npm - @rubytech/create-realagent - Versions diffs - 1.0.625 → 1.0.627 - Mend

@rubytech/create-realagent 1.0.625 → 1.0.627

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import { execFileSync, spawn, spawnSync } from "node:child_process";
-import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync } from "node:fs";
-import { resolve, join } from "node:path";
+import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, symlinkSync, unlinkSync, lstatSync, readlinkSync, accessSync, constants as fsConstants } from "node:fs";
+import { resolve, join, dirname } from "node:path";
 import { randomBytes } from "node:crypto";
 const PAYLOAD_DIR = resolve(import.meta.dirname, "../payload");
 // Brand manifest — read from payload to derive all brand-specific installation values.
@@ -1260,6 +1260,107 @@ function setupAccount() {
     }
 }
 // ---------------------------------------------------------------------------
+// Tunnel script shortcuts
+//
+// The cloudflare plugin's SKILL.md, PLUGIN.md, and reference docs encode the
+// invocation `~/setup-tunnel.sh` (and `~/reset-tunnel.sh`). The filesystem
+// reality is <INSTALL_DIR>/platform/plugins/cloudflare/scripts/*.sh. Without
+// the symlink the agent's first SKILL-compliant invocation fails with exit
+// 127 — the discipline-violation loop Task 555 exists to close.
+//
+// Collision discipline:
+//   - absent path                   → create
+//   - symlink → same target         → no-op
+//   - symlink → different path inside INSTALL_DIR → replace (idempotent upgrade)
+//   - symlink → dangling            → repair + log
+//   - symlink → live target outside INSTALL_DIR → exit 1 (cross-brand collision)
+//   - regular file                  → exit 1
+//   - unreadable symlink            → exit 1
+// ---------------------------------------------------------------------------
+function createTunnelSymlink(linkPath, target) {
+    const targetAbs = resolve(target);
+    let lstat = null;
+    try {
+        lstat = lstatSync(linkPath);
+    }
+    catch (err) {
+        const code = err.code;
+        if (code !== "ENOENT") {
+            console.error(`[create-maxy:error] ${linkPath} lstat failed: ${err.message}`);
+            process.exit(1);
+        }
+    }
+    if (lstat === null) {
+        symlinkSync(targetAbs, linkPath);
+        console.log(`  [create-maxy] symlink ${linkPath} → ${targetAbs}`);
+        logFile(`  symlink created: ${linkPath} → ${targetAbs}`);
+        return;
+    }
+    if (!lstat.isSymbolicLink()) {
+        console.error(`[create-maxy:collision] ${linkPath} already exists target=<regular-file>`);
+        console.error(`  Remove the file and re-run: npx -y @rubytech/create-maxy`);
+        process.exit(1);
+    }
+    let resolvedTarget;
+    try {
+        const raw = readlinkSync(linkPath);
+        resolvedTarget = resolve(dirname(linkPath), raw);
+    }
+    catch (err) {
+        console.error(`[create-maxy:collision] ${linkPath} symlink unreadable: ${err.message}`);
+        console.error(`  Remove the file and re-run: npx -y @rubytech/create-maxy`);
+        process.exit(1);
+    }
+    if (resolvedTarget === targetAbs) {
+        console.log(`  [create-maxy] symlink ${linkPath} already points to ${targetAbs}`);
+        logFile(`  symlink unchanged: ${linkPath} → ${targetAbs}`);
+        return;
+    }
+    const insideInstallDir = resolvedTarget === INSTALL_DIR || resolvedTarget.startsWith(INSTALL_DIR + "/");
+    let targetExists = false;
+    try {
+        lstatSync(resolvedTarget);
+        targetExists = true;
+    }
+    catch { /* resolvedTarget absent → dangling */ }
+    if (insideInstallDir) {
+        unlinkSync(linkPath);
+        symlinkSync(targetAbs, linkPath);
+        console.log(`  [create-maxy] symlink replaced: ${linkPath} → ${targetAbs}`);
+        logFile(`  symlink replaced (stale same-brand): ${linkPath} was ${resolvedTarget}, now ${targetAbs}`);
+        return;
+    }
+    if (!targetExists) {
+        unlinkSync(linkPath);
+        symlinkSync(targetAbs, linkPath);
+        console.log(`  [create-maxy] symlink repair: dangling ${linkPath} replaced (→ ${targetAbs})`);
+        logFile(`  symlink repaired (dangling): ${linkPath} was ${resolvedTarget}, now ${targetAbs}`);
+        return;
+    }
+    console.error(`[create-maxy:collision] ${linkPath} already exists target=${resolvedTarget}`);
+    console.error(`  This symlink was created by a different install (not within ${INSTALL_DIR}).`);
+    console.error(`  Remove or relocate it, then re-run: npx -y @rubytech/create-maxy`);
+    process.exit(1);
+}
+function installTunnelScripts() {
+    const setupSrc = join(INSTALL_DIR, "platform/plugins/cloudflare/scripts/setup-tunnel.sh");
+    const resetSrc = join(INSTALL_DIR, "platform/plugins/cloudflare/scripts/reset-tunnel.sh");
+    const setupLink = resolve(process.env.HOME ?? "/root", "setup-tunnel.sh");
+    const resetLink = resolve(process.env.HOME ?? "/root", "reset-tunnel.sh");
+    for (const src of [setupSrc, resetSrc]) {
+        try {
+            chmodSync(src, 0o755);
+        }
+        catch (err) {
+            console.error(`[create-maxy:error] tunnel script missing or chmod failed: ${src}`);
+            console.error(`  ${err.message}`);
+            process.exit(1);
+        }
+    }
+    createTunnelSymlink(setupLink, setupSrc);
+    createTunnelSymlink(resetLink, resetSrc);
+}
+// ---------------------------------------------------------------------------
 // Cron Registration
 //
 // Registers platform cron jobs (heartbeat, email-fetch, email-auto-respond).
@@ -1300,6 +1401,7 @@ function installCrons() {
         `* * * * * mkdir -p ${accountLogDir} && PLATFORM_ROOT=${platformRoot} ${accountEnv}${nodeBin} ${platformRoot}/plugins/scheduling/mcp/dist/scripts/check-due-events.js >> ${accountLogDir}/check-due-events.log 2>&1 # heartbeat`,
         `* * * * * mkdir -p ${accountLogDir} && PLATFORM_ROOT=${platformRoot} ${accountEnv}${nodeBin} ${platformRoot}/plugins/email/mcp/dist/scripts/email-fetch.js >> ${accountLogDir}/email-fetch.log 2>&1 # email-fetch`,
         `* * * * * mkdir -p ${accountLogDir} && PLATFORM_ROOT=${platformRoot} ${accountEnv}${nodeBin} ${platformRoot}/plugins/email/mcp/dist/scripts/email-auto-respond.js >> ${accountLogDir}/email-auto-respond.log 2>&1 # email-auto-respond`,
+        `0 3 * * * mkdir -p ${accountLogDir} && PLATFORM_ROOT=${platformRoot} ${accountEnv}${nodeBin} ${platformRoot}/plugins/memory/mcp/dist/scripts/graph-prune.js >> ${accountLogDir}/graph-prune.log 2>&1 # graph-prune`,
     ];
     // Read existing crontab (empty string if none)
     const existing = spawnSync("crontab", ["-l"], { encoding: "utf-8", stdio: ["pipe", "pipe", "pipe"] });
@@ -1321,7 +1423,7 @@ function installCrons() {
         stdio: ["pipe", "pipe", "pipe"],
     });
     if (write.status === 0) {
-        console.log("  Cron jobs: registered (heartbeat, email-fetch, email-auto-respond)");
+        console.log("  Cron jobs: registered (heartbeat, email-fetch, email-auto-respond, graph-prune)");
     }
     else {
         console.error(`  Cron jobs: failed to register — ${(write.stderr || "").trim()}`);
@@ -1533,6 +1635,25 @@ WantedBy=multi-user.target
         console.error(vncLog);
         process.exit(1);
     }
+    // Tunnel script smoke check — the cloudflare SKILL contract invokes
+    // ~/setup-tunnel.sh directly. If the install-time symlink creation in
+    // installTunnelScripts() didn't land, fail the install loudly here rather
+    // than shipping the exact Task 456 gap Task 555 exists to close.
+    for (const linkPath of [
+        resolve(process.env.HOME ?? "/root", "setup-tunnel.sh"),
+        resolve(process.env.HOME ?? "/root", "reset-tunnel.sh"),
+    ]) {
+        try {
+            accessSync(linkPath, fsConstants.X_OK);
+            console.log(`  [create-maxy] verify: ${linkPath} executable ✓`);
+        }
+        catch (err) {
+            console.error("");
+            console.error(`  [create-maxy:error] tunnel script symlink missing or not executable: ${linkPath}`);
+            console.error(`  ${err.message}`);
+            process.exit(1);
+        }
+    }
 }
 // ---------------------------------------------------------------------------
 // Main
@@ -1823,6 +1944,7 @@ try {
     buildPlatform();
     setupVncViewer();
     setupAccount();
+    installTunnelScripts(); // ~/setup-tunnel.sh, ~/reset-tunnel.sh — the SKILL contract
     installService();
     console.log("");
     console.log("================================================================");

package/dist/uninstall.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { spawnSync, execFileSync } from "node:child_process";
-import { existsSync, mkdirSync, readFileSync, rmSync, appendFileSync, cpSync } from "node:fs";
-import { resolve, join } from "node:path";
+import { existsSync, mkdirSync, readFileSync, rmSync, appendFileSync, cpSync, lstatSync, readlinkSync, unlinkSync } from "node:fs";
+import { resolve, join, dirname } from "node:path";
 import { homedir } from "node:os";
 import { createInterface } from "node:readline";
 const HOME = homedir();
@@ -262,6 +262,62 @@ export function exportData(exportPath) {
     console.log(`  Export complete: ${exportPath}`);
 }
 // ---------------------------------------------------------------------------
+// Step 3b: Remove tunnel script symlinks
+//
+// installTunnelScripts() creates ~/setup-tunnel.sh and ~/reset-tunnel.sh as
+// symlinks into INSTALL_DIR. Must run BEFORE removeAppDirs removes INSTALL_DIR
+// so readlink-then-compare still works.
+//
+// Only unlink if the symlink's resolved target is inside this brand's
+// INSTALL_DIR. A symlink pointing elsewhere came from a different brand install
+// on the same home (unsupported but not destructive) — leave it alone.
+// ---------------------------------------------------------------------------
+function removeTunnelSymlinks() {
+    log("3b", "Removing tunnel script symlinks...");
+    for (const linkPath of [
+        resolve(HOME, "setup-tunnel.sh"),
+        resolve(HOME, "reset-tunnel.sh"),
+    ]) {
+        let lstat;
+        try {
+            lstat = lstatSync(linkPath);
+        }
+        catch (err) {
+            if (err.code === "ENOENT") {
+                console.log(`  ${linkPath} not found — skipping`);
+                continue;
+            }
+            console.log(`  Failed to stat ${linkPath}: ${err.message}`);
+            continue;
+        }
+        if (!lstat.isSymbolicLink()) {
+            console.log(`  ${linkPath} is not a symlink — leaving untouched`);
+            continue;
+        }
+        let resolvedTarget;
+        try {
+            const raw = readlinkSync(linkPath);
+            resolvedTarget = resolve(dirname(linkPath), raw);
+        }
+        catch (err) {
+            console.log(`  ${linkPath} readlink failed: ${err.message} — leaving untouched`);
+            continue;
+        }
+        const insideInstallDir = resolvedTarget === INSTALL_DIR || resolvedTarget.startsWith(INSTALL_DIR + "/");
+        if (!insideInstallDir) {
+            console.log(`  ${linkPath} → ${resolvedTarget} (outside ${INSTALL_DIR}) — leaving untouched`);
+            continue;
+        }
+        try {
+            unlinkSync(linkPath);
+            console.log(`  Unlinked ${linkPath}`);
+        }
+        catch (err) {
+            console.log(`  Failed to unlink ${linkPath}: ${err.message}`);
+        }
+    }
+}
+// ---------------------------------------------------------------------------
 // Step 4: Remove application directories
 // ---------------------------------------------------------------------------
 function removeAppDirs() {
@@ -550,6 +606,7 @@ export async function runUninstall(options) {
         ...(options.exportPath
             ? [{ name: "Export data", fn: () => exportData(options.exportPath) }]
             : []),
+        { name: "Remove tunnel script symlinks", fn: removeTunnelSymlinks },
         { name: "Remove application directories", fn: removeAppDirs },
         { name: "Remove Neo4j data", fn: removeNeo4jData },
         { name: "Purge system packages", fn: purgeSystemPackages },

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.625",
+  "version": "1.0.627",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/plugins/admin/mcp/dist/index.js CHANGED Viewed

@@ -353,7 +353,7 @@ server.tool("remote-auth-status", "Check whether the remote access password is c
             ? `Remote access password is configured.`
             : `Remote access password is not configured. The admin interface will refuse to expose over the tunnel until one is set.\n\n` +
                 `${deviceUrlBlock({ url: setupUrl, intent: "Set remote access password", hostname: osHostname() })}\n\n` +
-                `Click the button above to open the setup page on the device's browser. Do NOT collect the password in chat.`;
+                `Ask the operator to set a password — either by clicking the button above (opens the setup page on the device) or by telling you one you can pass to \`remote-auth-set-password\`.`;
         return {
             content: [{ type: "text", text }],
         };
@@ -1234,13 +1234,10 @@ server.tool("session-reset", "Reset the current session. Compacts conversation h
 server.tool("session-resume", "Resume a previous session. Loads the selected session's message history into the chat timeline " +
     "and routes new messages to that conversation. Call after the user selects a session from the " +
     "session-list results. Pass the conversationId from the selected session.", { conversationId: z.string().uuid().describe("The conversationId of the session to resume") }, async () => ({ content: [{ type: "text", text: "resumed" }] }));
-server.tool("remote-auth-set-password", "NEVER collect a password in chat — passwords must not appear in conversation history. " +
-    "Direct the user to set their remote access password in the browser at `/__remote-auth/setup` (always wrap this URL in backticks — double underscores trigger markdown escaping). " +
-    "This tool exists only for admin recovery when the browser setup is unavailable. " +
-    "Hashes with scrypt and writes to the platform's brand-specific config directory. " +
-    "The remote access password protects the admin interface when accessed over the internet — " +
-    "it has no effect on the public endpoint or the tunnel itself. " +
-    "Set this before invoking setup-tunnel.sh; the script's post-restart verification curls the admin hostname, which fails unless the remote-auth gate is configured (admin must not be exposed unauthenticated).", { password: z.string() }, async ({ password }) => {
+server.tool("remote-auth-set-password", "Set the remote access password. Hashes with scrypt and writes to the platform's brand-specific config directory with mode 0600. " +
+    "Validates strength (8+ chars, digit, special character, no leading/trailing spaces). " +
+    "Protects the admin interface when exposed over the tunnel — has no effect on the public endpoint or the tunnel itself. " +
+    "Set before `setup-tunnel.sh` — the script's post-restart verification curls the admin hostname and fails if remote-auth is not configured.", { password: z.string() }, async ({ password }) => {
     const trimmed = password.trim();
     // Validate strength — same rules as the web server's validatePasswordStrength
     const checks = [