npm - @rubytech/create-maxy - Versions diffs - 1.0.790 → 1.0.792 - Mend

@rubytech/create-maxy 1.0.790 → 1.0.792

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "1.0.790",
+  "version": "1.0.792",
   "description": "Install Maxy — AI for Productive People",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/platform/plugins/admin/mcp/dist/index.js CHANGED Viewed

@@ -1557,6 +1557,7 @@ server.tool("api-key-verify", "Verify the stored Anthropic API key works by maki
  * anthropic-setup state machine (action-relay pattern)
  *
  * Call 1: anthropic-setup({})
+ *   ├─ no public endpoint   → { status: "not_needed" }   ← Phase 0 gate
  *   ├─ key stored + valid?  → { status: "complete" }
  *   ├─ key stored + billing → { status: "awaiting_credits" }
  *   ├─ key stored + error   → { status: "error" }
@@ -1630,20 +1631,92 @@ function anthropicResult(r) {
         ...(r.status === "error" ? { isError: true } : {}),
     };
 }
+/**
+ * Check whether a public-facing hostname is configured. The Anthropic API key
+ * powers the public agent only — admin runs on Claude OAuth — so without a
+ * public endpoint there is nothing for the key to power.
+ *
+ * Mirrors the runtime `isPublicHost(host)` predicate in
+ * `platform/ui/server/index.ts`: a host is public iff it starts with `public.`
+ * OR is listed in `~/{configDir}/alias-domains.json`. Step 7's form submit
+ * handler at `platform/ui/server/routes/admin/cloudflare.ts` writes secondary
+ * hostnames (apex + custom public labels) to `alias-domains.json` and skips
+ * `public.*` because the prefix itself is the signal — so the two predicates
+ * together cover every shape the form can produce.
+ *
+ * Returns true if any configured hostname satisfies either predicate.
+ */
+function hasPublicEndpointConfigured() {
+    const aliasPath = join(CONFIG_DIR, "alias-domains.json");
+    if (existsSync(aliasPath)) {
+        try {
+            const parsed = JSON.parse(readFileSync(aliasPath, "utf-8"));
+            if (Array.isArray(parsed)) {
+                const entries = parsed.filter((h) => typeof h === "string" && h.length > 0);
+                if (entries.length > 0) {
+                    return { has: true, reason: `alias-domains.json: ${entries.join(", ")}` };
+                }
+            }
+        }
+        catch {
+            // Malformed file — treat as empty; matches the server-side reader's tolerance.
+        }
+    }
+    const cfConfigPath = join(CONFIG_DIR, "cloudflared", "config.yml");
+    if (existsSync(cfConfigPath)) {
+        try {
+            const yaml = readFileSync(cfConfigPath, "utf-8");
+            const hostnames = [...yaml.matchAll(/^\s*-\s*hostname:\s*(\S+)/gm)].map((m) => m[1]);
+            const publicPrefixed = hostnames.find((h) => h.startsWith("public."));
+            if (publicPrefixed) {
+                return { has: true, reason: `cloudflared/config.yml ingress: ${publicPrefixed}` };
+            }
+        }
+        catch {
+            // Unreadable — treat as no public host.
+        }
+    }
+    return {
+        has: false,
+        reason: "no entries in alias-domains.json and no public.* hostname in cloudflared/config.yml",
+    };
+}
 server.tool("anthropic-setup", "Deterministic state machine for Anthropic API key acquisition. " +
     "Checks current state, advances as far as possible, and returns a structured JSON result. " +
-    "On first call (no consoleResult): checks if a valid key is already stored. If not, returns " +
-    "status 'awaiting_signin' with a browser_evaluate action — the agent must open the browser to " +
-    "platform.claude.com, run the action's function via browser_evaluate, and pass the string " +
-    "result back as consoleResult on the next call. " +
+    "On first call (no consoleResult): first verifies a public-facing endpoint is configured " +
+    "(the key only powers the public agent); if not, returns status 'not_needed'. Otherwise " +
+    "checks if a valid key is already stored. If not, returns status 'awaiting_signin' with " +
+    "a browser_evaluate action — the agent must open the browser to platform.claude.com, run " +
+    "the action's function via browser_evaluate, and pass the string result back as " +
+    "consoleResult on the next call. " +
     "On second call (with consoleResult): parses the Console API result, stores the key, " +
     "verifies it, and returns status 'complete'. " +
-    "Statuses: complete (key stored and verified), awaiting_signin (user must sign in to Console), " +
-    "awaiting_credits (signed in but no credits — user must add credits), error (fatal — relay message).", {
+    "Statuses: complete (key stored and verified), not_needed (no public endpoint configured — " +
+    "skip the step), awaiting_signin (user must sign in to Console), awaiting_credits (signed in " +
+    "but no credits — user must add credits), error (fatal — relay message).", {
     consoleResult: z.string().optional().describe("JSON string result from running the browser_evaluate action returned by a prior call. " +
         "Omit on the first call."),
 }, async ({ consoleResult }) => {
     const log = (msg) => console.error(`[anthropic-setup] ${msg}`);
+    // ── Phase 0: gate on public endpoint existence ─────────────
+    // The API key only powers the public-facing agent. If no public hostname
+    // is configured (operator skipped step 7, or completed it without a
+    // public/apex hostname) the key has no consumer — short-circuit before
+    // any Console interaction so we never create keys the operator cannot use.
+    if (!consoleResult) {
+        const publicCheck = hasPublicEndpointConfigured();
+        if (!publicCheck.has) {
+            log(`gate: no public endpoint (${publicCheck.reason}) — returning not_needed`);
+            return anthropicResult({
+                status: "not_needed",
+                message: "No public-facing endpoint is configured, so an Anthropic API key is not needed. " +
+                    "The key powers the public agent only — admin runs on your Claude OAuth session. " +
+                    "When you set up a public hostname via Cloudflare (or apex domain), come back and " +
+                    "ask to set up the API key then.",
+            });
+        }
+        log(`gate: public endpoint present (${publicCheck.reason})`);
+    }
     // ── Phase 1: check stored key ──────────────────────────────
     if (!consoleResult) {
         log("checking stored key");