@rubytech/create-maxy-code 0.1.228 → 0.1.230
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/payload/platform/plugins/admin/mcp/dist/index.js +9 -20
- package/payload/platform/plugins/admin/mcp/dist/index.js.map +1 -1
- package/payload/platform/plugins/admin/skills/platform-architecture/SKILL.md +33 -1
- package/payload/platform/plugins/admin/skills/qr-code/SKILL.md +6 -5
- package/payload/platform/plugins/admin/skills/qr-code/references/data-formats.md +2 -2
- package/payload/platform/plugins/admin/skills/unzip-attachment/SKILL.md +1 -1
- package/payload/platform/plugins/cloudflare/references/dashboard-guide.md +28 -0
- package/payload/platform/plugins/cloudflare/references/serving-published-sites.md +73 -0
- package/payload/platform/plugins/cloudflare/skills/setup-tunnel/SKILL.md +1 -1
- package/payload/platform/plugins/docs/references/troubleshooting.md +32 -0
- package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.js +29 -4
- package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.js +5 -2
- package/payload/platform/services/claude-session-manager/dist/rc-daemon.js.map +1 -1
- package/payload/server/public/assets/AdminShell-D_eg2QKE.js +1 -0
- package/payload/server/public/assets/{admin-CE1Dy8-O.js → admin-BKawc0eQ.js} +1 -1
- package/payload/server/public/assets/data-JoiWCmz6.js +1 -0
- package/payload/server/public/assets/graph-DmOvqjTa.js +51 -0
- package/payload/server/public/data.html +2 -2
- package/payload/server/public/graph.html +2 -2
- package/payload/server/public/index.html +2 -2
- package/payload/server/public/assets/AdminShell-BHSiRGiE.js +0 -1
- package/payload/server/public/assets/data-CKk52rib.js +0 -1
- package/payload/server/public/assets/graph-TuzretIr.js +0 -51
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: platform-architecture
|
|
3
3
|
description: Use when grounding any documented-surface claim about what Maxy ships — plugins, skills, specialists, install/deploy flows, internals. This is the install catalogue, not evidence of what is enabled on the current account. For install state on this account, call `capabilities-here`; for documented surface, cite the `Source:` URL inline.
|
|
4
|
-
content-hash: sha256:
|
|
4
|
+
content-hash: sha256:7ccf57afeb67e23745bc86265d7a65790fd4fc6cba0a659a8fb6ee3f69027e6d
|
|
5
5
|
brand: maxy-code
|
|
6
6
|
product-name: Maxy
|
|
7
7
|
---
|
|
@@ -3563,6 +3563,38 @@ Source: https://docs.getmaxy.com/troubleshooting.md
|
|
|
3563
3563
|
|
|
3564
3564
|
**Diagnose if it ever recurs:** run `bash platform/scripts/__tests__/first-token-creates-stream-log.test.sh` from the install. Pass = invariant holds; any other exit = the writer-side existence contract is broken and one `[log-tee] missing-on-resolve sessionKey=<8> surface=<…>` line on `server.log` is the operator-visible signal (P0). For the duplicate-file class specifically (the 2026-05-14 recurrence trigger), `bash platform/scripts/log-adherence-check.sh` returns non-zero whenever any sessionKey has more than one `claude-agent-stream-<sk>.log` across account dirs.
|
|
3565
3565
|
|
|
3566
|
+
## Retrieving evidence from an rc-spawn session
|
|
3567
|
+
|
|
3568
|
+
rc-spawn sessions (those started via the sidebar or the `claude rc --spawn` daemon) do not write a per-account stream log under `data/accounts/<id>/logs/`. Their evidence is the Claude Code JSONL transcript in the configDir:
|
|
3569
|
+
|
|
3570
|
+
```
|
|
3571
|
+
<CLAUDE_CONFIG_DIR>/projects/<slug>/<uuid>.jsonl # parent session
|
|
3572
|
+
<…>/projects/<slug>/<uuid>.meta.json # bridgeIds persistent map
|
|
3573
|
+
<…>/projects/<slug>/<uuid>/subagents/agent-<hex>.jsonl # each subagent
|
|
3574
|
+
<…>/projects/<slug>/<uuid>/subagents/agent-<hex>.meta.json # {"agentType",…}
|
|
3575
|
+
```
|
|
3576
|
+
|
|
3577
|
+
**Retrieve a session's merged timeline:** `logs-read.sh <key>` with a bare key (no second argument) maps the key to the local `<uuid>` and prints one timestamp-ordered timeline merging the parent transcript with every subagent transcript. The key is resolved in order: a matching `<uuid>.jsonl` on disk; a `sessions/<pid>.json` whose `bridgeSessionId` matches; a `<uuid>.meta.json` whose `bridgeIds` carries the suffix (persistent — survives PID-file cleanup on clean exit); and finally a content scan of the top-level transcripts as last resort. Any accepted key form works: the `claude.ai` `session_<id>`, its bare suffix, or the `<uuid>` (or a unique uuid prefix).
|
|
3578
|
+
|
|
3579
|
+
Every subagent `is_error` tool_result is flagged inline as `‼ SUBAGENT ERROR` with the agent type, the failing tool, and the error text. The parent session's own tool errors appear as `‼ tool error`. The two are never conflated.
|
|
3580
|
+
|
|
3581
|
+
**Audit all silently-failed subagents:** `logs-read.sh --scan-subagent-errors [N]` walks every `subagents/agent-*.jsonl` under the configDir and lists each one carrying an `is_error` result — agent type, parent session, failing tool, error text. Optional `N` limits the scan to the `N` most-recently-modified transcripts. Use this when a delivery failure was reported but no reproduction is available.
|
|
3582
|
+
|
|
3583
|
+
**Quick recipes:**
|
|
3584
|
+
|
|
3585
|
+
```bash
|
|
3586
|
+
# A session's merged parent+subagent timeline (subagent errors flagged inline)
|
|
3587
|
+
~/maxy-code/platform/scripts/logs-read.sh session_<id>
|
|
3588
|
+
|
|
3589
|
+
# Standing audit: every subagent transcript that failed silently
|
|
3590
|
+
~/maxy-code/platform/scripts/logs-read.sh --scan-subagent-errors
|
|
3591
|
+
|
|
3592
|
+
# Limit audit to the 50 most-recent transcripts
|
|
3593
|
+
~/maxy-code/platform/scripts/logs-read.sh --scan-subagent-errors 50
|
|
3594
|
+
```
|
|
3595
|
+
|
|
3596
|
+
Note: passing an explicit second argument (e.g. `logs-read.sh <key> agent-stream`) still reads the legacy per-account stream log — the bare-key JSONL path is the default when no type is given.
|
|
3597
|
+
|
|
3566
3598
|
## A JavaScript-rendered page comes back empty from WebFetch or `url-get`
|
|
3567
3599
|
|
|
3568
3600
|
**Symptom:** A page that needs JavaScript to show its content returns empty or a shell document from `WebFetch` (summary) or `url-get` (verbatim, server-rendered).
|
|
@@ -2,13 +2,14 @@
|
|
|
2
2
|
name: qr-code
|
|
3
3
|
description: >
|
|
4
4
|
Generate QR codes from URLs, Wi-Fi credentials, contacts (vCard), email/SMS links,
|
|
5
|
-
or plain text
|
|
6
|
-
QR", "create a QR", "make a QR code for",
|
|
5
|
+
or plain text. Writes the PNG under output/qr/ and tells the operator its path.
|
|
6
|
+
Trigger phrases: "QR code", "generate a QR", "create a QR", "make a QR code for",
|
|
7
|
+
or any request to share data as a scannable code.
|
|
7
8
|
---
|
|
8
9
|
|
|
9
10
|
# QR Code Generation
|
|
10
11
|
|
|
11
|
-
Generate QR codes from user-provided data and deliver
|
|
12
|
+
Generate QR codes from user-provided data and deliver by stating the file path.
|
|
12
13
|
|
|
13
14
|
## When to Activate
|
|
14
15
|
|
|
@@ -20,9 +21,9 @@ Generate QR codes from user-provided data and deliver the resulting image inline
|
|
|
20
21
|
|
|
21
22
|
Infer the data type from the user's input. For structured types (Wi-Fi, vCard), collect any missing fields conversationally and confirm the structured data before encoding. For simple types (URL, plain text, email, SMS), encode directly.
|
|
22
23
|
|
|
23
|
-
Generate the QR image by
|
|
24
|
+
Generate the QR image by calling the `qr-generate` tool with the encoded data string as the `data` parameter. The tool writes the PNG under `output/qr/` and returns the path. Tell the operator the path so they can retrieve it from the Artefacts panel or file share.
|
|
24
25
|
|
|
25
|
-
If the
|
|
26
|
+
If the tool returns an error, report the message to the user and suggest corrections (e.g., data too long, invalid format).
|
|
26
27
|
|
|
27
28
|
## Boundaries
|
|
28
29
|
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
Always pipe data via stdin to avoid shell injection. Never interpolate user data into the command string.
|
|
6
6
|
|
|
7
7
|
```bash
|
|
8
|
-
printf '%s' 'ENCODED_DATA' | npx -y qrcode -o /
|
|
8
|
+
printf '%s' 'ENCODED_DATA' | npx -y qrcode -o output/qr/qr-$(date +%s).png
|
|
9
9
|
```
|
|
10
10
|
|
|
11
11
|
### Options
|
|
@@ -14,7 +14,7 @@ printf '%s' 'ENCODED_DATA' | npx -y qrcode -o /tmp/qr-$(date +%s).png
|
|
|
14
14
|
|--------|------|--------|
|
|
15
15
|
| Size | `--width` | Small: 200, Medium: 400 (default), Large: 800 |
|
|
16
16
|
| Error correction | `--error-correction-level` | L (7%), M (15%, default), Q (25%), H (30%) |
|
|
17
|
-
| SVG output | `--type svg -o /
|
|
17
|
+
| SVG output | `--type svg -o output/qr/qr-$(date +%s).svg` | Use instead of PNG when user requests SVG |
|
|
18
18
|
|
|
19
19
|
Higher error correction allows the QR code to remain scannable even if partially damaged, but reduces data capacity.
|
|
20
20
|
|
|
@@ -49,7 +49,7 @@ See [references/safety.md](references/safety.md) for the precise shell commands,
|
|
|
49
49
|
6. **Emit the done log line** — `[skill:unzip] done attachmentId=<uuid> entries=<n> uncompressed=<bytes>`.
|
|
50
50
|
7. **Inventory + propose.** Reply to the operator with: top-level entries (first-level subdirectories and top-level files, up to ~20), total file count, total uncompressed bytes. For each entry class, propose **one** concrete follow-up:
|
|
51
51
|
- `.md`, `.txt` → "ingest into memory via `memory-ingest`?"
|
|
52
|
-
- `.png`, `.jpg`, `.pdf` → "
|
|
52
|
+
- `.png`, `.jpg`, `.pdf` → "state their location under `extracted/<attachmentId>/` — the operator retrieves them from the Artefacts panel or file share."
|
|
53
53
|
- unknown / binary / source → list only. No proposal.
|
|
54
54
|
|
|
55
55
|
On any refusal step the operator gets the refusal message verbatim, no re-try, no silent substitution — per the loud-failure protocol in IDENTITY.md.
|
|
@@ -140,6 +140,34 @@ opens an SSH prompt to the Pi.
|
|
|
140
140
|
|
|
141
141
|
---
|
|
142
142
|
|
|
143
|
+
## Create a URL Rewrite Rule
|
|
144
|
+
|
|
145
|
+
A URL Rewrite Rule silently rewrites the path the origin server receives without changing the URL the visitor sees in their browser. Use this when you want a custom domain root (e.g. `getmaxy.com/`) to serve a path that lives elsewhere on the origin (e.g. `/sites/getmaxy/`) without redirecting the visitor.
|
|
146
|
+
|
|
147
|
+
This is **not** the same as a Page Rule redirect. Page Rules issue a visible 301/302 to the browser; a Rewrite Rule changes only what the origin receives, transparently.
|
|
148
|
+
|
|
149
|
+
1. Click **Websites** in the sidebar, then click the zone.
|
|
150
|
+
2. Click **Rules** in the left-hand sidebar, then **Overview**.
|
|
151
|
+
3. Click **Create rule**, then select **URL Rewrite Rule**.
|
|
152
|
+
Alternatively, click **Create from template** and choose **"Rewrite path of moved section"** for a pre-filled starting point.
|
|
153
|
+
4. Enter a descriptive **Rule name** (e.g. `getmaxy apex → marketing site`).
|
|
154
|
+
5. Under **If incoming requests match**, select **Custom filter expression** and enter the expression. For a match on bare domain and www:
|
|
155
|
+
```
|
|
156
|
+
(http.host eq "example.com") or (http.host eq "www.example.com")
|
|
157
|
+
```
|
|
158
|
+
6. Under **Then**, set **Path** → **Rewrite to** → **Dynamic** and enter the expression:
|
|
159
|
+
```
|
|
160
|
+
concat("/sites/mysite", http.request.uri.path)
|
|
161
|
+
```
|
|
162
|
+
Leave **Query string** on **Preserve** (unchanged).
|
|
163
|
+
7. Click **Deploy**.
|
|
164
|
+
|
|
165
|
+
No server restart is needed. Verify with `curl -s https://<domain>/ | head` — the response should be the site's HTML, not the agent SPA `<div id="root">`.
|
|
166
|
+
|
|
167
|
+
**When the zone cert misroutes:** if `cloudflared tunnel route dns` is run for a hostname in a zone the cert was not authorised for at `tunnel login`, it silently creates a record in the wrong zone (appends the cert's zone as a suffix). Check the emitted record name in the command output; if it has an unexpected suffix, delete the stray record via `DNS → Records` and create the CNAME manually in the correct zone instead.
|
|
168
|
+
|
|
169
|
+
---
|
|
170
|
+
|
|
143
171
|
## Where tunnels live in the dashboard (as of 2026-04)
|
|
144
172
|
|
|
145
173
|
Tunnels are under **Zero Trust** → **Networks** → **Tunnels**. This is not in the top-level sidebar — it is under the Zero Trust sub-dashboard, which itself appears in the main sidebar. Cloudflare has moved this location in the past. If **Networks** → **Tunnels** is not visible under Zero Trust, the label has likely been renamed; look for "Tunnels" under Networks or Access.
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
# Serving a published static site at a custom domain — recipe + known gaps
|
|
2
|
+
|
|
3
|
+
Notes captured 2026-06-01 during the getmaxy.com apex setup. The existing runbook
|
|
4
|
+
(`manual-setup.md`) covers getting a hostname to *reach* the server, but not the
|
|
5
|
+
application-layer step of making that hostname *serve a published site at its root*.
|
|
6
|
+
These are the gaps that cost time, and the recipe that works.
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## Gap 1 — an alias hostname serves the PUBLIC-AGENT SPA at `/`, not a published site
|
|
11
|
+
|
|
12
|
+
Adding a hostname to `alias-domains.json` (so `isPublicHost()` is true) makes the
|
|
13
|
+
platform serve the **public chat-agent landing** (`brandedPublicHtml`) at `/`. It does
|
|
14
|
+
**not** serve a published static site. Published sites live at `/sites/<slug>/` and are
|
|
15
|
+
reachable under any alias host at that path, but the bare root always renders the agent SPA.
|
|
16
|
+
|
|
17
|
+
There is **no per-domain → landing-site mapping** in the platform. `resolveDefaultSlug()`
|
|
18
|
+
reads `account.defaultAgent` (a chat agent), never a site slug. Confirmed by reading
|
|
19
|
+
`server/server.js` `app41.get("/")` and the `/sites` route.
|
|
20
|
+
|
|
21
|
+
**Implication:** "point getmaxy.com at the getmaxy site" is two jobs, not one:
|
|
22
|
+
1. Routing (DNS + tunnel ingress + alias-domains) — gets the host to the server.
|
|
23
|
+
2. Root-serving (below) — makes `/` render the site instead of the agent SPA.
|
|
24
|
+
|
|
25
|
+
State this split to the operator up front. Do not imply step 1 alone will show the site.
|
|
26
|
+
|
|
27
|
+
---
|
|
28
|
+
|
|
29
|
+
## Recipe — serve `/sites/<slug>/` at a custom domain root
|
|
30
|
+
|
|
31
|
+
1. **Ingress** — add the hostname(s) to `${CFG_DIR}/config.yml` (per `manual-setup.md`
|
|
32
|
+
multi-ingress section), validate, reload the brand service.
|
|
33
|
+
2. **alias-domains.json** — add the hostname(s) so the public path filter allows `/sites/`.
|
|
34
|
+
3. **DNS** — apex via dashboard CNAME (`@` → `<UUID>.cfargotunnel.com`, proxied); `www` via
|
|
35
|
+
dashboard too if the cert is not authorised for the zone (see Gap 2).
|
|
36
|
+
4. **URL Rewrite Rule** (Cloudflare dashboard) — rewrite every path on the host to the site
|
|
37
|
+
subtree, invisibly (visitor URL stays clean):
|
|
38
|
+
- **Rules → Overview → Create rule → URL Rewrite Rule** (or **Create from template →
|
|
39
|
+
"Rewrite path of moved section"**).
|
|
40
|
+
- If — Custom filter expression: `(http.host eq "<domain>") or (http.host eq "www.<domain>")`
|
|
41
|
+
- Then — Path → Rewrite to → **Dynamic**: `concat("/sites/<slug>", http.request.uri.path)`
|
|
42
|
+
- Leave query string unchanged. Deploy.
|
|
43
|
+
- Effect: `<domain>/` → origin `/sites/<slug>/` → `index.html`; `<domain>/foo.webp` →
|
|
44
|
+
`/sites/<slug>/foo.webp`. Works because `/sites/` is in `PUBLIC_ALLOWED_PREFIXES`.
|
|
45
|
+
|
|
46
|
+
No server restart needed for step 4. Verify: `curl -s https://<domain>/ | head` shows the
|
|
47
|
+
site markup, not the SPA `<div id="root">`.
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Gap 2 — `tunnel route dns` misroutes ANY hostname whose zone the cert isn't authorised for
|
|
52
|
+
|
|
53
|
+
`manual-setup.md` Step 4 warns about apex misrouting. The same failure hits **non-apex**
|
|
54
|
+
hostnames too: if the login cert is authorised for zone A (e.g. `maxy.bot`) but you route a
|
|
55
|
+
host in zone B (e.g. `www.getmaxy.com`), `cloudflared` appends zone A and silently creates
|
|
56
|
+
`www.getmaxy.com.maxy.bot` under the wrong zone — exit 0, looks successful.
|
|
57
|
+
|
|
58
|
+
**Rule:** the CLI can only route hostnames in a zone the cert was authorised for at
|
|
59
|
+
`tunnel login`. For a hostname in any other zone (apex OR subdomain), create the CNAME in
|
|
60
|
+
the dashboard, or re-run `cloudflared tunnel login` and authorise the new zone first. Do not
|
|
61
|
+
trust exit 0 — check the emitted record name in the output (`Added CNAME <name>`); if it has
|
|
62
|
+
an extra zone suffix, it misrouted and the stray record needs dashboard deletion.
|
|
63
|
+
|
|
64
|
+
---
|
|
65
|
+
|
|
66
|
+
## Gap 3 — dashboard labels are stale in `dashboard-guide.md`
|
|
67
|
+
|
|
68
|
+
- URL rewrites are **not** called "Transform Rules" in the current UI. They are under
|
|
69
|
+
**Rules → Overview → Create rule → URL Rewrite Rule**, with templates via **Create from
|
|
70
|
+
template** (the relevant one: **"Rewrite path of moved section"**).
|
|
71
|
+
- **Page Rules is the wrong tool** for transparent rewrites — it only does forwarding
|
|
72
|
+
(HTTP 301/302 redirects) with a visible URL change. Do not suggest Page Rules when the
|
|
73
|
+
requirement is an invisible origin-path rewrite.
|
|
@@ -40,7 +40,7 @@ When local Cloudflare state is corrupt or the operator wants to start from a kno
|
|
|
40
40
|
|
|
41
41
|
## Dashboard guidance
|
|
42
42
|
|
|
43
|
-
For operations only the Cloudflare dashboard can do (sign in, switch accounts, add a site, edit an apex CNAME, verify zone nameservers, delete stale CNAMEs), quote the relevant click-path from `references/dashboard-guide.md` verbatim. The operator follows it in their browser. The agent does not drive the dashboard programmatically.
|
|
43
|
+
For operations only the Cloudflare dashboard can do (sign in, switch accounts, add a site, edit an apex CNAME, verify zone nameservers, delete stale CNAMEs, create URL Rewrite Rules), quote the relevant click-path from `references/dashboard-guide.md` verbatim. The operator follows it in their browser. The agent does not drive the dashboard programmatically.
|
|
44
44
|
|
|
45
45
|
## Tool discipline — binding
|
|
46
46
|
|
|
@@ -8,6 +8,38 @@
|
|
|
8
8
|
|
|
9
9
|
**Diagnose if it ever recurs:** run `bash platform/scripts/__tests__/first-token-creates-stream-log.test.sh` from the install. Pass = invariant holds; any other exit = the writer-side existence contract is broken and one `[log-tee] missing-on-resolve sessionKey=<8> surface=<…>` line on `server.log` is the operator-visible signal (P0). For the duplicate-file class specifically (the 2026-05-14 recurrence trigger), `bash platform/scripts/log-adherence-check.sh` returns non-zero whenever any sessionKey has more than one `claude-agent-stream-<sk>.log` across account dirs.
|
|
10
10
|
|
|
11
|
+
## Retrieving evidence from an rc-spawn session
|
|
12
|
+
|
|
13
|
+
rc-spawn sessions (those started via the sidebar or the `claude rc --spawn` daemon) do not write a per-account stream log under `data/accounts/<id>/logs/`. Their evidence is the Claude Code JSONL transcript in the configDir:
|
|
14
|
+
|
|
15
|
+
```
|
|
16
|
+
<CLAUDE_CONFIG_DIR>/projects/<slug>/<uuid>.jsonl # parent session
|
|
17
|
+
<…>/projects/<slug>/<uuid>.meta.json # bridgeIds persistent map
|
|
18
|
+
<…>/projects/<slug>/<uuid>/subagents/agent-<hex>.jsonl # each subagent
|
|
19
|
+
<…>/projects/<slug>/<uuid>/subagents/agent-<hex>.meta.json # {"agentType",…}
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
**Retrieve a session's merged timeline:** `logs-read.sh <key>` with a bare key (no second argument) maps the key to the local `<uuid>` and prints one timestamp-ordered timeline merging the parent transcript with every subagent transcript. The key is resolved in order: a matching `<uuid>.jsonl` on disk; a `sessions/<pid>.json` whose `bridgeSessionId` matches; a `<uuid>.meta.json` whose `bridgeIds` carries the suffix (persistent — survives PID-file cleanup on clean exit); and finally a content scan of the top-level transcripts as last resort. Any accepted key form works: the `claude.ai` `session_<id>`, its bare suffix, or the `<uuid>` (or a unique uuid prefix).
|
|
23
|
+
|
|
24
|
+
Every subagent `is_error` tool_result is flagged inline as `‼ SUBAGENT ERROR` with the agent type, the failing tool, and the error text. The parent session's own tool errors appear as `‼ tool error`. The two are never conflated.
|
|
25
|
+
|
|
26
|
+
**Audit all silently-failed subagents:** `logs-read.sh --scan-subagent-errors [N]` walks every `subagents/agent-*.jsonl` under the configDir and lists each one carrying an `is_error` result — agent type, parent session, failing tool, error text. Optional `N` limits the scan to the `N` most-recently-modified transcripts. Use this when a delivery failure was reported but no reproduction is available.
|
|
27
|
+
|
|
28
|
+
**Quick recipes:**
|
|
29
|
+
|
|
30
|
+
```bash
|
|
31
|
+
# A session's merged parent+subagent timeline (subagent errors flagged inline)
|
|
32
|
+
~/maxy-code/platform/scripts/logs-read.sh session_<id>
|
|
33
|
+
|
|
34
|
+
# Standing audit: every subagent transcript that failed silently
|
|
35
|
+
~/maxy-code/platform/scripts/logs-read.sh --scan-subagent-errors
|
|
36
|
+
|
|
37
|
+
# Limit audit to the 50 most-recent transcripts
|
|
38
|
+
~/maxy-code/platform/scripts/logs-read.sh --scan-subagent-errors 50
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
Note: passing an explicit second argument (e.g. `logs-read.sh <key> agent-stream`) still reads the legacy per-account stream log — the bare-key JSONL path is the default when no type is given.
|
|
42
|
+
|
|
11
43
|
## A JavaScript-rendered page comes back empty from WebFetch or `url-get`
|
|
12
44
|
|
|
13
45
|
**Symptom:** A page that needs JavaScript to show its content returns empty or a shell document from `WebFetch` (summary) or `url-get` (verbatim, server-rendered).
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"http-server.d.ts","sourceRoot":"","sources":["../src/http-server.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAM3B,OAAO,EAgBL,KAAK,SAAS,EAEf,MAAM,kBAAkB,CAAA;AAezB,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,iBAAiB,CAAA;AAE5D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAC3D,OAAO,EAAqB,KAAK,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAgF9E,eAAO,MAAM,kBAAkB,QAA2B,CAAA;AAI1D,MAAM,WAAW,QAAS,SAAQ,IAAI,CAAC,SAAS,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAC7E,OAAO,EAAE,SAAS,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,iBAAiB,EAAE,MAAM,CAAA;IACzB,kBAAkB,EAAE,WAAW,CAAA;IAC/B,eAAe,EAAE,aAAa,CAAA;IAC9B;kFAC8E;IAC9E,cAAc,EAAE,cAAc,CAAA;CAC/B;AA4LD;;;kEAGkE;AAClE,MAAM,MAAM,OAAO,GAAG,IAAI,GAAG;IAC3B,2BAA2B,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACpD;;;+CAG2C;IAC3C,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CAChD,CAAA;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,
|
|
1
|
+
{"version":3,"file":"http-server.d.ts","sourceRoot":"","sources":["../src/http-server.ts"],"names":[],"mappings":"AAsBA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAM3B,OAAO,EAgBL,KAAK,SAAS,EAEf,MAAM,kBAAkB,CAAA;AAezB,OAAO,KAAK,EAAE,SAAS,EAAc,MAAM,iBAAiB,CAAA;AAE5D,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAC1D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAC3D,OAAO,EAAqB,KAAK,cAAc,EAAE,MAAM,uBAAuB,CAAA;AAgF9E,eAAO,MAAM,kBAAkB,QAA2B,CAAA;AAI1D,MAAM,WAAW,QAAS,SAAQ,IAAI,CAAC,SAAS,EAAE,gBAAgB,GAAG,SAAS,CAAC;IAC7E,OAAO,EAAE,SAAS,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,iBAAiB,EAAE,MAAM,CAAA;IACzB,kBAAkB,EAAE,WAAW,CAAA;IAC/B,eAAe,EAAE,aAAa,CAAA;IAC9B;kFAC8E;IAC9E,cAAc,EAAE,cAAc,CAAA;CAC/B;AA4LD;;;kEAGkE;AAClE,MAAM,MAAM,OAAO,GAAG,IAAI,GAAG;IAC3B,2BAA2B,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACpD;;;+CAG2C;IAC3C,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CAChD,CAAA;AAED,wBAAgB,YAAY,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAg7CpD"}
|
|
@@ -1456,6 +1456,14 @@ export function buildHttpApp(deps) {
|
|
|
1456
1456
|
argv.push(name);
|
|
1457
1457
|
if (sessionId)
|
|
1458
1458
|
argv.push(mode === 'resume' ? '--resume' : '--session-id', sessionId);
|
|
1459
|
+
// Task 592 — per-spawn bypass-permissions waiver. The brand settings.json
|
|
1460
|
+
// carries `defaultMode: bypassPermissions` (Task 583); without this flag
|
|
1461
|
+
// the first-time "WARNING: … 1. No, exit 2. Yes, I accept" disclaimer
|
|
1462
|
+
// hangs the spawn and times out waitForPid. Both documented skip keys are
|
|
1463
|
+
// waived so the disclaimer is suppressed whatever mode the session resolves
|
|
1464
|
+
// to. Per Task 574 doctrine the waiver is per-spawn (never written into
|
|
1465
|
+
// settings.json / .claude.json, which would permanently waive it).
|
|
1466
|
+
argv.push('--settings', JSON.stringify({ skipDangerousModePermissionPrompt: true, skipAutoPermissionPrompt: true }));
|
|
1459
1467
|
const env = buildRcChildEnv({
|
|
1460
1468
|
accountId: deps.accountId,
|
|
1461
1469
|
uiPort: process.env.MAXY_UI_INTERNAL_PORT ?? '',
|
|
@@ -1587,8 +1595,13 @@ export function buildHttpApp(deps) {
|
|
|
1587
1595
|
// — and the natural-exit path inside `pty.onExit →
|
|
1588
1596
|
// handlePtyNaturalExit`. The tracker remains in `livePtys` for the
|
|
1589
1597
|
// session's lifetime.
|
|
1590
|
-
|
|
1591
|
-
|
|
1598
|
+
//
|
|
1599
|
+
// Task 592 — capture the promise once so the fire-and-forget logging
|
|
1600
|
+
// and the bounded bridgeSessionId await share the same resolution.
|
|
1601
|
+
const RC_SPAWN_URL_WAIT_MS = 12_000;
|
|
1602
|
+
const waitPidPromise = deps.watcher.waitForPid(pty.pid, deps.pidFileTimeoutMs);
|
|
1603
|
+
// Fire-and-forget: unchanged logging contract.
|
|
1604
|
+
void waitPidPromise
|
|
1592
1605
|
.then((row) => {
|
|
1593
1606
|
pidFileSeen = true;
|
|
1594
1607
|
const ageMs = Date.now() - start;
|
|
@@ -1609,12 +1622,24 @@ export function buildHttpApp(deps) {
|
|
|
1609
1622
|
err: JSON.stringify(err instanceof Error ? err.message : String(err)),
|
|
1610
1623
|
});
|
|
1611
1624
|
});
|
|
1625
|
+
// Task 592 — bounded await: surface bridgeSessionId in the response
|
|
1626
|
+
// so the client can open the exact session URL. The pid file appears
|
|
1627
|
+
// ~2-3 s in production; the 12 s bound is well inside that window.
|
|
1628
|
+
// On timeout (or waitForPid rejection) bridgeSessionId stays null and
|
|
1629
|
+
// the client falls back to the bare claude.ai/code URL.
|
|
1630
|
+
let bridgeSessionId = null;
|
|
1631
|
+
const timedPidRow = await Promise.race([
|
|
1632
|
+
waitPidPromise.then((r) => r).catch(() => null),
|
|
1633
|
+
new Promise((resolve) => setTimeout(() => resolve(null), RC_SPAWN_URL_WAIT_MS)),
|
|
1634
|
+
]);
|
|
1635
|
+
if (timedPidRow)
|
|
1636
|
+
bridgeSessionId = timedPidRow.bridgeSessionId ?? null;
|
|
1612
1637
|
// Every rc-spawn child runs inside a `systemd-run --user --scope`
|
|
1613
1638
|
// unit driven by node-pty; the operator-visible spawnMethod marker
|
|
1614
1639
|
// is kept stable so server.log greps survive the Task 573 cleanup.
|
|
1615
|
-
deps.logger(`[sessions-rc-resume] mode=${mode} sessionId=${sessionId ?? 'none'} jsonlPath=${existingJsonlPath ?? 'none'} name=${name ?? 'none'} spawnedPid=${pty.pid} bridgeId
|
|
1640
|
+
deps.logger(`[sessions-rc-resume] mode=${mode} sessionId=${sessionId ?? 'none'} jsonlPath=${existingJsonlPath ?? 'none'} name=${name ?? 'none'} spawnedPid=${pty.pid} bridgeId=${bridgeSessionId ?? 'pending'} spawnMethod=systemd-scope env.CLAUDE_CONFIG_DIR=${deps.claudeConfigDir}`);
|
|
1616
1641
|
timed(deps.logger, 'POST', '/rc-spawn', 200, Date.now() - start);
|
|
1617
|
-
return c.json({ spawnedPid: pty.pid, sessionId: sessionId ?? null });
|
|
1642
|
+
return c.json({ spawnedPid: pty.pid, sessionId: sessionId ?? null, bridgeSessionId });
|
|
1618
1643
|
});
|
|
1619
1644
|
return app;
|
|
1620
1645
|
}
|