@rubytech/create-maxy 0.3.9 → 0.4.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "0.3.9",
+  "version": "0.4.1",
   "description": "Install Maxy — your personal AI assistant",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/.claude/references/principles.md

@@ -12,7 +12,7 @@ Everything an end user does must be achievable via the chat interface. No CLI. N
 - Conversational onboarding (IDENTITY.md placeholder population) is the configuration mechanism
 - Setup scripts install infrastructure only — product configuration happens via chat
 - If there is no conversational path to use a feature, the feature is incomplete
-- Exception: Phase 0 seed script (dog-food product knowledge). Customer devices onboard conversationally.
+- Product knowledge is ingested as markdown via the admin agent — there are no seed scripts.
 
 ---
 
@@ -48,6 +48,17 @@ Infrastructure endpoints (`localhost:7687`, `localhost:11434`) may have defaults
 
 ---
 
+## No Environment Variables for Credentials
+
+Credentials are stored as files in `~/.maxy/` (persistent across upgrades):
+- Neo4j password: `~/.maxy/.neo4j-password` (generated by installer)
+- Admin PIN: `~/.maxy/.admin-pin` (set via web UI on first boot)
+- Claude auth: OAuth flow in the web UI (managed by Claude Code)
+
+There is no `.env.local`. MCP servers read the password file directly.
+
+---
+
 ## PRD Is Source of Truth
 
 `MAXY-PRD.md` is the single authority for all standards, data models, and architecture. Do not rely on patterns found in existing skill code — they may diverge from the PRD.

package/payload/docs/deployment.md

@@ -21,12 +21,17 @@ When complete, open `http://maxy.local:19200` from any device on the same networ
 7. Creates the initial account from templates
 8. Applies the Neo4j schema
 
-## Post-install (all via conversation)
+## Onboarding (all via web UI)
 
-Open `http://maxy.local:19200` from any device on the same network and tell the admin agent what you need:
+Open `http://maxy.local:19200` from any device on the same network. The onboarding flow is:
 
-- "Set my admin PIN" — secures admin access
-- "Ingest the product knowledge" — loads the knowledge base
+1. **Set PIN** — choose an admin PIN (stored at `~/.maxy/.admin-pin`)
+2. **Connect Claude** — OAuth flow in the web UI (no API keys, no environment variables)
+3. **Chat** — the admin agent is ready
+
+From there, tell the admin agent what you need:
+
+- "Ingest the product knowledge" — loads the knowledge base (ingested as markdown, not cypher)
 - "Set up Telegram" — walks through BotFather bot creation
 - "Set up Cloudflare Tunnel" — configures remote access on your domain
 - "Check system status" — verifies all services are running

package/payload/docs/hooks.md

@@ -16,8 +16,9 @@ Fires at the beginning of each agent session. Loads the agent's IDENTITY.md from
 
 Fires before every tool call. Enforces the public agent lockdown.
 
-**Public agent:** Single tool allowed:
+**Public agent:** Two tools allowed:
 - `memory-search` / `mcp__maxy-memory__memory-search`
+- `skill-read` / `mcp__maxy-admin__skill-read`
 
 All other tools are blocked with exit code 2 and an error message. The public agent has zero write surface.
 

package/payload/docs/mcp-servers.md

@@ -13,11 +13,11 @@ Graph-backed knowledge retrieval. The backbone of RAG (Retrieval-Augmented Gener
 
 **Dependencies:** Neo4j (bolt://localhost:7687), Ollama (http://localhost:11434)
 
-**Environment:**
-- `NEO4J_URI`, `NEO4J_USER`, `NEO4J_PASSWORD` — Neo4j connection
-- `OLLAMA_URL` — Ollama API endpoint
-- `ACCOUNT_ID` — Account scope (default: "maxy")
-- `READ_ONLY` — When "true", memory-write and memory-reindex are not registered
+**Configuration:**
+- Neo4j password read from `~/.maxy/.neo4j-password` (generated by installer)
+- Ollama endpoint: `http://localhost:11434` (local default)
+- Account ID passed by the runtime per session
+- Read-only mode: when enabled, memory-write and memory-reindex are not registered (used for public agent)
 
 ## maxy-contacts
 
@@ -40,7 +40,8 @@ Multi-channel message delivery. Phase 0: Telegram only.
 - `message-history` — Query conversation log (Communication nodes in Neo4j).
 
 **Dependencies:** Telegram Bot API
-**Environment:** `TELEGRAM_PUBLIC_BOT_TOKEN`
+
+**Configuration:** Bot token stored in the account config directory (`~/maxy/platform/config/accounts/{uuid}/`), set via conversational onboarding.
 
 ## maxy-admin
 
@@ -52,7 +53,7 @@ System status and configuration reading.
 - `account-manage` — Read account config (tier, domains, settings).
 - `logs-read` — Read system, session, or error logs (tail).
 
-**Environment:** `PLATFORM_ROOT` — path to platform directory, `ACCOUNT_ID` — account UUID
+**Configuration:** Platform root and account ID passed by the runtime per session.
 
 ### Cloudflare Tunnel Management
 

package/payload/docs/neo4j.md

@@ -35,14 +35,14 @@ Neo4j's built-in HNSW vector index is used for semantic search:
 
 The `memory-search` tool embeds the query via Ollama, runs vector similarity search against the index, then expands results via 1-hop graph traversal to include related nodes (e.g., Service → PriceSpecification).
 
-## Seed Data
+## Credentials
 
-Product knowledge is seeded via Cypher scripts in `platform/neo4j/`:
-- `schema.cypher` — constraints, indexes, vector index creation
-- `seed-product-knowledge.cypher` — all product data (tiers, features, FAQs, comparisons)
+The Neo4j password is generated by the installer and stored at `~/.maxy/.neo4j-password`. MCP servers read from this file. There are no environment variables for credentials.
 
-Run via `platform/scripts/seed-neo4j.sh`.
+## Product Knowledge
+
+Product knowledge is ingested as markdown via the admin agent using `memory-write`. There are no seed scripts or pre-configured cypher files for product data. The schema (constraints, indexes, vector index) is applied by the installer via `platform/neo4j/schema.cypher`.
 
 ## Embedding Pipeline
 
-After seeding, run `memory-reindex` (via the admin agent or directly) to compute embeddings for all nodes. This calls Ollama's `/api/embed` endpoint with `nomic-embed-text` and stores the resulting 768-dimensional vectors on each node.
+When the admin agent writes knowledge via `memory-write`, embeddings are computed automatically. The `memory-reindex` tool rebuilds embeddings for any nodes missing them (e.g., after a bulk import). This calls Ollama's `/api/embed` endpoint with `nomic-embed-text` and stores the resulting 768-dimensional vectors on each node.

package/payload/docs/platform.md

@@ -36,9 +36,9 @@ platform/
 
 | Agent | Access | Model | Tools | Use |
 |-------|--------|-------|-------|-----|
-| Public | Read-only | claude-haiku-4-5 | memory-search | Sales, product enquiries |
+| Public | Read-only | claude-haiku-4-5 | memory-search, skill-read | Sales, product enquiries |
 | Admin | Full | claude-opus-4-6 | All MCP tools + Claude Code native tools | Content management, monitoring |
 
 ## Security Model
 
-The public agent is locked down via the `pre-tool-use.sh` hook. It can only call `memory-search` — a single read-only tool. All other tool calls are blocked with exit code 2. The public agent has zero write surface; waitlist signups captured in conversation are extracted by the admin cron review job. The admin agent has no restrictions.
+The public agent is locked down via the `pre-tool-use.sh` hook. It can only call `memory-search` and `skill-read` — two read-only tools. All other tool calls are blocked with exit code 2. The public agent has zero write surface; waitlist signups captured in conversation are extracted by the admin cron review job. The admin agent has no restrictions.

package/payload/docs/skills.md

@@ -10,7 +10,7 @@ Skills are domain-specific behaviour modules that teach agents how to handle spe
 | `business-assistant` | CRM, scheduling, quoting, invoicing, memory-first operations | Admin agent |
 | `telegram` | Telegram bot setup guide (BotFather, webhook, admin vs public) | Admin agent |
 | `cloudflare` | Cloudflare Tunnel setup guide (installation, DNS, domain) | Admin agent |
-| `anthropic` | Claude connection setup (OAuth, API key) | Admin agent |
+| `anthropic` | Claude connection setup (OAuth flow via web UI) | Admin agent |
 
 ## Skill Format
 

package/payload/docs/web-chat.md

@@ -2,16 +2,20 @@
 
 The web chat is a Next.js 16 application in `maxy/` that serves both the public sales agent and the admin agent.
 
-## Domain Routing
+## Routing
 
-| Domain | Route | Page |
+| Access | Route | Page |
 |--------|-------|------|
-| `public.maxy.bot` | `/` | Public chat (SSE streaming, text only) |
-| `admin.maxy.bot` | `/admin` | Admin chat (SSE streaming, full activity) |
+| Local (`maxy.local:19200`) | `/` | Admin chat (PIN-gated, SSE streaming, full activity) |
+| Local (`maxy.local:19200`) | `/public` | Public chat (SSE streaming, text only) |
+| `public.maxy.bot` (Cloudflare Tunnel) | `/public` | Public chat |
+| `admin.maxy.bot` (Cloudflare Tunnel) | `/` | Admin chat |
 | `getmaxy.com` | `/bot` | Marketing landing page |
 | `maxy.bot` | redirect | → `public.maxy.bot` |
 | `maxy.chat` | redirect | → `public.maxy.bot` |
 
+The root page (`/`) is the admin interface. Local access on the same network = admin (with PIN). The public chat is at `/public`, served to the internet only via `public.maxy.bot` through Cloudflare Tunnel.
+
 Routing is handled by Next.js middleware (`maxy/middleware.ts`).
 
 ## Public Chat API
@@ -53,7 +57,7 @@ The admin UI (`maxy/app/admin/page.tsx`) renders these as a Claude Code-style ac
 Both endpoints use the shared `maxy/app/lib/claude-agent.ts` module which invokes `@anthropic-ai/claude-agent-sdk`'s `query()` function with:
 - Appropriate MCP server configurations
 - System prompts tailored to agent type
-- Tool allowlists (public: 3 tools, admin: all)
+- Tool allowlists (public: 2 tools — memory-search + skill-read, admin: all)
 - Permission modes (public: dontAsk, admin: acceptEdits)
 - Model selection (public: haiku-4-5, admin: opus-4-6)
 

package/payload/maxy/app/api/health/route.ts

@@ -1,20 +1,27 @@
 import { NextResponse } from 'next/server'
 import { existsSync } from 'node:fs'
 import { resolve } from 'node:path'
+import { execFileSync } from 'node:child_process'
 
-const INSTALL_DIR = resolve(process.cwd(), '..')
-const PIN_FILE = resolve(INSTALL_DIR, '.maxy', '.admin-pin')
-const HOME_PIN_FILE = resolve(process.env.HOME ?? '/root', '.maxy', '.admin-pin')
+const PERSISTENT_DIR = resolve(process.env.HOME ?? '/root', '.maxy')
+const PIN_FILE = resolve(PERSISTENT_DIR, '.admin-pin')
 
 /**
  * GET /api/health
  * Returns platform state for the onboarding flow.
  */
 export async function GET() {
-  const pinConfigured = existsSync(PIN_FILE) || existsSync(HOME_PIN_FILE) || !!process.env.ADMIN_PIN
+  const pinConfigured = existsSync(PIN_FILE) || !!process.env.ADMIN_PIN
 
-  // TODO: check Claude Code auth status
-  const claudeAuthenticated = false
+  let claudeAuthenticated = false
+  try {
+    const output = execFileSync('claude', ['auth', 'status', '--json'], {
+      encoding: 'utf-8',
+      timeout: 5000,
+    })
+    const status = JSON.parse(output)
+    claudeAuthenticated = status.loggedIn === true
+  } catch { /* not authenticated */ }
 
   return NextResponse.json({
     pin_configured: pinConfigured,

package/payload/maxy/app/api/onboarding/claude-auth/route.ts

@@ -0,0 +1,112 @@
+import { NextResponse } from 'next/server'
+import { spawn, execFileSync, type ChildProcess } from 'node:child_process'
+
+// Keep the login process alive between requests
+let loginProcess: ChildProcess | null = null
+
+/**
+ * GET /api/onboarding/claude-auth
+ * Check Claude Code auth status.
+ */
+export async function GET() {
+  try {
+    const output = execFileSync('claude', ['auth', 'status', '--json'], {
+      encoding: 'utf-8',
+      timeout: 10000,
+    })
+    const status = JSON.parse(output)
+    return NextResponse.json({
+      authenticated: status.loggedIn === true,
+      email: status.email ?? null,
+    })
+  } catch {
+    return NextResponse.json({ authenticated: false, email: null })
+  }
+}
+
+/**
+ * POST /api/onboarding/claude-auth
+ * Body: {} — starts the login flow, returns auth URL
+ * Body: { code: "..." } — feeds the auth code to the running login process
+ */
+export async function POST(req: Request) {
+  let body: { code?: string } = {}
+  try {
+    body = await req.json()
+  } catch { /* empty body = start flow */ }
+
+  // If code is provided, feed it to the running login process
+  if (body.code && loginProcess && loginProcess.stdin) {
+    loginProcess.stdin.write(body.code + '\n')
+    loginProcess.stdin.end()
+
+    // Wait a moment for the process to complete
+    await new Promise((r) => setTimeout(r, 3000))
+
+    // Check if auth succeeded
+    try {
+      const output = execFileSync('claude', ['auth', 'status', '--json'], {
+        encoding: 'utf-8',
+        timeout: 5000,
+      })
+      const status = JSON.parse(output)
+      loginProcess = null
+      return NextResponse.json({
+        authenticated: status.loggedIn === true,
+        email: status.email ?? null,
+      })
+    } catch {
+      loginProcess = null
+      return NextResponse.json({ authenticated: false, error: 'Authentication failed. Check the code and try again.' })
+    }
+  }
+
+  // Start a new login flow
+  if (loginProcess) {
+    loginProcess.kill()
+    loginProcess = null
+  }
+
+  return new Promise<Response>((resolve) => {
+    const child = spawn('claude', ['auth', 'login'], {
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env: { ...process.env, BROWSER: 'echo' },
+    })
+
+    loginProcess = child
+
+    let output = ''
+    let resolved = false
+
+    function tryResolve() {
+      if (resolved) return
+      const match = output.match(/(https:\/\/claude\.ai\/oauth\/authorize[^\s]+)/)
+      if (match) {
+        resolved = true
+        resolve(NextResponse.json({ authUrl: match[1] }))
+      }
+    }
+
+    child.stdout?.on('data', (chunk: Buffer) => {
+      output += chunk.toString()
+      tryResolve()
+    })
+
+    child.stderr?.on('data', (chunk: Buffer) => {
+      output += chunk.toString()
+      tryResolve()
+    })
+
+    setTimeout(() => {
+      if (!resolved) {
+        resolved = true
+        child.kill()
+        loginProcess = null
+        resolve(NextResponse.json(
+          { error: 'Timed out waiting for auth URL.' },
+          { status: 500 },
+        ))
+      }
+    }, 10000)
+  })
+}

package/payload/maxy/app/globals.css

@@ -1376,6 +1376,45 @@ a:hover {
   border-color: var(--sage);
 }
 
+.btn-primary {
+  padding: 12px 24px;
+  background: var(--sage);
+  color: white;
+  border: none;
+  border-radius: 24px;
+  font-family: var(--font-body);
+  font-size: 15px;
+  cursor: pointer;
+  transition: background 0.15s;
+}
+
+.btn-primary:hover {
+  background: var(--sage-hover);
+}
+
+.btn-primary:disabled {
+  opacity: 0.5;
+  cursor: not-allowed;
+}
+
+.btn-secondary {
+  padding: 10px 20px;
+  background: none;
+  color: var(--text-secondary);
+  border: 1px solid var(--border-strong);
+  border-radius: 24px;
+  font-family: var(--font-body);
+  font-size: 14px;
+  cursor: pointer;
+  text-decoration: none;
+  text-align: center;
+  transition: border-color 0.15s;
+}
+
+.btn-secondary:hover {
+  border-color: var(--sage);
+}
+
 .admin-pin-error {
   color: #c44;
   font-size: 14px;

package/payload/maxy/app/layout.tsx

@@ -17,14 +17,14 @@ const dmSans = DM_Sans({
 })
 
 export const metadata: Metadata = {
-  title: 'Maxy — No Stress. Quiet Life.',
+  title: 'Maxy — Convenience as standard.',
   description: 'A personal AI assistant that lives in your home. Your data never leaves.',
   icons: {
     icon: '/favicon.ico',
     apple: '/apple-icon.png',
   },
   openGraph: {
-    title: 'Maxy — No Stress. Quiet Life.',
+    title: 'Maxy — Convenience as standard.',
     description: 'A personal AI assistant that lives in your home. Your data never leaves.',
     siteName: 'Maxy',
     type: 'website',
@@ -33,13 +33,13 @@ export const metadata: Metadata = {
         url: '/og-landscape.png',
         width: 1200,
         height: 628,
-        alt: 'Maxy — No Stress. Quiet Life.',
+        alt: 'Maxy — Convenience as standard.',
       },
     ],
   },
   twitter: {
     card: 'summary_large_image',
-    title: 'Maxy — No Stress. Quiet Life.',
+    title: 'Maxy — Convenience as standard.',
     description: 'A personal AI assistant that lives in your home. Your data never leaves.',
     images: ['/og-landscape.png'],
   },

package/payload/maxy/app/page.tsx

@@ -1,9 +1,10 @@
 'use client'
 
 import { useState, useRef, useEffect, FormEvent } from 'react'
+import { Eye, EyeOff } from 'lucide-react'
 import { ActivityEvent, type AdminEvent } from './admin/components/ActivityEvent'
 
-type AppState = 'loading' | 'set-pin' | 'enter-pin' | 'chat'
+type AppState = 'loading' | 'set-pin' | 'enter-pin' | 'connect-claude' | 'chat'
 
 interface Message {
   role: 'admin' | 'maxy'
@@ -17,6 +18,9 @@ export default function AdminPage() {
   const [confirmPin, setConfirmPin] = useState('')
   const [pinError, setPinError] = useState('')
   const [showPin, setShowPin] = useState(false)
+  const [authUrl, setAuthUrl] = useState<string | null>(null)
+  const [authCode, setAuthCode] = useState('')
+  const [authLoading, setAuthLoading] = useState(false)
   const [sessionKey, setSessionKey] = useState<string | null>(null)
   const [messages, setMessages] = useState<Message[]>([])
   const [input, setInput] = useState('')
@@ -39,7 +43,13 @@ export default function AdminPage() {
           return
         }
         const health = await res.json()
-        setAppState(health.pin_configured ? 'enter-pin' : 'set-pin')
+        if (!health.pin_configured) {
+          setAppState('set-pin')
+        } else if (!health.claude_authenticated) {
+          setAppState('connect-claude')
+        } else {
+          setAppState('enter-pin')
+        }
       } catch {
         setAppState('set-pin')
       }
@@ -82,8 +92,10 @@ export default function AdminPage() {
         return
       }
 
-      // PIN set — now log in with it
-      await doLogin(pin)
+      // PIN set — move to Claude auth
+      setPin('')
+      setConfirmPin('')
+      setAppState('connect-claude')
     } catch {
       setPinError('Could not connect.')
     }
@@ -227,7 +239,7 @@ export default function AdminPage() {
                 autoFocus
               />
               <button type="button" className="pin-toggle" onClick={() => setShowPin(!showPin)} aria-label={showPin ? 'Hide' : 'Show'}>
-                {showPin ? '◉' : '○'}
+                {showPin ? <EyeOff size={18} /> : <Eye size={18} />}
               </button>
             </div>
             <div className="pin-input-row">
@@ -252,6 +264,99 @@ export default function AdminPage() {
     )
   }
 
+  // --- Connect Claude ---
+  if (appState === 'connect-claude') {
+    async function startAuth() {
+      setAuthLoading(true)
+      setPinError('')
+      try {
+        const res = await fetch('/api/onboarding/claude-auth', { method: 'POST' })
+        const data = await res.json()
+        if (data.authUrl) {
+          setAuthUrl(data.authUrl)
+          window.open(data.authUrl, '_blank')
+        } else if (data.error) {
+          setPinError(data.error)
+        }
+      } catch {
+        setPinError('Could not start auth flow.')
+      }
+      setAuthLoading(false)
+    }
+
+    async function submitCode(e: FormEvent) {
+      e.preventDefault()
+      if (!authCode.trim()) return
+      setAuthLoading(true)
+      setPinError('')
+      try {
+        const res = await fetch('/api/onboarding/claude-auth', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ code: authCode.trim() }),
+        })
+        const data = await res.json()
+        if (data.authenticated) {
+          setAppState('enter-pin')
+        } else {
+          setPinError(data.error || 'Authentication failed. Check the code and try again.')
+        }
+      } catch {
+        setPinError('Could not verify code.')
+      }
+      setAuthLoading(false)
+    }
+
+    return (
+      <div className="chat-page admin-page">
+        <header className="chat-header">
+          <img src="/brand/claude.png" alt="Claude" className="chat-logo" />
+          <h1 className="chat-tagline">Connect Claude</h1>
+          <p className="chat-intro">Sign in with your Anthropic account to power Maxy.</p>
+        </header>
+        <div className="admin-pin-form">
+          {!authUrl ? (
+            <button
+              className="btn-primary"
+              onClick={startAuth}
+              disabled={authLoading}
+            >
+              {authLoading ? 'Starting...' : 'Sign in with Claude'}
+            </button>
+          ) : (
+            <>
+              <p className="chat-intro" style={{ fontSize: '14px', marginTop: 0 }}>
+                Sign in on the Anthropic page, then paste the code here.
+              </p>
+              <form onSubmit={submitCode}>
+                <div className="pin-input-row">
+                  <input
+                    type="text"
+                    value={authCode}
+                    onChange={e => setAuthCode(e.target.value)}
+                    placeholder="Paste auth code"
+                    className="chat-input"
+                    autoFocus
+                  />
+                  <button type="submit" className="chat-send" disabled={!authCode.trim() || authLoading}>
+                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+                      <line x1="5" y1="12" x2="19" y2="12" />
+                      <polyline points="12 5 19 12 12 19" />
+                    </svg>
+                  </button>
+                </div>
+              </form>
+              <a href={authUrl} target="_blank" rel="noopener noreferrer" className="btn-secondary" style={{ marginTop: '8px' }}>
+                Open sign-in page again
+              </a>
+            </>
+          )}
+          {pinError && <p className="admin-pin-error">{pinError}</p>}
+        </div>
+      </div>
+    )
+  }
+
   // --- Enter PIN (returning user) ---
   if (appState === 'enter-pin') {
     return (
@@ -274,7 +379,7 @@ export default function AdminPage() {
                 autoFocus
               />
               <button type="button" className="pin-toggle" onClick={() => setShowPin(!showPin)} aria-label={showPin ? 'Hide' : 'Show'}>
-                {showPin ? '◉' : '○'}
+                {showPin ? <EyeOff size={18} /> : <Eye size={18} />}
               </button>
               <button type="submit" className="chat-send" disabled={!pin}>
                 <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">