npm - @rubytech/create-maxy - Versions diffs - 1.0.760 → 1.0.761 - Mend

@rubytech/create-maxy 1.0.760 → 1.0.761

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/package.json +1 -1
package/payload/platform/plugins/docs/references/platform.md +1 -1
package/payload/server/chunk-43JK6WNK.js +3057 -0
package/payload/server/chunk-QXAUMZXQ.js +9512 -0
package/payload/server/client-pool-SGPHSYLK.js +28 -0
package/payload/server/maxy-edge.js +2 -2
package/payload/server/public/assets/admin-GIIfvDj1.js +352 -0
package/payload/server/public/index.html +1 -1
package/payload/server/server.js +222 -94
package/payload/server/public/assets/admin-DHg5a2u2.js +0 -352

package/payload/server/public/index.html CHANGED Viewed

@@ -5,7 +5,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Maxy</title>
   <link rel="icon" href="/favicon.ico">
-  <script type="module" crossorigin src="/assets/admin-DHg5a2u2.js"></script>
+  <script type="module" crossorigin src="/assets/admin-GIIfvDj1.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/chunk-DD-I1_y5.js">
   <link rel="modulepreload" crossorigin href="/assets/jsx-runtime-CFleUYzT.js">
   <link rel="modulepreload" crossorigin href="/assets/preload-helper-BEFjQwLd.js">

package/payload/server/server.js CHANGED Viewed

@@ -47,7 +47,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-WW464F23.js";
+} from "./chunk-QXAUMZXQ.js";
 import {
   ACCOUNTS_DIR,
   GREETING_DIRECTIVE,
@@ -77,6 +77,7 @@ import {
   getGroupSlugForSession,
   getMessagesSince,
   getRecentMessages,
+  getRoleForSession,
   getSession,
   getSessionMessages,
   getUserIdForSession,
@@ -106,7 +107,7 @@ import {
   validateSession,
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership
-} from "./chunk-2W7O63CK.js";
+} from "./chunk-43JK6WNK.js";
 // ../lib/graph-trash/dist/index.js
 var require_dist = __commonJS({
@@ -606,7 +607,7 @@ var serveStatic = (options = { root: "" }) => {
 // server/index.ts
 import { readFileSync as readFileSync16, existsSync as existsSync19, watchFile } from "fs";
-import { resolve as resolve20, join as join10, basename as basename7 } from "path";
+import { resolve as resolve21, join as join10, basename as basename7 } from "path";
 import { homedir as homedir2 } from "os";
 // app/lib/agent-slug-pattern.ts
@@ -2691,7 +2692,7 @@ var credsSaveQueue = Promise.resolve();
 async function drainCredsSaveQueue(timeoutMs = 5e3) {
   console.error(`${TAG3} draining credential save queue\u2026`);
   const timer2 = new Promise(
-    (resolve21) => setTimeout(() => resolve21("timeout"), timeoutMs)
+    (resolve22) => setTimeout(() => resolve22("timeout"), timeoutMs)
   );
   const result = await Promise.race([
     credsSaveQueue.then(() => "drained"),
@@ -2819,11 +2820,11 @@ async function createWaSocket(opts) {
   return sock;
 }
 async function waitForConnection(sock) {
-  return new Promise((resolve21, reject) => {
+  return new Promise((resolve22, reject) => {
     const handler = (update) => {
       if (update.connection === "open") {
         sock.ev.off("connection.update", handler);
-        resolve21();
+        resolve22();
       }
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
@@ -2937,14 +2938,14 @@ ${inspected}`;
   return inspect2(err, INSPECT_OPTS2);
 }
 function withTimeout(label, promise, timeoutMs) {
-  return new Promise((resolve21, reject) => {
+  return new Promise((resolve22, reject) => {
     const timer2 = setTimeout(() => {
       reject(new Error(`${label} timed out after ${timeoutMs}ms`));
     }, timeoutMs);
     promise.then(
       (value) => {
         clearTimeout(timer2);
-        resolve21(value);
+        resolve22(value);
       },
       (err) => {
         clearTimeout(timer2);
@@ -4158,11 +4159,11 @@ async function connectWithReconnect(conn) {
       console.error(
         `${TAG11} reconnecting account=${conn.accountId} in ${delay}ms (attempt ${decision.nextAttempts}/${maxAttempts})`
       );
-      await new Promise((resolve21) => {
-        const timer2 = setTimeout(resolve21, delay);
+      await new Promise((resolve22) => {
+        const timer2 = setTimeout(resolve22, delay);
         conn.abortController.signal.addEventListener("abort", () => {
           clearTimeout(timer2);
-          resolve21();
+          resolve22();
         }, { once: true });
       });
     }
@@ -4170,16 +4171,16 @@ async function connectWithReconnect(conn) {
   }
 }
 function waitForDisconnectEvent(conn) {
-  return new Promise((resolve21) => {
+  return new Promise((resolve22) => {
     if (!conn.sock) {
-      resolve21();
+      resolve22();
       return;
     }
     const sock = conn.sock;
     const handler = (update) => {
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
-        resolve21();
+        resolve22();
       }
     };
     sock.ev.on("connection.update", handler);
@@ -4396,8 +4397,8 @@ async function handleInboundMessage(conn, msg) {
     const conversationKey = isGroup ? remoteJid : senderPhone;
     const debounceKey = `${conn.accountId}:${conversationKey}:${senderPhone}`;
     let resolvePending;
-    const sttPending = new Promise((resolve21) => {
-      resolvePending = resolve21;
+    const sttPending = new Promise((resolve22) => {
+      resolvePending = resolve22;
     });
     if (conn.debouncer) conn.debouncer.registerPending(debounceKey, sttPending);
     try {
@@ -4510,20 +4511,20 @@ async function probeApiKey() {
   return result.status;
 }
 function checkPort(port2, timeoutMs = 500) {
-  return new Promise((resolve21) => {
+  return new Promise((resolve22) => {
     const socket = createConnection(port2, "127.0.0.1");
     socket.setTimeout(timeoutMs);
     socket.once("connect", () => {
       socket.destroy();
-      resolve21(true);
+      resolve22(true);
     });
     socket.once("error", () => {
       socket.destroy();
-      resolve21(false);
+      resolve22(false);
     });
     socket.once("timeout", () => {
       socket.destroy();
-      resolve21(false);
+      resolve22(false);
     });
   });
 }
@@ -5042,6 +5043,14 @@ function detectMimeType(filePath) {
   const ext = extname(filePath).toLowerCase();
   return MIME_BY_EXT[ext] ?? "application/octet-stream";
 }
+function validateFilePathInAccount(filePath, accountDir) {
+  const resolved = realpathSync(filePath);
+  const accountResolved = realpathSync(accountDir);
+  if (!resolved.startsWith(accountResolved + "/")) {
+    throw new Error(`File path is outside the account directory`);
+  }
+  return resolved;
+}
 async function storeGeneratedFile(accountId, filePath) {
   const fileStat = await stat2(filePath);
   if (fileStat.size > MAX_FILE_SIZE_BYTES) {
@@ -6725,8 +6734,8 @@ async function startLogin(opts) {
   resetActiveLogin(accountId);
   let resolveQr = null;
   let rejectQr = null;
-  const qrPromise = new Promise((resolve21, reject) => {
-    resolveQr = resolve21;
+  const qrPromise = new Promise((resolve22, reject) => {
+    resolveQr = resolve22;
     rejectQr = reject;
   });
   const qrTimer = setTimeout(
@@ -7705,11 +7714,11 @@ function readUsersFile2() {
   if (!raw) return [];
   return JSON.parse(raw);
 }
-async function createAdminSession(accountId, thinkingView, userId, userName) {
+async function createAdminSession(accountId, thinkingView, userId, userName, role) {
   const account = resolveAccount();
   const effectiveThinkingView = thinkingView ?? account?.config.thinkingView ?? "default";
   const sessionKey = crypto.randomUUID();
-  registerSession(sessionKey, "admin", accountId, void 0, userId, userName);
+  registerSession(sessionKey, "admin", accountId, void 0, userId, userName, role);
   let onboardingComplete = true;
   try {
     const step = await loadOnboardingStep(accountId);
@@ -7724,11 +7733,13 @@ async function createAdminSession(accountId, thinkingView, userId, userName) {
   } catch {
   }
   console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} admin session created: userId=${userId ?? "\u2013"} userName=${userName ?? "\u2013"} accountId=${accountId} conversationId=deferred sessionKey=${sessionKey.slice(0, 8)}`);
+  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=create`);
   return {
     session_key: sessionKey,
     agent_id: "admin",
     userId,
     userName,
+    role: role ?? null,
     thinkingView: effectiveThinkingView,
     onboardingComplete,
     businessName,
@@ -7760,11 +7771,14 @@ app10.get("/", async (c) => {
     businessName = branding?.name || void 0;
   } catch {
   }
+  const role = getRoleForSession(sessionKey);
+  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=restore`);
   return c.json({
     session_key: sessionKey,
     agent_id: "admin",
     userId: getUserIdForSession(sessionKey),
     userName: getUserNameForSession(sessionKey),
+    role: role ?? null,
     thinkingView,
     onboardingComplete,
     businessName,
@@ -7821,7 +7835,7 @@ app10.post("/", async (c) => {
     console.log(`[session] account selection invalid: userId=${userId} requested=${body.accountId}`);
     return c.json({ error: "Invalid account selection." }, 403);
   }
-  const payload = await createAdminSession(selected.accountId, selected.config.thinkingView, userId, userName);
+  const payload = await createAdminSession(selected.accountId, selected.config.thinkingView, userId, userName, selected.role);
   return c.json(payload);
 });
 var session_default2 = app10;
@@ -8118,7 +8132,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-TULUIO6M.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-SGPHSYLK.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -11563,30 +11577,144 @@ app30.get("/", requireAdminSession, async (c) => {
 });
 var adherence_default = app30;
-// server/routes/admin/index.ts
+// server/routes/admin/sidebar-projects.ts
+var LIMIT = 50;
 var app31 = new Hono();
-app31.route("/session", session_default2);
-app31.route("/chat", chat_default2);
-app31.route("/compact", compact_default);
-app31.route("/logs", logs_default);
-app31.route("/claude-info", claude_info_default);
-app31.route("/attachment", attachment_default);
-app31.route("/agents", agents_default);
-app31.route("/sessions", sessions_default);
-app31.route("/browser", browser_default);
-app31.route("/device-browser", device_browser_default);
-app31.route("/events", events_default);
-app31.route("/cloudflare", cloudflare_default);
-app31.route("/files", files_default);
-app31.route("/graph-search", graph_search_default);
-app31.route("/graph-subgraph", graph_subgraph_default);
-app31.route("/graph-delete", graph_delete_default);
-app31.route("/graph-restore", graph_restore_default);
-app31.route("/graph-labels-in-graph", graph_labels_in_graph_default);
-app31.route("/graph-default-view", graph_default_view_default);
-app31.route("/file-attach", file_attach_default);
-app31.route("/adherence", adherence_default);
-var admin_default = app31;
+app31.get("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const start = Date.now();
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (p:Project { accountId: $accountId })
+       WHERE NOT p:Trashed
+       RETURN p.taskId AS id, p.name AS name, p.updatedAt AS updatedAt
+       ORDER BY p.updatedAt DESC
+       LIMIT $limit`,
+      { accountId, limit: LIMIT }
+    );
+    const projects = result.records.map((r) => ({
+      id: r.get("id"),
+      name: r.get("name") ?? "",
+      updatedAt: r.get("updatedAt") ?? ""
+    }));
+    const ms = Date.now() - start;
+    console.log(`[admin/sidebar-projects] account=${accountId} count=${projects.length} ms=${ms}`);
+    return c.json({ projects });
+  } catch (err) {
+    const ms = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-projects] account=${accountId} error="${message}" ms=${ms}`);
+    return c.json({ error: "Failed to load projects" }, 500);
+  } finally {
+    await session.close();
+  }
+});
+var sidebar_projects_default = app31;
+// server/routes/admin/sidebar-artefacts.ts
+import { readFile as readFile5, readdir as readdir3 } from "fs/promises";
+import { resolve as resolve20 } from "path";
+var LIMIT2 = 50;
+var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
+var app32 = new Hono();
+app32.get("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const start = Date.now();
+  const session = getSession();
+  let metas = [];
+  try {
+    const result = await session.run(
+      `MATCH (d:KnowledgeDocument { accountId: $accountId })
+       WHERE d.deletedAt IS NULL AND NOT d:Trashed
+       RETURN d.attachmentId AS id, d.name AS name, d.updatedAt AS updatedAt,
+              d.attachmentId AS attachmentId, d.encodingFormat AS mimeType
+       ORDER BY d.updatedAt DESC
+       LIMIT $limit`,
+      { accountId, limit: LIMIT2 }
+    );
+    metas = result.records.map((r) => ({
+      id: r.get("id"),
+      name: r.get("name") ?? "",
+      updatedAt: r.get("updatedAt") ?? "",
+      attachmentId: r.get("attachmentId"),
+      mimeType: r.get("mimeType") ?? ""
+    }));
+  } catch (err) {
+    const ms2 = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-artefacts] account=${accountId} error="${message}" ms=${ms2}`);
+    await session.close();
+    return c.json({ error: "Failed to load artefacts" }, 500);
+  } finally {
+    await session.close();
+  }
+  const artefacts = await Promise.all(metas.map(async (m) => {
+    const content = await readArtefactContent(accountId, m.attachmentId, m.mimeType);
+    return { id: m.id, name: m.name, updatedAt: m.updatedAt, content };
+  }));
+  const ms = Date.now() - start;
+  console.log(`[admin/sidebar-artefacts] account=${accountId} count=${artefacts.length} ms=${ms}`);
+  return c.json({ artefacts });
+});
+async function readArtefactContent(accountId, attachmentId, mimeType) {
+  if (!attachmentId) return "";
+  const isText = TEXT_MIME_PREFIXES.some((p) => mimeType.startsWith(p));
+  if (!isText) return "";
+  const accountDir = resolve20(ATTACHMENTS_ROOT, accountId);
+  const dir = resolve20(accountDir, attachmentId);
+  try {
+    validateFilePathInAccount(dir, accountDir);
+  } catch {
+    return "";
+  }
+  try {
+    const entries = await readdir3(dir);
+    const dataFile = entries.find((f) => !f.endsWith(".meta.json"));
+    if (!dataFile) return "";
+    return await readFile5(resolve20(dir, dataFile), "utf-8");
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-artefacts] read-failed attachmentId=${attachmentId.slice(0, 8)} error="${message}"`);
+    return "";
+  }
+}
+var sidebar_artefacts_default = app32;
+// server/routes/admin/index.ts
+var app33 = new Hono();
+app33.route("/session", session_default2);
+app33.route("/chat", chat_default2);
+app33.route("/compact", compact_default);
+app33.route("/logs", logs_default);
+app33.route("/claude-info", claude_info_default);
+app33.route("/attachment", attachment_default);
+app33.route("/agents", agents_default);
+app33.route("/sessions", sessions_default);
+app33.route("/browser", browser_default);
+app33.route("/device-browser", device_browser_default);
+app33.route("/events", events_default);
+app33.route("/cloudflare", cloudflare_default);
+app33.route("/files", files_default);
+app33.route("/graph-search", graph_search_default);
+app33.route("/graph-subgraph", graph_subgraph_default);
+app33.route("/graph-delete", graph_delete_default);
+app33.route("/graph-restore", graph_restore_default);
+app33.route("/graph-labels-in-graph", graph_labels_in_graph_default);
+app33.route("/graph-default-view", graph_default_view_default);
+app33.route("/file-attach", file_attach_default);
+app33.route("/adherence", adherence_default);
+app33.route("/sidebar-projects", sidebar_projects_default);
+app33.route("/sidebar-artefacts", sidebar_artefacts_default);
+var admin_default = app33;
 // app/lib/graph-health.ts
 var HOUR_MS = 60 * 60 * 1e3;
@@ -11740,9 +11868,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app32 = new Hono();
-app32.use("*", clientIpMiddleware);
-app32.use("*", async (c, next) => {
+var app34 = new Hono();
+app34.use("*", clientIpMiddleware);
+app34.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -11765,7 +11893,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app32.use("*", async (c, next) => {
+app34.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -11805,7 +11933,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app32.post("/__remote-auth/login", async (c) => {
+app34.post("/__remote-auth/login", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   if (!requestIsTlsTerminated(c)) {
@@ -11849,7 +11977,7 @@ app32.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app32.get("/__remote-auth/logout", (c) => {
+app34.get("/__remote-auth/logout", (c) => {
   return new Response(null, {
     status: 302,
     headers: {
@@ -11859,7 +11987,7 @@ app32.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app32.post("/__remote-auth/change-password", async (c) => {
+app34.post("/__remote-auth/change-password", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   const rateLimited = checkRateLimit(client);
@@ -11909,13 +12037,13 @@ app32.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app32.get("/__remote-auth/setup", (c) => {
+app34.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app32.post("/__remote-auth/set-initial-password", async (c) => {
+app34.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -11951,10 +12079,10 @@ app32.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app32.get("/api/remote-auth/status", (c) => {
+app34.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app32.post("/api/remote-auth/set-password", async (c) => {
+app34.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -11984,9 +12112,9 @@ app32.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app32.route("/api/_client-error", client_error_default);
+app34.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app32.use("*", async (c, next) => {
+app34.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -12019,15 +12147,15 @@ app32.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app32.route("/api/health", health_default);
-app32.route("/api/session", session_default);
-app32.route("/api/chat", chat_default);
-app32.route("/api/group", group_default);
-app32.route("/api/access", access_default);
-app32.route("/api/telegram", telegram_default);
-app32.route("/api/whatsapp", whatsapp_default);
-app32.route("/api/onboarding", onboarding_default);
-app32.route("/api/admin", admin_default);
+app34.route("/api/health", health_default);
+app34.route("/api/session", session_default);
+app34.route("/api/chat", chat_default);
+app34.route("/api/group", group_default);
+app34.route("/api/access", access_default);
+app34.route("/api/telegram", telegram_default);
+app34.route("/api/whatsapp", whatsapp_default);
+app34.route("/api/onboarding", onboarding_default);
+app34.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -12039,7 +12167,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app32.get("/agent-assets/:slug/:filename", (c) => {
+app34.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -12055,8 +12183,8 @@ app32.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] no-account slug=${slug} file=${filename}`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve20(account.accountDir, "agents", slug, "assets", filename);
-  const expectedDir = resolve20(account.accountDir, "agents", slug, "assets");
+  const filePath = resolve21(account.accountDir, "agents", slug, "assets", filename);
+  const expectedDir = resolve21(account.accountDir, "agents", slug, "assets");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
@@ -12074,7 +12202,7 @@ app32.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app32.get("/generated/:filename", (c) => {
+app34.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -12085,8 +12213,8 @@ app32.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve20(account.accountDir, "generated", filename);
-  const expectedDir = resolve20(account.accountDir, "generated");
+  const filePath = resolve21(account.accountDir, "generated", filename);
+  const expectedDir = resolve21(account.accountDir, "generated");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
@@ -12169,7 +12297,7 @@ var clientErrorReporterScript = `<script>
 function cachedHtml(file) {
   let html = htmlCache.get(file);
   if (!html) {
-    html = readFileSync16(resolve20(process.cwd(), "public", file), "utf-8");
+    html = readFileSync16(resolve21(process.cwd(), "public", file), "utf-8");
     const productNameEsc = escapeHtml(BRAND.productName);
     html = html.replace(/<title>([^<]*)<\/title>/, (_match, inner) => `<title>${escapeHtml(inner).replace(/Maxy/g, productNameEsc)}</title>`);
     html = html.replace('href="/favicon.ico"', `href="${escapeHtml(brandFaviconPath)}"`);
@@ -12240,7 +12368,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app32.get("/", (c) => {
+app34.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -12248,12 +12376,12 @@ app32.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app32.get("/public", (c) => {
+app34.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app32.get("/chat", (c) => {
+app34.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -12272,12 +12400,12 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app32.use("/vnc-viewer.html", logViewerFetch);
-app32.use("/vnc-popout.html", logViewerFetch);
-app32.get("/vnc-popout.html", (c) => {
+app34.use("/vnc-viewer.html", logViewerFetch);
+app34.use("/vnc-popout.html", logViewerFetch);
+app34.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
-    html = readFileSync16(resolve20(process.cwd(), "public", "vnc-popout.html"), "utf-8");
+    html = readFileSync16(resolve21(process.cwd(), "public", "vnc-popout.html"), "utf-8");
     const name = escapeHtml(BRAND.productName);
     html = html.replace("<title>Browser \u2014 Maxy</title>", `<title>${name}</title>`);
     html = html.replace("</head>", `  ${brandScript}
@@ -12287,7 +12415,7 @@ app32.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app32.post("/api/vnc/client-event", async (c) => {
+app34.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -12308,20 +12436,20 @@ app32.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app32.get("/g/:slug", (c) => {
+app34.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app32.get("/graph", (c) => {
+app34.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app32.get("/data", (c) => {
+app34.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app32.get("/:slug", async (c, next) => {
+app34.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -12330,10 +12458,10 @@ app32.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app32.use("/*", serveStatic({ root: "./public" }));
+app34.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.MAXY_UI_INTERNAL_PORT ?? process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app32.fetch, port, hostname });
+var httpServer = serve({ fetch: app34.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 var SUBAPP_MANIFEST = [
   { prefix: "/api/health", file: "server/routes/health.ts", subapp: health_default },
@@ -12353,7 +12481,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app32.routes ?? []) {
+  for (const r of app34.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -12420,7 +12548,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve20(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
+  platformRoot: resolve21(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {