@rubytech/create-maxy-code 0.1.363 → 0.1.365

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/package.json +1 -1
  2. package/payload/platform/plugins/whatsapp/.claude-plugin/plugin.json +1 -1
  3. package/payload/platform/plugins/whatsapp/PLUGIN.md +8 -1
  4. package/payload/platform/plugins/whatsapp/mcp/dist/index.js +16 -0
  5. package/payload/platform/plugins/whatsapp/mcp/dist/index.js.map +1 -1
  6. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
  7. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +1 -0
  8. package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
  9. package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
  10. package/payload/platform/services/claude-session-manager/dist/http-server.js +40 -6
  11. package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
  12. package/payload/platform/services/claude-session-manager/dist/index.js +12 -0
  13. package/payload/platform/services/claude-session-manager/dist/index.js.map +1 -1
  14. package/payload/platform/services/claude-session-manager/dist/session-cap-audit.d.ts +23 -0
  15. package/payload/platform/services/claude-session-manager/dist/session-cap-audit.d.ts.map +1 -0
  16. package/payload/platform/services/claude-session-manager/dist/session-cap-audit.js +104 -0
  17. package/payload/platform/services/claude-session-manager/dist/session-cap-audit.js.map +1 -0
  18. package/payload/platform/services/claude-session-manager/dist/session-memory-cap.d.ts +7 -0
  19. package/payload/platform/services/claude-session-manager/dist/session-memory-cap.d.ts.map +1 -0
  20. package/payload/platform/services/claude-session-manager/dist/session-memory-cap.js +22 -0
  21. package/payload/platform/services/claude-session-manager/dist/session-memory-cap.js.map +1 -0
  22. package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts +8 -0
  23. package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts.map +1 -1
  24. package/payload/platform/services/claude-session-manager/dist/system-prompt.js +25 -3
  25. package/payload/platform/services/claude-session-manager/dist/system-prompt.js.map +1 -1
  26. package/payload/platform/services/claude-session-manager/dist/systemd-scope.d.ts +6 -0
  27. package/payload/platform/services/claude-session-manager/dist/systemd-scope.d.ts.map +1 -1
  28. package/payload/platform/services/claude-session-manager/dist/systemd-scope.js +3 -0
  29. package/payload/platform/services/claude-session-manager/dist/systemd-scope.js.map +1 -1
  30. package/payload/platform/templates/specialists/agents/personal-assistant.md +1 -1
  31. package/payload/server/public/assets/{graph-BIAaLslC.js → graph-DfUM66RH.js} +4 -4
  32. package/payload/server/public/graph.html +1 -1
  33. package/payload/server/server.js +66 -15
@@ -5,7 +5,7 @@
5
5
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
6
  <title>Graph — Maxy</title>
7
7
  <link rel="icon" href="/favicon.ico">
8
- <script type="module" crossorigin src="/assets/graph-BIAaLslC.js"></script>
8
+ <script type="module" crossorigin src="/assets/graph-DfUM66RH.js"></script>
9
9
  <link rel="modulepreload" crossorigin href="/assets/chunk-CAM3fms7.js">
10
10
  <link rel="modulepreload" crossorigin href="/assets/OperatorConversations-BwnO3IUP.js">
11
11
  <link rel="modulepreload" crossorigin href="/assets/graph-labels-CXt55mIP.js">
@@ -6622,6 +6622,43 @@ app2.post("/send-document", async (c) => {
6622
6622
  return c.json({ error: String(err) }, 500);
6623
6623
  }
6624
6624
  });
6625
+ app2.post("/send-admin", async (c) => {
6626
+ try {
6627
+ const body = await c.req.json().catch(() => ({}));
6628
+ const { phone, text } = body;
6629
+ if (!phone || typeof phone !== "string") {
6630
+ return c.json({ error: 'Missing required field "phone" (E.164 format, e.g. +441234567890).' }, 400);
6631
+ }
6632
+ if (!text || typeof text !== "string") {
6633
+ return c.json({ error: 'Missing required field "text".' }, 400);
6634
+ }
6635
+ const account = resolveAccount();
6636
+ if (!account) {
6637
+ return c.json({ error: "No account configured." }, 500);
6638
+ }
6639
+ const adminPhones = readAdminPhones(account.accountDir);
6640
+ if (!isAdminPhone(phone, adminPhones)) {
6641
+ console.error(`[whatsapp:outbound] op=send-refused reason=not-admin-phone to=${phone}`);
6642
+ return c.json(
6643
+ { error: `Refused: ${phone} is not on the admin-phone list. Only a number registered with whatsapp-config add-admin-phone can receive an agent-initiated send.` },
6644
+ 403
6645
+ );
6646
+ }
6647
+ const accountId = validateAccountId(body.accountId);
6648
+ const sock = getSocket(accountId);
6649
+ if (!sock) {
6650
+ return c.json({ error: `WhatsApp account "${accountId}" is not connected.` }, 503);
6651
+ }
6652
+ const result = await sendTextMessage(sock, normalizeE164(phone), text, { accountId });
6653
+ if (!result.success) {
6654
+ return c.json({ error: result.error ?? "send failed" }, 500);
6655
+ }
6656
+ return c.json({ success: true, messageId: result.messageId });
6657
+ } catch (err) {
6658
+ console.error(`${TAG20} send-admin error: ${String(err)}`);
6659
+ return c.json({ error: String(err) }, 500);
6660
+ }
6661
+ });
6625
6662
  app2.get("/activity", (c) => {
6626
6663
  try {
6627
6664
  const accountId = c.req.query("accountId") ?? void 0;
@@ -10019,11 +10056,16 @@ var MAX_FILE_LEN = 300;
10019
10056
  var RATE_LIMIT_PER_MIN = 20;
10020
10057
  var WINDOW_MS = 60 * 1e3;
10021
10058
  var rateHits = /* @__PURE__ */ new Map();
10022
- function checkRateLimit2(ip) {
10059
+ var ERROR_KINDS = /* @__PURE__ */ new Set(["uncaught", "unhandled-rejection", "subresource"]);
10060
+ function rateKey(ip, cls) {
10061
+ return cls === "error" ? ip : `${ip} telemetry`;
10062
+ }
10063
+ function checkRateLimit2(ip, cls) {
10064
+ const key = rateKey(ip, cls);
10023
10065
  const now = Date.now();
10024
- const rec = rateHits.get(ip);
10066
+ const rec = rateHits.get(key);
10025
10067
  if (!rec || now - rec.windowStart >= WINDOW_MS) {
10026
- rateHits.set(ip, { windowStart: now, count: 1, blocked: 0, lastLoggedBlocked: 0 });
10068
+ rateHits.set(key, { windowStart: now, count: 1, blocked: 0, lastLoggedBlocked: 0 });
10027
10069
  return { allow: true, blocked: 0, shouldLog: false };
10028
10070
  }
10029
10071
  rec.count++;
@@ -10059,6 +10101,14 @@ function rotateIfNeeded() {
10059
10101
  console.error(`[client-error] log rotation failed: ${err instanceof Error ? err.message : String(err)}`);
10060
10102
  }
10061
10103
  }
10104
+ function telemetryFloodGuard(c, ip) {
10105
+ const rate = checkRateLimit2(ip, "telemetry");
10106
+ if (rate.allow) return null;
10107
+ if (rate.shouldLog) {
10108
+ console.error(`[client-error-rate-limit] ip=${ip} class=telemetry blocked=${rate.blocked}`);
10109
+ }
10110
+ return c.text("Too many requests", 429);
10111
+ }
10062
10112
  var app10 = new Hono();
10063
10113
  app10.post("/", async (c) => {
10064
10114
  const client = resolveClientIp(
@@ -10066,31 +10116,24 @@ app10.post("/", async (c) => {
10066
10116
  c.req.header("x-forwarded-for")
10067
10117
  );
10068
10118
  const ip = client.ip || "unknown";
10069
- const rate = checkRateLimit2(ip);
10070
- if (!rate.allow) {
10071
- if (rate.shouldLog) {
10072
- console.error(`[client-error-rate-limit] ip=${ip} blocked=${rate.blocked}`);
10073
- }
10074
- return c.text("Too many requests", 429);
10075
- }
10076
10119
  let raw;
10077
10120
  try {
10078
10121
  raw = await c.req.text();
10079
10122
  } catch {
10080
- return c.text("Bad request", 400);
10123
+ return telemetryFloodGuard(c, ip) ?? c.text("Bad request", 400);
10081
10124
  }
10082
10125
  if (Buffer.byteLength(raw) > MAX_BODY_SIZE) {
10083
- return c.text("Payload too large", 413);
10126
+ return telemetryFloodGuard(c, ip) ?? c.text("Payload too large", 413);
10084
10127
  }
10085
10128
  let body;
10086
10129
  try {
10087
10130
  const parsed = JSON.parse(raw);
10088
10131
  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
10089
- return c.text("Invalid body", 400);
10132
+ return telemetryFloodGuard(c, ip) ?? c.text("Invalid body", 400);
10090
10133
  }
10091
10134
  body = parsed;
10092
10135
  } catch {
10093
- return c.text("Invalid JSON", 400);
10136
+ return telemetryFloodGuard(c, ip) ?? c.text("Invalid JSON", 400);
10094
10137
  }
10095
10138
  const kindRaw = typeof body.kind === "string" ? body.kind : "unknown";
10096
10139
  const allowedKinds = /* @__PURE__ */ new Set([
@@ -10105,6 +10148,14 @@ app10.post("/", async (c) => {
10105
10148
  "event"
10106
10149
  ]);
10107
10150
  const kind = allowedKinds.has(kindRaw) ? kindRaw : "unknown";
10151
+ const cls = ERROR_KINDS.has(kind) ? "error" : "telemetry";
10152
+ const rate = checkRateLimit2(ip, cls);
10153
+ if (!rate.allow) {
10154
+ if (rate.shouldLog) {
10155
+ console.error(`[client-error-rate-limit] ip=${ip} class=${cls} blocked=${rate.blocked}`);
10156
+ }
10157
+ return c.text("Too many requests", 429);
10158
+ }
10108
10159
  const msg = truncate(body.msg, MAX_MSG_LEN);
10109
10160
  const url = truncate(body.url, MAX_URL_LEN);
10110
10161
  const ua = truncate(body.ua, MAX_UA_LEN);
@@ -10122,7 +10173,7 @@ app10.post("/", async (c) => {
10122
10173
  const safe = typeof v === "string" ? truncate(v, 200) : typeof v === "number" || typeof v === "boolean" ? String(v) : JSON.stringify(v).slice(0, 200);
10123
10174
  return `${k}=${safe}`;
10124
10175
  }).join(" ");
10125
- const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set(["stream-log-click", "pwa"]);
10176
+ const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set(["stream-log-click", "pwa", "graph-freeze"]);
10126
10177
  if (TAGGED_PREFIX_SOURCES.has(source)) {
10127
10178
  console.log(
10128
10179
  `[${source}] ts=${ts} ip=${ip} version=${version || "unknown"}${extra ? " " + extra : ""}`