@agentuity/cli 0.1.41 → 0.1.43

package/src/cmd/build/ast.ts

@@ -2079,8 +2079,9 @@ export function checkRouteConflicts(content: string, workbenchEndpoint: string):
 				node.expression.name.text === 'get'
 			) {
 				// Check if first argument is the workbench endpoint
-				if (node.arguments.length > 0 && ts.isStringLiteral(node.arguments[0])) {
-					if (node.arguments[0].text === workbenchEndpoint) {
+				const firstArg = node.arguments[0];
+				if (node.arguments.length > 0 && firstArg && ts.isStringLiteral(firstArg)) {
+					if (firstArg.text === workbenchEndpoint) {
 						hasConflict = true;
 					}
 				}
@@ -2135,8 +2136,8 @@ export function extractAppStateType(content: string): string | null {
 
 			if (callExpr) {
 				// Check if it has a config object argument
-				if (callExpr.arguments.length > 0) {
-					const configArg = callExpr.arguments[0];
+				const configArg = callExpr.arguments[0];
+				if (callExpr.arguments.length > 0 && configArg) {
 					if (ts.isObjectLiteralExpression(configArg)) {
 						// Find setup property
 						for (const prop of configArg.properties) {
@@ -2637,9 +2638,9 @@ export function analyzeWorkbench(content: string): WorkbenchAnalysis {
 				if (ts.isIdentifier(node.name)) {
 					// Extract configuration from the first argument (if any)
 					let varConfig: WorkbenchConfig;
-					if (node.initializer.arguments.length > 0) {
-						const configArg = node.initializer.arguments[0];
-						varConfig = parseConfigObject(configArg) || { route: '/workbench' };
+					const firstInitArg = node.initializer.arguments[0];
+					if (node.initializer.arguments.length > 0 && firstInitArg) {
+						varConfig = parseConfigObject(firstInitArg) || { route: '/workbench' };
 					} else {
 						// Default config if no arguments provided
 						varConfig = { route: '/workbench' };
@@ -2655,10 +2656,10 @@ export function analyzeWorkbench(content: string): WorkbenchAnalysis {
 				node.expression.text === 'createApp' &&
 				node.arguments.length > 0
 			) {
-				const configArg = node.arguments[0];
-				if (ts.isObjectLiteralExpression(configArg)) {
+				const createAppConfigArg = node.arguments[0];
+				if (createAppConfigArg && ts.isObjectLiteralExpression(createAppConfigArg)) {
 					// Find the services property
-					for (const prop of configArg.properties) {
+					for (const prop of createAppConfigArg.properties) {
 						if (
 							ts.isPropertyAssignment(prop) &&
 							ts.isIdentifier(prop.name) &&
@@ -2740,9 +2741,9 @@ export function analyzeWorkbench(content: string): WorkbenchAnalysis {
 						node.expression.text === 'createApp' &&
 						node.arguments.length > 0
 					) {
-						const configArg = node.arguments[0];
-						if (ts.isObjectLiteralExpression(configArg)) {
-							for (const prop of configArg.properties) {
+						const checkConfigArg = node.arguments[0];
+						if (checkConfigArg && ts.isObjectLiteralExpression(checkConfigArg)) {
+							for (const prop of checkConfigArg.properties) {
 								if (
 									ts.isPropertyAssignment(prop) &&
 									ts.isIdentifier(prop.name) &&

package/src/cmd/build/entry-generator.ts

@@ -174,6 +174,107 @@ if (isDevelopment() && process.env.VITE_PORT) {
 		}
 	};
 
+	// HMR WebSocket proxy - enables hot reload through tunnels (*.agentuity.live)
+	// This proxies the Vite HMR WebSocket connection from the Bun server to Vite
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	const viteHmrWebsocket = (globalThis as any).__AGENTUITY_VITE_HMR_WEBSOCKET__ = {
+		// Map of client WebSocket -> Vite WebSocket
+		connections: new Map<WebSocket, WebSocket>(),
+
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		open(clientWs: any) {
+			// Get the query string from ws.data (set during upgrade)
+			const queryString = clientWs.data?.queryString || '';
+			const viteWsUrl = \`ws://127.0.0.1:\${VITE_ASSET_PORT}/__vite_hmr\${queryString}\`;
+			otel.logger.debug('[HMR Proxy] Client connected, opening connection to Vite at %s', viteWsUrl);
+
+			// Connect to Vite with the 'vite-hmr' subprotocol (required by Vite)
+			const viteWs = new WebSocket(viteWsUrl, ['vite-hmr']);
+
+			viteWs.onopen = () => {
+				otel.logger.debug('[HMR Proxy] Connected to Vite HMR server');
+			};
+
+			viteWs.onmessage = (event) => {
+				// Forward messages from Vite to client
+				if (clientWs.readyState === WebSocket.OPEN) {
+					clientWs.send(event.data);
+				}
+			};
+
+			viteWs.onerror = (error) => {
+				otel.logger.error('[HMR Proxy] Vite WebSocket error: %s', error);
+			};
+
+			viteWs.onclose = () => {
+				otel.logger.debug('[HMR Proxy] Vite WebSocket closed');
+				viteHmrWebsocket.connections.delete(clientWs);
+				if (clientWs.readyState === WebSocket.OPEN) {
+					clientWs.close();
+				}
+			};
+
+			viteHmrWebsocket.connections.set(clientWs, viteWs);
+		},
+
+		message(clientWs: WebSocket, message: string | Buffer) {
+			// Forward messages from client to Vite
+			const viteWs = viteHmrWebsocket.connections.get(clientWs);
+			if (viteWs && viteWs.readyState === WebSocket.OPEN) {
+				viteWs.send(message);
+			}
+		},
+
+		close(clientWs: WebSocket) {
+			otel.logger.debug('[HMR Proxy] Client WebSocket closed');
+			const viteWs = viteHmrWebsocket.connections.get(clientWs);
+			if (viteWs) {
+				viteWs.close();
+				viteHmrWebsocket.connections.delete(clientWs);
+			}
+		},
+	};
+
+	// Register HMR WebSocket route - must be before other routes
+	app.get('/__vite_hmr', (c: Context) => {
+		const upgradeHeader = c.req.header('upgrade');
+		if (upgradeHeader?.toLowerCase() === 'websocket') {
+			// Get the Bun server from context using Hono's pattern
+			// When app.fetch(req, server) is called, Hono stores server as c.env
+			// eslint-disable-next-line @typescript-eslint/no-explicit-any
+			const server = 'server' in (c.env as any) ? (c.env as any).server : c.env;
+
+			if (server?.upgrade) {
+				// Extract query string to forward to Vite (includes token parameter)
+				const url = new URL(c.req.url);
+				const queryString = url.search; // Includes the '?' prefix
+
+				// Get the requested WebSocket subprotocol (Vite uses 'vite-hmr')
+				const requestedProtocol = c.req.header('sec-websocket-protocol');
+
+				const success = server.upgrade(c.req.raw, {
+					data: { type: 'vite-hmr', queryString },
+					// Echo back the requested subprotocol so the browser accepts the connection
+					headers: requestedProtocol ? {
+						'Sec-WebSocket-Protocol': requestedProtocol,
+					} : undefined,
+				});
+				if (success) {
+					otel.logger.debug('[HMR Proxy] WebSocket upgrade successful (protocol: %s)', requestedProtocol || 'none');
+					return new Response(null);
+				}
+				otel.logger.error('[HMR Proxy] WebSocket upgrade returned false');
+			} else {
+				otel.logger.error('[HMR Proxy] Server upgrade method not available. c.env type: %s, keys: %s',
+					typeof c.env,
+					Object.keys(c.env || {}).join(', '));
+			}
+			return c.text('WebSocket upgrade failed', 500);
+		}
+		// Non-WebSocket request to HMR endpoint - proxy to Vite
+		return proxyToVite(c);
+	});
+
 	// Vite client scripts and HMR
 	app.get('/@vite/*', proxyToVite);
 	app.get('/@react-refresh', proxyToVite);
@@ -358,13 +459,48 @@ if (typeof Bun !== 'undefined') {
 	enableProcessExitProtection();
 
 	const port = parseInt(process.env.PORT || '3500', 10);
+
+	// Create custom WebSocket handler that supports both regular WebSockets and HMR proxy
+	// eslint-disable-next-line @typescript-eslint/no-explicit-any
+	const hmrHandler = (globalThis as any).__AGENTUITY_VITE_HMR_WEBSOCKET__;
+	const customWebsocket = {
+		...websocket,
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		open(ws: any) {
+			// Check if this is an HMR connection
+			if (ws.data?.type === 'vite-hmr' && hmrHandler) {
+				hmrHandler.open(ws);
+			} else if (websocket.open) {
+				websocket.open(ws);
+			}
+		},
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		message(ws: any, message: string | Buffer) {
+			// Check if this is an HMR connection
+			if (ws.data?.type === 'vite-hmr' && hmrHandler) {
+				hmrHandler.message(ws, message);
+			} else if (websocket.message) {
+				websocket.message(ws, message);
+			}
+		},
+		// eslint-disable-next-line @typescript-eslint/no-explicit-any
+		close(ws: any, code?: number, reason?: string) {
+			// Check if this is an HMR connection
+			if (ws.data?.type === 'vite-hmr' && hmrHandler) {
+				hmrHandler.close(ws);
+			} else if (websocket.close) {
+				websocket.close(ws, code, reason);
+			}
+		},
+	};
+
 	const server = Bun.serve({
 		fetch: (req, server) => {
 			// Get timeout from config on each request (0 = no timeout)
 			server.timeout(req, getAppConfig()?.requestTimeout ?? 0);
 			return app.fetch(req, server);
 		},
-		websocket,
+		websocket: customWebsocket,
 		port,
 		hostname: '127.0.0.1',
 		development: isDevelopment(),

package/src/cmd/build/patch/index.ts

@@ -27,6 +27,9 @@ export async function applyPatch(
 	if (patch.functions) {
 		for (const fn of Object.keys(patch.functions)) {
 			const mod = patch.functions[fn];
+			if (!mod) {
+				continue;
+			}
 			let fnname = `function ${fn}`;
 			let index = contents.indexOf(fnname);
 			let isConstVariable = false;

package/src/cmd/build/vite/index.ts

@@ -12,6 +12,7 @@ import { loadAgentuityConfig, getWorkbenchConfig } from './config-loader';
 
 // Re-export plugins
 export { browserEnvPlugin } from './browser-env-plugin';
+export { publicAssetPathPlugin } from './public-asset-path-plugin';
 
 export interface AgentuityPluginOptions {
 	dev?: boolean;

package/src/cmd/build/vite/metadata-generator.ts

@@ -370,24 +370,35 @@ export async function generateMetadata(options: MetadataGeneratorOptions): Promi
 		}
 	}
 
-	// Scan public/ directory for static files
-	const publicDir = join(rootDir, 'public');
-	if (existsSync(publicDir)) {
+	// Scan client directory for static files copied from public/
+	// Vite copies src/web/public/* to .agentuity/client/* (at root, not in public/ subfolder)
+	// We need to find these files and add them to assets for CDN upload
+	const clientDir = join(agentuityDir, 'client');
+	if (existsSync(clientDir)) {
 		try {
-			function scanDirectory(dir: string, prefix: string = '') {
+			function scanClientDirectory(dir: string, prefix: string = '') {
 				const entries = readdirSync(dir, { withFileTypes: true });
 				for (const entry of entries) {
 					const relativePath = prefix ? `${prefix}/${entry.name}` : entry.name;
 					const fullPath = join(dir, entry.name);
 
+					// Skip directories we already process (assets from manifest, .vite metadata)
 					if (entry.isDirectory()) {
-						scanDirectory(fullPath, relativePath);
+						if (entry.name === 'assets' || entry.name === '.vite') {
+							continue;
+						}
+						scanClientDirectory(fullPath, relativePath);
 					} else if (entry.isFile()) {
+						// Skip files we already added from manifest (index.html is the entry point)
+						if (entry.name === 'index.html') {
+							continue;
+						}
+
 						const stats = statSync(fullPath);
 						// Skip empty files
 						if (stats.size === 0) continue;
 
-						const assetPath = `public/${relativePath}`;
+						const assetPath = `client/${relativePath}`;
 						if (!seenAssets.has(assetPath)) {
 							seenAssets.add(assetPath);
 							const contentType = getContentType(entry.name);
@@ -406,10 +417,10 @@ export async function generateMetadata(options: MetadataGeneratorOptions): Promi
 				}
 			}
 
-			scanDirectory(publicDir);
-			logger.trace(`Found ${assets.length} total assets (including public/)`);
+			scanClientDirectory(clientDir);
+			logger.trace(`Found ${assets.length} total assets (including static files)`);
 		} catch (error) {
-			logger.warn(`Failed to scan public directory: ${error}`);
+			logger.warn(`Failed to scan client directory for static files: ${error}`);
 		}
 	}
 

package/src/cmd/build/vite/public-asset-path-plugin.ts

@@ -0,0 +1,167 @@
+/**
+ * Vite plugin to fix incorrect public asset paths
+ *
+ * Developers sometimes accidentally use source paths or relative paths instead
+ * of the correct absolute root path. This plugin:
+ *
+ * 1. During build: Rewrites all public asset paths to root paths (/)
+ * 2. During dev: Warns about incorrect paths so developers can fix them
+ *
+ * Patterns handled (all rewritten to root path in production):
+ * - '/src/web/public/foo.svg'  → '/foo.svg'
+ * - './src/web/public/foo.svg' → '/foo.svg'
+ * - 'src/web/public/foo.svg'   → '/foo.svg'
+ * - './public/foo.svg'         → '/foo.svg'
+ * - '/public/foo.svg'          → '/foo.svg'
+ *
+ * Vite's base config then rewrites these to CDN URLs (e.g., https://cdn.example.com/deploy/client/foo.svg)
+ */
+
+import type { Plugin } from 'vite';
+
+export interface PublicAssetPathPluginOptions {
+	/** Whether to show warnings in dev mode (default: true) */
+	warnInDev?: boolean;
+	/** CDN base URL for production builds (e.g., 'https://cdn.agentuity.com/{deploymentId}/client/') */
+	cdnBaseUrl?: string;
+}
+
+interface PathPattern {
+	regex: RegExp;
+	description: string;
+}
+
+/**
+ * Create fresh regex instances for each transform call
+ * (RegExp with global flag maintains state via lastIndex)
+ */
+function createPatterns(): PathPattern[] {
+	return [
+		// '/src/web/public/...' or './src/web/public/...' or 'src/web/public/...'
+		{
+			regex: /(['"`])(?:\.?\/)?src\/web\/public\//g,
+			description: 'src/web/public/',
+		},
+		// './public/...' (relative public path - should be absolute)
+		{
+			regex: /(['"`])\.\/public\//g,
+			description: './public/',
+		},
+	];
+}
+
+/**
+ * Vite plugin that fixes public asset paths and rewrites to CDN URLs
+ *
+ * Rewrites all public asset paths to CDN URLs in production, or root paths
+ * if no CDN base URL is provided.
+ *
+ * @example
+ * // In vite config:
+ * plugins: [publicAssetPathPlugin({ cdnBaseUrl: 'https://cdn.example.com/deploy/client/' })]
+ *
+ * // Transforms in production with CDN:
+ * // '/src/web/public/logo.svg'  → 'https://cdn.example.com/deploy/client/logo.svg'
+ * // './src/web/public/logo.svg' → 'https://cdn.example.com/deploy/client/logo.svg'
+ * // '/public/logo.svg'          → 'https://cdn.example.com/deploy/client/logo.svg'
+ *
+ * // Transforms in production without CDN:
+ * // '/src/web/public/logo.svg'  → '/logo.svg'
+ * // '/public/logo.svg'          → '/logo.svg'
+ */
+export function publicAssetPathPlugin(options: PublicAssetPathPluginOptions = {}): Plugin {
+	const { warnInDev = true, cdnBaseUrl } = options;
+
+	let isDev = false;
+	const warnedFiles = new Map<string, Set<string>>(); // file -> set of patterns warned
+
+	return {
+		name: 'agentuity:public-asset-path',
+
+		configResolved(config) {
+			isDev = config.command === 'serve';
+		},
+
+		transform(code, id) {
+			// Only transform files in src/web (browser code)
+			if (!id.includes('/src/web/') && !id.includes('\\src\\web\\')) {
+				return null;
+			}
+
+			// Quick check: does the code contain any patterns we care about?
+			const hasIncorrectPaths = code.includes('src/web/public/') || code.includes('./public/');
+			const hasPublicPaths = code.includes('/public/');
+
+			if (!hasIncorrectPaths && !hasPublicPaths) {
+				return null;
+			}
+
+			// In dev mode, optionally warn about incorrect paths but don't transform
+			if (isDev) {
+				if (warnInDev && hasIncorrectPaths) {
+					const patterns = createPatterns();
+					const foundPatterns: string[] = [];
+
+					for (const { regex, description } of patterns) {
+						if (regex.test(code)) {
+							foundPatterns.push(description);
+						}
+					}
+
+					if (foundPatterns.length > 0) {
+						const fileWarnings = warnedFiles.get(id) || new Set();
+						const newWarnings = foundPatterns.filter((p) => !fileWarnings.has(p));
+
+						if (newWarnings.length > 0) {
+							for (const p of newWarnings) {
+								fileWarnings.add(p);
+							}
+							warnedFiles.set(id, fileWarnings);
+
+							this.warn(
+								`Found incorrect asset path(s) in ${id}:\n` +
+									newWarnings.map((p) => `  - '${p}' should be '/public/'`).join('\n') +
+									`\nUse absolute '/public/...' paths for production compatibility.`
+							);
+						}
+					}
+				}
+				// In dev mode, never transform - Vite serves from source paths
+				return null;
+			}
+
+		// Build mode: transform paths
+		let transformed = code;
+
+		// Determine target URL: CDN base if provided, otherwise root
+		const targetBase = cdnBaseUrl ? (cdnBaseUrl.endsWith('/') ? cdnBaseUrl : `${cdnBaseUrl}/`) : '/';
+
+		// First, fix incorrect source paths (src/web/public/, ./public/) → targetBase
+		if (hasIncorrectPaths) {
+			const patterns = createPatterns();
+			for (const { regex } of patterns) {
+				const replaceRegex = new RegExp(regex.source, regex.flags);
+				transformed = transformed.replace(replaceRegex, `$1${targetBase}`);
+			}
+		}
+
+		// Then, rewrite /public/foo → {targetBase}foo
+		if (hasPublicPaths) {
+			// Match '/public/...' paths in strings (single, double, or backtick quotes)
+			// Captures: $1 = quote char, $2 = path after /public/
+			const publicPathRegex = /(['"`])\/public\/([^'"`\s]+)/g;
+			transformed = transformed.replace(publicPathRegex, `$1${targetBase}$2`);
+		}
+
+			// Return transformed code if changed
+			if (transformed !== code) {
+				return {
+					code: transformed,
+					map: null,
+				};
+			}
+
+			return null;
+		},
+	};
+}

package/src/cmd/build/vite/registry-generator.ts

@@ -374,7 +374,11 @@ function generateRPCRegistryType(
 
 		// Add path segments - sanitize for valid TypeScript property names
 		for (let i = 0; i < pathParts.length; i++) {
-			const part = sanitizePathSegment(pathParts[i]);
+			const rawPart = pathParts[i];
+			if (!rawPart) {
+				continue;
+			}
+			const part = sanitizePathSegment(rawPart);
 			// Skip empty segments (e.g., wildcards like '*' that sanitize to '')
 			if (!part) {
 				continue;
@@ -561,7 +565,10 @@ function generateRPCRuntimeMetadata(
 		const sorted: MetadataNode = {};
 		for (const key of Object.keys(obj).sort()) {
 			const value = obj[key];
-			if (value && typeof value === 'object' && !('type' in value)) {
+			if (value === undefined) {
+				continue;
+			}
+			if (typeof value === 'object' && !('type' in value)) {
 				sorted[key] = sortObject(value as MetadataNode);
 			} else {
 				sorted[key] = value;
@@ -640,9 +647,11 @@ export async function generateRouteRegistry(
 			const match = route.agentImportPath.match(/@agent[s]?\/([^/]+)/);
 			if (match) {
 				const agentName = match[1];
-				const metadata = agentNameMap.get(agentName);
-				if (metadata) {
-					agentMetadataMap.set(route.agentVariable, metadata);
+				if (agentName) {
+					const metadata = agentNameMap.get(agentName);
+					if (metadata) {
+						agentMetadataMap.set(route.agentVariable, metadata);
+					}
 				}
 			}
 		}

package/src/cmd/build/vite/route-discovery.ts

@@ -213,7 +213,7 @@ export function detectRouteConflicts(
 	// Check for exact duplicates
 	for (const [methodPath, routeList] of methodPathMap.entries()) {
 		if (routeList.length > 1) {
-			const [method] = methodPath.split(' ', 2);
+			const [method = 'UNKNOWN'] = methodPath.split(' ', 2);
 			conflicts.push({
 				type: 'duplicate',
 				routes: routeList.map((r) => ({ method, path: r.path, filename: r.filename })),

package/src/cmd/build/vite/vite-asset-server-config.ts

@@ -49,10 +49,16 @@ export async function generateAssetServerConfig(
 		const tsconfig = JSON.parse(await Bun.file(tsconfigPath).text());
 		const paths = tsconfig?.compilerOptions?.paths || {};
 		alias = Object.fromEntries(
-			Object.entries(paths).map(([key, value]) => {
-				const pathArray = value as string[];
-				return [key.replace('/*', ''), join(rootDir, pathArray[0].replace('/*', ''))];
-			})
+			Object.entries(paths)
+				.filter(([, value]) => {
+					const pathArray = value as string[];
+					return pathArray.length > 0 && pathArray[0] !== undefined;
+				})
+				.map(([key, value]) => {
+					const pathArray = value as string[];
+					const firstPath = pathArray[0] ?? '';
+					return [key.replace('/*', ''), join(rootDir, firstPath.replace('/*', ''))];
+				})
 		);
 	} catch {
 		// No tsconfig or no paths - that's fine
@@ -93,12 +99,13 @@ export async function generateAssetServerConfig(
 				credentials: true,
 			},
 
-			// HMR configuration - client must connect to Vite asset server directly
-			// Do NOT set port/clientPort - let Vite use the actual server port it binds to
-			// (important when strictPort: false and Vite falls back to an alternate port)
+			// HMR configuration for development with tunnel support (*.agentuity.live)
+			// Do NOT set host/protocol - let Vite auto-detect from page origin
+			// This allows HMR to work both locally and through the Gravity tunnel
+			// The Bun server proxies /__vite_hmr WebSocket connections to Vite
 			hmr: {
-				protocol: 'ws',
-				host: '127.0.0.1',
+				// Use a dedicated path for HMR WebSocket to enable proxying
+				path: '/__vite_hmr',
 			},
 
 			// Don't open browser - Bun server will be the entry point
@@ -131,6 +138,7 @@ export async function generateAssetServerConfig(
 			}
 			const reactPlugin = (await import(reactPluginPath)).default();
 			const { browserEnvPlugin } = await import('./browser-env-plugin');
+			const { publicAssetPathPlugin } = await import('./public-asset-path-plugin');
 			return [
 				// User-defined plugins from agentuity.config.ts (e.g., Tailwind CSS)
 				...userPlugins,
@@ -138,6 +146,8 @@ export async function generateAssetServerConfig(
 				reactPlugin,
 				// Browser env plugin to map process.env to import.meta.env
 				browserEnvPlugin(),
+				// Warn about incorrect public asset paths in dev mode
+				publicAssetPathPlugin({ warnInDev: true }),
 			];
 		})(),
 

package/src/cmd/build/vite/vite-asset-server.ts

@@ -119,7 +119,9 @@ export async function startViteAssetServer(
 		);
 	}
 	logger.debug(`Asset server will handle: HMR, React transformation, source maps`);
-	logger.debug(`HMR WebSocket configured to connect to ws://127.0.0.1:${actualPort}`);
+	logger.debug(
+		`HMR WebSocket configured at /__vite_hmr (proxied through Bun server for tunnel support)`
+	);
 
 	return { server, port: actualPort };
 }

package/src/cmd/build/vite/vite-builder.ts

@@ -11,6 +11,7 @@ import type { InlineConfig, Plugin } from 'vite';
 import type { Logger, DeployOptions } from '../../../types';
 import { browserEnvPlugin } from './browser-env-plugin';
 import { beaconPlugin } from './beacon-plugin';
+import { publicAssetPathPlugin } from './public-asset-path-plugin';
 import type { BuildReportCollector } from '../../../build-report';
 
 /**
@@ -148,11 +149,22 @@ export async function runViteBuild(options: ViteBuildOptions): Promise<void> {
 			analyticsEnabled = false,
 		} = options;
 
+		// Determine CDN base URL for production builds
+		// Use CDN for all non-dev builds with a deploymentId (including local region)
+		const isLocalRegion = options.region === 'local';
+		const cdnDomain = isLocalRegion
+			? 'localstack-static-assets.t3.storage.dev'
+			: 'cdn.agentuity.com';
+		const cdnBaseUrl =
+			!dev && deploymentId ? `https://${cdnDomain}/${deploymentId}/client/` : undefined;
+
 		// Load custom user plugins from agentuity.config.ts if it exists
 		const clientOutDir = join(rootDir, '.agentuity/client');
 		const plugins = [
 			react(),
 			browserEnvPlugin(),
+			// Fix incorrect public asset paths and rewrite to CDN URLs
+			publicAssetPathPlugin({ cdnBaseUrl }),
 			flattenHtmlOutputPlugin(clientOutDir),
 			// Emit analytics beacon as hashed CDN asset (prod builds only)
 			beaconPlugin({ enabled: analyticsEnabled && !dev }),
@@ -174,15 +186,6 @@ export async function runViteBuild(options: ViteBuildOptions): Promise<void> {
 			);
 		}
 
-		// Determine CDN base URL for production builds
-		// Use CDN for all non-dev builds with a deploymentId (including local region)
-		const isLocalRegion = options.region === 'local';
-		const cdnDomain = isLocalRegion
-			? 'localstack-static-assets.t3.storage.dev'
-			: 'cdn.agentuity.com';
-		const cdnBaseUrl =
-			!dev && deploymentId ? `https://${cdnDomain}/${deploymentId}/client/` : undefined;
-
 		viteConfig = {
 			// Use project root as Vite root so plugins (e.g., TanStack Router) resolve paths
 			// from the repo root, matching where agentuity.config.ts is located
@@ -200,16 +203,17 @@ export async function runViteBuild(options: ViteBuildOptions): Promise<void> {
 					? JSON.stringify(workbenchRoute)
 					: 'undefined',
 			},
-			build: {
-				outDir: clientOutDir,
-				rollupOptions: {
-					input: htmlPath,
-				},
-				manifest: true,
-				emptyOutDir: true,
-				// Disable copying public files - Vite already includes them in assets with hashing
-				copyPublicDir: false,
+		build: {
+			outDir: clientOutDir,
+			rollupOptions: {
+				input: htmlPath,
 			},
+			manifest: true,
+			emptyOutDir: true,
+			// Copy public files to output for CDN upload (production builds only)
+			// In dev mode, Vite serves them directly from src/web/public/
+			copyPublicDir: !dev,
+		},
 			logLevel: 'warn',
 		};
 	} else if (mode === 'workbench') {