@rubytech/create-maxy 1.0.653 → 1.0.655

package/payload/server/server.js

@@ -1201,14 +1201,14 @@ var Hono = class _Hono {
    * app.route("/api", app2) // GET /api/user
    * ```
    */
-  route(path2, app30) {
+  route(path2, app31) {
     const subApp = this.basePath(path2);
-    app30.routes.map((r) => {
+    app31.routes.map((r) => {
       let handler;
-      if (app30.errorHandler === errorHandler) {
+      if (app31.errorHandler === errorHandler) {
         handler = r.handler;
       } else {
-        handler = async (c, next) => (await compose([], app30.errorHandler)(c, () => r.handler(c, next))).res;
+        handler = async (c, next) => (await compose([], app31.errorHandler)(c, () => r.handler(c, next))).res;
         handler[COMPOSED_HANDLER] = r.handler;
       }
       subApp.#addRoute(r.method, r.path, handler);
@@ -10867,6 +10867,13 @@ ${block}`;
 }
 
 // server/routes/_helpers.ts
+async function safeJson(c) {
+  try {
+    return await c.req.json();
+  } catch {
+    return null;
+  }
+}
 async function resolveSessionKey(c) {
   const fromQuery = c.req.query("session_key");
   if (fromQuery) return fromQuery;
@@ -11323,7 +11330,7 @@ function defaultRules() {
       name: "setup-tunnel.sh failed to persist step-7 completion",
       type: "silent-catch",
       logSource: "any",
-      pattern: "\\[setup-tunnel\\] step=onboarding-persist result=error",
+      pattern: "\\[script:setup-tunnel\\] step=onboarding-persist result=error",
       thresholdCount: 0,
       thresholdWindowMinutes: 0,
       suggestedAction: "[Task 562] setup-tunnel.sh could not persist step-7 completion before arming the service restart. Read the `reason` field on the failing phase line: `fs-flag-dir-failed` means `${ACCOUNT_DIR}/onboarding/` is not writable (chmod issue or disk full); `fs-flag-write-failed` means the flag file itself could not be written. Without the flag, the next admin session will re-ask the Cloudflare question the user just answered. Recovery: fix the permission/disk issue, then either re-run `~/setup-tunnel.sh` (the flag-write is idempotent) or call `onboarding-complete-step` with step 7 from the admin chat to mark step 7 complete explicitly."
@@ -18083,7 +18090,7 @@ import * as childProcess from "child_process";
 import { appendFileSync as appendFileSync6, createReadStream as createReadStream2, mkdirSync as mkdirSync12, statSync as statSync8 } from "fs";
 import { dirname as dirname7 } from "path";
 import { StringDecoder as StringDecoder2 } from "string_decoder";
-var SCRIPT_STREAM_RE = /^\[([^\]]+)\] \[([a-z][a-z0-9-]*)((?::[a-z0-9:_-]+)?)\] (.*)$/;
+var SCRIPT_STREAM_RE = /^\[([^\]]+)\] \[script:([a-z][a-z0-9-]*)((?::[a-z0-9:_-]+)?)\] (.*)$/;
 function parseLine(line) {
   const m = line.match(SCRIPT_STREAM_RE);
   if (!m) return void 0;
@@ -18178,6 +18185,11 @@ function startScriptStreamTailer(opts) {
 }
 var SCOPE_TOKEN_RE = /^[a-z][a-z0-9-]*$/;
 function writeRouteMilestone(streamLogPath, scope, line) {
+  if (scope.startsWith("script:")) {
+    throw new Error(
+      `writeRouteMilestone: scope "${scope}" must not start with "script:" \u2014 the helper prepends it (Task 605)`
+    );
+  }
   if (!SCOPE_TOKEN_RE.test(scope)) {
     throw new Error(
       `writeRouteMilestone: scope "${scope}" must match [a-z][a-z0-9-]* \u2014 the tailer regex won't match otherwise`
@@ -18186,7 +18198,7 @@ function writeRouteMilestone(streamLogPath, scope, line) {
   const ts = (/* @__PURE__ */ new Date()).toISOString();
   try {
     mkdirSync12(dirname7(streamLogPath), { recursive: true });
-    appendFileSync6(streamLogPath, `[${ts}] [${scope}] ${line}
+    appendFileSync6(streamLogPath, `[${ts}] [script:${scope}] ${line}
 `);
   } catch (err) {
     console.error(
@@ -20121,13 +20133,18 @@ var GRAPH_LABEL_COLOURS = {
 var ALL_GRAPH_LABELS = Object.freeze(
   Object.keys(GRAPH_LABEL_COLOURS)
 );
+var HIDDEN_BY_DEFAULT_LABELS = Object.freeze(
+  /* @__PURE__ */ new Set(["Chunk"])
+);
 function isKnownLabel(label) {
   return Object.prototype.hasOwnProperty.call(GRAPH_LABEL_COLOURS, label);
 }
+function isHiddenByDefault(label) {
+  return HIDDEN_BY_DEFAULT_LABELS.has(label);
+}
 
 // server/routes/admin/graph-subgraph.ts
-var DEFAULT_LIMIT2 = 200;
-var MAX_LIMIT2 = 500;
+var CEILING = 2e3;
 var STRIPPED_PROPERTIES = /* @__PURE__ */ new Set([
   "embedding",
   "passwordHash",
@@ -20143,12 +20160,41 @@ app26.get("/", requireAdminSession, async (c) => {
     console.error('[graph-page] auth-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
   }
-  const rawLimit = c.req.query("limit");
-  const parsedLimit = rawLimit ? parseInt(rawLimit, 10) : DEFAULT_LIMIT2;
-  const limit = Number.isFinite(parsedLimit) && parsedLimit > 0 ? Math.min(parsedLimit, MAX_LIMIT2) : DEFAULT_LIMIT2;
-  const rawLabels = c.req.query("labels");
-  const labels = rawLabels ? rawLabels.split(",").map((s) => s.trim()).filter(Boolean) : [];
+  const mode = c.req.query("mode");
+  if (mode !== "default" && mode !== "neighbourhood") {
+    console.error(
+      `[graph-page] load rejected reason=missing-mode account=${accountId} got=${mode ?? "null"}`
+    );
+    return c.json(
+      { error: "mode required: default | neighbourhood" },
+      400
+    );
+  }
+  if (mode === "default") return handleDefault(c, accountId);
+  return handleNeighbourhood(c, accountId);
+});
+async function handleDefault(c, accountId) {
+  const rawLabels = c.req.query("labels") ?? "";
+  const labels = rawLabels.split(",").map((s) => s.trim()).filter(Boolean);
+  if (labels.length === 0) {
+    console.error(
+      `[graph-page] load rejected reason=missing-filter account=${accountId} labels=`
+    );
+    return c.json(
+      { error: "labels required in default mode \u2014 pick at least one node type" },
+      400
+    );
+  }
   for (const label of labels) {
+    if (isHiddenByDefault(label)) {
+      console.error(
+        `[graph-page] load rejected reason=chunk-label-requested account=${accountId} labels=${labels.join(",")}`
+      );
+      return c.json(
+        { error: `label "${label}" is hidden by default \u2014 it cannot be requested via mode=default` },
+        400
+      );
+    }
     if (!isKnownLabel(label)) {
       return c.json(
         { error: `unknown label "${label}" \u2014 not registered in graph-labels.ts` },
@@ -20159,18 +20205,78 @@ app26.get("/", requireAdminSession, async (c) => {
   const started = Date.now();
   const session = getSession();
   try {
-    const cypher = labels.length > 0 ? buildCypher(true) : buildCypher(false);
-    const params = { accountId, limit };
-    if (labels.length > 0) params.labels = labels;
-    const result = await session.run(cypher, params);
+    const result = await session.executeRead(async (tx) => {
+      const countResult = await tx.run(DEFAULT_COUNT_CYPHER, { accountId, labels });
+      const matchedRaw = countResult.records[0]?.get("matched");
+      const matched = typeof matchedRaw === "bigint" ? Number(matchedRaw) : Number(matchedRaw ?? 0);
+      if (matched > CEILING) {
+        return { overLimit: true, matched };
+      }
+      const fetchResult = await tx.run(DEFAULT_FETCH_CYPHER, { accountId, labels });
+      const record = fetchResult.records[0];
+      const rawNodes = record?.get("nodes") ?? [];
+      const rawEdges = record?.get("edges") ?? [];
+      return { overLimit: false, matched, rawNodes, rawEdges };
+    });
+    const elapsed = Date.now() - started;
+    if (result.overLimit) {
+      console.error(
+        `[graph-page] load rejected reason=ceiling-exceeded account=${accountId} labels=${labels.join(",")} matched=${result.matched} ceiling=${CEILING} ms=${elapsed}`
+      );
+      return c.json(
+        {
+          error: `Refine your filter \u2014 ${result.matched} matches exceed the ${CEILING} cap.`,
+          matched: result.matched
+        },
+        413
+      );
+    }
+    const nodes = result.rawNodes.map(pruneNode);
+    const edges = result.rawEdges.filter((e) => e && e.id != null);
+    console.error(
+      `[graph-page] load mode=default account=${accountId} labels=${labels.join(",")} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
+    );
+    return c.json({ nodes, edges });
+  } catch (err) {
+    const elapsed = Date.now() - started;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[graph-page] error stage=fetch reason="${message}" ms=${elapsed}`);
+    return c.json({ error: `Graph data unavailable: ${message}` }, 503);
+  } finally {
+    try {
+      await session.close();
+    } catch {
+    }
+  }
+}
+async function handleNeighbourhood(c, accountId) {
+  const elementId = c.req.query("elementId");
+  if (!elementId) {
+    return c.json(
+      { error: "elementId required in neighbourhood mode" },
+      400
+    );
+  }
+  const started = Date.now();
+  const session = getSession();
+  try {
+    const result = await session.executeRead(async (tx) => {
+      return await tx.run(NEIGHBOURHOOD_CYPHER, { accountId, elementId });
+    });
     const record = result.records[0];
     const rawNodes = record?.get("nodes") ?? [];
     const rawEdges = record?.get("edges") ?? [];
+    const elapsed = Date.now() - started;
+    if (rawNodes.length === 0) {
+      console.error(
+        `[graph-page] load rejected reason=not-found account=${accountId} elementId=${elementId} ms=${elapsed}`
+      );
+      return c.json({ error: "Node not found" }, 404);
+    }
     const nodes = rawNodes.map(pruneNode);
     const edges = rawEdges.filter((e) => e && e.id != null);
-    const elapsed = Date.now() - started;
     console.error(
-      `[graph-page] load account=${accountId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
+      `[graph-page] load mode=neighbourhood account=${accountId} elementId=${elementId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
     );
     return c.json({ nodes, edges });
   } catch (err) {
@@ -20184,30 +20290,63 @@ app26.get("/", requireAdminSession, async (c) => {
     } catch {
     }
   }
-});
-function buildCypher(filtered) {
-  const labelGuard = filtered ? "AND any(lbl IN labels(n) WHERE lbl IN $labels)" : "";
-  return `
-    MATCH (n)
-    WHERE n.accountId = $accountId ${labelGuard}
-    WITH n ORDER BY coalesce(n.updatedAt, n.createdAt, '') DESC
-    LIMIT toInteger($limit)
-    WITH collect(n) AS nodes, collect(elementId(n)) AS nodeIds
-    UNWIND nodes AS n
-    OPTIONAL MATCH (n)-[r]-(m)
-      WHERE elementId(m) IN nodeIds
-    WITH nodes,
-         collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
-           id: elementId(r),
-           from: elementId(startNode(r)),
-           to: elementId(endNode(r)),
-           type: type(r)
-         } END) AS rawEdges
-    RETURN
-      [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
-      [e IN rawEdges WHERE e IS NOT NULL] AS edges
-  `;
 }
+var DEFAULT_COUNT_CYPHER = `
+  MATCH (n)
+  WHERE n.accountId = $accountId
+    AND any(lbl IN labels(n) WHERE lbl IN $labels)
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  RETURN count(n) AS matched
+`;
+var DEFAULT_FETCH_CYPHER = `
+  MATCH (n)
+  WHERE n.accountId = $accountId
+    AND any(lbl IN labels(n) WHERE lbl IN $labels)
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  WITH collect(n) AS nodes, collect(elementId(n)) AS nodeIds
+  UNWIND nodes AS n
+  OPTIONAL MATCH (n)-[r]-(m)
+    WHERE elementId(m) IN nodeIds
+  WITH nodes,
+       collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
+         id: elementId(r),
+         from: elementId(startNode(r)),
+         to: elementId(endNode(r)),
+         type: type(r)
+       } END) AS rawEdges
+  RETURN
+    [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [e IN rawEdges WHERE e IS NOT NULL] AS edges
+`;
+var NEIGHBOURHOOD_CYPHER = `
+  MATCH (n)
+  WHERE elementId(n) = $elementId
+    AND n.accountId = $accountId
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  OPTIONAL MATCH (n)-[]-(m)
+    WHERE m.accountId = $accountId
+      AND NOT m:Trashed
+      AND m.deletedAt IS NULL
+  WITH n, collect(DISTINCT m) AS neighbours
+  WITH [n] + [x IN neighbours WHERE x IS NOT NULL] AS windowNodes
+  WITH windowNodes, [x IN windowNodes | elementId(x)] AS windowIds
+  UNWIND windowNodes AS w
+  OPTIONAL MATCH (w)-[r]-(o)
+    WHERE elementId(o) IN windowIds
+  WITH windowNodes,
+       collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
+         id: elementId(r),
+         from: elementId(startNode(r)),
+         to: elementId(endNode(r)),
+         type: type(r)
+       } END) AS rawEdges
+  RETURN
+    [x IN windowNodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [e IN rawEdges WHERE e IS NOT NULL] AS edges
+`;
 function pruneNode(node) {
   const properties = {};
   for (const [key, value] of Object.entries(node.properties ?? {})) {
@@ -20218,9 +20357,167 @@ function pruneNode(node) {
 }
 var graph_subgraph_default = app26;
 
-// server/routes/admin/file-attach.ts
+// ../lib/graph-trash/src/index.ts
+var UNIQUE_KEYS_BY_LABEL = {
+  Person: ["email", "telephone"],
+  Service: ["serviceId"],
+  LocalBusiness: ["accountId"],
+  Task: ["taskId"],
+  Event: ["eventId"],
+  KnowledgeDocument: ["attachmentId"],
+  DigitalDocument: ["attachmentId"],
+  Conversation: ["conversationId", "sessionKey"],
+  Message: ["messageId"],
+  OnboardingState: ["accountId"],
+  Workflow: ["workflowId"],
+  WorkflowStep: ["stepId"],
+  WorkflowRun: ["runId"],
+  Preference: ["preferenceId"],
+  Email: ["emailId", "messageId"],
+  AdminUser: ["userId"],
+  ToolCall: ["callId"],
+  // Composite component nulls — frees the composite constraint:
+  AccessGrant: ["contactValue"],
+  // composite (contactValue, agentSlug, accountId)
+  UserProfile: ["userId"]
+  // composite (accountId, userId)
+};
+async function trashNode(params) {
+  const { session, accountId, elementId, by, reason } = params;
+  const lookup = await session.run(
+    `MATCH (n) WHERE elementId(n) = $eid AND n.accountId = $accountId
+     RETURN labels(n) AS labels, properties(n) AS props`,
+    { eid: elementId, accountId }
+  );
+  if (lookup.records.length === 0) {
+    throw new Error(
+      `trashNode: node not found (elementId=${elementId} accountId=${accountId.slice(0, 8)}\u2026)`
+    );
+  }
+  const allLabels = lookup.records[0].get("labels");
+  const props = lookup.records[0].get("props");
+  const baseLabels = allLabels.filter((l) => l !== "Trashed");
+  if (allLabels.includes("Trashed")) {
+    return {
+      trashed: false,
+      alreadyTrashed: true,
+      nodeId: elementId,
+      labels: baseLabels,
+      trashedAt: String(props.trashedAt ?? ""),
+      originalKeys: {}
+    };
+  }
+  const uniqueKeys = /* @__PURE__ */ new Set();
+  for (const label of baseLabels) {
+    for (const key of UNIQUE_KEYS_BY_LABEL[label] ?? []) uniqueKeys.add(key);
+  }
+  const originalKeys = {};
+  for (const k of uniqueKeys) {
+    if (props[k] !== void 0 && props[k] !== null) originalKeys[k] = props[k];
+  }
+  const setNullClauses = Object.keys(originalKeys).map((k) => `n.\`${k}\` = null`).join(", ");
+  const setNullSuffix = setNullClauses ? `, ${setNullClauses}` : "";
+  const trashedAt = (/* @__PURE__ */ new Date()).toISOString();
+  await session.run(
+    `MATCH (n) WHERE elementId(n) = $eid
+     SET n:Trashed,
+         n.trashedAt = datetime($trashedAt),
+         n.trashedBy = $by,
+         n.trashReason = $reason,
+         n._trashedKeys = $trashedKeysJson${setNullSuffix}`,
+    {
+      eid: elementId,
+      trashedAt,
+      by,
+      reason: reason ?? null,
+      trashedKeysJson: JSON.stringify(originalKeys)
+    }
+  );
+  process.stderr.write(
+    `[trash:marked] accountId=${accountId} elementId=${elementId} labels=${baseLabels.join(",")} by=${by} reason=${reason ?? "null"}
+`
+  );
+  return {
+    trashed: true,
+    alreadyTrashed: false,
+    nodeId: elementId,
+    labels: baseLabels,
+    trashedAt,
+    originalKeys
+  };
+}
+
+// server/routes/admin/graph-delete.ts
 var app27 = new Hono2();
-app27.post("/", async (c) => {
+app27.post("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    console.error('[graph-page] delete auth-rejected reason="no account for session"');
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const body = await safeJson(c);
+  if (!body) {
+    return c.json({ error: "JSON body required" }, 400);
+  }
+  const elementId = typeof body.elementId === "string" ? body.elementId.trim() : "";
+  if (!elementId) {
+    return c.json({ error: "elementId required" }, 400);
+  }
+  const started = Date.now();
+  const session = getSession();
+  try {
+    const lookup = await session.run(
+      `MATCH (n)
+       WHERE elementId(n) = $elementId AND n.accountId = $accountId
+       RETURN labels(n) AS labels LIMIT 1`,
+      { elementId, accountId }
+    );
+    if (lookup.records.length === 0) {
+      const elapsed2 = Date.now() - started;
+      console.error(
+        `[graph-page] delete account=${accountId} elementId=${elementId} labels= result=not-found ms=${elapsed2}`
+      );
+      return c.json({ error: "Node not found" }, 404);
+    }
+    const preflightLabels = lookup.records[0].get("labels") ?? [];
+    const result = await trashNode({
+      session,
+      accountId,
+      elementId,
+      by: "graph-page"
+    });
+    const elapsed = Date.now() - started;
+    const labelSummary = (result.labels.length > 0 ? result.labels : preflightLabels).join(",");
+    console.error(
+      `[graph-page] delete account=${accountId} elementId=${elementId} labels=${labelSummary} result=ok ms=${elapsed}`
+    );
+    const response = {
+      elementId: result.nodeId,
+      labels: result.labels.length > 0 ? result.labels : preflightLabels,
+      trashedAt: result.trashedAt,
+      alreadyTrashed: result.alreadyTrashed
+    };
+    return c.json(response);
+  } catch (err) {
+    const elapsed = Date.now() - started;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[graph-page] delete account=${accountId} elementId=${elementId} labels= result=error ms=${elapsed} err="${message}"`
+    );
+    return c.json({ error: `Delete failed: ${message}` }, 503);
+  } finally {
+    try {
+      await session.close();
+    } catch {
+    }
+  }
+});
+var graph_delete_default = app27;
+
+// server/routes/admin/file-attach.ts
+var app28 = new Hono2();
+app28.post("/", async (c) => {
   try {
     const body = await c.req.json();
     const { filePath, accountId } = body;
@@ -20243,29 +20540,30 @@ app27.post("/", async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-var file_attach_default = app27;
+var file_attach_default = app28;
 
 // server/routes/admin/index.ts
-var app28 = new Hono2();
-app28.route("/session", session_default2);
-app28.route("/chat", chat_default2);
-app28.route("/compact", compact_default);
-app28.route("/logs", logs_default);
-app28.route("/claude-info", claude_info_default);
-app28.route("/attachment", attachment_default);
-app28.route("/account", account_default);
-app28.route("/agents", agents_default);
-app28.route("/version", version_default);
-app28.route("/sessions", sessions_default);
-app28.route("/browser", browser_default);
-app28.route("/device-browser", device_browser_default);
-app28.route("/events", events_default);
-app28.route("/cloudflare", cloudflare_default);
-app28.route("/files", files_default);
-app28.route("/graph-search", graph_search_default);
-app28.route("/graph-subgraph", graph_subgraph_default);
-app28.route("/file-attach", file_attach_default);
-var admin_default = app28;
+var app29 = new Hono2();
+app29.route("/session", session_default2);
+app29.route("/chat", chat_default2);
+app29.route("/compact", compact_default);
+app29.route("/logs", logs_default);
+app29.route("/claude-info", claude_info_default);
+app29.route("/attachment", attachment_default);
+app29.route("/account", account_default);
+app29.route("/agents", agents_default);
+app29.route("/version", version_default);
+app29.route("/sessions", sessions_default);
+app29.route("/browser", browser_default);
+app29.route("/device-browser", device_browser_default);
+app29.route("/events", events_default);
+app29.route("/cloudflare", cloudflare_default);
+app29.route("/files", files_default);
+app29.route("/graph-search", graph_search_default);
+app29.route("/graph-subgraph", graph_subgraph_default);
+app29.route("/graph-delete", graph_delete_default);
+app29.route("/file-attach", file_attach_default);
+var admin_default = app29;
 
 // server/index.ts
 var PLATFORM_ROOT11 = process.env.MAXY_PLATFORM_ROOT || "";
@@ -20323,9 +20621,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app29 = new Hono2();
-app29.use("*", clientIpMiddleware);
-app29.use("*", async (c, next) => {
+var app30 = new Hono2();
+app30.use("*", clientIpMiddleware);
+app30.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -20348,7 +20646,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app29.use("*", async (c, next) => {
+app30.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -20388,7 +20686,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app29.post("/__remote-auth/login", async (c) => {
+app30.post("/__remote-auth/login", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -20424,7 +20722,7 @@ app29.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app29.get("/__remote-auth/logout", (c) => {
+app30.get("/__remote-auth/logout", (c) => {
   const cookieHeader = c.req.header("cookie");
   const token = parseCookie(cookieHeader, "__remote_session");
   if (token) invalidateRemoteSession(token);
@@ -20437,7 +20735,7 @@ app29.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app29.post("/__remote-auth/change-password", async (c) => {
+app30.post("/__remote-auth/change-password", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -20486,13 +20784,13 @@ app29.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app29.get("/__remote-auth/setup", (c) => {
+app30.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app29.post("/__remote-auth/set-initial-password", async (c) => {
+app30.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -20528,10 +20826,10 @@ app29.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app29.get("/api/remote-auth/status", (c) => {
+app30.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app29.post("/api/remote-auth/set-password", async (c) => {
+app30.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -20561,9 +20859,9 @@ app29.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app29.route("/api/_client-error", client_error_default);
+app30.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app29.use("*", async (c, next) => {
+app30.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -20603,15 +20901,15 @@ function parseCookie(cookieHeader, name) {
     return null;
   }
 }
-app29.route("/api/health", health_default);
-app29.route("/api/session", session_default);
-app29.route("/api/chat", chat_default);
-app29.route("/api/group", group_default);
-app29.route("/api/access", access_default);
-app29.route("/api/telegram", telegram_default);
-app29.route("/api/whatsapp", whatsapp_default);
-app29.route("/api/onboarding", onboarding_default);
-app29.route("/api/admin", admin_default);
+app30.route("/api/health", health_default);
+app30.route("/api/session", session_default);
+app30.route("/api/chat", chat_default);
+app30.route("/api/group", group_default);
+app30.route("/api/access", access_default);
+app30.route("/api/telegram", telegram_default);
+app30.route("/api/whatsapp", whatsapp_default);
+app30.route("/api/onboarding", onboarding_default);
+app30.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -20623,7 +20921,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app29.get("/agent-assets/:slug/:filename", (c) => {
+app30.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -20658,7 +20956,7 @@ app29.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app29.get("/generated/:filename", (c) => {
+app30.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -20823,7 +21121,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml2(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app29.get("/", (c) => {
+app30.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -20831,12 +21129,12 @@ app29.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app29.get("/public", (c) => {
+app30.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app29.get("/chat", (c) => {
+app30.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -20855,9 +21153,9 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app29.use("/vnc-viewer.html", logViewerFetch);
-app29.use("/vnc-popout.html", logViewerFetch);
-app29.get("/vnc-popout.html", (c) => {
+app30.use("/vnc-viewer.html", logViewerFetch);
+app30.use("/vnc-popout.html", logViewerFetch);
+app30.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
     html = readFileSync25(resolve29(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -20870,7 +21168,7 @@ app29.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app29.post("/api/vnc/client-event", async (c) => {
+app30.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -20891,20 +21189,20 @@ app29.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app29.get("/g/:slug", (c) => {
+app30.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app29.get("/graph", (c) => {
+app30.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app29.get("/data", (c) => {
+app30.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app29.get("/:slug", async (c, next) => {
+app30.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -20913,10 +21211,10 @@ app29.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app29.use("/*", serveStatic({ root: "./public" }));
+app30.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.PORT ?? "19200", 10);
 var hostname = process.env.HOSTNAME ?? "0.0.0.0";
-var httpServer = serve({ fetch: app29.fetch, port, hostname });
+var httpServer = serve({ fetch: app30.fetch, port, hostname });
 attachVncWsProxy(httpServer, {
   isPublicHost,
   upstreamHost: "127.0.0.1",
@@ -20962,7 +21260,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app29.routes ?? []) {
+  for (const r of app30.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });