@rubytech/create-maxy-code 0.1.363 → 0.1.365
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/payload/platform/plugins/whatsapp/.claude-plugin/plugin.json +1 -1
- package/payload/platform/plugins/whatsapp/PLUGIN.md +8 -1
- package/payload/platform/plugins/whatsapp/mcp/dist/index.js +16 -0
- package/payload/platform/plugins/whatsapp/mcp/dist/index.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js +1 -0
- package/payload/platform/services/claude-session-manager/dist/canonical-tool-names.generated.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/http-server.js +40 -6
- package/payload/platform/services/claude-session-manager/dist/http-server.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/index.js +12 -0
- package/payload/platform/services/claude-session-manager/dist/index.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/session-cap-audit.d.ts +23 -0
- package/payload/platform/services/claude-session-manager/dist/session-cap-audit.d.ts.map +1 -0
- package/payload/platform/services/claude-session-manager/dist/session-cap-audit.js +104 -0
- package/payload/platform/services/claude-session-manager/dist/session-cap-audit.js.map +1 -0
- package/payload/platform/services/claude-session-manager/dist/session-memory-cap.d.ts +7 -0
- package/payload/platform/services/claude-session-manager/dist/session-memory-cap.d.ts.map +1 -0
- package/payload/platform/services/claude-session-manager/dist/session-memory-cap.js +22 -0
- package/payload/platform/services/claude-session-manager/dist/session-memory-cap.js.map +1 -0
- package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts +8 -0
- package/payload/platform/services/claude-session-manager/dist/system-prompt.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/system-prompt.js +25 -3
- package/payload/platform/services/claude-session-manager/dist/system-prompt.js.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/systemd-scope.d.ts +6 -0
- package/payload/platform/services/claude-session-manager/dist/systemd-scope.d.ts.map +1 -1
- package/payload/platform/services/claude-session-manager/dist/systemd-scope.js +3 -0
- package/payload/platform/services/claude-session-manager/dist/systemd-scope.js.map +1 -1
- package/payload/platform/templates/specialists/agents/personal-assistant.md +1 -1
- package/payload/server/public/assets/{graph-BIAaLslC.js → graph-DfUM66RH.js} +4 -4
- package/payload/server/public/graph.html +1 -1
- package/payload/server/server.js +66 -15
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
6
6
|
<title>Graph — Maxy</title>
|
|
7
7
|
<link rel="icon" href="/favicon.ico">
|
|
8
|
-
<script type="module" crossorigin src="/assets/graph-
|
|
8
|
+
<script type="module" crossorigin src="/assets/graph-DfUM66RH.js"></script>
|
|
9
9
|
<link rel="modulepreload" crossorigin href="/assets/chunk-CAM3fms7.js">
|
|
10
10
|
<link rel="modulepreload" crossorigin href="/assets/OperatorConversations-BwnO3IUP.js">
|
|
11
11
|
<link rel="modulepreload" crossorigin href="/assets/graph-labels-CXt55mIP.js">
|
package/payload/server/server.js
CHANGED
|
@@ -6622,6 +6622,43 @@ app2.post("/send-document", async (c) => {
|
|
|
6622
6622
|
return c.json({ error: String(err) }, 500);
|
|
6623
6623
|
}
|
|
6624
6624
|
});
|
|
6625
|
+
app2.post("/send-admin", async (c) => {
|
|
6626
|
+
try {
|
|
6627
|
+
const body = await c.req.json().catch(() => ({}));
|
|
6628
|
+
const { phone, text } = body;
|
|
6629
|
+
if (!phone || typeof phone !== "string") {
|
|
6630
|
+
return c.json({ error: 'Missing required field "phone" (E.164 format, e.g. +441234567890).' }, 400);
|
|
6631
|
+
}
|
|
6632
|
+
if (!text || typeof text !== "string") {
|
|
6633
|
+
return c.json({ error: 'Missing required field "text".' }, 400);
|
|
6634
|
+
}
|
|
6635
|
+
const account = resolveAccount();
|
|
6636
|
+
if (!account) {
|
|
6637
|
+
return c.json({ error: "No account configured." }, 500);
|
|
6638
|
+
}
|
|
6639
|
+
const adminPhones = readAdminPhones(account.accountDir);
|
|
6640
|
+
if (!isAdminPhone(phone, adminPhones)) {
|
|
6641
|
+
console.error(`[whatsapp:outbound] op=send-refused reason=not-admin-phone to=${phone}`);
|
|
6642
|
+
return c.json(
|
|
6643
|
+
{ error: `Refused: ${phone} is not on the admin-phone list. Only a number registered with whatsapp-config add-admin-phone can receive an agent-initiated send.` },
|
|
6644
|
+
403
|
|
6645
|
+
);
|
|
6646
|
+
}
|
|
6647
|
+
const accountId = validateAccountId(body.accountId);
|
|
6648
|
+
const sock = getSocket(accountId);
|
|
6649
|
+
if (!sock) {
|
|
6650
|
+
return c.json({ error: `WhatsApp account "${accountId}" is not connected.` }, 503);
|
|
6651
|
+
}
|
|
6652
|
+
const result = await sendTextMessage(sock, normalizeE164(phone), text, { accountId });
|
|
6653
|
+
if (!result.success) {
|
|
6654
|
+
return c.json({ error: result.error ?? "send failed" }, 500);
|
|
6655
|
+
}
|
|
6656
|
+
return c.json({ success: true, messageId: result.messageId });
|
|
6657
|
+
} catch (err) {
|
|
6658
|
+
console.error(`${TAG20} send-admin error: ${String(err)}`);
|
|
6659
|
+
return c.json({ error: String(err) }, 500);
|
|
6660
|
+
}
|
|
6661
|
+
});
|
|
6625
6662
|
app2.get("/activity", (c) => {
|
|
6626
6663
|
try {
|
|
6627
6664
|
const accountId = c.req.query("accountId") ?? void 0;
|
|
@@ -10019,11 +10056,16 @@ var MAX_FILE_LEN = 300;
|
|
|
10019
10056
|
var RATE_LIMIT_PER_MIN = 20;
|
|
10020
10057
|
var WINDOW_MS = 60 * 1e3;
|
|
10021
10058
|
var rateHits = /* @__PURE__ */ new Map();
|
|
10022
|
-
|
|
10059
|
+
var ERROR_KINDS = /* @__PURE__ */ new Set(["uncaught", "unhandled-rejection", "subresource"]);
|
|
10060
|
+
function rateKey(ip, cls) {
|
|
10061
|
+
return cls === "error" ? ip : `${ip} telemetry`;
|
|
10062
|
+
}
|
|
10063
|
+
function checkRateLimit2(ip, cls) {
|
|
10064
|
+
const key = rateKey(ip, cls);
|
|
10023
10065
|
const now = Date.now();
|
|
10024
|
-
const rec = rateHits.get(
|
|
10066
|
+
const rec = rateHits.get(key);
|
|
10025
10067
|
if (!rec || now - rec.windowStart >= WINDOW_MS) {
|
|
10026
|
-
rateHits.set(
|
|
10068
|
+
rateHits.set(key, { windowStart: now, count: 1, blocked: 0, lastLoggedBlocked: 0 });
|
|
10027
10069
|
return { allow: true, blocked: 0, shouldLog: false };
|
|
10028
10070
|
}
|
|
10029
10071
|
rec.count++;
|
|
@@ -10059,6 +10101,14 @@ function rotateIfNeeded() {
|
|
|
10059
10101
|
console.error(`[client-error] log rotation failed: ${err instanceof Error ? err.message : String(err)}`);
|
|
10060
10102
|
}
|
|
10061
10103
|
}
|
|
10104
|
+
function telemetryFloodGuard(c, ip) {
|
|
10105
|
+
const rate = checkRateLimit2(ip, "telemetry");
|
|
10106
|
+
if (rate.allow) return null;
|
|
10107
|
+
if (rate.shouldLog) {
|
|
10108
|
+
console.error(`[client-error-rate-limit] ip=${ip} class=telemetry blocked=${rate.blocked}`);
|
|
10109
|
+
}
|
|
10110
|
+
return c.text("Too many requests", 429);
|
|
10111
|
+
}
|
|
10062
10112
|
var app10 = new Hono();
|
|
10063
10113
|
app10.post("/", async (c) => {
|
|
10064
10114
|
const client = resolveClientIp(
|
|
@@ -10066,31 +10116,24 @@ app10.post("/", async (c) => {
|
|
|
10066
10116
|
c.req.header("x-forwarded-for")
|
|
10067
10117
|
);
|
|
10068
10118
|
const ip = client.ip || "unknown";
|
|
10069
|
-
const rate = checkRateLimit2(ip);
|
|
10070
|
-
if (!rate.allow) {
|
|
10071
|
-
if (rate.shouldLog) {
|
|
10072
|
-
console.error(`[client-error-rate-limit] ip=${ip} blocked=${rate.blocked}`);
|
|
10073
|
-
}
|
|
10074
|
-
return c.text("Too many requests", 429);
|
|
10075
|
-
}
|
|
10076
10119
|
let raw;
|
|
10077
10120
|
try {
|
|
10078
10121
|
raw = await c.req.text();
|
|
10079
10122
|
} catch {
|
|
10080
|
-
return c.text("Bad request", 400);
|
|
10123
|
+
return telemetryFloodGuard(c, ip) ?? c.text("Bad request", 400);
|
|
10081
10124
|
}
|
|
10082
10125
|
if (Buffer.byteLength(raw) > MAX_BODY_SIZE) {
|
|
10083
|
-
return c.text("Payload too large", 413);
|
|
10126
|
+
return telemetryFloodGuard(c, ip) ?? c.text("Payload too large", 413);
|
|
10084
10127
|
}
|
|
10085
10128
|
let body;
|
|
10086
10129
|
try {
|
|
10087
10130
|
const parsed = JSON.parse(raw);
|
|
10088
10131
|
if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
|
|
10089
|
-
return c.text("Invalid body", 400);
|
|
10132
|
+
return telemetryFloodGuard(c, ip) ?? c.text("Invalid body", 400);
|
|
10090
10133
|
}
|
|
10091
10134
|
body = parsed;
|
|
10092
10135
|
} catch {
|
|
10093
|
-
return c.text("Invalid JSON", 400);
|
|
10136
|
+
return telemetryFloodGuard(c, ip) ?? c.text("Invalid JSON", 400);
|
|
10094
10137
|
}
|
|
10095
10138
|
const kindRaw = typeof body.kind === "string" ? body.kind : "unknown";
|
|
10096
10139
|
const allowedKinds = /* @__PURE__ */ new Set([
|
|
@@ -10105,6 +10148,14 @@ app10.post("/", async (c) => {
|
|
|
10105
10148
|
"event"
|
|
10106
10149
|
]);
|
|
10107
10150
|
const kind = allowedKinds.has(kindRaw) ? kindRaw : "unknown";
|
|
10151
|
+
const cls = ERROR_KINDS.has(kind) ? "error" : "telemetry";
|
|
10152
|
+
const rate = checkRateLimit2(ip, cls);
|
|
10153
|
+
if (!rate.allow) {
|
|
10154
|
+
if (rate.shouldLog) {
|
|
10155
|
+
console.error(`[client-error-rate-limit] ip=${ip} class=${cls} blocked=${rate.blocked}`);
|
|
10156
|
+
}
|
|
10157
|
+
return c.text("Too many requests", 429);
|
|
10158
|
+
}
|
|
10108
10159
|
const msg = truncate(body.msg, MAX_MSG_LEN);
|
|
10109
10160
|
const url = truncate(body.url, MAX_URL_LEN);
|
|
10110
10161
|
const ua = truncate(body.ua, MAX_UA_LEN);
|
|
@@ -10122,7 +10173,7 @@ app10.post("/", async (c) => {
|
|
|
10122
10173
|
const safe = typeof v === "string" ? truncate(v, 200) : typeof v === "number" || typeof v === "boolean" ? String(v) : JSON.stringify(v).slice(0, 200);
|
|
10123
10174
|
return `${k}=${safe}`;
|
|
10124
10175
|
}).join(" ");
|
|
10125
|
-
const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set(["stream-log-click", "pwa"]);
|
|
10176
|
+
const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set(["stream-log-click", "pwa", "graph-freeze"]);
|
|
10126
10177
|
if (TAGGED_PREFIX_SOURCES.has(source)) {
|
|
10127
10178
|
console.log(
|
|
10128
10179
|
`[${source}] ts=${ts} ip=${ip} version=${version || "unknown"}${extra ? " " + extra : ""}`
|