@rubytech/create-maxy 1.0.621 → 1.0.622

package/payload/server/public/index.html

@@ -5,11 +5,11 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Maxy</title>
   <link rel="icon" href="/favicon.ico">
-  <script type="module" crossorigin src="/assets/admin-D7LRdkYB.js"></script>
+  <script type="module" crossorigin src="/assets/admin-BxVuKRJZ.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/chunk-Be6NvmcD.js">
   <link rel="modulepreload" crossorigin href="/assets/preload-helper-rov5CBGT.js">
-  <link rel="modulepreload" crossorigin href="/assets/useVoiceRecorder-OB_Gtr0e.js">
-  <link rel="stylesheet" crossorigin href="/assets/useVoiceRecorder-CaFVzk8y.css">
+  <link rel="modulepreload" crossorigin href="/assets/useVoiceRecorder-CiYPZu3g.js">
+  <link rel="stylesheet" crossorigin href="/assets/useVoiceRecorder-BORuG_su.css">
   <link rel="stylesheet" href="/brand-defaults.css">
 </head>
 <body>

package/payload/server/public/public.html

@@ -5,11 +5,11 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Maxy</title>
   <link rel="icon" href="/favicon.ico">
-  <script type="module" crossorigin src="/assets/public-ZM0fHAOE.js"></script>
+  <script type="module" crossorigin src="/assets/public-Bgm9WQFZ.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/chunk-Be6NvmcD.js">
   <link rel="modulepreload" crossorigin href="/assets/preload-helper-rov5CBGT.js">
-  <link rel="modulepreload" crossorigin href="/assets/useVoiceRecorder-OB_Gtr0e.js">
-  <link rel="stylesheet" crossorigin href="/assets/useVoiceRecorder-CaFVzk8y.css">
+  <link rel="modulepreload" crossorigin href="/assets/useVoiceRecorder-CiYPZu3g.js">
+  <link rel="stylesheet" crossorigin href="/assets/useVoiceRecorder-BORuG_su.css">
   <link rel="stylesheet" href="/brand-defaults.css">
 </head>
 <body>

package/payload/server/server.js

@@ -10574,24 +10574,64 @@ function defaultRules() {
       suggestedAction: "This laptop is signed into a Cloudflare account that does not own the hostnames the tunnel is configured to serve. Run `tunnel-status` to confirm, then tell the operator verbatim: 'The tunnel is running on this laptop but nothing from the internet is reaching it. The Cloudflare account this laptop is signed into doesn't own your domain. Open Cloudflare in your browser \u2014 is the account name in the top-left the one that owns your domain? If not, switch to the correct one, then tell me and I will re-sign-in.' When the operator confirms the correct account is selected, run `tunnel-login force=true`."
     },
     {
-      // Task 541: tunnel-login's browser-launch failure class — cloudflared
-      // reports "Failed to fetch resource" into cloudflared-login.log when
-      // its browser launcher cannot reach the default browser, and the login
-      // process lingers with a live PID holding the log open. Prior to Task
-      // 541, `tunnel-login` inferred liveness from PID alone and kept
-      // reporting "Sign-in in progress" against a dead auth flow. The MCP
-      // handler now parses the log and emits this line on the first call
-      // that detects the failure; the rule surfaces it to the admin agent on
-      // the next turn so the 44-tool-call self-discovery loop (session
-      // 0e30b69e) cannot reopen.
+      // Task 545: tunnel-login's terminal-failure class — cloudflared's
+      // login process died without writing cert.pem. Covers every reason
+      // the handler emits on the `failed` branch: either an unknown exit
+      // (`-without-cert`), an exit preceded by the courtesy browser-launch
+      // marker (`-with-marker`), auth URL never produced (`-timeout`), or
+      // crashed before producing it at all. Task 541's original pattern
+      // matched `reason=browser-launch-fetch-error` — Task 545 retired
+      // that reason because the marker alone is no longer terminal
+      // (cloudflared keeps its OAuth-callback loop alive after emitting
+      // it). Use this pattern for any new terminal reason the handler
+      // gains: extend the alternation rather than adding parallel rules.
       id: "cloudflare-tunnel-login-failed",
-      name: "Cloudflare tunnel-login failed (browser launcher fetch error)",
+      name: "Cloudflare tunnel-login process terminated without writing cert",
       type: "silent-catch",
       logSource: "any",
-      pattern: "\\[cloudflare:tunnel-login:failed\\] reason=browser-launch-fetch-error",
+      pattern: "\\[cloudflare:tunnel-login:failed\\] reason=(login-process-exited-without-cert|login-process-exited-with-marker|auth-url-timeout|process-exited-before-auth-url)",
       thresholdCount: 0,
       thresholdWindowMinutes: 0,
-      suggestedAction: "cloudflared's browser launcher failed to open the sign-in URL on the laptop. The tunnel-login tool has already detected this and restarted the login \u2014 relay the new sign-in URL to the operator and wait for them to confirm authorization in the VNC browser. Do not open the Cloudflare dashboard in any other surface; the only path is the sign-in URL the tool produces."
+      suggestedAction: "The cloudflared login process died before cert.pem landed on disk. For `login-process-exited-*` reasons the tunnel-login tool detected the dead process on the next call and has already respawned it \u2014 relay the new sign-in URL and wait for the operator to authorize in the VNC browser. For `auth-url-timeout` / `process-exited-before-auth-url`, the tool's most recent call returned an error and did not respawn \u2014 call `tunnel-login` again to spawn a fresh attempt. Never open the Cloudflare dashboard in any other surface; the only auth path is the sign-in URL the tool produces."
+    },
+    {
+      // Task 545: non-terminal advisory. cloudflared's browser-launch
+      // subcommand failed (DISPLAY unreachable, xdg-open absent, etc.) but
+      // its OAuth-callback listener is still running — the login can still
+      // complete if a human opens the URL. This rule fires so the admin
+      // agent can relay "open the URL yourself" to the operator the moment
+      // the condition appears, rather than waiting for the operator to
+      // notice nothing is happening in their browser. Task 546 will
+      // obsolete the advisory by rendering auth URLs that auto-open in
+      // the VNC browser.
+      id: "cloudflare-tunnel-login-browser-launch-failed",
+      name: "cloudflared couldn't open the sign-in URL (login still live)",
+      type: "silent-catch",
+      logSource: "any",
+      pattern: "\\[cloudflare:tunnel-login:browser-launch-failed\\]",
+      thresholdCount: 0,
+      thresholdWindowMinutes: 0,
+      suggestedAction: "cloudflared's browser-launch courtesy failed on this laptop, but the sign-in URL is still live \u2014 the process is waiting for the OAuth callback. Tell the operator to open the sign-in URL in the VNC browser themselves and complete the authorization. The tunnel-login tool already includes the URL and the advisory in its most recent response; do not restart the login (that would invalidate the URL the operator is about to open)."
+    },
+    {
+      // Task 545: raw-log surface. cloudflared-login.log is now read by
+      // the review-detector's `cloudflared` source (see sources.ts). The
+      // literal "Failed to fetch resource" is emitted by cloudflared
+      // itself when its browser-launch subcommand can't reach a display.
+      // This rule catches the cloudflared-side event even if the MCP
+      // handler's classification drifts or the platform is restarting
+      // mid-login and the advisory log line is not yet written. Keeping
+      // this rule on a different source (log-line, not MCP stderr) makes
+      // the detection redundant in the "defence in depth" sense — if the
+      // MCP classification ever regresses, this still fires.
+      id: "cloudflared-login-browser-launch-failed-raw",
+      name: "cloudflared login \u2014 browser-launch fetch error in log",
+      type: "silent-catch",
+      logSource: "cloudflared",
+      pattern: "Failed to fetch resource",
+      thresholdCount: 0,
+      thresholdWindowMinutes: 0,
+      suggestedAction: "cloudflared-login.log shows the browser-launch courtesy failed. The sign-in URL from the last tunnel-login call is still live \u2014 the cloudflared process waits for the OAuth callback regardless of whether it could open the browser itself. Tell the operator to open the sign-in URL manually in the VNC browser on the device."
     },
     {
       // Task 540: cloudflared.log is the one file most likely to carry the
@@ -10629,6 +10669,33 @@ function defaultRules() {
       thresholdWindowMinutes: 60,
       scope: "session",
       suggestedAction: 'Agent emitted a choice-fork question ("Want me to X, or Y?") instead of a one-sided question or the prescribed action. Review Task 543 IDENTITY \xA7 Questions \u2014 the agent asked an opposing-axis question, or degraded a deterministic tool signal into a menu. The log sample shows the offending turn verbatim.'
+    },
+    {
+      // Task 546: fires when the operator clicks a device-bound URL affordance
+      // and the chat UI cannot drive the device browser — either CDP is
+      // unreachable, the navigation timed out, or CDP returned an error. The
+      // log line carries intent, hostname, and navigateResult so the admin
+      // agent can name the affected flow and hostname verbatim on its next
+      // turn. Every occurrence is worth surfacing (thresholdCount: 0) because
+      // this is the exact class of silent failure Task 546 exists to close:
+      // the operator clicked, nothing happened on the device, and if we don't
+      // review the click telemetry the agent has no way to know the flow is
+      // stuck.
+      id: "device-url-click-failed",
+      name: "Device-bound URL click failed to drive the VNC browser",
+      type: "silent-catch",
+      logSource: "server",
+      // Enumerate the NavigateResult union explicitly rather than relying
+      // on a (?!ok) negative lookahead anchored to a specific token order.
+      // If a new member is added to the union in cdp-client.ts, this rule
+      // must be updated in the same commit — the pattern is order-agnostic
+      // (browser= and navigateResult= can appear in either order) and the
+      // enumerated list compile-fails the source if it ever drifts from
+      // the shared type in device-url-schema.ts.
+      pattern: "\\[device-url:click\\][^\\n]*(?:browser=fallback|navigateResult=(?:timeout|cdp-unreachable|error))",
+      thresholdCount: 0,
+      thresholdWindowMinutes: 0,
+      suggestedAction: "A device-bound URL click failed to drive Chromium on the device's VNC display. Identify the `intent` and `hostname` from the log line, then check the VNC surface: read `vnc-boot.log` and confirm Chromium on :99 is responding on CDP port 9222. If CDP is unreachable, the operator needs to restart the VNC stack; if CDP is reachable but navigation errored, the URL itself may be malformed upstream \u2014 grep the stream log for the originating `[device-url:render]` line."
     }
   ];
 }
@@ -10858,8 +10925,12 @@ function discoverSourceFiles(configDir2, accountLogDir2, logicalSource) {
     return existsSync8(p) ? [{ logicalSource: "vnc", filepath: p }] : [];
   }
   if (logicalSource === "cloudflared") {
-    const p = resolve8(configDir2, "logs", "cloudflared.log");
-    return existsSync8(p) ? [{ logicalSource: "cloudflared", filepath: p }] : [];
+    const files2 = [];
+    const daemon = resolve8(configDir2, "logs", "cloudflared.log");
+    if (existsSync8(daemon)) files2.push({ logicalSource: "cloudflared", filepath: daemon });
+    const login = resolve8(configDir2, "logs", "cloudflared-login.log");
+    if (existsSync8(login)) files2.push({ logicalSource: "cloudflared", filepath: login });
+    return files2;
   }
   const prefix = {
     system: "claude-agent-stream-",
@@ -32133,6 +32204,174 @@ async function POST27(req, remoteAddress) {
   }
 }
 
+// app/lib/cdp-client.ts
+var CDP_HOST = "127.0.0.1";
+var CDP_PORT = 9222;
+var DEFAULT_TIMEOUT_MS = 5e3;
+async function cdpNavigateNewTab(url2, opts = {}) {
+  const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const endpoint = `http://${CDP_HOST}:${CDP_PORT}/json/new?${encodeURIComponent(url2)}`;
+  let res;
+  try {
+    res = await fetch(endpoint, {
+      method: "PUT",
+      signal: AbortSignal.timeout(timeoutMs)
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (msg.includes("ECONNREFUSED") || msg.includes("fetch failed") || msg.includes("ENOTFOUND")) {
+      return { result: "cdp-unreachable", detail: msg };
+    }
+    if (err instanceof Error && err.name === "TimeoutError") {
+      return { result: "timeout", detail: msg };
+    }
+    return { result: "error", detail: msg };
+  }
+  if (!res.ok) {
+    const body = await res.text().catch(() => "<unreadable>");
+    return {
+      result: "error",
+      detail: `CDP /json/new returned ${res.status}: ${body.slice(0, 200)}`
+    };
+  }
+  let target;
+  try {
+    target = await res.json();
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    return { result: "error", detail: `CDP /json/new response not JSON: ${msg}` };
+  }
+  return { result: "ok", targetId: target?.id };
+}
+
+// app/api/admin/device-browser/navigate/route.ts
+async function POST28(req, remoteAddress) {
+  const TAG18 = "[device-url:click]";
+  let body;
+  try {
+    body = await req.json();
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG18} reject reason=body-not-json detail=${detail} browser=fallback navigateResult=error`);
+    return Response.json(
+      { ok: false, navigateResult: "error", browser: "fallback", detail: "Request body was not valid JSON" },
+      { status: 400 }
+    );
+  }
+  const url2 = typeof body.url === "string" ? body.url : "";
+  const intent = typeof body.intent === "string" ? body.intent : "";
+  const hostname4 = typeof body.hostname === "string" ? body.hostname : "";
+  if (!url2) {
+    console.error(`${TAG18} reject reason=missing-url intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`);
+    return Response.json(
+      { ok: false, navigateResult: "error", browser: "fallback", detail: "url field is required" },
+      { status: 400 }
+    );
+  }
+  let parsed;
+  try {
+    parsed = new URL(url2);
+  } catch {
+    console.error(`${TAG18} reject reason=url-malformed intent=${JSON.stringify(intent)} url=${url2} browser=fallback navigateResult=error`);
+    return Response.json(
+      { ok: false, navigateResult: "error", browser: "fallback", detail: "url is not a valid URL" },
+      { status: 400 }
+    );
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    console.error(
+      `${TAG18} reject reason=scheme-not-allowed scheme=${parsed.protocol} intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`
+    );
+    return Response.json(
+      {
+        ok: false,
+        navigateResult: "error",
+        browser: "fallback",
+        detail: `URL scheme ${parsed.protocol} is not permitted; only http and https are accepted`
+      },
+      { status: 400 }
+    );
+  }
+  const transport = resolveBrowserTransport(req, remoteAddress);
+  const cdpOk = await ensureCdp(transport);
+  if (!cdpOk) {
+    console.error(
+      `${TAG18} intent=${JSON.stringify(intent)} browser=fallback navigateResult=cdp-unreachable hostname=${JSON.stringify(hostname4)}`
+    );
+    return Response.json(
+      {
+        ok: false,
+        navigateResult: "cdp-unreachable",
+        browser: "fallback",
+        detail: "Device browser (Chromium/CDP on :9222) did not start"
+      },
+      { status: 502 }
+    );
+  }
+  const outcome = await cdpNavigateNewTab(parsed.toString());
+  const browser = outcome.result === "ok" ? "vnc" : "fallback";
+  const detailStr = outcome.detail ? ` detail=${JSON.stringify(outcome.detail.length > 230 ? outcome.detail.slice(0, 227) + "..." : outcome.detail)}` : "";
+  console.error(
+    `${TAG18} intent=${JSON.stringify(intent)} browser=${browser} navigateResult=${outcome.result} hostname=${JSON.stringify(hostname4)} targetId=${outcome.targetId ?? "none"}${detailStr}`
+  );
+  if (outcome.result !== "ok") {
+    return Response.json(
+      {
+        ok: false,
+        navigateResult: outcome.result,
+        browser: "fallback",
+        detail: outcome.detail
+      },
+      { status: 502 }
+    );
+  }
+  return Response.json({
+    ok: true,
+    navigateResult: "ok",
+    browser: "vnc",
+    targetId: outcome.targetId
+  });
+}
+
+// app/api/admin/events/route.ts
+var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
+  "device-url:render",
+  "device-url:fallback-shown",
+  "device-url:vnc-surface-shown",
+  "device-url:malformed"
+]);
+async function POST29(req) {
+  const TAG18 = "[admin:events]";
+  let body;
+  try {
+    body = await req.json();
+  } catch (err) {
+    const detail = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG18} reject reason=body-not-json detail=${detail}`);
+    return Response.json({ ok: false, detail: "Request body was not valid JSON" }, { status: 400 });
+  }
+  const event = typeof body.event === "string" ? body.event : "";
+  if (!ALLOWED_EVENTS.has(event)) {
+    console.error(`${TAG18} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
+    return Response.json({ ok: false, detail: `Event "${event}" is not allowed` }, { status: 400 });
+  }
+  const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
+  const safeFields = {};
+  for (const [key, value] of Object.entries(rawFields)) {
+    if (!/^[a-zA-Z][a-zA-Z0-9_-]{0,39}$/.test(key)) continue;
+    if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") {
+      safeFields[key] = value;
+    }
+  }
+  const formatted = Object.entries(safeFields).map(([k, v]) => {
+    if (typeof v !== "string") return `${k}=${String(v)}`;
+    const trunc = v.length > 230 ? v.slice(0, 227) + "..." : v;
+    return `${k}=${JSON.stringify(trunc)}`;
+  }).join(" ");
+  console.error(`[${event}] ${formatted}`);
+  return Response.json({ ok: true });
+}
+
 // server/index.ts
 var PLATFORM_ROOT12 = process.env.MAXY_PLATFORM_ROOT || "";
 var BRAND_JSON_PATH = PLATFORM_ROOT12 ? join13(PLATFORM_ROOT12, "config", "brand.json") : "";
@@ -32523,6 +32762,11 @@ app.delete(
   (c) => DELETE2(c.req.raw, { params: Promise.resolve({ slug: c.req.param("slug") }) })
 );
 app.post("/api/admin/browser/launch", (c) => POST27(c.req.raw, c.env?.incoming?.socket?.remoteAddress));
+app.post(
+  "/api/admin/device-browser/navigate",
+  (c) => POST28(c.req.raw, c.env?.incoming?.socket?.remoteAddress)
+);
+app.post("/api/admin/events", (c) => POST29(c.req.raw));
 app.get("/api/admin/sessions", (c) => GET15(c.req.raw));
 app.post("/api/admin/sessions/new", (c) => POST24(c.req.raw));
 app.delete(