@elizaos/plugin-elizacloud 2.0.0-beta.1 → 2.0.11-beta.7

package/dist/routes/travel-provider-relay-routes.js

@@ -0,0 +1,358 @@
+import { createRequire } from "node:module";
+var __defProp = Object.defineProperty;
+var __returnValue = (v) => v;
+function __exportSetter(name, newValue) {
+  this[name] = __returnValue.bind(null, newValue);
+}
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, {
+      get: all[name],
+      enumerable: true,
+      configurable: true,
+      set: __exportSetter.bind(all, name)
+    });
+};
+var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+// src/cloud/base-url.ts
+import { normalizeCloudSiteUrl, resolveCloudApiBaseUrl } from "@elizaos/shared";
+var init_base_url = () => {};
+
+// src/cloud/validate-url.ts
+import dns from "node:dns";
+import net from "node:net";
+import { promisify } from "node:util";
+function normalizeHostLike(value) {
+  return value.trim().toLowerCase().replace(/^\[|\]$/g, "");
+}
+function decodeIpv6MappedHex(mapped) {
+  const parts = mapped.split(":");
+  if (parts.length < 1 || parts.length > 2)
+    return null;
+  const parsed = parts.map((part) => {
+    if (!/^[0-9a-f]{1,4}$/i.test(part))
+      return Number.NaN;
+    return Number.parseInt(part, 16);
+  });
+  if (parsed.some((value) => !Number.isFinite(value)))
+    return null;
+  const [hi, lo] = parsed.length === 1 ? [0, parsed[0]] : parsed;
+  const octets = [hi >> 8, hi & 255, lo >> 8, lo & 255];
+  return octets.join(".");
+}
+function canonicalizeIpv6(ip) {
+  try {
+    return new URL(`http://[${ip}]/`).hostname.replace(/^\[|\]$/g, "");
+  } catch {
+    return null;
+  }
+}
+function normalizeIpForPolicy(ip) {
+  const base = normalizeHostLike(ip).split("%")[0];
+  if (!base)
+    return base;
+  let normalized = base;
+  if (net.isIP(normalized) === 6) {
+    normalized = canonicalizeIpv6(normalized) ?? normalized;
+  }
+  let mapped = null;
+  if (normalized.startsWith("::ffff:")) {
+    mapped = normalized.slice("::ffff:".length);
+  } else if (normalized.startsWith("0:0:0:0:0:ffff:")) {
+    mapped = normalized.slice("0:0:0:0:0:ffff:".length);
+  }
+  if (!mapped)
+    return normalized;
+  if (net.isIP(mapped) === 4)
+    return mapped;
+  return decodeIpv6MappedHex(mapped) ?? normalized;
+}
+function cidrV4(base, prefix) {
+  const parsed = parseIpv4ToInt(base);
+  if (parsed === null) {
+    throw new Error(`Invalid CIDR base IPv4 address: ${base}`);
+  }
+  const shift = 32 - prefix;
+  const mask = shift === 32 ? 0 : 4294967295 << shift >>> 0;
+  return { base: parsed & mask, mask };
+}
+function parseIpv4ToInt(ip) {
+  const parts = ip.split(".");
+  if (parts.length !== 4)
+    return null;
+  let value = 0;
+  for (const part of parts) {
+    if (!/^\d{1,3}$/.test(part))
+      return null;
+    const octet = Number.parseInt(part, 10);
+    if (!Number.isInteger(octet) || octet < 0 || octet > 255)
+      return null;
+    value = value << 8 | octet;
+  }
+  return value >>> 0;
+}
+function isBlockedIpv4(ip) {
+  const asInt = parseIpv4ToInt(ip);
+  if (asInt === null)
+    return true;
+  return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);
+}
+function isBlockedIpv6(ip) {
+  const normalized = ip.toLowerCase();
+  return normalized === "::" || normalized === "::1" || /^fe[89ab][0-9a-f]:/.test(normalized) || /^f[cd][0-9a-f]{2}:/i.test(normalized) || normalized.startsWith("ff");
+}
+function isBlockedIp(ip) {
+  const normalized = normalizeIpForPolicy(ip);
+  const family = net.isIP(normalized);
+  if (family === 4)
+    return isBlockedIpv4(normalized);
+  if (family === 6)
+    return isBlockedIpv6(normalized);
+  return false;
+}
+async function validateCloudBaseUrl(rawUrl) {
+  let parsed;
+  try {
+    parsed = new URL(rawUrl);
+  } catch {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (parsed.protocol !== "https:") {
+    return `Cloud base URL must use HTTPS, got "${parsed.protocol}" in "${rawUrl}"`;
+  }
+  const hostname = normalizeHostLike(parsed.hostname);
+  if (!hostname) {
+    return `Invalid cloud base URL: "${rawUrl}"`;
+  }
+  if (hostname === "localhost" || hostname.endsWith(".localhost") || hostname.endsWith(".local")) {
+    return `Cloud base URL "${rawUrl}" points to a blocked local hostname.`;
+  }
+  const elizaDev = process.env.ELIZA_DEV?.trim().toLowerCase();
+  if (true) {
+    return null;
+  }
+  if (isBlockedIp(hostname)) {
+    return `Cloud base URL "${rawUrl}" points to a blocked address.`;
+  }
+  try {
+    const results = await dnsLookupAll(hostname, { all: true });
+    const addresses = Array.isArray(results) ? results : [results];
+    for (const entry of addresses) {
+      const ip = typeof entry === "string" ? entry : entry.address;
+      if (isBlockedIp(ip)) {
+        return `Cloud base URL "${rawUrl}" resolves to ${ip}, ` + "which is a blocked internal/metadata address.";
+      }
+    }
+  } catch {
+    return `Cloud base URL "${rawUrl}" could not be resolved via DNS.`;
+  }
+  return null;
+}
+var dnsLookupAll, BLOCKED_IPV4_CIDRS;
+var init_validate_url = __esm(() => {
+  dnsLookupAll = promisify(dns.lookup);
+  BLOCKED_IPV4_CIDRS = [
+    cidrV4("0.0.0.0", 8),
+    cidrV4("10.0.0.0", 8),
+    cidrV4("172.16.0.0", 12),
+    cidrV4("192.168.0.0", 16),
+    cidrV4("100.64.0.0", 10),
+    cidrV4("127.0.0.0", 8),
+    cidrV4("169.254.0.0", 16),
+    cidrV4("192.0.0.0", 24),
+    cidrV4("198.18.0.0", 15),
+    cidrV4("192.0.2.0", 24),
+    cidrV4("198.51.100.0", 24),
+    cidrV4("203.0.113.0", 24),
+    cidrV4("224.0.0.0", 4),
+    cidrV4("240.0.0.0", 4)
+  ];
+});
+
+// src/cloud/auth-service-types.ts
+function isCloudAuthApiKeyService(value) {
+  return value !== null && value !== undefined && typeof value.isAuthenticated === "function";
+}
+function normalizeCloudApiKey(value) {
+  if (typeof value !== "string")
+    return null;
+  const trimmed = value.trim();
+  if (!trimmed || trimmed.toUpperCase() === "[REDACTED]")
+    return null;
+  return trimmed;
+}
+
+// src/cloud/cloud-api-key.ts
+function normalizeCloudSecret(value) {
+  if (typeof value !== "string")
+    return null;
+  const trimmed = value.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function resolveRuntimeCloudApiKey(runtime) {
+  const fromSetting = runtime?.getSetting?.("ELIZAOS_CLOUD_API_KEY");
+  if (typeof fromSetting === "string") {
+    return normalizeCloudSecret(fromSetting);
+  }
+  const fromSecrets = runtime?.character?.secrets?.ELIZAOS_CLOUD_API_KEY;
+  return typeof fromSecrets === "string" ? normalizeCloudSecret(fromSecrets) : null;
+}
+function resolveCloudApiBaseUrl2(rawBaseUrl) {
+  const candidate = normalizeCloudSecret(rawBaseUrl ?? process.env.ELIZAOS_CLOUD_BASE_URL) ?? DEFAULT_CLOUD_API_BASE_URL;
+  try {
+    const parsed = new URL(candidate);
+    if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+      return null;
+    }
+    parsed.hash = "";
+    parsed.search = "";
+    const normalizedBase = parsed.toString().replace(/\/+$/, "");
+    return normalizedBase.endsWith("/api/v1") ? normalizedBase : `${normalizedBase}/api/v1`;
+  } catch {
+    return null;
+  }
+}
+function resolveCloudApiKey(config, runtime) {
+  return normalizeCloudSecret(config?.cloud?.apiKey ?? resolveRuntimeCloudApiKey(runtime) ?? process.env.ELIZAOS_CLOUD_API_KEY);
+}
+var DEFAULT_CLOUD_API_BASE_URL = "https://elizacloud.ai/api/v1";
+
+// src/routes/travel-provider-relay-routes.ts
+init_base_url();
+init_validate_url();
+import {
+  sendJson,
+  sendJsonError
+} from "@elizaos/core";
+var PROXY_TIMEOUT_MS = 30000;
+var MAX_BODY_BYTES = 1048576;
+var TRAVEL_PROVIDER_PATH_RE = /^\/api\/cloud\/travel-providers\/([a-z0-9][a-z0-9-]*)(\/.*)$/;
+function resolveProxyApiKey(state) {
+  const cloudAuth = state.runtime?.getService("CLOUD_AUTH");
+  const runtimeApiKey = isCloudAuthApiKeyService(cloudAuth) && cloudAuth.isAuthenticated() === true ? normalizeCloudApiKey(cloudAuth.getApiKey?.()) : null;
+  return runtimeApiKey ?? resolveCloudApiKey(state.config, state.runtime);
+}
+function buildAuthHeaders(config, apiKey) {
+  const serviceKey = config.cloud?.serviceKey?.trim();
+  const headers = {
+    Accept: "application/json",
+    "Content-Type": "application/json",
+    Authorization: `Bearer ${apiKey}`
+  };
+  if (serviceKey)
+    headers["X-Service-Key"] = serviceKey;
+  return headers;
+}
+function readBody(req) {
+  return new Promise((resolve, reject) => {
+    const chunks = [];
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY_BYTES) {
+        reject(new Error("Request body too large"));
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => resolve(chunks.length > 0 ? Buffer.concat(chunks).toString("utf-8") : undefined));
+    req.on("error", reject);
+  });
+}
+async function readJsonResponse(response) {
+  return response.json().catch(async () => ({
+    success: response.ok,
+    error: await response.text().catch(() => "Travel-provider relay request failed")
+  }));
+}
+function buildUpstreamPath(localPath) {
+  const parsed = parseTravelProviderPath(localPath);
+  if (!parsed) {
+    throw new Error("Invalid travel-provider relay path");
+  }
+  return `/api/v1/${parsed.provider}${parsed.providerPath}`;
+}
+var TRAVEL_PROVIDER_RELAY_ROUTES = [
+  { method: "POST", pattern: /^\/offer-requests$/ },
+  { method: "GET", pattern: /^\/offers\/[^/]+$/ },
+  { method: "POST", pattern: /^\/orders$/ },
+  { method: "GET", pattern: /^\/orders\/[^/]+$/ },
+  { method: "POST", pattern: /^\/payments$/ }
+];
+function parseTravelProviderPath(pathname) {
+  const match = TRAVEL_PROVIDER_PATH_RE.exec(pathname);
+  if (!match)
+    return null;
+  const [, provider, providerPath] = match;
+  return provider ? { provider, providerPath } : null;
+}
+function matchRoute(method, pathname) {
+  const parsed = parseTravelProviderPath(pathname);
+  if (!parsed)
+    return false;
+  return TRAVEL_PROVIDER_RELAY_ROUTES.some((route) => route.method === method && route.pattern.test(parsed.providerPath));
+}
+async function handleTravelProviderRelayRoute(req, res, pathname, method, state) {
+  const parsed = parseTravelProviderPath(pathname);
+  if (!parsed)
+    return false;
+  if (!matchRoute(method, pathname)) {
+    sendJsonError(res, "Unknown travel-provider relay route", 404);
+    return true;
+  }
+  const apiKey = resolveProxyApiKey(state);
+  if (!apiKey) {
+    sendJsonError(res, "Not connected to Eliza Cloud. Sign in to use travel search.", 401);
+    return true;
+  }
+  const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);
+  const urlError = await validateCloudBaseUrl(baseUrl);
+  if (urlError) {
+    sendJsonError(res, urlError, 502);
+    return true;
+  }
+  const headers = buildAuthHeaders(state.config, apiKey);
+  let body;
+  if (method === "POST") {
+    try {
+      body = await readBody(req);
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : "Failed to read body";
+      sendJsonError(res, msg, 413);
+      return true;
+    }
+  }
+  const fullUrl = new URL(req.url ?? pathname, "http://localhost");
+  const upstreamUrl = `${baseUrl}${buildUpstreamPath(pathname)}${fullUrl.search}`;
+  const upstreamResponse = await fetch(upstreamUrl, {
+    method,
+    headers,
+    body,
+    redirect: "manual",
+    signal: AbortSignal.timeout(PROXY_TIMEOUT_MS)
+  });
+  if (upstreamResponse.status === 402) {
+    await forward402(res, upstreamResponse);
+    return true;
+  }
+  const payload = await readJsonResponse(upstreamResponse);
+  sendJson(res, payload, upstreamResponse.status);
+  return true;
+}
+async function forward402(res, upstream) {
+  const wwwAuth = upstream.headers.get("www-authenticate");
+  const contentType = upstream.headers.get("content-type") ?? "application/json";
+  const bodyText = await upstream.text();
+  res.statusCode = 402;
+  res.setHeader("Content-Type", contentType);
+  if (wwwAuth)
+    res.setHeader("WWW-Authenticate", wwwAuth);
+  res.end(bodyText);
+}
+export {
+  handleTravelProviderRelayRoute
+};
+
+//# debugId=868735A1EE187E7764756E2164756E21

package/dist/routes/travel-provider-relay-routes.js.map

@@ -0,0 +1,14 @@
+{
+  "version": 3,
+  "sources": ["../src/cloud/base-url.ts", "../src/cloud/validate-url.ts", "../src/cloud/auth-service-types.ts", "../src/cloud/cloud-api-key.ts", "../src/routes/travel-provider-relay-routes.ts"],
+  "sourcesContent": [
+    "/**\n * Cloud site/API URL normalizer. The implementation moved to\n * `@elizaos/shared/elizacloud/base-url` so host-layer packages can normalize\n * URLs without reverse-importing this plugin.\n */\nexport { normalizeCloudSiteUrl, resolveCloudApiBaseUrl } from \"@elizaos/shared\";\n",
+    "import dns from \"node:dns\";\nimport net from \"node:net\";\nimport { promisify } from \"node:util\";\n\nconst dnsLookupAll = promisify(dns.lookup);\n\nconst BLOCKED_IPV4_CIDRS: Array<{ base: number; mask: number }> = [\n  cidrV4(\"0.0.0.0\", 8),\n  cidrV4(\"10.0.0.0\", 8),\n  cidrV4(\"172.16.0.0\", 12),\n  cidrV4(\"192.168.0.0\", 16),\n  cidrV4(\"100.64.0.0\", 10),\n  cidrV4(\"127.0.0.0\", 8),\n  cidrV4(\"169.254.0.0\", 16),\n  cidrV4(\"192.0.0.0\", 24),\n  cidrV4(\"198.18.0.0\", 15),\n  cidrV4(\"192.0.2.0\", 24),\n  cidrV4(\"198.51.100.0\", 24),\n  cidrV4(\"203.0.113.0\", 24),\n  cidrV4(\"224.0.0.0\", 4),\n  cidrV4(\"240.0.0.0\", 4),\n];\n\nfunction normalizeHostLike(value: string): string {\n  return value\n    .trim()\n    .toLowerCase()\n    .replace(/^\\[|\\]$/g, \"\");\n}\n\nfunction decodeIpv6MappedHex(mapped: string): string | null {\n  const parts = mapped.split(\":\");\n  if (parts.length < 1 || parts.length > 2) return null;\n\n  const parsed = parts.map((part) => {\n    if (!/^[0-9a-f]{1,4}$/i.test(part)) return Number.NaN;\n    return Number.parseInt(part, 16);\n  });\n  if (parsed.some((value) => !Number.isFinite(value))) return null;\n\n  const [hi, lo] = parsed.length === 1 ? [0, parsed[0]] : parsed;\n  const octets = [hi >> 8, hi & 0xff, lo >> 8, lo & 0xff];\n  return octets.join(\".\");\n}\n\nfunction canonicalizeIpv6(ip: string): string | null {\n  try {\n    return new URL(`http://[${ip}]/`).hostname.replace(/^\\[|\\]$/g, \"\");\n  } catch {\n    return null;\n  }\n}\n\nfunction normalizeIpForPolicy(ip: string): string {\n  const base = normalizeHostLike(ip).split(\"%\")[0];\n  if (!base) return base;\n\n  let normalized = base;\n  if (net.isIP(normalized) === 6) {\n    normalized = canonicalizeIpv6(normalized) ?? normalized;\n  }\n\n  let mapped: string | null = null;\n  if (normalized.startsWith(\"::ffff:\")) {\n    mapped = normalized.slice(\"::ffff:\".length);\n  } else if (normalized.startsWith(\"0:0:0:0:0:ffff:\")) {\n    mapped = normalized.slice(\"0:0:0:0:0:ffff:\".length);\n  }\n  if (!mapped) return normalized;\n\n  if (net.isIP(mapped) === 4) return mapped;\n  return decodeIpv6MappedHex(mapped) ?? normalized;\n}\n\nfunction cidrV4(base: string, prefix: number): { base: number; mask: number } {\n  const parsed = parseIpv4ToInt(base);\n  if (parsed === null) {\n    throw new Error(`Invalid CIDR base IPv4 address: ${base}`);\n  }\n  const shift = 32 - prefix;\n  const mask = shift === 32 ? 0 : (0xffffffff << shift) >>> 0;\n  return { base: parsed & mask, mask };\n}\n\nfunction parseIpv4ToInt(ip: string): number | null {\n  const parts = ip.split(\".\");\n  if (parts.length !== 4) return null;\n\n  let value = 0;\n  for (const part of parts) {\n    if (!/^\\d{1,3}$/.test(part)) return null;\n    const octet = Number.parseInt(part, 10);\n    if (!Number.isInteger(octet) || octet < 0 || octet > 255) return null;\n    value = (value << 8) | octet;\n  }\n\n  return value >>> 0;\n}\n\nfunction isBlockedIpv4(ip: string): boolean {\n  const asInt = parseIpv4ToInt(ip);\n  if (asInt === null) return true;\n  return BLOCKED_IPV4_CIDRS.some((cidr) => (asInt & cidr.mask) === cidr.base);\n}\n\nfunction isBlockedIpv6(ip: string): boolean {\n  const normalized = ip.toLowerCase();\n  return (\n    normalized === \"::\" ||\n    normalized === \"::1\" ||\n    /^fe[89ab][0-9a-f]:/.test(normalized) ||\n    /^f[cd][0-9a-f]{2}:/i.test(normalized) ||\n    normalized.startsWith(\"ff\")\n  );\n}\n\nfunction isBlockedIp(ip: string): boolean {\n  const normalized = normalizeIpForPolicy(ip);\n  const family = net.isIP(normalized);\n  if (family === 4) return isBlockedIpv4(normalized);\n  if (family === 6) return isBlockedIpv6(normalized);\n  return false;\n}\n\nexport async function validateCloudBaseUrl(\n  rawUrl: string,\n): Promise<string | null> {\n  let parsed: URL;\n  try {\n    parsed = new URL(rawUrl);\n  } catch {\n    return `Invalid cloud base URL: \"${rawUrl}\"`;\n  }\n\n  if (parsed.protocol !== \"https:\") {\n    return `Cloud base URL must use HTTPS, got \"${parsed.protocol}\" in \"${rawUrl}\"`;\n  }\n\n  const hostname = normalizeHostLike(parsed.hostname);\n  if (!hostname) {\n    return `Invalid cloud base URL: \"${rawUrl}\"`;\n  }\n\n  if (\n    hostname === \"localhost\" ||\n    hostname.endsWith(\".localhost\") ||\n    hostname.endsWith(\".local\")\n  ) {\n    return `Cloud base URL \"${rawUrl}\" points to a blocked local hostname.`;\n  }\n\n  // Dev-mode bypass: skip IP-range blocking but keep URL format checks above.\n  const elizaDev = process.env.ELIZA_DEV?.trim().toLowerCase();\n  if (\n    process.env.NODE_ENV === \"development\" ||\n    elizaDev === \"1\" ||\n    elizaDev === \"true\" ||\n    elizaDev === \"yes\"\n  ) {\n    return null;\n  }\n\n  if (isBlockedIp(hostname)) {\n    return `Cloud base URL \"${rawUrl}\" points to a blocked address.`;\n  }\n\n  try {\n    const results = await dnsLookupAll(hostname, { all: true });\n    const addresses = Array.isArray(results) ? results : [results];\n    for (const entry of addresses) {\n      const ip =\n        typeof entry === \"string\"\n          ? entry\n          : (entry as { address: string }).address;\n      if (isBlockedIp(ip)) {\n        return (\n          `Cloud base URL \"${rawUrl}\" resolves to ${ip}, ` +\n          \"which is a blocked internal/metadata address.\"\n        );\n      }\n    }\n  } catch {\n    return `Cloud base URL \"${rawUrl}\" could not be resolved via DNS.`;\n  }\n\n  return null;\n}\n",
+    "import type { Service } from \"@elizaos/core\";\n\nexport interface CloudAuthApiKeyService {\n  isAuthenticated: () => boolean;\n  getApiKey?: () => string | undefined;\n}\n\nexport function isCloudAuthApiKeyService(\n  value: Service | null | undefined,\n): value is Service & CloudAuthApiKeyService {\n  return (\n    value !== null &&\n    value !== undefined &&\n    typeof (value as Partial<CloudAuthApiKeyService>).isAuthenticated ===\n      \"function\"\n  );\n}\n\nexport function normalizeCloudApiKey(value: string | null | undefined): string | null {\n  if (typeof value !== \"string\") return null;\n  const trimmed = value.trim();\n  if (!trimmed || trimmed.toUpperCase() === \"[REDACTED]\") return null;\n  return trimmed;\n}\n",
+    "/**\n * Cloud API key + base URL resolution.\n *\n * Resolves the Eliza Cloud API key and base URL from (in priority order):\n *   1. Explicit `config.cloud.apiKey` / `config.cloud.baseUrl`\n *   2. Runtime settings + character secrets (`ELIZAOS_CLOUD_API_KEY`)\n *   3. Process env (`ELIZAOS_CLOUD_API_KEY`, `ELIZAOS_CLOUD_BASE_URL`)\n *\n * Previously these helpers lived in `packages/agent/src/api/wallet-rpc.ts`\n * because the wallet uses Cloud RPC proxies. They are NOT wallet-specific —\n * cloud auth is consumed by cloud-status, cloud-billing, cloud-compat,\n * health, x-relay, and travel-provider-relay routes. Hosting them under\n * `cloud/` matches their actual ownership.\n */\n\nimport type { ElizaConfig } from \"../lib/config-like\";\n\nexport const DEFAULT_CLOUD_API_BASE_URL = \"https://elizacloud.ai/api/v1\";\n\nexport type CloudApiKeyRuntimeLike = {\n  getSetting?: (key: string) => unknown;\n  character?: {\n    secrets?: Record<string, unknown>;\n  } | null;\n} | null;\n\nexport function normalizeCloudSecret(\n  value: string | null | undefined,\n): string | null {\n  if (typeof value !== \"string\") return null;\n  const trimmed = value.trim();\n  return trimmed.length > 0 ? trimmed : null;\n}\n\nfunction resolveRuntimeCloudApiKey(\n  runtime?: CloudApiKeyRuntimeLike,\n): string | null {\n  const fromSetting = runtime?.getSetting?.(\"ELIZAOS_CLOUD_API_KEY\");\n  if (typeof fromSetting === \"string\") {\n    return normalizeCloudSecret(fromSetting);\n  }\n\n  const fromSecrets = runtime?.character?.secrets?.ELIZAOS_CLOUD_API_KEY;\n  return typeof fromSecrets === \"string\"\n    ? normalizeCloudSecret(fromSecrets)\n    : null;\n}\n\nexport function resolveCloudApiBaseUrl(\n  rawBaseUrl?: string | null,\n): string | null {\n  const candidate =\n    normalizeCloudSecret(rawBaseUrl ?? process.env.ELIZAOS_CLOUD_BASE_URL) ??\n    DEFAULT_CLOUD_API_BASE_URL;\n  try {\n    const parsed = new URL(candidate);\n    if (parsed.protocol !== \"http:\" && parsed.protocol !== \"https:\") {\n      return null;\n    }\n    parsed.hash = \"\";\n    parsed.search = \"\";\n    const normalizedBase = parsed.toString().replace(/\\/+$/, \"\");\n    return normalizedBase.endsWith(\"/api/v1\")\n      ? normalizedBase\n      : `${normalizedBase}/api/v1`;\n  } catch {\n    return null;\n  }\n}\n\nexport function resolveCloudApiKey(\n  config?: Pick<ElizaConfig, \"cloud\"> | null,\n  runtime?: CloudApiKeyRuntimeLike,\n): string | null {\n  return normalizeCloudSecret(\n    config?.cloud?.apiKey ??\n      resolveRuntimeCloudApiKey(runtime) ??\n      process.env.ELIZAOS_CLOUD_API_KEY,\n  );\n}\n",
+    "import type http from \"node:http\";\nimport {\n  type IAgentRuntime,\n  type Service,\n  sendJson,\n  sendJsonError,\n} from \"@elizaos/core\";\nimport {\n  isCloudAuthApiKeyService,\n  normalizeCloudApiKey,\n} from \"../cloud/auth-service-types.js\";\nimport { normalizeCloudSiteUrl } from \"../cloud/base-url.js\";\nimport { resolveCloudApiKey } from \"../cloud/cloud-api-key.js\";\nimport { validateCloudBaseUrl } from \"../cloud/validate-url.js\";\nimport type { CloudProxyConfigLike } from \"../lib/config-like\";\n\nexport interface TravelProviderRelayRouteState {\n  config: CloudProxyConfigLike;\n  runtime?: IAgentRuntime | null;\n}\n\nconst PROXY_TIMEOUT_MS = 30_000;\nconst MAX_BODY_BYTES = 1_048_576;\nconst TRAVEL_PROVIDER_PATH_RE =\n  /^\\/api\\/cloud\\/travel-providers\\/([a-z0-9][a-z0-9-]*)(\\/.*)$/;\n\nfunction resolveProxyApiKey(\n  state: TravelProviderRelayRouteState,\n): string | null {\n  const cloudAuth = state.runtime?.getService<Service>(\"CLOUD_AUTH\");\n  const runtimeApiKey =\n    isCloudAuthApiKeyService(cloudAuth) && cloudAuth.isAuthenticated() === true\n      ? normalizeCloudApiKey(cloudAuth.getApiKey?.())\n      : null;\n  return runtimeApiKey ?? resolveCloudApiKey(state.config, state.runtime);\n}\n\nfunction buildAuthHeaders(\n  config: CloudProxyConfigLike,\n  apiKey: string,\n): Record<string, string> {\n  const serviceKey = config.cloud?.serviceKey?.trim();\n  const headers: Record<string, string> = {\n    Accept: \"application/json\",\n    \"Content-Type\": \"application/json\",\n    Authorization: `Bearer ${apiKey}`,\n  };\n  if (serviceKey) headers[\"X-Service-Key\"] = serviceKey;\n  return headers;\n}\n\nfunction readBody(req: http.IncomingMessage): Promise<string | undefined> {\n  return new Promise<string | undefined>((resolve, reject) => {\n    const chunks: Buffer[] = [];\n    let size = 0;\n    req.on(\"data\", (chunk: Buffer) => {\n      size += chunk.length;\n      if (size > MAX_BODY_BYTES) {\n        reject(new Error(\"Request body too large\"));\n        return;\n      }\n      chunks.push(chunk);\n    });\n    req.on(\"end\", () =>\n      resolve(\n        chunks.length > 0 ? Buffer.concat(chunks).toString(\"utf-8\") : undefined,\n      ),\n    );\n    req.on(\"error\", reject);\n  });\n}\n\nasync function readJsonResponse(response: Response): Promise<unknown> {\n  return response.json().catch(async () => ({\n    success: response.ok,\n    error: await response\n      .text()\n      .catch(() => \"Travel-provider relay request failed\"),\n  }));\n}\n\nfunction buildUpstreamPath(localPath: string): string {\n  const parsed = parseTravelProviderPath(localPath);\n  if (!parsed) {\n    throw new Error(\"Invalid travel-provider relay path\");\n  }\n  return `/api/v1/${parsed.provider}${parsed.providerPath}`;\n}\n\nconst TRAVEL_PROVIDER_RELAY_ROUTES: ReadonlyArray<{\n  method: \"GET\" | \"POST\";\n  pattern: RegExp;\n}> = [\n  { method: \"POST\", pattern: /^\\/offer-requests$/ },\n  { method: \"GET\", pattern: /^\\/offers\\/[^/]+$/ },\n  { method: \"POST\", pattern: /^\\/orders$/ },\n  { method: \"GET\", pattern: /^\\/orders\\/[^/]+$/ },\n  { method: \"POST\", pattern: /^\\/payments$/ },\n];\n\nfunction parseTravelProviderPath(\n  pathname: string,\n): { provider: string; providerPath: string } | null {\n  const match = TRAVEL_PROVIDER_PATH_RE.exec(pathname);\n  if (!match) return null;\n  const [, provider, providerPath] = match;\n  return provider ? { provider, providerPath } : null;\n}\n\nfunction matchRoute(method: string, pathname: string): boolean {\n  const parsed = parseTravelProviderPath(pathname);\n  if (!parsed) return false;\n  return TRAVEL_PROVIDER_RELAY_ROUTES.some(\n    (route) => route.method === method && route.pattern.test(parsed.providerPath),\n  );\n}\n\nexport async function handleTravelProviderRelayRoute(\n  req: http.IncomingMessage,\n  res: http.ServerResponse,\n  pathname: string,\n  method: string,\n  state: TravelProviderRelayRouteState,\n): Promise<boolean> {\n  const parsed = parseTravelProviderPath(pathname);\n  if (!parsed) return false;\n\n  if (!matchRoute(method, pathname)) {\n    sendJsonError(res, \"Unknown travel-provider relay route\", 404);\n    return true;\n  }\n\n  const apiKey = resolveProxyApiKey(state);\n  if (!apiKey) {\n    sendJsonError(\n      res,\n      \"Not connected to Eliza Cloud. Sign in to use travel search.\",\n      401,\n    );\n    return true;\n  }\n\n  const baseUrl = normalizeCloudSiteUrl(state.config.cloud?.baseUrl);\n  const urlError = await validateCloudBaseUrl(baseUrl);\n  if (urlError) {\n    sendJsonError(res, urlError, 502);\n    return true;\n  }\n\n  const headers = buildAuthHeaders(state.config, apiKey);\n  let body: string | undefined;\n  if (method === \"POST\") {\n    try {\n      body = await readBody(req);\n    } catch (err) {\n      const msg = err instanceof Error ? err.message : \"Failed to read body\";\n      sendJsonError(res, msg, 413);\n      return true;\n    }\n  }\n\n  const fullUrl = new URL(req.url ?? pathname, \"http://localhost\");\n  const upstreamUrl = `${baseUrl}${buildUpstreamPath(pathname)}${fullUrl.search}`;\n  const upstreamResponse = await fetch(upstreamUrl, {\n    method,\n    headers,\n    body,\n    redirect: \"manual\",\n    signal: AbortSignal.timeout(PROXY_TIMEOUT_MS),\n  });\n\n  if (upstreamResponse.status === 402) {\n    await forward402(res, upstreamResponse);\n    return true;\n  }\n\n  const payload = await readJsonResponse(upstreamResponse);\n  sendJson(res, payload, upstreamResponse.status);\n  return true;\n}\n\nasync function forward402(\n  res: http.ServerResponse,\n  upstream: Response,\n): Promise<void> {\n  const wwwAuth = upstream.headers.get(\"www-authenticate\");\n  const contentType = upstream.headers.get(\"content-type\") ?? \"application/json\";\n  const bodyText = await upstream.text();\n  res.statusCode = 402;\n  res.setHeader(\"Content-Type\", contentType);\n  if (wwwAuth) res.setHeader(\"WWW-Authenticate\", wwwAuth);\n  res.end(bodyText);\n}\n"
+  ],
+  "mappings": ";;;;;;;;;;;;;;;;;;;AAKA;AAAA;;;ACLA;AACA;AACA;AAqBA,SAAS,iBAAiB,CAAC,OAAuB;AAAA,EAChD,OAAO,MACJ,KAAK,EACL,YAAY,EACZ,QAAQ,YAAY,EAAE;AAAA;AAG3B,SAAS,mBAAmB,CAAC,QAA+B;AAAA,EAC1D,MAAM,QAAQ,OAAO,MAAM,GAAG;AAAA,EAC9B,IAAI,MAAM,SAAS,KAAK,MAAM,SAAS;AAAA,IAAG,OAAO;AAAA,EAEjD,MAAM,SAAS,MAAM,IAAI,CAAC,SAAS;AAAA,IACjC,IAAI,CAAC,mBAAmB,KAAK,IAAI;AAAA,MAAG,OAAO,OAAO;AAAA,IAClD,OAAO,OAAO,SAAS,MAAM,EAAE;AAAA,GAChC;AAAA,EACD,IAAI,OAAO,KAAK,CAAC,UAAU,CAAC,OAAO,SAAS,KAAK,CAAC;AAAA,IAAG,OAAO;AAAA,EAE5D,OAAO,IAAI,MAAM,OAAO,WAAW,IAAI,CAAC,GAAG,OAAO,EAAE,IAAI;AAAA,EACxD,MAAM,SAAS,CAAC,MAAM,GAAG,KAAK,KAAM,MAAM,GAAG,KAAK,GAAI;AAAA,EACtD,OAAO,OAAO,KAAK,GAAG;AAAA;AAGxB,SAAS,gBAAgB,CAAC,IAA2B;AAAA,EACnD,IAAI;AAAA,IACF,OAAO,IAAI,IAAI,WAAW,MAAM,EAAE,SAAS,QAAQ,YAAY,EAAE;AAAA,IACjE,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAIX,SAAS,oBAAoB,CAAC,IAAoB;AAAA,EAChD,MAAM,OAAO,kBAAkB,EAAE,EAAE,MAAM,GAAG,EAAE;AAAA,EAC9C,IAAI,CAAC;AAAA,IAAM,OAAO;AAAA,EAElB,IAAI,aAAa;AAAA,EACjB,IAAI,IAAI,KAAK,UAAU,MAAM,GAAG;AAAA,IAC9B,aAAa,iBAAiB,UAAU,KAAK;AAAA,EAC/C;AAAA,EAEA,IAAI,SAAwB;AAAA,EAC5B,IAAI,WAAW,WAAW,SAAS,GAAG;AAAA,IACpC,SAAS,WAAW,MAAM,UAAU,MAAM;AAAA,EAC5C,EAAO,SAAI,WAAW,WAAW,iBAAiB,GAAG;AAAA,IACnD,SAAS,WAAW,MAAM,kBAAkB,MAAM;AAAA,EACpD;AAAA,EACA,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EAEpB,IAAI,IAAI,KAAK,MAAM,MAAM;AAAA,IAAG,OAAO;AAAA,EACnC,OAAO,oBAAoB,MAAM,KAAK;AAAA;AAGxC,SAAS,MAAM,CAAC,MAAc,QAAgD;AAAA,EAC5E,MAAM,SAAS,eAAe,IAAI;AAAA,EAClC,IAAI,WAAW,MAAM;AAAA,IACnB,MAAM,IAAI,MAAM,mCAAmC,MAAM;AAAA,EAC3D;AAAA,EACA,MAAM,QAAQ,KAAK;AAAA,EACnB,MAAM,OAAO,UAAU,KAAK,IAAK,cAAc,UAAW;AAAA,EAC1D,OAAO,EAAE,MAAM,SAAS,MAAM,KAAK;AAAA;AAGrC,SAAS,cAAc,CAAC,IAA2B;AAAA,EACjD,MAAM,QAAQ,GAAG,MAAM,GAAG;AAAA,EAC1B,IAAI,MAAM,WAAW;AAAA,IAAG,OAAO;AAAA,EAE/B,IAAI,QAAQ;AAAA,EACZ,WAAW,QAAQ,OAAO;AAAA,IACxB,IAAI,CAAC,YAAY,KAAK,IAAI;AAAA,MAAG,OAAO;AAAA,IACpC,MAAM,QAAQ,OAAO,SAAS,MAAM,EAAE;AAAA,IACtC,IAAI,CAAC,OAAO,UAAU,KAAK,KAAK,QAAQ,KAAK,QAAQ;AAAA,MAAK,OAAO;AAAA,IACjE,QAAS,SAAS,IAAK;AAAA,EACzB;AAAA,EAEA,OAAO,UAAU;AAAA;AAGnB,SAAS,aAAa,CAAC,IAAqB;AAAA,EAC1C,MAAM,QAAQ,eAAe,EAAE;AAAA,EAC/B,IAAI,UAAU;AAAA,IAAM,OAAO;AAAA,EAC3B,OAAO,mBAAmB,KAAK,CAAC,UAAU,QAAQ,KAAK,UAAU,KAAK,IAAI;AAAA;AAG5E,SAAS,aAAa,CAAC,IAAqB;AAAA,EAC1C,MAAM,aAAa,GAAG,YAAY;AAAA,EAClC,OACE,eAAe,QACf,eAAe,SACf,qBAAqB,KAAK,UAAU,KACpC,sBAAsB,KAAK,UAAU,KACrC,WAAW,WAAW,IAAI;AAAA;AAI9B,SAAS,WAAW,CAAC,IAAqB;AAAA,EACxC,MAAM,aAAa,qBAAqB,EAAE;AAAA,EAC1C,MAAM,SAAS,IAAI,KAAK,UAAU;AAAA,EAClC,IAAI,WAAW;AAAA,IAAG,OAAO,cAAc,UAAU;AAAA,EACjD,IAAI,WAAW;AAAA,IAAG,OAAO,cAAc,UAAU;AAAA,EACjD,OAAO;AAAA;AAGT,eAAsB,oBAAoB,CACxC,QACwB;AAAA,EACxB,IAAI;AAAA,EACJ,IAAI;AAAA,IACF,SAAS,IAAI,IAAI,MAAM;AAAA,IACvB,MAAM;AAAA,IACN,OAAO,4BAA4B;AAAA;AAAA,EAGrC,IAAI,OAAO,aAAa,UAAU;AAAA,IAChC,OAAO,uCAAuC,OAAO,iBAAiB;AAAA,EACxE;AAAA,EAEA,MAAM,WAAW,kBAAkB,OAAO,QAAQ;AAAA,EAClD,IAAI,CAAC,UAAU;AAAA,IACb,OAAO,4BAA4B;AAAA,EACrC;AAAA,EAEA,IACE,aAAa,eACb,SAAS,SAAS,YAAY,KAC9B,SAAS,SAAS,QAAQ,GAC1B;AAAA,IACA,OAAO,mBAAmB;AAAA,EAC5B;AAAA,EAGA,MAAM,WAAW,QAAQ,IAAI,WAAW,KAAK,EAAE,YAAY;AAAA,EAC3D,IACE,MAIA;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAEA,IAAI,YAAY,QAAQ,GAAG;AAAA,IACzB,OAAO,mBAAmB;AAAA,EAC5B;AAAA,EAEA,IAAI;AAAA,IACF,MAAM,UAAU,MAAM,aAAa,UAAU,EAAE,KAAK,KAAK,CAAC;AAAA,IAC1D,MAAM,YAAY,MAAM,QAAQ,OAAO,IAAI,UAAU,CAAC,OAAO;AAAA,IAC7D,WAAW,SAAS,WAAW;AAAA,MAC7B,MAAM,KACJ,OAAO,UAAU,WACb,QACC,MAA8B;AAAA,MACrC,IAAI,YAAY,EAAE,GAAG;AAAA,QACnB,OACE,mBAAmB,uBAAuB,SAC1C;AAAA,MAEJ;AAAA,IACF;AAAA,IACA,MAAM;AAAA,IACN,OAAO,mBAAmB;AAAA;AAAA,EAG5B,OAAO;AAAA;AAAA,IArLH,cAEA;AAAA;AAAA,EAFA,eAAe,UAAU,IAAI,MAAM;AAAA,EAEnC,qBAA4D;AAAA,IAChE,OAAO,WAAW,CAAC;AAAA,IACnB,OAAO,YAAY,CAAC;AAAA,IACpB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,aAAa,CAAC;AAAA,IACrB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,aAAa,EAAE;AAAA,IACtB,OAAO,cAAc,EAAE;AAAA,IACvB,OAAO,aAAa,EAAE;AAAA,IACtB,OAAO,gBAAgB,EAAE;AAAA,IACzB,OAAO,eAAe,EAAE;AAAA,IACxB,OAAO,aAAa,CAAC;AAAA,IACrB,OAAO,aAAa,CAAC;AAAA,EACvB;AAAA;;;ACdO,SAAS,wBAAwB,CACtC,OAC2C;AAAA,EAC3C,OACE,UAAU,QACV,UAAU,aACV,OAAQ,MAA0C,oBAChD;AAAA;AAIC,SAAS,oBAAoB,CAAC,OAAiD;AAAA,EACpF,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO;AAAA,EACtC,MAAM,UAAU,MAAM,KAAK;AAAA,EAC3B,IAAI,CAAC,WAAW,QAAQ,YAAY,MAAM;AAAA,IAAc,OAAO;AAAA,EAC/D,OAAO;AAAA;;;ACIF,SAAS,oBAAoB,CAClC,OACe;AAAA,EACf,IAAI,OAAO,UAAU;AAAA,IAAU,OAAO;AAAA,EACtC,MAAM,UAAU,MAAM,KAAK;AAAA,EAC3B,OAAO,QAAQ,SAAS,IAAI,UAAU;AAAA;AAGxC,SAAS,yBAAyB,CAChC,SACe;AAAA,EACf,MAAM,cAAc,SAAS,aAAa,uBAAuB;AAAA,EACjE,IAAI,OAAO,gBAAgB,UAAU;AAAA,IACnC,OAAO,qBAAqB,WAAW;AAAA,EACzC;AAAA,EAEA,MAAM,cAAc,SAAS,WAAW,SAAS;AAAA,EACjD,OAAO,OAAO,gBAAgB,WAC1B,qBAAqB,WAAW,IAChC;AAAA;AAGC,SAAS,uBAAsB,CACpC,YACe;AAAA,EACf,MAAM,YACJ,qBAAqB,cAAc,QAAQ,IAAI,sBAAsB,KACrE;AAAA,EACF,IAAI;AAAA,IACF,MAAM,SAAS,IAAI,IAAI,SAAS;AAAA,IAChC,IAAI,OAAO,aAAa,WAAW,OAAO,aAAa,UAAU;AAAA,MAC/D,OAAO;AAAA,IACT;AAAA,IACA,OAAO,OAAO;AAAA,IACd,OAAO,SAAS;AAAA,IAChB,MAAM,iBAAiB,OAAO,SAAS,EAAE,QAAQ,QAAQ,EAAE;AAAA,IAC3D,OAAO,eAAe,SAAS,SAAS,IACpC,iBACA,GAAG;AAAA,IACP,MAAM;AAAA,IACN,OAAO;AAAA;AAAA;AAIJ,SAAS,kBAAkB,CAChC,QACA,SACe;AAAA,EACf,OAAO,qBACL,QAAQ,OAAO,UACb,0BAA0B,OAAO,KACjC,QAAQ,IAAI,qBAChB;AAAA;AAAA,IA7DW,6BAA6B;;;ACN1C;AAEA;AAZA;AAAA;AAAA;AAAA;AAoBA,IAAM,mBAAmB;AACzB,IAAM,iBAAiB;AACvB,IAAM,0BACJ;AAEF,SAAS,kBAAkB,CACzB,OACe;AAAA,EACf,MAAM,YAAY,MAAM,SAAS,WAAoB,YAAY;AAAA,EACjE,MAAM,gBACJ,yBAAyB,SAAS,KAAK,UAAU,gBAAgB,MAAM,OACnE,qBAAqB,UAAU,YAAY,CAAC,IAC5C;AAAA,EACN,OAAO,iBAAiB,mBAAmB,MAAM,QAAQ,MAAM,OAAO;AAAA;AAGxE,SAAS,gBAAgB,CACvB,QACA,QACwB;AAAA,EACxB,MAAM,aAAa,OAAO,OAAO,YAAY,KAAK;AAAA,EAClD,MAAM,UAAkC;AAAA,IACtC,QAAQ;AAAA,IACR,gBAAgB;AAAA,IAChB,eAAe,UAAU;AAAA,EAC3B;AAAA,EACA,IAAI;AAAA,IAAY,QAAQ,mBAAmB;AAAA,EAC3C,OAAO;AAAA;AAGT,SAAS,QAAQ,CAAC,KAAwD;AAAA,EACxE,OAAO,IAAI,QAA4B,CAAC,SAAS,WAAW;AAAA,IAC1D,MAAM,SAAmB,CAAC;AAAA,IAC1B,IAAI,OAAO;AAAA,IACX,IAAI,GAAG,QAAQ,CAAC,UAAkB;AAAA,MAChC,QAAQ,MAAM;AAAA,MACd,IAAI,OAAO,gBAAgB;AAAA,QACzB,OAAO,IAAI,MAAM,wBAAwB,CAAC;AAAA,QAC1C;AAAA,MACF;AAAA,MACA,OAAO,KAAK,KAAK;AAAA,KAClB;AAAA,IACD,IAAI,GAAG,OAAO,MACZ,QACE,OAAO,SAAS,IAAI,OAAO,OAAO,MAAM,EAAE,SAAS,OAAO,IAAI,SAChE,CACF;AAAA,IACA,IAAI,GAAG,SAAS,MAAM;AAAA,GACvB;AAAA;AAGH,eAAe,gBAAgB,CAAC,UAAsC;AAAA,EACpE,OAAO,SAAS,KAAK,EAAE,MAAM,aAAa;AAAA,IACxC,SAAS,SAAS;AAAA,IAClB,OAAO,MAAM,SACV,KAAK,EACL,MAAM,MAAM,sCAAsC;AAAA,EACvD,EAAE;AAAA;AAGJ,SAAS,iBAAiB,CAAC,WAA2B;AAAA,EACpD,MAAM,SAAS,wBAAwB,SAAS;AAAA,EAChD,IAAI,CAAC,QAAQ;AAAA,IACX,MAAM,IAAI,MAAM,oCAAoC;AAAA,EACtD;AAAA,EACA,OAAO,WAAW,OAAO,WAAW,OAAO;AAAA;AAG7C,IAAM,+BAGD;AAAA,EACH,EAAE,QAAQ,QAAQ,SAAS,qBAAqB;AAAA,EAChD,EAAE,QAAQ,OAAO,SAAS,oBAAoB;AAAA,EAC9C,EAAE,QAAQ,QAAQ,SAAS,aAAa;AAAA,EACxC,EAAE,QAAQ,OAAO,SAAS,oBAAoB;AAAA,EAC9C,EAAE,QAAQ,QAAQ,SAAS,eAAe;AAC5C;AAEA,SAAS,uBAAuB,CAC9B,UACmD;AAAA,EACnD,MAAM,QAAQ,wBAAwB,KAAK,QAAQ;AAAA,EACnD,IAAI,CAAC;AAAA,IAAO,OAAO;AAAA,EACnB,SAAS,UAAU,gBAAgB;AAAA,EACnC,OAAO,WAAW,EAAE,UAAU,aAAa,IAAI;AAAA;AAGjD,SAAS,UAAU,CAAC,QAAgB,UAA2B;AAAA,EAC7D,MAAM,SAAS,wBAAwB,QAAQ;AAAA,EAC/C,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EACpB,OAAO,6BAA6B,KAClC,CAAC,UAAU,MAAM,WAAW,UAAU,MAAM,QAAQ,KAAK,OAAO,YAAY,CAC9E;AAAA;AAGF,eAAsB,8BAA8B,CAClD,KACA,KACA,UACA,QACA,OACkB;AAAA,EAClB,MAAM,SAAS,wBAAwB,QAAQ;AAAA,EAC/C,IAAI,CAAC;AAAA,IAAQ,OAAO;AAAA,EAEpB,IAAI,CAAC,WAAW,QAAQ,QAAQ,GAAG;AAAA,IACjC,cAAc,KAAK,uCAAuC,GAAG;AAAA,IAC7D,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,mBAAmB,KAAK;AAAA,EACvC,IAAI,CAAC,QAAQ;AAAA,IACX,cACE,KACA,+DACA,GACF;AAAA,IACA,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,UAAU,sBAAsB,MAAM,OAAO,OAAO,OAAO;AAAA,EACjE,MAAM,WAAW,MAAM,qBAAqB,OAAO;AAAA,EACnD,IAAI,UAAU;AAAA,IACZ,cAAc,KAAK,UAAU,GAAG;AAAA,IAChC,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,UAAU,iBAAiB,MAAM,QAAQ,MAAM;AAAA,EACrD,IAAI;AAAA,EACJ,IAAI,WAAW,QAAQ;AAAA,IACrB,IAAI;AAAA,MACF,OAAO,MAAM,SAAS,GAAG;AAAA,MACzB,OAAO,KAAK;AAAA,MACZ,MAAM,MAAM,eAAe,QAAQ,IAAI,UAAU;AAAA,MACjD,cAAc,KAAK,KAAK,GAAG;AAAA,MAC3B,OAAO;AAAA;AAAA,EAEX;AAAA,EAEA,MAAM,UAAU,IAAI,IAAI,IAAI,OAAO,UAAU,kBAAkB;AAAA,EAC/D,MAAM,cAAc,GAAG,UAAU,kBAAkB,QAAQ,IAAI,QAAQ;AAAA,EACvE,MAAM,mBAAmB,MAAM,MAAM,aAAa;AAAA,IAChD;AAAA,IACA;AAAA,IACA;AAAA,IACA,UAAU;AAAA,IACV,QAAQ,YAAY,QAAQ,gBAAgB;AAAA,EAC9C,CAAC;AAAA,EAED,IAAI,iBAAiB,WAAW,KAAK;AAAA,IACnC,MAAM,WAAW,KAAK,gBAAgB;AAAA,IACtC,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,UAAU,MAAM,iBAAiB,gBAAgB;AAAA,EACvD,SAAS,KAAK,SAAS,iBAAiB,MAAM;AAAA,EAC9C,OAAO;AAAA;AAGT,eAAe,UAAU,CACvB,KACA,UACe;AAAA,EACf,MAAM,UAAU,SAAS,QAAQ,IAAI,kBAAkB;AAAA,EACvD,MAAM,cAAc,SAAS,QAAQ,IAAI,cAAc,KAAK;AAAA,EAC5D,MAAM,WAAW,MAAM,SAAS,KAAK;AAAA,EACrC,IAAI,aAAa;AAAA,EACjB,IAAI,UAAU,gBAAgB,WAAW;AAAA,EACzC,IAAI;AAAA,IAAS,IAAI,UAAU,oBAAoB,OAAO;AAAA,EACtD,IAAI,IAAI,QAAQ;AAAA;",
+  "debugId": "868735A1EE187E7764756E2164756E21",
+  "names": []
+}

package/dist/services/cloud-auth.d.ts

@@ -50,7 +50,7 @@ export interface CloudSsoSession {
 export interface SsoRedirectArgs {
     /**
      * Local URL the user should land on after the SSO round-trip
-     * (e.g. `/onboarding/setup`). The dashboard's callback route forwards
+     * (e.g. `/first-run/setup`). The dashboard's callback route forwards
      * to this once the session cookie is set; it is NOT sent to the cloud
      * issuer.
      */

package/dist/services/cloud-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cloud-auth.d.ts","sourceRoot":"","sources":["../../src/services/cloud-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAElB,OAAO,EAGR,MAAM,eAAe,CAAC;AAEvB,OAAO,KAAK,EAAE,gBAAgB,EAAsC,MAAM,gBAAgB,CAAC;AAE3F,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AA8B/D;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,qBAAqB,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,GAAG,CAAC,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,SAAS,EAAE,qBAAqB,CAAC;IACjC,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,qDAAqD;IACrD,GAAG,CAAC,EAAE,gBAAgB,CAAC;IACvB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAUD,UAAU,eAAe;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAgDD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,eAAe,GAAG,MAAM,CAuBjG;AAqED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,sBAAsB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAiE7F;AAID,qBAAa,gBAAiB,SAAQ,OAAO;IAC3C,MAAM,CAAC,WAAW,SAAgB;IAClC,qBAAqB,SAA+D;IAEpF,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,WAAW,CAAiC;gBAExC,OAAO,CAAC,EAAE,aAAa;WAKtB,KAAK,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAMtD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;YAIb,UAAU;YA+DV,cAAc;IAY5B;;;;;;;;OAQG;IACG,sBAAsB,IAAI,OAAO,CAAC,gBAAgB,CAAC;IA6BzD,sBAAsB,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB;IAkBhE,SAAS,IAAI,IAAI;IAKjB,eAAe,IAAI,OAAO;IAG1B,cAAc,IAAI,gBAAgB,GAAG,IAAI;IAGzC,SAAS,IAAI,MAAM,GAAG,SAAS;IAG/B,SAAS,IAAI,cAAc;IAG3B,SAAS,IAAI,MAAM,GAAG,SAAS;IAG/B,iBAAiB,IAAI,MAAM,GAAG,SAAS;CAGxC"}
+{"version":3,"file":"cloud-auth.d.ts","sourceRoot":"","sources":["../../src/services/cloud-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EACL,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAElB,OAAO,EAGR,MAAM,eAAe,CAAC;AAGvB,OAAO,KAAK,EAAE,gBAAgB,EAAsC,MAAM,gBAAgB,CAAC;AAE3F,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AA8B/D;;;;;;;GAOG;AACH,MAAM,WAAW,qBAAqB;IACpC,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChC;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,qBAAqB,CAAC;CAC/B;AAED,MAAM,WAAW,eAAe;IAC9B;;;;;OAKG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB;;;;OAIG;IACH,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,GAAG,CAAC,EAAE,gBAAgB,CAAC;CACxB;AAED,MAAM,WAAW,gBAAgB;IAC/B,uDAAuD;IACvD,IAAI,EAAE,MAAM,CAAC;IACb,gEAAgE;IAChE,KAAK,EAAE,MAAM,CAAC;IACd;;;OAGG;IACH,aAAa,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,SAAS,EAAE,qBAAqB,CAAC;IACjC,kEAAkE;IAClE,SAAS,CAAC,EAAE,OAAO,KAAK,CAAC;IACzB,qDAAqD;IACrD,GAAG,CAAC,EAAE,gBAAgB,CAAC;IACvB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAUD,UAAU,eAAe;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAgDD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,qBAAqB,EAAE,IAAI,EAAE,eAAe,GAAG,MAAM,CAuBjG;AAqED;;;;;;;;;;;;;;GAcG;AACH,wBAAsB,sBAAsB,CAAC,IAAI,EAAE,gBAAgB,GAAG,OAAO,CAAC,eAAe,CAAC,CAiE7F;AAID,qBAAa,gBAAiB,SAAQ,OAAO;IAC3C,MAAM,CAAC,WAAW,SAAgB;IAClC,qBAAqB,SAA+D;IAEpF,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,WAAW,CAAiC;gBAExC,OAAO,CAAC,EAAE,aAAa;WAKtB,KAAK,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAMtD,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;YAIb,UAAU;YA+DV,cAAc;IAkB5B;;;;;;;;OAQG;IACG,sBAAsB,IAAI,OAAO,CAAC,gBAAgB,CAAC;IA6BzD,sBAAsB,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB;IAkBhE,SAAS,IAAI,IAAI;IAKjB,eAAe,IAAI,OAAO;IAG1B,cAAc,IAAI,gBAAgB,GAAG,IAAI;IAGzC,SAAS,IAAI,MAAM,GAAG,SAAS;IAG/B,SAAS,IAAI,cAAc;IAG3B,SAAS,IAAI,MAAM,GAAG,SAAS;IAG/B,iBAAiB,IAAI,MAAM,GAAG,SAAS;CAGxC"}

package/dist/services/cloud-auth.js

@@ -59,6 +59,7 @@ import {
   resolveApiSecurityConfig,
   resolveDesktopApiPort
 } from "@elizaos/core";
+import { isCloudReachable } from "@elizaos/shared";
 import { createRemoteJWKSet, jwtVerify } from "jose";
 async function deriveDeviceId() {
   const os = await import("node:os");
@@ -283,9 +284,13 @@ class CloudAuthService extends Service {
     }
   }
   async validateApiKey(key) {
+    if (!await isCloudReachable()) {
+      logger.warn("[CloudAuth] Cloud unreachable at boot — skipping API key validation; key will be used as-is");
+      return false;
+    }
     try {
       const validationClient = new CloudApiClient(this.client.getBaseUrl(), key);
-      await validationClient.get("/models", { timeoutMs: 1e4 });
+      await validationClient.get("/models", { timeoutMs: 2500 });
       return true;
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err);
@@ -360,4 +365,4 @@ export {
   CloudAuthService
 };
 
-//# debugId=500754D72B6C3D2B64756E2164756E21
+//# debugId=C706585F0178D71764756E2164756E21