@rubytech/create-maxy-code 0.1.307 → 0.1.308
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/payload/platform/lib/admin-access-password/__tests__/index.test.ts +114 -0
- package/payload/platform/lib/admin-access-password/dist/index.d.ts +40 -0
- package/payload/platform/lib/admin-access-password/dist/index.d.ts.map +1 -0
- package/payload/platform/lib/admin-access-password/dist/index.js +172 -0
- package/payload/platform/lib/admin-access-password/dist/index.js.map +1 -0
- package/payload/platform/lib/admin-access-password/src/index.ts +152 -0
- package/payload/platform/lib/admin-access-password/tsconfig.json +8 -0
- package/payload/platform/lib/models/dist/index.d.ts +6 -0
- package/payload/platform/lib/models/dist/index.d.ts.map +1 -1
- package/payload/platform/lib/models/dist/index.js +10 -1
- package/payload/platform/lib/models/dist/index.js.map +1 -1
- package/payload/platform/lib/models/src/index.ts +9 -0
- package/payload/platform/package.json +2 -2
- package/payload/platform/plugins/admin/PLUGIN.md +1 -0
- package/payload/platform/plugins/admin/mcp/dist/index.js +60 -19
- package/payload/platform/plugins/admin/mcp/dist/index.js.map +1 -1
- package/payload/platform/plugins/admin/skills/admin-user-management/SKILL.md +8 -2
- package/payload/platform/plugins/admin/skills/platform-architecture/SKILL.md +3 -3
- package/payload/platform/plugins/docs/references/admin-ui.md +1 -1
- package/payload/platform/plugins/docs/references/internals.md +1 -1
- package/payload/platform/scripts/check-no-esm-require.mjs +4 -0
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +1 -0
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.d.ts +3 -0
- package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.js +182 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts +12 -0
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.js +52 -1
- package/payload/platform/services/claude-session-manager/dist/pty-spawner.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/session-sidecar.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/session-sidecar.js +9 -3
- package/payload/platform/services/claude-session-manager/dist/session-sidecar.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/webchat-channel-mcp.d.ts +8 -0
- package/payload/platform/services/claude-session-manager/dist/webchat-channel-mcp.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/webchat-channel-mcp.js +7 -0
- package/payload/platform/services/claude-session-manager/dist/webchat-channel-mcp.js.map +1 -1
- package/payload/platform/services/webchat-channel/dist/instructions.d.ts +8 -0
- package/payload/platform/services/webchat-channel/dist/instructions.d.ts.map +1 -0
- package/payload/platform/services/webchat-channel/dist/instructions.js +44 -0
- package/payload/platform/services/webchat-channel/dist/instructions.js.map +1 -0
- package/payload/platform/services/webchat-channel/dist/server.d.ts.map +1 -1
- package/payload/platform/services/webchat-channel/dist/server.js +11 -18
- package/payload/platform/services/webchat-channel/dist/server.js.map +1 -1
- package/payload/server/{chunk-4QFPGAUZ.js → chunk-FBGIHWWM.js} +170 -82
- package/payload/server/maxy-edge.js +1 -1
- package/payload/server/public/assets/{AdminLoginScreens-BsC-EwAn.js → AdminLoginScreens-BZIA9Z6o.js} +1 -1
- package/payload/server/public/assets/AdminShell-iazLHsk7.js +1 -0
- package/payload/server/public/assets/{Checkbox-DoPOlZTV.js → Checkbox-8elc7oXU.js} +1 -1
- package/payload/server/public/assets/{admin-DSwmdCKp.js → admin-BEx6o3fa.js} +1 -1
- package/payload/server/public/assets/{audio-attachment-mime-BA10IzqQ.js → audio-attachment-mime-DzbKNqbH.js} +1 -1
- package/payload/server/public/assets/{brand-C001cin3.css → brand-CmMZe4RK.css} +1 -1
- package/payload/server/public/assets/{browser-BKR1eJJb.js → browser-D16sPVkI.js} +1 -1
- package/payload/server/public/assets/chat-x4PnXhkd.js +1 -0
- package/payload/server/public/assets/{data-CuVmW1WN.js → data-DqG45sq0.js} +1 -1
- package/payload/server/public/assets/{file-download-4_hQmMwU.js → file-download-BvGS7Qmi.js} +1 -1
- package/payload/server/public/assets/{graph-D29p1FJH.js → graph-DKSjcpmR.js} +1 -1
- package/payload/server/public/assets/{graph-labels-DF3QVHkH.js → graph-labels-CVWPQgBV.js} +1 -1
- package/payload/server/public/assets/{operator-CQRaBNN7.js → operator-Cnzbhdh2.js} +1 -1
- package/payload/server/public/assets/page-CH8JQkQN.js +1 -0
- package/payload/server/public/assets/{public-B7BQwWpP.js → public-CA90VhI9.js} +1 -1
- package/payload/server/public/assets/{useSelectionMode-ghXuZicl.js → useSelectionMode-FIodJKzS.js} +1 -1
- package/payload/server/public/browser.html +6 -6
- package/payload/server/public/chat.html +8 -8
- package/payload/server/public/data.html +5 -5
- package/payload/server/public/graph.html +8 -8
- package/payload/server/public/index.html +9 -9
- package/payload/server/public/operator.html +10 -10
- package/payload/server/public/public.html +6 -6
- package/payload/server/server.js +3980 -3516
- package/payload/server/public/assets/AdminShell-CiKKN22G.js +0 -1
- package/payload/server/public/assets/chat-DZXNRiy-.js +0 -1
- package/payload/server/public/assets/page-Dz2F3QtB.js +0 -1
- /package/payload/server/public/assets/{brand-BaRMO3mZ.js → brand-Dh5UlVO2.js} +0 -0
|
@@ -9,6 +9,7 @@ import { resolve, join } from "node:path";
|
|
|
9
9
|
import { execFileSync } from "node:child_process";
|
|
10
10
|
import { appendFileSync, cpSync, existsSync, mkdirSync, readdirSync, readFileSync, renameSync, rmSync, statSync, writeFileSync } from "node:fs";
|
|
11
11
|
import { writeAdminEntry, removeAdminFromAccount } from "../../../../lib/admins-write/dist/index.js";
|
|
12
|
+
import { setAccessPassword as setAccessPasswordHash, clearAccessPassword as clearAccessPasswordHash } from "../../../../lib/admin-access-password/dist/index.js";
|
|
12
13
|
import { embed } from "../../../../lib/embed-client/dist/index.js";
|
|
13
14
|
import { requirePortEnv } from "../../../../lib/require-port-env/dist/index.js";
|
|
14
15
|
import { deviceUrlBlock } from "../../../../lib/device-url/dist/index.js";
|
|
@@ -181,7 +182,6 @@ async function currentEntitlement() {
|
|
|
181
182
|
: undefined,
|
|
182
183
|
});
|
|
183
184
|
}
|
|
184
|
-
const REMOTE_PASSWORD_FILE = resolve(CONFIG_DIR, ".remote-password");
|
|
185
185
|
// Resolve account directory
|
|
186
186
|
function getAccountDir() {
|
|
187
187
|
if (!ACCOUNT_ID) {
|
|
@@ -2034,12 +2034,30 @@ eagerTool(server, "session-resume", "Resume a previous session. Loads the select
|
|
|
2034
2034
|
return refuseNoAccount("session-resume");
|
|
2035
2035
|
return { content: [{ type: "text", text: "resumed" }] };
|
|
2036
2036
|
});
|
|
2037
|
-
server.tool("remote-auth-set-password", "Set
|
|
2038
|
-
"
|
|
2039
|
-
"
|
|
2040
|
-
"
|
|
2037
|
+
server.tool("remote-auth-set-password", "Set an admin's remote access password — the outer password the tunnel asks for before the PIN screen. " +
|
|
2038
|
+
"Each admin has their own; setting one does not affect any other admin's password. " +
|
|
2039
|
+
"Defaults to the calling admin; pass userId (from admin-list) to set another admin's. " +
|
|
2040
|
+
"Hashes with scrypt at mode 0600. Validates strength (8+ chars, digit, special character, no spaces anywhere). " +
|
|
2041
|
+
"Protects the admin interface when exposed over the tunnel — has no effect on the public endpoint or the tunnel itself.", {
|
|
2042
|
+
password: z.string(),
|
|
2043
|
+
userId: z.string().optional().describe("The admin to set the password for. Defaults to the calling admin. Use admin-list to find userIds."),
|
|
2044
|
+
}, async ({ password, userId }) => {
|
|
2041
2045
|
if (!ACCOUNT_ID)
|
|
2042
2046
|
return refuseNoAccount("remote-auth-set-password");
|
|
2047
|
+
const targetUserId = userId ?? process.env.USER_ID;
|
|
2048
|
+
if (!targetUserId) {
|
|
2049
|
+
return { content: [{ type: "text", text: "No target admin: pass userId, or run as an identified admin." }], isError: true };
|
|
2050
|
+
}
|
|
2051
|
+
let users;
|
|
2052
|
+
try {
|
|
2053
|
+
users = readUsersJson();
|
|
2054
|
+
}
|
|
2055
|
+
catch (err) {
|
|
2056
|
+
return { content: [{ type: "text", text: `${err instanceof Error ? err.message : String(err)}` }], isError: true };
|
|
2057
|
+
}
|
|
2058
|
+
if (!users.some((u) => u.userId === targetUserId)) {
|
|
2059
|
+
return { content: [{ type: "text", text: `No admin with userId ${targetUserId} on this device.` }], isError: true };
|
|
2060
|
+
}
|
|
2043
2061
|
// Validate strength — same rules as the web server's validatePasswordStrength
|
|
2044
2062
|
const checks = [
|
|
2045
2063
|
{ label: "at least 8 characters", met: password.length >= 8 },
|
|
@@ -2055,20 +2073,9 @@ server.tool("remote-auth-set-password", "Set the remote access password. Hashes
|
|
|
2055
2073
|
};
|
|
2056
2074
|
}
|
|
2057
2075
|
try {
|
|
2058
|
-
|
|
2059
|
-
|
|
2060
|
-
|
|
2061
|
-
scrypt(password, salt, 64, { N: 16384, r: 8, p: 1 }, (err, key) => {
|
|
2062
|
-
if (err)
|
|
2063
|
-
rej(err);
|
|
2064
|
-
else
|
|
2065
|
-
res(key);
|
|
2066
|
-
});
|
|
2067
|
-
});
|
|
2068
|
-
const stored = `${salt.toString("hex")}:${hash.toString("hex")}`;
|
|
2069
|
-
const pwPath = REMOTE_PASSWORD_FILE;
|
|
2070
|
-
await writeFile(pwPath, stored, { mode: 0o600 });
|
|
2071
|
-
return { content: [{ type: "text", text: "Remote access password set." }] };
|
|
2076
|
+
await setAccessPasswordHash(targetUserId, password, USERS_FILE);
|
|
2077
|
+
console.error(`[admin] remote-access-password set userId=${targetUserId.slice(0, 8)}`);
|
|
2078
|
+
return { content: [{ type: "text", text: `Remote access password set for userId ${targetUserId}.` }] };
|
|
2072
2079
|
}
|
|
2073
2080
|
catch (err) {
|
|
2074
2081
|
return {
|
|
@@ -2077,6 +2084,40 @@ server.tool("remote-auth-set-password", "Set the remote access password. Hashes
|
|
|
2077
2084
|
};
|
|
2078
2085
|
}
|
|
2079
2086
|
});
|
|
2087
|
+
server.tool("remote-auth-revoke-password", "Revoke an admin's remote access password so they can no longer obtain a NEW remote session (an already-open session lapses within 24h). " +
|
|
2088
|
+
"Does not affect any other admin's password and does not touch their PIN. Pass userId (from admin-list).", { userId: z.string().describe("The admin whose remote access password to revoke. Use admin-list to find userIds.") }, async ({ userId }) => {
|
|
2089
|
+
if (!ACCOUNT_ID)
|
|
2090
|
+
return refuseNoAccount("remote-auth-revoke-password");
|
|
2091
|
+
let users;
|
|
2092
|
+
try {
|
|
2093
|
+
users = readUsersJson();
|
|
2094
|
+
}
|
|
2095
|
+
catch (err) {
|
|
2096
|
+
return { content: [{ type: "text", text: `${err instanceof Error ? err.message : String(err)}` }], isError: true };
|
|
2097
|
+
}
|
|
2098
|
+
const target = users.find((u) => u.userId === userId);
|
|
2099
|
+
if (!target) {
|
|
2100
|
+
return { content: [{ type: "text", text: `No admin with userId ${userId} on this device.` }], isError: true };
|
|
2101
|
+
}
|
|
2102
|
+
if (!target.accessHash) {
|
|
2103
|
+
return { content: [{ type: "text", text: `userId ${userId} has no remote access password to revoke.` }] };
|
|
2104
|
+
}
|
|
2105
|
+
const withHash = users.filter((u) => typeof u.accessHash === "string" && u.accessHash.length > 0);
|
|
2106
|
+
if (withHash.length <= 1) {
|
|
2107
|
+
return { content: [{ type: "text", text: "Refusing to revoke the last remaining remote access password — the install would have no remote access. Set another admin's password first." }], isError: true };
|
|
2108
|
+
}
|
|
2109
|
+
try {
|
|
2110
|
+
clearAccessPasswordHash(userId, USERS_FILE);
|
|
2111
|
+
console.error(`[admin] remote-access-password revoked userId=${userId.slice(0, 8)}`);
|
|
2112
|
+
return { content: [{ type: "text", text: `Remote access password revoked for userId ${userId}.` }] };
|
|
2113
|
+
}
|
|
2114
|
+
catch (err) {
|
|
2115
|
+
return {
|
|
2116
|
+
content: [{ type: "text", text: `Failed to revoke: ${err instanceof Error ? err.message : String(err)}` }],
|
|
2117
|
+
isError: true,
|
|
2118
|
+
};
|
|
2119
|
+
}
|
|
2120
|
+
});
|
|
2080
2121
|
// ===================================================================
|
|
2081
2122
|
// Utility tools
|
|
2082
2123
|
// ===================================================================
|