@rubytech/create-maxy 1.0.798 → 1.0.800

package/payload/server/public/index.html

@@ -5,7 +5,7 @@
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>Maxy</title>
   <link rel="icon" href="/favicon.ico">
-  <script type="module" crossorigin src="/assets/admin-Cz8hUAqx.js"></script>
+  <script type="module" crossorigin src="/assets/admin-Sa301b8q.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/chunk-DD-I1_y5.js">
   <link rel="modulepreload" crossorigin href="/assets/jsx-runtime-DJER3a7U.js">
   <link rel="modulepreload" crossorigin href="/assets/preload-helper-qlgyTAkD.js">

package/payload/server/server.js

@@ -42,6 +42,7 @@ import {
   setRemotePassword,
   sleep,
   streamLogPathFor,
+  stripAttachmentMetaSuffix,
   validateKey,
   validatePasswordStrength,
   verifyPassword,
@@ -49,7 +50,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-KM23Y7SY.js";
+} from "./chunk-SBHI2NMF.js";
 import {
   ACCOUNTS_DIR,
   GREETING_DIRECTIVE,
@@ -112,7 +113,7 @@ import {
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership,
   writeAdminUserAndPerson
-} from "./chunk-BURNRCKP.js";
+} from "./chunk-WHF6YXJ5.js";
 import {
   __commonJS,
   __toESM
@@ -615,7 +616,7 @@ var serveStatic = (options = { root: "" }) => {
 };
 
 // server/index.ts
-import { readFileSync as readFileSync17, existsSync as existsSync23, watchFile } from "fs";
+import { readFileSync as readFileSync17, existsSync as existsSync24, watchFile } from "fs";
 import { resolve as resolve24, join as join10, basename as basename7 } from "path";
 import { homedir as homedir2 } from "os";
 
@@ -8324,7 +8325,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-PV45NUTN.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-4YDRTKAT.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -9078,7 +9079,35 @@ var agents_default = app16;
 // server/routes/admin/sessions.ts
 import crypto2 from "crypto";
 import { resolve as resolvePath } from "path";
-import { appendFileSync as appendFileSync5 } from "fs";
+import { appendFileSync as appendFileSync5, existsSync as existsSync18 } from "fs";
+function validateAndShapeAttachments(raws, conversationAccountId, conversationId, messageId, streamLogPath) {
+  const chips = [];
+  let valid = 0;
+  let invalid = 0;
+  for (const a of raws) {
+    let reason = null;
+    if (!a.attachmentId || !a.filename || !a.mimeType || !a.storagePath) reason = "schema-fail";
+    else if (a.accountId !== conversationAccountId) reason = "account-mismatch";
+    else if (!existsSync18(a.storagePath)) reason = "missing-file";
+    if (reason) {
+      invalid++;
+      try {
+        appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [attachment-rehydrate-invalid] conversationId=${conversationId.slice(0, 8)} messageId=${messageId.slice(0, 8)} attachmentId=${(a.attachmentId || "").slice(0, 8)} reason=${reason}
+`);
+      } catch {
+      }
+      continue;
+    }
+    valid++;
+    chips.push({
+      attachmentId: a.attachmentId,
+      filename: a.filename,
+      mimeType: a.mimeType,
+      sizeBytes: a.sizeBytes
+    });
+  }
+  return { chips, valid, invalid };
+}
 function reconstructAssistantEvents(content, components, conversationId, messageId, streamLogPath) {
   if (components.length === 0) {
     return {
@@ -9231,7 +9260,17 @@ app17.get("/:id/messages", requireAdminSession, async (c) => {
   if (!owned) return c.json({ error: "Conversation not found" }, 404);
   try {
     const messages = await getRecentMessages(conversationId, 50);
-    return c.json({ messages });
+    const sanitised = messages.map((m) => ({
+      ...m,
+      attachments: m.attachments.map((a) => ({
+        attachmentId: a.attachmentId,
+        filename: a.filename,
+        mimeType: a.mimeType,
+        sizeBytes: a.sizeBytes,
+        ordinal: a.ordinal
+      }))
+    }));
+    return c.json({ messages: sanitised });
   } catch (err) {
     console.error(`[sessions-messages] Failed: ${err instanceof Error ? err.message : String(err)}`);
     return c.json({ error: "Failed to fetch messages" }, 500);
@@ -9264,10 +9303,23 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
   let totalValid = 0;
   let totalInvalid = 0;
   let totalComponents = 0;
+  let totalAttachments = 0;
+  let totalAttachmentInvalid = 0;
   const rehydrated = messages.map((m) => {
     const components = m.components ?? [];
+    const rawAttachments = m.attachments ?? [];
     if (m.role !== "assistant") {
-      return { messageId: m.messageId, role: m.role, content: m.content, createdAt: m.createdAt };
+      const { chips, valid: valid2, invalid: invalid2 } = validateAndShapeAttachments(rawAttachments, accountId, conversationId, m.messageId, streamLogPath);
+      totalAttachments += valid2;
+      totalAttachmentInvalid += invalid2;
+      const cleanedContent = chips.length > 0 ? stripAttachmentMetaSuffix(m.content) : m.content;
+      return {
+        messageId: m.messageId,
+        role: m.role,
+        content: cleanedContent,
+        createdAt: m.createdAt,
+        ...chips.length > 0 ? { attachments: chips } : {}
+      };
     }
     const { events, valid, invalid, submittedEventIndices } = reconstructAssistantEvents(m.content, components, conversationId, m.messageId, streamLogPath);
     totalValid += valid;
@@ -9284,17 +9336,22 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
     };
   });
   const textRuns = rehydrated.reduce((n, m) => n + (m.events?.filter((e) => e.type === "text").length ?? 0), 0);
+  const userMessageCount = rehydrated.filter((m) => m.role !== "assistant").length;
   try {
-    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents}
+    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents} userAttachmentCount=${totalAttachments}
 `);
     if (totalComponents > 0) {
       appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-rehydrate] conversationId=${conversationId.slice(0, 8)} count=${totalComponents} valid=${totalValid} invalid=${totalInvalid} textRuns=${textRuns}
+`);
+    }
+    if (totalAttachments > 0 || totalAttachmentInvalid > 0) {
+      appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [attachment-rehydrate] conversationId=${conversationId.slice(0, 8)} userMessages=${userMessageCount} attachments=${totalAttachments} invalid=${totalAttachmentInvalid}
 `);
     }
   } catch {
   }
   const age = formatAge(updatedAt);
-  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
+  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
   return c.json({ conversationId, messages: rehydrated });
 });
 app17.post("/:id/label", requireAdminSession, async (c) => {
@@ -9569,12 +9626,12 @@ function isValidDomain(value) {
 }
 
 // app/lib/alias-domains.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync8, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
+import { existsSync as existsSync19, mkdirSync as mkdirSync8, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
 import { dirname as dirname7 } from "path";
 import { resolve as resolve16 } from "path";
 var ALIAS_DOMAINS_PATH = resolve16(MAXY_DIR, "alias-domains.json");
 function readExisting() {
-  if (!existsSync18(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
+  if (!existsSync19(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
   try {
     const parsed = JSON.parse(readFileSync14(ALIAS_DOMAINS_PATH, "utf-8"));
     if (!Array.isArray(parsed)) return /* @__PURE__ */ new Set();
@@ -11911,7 +11968,7 @@ var adherence_default = app30;
 import neo4j3 from "neo4j-driver";
 import { readFile as readFile5, readdir as readdir3, stat as stat5 } from "fs/promises";
 import { resolve as resolve20, relative as relative2, isAbsolute } from "path";
-import { existsSync as existsSync19 } from "fs";
+import { existsSync as existsSync20 } from "fs";
 var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
@@ -12059,7 +12116,7 @@ async function fetchAgentTemplateRows(accountDir) {
 async function unionSpecialistFilenames(overrideDir, bundledDir) {
   const names = /* @__PURE__ */ new Set();
   for (const dir of [overrideDir, bundledDir]) {
-    if (!existsSync19(dir)) continue;
+    if (!existsSync20(dir)) continue;
     try {
       const entries = await readdir3(dir);
       for (const entry of entries) {
@@ -12074,7 +12131,7 @@ async function unionSpecialistFilenames(overrideDir, bundledDir) {
 }
 async function readAgentTemplateRow(inp) {
   let chosenPath = null;
-  if (existsSync19(inp.overridePath)) {
+  if (existsSync20(inp.overridePath)) {
     try {
       validateFilePathInAccount(inp.overridePath, inp.overrideRoot);
       chosenPath = inp.overridePath;
@@ -12085,7 +12142,7 @@ async function readAgentTemplateRow(inp) {
       );
       return null;
     }
-  } else if (existsSync19(inp.bundledPath)) {
+  } else if (existsSync20(inp.bundledPath)) {
     if (!isWithin(inp.bundledPath, inp.bundledRoot)) {
       console.error(
         `[admin/sidebar-artefacts] agent-template-read-failed agent=${inp.displayName} kind=${inp.logName} error="bundled path outside PLATFORM_ROOT"`
@@ -12127,7 +12184,7 @@ var sidebar_artefacts_default = app31;
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir4, readdir as readdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve21 } from "path";
-import { existsSync as existsSync20 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
 var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app32 = new Hono();
@@ -12191,7 +12248,7 @@ async function resolveSavePath(id, accountId, accountDir) {
   }
   if (UUID_RE4.test(id)) {
     const dir = resolve21(ATTACHMENTS_ROOT, accountId, id);
-    if (!existsSync20(dir)) {
+    if (!existsSync21(dir)) {
       return { kind: "reject", status: 400, reason: "not-found" };
     }
     try {
@@ -12215,7 +12272,7 @@ var sidebar_artefact_save_default = app32;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile6, readdir as readdir5 } from "fs/promises";
-import { existsSync as existsSync21 } from "fs";
+import { existsSync as existsSync22 } from "fs";
 import { resolve as resolve22 } from "path";
 var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app33 = new Hono();
@@ -12229,7 +12286,7 @@ app33.get("/", requireAdminSession, async (c) => {
     return new Response("Not found", { status: 404 });
   }
   const dir = resolve22(ATTACHMENTS_ROOT, accountId, id);
-  if (!existsSync21(dir)) {
+  if (!existsSync22(dir)) {
     console.error(`[admin/sidebar-artefact-content] not-found id=${id.slice(0, 8)}`);
     return new Response("Not found", { status: 404 });
   }
@@ -12291,7 +12348,7 @@ app34.route("/sidebar-artefact-content", sidebar_artefact_content_default);
 var admin_default = app34;
 
 // server/routes/sites.ts
-import { existsSync as existsSync22, readFileSync as readFileSync16, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
+import { existsSync as existsSync23, readFileSync as readFileSync16, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
 import { resolve as resolve23 } from "path";
 var SAFE_SEG_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var MIME = {
@@ -12358,7 +12415,7 @@ app35.get("/:rel{.*}", (c) => {
   }
   let stat7;
   try {
-    stat7 = existsSync22(filePath) ? statSync8(filePath) : null;
+    stat7 = existsSync23(filePath) ? statSync8(filePath) : null;
   } catch {
     stat7 = null;
   }
@@ -12371,7 +12428,7 @@ app35.get("/:rel{.*}", (c) => {
     console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync22(filePath)) {
+  if (!existsSync23(filePath)) {
     console.error(`[sites] not-found path=${reqPath} status=404`);
     return c.text("Not found", 404);
   }
@@ -12524,10 +12581,10 @@ function clientFrom(c) {
 var PLATFORM_ROOT7 = process.env.MAXY_PLATFORM_ROOT || "";
 var BRAND_JSON_PATH = PLATFORM_ROOT7 ? join10(PLATFORM_ROOT7, "config", "brand.json") : "";
 var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", domain: "getmaxy.com" };
-if (BRAND_JSON_PATH && !existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && !existsSync24(BRAND_JSON_PATH)) {
   console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
 }
-if (BRAND_JSON_PATH && existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
     const parsed = JSON.parse(readFileSync17(BRAND_JSON_PATH, "utf-8"));
     BRAND = { ...BRAND, ...parsed };
@@ -12551,7 +12608,7 @@ var brandLoginOpts = {
 var ALIAS_DOMAINS_PATH2 = join10(homedir2(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync23(ALIAS_DOMAINS_PATH2)) return null;
+    if (!existsSync24(ALIAS_DOMAINS_PATH2)) return null;
     const parsed = JSON.parse(readFileSync17(ALIAS_DOMAINS_PATH2, "utf-8"));
     if (!Array.isArray(parsed)) {
       console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
@@ -12898,7 +12955,7 @@ app36.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync23(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
     return c.text("Not found", 404);
   }
@@ -12928,7 +12985,7 @@ app36.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync23(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
@@ -12945,7 +13002,7 @@ app36.route("/sites", sites_default);
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
-if (BRAND_JSON_PATH && existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
     const fullBrand = JSON.parse(readFileSync17(BRAND_JSON_PATH, "utf-8"));
     if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
@@ -12965,7 +13022,7 @@ function readInstalledVersion() {
   try {
     if (!PLATFORM_ROOT7) return "unknown";
     const versionFile = join10(PLATFORM_ROOT7, "config", `.${BRAND.hostname}-version`);
-    if (!existsSync23(versionFile)) return "unknown";
+    if (!existsSync24(versionFile)) return "unknown";
     const content = readFileSync17(versionFile, "utf-8").trim();
     return content || "unknown";
   } catch {
@@ -13026,12 +13083,12 @@ function loadBrandingCache(agentSlug) {
   const configDir2 = join10(homedir2(), BRAND.configDir);
   try {
     const accountJsonPath = join10(configDir2, "account.json");
-    if (!existsSync23(accountJsonPath)) return null;
+    if (!existsSync24(accountJsonPath)) return null;
     const account = JSON.parse(readFileSync17(accountJsonPath, "utf-8"));
     const accountId = account.accountId;
     if (!accountId) return null;
     const cachePath = join10(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
-    if (!existsSync23(cachePath)) return null;
+    if (!existsSync24(cachePath)) return null;
     return JSON.parse(readFileSync17(cachePath, "utf-8"));
   } catch {
     return null;
@@ -13041,7 +13098,7 @@ function resolveDefaultSlug() {
   try {
     const configDir2 = join10(homedir2(), BRAND.configDir);
     const accountJsonPath = join10(configDir2, "account.json");
-    if (!existsSync23(accountJsonPath)) return null;
+    if (!existsSync24(accountJsonPath)) return null;
     const account = JSON.parse(readFileSync17(accountJsonPath, "utf-8"));
     return account.defaultAgent || null;
   } catch {
@@ -13205,7 +13262,7 @@ try {
 (async () => {
   try {
     let userId = "";
-    if (existsSync23(USERS_FILE)) {
+    if (existsSync24(USERS_FILE)) {
       const users = JSON.parse(readFileSync17(USERS_FILE, "utf-8").trim() || "[]");
       userId = users[0]?.userId ?? "";
     }