@rubytech/create-maxy-code 0.1.183 → 0.1.185

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (72) hide show
  1. package/dist/__tests__/platform-port-stamp.test.js +4 -0
  2. package/dist/index.js +1 -0
  3. package/dist/port-resolution.js +1 -0
  4. package/package.json +1 -1
  5. package/payload/platform/config/brand.json +1 -1
  6. package/payload/platform/package-lock.json +178 -0
  7. package/payload/platform/plugins/.claude-plugin/marketplace.json +15 -0
  8. package/payload/platform/plugins/admin/PLUGIN.md +0 -1
  9. package/payload/platform/plugins/browser/.claude-plugin/plugin.json +17 -0
  10. package/payload/platform/plugins/browser/PLUGIN.md +44 -0
  11. package/payload/platform/plugins/browser/mcp/dist/index.d.ts +2 -0
  12. package/payload/platform/plugins/browser/mcp/dist/index.d.ts.map +1 -0
  13. package/payload/platform/plugins/browser/mcp/dist/index.js +61 -0
  14. package/payload/platform/plugins/browser/mcp/dist/index.js.map +1 -0
  15. package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.d.ts +66 -0
  16. package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.d.ts.map +1 -0
  17. package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.js +248 -0
  18. package/payload/platform/plugins/browser/mcp/dist/lib/cdp-render.js.map +1 -0
  19. package/payload/platform/plugins/browser/mcp/package.json +19 -0
  20. package/payload/platform/plugins/docs/references/internals.md +1 -1
  21. package/payload/platform/plugins/docs/references/plugins-guide.md +3 -0
  22. package/payload/platform/plugins/docs/references/troubleshooting.md +4 -4
  23. package/payload/platform/plugins/memory/PLUGIN.md +1 -0
  24. package/payload/platform/plugins/memory/mcp/dist/index.js +20 -10
  25. package/payload/platform/plugins/memory/mcp/dist/index.js.map +1 -1
  26. package/payload/platform/plugins/prompt-optimiser/.claude-plugin/plugin.json +8 -0
  27. package/payload/platform/plugins/prompt-optimiser/PLUGIN.md +14 -0
  28. package/payload/platform/plugins/prompt-optimiser/skills/prompt-optimiser/SKILL.md +301 -0
  29. package/payload/platform/plugins/url-get/.claude-plugin/plugin.json +17 -0
  30. package/payload/platform/plugins/url-get/PLUGIN.md +86 -0
  31. package/payload/platform/plugins/url-get/mcp/dist/index.d.ts +9 -0
  32. package/payload/platform/plugins/url-get/mcp/dist/index.d.ts.map +1 -0
  33. package/payload/platform/plugins/url-get/mcp/dist/index.js +53 -0
  34. package/payload/platform/plugins/url-get/mcp/dist/index.js.map +1 -0
  35. package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.d.ts +8 -0
  36. package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.d.ts.map +1 -0
  37. package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.js +83 -0
  38. package/payload/platform/plugins/url-get/mcp/dist/lib/summarise.js.map +1 -0
  39. package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.d.ts +21 -0
  40. package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.d.ts.map +1 -0
  41. package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.js +147 -0
  42. package/payload/platform/plugins/url-get/mcp/dist/tools/url-get.js.map +1 -0
  43. package/payload/platform/plugins/url-get/mcp/package.json +22 -0
  44. package/payload/platform/scripts/setup-account.sh +0 -6
  45. package/payload/platform/scripts/vnc.sh +1 -1
  46. package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
  47. package/payload/platform/services/claude-session-manager/dist/http-server.js +46 -0
  48. package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
  49. package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts +17 -8
  50. package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts.map +1 -1
  51. package/payload/platform/services/claude-session-manager/dist/pty-spawner.js +40 -14
  52. package/payload/platform/services/claude-session-manager/dist/pty-spawner.js.map +1 -1
  53. package/payload/platform/services/claude-session-manager/dist/specialist-drift.js +2 -2
  54. package/payload/platform/services/claude-session-manager/dist/specialist-drift.js.map +1 -1
  55. package/payload/platform/templates/specialists/agents/content-producer.md +3 -3
  56. package/payload/platform/templates/specialists/agents/librarian.md +1 -1
  57. package/payload/platform/templates/specialists/agents/personal-assistant.md +3 -3
  58. package/payload/platform/templates/specialists/agents/research-assistant.md +3 -3
  59. package/payload/premium-plugins/writer-craft/mcp/dist/index.d.ts.map +1 -1
  60. package/payload/premium-plugins/writer-craft/mcp/dist/index.js +20 -6
  61. package/payload/premium-plugins/writer-craft/mcp/dist/index.js.map +1 -1
  62. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.d.ts +14 -0
  63. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.d.ts.map +1 -1
  64. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.js +28 -34
  65. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-retrieve-conditioning.js.map +1 -1
  66. package/payload/premium-plugins/writer-craft/mcp/scripts/smoke.mjs +43 -8
  67. package/payload/premium-plugins/writer-craft/mcp/src/index.ts +20 -8
  68. package/payload/premium-plugins/writer-craft/mcp/src/tools/voice-retrieve-conditioning.ts +51 -12
  69. package/payload/premium-plugins/writer-craft/skills/voice-mirror/SKILL.md +7 -1
  70. package/payload/server/server.js +222 -126
  71. package/payload/platform/plugins/admin/hooks/__tests__/playwright-file-guard.test.sh +0 -278
  72. package/payload/platform/plugins/admin/hooks/playwright-file-guard.sh +0 -214
@@ -4149,6 +4149,17 @@ function managerLogFollowUrl(sessionId) {
4149
4149
 
4150
4150
  // app/lib/channel-pty-bridge/public-session-end-review.ts
4151
4151
  var TAG14 = "[public-session-review]";
4152
+ var CONSUMED_CAP = 500;
4153
+ var consumed = /* @__PURE__ */ new Set();
4154
+ function consumeOnce(sessionId) {
4155
+ if (consumed.has(sessionId)) return false;
4156
+ consumed.add(sessionId);
4157
+ if (consumed.size > CONSUMED_CAP) {
4158
+ const oldest = consumed.values().next().value;
4159
+ if (oldest !== void 0) consumed.delete(oldest);
4160
+ }
4161
+ return true;
4162
+ }
4152
4163
  function managerBase2() {
4153
4164
  const port2 = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "public-session-end-review:manager" });
4154
4165
  return `http://127.0.0.1:${port2}`;
@@ -4253,6 +4264,12 @@ async function firePublicSessionEndReview(input) {
4253
4264
  const sliceShort = input.sliceToken.slice(0, 8);
4254
4265
  const personField = input.personId ?? "none";
4255
4266
  const dispatchedAt = Date.now();
4267
+ if (consumed.has(input.sessionId)) {
4268
+ console.log(
4269
+ `${TAG14} dispatchFor=${input.dispatchFor} sessionId=${input.sessionId} sliceToken=${sliceShort} personId=${personField} result=skipped-already-reviewed`
4270
+ );
4271
+ return;
4272
+ }
4256
4273
  const jsonl = await fetchJsonl(input.sessionId);
4257
4274
  if (!jsonl) {
4258
4275
  console.log(
@@ -4275,6 +4292,12 @@ async function firePublicSessionEndReview(input) {
4275
4292
  jsonl,
4276
4293
  priorWrites
4277
4294
  });
4295
+ if (!consumeOnce(input.sessionId)) {
4296
+ console.log(
4297
+ `${TAG14} dispatchFor=${input.dispatchFor} sessionId=${input.sessionId} sliceToken=${sliceShort} personId=${personField} result=skipped-already-reviewed`
4298
+ );
4299
+ return;
4300
+ }
4278
4301
  const dispatched = await dispatchReviewer(input, initialMessage);
4279
4302
  if (!dispatched.ok) {
4280
4303
  console.error(
@@ -4463,6 +4486,16 @@ async function writeInput(entry, text) {
4463
4486
  `${tag} session-resolved senderId=${entry.senderId} action=respawn reason=session-gone-${result.status} sessionId=${entry.sessionId.slice(0, 8)}`
4464
4487
  );
4465
4488
  if (entry.followerAbort) entry.followerAbort.abort();
4489
+ if (entry.role === "public" && entry.sliceToken.length > 0) {
4490
+ void firePublicSessionEndReview({
4491
+ sessionId: entry.sessionId,
4492
+ sliceToken: entry.sliceToken,
4493
+ personId: entry.personId,
4494
+ accountId: entry.accountId,
4495
+ agentSlug: entry.agentSlug,
4496
+ dispatchFor: "exit"
4497
+ });
4498
+ }
4466
4499
  index.delete(indexKey(entry.accountId, entry.agentSlug, entry.senderId, entry.liveMemory, entry.sliceToken));
4467
4500
  const respawned = await ensureEntry({
4468
4501
  accountId: entry.accountId,
@@ -4586,6 +4619,33 @@ function startReaper() {
4586
4619
  }, 6e4);
4587
4620
  if (reaperHandle.unref) reaperHandle.unref();
4588
4621
  }
4622
+ function handlePublicSessionExit(sessionId) {
4623
+ let found = null;
4624
+ for (const [key2, entry2] of index) {
4625
+ if (entry2.sessionId === sessionId) {
4626
+ found = { key: key2, entry: entry2 };
4627
+ break;
4628
+ }
4629
+ }
4630
+ if (!found) {
4631
+ console.error(`[public-session-exit] sessionId=${sessionId} result=no-entry`);
4632
+ return;
4633
+ }
4634
+ const { key, entry } = found;
4635
+ if (entry.role !== "public" || entry.sliceToken.length === 0) {
4636
+ return;
4637
+ }
4638
+ if (entry.followerAbort) entry.followerAbort.abort();
4639
+ index.delete(key);
4640
+ void firePublicSessionEndReview({
4641
+ sessionId: entry.sessionId,
4642
+ sliceToken: entry.sliceToken,
4643
+ personId: entry.personId,
4644
+ accountId: entry.accountId,
4645
+ agentSlug: entry.agentSlug,
4646
+ dispatchFor: "exit"
4647
+ });
4648
+ }
4589
4649
 
4590
4650
  // app/lib/access-session-store.ts
4591
4651
  import { randomUUID as randomUUID4 } from "crypto";
@@ -8653,18 +8713,18 @@ var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
8653
8713
  ]);
8654
8714
  var app17 = new Hono();
8655
8715
  app17.post("/", async (c) => {
8656
- const TAG27 = "[admin:events]";
8716
+ const TAG28 = "[admin:events]";
8657
8717
  let body;
8658
8718
  try {
8659
8719
  body = await c.req.json();
8660
8720
  } catch (err) {
8661
8721
  const detail = err instanceof Error ? err.message : String(err);
8662
- console.error(`${TAG27} reject reason=body-not-json detail=${detail}`);
8722
+ console.error(`${TAG28} reject reason=body-not-json detail=${detail}`);
8663
8723
  return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
8664
8724
  }
8665
8725
  const event = typeof body.event === "string" ? body.event : "";
8666
8726
  if (!ALLOWED_EVENTS.has(event)) {
8667
- console.error(`${TAG27} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
8727
+ console.error(`${TAG28} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
8668
8728
  return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
8669
8729
  }
8670
8730
  const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
@@ -12440,8 +12500,8 @@ app34.get("/", async (c) => {
12440
12500
  });
12441
12501
  var public_session_context_default = app34;
12442
12502
 
12443
- // server/routes/admin/access-session-evict.ts
12444
- var TAG23 = "[access-session-evict]";
12503
+ // server/routes/admin/public-session-exit.ts
12504
+ var TAG23 = "[public-session-exit-route]";
12445
12505
  function isLoopbackAddr4(addr) {
12446
12506
  return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
12447
12507
  }
@@ -12450,7 +12510,7 @@ app35.post("/", async (c) => {
12450
12510
  const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12451
12511
  if (!isLoopbackAddr4(remoteAddr)) {
12452
12512
  console.error(`${TAG23} reject reason=non-loopback remoteAddr=${remoteAddr}`);
12453
- return c.json({ error: "access-session-evict-loopback-only" }, 403);
12513
+ return c.json({ error: "public-session-exit-loopback-only" }, 403);
12454
12514
  }
12455
12515
  const xffHeader = c.env?.incoming?.headers?.["x-forwarded-for"];
12456
12516
  const xffRaw = Array.isArray(xffHeader) ? xffHeader.join(",") : typeof xffHeader === "string" ? xffHeader : "";
@@ -12459,6 +12519,41 @@ app35.post("/", async (c) => {
12459
12519
  const offender = tokens.find((t) => !isLoopbackAddr4(t));
12460
12520
  if (offender !== void 0) {
12461
12521
  console.error(`${TAG23} reject reason=xff-non-loopback xff=${JSON.stringify(xffRaw)}`);
12522
+ return c.json({ error: "public-session-exit-loopback-only" }, 403);
12523
+ }
12524
+ }
12525
+ let body;
12526
+ try {
12527
+ body = await c.req.json();
12528
+ } catch {
12529
+ return c.json({ error: "invalid-json" }, 400);
12530
+ }
12531
+ const sessionId = typeof body.sessionId === "string" ? body.sessionId.trim() : "";
12532
+ if (!sessionId) return c.json({ error: "sessionId required" }, 400);
12533
+ handlePublicSessionExit(sessionId);
12534
+ return c.json({ ok: true });
12535
+ });
12536
+ var public_session_exit_default = app35;
12537
+
12538
+ // server/routes/admin/access-session-evict.ts
12539
+ var TAG24 = "[access-session-evict]";
12540
+ function isLoopbackAddr5(addr) {
12541
+ return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
12542
+ }
12543
+ var app36 = new Hono();
12544
+ app36.post("/", async (c) => {
12545
+ const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12546
+ if (!isLoopbackAddr5(remoteAddr)) {
12547
+ console.error(`${TAG24} reject reason=non-loopback remoteAddr=${remoteAddr}`);
12548
+ return c.json({ error: "access-session-evict-loopback-only" }, 403);
12549
+ }
12550
+ const xffHeader = c.env?.incoming?.headers?.["x-forwarded-for"];
12551
+ const xffRaw = Array.isArray(xffHeader) ? xffHeader.join(",") : typeof xffHeader === "string" ? xffHeader : "";
12552
+ if (xffRaw.length > 0) {
12553
+ const tokens = xffRaw.split(",").map((t) => t.trim()).filter((t) => t.length > 0);
12554
+ const offender = tokens.find((t) => !isLoopbackAddr5(t));
12555
+ if (offender !== void 0) {
12556
+ console.error(`${TAG24} reject reason=xff-non-loopback xff=${JSON.stringify(xffRaw)}`);
12462
12557
  return c.json({ error: "access-session-evict-loopback-only" }, 403);
12463
12558
  }
12464
12559
  }
@@ -12471,44 +12566,45 @@ app35.post("/", async (c) => {
12471
12566
  const grantId = typeof body.grantId === "string" ? body.grantId.trim() : "";
12472
12567
  if (!grantId) return c.json({ error: "grantId required" }, 400);
12473
12568
  const dropped = evictAccessSessionsByGrant(grantId);
12474
- console.log(`${TAG23} grantId=${grantId} dropped=${dropped}`);
12569
+ console.log(`${TAG24} grantId=${grantId} dropped=${dropped}`);
12475
12570
  return c.json({ ok: true, dropped });
12476
12571
  });
12477
- var access_session_evict_default = app35;
12572
+ var access_session_evict_default = app36;
12478
12573
 
12479
12574
  // server/routes/admin/index.ts
12480
- var app36 = new Hono();
12481
- app36.route("/session", session_default);
12482
- app36.route("/new-session-failure", new_session_failure_default);
12483
- app36.route("/new-session-submit", new_session_submit_default);
12484
- app36.route("/logs", logs_default);
12485
- app36.route("/claude-info", claude_info_default);
12486
- app36.route("/claude-capabilities", claude_capabilities_default);
12487
- app36.route("/attachment", attachment_default);
12488
- app36.route("/agents", agents_default);
12489
- app36.route("/sessions", sessions_default);
12490
- app36.route("/claude-sessions", claude_sessions_default);
12491
- app36.route("/log-ingest", log_ingest_default);
12492
- app36.route("/events", events_default);
12493
- app36.route("/files", files_default);
12494
- app36.route("/graph-search", graph_search_default);
12495
- app36.route("/graph-subgraph", graph_subgraph_default);
12496
- app36.route("/graph-delete", graph_delete_default);
12497
- app36.route("/graph-restore", graph_restore_default);
12498
- app36.route("/graph-labels-in-graph", graph_labels_in_graph_default);
12499
- app36.route("/graph-default-view", graph_default_view_default);
12500
- app36.route("/session-defaults", session_defaults_default);
12501
- app36.route("/file-attach", file_attach_default);
12502
- app36.route("/sidebar-artefacts", sidebar_artefacts_default);
12503
- app36.route("/sidebar-artefact-save", sidebar_artefact_save_default);
12504
- app36.route("/sidebar-artefact-content", sidebar_artefact_content_default);
12505
- app36.route("/system-stats", system_stats_default);
12506
- app36.route("/health-brand", health_default2);
12507
- app36.route("/linkedin-ingest", linkedin_ingest_default);
12508
- app36.route("/post-turn-context", post_turn_context_default);
12509
- app36.route("/public-session-context", public_session_context_default);
12510
- app36.route("/access-session-evict", access_session_evict_default);
12511
- var admin_default = app36;
12575
+ var app37 = new Hono();
12576
+ app37.route("/session", session_default);
12577
+ app37.route("/new-session-failure", new_session_failure_default);
12578
+ app37.route("/new-session-submit", new_session_submit_default);
12579
+ app37.route("/logs", logs_default);
12580
+ app37.route("/claude-info", claude_info_default);
12581
+ app37.route("/claude-capabilities", claude_capabilities_default);
12582
+ app37.route("/attachment", attachment_default);
12583
+ app37.route("/agents", agents_default);
12584
+ app37.route("/sessions", sessions_default);
12585
+ app37.route("/claude-sessions", claude_sessions_default);
12586
+ app37.route("/log-ingest", log_ingest_default);
12587
+ app37.route("/events", events_default);
12588
+ app37.route("/files", files_default);
12589
+ app37.route("/graph-search", graph_search_default);
12590
+ app37.route("/graph-subgraph", graph_subgraph_default);
12591
+ app37.route("/graph-delete", graph_delete_default);
12592
+ app37.route("/graph-restore", graph_restore_default);
12593
+ app37.route("/graph-labels-in-graph", graph_labels_in_graph_default);
12594
+ app37.route("/graph-default-view", graph_default_view_default);
12595
+ app37.route("/session-defaults", session_defaults_default);
12596
+ app37.route("/file-attach", file_attach_default);
12597
+ app37.route("/sidebar-artefacts", sidebar_artefacts_default);
12598
+ app37.route("/sidebar-artefact-save", sidebar_artefact_save_default);
12599
+ app37.route("/sidebar-artefact-content", sidebar_artefact_content_default);
12600
+ app37.route("/system-stats", system_stats_default);
12601
+ app37.route("/health-brand", health_default2);
12602
+ app37.route("/linkedin-ingest", linkedin_ingest_default);
12603
+ app37.route("/post-turn-context", post_turn_context_default);
12604
+ app37.route("/public-session-context", public_session_context_default);
12605
+ app37.route("/public-session-exit", public_session_exit_default);
12606
+ app37.route("/access-session-evict", access_session_evict_default);
12607
+ var admin_default = app37;
12512
12608
 
12513
12609
  // app/lib/access-gate.ts
12514
12610
  import neo4j5 from "neo4j-driver";
@@ -12719,11 +12815,11 @@ async function generateNewMagicToken(grantId) {
12719
12815
  }
12720
12816
 
12721
12817
  // server/routes/access/verify-token.ts
12722
- var TAG24 = "[access-verify]";
12818
+ var TAG25 = "[access-verify]";
12723
12819
  var MINT_TAG = "[access-session-mint]";
12724
12820
  var COOKIE_NAME = "__access_session";
12725
- var app37 = new Hono();
12726
- app37.post("/", async (c) => {
12821
+ var app38 = new Hono();
12822
+ app38.post("/", async (c) => {
12727
12823
  const ip = c.var.clientIp || "unknown";
12728
12824
  let body;
12729
12825
  try {
@@ -12738,39 +12834,39 @@ app37.post("/", async (c) => {
12738
12834
  }
12739
12835
  const rateMsg = checkAccessRateLimit(ip, agentSlug);
12740
12836
  if (rateMsg) {
12741
- console.error(`${TAG24} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
12837
+ console.error(`${TAG25} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
12742
12838
  return c.json({ error: rateMsg }, 429);
12743
12839
  }
12744
12840
  const grant = await findGrantByMagicToken(token);
12745
12841
  if (!grant) {
12746
12842
  recordAccessFailedAttempt(ip, agentSlug);
12747
- console.error(`${TAG24} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
12843
+ console.error(`${TAG25} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
12748
12844
  return c.json({ error: "invalid-or-expired-link" }, 401);
12749
12845
  }
12750
12846
  if (grant.agentSlug !== agentSlug) {
12751
12847
  recordAccessFailedAttempt(ip, agentSlug);
12752
12848
  console.error(
12753
- `${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
12849
+ `${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
12754
12850
  );
12755
12851
  return c.json({ error: "invalid-or-expired-link" }, 401);
12756
12852
  }
12757
12853
  if (grant.status === "expired" || grant.status === "revoked") {
12758
12854
  recordAccessFailedAttempt(ip, agentSlug);
12759
12855
  console.error(
12760
- `${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
12856
+ `${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
12761
12857
  );
12762
12858
  return c.json({ error: "access-no-longer-valid" }, 401);
12763
12859
  }
12764
12860
  if (grant.expiresAt !== null && grant.expiresAt < Date.now()) {
12765
12861
  recordAccessFailedAttempt(ip, agentSlug);
12766
12862
  console.error(
12767
- `${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
12863
+ `${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
12768
12864
  );
12769
12865
  return c.json({ error: "access-no-longer-valid" }, 401);
12770
12866
  }
12771
12867
  if (!grant.sliceToken) {
12772
12868
  console.error(
12773
- `${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
12869
+ `${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
12774
12870
  );
12775
12871
  return c.json({ error: "grant-misconfigured" }, 500);
12776
12872
  }
@@ -12786,12 +12882,12 @@ app37.post("/", async (c) => {
12786
12882
  await consumeMagicTokenAndActivate(grant.grantId);
12787
12883
  } catch (err) {
12788
12884
  console.error(
12789
- `${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
12885
+ `${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
12790
12886
  );
12791
12887
  return c.json({ error: "verification-failed" }, 500);
12792
12888
  }
12793
12889
  clearAccessRateLimit(ip, agentSlug);
12794
- console.log(`${TAG24} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
12890
+ console.log(`${TAG25} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
12795
12891
  console.log(
12796
12892
  `${MINT_TAG} grantId=${grant.grantId} sliceToken=${grant.sliceToken.slice(0, 8)} agentSlug=${agentSlug} personId=${grant.personId ?? "none"}`
12797
12893
  );
@@ -12805,7 +12901,7 @@ app37.post("/", async (c) => {
12805
12901
  displayName: grant.displayName
12806
12902
  });
12807
12903
  });
12808
- var verify_token_default = app37;
12904
+ var verify_token_default = app38;
12809
12905
 
12810
12906
  // app/lib/access-email.ts
12811
12907
  import { spawn as spawn2 } from "child_process";
@@ -12867,10 +12963,10 @@ async function sendMagicLinkEmail(payload) {
12867
12963
  }
12868
12964
 
12869
12965
  // server/routes/access/request-magic-link.ts
12870
- var TAG25 = "[access-request-link]";
12871
- var app38 = new Hono();
12966
+ var TAG26 = "[access-request-link]";
12967
+ var app39 = new Hono();
12872
12968
  var VISITOR_MESSAGE = "If that email is on the invite list, a fresh link is on the way.";
12873
- app38.post("/", async (c) => {
12969
+ app39.post("/", async (c) => {
12874
12970
  let body;
12875
12971
  try {
12876
12972
  body = await c.req.json();
@@ -12884,18 +12980,18 @@ app38.post("/", async (c) => {
12884
12980
  }
12885
12981
  const rateMsg = checkRequestLinkRateLimit(contactValue);
12886
12982
  if (rateMsg) {
12887
- console.error(`${TAG25} contactValue=${maskContact(contactValue)} result=rate-limited`);
12983
+ console.error(`${TAG26} contactValue=${maskContact(contactValue)} result=rate-limited`);
12888
12984
  return c.json({ error: rateMsg }, 429);
12889
12985
  }
12890
12986
  recordRequestLinkAttempt(contactValue);
12891
12987
  const accountId = process.env.ACCOUNT_ID ?? "";
12892
12988
  if (!accountId) {
12893
- console.error(`${TAG25} contactValue=${maskContact(contactValue)} result=no-account-id`);
12989
+ console.error(`${TAG26} contactValue=${maskContact(contactValue)} result=no-account-id`);
12894
12990
  return c.json({ message: VISITOR_MESSAGE }, 200);
12895
12991
  }
12896
12992
  const grant = await findActiveGrantByContact(contactValue, agentSlug, accountId);
12897
12993
  if (!grant) {
12898
- console.log(`${TAG25} contactValue=${maskContact(contactValue)} result=notfound`);
12994
+ console.log(`${TAG26} contactValue=${maskContact(contactValue)} result=notfound`);
12899
12995
  return c.json({ message: VISITOR_MESSAGE }, 200);
12900
12996
  }
12901
12997
  let token;
@@ -12903,7 +12999,7 @@ app38.post("/", async (c) => {
12903
12999
  token = await generateNewMagicToken(grant.grantId);
12904
13000
  } catch (err) {
12905
13001
  console.error(
12906
- `${TAG25} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
13002
+ `${TAG26} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
12907
13003
  );
12908
13004
  return c.json({ message: VISITOR_MESSAGE }, 200);
12909
13005
  }
@@ -12935,22 +13031,22 @@ app38.post("/", async (c) => {
12935
13031
  });
12936
13032
  if (!sendResult.ok) {
12937
13033
  console.error(
12938
- `${TAG25} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
13034
+ `${TAG26} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
12939
13035
  );
12940
13036
  return c.json({ message: VISITOR_MESSAGE }, 200);
12941
13037
  }
12942
13038
  console.log(
12943
- `${TAG25} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
13039
+ `${TAG26} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
12944
13040
  );
12945
13041
  return c.json({ message: VISITOR_MESSAGE }, 200);
12946
13042
  });
12947
- var request_magic_link_default = app38;
13043
+ var request_magic_link_default = app39;
12948
13044
 
12949
13045
  // server/routes/access/index.ts
12950
- var app39 = new Hono();
12951
- app39.route("/verify-token", verify_token_default);
12952
- app39.route("/request-magic-link", request_magic_link_default);
12953
- var access_default = app39;
13046
+ var app40 = new Hono();
13047
+ app40.route("/verify-token", verify_token_default);
13048
+ app40.route("/request-magic-link", request_magic_link_default);
13049
+ var access_default = app40;
12954
13050
 
12955
13051
  // server/routes/sites.ts
12956
13052
  import { existsSync as existsSync21, readFileSync as readFileSync17, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
@@ -12985,8 +13081,8 @@ function getExt(p) {
12985
13081
  if (idx < p.lastIndexOf("/")) return "";
12986
13082
  return p.slice(idx).toLowerCase();
12987
13083
  }
12988
- var app40 = new Hono();
12989
- app40.get("/:rel{.*}", (c) => {
13084
+ var app41 = new Hono();
13085
+ app41.get("/:rel{.*}", (c) => {
12990
13086
  const reqPath = c.req.path;
12991
13087
  const rawRel = c.req.param("rel") ?? "";
12992
13088
  const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
@@ -13089,7 +13185,7 @@ app40.get("/:rel{.*}", (c) => {
13089
13185
  "X-Content-Type-Options": "nosniff"
13090
13186
  });
13091
13187
  });
13092
- var sites_default = app40;
13188
+ var sites_default = app41;
13093
13189
 
13094
13190
  // app/lib/visitor-token.ts
13095
13191
  import { createHmac, randomBytes, timingSafeEqual } from "crypto";
@@ -13189,7 +13285,7 @@ function readBrandConfig() {
13189
13285
  }
13190
13286
 
13191
13287
  // server/routes/visitor-consent.ts
13192
- var app41 = new Hono();
13288
+ var app42 = new Hono();
13193
13289
  var CONSENT_COOKIE_NAME = "mxy_consent";
13194
13290
  var CONSENT_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
13195
13291
  var DEFAULT_CONSENT_COPY = {
@@ -13234,17 +13330,17 @@ function siteSlugFromReferer(referer) {
13234
13330
  return "";
13235
13331
  }
13236
13332
  }
13237
- app41.options("/consent", (c) => {
13333
+ app42.options("/consent", (c) => {
13238
13334
  const origin = getOrigin(c);
13239
13335
  setCorsHeaders(c, origin);
13240
13336
  return c.body(null, 204);
13241
13337
  });
13242
- app41.options("/brand-config", (c) => {
13338
+ app42.options("/brand-config", (c) => {
13243
13339
  const origin = getOrigin(c);
13244
13340
  setCorsHeaders(c, origin);
13245
13341
  return c.body(null, 204);
13246
13342
  });
13247
- app41.post("/consent", async (c) => {
13343
+ app42.post("/consent", async (c) => {
13248
13344
  const origin = getOrigin(c);
13249
13345
  setCorsHeaders(c, origin);
13250
13346
  let raw;
@@ -13284,7 +13380,7 @@ app41.post("/consent", async (c) => {
13284
13380
  console.log(`[consent] ${parsed.decision} site=${site} brand=${brandName} tokenBound=${tokenBound}`);
13285
13381
  return c.body(null, 204);
13286
13382
  });
13287
- app41.get("/brand-config", (c) => {
13383
+ app42.get("/brand-config", (c) => {
13288
13384
  const origin = getOrigin(c);
13289
13385
  setCorsHeaders(c, origin);
13290
13386
  const brand = readBrandConfig();
@@ -13294,7 +13390,7 @@ app41.get("/brand-config", (c) => {
13294
13390
  c.header("Cache-Control", "public, max-age=300");
13295
13391
  return c.json({ consent: { copy, palette } });
13296
13392
  });
13297
- var visitor_consent_default = app41;
13393
+ var visitor_consent_default = app42;
13298
13394
 
13299
13395
  // server/routes/listings.ts
13300
13396
  function getCookie(headerValue, name) {
@@ -13321,8 +13417,8 @@ function appendConsentParams(pageUrl, token) {
13321
13417
  }
13322
13418
  var SAFE_SLUG_RE = /^[a-z0-9](?:[a-z0-9-]{0,118}[a-z0-9])?$/;
13323
13419
  var CHAT_SESSION_KEY_RE = /^[A-Za-z0-9][A-Za-z0-9_-]{7,127}$/;
13324
- var app42 = new Hono();
13325
- app42.get("/:slug/click", async (c) => {
13420
+ var app43 = new Hono();
13421
+ app43.get("/:slug/click", async (c) => {
13326
13422
  const slug = c.req.param("slug") ?? "";
13327
13423
  const rawSession = c.req.query("session") ?? "";
13328
13424
  const sessionKey = CHAT_SESSION_KEY_RE.test(rawSession) ? rawSession : "invalid";
@@ -13386,10 +13482,10 @@ app42.get("/:slug/click", async (c) => {
13386
13482
  console.log(`[property-card-click] sessionKey=${sessionKey} listingSlug=${slug} consent=${consentCookie ?? "absent"} ts=${(/* @__PURE__ */ new Date()).toISOString()}`);
13387
13483
  return c.redirect(redirectUrl, 302);
13388
13484
  });
13389
- var listings_default = app42;
13485
+ var listings_default = app43;
13390
13486
 
13391
13487
  // server/routes/visitor-event.ts
13392
- var app43 = new Hono();
13488
+ var app44 = new Hono();
13393
13489
  var BOT_UA_RE = /\b(bot|crawl|spider|slurp|headlesschrome|phantomjs|googlebot|bingbot|yandex|baiduspider|ahrefsbot|semrushbot|mj12bot|dotbot|petalbot)\b/i;
13394
13490
  var buckets = /* @__PURE__ */ new Map();
13395
13491
  var RATE_LIMIT = 60;
@@ -13456,12 +13552,12 @@ function originAllowed(origin, allowlist) {
13456
13552
  return false;
13457
13553
  }
13458
13554
  }
13459
- app43.options("/event", (c) => {
13555
+ app44.options("/event", (c) => {
13460
13556
  const origin = getOrigin2(c);
13461
13557
  setCorsHeaders2(c, origin);
13462
13558
  return c.body(null, 204);
13463
13559
  });
13464
- app43.post("/event", async (c) => {
13560
+ app44.post("/event", async (c) => {
13465
13561
  const origin = getOrigin2(c);
13466
13562
  setCorsHeaders2(c, origin);
13467
13563
  const ua = c.req.header("user-agent") ?? "";
@@ -13666,7 +13762,7 @@ async function writeEvent(opts) {
13666
13762
  );
13667
13763
  }
13668
13764
  }
13669
- var visitor_event_default = app43;
13765
+ var visitor_event_default = app44;
13670
13766
 
13671
13767
  // app/lib/graph-health.ts
13672
13768
  var HOUR_MS = 60 * 60 * 1e3;
@@ -13750,7 +13846,7 @@ function startGraphHealthTimer() {
13750
13846
  }
13751
13847
 
13752
13848
  // app/lib/whatsapp/inbound/claude-bridge.ts
13753
- var TAG26 = "[whatsapp-adaptor]";
13849
+ var TAG27 = "[whatsapp-adaptor]";
13754
13850
  function whatsappTurnTimeoutMs() {
13755
13851
  return Number(process.env.WHATSAPP_PTY_TURN_TIMEOUT_MS ?? String(5 * 6e4));
13756
13852
  }
@@ -13773,7 +13869,7 @@ async function dispatchToClaude(input) {
13773
13869
  await input.reply(result.turnText);
13774
13870
  } catch (err) {
13775
13871
  const m = err instanceof Error ? err.message : String(err);
13776
- console.error(`${TAG26} reject reason=reply-failed senderId=${input.senderId} message=${m}`);
13872
+ console.error(`${TAG27} reject reason=reply-failed senderId=${input.senderId} message=${m}`);
13777
13873
  }
13778
13874
  }
13779
13875
  function startReaper2() {
@@ -14103,9 +14199,9 @@ watchFile(ALIAS_DOMAINS_PATH, { interval: 2e3 }, () => {
14103
14199
  function isPublicHost(host) {
14104
14200
  return host.startsWith("public.") || aliasDomains.has(host);
14105
14201
  }
14106
- var app44 = new Hono();
14107
- app44.use("*", clientIpMiddleware);
14108
- app44.use("*", async (c, next) => {
14202
+ var app45 = new Hono();
14203
+ app45.use("*", clientIpMiddleware);
14204
+ app45.use("*", async (c, next) => {
14109
14205
  await next();
14110
14206
  c.header("X-Content-Type-Options", "nosniff");
14111
14207
  c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -14115,7 +14211,7 @@ app44.use("*", async (c, next) => {
14115
14211
  );
14116
14212
  });
14117
14213
  var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
14118
- app44.use("*", async (c, next) => {
14214
+ app45.use("*", async (c, next) => {
14119
14215
  if (!HTTP_LOG_PATHS.has(c.req.path)) {
14120
14216
  await next();
14121
14217
  return;
@@ -14148,7 +14244,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
14148
14244
  "/sites/"
14149
14245
  ];
14150
14246
  var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
14151
- app44.use("*", async (c, next) => {
14247
+ app45.use("*", async (c, next) => {
14152
14248
  const host = (c.req.header("host") ?? "").split(":")[0];
14153
14249
  if (!isPublicHost(host)) {
14154
14250
  await next();
@@ -14188,7 +14284,7 @@ function resolveRemoteAuthOpts() {
14188
14284
  return brandLoginOpts;
14189
14285
  }
14190
14286
  var MAX_LOGIN_BODY = 8 * 1024;
14191
- app44.post("/__remote-auth/login", async (c) => {
14287
+ app45.post("/__remote-auth/login", async (c) => {
14192
14288
  const client = clientFrom(c);
14193
14289
  const clientIp = client.ip || "unknown";
14194
14290
  if (!requestIsTlsTerminated(c)) {
@@ -14233,7 +14329,7 @@ app44.post("/__remote-auth/login", async (c) => {
14233
14329
  }
14234
14330
  });
14235
14331
  });
14236
- app44.get("/__remote-auth/logout", (c) => {
14332
+ app45.get("/__remote-auth/logout", (c) => {
14237
14333
  const client = clientFrom(c);
14238
14334
  const clientIp = client.ip || "unknown";
14239
14335
  console.error(`[remote-auth] logout ip=${clientIp}`);
@@ -14246,7 +14342,7 @@ app44.get("/__remote-auth/logout", (c) => {
14246
14342
  }
14247
14343
  });
14248
14344
  });
14249
- app44.post("/__remote-auth/change-password", async (c) => {
14345
+ app45.post("/__remote-auth/change-password", async (c) => {
14250
14346
  const client = clientFrom(c);
14251
14347
  const clientIp = client.ip || "unknown";
14252
14348
  const rateLimited = checkRateLimit(client);
@@ -14297,13 +14393,13 @@ app44.post("/__remote-auth/change-password", async (c) => {
14297
14393
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
14298
14394
  }
14299
14395
  });
14300
- app44.get("/__remote-auth/setup", (c) => {
14396
+ app45.get("/__remote-auth/setup", (c) => {
14301
14397
  if (isRemoteAuthConfigured()) {
14302
14398
  return c.redirect("/");
14303
14399
  }
14304
14400
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
14305
14401
  });
14306
- app44.post("/__remote-auth/set-initial-password", async (c) => {
14402
+ app45.post("/__remote-auth/set-initial-password", async (c) => {
14307
14403
  if (isRemoteAuthConfigured()) {
14308
14404
  return c.redirect("/");
14309
14405
  }
@@ -14341,10 +14437,10 @@ app44.post("/__remote-auth/set-initial-password", async (c) => {
14341
14437
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
14342
14438
  }
14343
14439
  });
14344
- app44.get("/api/remote-auth/status", (c) => {
14440
+ app45.get("/api/remote-auth/status", (c) => {
14345
14441
  return c.json({ configured: isRemoteAuthConfigured() });
14346
14442
  });
14347
- app44.post("/api/remote-auth/set-password", async (c) => {
14443
+ app45.post("/api/remote-auth/set-password", async (c) => {
14348
14444
  let body;
14349
14445
  try {
14350
14446
  body = await c.req.json();
@@ -14375,9 +14471,9 @@ app44.post("/api/remote-auth/set-password", async (c) => {
14375
14471
  return c.json({ error: "Failed to save password" }, 500);
14376
14472
  }
14377
14473
  });
14378
- app44.route("/api/_client-error", client_error_default);
14474
+ app45.route("/api/_client-error", client_error_default);
14379
14475
  console.log("[client-error-route] mounted");
14380
- app44.use("*", async (c, next) => {
14476
+ app45.use("*", async (c, next) => {
14381
14477
  const host = (c.req.header("host") ?? "").split(":")[0];
14382
14478
  const path2 = c.req.path;
14383
14479
  if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -14410,12 +14506,12 @@ app44.use("*", async (c, next) => {
14410
14506
  console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
14411
14507
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
14412
14508
  });
14413
- app44.route("/api/health", health_default);
14414
- app44.route("/api/chat", chat_default);
14415
- app44.route("/api/whatsapp", whatsapp_default);
14416
- app44.route("/api/onboarding", onboarding_default);
14417
- app44.route("/api/admin", admin_default);
14418
- app44.route("/api/access", access_default);
14509
+ app45.route("/api/health", health_default);
14510
+ app45.route("/api/chat", chat_default);
14511
+ app45.route("/api/whatsapp", whatsapp_default);
14512
+ app45.route("/api/onboarding", onboarding_default);
14513
+ app45.route("/api/admin", admin_default);
14514
+ app45.route("/api/access", access_default);
14419
14515
  var SAFE_SLUG_RE2 = /^[a-z][a-z0-9-]{2,49}$/;
14420
14516
  var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
14421
14517
  var IMAGE_MIME = {
@@ -14427,7 +14523,7 @@ var IMAGE_MIME = {
14427
14523
  ".svg": "image/svg+xml",
14428
14524
  ".ico": "image/x-icon"
14429
14525
  };
14430
- app44.get("/agent-assets/:slug/:filename", (c) => {
14526
+ app45.get("/agent-assets/:slug/:filename", (c) => {
14431
14527
  const slug = c.req.param("slug");
14432
14528
  const filename = c.req.param("filename");
14433
14529
  if (!SAFE_SLUG_RE2.test(slug)) {
@@ -14462,7 +14558,7 @@ app44.get("/agent-assets/:slug/:filename", (c) => {
14462
14558
  "Cache-Control": "public, max-age=3600"
14463
14559
  });
14464
14560
  });
14465
- app44.get("/generated/:filename", (c) => {
14561
+ app45.get("/generated/:filename", (c) => {
14466
14562
  const filename = c.req.param("filename");
14467
14563
  if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
14468
14564
  console.error(`[generated] serve file=${filename} status=403`);
@@ -14492,10 +14588,10 @@ app44.get("/generated/:filename", (c) => {
14492
14588
  "Cache-Control": "public, max-age=86400"
14493
14589
  });
14494
14590
  });
14495
- app44.route("/sites", sites_default);
14496
- app44.route("/listings", listings_default);
14497
- app44.route("/v", visitor_event_default);
14498
- app44.route("/v", visitor_consent_default);
14591
+ app45.route("/sites", sites_default);
14592
+ app45.route("/listings", listings_default);
14593
+ app45.route("/v", visitor_event_default);
14594
+ app45.route("/v", visitor_consent_default);
14499
14595
  var htmlCache = /* @__PURE__ */ new Map();
14500
14596
  var brandLogoPath = "/brand/maxy-monochrome.png";
14501
14597
  var brandIconPath = "/brand/maxy-monochrome.png";
@@ -14632,7 +14728,7 @@ function brandedPublicHtml(agentSlug) {
14632
14728
  function escapeHtml(s) {
14633
14729
  return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
14634
14730
  }
14635
- app44.get("/", (c) => {
14731
+ app45.get("/", (c) => {
14636
14732
  const host = (c.req.header("host") ?? "").split(":")[0];
14637
14733
  if (isPublicHost(host)) {
14638
14734
  const defaultSlug = resolveDefaultSlug();
@@ -14640,12 +14736,12 @@ app44.get("/", (c) => {
14640
14736
  }
14641
14737
  return c.html(cachedHtml("index.html"));
14642
14738
  });
14643
- app44.get("/public", (c) => {
14739
+ app45.get("/public", (c) => {
14644
14740
  const host = (c.req.header("host") ?? "").split(":")[0];
14645
14741
  if (isPublicHost(host)) return c.text("Not found", 404);
14646
14742
  return c.html(cachedHtml("public.html"));
14647
14743
  });
14648
- app44.get("/chat", (c) => {
14744
+ app45.get("/chat", (c) => {
14649
14745
  const host = (c.req.header("host") ?? "").split(":")[0];
14650
14746
  if (isPublicHost(host)) return c.text("Not found", 404);
14651
14747
  return c.html(cachedHtml("public.html"));
@@ -14664,9 +14760,9 @@ async function logViewerFetch(c, next) {
14664
14760
  duration_ms: Date.now() - start
14665
14761
  });
14666
14762
  }
14667
- app44.use("/vnc-viewer.html", logViewerFetch);
14668
- app44.use("/vnc-popout.html", logViewerFetch);
14669
- app44.get("/vnc-popout.html", (c) => {
14763
+ app45.use("/vnc-viewer.html", logViewerFetch);
14764
+ app45.use("/vnc-popout.html", logViewerFetch);
14765
+ app45.get("/vnc-popout.html", (c) => {
14670
14766
  let html = htmlCache.get("vnc-popout.html");
14671
14767
  if (!html) {
14672
14768
  html = readFileSync21(resolve22(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -14679,7 +14775,7 @@ app44.get("/vnc-popout.html", (c) => {
14679
14775
  }
14680
14776
  return c.html(html);
14681
14777
  });
14682
- app44.post("/api/vnc/client-event", async (c) => {
14778
+ app45.post("/api/vnc/client-event", async (c) => {
14683
14779
  let body;
14684
14780
  try {
14685
14781
  body = await c.req.json();
@@ -14700,25 +14796,25 @@ app44.post("/api/vnc/client-event", async (c) => {
14700
14796
  });
14701
14797
  return c.json({ ok: true });
14702
14798
  });
14703
- app44.get("/g/:slug", (c) => {
14799
+ app45.get("/g/:slug", (c) => {
14704
14800
  return c.html(brandedPublicHtml());
14705
14801
  });
14706
- app44.get("/graph", (c) => {
14802
+ app45.get("/graph", (c) => {
14707
14803
  const host = (c.req.header("host") ?? "").split(":")[0];
14708
14804
  if (isPublicHost(host)) return c.text("Not found", 404);
14709
14805
  return c.html(cachedHtml("graph.html"));
14710
14806
  });
14711
- app44.get("/sessions", (c) => {
14807
+ app45.get("/sessions", (c) => {
14712
14808
  const host = (c.req.header("host") ?? "").split(":")[0];
14713
14809
  if (isPublicHost(host)) return c.text("Not found", 404);
14714
14810
  return c.html(cachedHtml("sessions.html"));
14715
14811
  });
14716
- app44.get("/data", (c) => {
14812
+ app45.get("/data", (c) => {
14717
14813
  const host = (c.req.header("host") ?? "").split(":")[0];
14718
14814
  if (isPublicHost(host)) return c.text("Not found", 404);
14719
14815
  return c.html(cachedHtml("data.html"));
14720
14816
  });
14721
- app44.get("/:slug", async (c, next) => {
14817
+ app45.get("/:slug", async (c, next) => {
14722
14818
  const slug = c.req.param("slug");
14723
14819
  if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
14724
14820
  const branding = loadBrandingCache(slug);
@@ -14728,15 +14824,15 @@ app44.get("/:slug", async (c, next) => {
14728
14824
  await next();
14729
14825
  });
14730
14826
  if (brandFaviconPath !== "/favicon.ico") {
14731
- app44.get("/favicon.ico", (c) => {
14827
+ app45.get("/favicon.ico", (c) => {
14732
14828
  c.header("Cache-Control", "public, max-age=300");
14733
14829
  return c.redirect(brandFaviconPath, 302);
14734
14830
  });
14735
14831
  }
14736
- app44.use("/*", serveStatic({ root: "./public" }));
14832
+ app45.use("/*", serveStatic({ root: "./public" }));
14737
14833
  var port = requirePortEnv("MAXY_UI_INTERNAL_PORT", { tag: "ui-server" });
14738
14834
  var hostname = process.env.HOSTNAME ?? "127.0.0.1";
14739
- var httpServer = serve({ fetch: app44.fetch, port, hostname });
14835
+ var httpServer = serve({ fetch: app45.fetch, port, hostname });
14740
14836
  console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
14741
14837
  {
14742
14838
  const loopHist = monitorEventLoopDelay({ resolution: 50 });
@@ -14772,7 +14868,7 @@ for (const m of SUBAPP_MANIFEST) {
14772
14868
  }
14773
14869
  try {
14774
14870
  const registered = [];
14775
- for (const r of app44.routes ?? []) {
14871
+ for (const r of app45.routes ?? []) {
14776
14872
  if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
14777
14873
  if (AGENT_SLUG_PATTERN.test(r.path)) {
14778
14874
  registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });