@rubytech/create-maxy-code 0.1.275 → 0.1.276

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/package.json +1 -1
  2. package/payload/platform/plugins/admin/.claude-plugin/plugin.json +1 -1
  3. package/payload/platform/plugins/admin/PLUGIN.md +1 -4
  4. package/payload/platform/plugins/admin/mcp/dist/index.js +0 -8
  5. package/payload/platform/plugins/admin/mcp/dist/index.js.map +1 -1
  6. package/payload/platform/plugins/docs/references/admin-identity-gate.md +40 -81
  7. package/payload/platform/scripts/setup-account.sh +0 -5
  8. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
  9. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +0 -1
  10. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
  11. package/payload/platform/services/claude-session-manager/dist/index.js +0 -17
  12. package/payload/platform/services/claude-session-manager/dist/index.js.map +1 -1
  13. package/payload/platform/services/claude-session-manager/dist/rc-daemon.d.ts.map +1 -1
  14. package/payload/platform/services/claude-session-manager/dist/rc-daemon.js +4 -5
  15. package/payload/platform/services/claude-session-manager/dist/rc-daemon.js.map +1 -1
  16. package/payload/premium-plugins/writer-craft/mcp/dist/index.js +1 -1
  17. package/payload/premium-plugins/writer-craft/mcp/dist/index.js.map +1 -1
  18. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.d.ts +2 -0
  19. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.d.ts.map +1 -1
  20. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.js +1 -1
  21. package/payload/premium-plugins/writer-craft/mcp/dist/tools/voice-distil-profile.js.map +1 -1
  22. package/payload/premium-plugins/writer-craft/mcp/src/index.ts +1 -1
  23. package/payload/premium-plugins/writer-craft/mcp/src/tools/voice-distil-profile.ts +3 -1
  24. package/payload/server/server.js +140 -233
  25. package/payload/platform/plugins/admin/hooks/__tests__/pin-identity-gate.test.sh +0 -96
  26. package/payload/platform/plugins/admin/hooks/pin-identity-gate.sh +0 -146
@@ -604,46 +604,6 @@ var require_dist2 = __commonJS({
604
604
  }
605
605
  });
606
606
 
607
- // ../lib/require-port-env/dist/index.js
608
- var require_dist3 = __commonJS({
609
- "../lib/require-port-env/dist/index.js"(exports) {
610
- "use strict";
611
- Object.defineProperty(exports, "__esModule", { value: true });
612
- exports.MissingPortEnvError = void 0;
613
- exports.requirePortEnv = requirePortEnv3;
614
- var MissingPortEnvError = class extends Error {
615
- envName;
616
- tag;
617
- failLine;
618
- constructor(envName, tag, failLine, message) {
619
- super(message);
620
- this.name = "MissingPortEnvError";
621
- this.envName = envName;
622
- this.tag = tag;
623
- this.failLine = failLine;
624
- }
625
- };
626
- exports.MissingPortEnvError = MissingPortEnvError;
627
- var VALID_PORT_MIN = 1;
628
- var VALID_PORT_MAX = 65535;
629
- function requirePortEnv3(envName, options = {}) {
630
- const tag = options.tag ?? "port-env";
631
- const failLine = options.failLine ?? "missing-port-env";
632
- const raw = process.env[envName];
633
- if (raw === void 0 || raw === "") {
634
- const msg = `[${tag}] ${failLine} reason=missing-env env=${envName}`;
635
- throw new MissingPortEnvError(envName, tag, failLine, msg);
636
- }
637
- const parsed = Number.parseInt(raw, 10);
638
- if (!Number.isInteger(parsed) || parsed < VALID_PORT_MIN || parsed > VALID_PORT_MAX || String(parsed) !== raw.trim()) {
639
- const msg = `[${tag}] ${failLine} reason=invalid-port-env env=${envName} value=${JSON.stringify(raw)}`;
640
- throw new MissingPortEnvError(envName, tag, failLine, msg);
641
- }
642
- return parsed;
643
- }
644
- }
645
- });
646
-
647
607
  // ../lib/graph-write/dist/audit.js
648
608
  var require_audit = __commonJS({
649
609
  "../lib/graph-write/dist/audit.js"(exports) {
@@ -725,7 +685,7 @@ var require_conversation_provenance = __commonJS({
725
685
  "use strict";
726
686
  Object.defineProperty(exports, "__esModule", { value: true });
727
687
  exports.injectConversationProvenance = injectConversationProvenance;
728
- var index_js_1 = require_dist4();
688
+ var index_js_1 = require_dist3();
729
689
  async function injectConversationProvenance(params) {
730
690
  const { session, relationships, accountId, writeLabels, conversationNodeId, logNamespace, tool } = params;
731
691
  const original = [...relationships];
@@ -775,7 +735,7 @@ var require_conversation_provenance = __commonJS({
775
735
  });
776
736
 
777
737
  // ../lib/graph-write/dist/index.js
778
- var require_dist4 = __commonJS({
738
+ var require_dist3 = __commonJS({
779
739
  "../lib/graph-write/dist/index.js"(exports) {
780
740
  "use strict";
781
741
  var __createBinding = exports && exports.__createBinding || (Object.create ? (function(o, m, k, k2) {
@@ -8434,11 +8394,11 @@ app11.delete("/:id", requireAdminSession, async (c) => {
8434
8394
  const owned = await verifyConversationOwnership(sessionId, accountId);
8435
8395
  if (!owned) return c.json({ error: "Conversation not found" }, 404);
8436
8396
  const managerPort = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "admin-conversation-delete" });
8437
- const managerBase6 = `http://127.0.0.1:${managerPort}`;
8397
+ const managerBase5 = `http://127.0.0.1:${managerPort}`;
8438
8398
  const outcome = await cascadeAdminConversationDelete({
8439
8399
  sessionId,
8440
8400
  accountId,
8441
- managerBase: managerBase6
8401
+ managerBase: managerBase5
8442
8402
  });
8443
8403
  if (outcome.ok) return c.json({ ok: true, claudeSessionIds: outcome.claudeSessionIds });
8444
8404
  if (outcome.reason === "pty-still-alive") {
@@ -9282,18 +9242,18 @@ var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
9282
9242
  ]);
9283
9243
  var app14 = new Hono();
9284
9244
  app14.post("/", async (c) => {
9285
- const TAG31 = "[admin:events]";
9245
+ const TAG30 = "[admin:events]";
9286
9246
  let body;
9287
9247
  try {
9288
9248
  body = await c.req.json();
9289
9249
  } catch (err) {
9290
9250
  const detail = err instanceof Error ? err.message : String(err);
9291
- console.error(`${TAG31} reject reason=body-not-json detail=${detail}`);
9251
+ console.error(`${TAG30} reject reason=body-not-json detail=${detail}`);
9292
9252
  return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
9293
9253
  }
9294
9254
  const event = typeof body.event === "string" ? body.event : "";
9295
9255
  if (!ALLOWED_EVENTS.has(event)) {
9296
- console.error(`${TAG31} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
9256
+ console.error(`${TAG30} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
9297
9257
  return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
9298
9258
  }
9299
9259
  const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
@@ -12106,7 +12066,7 @@ app18.post("/", requireAdminSession, async (c) => {
12106
12066
  return c.json({ error: "AdminConversation node is missing sessionId" }, 500);
12107
12067
  }
12108
12068
  const managerPort = requirePortEnv("CLAUDE_SESSION_MANAGER_PORT", { tag: "graph-page-cascade" });
12109
- const managerBase6 = `http://127.0.0.1:${managerPort}`;
12069
+ const managerBase5 = `http://127.0.0.1:${managerPort}`;
12110
12070
  try {
12111
12071
  await session.close();
12112
12072
  } catch {
@@ -12114,7 +12074,7 @@ app18.post("/", requireAdminSession, async (c) => {
12114
12074
  const outcome = await cascadeAdminConversationDelete({
12115
12075
  sessionId,
12116
12076
  accountId,
12117
- managerBase: managerBase6
12077
+ managerBase: managerBase5
12118
12078
  });
12119
12079
  const elapsed2 = Date.now() - started;
12120
12080
  const labelSummary2 = preflightLabels.join(",");
@@ -13752,61 +13712,9 @@ app32.post("/", async (c) => {
13752
13712
  });
13753
13713
  var access_session_evict_default = app32;
13754
13714
 
13755
- // server/routes/admin/identity.ts
13756
- var import_dist4 = __toESM(require_dist3(), 1);
13757
- var app33 = new Hono();
13758
- var TAG28 = "[admin-identity]";
13759
- function managerBase5() {
13760
- const port2 = (0, import_dist4.requirePortEnv)("CLAUDE_SESSION_MANAGER_PORT", { tag: "admin-identity" });
13761
- return `http://127.0.0.1:${port2}`;
13762
- }
13763
- app33.post("/validate", async (c) => {
13764
- const remoteAddr = c.env?.incoming?.socket?.remoteAddress ?? "";
13765
- const isLoopback = remoteAddr === "127.0.0.1" || remoteAddr === "::1" || remoteAddr === "::ffff:127.0.0.1";
13766
- if (!isLoopback || c.req.header("x-forwarded-for")) {
13767
- return c.json({ error: "forbidden" }, 403);
13768
- }
13769
- let body;
13770
- try {
13771
- body = await c.req.json();
13772
- } catch {
13773
- return c.json({ error: "bad-request" }, 400);
13774
- }
13775
- const pin = typeof body.pin === "string" ? body.pin : "";
13776
- const sessionId = typeof body.sessionId === "string" ? body.sessionId : void 0;
13777
- if (!pin) return c.json({ error: "bad-request" }, 400);
13778
- const fireStop = () => {
13779
- if (sessionId) {
13780
- void fetch(`${managerBase5()}/${encodeURIComponent(sessionId)}/stop`, { method: "POST" }).catch(
13781
- () => {
13782
- }
13783
- );
13784
- }
13785
- };
13786
- const verdict = validatePin(pin, USERS_FILE);
13787
- if (verdict.kind !== "match") {
13788
- if (verdict.kind === "miss") fireStop();
13789
- console.log(`${TAG28} op=endpoint-validate result=${verdict.kind}${sessionId ? ` sessionId=${sessionId.slice(0, 8)}` : ""}`);
13790
- return c.json({ kind: verdict.kind });
13791
- }
13792
- const { userId } = verdict;
13793
- const accounts = resolveUserAccounts(userId);
13794
- if (accounts.length === 0) {
13795
- fireStop();
13796
- console.log(`${TAG28} op=endpoint-validate result=no-account userId=${userId.slice(0, 8)}`);
13797
- return c.json({ kind: "miss" });
13798
- }
13799
- const accountId = accounts[0].accountId;
13800
- const { userName } = await resolveUserIdentity(accountId, userId);
13801
- const aboutOwner = await resolveOwnerProfileBlock(accountId, userId);
13802
- console.log(`${TAG28} op=endpoint-validate result=match userId=${userId.slice(0, 8)} aboutOwner=${aboutOwner.ok ? "ok" : `unresolved:${aboutOwner.reason}`}`);
13803
- return c.json({ kind: "match", userId, userName, aboutOwner });
13804
- });
13805
- var identity_default = app33;
13806
-
13807
13715
  // server/routes/admin/browser.ts
13808
- var app34 = new Hono();
13809
- app34.post("/launch", requireAdminSession, async (c) => {
13716
+ var app33 = new Hono();
13717
+ app33.post("/launch", requireAdminSession, async (c) => {
13810
13718
  try {
13811
13719
  const transport = resolveBrowserTransport(c.req.raw, c.env?.incoming?.socket?.remoteAddress);
13812
13720
  console.error(`[admin/browser/launch] op=request transport=${transport}`);
@@ -13834,40 +13742,39 @@ app34.post("/launch", requireAdminSession, async (c) => {
13834
13742
  );
13835
13743
  }
13836
13744
  });
13837
- var browser_default = app34;
13745
+ var browser_default = app33;
13838
13746
 
13839
13747
  // server/routes/admin/index.ts
13840
- var app35 = new Hono();
13841
- app35.route("/session", session_default);
13842
- app35.route("/identity", identity_default);
13843
- app35.route("/logs", logs_default);
13844
- app35.route("/claude-info", claude_info_default);
13845
- app35.route("/attachment", attachment_default);
13846
- app35.route("/agents", agents_default);
13847
- app35.route("/sessions", sessions_default);
13848
- app35.route("/claude-sessions", claude_sessions_default);
13849
- app35.route("/log-ingest", log_ingest_default);
13850
- app35.route("/events", events_default);
13851
- app35.route("/files", files_default);
13852
- app35.route("/graph-search", graph_search_default);
13853
- app35.route("/graph-subgraph", graph_subgraph_default);
13854
- app35.route("/graph-delete", graph_delete_default);
13855
- app35.route("/graph-restore", graph_restore_default);
13856
- app35.route("/graph-labels-in-graph", graph_labels_in_graph_default);
13857
- app35.route("/graph-default-view", graph_default_view_default);
13858
- app35.route("/sidebar-artefacts", sidebar_artefacts_default);
13859
- app35.route("/sidebar-sessions", sidebar_sessions_default);
13860
- app35.route("/session-delete", session_delete_default);
13861
- app35.route("/browser", browser_default);
13862
- app35.route("/session-rc-spawn", session_rc_spawn_default);
13863
- app35.route("/system-stats", system_stats_default);
13864
- app35.route("/health-brand", health_default2);
13865
- app35.route("/linkedin-ingest", linkedin_ingest_default);
13866
- app35.route("/post-turn-context", post_turn_context_default);
13867
- app35.route("/public-session-context", public_session_context_default);
13868
- app35.route("/public-session-exit", public_session_exit_default);
13869
- app35.route("/access-session-evict", access_session_evict_default);
13870
- var admin_default = app35;
13748
+ var app34 = new Hono();
13749
+ app34.route("/session", session_default);
13750
+ app34.route("/logs", logs_default);
13751
+ app34.route("/claude-info", claude_info_default);
13752
+ app34.route("/attachment", attachment_default);
13753
+ app34.route("/agents", agents_default);
13754
+ app34.route("/sessions", sessions_default);
13755
+ app34.route("/claude-sessions", claude_sessions_default);
13756
+ app34.route("/log-ingest", log_ingest_default);
13757
+ app34.route("/events", events_default);
13758
+ app34.route("/files", files_default);
13759
+ app34.route("/graph-search", graph_search_default);
13760
+ app34.route("/graph-subgraph", graph_subgraph_default);
13761
+ app34.route("/graph-delete", graph_delete_default);
13762
+ app34.route("/graph-restore", graph_restore_default);
13763
+ app34.route("/graph-labels-in-graph", graph_labels_in_graph_default);
13764
+ app34.route("/graph-default-view", graph_default_view_default);
13765
+ app34.route("/sidebar-artefacts", sidebar_artefacts_default);
13766
+ app34.route("/sidebar-sessions", sidebar_sessions_default);
13767
+ app34.route("/session-delete", session_delete_default);
13768
+ app34.route("/browser", browser_default);
13769
+ app34.route("/session-rc-spawn", session_rc_spawn_default);
13770
+ app34.route("/system-stats", system_stats_default);
13771
+ app34.route("/health-brand", health_default2);
13772
+ app34.route("/linkedin-ingest", linkedin_ingest_default);
13773
+ app34.route("/post-turn-context", post_turn_context_default);
13774
+ app34.route("/public-session-context", public_session_context_default);
13775
+ app34.route("/public-session-exit", public_session_exit_default);
13776
+ app34.route("/access-session-evict", access_session_evict_default);
13777
+ var admin_default = app34;
13871
13778
 
13872
13779
  // app/lib/access-gate.ts
13873
13780
  import neo4j4 from "neo4j-driver";
@@ -14078,11 +13985,11 @@ async function generateNewMagicToken(grantId) {
14078
13985
  }
14079
13986
 
14080
13987
  // server/routes/access/verify-token.ts
14081
- var TAG29 = "[access-verify]";
13988
+ var TAG28 = "[access-verify]";
14082
13989
  var MINT_TAG = "[access-session-mint]";
14083
13990
  var COOKIE_NAME = "__access_session";
14084
- var app36 = new Hono();
14085
- app36.post("/", async (c) => {
13991
+ var app35 = new Hono();
13992
+ app35.post("/", async (c) => {
14086
13993
  const ip = c.var.clientIp || "unknown";
14087
13994
  let body;
14088
13995
  try {
@@ -14097,39 +14004,39 @@ app36.post("/", async (c) => {
14097
14004
  }
14098
14005
  const rateMsg = checkAccessRateLimit(ip, agentSlug);
14099
14006
  if (rateMsg) {
14100
- console.error(`${TAG29} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
14007
+ console.error(`${TAG28} grantId=- agentSlug=${agentSlug} result=rate-limited ip=${ip}`);
14101
14008
  return c.json({ error: rateMsg }, 429);
14102
14009
  }
14103
14010
  const grant = await findGrantByMagicToken(token);
14104
14011
  if (!grant) {
14105
14012
  recordAccessFailedAttempt(ip, agentSlug);
14106
- console.error(`${TAG29} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
14013
+ console.error(`${TAG28} grantId=- agentSlug=${agentSlug} result=notfound ip=${ip}`);
14107
14014
  return c.json({ error: "invalid-or-expired-link" }, 401);
14108
14015
  }
14109
14016
  if (grant.agentSlug !== agentSlug) {
14110
14017
  recordAccessFailedAttempt(ip, agentSlug);
14111
14018
  console.error(
14112
- `${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
14019
+ `${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=agent-mismatch grantAgent=${grant.agentSlug} ip=${ip}`
14113
14020
  );
14114
14021
  return c.json({ error: "invalid-or-expired-link" }, 401);
14115
14022
  }
14116
14023
  if (grant.status === "expired" || grant.status === "revoked") {
14117
14024
  recordAccessFailedAttempt(ip, agentSlug);
14118
14025
  console.error(
14119
- `${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
14026
+ `${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired status=${grant.status} ip=${ip}`
14120
14027
  );
14121
14028
  return c.json({ error: "access-no-longer-valid" }, 401);
14122
14029
  }
14123
14030
  if (grant.expiresAt !== null && grant.expiresAt < Date.now()) {
14124
14031
  recordAccessFailedAttempt(ip, agentSlug);
14125
14032
  console.error(
14126
- `${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
14033
+ `${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=expired reason=expiresAt-past ip=${ip}`
14127
14034
  );
14128
14035
  return c.json({ error: "access-no-longer-valid" }, 401);
14129
14036
  }
14130
14037
  if (!grant.sliceToken) {
14131
14038
  console.error(
14132
- `${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
14039
+ `${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=no-slice-token reason=schema-violation`
14133
14040
  );
14134
14041
  return c.json({ error: "grant-misconfigured" }, 500);
14135
14042
  }
@@ -14145,12 +14052,12 @@ app36.post("/", async (c) => {
14145
14052
  await consumeMagicTokenAndActivate(grant.grantId);
14146
14053
  } catch (err) {
14147
14054
  console.error(
14148
- `${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
14055
+ `${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=consume-failed err="${err instanceof Error ? err.message : String(err)}"`
14149
14056
  );
14150
14057
  return c.json({ error: "verification-failed" }, 500);
14151
14058
  }
14152
14059
  clearAccessRateLimit(ip, agentSlug);
14153
- console.log(`${TAG29} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
14060
+ console.log(`${TAG28} grantId=${grant.grantId} agentSlug=${agentSlug} result=ok ip=${ip}`);
14154
14061
  console.log(
14155
14062
  `${MINT_TAG} grantId=${grant.grantId} sliceToken=${grant.sliceToken.slice(0, 8)} agentSlug=${agentSlug} personId=${grant.personId ?? "none"}`
14156
14063
  );
@@ -14164,7 +14071,7 @@ app36.post("/", async (c) => {
14164
14071
  displayName: grant.displayName
14165
14072
  });
14166
14073
  });
14167
- var verify_token_default = app36;
14074
+ var verify_token_default = app35;
14168
14075
 
14169
14076
  // app/lib/access-email.ts
14170
14077
  import { spawn as spawn2 } from "child_process";
@@ -14226,10 +14133,10 @@ async function sendMagicLinkEmail(payload) {
14226
14133
  }
14227
14134
 
14228
14135
  // server/routes/access/request-magic-link.ts
14229
- var TAG30 = "[access-request-link]";
14230
- var app37 = new Hono();
14136
+ var TAG29 = "[access-request-link]";
14137
+ var app36 = new Hono();
14231
14138
  var VISITOR_MESSAGE = "If that email is on the invite list, a fresh link is on the way.";
14232
- app37.post("/", async (c) => {
14139
+ app36.post("/", async (c) => {
14233
14140
  let body;
14234
14141
  try {
14235
14142
  body = await c.req.json();
@@ -14243,18 +14150,18 @@ app37.post("/", async (c) => {
14243
14150
  }
14244
14151
  const rateMsg = checkRequestLinkRateLimit(contactValue);
14245
14152
  if (rateMsg) {
14246
- console.error(`${TAG30} contactValue=${maskContact(contactValue)} result=rate-limited`);
14153
+ console.error(`${TAG29} contactValue=${maskContact(contactValue)} result=rate-limited`);
14247
14154
  return c.json({ error: rateMsg }, 429);
14248
14155
  }
14249
14156
  recordRequestLinkAttempt(contactValue);
14250
14157
  const accountId = process.env.ACCOUNT_ID ?? "";
14251
14158
  if (!accountId) {
14252
- console.error(`${TAG30} contactValue=${maskContact(contactValue)} result=no-account-id`);
14159
+ console.error(`${TAG29} contactValue=${maskContact(contactValue)} result=no-account-id`);
14253
14160
  return c.json({ message: VISITOR_MESSAGE }, 200);
14254
14161
  }
14255
14162
  const grant = await findActiveGrantByContact(contactValue, agentSlug, accountId);
14256
14163
  if (!grant) {
14257
- console.log(`${TAG30} contactValue=${maskContact(contactValue)} result=notfound`);
14164
+ console.log(`${TAG29} contactValue=${maskContact(contactValue)} result=notfound`);
14258
14165
  return c.json({ message: VISITOR_MESSAGE }, 200);
14259
14166
  }
14260
14167
  let token;
@@ -14262,7 +14169,7 @@ app37.post("/", async (c) => {
14262
14169
  token = await generateNewMagicToken(grant.grantId);
14263
14170
  } catch (err) {
14264
14171
  console.error(
14265
- `${TAG30} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
14172
+ `${TAG29} contactValue=${maskContact(contactValue)} result=mint-failed err="${err instanceof Error ? err.message : String(err)}"`
14266
14173
  );
14267
14174
  return c.json({ message: VISITOR_MESSAGE }, 200);
14268
14175
  }
@@ -14294,22 +14201,22 @@ app37.post("/", async (c) => {
14294
14201
  });
14295
14202
  if (!sendResult.ok) {
14296
14203
  console.error(
14297
- `${TAG30} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
14204
+ `${TAG29} contactValue=${maskContact(contactValue)} result=send-failed err="${sendResult.error}"`
14298
14205
  );
14299
14206
  return c.json({ message: VISITOR_MESSAGE }, 200);
14300
14207
  }
14301
14208
  console.log(
14302
- `${TAG30} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
14209
+ `${TAG29} contactValue=${maskContact(contactValue)} result=ok messageId=${sendResult.messageId}`
14303
14210
  );
14304
14211
  return c.json({ message: VISITOR_MESSAGE }, 200);
14305
14212
  });
14306
- var request_magic_link_default = app37;
14213
+ var request_magic_link_default = app36;
14307
14214
 
14308
14215
  // server/routes/access/index.ts
14309
- var app38 = new Hono();
14310
- app38.route("/verify-token", verify_token_default);
14311
- app38.route("/request-magic-link", request_magic_link_default);
14312
- var access_default = app38;
14216
+ var app37 = new Hono();
14217
+ app37.route("/verify-token", verify_token_default);
14218
+ app37.route("/request-magic-link", request_magic_link_default);
14219
+ var access_default = app37;
14313
14220
 
14314
14221
  // server/routes/sites.ts
14315
14222
  import { existsSync as existsSync19, readFileSync as readFileSync18, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
@@ -14344,8 +14251,8 @@ function getExt(p) {
14344
14251
  if (idx < p.lastIndexOf("/")) return "";
14345
14252
  return p.slice(idx).toLowerCase();
14346
14253
  }
14347
- var app39 = new Hono();
14348
- app39.get("/:rel{.*}", (c) => {
14254
+ var app38 = new Hono();
14255
+ app38.get("/:rel{.*}", (c) => {
14349
14256
  const reqPath = c.req.path;
14350
14257
  const rawRel = c.req.param("rel") ?? "";
14351
14258
  const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
@@ -14448,7 +14355,7 @@ app39.get("/:rel{.*}", (c) => {
14448
14355
  "X-Content-Type-Options": "nosniff"
14449
14356
  });
14450
14357
  });
14451
- var sites_default = app39;
14358
+ var sites_default = app38;
14452
14359
 
14453
14360
  // app/lib/visitor-token.ts
14454
14361
  import { createHmac, randomBytes, timingSafeEqual } from "crypto";
@@ -14548,7 +14455,7 @@ function readBrandConfig() {
14548
14455
  }
14549
14456
 
14550
14457
  // server/routes/visitor-consent.ts
14551
- var app40 = new Hono();
14458
+ var app39 = new Hono();
14552
14459
  var CONSENT_COOKIE_NAME = "mxy_consent";
14553
14460
  var CONSENT_COOKIE_MAX_AGE_SECONDS = 60 * 60 * 24 * 365;
14554
14461
  var DEFAULT_CONSENT_COPY = {
@@ -14593,17 +14500,17 @@ function siteSlugFromReferer(referer) {
14593
14500
  return "";
14594
14501
  }
14595
14502
  }
14596
- app40.options("/consent", (c) => {
14503
+ app39.options("/consent", (c) => {
14597
14504
  const origin = getOrigin(c);
14598
14505
  setCorsHeaders(c, origin);
14599
14506
  return c.body(null, 204);
14600
14507
  });
14601
- app40.options("/brand-config", (c) => {
14508
+ app39.options("/brand-config", (c) => {
14602
14509
  const origin = getOrigin(c);
14603
14510
  setCorsHeaders(c, origin);
14604
14511
  return c.body(null, 204);
14605
14512
  });
14606
- app40.post("/consent", async (c) => {
14513
+ app39.post("/consent", async (c) => {
14607
14514
  const origin = getOrigin(c);
14608
14515
  setCorsHeaders(c, origin);
14609
14516
  let raw;
@@ -14643,7 +14550,7 @@ app40.post("/consent", async (c) => {
14643
14550
  console.log(`[consent] ${parsed.decision} site=${site} brand=${brandName} tokenBound=${tokenBound}`);
14644
14551
  return c.body(null, 204);
14645
14552
  });
14646
- app40.get("/brand-config", (c) => {
14553
+ app39.get("/brand-config", (c) => {
14647
14554
  const origin = getOrigin(c);
14648
14555
  setCorsHeaders(c, origin);
14649
14556
  const brand = readBrandConfig();
@@ -14653,7 +14560,7 @@ app40.get("/brand-config", (c) => {
14653
14560
  c.header("Cache-Control", "public, max-age=300");
14654
14561
  return c.json({ consent: { copy, palette } });
14655
14562
  });
14656
- var visitor_consent_default = app40;
14563
+ var visitor_consent_default = app39;
14657
14564
 
14658
14565
  // server/routes/listings.ts
14659
14566
  function getCookie(headerValue, name) {
@@ -14680,8 +14587,8 @@ function appendConsentParams(pageUrl, token) {
14680
14587
  }
14681
14588
  var SAFE_SLUG_RE = /^[a-z0-9](?:[a-z0-9-]{0,118}[a-z0-9])?$/;
14682
14589
  var CHAT_SESSION_KEY_RE = /^[A-Za-z0-9][A-Za-z0-9_-]{7,127}$/;
14683
- var app41 = new Hono();
14684
- app41.get("/:slug/click", async (c) => {
14590
+ var app40 = new Hono();
14591
+ app40.get("/:slug/click", async (c) => {
14685
14592
  const slug = c.req.param("slug") ?? "";
14686
14593
  const rawSession = c.req.query("session") ?? "";
14687
14594
  const sessionKey = CHAT_SESSION_KEY_RE.test(rawSession) ? rawSession : "invalid";
@@ -14745,10 +14652,10 @@ app41.get("/:slug/click", async (c) => {
14745
14652
  console.log(`[property-card-click] sessionKey=${sessionKey} listingSlug=${slug} consent=${consentCookie ?? "absent"} ts=${(/* @__PURE__ */ new Date()).toISOString()}`);
14746
14653
  return c.redirect(redirectUrl, 302);
14747
14654
  });
14748
- var listings_default = app41;
14655
+ var listings_default = app40;
14749
14656
 
14750
14657
  // server/routes/visitor-event.ts
14751
- var app42 = new Hono();
14658
+ var app41 = new Hono();
14752
14659
  var BOT_UA_RE = /\b(bot|crawl|spider|slurp|headlesschrome|phantomjs|googlebot|bingbot|yandex|baiduspider|ahrefsbot|semrushbot|mj12bot|dotbot|petalbot)\b/i;
14753
14660
  var buckets = /* @__PURE__ */ new Map();
14754
14661
  var RATE_LIMIT = 60;
@@ -14815,12 +14722,12 @@ function originAllowed(origin, allowlist) {
14815
14722
  return false;
14816
14723
  }
14817
14724
  }
14818
- app42.options("/event", (c) => {
14725
+ app41.options("/event", (c) => {
14819
14726
  const origin = getOrigin2(c);
14820
14727
  setCorsHeaders2(c, origin);
14821
14728
  return c.body(null, 204);
14822
14729
  });
14823
- app42.post("/event", async (c) => {
14730
+ app41.post("/event", async (c) => {
14824
14731
  const origin = getOrigin2(c);
14825
14732
  setCorsHeaders2(c, origin);
14826
14733
  const ua = c.req.header("user-agent") ?? "";
@@ -15025,7 +14932,7 @@ async function writeEvent(opts) {
15025
14932
  );
15026
14933
  }
15027
14934
  }
15028
- var visitor_event_default = app42;
14935
+ var visitor_event_default = app41;
15029
14936
 
15030
14937
  // server/routes/session.ts
15031
14938
  import { resolve as resolve23 } from "path";
@@ -15071,8 +14978,8 @@ function withVisitorCookie(response, visitorId) {
15071
14978
  headers
15072
14979
  });
15073
14980
  }
15074
- var app43 = new Hono();
15075
- app43.post("/", async (c) => {
14981
+ var app42 = new Hono();
14982
+ app42.post("/", async (c) => {
15076
14983
  let body;
15077
14984
  try {
15078
14985
  body = await c.req.json();
@@ -15283,10 +15190,10 @@ app43.post("/", async (c) => {
15283
15190
  newVisitorId
15284
15191
  );
15285
15192
  });
15286
- var session_default2 = app43;
15193
+ var session_default2 = app42;
15287
15194
 
15288
15195
  // app/lib/graph-health.ts
15289
- var import_dist5 = __toESM(require_dist4(), 1);
15196
+ var import_dist4 = __toESM(require_dist3(), 1);
15290
15197
  var HOUR_MS = 60 * 60 * 1e3;
15291
15198
  function renderLabelTop(rows) {
15292
15199
  return rows.map((b) => {
@@ -15331,7 +15238,7 @@ async function runGraphHealthTick() {
15331
15238
  console.error(
15332
15239
  `[graph-health] userprofile-multi accounts=${upAccounts} top=${upTop.length > 0 ? upTop.join(",") : "none"}`
15333
15240
  );
15334
- const indexed = [...import_dist5.VECTOR_INDEXED_LABELS];
15241
+ const indexed = [...import_dist4.VECTOR_INDEXED_LABELS];
15335
15242
  const embCount = await session.run(
15336
15243
  `MATCH (n) WHERE n.embedding IS NULL AND any(l IN labels(n) WHERE l IN $indexed)
15337
15244
  RETURN count(n) AS total`,
@@ -15707,8 +15614,8 @@ var streamSSE = (c, cb, onError) => {
15707
15614
 
15708
15615
  // app/lib/whatsapp/gateway/routes.ts
15709
15616
  function createWaChannelRoutes(deps) {
15710
- const app45 = new Hono();
15711
- app45.get("/wa-channel/inbound", (c) => {
15617
+ const app44 = new Hono();
15618
+ app44.get("/wa-channel/inbound", (c) => {
15712
15619
  const senderId = c.req.query("senderId");
15713
15620
  if (!senderId) return c.json({ error: "senderId required" }, 400);
15714
15621
  return streamSSE(c, async (stream2) => {
@@ -15726,7 +15633,7 @@ function createWaChannelRoutes(deps) {
15726
15633
  }
15727
15634
  });
15728
15635
  });
15729
- app45.post("/wa-channel/reply", async (c) => {
15636
+ app44.post("/wa-channel/reply", async (c) => {
15730
15637
  const body = await c.req.json().catch(() => null);
15731
15638
  const senderId = body?.senderId;
15732
15639
  const text = body?.text;
@@ -15745,7 +15652,7 @@ function createWaChannelRoutes(deps) {
15745
15652
  console.error(`[whatsapp-native] op=reply-dispatch senderId=${senderId} bytes=${bytes}`);
15746
15653
  return c.json({ ok: true });
15747
15654
  });
15748
- app45.post("/wa-channel/ready", async (c) => {
15655
+ app44.post("/wa-channel/ready", async (c) => {
15749
15656
  const body = await c.req.json().catch(() => null);
15750
15657
  const senderId = body?.senderId;
15751
15658
  if (typeof senderId !== "string") {
@@ -15754,7 +15661,7 @@ function createWaChannelRoutes(deps) {
15754
15661
  deps.onReady?.(senderId);
15755
15662
  return c.json({ ok: true });
15756
15663
  });
15757
- return app45;
15664
+ return app44;
15758
15665
  }
15759
15666
 
15760
15667
  // app/lib/whatsapp/gateway/wa-gateway.ts
@@ -16127,7 +16034,7 @@ watchFile(ALIAS_DOMAINS_PATH, { interval: 2e3 }, () => {
16127
16034
  function isPublicHost(host) {
16128
16035
  return host.startsWith("public.") || aliasDomains.has(host);
16129
16036
  }
16130
- var app44 = new Hono();
16037
+ var app43 = new Hono();
16131
16038
  var waGateway = new WaGateway({
16132
16039
  gatewayUrl: `http://127.0.0.1:${process.env.MAXY_UI_INTERNAL_PORT ?? ""}`,
16133
16040
  serverPath: process.env.MAXY_WA_CHANNEL_SERVER_PATH ?? resolve26(process.env.MAXY_PLATFORM_ROOT ?? join18(__dirname, ".."), "services/whatsapp-channel/dist/server.js"),
@@ -16142,9 +16049,9 @@ var waGateway = new WaGateway({
16142
16049
  }
16143
16050
  }
16144
16051
  });
16145
- app44.route("/", waGateway.routes());
16146
- app44.use("*", clientIpMiddleware);
16147
- app44.use("*", async (c, next) => {
16052
+ app43.route("/", waGateway.routes());
16053
+ app43.use("*", clientIpMiddleware);
16054
+ app43.use("*", async (c, next) => {
16148
16055
  await next();
16149
16056
  c.header("X-Content-Type-Options", "nosniff");
16150
16057
  c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -16154,7 +16061,7 @@ app44.use("*", async (c, next) => {
16154
16061
  );
16155
16062
  });
16156
16063
  var HTTP_LOG_PATHS = /* @__PURE__ */ new Set(["/vnc-viewer.html", "/vnc-popout.html"]);
16157
- app44.use("*", async (c, next) => {
16064
+ app43.use("*", async (c, next) => {
16158
16065
  if (!HTTP_LOG_PATHS.has(c.req.path)) {
16159
16066
  await next();
16160
16067
  return;
@@ -16172,7 +16079,7 @@ app44.use("*", async (c, next) => {
16172
16079
  });
16173
16080
  }
16174
16081
  });
16175
- app44.use("*", async (c, next) => {
16082
+ app43.use("*", async (c, next) => {
16176
16083
  const host = (c.req.header("host") ?? "").split(":")[0];
16177
16084
  if (!isPublicHost(host)) {
16178
16085
  await next();
@@ -16203,7 +16110,7 @@ function resolveRemoteAuthOpts() {
16203
16110
  return brandLoginOpts;
16204
16111
  }
16205
16112
  var MAX_LOGIN_BODY = 8 * 1024;
16206
- app44.post("/__remote-auth/login", async (c) => {
16113
+ app43.post("/__remote-auth/login", async (c) => {
16207
16114
  const client = clientFrom(c);
16208
16115
  const clientIp = client.ip || "unknown";
16209
16116
  if (!requestIsTlsTerminated(c)) {
@@ -16248,7 +16155,7 @@ app44.post("/__remote-auth/login", async (c) => {
16248
16155
  }
16249
16156
  });
16250
16157
  });
16251
- app44.get("/__remote-auth/logout", (c) => {
16158
+ app43.get("/__remote-auth/logout", (c) => {
16252
16159
  const client = clientFrom(c);
16253
16160
  const clientIp = client.ip || "unknown";
16254
16161
  console.error(`[remote-auth] logout ip=${clientIp}`);
@@ -16261,7 +16168,7 @@ app44.get("/__remote-auth/logout", (c) => {
16261
16168
  }
16262
16169
  });
16263
16170
  });
16264
- app44.post("/__remote-auth/change-password", async (c) => {
16171
+ app43.post("/__remote-auth/change-password", async (c) => {
16265
16172
  const client = clientFrom(c);
16266
16173
  const clientIp = client.ip || "unknown";
16267
16174
  const rateLimited = checkRateLimit(client);
@@ -16312,13 +16219,13 @@ app44.post("/__remote-auth/change-password", async (c) => {
16312
16219
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
16313
16220
  }
16314
16221
  });
16315
- app44.get("/__remote-auth/setup", (c) => {
16222
+ app43.get("/__remote-auth/setup", (c) => {
16316
16223
  if (isRemoteAuthConfigured()) {
16317
16224
  return c.redirect("/");
16318
16225
  }
16319
16226
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
16320
16227
  });
16321
- app44.post("/__remote-auth/set-initial-password", async (c) => {
16228
+ app43.post("/__remote-auth/set-initial-password", async (c) => {
16322
16229
  if (isRemoteAuthConfigured()) {
16323
16230
  return c.redirect("/");
16324
16231
  }
@@ -16356,10 +16263,10 @@ app44.post("/__remote-auth/set-initial-password", async (c) => {
16356
16263
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
16357
16264
  }
16358
16265
  });
16359
- app44.get("/api/remote-auth/status", (c) => {
16266
+ app43.get("/api/remote-auth/status", (c) => {
16360
16267
  return c.json({ configured: isRemoteAuthConfigured() });
16361
16268
  });
16362
- app44.post("/api/remote-auth/set-password", async (c) => {
16269
+ app43.post("/api/remote-auth/set-password", async (c) => {
16363
16270
  let body;
16364
16271
  try {
16365
16272
  body = await c.req.json();
@@ -16390,9 +16297,9 @@ app44.post("/api/remote-auth/set-password", async (c) => {
16390
16297
  return c.json({ error: "Failed to save password" }, 500);
16391
16298
  }
16392
16299
  });
16393
- app44.route("/api/_client-error", client_error_default);
16300
+ app43.route("/api/_client-error", client_error_default);
16394
16301
  console.log("[client-error-route] mounted");
16395
- app44.use("*", async (c, next) => {
16302
+ app43.use("*", async (c, next) => {
16396
16303
  const host = (c.req.header("host") ?? "").split(":")[0];
16397
16304
  const path2 = c.req.path;
16398
16305
  if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -16425,13 +16332,13 @@ app44.use("*", async (c, next) => {
16425
16332
  console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
16426
16333
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
16427
16334
  });
16428
- app44.route("/api/health", health_default);
16429
- app44.route("/api/chat", chat_default);
16430
- app44.route("/api/whatsapp", whatsapp_default);
16431
- app44.route("/api/onboarding", onboarding_default);
16432
- app44.route("/api/admin", admin_default);
16433
- app44.route("/api/access", access_default);
16434
- app44.route("/api/session", session_default2);
16335
+ app43.route("/api/health", health_default);
16336
+ app43.route("/api/chat", chat_default);
16337
+ app43.route("/api/whatsapp", whatsapp_default);
16338
+ app43.route("/api/onboarding", onboarding_default);
16339
+ app43.route("/api/admin", admin_default);
16340
+ app43.route("/api/access", access_default);
16341
+ app43.route("/api/session", session_default2);
16435
16342
  var SAFE_SLUG_RE2 = /^[a-z][a-z0-9-]{2,49}$/;
16436
16343
  var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
16437
16344
  var IMAGE_MIME = {
@@ -16443,7 +16350,7 @@ var IMAGE_MIME = {
16443
16350
  ".svg": "image/svg+xml",
16444
16351
  ".ico": "image/x-icon"
16445
16352
  };
16446
- app44.get("/agent-assets/:slug/:filename", (c) => {
16353
+ app43.get("/agent-assets/:slug/:filename", (c) => {
16447
16354
  const slug = c.req.param("slug");
16448
16355
  const filename = c.req.param("filename");
16449
16356
  if (!SAFE_SLUG_RE2.test(slug)) {
@@ -16478,7 +16385,7 @@ app44.get("/agent-assets/:slug/:filename", (c) => {
16478
16385
  "Cache-Control": "public, max-age=3600"
16479
16386
  });
16480
16387
  });
16481
- app44.get("/generated/:filename", (c) => {
16388
+ app43.get("/generated/:filename", (c) => {
16482
16389
  const filename = c.req.param("filename");
16483
16390
  if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
16484
16391
  console.error(`[generated] serve file=${filename} status=403`);
@@ -16508,10 +16415,10 @@ app44.get("/generated/:filename", (c) => {
16508
16415
  "Cache-Control": "public, max-age=86400"
16509
16416
  });
16510
16417
  });
16511
- app44.route("/sites", sites_default);
16512
- app44.route("/listings", listings_default);
16513
- app44.route("/v", visitor_event_default);
16514
- app44.route("/v", visitor_consent_default);
16418
+ app43.route("/sites", sites_default);
16419
+ app43.route("/listings", listings_default);
16420
+ app43.route("/v", visitor_event_default);
16421
+ app43.route("/v", visitor_consent_default);
16515
16422
  var htmlCache = /* @__PURE__ */ new Map();
16516
16423
  var brandLogoPath = "/brand/maxy-monochrome.png";
16517
16424
  var brandIconPath = "/brand/maxy-monochrome.png";
@@ -16642,7 +16549,7 @@ function escapeHtml(s) {
16642
16549
  function agentUnavailableHtml() {
16643
16550
  return `<!doctype html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>${escapeHtml(BRAND.productName)}</title></head><body style="font-family:system-ui,sans-serif;max-width:32rem;margin:4rem auto;padding:0 1.5rem;color:#222"><h1 style="font-size:1.25rem">Agent unavailable</h1><p>This agent isn't available right now. If you reached this page from a saved link, the agent may have been turned off.</p></body></html>`;
16644
16551
  }
16645
- app44.get("/", (c) => {
16552
+ app43.get("/", (c) => {
16646
16553
  const host = (c.req.header("host") ?? "").split(":")[0];
16647
16554
  if (isPublicHost(host)) {
16648
16555
  const defaultSlug = resolveDefaultSlug();
@@ -16658,12 +16565,12 @@ app44.get("/", (c) => {
16658
16565
  }
16659
16566
  return c.html(cachedHtml("index.html"));
16660
16567
  });
16661
- app44.get("/public", (c) => {
16568
+ app43.get("/public", (c) => {
16662
16569
  const host = (c.req.header("host") ?? "").split(":")[0];
16663
16570
  if (isPublicHost(host)) return c.text("Not found", 404);
16664
16571
  return c.html(cachedHtml("public.html"));
16665
16572
  });
16666
- app44.get("/chat", (c) => {
16573
+ app43.get("/chat", (c) => {
16667
16574
  const host = (c.req.header("host") ?? "").split(":")[0];
16668
16575
  if (isPublicHost(host)) return c.text("Not found", 404);
16669
16576
  return c.html(cachedHtml("public.html"));
@@ -16682,9 +16589,9 @@ async function logViewerFetch(c, next) {
16682
16589
  duration_ms: Date.now() - start
16683
16590
  });
16684
16591
  }
16685
- app44.use("/vnc-viewer.html", logViewerFetch);
16686
- app44.use("/vnc-popout.html", logViewerFetch);
16687
- app44.get("/vnc-popout.html", (c) => {
16592
+ app43.use("/vnc-viewer.html", logViewerFetch);
16593
+ app43.use("/vnc-popout.html", logViewerFetch);
16594
+ app43.get("/vnc-popout.html", (c) => {
16688
16595
  let html = htmlCache.get("vnc-popout.html");
16689
16596
  if (!html) {
16690
16597
  html = readFileSync22(resolve26(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -16697,7 +16604,7 @@ app44.get("/vnc-popout.html", (c) => {
16697
16604
  }
16698
16605
  return c.html(html);
16699
16606
  });
16700
- app44.post("/api/vnc/client-event", async (c) => {
16607
+ app43.post("/api/vnc/client-event", async (c) => {
16701
16608
  let body;
16702
16609
  try {
16703
16610
  body = await c.req.json();
@@ -16718,30 +16625,30 @@ app44.post("/api/vnc/client-event", async (c) => {
16718
16625
  });
16719
16626
  return c.json({ ok: true });
16720
16627
  });
16721
- app44.get("/g/:slug", (c) => {
16628
+ app43.get("/g/:slug", (c) => {
16722
16629
  return c.html(brandedPublicHtml());
16723
16630
  });
16724
- app44.get("/graph", (c) => {
16631
+ app43.get("/graph", (c) => {
16725
16632
  const host = (c.req.header("host") ?? "").split(":")[0];
16726
16633
  if (isPublicHost(host)) return c.text("Not found", 404);
16727
16634
  return c.html(cachedHtml("graph.html"));
16728
16635
  });
16729
- app44.get("/sessions", (c) => {
16636
+ app43.get("/sessions", (c) => {
16730
16637
  const host = (c.req.header("host") ?? "").split(":")[0];
16731
16638
  if (isPublicHost(host)) return c.text("Not found", 404);
16732
16639
  return c.html(cachedHtml("sessions.html"));
16733
16640
  });
16734
- app44.get("/data", (c) => {
16641
+ app43.get("/data", (c) => {
16735
16642
  const host = (c.req.header("host") ?? "").split(":")[0];
16736
16643
  if (isPublicHost(host)) return c.text("Not found", 404);
16737
16644
  return c.html(cachedHtml("data.html"));
16738
16645
  });
16739
- app44.get("/browser", (c) => {
16646
+ app43.get("/browser", (c) => {
16740
16647
  const host = (c.req.header("host") ?? "").split(":")[0];
16741
16648
  if (isPublicHost(host)) return c.text("Not found", 404);
16742
16649
  return c.html(cachedHtml("browser.html"));
16743
16650
  });
16744
- app44.get("/:slug", async (c, next) => {
16651
+ app43.get("/:slug", async (c, next) => {
16745
16652
  const slug = c.req.param("slug");
16746
16653
  if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
16747
16654
  const account = resolveAccount();
@@ -16756,13 +16663,13 @@ app44.get("/:slug", async (c, next) => {
16756
16663
  await next();
16757
16664
  });
16758
16665
  if (brandFaviconPath !== "/favicon.ico") {
16759
- app44.get("/favicon.ico", (c) => {
16666
+ app43.get("/favicon.ico", (c) => {
16760
16667
  c.header("Cache-Control", "public, max-age=300");
16761
16668
  return c.redirect(brandFaviconPath, 302);
16762
16669
  });
16763
16670
  }
16764
- app44.use("/*", serveStatic({ root: "./public" }));
16765
- app44.all("*", (c) => {
16671
+ app43.use("/*", serveStatic({ root: "./public" }));
16672
+ app43.all("*", (c) => {
16766
16673
  const host = (c.req.header("host") ?? "").split(":")[0];
16767
16674
  const path2 = c.req.path;
16768
16675
  if (isPublicHost(host)) {
@@ -16776,7 +16683,7 @@ app44.all("*", (c) => {
16776
16683
  });
16777
16684
  var port = requirePortEnv("MAXY_UI_INTERNAL_PORT", { tag: "ui-server" });
16778
16685
  var hostname = process.env.HOSTNAME ?? "127.0.0.1";
16779
- var httpServer = serve({ fetch: app44.fetch, port, hostname });
16686
+ var httpServer = serve({ fetch: app43.fetch, port, hostname });
16780
16687
  console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
16781
16688
  startAuthHealthHeartbeat();
16782
16689
  {
@@ -16813,7 +16720,7 @@ for (const m of SUBAPP_MANIFEST) {
16813
16720
  }
16814
16721
  try {
16815
16722
  const registered = [];
16816
- for (const r of app44.routes ?? []) {
16723
+ for (const r of app43.routes ?? []) {
16817
16724
  if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
16818
16725
  if (AGENT_SLUG_PATTERN.test(r.path)) {
16819
16726
  registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });