npm - @rubytech/create-realagent - Versions diffs - 1.0.653 → 1.0.654 - Mend

@rubytech/create-realagent 1.0.653 → 1.0.654

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (131) hide show

package/payload/server/server.js CHANGED Viewed

@@ -1201,14 +1201,14 @@ var Hono = class _Hono {
    * app.route("/api", app2) // GET /api/user
    * ```
    */
-  route(path2, app30) {
+  route(path2, app31) {
     const subApp = this.basePath(path2);
-    app30.routes.map((r) => {
+    app31.routes.map((r) => {
       let handler;
-      if (app30.errorHandler === errorHandler) {
+      if (app31.errorHandler === errorHandler) {
         handler = r.handler;
       } else {
-        handler = async (c, next) => (await compose([], app30.errorHandler)(c, () => r.handler(c, next))).res;
+        handler = async (c, next) => (await compose([], app31.errorHandler)(c, () => r.handler(c, next))).res;
         handler[COMPOSED_HANDLER] = r.handler;
       }
       subApp.#addRoute(r.method, r.path, handler);
@@ -10867,6 +10867,13 @@ ${block}`;
 }
 // server/routes/_helpers.ts
+async function safeJson(c) {
+  try {
+    return await c.req.json();
+  } catch {
+    return null;
+  }
+}
 async function resolveSessionKey(c) {
   const fromQuery = c.req.query("session_key");
   if (fromQuery) return fromQuery;
@@ -20121,13 +20128,18 @@ var GRAPH_LABEL_COLOURS = {
 var ALL_GRAPH_LABELS = Object.freeze(
   Object.keys(GRAPH_LABEL_COLOURS)
 );
+var HIDDEN_BY_DEFAULT_LABELS = Object.freeze(
+  /* @__PURE__ */ new Set(["Chunk"])
+);
 function isKnownLabel(label) {
   return Object.prototype.hasOwnProperty.call(GRAPH_LABEL_COLOURS, label);
 }
+function isHiddenByDefault(label) {
+  return HIDDEN_BY_DEFAULT_LABELS.has(label);
+}
 // server/routes/admin/graph-subgraph.ts
-var DEFAULT_LIMIT2 = 200;
-var MAX_LIMIT2 = 500;
+var CEILING = 2e3;
 var STRIPPED_PROPERTIES = /* @__PURE__ */ new Set([
   "embedding",
   "passwordHash",
@@ -20143,12 +20155,41 @@ app26.get("/", requireAdminSession, async (c) => {
     console.error('[graph-page] auth-rejected reason="no account for session"');
     return c.json({ error: "Account not found for session" }, 401);
   }
-  const rawLimit = c.req.query("limit");
-  const parsedLimit = rawLimit ? parseInt(rawLimit, 10) : DEFAULT_LIMIT2;
-  const limit = Number.isFinite(parsedLimit) && parsedLimit > 0 ? Math.min(parsedLimit, MAX_LIMIT2) : DEFAULT_LIMIT2;
-  const rawLabels = c.req.query("labels");
-  const labels = rawLabels ? rawLabels.split(",").map((s) => s.trim()).filter(Boolean) : [];
+  const mode = c.req.query("mode");
+  if (mode !== "default" && mode !== "neighbourhood") {
+    console.error(
+      `[graph-page] load rejected reason=missing-mode account=${accountId} got=${mode ?? "null"}`
+    );
+    return c.json(
+      { error: "mode required: default | neighbourhood" },
+      400
+    );
+  }
+  if (mode === "default") return handleDefault(c, accountId);
+  return handleNeighbourhood(c, accountId);
+});
+async function handleDefault(c, accountId) {
+  const rawLabels = c.req.query("labels") ?? "";
+  const labels = rawLabels.split(",").map((s) => s.trim()).filter(Boolean);
+  if (labels.length === 0) {
+    console.error(
+      `[graph-page] load rejected reason=missing-filter account=${accountId} labels=`
+    );
+    return c.json(
+      { error: "labels required in default mode \u2014 pick at least one node type" },
+      400
+    );
+  }
   for (const label of labels) {
+    if (isHiddenByDefault(label)) {
+      console.error(
+        `[graph-page] load rejected reason=chunk-label-requested account=${accountId} labels=${labels.join(",")}`
+      );
+      return c.json(
+        { error: `label "${label}" is hidden by default \u2014 it cannot be requested via mode=default` },
+        400
+      );
+    }
     if (!isKnownLabel(label)) {
       return c.json(
         { error: `unknown label "${label}" \u2014 not registered in graph-labels.ts` },
@@ -20159,18 +20200,78 @@ app26.get("/", requireAdminSession, async (c) => {
   const started = Date.now();
   const session = getSession();
   try {
-    const cypher = labels.length > 0 ? buildCypher(true) : buildCypher(false);
-    const params = { accountId, limit };
-    if (labels.length > 0) params.labels = labels;
-    const result = await session.run(cypher, params);
+    const result = await session.executeRead(async (tx) => {
+      const countResult = await tx.run(DEFAULT_COUNT_CYPHER, { accountId, labels });
+      const matchedRaw = countResult.records[0]?.get("matched");
+      const matched = typeof matchedRaw === "bigint" ? Number(matchedRaw) : Number(matchedRaw ?? 0);
+      if (matched > CEILING) {
+        return { overLimit: true, matched };
+      }
+      const fetchResult = await tx.run(DEFAULT_FETCH_CYPHER, { accountId, labels });
+      const record = fetchResult.records[0];
+      const rawNodes = record?.get("nodes") ?? [];
+      const rawEdges = record?.get("edges") ?? [];
+      return { overLimit: false, matched, rawNodes, rawEdges };
+    });
+    const elapsed = Date.now() - started;
+    if (result.overLimit) {
+      console.error(
+        `[graph-page] load rejected reason=ceiling-exceeded account=${accountId} labels=${labels.join(",")} matched=${result.matched} ceiling=${CEILING} ms=${elapsed}`
+      );
+      return c.json(
+        {
+          error: `Refine your filter \u2014 ${result.matched} matches exceed the ${CEILING} cap.`,
+          matched: result.matched
+        },
+        413
+      );
+    }
+    const nodes = result.rawNodes.map(pruneNode);
+    const edges = result.rawEdges.filter((e) => e && e.id != null);
+    console.error(
+      `[graph-page] load mode=default account=${accountId} labels=${labels.join(",")} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
+    );
+    return c.json({ nodes, edges });
+  } catch (err) {
+    const elapsed = Date.now() - started;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[graph-page] error stage=fetch reason="${message}" ms=${elapsed}`);
+    return c.json({ error: `Graph data unavailable: ${message}` }, 503);
+  } finally {
+    try {
+      await session.close();
+    } catch {
+    }
+  }
+}
+async function handleNeighbourhood(c, accountId) {
+  const elementId = c.req.query("elementId");
+  if (!elementId) {
+    return c.json(
+      { error: "elementId required in neighbourhood mode" },
+      400
+    );
+  }
+  const started = Date.now();
+  const session = getSession();
+  try {
+    const result = await session.executeRead(async (tx) => {
+      return await tx.run(NEIGHBOURHOOD_CYPHER, { accountId, elementId });
+    });
     const record = result.records[0];
     const rawNodes = record?.get("nodes") ?? [];
     const rawEdges = record?.get("edges") ?? [];
+    const elapsed = Date.now() - started;
+    if (rawNodes.length === 0) {
+      console.error(
+        `[graph-page] load rejected reason=not-found account=${accountId} elementId=${elementId} ms=${elapsed}`
+      );
+      return c.json({ error: "Node not found" }, 404);
+    }
     const nodes = rawNodes.map(pruneNode);
     const edges = rawEdges.filter((e) => e && e.id != null);
-    const elapsed = Date.now() - started;
     console.error(
-      `[graph-page] load account=${accountId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
+      `[graph-page] load mode=neighbourhood account=${accountId} elementId=${elementId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
     );
     return c.json({ nodes, edges });
   } catch (err) {
@@ -20184,30 +20285,63 @@ app26.get("/", requireAdminSession, async (c) => {
     } catch {
     }
   }
-});
-function buildCypher(filtered) {
-  const labelGuard = filtered ? "AND any(lbl IN labels(n) WHERE lbl IN $labels)" : "";
-  return `
-    MATCH (n)
-    WHERE n.accountId = $accountId ${labelGuard}
-    WITH n ORDER BY coalesce(n.updatedAt, n.createdAt, '') DESC
-    LIMIT toInteger($limit)
-    WITH collect(n) AS nodes, collect(elementId(n)) AS nodeIds
-    UNWIND nodes AS n
-    OPTIONAL MATCH (n)-[r]-(m)
-      WHERE elementId(m) IN nodeIds
-    WITH nodes,
-         collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
-           id: elementId(r),
-           from: elementId(startNode(r)),
-           to: elementId(endNode(r)),
-           type: type(r)
-         } END) AS rawEdges
-    RETURN
-      [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
-      [e IN rawEdges WHERE e IS NOT NULL] AS edges
-  `;
 }
+var DEFAULT_COUNT_CYPHER = `
+  MATCH (n)
+  WHERE n.accountId = $accountId
+    AND any(lbl IN labels(n) WHERE lbl IN $labels)
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  RETURN count(n) AS matched
+`;
+var DEFAULT_FETCH_CYPHER = `
+  MATCH (n)
+  WHERE n.accountId = $accountId
+    AND any(lbl IN labels(n) WHERE lbl IN $labels)
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  WITH collect(n) AS nodes, collect(elementId(n)) AS nodeIds
+  UNWIND nodes AS n
+  OPTIONAL MATCH (n)-[r]-(m)
+    WHERE elementId(m) IN nodeIds
+  WITH nodes,
+       collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
+         id: elementId(r),
+         from: elementId(startNode(r)),
+         to: elementId(endNode(r)),
+         type: type(r)
+       } END) AS rawEdges
+  RETURN
+    [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [e IN rawEdges WHERE e IS NOT NULL] AS edges
+`;
+var NEIGHBOURHOOD_CYPHER = `
+  MATCH (n)
+  WHERE elementId(n) = $elementId
+    AND n.accountId = $accountId
+    AND NOT n:Trashed
+    AND n.deletedAt IS NULL
+  OPTIONAL MATCH (n)-[]-(m)
+    WHERE m.accountId = $accountId
+      AND NOT m:Trashed
+      AND m.deletedAt IS NULL
+  WITH n, collect(DISTINCT m) AS neighbours
+  WITH [n] + [x IN neighbours WHERE x IS NOT NULL] AS windowNodes
+  WITH windowNodes, [x IN windowNodes | elementId(x)] AS windowIds
+  UNWIND windowNodes AS w
+  OPTIONAL MATCH (w)-[r]-(o)
+    WHERE elementId(o) IN windowIds
+  WITH windowNodes,
+       collect(DISTINCT CASE WHEN r IS NULL THEN null ELSE {
+         id: elementId(r),
+         from: elementId(startNode(r)),
+         to: elementId(endNode(r)),
+         type: type(r)
+       } END) AS rawEdges
+  RETURN
+    [x IN windowNodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [e IN rawEdges WHERE e IS NOT NULL] AS edges
+`;
 function pruneNode(node) {
   const properties = {};
   for (const [key, value] of Object.entries(node.properties ?? {})) {
@@ -20218,9 +20352,167 @@ function pruneNode(node) {
 }
 var graph_subgraph_default = app26;
-// server/routes/admin/file-attach.ts
+// ../lib/graph-trash/src/index.ts
+var UNIQUE_KEYS_BY_LABEL = {
+  Person: ["email", "telephone"],
+  Service: ["serviceId"],
+  LocalBusiness: ["accountId"],
+  Task: ["taskId"],
+  Event: ["eventId"],
+  KnowledgeDocument: ["attachmentId"],
+  DigitalDocument: ["attachmentId"],
+  Conversation: ["conversationId", "sessionKey"],
+  Message: ["messageId"],
+  OnboardingState: ["accountId"],
+  Workflow: ["workflowId"],
+  WorkflowStep: ["stepId"],
+  WorkflowRun: ["runId"],
+  Preference: ["preferenceId"],
+  Email: ["emailId", "messageId"],
+  AdminUser: ["userId"],
+  ToolCall: ["callId"],
+  // Composite component nulls — frees the composite constraint:
+  AccessGrant: ["contactValue"],
+  // composite (contactValue, agentSlug, accountId)
+  UserProfile: ["userId"]
+  // composite (accountId, userId)
+};
+async function trashNode(params) {
+  const { session, accountId, elementId, by, reason } = params;
+  const lookup = await session.run(
+    `MATCH (n) WHERE elementId(n) = $eid AND n.accountId = $accountId
+     RETURN labels(n) AS labels, properties(n) AS props`,
+    { eid: elementId, accountId }
+  );
+  if (lookup.records.length === 0) {
+    throw new Error(
+      `trashNode: node not found (elementId=${elementId} accountId=${accountId.slice(0, 8)}\u2026)`
+    );
+  }
+  const allLabels = lookup.records[0].get("labels");
+  const props = lookup.records[0].get("props");
+  const baseLabels = allLabels.filter((l) => l !== "Trashed");
+  if (allLabels.includes("Trashed")) {
+    return {
+      trashed: false,
+      alreadyTrashed: true,
+      nodeId: elementId,
+      labels: baseLabels,
+      trashedAt: String(props.trashedAt ?? ""),
+      originalKeys: {}
+    };
+  }
+  const uniqueKeys = /* @__PURE__ */ new Set();
+  for (const label of baseLabels) {
+    for (const key of UNIQUE_KEYS_BY_LABEL[label] ?? []) uniqueKeys.add(key);
+  }
+  const originalKeys = {};
+  for (const k of uniqueKeys) {
+    if (props[k] !== void 0 && props[k] !== null) originalKeys[k] = props[k];
+  }
+  const setNullClauses = Object.keys(originalKeys).map((k) => `n.\`${k}\` = null`).join(", ");
+  const setNullSuffix = setNullClauses ? `, ${setNullClauses}` : "";
+  const trashedAt = (/* @__PURE__ */ new Date()).toISOString();
+  await session.run(
+    `MATCH (n) WHERE elementId(n) = $eid
+     SET n:Trashed,
+         n.trashedAt = datetime($trashedAt),
+         n.trashedBy = $by,
+         n.trashReason = $reason,
+         n._trashedKeys = $trashedKeysJson${setNullSuffix}`,
+    {
+      eid: elementId,
+      trashedAt,
+      by,
+      reason: reason ?? null,
+      trashedKeysJson: JSON.stringify(originalKeys)
+    }
+  );
+  process.stderr.write(
+    `[trash:marked] accountId=${accountId} elementId=${elementId} labels=${baseLabels.join(",")} by=${by} reason=${reason ?? "null"}
+`
+  );
+  return {
+    trashed: true,
+    alreadyTrashed: false,
+    nodeId: elementId,
+    labels: baseLabels,
+    trashedAt,
+    originalKeys
+  };
+}
+// server/routes/admin/graph-delete.ts
 var app27 = new Hono2();
-app27.post("/", async (c) => {
+app27.post("/", requireAdminSession, async (c) => {
+  const sessionKey = c.var.sessionKey;
+  const accountId = getAccountIdForSession(sessionKey);
+  if (!accountId) {
+    console.error('[graph-page] delete auth-rejected reason="no account for session"');
+    return c.json({ error: "Account not found for session" }, 401);
+  }
+  const body = await safeJson(c);
+  if (!body) {
+    return c.json({ error: "JSON body required" }, 400);
+  }
+  const elementId = typeof body.elementId === "string" ? body.elementId.trim() : "";
+  if (!elementId) {
+    return c.json({ error: "elementId required" }, 400);
+  }
+  const started = Date.now();
+  const session = getSession();
+  try {
+    const lookup = await session.run(
+      `MATCH (n)
+       WHERE elementId(n) = $elementId AND n.accountId = $accountId
+       RETURN labels(n) AS labels LIMIT 1`,
+      { elementId, accountId }
+    );
+    if (lookup.records.length === 0) {
+      const elapsed2 = Date.now() - started;
+      console.error(
+        `[graph-page] delete account=${accountId} elementId=${elementId} labels= result=not-found ms=${elapsed2}`
+      );
+      return c.json({ error: "Node not found" }, 404);
+    }
+    const preflightLabels = lookup.records[0].get("labels") ?? [];
+    const result = await trashNode({
+      session,
+      accountId,
+      elementId,
+      by: "graph-page"
+    });
+    const elapsed = Date.now() - started;
+    const labelSummary = (result.labels.length > 0 ? result.labels : preflightLabels).join(",");
+    console.error(
+      `[graph-page] delete account=${accountId} elementId=${elementId} labels=${labelSummary} result=ok ms=${elapsed}`
+    );
+    const response = {
+      elementId: result.nodeId,
+      labels: result.labels.length > 0 ? result.labels : preflightLabels,
+      trashedAt: result.trashedAt,
+      alreadyTrashed: result.alreadyTrashed
+    };
+    return c.json(response);
+  } catch (err) {
+    const elapsed = Date.now() - started;
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(
+      `[graph-page] delete account=${accountId} elementId=${elementId} labels= result=error ms=${elapsed} err="${message}"`
+    );
+    return c.json({ error: `Delete failed: ${message}` }, 503);
+  } finally {
+    try {
+      await session.close();
+    } catch {
+    }
+  }
+});
+var graph_delete_default = app27;
+// server/routes/admin/file-attach.ts
+var app28 = new Hono2();
+app28.post("/", async (c) => {
   try {
     const body = await c.req.json();
     const { filePath, accountId } = body;
@@ -20243,29 +20535,30 @@ app27.post("/", async (c) => {
     return c.json({ error: message }, 500);
   }
 });
-var file_attach_default = app27;
+var file_attach_default = app28;
 // server/routes/admin/index.ts
-var app28 = new Hono2();
-app28.route("/session", session_default2);
-app28.route("/chat", chat_default2);
-app28.route("/compact", compact_default);
-app28.route("/logs", logs_default);
-app28.route("/claude-info", claude_info_default);
-app28.route("/attachment", attachment_default);
-app28.route("/account", account_default);
-app28.route("/agents", agents_default);
-app28.route("/version", version_default);
-app28.route("/sessions", sessions_default);
-app28.route("/browser", browser_default);
-app28.route("/device-browser", device_browser_default);
-app28.route("/events", events_default);
-app28.route("/cloudflare", cloudflare_default);
-app28.route("/files", files_default);
-app28.route("/graph-search", graph_search_default);
-app28.route("/graph-subgraph", graph_subgraph_default);
-app28.route("/file-attach", file_attach_default);
-var admin_default = app28;
+var app29 = new Hono2();
+app29.route("/session", session_default2);
+app29.route("/chat", chat_default2);
+app29.route("/compact", compact_default);
+app29.route("/logs", logs_default);
+app29.route("/claude-info", claude_info_default);
+app29.route("/attachment", attachment_default);
+app29.route("/account", account_default);
+app29.route("/agents", agents_default);
+app29.route("/version", version_default);
+app29.route("/sessions", sessions_default);
+app29.route("/browser", browser_default);
+app29.route("/device-browser", device_browser_default);
+app29.route("/events", events_default);
+app29.route("/cloudflare", cloudflare_default);
+app29.route("/files", files_default);
+app29.route("/graph-search", graph_search_default);
+app29.route("/graph-subgraph", graph_subgraph_default);
+app29.route("/graph-delete", graph_delete_default);
+app29.route("/file-attach", file_attach_default);
+var admin_default = app29;
 // server/index.ts
 var PLATFORM_ROOT11 = process.env.MAXY_PLATFORM_ROOT || "";
@@ -20323,9 +20616,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app29 = new Hono2();
-app29.use("*", clientIpMiddleware);
-app29.use("*", async (c, next) => {
+var app30 = new Hono2();
+app30.use("*", clientIpMiddleware);
+app30.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -20348,7 +20641,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app29.use("*", async (c, next) => {
+app30.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -20388,7 +20681,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app29.post("/__remote-auth/login", async (c) => {
+app30.post("/__remote-auth/login", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -20424,7 +20717,7 @@ app29.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app29.get("/__remote-auth/logout", (c) => {
+app30.get("/__remote-auth/logout", (c) => {
   const cookieHeader = c.req.header("cookie");
   const token = parseCookie(cookieHeader, "__remote_session");
   if (token) invalidateRemoteSession(token);
@@ -20437,7 +20730,7 @@ app29.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app29.post("/__remote-auth/change-password", async (c) => {
+app30.post("/__remote-auth/change-password", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -20486,13 +20779,13 @@ app29.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app29.get("/__remote-auth/setup", (c) => {
+app30.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app29.post("/__remote-auth/set-initial-password", async (c) => {
+app30.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -20528,10 +20821,10 @@ app29.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app29.get("/api/remote-auth/status", (c) => {
+app30.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app29.post("/api/remote-auth/set-password", async (c) => {
+app30.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -20561,9 +20854,9 @@ app29.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app29.route("/api/_client-error", client_error_default);
+app30.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app29.use("*", async (c, next) => {
+app30.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -20603,15 +20896,15 @@ function parseCookie(cookieHeader, name) {
     return null;
   }
 }
-app29.route("/api/health", health_default);
-app29.route("/api/session", session_default);
-app29.route("/api/chat", chat_default);
-app29.route("/api/group", group_default);
-app29.route("/api/access", access_default);
-app29.route("/api/telegram", telegram_default);
-app29.route("/api/whatsapp", whatsapp_default);
-app29.route("/api/onboarding", onboarding_default);
-app29.route("/api/admin", admin_default);
+app30.route("/api/health", health_default);
+app30.route("/api/session", session_default);
+app30.route("/api/chat", chat_default);
+app30.route("/api/group", group_default);
+app30.route("/api/access", access_default);
+app30.route("/api/telegram", telegram_default);
+app30.route("/api/whatsapp", whatsapp_default);
+app30.route("/api/onboarding", onboarding_default);
+app30.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -20623,7 +20916,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app29.get("/agent-assets/:slug/:filename", (c) => {
+app30.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -20658,7 +20951,7 @@ app29.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app29.get("/generated/:filename", (c) => {
+app30.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -20823,7 +21116,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml2(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app29.get("/", (c) => {
+app30.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -20831,12 +21124,12 @@ app29.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app29.get("/public", (c) => {
+app30.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app29.get("/chat", (c) => {
+app30.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -20855,9 +21148,9 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app29.use("/vnc-viewer.html", logViewerFetch);
-app29.use("/vnc-popout.html", logViewerFetch);
-app29.get("/vnc-popout.html", (c) => {
+app30.use("/vnc-viewer.html", logViewerFetch);
+app30.use("/vnc-popout.html", logViewerFetch);
+app30.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
     html = readFileSync25(resolve29(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -20870,7 +21163,7 @@ app29.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app29.post("/api/vnc/client-event", async (c) => {
+app30.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -20891,20 +21184,20 @@ app29.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app29.get("/g/:slug", (c) => {
+app30.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app29.get("/graph", (c) => {
+app30.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app29.get("/data", (c) => {
+app30.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app29.get("/:slug", async (c, next) => {
+app30.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -20913,10 +21206,10 @@ app29.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app29.use("/*", serveStatic({ root: "./public" }));
+app30.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.PORT ?? "19200", 10);
 var hostname = process.env.HOSTNAME ?? "0.0.0.0";
-var httpServer = serve({ fetch: app29.fetch, port, hostname });
+var httpServer = serve({ fetch: app30.fetch, port, hostname });
 attachVncWsProxy(httpServer, {
   isPublicHost,
   upstreamHost: "127.0.0.1",
@@ -20962,7 +21255,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app29.routes ?? []) {
+  for (const r of app30.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });