@rubytech/create-maxy-code 0.1.183 → 0.1.185
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/platform-port-stamp.test.js +4 -0
- package/dist/index.js +1 -0
- package/dist/port-resolution.js +1 -0
- package/package.json +1 -1
- package/payload/platform/config/brand.json +1 -1
- package/payload/platform/package-lock.json +178 -0
- package/payload/platform/plugins/.claude-plugin/marketplace.json +15 -0
- package/payload/platform/plugins/admin/PLUGIN.md +0 -1
- package/payload/platform/plugins/browser/.claude-plugin/plugin.json +17 -0
- package/payload/platform/plugins/browser/PLUGIN.md +44 -0
- package/payload/platform/plugins/browser/mcp/dist/index.d.ts +2 -0
- package/payload/platform/plugins/browser/mcp/dist/index.d.ts.map +1 -0
- package/payload/platform/plugins/browser/mcp/dist/index.js +61 -0
- package/payload/platform/plugins/browser/mcp/dist/index.js.map +1 -0
- package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.d.ts +66 -0
- package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.d.ts.map +1 -0
- package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.js +248 -0
- package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.js.map +1 -0
- package/payload/platform/plugins/browser/mcp/package.json +19 -0
- package/payload/platform/plugins/docs/references/internals.md +1 -1
- package/payload/platform/plugins/docs/references/plugins-guide.md +3 -0
- package/payload/platform/plugins/docs/references/troubleshooting.md +4 -4
- package/payload/platform/plugins/memory/PLUGIN.md +1 -0
- package/payload/platform/plugins/memory/mcp/dist/index.js +20 -10
- package/payload/platform/plugins/memory/mcp/dist/index.js.map +1 -1
- package/payload/platform/plugins/prompt-optimiser/.claude-plugin/plugin.json +8 -0
- package/payload/platform/plugins/prompt-optimiser/PLUGIN.md +14 -0
- package/payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/SKILL.md +301 -0
- package/payload/platform/plugins/url-get/.claude-plugin/plugin.json +17 -0
- package/payload/platform/plugins/url-get/PLUGIN.md +86 -0
- package/payload/platform/plugins/url-get/mcp/dist/index.d.ts +9 -0
- package/payload/platform/plugins/url-get/mcp/dist/index.d.ts.map +1 -0
- package/payload/platform/plugins/url-get/mcp/dist/index.js +53 -0
- package/payload/platform/plugins/url-get/mcp/dist/index.js.map +1 -0
- package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.d.ts +8 -0
- package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.d.ts.map +1 -0
- package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.js +83 -0
- package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.js.map +1 -0
- package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.d.ts +21 -0
- package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.d.ts.map +1 -0
- package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.js +147 -0
- package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.js.map +1 -0
- package/payload/platform/plugins/url-get/mcp/package.json +22 -0
- package/payload/platform/scripts/setup-account.sh +0 -6
- package/payload/platform/scripts/vnc.sh +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.js +46 -0
- package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts +17 -8
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.js +40 -14
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/specialist-drift.js +2 -2
- package/payload/platform/services/claude-session-manager/dist/specialist-drift.js.map +1 -1
- package/payload/platform/templates/specialists/agents/content-producer.md +3 -3
- package/payload/platform/templates/specialists/agents/librarian.md +1 -1
- package/payload/platform/templates/specialists/agents/personal-assistant.md +3 -3
- package/payload/platform/templates/specialists/agents/research-assistant.md +3 -3
- package/payload/premium-plugins/writer-craft/mcp/dist/index.d.ts.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/index.js +20 -6
- package/payload/premium-plugins/writer-craft/mcp/dist/index.js.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.d.ts +14 -0
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.d.ts.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.js +28 -34
- package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.js.map +1 -1
- package/payload/premium-plugins/writer-craft/mcp/scripts/smoke.mjs +43 -8
- package/payload/premium-plugins/writer-craft/mcp/src/index.ts +20 -8
- package/payload/premium-plugins/writer-craft/mcp/src/tools/voice-retrieve-conditioning.ts +51 -12
- package/payload/premium-plugins/writer-craft/skills/voice-mirror/SKILL.md +7 -1
- package/payload/server/server.js +222 -126
- package/payload/platform/plugins/admin/hooks/__tests__/playwright-file-guard.test.sh +0 -278
- package/payload/platform/plugins/admin/hooks/playwright-file-guard.sh +0 -214
package/payload/server/server.js
CHANGED
|
@@ -4149,6 +4149,17 @@ function managerLogFollowUrl(sessionId) {
|
|
|
4149
4149
|
|
|
4150
4150
|
// app/lib/channel-pty-bridge/public-session-end-review.ts
|
|
4151
4151
|
var TAG14 = "[public-session-review]";
|
|
4152
|
+
var CONSUMED_CAP = 500;
|
|
4153
|
+
var consumed = /* @__PURE__ */ new Set();
|
|
4154
|
+
function consumeOnce(sessionId) {
|
|
4155
|
+
if (consumed.has(sessionId)) return false;
|
|
4156
|
+
consumed.add(sessionId);
|
|
4157
|
+
if (consumed.size > CONSUMED_CAP) {
|
|
4158
|
+
const oldest = consumed.values().next().value;
|
|
4159
|
+
if (oldest !== void 0) consumed.delete(oldest);
|
|
4160
|
+
}
|
|
4161
|
+
return true;
|
|
4162
|
+
}
|
|
4152
4163
|
function managerBase2() {
|
|
4153
4164
|
const port2 = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "public-session-end-review:manager" });
|
|
4154
4165
|
return `http://127.0.0.1:${port2}`;
|
|
@@ -4253,6 +4264,12 @@ async function firePublicSessionEndReview(input) {
|
|
|
4253
4264
|
const sliceShort = input.sliceToken.slice(0, 8);
|
|
4254
4265
|
const personField = input.personId ?? "none";
|
|
4255
4266
|
const dispatchedAt = Date.now();
|
|
4267
|
+
if (consumed.has(input.sessionId)) {
|
|
4268
|
+
console.log(
|
|
4269
|
+
`${TAG14} dispatchFor=${input.dispatchFor} sessionId=${input.sessionId} sliceToken=${sliceShort} personId=${personField} result=skipped-already-reviewed`
|
|
4270
|
+
);
|
|
4271
|
+
return;
|
|
4272
|
+
}
|
|
4256
4273
|
const jsonl = await fetchJsonl(input.sessionId);
|
|
4257
4274
|
if (!jsonl) {
|
|
4258
4275
|
console.log(
|
|
@@ -4275,6 +4292,12 @@ async function firePublicSessionEndReview(input) {
|
|
|
4275
4292
|
jsonl,
|
|
4276
4293
|
priorWrites
|
|
4277
4294
|
});
|
|
4295
|
+
if (!consumeOnce(input.sessionId)) {
|
|
4296
|
+
console.log(
|
|
4297
|
+
`${TAG14} dispatchFor=${input.dispatchFor} sessionId=${input.sessionId} sliceToken=${sliceShort} personId=${personField} result=skipped-already-reviewed`
|
|
4298
|
+
);
|
|
4299
|
+
return;
|
|
4300
|
+
}
|
|
4278
4301
|
const dispatched = await dispatchReviewer(input, initialMessage);
|
|
4279
4302
|
if (!dispatched.ok) {
|
|
4280
4303
|
console.error(
|
|
@@ -4463,6 +4486,16 @@ async function writeInput(entry, text) {
|
|
|
4463
4486
|
`${tag} session-resolved senderId=${entry.senderId} action=respawn reason=session-gone-${result.status} sessionId=${entry.sessionId.slice(0, 8)}`
|
|
4464
4487
|
);
|
|
4465
4488
|
if (entry.followerAbort) entry.followerAbort.abort();
|
|
4489
|
+
if (entry.role === "public" && entry.sliceToken.length > 0) {
|
|
4490
|
+
void firePublicSessionEndReview({
|
|
4491
|
+
sessionId: entry.sessionId,
|
|
4492
|
+
sliceToken: entry.sliceToken,
|
|
4493
|
+
personId: entry.personId,
|
|
4494
|
+
accountId: entry.accountId,
|
|
4495
|
+
agentSlug: entry.agentSlug,
|
|
4496
|
+
dispatchFor: "exit"
|
|
4497
|
+
});
|
|
4498
|
+
}
|
|
4466
4499
|
index.delete(indexKey(entry.accountId, entry.agentSlug, entry.senderId, entry.liveMemory, entry.sliceToken));
|
|
4467
4500
|
const respawned = await ensureEntry({
|
|
4468
4501
|
accountId: entry.accountId,
|
|
@@ -4586,6 +4619,33 @@ function startReaper() {
|
|
|
4586
4619
|
}, 6e4);
|
|
4587
4620
|
if (reaperHandle.unref) reaperHandle.unref();
|
|
4588
4621
|
}
|
|
4622
|
+
function handlePublicSessionExit(sessionId) {
|
|
4623
|
+
let found = null;
|
|
4624
|
+
for (const [key2, entry2] of index) {
|
|
4625
|
+
if (entry2.sessionId === sessionId) {
|
|
4626
|
+
found = { key: key2, entry: entry2 };
|
|
4627
|
+
break;
|
|
4628
|
+
}
|
|
4629
|
+
}
|
|
4630
|
+
if (!found) {
|
|
4631
|
+
console.error(`[public-session-exit] sessionId=${sessionId} result=no-entry`);
|
|
4632
|
+
return;
|
|
4633
|
+
}
|
|
4634
|
+
const { key, entry } = found;
|
|
4635
|
+
if (entry.role !== "public" || entry.sliceToken.length === 0) {
|
|
4636
|
+
return;
|
|
4637
|
+
}
|
|
4638
|
+
if (entry.followerAbort) entry.followerAbort.abort();
|
|
4639
|
+
index.delete(key);
|
|
4640
|
+
void firePublicSessionEndReview({
|
|
4641
|
+
sessionId: entry.sessionId,
|
|
4642
|
+
sliceToken: entry.sliceToken,
|
|
4643
|
+
personId: entry.personId,
|
|
4644
|
+
accountId: entry.accountId,
|
|
4645
|
+
agentSlug: entry.agentSlug,
|
|
4646
|
+
dispatchFor: "exit"
|
|
4647
|
+
});
|
|
4648
|
+
}
|
|
4589
4649
|
|
|
4590
4650
|
// app/lib/access-session-store.ts
|
|
4591
4651
|
import { randomUUID as randomUUID4 } from "crypto";
|
|
@@ -8653,18 +8713,18 @@ var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
|
|
|
8653
8713
|
]);
|
|
8654
8714
|
var app17 = new Hono();
|
|
8655
8715
|
app17.post("/", async (c) => {
|
|
8656
|
-
const
|
|
8716
|
+
const TAG28 = "[admin:events]";
|
|
8657
8717
|
let body;
|
|
8658
8718
|
try {
|
|
8659
8719
|
body = await c.req.json();
|
|
8660
8720
|
} catch (err) {
|
|
8661
8721
|
const detail = err instanceof Error ? err.message : String(err);
|
|
8662
|
-
console.error(`${
|
|
8722
|
+
console.error(`${TAG28} reject reason=body-not-json detail=${detail}`);
|
|
8663
8723
|
return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
|
|
8664
8724
|
}
|
|
8665
8725
|
const event = typeof body.event === "string" ? body.event : "";
|
|
8666
8726
|
if (!ALLOWED_EVENTS.has(event)) {
|
|
8667
|
-
console.error(`${
|
|
8727
|
+
console.error(`${TAG28} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
|
|
8668
8728
|
return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
|
|
8669
8729
|
}
|
|
8670
8730
|
const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
|
|
@@ -12440,8 +12500,8 @@ app34.get("/", async (c) => {
|
|
|
12440
12500
|
});
|
|
12441
12501
|
var public_session_context_default = app34;
|
|
12442
12502
|
|
|
12443
|
-
// server/routes/admin/
|
|
12444
|
-
var TAG23 = "[
|
|
12503
|
+
// server/routes/admin/public-session-exit.ts
|
|
12504
|
+
var TAG23 = "[public-session-exit-route]";
|
|
12445
12505
|
function isLoopbackAddr4(addr) {
|
|
12446
12506
|
return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
|
|
12447
12507
|
}
|
|
@@ -12450,7 +12510,7 @@ app35.post("/", async (c) => {
|
|
|
12450
12510
|
const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
|
|
12451
12511
|
if (!isLoopbackAddr4(remoteAddr)) {
|
|
12452
12512
|
console.error(`${TAG23} reject reason=non-loopback remoteAddr=${remoteAddr}`);
|
|
12453
|
-
return c.json({ error: "
|
|
12513
|
+
return c.json({ error: "public-session-exit-loopback-only" }, 403);
|
|
12454
12514
|
}
|
|
12455
12515
|
const xffHeader = c.env?.incoming?.headers?.["x-forwarded-for"];
|
|
12456
12516
|
const xffRaw = Array.isArray(xffHeader) ? xffHeader.join(",") : typeof xffHeader === "string" ? xffHeader : "";
|
|
@@ -12459,6 +12519,41 @@ app35.post("/", async (c) => {
|
|
|
12459
12519
|
const offender = tokens.find((t) => !isLoopbackAddr4(t));
|
|
12460
12520
|
if (offender !== void 0) {
|
|
12461
12521
|
console.error(`${TAG23} reject reason=xff-non-loopback xff=${JSON.stringify(xffRaw)}`);
|
|
12522
|
+
return c.json({ error: "public-session-exit-loopback-only" }, 403);
|
|
12523
|
+
}
|
|
12524
|
+
}
|
|
12525
|
+
let body;
|
|
12526
|
+
try {
|
|
12527
|
+
body = await c.req.json();
|
|
12528
|
+
} catch {
|
|
12529
|
+
return c.json({ error: "invalid-json" }, 400);
|
|
12530
|
+
}
|
|
12531
|
+
const sessionId = typeof body.sessionId === "string" ? body.sessionId.trim() : "";
|
|
12532
|
+
if (!sessionId) return c.json({ error: "sessionId required" }, 400);
|
|
12533
|
+
handlePublicSessionExit(sessionId);
|
|
12534
|
+
return c.json({ ok: true });
|
|
12535
|
+
});
|
|
12536
|
+
var public_session_exit_default = app35;
|
|
12537
|
+
|
|
12538
|
+
// server/routes/admin/access-session-evict.ts
|
|
12539
|
+
var TAG24 = "[access-session-evict]";
|
|
12540
|
+
function isLoopbackAddr5(addr) {
|
|
12541
|
+
return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
|
|
12542
|
+
}
|
|
12543
|
+
var app36 = new Hono();
|
|
12544
|
+
app36.post("/", async (c) => {
|
|
12545
|
+
const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
|
|
12546
|
+
if (!isLoopbackAddr5(remoteAddr)) {
|
|
12547
|
+
console.error(`${TAG24} reject reason=non-loopback remoteAddr=${remoteAddr}`);
|
|
12548
|
+
return c.json({ error: "access-session-evict-loopback-only" }, 403);
|
|
12549
|
+
}
|
|
12550
|
+
const xffHeader = c.env?.incoming?.headers?.["x-forwarded-for"];
|
|
12551
|
+
const xffRaw = Array.isArray(xffHeader) ? xffHeader.join(",") : typeof xffHeader === "string" ? xffHeader : "";
|
|
12552
|
+
if (xffRaw.length > 0) {
|
|
12553
|
+
const tokens = xffRaw.split(",").map((t) => t.trim()).filter((t) => t.length > 0);
|
|
12554
|
+
const offender = tokens.find((t) => !isLoopbackAddr5(t));
|
|
12555
|
+
if (offender !== void 0) {
|
|
12556
|
+
console.error(`${TAG24} reject reason=xff-non-loopback xff=${JSON.stringify(xffRaw)}`);
|
|
12462
12557
|
return c.json({ error: "access-session-evict-loopback-only" }, 403);
|
|
12463
12558
|
}
|
|
12464
12559
|
}
|
|
@@ -12471,44 +12566,45 @@ app35.post("/", async (c) => {
|
|
|
12471
12566
|
const grantId = typeof body.grantId === "string" ? body.grantId.trim() : "";
|
|
12472
12567
|
if (!grantId) return c.json({ error: "grantId required" }, 400);
|
|
12473
12568
|
const dropped = evictAccessSessionsByGrant(grantId);
|
|
12474
|
-
console.log(`${
|
|
12569
|
+
console.log(`${TAG24} grantId=${grantId} dropped=${dropped}`);
|
|
12475
12570
|
return c.json({ ok: true, dropped });
|
|
12476
12571
|
});
|
|
12477
|
-
var access_session_evict_default =
|
|
12572
|
+
var access_session_evict_default = app36;
|
|
12478
12573
|
|
|
12479
12574
|
// server/routes/admin/index.ts
|
|
12480
|
-
var
|
|
12481
|
-
|
|
12482
|
-
|
|
12483
|
-
|
|
12484
|
-
|
|
12485
|
-
|
|
12486
|
-
|
|
12487
|
-
|
|
12488
|
-
|
|
12489
|
-
|
|
12490
|
-
|
|
12491
|
-
|
|
12492
|
-
|
|
12493
|
-
|
|
12494
|
-
|
|
12495
|
-
|
|
12496
|
-
|
|
12497
|
-
|
|
12498
|
-
|
|
12499
|
-
|
|
12500
|
-
|
|
12501
|
-
|
|
12502
|
-
|
|
12503
|
-
|
|
12504
|
-
|
|
12505
|
-
|
|
12506
|
-
|
|
12507
|
-
|
|
12508
|
-
|
|
12509
|
-
|
|
12510
|
-
|
|
12511
|
-
|
|
12575
|
+
var app37 = new Hono();
|
|
12576
|
+
app37.route("/session", session_default);
|
|
12577
|
+
app37.route("/new-session-failure", new_session_failure_default);
|
|
12578
|
+
app37.route("/new-session-submit", new_session_submit_default);
|
|
12579
|
+
app37.route("/logs", logs_default);
|
|
12580
|
+
app37.route("/claude-info", claude_info_default);
|
|
12581
|
+
app37.route("/claude-capabilities", claude_capabilities_default);
|
|
12582
|
+
app37.route("/attachment", attachment_default);
|
|
12583
|
+
app37.route("/agents", agents_default);
|
|
12584
|
+
app37.route("/sessions", sessions_default);
|
|
12585
|
+
app37.route("/claude-sessions", claude_sessions_default);
|
|
12586
|
+
app37.route("/log-ingest", log_ingest_default);
|
|
12587
|
+
app37.route("/events", events_default);
|
|
12588
|
+
app37.route("/files", files_default);
|
|
12589
|
+
app37.route("/graph-search", graph_search_default);
|
|
12590
|
+
app37.route("/graph-subgraph", graph_subgraph_default);
|
|
12591
|
+
app37.route("/graph-delete", graph_delete_default);
|
|
12592
|
+
app37.route("/graph-restore", graph_restore_default);
|
|
12593
|
+
app37.route("/graph-labels-in-graph", graph_labels_in_graph_default);
|
|
12594
|
+
app37.route("/graph-default-view", graph_default_view_default);
|
|
12595
|
+
app37.route("/session-defaults", session_defaults_default);
|
|
12596
|
+
app37.route("/file-attach", file_attach_default);
|
|
12597
|
+
app37.route("/sidebar-artefacts", sidebar_artefacts_default);
|
|
12598
|
+
app37.route("/sidebar-artefact-save", sidebar_artefact_save_default);
|
|
12599
|
+
app37.route("/sidebar-artefact-content", sidebar_artefact_content_default);
|
|
12600
|
+
app37.route("/system-stats", system_stats_default);
|
|
12601
|
+
app37.route("/health-brand", health_default2);
|
|
12602
|
+
app37.route("/linkedin-ingest", linkedin_ingest_default);
|
|
12603
|
+
app37.route("/post-turn-context", post_turn_context_default);
|
|
12604
|
+
app37.route("/public-session-context", public_session_context_default);
|
|
12605
|
+
app37.route("/public-session-exit", public_session_exit_default);
|
|
12606
|
+
app37.route("/access-session-evict", access_session_evict_default);
|
|
12607
|
+
var admin_default = app37;
|
|
12512
12608
|
|
|
12513
12609
|
// app/lib/access-gate.ts
|
|
12514
12610
|
import neo4j5 from "neo4j-driver";
|
|
@@ -12719,11 +12815,11 @@ async function generateNewMagicToken(grantId) {
|
|
|
12719
12815
|
}
|
|
12720
12816
|
|
|
12721
12817
|
// server/routes/access/verify-token.ts
|
|
12722
|
-
var
|
|
12818
|
+
var TAG25 = "[access-verify]";
|
|
12723
12819
|
var MINT_TAG = "[access-session-mint]";
|
|
12724
12820
|
var COOKIE_NAME = "__access_session";
|
|
12725
|
-
var
|
|
12726
|
-
|
|
12821
|
+
var app38 = new Hono();
|
|
12822
|
+
app38.post("/", async (c) => {
|
|
12727
12823
|
const ip = c.var.clientIp || "unknown";
|
|
12728
12824
|
let body;
|
|
12729
12825
|
try {
|
|
@@ -12738,39 +12834,39 @@ app37.post("/", async (c) => {
|
|
|
12738
12834
|
}
|
|
12739
12835
|
const rateMsg = checkAccessRateLimit(ip, agentSlug);
|
|
12740
12836
|
if (rateMsg) {
|
|
12741
|
-
console.error(`${
|
|
12837
|
+
console.error(`${TAG25} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
|
|
12742
12838
|
return c.json({ error: rateMsg }, 429);
|
|
12743
12839
|
}
|
|
12744
12840
|
const grant = await findGrantByMagicToken(token);
|
|
12745
12841
|
if (!grant) {
|
|
12746
12842
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
12747
|
-
console.error(`${
|
|
12843
|
+
console.error(`${TAG25} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
|
|
12748
12844
|
return c.json({ error: "invalid-or-expired-link" }, 401);
|
|
12749
12845
|
}
|
|
12750
12846
|
if (grant.agentSlug !== agentSlug) {
|
|
12751
12847
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
12752
12848
|
console.error(
|
|
12753
|
-
`${
|
|
12849
|
+
`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
|
|
12754
12850
|
);
|
|
12755
12851
|
return c.json({ error: "invalid-or-expired-link" }, 401);
|
|
12756
12852
|
}
|
|
12757
12853
|
if (grant.status === "expired" || grant.status === "revoked") {
|
|
12758
12854
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
12759
12855
|
console.error(
|
|
12760
|
-
`${
|
|
12856
|
+
`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
|
|
12761
12857
|
);
|
|
12762
12858
|
return c.json({ error: "access-no-longer-valid" }, 401);
|
|
12763
12859
|
}
|
|
12764
12860
|
if (grant.expiresAt !== null && grant.expiresAt < Date.now()) {
|
|
12765
12861
|
recordAccessFailedAttempt(ip, agentSlug);
|
|
12766
12862
|
console.error(
|
|
12767
|
-
`${
|
|
12863
|
+
`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
|
|
12768
12864
|
);
|
|
12769
12865
|
return c.json({ error: "access-no-longer-valid" }, 401);
|
|
12770
12866
|
}
|
|
12771
12867
|
if (!grant.sliceToken) {
|
|
12772
12868
|
console.error(
|
|
12773
|
-
`${
|
|
12869
|
+
`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
|
|
12774
12870
|
);
|
|
12775
12871
|
return c.json({ error: "grant-misconfigured" }, 500);
|
|
12776
12872
|
}
|
|
@@ -12786,12 +12882,12 @@ app37.post("/", async (c) => {
|
|
|
12786
12882
|
await consumeMagicTokenAndActivate(grant.grantId);
|
|
12787
12883
|
} catch (err) {
|
|
12788
12884
|
console.error(
|
|
12789
|
-
`${
|
|
12885
|
+
`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
|
|
12790
12886
|
);
|
|
12791
12887
|
return c.json({ error: "verification-failed" }, 500);
|
|
12792
12888
|
}
|
|
12793
12889
|
clearAccessRateLimit(ip, agentSlug);
|
|
12794
|
-
console.log(`${
|
|
12890
|
+
console.log(`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
|
|
12795
12891
|
console.log(
|
|
12796
12892
|
`${MINT_TAG} grantId=${grant.grantId} sliceToken=${grant.sliceToken.slice(0, 8)} agentSlug=${agentSlug} personId=${grant.personId ?? "none"}`
|
|
12797
12893
|
);
|
|
@@ -12805,7 +12901,7 @@ app37.post("/", async (c) => {
|
|
|
12805
12901
|
displayName: grant.displayName
|
|
12806
12902
|
});
|
|
12807
12903
|
});
|
|
12808
|
-
var verify_token_default =
|
|
12904
|
+
var verify_token_default = app38;
|
|
12809
12905
|
|
|
12810
12906
|
// app/lib/access-email.ts
|
|
12811
12907
|
import { spawn as spawn2 } from "child_process";
|
|
@@ -12867,10 +12963,10 @@ async function sendMagicLinkEmail(payload) {
|
|
|
12867
12963
|
}
|
|
12868
12964
|
|
|
12869
12965
|
// server/routes/access/request-magic-link.ts
|
|
12870
|
-
var
|
|
12871
|
-
var
|
|
12966
|
+
var TAG26 = "[access-request-link]";
|
|
12967
|
+
var app39 = new Hono();
|
|
12872
12968
|
var VISITOR_MESSAGE = "If that email is on the invite list, a fresh link is on the way.";
|
|
12873
|
-
|
|
12969
|
+
app39.post("/", async (c) => {
|
|
12874
12970
|
let body;
|
|
12875
12971
|
try {
|
|
12876
12972
|
body = await c.req.json();
|
|
@@ -12884,18 +12980,18 @@ app38.post("/", async (c) => {
|
|
|
12884
12980
|
}
|
|
12885
12981
|
const rateMsg = checkRequestLinkRateLimit(contactValue);
|
|
12886
12982
|
if (rateMsg) {
|
|
12887
|
-
console.error(`${
|
|
12983
|
+
console.error(`${TAG26} contactValue=${maskContact(contactValue)} result=rate-limited`);
|
|
12888
12984
|
return c.json({ error: rateMsg }, 429);
|
|
12889
12985
|
}
|
|
12890
12986
|
recordRequestLinkAttempt(contactValue);
|
|
12891
12987
|
const accountId = process.env.ACCOUNT_ID ?? "";
|
|
12892
12988
|
if (!accountId) {
|
|
12893
|
-
console.error(`${
|
|
12989
|
+
console.error(`${TAG26} contactValue=${maskContact(contactValue)} result=no-account-id`);
|
|
12894
12990
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
12895
12991
|
}
|
|
12896
12992
|
const grant = await findActiveGrantByContact(contactValue, agentSlug, accountId);
|
|
12897
12993
|
if (!grant) {
|
|
12898
|
-
console.log(`${
|
|
12994
|
+
console.log(`${TAG26} contactValue=${maskContact(contactValue)} result=notfound`);
|
|
12899
12995
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
12900
12996
|
}
|
|
12901
12997
|
let token;
|
|
@@ -12903,7 +12999,7 @@ app38.post("/", async (c) => {
|
|
|
12903
12999
|
token = await generateNewMagicToken(grant.grantId);
|
|
12904
13000
|
} catch (err) {
|
|
12905
13001
|
console.error(
|
|
12906
|
-
`${
|
|
13002
|
+
`${TAG26} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
|
|
12907
13003
|
);
|
|
12908
13004
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
12909
13005
|
}
|
|
@@ -12935,22 +13031,22 @@ app38.post("/", async (c) => {
|
|
|
12935
13031
|
});
|
|
12936
13032
|
if (!sendResult.ok) {
|
|
12937
13033
|
console.error(
|
|
12938
|
-
`${
|
|
13034
|
+
`${TAG26} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
|
|
12939
13035
|
);
|
|
12940
13036
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
12941
13037
|
}
|
|
12942
13038
|
console.log(
|
|
12943
|
-
`${
|
|
13039
|
+
`${TAG26} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
|
|
12944
13040
|
);
|
|
12945
13041
|
return c.json({ message: VISITOR_MESSAGE }, 200);
|
|
12946
13042
|
});
|
|
12947
|
-
var request_magic_link_default =
|
|
13043
|
+
var request_magic_link_default = app39;
|
|
12948
13044
|
|
|
12949
13045
|
// server/routes/access/index.ts
|
|
12950
|
-
var
|
|
12951
|
-
|
|
12952
|
-
|
|
12953
|
-
var access_default =
|
|
13046
|
+
var app40 = new Hono();
|
|
13047
|
+
app40.route("/verify-token", verify_token_default);
|
|
13048
|
+
app40.route("/request-magic-link", request_magic_link_default);
|
|
13049
|
+
var access_default = app40;
|
|
12954
13050
|
|
|
12955
13051
|
// server/routes/sites.ts
|
|
12956
13052
|
import { existsSync as existsSync21, readFileSync as readFileSync17, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
|
|
@@ -12985,8 +13081,8 @@ function getExt(p) {
|
|
|
12985
13081
|
if (idx < p.lastIndexOf("/")) return "";
|
|
12986
13082
|
return p.slice(idx).toLowerCase();
|
|
12987
13083
|
}
|
|
12988
|
-
var
|
|
12989
|
-
|
|
13084
|
+
var app41 = new Hono();
|
|
13085
|
+
app41.get("/:rel{.*}", (c) => {
|
|
12990
13086
|
const reqPath = c.req.path;
|
|
12991
13087
|
const rawRel = c.req.param("rel") ?? "";
|
|
12992
13088
|
const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
|
|
@@ -13089,7 +13185,7 @@ app40.get("/:rel{.*}", (c) => {
|
|
|
13089
13185
|
"X-Content-Type-Options": "nosniff"
|
|
13090
13186
|
});
|
|
13091
13187
|
});
|
|
13092
|
-
var sites_default =
|
|
13188
|
+
var sites_default = app41;
|
|
13093
13189
|
|
|
13094
13190
|
// app/lib/visitor-token.ts
|
|
13095
13191
|
import { createHmac, randomBytes, timingSafeEqual } from "crypto";
|
|
@@ -13189,7 +13285,7 @@ function readBrandConfig() {
|
|
|
13189
13285
|
}
|
|
13190
13286
|
|
|
13191
13287
|
// server/routes/visitor-consent.ts
|
|
13192
|
-
var
|
|
13288
|
+
var app42 = new Hono();
|
|
13193
13289
|
var CONSENT_COOKIE_NAME = "mxy_consent";
|
|
13194
13290
|
var CONSENT_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
|
|
13195
13291
|
var DEFAULT_CONSENT_COPY = {
|
|
@@ -13234,17 +13330,17 @@ function siteSlugFromReferer(referer) {
|
|
|
13234
13330
|
return "";
|
|
13235
13331
|
}
|
|
13236
13332
|
}
|
|
13237
|
-
|
|
13333
|
+
app42.options("/consent", (c) => {
|
|
13238
13334
|
const origin = getOrigin(c);
|
|
13239
13335
|
setCorsHeaders(c, origin);
|
|
13240
13336
|
return c.body(null, 204);
|
|
13241
13337
|
});
|
|
13242
|
-
|
|
13338
|
+
app42.options("/brand-config", (c) => {
|
|
13243
13339
|
const origin = getOrigin(c);
|
|
13244
13340
|
setCorsHeaders(c, origin);
|
|
13245
13341
|
return c.body(null, 204);
|
|
13246
13342
|
});
|
|
13247
|
-
|
|
13343
|
+
app42.post("/consent", async (c) => {
|
|
13248
13344
|
const origin = getOrigin(c);
|
|
13249
13345
|
setCorsHeaders(c, origin);
|
|
13250
13346
|
let raw;
|
|
@@ -13284,7 +13380,7 @@ app41.post("/consent", async (c) => {
|
|
|
13284
13380
|
console.log(`[consent] ${parsed.decision} site=${site} brand=${brandName} tokenBound=${tokenBound}`);
|
|
13285
13381
|
return c.body(null, 204);
|
|
13286
13382
|
});
|
|
13287
|
-
|
|
13383
|
+
app42.get("/brand-config", (c) => {
|
|
13288
13384
|
const origin = getOrigin(c);
|
|
13289
13385
|
setCorsHeaders(c, origin);
|
|
13290
13386
|
const brand = readBrandConfig();
|
|
@@ -13294,7 +13390,7 @@ app41.get("/brand-config", (c) => {
|
|
|
13294
13390
|
c.header("Cache-Control", "public, max-age=300");
|
|
13295
13391
|
return c.json({ consent: { copy, palette } });
|
|
13296
13392
|
});
|
|
13297
|
-
var visitor_consent_default =
|
|
13393
|
+
var visitor_consent_default = app42;
|
|
13298
13394
|
|
|
13299
13395
|
// server/routes/listings.ts
|
|
13300
13396
|
function getCookie(headerValue, name) {
|
|
@@ -13321,8 +13417,8 @@ function appendConsentParams(pageUrl, token) {
|
|
|
13321
13417
|
}
|
|
13322
13418
|
var SAFE_SLUG_RE = /^[a-z0-9](?:[a-z0-9-]{0,118}[a-z0-9])?$/;
|
|
13323
13419
|
var CHAT_SESSION_KEY_RE = /^[A-Za-z0-9][A-Za-z0-9_-]{7,127}$/;
|
|
13324
|
-
var
|
|
13325
|
-
|
|
13420
|
+
var app43 = new Hono();
|
|
13421
|
+
app43.get("/:slug/click", async (c) => {
|
|
13326
13422
|
const slug = c.req.param("slug") ?? "";
|
|
13327
13423
|
const rawSession = c.req.query("session") ?? "";
|
|
13328
13424
|
const sessionKey = CHAT_SESSION_KEY_RE.test(rawSession) ? rawSession : "invalid";
|
|
@@ -13386,10 +13482,10 @@ app42.get("/:slug/click", async (c) => {
|
|
|
13386
13482
|
console.log(`[property-card-click] sessionKey=${sessionKey} listingSlug=${slug} consent=${consentCookie ?? "absent"} ts=${(/* @__PURE__ */ new Date()).toISOString()}`);
|
|
13387
13483
|
return c.redirect(redirectUrl, 302);
|
|
13388
13484
|
});
|
|
13389
|
-
var listings_default =
|
|
13485
|
+
var listings_default = app43;
|
|
13390
13486
|
|
|
13391
13487
|
// server/routes/visitor-event.ts
|
|
13392
|
-
var
|
|
13488
|
+
var app44 = new Hono();
|
|
13393
13489
|
var BOT_UA_RE = /\b(bot|crawl|spider|slurp|headlesschrome|phantomjs|googlebot|bingbot|yandex|baiduspider|ahrefsbot|semrushbot|mj12bot|dotbot|petalbot)\b/i;
|
|
13394
13490
|
var buckets = /* @__PURE__ */ new Map();
|
|
13395
13491
|
var RATE_LIMIT = 60;
|
|
@@ -13456,12 +13552,12 @@ function originAllowed(origin, allowlist) {
|
|
|
13456
13552
|
return false;
|
|
13457
13553
|
}
|
|
13458
13554
|
}
|
|
13459
|
-
|
|
13555
|
+
app44.options("/event", (c) => {
|
|
13460
13556
|
const origin = getOrigin2(c);
|
|
13461
13557
|
setCorsHeaders2(c, origin);
|
|
13462
13558
|
return c.body(null, 204);
|
|
13463
13559
|
});
|
|
13464
|
-
|
|
13560
|
+
app44.post("/event", async (c) => {
|
|
13465
13561
|
const origin = getOrigin2(c);
|
|
13466
13562
|
setCorsHeaders2(c, origin);
|
|
13467
13563
|
const ua = c.req.header("user-agent") ?? "";
|
|
@@ -13666,7 +13762,7 @@ async function writeEvent(opts) {
|
|
|
13666
13762
|
);
|
|
13667
13763
|
}
|
|
13668
13764
|
}
|
|
13669
|
-
var visitor_event_default =
|
|
13765
|
+
var visitor_event_default = app44;
|
|
13670
13766
|
|
|
13671
13767
|
// app/lib/graph-health.ts
|
|
13672
13768
|
var HOUR_MS = 60 * 60 * 1e3;
|
|
@@ -13750,7 +13846,7 @@ function startGraphHealthTimer() {
|
|
|
13750
13846
|
}
|
|
13751
13847
|
|
|
13752
13848
|
// app/lib/whatsapp/inbound/claude-bridge.ts
|
|
13753
|
-
var
|
|
13849
|
+
var TAG27 = "[whatsapp-adaptor]";
|
|
13754
13850
|
function whatsappTurnTimeoutMs() {
|
|
13755
13851
|
return Number(process.env.WHATSAPP_PTY_TURN_TIMEOUT_MS ?? String(5 * 6e4));
|
|
13756
13852
|
}
|
|
@@ -13773,7 +13869,7 @@ async function dispatchToClaude(input) {
|
|
|
13773
13869
|
await input.reply(result.turnText);
|
|
13774
13870
|
} catch (err) {
|
|
13775
13871
|
const m = err instanceof Error ? err.message : String(err);
|
|
13776
|
-
console.error(`${
|
|
13872
|
+
console.error(`${TAG27} reject reason=reply-failed senderId=${input.senderId} message=${m}`);
|
|
13777
13873
|
}
|
|
13778
13874
|
}
|
|
13779
13875
|
function startReaper2() {
|
|
@@ -14103,9 +14199,9 @@ watchFile(ALIAS_DOMAINS_PATH, { interval: 2e3 }, () => {
|
|
|
14103
14199
|
function isPublicHost(host) {
|
|
14104
14200
|
return host.startsWith("public.") || aliasDomains.has(host);
|
|
14105
14201
|
}
|
|
14106
|
-
var
|
|
14107
|
-
|
|
14108
|
-
|
|
14202
|
+
var app45 = new Hono();
|
|
14203
|
+
app45.use("*", clientIpMiddleware);
|
|
14204
|
+
app45.use("*", async (c, next) => {
|
|
14109
14205
|
await next();
|
|
14110
14206
|
c.header("X-Content-Type-Options", "nosniff");
|
|
14111
14207
|
c.header("Referrer-Policy", "strict-origin-when-cross-origin");
|
|
@@ -14115,7 +14211,7 @@ app44.use("*", async (c, next) => {
|
|
|
14115
14211
|
);
|
|
14116
14212
|
});
|
|
14117
14213
|
var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
|
|
14118
|
-
|
|
14214
|
+
app45.use("*", async (c, next) => {
|
|
14119
14215
|
if (!HTTP_LOG_PATHS.has(c.req.path)) {
|
|
14120
14216
|
await next();
|
|
14121
14217
|
return;
|
|
@@ -14148,7 +14244,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
|
|
|
14148
14244
|
"/sites/"
|
|
14149
14245
|
];
|
|
14150
14246
|
var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
|
|
14151
|
-
|
|
14247
|
+
app45.use("*", async (c, next) => {
|
|
14152
14248
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14153
14249
|
if (!isPublicHost(host)) {
|
|
14154
14250
|
await next();
|
|
@@ -14188,7 +14284,7 @@ function resolveRemoteAuthOpts() {
|
|
|
14188
14284
|
return brandLoginOpts;
|
|
14189
14285
|
}
|
|
14190
14286
|
var MAX_LOGIN_BODY = 8 * 1024;
|
|
14191
|
-
|
|
14287
|
+
app45.post("/__remote-auth/login", async (c) => {
|
|
14192
14288
|
const client = clientFrom(c);
|
|
14193
14289
|
const clientIp = client.ip || "unknown";
|
|
14194
14290
|
if (!requestIsTlsTerminated(c)) {
|
|
@@ -14233,7 +14329,7 @@ app44.post("/__remote-auth/login", async (c) => {
|
|
|
14233
14329
|
}
|
|
14234
14330
|
});
|
|
14235
14331
|
});
|
|
14236
|
-
|
|
14332
|
+
app45.get("/__remote-auth/logout", (c) => {
|
|
14237
14333
|
const client = clientFrom(c);
|
|
14238
14334
|
const clientIp = client.ip || "unknown";
|
|
14239
14335
|
console.error(`[remote-auth] logout ip=${clientIp}`);
|
|
@@ -14246,7 +14342,7 @@ app44.get("/__remote-auth/logout", (c) => {
|
|
|
14246
14342
|
}
|
|
14247
14343
|
});
|
|
14248
14344
|
});
|
|
14249
|
-
|
|
14345
|
+
app45.post("/__remote-auth/change-password", async (c) => {
|
|
14250
14346
|
const client = clientFrom(c);
|
|
14251
14347
|
const clientIp = client.ip || "unknown";
|
|
14252
14348
|
const rateLimited = checkRateLimit(client);
|
|
@@ -14297,13 +14393,13 @@ app44.post("/__remote-auth/change-password", async (c) => {
|
|
|
14297
14393
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
|
|
14298
14394
|
}
|
|
14299
14395
|
});
|
|
14300
|
-
|
|
14396
|
+
app45.get("/__remote-auth/setup", (c) => {
|
|
14301
14397
|
if (isRemoteAuthConfigured()) {
|
|
14302
14398
|
return c.redirect("/");
|
|
14303
14399
|
}
|
|
14304
14400
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
|
|
14305
14401
|
});
|
|
14306
|
-
|
|
14402
|
+
app45.post("/__remote-auth/set-initial-password", async (c) => {
|
|
14307
14403
|
if (isRemoteAuthConfigured()) {
|
|
14308
14404
|
return c.redirect("/");
|
|
14309
14405
|
}
|
|
@@ -14341,10 +14437,10 @@ app44.post("/__remote-auth/set-initial-password", async (c) => {
|
|
|
14341
14437
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
|
|
14342
14438
|
}
|
|
14343
14439
|
});
|
|
14344
|
-
|
|
14440
|
+
app45.get("/api/remote-auth/status", (c) => {
|
|
14345
14441
|
return c.json({ configured: isRemoteAuthConfigured() });
|
|
14346
14442
|
});
|
|
14347
|
-
|
|
14443
|
+
app45.post("/api/remote-auth/set-password", async (c) => {
|
|
14348
14444
|
let body;
|
|
14349
14445
|
try {
|
|
14350
14446
|
body = await c.req.json();
|
|
@@ -14375,9 +14471,9 @@ app44.post("/api/remote-auth/set-password", async (c) => {
|
|
|
14375
14471
|
return c.json({ error: "Failed to save password" }, 500);
|
|
14376
14472
|
}
|
|
14377
14473
|
});
|
|
14378
|
-
|
|
14474
|
+
app45.route("/api/_client-error", client_error_default);
|
|
14379
14475
|
console.log("[client-error-route] mounted");
|
|
14380
|
-
|
|
14476
|
+
app45.use("*", async (c, next) => {
|
|
14381
14477
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14382
14478
|
const path2 = c.req.path;
|
|
14383
14479
|
if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
|
|
@@ -14410,12 +14506,12 @@ app44.use("*", async (c, next) => {
|
|
|
14410
14506
|
console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
|
|
14411
14507
|
return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
|
|
14412
14508
|
});
|
|
14413
|
-
|
|
14414
|
-
|
|
14415
|
-
|
|
14416
|
-
|
|
14417
|
-
|
|
14418
|
-
|
|
14509
|
+
app45.route("/api/health", health_default);
|
|
14510
|
+
app45.route("/api/chat", chat_default);
|
|
14511
|
+
app45.route("/api/whatsapp", whatsapp_default);
|
|
14512
|
+
app45.route("/api/onboarding", onboarding_default);
|
|
14513
|
+
app45.route("/api/admin", admin_default);
|
|
14514
|
+
app45.route("/api/access", access_default);
|
|
14419
14515
|
var SAFE_SLUG_RE2 = /^[a-z][a-z0-9-]{2,49}$/;
|
|
14420
14516
|
var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
|
|
14421
14517
|
var IMAGE_MIME = {
|
|
@@ -14427,7 +14523,7 @@ var IMAGE_MIME = {
|
|
|
14427
14523
|
".svg": "image/svg+xml",
|
|
14428
14524
|
".ico": "image/x-icon"
|
|
14429
14525
|
};
|
|
14430
|
-
|
|
14526
|
+
app45.get("/agent-assets/:slug/:filename", (c) => {
|
|
14431
14527
|
const slug = c.req.param("slug");
|
|
14432
14528
|
const filename = c.req.param("filename");
|
|
14433
14529
|
if (!SAFE_SLUG_RE2.test(slug)) {
|
|
@@ -14462,7 +14558,7 @@ app44.get("/agent-assets/:slug/:filename", (c) => {
|
|
|
14462
14558
|
"Cache-Control": "public, max-age=3600"
|
|
14463
14559
|
});
|
|
14464
14560
|
});
|
|
14465
|
-
|
|
14561
|
+
app45.get("/generated/:filename", (c) => {
|
|
14466
14562
|
const filename = c.req.param("filename");
|
|
14467
14563
|
if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
|
|
14468
14564
|
console.error(`[generated] serve file=${filename} status=403`);
|
|
@@ -14492,10 +14588,10 @@ app44.get("/generated/:filename", (c) => {
|
|
|
14492
14588
|
"Cache-Control": "public, max-age=86400"
|
|
14493
14589
|
});
|
|
14494
14590
|
});
|
|
14495
|
-
|
|
14496
|
-
|
|
14497
|
-
|
|
14498
|
-
|
|
14591
|
+
app45.route("/sites", sites_default);
|
|
14592
|
+
app45.route("/listings", listings_default);
|
|
14593
|
+
app45.route("/v", visitor_event_default);
|
|
14594
|
+
app45.route("/v", visitor_consent_default);
|
|
14499
14595
|
var htmlCache = /* @__PURE__ */ new Map();
|
|
14500
14596
|
var brandLogoPath = "/brand/maxy-monochrome.png";
|
|
14501
14597
|
var brandIconPath = "/brand/maxy-monochrome.png";
|
|
@@ -14632,7 +14728,7 @@ function brandedPublicHtml(agentSlug) {
|
|
|
14632
14728
|
function escapeHtml(s) {
|
|
14633
14729
|
return s.replace(/&/g, "&").replace(/"/g, """).replace(/</g, "<").replace(/>/g, ">");
|
|
14634
14730
|
}
|
|
14635
|
-
|
|
14731
|
+
app45.get("/", (c) => {
|
|
14636
14732
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14637
14733
|
if (isPublicHost(host)) {
|
|
14638
14734
|
const defaultSlug = resolveDefaultSlug();
|
|
@@ -14640,12 +14736,12 @@ app44.get("/", (c) => {
|
|
|
14640
14736
|
}
|
|
14641
14737
|
return c.html(cachedHtml("index.html"));
|
|
14642
14738
|
});
|
|
14643
|
-
|
|
14739
|
+
app45.get("/public", (c) => {
|
|
14644
14740
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14645
14741
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
14646
14742
|
return c.html(cachedHtml("public.html"));
|
|
14647
14743
|
});
|
|
14648
|
-
|
|
14744
|
+
app45.get("/chat", (c) => {
|
|
14649
14745
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14650
14746
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
14651
14747
|
return c.html(cachedHtml("public.html"));
|
|
@@ -14664,9 +14760,9 @@ async function logViewerFetch(c, next) {
|
|
|
14664
14760
|
duration_ms: Date.now() - start
|
|
14665
14761
|
});
|
|
14666
14762
|
}
|
|
14667
|
-
|
|
14668
|
-
|
|
14669
|
-
|
|
14763
|
+
app45.use("/vnc-viewer.html", logViewerFetch);
|
|
14764
|
+
app45.use("/vnc-popout.html", logViewerFetch);
|
|
14765
|
+
app45.get("/vnc-popout.html", (c) => {
|
|
14670
14766
|
let html = htmlCache.get("vnc-popout.html");
|
|
14671
14767
|
if (!html) {
|
|
14672
14768
|
html = readFileSync21(resolve22(process.cwd(), "public", "vnc-popout.html"), "utf-8");
|
|
@@ -14679,7 +14775,7 @@ app44.get("/vnc-popout.html", (c) => {
|
|
|
14679
14775
|
}
|
|
14680
14776
|
return c.html(html);
|
|
14681
14777
|
});
|
|
14682
|
-
|
|
14778
|
+
app45.post("/api/vnc/client-event", async (c) => {
|
|
14683
14779
|
let body;
|
|
14684
14780
|
try {
|
|
14685
14781
|
body = await c.req.json();
|
|
@@ -14700,25 +14796,25 @@ app44.post("/api/vnc/client-event", async (c) => {
|
|
|
14700
14796
|
});
|
|
14701
14797
|
return c.json({ ok: true });
|
|
14702
14798
|
});
|
|
14703
|
-
|
|
14799
|
+
app45.get("/g/:slug", (c) => {
|
|
14704
14800
|
return c.html(brandedPublicHtml());
|
|
14705
14801
|
});
|
|
14706
|
-
|
|
14802
|
+
app45.get("/graph", (c) => {
|
|
14707
14803
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14708
14804
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
14709
14805
|
return c.html(cachedHtml("graph.html"));
|
|
14710
14806
|
});
|
|
14711
|
-
|
|
14807
|
+
app45.get("/sessions", (c) => {
|
|
14712
14808
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14713
14809
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
14714
14810
|
return c.html(cachedHtml("sessions.html"));
|
|
14715
14811
|
});
|
|
14716
|
-
|
|
14812
|
+
app45.get("/data", (c) => {
|
|
14717
14813
|
const host = (c.req.header("host") ?? "").split(":")[0];
|
|
14718
14814
|
if (isPublicHost(host)) return c.text("Not found", 404);
|
|
14719
14815
|
return c.html(cachedHtml("data.html"));
|
|
14720
14816
|
});
|
|
14721
|
-
|
|
14817
|
+
app45.get("/:slug", async (c, next) => {
|
|
14722
14818
|
const slug = c.req.param("slug");
|
|
14723
14819
|
if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
|
|
14724
14820
|
const branding = loadBrandingCache(slug);
|
|
@@ -14728,15 +14824,15 @@ app44.get("/:slug", async (c, next) => {
|
|
|
14728
14824
|
await next();
|
|
14729
14825
|
});
|
|
14730
14826
|
if (brandFaviconPath !== "/favicon.ico") {
|
|
14731
|
-
|
|
14827
|
+
app45.get("/favicon.ico", (c) => {
|
|
14732
14828
|
c.header("Cache-Control", "public, max-age=300");
|
|
14733
14829
|
return c.redirect(brandFaviconPath, 302);
|
|
14734
14830
|
});
|
|
14735
14831
|
}
|
|
14736
|
-
|
|
14832
|
+
app45.use("/*", serveStatic({ root: "./public" }));
|
|
14737
14833
|
var port = requirePortEnv("MAXY_UI_INTERNAL_PORT", { tag: "ui-server" });
|
|
14738
14834
|
var hostname = process.env.HOSTNAME ?? "127.0.0.1";
|
|
14739
|
-
var httpServer = serve({ fetch:
|
|
14835
|
+
var httpServer = serve({ fetch: app45.fetch, port, hostname });
|
|
14740
14836
|
console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
|
|
14741
14837
|
{
|
|
14742
14838
|
const loopHist = monitorEventLoopDelay({ resolution: 50 });
|
|
@@ -14772,7 +14868,7 @@ for (const m of SUBAPP_MANIFEST) {
|
|
|
14772
14868
|
}
|
|
14773
14869
|
try {
|
|
14774
14870
|
const registered = [];
|
|
14775
|
-
for (const r of
|
|
14871
|
+
for (const r of app45.routes ?? []) {
|
|
14776
14872
|
if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
|
|
14777
14873
|
if (AGENT_SLUG_PATTERN.test(r.path)) {
|
|
14778
14874
|
registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
|