@rubytech/create-maxy-code 0.1.351 → 0.1.353
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +2 -2
- package/payload/platform/config/brand.json +1 -1
- package/payload/platform/package-lock.json +76 -1
- package/payload/platform/plugins/.claude-plugin/marketplace.json +5 -0
- package/payload/platform/plugins/admin/hooks/lib/maxy-mcp-plugins.txt +1 -0
- package/payload/platform/plugins/admin/mcp/dist/__tests__/capabilities-here.test.js +27 -10
- package/payload/platform/plugins/admin/mcp/dist/__tests__/capabilities-here.test.js.map +1 -1
- package/payload/platform/plugins/admin/skills/agent-builder/references/agent-pattern.md +1 -1
- package/payload/platform/plugins/admin/skills/platform-architecture/SKILL.md +40 -2
- package/payload/platform/plugins/cloudflare/skills/calendar-site/SKILL.md +2 -2
- package/payload/platform/plugins/cloudflare/skills/calendar-site/template/public/booking.css +41 -0
- package/payload/platform/plugins/cloudflare/skills/calendar-site/template/public/booking.js +236 -47
- package/payload/platform/plugins/cloudflare/skills/calendar-site/template/public/index.html +6 -0
- package/payload/platform/plugins/connector/.claude-plugin/plugin.json +21 -0
- package/payload/platform/plugins/connector/PLUGIN.md +55 -0
- package/payload/platform/plugins/connector/lib/mcp-spawn-tee/index.js +193 -0
- package/payload/platform/plugins/connector/lib/mcp-spawn-tee/package.json +3 -0
- package/payload/platform/plugins/connector/mcp/dist/index.d.ts +2 -0
- package/payload/platform/plugins/connector/mcp/dist/index.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/index.js +119 -0
- package/payload/platform/plugins/connector/mcp/dist/index.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/call.d.ts +54 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/call.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/call.js +157 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/call.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/redact.d.ts +10 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/redact.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/redact.js +29 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/redact.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/ssrf.d.ts +29 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/ssrf.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/ssrf.js +112 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/ssrf.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/store.d.ts +25 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/store.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/store.js +63 -0
- package/payload/platform/plugins/connector/mcp/dist/lib/store.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/scripts/audit-connectors.d.ts +9 -0
- package/payload/platform/plugins/connector/mcp/dist/scripts/audit-connectors.d.ts.map +1 -0
- package/payload/platform/plugins/connector/mcp/dist/scripts/audit-connectors.js +63 -0
- package/payload/platform/plugins/connector/mcp/dist/scripts/audit-connectors.js.map +1 -0
- package/payload/platform/plugins/connector/mcp/package.json +20 -0
- package/payload/platform/plugins/docs/references/connector.md +33 -0
- package/payload/platform/plugins/docs/references/getting-started.md +1 -1
- package/payload/platform/scripts/check-agent-contract.mjs +97 -0
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +5 -0
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
- package/payload/platform/templates/agents/admin/IDENTITY.md +4 -0
- package/payload/platform/templates/specialists/agents/citation-auditor.md +5 -1
- package/payload/platform/templates/specialists/agents/coding-assistant.md +8 -0
- package/payload/platform/templates/specialists/agents/compiled-truth-rewriter.md +4 -0
- package/payload/platform/templates/specialists/agents/content-producer.md +8 -0
- package/payload/platform/templates/specialists/agents/data-manager.md +9 -1
- package/payload/platform/templates/specialists/agents/database-operator.md +12 -0
- package/payload/platform/templates/specialists/agents/librarian.md +9 -1
- package/payload/platform/templates/specialists/agents/personal-assistant.md +8 -0
- package/payload/platform/templates/specialists/agents/project-manager.md +8 -0
- package/payload/platform/templates/specialists/agents/public-session-reviewer.md +9 -1
- package/payload/platform/templates/specialists/agents/research-assistant.md +8 -0
- package/payload/platform/templates/specialists/agents/typed-edge-classifier.md +4 -2
- package/payload/premium-plugins/writer-craft/agents/writer-craft--manuscript-reviewer.md +12 -0
- package/payload/server/public/assets/{AdminLoginScreens-B1cvICYI.js → AdminLoginScreens-CzdOQKyO.js} +1 -1
- package/payload/server/public/assets/{AdminShell-B-GeoG3j.js → AdminShell-CC-CuN6Y.js} +1 -1
- package/payload/server/public/assets/{Checkbox-DoGMXVpF.js → Checkbox-sQBc9xSy.js} +1 -1
- package/payload/server/public/assets/{OperatorConversations-CfG1EYyP.js → OperatorConversations-CA_2c3sp.js} +1 -1
- package/payload/server/public/assets/OperatorConversations-DPVKGsRS.css +1 -0
- package/payload/server/public/assets/{admin-DF9JDP6a.js → admin-qW6jM6l0.js} +1 -1
- package/payload/server/public/assets/admin-types-DJoj6VJv.js +1 -0
- package/payload/server/public/assets/{browser-Cyi6v8BS.js → browser-BsW6KaxZ.js} +1 -1
- package/payload/server/public/assets/calendar-BPAiN1cL.js +1 -0
- package/payload/server/public/assets/chat-DVD9yoVL.js +1 -0
- package/payload/server/public/assets/{data-CrJZjlQ1.js → data-D_cR_NCZ.js} +1 -1
- package/payload/server/public/assets/{graph-CutaO0w1.js → graph-CmpAy2WP.js} +1 -1
- package/payload/server/public/assets/{graph-labels-CH0sWvcA.js → graph-labels-C0SLq_VP.js} +1 -1
- package/payload/server/public/assets/{operator-CqKk6Twn.js → operator-CrjtJcEY.js} +1 -1
- package/payload/server/public/assets/page-Cf3fVDSo.js +32 -0
- package/payload/server/public/assets/{public-D5lkOp3H.js → public-BkNtvSYp.js} +1 -1
- package/payload/server/public/browser.html +4 -4
- package/payload/server/public/calendar.html +4 -4
- package/payload/server/public/chat.html +6 -6
- package/payload/server/public/data.html +4 -4
- package/payload/server/public/graph.html +6 -6
- package/payload/server/public/index.html +7 -7
- package/payload/server/public/operator.html +8 -8
- package/payload/server/public/public.html +6 -6
- package/payload/server/server.js +153 -83
- package/payload/server/public/assets/OperatorConversations-C8G6Gfgu.css +0 -1
- package/payload/server/public/assets/admin-types-Dg11L4MQ.js +0 -1
- package/payload/server/public/assets/calendar-CA3_Dm8j.js +0 -1
- package/payload/server/public/assets/chat-C4hHkcTu.js +0 -1
- package/payload/server/public/assets/page-Bfm1FN4n.js +0 -30
|
@@ -1,13 +1,29 @@
|
|
|
1
1
|
// Public booking page (calendar-site skill). Dependency-free.
|
|
2
2
|
// 1. Fetch open slots from the brand tunnel free/busy endpoint.
|
|
3
|
-
// 2.
|
|
3
|
+
// 2. Page the horizon five days at a time, let the visitor pick a slot
|
|
4
|
+
// (and, when the operator allows it, extend to back-to-back slots).
|
|
4
5
|
// 3. POST the booking to the same-origin Pages Function (/api/book → D1).
|
|
5
6
|
(function () {
|
|
6
7
|
'use strict'
|
|
7
8
|
|
|
8
|
-
var
|
|
9
|
-
|
|
10
|
-
|
|
9
|
+
var WINDOW_DAYS = 5
|
|
10
|
+
|
|
11
|
+
function metaContent(name) {
|
|
12
|
+
var el = document.querySelector('meta[name="' + name + '"]')
|
|
13
|
+
return el ? el.getAttribute('content') : null
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
// Operator-set booking horizon. The skill rewrites the meta at assemble time;
|
|
17
|
+
// fall back to 14 only when it is absent or left unsubstituted, so pages
|
|
18
|
+
// assembled before this change behave exactly as they did.
|
|
19
|
+
var parsedDaysAhead = parseInt(metaContent('days-ahead'), 10)
|
|
20
|
+
var daysAhead = isFinite(parsedDaysAhead) && parsedDaysAhead > 0 ? parsedDaysAhead : 14
|
|
21
|
+
|
|
22
|
+
// Operator choice: may a visitor combine consecutive open slots into one
|
|
23
|
+
// longer booking? Anything other than the literal "true" is off.
|
|
24
|
+
var allowMultiSlot = metaContent('allow-multi-slot') === 'true'
|
|
25
|
+
|
|
26
|
+
var apiBase = metaContent('api-base') || ''
|
|
11
27
|
|
|
12
28
|
var statusEl = document.getElementById('bk-status')
|
|
13
29
|
var slotsEl = document.getElementById('bk-slots')
|
|
@@ -18,7 +34,12 @@
|
|
|
18
34
|
var durationEl = document.getElementById('bk-duration')
|
|
19
35
|
var backBtn = document.getElementById('bk-back')
|
|
20
36
|
|
|
21
|
-
|
|
37
|
+
// The slots that share the chosen block's day, the index of the first slot
|
|
38
|
+
// in that block, and how many back-to-back slots it spans. count stays 1
|
|
39
|
+
// unless the operator enabled multi-slot bookings.
|
|
40
|
+
var block = null
|
|
41
|
+
// Extend/shorten controls, built lazily once and reused.
|
|
42
|
+
var multiControls = null
|
|
22
43
|
|
|
23
44
|
function setStatus(msg) {
|
|
24
45
|
statusEl.textContent = msg || ''
|
|
@@ -27,9 +48,57 @@
|
|
|
27
48
|
function fmtDayHeading(d) {
|
|
28
49
|
return d.toLocaleDateString([], { weekday: 'long', month: 'long', day: 'numeric' })
|
|
29
50
|
}
|
|
51
|
+
function fmtShortDay(d) {
|
|
52
|
+
return d.toLocaleDateString([], { month: 'short', day: 'numeric' })
|
|
53
|
+
}
|
|
30
54
|
function fmtTime(d) {
|
|
31
55
|
return d.toLocaleTimeString([], { hour: 'numeric', minute: '2-digit' })
|
|
32
56
|
}
|
|
57
|
+
function dayKey(d) {
|
|
58
|
+
return d.toDateString()
|
|
59
|
+
}
|
|
60
|
+
function startOfLocalDay(d) {
|
|
61
|
+
var x = new Date(d)
|
|
62
|
+
x.setHours(0, 0, 0, 0)
|
|
63
|
+
return x
|
|
64
|
+
}
|
|
65
|
+
function clear(el) {
|
|
66
|
+
while (el.firstChild) el.removeChild(el.firstChild)
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
// ---- horizon state, set once per free/busy load -------------------------
|
|
70
|
+
var allDays = [] // local-midnight Date per calendar day in the horizon
|
|
71
|
+
var slotsByDay = {} // dayKey -> ordered slot array
|
|
72
|
+
var windowStart = 0 // index into allDays, advances in WINDOW_DAYS steps
|
|
73
|
+
|
|
74
|
+
// The first and last slot of the chosen block — the single source of the
|
|
75
|
+
// block's index arithmetic, shared by the formatters and the submit payload.
|
|
76
|
+
function firstSlot() {
|
|
77
|
+
return block.daySlots[block.startIdx]
|
|
78
|
+
}
|
|
79
|
+
function lastSlot() {
|
|
80
|
+
return block.daySlots[block.startIdx + block.count - 1]
|
|
81
|
+
}
|
|
82
|
+
function blockStart() {
|
|
83
|
+
return new Date(firstSlot().start)
|
|
84
|
+
}
|
|
85
|
+
function blockEnd() {
|
|
86
|
+
return new Date(lastSlot().end)
|
|
87
|
+
}
|
|
88
|
+
// The slot immediately after the current block, if it is open and back-to-back.
|
|
89
|
+
function nextContiguousSlot() {
|
|
90
|
+
var next = block.daySlots[block.startIdx + block.count]
|
|
91
|
+
if (!next) return null
|
|
92
|
+
return next.start === lastSlot().end ? next : null
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
function fmtChosen() {
|
|
96
|
+
var start = blockStart()
|
|
97
|
+
if (block.count === 1) {
|
|
98
|
+
return fmtDayHeading(start) + ' at ' + fmtTime(start)
|
|
99
|
+
}
|
|
100
|
+
return fmtDayHeading(start) + ', ' + fmtTime(start) + ' – ' + fmtTime(blockEnd())
|
|
101
|
+
}
|
|
33
102
|
|
|
34
103
|
function renderSlots(data) {
|
|
35
104
|
var slots = (data && data.slots) || []
|
|
@@ -37,69 +106,184 @@
|
|
|
37
106
|
durationEl.textContent = data.durationMins + ' minute meeting'
|
|
38
107
|
}
|
|
39
108
|
if (slots.length === 0) {
|
|
40
|
-
setStatus('No open times in the next
|
|
109
|
+
setStatus('No open times in the next ' + daysAhead + ' day' + (daysAhead === 1 ? '' : 's') + '. Please check back later.')
|
|
41
110
|
return
|
|
42
111
|
}
|
|
43
112
|
setStatus('')
|
|
44
113
|
|
|
45
|
-
|
|
46
|
-
|
|
114
|
+
// The full calendar-day list for the horizon, today first. setDate keeps
|
|
115
|
+
// local midnight across DST, unlike adding fixed millisecond spans.
|
|
116
|
+
var today = startOfLocalDay(new Date())
|
|
117
|
+
allDays = []
|
|
118
|
+
for (var i = 0; i < daysAhead; i++) {
|
|
119
|
+
var d = new Date(today)
|
|
120
|
+
d.setDate(today.getDate() + i)
|
|
121
|
+
allDays.push(d)
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
slotsByDay = {}
|
|
47
125
|
slots.forEach(function (s) {
|
|
48
|
-
var
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
126
|
+
var k = dayKey(new Date(s.start))
|
|
127
|
+
if (!slotsByDay[k]) slotsByDay[k] = []
|
|
128
|
+
slotsByDay[k].push(s)
|
|
129
|
+
})
|
|
130
|
+
Object.keys(slotsByDay).forEach(function (k) {
|
|
131
|
+
slotsByDay[k].sort(function (a, b) {
|
|
132
|
+
return new Date(a.start) - new Date(b.start)
|
|
133
|
+
})
|
|
55
134
|
})
|
|
56
135
|
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
136
|
+
windowStart = 0
|
|
137
|
+
console.log('[booking] daysAhead=' + daysAhead + ' allowMultiSlot=' + allowMultiSlot + ' windowStart=' + windowStart)
|
|
138
|
+
renderWindow()
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
function renderWindow() {
|
|
142
|
+
clear(slotsEl)
|
|
143
|
+
|
|
144
|
+
var nav = document.createElement('div')
|
|
145
|
+
nav.className = 'bk-nav'
|
|
146
|
+
|
|
147
|
+
var back = document.createElement('button')
|
|
148
|
+
back.type = 'button'
|
|
149
|
+
back.className = 'bk-arrow'
|
|
150
|
+
back.setAttribute('aria-label', 'Previous days')
|
|
151
|
+
back.textContent = '‹'
|
|
152
|
+
back.disabled = windowStart === 0
|
|
153
|
+
back.addEventListener('click', function () {
|
|
154
|
+
windowStart = Math.max(0, windowStart - WINDOW_DAYS)
|
|
155
|
+
console.log('[booking] windowStart=' + windowStart)
|
|
156
|
+
renderWindow()
|
|
157
|
+
})
|
|
158
|
+
|
|
159
|
+
var label = document.createElement('span')
|
|
160
|
+
label.className = 'bk-nav-label'
|
|
161
|
+
var lastIdx = Math.min(windowStart + WINDOW_DAYS, allDays.length) - 1
|
|
162
|
+
label.textContent = fmtShortDay(allDays[windowStart]) + ' – ' + fmtShortDay(allDays[lastIdx])
|
|
163
|
+
|
|
164
|
+
var fwd = document.createElement('button')
|
|
165
|
+
fwd.type = 'button'
|
|
166
|
+
fwd.className = 'bk-arrow'
|
|
167
|
+
fwd.setAttribute('aria-label', 'Next days')
|
|
168
|
+
fwd.textContent = '›'
|
|
169
|
+
fwd.disabled = windowStart + WINDOW_DAYS >= allDays.length
|
|
170
|
+
fwd.addEventListener('click', function () {
|
|
171
|
+
// Reachable only when not disabled, so a full step always has room.
|
|
172
|
+
windowStart += WINDOW_DAYS
|
|
173
|
+
console.log('[booking] windowStart=' + windowStart)
|
|
174
|
+
renderWindow()
|
|
175
|
+
})
|
|
176
|
+
|
|
177
|
+
nav.appendChild(back)
|
|
178
|
+
nav.appendChild(label)
|
|
179
|
+
nav.appendChild(fwd)
|
|
180
|
+
slotsEl.appendChild(nav)
|
|
181
|
+
|
|
182
|
+
for (var i = windowStart; i < windowStart + WINDOW_DAYS && i < allDays.length; i++) {
|
|
183
|
+
slotsEl.appendChild(renderDayGroup(allDays[i]))
|
|
184
|
+
}
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
// One day's heading plus its slot buttons (or the empty note). Kept as its own
|
|
188
|
+
// function so each slot button closes over that day's own slot array — a shared
|
|
189
|
+
// loop-scoped var would leave every handler pointing at the last day rendered.
|
|
190
|
+
function renderDayGroup(day) {
|
|
191
|
+
var group = document.createElement('div')
|
|
192
|
+
group.className = 'bk-day'
|
|
193
|
+
|
|
194
|
+
var h = document.createElement('h2')
|
|
195
|
+
h.className = 'bk-day-title'
|
|
196
|
+
h.textContent = fmtDayHeading(day)
|
|
197
|
+
group.appendChild(h)
|
|
198
|
+
|
|
199
|
+
var daySlots = slotsByDay[dayKey(day)]
|
|
200
|
+
if (!daySlots || daySlots.length === 0) {
|
|
201
|
+
var note = document.createElement('p')
|
|
202
|
+
note.className = 'bk-day-empty'
|
|
203
|
+
note.textContent = 'No availability'
|
|
204
|
+
group.appendChild(note)
|
|
205
|
+
return group
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
var row = document.createElement('div')
|
|
209
|
+
row.className = 'bk-day-slots'
|
|
210
|
+
daySlots.forEach(function (s, idx) {
|
|
211
|
+
var btn = document.createElement('button')
|
|
212
|
+
btn.type = 'button'
|
|
213
|
+
btn.className = 'bk-slot'
|
|
214
|
+
btn.textContent = fmtTime(new Date(s.start))
|
|
215
|
+
btn.addEventListener('click', function () {
|
|
216
|
+
chooseSlot(daySlots, idx)
|
|
76
217
|
})
|
|
77
|
-
|
|
78
|
-
|
|
218
|
+
row.appendChild(btn)
|
|
219
|
+
})
|
|
220
|
+
group.appendChild(row)
|
|
221
|
+
return group
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
function ensureMultiControls() {
|
|
225
|
+
if (multiControls) return multiControls
|
|
226
|
+
multiControls = document.createElement('div')
|
|
227
|
+
multiControls.className = 'bk-extend'
|
|
228
|
+
|
|
229
|
+
var shorten = document.createElement('button')
|
|
230
|
+
shorten.type = 'button'
|
|
231
|
+
shorten.className = 'bk-extend-btn'
|
|
232
|
+
shorten.id = 'bk-shorten'
|
|
233
|
+
shorten.textContent = '− Shorten'
|
|
234
|
+
shorten.addEventListener('click', function () {
|
|
235
|
+
if (block.count > 1) {
|
|
236
|
+
block.count--
|
|
237
|
+
refreshChosen()
|
|
238
|
+
}
|
|
79
239
|
})
|
|
240
|
+
|
|
241
|
+
var extend = document.createElement('button')
|
|
242
|
+
extend.type = 'button'
|
|
243
|
+
extend.className = 'bk-extend-btn'
|
|
244
|
+
extend.id = 'bk-extend'
|
|
245
|
+
extend.textContent = '+ Add next slot'
|
|
246
|
+
extend.addEventListener('click', function () {
|
|
247
|
+
if (nextContiguousSlot()) {
|
|
248
|
+
block.count++
|
|
249
|
+
refreshChosen()
|
|
250
|
+
}
|
|
251
|
+
})
|
|
252
|
+
|
|
253
|
+
multiControls.appendChild(shorten)
|
|
254
|
+
multiControls.appendChild(extend)
|
|
255
|
+
chosenEl.insertAdjacentElement('afterend', multiControls)
|
|
256
|
+
return multiControls
|
|
257
|
+
}
|
|
258
|
+
|
|
259
|
+
function refreshChosen() {
|
|
260
|
+
chosenEl.textContent = fmtChosen()
|
|
261
|
+
if (!allowMultiSlot) return
|
|
262
|
+
ensureMultiControls()
|
|
263
|
+
document.getElementById('bk-shorten').disabled = block.count <= 1
|
|
264
|
+
document.getElementById('bk-extend').disabled = !nextContiguousSlot()
|
|
80
265
|
}
|
|
81
266
|
|
|
82
|
-
function chooseSlot(
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
chosenEl.textContent = fmtDayHeading(start) + ' at ' + fmtTime(start)
|
|
267
|
+
function chooseSlot(daySlots, idx) {
|
|
268
|
+
block = { daySlots: daySlots, startIdx: idx, count: 1 }
|
|
269
|
+
refreshChosen()
|
|
86
270
|
slotsEl.hidden = true
|
|
87
271
|
formEl.hidden = false
|
|
88
272
|
}
|
|
89
273
|
|
|
90
274
|
backBtn.addEventListener('click', function () {
|
|
91
|
-
|
|
275
|
+
block = null
|
|
92
276
|
formEl.hidden = true
|
|
93
277
|
slotsEl.hidden = false
|
|
94
278
|
})
|
|
95
279
|
|
|
96
280
|
formEl.addEventListener('submit', function (e) {
|
|
97
281
|
e.preventDefault()
|
|
98
|
-
if (!
|
|
282
|
+
if (!block) return
|
|
99
283
|
var fd = new FormData(formEl)
|
|
100
284
|
var payload = {
|
|
101
|
-
slotStart:
|
|
102
|
-
slotEnd:
|
|
285
|
+
slotStart: firstSlot().start,
|
|
286
|
+
slotEnd: lastSlot().end,
|
|
103
287
|
name: fd.get('name'),
|
|
104
288
|
email: fd.get('email'),
|
|
105
289
|
note: fd.get('note'),
|
|
@@ -125,8 +309,7 @@
|
|
|
125
309
|
}
|
|
126
310
|
formEl.hidden = true
|
|
127
311
|
doneEl.hidden = false
|
|
128
|
-
|
|
129
|
-
doneMsg.textContent = 'Confirmed for ' + fmtDayHeading(start) + ' at ' + fmtTime(start) + '. A confirmation will follow by email.'
|
|
312
|
+
doneMsg.textContent = 'Confirmed for ' + fmtChosen() + '. A confirmation will follow by email.'
|
|
130
313
|
})
|
|
131
314
|
.catch(function (err) {
|
|
132
315
|
submitBtn.disabled = false
|
|
@@ -137,8 +320,14 @@
|
|
|
137
320
|
|
|
138
321
|
function load() {
|
|
139
322
|
setStatus('Loading available times…')
|
|
323
|
+
// Fetch exactly the horizon the page renders: from now through the end of
|
|
324
|
+
// the last calendar day in [today, today + daysAhead). Bounding `to` to a
|
|
325
|
+
// local-midnight day edge (not now + daysAhead*24h) keeps the fetched range
|
|
326
|
+
// and the rendered `allDays` window in the same local frame, so no slot is
|
|
327
|
+
// returned for a day the window cannot show.
|
|
140
328
|
var from = new Date()
|
|
141
|
-
var to =
|
|
329
|
+
var to = startOfLocalDay(from)
|
|
330
|
+
to.setDate(to.getDate() + daysAhead)
|
|
142
331
|
var url = apiBase + '/api/calendar/free-busy?from=' + encodeURIComponent(from.toISOString()) + '&to=' + encodeURIComponent(to.toISOString())
|
|
143
332
|
fetch(url)
|
|
144
333
|
.then(function (res) {
|
|
@@ -6,6 +6,12 @@
|
|
|
6
6
|
<!-- The calendar-site skill rewrites the content of this tag to the brand
|
|
7
7
|
tunnel origin that serves /api/calendar/free-busy. -->
|
|
8
8
|
<meta name="api-base" content="__API_BASE__" />
|
|
9
|
+
<!-- Operator-set booking horizon (positive integer days). The skill rewrites
|
|
10
|
+
the content; booking.js falls back to 14 when it is left unsubstituted. -->
|
|
11
|
+
<meta name="days-ahead" content="__DAYS_AHEAD__" />
|
|
12
|
+
<!-- Operator choice: may a visitor combine consecutive open slots into one
|
|
13
|
+
longer booking? "true" or "false"; booking.js falls back to false. -->
|
|
14
|
+
<meta name="allow-multi-slot" content="__ALLOW_MULTI_SLOT__" />
|
|
9
15
|
<title>Book a time</title>
|
|
10
16
|
<link rel="stylesheet" href="/booking.css" />
|
|
11
17
|
</head>
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "connector",
|
|
3
|
+
"description": "Generic credentialed connector — register a named REST API with a static credential, then make host-bound authenticated requests to it. Admin-driven.",
|
|
4
|
+
"version": "0.1.0",
|
|
5
|
+
"author": {
|
|
6
|
+
"name": "Rubytech LLC"
|
|
7
|
+
},
|
|
8
|
+
"mcpServers": {
|
|
9
|
+
"connector": {
|
|
10
|
+
"type": "stdio",
|
|
11
|
+
"command": "node",
|
|
12
|
+
"args": [
|
|
13
|
+
"${CLAUDE_PLUGIN_ROOT}/lib/mcp-spawn-tee/index.js",
|
|
14
|
+
"${CLAUDE_PLUGIN_ROOT}/mcp/dist/index.js"
|
|
15
|
+
],
|
|
16
|
+
"env": {
|
|
17
|
+
"MCP_SPAWN_TEE_NAME": "connector"
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: connector
|
|
3
|
+
description: "Generic credentialed connector — register a named REST API with a static credential, then make host-bound authenticated requests to it. Admin-driven."
|
|
4
|
+
tools:
|
|
5
|
+
- name: connector-register
|
|
6
|
+
publicAllowlist: false
|
|
7
|
+
adminAllowlist: true
|
|
8
|
+
- name: connector-call
|
|
9
|
+
publicAllowlist: false
|
|
10
|
+
adminAllowlist: true
|
|
11
|
+
- name: connector-list
|
|
12
|
+
publicAllowlist: false
|
|
13
|
+
adminAllowlist: true
|
|
14
|
+
- name: connector-deregister
|
|
15
|
+
publicAllowlist: false
|
|
16
|
+
adminAllowlist: true
|
|
17
|
+
metadata: {"platform":{"optional":true,"pluginKey":"connector"}}
|
|
18
|
+
mcp:
|
|
19
|
+
command: node
|
|
20
|
+
args:
|
|
21
|
+
- ${PLATFORM_ROOT}/lib/mcp-spawn-tee/dist/index.js
|
|
22
|
+
- ${PLATFORM_ROOT}/plugins/connector/mcp/dist/index.js
|
|
23
|
+
env:
|
|
24
|
+
MCP_SPAWN_TEE_NAME: connector
|
|
25
|
+
LOG_DIR: ${LOG_DIR}
|
|
26
|
+
PLATFORM_ROOT: ${PLATFORM_ROOT}
|
|
27
|
+
ACCOUNT_ID: ${ACCOUNT_ID}
|
|
28
|
+
SESSION_ID: ${SESSION_ID}
|
|
29
|
+
mcp-manifest: auto
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
# Connector
|
|
33
|
+
|
|
34
|
+
A generic, credentialed bridge to any third-party REST API. Register an API once by name with its base URL and a static credential; the agent can then make authenticated requests to it without a bespoke plugin per integration. This is the capability that lets self-serve agent and skill authoring reach the long tail of niche APIs.
|
|
35
|
+
|
|
36
|
+
The credential is stored in the account's secrets file and is never returned by a tool or written to a log. Every request is confined to the registered API's host: a request aimed at any other host, at a private or loopback address, or a redirect that leaves the host, is refused.
|
|
37
|
+
|
|
38
|
+
## Capabilities
|
|
39
|
+
|
|
40
|
+
- **connector-register** — store a named API's base URL and a static credential. The credential scheme is one of bearer, api-key-header (a named header), or basic. Returns the non-secret record only.
|
|
41
|
+
- **connector-call** — make a request (GET or a mutating method) to a registered connector. The credential is injected from the secret store; the request is host-bound and SSRF-guarded. Returns the status, redacted response headers, and the (size-capped) body.
|
|
42
|
+
- **connector-list** — the registered connectors for this account: names and base URLs only.
|
|
43
|
+
- **connector-deregister** — remove a connector and its stored credential.
|
|
44
|
+
|
|
45
|
+
## Who can use it
|
|
46
|
+
|
|
47
|
+
These tools are admin-driven. The operator's admin agent registers connectors and makes calls; the tools are not granted to any specialist agent, given their reach (arbitrary authenticated outbound requests and a credential store). A vertical agent that needs an external API is served by the admin acting on its behalf.
|
|
48
|
+
|
|
49
|
+
## Credentials and isolation
|
|
50
|
+
|
|
51
|
+
Credentials live only in this account's secrets directory (mode 0600), inside the brand-isolated install — the same store the other credentialed connectors use. Each connector is keyed by name and scoped to the account. A standing audit periodically confirms no stored credential has reached a log and that every registered connector still has its credential.
|
|
52
|
+
|
|
53
|
+
## Scope
|
|
54
|
+
|
|
55
|
+
Static credentials only — OAuth client-credentials and refresh-token flows are a separate capability. HTTP(S) REST only; no GraphQL or SOAP transport. The business logic an operator layers on top of a connected API is authored as a skill, not part of this transport.
|
|
@@ -0,0 +1,193 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
"use strict";
|
|
3
|
+
/**
|
|
4
|
+
* MCP spawn-tee — in-process stderr capture + lifecycle observability.
|
|
5
|
+
*
|
|
6
|
+
* Claude Code spawns each MCP server itself; the platform never holds a
|
|
7
|
+
* ChildProcess handle. This shim sits between Claude Code and the real MCP
|
|
8
|
+
* server: Claude Code runs `node <this> <real-entry>`, and the shim runs the
|
|
9
|
+
* real entry IN ITS OWN PROCESS via dynamic import() — one node runtime, not
|
|
10
|
+
* two. Before importing, it replaces process.stderr.write with a tee so every
|
|
11
|
+
* stderr byte the server writes is mirrored to the log sinks; stdin and stdout
|
|
12
|
+
* (the JSON-RPC channel) are never touched.
|
|
13
|
+
*
|
|
14
|
+
* Claude Code CLI → shim (this file) = node running <real-entry> in-process
|
|
15
|
+
* stdin/stdout : untouched (JSON-RPC channel)
|
|
16
|
+
* stderr : process.stderr.write teed → per-date + per-session + passthrough
|
|
17
|
+
*
|
|
18
|
+
* Destinations (Task 706) — unchanged:
|
|
19
|
+
* - `${LOG_DIR}/mcp-<name>-stderr-<date>.log` — per-date raw (back-compat;
|
|
20
|
+
* the in-process mcp-stderr-tee and the [mcp-init-error] probe read it).
|
|
21
|
+
* - `${LOG_DIR}/mcp-<name>-<SESSION_ID>.log` — per-session raw + lifecycle
|
|
22
|
+
* lines. Authoritative sink. Absent when SESSION_ID is unset (enumeration
|
|
23
|
+
* spawn) — then the per-date file is the fallback.
|
|
24
|
+
* - `server.log` via the loopback log-ingest route — best-effort mirror of
|
|
25
|
+
* the [mcp-helper] lifecycle lines.
|
|
26
|
+
*
|
|
27
|
+
* Lifecycle lines, correlation key `session=<id8> server=<name>` — unchanged:
|
|
28
|
+
* [mcp-helper] op=spawn ... pid= entry=
|
|
29
|
+
* [mcp-helper] op=boot ... head=<first stderr bytes>
|
|
30
|
+
* [mcp-helper] op=exit ... code= signal= lifetimeMs= stderr-tail=
|
|
31
|
+
*
|
|
32
|
+
* Process model (Task 989): the shim IS the server's process. op=exit fires
|
|
33
|
+
* from process.on("exit"), so it covers a normal exit, a non-zero exit, an
|
|
34
|
+
* uncaught throw (code 1), and a catchable-signal exit (SIGTERM/SIGINT/SIGHUP,
|
|
35
|
+
* whose handlers record the signal name). An external SIGKILL is uncatchable
|
|
36
|
+
* and leaves no op=exit line — the per-session stderr tail already on disk and
|
|
37
|
+
* Claude Code's own transport-drop are the evidence for that death mode.
|
|
38
|
+
*
|
|
39
|
+
* The shim never writes to fd 1 (stdout) — that is the JSON-RPC channel.
|
|
40
|
+
*/
|
|
41
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
42
|
+
const node_fs_1 = require("node:fs");
|
|
43
|
+
const node_path_1 = require("node:path");
|
|
44
|
+
const node_url_1 = require("node:url");
|
|
45
|
+
const SERVER_NAME = process.env.MCP_SPAWN_TEE_NAME ?? "unknown";
|
|
46
|
+
const LOG_DIR = process.env.LOG_DIR;
|
|
47
|
+
const SESSION_ID = process.env.SESSION_ID;
|
|
48
|
+
const PLATFORM_PORT = process.env.PLATFORM_PORT;
|
|
49
|
+
const ENTRY = process.argv[2];
|
|
50
|
+
const SESSION_ID8 = SESSION_ID ? SESSION_ID.slice(0, 8) : "—";
|
|
51
|
+
const spawnStamp = Date.now();
|
|
52
|
+
// Per-session raw + lifecycle log (Task 706). Empty SESSION_ID (enumeration
|
|
53
|
+
// spawn) → undefined, and the per-date file is the fallback.
|
|
54
|
+
const perSessionPath = LOG_DIR && SESSION_ID
|
|
55
|
+
? (0, node_path_1.resolve)(LOG_DIR, `mcp-${SERVER_NAME}-${SESSION_ID}.log`)
|
|
56
|
+
: undefined;
|
|
57
|
+
const perDatePath = LOG_DIR
|
|
58
|
+
? (0, node_path_1.resolve)(LOG_DIR, `mcp-${SERVER_NAME}-stderr-${new Date(spawnStamp).toISOString().slice(0, 10)}.log`)
|
|
59
|
+
: undefined;
|
|
60
|
+
// Rolling tail of entry stderr for op=exit. Capped so a chatty server cannot
|
|
61
|
+
// grow the buffer without bound.
|
|
62
|
+
const TAIL_CAP = 2048;
|
|
63
|
+
let stderrTail = "";
|
|
64
|
+
let bootEmitted = false;
|
|
65
|
+
let exitEmitted = false;
|
|
66
|
+
let exitSignal;
|
|
67
|
+
// The real stderr writer, captured before the tee replaces it. Lifecycle lines
|
|
68
|
+
// and stderr passthrough both go through this so they are never re-teed into
|
|
69
|
+
// the per-date sink nor recursed back into the patched writer.
|
|
70
|
+
const rawStderrWrite = process.stderr.write.bind(process.stderr);
|
|
71
|
+
// LOG_DIR is created once, lazily, on the first successful append — not per
|
|
72
|
+
// chunk. teeWrite runs on the server's own stderr hot path now, so a per-call
|
|
73
|
+
// mkdirSync would be two syscalls per log line for nothing.
|
|
74
|
+
let logDirReady = false;
|
|
75
|
+
function appendSafe(path, data) {
|
|
76
|
+
if (!path || !LOG_DIR)
|
|
77
|
+
return;
|
|
78
|
+
try {
|
|
79
|
+
if (!logDirReady) {
|
|
80
|
+
(0, node_fs_1.mkdirSync)(LOG_DIR, { recursive: true });
|
|
81
|
+
logDirReady = true;
|
|
82
|
+
}
|
|
83
|
+
(0, node_fs_1.appendFileSync)(path, data);
|
|
84
|
+
}
|
|
85
|
+
catch {
|
|
86
|
+
/* unwritable destination — never mask primary output */
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
// Best-effort mirror of a lifecycle line to server.log via the loopback
|
|
90
|
+
// log-ingest route. Fire-and-forget: the per-session file is authoritative, so
|
|
91
|
+
// a dropped POST loses nothing. On the "exit" event the loop is stopping, so
|
|
92
|
+
// the op=exit mirror may not flush — the per-session line, written sync, holds.
|
|
93
|
+
function postToServerLog(suffix, level) {
|
|
94
|
+
if (!PLATFORM_PORT)
|
|
95
|
+
return;
|
|
96
|
+
try {
|
|
97
|
+
const ctrl = new AbortController();
|
|
98
|
+
const t = setTimeout(() => ctrl.abort(), 500);
|
|
99
|
+
t.unref?.(); // never let the abort timer keep the shim's event loop alive
|
|
100
|
+
void fetch(`http://127.0.0.1:${PLATFORM_PORT}/api/admin/log-ingest`, {
|
|
101
|
+
method: "POST",
|
|
102
|
+
headers: { "content-type": "application/json" },
|
|
103
|
+
body: JSON.stringify({ tag: "mcp-helper", level, line: suffix }),
|
|
104
|
+
signal: ctrl.signal,
|
|
105
|
+
}).then(() => clearTimeout(t)).catch(() => clearTimeout(t));
|
|
106
|
+
}
|
|
107
|
+
catch {
|
|
108
|
+
/* fetch threw synchronously — best-effort only */
|
|
109
|
+
}
|
|
110
|
+
}
|
|
111
|
+
// Emit one [mcp-helper] lifecycle line: authoritative per-session file (sync,
|
|
112
|
+
// survives process.exit), the shim's own stderr via the RAW writer (journald /
|
|
113
|
+
// Claude Code visibility, never re-teed), and a best-effort server.log mirror.
|
|
114
|
+
// `suffix` is the line body after the tag and carries no newline (the
|
|
115
|
+
// log-ingest route rejects newlines).
|
|
116
|
+
function emitLifecycle(suffix, level) {
|
|
117
|
+
const line = `[mcp-helper] ${suffix}\n`;
|
|
118
|
+
appendSafe(perSessionPath, line);
|
|
119
|
+
try {
|
|
120
|
+
rawStderrWrite(line);
|
|
121
|
+
}
|
|
122
|
+
catch { /* stderr closed */ }
|
|
123
|
+
postToServerLog(suffix, level);
|
|
124
|
+
}
|
|
125
|
+
if (!ENTRY) {
|
|
126
|
+
emitLifecycle(`op=error session=${SESSION_ID8} server=${SERVER_NAME} reason="no entry given (argv[2] missing)"`, "error");
|
|
127
|
+
process.exit(2);
|
|
128
|
+
}
|
|
129
|
+
// Replace process.stderr.write with a tee: mirror every server stderr byte to
|
|
130
|
+
// the per-date and per-session sinks, keep a rolling tail for op=exit, emit
|
|
131
|
+
// op=boot on the first bytes, then pass the write through to the real stderr.
|
|
132
|
+
const teeWrite = ((...args) => {
|
|
133
|
+
const chunk = args[0];
|
|
134
|
+
appendSafe(perDatePath, chunk); // per-date raw (back-compat)
|
|
135
|
+
appendSafe(perSessionPath, chunk); // per-session raw (Task 706)
|
|
136
|
+
const text = typeof chunk === "string" ? chunk : Buffer.from(chunk).toString("utf8");
|
|
137
|
+
stderrTail = (stderrTail + text).slice(-TAIL_CAP);
|
|
138
|
+
if (!bootEmitted) {
|
|
139
|
+
bootEmitted = true;
|
|
140
|
+
const head = text.split("\n")[0].slice(0, 200);
|
|
141
|
+
emitLifecycle(`op=boot session=${SESSION_ID8} server=${SERVER_NAME} head=${JSON.stringify(head)}`, "info");
|
|
142
|
+
}
|
|
143
|
+
return rawStderrWrite(...args); // passthrough
|
|
144
|
+
});
|
|
145
|
+
process.stderr.write = teeWrite;
|
|
146
|
+
// Catchable-signal handling. The shim drives the exit ONLY when it is the sole
|
|
147
|
+
// listener for the signal — i.e. the imported entry installed no handler of its
|
|
148
|
+
// own. In that case it records the signal (so op=exit carries signal=<sig>) and
|
|
149
|
+
// exits with 128+signum, mirroring the prior wrapper's exit-status convention.
|
|
150
|
+
//
|
|
151
|
+
// When the entry DID install a handler, the shim defers entirely and records
|
|
152
|
+
// nothing: the entry's handler decides the exit code, and op=exit reflects that
|
|
153
|
+
// exit verbatim. This matches the prior two-process model, where a child that
|
|
154
|
+
// caught the signal and exited cleanly was observed as code=0 signal=— (a clean
|
|
155
|
+
// self-exit), not as a signal death. Setting exitSignal here unconditionally
|
|
156
|
+
// would mislabel every graceful signal-driven shutdown as a signal kill.
|
|
157
|
+
function onSignal(sig, code) {
|
|
158
|
+
return () => {
|
|
159
|
+
if (process.listenerCount(sig) === 1) {
|
|
160
|
+
exitSignal = sig;
|
|
161
|
+
process.exit(code);
|
|
162
|
+
}
|
|
163
|
+
};
|
|
164
|
+
}
|
|
165
|
+
process.on("SIGTERM", onSignal("SIGTERM", 143));
|
|
166
|
+
process.on("SIGINT", onSignal("SIGINT", 130));
|
|
167
|
+
process.on("SIGHUP", onSignal("SIGHUP", 129));
|
|
168
|
+
// op=exit, emitted once from the process "exit" event. Sync-only — the loop is
|
|
169
|
+
// stopping. When a catchable signal caused the exit, report code=— signal=<sig>
|
|
170
|
+
// to match the prior wrapper's format; otherwise code=<exit code> signal=—.
|
|
171
|
+
process.on("exit", (code) => {
|
|
172
|
+
if (exitEmitted)
|
|
173
|
+
return;
|
|
174
|
+
exitEmitted = true;
|
|
175
|
+
const lifetimeMs = Date.now() - spawnStamp;
|
|
176
|
+
const tail = stderrTail.slice(-200);
|
|
177
|
+
const codeField = exitSignal ? "—" : String(code);
|
|
178
|
+
const level = exitSignal || code !== 0 ? "error" : "info";
|
|
179
|
+
emitLifecycle(`op=exit session=${SESSION_ID8} server=${SERVER_NAME} pid=${process.pid} ` +
|
|
180
|
+
`code=${codeField} signal=${exitSignal ?? "—"} lifetimeMs=${lifetimeMs} stderr-tail=${JSON.stringify(tail)}`, level);
|
|
181
|
+
});
|
|
182
|
+
emitLifecycle(`op=spawn session=${SESSION_ID8} server=${SERVER_NAME} pid=${process.pid} entry=${ENTRY}`, "info");
|
|
183
|
+
// Run the real MCP server in THIS process. Dynamic import() (not top-level
|
|
184
|
+
// await — this file compiles to CommonJS) loads the ESM entry; a load-time
|
|
185
|
+
// failure mirrors the old child spawn-error path (op=error, exit 127). The
|
|
186
|
+
// op=exit handler is suppressed on this path so op=error stays the sole record.
|
|
187
|
+
import((0, node_url_1.pathToFileURL)(ENTRY).href).catch((err) => {
|
|
188
|
+
const msg = err instanceof Error ? err.message : String(err);
|
|
189
|
+
exitEmitted = true;
|
|
190
|
+
emitLifecycle(`op=error session=${SESSION_ID8} server=${SERVER_NAME} reason=${JSON.stringify(`import error: ${msg}`)}`, "error");
|
|
191
|
+
process.exit(127);
|
|
192
|
+
});
|
|
193
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}
|