@rubytech/create-maxy 1.0.771 → 1.0.773

package/payload/server/chunk-5YIXIF6C.js

@@ -1,726 +0,0 @@
-var __create = Object.create;
-var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __commonJS = (cb, mod) => function __require() {
-  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
-};
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
-
-// app/lib/paths.ts
-import { homedir } from "os";
-import { resolve, join } from "path";
-import { existsSync, readFileSync } from "fs";
-var configDirName = ".maxy";
-var platformRoot = process.env.MAXY_PLATFORM_ROOT;
-if (platformRoot) {
-  const brandPath = join(platformRoot, "config", "brand.json");
-  if (existsSync(brandPath)) {
-    try {
-      const brand = JSON.parse(readFileSync(brandPath, "utf-8"));
-      if (brand.configDir) configDirName = brand.configDir;
-    } catch {
-    }
-  }
-}
-var MAXY_DIR = resolve(homedir(), configDirName);
-var PLATFORM_ROOT = process.env.MAXY_PLATFORM_ROOT ?? resolve(process.cwd(), "..");
-var USERS_FILE = resolve(PLATFORM_ROOT, "config", "users.json");
-var LOG_DIR = resolve(MAXY_DIR, "logs");
-var BIN_DIR = resolve(MAXY_DIR, "bin");
-var REMOTE_PASSWORD_FILE = resolve(MAXY_DIR, ".remote-password");
-var TELEGRAM_WEBHOOK_SECRET_FILE = resolve(MAXY_DIR, ".telegram-webhook-secret");
-var TELEGRAM_ADMIN_WEBHOOK_SECRET_FILE = resolve(MAXY_DIR, ".telegram-admin-webhook-secret");
-var CLAUDE_CREDENTIALS_FILE = resolve(homedir(), ".claude", ".credentials.json");
-
-// app/lib/vnc-logger.ts
-import { appendFileSync, mkdirSync } from "fs";
-import { resolve as resolve2 } from "path";
-var VNC_LOG_FILE = resolve2(LOG_DIR, "vnc-boot.log");
-try {
-  mkdirSync(LOG_DIR, { recursive: true });
-} catch (err) {
-  console.error(`[vnc-log-fail] mkdir ${LOG_DIR} failed: ${err.message}`);
-}
-function vncLog(phase, fields = {}) {
-  const ts = (/* @__PURE__ */ new Date()).toISOString();
-  const kv = Object.entries(fields).map(([k, v]) => `${k}=${JSON.stringify(v)}`).join(" ");
-  const line = kv.length > 0 ? `[${ts}] [${phase}] ${kv}
-` : `[${ts}] [${phase}]
-`;
-  try {
-    appendFileSync(VNC_LOG_FILE, line);
-  } catch (err) {
-    console.error(`[vnc-log-fail] ${err.message} \u2014 dropped: ${line.slice(0, 300).trim()}`);
-  }
-}
-var corrCounter = 0;
-function newCorrId() {
-  corrCounter = corrCounter + 1 & 4294967295;
-  const counterHex = corrCounter.toString(16).padStart(8, "0");
-  const randomHex = Math.floor(Math.random() * 16777215).toString(16).padStart(6, "0");
-  return `${counterHex}-${randomHex}`;
-}
-function sanitizeClientCorrId(raw) {
-  if (!raw) return null;
-  if (raw.length > 32) return null;
-  if (!/^[A-Za-z0-9_-]+$/.test(raw)) return null;
-  return raw;
-}
-
-// app/lib/password-strength.ts
-function validatePasswordStrength(password) {
-  return [
-    { key: "length", label: "At least 8 characters", met: password.length >= 8 },
-    { key: "number", label: "Contains a number", met: /\d/.test(password) },
-    { key: "special", label: "Contains a special character", met: /[^A-Za-z0-9]/.test(password) },
-    { key: "whitespace", label: "No spaces", met: password.length > 0 && !/\s/.test(password) }
-  ];
-}
-function isPasswordValid(password) {
-  return validatePasswordStrength(password).every((r) => r.met);
-}
-
-// app/lib/remote-auth.ts
-import { scrypt, randomBytes, timingSafeEqual } from "crypto";
-import { readFileSync as readFileSync2, writeFileSync, existsSync as existsSync2 } from "fs";
-var SCRYPT_N = 16384;
-var SCRYPT_R = 8;
-var SCRYPT_P = 1;
-var SCRYPT_KEYLEN = 64;
-function scryptAsync(password, salt) {
-  return new Promise((resolve3, reject) => {
-    scrypt(password, salt, SCRYPT_KEYLEN, { N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P }, (err, key) => {
-      if (err) reject(err);
-      else resolve3(key);
-    });
-  });
-}
-async function hashPassword(password) {
-  const salt = randomBytes(32);
-  const hash = await scryptAsync(password, salt);
-  return `${salt.toString("hex")}:${hash.toString("hex")}`;
-}
-async function verifyPassword(password, stored) {
-  const colonIndex = stored.indexOf(":");
-  if (colonIndex === -1) return false;
-  const saltHex = stored.slice(0, colonIndex);
-  const hashHex = stored.slice(colonIndex + 1);
-  if (!saltHex || !hashHex) return false;
-  try {
-    const salt = Buffer.from(saltHex, "hex");
-    const storedHash = Buffer.from(hashHex, "hex");
-    if (storedHash.length !== SCRYPT_KEYLEN) return false;
-    const computed = await scryptAsync(password, salt);
-    return timingSafeEqual(computed, storedHash);
-  } catch {
-    return false;
-  }
-}
-function isRemoteAuthConfigured() {
-  if (!existsSync2(REMOTE_PASSWORD_FILE)) return false;
-  const content = readFileSync2(REMOTE_PASSWORD_FILE, "utf-8").trim();
-  return content.length > 0 && content.includes(":");
-}
-function readPasswordHash() {
-  try {
-    if (!existsSync2(REMOTE_PASSWORD_FILE)) return null;
-    const content = readFileSync2(REMOTE_PASSWORD_FILE, "utf-8").trim();
-    if (!content || !content.includes(":")) return null;
-    return content;
-  } catch {
-    return null;
-  }
-}
-async function setRemotePassword(password) {
-  const hash = await hashPassword(password);
-  writeFileSync(REMOTE_PASSWORD_FILE, hash, "utf-8");
-}
-async function verifyRemotePassword(password) {
-  const stored = readPasswordHash();
-  if (!stored) return false;
-  return verifyPassword(password, stored);
-}
-var SESSION_TTL_MS = 24 * 60 * 60 * 1e3;
-var remoteSessions = /* @__PURE__ */ new Map();
-function pruneExpiredSessions() {
-  const now = Date.now();
-  for (const [token, session] of remoteSessions) {
-    if (now - session.createdAt > SESSION_TTL_MS) {
-      remoteSessions.delete(token);
-    }
-  }
-}
-function createRemoteSession() {
-  const token = randomBytes(32).toString("hex");
-  remoteSessions.set(token, { createdAt: Date.now() });
-  return token;
-}
-function validateRemoteSession(token) {
-  if (!token) return false;
-  pruneExpiredSessions();
-  const session = remoteSessions.get(token);
-  if (!session) return false;
-  if (Date.now() - session.createdAt > SESSION_TTL_MS) {
-    remoteSessions.delete(token);
-    return false;
-  }
-  return true;
-}
-function invalidateRemoteSession(token) {
-  remoteSessions.delete(token);
-}
-var MAX_ATTEMPTS = 5;
-var LOCKOUT_MS = 15 * 60 * 1e3;
-var rateLimitMap = /* @__PURE__ */ new Map();
-function checkRateLimit(ip) {
-  const rec = rateLimitMap.get(ip);
-  if (!rec) return null;
-  if (rec.lockedUntil > Date.now()) {
-    const remaining = Math.ceil((rec.lockedUntil - Date.now()) / 1e3);
-    return `Too many attempts. Try again in ${remaining}s`;
-  }
-  if (rec.lockedUntil > 0) {
-    rateLimitMap.delete(ip);
-  }
-  return null;
-}
-function recordFailedAttempt(ip) {
-  const rec = rateLimitMap.get(ip) ?? { count: 0, lockedUntil: 0 };
-  rec.count++;
-  if (rec.count >= MAX_ATTEMPTS) {
-    rec.lockedUntil = Date.now() + LOCKOUT_MS;
-    rec.count = 0;
-  }
-  rateLimitMap.set(ip, rec);
-}
-function clearRateLimit(ip) {
-  rateLimitMap.delete(ip);
-}
-setInterval(() => {
-  const now = Date.now();
-  for (const [ip, rec] of rateLimitMap) {
-    if (rec.lockedUntil > 0 && rec.lockedUntil <= now) {
-      rateLimitMap.delete(ip);
-    }
-  }
-}, 15 * 60 * 1e3).unref();
-function normalizeIp(ip) {
-  if (!ip) return void 0;
-  const trimmed = ip.trim();
-  if (trimmed.startsWith("::ffff:")) return trimmed.slice(7);
-  return trimmed;
-}
-function isLoopback(ip) {
-  return ip === "127.0.0.1" || ip.startsWith("127.") || ip === "::1";
-}
-function isPrivateIp(ip) {
-  const parts = ip.split(".");
-  if (parts.length !== 4) return false;
-  const a = parseInt(parts[0], 10);
-  const b = parseInt(parts[1], 10);
-  if (Number.isNaN(a) || Number.isNaN(b)) return false;
-  if (a === 10) return true;
-  if (a === 172 && b >= 16 && b <= 31) return true;
-  if (a === 192 && b === 168) return true;
-  if (a === 169 && b === 254) return true;
-  return false;
-}
-function resolveClientIp(remoteAddress, xForwardedFor) {
-  const remote = normalizeIp(remoteAddress);
-  if (!remote) return void 0;
-  if (isLoopback(remote) && xForwardedFor) {
-    const firstIp = normalizeIp(xForwardedFor.split(",")[0]?.trim());
-    if (firstIp) {
-      if (isLoopback(firstIp) || isPrivateIp(firstIp)) return "loopback";
-      return firstIp;
-    }
-  }
-  return remote;
-}
-function isExternalIp(ip) {
-  if (!ip) return false;
-  const normalized = normalizeIp(ip);
-  if (!normalized) return false;
-  if (isLoopback(normalized)) return false;
-  if (isPrivateIp(normalized)) return false;
-  return true;
-}
-function renderLoginPage(opts) {
-  const error = opts?.error ?? "";
-  const lockout = opts?.lockoutSeconds ?? 0;
-  const redirect = opts?.redirect ?? "/";
-  const mode = opts?.mode ?? "login";
-  const changeError = opts?.changeError ?? "";
-  const success = opts?.success ?? "";
-  const setupError = opts?.setupError ?? "";
-  const primaryColor = opts?.primaryColor ?? "#7C8C72";
-  const primaryHoverColor = opts?.primaryHoverColor ?? "#6A7A62";
-  const primarySubtle = opts?.primarySubtle ?? "rgba(124,140,114,0.08)";
-  const productName = opts?.productName ?? "Maxy";
-  const logoPath = opts?.logoPath ?? "/brand/maxy-monochrome.png";
-  const faviconPath = opts?.faviconPath ?? "/favicon.ico";
-  const displayFont = opts?.displayFont ?? "'Cormorant', Georgia, serif";
-  const bodyFont = opts?.bodyFont ?? "'DM Sans', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif";
-  const logoContainsName = opts?.logoContainsName ?? false;
-  const errorHtml = error ? `<p class="msg msg--error">${escapeHtml(error)}</p>` : "";
-  const changeErrorHtml = changeError ? `<p class="msg msg--error">${escapeHtml(changeError)}</p>` : "";
-  const successHtml = success ? `<p class="msg msg--success">${escapeHtml(success)}</p>` : "";
-  const lockoutHtml = lockout > 0 ? `<p class="msg msg--error">Too many attempts. Try again in <span id="countdown">${lockout}</span>s</p>
-       <script>
-         (function() {
-           var s = ${lockout};
-           var el = document.getElementById('countdown');
-           var iv = setInterval(function() { s--; el.textContent = s; if (s <= 0) { clearInterval(iv); location.reload(); } }, 1000);
-         })();
-       </script>` : "";
-  const setupErrorHtml = setupError ? `<p class="msg msg--error">${escapeHtml(setupError)}</p>` : "";
-  const formDisabled = lockout > 0 ? "disabled" : "";
-  const loginDisplay = mode === "login" ? "block" : "none";
-  const changeDisplay = mode === "change" ? "block" : "none";
-  const setupDisplay = mode === "setup" ? "block" : "none";
-  const successDisplay = mode === "success" ? "block" : "none";
-  const subtitleText = mode === "setup" ? "Set your remote password" : "Remote access";
-  const displayFontName = displayFont.match(/^'([^']+)'/)?.[1] ?? "";
-  const bodyFontName = bodyFont.match(/^'([^']+)'/)?.[1] ?? "";
-  const googleFontsLink = displayFontName || bodyFontName ? [
-    '<link rel="preconnect" href="https://fonts.googleapis.com">',
-    '<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>',
-    '<link href="https://fonts.googleapis.com/css2?' + [
-      displayFontName ? `family=${displayFontName.replace(/ /g, "+")}:wght@300;400` : "",
-      bodyFontName ? `family=${bodyFontName.replace(/ /g, "+")}:wght@400;500` : ""
-    ].filter(Boolean).join("&") + '&display=swap" rel="stylesheet">'
-  ].join("\n  ") : "";
-  return `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="utf-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1">
-  <title>Sign in \u2014 ${escapeHtml(productName)}</title>
-  <link rel="icon" href="${escapeHtml(faviconPath)}">
-  ${googleFontsLink}
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      font-family: ${bodyFont};
-      background: #FAFAF8;
-      color: #1A1A1A;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-    }
-    .page {
-      display: flex;
-      flex-direction: column;
-      align-items: center;
-      gap: 24px;
-      max-width: 420px;
-      width: 100%;
-      padding: 40px 20px;
-    }
-    .logo-img {
-      width: 110px;
-      height: 110px;
-      margin: -11px;
-      object-fit: contain;
-    }
-    .title {
-      font-family: ${displayFont};
-      font-weight: 300;
-      font-size: 28px;
-      color: #1A1A1A;
-      text-align: center;
-      letter-spacing: -0.01em;
-      line-height: 1.3;
-    }
-    .subtitle {
-      font-size: 15px;
-      color: #6B6B6B;
-      text-align: center;
-      margin-top: -8px;
-    }
-    .form-wrap {
-      width: 100%;
-      max-width: 300px;
-    }
-    .field { margin-bottom: 12px; }
-    .field-label {
-      display: block;
-      font-size: 13px;
-      font-weight: 500;
-      color: #6B6B6B;
-      margin-bottom: 6px;
-    }
-    .field-input {
-      width: 100%;
-      padding: 10px 12px;
-      border: 1px solid rgba(0,0,0,0.1);
-      border-radius: 8px;
-      font-size: 15px;
-      font-family: inherit;
-      outline: none;
-      background: #fff;
-      transition: border-color 0.15s, box-shadow 0.15s;
-    }
-    .field-input:focus {
-      border-color: ${primaryColor};
-      box-shadow: 0 0 0 3px ${primarySubtle};
-    }
-    .options {
-      display: flex;
-      align-items: center;
-      justify-content: space-between;
-      gap: 12px;
-      margin-top: 8px;
-    }
-
-    /* Checkbox \u2014 matches Maxy shared checkbox (asterisk-in-square) */
-    .check {
-      position: relative;
-      display: flex;
-      align-items: center;
-      gap: 8px;
-      cursor: pointer;
-      user-select: none;
-    }
-    .check input { position: absolute; opacity: 0; width: 0; height: 0; pointer-events: none; }
-    .check-box {
-      width: 14px;
-      height: 14px;
-      border: 1px solid rgba(0,0,0,0.1);
-      border-radius: 2px;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      font-size: 10px;
-      color: transparent;
-      transition: border-color 0.15s, color 0.15s;
-      flex-shrink: 0;
-    }
-    .check input:checked + .check-box {
-      border-color: ${primaryColor};
-      color: ${primaryColor};
-    }
-    .check-label {
-      font-size: 13px;
-      color: #6B6B6B;
-    }
-
-    /* Ghost button \u2014 matches Maxy ghost variant */
-    .ghost {
-      background: none;
-      border: none;
-      font-family: inherit;
-      font-size: 13px;
-      color: #6B6B6B;
-      cursor: pointer;
-      padding: 4px 0;
-      transition: color 0.15s;
-    }
-    .ghost:hover { color: #1A1A1A; }
-
-    /* Primary button */
-    .btn {
-      width: 100%;
-      padding: 12px;
-      margin-top: 16px;
-      background: ${primaryColor};
-      color: #fff;
-      border: none;
-      border-radius: 10px;
-      font-size: 15px;
-      font-weight: 500;
-      font-family: inherit;
-      cursor: pointer;
-      transition: background 0.15s;
-    }
-    .btn:hover:not(:disabled) { background: ${primaryHoverColor}; }
-    .btn:disabled { opacity: 0.5; cursor: not-allowed; }
-
-    /* Messages */
-    .msg {
-      font-size: 13px;
-      text-align: center;
-      margin-top: 8px;
-    }
-    .msg--error { color: #c44; }
-    .msg--success { color: ${primaryColor}; }
-
-    /* Strength checklist (setup mode) */
-    .strength-checklist { margin: 8px 0; }
-    .strength-item {
-      font-size: 13px;
-      color: #6B6B6B;
-      padding: 2px 0;
-      transition: color 0.15s;
-    }
-    .strength-icon {
-      display: inline-block;
-      width: 16px;
-      text-align: center;
-    }
-
-    @media (max-width: 440px) {
-      .page { padding: 24px 16px; }
-    }
-  </style>
-</head>
-<body>
-  <div class="page">
-    <img src="${escapeHtml(logoPath)}" alt="${escapeHtml(productName)}" class="logo-img">
-    <h1 class="title"${logoContainsName ? ' style="display:none"' : ""}>${escapeHtml(productName)}</h1>
-    <p class="subtitle">${escapeHtml(subtitleText)}</p>
-
-    ${successHtml}
-
-    <!-- Login -->
-    <div id="login-section" class="form-wrap" style="display:${loginDisplay}">
-      <form method="POST" action="/__remote-auth/login">
-        <input type="hidden" name="redirect" value="${escapeHtml(redirect)}">
-        <div class="field">
-          <label class="field-label" for="password">Password</label>
-          <input class="field-input" type="password" id="password" name="password" required autofocus ${formDisabled}>
-        </div>
-        <div class="options">
-          <label class="check">
-            <input type="checkbox" id="show-login-pw">
-            <span class="check-box">\u2731</span>
-            <span class="check-label">Show password</span>
-          </label>
-          <button type="button" class="ghost" onclick="toggleMode('change')">Change password</button>
-        </div>
-        <button type="submit" class="btn" ${formDisabled}>Sign in</button>
-      </form>
-      ${errorHtml}
-      ${lockoutHtml}
-    </div>
-
-    <!-- Change password -->
-    <div id="change-section" class="form-wrap" style="display:${changeDisplay}">
-      <form method="POST" action="/__remote-auth/change-password">
-        <input type="hidden" name="redirect" value="${escapeHtml(redirect)}">
-        <div class="field">
-          <label class="field-label" for="current_password">Current password</label>
-          <input class="field-input" type="password" id="current_password" name="current_password" required ${formDisabled}>
-        </div>
-        <div class="field">
-          <label class="field-label" for="new_password">New password</label>
-          <input class="field-input" type="password" id="new_password" name="new_password" required ${formDisabled}>
-        </div>
-        <div class="field">
-          <label class="field-label" for="confirm_password">Confirm new password</label>
-          <input class="field-input" type="password" id="confirm_password" name="confirm_password" required ${formDisabled}>
-        </div>
-        <div class="options">
-          <label class="check">
-            <input type="checkbox" id="show-change-pw">
-            <span class="check-box">\u2731</span>
-            <span class="check-label">Show passwords</span>
-          </label>
-          <button type="button" class="ghost" onclick="toggleMode('login')">Back to sign in</button>
-        </div>
-        <button type="submit" class="btn" ${formDisabled}>Change password</button>
-      </form>
-      ${changeErrorHtml}
-    </div>
-
-    <!-- Setup (initial password) -->
-    <div id="setup-section" class="form-wrap" style="display:${setupDisplay}">
-      <form method="POST" action="/__remote-auth/set-initial-password">
-        <div class="field">
-          <label class="field-label" for="setup_password">Password</label>
-          <input class="field-input" type="password" id="setup_password" name="password" required autofocus>
-        </div>
-        <div class="field">
-          <label class="field-label" for="setup_confirm">Confirm password</label>
-          <input class="field-input" type="password" id="setup_confirm" name="confirm_password" required>
-        </div>
-        <div id="strength-checklist" class="strength-checklist">
-          <div class="strength-item" id="req-length"><span class="strength-icon">\u25CB</span> At least 8 characters</div>
-          <div class="strength-item" id="req-number"><span class="strength-icon">\u25CB</span> Contains a number</div>
-          <div class="strength-item" id="req-special"><span class="strength-icon">\u25CB</span> Contains a special character</div>
-          <div class="strength-item" id="req-spaces"><span class="strength-icon">\u25CB</span> No spaces</div>
-        </div>
-        <div class="options">
-          <label class="check">
-            <input type="checkbox" id="show-setup-pw">
-            <span class="check-box">\u2731</span>
-            <span class="check-label">Show passwords</span>
-          </label>
-        </div>
-        <button type="submit" class="btn" id="setup-submit" disabled>Set password</button>
-      </form>
-      ${setupErrorHtml}
-    </div>
-
-    <!-- Success (after initial password set) -->
-    <div id="success-section" class="form-wrap" style="display:${successDisplay}">
-      <p class="msg msg--success" style="font-size:15px;margin-bottom:4px;">\u2713 Password set</p>
-      <p style="font-size:14px;color:#6B6B6B;text-align:center;">You can close this tab and return to the onboarding tab.</p>
-      <script>
-        (function() {
-          try {
-            var ch = new BroadcastChannel('platform-onboarding');
-            setTimeout(function() {
-              ch.postMessage({ type: 'remote-password-set' });
-              ch.close();
-            }, 2500);
-          } catch(e) {}
-        })();
-      </script>
-    </div>
-  </div>
-
-  <script>
-    /* Toggle between login and change-password modes */
-    function toggleMode(mode) {
-      document.getElementById('login-section').style.display = mode === 'login' ? 'block' : 'none';
-      document.getElementById('change-section').style.display = mode === 'change' ? 'block' : 'none';
-      /* Focus first input in the active section */
-      var id = mode === 'login' ? 'password' : 'current_password';
-      var el = document.getElementById(id);
-      if (el) el.focus();
-    }
-
-    /* Show/hide password toggles */
-    function bindShowHide(checkboxId, inputIds) {
-      var cb = document.getElementById(checkboxId);
-      if (!cb) return;
-      cb.addEventListener('change', function() {
-        var type = cb.checked ? 'text' : 'password';
-        inputIds.forEach(function(id) {
-          var el = document.getElementById(id);
-          if (el) el.type = type;
-        });
-      });
-    }
-    bindShowHide('show-login-pw', ['password']);
-    bindShowHide('show-change-pw', ['current_password', 'new_password', 'confirm_password']);
-    bindShowHide('show-setup-pw', ['setup_password', 'setup_confirm']);
-
-    /* Explicit Enter-to-submit for the login password field */
-    var loginPw = document.getElementById('password');
-    if (loginPw) {
-      loginPw.addEventListener('keydown', function(e) {
-        if (e.key === 'Enter') {
-          e.preventDefault();
-          this.closest('form').requestSubmit();
-        }
-      });
-    }
-
-    /* Live password strength validation (setup mode) */
-    (function() {
-      var pw = document.getElementById('setup_password');
-      var confirm = document.getElementById('setup_confirm');
-      var btn = document.getElementById('setup-submit');
-      if (!pw || !confirm || !btn) return;
-
-      var rules = [
-        { id: 'req-length', test: function(p) { return p.length >= 8; } },
-        { id: 'req-number', test: function(p) { return /\\d/.test(p); } },
-        { id: 'req-special', test: function(p) { return /[^A-Za-z0-9]/.test(p); } },
-        { id: 'req-spaces', test: function(p) { return p.length > 0 && !/\\s/.test(p); } }
-      ];
-
-      function check() {
-        var p = pw.value;
-        var allMet = true;
-        rules.forEach(function(r) {
-          var el = document.getElementById(r.id);
-          var met = r.test(p);
-          if (!met) allMet = false;
-          el.querySelector('.strength-icon').textContent = met ? '\\u2713' : '\\u25CB';
-          el.style.color = met ? '${primaryColor}' : '#6B6B6B';
-        });
-        var match = p.length > 0 && p === confirm.value;
-        btn.disabled = !(allMet && match);
-      }
-
-      pw.addEventListener('input', check);
-      confirm.addEventListener('input', check);
-    })();
-  </script>
-</body>
-</html>`;
-}
-function escapeHtml(str) {
-  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
-}
-
-// app/lib/auth-gate.ts
-function canAccessAdmin(input) {
-  if (input.isPublicHost(input.host)) {
-    return { allow: false, reason: "public-host" };
-  }
-  const clientIp = resolveClientIp(input.remoteAddress, input.xForwardedFor);
-  if (!isExternalIp(clientIp)) {
-    return { allow: true };
-  }
-  if (!isRemoteAuthConfigured()) {
-    return { allow: false, reason: "remote-unconfigured" };
-  }
-  const token = parseCookieValue(input.cookieHeader, "__remote_session");
-  if (token && validateRemoteSession(token)) {
-    return { allow: true };
-  }
-  return { allow: false, reason: "unauthorized" };
-}
-function parseCookieValue(cookieHeader, name) {
-  if (!cookieHeader) return null;
-  const match = cookieHeader.match(new RegExp(`(?:^|;\\s*)${name}=([^;]*)`));
-  if (!match) return null;
-  try {
-    return decodeURIComponent(match[1]);
-  } catch {
-    return null;
-  }
-}
-
-export {
-  __commonJS,
-  __toESM,
-  MAXY_DIR,
-  USERS_FILE,
-  LOG_DIR,
-  BIN_DIR,
-  TELEGRAM_WEBHOOK_SECRET_FILE,
-  TELEGRAM_ADMIN_WEBHOOK_SECRET_FILE,
-  CLAUDE_CREDENTIALS_FILE,
-  vncLog,
-  newCorrId,
-  sanitizeClientCorrId,
-  validatePasswordStrength,
-  isPasswordValid,
-  hashPassword,
-  verifyPassword,
-  isRemoteAuthConfigured,
-  setRemotePassword,
-  verifyRemotePassword,
-  createRemoteSession,
-  invalidateRemoteSession,
-  checkRateLimit,
-  recordFailedAttempt,
-  clearRateLimit,
-  resolveClientIp,
-  renderLoginPage,
-  canAccessAdmin
-};