@rubytech/create-maxy 1.0.760 → 1.0.762

package/payload/server/server.js

@@ -47,7 +47,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-WW464F23.js";
+} from "./chunk-QXAUMZXQ.js";
 import {
   ACCOUNTS_DIR,
   GREETING_DIRECTIVE,
@@ -77,6 +77,7 @@ import {
   getGroupSlugForSession,
   getMessagesSince,
   getRecentMessages,
+  getRoleForSession,
   getSession,
   getSessionMessages,
   getUserIdForSession,
@@ -106,7 +107,7 @@ import {
   validateSession,
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership
-} from "./chunk-2W7O63CK.js";
+} from "./chunk-43JK6WNK.js";
 
 // ../lib/graph-trash/dist/index.js
 var require_dist = __commonJS({
@@ -606,7 +607,7 @@ var serveStatic = (options = { root: "" }) => {
 
 // server/index.ts
 import { readFileSync as readFileSync16, existsSync as existsSync19, watchFile } from "fs";
-import { resolve as resolve20, join as join10, basename as basename7 } from "path";
+import { resolve as resolve21, join as join10, basename as basename7 } from "path";
 import { homedir as homedir2 } from "os";
 
 // app/lib/agent-slug-pattern.ts
@@ -2691,7 +2692,7 @@ var credsSaveQueue = Promise.resolve();
 async function drainCredsSaveQueue(timeoutMs = 5e3) {
   console.error(`${TAG3} draining credential save queue\u2026`);
   const timer2 = new Promise(
-    (resolve21) => setTimeout(() => resolve21("timeout"), timeoutMs)
+    (resolve22) => setTimeout(() => resolve22("timeout"), timeoutMs)
   );
   const result = await Promise.race([
     credsSaveQueue.then(() => "drained"),
@@ -2819,11 +2820,11 @@ async function createWaSocket(opts) {
   return sock;
 }
 async function waitForConnection(sock) {
-  return new Promise((resolve21, reject) => {
+  return new Promise((resolve22, reject) => {
     const handler = (update) => {
       if (update.connection === "open") {
         sock.ev.off("connection.update", handler);
-        resolve21();
+        resolve22();
       }
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
@@ -2937,14 +2938,14 @@ ${inspected}`;
   return inspect2(err, INSPECT_OPTS2);
 }
 function withTimeout(label, promise, timeoutMs) {
-  return new Promise((resolve21, reject) => {
+  return new Promise((resolve22, reject) => {
     const timer2 = setTimeout(() => {
       reject(new Error(`${label} timed out after ${timeoutMs}ms`));
     }, timeoutMs);
     promise.then(
       (value) => {
         clearTimeout(timer2);
-        resolve21(value);
+        resolve22(value);
       },
       (err) => {
         clearTimeout(timer2);
@@ -4158,11 +4159,11 @@ async function connectWithReconnect(conn) {
       console.error(
         `${TAG11} reconnecting account=${conn.accountId} in ${delay}ms (attempt ${decision.nextAttempts}/${maxAttempts})`
       );
-      await new Promise((resolve21) => {
-        const timer2 = setTimeout(resolve21, delay);
+      await new Promise((resolve22) => {
+        const timer2 = setTimeout(resolve22, delay);
         conn.abortController.signal.addEventListener("abort", () => {
           clearTimeout(timer2);
-          resolve21();
+          resolve22();
         }, { once: true });
       });
     }
@@ -4170,16 +4171,16 @@ async function connectWithReconnect(conn) {
   }
 }
 function waitForDisconnectEvent(conn) {
-  return new Promise((resolve21) => {
+  return new Promise((resolve22) => {
     if (!conn.sock) {
-      resolve21();
+      resolve22();
       return;
     }
     const sock = conn.sock;
     const handler = (update) => {
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
-        resolve21();
+        resolve22();
       }
     };
     sock.ev.on("connection.update", handler);
@@ -4396,8 +4397,8 @@ async function handleInboundMessage(conn, msg) {
     const conversationKey = isGroup ? remoteJid : senderPhone;
     const debounceKey = `${conn.accountId}:${conversationKey}:${senderPhone}`;
     let resolvePending;
-    const sttPending = new Promise((resolve21) => {
-      resolvePending = resolve21;
+    const sttPending = new Promise((resolve22) => {
+      resolvePending = resolve22;
     });
     if (conn.debouncer) conn.debouncer.registerPending(debounceKey, sttPending);
     try {
@@ -4510,20 +4511,20 @@ async function probeApiKey() {
   return result.status;
 }
 function checkPort(port2, timeoutMs = 500) {
-  return new Promise((resolve21) => {
+  return new Promise((resolve22) => {
     const socket = createConnection(port2, "127.0.0.1");
     socket.setTimeout(timeoutMs);
     socket.once("connect", () => {
       socket.destroy();
-      resolve21(true);
+      resolve22(true);
     });
     socket.once("error", () => {
       socket.destroy();
-      resolve21(false);
+      resolve22(false);
     });
     socket.once("timeout", () => {
       socket.destroy();
-      resolve21(false);
+      resolve22(false);
     });
   });
 }
@@ -5042,6 +5043,14 @@ function detectMimeType(filePath) {
   const ext = extname(filePath).toLowerCase();
   return MIME_BY_EXT[ext] ?? "application/octet-stream";
 }
+function validateFilePathInAccount(filePath, accountDir) {
+  const resolved = realpathSync(filePath);
+  const accountResolved = realpathSync(accountDir);
+  if (!resolved.startsWith(accountResolved + "/")) {
+    throw new Error(`File path is outside the account directory`);
+  }
+  return resolved;
+}
 async function storeGeneratedFile(accountId, filePath) {
   const fileStat = await stat2(filePath);
   if (fileStat.size > MAX_FILE_SIZE_BYTES) {
@@ -6725,8 +6734,8 @@ async function startLogin(opts) {
   resetActiveLogin(accountId);
   let resolveQr = null;
   let rejectQr = null;
-  const qrPromise = new Promise((resolve21, reject) => {
-    resolveQr = resolve21;
+  const qrPromise = new Promise((resolve22, reject) => {
+    resolveQr = resolve22;
     rejectQr = reject;
   });
   const qrTimer = setTimeout(
@@ -7705,11 +7714,11 @@ function readUsersFile2() {
   if (!raw) return [];
   return JSON.parse(raw);
 }
-async function createAdminSession(accountId, thinkingView, userId, userName) {
+async function createAdminSession(accountId, thinkingView, userId, userName, role) {
   const account = resolveAccount();
   const effectiveThinkingView = thinkingView ?? account?.config.thinkingView ?? "default";
   const sessionKey = crypto.randomUUID();
-  registerSession(sessionKey, "admin", accountId, void 0, userId, userName);
+  registerSession(sessionKey, "admin", accountId, void 0, userId, userName, role);
   let onboardingComplete = true;
   try {
     const step = await loadOnboardingStep(accountId);
@@ -7724,11 +7733,13 @@ async function createAdminSession(accountId, thinkingView, userId, userName) {
   } catch {
   }
   console.log(`[session] ${(/* @__PURE__ */ new Date()).toISOString()} admin session created: userId=${userId ?? "\u2013"} userName=${userName ?? "\u2013"} accountId=${accountId} conversationId=deferred sessionKey=${sessionKey.slice(0, 8)}`);
+  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=create`);
   return {
     session_key: sessionKey,
     agent_id: "admin",
     userId,
     userName,
+    role: role ?? null,
     thinkingView: effectiveThinkingView,
     onboardingComplete,
     businessName,
@@ -7760,11 +7771,14 @@ app10.get("/", async (c) => {
     businessName = branding?.name || void 0;
   } catch {
   }
+  const role = getRoleForSession(sessionKey);
+  console.log(`[admin-session] role=${role ?? "null"} sessionKey=${sessionKey.slice(0, 8)} phase=restore`);
   return c.json({
     session_key: sessionKey,
     agent_id: "admin",
     userId: getUserIdForSession(sessionKey),
     userName: getUserNameForSession(sessionKey),
+    role: role ?? null,
     thinkingView,
     onboardingComplete,
     businessName,
@@ -7821,7 +7835,7 @@ app10.post("/", async (c) => {
     console.log(`[session] account selection invalid: userId=${userId} requested=${body.accountId}`);
     return c.json({ error: "Invalid account selection." }, 403);
   }
-  const payload = await createAdminSession(selected.accountId, selected.config.thinkingView, userId, userName);
+  const payload = await createAdminSession(selected.accountId, selected.config.thinkingView, userId, userName, selected.role);
   return c.json(payload);
 });
 var session_default2 = app10;
@@ -8118,7 +8132,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-TULUIO6M.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-SGPHSYLK.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -11563,30 +11577,146 @@ app30.get("/", requireAdminSession, async (c) => {
 });
 var adherence_default = app30;
 
-// server/routes/admin/index.ts
+// server/routes/admin/sidebar-projects.ts
+import neo4j3 from "neo4j-driver";
+var LIMIT = 50;
 var app31 = new Hono();
-app31.route("/session", session_default2);
-app31.route("/chat", chat_default2);
-app31.route("/compact", compact_default);
-app31.route("/logs", logs_default);
-app31.route("/claude-info", claude_info_default);
-app31.route("/attachment", attachment_default);
-app31.route("/agents", agents_default);
-app31.route("/sessions", sessions_default);
-app31.route("/browser", browser_default);
-app31.route("/device-browser", device_browser_default);
-app31.route("/events", events_default);
-app31.route("/cloudflare", cloudflare_default);
-app31.route("/files", files_default);
-app31.route("/graph-search", graph_search_default);
-app31.route("/graph-subgraph", graph_subgraph_default);
-app31.route("/graph-delete", graph_delete_default);
-app31.route("/graph-restore", graph_restore_default);
-app31.route("/graph-labels-in-graph", graph_labels_in_graph_default);
-app31.route("/graph-default-view", graph_default_view_default);
-app31.route("/file-attach", file_attach_default);
-app31.route("/adherence", adherence_default);
-var admin_default = app31;
+app31.get("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const start = Date.now();
+  const session = getSession();
+  try {
+    const result = await session.run(
+      `MATCH (p:Project { accountId: $accountId })
+       WHERE NOT p:Trashed
+       RETURN p.taskId AS id, p.name AS name, p.updatedAt AS updatedAt
+       ORDER BY p.updatedAt DESC
+       LIMIT $limit`,
+      { accountId, limit: neo4j3.int(LIMIT) }
+    );
+    const projects = result.records.map((r) => ({
+      id: r.get("id"),
+      name: r.get("name") ?? "",
+      updatedAt: r.get("updatedAt") ?? ""
+    }));
+    const ms = Date.now() - start;
+    console.log(`[admin/sidebar-projects] account=${accountId} count=${projects.length} ms=${ms}`);
+    return c.json({ projects });
+  } catch (err) {
+    const ms = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-projects] account=${accountId} error="${message}" ms=${ms}`);
+    return c.json({ error: "Failed to load projects" }, 500);
+  } finally {
+    await session.close();
+  }
+});
+var sidebar_projects_default = app31;
+
+// server/routes/admin/sidebar-artefacts.ts
+import neo4j4 from "neo4j-driver";
+import { readFile as readFile5, readdir as readdir3 } from "fs/promises";
+import { resolve as resolve20 } from "path";
+var LIMIT2 = 50;
+var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
+var app32 = new Hono();
+app32.get("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const start = Date.now();
+  const session = getSession();
+  let metas = [];
+  try {
+    const result = await session.run(
+      `MATCH (d:KnowledgeDocument { accountId: $accountId })
+       WHERE d.deletedAt IS NULL AND NOT d:Trashed
+       RETURN d.attachmentId AS id, d.name AS name, d.updatedAt AS updatedAt,
+              d.attachmentId AS attachmentId, d.encodingFormat AS mimeType
+       ORDER BY d.updatedAt DESC
+       LIMIT $limit`,
+      { accountId, limit: neo4j4.int(LIMIT2) }
+    );
+    metas = result.records.map((r) => ({
+      id: r.get("id"),
+      name: r.get("name") ?? "",
+      updatedAt: r.get("updatedAt") ?? "",
+      attachmentId: r.get("attachmentId"),
+      mimeType: r.get("mimeType") ?? ""
+    }));
+  } catch (err) {
+    const ms2 = Date.now() - start;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-artefacts] account=${accountId} error="${message}" ms=${ms2}`);
+    await session.close();
+    return c.json({ error: "Failed to load artefacts" }, 500);
+  } finally {
+    await session.close();
+  }
+  const artefacts = await Promise.all(metas.map(async (m) => {
+    const content = await readArtefactContent(accountId, m.attachmentId, m.mimeType);
+    return { id: m.id, name: m.name, updatedAt: m.updatedAt, content };
+  }));
+  const ms = Date.now() - start;
+  console.log(`[admin/sidebar-artefacts] account=${accountId} count=${artefacts.length} ms=${ms}`);
+  return c.json({ artefacts });
+});
+async function readArtefactContent(accountId, attachmentId, mimeType) {
+  if (!attachmentId) return "";
+  const isText = TEXT_MIME_PREFIXES.some((p) => mimeType.startsWith(p));
+  if (!isText) return "";
+  const accountDir = resolve20(ATTACHMENTS_ROOT, accountId);
+  const dir = resolve20(accountDir, attachmentId);
+  try {
+    validateFilePathInAccount(dir, accountDir);
+  } catch {
+    return "";
+  }
+  try {
+    const entries = await readdir3(dir);
+    const dataFile = entries.find((f) => !f.endsWith(".meta.json"));
+    if (!dataFile) return "";
+    return await readFile5(resolve20(dir, dataFile), "utf-8");
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/sidebar-artefacts] read-failed attachmentId=${attachmentId.slice(0, 8)} error="${message}"`);
+    return "";
+  }
+}
+var sidebar_artefacts_default = app32;
+
+// server/routes/admin/index.ts
+var app33 = new Hono();
+app33.route("/session", session_default2);
+app33.route("/chat", chat_default2);
+app33.route("/compact", compact_default);
+app33.route("/logs", logs_default);
+app33.route("/claude-info", claude_info_default);
+app33.route("/attachment", attachment_default);
+app33.route("/agents", agents_default);
+app33.route("/sessions", sessions_default);
+app33.route("/browser", browser_default);
+app33.route("/device-browser", device_browser_default);
+app33.route("/events", events_default);
+app33.route("/cloudflare", cloudflare_default);
+app33.route("/files", files_default);
+app33.route("/graph-search", graph_search_default);
+app33.route("/graph-subgraph", graph_subgraph_default);
+app33.route("/graph-delete", graph_delete_default);
+app33.route("/graph-restore", graph_restore_default);
+app33.route("/graph-labels-in-graph", graph_labels_in_graph_default);
+app33.route("/graph-default-view", graph_default_view_default);
+app33.route("/file-attach", file_attach_default);
+app33.route("/adherence", adherence_default);
+app33.route("/sidebar-projects", sidebar_projects_default);
+app33.route("/sidebar-artefacts", sidebar_artefacts_default);
+var admin_default = app33;
 
 // app/lib/graph-health.ts
 var HOUR_MS = 60 * 60 * 1e3;
@@ -11740,9 +11870,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app32 = new Hono();
-app32.use("*", clientIpMiddleware);
-app32.use("*", async (c, next) => {
+var app34 = new Hono();
+app34.use("*", clientIpMiddleware);
+app34.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -11765,7 +11895,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app32.use("*", async (c, next) => {
+app34.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -11805,7 +11935,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app32.post("/__remote-auth/login", async (c) => {
+app34.post("/__remote-auth/login", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   if (!requestIsTlsTerminated(c)) {
@@ -11849,7 +11979,7 @@ app32.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app32.get("/__remote-auth/logout", (c) => {
+app34.get("/__remote-auth/logout", (c) => {
   return new Response(null, {
     status: 302,
     headers: {
@@ -11859,7 +11989,7 @@ app32.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app32.post("/__remote-auth/change-password", async (c) => {
+app34.post("/__remote-auth/change-password", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   const rateLimited = checkRateLimit(client);
@@ -11909,13 +12039,13 @@ app32.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app32.get("/__remote-auth/setup", (c) => {
+app34.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app32.post("/__remote-auth/set-initial-password", async (c) => {
+app34.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -11951,10 +12081,10 @@ app32.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app32.get("/api/remote-auth/status", (c) => {
+app34.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app32.post("/api/remote-auth/set-password", async (c) => {
+app34.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -11984,9 +12114,9 @@ app32.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app32.route("/api/_client-error", client_error_default);
+app34.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app32.use("*", async (c, next) => {
+app34.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -12019,15 +12149,15 @@ app32.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app32.route("/api/health", health_default);
-app32.route("/api/session", session_default);
-app32.route("/api/chat", chat_default);
-app32.route("/api/group", group_default);
-app32.route("/api/access", access_default);
-app32.route("/api/telegram", telegram_default);
-app32.route("/api/whatsapp", whatsapp_default);
-app32.route("/api/onboarding", onboarding_default);
-app32.route("/api/admin", admin_default);
+app34.route("/api/health", health_default);
+app34.route("/api/session", session_default);
+app34.route("/api/chat", chat_default);
+app34.route("/api/group", group_default);
+app34.route("/api/access", access_default);
+app34.route("/api/telegram", telegram_default);
+app34.route("/api/whatsapp", whatsapp_default);
+app34.route("/api/onboarding", onboarding_default);
+app34.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -12039,7 +12169,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app32.get("/agent-assets/:slug/:filename", (c) => {
+app34.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -12055,8 +12185,8 @@ app32.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] no-account slug=${slug} file=${filename}`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve20(account.accountDir, "agents", slug, "assets", filename);
-  const expectedDir = resolve20(account.accountDir, "agents", slug, "assets");
+  const filePath = resolve21(account.accountDir, "agents", slug, "assets", filename);
+  const expectedDir = resolve21(account.accountDir, "agents", slug, "assets");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
@@ -12074,7 +12204,7 @@ app32.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app32.get("/generated/:filename", (c) => {
+app34.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -12085,8 +12215,8 @@ app32.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve20(account.accountDir, "generated", filename);
-  const expectedDir = resolve20(account.accountDir, "generated");
+  const filePath = resolve21(account.accountDir, "generated", filename);
+  const expectedDir = resolve21(account.accountDir, "generated");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
@@ -12169,7 +12299,7 @@ var clientErrorReporterScript = `<script>
 function cachedHtml(file) {
   let html = htmlCache.get(file);
   if (!html) {
-    html = readFileSync16(resolve20(process.cwd(), "public", file), "utf-8");
+    html = readFileSync16(resolve21(process.cwd(), "public", file), "utf-8");
     const productNameEsc = escapeHtml(BRAND.productName);
     html = html.replace(/<title>([^<]*)<\/title>/, (_match, inner) => `<title>${escapeHtml(inner).replace(/Maxy/g, productNameEsc)}</title>`);
     html = html.replace('href="/favicon.ico"', `href="${escapeHtml(brandFaviconPath)}"`);
@@ -12240,7 +12370,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app32.get("/", (c) => {
+app34.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -12248,12 +12378,12 @@ app32.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app32.get("/public", (c) => {
+app34.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app32.get("/chat", (c) => {
+app34.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -12272,12 +12402,12 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app32.use("/vnc-viewer.html", logViewerFetch);
-app32.use("/vnc-popout.html", logViewerFetch);
-app32.get("/vnc-popout.html", (c) => {
+app34.use("/vnc-viewer.html", logViewerFetch);
+app34.use("/vnc-popout.html", logViewerFetch);
+app34.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
-    html = readFileSync16(resolve20(process.cwd(), "public", "vnc-popout.html"), "utf-8");
+    html = readFileSync16(resolve21(process.cwd(), "public", "vnc-popout.html"), "utf-8");
     const name = escapeHtml(BRAND.productName);
     html = html.replace("<title>Browser \u2014 Maxy</title>", `<title>${name}</title>`);
     html = html.replace("</head>", `  ${brandScript}
@@ -12287,7 +12417,7 @@ app32.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app32.post("/api/vnc/client-event", async (c) => {
+app34.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -12308,20 +12438,20 @@ app32.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app32.get("/g/:slug", (c) => {
+app34.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app32.get("/graph", (c) => {
+app34.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app32.get("/data", (c) => {
+app34.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app32.get("/:slug", async (c, next) => {
+app34.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -12330,10 +12460,10 @@ app32.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app32.use("/*", serveStatic({ root: "./public" }));
+app34.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.MAXY_UI_INTERNAL_PORT ?? process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app32.fetch, port, hostname });
+var httpServer = serve({ fetch: app34.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 var SUBAPP_MANIFEST = [
   { prefix: "/api/health", file: "server/routes/health.ts", subapp: health_default },
@@ -12353,7 +12483,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app32.routes ?? []) {
+  for (const r of app34.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -12420,7 +12550,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve20(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
+  platformRoot: resolve21(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {