@rubytech/create-maxy-code 0.1.22 → 0.1.23

package/payload/server/server.js

@@ -650,8 +650,8 @@ var serveStatic = (options = { root: "" }) => {
 };
 
 // server/index.ts
-import { readFileSync as readFileSync22, existsSync as existsSync25, watchFile } from "fs";
-import { resolve as resolve25, join as join13, basename as basename5 } from "path";
+import { readFileSync as readFileSync22, existsSync as existsSync26, watchFile } from "fs";
+import { resolve as resolve25, join as join14, basename as basename5 } from "path";
 import { homedir as homedir5 } from "os";
 
 // app/lib/agent-slug-pattern.ts
@@ -7410,7 +7410,7 @@ app7.get("/group-info", async (c) => {
 var whatsapp_default = app7;
 
 // server/routes/onboarding.ts
-import { spawn, execFileSync as execFileSync2 } from "child_process";
+import { spawn, spawnSync as spawnSync2, execFileSync as execFileSync2 } from "child_process";
 import { openSync, closeSync, writeFileSync as writeFileSync9, writeSync, existsSync as existsSync10, mkdirSync as mkdirSync6, readFileSync as readFileSync13, unlinkSync as unlinkSync2 } from "fs";
 import { resolve as resolve11, dirname as dirname4 } from "path";
 import { createHash, randomUUID as randomUUID6 } from "crypto";
@@ -7705,6 +7705,24 @@ app8.post("/set-pin", async (c) => {
     return c.json({ error: "PIN saved but admin role could not be recorded. See server log." }, 500);
   }
   console.log(`[set-pin] wrote users.json + account.json admins: userId=${userId.slice(0, 8)}\u2026 role=owner`);
+  if (process.platform === "linux") {
+    const smbProc = spawnSync2("sudo", ["-n", "smbpasswd", "-a", "-s", "admin"], {
+      input: `${body.pin}
+${body.pin}
+`,
+      stdio: ["pipe", "pipe", "pipe"],
+      encoding: "utf-8",
+      timeout: 1e4
+    });
+    if (smbProc.status === 0) {
+      console.log(`[set-pin] smb-password-synced userId=${userId.slice(0, 8)}\u2026`);
+    } else {
+      const stderr = (smbProc.stderr ?? "").trim().slice(0, 200);
+      console.error(`[set-pin] smb-password-sync-failed exit=${smbProc.status} stderr=${JSON.stringify(stderr)}`);
+    }
+  } else {
+    console.log(`[set-pin] smb-password-sync-skipped reason=non-linux platform=${process.platform}`);
+  }
   try {
     const adminBind = await writeAdminUserAndPerson({
       userId,
@@ -9447,32 +9465,64 @@ app21.put("/:id/label", requireAdminSession, async (c) => {
 var sessions_default = app21;
 
 // app/lib/claude-agent/onboarding-prompt.ts
-var eligibleForInjection = /* @__PURE__ */ new Set();
+import { mkdirSync as mkdirSync7, rmSync as rmSync2, existsSync as existsSync18, writeFileSync as writeFileSync11 } from "fs";
+import { join as join11 } from "path";
+var TAG19 = "[onboarding-inject]";
+function eligibilityDir() {
+  const override = process.env.MAXY_ONBOARDING_ELIGIBILITY_DIR;
+  if (override && override.length > 0) return override;
+  return join11(MAXY_DIR, "state", "onboarding-injection");
+}
+function markerPath(managerSessionId) {
+  if (managerSessionId.includes("/") || managerSessionId.includes("\\")) {
+    throw new Error(`onboarding-prompt: invalid sessionId ${managerSessionId}`);
+  }
+  return join11(eligibilityDir(), managerSessionId);
+}
 function markEligibleForInjection(managerSessionId) {
-  eligibleForInjection.add(managerSessionId);
+  const dir = eligibilityDir();
+  try {
+    mkdirSync7(dir, { recursive: true });
+    writeFileSync11(markerPath(managerSessionId), "", { flag: "w" });
+    console.log(`${TAG19} mark sessionId=${managerSessionId.slice(0, 8)}`);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG19} mark-failed sessionId=${managerSessionId.slice(0, 8)} reason=${msg}`);
+    throw err;
+  }
 }
 function consumeInjectionSlot(managerSessionId) {
-  return eligibleForInjection.delete(managerSessionId);
+  const path2 = markerPath(managerSessionId);
+  if (!existsSync18(path2)) return false;
+  try {
+    rmSync2(path2, { force: true });
+    console.log(`${TAG19} consume sessionId=${managerSessionId.slice(0, 8)}`);
+    return true;
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG19} consume-rm-failed sessionId=${managerSessionId.slice(0, 8)} reason=${msg}`);
+    return true;
+  }
 }
 async function buildOnboardingPromptBlock(accountId) {
   const step = await loadOnboardingStep(accountId);
   const accountIdShort = accountId.slice(0, 8);
   if (step === null) {
     const block2 = renderUnreachableBlock();
-    console.log(`[onboarding-inject] graph-unreachable accountId=${accountIdShort}`);
+    console.log(`${TAG19} graph-unreachable accountId=${accountIdShort}`);
     return { injected: true, block: block2, step: "graph-unreachable" };
   }
   if (step === 9) {
-    console.log(`[onboarding-inject] agent=admin accountId=${accountIdShort} step=9 injected=false`);
+    console.log(`${TAG19} agent=admin accountId=${accountIdShort} step=9 injected=false`);
     return { injected: false, reason: "complete" };
   }
   if (step === -1) {
     const block2 = renderIncompleteBlock(-1);
-    console.log(`[onboarding-inject] agent=admin accountId=${accountIdShort} step=missing injected=true`);
+    console.log(`${TAG19} agent=admin accountId=${accountIdShort} step=missing injected=true`);
     return { injected: true, block: block2, step: "missing" };
   }
   const block = renderIncompleteBlock(step);
-  console.log(`[onboarding-inject] agent=admin accountId=${accountIdShort} step=${step} injected=true`);
+  console.log(`${TAG19} agent=admin accountId=${accountIdShort} step=${step} injected=true`);
   return { injected: true, block, step };
 }
 function renderIncompleteBlock(currentStep) {
@@ -9495,7 +9545,7 @@ function renderUnreachableBlock() {
 }
 
 // server/routes/admin/claude-sessions.ts
-var TAG19 = "[claude-session-manager:wrapper]";
+var TAG20 = "[claude-session-manager:wrapper]";
 function managerBase() {
   const port2 = Number(process.env.CLAUDE_SESSION_MANAGER_PORT ?? "19400");
   return `http://127.0.0.1:${port2}`;
@@ -9506,7 +9556,7 @@ app22.post("/", async (c) => {
   const cacheKey = c.get("cacheKey") ?? "";
   const senderId = getAccountIdForSession(cacheKey) ?? "";
   if (!senderId) {
-    console.error(`${TAG19} reject reason=no-account-id`);
+    console.error(`${TAG20} reject reason=no-account-id`);
     return c.json({ error: "admin-account-not-resolved" }, 500);
   }
   let body = {};
@@ -9521,7 +9571,7 @@ app22.post("/", async (c) => {
     headers: { "content-type": "application/json" },
     body: JSON.stringify({ senderId, role: "admin", channel })
   }).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=spawn message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=spawn message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9543,14 +9593,14 @@ app22.post("/", async (c) => {
         consumeInjectionSlot(spawnedSessionId);
       }
     } catch (err) {
-      console.error(`${TAG19} initial-message-inject failed: ${err instanceof Error ? err.message : String(err)}`);
+      console.error(`${TAG20} initial-message-inject failed: ${err instanceof Error ? err.message : String(err)}`);
     }
     fetch(`${managerBase()}/${encodeURIComponent(spawnedSessionId)}/input`, {
       method: "POST",
       headers: { "content-type": "application/json" },
       body: outboundBody
     }).catch((err) => {
-      console.error(`${TAG19} fetch-failed op=initial-input message=${err instanceof Error ? err.message : String(err)}`);
+      console.error(`${TAG20} fetch-failed op=initial-input message=${err instanceof Error ? err.message : String(err)}`);
     });
   }
   return new Response(upstream.body, { status: upstream.status, headers: upstream.headers });
@@ -9562,7 +9612,7 @@ app22.get("/", async (c) => {
   const upstream = await fetch(
     `${managerBase()}/list?senderId=${encodeURIComponent(senderId)}`
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=list message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=list message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9592,7 +9642,7 @@ app22.post("/resume", async (c) => {
       claudeSessionId: body.claudeSessionId
     })
   }).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=resume message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=resume message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9605,7 +9655,7 @@ app22.delete("/:sessionId", async (c) => {
     `${managerBase()}/${encodeURIComponent(sessionId)}${purge}`,
     { method: "DELETE" }
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=delete message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=delete message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9622,7 +9672,7 @@ app22.post("/:sessionId/archive", async (c) => {
       body
     }
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=archive message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=archive message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9633,7 +9683,7 @@ app22.get("/:sessionId/meta", async (c) => {
   const upstream = await fetch(
     `${managerBase()}/${encodeURIComponent(sessionId)}/meta`
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=meta message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=meta message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9650,7 +9700,7 @@ app22.patch("/:sessionId", async (c) => {
       body
     }
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=patch message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=patch message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9676,7 +9726,7 @@ app22.post("/:sessionId/input", async (c) => {
           outboundBody = JSON.stringify({ ...parsed, text: outcome.block + parsed.text });
         }
       } catch (err) {
-        console.error(`${TAG19} onboarding-inject failed: ${err instanceof Error ? err.message : String(err)}`);
+        console.error(`${TAG20} onboarding-inject failed: ${err instanceof Error ? err.message : String(err)}`);
       }
     }
   }
@@ -9688,7 +9738,7 @@ app22.post("/:sessionId/input", async (c) => {
       body: outboundBody
     }
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=input message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=input message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9700,7 +9750,7 @@ app22.get("/:sessionId/log", async (c) => {
   const upstream = await fetch(
     `${managerBase()}/${encodeURIComponent(sessionId)}/log${follow}`
   ).catch((err) => {
-    console.error(`${TAG19} fetch-failed op=log message=${err instanceof Error ? err.message : String(err)}`);
+    console.error(`${TAG20} fetch-failed op=log message=${err instanceof Error ? err.message : String(err)}`);
     return null;
   });
   if (!upstream) return c.json({ error: "manager-unreachable" }, 503);
@@ -9816,13 +9866,13 @@ async function cdpNavigateNewTab(url, opts = {}) {
 // server/routes/admin/device-browser.ts
 var app25 = new Hono();
 app25.post("/navigate", async (c) => {
-  const TAG20 = "[device-url:click]";
+  const TAG21 = "[device-url:click]";
   let body;
   try {
     body = await c.req.json();
   } catch (err) {
     const detail = err instanceof Error ? err.message : String(err);
-    console.error(`${TAG20} reject reason=body-not-json detail=${detail} browser=fallback navigateResult=error`);
+    console.error(`${TAG21} reject reason=body-not-json detail=${detail} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "Request body was not valid JSON" },
       400
@@ -9832,7 +9882,7 @@ app25.post("/navigate", async (c) => {
   const intent = typeof body.intent === "string" ? body.intent : "";
   const hostname2 = typeof body.hostname === "string" ? body.hostname : "";
   if (!url) {
-    console.error(`${TAG20} reject reason=missing-url intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`);
+    console.error(`${TAG21} reject reason=missing-url intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "url field is required" },
       400
@@ -9842,7 +9892,7 @@ app25.post("/navigate", async (c) => {
   try {
     parsed = new URL(url);
   } catch {
-    console.error(`${TAG20} reject reason=url-malformed intent=${JSON.stringify(intent)} url=${url} browser=fallback navigateResult=error`);
+    console.error(`${TAG21} reject reason=url-malformed intent=${JSON.stringify(intent)} url=${url} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "url is not a valid URL" },
       400
@@ -9850,7 +9900,7 @@ app25.post("/navigate", async (c) => {
   }
   if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
     console.error(
-      `${TAG20} reject reason=scheme-not-allowed scheme=${parsed.protocol} intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`
+      `${TAG21} reject reason=scheme-not-allowed scheme=${parsed.protocol} intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`
     );
     return c.json(
       {
@@ -9866,7 +9916,7 @@ app25.post("/navigate", async (c) => {
   const cdpOk = await ensureCdp(transport);
   if (!cdpOk) {
     console.error(
-      `${TAG20} intent=${JSON.stringify(intent)} browser=fallback navigateResult=cdp-unreachable hostname=${JSON.stringify(hostname2)}`
+      `${TAG21} intent=${JSON.stringify(intent)} browser=fallback navigateResult=cdp-unreachable hostname=${JSON.stringify(hostname2)}`
     );
     return c.json(
       {
@@ -9882,7 +9932,7 @@ app25.post("/navigate", async (c) => {
   const browser = outcome.result === "ok" ? "vnc" : "fallback";
   const detailStr = outcome.detail ? ` detail=${JSON.stringify(outcome.detail.length > 230 ? outcome.detail.slice(0, 227) + "..." : outcome.detail)}` : "";
   console.error(
-    `${TAG20} intent=${JSON.stringify(intent)} browser=${browser} navigateResult=${outcome.result} hostname=${JSON.stringify(hostname2)} targetId=${outcome.targetId ?? "none"}${detailStr}`
+    `${TAG21} intent=${JSON.stringify(intent)} browser=${browser} navigateResult=${outcome.result} hostname=${JSON.stringify(hostname2)} targetId=${outcome.targetId ?? "none"}${detailStr}`
   );
   if (outcome.result !== "ok") {
     return c.json(
@@ -9913,18 +9963,18 @@ var ALLOWED_EVENTS2 = /* @__PURE__ */ new Set([
 ]);
 var app26 = new Hono();
 app26.post("/", async (c) => {
-  const TAG20 = "[admin:events]";
+  const TAG21 = "[admin:events]";
   let body;
   try {
     body = await c.req.json();
   } catch (err) {
     const detail = err instanceof Error ? err.message : String(err);
-    console.error(`${TAG20} reject reason=body-not-json detail=${detail}`);
+    console.error(`${TAG21} reject reason=body-not-json detail=${detail}`);
     return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
   }
   const event = typeof body.event === "string" ? body.event : "";
   if (!ALLOWED_EVENTS2.has(event)) {
-    console.error(`${TAG20} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
+    console.error(`${TAG21} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
     return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
   }
   const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
@@ -9964,12 +10014,12 @@ function isValidDomain(value) {
 }
 
 // app/lib/alias-domains.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync7, readFileSync as readFileSync17, writeFileSync as writeFileSync11 } from "fs";
+import { existsSync as existsSync19, mkdirSync as mkdirSync8, readFileSync as readFileSync17, writeFileSync as writeFileSync12 } from "fs";
 import { dirname as dirname5 } from "path";
 import { resolve as resolve15 } from "path";
 var ALIAS_DOMAINS_PATH = resolve15(MAXY_DIR, "alias-domains.json");
 function readExisting() {
-  if (!existsSync18(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
+  if (!existsSync19(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
   try {
     const parsed = JSON.parse(readFileSync17(ALIAS_DOMAINS_PATH, "utf-8"));
     if (!Array.isArray(parsed)) return /* @__PURE__ */ new Set();
@@ -9982,13 +10032,13 @@ function addAliasDomain(hostname2) {
   const existing = readExisting();
   if (existing.has(hostname2)) return;
   existing.add(hostname2);
-  mkdirSync7(dirname5(ALIAS_DOMAINS_PATH), { recursive: true });
-  writeFileSync11(ALIAS_DOMAINS_PATH, JSON.stringify([...existing], null, 2) + "\n", "utf-8");
+  mkdirSync8(dirname5(ALIAS_DOMAINS_PATH), { recursive: true });
+  writeFileSync12(ALIAS_DOMAINS_PATH, JSON.stringify([...existing], null, 2) + "\n", "utf-8");
 }
 
 // app/lib/script-stream-tailer.ts
 import * as childProcess from "child_process";
-import { appendFileSync as appendFileSync3, createReadStream as createReadStream2, mkdirSync as mkdirSync8, statSync as statSync6 } from "fs";
+import { appendFileSync as appendFileSync3, createReadStream as createReadStream2, mkdirSync as mkdirSync9, statSync as statSync6 } from "fs";
 import { dirname as dirname6 } from "path";
 import { StringDecoder } from "string_decoder";
 var SCRIPT_STREAM_RE = /^\[([^\]]+)\] \[script:([a-z][a-z0-9-]*)((?::[a-z0-9:_-]+)?)\] (.*)$/;
@@ -10098,7 +10148,7 @@ function writeRouteMilestone(streamLogPath, scope, line) {
   }
   const ts = (/* @__PURE__ */ new Date()).toISOString();
   try {
-    mkdirSync8(dirname6(streamLogPath), { recursive: true });
+    mkdirSync9(dirname6(streamLogPath), { recursive: true });
     appendFileSync3(streamLogPath, `[${ts}] [script:${scope}] ${line}
 `);
   } catch (err) {
@@ -10488,8 +10538,8 @@ app27.get("/tunnels", requireAdminSession, async (c) => {
   if (!correlationId) return err("session", "No active conversation for session \u2014 refresh chat.");
   streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
   const certPath = resolve16(homedir4(), brand.configDir, "cloudflared", "cert.pem");
-  const { existsSync: existsSync26 } = await import("fs");
-  if (!existsSync26(certPath)) {
+  const { existsSync: existsSync27 } = await import("fs");
+  if (!existsSync27(certPath)) {
     return err("cert", `Cloudflare origin certificate is not on disk yet (${certPath}). Complete the Cloudflare login first by submitting the form once \u2014 the OAuth flow writes cert.pem.`);
   }
   const result = await runFormSpawn({
@@ -10813,7 +10863,7 @@ var cloudflare_default = app27;
 import { createReadStream as createReadStream3 } from "fs";
 import { readdir as readdir2, readFile as readFile4, stat as stat4, mkdir as mkdir3, writeFile as writeFile4, unlink as unlink2 } from "fs/promises";
 import { realpathSync as realpathSync4 } from "fs";
-import { basename as basename4, dirname as dirname7, join as join11, resolve as resolve18, sep as sep3 } from "path";
+import { basename as basename4, dirname as dirname7, join as join12, resolve as resolve18, sep as sep3 } from "path";
 import { Readable as Readable2 } from "stream";
 
 // app/lib/data-path.ts
@@ -11171,7 +11221,7 @@ async function cascadeDeleteDocument(params) {
 var UUID_RE7 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 async function readMeta(absDir, baseName) {
   try {
-    const raw = await readFile4(join11(absDir, `${baseName}.meta.json`), "utf8");
+    const raw = await readFile4(join12(absDir, `${baseName}.meta.json`), "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed?.filename === "string") {
       return { filename: parsed.filename, mimeType: typeof parsed.mimeType === "string" ? parsed.mimeType : void 0 };
@@ -11209,7 +11259,7 @@ async function readAccountNames() {
 }
 async function enrich(absolute, entry, accountNames) {
   if (entry.kind === "directory" && UUID_RE7.test(entry.name)) {
-    const meta = await readMeta(join11(absolute, entry.name), entry.name);
+    const meta = await readMeta(join12(absolute, entry.name), entry.name);
     if (meta?.filename) {
       entry.displayName = meta.filename;
       entry.mimeType = meta.mimeType;
@@ -11268,7 +11318,7 @@ app28.get("/", requireAdminSession, async (c) => {
         continue;
       }
       try {
-        const entryPath = join11(absolute, name);
+        const entryPath = join12(absolute, name);
         const s = await stat4(entryPath);
         entries.push({
           name,
@@ -11441,7 +11491,7 @@ app28.delete("/", requireAdminSession, async (c) => {
     }
     const dot = base.lastIndexOf(".");
     const stem = dot === -1 ? base : base.slice(0, dot);
-    const sidecarPath = UUID_RE7.test(stem) && base !== `${stem}.meta.json` ? join11(dirname7(absolute), `${stem}.meta.json`) : null;
+    const sidecarPath = UUID_RE7.test(stem) && base !== `${stem}.meta.json` ? join12(dirname7(absolute), `${stem}.meta.json`) : null;
     await unlink2(absolute);
     if (sidecarPath) {
       try {
@@ -13107,7 +13157,7 @@ var file_attach_default = app35;
 import neo4j3 from "neo4j-driver";
 import { readFile as readFile5, readdir as readdir3, stat as stat5 } from "fs/promises";
 import { resolve as resolve19, relative as relative2, isAbsolute } from "path";
-import { existsSync as existsSync19 } from "fs";
+import { existsSync as existsSync20 } from "fs";
 var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
@@ -13255,7 +13305,7 @@ async function fetchAgentTemplateRows(accountDir) {
 async function unionSpecialistFilenames(overrideDir, bundledDir) {
   const names = /* @__PURE__ */ new Set();
   for (const dir of [overrideDir, bundledDir]) {
-    if (!existsSync19(dir)) continue;
+    if (!existsSync20(dir)) continue;
     try {
       const entries = await readdir3(dir);
       for (const entry of entries) {
@@ -13270,7 +13320,7 @@ async function unionSpecialistFilenames(overrideDir, bundledDir) {
 }
 async function readAgentTemplateRow(inp) {
   let chosenPath = null;
-  if (existsSync19(inp.overridePath)) {
+  if (existsSync20(inp.overridePath)) {
     try {
       validateFilePathInAccount(inp.overridePath, inp.overrideRoot);
       chosenPath = inp.overridePath;
@@ -13281,7 +13331,7 @@ async function readAgentTemplateRow(inp) {
       );
       return null;
     }
-  } else if (existsSync19(inp.bundledPath)) {
+  } else if (existsSync20(inp.bundledPath)) {
     if (!isWithin(inp.bundledPath, inp.bundledRoot)) {
       console.error(
         `[admin/sidebar-artefacts] agent-template-read-failed agent=${inp.displayName} kind=${inp.logName} error="bundled path outside PLATFORM_ROOT"`
@@ -13323,7 +13373,7 @@ var sidebar_artefacts_default = app36;
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir4, readdir as readdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve20 } from "path";
-import { existsSync as existsSync20 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
 var UUID_RE8 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app37 = new Hono();
@@ -13391,7 +13441,7 @@ async function resolveSavePath(id, accountId, accountDir) {
   }
   if (UUID_RE8.test(id)) {
     const dir = resolve20(ATTACHMENTS_ROOT, accountId, id);
-    if (!existsSync20(dir)) {
+    if (!existsSync21(dir)) {
       const attShort = id.slice(0, 8);
       if (isHealPending(accountId, id)) {
         console.error(`[admin/sidebar-artefact-save] heal-race attachmentId=${attShort} outcome=503-retry source=heal-pending`);
@@ -13443,7 +13493,7 @@ var sidebar_artefact_save_default = app37;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile6, readdir as readdir5 } from "fs/promises";
-import { existsSync as existsSync21 } from "fs";
+import { existsSync as existsSync22 } from "fs";
 import { resolve as resolve21 } from "path";
 var UUID_RE9 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app38 = new Hono();
@@ -13457,7 +13507,7 @@ app38.get("/", requireAdminSession, async (c) => {
     return new Response("Not found", { status: 404 });
   }
   const dir = resolve21(ATTACHMENTS_ROOT, accountId, id);
-  if (!existsSync21(dir)) {
+  if (!existsSync22(dir)) {
     console.error(`[admin/sidebar-artefact-content] not-found id=${id.slice(0, 8)}`);
     return new Response("Not found", { status: 404 });
   }
@@ -13491,12 +13541,12 @@ app38.get("/", requireAdminSession, async (c) => {
 var sidebar_artefact_content_default = app38;
 
 // server/routes/admin/health.ts
-import { existsSync as existsSync22, readFileSync as readFileSync19 } from "fs";
-import { resolve as resolve22, join as join12 } from "path";
+import { existsSync as existsSync23, readFileSync as readFileSync19 } from "fs";
+import { resolve as resolve22, join as join13 } from "path";
 var PLATFORM_ROOT8 = process.env.MAXY_PLATFORM_ROOT ?? resolve22(process.cwd(), "..");
 var brandHostname = "maxy";
-var brandJsonPath = join12(PLATFORM_ROOT8, "config", "brand.json");
-if (existsSync22(brandJsonPath)) {
+var brandJsonPath = join13(PLATFORM_ROOT8, "config", "brand.json");
+if (existsSync23(brandJsonPath)) {
   try {
     const brand = JSON.parse(readFileSync19(brandJsonPath, "utf-8"));
     if (brand.hostname) brandHostname = brand.hostname;
@@ -13507,7 +13557,7 @@ var VERSION_FILE = resolve22(PLATFORM_ROOT8, `config/.${brandHostname}-version`)
 var PROCESS_STARTED_AT = (/* @__PURE__ */ new Date()).toISOString();
 var PROBE_TIMEOUT_MS = 1e3;
 function readVersion() {
-  if (!existsSync22(VERSION_FILE)) return "unknown";
+  if (!existsSync23(VERSION_FILE)) return "unknown";
   return readFileSync19(VERSION_FILE, "utf-8").trim() || "unknown";
 }
 async function probeConversationDb() {
@@ -13593,7 +13643,7 @@ app40.route("/health-brand", health_default2);
 var admin_default = app40;
 
 // server/routes/sites.ts
-import { existsSync as existsSync23, readFileSync as readFileSync20, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
+import { existsSync as existsSync24, readFileSync as readFileSync20, realpathSync as realpathSync5, statSync as statSync7 } from "fs";
 import { resolve as resolve23 } from "path";
 var SAFE_SEG_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var MIME = {
@@ -13659,7 +13709,7 @@ app41.get("/:rel{.*}", (c) => {
   }
   let stat7;
   try {
-    stat7 = existsSync23(filePath) ? statSync7(filePath) : null;
+    stat7 = existsSync24(filePath) ? statSync7(filePath) : null;
   } catch {
     stat7 = null;
   }
@@ -13678,7 +13728,7 @@ app41.get("/:rel{.*}", (c) => {
     console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync23(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[sites] not-found path=${reqPath} status=404`);
     return c.text("Not found", 404);
   }
@@ -13814,7 +13864,7 @@ function startGraphHealthTimer() {
 
 // ../lib/entitlement/src/index.ts
 import { createPublicKey, createHash as createHash3, verify as cryptoVerify } from "crypto";
-import { existsSync as existsSync24, readFileSync as readFileSync21, statSync as statSync8 } from "fs";
+import { existsSync as existsSync25, readFileSync as readFileSync21, statSync as statSync8 } from "fs";
 import { resolve as resolve24 } from "path";
 
 // ../lib/entitlement/src/canonicalize.ts
@@ -13863,7 +13913,7 @@ function resolveEntitlement(brand, account) {
     return logResolved(implicitTrust(account), null);
   }
   const entitlementPath = resolve24(brand.configDir, "entitlement.json");
-  if (!existsSync24(entitlementPath)) {
+  if (!existsSync25(entitlementPath)) {
     return logResolved(anonymousFallback("missing"), { reason: "missing" });
   }
   const stat7 = statSync8(entitlementPath);
@@ -14053,12 +14103,12 @@ function clientFrom(c) {
   );
 }
 var PLATFORM_ROOT9 = process.env.MAXY_PLATFORM_ROOT || "";
-var BRAND_JSON_PATH = PLATFORM_ROOT9 ? join13(PLATFORM_ROOT9, "config", "brand.json") : "";
+var BRAND_JSON_PATH = PLATFORM_ROOT9 ? join14(PLATFORM_ROOT9, "config", "brand.json") : "";
 var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", domain: "getmaxy.com" };
-if (BRAND_JSON_PATH && !existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && !existsSync26(BRAND_JSON_PATH)) {
   console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
 }
-if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync26(BRAND_JSON_PATH)) {
   try {
     const parsed = JSON.parse(readFileSync22(BRAND_JSON_PATH, "utf-8"));
     BRAND = { ...BRAND, ...parsed };
@@ -14079,10 +14129,10 @@ var brandLoginOpts = {
   bodyFont: BRAND.defaultFonts?.body,
   logoContainsName: !!BRAND.logoContainsName
 };
-var ALIAS_DOMAINS_PATH2 = join13(homedir5(), BRAND.configDir, "alias-domains.json");
+var ALIAS_DOMAINS_PATH2 = join14(homedir5(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync25(ALIAS_DOMAINS_PATH2)) return null;
+    if (!existsSync26(ALIAS_DOMAINS_PATH2)) return null;
     const parsed = JSON.parse(readFileSync22(ALIAS_DOMAINS_PATH2, "utf-8"));
     if (!Array.isArray(parsed)) {
       console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
@@ -14463,7 +14513,7 @@ app42.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync25(filePath)) {
+  if (!existsSync26(filePath)) {
     console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
     return c.text("Not found", 404);
   }
@@ -14493,7 +14543,7 @@ app42.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync25(filePath)) {
+  if (!existsSync26(filePath)) {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
@@ -14510,7 +14560,7 @@ app42.route("/sites", sites_default);
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
-if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync26(BRAND_JSON_PATH)) {
   try {
     const fullBrand = JSON.parse(readFileSync22(BRAND_JSON_PATH, "utf-8"));
     if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
@@ -14529,8 +14579,8 @@ var brandScript = `<script>window.__BRAND__=${JSON.stringify({
 function readInstalledVersion() {
   try {
     if (!PLATFORM_ROOT9) return "unknown";
-    const versionFile = join13(PLATFORM_ROOT9, "config", `.${BRAND.hostname}-version`);
-    if (!existsSync25(versionFile)) return "unknown";
+    const versionFile = join14(PLATFORM_ROOT9, "config", `.${BRAND.hostname}-version`);
+    if (!existsSync26(versionFile)) return "unknown";
     const content = readFileSync22(versionFile, "utf-8").trim();
     return content || "unknown";
   } catch {
@@ -14588,15 +14638,15 @@ ${clientErrorReporterScript}
 }
 var brandedHtmlCache = /* @__PURE__ */ new Map();
 function loadBrandingCache(agentSlug) {
-  const configDir2 = join13(homedir5(), BRAND.configDir);
+  const configDir2 = join14(homedir5(), BRAND.configDir);
   try {
-    const accountJsonPath = join13(configDir2, "account.json");
-    if (!existsSync25(accountJsonPath)) return null;
+    const accountJsonPath = join14(configDir2, "account.json");
+    if (!existsSync26(accountJsonPath)) return null;
     const account = JSON.parse(readFileSync22(accountJsonPath, "utf-8"));
     const accountId = account.accountId;
     if (!accountId) return null;
-    const cachePath = join13(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
-    if (!existsSync25(cachePath)) return null;
+    const cachePath = join14(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
+    if (!existsSync26(cachePath)) return null;
     return JSON.parse(readFileSync22(cachePath, "utf-8"));
   } catch {
     return null;
@@ -14604,9 +14654,9 @@ function loadBrandingCache(agentSlug) {
 }
 function resolveDefaultSlug() {
   try {
-    const configDir2 = join13(homedir5(), BRAND.configDir);
-    const accountJsonPath = join13(configDir2, "account.json");
-    if (!existsSync25(accountJsonPath)) return null;
+    const configDir2 = join14(homedir5(), BRAND.configDir);
+    const accountJsonPath = join14(configDir2, "account.json");
+    if (!existsSync26(accountJsonPath)) return null;
     const account = JSON.parse(readFileSync22(accountJsonPath, "utf-8"));
     return account.defaultAgent || null;
   } catch {
@@ -14790,7 +14840,7 @@ try {
 }
 (async () => {
   try {
-    if (!existsSync25(USERS_FILE)) return;
+    if (!existsSync26(USERS_FILE)) return;
     const usersRaw = readFileSync22(USERS_FILE, "utf-8").trim();
     if (!usersRaw) return;
     const users = JSON.parse(usersRaw);
@@ -14917,7 +14967,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve25(process.env.MAXY_PLATFORM_ROOT ?? join13(__dirname, "..")),
+  platformRoot: resolve25(process.env.MAXY_PLATFORM_ROOT ?? join14(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {