@rubytech/create-maxy 0.4.0 → 0.4.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "Install Maxy — your personal AI assistant",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/.claude/references/principles.md

@@ -12,7 +12,7 @@ Everything an end user does must be achievable via the chat interface. No CLI. N
 - Conversational onboarding (IDENTITY.md placeholder population) is the configuration mechanism
 - Setup scripts install infrastructure only — product configuration happens via chat
 - If there is no conversational path to use a feature, the feature is incomplete
-- Exception: Phase 0 seed script (dog-food product knowledge). Customer devices onboard conversationally.
+- Product knowledge is ingested as markdown via the admin agent — there are no seed scripts.
 
 ---
 
@@ -48,6 +48,17 @@ Infrastructure endpoints (`localhost:7687`, `localhost:11434`) may have defaults
 
 ---
 
+## No Environment Variables for Credentials
+
+Credentials are stored as files in `~/.maxy/` (persistent across upgrades):
+- Neo4j password: `~/.maxy/.neo4j-password` (generated by installer)
+- Admin PIN: `~/.maxy/.admin-pin` (set via web UI on first boot)
+- Claude auth: OAuth flow in the web UI (managed by Claude Code)
+
+There is no `.env.local`. MCP servers read the password file directly.
+
+---
+
 ## PRD Is Source of Truth
 
 `MAXY-PRD.md` is the single authority for all standards, data models, and architecture. Do not rely on patterns found in existing skill code — they may diverge from the PRD.

package/payload/docs/deployment.md

@@ -21,12 +21,17 @@ When complete, open `http://maxy.local:19200` from any device on the same networ
 7. Creates the initial account from templates
 8. Applies the Neo4j schema
 
-## Post-install (all via conversation)
+## Onboarding (all via web UI)
 
-Open `http://maxy.local:19200` from any device on the same network and tell the admin agent what you need:
+Open `http://maxy.local:19200` from any device on the same network. The onboarding flow is:
 
-- "Set my admin PIN" — secures admin access
-- "Ingest the product knowledge" — loads the knowledge base
+1. **Set PIN** — choose an admin PIN (stored at `~/.maxy/.admin-pin`)
+2. **Connect Claude** — OAuth flow in the web UI (no API keys, no environment variables)
+3. **Chat** — the admin agent is ready
+
+From there, tell the admin agent what you need:
+
+- "Ingest the product knowledge" — loads the knowledge base (ingested as markdown, not cypher)
 - "Set up Telegram" — walks through BotFather bot creation
 - "Set up Cloudflare Tunnel" — configures remote access on your domain
 - "Check system status" — verifies all services are running

package/payload/docs/hooks.md

@@ -16,8 +16,9 @@ Fires at the beginning of each agent session. Loads the agent's IDENTITY.md from
 
 Fires before every tool call. Enforces the public agent lockdown.
 
-**Public agent:** Single tool allowed:
+**Public agent:** Two tools allowed:
 - `memory-search` / `mcp__maxy-memory__memory-search`
+- `skill-read` / `mcp__maxy-admin__skill-read`
 
 All other tools are blocked with exit code 2 and an error message. The public agent has zero write surface.
 

package/payload/docs/mcp-servers.md

@@ -13,11 +13,11 @@ Graph-backed knowledge retrieval. The backbone of RAG (Retrieval-Augmented Gener
 
 **Dependencies:** Neo4j (bolt://localhost:7687), Ollama (http://localhost:11434)
 
-**Environment:**
-- `NEO4J_URI`, `NEO4J_USER`, `NEO4J_PASSWORD` — Neo4j connection
-- `OLLAMA_URL` — Ollama API endpoint
-- `ACCOUNT_ID` — Account scope (default: "maxy")
-- `READ_ONLY` — When "true", memory-write and memory-reindex are not registered
+**Configuration:**
+- Neo4j password read from `~/.maxy/.neo4j-password` (generated by installer)
+- Ollama endpoint: `http://localhost:11434` (local default)
+- Account ID passed by the runtime per session
+- Read-only mode: when enabled, memory-write and memory-reindex are not registered (used for public agent)
 
 ## maxy-contacts
 
@@ -40,7 +40,8 @@ Multi-channel message delivery. Phase 0: Telegram only.
 - `message-history` — Query conversation log (Communication nodes in Neo4j).
 
 **Dependencies:** Telegram Bot API
-**Environment:** `TELEGRAM_PUBLIC_BOT_TOKEN`
+
+**Configuration:** Bot token stored in the account config directory (`~/maxy/platform/config/accounts/{uuid}/`), set via conversational onboarding.
 
 ## maxy-admin
 
@@ -52,7 +53,7 @@ System status and configuration reading.
 - `account-manage` — Read account config (tier, domains, settings).
 - `logs-read` — Read system, session, or error logs (tail).
 
-**Environment:** `PLATFORM_ROOT` — path to platform directory, `ACCOUNT_ID` — account UUID
+**Configuration:** Platform root and account ID passed by the runtime per session.
 
 ### Cloudflare Tunnel Management
 

package/payload/docs/neo4j.md

@@ -35,14 +35,14 @@ Neo4j's built-in HNSW vector index is used for semantic search:
 
 The `memory-search` tool embeds the query via Ollama, runs vector similarity search against the index, then expands results via 1-hop graph traversal to include related nodes (e.g., Service → PriceSpecification).
 
-## Seed Data
+## Credentials
 
-Product knowledge is seeded via Cypher scripts in `platform/neo4j/`:
-- `schema.cypher` — constraints, indexes, vector index creation
-- `seed-product-knowledge.cypher` — all product data (tiers, features, FAQs, comparisons)
+The Neo4j password is generated by the installer and stored at `~/.maxy/.neo4j-password`. MCP servers read from this file. There are no environment variables for credentials.
 
-Run via `platform/scripts/seed-neo4j.sh`.
+## Product Knowledge
+
+Product knowledge is ingested as markdown via the admin agent using `memory-write`. There are no seed scripts or pre-configured cypher files for product data. The schema (constraints, indexes, vector index) is applied by the installer via `platform/neo4j/schema.cypher`.
 
 ## Embedding Pipeline
 
-After seeding, run `memory-reindex` (via the admin agent or directly) to compute embeddings for all nodes. This calls Ollama's `/api/embed` endpoint with `nomic-embed-text` and stores the resulting 768-dimensional vectors on each node.
+When the admin agent writes knowledge via `memory-write`, embeddings are computed automatically. The `memory-reindex` tool rebuilds embeddings for any nodes missing them (e.g., after a bulk import). This calls Ollama's `/api/embed` endpoint with `nomic-embed-text` and stores the resulting 768-dimensional vectors on each node.

package/payload/docs/platform.md

@@ -36,9 +36,9 @@ platform/
 
 | Agent | Access | Model | Tools | Use |
 |-------|--------|-------|-------|-----|
-| Public | Read-only | claude-haiku-4-5 | memory-search | Sales, product enquiries |
+| Public | Read-only | claude-haiku-4-5 | memory-search, skill-read | Sales, product enquiries |
 | Admin | Full | claude-opus-4-6 | All MCP tools + Claude Code native tools | Content management, monitoring |
 
 ## Security Model
 
-The public agent is locked down via the `pre-tool-use.sh` hook. It can only call `memory-search` — a single read-only tool. All other tool calls are blocked with exit code 2. The public agent has zero write surface; waitlist signups captured in conversation are extracted by the admin cron review job. The admin agent has no restrictions.
+The public agent is locked down via the `pre-tool-use.sh` hook. It can only call `memory-search` and `skill-read` — two read-only tools. All other tool calls are blocked with exit code 2. The public agent has zero write surface; waitlist signups captured in conversation are extracted by the admin cron review job. The admin agent has no restrictions.

package/payload/docs/skills.md

@@ -10,7 +10,7 @@ Skills are domain-specific behaviour modules that teach agents how to handle spe
 | `business-assistant` | CRM, scheduling, quoting, invoicing, memory-first operations | Admin agent |
 | `telegram` | Telegram bot setup guide (BotFather, webhook, admin vs public) | Admin agent |
 | `cloudflare` | Cloudflare Tunnel setup guide (installation, DNS, domain) | Admin agent |
-| `anthropic` | Claude connection setup (OAuth, API key) | Admin agent |
+| `anthropic` | Claude connection setup (OAuth flow via web UI) | Admin agent |
 
 ## Skill Format
 

package/payload/docs/web-chat.md

@@ -2,16 +2,20 @@
 
 The web chat is a Next.js 16 application in `maxy/` that serves both the public sales agent and the admin agent.
 
-## Domain Routing
+## Routing
 
-| Domain | Route | Page |
+| Access | Route | Page |
 |--------|-------|------|
-| `public.maxy.bot` | `/` | Public chat (SSE streaming, text only) |
-| `admin.maxy.bot` | `/admin` | Admin chat (SSE streaming, full activity) |
+| Local (`maxy.local:19200`) | `/` | Admin chat (PIN-gated, SSE streaming, full activity) |
+| Local (`maxy.local:19200`) | `/public` | Public chat (SSE streaming, text only) |
+| `public.maxy.bot` (Cloudflare Tunnel) | `/public` | Public chat |
+| `admin.maxy.bot` (Cloudflare Tunnel) | `/` | Admin chat |
 | `getmaxy.com` | `/bot` | Marketing landing page |
 | `maxy.bot` | redirect | → `public.maxy.bot` |
 | `maxy.chat` | redirect | → `public.maxy.bot` |
 
+The root page (`/`) is the admin interface. Local access on the same network = admin (with PIN). The public chat is at `/public`, served to the internet only via `public.maxy.bot` through Cloudflare Tunnel.
+
 Routing is handled by Next.js middleware (`maxy/middleware.ts`).
 
 ## Public Chat API
@@ -53,7 +57,7 @@ The admin UI (`maxy/app/admin/page.tsx`) renders these as a Claude Code-style ac
 Both endpoints use the shared `maxy/app/lib/claude-agent.ts` module which invokes `@anthropic-ai/claude-agent-sdk`'s `query()` function with:
 - Appropriate MCP server configurations
 - System prompts tailored to agent type
-- Tool allowlists (public: 3 tools, admin: all)
+- Tool allowlists (public: 2 tools — memory-search + skill-read, admin: all)
 - Permission modes (public: dontAsk, admin: acceptEdits)
 - Model selection (public: haiku-4-5, admin: opus-4-6)
 

package/payload/maxy/app/api/onboarding/claude-auth/route.ts

@@ -1,5 +1,8 @@
 import { NextResponse } from 'next/server'
-import { spawn, execFileSync } from 'node:child_process'
+import { spawn, execFileSync, type ChildProcess } from 'node:child_process'
+
+// Keep the login process alive between requests
+let loginProcess: ChildProcess | null = null
 
 /**
  * GET /api/onboarding/claude-auth
@@ -10,7 +13,6 @@ export async function GET() {
     const output = execFileSync('claude', ['auth', 'status', '--json'], {
       encoding: 'utf-8',
       timeout: 10000,
-      env: { ...process.env, BROWSER: 'echo' },
     })
     const status = JSON.parse(output)
     return NextResponse.json({
@@ -24,22 +26,60 @@ export async function GET() {
 
 /**
  * POST /api/onboarding/claude-auth
- * Start the Claude Code login flow. Returns the auth URL.
+ * Body: {} — starts the login flow, returns auth URL
+ * Body: { code: "..." } — feeds the auth code to the running login process
  */
-export async function POST() {
+export async function POST(req: Request) {
+  let body: { code?: string } = {}
+  try {
+    body = await req.json()
+  } catch { /* empty body = start flow */ }
+
+  // If code is provided, feed it to the running login process
+  if (body.code && loginProcess && loginProcess.stdin) {
+    loginProcess.stdin.write(body.code + '\n')
+    loginProcess.stdin.end()
+
+    // Wait a moment for the process to complete
+    await new Promise((r) => setTimeout(r, 3000))
+
+    // Check if auth succeeded
+    try {
+      const output = execFileSync('claude', ['auth', 'status', '--json'], {
+        encoding: 'utf-8',
+        timeout: 5000,
+      })
+      const status = JSON.parse(output)
+      loginProcess = null
+      return NextResponse.json({
+        authenticated: status.loggedIn === true,
+        email: status.email ?? null,
+      })
+    } catch {
+      loginProcess = null
+      return NextResponse.json({ authenticated: false, error: 'Authentication failed. Check the code and try again.' })
+    }
+  }
+
+  // Start a new login flow
+  if (loginProcess) {
+    loginProcess.kill()
+    loginProcess = null
+  }
+
   return new Promise<Response>((resolve) => {
     const child = spawn('claude', ['auth', 'login'], {
       stdio: ['pipe', 'pipe', 'pipe'],
       env: { ...process.env, BROWSER: 'echo' },
     })
 
+    loginProcess = child
+
     let output = ''
     let resolved = false
 
     function tryResolve() {
       if (resolved) return
-
-      // Look for the auth URL in the output
       const match = output.match(/(https:\/\/claude\.ai\/oauth\/authorize[^\s]+)/)
       if (match) {
         resolved = true
@@ -57,26 +97,16 @@ export async function POST() {
       tryResolve()
     })
 
-    // Timeout after 10 seconds
     setTimeout(() => {
       if (!resolved) {
         resolved = true
         child.kill()
+        loginProcess = null
         resolve(NextResponse.json(
           { error: 'Timed out waiting for auth URL.' },
           { status: 500 },
         ))
       }
     }, 10000)
-
-    child.on('exit', () => {
-      if (!resolved) {
-        resolved = true
-        resolve(NextResponse.json(
-          { error: 'Login process exited without providing auth URL.' },
-          { status: 500 },
-        ))
-      }
-    })
   })
 }

package/payload/maxy/app/globals.css

@@ -1415,6 +1415,18 @@ a:hover {
   border-color: var(--sage);
 }
 
+.auth-retry-link {
+  font-family: var(--font-body);
+  font-size: 13px;
+  color: var(--text-tertiary);
+  text-decoration: none;
+  margin-top: 12px;
+}
+
+.auth-retry-link:hover {
+  color: var(--sage);
+}
+
 .admin-pin-error {
   color: #c44;
   font-size: 14px;

package/payload/maxy/app/page.tsx

@@ -19,6 +19,7 @@ export default function AdminPage() {
   const [pinError, setPinError] = useState('')
   const [showPin, setShowPin] = useState(false)
   const [authUrl, setAuthUrl] = useState<string | null>(null)
+  const [authCode, setAuthCode] = useState('')
   const [authLoading, setAuthLoading] = useState(false)
   const [sessionKey, setSessionKey] = useState<string | null>(null)
   const [messages, setMessages] = useState<Message[]>([])
@@ -267,29 +268,49 @@ export default function AdminPage() {
   if (appState === 'connect-claude') {
     async function startAuth() {
       setAuthLoading(true)
+      setPinError('')
       try {
         const res = await fetch('/api/onboarding/claude-auth', { method: 'POST' })
         const data = await res.json()
         if (data.authUrl) {
           setAuthUrl(data.authUrl)
           window.open(data.authUrl, '_blank')
+        } else if (data.error) {
+          setPinError(data.error)
         }
-      } catch { /* */ }
+      } catch {
+        setPinError('Could not start auth flow.')
+      }
       setAuthLoading(false)
     }
 
-    async function checkAuth() {
-      const res = await fetch('/api/onboarding/claude-auth')
-      const data = await res.json()
-      if (data.authenticated) {
-        setAppState('enter-pin')
+    async function submitCode(e: FormEvent) {
+      e.preventDefault()
+      if (!authCode.trim()) return
+      setAuthLoading(true)
+      setPinError('')
+      try {
+        const res = await fetch('/api/onboarding/claude-auth', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ code: authCode.trim() }),
+        })
+        const data = await res.json()
+        if (data.authenticated) {
+          setAppState('enter-pin')
+        } else {
+          setPinError(data.error || 'Authentication failed. Check the code and try again.')
+        }
+      } catch {
+        setPinError('Could not verify code.')
       }
+      setAuthLoading(false)
     }
 
     return (
       <div className="chat-page admin-page">
         <header className="chat-header">
-          <img src="/brand/maxy-black.png" alt="Maxy" className="chat-logo" />
+          <img src="/brand/claude.png" alt="Claude" className="chat-logo" />
           <h1 className="chat-tagline">Connect Claude</h1>
           <p className="chat-intro">Sign in with your Anthropic account to power Maxy.</p>
         </header>
@@ -305,16 +326,32 @@ export default function AdminPage() {
           ) : (
             <>
               <p className="chat-intro" style={{ fontSize: '14px', marginTop: 0 }}>
-                A browser window has opened. Sign in with Anthropic, then come back here.
+                Sign in on the Anthropic page, then paste the code here.
               </p>
-              <a href={authUrl} target="_blank" rel="noopener noreferrer" className="btn-secondary">
-                Open sign-in page again
+              <form onSubmit={submitCode}>
+                <div className="pin-input-row">
+                  <input
+                    type="text"
+                    value={authCode}
+                    onChange={e => setAuthCode(e.target.value)}
+                    placeholder="Paste auth code"
+                    className="chat-input"
+                    autoFocus
+                  />
+                  <button type="submit" className="chat-send" disabled={!authCode.trim() || authLoading}>
+                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+                      <line x1="5" y1="12" x2="19" y2="12" />
+                      <polyline points="12 5 19 12 12 19" />
+                    </svg>
+                  </button>
+                </div>
+              </form>
+              <a href={authUrl} target="_blank" rel="noopener noreferrer" className="auth-retry-link">
+                Try again
               </a>
-              <button className="btn-primary" onClick={checkAuth} style={{ marginTop: '12px' }}>
-                I{'\u2019'}ve signed in
-              </button>
             </>
           )}
+          {pinError && <p className="admin-pin-error">{pinError}</p>}
         </div>
       </div>
     )