wip: parallel agent changes (on main)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: Shaw

packages/cloud-frontend/public/_headers

@@ -19,6 +19,15 @@
   X-XSS-Protection: 1; mode=block
   Permissions-Policy: camera=(), microphone=(self), geolocation=()
   Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
+  Cache-Control: no-cache
+
+# Hashed assets under /assets/* are content-addressed and immutable. Pin
+# them to a long cache so they survive the no-cache rule on /* above. This
+# pair (no-cache HTML + immutable assets) is the standard cache discipline
+# for hashed-bundle SPAs: deploys propagate instantly without re-fetching
+# unchanged JS/CSS.
+/assets/*
+  Cache-Control: public, max-age=31536000, immutable
 
 # OAuth/popup callback pages need a relaxed COOP so window.closed works
 /app-auth/*

packages/cloud-frontend/public/_redirects

@@ -17,6 +17,16 @@
 /docs                 https://docs.elizaos.ai/cloud              301
 /docs/*               https://docs.elizaos.ai/cloud/:splat       301
 
+# Hashed-asset 404s must NOT fall through to the SPA index.html. When a
+# stale browser HTML references an asset hash that no longer exists, the
+# catch-all below would otherwise return index.html with status 200 for
+# the missing .js, and the browser would fail strict MIME checking with
+# "Expected a JavaScript-or-Wasm module script but the server responded
+# with a MIME type of text/html". Returning a real 404 lets the chunk-load
+# error boundary in src/providers/ConditionalWalletProviders.tsx catch it
+# and self-heal via a single hard reload.
+/assets/*  /index.html  404
+
 # SPA fallback — every other path falls through to index.html so React
 # Router can resolve client-side routes.
 /*  /index.html  200

packages/cloud-frontend/src/components/landing/hero-section.tsx

@@ -31,8 +31,7 @@ export default function HeroSection() {
         </h1>
         <p className="mt-6 max-w-2xl text-xl font-medium leading-snug text-black/80 sm:text-2xl">
           {t("cloud.landing.heroSubtitle", {
-            defaultValue:
-              "Hosting, APIs and commerce tools for agents.",
+            defaultValue: "Hosting, APIs and commerce tools for agents.",
           })}
         </p>
         <div className="mt-10 flex w-full flex-col gap-3 sm:w-auto sm:flex-row sm:flex-wrap">

packages/cloud-frontend/src/dashboard/admin/rpc-status/Page.tsx

@@ -1,6 +1,13 @@
 /** /dashboard/admin/rpc-status — verify the worker can reach each chain's RPC. */
 
-import { Badge, Button, Card, CardContent, CardHeader, CardTitle } from "@elizaos/ui";
+import {
+  Badge,
+  Button,
+  Card,
+  CardContent,
+  CardHeader,
+  CardTitle,
+} from "@elizaos/ui";
 import { useQuery } from "@tanstack/react-query";
 import { Loader2, RefreshCw } from "lucide-react";
 import { Helmet } from "react-helmet-async";
@@ -66,7 +73,9 @@ export default function AdminRpcStatusPage() {
         {error && (
           <Card className="border-destructive">
             <CardContent className="p-4 text-destructive">
-              {error instanceof Error ? error.message : "Failed to load RPC status"}
+              {error instanceof Error
+                ? error.message
+                : "Failed to load RPC status"}
             </CardContent>
           </Card>
         )}
@@ -84,7 +93,11 @@ export default function AdminRpcStatusPage() {
               <CardHeader>
                 <CardTitle className="flex items-center gap-2">
                   Treasury hot wallet
-                  <Badge variant={payload.hotWalletAddress ? "default" : "destructive"}>
+                  <Badge
+                    variant={
+                      payload.hotWalletAddress ? "default" : "destructive"
+                    }
+                  >
                     {payload.hotWalletAddress ? "configured" : "missing"}
                   </Badge>
                 </CardTitle>
@@ -99,7 +112,10 @@ export default function AdminRpcStatusPage() {
 
             <div className="grid grid-cols-1 gap-3 md:grid-cols-3">
               {payload.evm.map((p) => (
-                <Card key={p.network} className={p.reachable ? "" : "border-destructive"}>
+                <Card
+                  key={p.network}
+                  className={p.reachable ? "" : "border-destructive"}
+                >
                   <CardHeader>
                     <CardTitle className="flex items-center justify-between text-base">
                       <span className="capitalize">{p.network}</span>
@@ -115,15 +131,18 @@ export default function AdminRpcStatusPage() {
                     <div>latency: {p.latencyMs ?? "—"} ms</div>
                     <div>latest block: {p.latestBlock ?? "—"}</div>
                     <div>
-                      ELIZA balance: {p.hotWalletBalance?.toLocaleString() ?? "—"}
+                      ELIZA balance:{" "}
+                      {p.hotWalletBalance?.toLocaleString() ?? "—"}
                     </div>
                     {p.error && (
-                      <div className="break-all text-destructive">error: {p.error}</div>
+                      <div className="break-all text-destructive">
+                        error: {p.error}
+                      </div>
                     )}
                     {p.rpcSource === "public_default" && (
                       <div className="text-amber-500">
-                        Using chain's public RPC — set a dedicated provider URL for
-                        production.
+                        Using chain's public RPC — set a dedicated provider URL
+                        for production.
                       </div>
                     )}
                   </CardContent>

packages/cloud-frontend/src/dashboard/billing/_components/direct-crypto-credit-card.tsx

@@ -11,12 +11,22 @@ import { useConnection, useWallet } from "@solana/wallet-adapter-react";
 import { useWalletModal } from "@solana/wallet-adapter-react-ui";
 import { PublicKey, Transaction } from "@solana/web3.js";
 import { Coins, Loader2, ShieldCheck, Wallet } from "lucide-react";
-import { type CSSProperties, useEffect, useMemo, useRef, useState } from "react";
+import {
+  type CSSProperties,
+  useEffect,
+  useMemo,
+  useRef,
+  useState,
+} from "react";
 import { Link } from "react-router-dom";
 import { toast } from "sonner";
 import { erc20Abi } from "viem";
 import { useAccount, useConfig, useSwitchChain } from "wagmi";
-import { sendTransaction, waitForTransactionReceipt, writeContract } from "wagmi/actions";
+import {
+  sendTransaction,
+  waitForTransactionReceipt,
+  writeContract,
+} from "wagmi/actions";
 import type {
   CryptoStatusResponse,
   CryptoStatusTokenOption,
@@ -183,6 +193,7 @@ export function DirectCryptoCreditCard({
 
   // When the network changes (or the underlying token list does), reset the
   // selected token to the network's default so we don't carry a stale BSC
+  // biome-ignore lint/correctness/useExhaustiveDependencies: selected?.network is the intentional reset signal here
   // selection into Base/Solana.
   useEffect(() => {
     setTokenSymbol(null);
@@ -269,7 +280,10 @@ export function DirectCryptoCreditCard({
         value: BigInt(payment.instructions.amountUnits),
         chainId: cfg.chainId,
       });
-      await waitForTransactionReceipt(wagmiConfig, { hash, chainId: cfg.chainId });
+      await waitForTransactionReceipt(wagmiConfig, {
+        hash,
+        chainId: cfg.chainId,
+      });
       return hash;
     }
     if (!payment.instructions.tokenAddress) {

packages/cloud-frontend/src/dashboard/billing/_components/payment-waiting-overlay.tsx

@@ -116,7 +116,9 @@ export function PaymentWaitingOverlay({
           <p className="mt-2 text-sm text-white/65">
             {isConfirmed
               ? `Added $${data?.creditsToAdd ?? "—"} in cloud credit${
-                  data?.bonusCredits ? ` (incl. $${data.bonusCredits} bonus)` : ""
+                  data?.bonusCredits
+                    ? ` (incl. $${data.bonusCredits} bonus)`
+                    : ""
                 }.`
               : isFailed
                 ? (data?.error ??

packages/cloud-frontend/src/dashboard/security/permissions/_components/plugin-permissions-page-client.tsx

@@ -8,7 +8,7 @@ import {
 import { Puzzle } from "lucide-react";
 import { useCallback, useEffect, useState } from "react";
 import { toast } from "sonner";
-import { ApiError, api, apiFetch } from "@/lib/api-client";
+import { api, apiFetch } from "@/lib/api-client";
 import { emitAuditEvent } from "@/lib/security/audit-client";
 
 interface PluginGrant {
@@ -56,6 +56,7 @@ export function PluginPermissionsPageClient() {
     }
   };
 
+  // biome-ignore lint/correctness/useExhaustiveDependencies: load is stable scope function; running on mount only is intentional
   useEffect(() => {
     void load();
   }, []);

packages/cloud-frontend/src/pages/login/wallet-buttons.tsx

@@ -3,12 +3,7 @@ import { useWallet } from "@solana/wallet-adapter-react";
 import { useWalletModal } from "@solana/wallet-adapter-react-ui";
 import type { StewardAuth, StewardAuthResult } from "@stwd/sdk";
 import { useCallback, useEffect, useRef } from "react";
-import {
-  type Connector,
-  useAccount,
-  useConnect,
-  useSignMessage,
-} from "wagmi";
+import { type Connector, useAccount, useConnect, useSignMessage } from "wagmi";
 import { useT } from "@/providers/I18nProvider";
 
 // Phantom injects itself as an Ethereum provider but must never be used for

packages/cloud-frontend/src/providers/ConditionalWalletProviders.tsx

@@ -1,4 +1,4 @@
-import { lazy, type ReactNode, Suspense, useMemo } from "react";
+import { Component, lazy, type ReactNode, Suspense, useMemo } from "react";
 import { matchPath, useLocation } from "react-router-dom";
 
 /**
@@ -34,6 +34,48 @@ const LazyStewardWalletProviders = lazy(async () => {
   return { default: mod.StewardWalletProviders };
 });
 
+const CHUNK_RELOAD_FLAG = "eliza:chunk-reload-attempted";
+
+function isChunkLoadError(error: unknown): boolean {
+  if (!(error instanceof Error)) return false;
+  const message = error.message ?? "";
+  return (
+    error.name === "ChunkLoadError" ||
+    message.includes("Failed to fetch dynamically imported module") ||
+    message.includes("Importing a module script failed") ||
+    message.includes("error loading dynamically imported module") ||
+    /Expected a JavaScript-or-Wasm module script/.test(message)
+  );
+}
+
+class ChunkLoadErrorBoundary extends Component<
+  { children: ReactNode; fallback: ReactNode },
+  { failed: boolean }
+> {
+  state = { failed: false };
+
+  static getDerivedStateFromError(error: unknown) {
+    if (isChunkLoadError(error)) {
+      if (typeof window !== "undefined") {
+        const alreadyTried =
+          window.sessionStorage.getItem(CHUNK_RELOAD_FLAG) === "1";
+        if (!alreadyTried) {
+          window.sessionStorage.setItem(CHUNK_RELOAD_FLAG, "1");
+          window.location.reload();
+          return { failed: true };
+        }
+      }
+      return { failed: true };
+    }
+    throw error;
+  }
+
+  render() {
+    if (this.state.failed) return this.props.fallback;
+    return this.props.children;
+  }
+}
+
 function isWalletRoute(pathname: string): boolean {
   if (pathname === "/payment/success") {
     return false;

packages/cloud-frontend/tests/e2e/direct-crypto-flow.spec.ts

@@ -195,7 +195,10 @@ async function installBscMocks(
 
     if (path === "/api/crypto/direct-payments") {
       createPaymentCalls += 1;
-      const body = await route.request().postDataJSON().catch(() => ({}));
+      const body = await route
+        .request()
+        .postDataJSON()
+        .catch(() => ({}));
       const requestedSymbol: string =
         typeof body?.tokenSymbol === "string" ? body.tokenSymbol : "USDT";
       const token =
@@ -346,7 +349,9 @@ test("/bsc shows BNB/USDT/$U token selector and $5 bonus is per-purchase, token-
   await expect(tokenSelect).toBeVisible();
   // The three BSC tokens are selectable; USDC must NOT appear.
   for (const value of ["BNB", "USDT", "U"]) {
-    await expect(tokenSelect.locator(`option[value="${value}"]`)).toHaveCount(1);
+    await expect(tokenSelect.locator(`option[value="${value}"]`)).toHaveCount(
+      1,
+    );
   }
   await expect(tokenSelect.locator('option[value="USDC"]')).toHaveCount(0);
 
@@ -455,7 +460,7 @@ test("Login with Ethereum (SIWE) excludes Phantom from the injected-provider pat
   await ethereumButton.click();
   // Brief wait for any async injected-provider call to fire.
   await page.waitForTimeout(750);
-  expect(errors.some((m) => m.includes("unexpected_phantom_account_request"))).toBe(
-    false,
-  );
+  expect(
+    errors.some((m) => m.includes("unexpected_phantom_account_request")),
+  ).toBe(false);
 });