fix: stop clearing MILADY_API_TOKEN/ELIZA_API_TOKEN in Docker provider

.env.example

@@ -739,3 +739,11 @@ ELIZA_APP_WHATSAPP_PHONE_NUMBER=
 # Create a dedicated org + user in the platform for this purpose.
 # WAIFU_SERVICE_ORG_ID=uuid-of-waifu-service-org
 # WAIFU_SERVICE_USER_ID=uuid-of-waifu-service-user
+
+# ── Steward Wallet Provider (Phase 1) ────────────────────────────────────
+# Set USE_STEWARD_FOR_NEW_WALLETS=true to route new agent wallets through Steward
+# instead of Privy. Existing wallets are unaffected.
+# USE_STEWARD_FOR_NEW_WALLETS=false
+# STEWARD_API_URL=http://localhost:3200
+# STEWARD_TENANT_API_KEY=stw_your_key_here
+# STEWARD_TENANT_ID=milady-cloud

.github/workflows/deploy-backend.yml

@@ -177,6 +177,9 @@ jobs:
             # Restart the Next.js service
             sudo systemctl restart eliza-cloud
 
+            # Restart the provisioning worker (VPS owns container lifecycle)
+            sudo systemctl restart milady-provisioning-worker
+
             echo "=== Deploy complete ==="
 
       - name: Health Check

.gitignore

@@ -80,3 +80,4 @@ storybook-static
 DEV_TO_PROD_AUDIT.md
 TRIAGE_NOTES.md
 .env.preview
+.env.local.bak-*

app/api/compat/agents/[id]/route.ts

@@ -12,6 +12,7 @@ import {
 } from "@/lib/api/compat-envelope";
 import { reusesExistingMiladyCharacter } from "@/lib/services/milady-agent-config";
 import { miladySandboxService } from "@/lib/services/milady-sandbox";
+import { getStewardAgent } from "@/lib/services/steward-client";
 import { logger } from "@/lib/utils/logger";
 import { requireCompatAuth } from "../../_lib/auth";
 import { handleCompatCorsOptions, withCompatCors } from "../../_lib/cors";
@@ -41,7 +42,23 @@ export async function GET(request: NextRequest, { params }: RouteParams) {
       );
     }
 
-    return withCompatCors(NextResponse.json(envelope(toCompatAgent(agent))), CORS_METHODS);
+    // Resolve wallet info for Docker-backed agents
+    let walletInfo: { address: string | null; provider: "steward" | "privy" | null } | undefined;
+    if (agent.node_id) {
+      try {
+        const stewardAgent = await getStewardAgent(agentId);
+        if (stewardAgent?.walletAddress) {
+          walletInfo = { address: stewardAgent.walletAddress, provider: "steward" };
+        }
+      } catch {
+        // Steward unreachable — wallet fields will be null
+      }
+    }
+
+    return withCompatCors(
+      NextResponse.json(envelope(toCompatAgent(agent, walletInfo))),
+      CORS_METHODS,
+    );
   } catch (err) {
     return handleCompatError(err, CORS_METHODS);
   }

app/api/compat/agents/route.ts

@@ -29,7 +29,7 @@ export async function GET(request: NextRequest) {
   try {
     const { user } = await requireCompatAuth(request);
     const agents = await miladySandboxService.listAgents(user.organization_id);
-    return withCompatCors(NextResponse.json(envelope(agents.map(toCompatAgent))), CORS_METHODS);
+    return withCompatCors(NextResponse.json(envelope(agents.map((a) => toCompatAgent(a)))), CORS_METHODS);
   } catch (err) {
     return handleCompatError(err, CORS_METHODS);
   }

app/api/cron/cleanup-stuck-provisioning/route.ts

@@ -0,0 +1,166 @@
+/**
+ * Cleanup Stuck Provisioning Cron
+ *
+ * Detects and recovers agents that are stuck in "provisioning" status with no
+ * active job to drive them forward.  This happens when:
+ *
+ *   1. A container crashes while the agent is running, and something (e.g.
+ *      the Next.js sync provision path) sets status = 'provisioning' but
+ *      never creates a jobs-table record.
+ *   2. A provision job is enqueued but the worker invocation dies before it
+ *      can claim the record — in this case the job-recovery logic in
+ *      process-provisioning-jobs will already handle it, but we add a belt-
+ *      and-suspenders check here for the no-job case.
+ *
+ * Criteria for "stuck":
+ *   - status = 'provisioning'
+ *   - updated_at < NOW() - 10 minutes  (well beyond any normal provision time)
+ *   - no jobs row in ('pending', 'in_progress') whose data->>'agentId' matches
+ *
+ * Action: set status = 'error', write a descriptive error_message so the user
+ * can see what happened and re-provision.
+ *
+ * Schedule: every 5 minutes  ("* /5 * * * *" in vercel.json)
+ * Protected by CRON_SECRET.
+ */
+
+import { and, eq, lt, sql } from "drizzle-orm";
+import { NextRequest, NextResponse } from "next/server";
+import { dbWrite } from "@/db/client";
+import { jobs } from "@/db/schemas/jobs";
+import { miladySandboxes } from "@/db/schemas/milady-sandboxes";
+import { verifyCronSecret } from "@/lib/api/cron-auth";
+import { logger } from "@/lib/utils/logger";
+
+export const runtime = "nodejs";
+export const dynamic = "force-dynamic";
+export const maxDuration = 60;
+
+/** How long an agent must be stuck before we reset it (ms). */
+const STUCK_THRESHOLD_MINUTES = 10;
+
+interface CleanupResult {
+  agentId: string;
+  agentName: string | null;
+  organizationId: string;
+  stuckSinceMinutes: number;
+}
+
+async function handleCleanupStuckProvisioning(request: NextRequest) {
+  try {
+    const authError = verifyCronSecret(request, "[Cleanup Stuck Provisioning]");
+    if (authError) return authError;
+
+    logger.info("[Cleanup Stuck Provisioning] Starting scan");
+
+    const cutoff = new Date(Date.now() - STUCK_THRESHOLD_MINUTES * 60 * 1000);
+
+    /**
+     * Single UPDATE … RETURNING query:
+     *
+     *   UPDATE milady_sandboxes
+     *   SET    status = 'error',
+     *          error_message = '...',
+     *          updated_at = NOW()
+     *   WHERE  status = 'provisioning'
+     *     AND  updated_at < :cutoff
+     *     AND  NOT EXISTS (
+     *            SELECT 1 FROM jobs
+     *            WHERE  jobs.data->>'agentId' = milady_sandboxes.id::text
+     *              AND  jobs.status IN ('pending', 'in_progress')
+     *          )
+     *   RETURNING id, agent_name, organization_id, updated_at
+     *
+     * We run this inside dbWrite so it lands on the primary replica and is
+     * subject to the write path's connection pool.
+     */
+    const stuckAgents = await dbWrite
+      .update(miladySandboxes)
+      .set({
+        status: "error",
+        error_message:
+          "Agent was stuck in provisioning state with no active provisioning job. " +
+          "This usually means a container crashed before the provisioning job could be created, " +
+          "or the job was lost. Please try starting the agent again.",
+        updated_at: new Date(),
+      })
+      .where(
+        and(
+          eq(miladySandboxes.status, "provisioning"),
+          lt(miladySandboxes.updated_at, cutoff),
+          sql`NOT EXISTS (
+            SELECT 1 FROM ${jobs}
+            WHERE  ${jobs.data}->>'agentId' = ${miladySandboxes.id}::text
+            AND    ${jobs.status} IN ('pending', 'in_progress')
+          )`,
+        ),
+      )
+      .returning({
+        agentId: miladySandboxes.id,
+        agentName: miladySandboxes.agent_name,
+        organizationId: miladySandboxes.organization_id,
+        updatedAt: miladySandboxes.updated_at,
+      });
+
+    const results: CleanupResult[] = stuckAgents.map((row) => ({
+      agentId: row.agentId,
+      agentName: row.agentName,
+      organizationId: row.organizationId,
+      // updatedAt is now the new timestamp; we can't recover the old one here,
+      // but the log message below captures the count.
+      stuckSinceMinutes: STUCK_THRESHOLD_MINUTES, // minimum — actual may be longer
+    }));
+
+    if (results.length > 0) {
+      logger.warn("[Cleanup Stuck Provisioning] Reset stuck agents", {
+        count: results.length,
+        agents: results.map((r) => ({
+          agentId: r.agentId,
+          agentName: r.agentName,
+          organizationId: r.organizationId,
+        })),
+      });
+    } else {
+      logger.info("[Cleanup Stuck Provisioning] No stuck agents found");
+    }
+
+    return NextResponse.json({
+      success: true,
+      data: {
+        cleaned: results.length,
+        thresholdMinutes: STUCK_THRESHOLD_MINUTES,
+        timestamp: new Date().toISOString(),
+        agents: results,
+      },
+    });
+  } catch (error) {
+    logger.error(
+      "[Cleanup Stuck Provisioning] Failed:",
+      error instanceof Error ? error.message : String(error),
+    );
+
+    return NextResponse.json(
+      {
+        success: false,
+        error: error instanceof Error ? error.message : "Cleanup failed",
+      },
+      { status: 500 },
+    );
+  }
+}
+
+/**
+ * GET /api/cron/cleanup-stuck-provisioning
+ * Cron endpoint — protected by CRON_SECRET (Vercel passes it automatically).
+ */
+export async function GET(request: NextRequest) {
+  return handleCleanupStuckProvisioning(request);
+}
+
+/**
+ * POST /api/cron/cleanup-stuck-provisioning
+ * Manual trigger for testing — same auth requirement.
+ */
+export async function POST(request: NextRequest) {
+  return handleCleanupStuckProvisioning(request);
+}

app/api/stripe/create-checkout-session/route.ts

@@ -19,6 +19,8 @@ const ALLOWED_ORIGINS = [
   process.env.NEXT_PUBLIC_APP_URL,
   "http://localhost:3000",
   "http://localhost:3001",
+  "https://milady.ai",
+  "https://www.milady.ai",
 ].filter(Boolean) as string[];
 
 // Configurable currency

app/api/v1/admin/docker-containers/route.ts

@@ -14,10 +14,33 @@ import { NextRequest, NextResponse } from "next/server";
 import { dbRead } from "@/db/helpers";
 import { type MiladySandboxStatus, miladySandboxes } from "@/db/schemas/milady-sandboxes";
 import { requireAdmin } from "@/lib/auth";
+import { getStewardAgent } from "@/lib/services/steward-client";
 import { logger } from "@/lib/utils/logger";
 
 export const dynamic = "force-dynamic";
 
+const STEWARD_ENRICHMENT_CONCURRENCY = 5;
+
+async function mapWithConcurrency<T, R>(
+  items: T[],
+  limit: number,
+  mapper: (item: T, index: number) => Promise<R>,
+): Promise<R[]> {
+  const results = new Array<R>(items.length);
+  let nextIndex = 0;
+
+  async function worker() {
+    while (nextIndex < items.length) {
+      const currentIndex = nextIndex++;
+      results[currentIndex] = await mapper(items[currentIndex], currentIndex);
+    }
+  }
+
+  const workerCount = Math.min(limit, items.length);
+  await Promise.all(Array.from({ length: workerCount }, () => worker()));
+  return results;
+}
+
 // ---------------------------------------------------------------------------
 // GET — List all Docker containers across all nodes
 // ---------------------------------------------------------------------------
@@ -97,10 +120,41 @@ export async function GET(request: NextRequest) {
       .orderBy(desc(miladySandboxes.created_at))
       .limit(limit);
 
+    // Enrich containers with wallet info from Steward (best-effort, parallel)
+    const enrichedContainers = await mapWithConcurrency(
+      containers,
+      STEWARD_ENRICHMENT_CONCURRENCY,
+      async (c) => {
+        let walletAddress: string | null = null;
+        let walletProvider: "steward" | "privy" | null = null;
+
+        // All Docker-node containers use Steward wallets
+        if (c.nodeId) {
+          try {
+            const stewardAgent = await getStewardAgent(c.id);
+            if (stewardAgent?.walletAddress) {
+              walletAddress = stewardAgent.walletAddress;
+              walletProvider = "steward";
+            } else {
+              walletProvider = "steward"; // registered but wallet pending
+            }
+          } catch {
+            // Steward unreachable — leave as null
+          }
+        }
+
+        return {
+          ...c,
+          walletAddress,
+          walletProvider,
+        };
+      },
+    );
+
     return NextResponse.json({
       success: true,
       data: {
-        containers,
+        containers: enrichedContainers,
         total: totalCount, // actual total matching filters
         returned: containers.length, // number returned in this page
         filters: {

app/api/v1/admin/service-pricing/route.ts

@@ -21,7 +21,7 @@
 
 import { NextRequest, NextResponse } from "next/server";
 import { z } from "zod";
-import { servicePricingRepository } from "@/db/repositories";
+import { servicePricingRepository } from "@/db/repositories/service-pricing";
 import { requireAdminWithResponse } from "@/lib/api/admin-auth";
 import { invalidateServicePricingCache } from "@/lib/services/proxy/pricing";
 import { logger } from "@/lib/utils/logger";