fix(app): stabilize Android local runtime boot

[NubsCarson]

Summary

Stabilizes the wrapper-side Android/local-runtime build path so Milady can build against the package-mode CI environment and the local Eliza runtime path without stale package drift.

This PR currently covers five verified areas:

• Android local-runtime wrapper polish: the WebView no longer tries to own embedded agent startup twice; Java ElizaAgentService/Agent transport remains the owner of local runtime startup and token injection.
• Package-mode UI cleanup: replaces broad legacy elizaos-ui-*compat shims with focused, app-owned voice capture / voice pill fallbacks, while keeping real package exports for @elizaos/ui/browser, style files, and source subpaths when available.
• Local/package source alignment: Vite and TypeScript resolve current @elizaos/ui browser/voice source paths, native plugin packages, and generated package layouts instead of stale dist/npm edges.
• CI/package-mode hardening: package-mode keeps package tsconfig paths when eliza/ is absent, skips local Eliza runtime release-contract steps when the nested checkout is intentionally absent, and tsdown falls back through current bundled @elizaos/app-core layouts without relying on unexported package.json subpaths.
• Release/build cleanup: cssstyle/jsdom gets a reproducible CJS color alias patch, the static asset manifest is current, and the Electrobun release workflow carries the required Whisper model artifact prepare/upload/download/seed path.

The latest refresh also refactors the CodeFactor-reported complexity hotspots in apps/app/vite.config.ts into named helper functions and removes the unicorn/no-useless-fallback-in-spread issue from scripts/pixel-local-voice-benchmark.mjs.

Related Eliza core/native PR: elizaOS/eliza#7792.

Current Source Base

Updated 2026-05-19 with normal merges, not rebases.

• PR branch head: 85335e9cb
• Latest merged origin/develop: 8c10e9fb0
• Previous source-refresh head: 6c8f89faa
• CodeFactor cleanup commit: 175334bc4
• This package-mode validation worktree intentionally has no nested eliza/ checkout; local-Eliza-only release-contract steps are skipped by design in that mode.

Validation

Local validation on fbc44b75d / 175334bc4 after the CodeFactor cleanup:

bun install --frozen-lockfile
bunx vitest run --passWithNoTests \
  apps/app/test/package-mode-aliases.test.ts \
  scripts/standalone-eliza-package-contract.test.ts \
  scripts/validate-ci-bootstrap-contract.test.ts
bun run verify:typecheck
bun run verify:lint
bun run build
bun run test
bun run test:release:contract
git diff --check

Results:

• frozen install passed with the refreshed lockfile
• targeted package/standalone tests: 2 files passed, 23 tests passed
• typecheck passed
• lint passed
• production build passed; only existing Vite static/dynamic import and large chunk warnings were emitted
• unit tests passed: 18 files, 105 tests passed, 2 skipped
• release contract passed: 1 file, 1 test passed, 1 skipped; local eliza/ release-check steps skipped because this is the package-mode worktree
• whitespace check passed

GitHub validation on fbc44b75d:

• CI All Tests Passed: success
• Lint & Format: success
• Type Check: success
• Unit Tests: success
• Build: success
• Validate Electrobun Release Workflow: success
• CodeQL JS/TS + Python: success
• CodeFactor: success

Previous Android APK validation still applies to the local-runtime build path:

ELIZA_DFLASH_ANDROID_LIBDIR=/home/nubs/.eliza/local-inference/bin/dflash/apk-android-arm64-cpu-fused-shawlatest-3de6dc888/arm64-v8a \
MILADY_ELIZA_SOURCE=local \
node scripts/run-eliza-app-core-script.mjs run-mobile-build.mjs android

That build completed with BUILD SUCCESSFUL in 1m 53s, produced a 771M debug APK, and packaged stable Bun, Agent/BunRuntime local plugins, Shaw's llama.cpp fork libs, Qwen35/Qwen35MoE/Qwen3Next/DFlash markers, MTP markers, and QJL/Polar/TBQ/fused-attention kernel strings.

Known External Gate

Auth tests (P0 gate) / Agent Review Verdict still fails because it is a pull_request_target workflow, so it runs the workflow file from base develop, not this PR branch. Earlier logs failed before the PR-side guard could take effect. This branch includes the guard, but that specific P0 cannot observe the workflow fix until the workflow change exists on the base branch.

Caveats

No Pixel device was available in this desktop validation session, so this refresh does not claim fresh on-device chat, audio, NNAPI/TPU, microphone, or trajectory validation. The latest evidence is package-mode host build/test/release-contract proof plus the earlier APK build proof.

This PR validates the local-runtime sideload APK build path. The Play Store/cloud APK remains a separate thin-client target and should not inherit the bundled local native runtime by accident.

Current CI Note

The normal package-mode CI lanes for this PR are green. The remaining red gate is the shared pull_request_target Agent Review/Auth P0 workflow from base develop, which cannot see PR-side workflow changes. The focused base-workflow fix is tracked in #2158 (fix(ci): guard package-mode workflows); this PR remains the app/runtime package-mode fix.

Current Stack Note

Updated 2026-05-19 after latest origin/develop advanced to 8c10e9fb0: merged the base, resolved the apps/app/src/main.tsx conflict by keeping upstream app-core window-shell helpers plus the package-mode pill-stubs.tsx, then fixed the refreshed CI Build failure caused by an unguarded node eliza/packages/app-core/scripts/link-docker-local-app-packages.mjs step in package-mode checkouts. Local checks passed: bun run --cwd apps/app typecheck, bun run test:release:contract, bun run verify:lint, bunx vitest run scripts/ci-bootstrap-contract.test.ts, node scripts/validate-ci-bootstrap-contract.mjs, and git diff --check. GitHub checks are re-running on 85335e9cb. Local package-mode validation on this head passed: focused Vitest package/workflow contracts (4 files, 60 passed, 1 skipped), node scripts/validate-ci-bootstrap-contract.mjs, Biome on touched TS/MJS files, git diff --check, and bun run build in a worktree with no eliza/ checkout.

#2158 remains stacked on this PR and has also been refreshed onto the new #2153 head. The remaining Auth P0 / Agent Review red checks are still the known pull_request_target limitation: GitHub runs the workflow YAML from current develop, so PR-side workflow guards cannot affect that gate until the guard lands on develop.

Note

Delegate Android local runtime boot to ElizaAgentService and stabilize CI package linking

• Replaces the BunRuntime plugin startup path in android-local-runtime-boot.ts with a delegation-only model: the module now marks state as delegated to ElizaAgentService and always returns false for readiness, removing all plugin loading and AGENT_READY_EVENT dispatch from the renderer.
• Adds token resolution helpers (readInjectedLocalAgentToken, persistLocalAgentToken) in main.tsx and defers device bridge startup on Android until a pairing token is available, retrying after 1s if none is found.
• Guards all CI workflow 'Link local @elizaOS workspace packages' steps with hashFiles('eliza/package.json') != '' so builds that lack an eliza workspace checkout no longer fail on that step; MILADY_FORCE_LOCAL_UPSTREAMS is also set conditionally.
• Adds browser-based voice capture and voice pill fallback components (eliza-ui-voice-capture-fallback.ts, eliza-ui-voice-pill-fallback.tsx) aliased via Vite in package mode when @elizaos/ui subpaths are not yet published.
• Substantially extends vite.config.ts with package-mode alias resolvers for UI subpaths, app-core exports, styles, and native module stubs.
• Extends align-eliza-ci-node-modules.mjs to search both root and eliza workspace node_modules, auto-discover native plugins, and verify build output content.
• Risk: sendLocalAgentMessage and getLocalAgentStatus now unconditionally throw/return not-ready on Android; any caller that previously received plugin responses will stop working.

^{Macroscope summarized 85335e9.}

[macroscopeapp]

Approvability

Verdict: Needs human review

Unable to check for correctness in 85335e9. This PR fundamentally changes Android local runtime boot architecture by delegating startup to native Java code instead of calling the BunRuntime plugin. It also introduces new UI fallback components and substantially refactors build configuration. The scope and runtime behavior impact warrant human review.

^{You can customize Macroscope's approvability policy. Learn more.}

[github-actions]

Credit balance is too low

[github-actions]

Credit balance is too low

[github-actions]

Credit balance is too low

[github-actions]

Credit balance is too low

[github-actions]

Credit balance is too low

[NubsCarson]

Merge coordination note, 2026-05-19:

Normal package-mode CI for this PR is green. The remaining Auth P0 / Agent Review red gate is the known pull_request_target limitation: GitHub runs the workflow YAML from current develop, so PR-side workflow guards cannot affect that gate yet.

Clean path: review/merge this app/runtime package-mode PR first, then handle stacked follow-up #2158 (fix(ci): guard package-mode workflows). #2158 is now based on this branch and has a narrow workflow/release-contract diff with normal CI green.

[github-actions]

Credit balance is too low

[NubsCarson]

Latest-sync note, 2026-05-19: merged current origin/develop@8c10e9fb0 into this branch, resolved the apps/app/src/main.tsx conflict by keeping upstream app-core window-shell helpers plus the package-mode pill-stubs.tsx, and pushed e40ebec1f. Local checks passed: bun run --cwd apps/app typecheck and bun run test:release:contract. GitHub now reports this PR mergeable again; CI is re-running on the refreshed head.

[NubsCarson]

Build follow-up, 2026-05-19: the refreshed head exposed a real package-mode Build failure from latest develop: node eliza/packages/app-core/scripts/link-docker-local-app-packages.mjs ran even when eliza/ was absent. Pushed 7c61555fc to guard that step in ci.yml / ci-fork.yml and only set MILADY_FORCE_LOCAL_UPSTREAMS=1 when eliza/package.json exists. Added contract coverage in ci-bootstrap-contract.test.ts and validate-ci-bootstrap-contract.mjs. Local checks passed: app typecheck, release contract, CI bootstrap contract test, validator, and whitespace check. CI is re-running.

[github-actions]

Credit balance is too low

[github-actions]

Credit balance is too low

[NubsCarson]

Final CI refresh, 2026-05-19: latest head e74191831 has normal package-mode GitHub CI green now: Build, Type Check, Unit Tests, Lint & Format, Pre-Review, Release Workflow Contract, All Tests Passed, CodeQL, and CodeFactor. The only red checks left are Auth P0 / Agent Review, still caused by the known pull_request_target base-workflow limitation.

[NubsCarson]

Update 2026-05-19: pushed 85335e9cb on top of the refreshed #2153 branch. This keeps the latest origin/develop merge and extends the package-mode guard from ci.yml/ci-fork.yml to the sibling app-building workflows that also call node eliza/packages/app-core/scripts/link-docker-local-app-packages.mjs. The linker now only runs when eliza/package.json exists, which matches package-mode checkouts where eliza/ is intentionally absent. I also removed the stale @elizaos/ui/components/ui/confirm-dialog deep import from the optional app stub and updated the package-mode alias test to assert the local PromptOptions/pill-stubs.tsx path.\n\nLocal validation on 85335e9cb:\n\n- bunx vitest run --passWithNoTests apps/app/test/package-mode-aliases.test.ts scripts/standalone-eliza-package-contract.test.ts scripts/validate-ci-bootstrap-contract.test.ts scripts/ci-bootstrap-contract.test.ts scripts/release-workflow-contract.test.mjs -> 4 files passed, 60 tests passed, 1 skipped\n- node scripts/validate-ci-bootstrap-contract.mjs -> passed\n- bunx @biomejs/biome check ... on touched TS/MJS files -> passed\n- git diff --check -> passed\n- bun run build in a package-mode worktree with no eliza/ checkout -> passed; only existing Vite chunk/static-dynamic import warnings\n\nGitHub checks are re-running on this head now. The known Auth P0 / Agent Review pull_request_target caveat still applies until the workflow guard exists on base develop.

[github-actions]

Credit balance is too low

[NubsCarson]

Status refresh (2026-05-19):

• Head remains 85335e9cb9bba9d7e8c87ef1edac72113da35f81 on codex/stock-apk-polish-20260516.
• Normal CI lanes are green: Build, Unit Tests, Type Check, Lint & Format, Release Workflow Contract, CodeQL, CodeFactor, and aggregate All Tests Passed succeeded.
• Remaining red checks are Auth tests (P0 gate) and aggregate Agent Review Verdict.
• That failure is still the known pull_request_target limitation: GitHub runs the workflow YAML from base develop, so PR-side package-mode guards are not visible to that gate until the guard lands on develop.
• The focused workflow/base guard is tracked in stacked PR fix(ci): guard package-mode workflows #2158.

No new source changes pushed to this PR in this refresh; this comment is only a status/maintainer-context update.

[codacy-production]

Pull Request Overview

The PR successfully addresses Android local runtime stabilization and configuration hardening for Vite and CI environments. Codacy analysis indicates the changes are 'Up to Standards' with no new quality issues or complexity regressions.

However, a significant functional change was identified where sendLocalAgentMessage and getLocalAgentStatus are now expected to fail on Android, which may impact features relying on renderer-side control. Additionally, while the core acceptance criteria for Android WebView delegation and CI guards are met, there are notable gaps in the automated test coverage regarding token resolution and device bridge retry logic that should be addressed before merging.

About this PR

• The changes to the Android local runtime will cause sendLocalAgentMessage and getLocalAgentStatus to fail unconditionally. Verify that no critical features currently depend on these renderer-side controls before merging.

Test suggestions

• Verify Android local runtime returns 'delegated' status and defers readiness
• Verify Vite correctly resolves UI and app-core aliases in package-mode
• Verify CI bootstrap contract when eliza/ directory is absent
• Verify local agent token resolution and persistence logic (readInjectedLocalAgentToken/persistLocalAgentToken)
• Verify device bridge startup retry logic on Android when token is missing

Prompt proposal for missing tests

Consider implementing these tests if applicable:
1. Verify local agent token resolution and persistence logic (readInjectedLocalAgentToken/persistLocalAgentToken)
2. Verify device bridge startup retry logic on Android when token is missing

Low confidence findings

• Auth P0 gate failures are expected in this PR due to workflow changes not being reflected in the base branch for pull_request_target events. This should not block the PR if other CI checks pass.

_{TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback}

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

AI Reviewer: first review requested successfully. AI can make mistakes. Always validate suggestions.

_{TIP This summary will be updated as you push new changes.}

[Dexploarer]

Update after reading the author comments and validation history: this branch had substantial package-mode validation on its May 19 base, including green normal CI lanes, focused package/workflow tests, and a documented limitation that the red Auth P0 gate came from pull_request_target using base workflow YAML. I should have read that thread before posting this review.

The current-state concern remains, but it should be read as a refresh/split request, not as a dismissal of the prior validation. Since #2160/#2161 have now landed on develop, this branch is stale against the current CI/source-install hardening and would weaken or remove current workflow contract coverage if resolved mechanically.

Please refresh onto current develop while preserving the current package-mode guards and security/CI contract behavior. Separately, the Android runtime behavior change still needs fresh proof on the refreshed branch: sendLocalAgentMessage now throws and getLocalAgentStatus reports not-ready, which is acceptable only if the Java ElizaAgentService / Agent transport owns every Android local-mode caller.

Keeping changes requested until the branch is refreshed and the Android ownership proof is current.

[lalalune]

Closing as part of the Milady -> elizaOS/eliza PR migration sweep. This PR has requested changes/conflicts and targets Milady Android/local-runtime wrapper paths from the old apps/app layout. The related upstream native/runtime work has moved on; this should not be migrated as-is.