@rubytech/create-maxy-code 0.1.192 → 0.1.193

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/package.json +1 -1
  2. package/payload/platform/plugins/docs/references/projects-guide.md +21 -0
  3. package/payload/platform/plugins/work/PLUGIN.md +2 -0
  4. package/payload/platform/plugins/work/skills/execute-task/SKILL.md +101 -0
  5. package/payload/platform/services/claude-session-manager/dist/rc-daemon.d.ts.map +1 -1
  6. package/payload/platform/services/claude-session-manager/dist/rc-daemon.js +12 -1
  7. package/payload/platform/services/claude-session-manager/dist/rc-daemon.js.map +1 -1
  8. package/payload/server/public/assets/AdminShell-BoJbnn6d.js +1 -0
  9. package/payload/server/public/assets/{Checkbox-DsHqjzGj.js → Checkbox-G-kyM1P1.js} +1 -1
  10. package/payload/server/public/assets/{admin-CWOprOdW.js → admin-B-GDNkoN.js} +1 -1
  11. package/payload/server/public/assets/{architectureDiagram-Q4EWVU46-DROzw8rH.js → architectureDiagram-Q4EWVU46-BGgdXdD2.js} +1 -1
  12. package/payload/server/public/assets/{blockDiagram-DXYQGD6D-Dw9sieJu.js → blockDiagram-DXYQGD6D-DKWoL4Rp.js} +1 -1
  13. package/payload/server/public/assets/{brand-BQW2DYy_.css → brand-MbpD2Bhr.css} +1 -1
  14. package/payload/server/public/assets/{c4Diagram-AHTNJAMY-fnwntjFK.js → c4Diagram-AHTNJAMY-Ca6rs6F4.js} +1 -1
  15. package/payload/server/public/assets/channel-BwsV7WTV.js +1 -0
  16. package/payload/server/public/assets/{chunk-336JU56O-DVpyamlA.js → chunk-336JU56O-DcdMZImV.js} +2 -2
  17. package/payload/server/public/assets/{chunk-426QAEUC-yiGugjCx.js → chunk-426QAEUC-9FSP-c1z.js} +1 -1
  18. package/payload/server/public/assets/{chunk-4TB4RGXK-BAPL_MqI.js → chunk-4TB4RGXK-CC1QpEvA.js} +1 -1
  19. package/payload/server/public/assets/{chunk-5FUZZQ4R-Ba-5D35r.js → chunk-5FUZZQ4R-o1b70dEE.js} +1 -1
  20. package/payload/server/public/assets/{chunk-5PVQY5BW-BtDS8-t9.js → chunk-5PVQY5BW-C7VCYRz9.js} +1 -1
  21. package/payload/server/public/assets/{chunk-EDXVE4YY-CqcdpDg_.js → chunk-EDXVE4YY-B8d5xj_4.js} +1 -1
  22. package/payload/server/public/assets/{chunk-ENJZ2VHE-CaBy9U1e.js → chunk-ENJZ2VHE-SSbr4n2X.js} +1 -1
  23. package/payload/server/public/assets/{chunk-ICPOFSXX-BdPjOce4.js → chunk-ICPOFSXX-Cgj9YSpX.js} +1 -1
  24. package/payload/server/public/assets/{chunk-OYMX7WX6-CK6wx_FD.js → chunk-OYMX7WX6-DNEEcCqI.js} +1 -1
  25. package/payload/server/public/assets/{chunk-U2HBQHQK-DyZFy43o.js → chunk-U2HBQHQK-DuaoK83q.js} +1 -1
  26. package/payload/server/public/assets/{chunk-X2U36JSP-CMTofLbX.js → chunk-X2U36JSP-CzMp0dpq.js} +1 -1
  27. package/payload/server/public/assets/{chunk-YZCP3GAM-YfFrkYbQ.js → chunk-YZCP3GAM-B2wBDwSa.js} +1 -1
  28. package/payload/server/public/assets/{chunk-ZZ45TVLE-BVfvS5n3.js → chunk-ZZ45TVLE-DkyF7XKW.js} +1 -1
  29. package/payload/server/public/assets/classDiagram-6PBFFD2Q-CEWNfHVo.js +1 -0
  30. package/payload/server/public/assets/classDiagram-v2-HSJHXN6E-BBjzRxux.js +1 -0
  31. package/payload/server/public/assets/clone-CXtSonnn.js +1 -0
  32. package/payload/server/public/assets/{dagre-ComHkUs6.js → dagre-AGj1P0p4.js} +1 -1
  33. package/payload/server/public/assets/{dagre-KV5264BT-BB-QqzpF.js → dagre-KV5264BT-Cnrxcu6A.js} +1 -1
  34. package/payload/server/public/assets/data-Bg0Frxt3.js +1 -0
  35. package/payload/server/public/assets/{diagram-5BDNPKRD-CpQQszhw.js → diagram-5BDNPKRD-gyFYSx73.js} +1 -1
  36. package/payload/server/public/assets/{diagram-G4DWMVQ6-DLdElVzs.js → diagram-G4DWMVQ6-DFmZEv5C.js} +1 -1
  37. package/payload/server/public/assets/{diagram-MMDJMWI5-JQ3ceLSO.js → diagram-MMDJMWI5-DA4qbuEW.js} +1 -1
  38. package/payload/server/public/assets/{diagram-TYMM5635-D_-AtVPR.js → diagram-TYMM5635-D4n-8gig.js} +1 -1
  39. package/payload/server/public/assets/{erDiagram-SMLLAGMA-Dq50MKD-.js → erDiagram-SMLLAGMA-CigRMjF1.js} +1 -1
  40. package/payload/server/public/assets/{flowDiagram-DWJPFMVM-CEdKm-zL.js → flowDiagram-DWJPFMVM-ClS27acA.js} +1 -1
  41. package/payload/server/public/assets/{ganttDiagram-T4ZO3ILL-CpTomdNN.js → ganttDiagram-T4ZO3ILL-Dr1IulXe.js} +1 -1
  42. package/payload/server/public/assets/{gitGraphDiagram-UUTBAWPF-VU-gjbee.js → gitGraphDiagram-UUTBAWPF-lwLibdPs.js} +1 -1
  43. package/payload/server/public/assets/{graph-BXaY_xoS.js → graph-CpozZ74I.js} +2 -2
  44. package/payload/server/public/assets/{graph-labels-EqZyoU25.js → graph-labels-C2y666R0.js} +1 -1
  45. package/payload/server/public/assets/{graphlib-nLzyerxi.js → graphlib-DBvoJMrc.js} +1 -1
  46. package/payload/server/public/assets/{infoDiagram-42DDH7IO-ThwX5Xgr.js → infoDiagram-42DDH7IO-D4kReEIV.js} +1 -1
  47. package/payload/server/public/assets/{ishikawaDiagram-UXIWVN3A-DaKxxHLW.js → ishikawaDiagram-UXIWVN3A-BnteQRQ0.js} +1 -1
  48. package/payload/server/public/assets/{journeyDiagram-VCZTEJTY-DtMAHpWz.js → journeyDiagram-VCZTEJTY-CXu6hLyJ.js} +1 -1
  49. package/payload/server/public/assets/{kanban-definition-6JOO6SKY-s898dJRu.js → kanban-definition-6JOO6SKY-CGDW2jle.js} +1 -1
  50. package/payload/server/public/assets/{line-D96q2CLD.js → line-pdg5hxC3.js} +1 -1
  51. package/payload/server/public/assets/{mermaid-parser.core-CqFLtzz8.js → mermaid-parser.core-o3lIIK3Z.js} +1 -1
  52. package/payload/server/public/assets/{mermaid.core-o9rmBTu-.js → mermaid.core-DLR6Q3rV.js} +3 -3
  53. package/payload/server/public/assets/{mindmap-definition-QFDTVHPH-BM8KKsaM.js → mindmap-definition-QFDTVHPH-CH4cB0Dn.js} +1 -1
  54. package/payload/server/public/assets/{pieDiagram-DEJITSTG-B66Y-dcU.js → pieDiagram-DEJITSTG-Ba4voL_Y.js} +1 -1
  55. package/payload/server/public/assets/{public-ClAaV52O.js → public-C8mil9h0.js} +3 -3
  56. package/payload/server/public/assets/{quadrantDiagram-34T5L4WZ-Bv4mojq8.js → quadrantDiagram-34T5L4WZ-Cqn2xehe.js} +1 -1
  57. package/payload/server/public/assets/{requirementDiagram-MS252O5E-BNYdfEKS.js → requirementDiagram-MS252O5E-DLfNx99l.js} +1 -1
  58. package/payload/server/public/assets/{sankeyDiagram-XADWPNL6-Do8BgX92.js → sankeyDiagram-XADWPNL6-uck_V-cb.js} +1 -1
  59. package/payload/server/public/assets/{sequenceDiagram-FGHM5R23-VN57FKth.js → sequenceDiagram-FGHM5R23-DmQalqud.js} +1 -1
  60. package/payload/server/public/assets/{stateDiagram-FHFEXIEX-CCtRfCg0.js → stateDiagram-FHFEXIEX-DUdWeVRa.js} +1 -1
  61. package/payload/server/public/assets/stateDiagram-v2-QKLJ7IA2-DNTpFwdy.js +1 -0
  62. package/payload/server/public/assets/{timeline-definition-GMOUNBTQ-ja01S9Wd.js → timeline-definition-GMOUNBTQ-BgL1wM5n.js} +1 -1
  63. package/payload/server/public/assets/{useSelectionMode-ejMSaa52.js → useSelectionMode-BLpVlOgm.js} +1 -1
  64. package/payload/server/public/assets/{vennDiagram-DHZGUBPP-wWbiL1f6.js → vennDiagram-DHZGUBPP-7FHjIqPi.js} +1 -1
  65. package/payload/server/public/assets/{wardleyDiagram-NUSXRM2D-BZgue-PK.js → wardleyDiagram-NUSXRM2D-BHzo4V1J.js} +1 -1
  66. package/payload/server/public/assets/{xychartDiagram-5P7HB3ND-B_ynYRnW.js → xychartDiagram-5P7HB3ND-DtuWhqwh.js} +1 -1
  67. package/payload/server/public/data.html +5 -5
  68. package/payload/server/public/graph.html +6 -6
  69. package/payload/server/public/index.html +6 -6
  70. package/payload/server/public/public.html +5 -5
  71. package/payload/server/server.js +213 -232
  72. package/payload/server/public/assets/AdminShell-CdgotOLV.js +0 -1
  73. package/payload/server/public/assets/channel-DEl-UCEn.js +0 -1
  74. package/payload/server/public/assets/classDiagram-6PBFFD2Q-BZ9e1dmR.js +0 -1
  75. package/payload/server/public/assets/classDiagram-v2-HSJHXN6E-B1_4kXdN.js +0 -1
  76. package/payload/server/public/assets/clone-CNXfxCnl.js +0 -1
  77. package/payload/server/public/assets/data-DEsRsfI1.js +0 -1
  78. package/payload/server/public/assets/stateDiagram-v2-QKLJ7IA2-Cz319KBI.js +0 -1
  79. /package/payload/server/public/assets/{brand-DKUA91KU.js → brand-CYcGHhlS.js} +0 -0
@@ -815,7 +815,7 @@ var serveStatic = (options = { root: "" }) => {
815
815
  };
816
816
 
817
817
  // server/index.ts
818
- import { readFileSync as readFileSync20, existsSync as existsSync22, watchFile } from "fs";
818
+ import { readFileSync as readFileSync20, existsSync as existsSync21, watchFile } from "fs";
819
819
  import { resolve as resolve23, join as join15, basename as basename6 } from "path";
820
820
  import { homedir as homedir2 } from "os";
821
821
  import { monitorEventLoopDelay } from "perf_hooks";
@@ -7245,24 +7245,6 @@ function openResumeStreamLog(accountId, sessionId) {
7245
7245
  }
7246
7246
  return createWriteStream(resolvePath(dir, `${sessionId}.log`), { flags: "a" });
7247
7247
  }
7248
- var healPending = /* @__PURE__ */ new Map();
7249
- function markHealPending(accountId, attachmentId) {
7250
- let set = healPending.get(accountId);
7251
- if (!set) {
7252
- set = /* @__PURE__ */ new Set();
7253
- healPending.set(accountId, set);
7254
- }
7255
- set.add(attachmentId);
7256
- }
7257
- function clearHealPending(accountId, attachmentId) {
7258
- const set = healPending.get(accountId);
7259
- if (!set) return;
7260
- set.delete(attachmentId);
7261
- if (set.size === 0) healPending.delete(accountId);
7262
- }
7263
- function isHealPending(accountId, attachmentId) {
7264
- return healPending.get(accountId)?.has(attachmentId) ?? false;
7265
- }
7266
7248
  function validateAndShapeAttachments(raws, conversationAccountId, sessionId, messageId, streamLogPath) {
7267
7249
  const chips = [];
7268
7250
  let valid = 0;
@@ -7640,17 +7622,14 @@ app11.post("/:id/resume", async (c) => {
7640
7622
  textOffset: c2.textOffset
7641
7623
  };
7642
7624
  if (!c2.artefactAttachmentId || !c2.artefactMimeType || !c2.artefactTitle) return base;
7643
- markHealPending(accountId, c2.artefactAttachmentId);
7644
7625
  try {
7645
7626
  const dataObj = JSON.parse(c2.data);
7646
7627
  const bytesPick = pickComponentBytes(dataObj);
7647
7628
  if (!bytesPick) {
7648
- clearHealPending(accountId, c2.artefactAttachmentId);
7649
7629
  return base;
7650
7630
  }
7651
7631
  const filename = bytesPick.mimeType === "text/html" ? `${c2.artefactTitle}.html` : `${c2.artefactTitle}.md`;
7652
7632
  await storeComponentArtefact(accountId, c2.artefactAttachmentId, bytesPick.mimeType, bytesPick.content, filename);
7653
- clearHealPending(accountId, c2.artefactAttachmentId);
7654
7633
  streamLogPath.write(
7655
7634
  `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-persist] heal componentName=${c2.name} attachmentId=${c2.artefactAttachmentId.slice(0, 8)} mimeType=${bytesPick.mimeType} bytes=${bytesPick.content.length} outcome=ok
7656
7635
  `
@@ -7662,7 +7641,6 @@ app11.post("/:id/resume", async (c) => {
7662
7641
  artefactTitle: c2.artefactTitle
7663
7642
  };
7664
7643
  } catch (writeErr) {
7665
- clearHealPending(accountId, c2.artefactAttachmentId);
7666
7644
  const reason2 = writeErr instanceof Error ? writeErr.message : String(writeErr);
7667
7645
  streamLogPath.write(
7668
7646
  `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-persist] heal componentName=${c2.name} attachmentId=${c2.artefactAttachmentId.slice(0, 8)} outcome=disk-fail reason=${JSON.stringify(reason2.slice(0, 200))}
@@ -11733,11 +11711,9 @@ function isWithin(target, root) {
11733
11711
  var sidebar_artefacts_default = app22;
11734
11712
 
11735
11713
  // server/routes/admin/sidebar-artefact-save.ts
11736
- import { mkdir as mkdir4, readdir as readdir5, stat as stat6, writeFile as writeFile5 } from "fs/promises";
11714
+ import { mkdir as mkdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
11737
11715
  import { resolve as resolve16 } from "path";
11738
- import { existsSync as existsSync17 } from "fs";
11739
11716
  var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
11740
- var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
11741
11717
  var app23 = new Hono();
11742
11718
  app23.post("/", requireAdminSession, async (c) => {
11743
11719
  const cacheKey = c.var.cacheKey;
@@ -11748,11 +11724,7 @@ app23.post("/", requireAdminSession, async (c) => {
11748
11724
  return c.json({ error: "id and content required" }, 400);
11749
11725
  }
11750
11726
  const accountDir = resolve16(ACCOUNTS_DIR, accountId);
11751
- const resolved = await resolveSavePath(body.id, accountId, accountDir);
11752
- if (resolved.kind === "heal-race") {
11753
- c.header("Retry-After", "2");
11754
- return c.json({ error: "heal-race", reason: resolved.reason }, 503);
11755
- }
11727
+ const resolved = await resolveSavePath(body.id, accountDir);
11756
11728
  if (resolved.kind === "reject") {
11757
11729
  console.error(
11758
11730
  `[admin/sidebar-artefact-save] auth-rejected reason=${resolved.reason} path=${body.id}`
@@ -11781,78 +11753,86 @@ app23.post("/", requireAdminSession, async (c) => {
11781
11753
  );
11782
11754
  return c.json({ updatedAt });
11783
11755
  });
11784
- async function resolveSavePath(id, accountId, accountDir) {
11785
- if (id.startsWith("agent-template:")) {
11786
- const parts = id.split(":");
11787
- if (parts.length !== 3) return { kind: "reject", status: 400, reason: "invalid-id" };
11788
- const [, role, filename] = parts;
11789
- if (role === "specialist") {
11790
- return { kind: "reject", status: 403, reason: "specialist-write-blocked" };
11791
- }
11792
- if (role !== "admin" || !ADMIN_AGENT_FILES2.has(filename)) {
11793
- return { kind: "reject", status: 400, reason: "invalid-id" };
11794
- }
11795
- const parent = resolve16(accountDir, "agents", "admin");
11796
- await mkdir4(parent, { recursive: true });
11797
- try {
11798
- validateFilePathInAccount(parent, accountDir);
11799
- } catch {
11800
- return { kind: "reject", status: 400, reason: "containment-rejected" };
11801
- }
11802
- return { kind: "admin-template", path: resolve16(parent, filename) };
11756
+ async function resolveSavePath(id, accountDir) {
11757
+ if (!id.startsWith("agent-template:")) {
11758
+ return { kind: "reject", status: 400, reason: "invalid-id" };
11803
11759
  }
11804
- if (UUID_RE4.test(id)) {
11805
- const dir = resolve16(ATTACHMENTS_ROOT, accountId, id);
11806
- if (!existsSync17(dir)) {
11807
- const attShort = id.slice(0, 8);
11808
- if (isHealPending(accountId, id)) {
11809
- console.error(`[admin/sidebar-artefact-save] heal-race attachmentId=${attShort} outcome=503-retry source=heal-pending`);
11810
- return { kind: "heal-race", reason: "dir-pending" };
11811
- }
11812
- const session = getSession();
11813
- try {
11814
- const result = await session.run(
11815
- `MATCH (k:KnowledgeDocument {accountId: $accountId, attachmentId: $attachmentId})
11816
- RETURN count(k) AS cnt`,
11817
- { accountId, attachmentId: id }
11818
- );
11819
- const cnt = result.records[0]?.get("cnt")?.toNumber?.() ?? 0;
11820
- if (cnt > 0) {
11821
- console.error(`[admin/sidebar-artefact-save] heal-race attachmentId=${attShort} outcome=503-retry source=neo4j-row`);
11822
- return { kind: "heal-race", reason: "dir-pending" };
11823
- }
11824
- console.error(`[admin/sidebar-artefact-save] heal-race attachmentId=${attShort} outcome=400-terminal`);
11825
- return { kind: "reject", status: 400, reason: "not-found" };
11826
- } catch (neoErr) {
11827
- const reason = neoErr instanceof Error ? neoErr.message.slice(0, 120) : String(neoErr).slice(0, 120);
11828
- console.error(`[admin/sidebar-artefact-save] heal-race attachmentId=${attShort} outcome=neo4j-fail reason="${reason}"`);
11829
- return { kind: "heal-race", reason: "neo4j-fail" };
11830
- } finally {
11831
- try {
11832
- await session.close();
11833
- } catch {
11834
- }
11835
- }
11836
- }
11837
- try {
11838
- validateFilePathInAccount(dir, resolve16(ATTACHMENTS_ROOT, accountId));
11839
- } catch {
11840
- return { kind: "reject", status: 400, reason: "containment-rejected" };
11841
- }
11842
- const entries = await readdir5(dir);
11843
- const dataFile = entries.find((f) => !f.endsWith(".meta.json"));
11844
- if (!dataFile) {
11845
- return { kind: "reject", status: 400, reason: "not-found" };
11846
- }
11847
- return { kind: "knowledge-doc", path: resolve16(dir, dataFile) };
11760
+ const parts = id.split(":");
11761
+ if (parts.length !== 3) return { kind: "reject", status: 400, reason: "invalid-id" };
11762
+ const [, role, filename] = parts;
11763
+ if (role === "specialist") {
11764
+ return { kind: "reject", status: 403, reason: "specialist-write-blocked" };
11848
11765
  }
11849
- return { kind: "reject", status: 400, reason: "invalid-id" };
11766
+ if (role !== "admin" || !ADMIN_AGENT_FILES2.has(filename)) {
11767
+ return { kind: "reject", status: 400, reason: "invalid-id" };
11768
+ }
11769
+ const parent = resolve16(accountDir, "agents", "admin");
11770
+ await mkdir4(parent, { recursive: true });
11771
+ try {
11772
+ validateFilePathInAccount(parent, accountDir);
11773
+ } catch {
11774
+ return { kind: "reject", status: 400, reason: "containment-rejected" };
11775
+ }
11776
+ return { kind: "admin-template", path: resolve16(parent, filename) };
11850
11777
  }
11851
11778
  function relPath(absPath, root) {
11852
11779
  return absPath.startsWith(root) ? absPath.slice(root.length + 1) : absPath;
11853
11780
  }
11854
11781
  var sidebar_artefact_save_default = app23;
11855
11782
 
11783
+ // server/routes/admin/sidebar-sessions.ts
11784
+ var app24 = new Hono();
11785
+ app24.get("/", requireAdminSession, async (c) => {
11786
+ const cacheKey = c.var.cacheKey;
11787
+ const accountId = getAccountIdForSession(cacheKey);
11788
+ if (!accountId) {
11789
+ return c.json({ error: "Account not found for session" }, 401);
11790
+ }
11791
+ const port2 = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "admin-sessions-list" });
11792
+ const url = `http://127.0.0.1:${port2}/list?senderId=${encodeURIComponent(accountId)}`;
11793
+ let upstream = null;
11794
+ try {
11795
+ upstream = await fetch(url);
11796
+ } catch (err) {
11797
+ const message = err instanceof Error ? err.message : String(err);
11798
+ console.error(`[admin-sessions-list] account=${accountId} fetch-failed error="${message}"`);
11799
+ return c.json({ error: "session-manager-unreachable" }, 503);
11800
+ }
11801
+ if (!upstream.ok) {
11802
+ console.error(`[admin-sessions-list] account=${accountId} upstream-status=${upstream.status}`);
11803
+ return c.json({ error: "session-manager-error", status: upstream.status }, 502);
11804
+ }
11805
+ let payloads;
11806
+ try {
11807
+ payloads = await upstream.json();
11808
+ } catch (err) {
11809
+ const message = err instanceof Error ? err.message : String(err);
11810
+ console.error(`[admin-sessions-list] account=${accountId} parse-failed error="${message}"`);
11811
+ return c.json({ error: "session-manager-bad-body" }, 502);
11812
+ }
11813
+ if (!Array.isArray(payloads)) {
11814
+ console.error(`[admin-sessions-list] account=${accountId} bad-shape=not-array`);
11815
+ return c.json({ error: "session-manager-bad-body" }, 502);
11816
+ }
11817
+ const rows = [];
11818
+ for (const p of payloads) {
11819
+ const sessionId = typeof p.sessionId === "string" ? p.sessionId : null;
11820
+ const capturedUrl = typeof p.url === "string" ? p.url : null;
11821
+ const startedAt = typeof p.startedAt === "string" ? p.startedAt : null;
11822
+ if (!sessionId || !capturedUrl || !startedAt) continue;
11823
+ const displayName = typeof p.displayName === "string" && p.displayName.length > 0 ? p.displayName : sessionId.slice(0, 8);
11824
+ rows.push({
11825
+ sessionId,
11826
+ title: displayName,
11827
+ url: capturedUrl,
11828
+ capturedAt: startedAt
11829
+ });
11830
+ }
11831
+ console.log(`[admin-sessions-list] account=${accountId} rows=${rows.length}`);
11832
+ return c.json({ sessions: rows });
11833
+ });
11834
+ var sidebar_sessions_default = app24;
11835
+
11856
11836
  // server/routes/admin/system-stats.ts
11857
11837
  import { readFile as readFile5 } from "fs/promises";
11858
11838
  import { cpus, loadavg, totalmem, freemem } from "os";
@@ -11948,8 +11928,8 @@ async function sample() {
11948
11928
  if (process.platform === "linux") return sampleLinux();
11949
11929
  return sampleOsFallback();
11950
11930
  }
11951
- var app24 = new Hono();
11952
- app24.get("/", async (c) => {
11931
+ var app25 = new Hono();
11932
+ app25.get("/", async (c) => {
11953
11933
  const started = Date.now();
11954
11934
  if (!inflight) {
11955
11935
  inflight = sample().finally(() => {
@@ -11972,15 +11952,15 @@ app24.get("/", async (c) => {
11972
11952
  return c.json({ degraded: true, reason, sampledAtMs: Date.now() });
11973
11953
  }
11974
11954
  });
11975
- var system_stats_default = app24;
11955
+ var system_stats_default = app25;
11976
11956
 
11977
11957
  // server/routes/admin/health.ts
11978
- import { existsSync as existsSync18, readFileSync as readFileSync14 } from "fs";
11958
+ import { existsSync as existsSync17, readFileSync as readFileSync14 } from "fs";
11979
11959
  import { resolve as resolve17, join as join13 } from "path";
11980
11960
  var PLATFORM_ROOT6 = process.env.MAXY_PLATFORM_ROOT ?? resolve17(process.cwd(), "..");
11981
11961
  var brandHostname = "maxy";
11982
11962
  var brandJsonPath = join13(PLATFORM_ROOT6, "config", "brand.json");
11983
- if (existsSync18(brandJsonPath)) {
11963
+ if (existsSync17(brandJsonPath)) {
11984
11964
  try {
11985
11965
  const brand = JSON.parse(readFileSync14(brandJsonPath, "utf-8"));
11986
11966
  if (brand.hostname) brandHostname = brand.hostname;
@@ -11991,7 +11971,7 @@ var VERSION_FILE = resolve17(PLATFORM_ROOT6, `config/.${brandHostname}-version`)
11991
11971
  var PROCESS_STARTED_AT = (/* @__PURE__ */ new Date()).toISOString();
11992
11972
  var PROBE_TIMEOUT_MS = 1e3;
11993
11973
  function readVersion() {
11994
- if (!existsSync18(VERSION_FILE)) return "unknown";
11974
+ if (!existsSync17(VERSION_FILE)) return "unknown";
11995
11975
  return readFileSync14(VERSION_FILE, "utf-8").trim() || "unknown";
11996
11976
  }
11997
11977
  async function probeConversationDb() {
@@ -12017,8 +11997,8 @@ async function probeConversationDb() {
12017
11997
  });
12018
11998
  }
12019
11999
  }
12020
- var app25 = new Hono();
12021
- app25.get("/", async (c) => {
12000
+ var app26 = new Hono();
12001
+ app26.get("/", async (c) => {
12022
12002
  const version = readVersion();
12023
12003
  const probe = await probeConversationDb();
12024
12004
  const uptimeMs = Date.now() - new Date(PROCESS_STARTED_AT).getTime();
@@ -12040,7 +12020,7 @@ app25.get("/", async (c) => {
12040
12020
  uptimeMs
12041
12021
  });
12042
12022
  });
12043
- var health_default2 = app25;
12023
+ var health_default2 = app26;
12044
12024
 
12045
12025
  // server/routes/admin/linkedin-ingest.ts
12046
12026
  var TAG20 = "[linkedin-ingest-route]";
@@ -12136,8 +12116,8 @@ function buildInitialMessage(env) {
12136
12116
  }
12137
12117
  return header;
12138
12118
  }
12139
- var app26 = new Hono();
12140
- app26.post("/", requireAdminSession, async (c) => {
12119
+ var app27 = new Hono();
12120
+ app27.post("/", requireAdminSession, async (c) => {
12141
12121
  let body;
12142
12122
  try {
12143
12123
  body = await c.req.json();
@@ -12191,7 +12171,7 @@ app26.post("/", requireAdminSession, async (c) => {
12191
12171
  );
12192
12172
  return c.json({ ok: true, dispatchId: envelope.dispatchId, taskId: claudeSessionId }, 202);
12193
12173
  });
12194
- var linkedin_ingest_default = app26;
12174
+ var linkedin_ingest_default = app27;
12195
12175
 
12196
12176
  // server/routes/admin/post-turn-context.ts
12197
12177
  import neo4j2 from "neo4j-driver";
@@ -12233,8 +12213,8 @@ function pruneProperties(raw) {
12233
12213
  }
12234
12214
  return out;
12235
12215
  }
12236
- var app27 = new Hono();
12237
- app27.get("/", async (c) => {
12216
+ var app28 = new Hono();
12217
+ app28.get("/", async (c) => {
12238
12218
  const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12239
12219
  if (!isLoopbackAddr2(remoteAddr)) {
12240
12220
  console.error(`${TAG21} reject reason=non-loopback remoteAddr=${remoteAddr}`);
@@ -12294,7 +12274,7 @@ app27.get("/", async (c) => {
12294
12274
  await session.close();
12295
12275
  }
12296
12276
  });
12297
- var post_turn_context_default = app27;
12277
+ var post_turn_context_default = app28;
12298
12278
 
12299
12279
  // server/routes/admin/public-session-context.ts
12300
12280
  import neo4j3 from "neo4j-driver";
@@ -12336,8 +12316,8 @@ function pruneProperties2(raw) {
12336
12316
  }
12337
12317
  return out;
12338
12318
  }
12339
- var app28 = new Hono();
12340
- app28.get("/", async (c) => {
12319
+ var app29 = new Hono();
12320
+ app29.get("/", async (c) => {
12341
12321
  const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12342
12322
  if (!isLoopbackAddr3(remoteAddr)) {
12343
12323
  console.error(`${TAG22} reject reason=non-loopback remoteAddr=${remoteAddr}`);
@@ -12396,15 +12376,15 @@ app28.get("/", async (c) => {
12396
12376
  await session.close();
12397
12377
  }
12398
12378
  });
12399
- var public_session_context_default = app28;
12379
+ var public_session_context_default = app29;
12400
12380
 
12401
12381
  // server/routes/admin/public-session-exit.ts
12402
12382
  var TAG23 = "[public-session-exit-route]";
12403
12383
  function isLoopbackAddr4(addr) {
12404
12384
  return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
12405
12385
  }
12406
- var app29 = new Hono();
12407
- app29.post("/", async (c) => {
12386
+ var app30 = new Hono();
12387
+ app30.post("/", async (c) => {
12408
12388
  const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12409
12389
  if (!isLoopbackAddr4(remoteAddr)) {
12410
12390
  console.error(`${TAG23} reject reason=non-loopback remoteAddr=${remoteAddr}`);
@@ -12431,15 +12411,15 @@ app29.post("/", async (c) => {
12431
12411
  handlePublicSessionExit(sessionId);
12432
12412
  return c.json({ ok: true });
12433
12413
  });
12434
- var public_session_exit_default = app29;
12414
+ var public_session_exit_default = app30;
12435
12415
 
12436
12416
  // server/routes/admin/access-session-evict.ts
12437
12417
  var TAG24 = "[access-session-evict]";
12438
12418
  function isLoopbackAddr5(addr) {
12439
12419
  return addr === "127.0.0.1" || addr === "::1" || addr === "::ffff:127.0.0.1";
12440
12420
  }
12441
- var app30 = new Hono();
12442
- app30.post("/", async (c) => {
12421
+ var app31 = new Hono();
12422
+ app31.post("/", async (c) => {
12443
12423
  const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
12444
12424
  if (!isLoopbackAddr5(remoteAddr)) {
12445
12425
  console.error(`${TAG24} reject reason=non-loopback remoteAddr=${remoteAddr}`);
@@ -12467,36 +12447,37 @@ app30.post("/", async (c) => {
12467
12447
  console.log(`${TAG24} grantId=${grantId} dropped=${dropped}`);
12468
12448
  return c.json({ ok: true, dropped });
12469
12449
  });
12470
- var access_session_evict_default = app30;
12450
+ var access_session_evict_default = app31;
12471
12451
 
12472
12452
  // server/routes/admin/index.ts
12473
- var app31 = new Hono();
12474
- app31.route("/session", session_default);
12475
- app31.route("/logs", logs_default);
12476
- app31.route("/claude-info", claude_info_default);
12477
- app31.route("/attachment", attachment_default);
12478
- app31.route("/agents", agents_default);
12479
- app31.route("/sessions", sessions_default);
12480
- app31.route("/claude-sessions", claude_sessions_default);
12481
- app31.route("/log-ingest", log_ingest_default);
12482
- app31.route("/events", events_default);
12483
- app31.route("/files", files_default);
12484
- app31.route("/graph-search", graph_search_default);
12485
- app31.route("/graph-subgraph", graph_subgraph_default);
12486
- app31.route("/graph-delete", graph_delete_default);
12487
- app31.route("/graph-restore", graph_restore_default);
12488
- app31.route("/graph-labels-in-graph", graph_labels_in_graph_default);
12489
- app31.route("/graph-default-view", graph_default_view_default);
12490
- app31.route("/sidebar-artefacts", sidebar_artefacts_default);
12491
- app31.route("/sidebar-artefact-save", sidebar_artefact_save_default);
12492
- app31.route("/system-stats", system_stats_default);
12493
- app31.route("/health-brand", health_default2);
12494
- app31.route("/linkedin-ingest", linkedin_ingest_default);
12495
- app31.route("/post-turn-context", post_turn_context_default);
12496
- app31.route("/public-session-context", public_session_context_default);
12497
- app31.route("/public-session-exit", public_session_exit_default);
12498
- app31.route("/access-session-evict", access_session_evict_default);
12499
- var admin_default = app31;
12453
+ var app32 = new Hono();
12454
+ app32.route("/session", session_default);
12455
+ app32.route("/logs", logs_default);
12456
+ app32.route("/claude-info", claude_info_default);
12457
+ app32.route("/attachment", attachment_default);
12458
+ app32.route("/agents", agents_default);
12459
+ app32.route("/sessions", sessions_default);
12460
+ app32.route("/claude-sessions", claude_sessions_default);
12461
+ app32.route("/log-ingest", log_ingest_default);
12462
+ app32.route("/events", events_default);
12463
+ app32.route("/files", files_default);
12464
+ app32.route("/graph-search", graph_search_default);
12465
+ app32.route("/graph-subgraph", graph_subgraph_default);
12466
+ app32.route("/graph-delete", graph_delete_default);
12467
+ app32.route("/graph-restore", graph_restore_default);
12468
+ app32.route("/graph-labels-in-graph", graph_labels_in_graph_default);
12469
+ app32.route("/graph-default-view", graph_default_view_default);
12470
+ app32.route("/sidebar-artefacts", sidebar_artefacts_default);
12471
+ app32.route("/sidebar-artefact-save", sidebar_artefact_save_default);
12472
+ app32.route("/sidebar-sessions", sidebar_sessions_default);
12473
+ app32.route("/system-stats", system_stats_default);
12474
+ app32.route("/health-brand", health_default2);
12475
+ app32.route("/linkedin-ingest", linkedin_ingest_default);
12476
+ app32.route("/post-turn-context", post_turn_context_default);
12477
+ app32.route("/public-session-context", public_session_context_default);
12478
+ app32.route("/public-session-exit", public_session_exit_default);
12479
+ app32.route("/access-session-evict", access_session_evict_default);
12480
+ var admin_default = app32;
12500
12481
 
12501
12482
  // app/lib/access-gate.ts
12502
12483
  import neo4j4 from "neo4j-driver";
@@ -12710,8 +12691,8 @@ async function generateNewMagicToken(grantId) {
12710
12691
  var TAG25 = "[access-verify]";
12711
12692
  var MINT_TAG = "[access-session-mint]";
12712
12693
  var COOKIE_NAME = "__access_session";
12713
- var app32 = new Hono();
12714
- app32.post("/", async (c) => {
12694
+ var app33 = new Hono();
12695
+ app33.post("/", async (c) => {
12715
12696
  const ip = c.var.clientIp || "unknown";
12716
12697
  let body;
12717
12698
  try {
@@ -12793,7 +12774,7 @@ app32.post("/", async (c) => {
12793
12774
  displayName: grant.displayName
12794
12775
  });
12795
12776
  });
12796
- var verify_token_default = app32;
12777
+ var verify_token_default = app33;
12797
12778
 
12798
12779
  // app/lib/access-email.ts
12799
12780
  import { spawn as spawn2 } from "child_process";
@@ -12856,9 +12837,9 @@ async function sendMagicLinkEmail(payload) {
12856
12837
 
12857
12838
  // server/routes/access/request-magic-link.ts
12858
12839
  var TAG26 = "[access-request-link]";
12859
- var app33 = new Hono();
12840
+ var app34 = new Hono();
12860
12841
  var VISITOR_MESSAGE = "If that email is on the invite list, a fresh link is on the way.";
12861
- app33.post("/", async (c) => {
12842
+ app34.post("/", async (c) => {
12862
12843
  let body;
12863
12844
  try {
12864
12845
  body = await c.req.json();
@@ -12932,16 +12913,16 @@ app33.post("/", async (c) => {
12932
12913
  );
12933
12914
  return c.json({ message: VISITOR_MESSAGE }, 200);
12934
12915
  });
12935
- var request_magic_link_default = app33;
12916
+ var request_magic_link_default = app34;
12936
12917
 
12937
12918
  // server/routes/access/index.ts
12938
- var app34 = new Hono();
12939
- app34.route("/verify-token", verify_token_default);
12940
- app34.route("/request-magic-link", request_magic_link_default);
12941
- var access_default = app34;
12919
+ var app35 = new Hono();
12920
+ app35.route("/verify-token", verify_token_default);
12921
+ app35.route("/request-magic-link", request_magic_link_default);
12922
+ var access_default = app35;
12942
12923
 
12943
12924
  // server/routes/sites.ts
12944
- import { existsSync as existsSync19, readFileSync as readFileSync16, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
12925
+ import { existsSync as existsSync18, readFileSync as readFileSync16, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
12945
12926
  import { resolve as resolve20 } from "path";
12946
12927
  var SAFE_SEG_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
12947
12928
  var MIME = {
@@ -12973,8 +12954,8 @@ function getExt(p) {
12973
12954
  if (idx < p.lastIndexOf("/")) return "";
12974
12955
  return p.slice(idx).toLowerCase();
12975
12956
  }
12976
- var app35 = new Hono();
12977
- app35.get("/:rel{.*}", (c) => {
12957
+ var app36 = new Hono();
12958
+ app36.get("/:rel{.*}", (c) => {
12978
12959
  const reqPath = c.req.path;
12979
12960
  const rawRel = c.req.param("rel") ?? "";
12980
12961
  const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
@@ -13007,7 +12988,7 @@ app35.get("/:rel{.*}", (c) => {
13007
12988
  }
13008
12989
  let stat8;
13009
12990
  try {
13010
- stat8 = existsSync19(filePath) ? statSync7(filePath) : null;
12991
+ stat8 = existsSync18(filePath) ? statSync7(filePath) : null;
13011
12992
  } catch {
13012
12993
  stat8 = null;
13013
12994
  }
@@ -13026,7 +13007,7 @@ app35.get("/:rel{.*}", (c) => {
13026
13007
  console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
13027
13008
  return c.text("Forbidden", 403);
13028
13009
  }
13029
- if (!existsSync19(filePath)) {
13010
+ if (!existsSync18(filePath)) {
13030
13011
  console.error(`[sites] not-found path=${reqPath} status=404`);
13031
13012
  return c.text("Not found", 404);
13032
13013
  }
@@ -13077,7 +13058,7 @@ app35.get("/:rel{.*}", (c) => {
13077
13058
  "X-Content-Type-Options": "nosniff"
13078
13059
  });
13079
13060
  });
13080
- var sites_default = app35;
13061
+ var sites_default = app36;
13081
13062
 
13082
13063
  // app/lib/visitor-token.ts
13083
13064
  import { createHmac, randomBytes, timingSafeEqual } from "crypto";
@@ -13157,7 +13138,7 @@ var VISITOR_COOKIE_NAME = "mxy_v";
13157
13138
  var VISITOR_COOKIE_MAX_AGE_SECONDS = Math.floor(DEFAULT_TTL_MS / 1e3);
13158
13139
 
13159
13140
  // app/lib/brand-config.ts
13160
- import { existsSync as existsSync20, readFileSync as readFileSync18 } from "fs";
13141
+ import { existsSync as existsSync19, readFileSync as readFileSync18 } from "fs";
13161
13142
  import { join as join14 } from "path";
13162
13143
  var cached2 = null;
13163
13144
  var cachedAttempted = false;
@@ -13167,7 +13148,7 @@ function readBrandConfig() {
13167
13148
  const platformRoot = process.env.MAXY_PLATFORM_ROOT;
13168
13149
  if (!platformRoot) return null;
13169
13150
  const brandPath = join14(platformRoot, "config", "brand.json");
13170
- if (!existsSync20(brandPath)) return null;
13151
+ if (!existsSync19(brandPath)) return null;
13171
13152
  try {
13172
13153
  cached2 = JSON.parse(readFileSync18(brandPath, "utf-8"));
13173
13154
  return cached2;
@@ -13177,7 +13158,7 @@ function readBrandConfig() {
13177
13158
  }
13178
13159
 
13179
13160
  // server/routes/visitor-consent.ts
13180
- var app36 = new Hono();
13161
+ var app37 = new Hono();
13181
13162
  var CONSENT_COOKIE_NAME = "mxy_consent";
13182
13163
  var CONSENT_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
13183
13164
  var DEFAULT_CONSENT_COPY = {
@@ -13222,17 +13203,17 @@ function siteSlugFromReferer(referer) {
13222
13203
  return "";
13223
13204
  }
13224
13205
  }
13225
- app36.options("/consent", (c) => {
13206
+ app37.options("/consent", (c) => {
13226
13207
  const origin = getOrigin(c);
13227
13208
  setCorsHeaders(c, origin);
13228
13209
  return c.body(null, 204);
13229
13210
  });
13230
- app36.options("/brand-config", (c) => {
13211
+ app37.options("/brand-config", (c) => {
13231
13212
  const origin = getOrigin(c);
13232
13213
  setCorsHeaders(c, origin);
13233
13214
  return c.body(null, 204);
13234
13215
  });
13235
- app36.post("/consent", async (c) => {
13216
+ app37.post("/consent", async (c) => {
13236
13217
  const origin = getOrigin(c);
13237
13218
  setCorsHeaders(c, origin);
13238
13219
  let raw;
@@ -13272,7 +13253,7 @@ app36.post("/consent", async (c) => {
13272
13253
  console.log(`[consent] ${parsed.decision} site=${site} brand=${brandName} tokenBound=${tokenBound}`);
13273
13254
  return c.body(null, 204);
13274
13255
  });
13275
- app36.get("/brand-config", (c) => {
13256
+ app37.get("/brand-config", (c) => {
13276
13257
  const origin = getOrigin(c);
13277
13258
  setCorsHeaders(c, origin);
13278
13259
  const brand = readBrandConfig();
@@ -13282,7 +13263,7 @@ app36.get("/brand-config", (c) => {
13282
13263
  c.header("Cache-Control", "public, max-age=300");
13283
13264
  return c.json({ consent: { copy, palette } });
13284
13265
  });
13285
- var visitor_consent_default = app36;
13266
+ var visitor_consent_default = app37;
13286
13267
 
13287
13268
  // server/routes/listings.ts
13288
13269
  function getCookie(headerValue, name) {
@@ -13309,8 +13290,8 @@ function appendConsentParams(pageUrl, token) {
13309
13290
  }
13310
13291
  var SAFE_SLUG_RE = /^[a-z0-9](?:[a-z0-9-]{0,118}[a-z0-9])?$/;
13311
13292
  var CHAT_SESSION_KEY_RE = /^[A-Za-z0-9][A-Za-z0-9_-]{7,127}$/;
13312
- var app37 = new Hono();
13313
- app37.get("/:slug/click", async (c) => {
13293
+ var app38 = new Hono();
13294
+ app38.get("/:slug/click", async (c) => {
13314
13295
  const slug = c.req.param("slug") ?? "";
13315
13296
  const rawSession = c.req.query("session") ?? "";
13316
13297
  const sessionKey = CHAT_SESSION_KEY_RE.test(rawSession) ? rawSession : "invalid";
@@ -13374,10 +13355,10 @@ app37.get("/:slug/click", async (c) => {
13374
13355
  console.log(`[property-card-click] sessionKey=${sessionKey} listingSlug=${slug} consent=${consentCookie ?? "absent"} ts=${(/* @__PURE__ */ new Date()).toISOString()}`);
13375
13356
  return c.redirect(redirectUrl, 302);
13376
13357
  });
13377
- var listings_default = app37;
13358
+ var listings_default = app38;
13378
13359
 
13379
13360
  // server/routes/visitor-event.ts
13380
- var app38 = new Hono();
13361
+ var app39 = new Hono();
13381
13362
  var BOT_UA_RE = /\b(bot|crawl|spider|slurp|headlesschrome|phantomjs|googlebot|bingbot|yandex|baiduspider|ahrefsbot|semrushbot|mj12bot|dotbot|petalbot)\b/i;
13382
13363
  var buckets = /* @__PURE__ */ new Map();
13383
13364
  var RATE_LIMIT = 60;
@@ -13444,12 +13425,12 @@ function originAllowed(origin, allowlist) {
13444
13425
  return false;
13445
13426
  }
13446
13427
  }
13447
- app38.options("/event", (c) => {
13428
+ app39.options("/event", (c) => {
13448
13429
  const origin = getOrigin2(c);
13449
13430
  setCorsHeaders2(c, origin);
13450
13431
  return c.body(null, 204);
13451
13432
  });
13452
- app38.post("/event", async (c) => {
13433
+ app39.post("/event", async (c) => {
13453
13434
  const origin = getOrigin2(c);
13454
13435
  setCorsHeaders2(c, origin);
13455
13436
  const ua = c.req.header("user-agent") ?? "";
@@ -13654,7 +13635,7 @@ async function writeEvent(opts) {
13654
13635
  );
13655
13636
  }
13656
13637
  }
13657
- var visitor_event_default = app38;
13638
+ var visitor_event_default = app39;
13658
13639
 
13659
13640
  // app/lib/graph-health.ts
13660
13641
  var HOUR_MS = 60 * 60 * 1e3;
@@ -13901,7 +13882,7 @@ function broadcastAdminShutdown(reason) {
13901
13882
 
13902
13883
  // ../lib/entitlement/src/index.ts
13903
13884
  import { createPublicKey, createHash as createHash4, verify as cryptoVerify } from "crypto";
13904
- import { existsSync as existsSync21, readFileSync as readFileSync19, statSync as statSync8 } from "fs";
13885
+ import { existsSync as existsSync20, readFileSync as readFileSync19, statSync as statSync8 } from "fs";
13905
13886
  import { resolve as resolve22 } from "path";
13906
13887
 
13907
13888
  // ../lib/entitlement/src/canonicalize.ts
@@ -13950,7 +13931,7 @@ function resolveEntitlement(brand, account) {
13950
13931
  return logResolved(implicitTrust(account), null);
13951
13932
  }
13952
13933
  const entitlementPath = resolve22(brand.configDir, "entitlement.json");
13953
- if (!existsSync21(entitlementPath)) {
13934
+ if (!existsSync20(entitlementPath)) {
13954
13935
  return logResolved(anonymousFallback("missing"), { reason: "missing" });
13955
13936
  }
13956
13937
  const stat8 = statSync8(entitlementPath);
@@ -14142,10 +14123,10 @@ function clientFrom(c) {
14142
14123
  var PLATFORM_ROOT9 = process.env.MAXY_PLATFORM_ROOT || "";
14143
14124
  var BRAND_JSON_PATH = PLATFORM_ROOT9 ? join15(PLATFORM_ROOT9, "config", "brand.json") : "";
14144
14125
  var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", marketingUrl: "https://getmaxy.com" };
14145
- if (BRAND_JSON_PATH && !existsSync22(BRAND_JSON_PATH)) {
14126
+ if (BRAND_JSON_PATH && !existsSync21(BRAND_JSON_PATH)) {
14146
14127
  console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
14147
14128
  }
14148
- if (BRAND_JSON_PATH && existsSync22(BRAND_JSON_PATH)) {
14129
+ if (BRAND_JSON_PATH && existsSync21(BRAND_JSON_PATH)) {
14149
14130
  try {
14150
14131
  const parsed = JSON.parse(readFileSync20(BRAND_JSON_PATH, "utf-8"));
14151
14132
  BRAND = { ...BRAND, ...parsed };
@@ -14169,7 +14150,7 @@ var brandLoginOpts = {
14169
14150
  var ALIAS_DOMAINS_PATH = join15(homedir2(), BRAND.configDir, "alias-domains.json");
14170
14151
  function loadAliasDomains() {
14171
14152
  try {
14172
- if (!existsSync22(ALIAS_DOMAINS_PATH)) return null;
14153
+ if (!existsSync21(ALIAS_DOMAINS_PATH)) return null;
14173
14154
  const parsed = JSON.parse(readFileSync20(ALIAS_DOMAINS_PATH, "utf-8"));
14174
14155
  if (!Array.isArray(parsed)) {
14175
14156
  console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
@@ -14194,9 +14175,9 @@ watchFile(ALIAS_DOMAINS_PATH, { interval: 2e3 }, () => {
14194
14175
  function isPublicHost(host) {
14195
14176
  return host.startsWith("public.") || aliasDomains.has(host);
14196
14177
  }
14197
- var app39 = new Hono();
14198
- app39.use("*", clientIpMiddleware);
14199
- app39.use("*", async (c, next) => {
14178
+ var app40 = new Hono();
14179
+ app40.use("*", clientIpMiddleware);
14180
+ app40.use("*", async (c, next) => {
14200
14181
  await next();
14201
14182
  c.header("X-Content-Type-Options", "nosniff");
14202
14183
  c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -14206,7 +14187,7 @@ app39.use("*", async (c, next) => {
14206
14187
  );
14207
14188
  });
14208
14189
  var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
14209
- app39.use("*", async (c, next) => {
14190
+ app40.use("*", async (c, next) => {
14210
14191
  if (!HTTP_LOG_PATHS.has(c.req.path)) {
14211
14192
  await next();
14212
14193
  return;
@@ -14239,7 +14220,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
14239
14220
  "/sites/"
14240
14221
  ];
14241
14222
  var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
14242
- app39.use("*", async (c, next) => {
14223
+ app40.use("*", async (c, next) => {
14243
14224
  const host = (c.req.header("host") ?? "").split(":")[0];
14244
14225
  if (!isPublicHost(host)) {
14245
14226
  await next();
@@ -14279,7 +14260,7 @@ function resolveRemoteAuthOpts() {
14279
14260
  return brandLoginOpts;
14280
14261
  }
14281
14262
  var MAX_LOGIN_BODY = 8 * 1024;
14282
- app39.post("/__remote-auth/login", async (c) => {
14263
+ app40.post("/__remote-auth/login", async (c) => {
14283
14264
  const client = clientFrom(c);
14284
14265
  const clientIp = client.ip || "unknown";
14285
14266
  if (!requestIsTlsTerminated(c)) {
@@ -14324,7 +14305,7 @@ app39.post("/__remote-auth/login", async (c) => {
14324
14305
  }
14325
14306
  });
14326
14307
  });
14327
- app39.get("/__remote-auth/logout", (c) => {
14308
+ app40.get("/__remote-auth/logout", (c) => {
14328
14309
  const client = clientFrom(c);
14329
14310
  const clientIp = client.ip || "unknown";
14330
14311
  console.error(`[remote-auth] logout ip=${clientIp}`);
@@ -14337,7 +14318,7 @@ app39.get("/__remote-auth/logout", (c) => {
14337
14318
  }
14338
14319
  });
14339
14320
  });
14340
- app39.post("/__remote-auth/change-password", async (c) => {
14321
+ app40.post("/__remote-auth/change-password", async (c) => {
14341
14322
  const client = clientFrom(c);
14342
14323
  const clientIp = client.ip || "unknown";
14343
14324
  const rateLimited = checkRateLimit(client);
@@ -14388,13 +14369,13 @@ app39.post("/__remote-auth/change-password", async (c) => {
14388
14369
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
14389
14370
  }
14390
14371
  });
14391
- app39.get("/__remote-auth/setup", (c) => {
14372
+ app40.get("/__remote-auth/setup", (c) => {
14392
14373
  if (isRemoteAuthConfigured()) {
14393
14374
  return c.redirect("/");
14394
14375
  }
14395
14376
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
14396
14377
  });
14397
- app39.post("/__remote-auth/set-initial-password", async (c) => {
14378
+ app40.post("/__remote-auth/set-initial-password", async (c) => {
14398
14379
  if (isRemoteAuthConfigured()) {
14399
14380
  return c.redirect("/");
14400
14381
  }
@@ -14432,10 +14413,10 @@ app39.post("/__remote-auth/set-initial-password", async (c) => {
14432
14413
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
14433
14414
  }
14434
14415
  });
14435
- app39.get("/api/remote-auth/status", (c) => {
14416
+ app40.get("/api/remote-auth/status", (c) => {
14436
14417
  return c.json({ configured: isRemoteAuthConfigured() });
14437
14418
  });
14438
- app39.post("/api/remote-auth/set-password", async (c) => {
14419
+ app40.post("/api/remote-auth/set-password", async (c) => {
14439
14420
  let body;
14440
14421
  try {
14441
14422
  body = await c.req.json();
@@ -14466,9 +14447,9 @@ app39.post("/api/remote-auth/set-password", async (c) => {
14466
14447
  return c.json({ error: "Failed to save password" }, 500);
14467
14448
  }
14468
14449
  });
14469
- app39.route("/api/_client-error", client_error_default);
14450
+ app40.route("/api/_client-error", client_error_default);
14470
14451
  console.log("[client-error-route] mounted");
14471
- app39.use("*", async (c, next) => {
14452
+ app40.use("*", async (c, next) => {
14472
14453
  const host = (c.req.header("host") ?? "").split(":")[0];
14473
14454
  const path2 = c.req.path;
14474
14455
  if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -14501,12 +14482,12 @@ app39.use("*", async (c, next) => {
14501
14482
  console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
14502
14483
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
14503
14484
  });
14504
- app39.route("/api/health", health_default);
14505
- app39.route("/api/chat", chat_default);
14506
- app39.route("/api/whatsapp", whatsapp_default);
14507
- app39.route("/api/onboarding", onboarding_default);
14508
- app39.route("/api/admin", admin_default);
14509
- app39.route("/api/access", access_default);
14485
+ app40.route("/api/health", health_default);
14486
+ app40.route("/api/chat", chat_default);
14487
+ app40.route("/api/whatsapp", whatsapp_default);
14488
+ app40.route("/api/onboarding", onboarding_default);
14489
+ app40.route("/api/admin", admin_default);
14490
+ app40.route("/api/access", access_default);
14510
14491
  var SAFE_SLUG_RE2 = /^[a-z][a-z0-9-]{2,49}$/;
14511
14492
  var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
14512
14493
  var IMAGE_MIME = {
@@ -14518,7 +14499,7 @@ var IMAGE_MIME = {
14518
14499
  ".svg": "image/svg+xml",
14519
14500
  ".ico": "image/x-icon"
14520
14501
  };
14521
- app39.get("/agent-assets/:slug/:filename", (c) => {
14502
+ app40.get("/agent-assets/:slug/:filename", (c) => {
14522
14503
  const slug = c.req.param("slug");
14523
14504
  const filename = c.req.param("filename");
14524
14505
  if (!SAFE_SLUG_RE2.test(slug)) {
@@ -14540,7 +14521,7 @@ app39.get("/agent-assets/:slug/:filename", (c) => {
14540
14521
  console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
14541
14522
  return c.text("Forbidden", 403);
14542
14523
  }
14543
- if (!existsSync22(filePath)) {
14524
+ if (!existsSync21(filePath)) {
14544
14525
  console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
14545
14526
  return c.text("Not found", 404);
14546
14527
  }
@@ -14553,7 +14534,7 @@ app39.get("/agent-assets/:slug/:filename", (c) => {
14553
14534
  "Cache-Control": "public, max-age=3600"
14554
14535
  });
14555
14536
  });
14556
- app39.get("/generated/:filename", (c) => {
14537
+ app40.get("/generated/:filename", (c) => {
14557
14538
  const filename = c.req.param("filename");
14558
14539
  if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
14559
14540
  console.error(`[generated] serve file=${filename} status=403`);
@@ -14570,7 +14551,7 @@ app39.get("/generated/:filename", (c) => {
14570
14551
  console.error(`[generated] serve file=${filename} status=403`);
14571
14552
  return c.text("Forbidden", 403);
14572
14553
  }
14573
- if (!existsSync22(filePath)) {
14554
+ if (!existsSync21(filePath)) {
14574
14555
  console.error(`[generated] serve file=${filename} status=404`);
14575
14556
  return c.text("Not found", 404);
14576
14557
  }
@@ -14583,14 +14564,14 @@ app39.get("/generated/:filename", (c) => {
14583
14564
  "Cache-Control": "public, max-age=86400"
14584
14565
  });
14585
14566
  });
14586
- app39.route("/sites", sites_default);
14587
- app39.route("/listings", listings_default);
14588
- app39.route("/v", visitor_event_default);
14589
- app39.route("/v", visitor_consent_default);
14567
+ app40.route("/sites", sites_default);
14568
+ app40.route("/listings", listings_default);
14569
+ app40.route("/v", visitor_event_default);
14570
+ app40.route("/v", visitor_consent_default);
14590
14571
  var htmlCache = /* @__PURE__ */ new Map();
14591
14572
  var brandLogoPath = "/brand/maxy-monochrome.png";
14592
14573
  var brandIconPath = "/brand/maxy-monochrome.png";
14593
- if (BRAND_JSON_PATH && existsSync22(BRAND_JSON_PATH)) {
14574
+ if (BRAND_JSON_PATH && existsSync21(BRAND_JSON_PATH)) {
14594
14575
  try {
14595
14576
  const fullBrand = JSON.parse(readFileSync20(BRAND_JSON_PATH, "utf-8"));
14596
14577
  if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
@@ -14610,7 +14591,7 @@ function readInstalledVersion() {
14610
14591
  try {
14611
14592
  if (!PLATFORM_ROOT9) return "unknown";
14612
14593
  const versionFile = join15(PLATFORM_ROOT9, "config", `.${BRAND.hostname}-version`);
14613
- if (!existsSync22(versionFile)) return "unknown";
14594
+ if (!existsSync21(versionFile)) return "unknown";
14614
14595
  const content = readFileSync20(versionFile, "utf-8").trim();
14615
14596
  return content || "unknown";
14616
14597
  } catch {
@@ -14671,12 +14652,12 @@ function loadBrandingCache(agentSlug) {
14671
14652
  const configDir2 = join15(homedir2(), BRAND.configDir);
14672
14653
  try {
14673
14654
  const accountJsonPath = join15(configDir2, "account.json");
14674
- if (!existsSync22(accountJsonPath)) return null;
14655
+ if (!existsSync21(accountJsonPath)) return null;
14675
14656
  const account = JSON.parse(readFileSync20(accountJsonPath, "utf-8"));
14676
14657
  const accountId = account.accountId;
14677
14658
  if (!accountId) return null;
14678
14659
  const cachePath = join15(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
14679
- if (!existsSync22(cachePath)) return null;
14660
+ if (!existsSync21(cachePath)) return null;
14680
14661
  return JSON.parse(readFileSync20(cachePath, "utf-8"));
14681
14662
  } catch {
14682
14663
  return null;
@@ -14686,7 +14667,7 @@ function resolveDefaultSlug() {
14686
14667
  try {
14687
14668
  const configDir2 = join15(homedir2(), BRAND.configDir);
14688
14669
  const accountJsonPath = join15(configDir2, "account.json");
14689
- if (!existsSync22(accountJsonPath)) return null;
14670
+ if (!existsSync21(accountJsonPath)) return null;
14690
14671
  const account = JSON.parse(readFileSync20(accountJsonPath, "utf-8"));
14691
14672
  return account.defaultAgent || null;
14692
14673
  } catch {
@@ -14723,7 +14704,7 @@ function brandedPublicHtml(agentSlug) {
14723
14704
  function escapeHtml(s) {
14724
14705
  return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
14725
14706
  }
14726
- app39.get("/", (c) => {
14707
+ app40.get("/", (c) => {
14727
14708
  const host = (c.req.header("host") ?? "").split(":")[0];
14728
14709
  if (isPublicHost(host)) {
14729
14710
  const defaultSlug = resolveDefaultSlug();
@@ -14731,12 +14712,12 @@ app39.get("/", (c) => {
14731
14712
  }
14732
14713
  return c.html(cachedHtml("index.html"));
14733
14714
  });
14734
- app39.get("/public", (c) => {
14715
+ app40.get("/public", (c) => {
14735
14716
  const host = (c.req.header("host") ?? "").split(":")[0];
14736
14717
  if (isPublicHost(host)) return c.text("Not found", 404);
14737
14718
  return c.html(cachedHtml("public.html"));
14738
14719
  });
14739
- app39.get("/chat", (c) => {
14720
+ app40.get("/chat", (c) => {
14740
14721
  const host = (c.req.header("host") ?? "").split(":")[0];
14741
14722
  if (isPublicHost(host)) return c.text("Not found", 404);
14742
14723
  return c.html(cachedHtml("public.html"));
@@ -14755,9 +14736,9 @@ async function logViewerFetch(c, next) {
14755
14736
  duration_ms: Date.now() - start
14756
14737
  });
14757
14738
  }
14758
- app39.use("/vnc-viewer.html", logViewerFetch);
14759
- app39.use("/vnc-popout.html", logViewerFetch);
14760
- app39.get("/vnc-popout.html", (c) => {
14739
+ app40.use("/vnc-viewer.html", logViewerFetch);
14740
+ app40.use("/vnc-popout.html", logViewerFetch);
14741
+ app40.get("/vnc-popout.html", (c) => {
14761
14742
  let html = htmlCache.get("vnc-popout.html");
14762
14743
  if (!html) {
14763
14744
  html = readFileSync20(resolve23(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -14770,7 +14751,7 @@ app39.get("/vnc-popout.html", (c) => {
14770
14751
  }
14771
14752
  return c.html(html);
14772
14753
  });
14773
- app39.post("/api/vnc/client-event", async (c) => {
14754
+ app40.post("/api/vnc/client-event", async (c) => {
14774
14755
  let body;
14775
14756
  try {
14776
14757
  body = await c.req.json();
@@ -14791,25 +14772,25 @@ app39.post("/api/vnc/client-event", async (c) => {
14791
14772
  });
14792
14773
  return c.json({ ok: true });
14793
14774
  });
14794
- app39.get("/g/:slug", (c) => {
14775
+ app40.get("/g/:slug", (c) => {
14795
14776
  return c.html(brandedPublicHtml());
14796
14777
  });
14797
- app39.get("/graph", (c) => {
14778
+ app40.get("/graph", (c) => {
14798
14779
  const host = (c.req.header("host") ?? "").split(":")[0];
14799
14780
  if (isPublicHost(host)) return c.text("Not found", 404);
14800
14781
  return c.html(cachedHtml("graph.html"));
14801
14782
  });
14802
- app39.get("/sessions", (c) => {
14783
+ app40.get("/sessions", (c) => {
14803
14784
  const host = (c.req.header("host") ?? "").split(":")[0];
14804
14785
  if (isPublicHost(host)) return c.text("Not found", 404);
14805
14786
  return c.html(cachedHtml("sessions.html"));
14806
14787
  });
14807
- app39.get("/data", (c) => {
14788
+ app40.get("/data", (c) => {
14808
14789
  const host = (c.req.header("host") ?? "").split(":")[0];
14809
14790
  if (isPublicHost(host)) return c.text("Not found", 404);
14810
14791
  return c.html(cachedHtml("data.html"));
14811
14792
  });
14812
- app39.get("/:slug", async (c, next) => {
14793
+ app40.get("/:slug", async (c, next) => {
14813
14794
  const slug = c.req.param("slug");
14814
14795
  if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
14815
14796
  const branding = loadBrandingCache(slug);
@@ -14819,15 +14800,15 @@ app39.get("/:slug", async (c, next) => {
14819
14800
  await next();
14820
14801
  });
14821
14802
  if (brandFaviconPath !== "/favicon.ico") {
14822
- app39.get("/favicon.ico", (c) => {
14803
+ app40.get("/favicon.ico", (c) => {
14823
14804
  c.header("Cache-Control", "public, max-age=300");
14824
14805
  return c.redirect(brandFaviconPath, 302);
14825
14806
  });
14826
14807
  }
14827
- app39.use("/*", serveStatic({ root: "./public" }));
14808
+ app40.use("/*", serveStatic({ root: "./public" }));
14828
14809
  var port = requirePortEnv("MAXY_UI_INTERNAL_PORT", { tag: "ui-server" });
14829
14810
  var hostname = process.env.HOSTNAME ?? "127.0.0.1";
14830
- var httpServer = serve({ fetch: app39.fetch, port, hostname });
14811
+ var httpServer = serve({ fetch: app40.fetch, port, hostname });
14831
14812
  console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
14832
14813
  {
14833
14814
  const loopHist = monitorEventLoopDelay({ resolution: 50 });
@@ -14863,7 +14844,7 @@ for (const m of SUBAPP_MANIFEST) {
14863
14844
  }
14864
14845
  try {
14865
14846
  const registered = [];
14866
- for (const r of app39.routes ?? []) {
14847
+ for (const r of app40.routes ?? []) {
14867
14848
  if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
14868
14849
  if (AGENT_SLUG_PATTERN.test(r.path)) {
14869
14850
  registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -14885,7 +14866,7 @@ try {
14885
14866
  }
14886
14867
  (async () => {
14887
14868
  try {
14888
- if (!existsSync22(USERS_FILE)) return;
14869
+ if (!existsSync21(USERS_FILE)) return;
14889
14870
  const usersRaw = readFileSync20(USERS_FILE, "utf-8").trim();
14890
14871
  if (!usersRaw) return;
14891
14872
  const users = JSON.parse(usersRaw);