fix: skip Privy error screen when Steward auth is enabled

[0xSolace]

When NEXT_PUBLIC_STEWARD_AUTH_ENABLED=true and Privy isn't configured, the PrivyProvider now passes children through instead of showing the 'Configuration Error' screen. This lets Steward handle auth without requiring Privy credentials.

Also fixes StewardProvider props in login page (needs client + agentId).

Follows from #446.

Co-authored-by: wakesync shadow@shad0w.xyz

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
eliza-cloud	Error		Apr 12, 2026 8:15am
eliza-cloud-v2	Ready	Preview, Comment	Apr 12, 2026 8:15am

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2ef17313-1c90-472a-a881-3cce61226fab

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/privy-steward-fallback

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Code Review

Overall this is a reasonable fix for unblocking Steward-only deployments, but there are a few issues worth addressing before merge.

---

Bug: agentId is an empty string

app/login/page.tsx, line 517

agentId=""

The existing StewardAuthProvider in packages/lib/providers/StewardProvider.tsx (line 94) passes agentId="eliza-cloud". An empty string here may cause unexpected behavior depending on how @stwd/react uses the agent ID. Should match the established value:

agentId="eliza-cloud"

---

Bug: AuthTokenSync is bypassed — JWT won't sync globally

The PR replaces <StewardAuthProvider> with a raw <StewardProvider>, but StewardAuthProvider wraps children in an AuthTokenSync component (see packages/lib/providers/StewardProvider.tsx lines 33–58) that dispatches a steward-token-sync custom event so non-React code (fetch wrappers, etc.) can pick up the fresh JWT.

By inlining a bare <StewardProvider> on the login page, successful Steward login won't fire steward-token-sync. Any code that depends on that event to attach the Bearer token will silently get unauthenticated requests after login.

The simplest fix is to just use the existing wrapper:

import { StewardAuthProvider } from "@/packages/lib/providers/StewardProvider";
// ...
<StewardAuthProvider>
  <StewardLogin ... />
</StewardAuthProvider>

---

Performance: new StewardClient(...) is instantiated on every render

app/login/page.tsx, line 516

client={new StewardClient({ baseUrl: STEWARD_AUTH_BASE_URL }) as any}

StewardClient is constructed inline in JSX, so a new instance is created on every re-render. The existing StewardAuthProvider correctly wraps this in useMemo. Since STEWARD_AUTH_BASE_URL is a module-level constant, this can be a module-level constant too:

const stewardClient = new StewardClient({ baseUrl: STEWARD_AUTH_BASE_URL });

---

Code quality: as any suppresses a type error

client={new StewardClient({ baseUrl: STEWARD_AUTH_BASE_URL }) as any}

This suggests the StewardClient type doesn't satisfy the client prop's expected type. Rather than casting to any, this should be investigated — either the wrong type is being passed or the SDK's types need an update. Using as any here will hide future type regressions.

---

Nit: redundant || undefined

const STEWARD_TENANT_ID = process.env.NEXT_PUBLIC_STEWARD_TENANT_ID || undefined;

process.env.NEXT_PUBLIC_STEWARD_TENANT_ID already returns undefined when unset at runtime. The || undefined only adds value if you want to coerce an empty string to undefined, but the same || undefined is then repeated in the JSX prop:

tenantId={STEWARD_TENANT_ID || undefined}

Pick one place to coerce, not both. The cleaner pattern used in StewardProvider.tsx is the explicit isPlaceholderValue guard.

---

Summary

Severity	Issue
Bug	agentId="" — should be "eliza-cloud" to match existing provider
Bug	Missing AuthTokenSync — Steward JWT won't propagate to global API client after login
Performance	new StewardClient(...) inside JSX — recreated on every render
Code quality	as any cast hides a real type mismatch
Nit	Double || undefined coercion

The cleanest resolution for most of these is to reuse the existing StewardAuthProvider instead of re-implementing StewardProvider inline — it already handles the client memoization, config validation, and JWT sync correctly.

[claude]

test