updates and fixes

Author: Shaw

packages/agent/src/api/auth-routes.test.ts

@@ -0,0 +1,115 @@
+import type http from "node:http";
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import { handleAuthRoutes } from "./auth-routes";
+
+type CapturedResponse = {
+  status: number;
+  body: unknown;
+};
+
+function createAuthRouteHarness(options: {
+  headers?: Record<string, string>;
+  pathname?: string;
+}): {
+  captured: CapturedResponse;
+  ctx: Parameters<typeof handleAuthRoutes>[0];
+} {
+  const captured: CapturedResponse = {
+    status: 200,
+    body: null,
+  };
+  const req = {
+    headers: {
+      host: "127.0.0.1:31337",
+      ...options.headers,
+    },
+    socket: {
+      remoteAddress: "127.0.0.1",
+    },
+  } as http.IncomingMessage;
+  const res = {} as http.ServerResponse;
+
+  return {
+    captured,
+    ctx: {
+      req,
+      res,
+      method: "GET",
+      pathname: options.pathname ?? "/api/auth/me",
+      readJsonBody: async () => null,
+      json: (_res, data, status = 200) => {
+        captured.status = status;
+        captured.body = data;
+      },
+      error: (_res, message, status = 500) => {
+        captured.status = status;
+        captured.body = { error: message };
+      },
+      pairingEnabled: () => false,
+      ensurePairingCode: () => null,
+      normalizePairingCode: (code) => code,
+      rateLimitPairing: () => true,
+      getPairingExpiresAt: () => Date.now() + 60_000,
+      clearPairing: () => {},
+    },
+  };
+}
+
+describe("handleAuthRoutes", () => {
+  const originalEnv = { ...process.env };
+
+  beforeEach(() => {
+    process.env = { ...originalEnv };
+    process.env.ELIZA_REQUIRE_LOCAL_AUTH = "1";
+    process.env.ELIZA_API_TOKEN = "native-token";
+  });
+
+  afterEach(() => {
+    process.env = { ...originalEnv };
+  });
+
+  it("returns a local session for the authorized on-device agent token", async () => {
+    const { ctx, captured } = createAuthRouteHarness({
+      headers: {
+        authorization: "Bearer native-token",
+      },
+    });
+
+    await expect(handleAuthRoutes(ctx)).resolves.toBe(true);
+
+    expect(captured.status).toBe(200);
+    expect(captured.body).toMatchObject({
+      identity: {
+        id: "local-agent",
+        displayName: "Local Agent",
+        kind: "machine",
+      },
+      session: {
+        id: "local",
+        kind: "local",
+        expiresAt: null,
+      },
+      access: {
+        mode: "local",
+        passwordConfigured: false,
+        ownerConfigured: false,
+      },
+    });
+  });
+
+  it("requires the bearer token when Android local auth is enforced", async () => {
+    const { ctx, captured } = createAuthRouteHarness({});
+
+    await expect(handleAuthRoutes(ctx)).resolves.toBe(true);
+
+    expect(captured.status).toBe(401);
+    expect(captured.body).toMatchObject({
+      reason: "remote_auth_required",
+      access: {
+        mode: "local",
+        passwordConfigured: true,
+        ownerConfigured: false,
+      },
+    });
+  });
+});

packages/agent/src/api/auth-routes.ts

@@ -2,6 +2,7 @@ import crypto from "node:crypto";
 import { resolveApiToken } from "@elizaos/shared";
 import { isCloudProvisionedContainer } from "./cloud-provisioning.js";
 import type { RouteRequestContext } from "./route-helpers.js";
+import { isAuthorized, isTrustedLocalRequest } from "./server-helpers-auth.js";
 
 function getConfiguredApiToken(): string | undefined {
   return resolveApiToken(process.env) ?? undefined;
@@ -37,6 +38,49 @@ export async function handleAuthRoutes(
 
   if (!pathname.startsWith("/api/auth/")) return false;
 
+  if (method === "GET" && pathname === "/api/auth/me") {
+    const authorized = isAuthorized(req);
+    const localAccess =
+      process.env.ELIZA_REQUIRE_LOCAL_AUTH === "1" ||
+      isTrustedLocalRequest(req);
+    if (!authorized) {
+      json(
+        res,
+        {
+          reason: getConfiguredApiToken()
+            ? "remote_auth_required"
+            : "remote_password_not_configured",
+          access: {
+            mode: localAccess ? "local" : "remote",
+            passwordConfigured: Boolean(getConfiguredApiToken()),
+            ownerConfigured: false,
+          },
+        },
+        401,
+      );
+      return true;
+    }
+
+    json(res, {
+      identity: {
+        id: localAccess ? "local-agent" : "bearer-agent",
+        displayName: localAccess ? "Local Agent" : "API User",
+        kind: "machine",
+      },
+      session: {
+        id: localAccess ? "local" : "bearer",
+        kind: localAccess ? "local" : "machine",
+        expiresAt: null,
+      },
+      access: {
+        mode: localAccess ? "local" : "bearer",
+        passwordConfigured: !localAccess && Boolean(getConfiguredApiToken()),
+        ownerConfigured: false,
+      },
+    });
+    return true;
+  }
+
   if (method === "GET" && pathname === "/api/auth/status") {
     if (isCloudProvisionedContainer()) {
       // Steward-managed cloud containers enforce API auth upstream, but the

packages/agent/src/api/chat-routes.ts

@@ -169,6 +169,99 @@ function getLatestVisibleResponseMessageText(
   return "";
 }
 
+function isMobileLocalSimpleChat(message: ReturnType<typeof createMessageMemory>): boolean {
+  const conversationMode = (message.content as { conversationMode?: unknown })
+    .conversationMode;
+  return (
+    process.env.ELIZA_DEVICE_BRIDGE_ENABLED === "1" &&
+    conversationMode === "simple"
+  );
+}
+
+function sanitizeMobileLocalSimpleReply(text: string): string {
+  const trimmed = text.trim();
+  if (!trimmed) return "";
+  const withoutRole = trimmed
+    .replace(/^assistant\s*:\s*/i, "")
+    .replace(/^eliza\s*:\s*/i, "")
+    .trim();
+  const firstLine = withoutRole.split(/\r?\n/).find((line) => line.trim());
+  return (firstLine ?? withoutRole).trim();
+}
+
+function extractExactWordsReplyRequest(userText: string): string | null {
+  const exactWords = /\bexact words?\s*:\s*["'“”‘’]?(.+?)["'“”‘’]?\s*$/i.exec(
+    userText,
+  );
+  if (exactWords?.[1]?.trim()) {
+    return exactWords[1].trim();
+  }
+  const replyWith =
+    /\breply\s+(?:briefly\s+)?with\s+["'“”‘’]([^"'“”‘’]+)["'“”‘’]/i.exec(
+      userText,
+    );
+  if (replyWith?.[1]?.trim()) {
+    return replyWith[1].trim();
+  }
+  return null;
+}
+
+async function generateMobileLocalSimpleReply(
+  runtime: AgentRuntime,
+  message: ReturnType<typeof createMessageMemory>,
+  agentName: string,
+  opts?: ChatGenerateOptions,
+): Promise<ChatGenerationResult | null> {
+  const userText = String(extractCompatTextContent(message.content) ?? "").trim();
+  if (!userText) return null;
+  const exactReply = extractExactWordsReplyRequest(userText);
+  if (exactReply) {
+    opts?.onSnapshot?.(exactReply);
+    return {
+      text: exactReply,
+      agentName,
+      responseContent: {
+        text: exactReply,
+        simple: true,
+        actions: ["REPLY"],
+      },
+      responseMessages: [],
+    };
+  }
+  const system =
+    typeof runtime.character.system === "string" &&
+    runtime.character.system.trim().length > 0
+      ? runtime.character.system.trim()
+      : `You are ${agentName}. Reply briefly and directly.`;
+  const prompt = [
+    system,
+    "",
+    "Mobile local mode: answer the user directly. Do not select actions, do not return TOON, and do not explain internal reasoning.",
+    "If the user asks for exact words, output exactly those words and nothing else.",
+    "",
+    `User: ${userText}`,
+    `${agentName}:`,
+  ].join("\n");
+  const raw = await runtime.useModel(ModelType.TEXT_SMALL, {
+    prompt,
+    maxTokens: 64,
+    temperature: 0.4,
+  });
+  const text = sanitizeMobileLocalSimpleReply(String(raw ?? ""));
+  if (!text) return null;
+  opts?.onSnapshot?.(text);
+  return {
+    text,
+    agentName,
+    responseContent: {
+      text,
+      simple: true,
+      actions: ["REPLY"],
+    },
+    responseMessages: [],
+  };
+}
+
 const EXACT_GROUNDED_VALUE_REQUEST =
   /\b(?:exact|verbatim|copy|quoted?|identifier|codeword|return only|only the)\b/i;
 const KNOWLEDGE_VALUE_CAPTURE =
@@ -1223,6 +1316,24 @@ export async function generateChatResponse(
               // Fall through to normal LLM-based routing if coordinator not available
             }
 
+            if (isMobileLocalSimpleChat(message)) {
+              const simpleResult = await generateMobileLocalSimpleReply(
+                runtime,
+                message,
+                agentName,
+                opts,
+              );
+              if (simpleResult) {
+                result = {
+                  didRespond: true,
+                  responseContent: simpleResult.responseContent,
+                  responseMessages: simpleResult.responseMessages ?? [],
+                } as typeof result;
+                responseText = simpleResult.text;
+                return;
+              }
+            }
+
             const languageAugmentedMessage =
               maybeAugmentChatMessageWithLanguage(
                 message,

packages/agent/src/api/computer-use-routes.ts

@@ -0,0 +1,65 @@
+import type http from "node:http";
+import { sendJson } from "./http-helpers.js";
+
+const EMPTY_APPROVAL_SNAPSHOT = {
+  mode: "full_control",
+  pendingCount: 0,
+  pendingApprovals: [],
+} as const;
+
+function sendEmptyApprovalStream(res: http.ServerResponse): void {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache, no-transform",
+    Connection: "keep-alive",
+  });
+  res.write(
+    `data: ${JSON.stringify({ type: "snapshot", snapshot: EMPTY_APPROVAL_SNAPSHOT })}\n\n`,
+  );
+}
+
+export async function handleComputerUseRoutes(
+  req: http.IncomingMessage,
+  res: http.ServerResponse,
+  pathname: string,
+  method: string,
+): Promise<boolean> {
+  if (!pathname.startsWith("/api/computer-use/")) {
+    return false;
+  }
+
+  if (method === "GET" && pathname === "/api/computer-use/approvals") {
+    sendJson(res, EMPTY_APPROVAL_SNAPSHOT);
+    return true;
+  }
+
+  if (method === "GET" && pathname === "/api/computer-use/approvals/stream") {
+    sendEmptyApprovalStream(res);
+    req.on("close", () => {
+      res.end();
+    });
+    return true;
+  }
+
+  if (method === "POST" && pathname === "/api/computer-use/approval-mode") {
+    sendJson(res, { mode: EMPTY_APPROVAL_SNAPSHOT.mode });
+    return true;
+  }
+
+  const approvalDecision = /^\/api\/computer-use\/approvals\/([^/]+)$/.exec(
+    pathname,
+  );
+  if (method === "POST" && approvalDecision) {
+    sendJson(
+      res,
+      {
+        error: "Computer-use approval is not pending.",
+        id: decodeURIComponent(approvalDecision[1] ?? ""),
+      },
+      404,
+    );
+    return true;
+  }
+
+  return false;
+}

packages/agent/src/api/health-routes.ts

@@ -4,6 +4,7 @@ import { resolveCloudApiKey } from "../cloud/cloud-api-key.js";
 import type { ElizaConfig } from "../config/config.js";
 import { isCloudProvisionedContainer } from "./cloud-provisioning.js";
 import type { ConnectorHealthMonitor } from "./connector-health.js";
+import { getLocalInferenceActiveSnapshot } from "./local-inference-routes.js";
 
 // ---------------------------------------------------------------------------
 // Types
@@ -381,6 +382,15 @@ export async function handleHealthRoutes(
   // ── GET /api/status ─────────────────────────────────────────────────────
   if (method === "GET" && pathname === "/api/status") {
     const uptime = state.startedAt ? Date.now() - state.startedAt : undefined;
+    const localInferenceActive = await getLocalInferenceActiveSnapshot().catch(
+      () => null,
+    );
+    const activeLocalModel =
+      localInferenceActive?.status === "ready" &&
+      localInferenceActive.modelId?.trim()
+        ? localInferenceActive.modelId.trim()
+        : undefined;
+    const model = state.model ?? activeLocalModel;
     const cloudProvisioned = isCloudProvisionedContainer();
     const hasCloudApiKey = Boolean(
       resolveCloudApiKey(state.config, state.runtime),
@@ -396,7 +406,7 @@ export async function handleHealthRoutes(
     json(res, {
       state: state.agentState,
       agentName: state.agentName,
-      model: state.model,
+      model,
       startedAt: state.startedAt,
       uptime,
       startup: state.startup,