@rubytech/create-maxy 1.0.450 → 1.0.452

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "1.0.450",
+  "version": "1.0.452",
   "description": "Install Maxy — AI for Productive People",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/maxy/server.js

@@ -9398,8 +9398,9 @@ async function safeSaveCreds(authDir, saveCreds) {
   }
   try {
     await Promise.resolve(saveCreds());
+    console.error(`${TAG2} creds saved successfully to ${authDir}`);
   } catch (err) {
-    console.error(`${TAG2} failed saving creds: ${String(err)}`);
+    console.error(`${TAG2} failed saving creds to ${authDir}: ${String(err)}`);
   }
 }
 function enqueueSaveCreds(authDir, saveCreds) {
@@ -9413,44 +9414,63 @@ async function createWaSocket(opts) {
   maybeRestoreCredsFromBackup(authDir);
   const { state, saveCreds } = await useMultiFileAuthState(authDir);
   const { version: version2 } = await fetchLatestBaileysVersion();
-  const pinoStub = {
-    level: "silent",
-    child: () => pinoStub,
-    trace: () => {
-    },
-    debug: () => {
-    },
-    info: () => {
-    },
-    warn: () => {
-    },
-    error: () => {
-    },
-    fatal: () => {
-    }
-  };
+  const BAILEYS_TAG = "[whatsapp:baileys]";
+  function makeBaileysLogger() {
+    const logger = {
+      level: "warn",
+      child: () => makeBaileysLogger(),
+      trace: () => {
+      },
+      debug: () => {
+      },
+      info: () => {
+      },
+      warn: (...args) => console.error(BAILEYS_TAG, "WARN", ...args),
+      error: (...args) => console.error(BAILEYS_TAG, "ERROR", ...args),
+      fatal: (...args) => console.error(BAILEYS_TAG, "FATAL", ...args)
+    };
+    return logger;
+  }
+  const baileysLogger = makeBaileysLogger();
   const sock = makeWASocket({
     auth: {
       creds: state.creds,
-      keys: makeCacheableSignalKeyStore(state.keys, pinoStub)
+      keys: makeCacheableSignalKeyStore(state.keys, baileysLogger)
     },
     version: version2,
-    logger: pinoStub,
+    logger: baileysLogger,
     printQRInTerminal: false,
     browser: Browsers.macOS("Chrome"),
     syncFullHistory: false,
     markOnlineOnConnect: false
   });
-  sock.ev.on("creds.update", () => enqueueSaveCreds(authDir, saveCreds));
+  sock.ev.on("creds.update", () => {
+    console.error(`${TAG2} creds.update received \u2014 saving to ${authDir}`);
+    enqueueSaveCreds(authDir, saveCreds);
+  });
+  let qrSequence = 0;
   sock.ev.on("connection.update", (update) => {
     try {
+      const parts = [];
+      if (update.connection) parts.push(`connection=${update.connection}`);
+      if (update.qr) parts.push(`qr=#${++qrSequence}`);
+      if (update.isNewLogin !== void 0) parts.push(`isNewLogin=${update.isNewLogin}`);
+      if (update.receivedPendingNotifications !== void 0) parts.push(`pendingNotifications=${update.receivedPendingNotifications}`);
+      if (update.connection === "close" && update.lastDisconnect) {
+        const status = getStatusCode(update.lastDisconnect.error);
+        parts.push(`disconnectStatus=${status ?? "unknown"}`);
+        parts.push(`disconnectReason=${formatError(update.lastDisconnect.error)}`);
+      }
+      if (!silent && parts.length > 0) {
+        console.error(`${TAG2} connection.update ${parts.join(" ")}`);
+      }
       if (update.qr && onQr) {
         onQr(update.qr);
       }
       if (update.connection === "close") {
         const status = getStatusCode(update.lastDisconnect?.error);
         if (status === DisconnectReason.loggedOut && !silent) {
-          console.error(`${TAG2} session logged out \u2014 re-link required`);
+          console.error(`${TAG2} session logged out (401) \u2014 re-link required`);
         }
       }
       if (update.connection === "open" && !silent) {
@@ -9519,6 +9539,42 @@ function extractBoomDetails(err) {
   return { statusCode, error: error48, message };
 }
 
+// app/lib/whatsapp/reconnect.ts
+import { DisconnectReason as DisconnectReason2 } from "@whiskeysockets/baileys";
+function classifyDisconnect(err) {
+  const statusCode = getStatusCode(err);
+  const message = formatError(err);
+  if (statusCode === DisconnectReason2.loggedOut) {
+    return {
+      kind: "loggedOut",
+      statusCode,
+      message: "Session logged out \u2014 re-link required",
+      shouldRetry: false
+    };
+  }
+  if (statusCode === 409 || statusCode === DisconnectReason2.connectionReplaced) {
+    return {
+      kind: "conflict",
+      statusCode,
+      message: "Connection replaced by another client",
+      shouldRetry: false
+    };
+  }
+  return {
+    kind: "transient",
+    statusCode,
+    message,
+    shouldRetry: true
+  };
+}
+function computeBackoff(attempt, config2 = {}) {
+  const base = config2.baseDelayMs ?? 2e3;
+  const max = config2.maxDelayMs ?? 12e4;
+  const exponential = Math.min(base * Math.pow(2, attempt), max);
+  const jitter = exponential * (0.75 + Math.random() * 0.5);
+  return Math.round(jitter);
+}
+
 // app/lib/whatsapp/login.ts
 var TAG3 = "[whatsapp:login]";
 var ACTIVE_LOGIN_TTL_MS = 3 * 6e4;
@@ -9539,6 +9595,56 @@ function resetActiveLogin(accountId) {
 function isLoginFresh(login) {
   return Date.now() - login.startedAt < ACTIVE_LOGIN_TTL_MS;
 }
+var LOGIN_MAX_RECONNECTS = 3;
+var LOGIN_RECONNECT_DELAYS = [2e3, 4e3, 8e3];
+async function loginConnectionLoop(accountId, login) {
+  let attempt = 0;
+  while (true) {
+    try {
+      await waitForConnection(login.sock);
+      const current = activeLogins.get(accountId);
+      if (current?.id === login.id) {
+        current.connected = true;
+      }
+      return;
+    } catch (err) {
+      const current = activeLogins.get(accountId);
+      if (current?.id !== login.id) return;
+      const classification = classifyDisconnect(err);
+      if (!classification.shouldRetry || attempt >= LOGIN_MAX_RECONNECTS) {
+        if (attempt >= LOGIN_MAX_RECONNECTS) {
+          console.error(
+            `${TAG3} login reconnect attempts exhausted (${attempt}/${LOGIN_MAX_RECONNECTS}) \u2014 surfacing error to agent`
+          );
+          current.error = `Login failed after ${attempt} reconnect attempts: ${formatError(err)}`;
+        } else {
+          current.error = formatError(err);
+        }
+        current.errorStatus = getStatusCode(err);
+        return;
+      }
+      attempt++;
+      const delay = LOGIN_RECONNECT_DELAYS[attempt - 1] ?? 8e3;
+      console.error(
+        `${TAG3} status=${classification.statusCode ?? "unknown"} restart required \u2014 reconnecting with saved creds (attempt ${attempt}/${LOGIN_MAX_RECONNECTS}) delay=${delay}ms`
+      );
+      closeSocket(current.sock);
+      await new Promise((r) => setTimeout(r, delay));
+      const afterDelay = activeLogins.get(accountId);
+      if (afterDelay?.id !== login.id) return;
+      try {
+        const newSock = await createWaSocket({ authDir: login.authDir });
+        current.sock = newSock;
+      } catch (sockErr) {
+        console.error(
+          `${TAG3} reconnect socket creation failed (attempt ${attempt}/${LOGIN_MAX_RECONNECTS}): ${String(sockErr)}`
+        );
+        current.error = `Reconnection failed: ${String(sockErr)}`;
+        return;
+      }
+    }
+  }
+}
 async function startLogin(opts) {
   const { accountId, authDir, force, timeoutMs = 3e4 } = opts;
   const existing0 = activeLogins.get(accountId);
@@ -9580,16 +9686,21 @@ async function startLogin(opts) {
   );
   let sock;
   let pendingQr = null;
+  let loginQrCount = 0;
   try {
     sock = await createWaSocket({
       authDir,
       onQr: (qr2) => {
-        if (pendingQr) return;
+        loginQrCount++;
+        if (pendingQr) {
+          console.error(`${TAG3} QR rotation #${loginQrCount} received for account=${accountId} \u2014 not forwarded (initial QR already captured)`);
+          return;
+        }
         pendingQr = qr2;
         const current = activeLogins.get(accountId);
         if (current && !current.qr) current.qr = qr2;
         clearTimeout(qrTimer);
-        console.error(`${TAG3} QR received for account=${accountId}`);
+        console.error(`${TAG3} QR #${loginQrCount} received for account=${accountId} \u2014 forwarding to caller`);
         resolveQr?.(qr2);
       }
     });
@@ -9608,14 +9719,12 @@ async function startLogin(opts) {
   };
   activeLogins.set(accountId, login);
   if (pendingQr && !login.qr) login.qr = pendingQr;
-  waitForConnection(sock).then(() => {
+  loginConnectionLoop(accountId, login).catch((err) => {
+    console.error(`${TAG3} loginConnectionLoop unexpected error: ${String(err)}`);
     const current = activeLogins.get(accountId);
-    if (current?.id === login.id) current.connected = true;
-  }).catch((err) => {
-    const current = activeLogins.get(accountId);
-    if (current?.id !== login.id) return;
-    current.error = formatError(err);
-    current.errorStatus = getStatusCode(err);
+    if (current?.id === login.id) {
+      current.error = `Unexpected login error: ${String(err)}`;
+    }
   });
   let qr;
   try {
@@ -23523,42 +23632,6 @@ var WhatsAppConfigSchema = external_exports.object({
   });
 });
 
-// app/lib/whatsapp/reconnect.ts
-import { DisconnectReason as DisconnectReason2 } from "@whiskeysockets/baileys";
-function classifyDisconnect(err) {
-  const statusCode = getStatusCode(err);
-  const message = formatError(err);
-  if (statusCode === DisconnectReason2.loggedOut) {
-    return {
-      kind: "loggedOut",
-      statusCode,
-      message: "Session logged out \u2014 re-link required",
-      shouldRetry: false
-    };
-  }
-  if (statusCode === 409 || statusCode === DisconnectReason2.connectionReplaced) {
-    return {
-      kind: "conflict",
-      statusCode,
-      message: "Connection replaced by another client",
-      shouldRetry: false
-    };
-  }
-  return {
-    kind: "transient",
-    statusCode,
-    message,
-    shouldRetry: true
-  };
-}
-function computeBackoff(attempt, config2 = {}) {
-  const base = config2.baseDelayMs ?? 2e3;
-  const max = config2.maxDelayMs ?? 12e4;
-  const exponential = Math.min(base * Math.pow(2, attempt), max);
-  const jitter = exponential * (0.75 + Math.random() * 0.5);
-  return Math.round(jitter);
-}
-
 // app/lib/whatsapp/normalize.ts
 var WHATSAPP_USER_JID_RE = /^(\d+)(?::\d+)?@s\.whatsapp\.net$/i;
 var WHATSAPP_LID_RE = /^(\d+)@lid$/i;

package/payload/platform/plugins/admin/hooks/session-start.sh

@@ -30,9 +30,13 @@ if [ ! -f "$DURABLE_STATE" ]; then
 fi
 
 # Staleness + completion check — reject durable state that is stale (>6h, missing
-# timestamp) OR already complete (all gates true). Without this, a stale or
-# completed durable file would be recovered on every new session, injecting a
-# misleading "resume creation" message.
+# timestamp) OR already complete (all gates true AND all gated files exist on
+# disk). Without this, a stale or completed durable file would be recovered on
+# every new session, injecting a misleading "resume creation" message.
+#
+# "All gates true" alone is NOT completion — it means user approval is done but
+# file writes may still be pending. Deleting state at that point causes the
+# remaining writes to fail with "invoke the public-agent-manager skill first."
 DURABLE_VALID=$(python3 -c "
 import json, sys
 from datetime import datetime, timezone
@@ -49,10 +53,22 @@ try:
     if age_hours > 6 or age_hours < 0:
         print('stale')
         sys.exit(0)
-    # All gates true means creation completed in a prior session — don't recover
+    # All gates true AND all files on disk = truly complete. All gates true
+    # alone means the user approved everything but writes may still be pending.
+    # Must match the PostToolUse completion check in agent-creation-post.sh.
     gates = state.get('gates', {})
     if isinstance(gates, dict) and set(gates.keys()) == {'soul', 'knowledge', 'config'} and all(v is True for v in gates.values()):
-        print('complete')
+        slug = state.get('slug', '')
+        if slug:
+            import os
+            agent_dir = os.path.join('$ACCOUNT_DIR', 'agents', slug)
+            gated_files = ['SOUL.md', 'KNOWLEDGE.md', 'config.json']
+            if all(os.path.isfile(os.path.join(agent_dir, f)) for f in gated_files):
+                print('complete')
+            else:
+                print('valid')
+        else:
+            print('valid')
     else:
         print('valid')
 except Exception:

package/payload/platform/plugins/admin/hooks/test-agent-creation-gate.sh

@@ -13,7 +13,8 @@
 #   - Allow Bash writes after gates pass
 #   - Allow all gated writes when all gates pass
 #   - Clean up state immediately when all files exist on disk (PostToolUse)
-#   - Detect and clean up completed state on session start (all gates true)
+#   - Recover all-gates-true state on session start when files not yet written
+#   - Detect and clean up truly completed state on session start (all gates true + files on disk)
 #   - Ignore non-document-editor/form components
 #   - Ignore _componentDone for admin agent
 #   - Handle gate advancement idempotently
@@ -721,10 +722,11 @@ fi
 rm -f "$STATE_FILE"
 
 # ---------------------------------------------------------------------------
-# Test 30: Session-start does NOT recover completed state (all gates true)
+# Test 30: Session-start RECOVERS all-gates-true state when files are missing
 # ---------------------------------------------------------------------------
-echo "Test 30: Session-start does NOT recover completed state (all gates true)"
+echo "Test 30: Session-start recovers all-gates-true state when files are missing"
 rm -f "$STATE_FILE"
+rm -f "$ACCOUNT_DIR/agents/test-agent/SOUL.md" "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md" "$ACCOUNT_DIR/agents/test-agent/config.json" 2>/dev/null || true
 DURABLE_FILE="$ACCOUNT_DIR/.claude/agent-create-state.json"
 
 python3 -c "
@@ -741,16 +743,47 @@ with open('$DURABLE_FILE', 'w') as f:
 
 bash "$SCRIPT_DIR/session-start.sh" "$ACCOUNT_DIR" admin 2>/dev/null || true
 
-if [ ! -f "$STATE_FILE" ]; then
-  if [ ! -f "$DURABLE_FILE" ]; then
-    pass "Completed state (all gates true) not recovered, both files deleted"
-  else
-    fail "Completed state not recovered but durable file not deleted"
-  fi
+if [ -f "$STATE_FILE" ] && [ -f "$DURABLE_FILE" ]; then
+  pass "All-gates-true state recovered (files not yet written — writes still pending)"
+else
+  fail "All-gates-true state should be recovered when gated files are missing from disk"
+fi
+
+rm -f "$STATE_FILE"
+
+# ---------------------------------------------------------------------------
+# Test 30a: Session-start does NOT recover truly completed state (all gates true + all files on disk)
+# ---------------------------------------------------------------------------
+echo "Test 30a: Session-start does NOT recover truly completed state"
+
+# Create all gated files on disk
+touch "$ACCOUNT_DIR/agents/test-agent/SOUL.md"
+touch "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md"
+touch "$ACCOUNT_DIR/agents/test-agent/config.json"
+
+python3 -c "
+import json
+from datetime import datetime, timezone
+state = {
+    'slug': 'test-agent',
+    'started': datetime.now(timezone.utc).isoformat(),
+    'gates': {'soul': True, 'knowledge': True, 'config': True}
+}
+with open('$DURABLE_FILE', 'w') as f:
+    json.dump(state, f)
+"
+
+bash "$SCRIPT_DIR/session-start.sh" "$ACCOUNT_DIR" admin 2>/dev/null || true
+
+if [ ! -f "$STATE_FILE" ] && [ ! -f "$DURABLE_FILE" ]; then
+  pass "Truly completed state (all gates true + all files on disk) deleted"
 else
-  fail "Completed state (all gates true) should NOT be recovered to volatile"
+  fail "Truly completed state should be deleted — both gates passed and files written"
 fi
 
+# Clean up gated files for subsequent tests
+rm -f "$ACCOUNT_DIR/agents/test-agent/SOUL.md" "$ACCOUNT_DIR/agents/test-agent/KNOWLEDGE.md" "$ACCOUNT_DIR/agents/test-agent/config.json"
+
 # ---------------------------------------------------------------------------
 # Test 31: PostToolUse cleans up state after last gated file is written
 # ---------------------------------------------------------------------------

package/payload/platform/plugins/admin/skills/public-agent-manager/skill.md

@@ -94,7 +94,7 @@ SOUL.md is strictly personality. When the user provides content for SOUL.md, rou
 - **Engagement strategy, qualification flows, component usage** → handled by selected plugins
 - **Boundaries, tool rules, procedural instructions** → IDENTITY.md
 
-SOUL.md answers "what does this agent feel like to talk to?" — tone, warmth, formality, humour, greeting personality. SOUL.md must not restate constraints from IDENTITY.md. When user-provided content could belong to either file, apply this test: "does this restrict what the agent does?" → IDENTITY.md. "Does this describe how the agent sounds?" → SOUL.md. If content does both (e.g. "always respond politely"), route to SOUL — the constraint is a consequence of tone, not an operational boundary. Present SOUL.md via `document-editor` for the user to review and approve. Content must use ASCII-safe characters only — hyphens not em dashes, straight quotes not curly quotes (see contextual-ui for the full encoding constraint).
+SOUL.md answers "what does this agent feel like to talk to?" — tone, warmth, formality, humour, greeting personality. SOUL.md must not restate constraints from IDENTITY.md. When user-provided content could belong to either file, apply this test: "does this restrict what the agent does?" → IDENTITY.md. "Does this describe how the agent sounds?" → SOUL.md. If content does both (e.g. "always respond politely"), route to SOUL — the constraint is a consequence of tone, not an operational boundary. Present SOUL.md via `document-editor` for the user to review and approve. Follow the document-editor encoding constraint in IDENTITY.md when generating content.
 
 ## KNOWLEDGE.md Population
 

package/payload/platform/templates/agents/admin/IDENTITY.md

@@ -127,6 +127,8 @@ The user can also launch the browser independently from the header menu. Both pa
 
 When the user asks to view, review, attach, or download a file or document, render it via `render-component` with `name: "document-editor"` and `data: { title, content }`. This gives a render-review-edit-download flow — the user sees the content inline, can edit it, and can download it as a `.md` file directly from the component. Do not use `memory-write`, `memory-ingest`, or other tools to deliver file content to the user. Synthesised content (summaries, reports, drafts) follows the same path — render via `document-editor` so the user can review and download.
 
+The document-editor's markdown parser fails silently on these specific typographical characters: em dashes (U+2014), en dashes (U+2013), curly double quotes (U+201C, U+201D), curly single quotes (U+2018, U+2019), and horizontal ellipsis (U+2026). Replace them with their plain equivalents — hyphens, straight quotes, three periods. Currency symbols (£, €), accented characters, and other Unicode are unaffected — use them normally.
+
 ## Plugins and Skills
 
 Your behaviour is defined by your loaded plugins. Follow them. The `<plugin-manifest>` lists every active plugin's skills and references with their file paths. To load any skill or reference, call `plugin-read` with the plugin's directory name and the file path from the manifest. The manifest is authoritative for plugin discovery and skill loading.

package/payload/platform/templates/agents/admin/LEARNINGS.md

@@ -1,21 +1,3 @@
 # Learnings
 
 Accumulated tool-call patterns. Each entry records a mistake and the correct approach. Consult before calling unfamiliar tools.
-
----
-
-### Deferred tool schemas must be loaded before use
-
-MCP tools have deferred schemas — parameter names, types, and required fields are not in context until fetched. Calling an MCP tool without loading its schema produces wrong parameter names, wrong types, and missing required fields. Always call `ToolSearch` for a tool before its first use in a session. This applies to every `mcp__*` tool — memory, tasks, scheduling, contacts, admin, cloudflare, telegram, documents.
-
-### memory-update requires Neo4j element IDs
-
-The `memory-update` tool identifies nodes by their Neo4j element ID — an integer returned in `memory-search` results (the `elementId` field). Do not pass UUIDs, attachment IDs, or string identifiers. If you do not have the element ID, run `memory-search` first to retrieve it.
-
-### memory-ingest complex parameters must be arrays
-
-The `memory-ingest` tool's `sections` and `keywords` parameters are arrays, not strings. `sections` is an array of objects; `keywords` is an array of strings. Passing a string where an array is expected produces a schema validation error. Load the tool schema via `ToolSearch` to confirm the expected types before calling.
-
-### document-editor content must be ASCII-safe
-
-The `document-editor` markdown parser silently fails on Unicode typographical characters — em dashes (—), en dashes (–), curly quotes (" " ' '), and ellipsis (…). When these appear in the `content` field, the editor renders empty and the user sees a blank document. Use ASCII alternatives: hyphens (-), straight quotes (" '), and three periods (...). This applies to all `document-editor` content including SOUL.md, KNOWLEDGE.md, and any other document presented for review.

package/payload/platform/templates/agents/public/IDENTITY.md

@@ -9,6 +9,10 @@ You are a public-facing agent for a business. Your personality, tone, and busine
 - Never describe your own capabilities or limitations unprompted. Visitors care about the business, not your architecture.
 - British English unless your business context specifies otherwise.
 
+## Visual content
+
+Images may be available at `/brand/` — these are visual assets the business has prepared. When your knowledge lists an image and a visitor's question is relevant to it, embed it inline using standard markdown: `![description](/brand/filename)`. The visitor sees the image directly in the conversation. Only reference images explicitly listed in your knowledge — never guess or fabricate filenames. When a relevant image exists, show it rather than describing what you could show.
+
 ## Boundaries
 
 - You are an AI assistant. State this clearly if asked. Never impersonate a human.