;
+        secrets.ELIZAOS_CLOUD_API_KEY = data.apiKey;
+        if (userId) {
+          secrets.ELIZA_CLOUD_USER_ID = userId;
+        } else {
+          delete secrets.ELIZA_CLOUD_USER_ID;
+        }
+        if (organizationId) {
+          secrets.ELIZA_CLOUD_ORGANIZATION_ID = organizationId;
+        } else {
+          delete secrets.ELIZA_CLOUD_ORGANIZATION_ID;
+        }
+        if (cloudInferenceSelected) {
+          secrets.ELIZAOS_CLOUD_ENABLED = "true";
+        } else {
+          delete secrets.ELIZAOS_CLOUD_ENABLED;
+        }
+        if (typeof state.runtime.setSetting === "function") {
+          state.runtime.setSetting("ELIZA_CLOUD_USER_ID", userId ?? null);
+          state.runtime.setSetting("ELIZA_CLOUD_ORGANIZATION_ID", organizationId ?? null);
+        }
+        if (typeof state.runtime.updateAgent === "function") {
+          await state.runtime.updateAgent(state.runtime.agentId, {
+            secrets: { ...secrets }
+          });
+          logger.info("[cloud-login] API key persisted to agent DB record");
+        } else {
+          logger.warn("[cloud-login] runtime.updateAgent not available — agent DB secrets not persisted");
+        }
+      }
+      if (state.cloudManager && typeof state.cloudManager.replaceApiKey === "function") {
+        await state.cloudManager.replaceApiKey(data.apiKey);
+      } else if (state.cloudManager && !state.cloudManager.getClient() && typeof state.cloudManager.init === "function") {
+        await state.cloudManager.init();
+      }
+      if (typeof cloudAuth?.authenticateWithApiKey === "function") {
+        cloudAuth.authenticateWithApiKey({
+          apiKey: data.apiKey,
+          organizationId,
+          userId
+        });
+      }
+      if (isCloudWalletEnabled()) {
+        const rollbackConfigSnapshot = structuredClone(state.config);
+        const rollbackEnvSnapshot = await captureConfigEnvRollbackSnapshot();
+        try {
+          const bridge = state.cloudManager?.getClient();
+          const agentId = state.runtime?.agentId;
+          if (!bridge) {
+            throw new Error("cloud-wallet bridge unavailable");
+          }
+          if (!agentId) {
+            throw new Error("cloud-wallet runtime agentId missing");
+          }
+          const { address: clientAddress, minted } = await getOrCreateClientAddressKey();
+          if (minted) {
+            logger.info(`[cloud-login] cloud-wallet: minted client_address ${clientAddress}`);
+          }
+          const descriptors = await provisionCloudWallets(bridge, {
+            agentId,
+            clientAddress
+          });
+          persistCloudWalletCache(state.config, descriptors);
+          const cloudCfg = state.config.cloud ?? {};
+          cloudCfg.clientAddressPublicKey = clientAddress;
+          state.config.cloud = cloudCfg;
+          saveConfigOrThrow(state);
+          if (descriptors.evm?.walletAddress) {
+            process.env.ELIZA_CLOUD_EVM_ADDRESS = descriptors.evm.walletAddress;
+            await persistConfigEnv("ELIZA_CLOUD_EVM_ADDRESS", descriptors.evm.walletAddress);
+          }
+          if (descriptors.solana?.walletAddress) {
+            process.env.ELIZA_CLOUD_SOLANA_ADDRESS = descriptors.solana.walletAddress;
+            await persistConfigEnv("ELIZA_CLOUD_SOLANA_ADDRESS", descriptors.solana.walletAddress);
+          }
+          if (descriptors.evm) {
+            await persistConfigEnv("WALLET_SOURCE_EVM", "cloud");
+          }
+          if (descriptors.solana) {
+            await persistConfigEnv("WALLET_SOURCE_SOLANA", "cloud");
+          }
+          const wallet = state.config.wallet ?? {};
+          const primary = {
+            ...wallet.primary ?? {}
+          };
+          if (descriptors.evm)
+            primary.evm = "cloud";
+          if (descriptors.solana)
+            primary.solana = "cloud";
+          wallet.primary = primary;
+          state.config.wallet = wallet;
+          saveConfigOrThrow(state);
+          logger.info(`[cloud-login] cloud-wallet: provisioned ${Object.keys(descriptors).join(", ")} — applying runtime reload`);
+          const restarted = state.restartRuntime ? await Promise.resolve(state.restartRuntime("cloud-wallet-bound")) : false;
+          if (!restarted) {
+            logger.warn("[cloud-login] cloud-wallet: restartRuntime not wired or restart declined — user must restart manually");
+          }
+        } catch (cloudWalletErr) {
+          try {
+            await restoreConfigEnvRollbackSnapshot(rollbackEnvSnapshot);
+          } catch (rollbackErr) {
+            logger.error(`[cloud-login] cloud-wallet rollback failed: ${String(rollbackErr)}`);
+          }
+          replaceMutableRoot(state.config, rollbackConfigSnapshot);
+          try {
+            saveConfigOrThrow(state);
+          } catch (saveRollbackErr) {
+            logger.error(`[cloud-login] cloud-wallet config rollback failed: ${String(saveRollbackErr)}`);
+          }
+          logger.error(`[cloud-login] cloud-wallet provision failed: ${String(cloudWalletErr)}`);
+        }
+      }
+      logger.info(`[cloud-login] sending API key to loopback renderer (single-user desktop trust model)`);
+      sendJson(res, {
+        status: "authenticated",
+        token: data.apiKey,
+        keyPrefix: data.keyPrefix,
+        organizationId,
+        userId
+      });
+    } else {
+      sendJson(res, { status: data.status });
+    }
+    return true;
+  }
+  if (method === "GET" && pathname === "/api/cloud/agents") {
+    const client = state.cloudManager?.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    sendJson(res, { ok: true, agents: await client.listAgents() });
+    return true;
+  }
+  if (method === "POST" && pathname === "/api/cloud/agents") {
+    const client = state.cloudManager?.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    const body = await readJsonBody2(req, res);
+    if (!body)
+      return true;
+    if (!body.agentName?.trim()) {
+      sendJsonError(res, "agentName is required");
+      return true;
+    }
+    let agent;
+    try {
+      agent = await client.createAgent({
+        agentName: body.agentName,
+        agentConfig: body.agentConfig,
+        environmentVars: body.environmentVars
+      });
+    } catch (err) {
+      logger.error(`[cloud] createAgent failed: ${String(err)}`);
+      sendJson(res, { ok: false, error: `Cloud createAgent failed: ${String(err)}` }, 502);
+      return true;
+    }
+    sendJson(res, { ok: true, agent }, 201);
+    return true;
+  }
+  if (method === "POST" && pathname.startsWith("/api/cloud/agents/") && pathname.endsWith("/provision")) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    let proxy;
+    try {
+      proxy = await state.cloudManager.connect(agentId);
+    } catch (err) {
+      logger.error(`[cloud] provision/connect failed: ${String(err)}`);
+      sendJson(res, { ok: false, error: `Cloud provision failed: ${String(err)}` }, 502);
+      return true;
+    }
+    sendJson(res, {
+      ok: true,
+      agentId,
+      agentName: proxy.agentName,
+      status: state.cloudManager.getStatus()
+    });
+    return true;
+  }
+  if (method === "POST" && pathname.startsWith("/api/cloud/agents/") && pathname.endsWith("/shutdown")) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    const client = state.cloudManager.getClient();
+    if (!client) {
+      sendJsonError(res, "Not connected to Eliza Cloud", 401);
+      return true;
+    }
+    try {
+      if (state.cloudManager.getActiveAgentId() === agentId) {
+        await state.cloudManager.disconnect();
+      }
+      await client.deleteAgent(agentId);
+    } catch (err) {
+      logger.error(`[cloud] shutdown/deleteAgent failed: ${String(err)}`);
+      sendJson(res, { ok: false, error: `Cloud shutdown failed: ${String(err)}` }, 502);
+      return true;
+    }
+    sendJson(res, { ok: true, agentId, status: "stopped" });
+    return true;
+  }
+  if (method === "POST" && pathname.startsWith("/api/cloud/agents/") && pathname.endsWith("/connect")) {
+    const agentId = extractAgentId(pathname);
+    if (!agentId || !state.cloudManager) {
+      sendJsonError(res, "Invalid agent ID or cloud not connected", 400);
+      return true;
+    }
+    let proxy;
+    try {
+      if (state.cloudManager.getActiveAgentId()) {
+        await state.cloudManager.disconnect();
+      }
+      proxy = await state.cloudManager.connect(agentId);
+    } catch (err) {
+      logger.error(`[cloud] connect failed: ${String(err)}`);
+      sendJson(res, { ok: false, error: `Cloud connect failed: ${String(err)}` }, 502);
+      return true;
+    }
+    sendJson(res, {
+      ok: true,
+      agentId,
+      agentName: proxy.agentName,
+      status: state.cloudManager.getStatus()
+    });
+    return true;
+  }
+  if (method === "POST" && pathname === "/api/cloud/disconnect") {
+    if (state.cloudManager) {
+      await state.cloudManager.disconnect();
+    }
+    const cloud = state.config.cloud ?? {};
+    delete cloud.apiKey;
+    state.config.cloud = cloud;
+    applyCanonicalSetupConfig(state.config, {
+      deploymentTarget: { runtime: "local" },
+      linkedAccounts: {
+        elizacloud: {
+          status: "unlinked",
+          source: "api-key"
+        }
+      },
+      clearRoutes: ["llmText", "tts", "media", "embeddings", "rpc"]
+    });
+    migrateLegacyRuntimeConfig(state.config);
+    try {
+      if (state.saveConfig) {
+        state.saveConfig(state.config);
+      } else {
+        logger.warn("[cloud-disconnect] saveConfig not available — config not persisted");
+      }
+    } catch (saveErr) {
+      logger.error(`[cloud-disconnect] Failed to save config: ${String(saveErr)}`);
+      sendJson(res, { ok: false, error: "Disconnected but failed to save config" }, 500);
+      return true;
+    }
+    delete process.env.ELIZAOS_CLOUD_API_KEY;
+    delete process.env.ELIZAOS_CLOUD_ENABLED;
+    if (state.runtime) {
+      const character = state.runtime.character ?? {};
+      state.runtime.character = character;
+      if (!character.secrets) {
+        character.secrets = {};
+      }
+      const secrets = character.secrets;
+      delete secrets.ELIZAOS_CLOUD_API_KEY;
+      delete secrets.ELIZAOS_CLOUD_ENABLED;
+      if (typeof state.runtime.updateAgent === "function") {
+        await state.runtime.updateAgent(state.runtime.agentId, {
+          secrets: { ...secrets }
+        });
+      } else {
+        logger.warn("[cloud-disconnect] updateAgent not available — runtime secrets not persisted");
+      }
+    }
+    sendJson(res, { ok: true, status: "disconnected" });
+    return true;
+  }
+  return false;
+}
+var UUID_RE, CLOUD_LOGIN_CREATE_TIMEOUT_MS = 1e4, CLOUD_LOGIN_POLL_TIMEOUT_MS = 1e4, CONFIG_ENV_FILENAME2 = "config.env", CONFIG_ENV_BAK_SUFFIX = ".bak", CLOUD_WALLET_ROLLBACK_ENV_KEYS;
+var init_cloud_routes_autonomous = __esm(() => {
+  init_base_url();
+  init_cloud_wallet();
+  init_validate_url();
+  init_config_env();
+  init_state_paths();
+  UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  CLOUD_WALLET_ROLLBACK_ENV_KEYS = [
+    ELIZA_CLOUD_CLIENT_ADDRESS_KEY_ENV,
+    "ELIZA_CLOUD_EVM_ADDRESS",
+    "ELIZA_CLOUD_SOLANA_ADDRESS",
+    "WALLET_SOURCE_EVM",
+    "WALLET_SOURCE_SOLANA"
+  ];
+});
+init_cloud_routes_autonomous();
+
+export {
+  handleCloudRoute
+};
+
+//# debugId=8DCC6EACC808486C64756E2164756E21