npm - @rubytech/create-realagent - Versions diffs - 1.0.684 → 1.0.686 - Mend

@rubytech/create-realagent 1.0.684 → 1.0.686

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (36) hide show

package/payload/server/server.js CHANGED Viewed

@@ -1203,14 +1203,14 @@ var Hono = class _Hono {
    * app.route("/api", app2) // GET /api/user
    * ```
    */
-  route(path2, app35) {
+  route(path2, app39) {
     const subApp = this.basePath(path2);
-    app35.routes.map((r) => {
+    app39.routes.map((r) => {
       let handler;
-      if (app35.errorHandler === errorHandler) {
+      if (app39.errorHandler === errorHandler) {
         handler = r.handler;
       } else {
-        handler = async (c, next) => (await compose([], app35.errorHandler)(c, () => r.handler(c, next))).res;
+        handler = async (c, next) => (await compose([], app39.errorHandler)(c, () => r.handler(c, next))).res;
         handler[COMPOSED_HANDLER] = r.handler;
       }
       subApp.#addRoute(r.method, r.path, handler);
@@ -2393,13 +2393,13 @@ function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromi
     }
   }
 }
-function writeFromReadableStream(stream, writable) {
-  if (stream.locked) {
+function writeFromReadableStream(stream2, writable) {
+  if (stream2.locked) {
     throw new TypeError("ReadableStream is locked.");
   } else if (writable.destroyed) {
     return;
   }
-  return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
+  return writeFromReadableStreamDefaultReader(stream2.getReader(), writable);
 }
 var buildOutgoingHttpHeaders = (headers) => {
   const res = {};
@@ -2528,7 +2528,7 @@ var responseViaResponseObject = async (res, outgoing, options = {}) => {
         });
         if (!chunk) {
           if (i === 1) {
-            await new Promise((resolve28) => setTimeout(resolve28));
+            await new Promise((resolve29) => setTimeout(resolve29));
             maxReadCount = 3;
             continue;
           }
@@ -2761,24 +2761,24 @@ var pr54206Applied = () => {
   return major >= 23 || major === 22 && minor >= 7 || major === 20 && minor >= 18;
 };
 var useReadableToWeb = pr54206Applied();
-var createStreamBody = (stream) => {
+var createStreamBody = (stream2) => {
   if (useReadableToWeb) {
-    return Readable2.toWeb(stream);
+    return Readable2.toWeb(stream2);
   }
   const body = new ReadableStream({
     start(controller) {
-      stream.on("data", (chunk) => {
+      stream2.on("data", (chunk) => {
         controller.enqueue(chunk);
       });
-      stream.on("error", (err) => {
+      stream2.on("error", (err) => {
         controller.error(err);
       });
-      stream.on("end", () => {
+      stream2.on("end", () => {
         controller.close();
       });
     },
     cancel() {
-      stream.destroy();
+      stream2.destroy();
     }
   });
   return body;
@@ -2883,10 +2883,10 @@ var serveStatic = (options = { root: "" }) => {
         end = size - 1;
       }
       const chunksize = end - start + 1;
-      const stream = createReadStream(path2, { start, end });
+      const stream2 = createReadStream(path2, { start, end });
       c.header("Content-Length", chunksize.toString());
       c.header("Content-Range", `bytes ${start}-${end}/${stats.size}`);
-      result = c.body(createStreamBody(stream), 206);
+      result = c.body(createStreamBody(stream2), 206);
     }
     await options.onFound?.(path2, c);
     return result;
@@ -2894,9 +2894,9 @@ var serveStatic = (options = { root: "" }) => {
 };
 // server/index.ts
-import { readFileSync as readFileSync25, existsSync as existsSync23, watchFile } from "fs";
-import { resolve as resolve27, join as join12, basename as basename7 } from "path";
-import { homedir as homedir4 } from "os";
+import { readFileSync as readFileSync26, existsSync as existsSync25, watchFile } from "fs";
+import { resolve as resolve28, join as join13, basename as basename7 } from "path";
+import { homedir as homedir5 } from "os";
 // app/lib/agent-slug-pattern.ts
 var AGENT_SLUG_PATTERN = /^\/([a-z][a-z0-9-]{2,49})$/;
@@ -3992,8 +3992,8 @@ async function persistMessage(conversationId, role, content, accountId, tokens,
   const prev = persistMessageLocks.get(conversationId);
   const waited = prev !== void 0;
   let release;
-  const mine = new Promise((resolve28) => {
-    release = resolve28;
+  const mine = new Promise((resolve29) => {
+    release = resolve29;
   });
   const chained = (prev ?? Promise.resolve()).then(() => mine);
   persistMessageLocks.set(conversationId, chained);
@@ -4252,7 +4252,7 @@ ${userContent}`;
     "dontAsk",
     prompt
   ];
-  return new Promise((resolve28) => {
+  return new Promise((resolve29) => {
     let stdout = "";
     let stderr = "";
     const spawnFn = _spawnOverride ?? spawn;
@@ -4270,35 +4270,35 @@ ${userContent}`;
     const timer = setTimeout(() => {
       proc.kill("SIGTERM");
       console.error("[persist] autoLabel: haiku subprocess timed out");
-      resolve28(null);
+      resolve29(null);
     }, SESSION_LABEL_TIMEOUT_MS);
     proc.on("error", (err) => {
       clearTimeout(timer);
       console.error(`[persist] autoLabel: subprocess error \u2014 ${err.message}`);
-      resolve28(null);
+      resolve29(null);
     });
     proc.on("close", (code) => {
       clearTimeout(timer);
       if (code !== 0) {
         console.error(`[persist] autoLabel: subprocess exited code=${code}${stderr ? ` stderr=${stderr.trim().slice(0, 200)}` : ""}`);
-        resolve28(null);
+        resolve29(null);
         return;
       }
       const text = stdout.trim();
       if (!text) {
         console.error("[persist] autoLabel: haiku returned empty response");
-        resolve28(null);
+        resolve29(null);
         return;
       }
       if (text === "SKIP") {
         console.error("[persist] autoLabel: haiku returned SKIP \u2014 messages too vague");
-        resolve28(null);
+        resolve29(null);
         return;
       }
       const words = text.split(/\s+/).slice(0, SESSION_LABEL_MAX_WORDS);
       const label = words.join(" ");
       console.error(`[persist] autoLabel: haiku response="${label}"`);
-      resolve28(label);
+      resolve29(label);
     });
   });
 }
@@ -5909,9 +5909,9 @@ function agentLogStream(name, accountDir, conversationId) {
   mkdirSync4(logDir, { recursive: true });
   purgeOldLogs(logDir, `${name}-`);
   const logPath2 = resolve5(logDir, `${name}-${conversationId}.log`);
-  const stream = createWriteStream(logPath2, { flags: "a" });
-  registerStreamLog(stream, { path: logPath2, conversationId, name });
-  return stream;
+  const stream2 = createWriteStream(logPath2, { flags: "a" });
+  registerStreamLog(stream2, { path: logPath2, conversationId, name });
+  return stream2;
 }
 function preConversationLogStream(name, accountDir) {
   const logDir = resolve5(accountDir, "logs");
@@ -5919,15 +5919,15 @@ function preConversationLogStream(name, accountDir) {
   const date = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
   purgeOldLogs(logDir, `preconversation-${name}-`);
   const logPath2 = resolve5(logDir, `preconversation-${name}-${date}.log`);
-  const stream = createWriteStream(logPath2, { flags: "a" });
-  registerStreamLog(stream, { path: logPath2, conversationId: null, name: `preconversation-${name}` });
-  return stream;
+  const stream2 = createWriteStream(logPath2, { flags: "a" });
+  registerStreamLog(stream2, { path: logPath2, conversationId: null, name: `preconversation-${name}` });
+  return stream2;
 }
 var openStreamLogs = /* @__PURE__ */ new Map();
-function registerStreamLog(stream, entry) {
-  openStreamLogs.set(stream, entry);
-  stream.once("close", () => {
-    openStreamLogs.delete(stream);
+function registerStreamLog(stream2, entry) {
+  openStreamLogs.set(stream2, entry);
+  stream2.once("close", () => {
+    openStreamLogs.delete(stream2);
   });
 }
 function sigtermFlushStreamLogs(reason, source) {
@@ -7777,7 +7777,7 @@ async function fetchMemoryContext(accountId, query, sessionKey, options) {
     return null;
   }
   const startMs = Date.now();
-  return new Promise((resolve28) => {
+  return new Promise((resolve29) => {
     const proc = spawn2(process.execPath, [serverPath], {
       env: {
         ...process.env,
@@ -7806,7 +7806,7 @@ async function fetchMemoryContext(accountId, query, sessionKey, options) {
       } else {
         console.error(`[fetchMemoryContext] failed: ${reason} (${elapsed}ms)${stderrBuf ? ` stderr: ${stderrBuf.slice(0, 500)}` : ""}`);
       }
-      resolve28(value);
+      resolve29(value);
     };
     proc.stdout.on("data", (chunk) => {
       buffer += chunk.toString();
@@ -9882,7 +9882,7 @@ User messages are prefixed with the sender's name in brackets. Address participa
   try {
     while (turnCount < MAX_TOOL_TURNS) {
       turnCount++;
-      const stream = client.messages.stream({
+      const stream2 = client.messages.stream({
         model: publicModel,
         max_tokens: 1024,
         system,
@@ -9924,13 +9924,13 @@ User messages are prefixed with the sender's name in brackets. Address participa
           }
         }]
       });
-      for await (const event of stream) {
+      for await (const event of stream2) {
         if (event.type === "content_block_delta" && event.delta.type === "text_delta") {
           fullText += event.delta.text;
           yield { type: "text", content: event.delta.text };
         }
       }
-      const finalMessage = await stream.finalMessage();
+      const finalMessage = await stream2.finalMessage();
       if (finalMessage.stop_reason !== "tool_use") break;
       const toolUseBlocks = [];
       for (const block of finalMessage.content) {
@@ -12536,7 +12536,7 @@ var credsSaveQueue = Promise.resolve();
 async function drainCredsSaveQueue(timeoutMs = 5e3) {
   console.error(`${TAG5} draining credential save queue\u2026`);
   const timer = new Promise(
-    (resolve28) => setTimeout(() => resolve28("timeout"), timeoutMs)
+    (resolve29) => setTimeout(() => resolve29("timeout"), timeoutMs)
   );
   const result = await Promise.race([
     credsSaveQueue.then(() => "drained"),
@@ -12664,11 +12664,11 @@ async function createWaSocket(opts) {
   return sock;
 }
 async function waitForConnection(sock) {
-  return new Promise((resolve28, reject) => {
+  return new Promise((resolve29, reject) => {
     const handler = (update) => {
       if (update.connection === "open") {
         sock.ev.off("connection.update", handler);
-        resolve28();
+        resolve29();
       }
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
@@ -12782,14 +12782,14 @@ ${inspected}`;
   return inspect2(err, INSPECT_OPTS2);
 }
 function withTimeout(label, promise, timeoutMs) {
-  return new Promise((resolve28, reject) => {
+  return new Promise((resolve29, reject) => {
     const timer = setTimeout(() => {
       reject(new Error(`${label} timed out after ${timeoutMs}ms`));
     }, timeoutMs);
     promise.then(
       (value) => {
         clearTimeout(timer);
-        resolve28(value);
+        resolve29(value);
       },
       (err) => {
         clearTimeout(timer);
@@ -13334,9 +13334,9 @@ function getDownloadableContent(message) {
   if (msg.stickerMessage) return { downloadable: msg.stickerMessage, mediaType: "sticker" };
   return void 0;
 }
-async function streamToBuffer(stream) {
+async function streamToBuffer(stream2) {
   const chunks = [];
-  for await (const chunk of stream) {
+  for await (const chunk of stream2) {
     chunks.push(Buffer.from(chunk));
   }
   return Buffer.concat(chunks);
@@ -13367,8 +13367,8 @@ async function downloadInboundMedia(msg, sock, opts) {
       const downloadable = getDownloadableContent(content);
       if (downloadable) {
         try {
-          const stream = await downloadContentFromMessage(downloadable.downloadable, downloadable.mediaType);
-          buffer = await streamToBuffer(stream);
+          const stream2 = await downloadContentFromMessage(downloadable.downloadable, downloadable.mediaType);
+          buffer = await streamToBuffer(stream2);
         } catch (fallbackErr) {
           console.error(`${TAG9} direct download fallback failed: ${String(fallbackErr)}`);
         }
@@ -13999,15 +13999,15 @@ async function connectWithReconnect(conn) {
       );
     }
     if (decision.reason === "short-lived" || cycleError) {
-      const delay = computeBackoff(Math.max(1, decision.nextAttempts));
+      const delay2 = computeBackoff(Math.max(1, decision.nextAttempts));
       console.error(
-        `${TAG13} reconnecting account=${conn.accountId} in ${delay}ms (attempt ${decision.nextAttempts}/${maxAttempts})`
+        `${TAG13} reconnecting account=${conn.accountId} in ${delay2}ms (attempt ${decision.nextAttempts}/${maxAttempts})`
       );
-      await new Promise((resolve28) => {
-        const timer = setTimeout(resolve28, delay);
+      await new Promise((resolve29) => {
+        const timer = setTimeout(resolve29, delay2);
         conn.abortController.signal.addEventListener("abort", () => {
           clearTimeout(timer);
-          resolve28();
+          resolve29();
         }, { once: true });
       });
     }
@@ -14015,16 +14015,16 @@ async function connectWithReconnect(conn) {
   }
 }
 function waitForDisconnectEvent(conn) {
-  return new Promise((resolve28) => {
+  return new Promise((resolve29) => {
     if (!conn.sock) {
-      resolve28();
+      resolve29();
       return;
     }
     const sock = conn.sock;
     const handler = (update) => {
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
-        resolve28();
+        resolve29();
       }
     };
     sock.ev.on("connection.update", handler);
@@ -14241,8 +14241,8 @@ async function handleInboundMessage(conn, msg) {
     const conversationKey = isGroup ? remoteJid : senderPhone;
     const debounceKey = `${conn.accountId}:${conversationKey}:${senderPhone}`;
     let resolvePending;
-    const sttPending = new Promise((resolve28) => {
-      resolvePending = resolve28;
+    const sttPending = new Promise((resolve29) => {
+      resolvePending = resolve29;
     });
     if (conn.debouncer) conn.debouncer.registerPending(debounceKey, sttPending);
     try {
@@ -14355,20 +14355,20 @@ async function probeApiKey() {
   return result.status;
 }
 function checkPort(port2, timeoutMs = 500) {
-  return new Promise((resolve28) => {
+  return new Promise((resolve29) => {
     const socket = createConnection2(port2, "127.0.0.1");
     socket.setTimeout(timeoutMs);
     socket.once("connect", () => {
       socket.destroy();
-      resolve28(true);
+      resolve29(true);
     });
     socket.once("error", () => {
       socket.destroy();
-      resolve28(false);
+      resolve29(false);
     });
     socket.once("timeout", () => {
       socket.destroy();
-      resolve28(false);
+      resolve29(false);
     });
   });
 }
@@ -15338,7 +15338,7 @@ app3.post("/", async (c) => {
         `[chat-route] session=${session_key.slice(0, 8)} gateway=discard reason=${gatewayResult.screening.reason}`
       );
       const encoder2 = new TextEncoder();
-      const stream = new ReadableStream({
+      const stream2 = new ReadableStream({
         start(controller) {
           controller.enqueue(
             encoder2.encode(`data: ${JSON.stringify({ text: "I'm sorry, I can't help with that request." })}
@@ -15349,7 +15349,7 @@ app3.post("/", async (c) => {
           controller.close();
         }
       });
-      return new Response(stream, {
+      return new Response(stream2, {
         headers: { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", Connection: "keep-alive" }
       });
     }
@@ -16518,12 +16518,12 @@ async function loginConnectionLoop(accountId, login) {
         return;
       }
       attempt++;
-      const delay = LOGIN_RECONNECT_DELAYS[attempt - 1] ?? 8e3;
+      const delay2 = LOGIN_RECONNECT_DELAYS[attempt - 1] ?? 8e3;
       console.error(
-        `${TAG17} status=${classification.statusCode ?? "unknown"} restart required \u2014 reconnecting with saved creds (attempt ${attempt}/${LOGIN_MAX_RECONNECTS}) delay=${delay}ms`
+        `${TAG17} status=${classification.statusCode ?? "unknown"} restart required \u2014 reconnecting with saved creds (attempt ${attempt}/${LOGIN_MAX_RECONNECTS}) delay=${delay2}ms`
       );
       closeSocket(current.sock);
-      await new Promise((r) => setTimeout(r, delay));
+      await new Promise((r) => setTimeout(r, delay2));
       const afterDelay = activeLogins.get(accountId);
       if (afterDelay?.id !== login.id) return;
       try {
@@ -16570,8 +16570,8 @@ async function startLogin(opts) {
   resetActiveLogin(accountId);
   let resolveQr = null;
   let rejectQr = null;
-  const qrPromise = new Promise((resolve28, reject) => {
-    resolveQr = resolve28;
+  const qrPromise = new Promise((resolve29, reject) => {
+    resolveQr = resolve29;
     rejectQr = reject;
   });
   const qrTimer = setTimeout(
@@ -17721,8 +17721,8 @@ function startScriptStreamTailer(opts) {
         buffer = "";
       }
       await new Promise((res, rej) => {
-        const stream = createReadStream2(path2, { start: offset, end: size - 1 });
-        stream.on("data", (chunk) => {
+        const stream2 = createReadStream2(path2, { start: offset, end: size - 1 });
+        stream2.on("data", (chunk) => {
           buffer += typeof chunk === "string" ? chunk : utf8.write(chunk);
           let idx;
           while ((idx = buffer.indexOf("\n")) !== -1) {
@@ -17731,11 +17731,11 @@ function startScriptStreamTailer(opts) {
             if (line.length > 0) processLine(line);
           }
         });
-        stream.on("end", () => {
+        stream2.on("end", () => {
           offset = size;
           res();
         });
-        stream.on("error", rej);
+        stream2.on("error", rej);
       });
     } catch (err) {
       if (onError) onError(err instanceof Error ? err : new Error(String(err)));
@@ -18057,7 +18057,7 @@ app11.post("/", requireAdminSession, async (c) => {
 `);
       lifecycleLog.end();
       const encoder2 = new TextEncoder();
-      const stream = new ReadableStream({
+      const stream2 = new ReadableStream({
         start(controller) {
           controller.enqueue(encoder2.encode(`data: ${JSON.stringify({ type: "done" })}
@@ -18065,7 +18065,7 @@ app11.post("/", requireAdminSession, async (c) => {
           controller.close();
         }
       });
-      return new Response(stream, {
+      return new Response(stream2, {
         headers: { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", Connection: "keep-alive" }
       });
     }
@@ -18212,7 +18212,7 @@ var app12 = new Hono2();
 app12.post("/", requireAdminSession, async (c) => {
   const sessionKey = c.var.sessionKey;
   const encoder = new TextEncoder();
-  const stream = new ReadableStream({
+  const stream2 = new ReadableStream({
     async start(controller) {
       const iter = compactSession(sessionKey);
       let step = await iter.next();
@@ -18228,7 +18228,7 @@ app12.post("/", requireAdminSession, async (c) => {
       controller.close();
     }
   });
-  return new Response(stream, {
+  return new Response(stream2, {
     headers: {
       "Content-Type": "text/event-stream",
       "Cache-Control": "no-cache",
@@ -18951,9 +18951,9 @@ app22.post("/", async (c) => {
 var events_default = app22;
 // server/routes/admin/cloudflare.ts
-import { homedir as homedir3 } from "os";
-import { resolve as resolve24 } from "path";
-import { readFileSync as readFileSync24 } from "fs";
+import { homedir as homedir4 } from "os";
+import { resolve as resolve25 } from "path";
+import { readFileSync as readFileSync25 } from "fs";
 // app/lib/dns-label.ts
 var VALID_LABEL = /^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$/;
@@ -18991,9 +18991,13 @@ function addAliasDomain(hostname2) {
   writeFileSync14(ALIAS_DOMAINS_PATH, JSON.stringify([...existing], null, 2) + "\n", "utf-8");
 }
-// server/routes/admin/cloudflare.ts
-var SETUP_TIMEOUT_MS = 10 * 60 * 1e3;
-var DOMAINS_TIMEOUT_MS = 40 * 1e3;
+// server/lib/action-runner.ts
+import { spawn as spawn5 } from "child_process";
+import { createReadStream as createReadStream3, existsSync as existsSync23, mkdirSync as mkdirSync13, readdirSync as readdirSync7, statSync as statSync10, unlinkSync as unlinkSync5, watch } from "fs";
+import { homedir as homedir3 } from "os";
+import { join as join11, resolve as resolve24 } from "path";
+import { readFileSync as readFileSync24 } from "fs";
+import { setTimeout as delay } from "timers/promises";
 function loadBrandInfo() {
   const platformRoot2 = process.env.MAXY_PLATFORM_ROOT ?? resolve24(process.cwd(), "..");
   const brandPath = resolve24(platformRoot2, "config", "brand.json");
@@ -19006,6 +19010,333 @@ function loadBrandInfo() {
     return { hostname: "maxy", configDir: ".maxy" };
   }
 }
+function actionLogDir() {
+  const { configDir: configDir2 } = loadBrandInfo();
+  return join11(homedir3(), configDir2, "logs", "actions");
+}
+function actionLogPath(actionId) {
+  return join11(actionLogDir(), `${actionId}.log`);
+}
+var WHITELIST = {
+  upgrade: {
+    build: ({ sudoPassword }) => {
+      const { hostname: hostname2 } = loadBrandInfo();
+      const pkg = `@rubytech/create-${hostname2}`;
+      const cmd = [
+        // prime: read pw from stdin, silently cache
+        'printf %s "$SUDO_PASSWORD"',
+        "|",
+        "sudo -S -v 2>/dev/null",
+        "&&",
+        // run installer — it will re-prompt only if the cache expires
+        `npx -y ${pkg}@latest`
+      ].join(" ");
+      return {
+        argv: ["bash", "-c", cmd],
+        env: sudoPassword ? { SUDO_PASSWORD: sudoPassword } : void 0
+      };
+    }
+  },
+  "cloudflare-setup": {
+    build: ({ positional }) => {
+      if (!positional || positional.length < 3) {
+        throw new Error("cloudflare-setup requires [brand, port, ...hostnames]");
+      }
+      const scriptPath = join11(homedir3(), "setup-tunnel.sh");
+      if (!existsSync23(scriptPath)) {
+        throw new Error(
+          `cloudflare-setup: ~/setup-tunnel.sh not found. Re-run the installer to repair the symlink.`
+        );
+      }
+      return { argv: [scriptPath, ...positional] };
+    }
+  }
+};
+function isKnownAction(name) {
+  return Object.prototype.hasOwnProperty.call(WHITELIST, name);
+}
+function generateActionId(name) {
+  const ts = Date.now().toString(36);
+  const nonce = Math.floor(Math.random() * 4294967295).toString(16).padStart(8, "0");
+  return `${name}-${ts}-${nonce}`;
+}
+function cleanupStaleLogs() {
+  const dir = actionLogDir();
+  if (!existsSync23(dir)) return;
+  const cutoff = Date.now() - 7 * 24 * 60 * 60 * 1e3;
+  for (const entry of readdirSync7(dir)) {
+    const full = join11(dir, entry);
+    try {
+      const st = statSync10(full);
+      if (st.isFile() && st.mtimeMs < cutoff) unlinkSync5(full);
+    } catch {
+    }
+  }
+}
+async function isActionActive(actionName) {
+  return new Promise((resolveP) => {
+    const proc = spawn5(
+      "systemctl",
+      ["--user", "list-units", "--no-legend", "--state=active", `maxy-action-${actionName}-*`],
+      { stdio: ["ignore", "pipe", "pipe"] }
+    );
+    let out = "";
+    proc.stdout.on("data", (chunk) => {
+      out += chunk.toString();
+    });
+    proc.on("close", () => resolveP(out.trim().length > 0));
+    proc.on("error", () => resolveP(false));
+  });
+}
+async function launchAction(name, args) {
+  const actionId = generateActionId(name);
+  const dir = actionLogDir();
+  mkdirSync13(dir, { recursive: true });
+  cleanupStaleLogs();
+  const logPath2 = actionLogPath(actionId);
+  const unit = `maxy-action-${actionId}`;
+  const built = WHITELIST[name].build(args);
+  const systemdArgs = [
+    "--user",
+    `--unit=${unit}`,
+    "--collect",
+    "--property=RemainAfterExit=false",
+    `--property=StandardOutput=append:${logPath2}`,
+    `--property=StandardError=append:${logPath2}`,
+    `--description=Maxy action ${name} (${actionId})`
+  ];
+  if (built.env) {
+    for (const [k, v] of Object.entries(built.env)) {
+      systemdArgs.push(`--setenv=${k}=${v}`);
+    }
+  }
+  systemdArgs.push("--", ...built.argv);
+  await new Promise((resolveP, rejectP) => {
+    const proc = spawn5("systemd-run", systemdArgs, { stdio: ["ignore", "pipe", "pipe"] });
+    let stderr = "";
+    proc.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    proc.on("close", (code) => {
+      if (code === 0) resolveP();
+      else rejectP(new Error(`systemd-run exited ${code}: ${stderr.trim().slice(0, 400)}`));
+    });
+    proc.on("error", rejectP);
+  });
+  console.log(`[action-runner] launched action=${name} id=${actionId} unit=${unit} log=${logPath2}`);
+  return { actionId, unit, logPath: logPath2 };
+}
+async function getUnitStatus(unit) {
+  return new Promise((resolveP) => {
+    const proc = spawn5(
+      "systemctl",
+      ["--user", "show", unit, "--property=ActiveState,SubState,MainPID,ExecMainStatus,ExecMainCode"],
+      { stdio: ["ignore", "pipe", "pipe"] }
+    );
+    let out = "";
+    proc.stdout.on("data", (chunk) => {
+      out += chunk.toString();
+    });
+    proc.on("close", () => {
+      const kv = {};
+      for (const line of out.split("\n")) {
+        const eq = line.indexOf("=");
+        if (eq > 0) kv[line.slice(0, eq)] = line.slice(eq + 1);
+      }
+      if (!kv.ActiveState) return resolveP(null);
+      resolveP({
+        activeState: kv.ActiveState,
+        subState: kv.SubState ?? "",
+        mainPid: kv.MainPID ? Number(kv.MainPID) || null : null,
+        execMainStatus: kv.ExecMainStatus ? Number(kv.ExecMainStatus) : null,
+        execMainSignal: null
+        // systemd reports signal in SIGNAL (SIGTERM etc.), deferred — code is enough for our contract
+      });
+    });
+    proc.on("error", () => resolveP(null));
+  });
+}
+var HEARTBEAT_INTERVAL_MS = 5e3;
+var PHASE_BRACKETED = /\[(\d+)\/(\d+)\]/;
+var PHASE_STREAM_LOG = /step=([a-z0-9-]+)/;
+function extractPhase(text) {
+  const m1 = text.match(PHASE_BRACKETED);
+  if (m1) return m1[0];
+  const m2 = text.match(PHASE_STREAM_LOG);
+  if (m2) return m2[1];
+  return null;
+}
+async function* streamActionEvents(opts) {
+  const { actionId, unit, signal } = opts;
+  const logPath2 = actionLogPath(actionId);
+  const startedAt = Date.now();
+  let lastLineAt = startedAt;
+  let lastPhase = null;
+  let byteOffset = opts.fromByteOffset ?? 0;
+  if (existsSync23(logPath2)) {
+    const snapshot = statSync10(logPath2).size;
+    if (byteOffset < snapshot) {
+      for await (const ev of readLogLines(logPath2, byteOffset, snapshot)) {
+        const phase = extractPhase(ev.text);
+        if (phase) lastPhase = phase;
+        lastLineAt = ev.ts;
+        byteOffset = ev.byteOffset;
+        yield ev;
+        if (signal.aborted) return;
+      }
+    }
+  }
+  let watching = true;
+  let hbTimer = null;
+  const queue = [];
+  let resolveNext = null;
+  function push(ev) {
+    queue.push(ev);
+    if (resolveNext) {
+      const r = resolveNext;
+      resolveNext = null;
+      r();
+    }
+  }
+  const watcher = existsSync23(logPath2) ? watch(logPath2, async () => {
+    if (!watching) return;
+    try {
+      const size = statSync10(logPath2).size;
+      if (size <= byteOffset) return;
+      for await (const ev of readLogLines(logPath2, byteOffset, size)) {
+        const phase = extractPhase(ev.text);
+        if (phase) lastPhase = phase;
+        lastLineAt = ev.ts;
+        byteOffset = ev.byteOffset;
+        push(ev);
+      }
+    } catch (err) {
+      console.error(`[action-runner] watcher error action=${actionId}: ${err}`);
+    }
+  }) : null;
+  hbTimer = setInterval(async () => {
+    const status = await getUnitStatus(unit);
+    const now = Date.now();
+    push({
+      type: "heartbeat",
+      ts: now,
+      elapsed_since_last_line_ms: now - lastLineAt,
+      systemd_state: status ? status.activeState : "unknown",
+      pid: status ? status.mainPid : null,
+      last_phase: lastPhase
+    });
+    if (status && status.activeState !== "active" && status.activeState !== "activating") {
+      const finalStatus = await getUnitStatus(unit);
+      push({
+        type: "exit",
+        ts: Date.now(),
+        code: finalStatus?.execMainStatus ?? null,
+        signal: null,
+        duration_ms: Date.now() - startedAt
+      });
+      watching = false;
+    }
+  }, HEARTBEAT_INTERVAL_MS);
+  try {
+    while (watching && !signal.aborted) {
+      if (queue.length === 0) {
+        await new Promise((r) => {
+          resolveNext = r;
+        });
+      }
+      while (queue.length > 0) {
+        const ev = queue.shift();
+        yield ev;
+        if (ev.type === "exit") {
+          watching = false;
+          break;
+        }
+      }
+    }
+  } finally {
+    if (hbTimer) clearInterval(hbTimer);
+    watcher?.close();
+  }
+}
+async function* readLogLines(path2, fromOffset, toOffset) {
+  const stream2 = createReadStream3(path2, { start: fromOffset, end: toOffset - 1, encoding: "utf-8" });
+  let buffer = "";
+  let offset = fromOffset;
+  for await (const chunk of stream2) {
+    buffer += chunk;
+    let nl;
+    while ((nl = buffer.indexOf("\n")) !== -1) {
+      const text = buffer.slice(0, nl);
+      offset += Buffer.byteLength(text, "utf-8") + 1;
+      buffer = buffer.slice(nl + 1);
+      yield { type: "line", ts: Date.now(), stream: "stdout", text, byteOffset: offset };
+    }
+  }
+}
+var RATE_LIMIT_WINDOW_MS = 6e4;
+var RATE_LIMIT_MAX_ATTEMPTS = 5;
+var rateLimitBuckets = /* @__PURE__ */ new Map();
+function rateLimitCheck(ip) {
+  const now = Date.now();
+  const bucket = rateLimitBuckets.get(ip);
+  if (!bucket || now - bucket.windowStart > RATE_LIMIT_WINDOW_MS) {
+    rateLimitBuckets.set(ip, { count: 1, windowStart: now });
+    return "ok";
+  }
+  bucket.count += 1;
+  if (bucket.count > RATE_LIMIT_MAX_ATTEMPTS) return "limited";
+  return "ok";
+}
+async function primeSudo(password, clientIp) {
+  if (!password) return "invalid";
+  if (rateLimitCheck(clientIp) === "limited") return "limited";
+  return new Promise((resolveP) => {
+    const proc = spawn5("sudo", ["-S", "-v"], { stdio: ["pipe", "ignore", "pipe"] });
+    let stderr = "";
+    proc.stderr.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    proc.on("close", (code) => {
+      if (code === 0) return resolveP("ok");
+      if (/incorrect password|authentication failure/i.test(stderr)) return resolveP("invalid");
+      console.error(`[action-runner] sudo-prime failed code=${code} stderr=${stderr.slice(0, 200)}`);
+      resolveP("error");
+    });
+    proc.on("error", (err) => {
+      console.error(`[action-runner] sudo-prime spawn error: ${err}`);
+      resolveP("error");
+    });
+    proc.stdin.write(`${password}
+`);
+    proc.stdin.end();
+  });
+}
+async function waitForExit(unit, timeoutMs = 10 * 60 * 1e3) {
+  const deadline = Date.now() + timeoutMs;
+  while (Date.now() < deadline) {
+    const status = await getUnitStatus(unit);
+    if (!status) return null;
+    if (status.activeState !== "active" && status.activeState !== "activating") return status;
+    await delay(500);
+  }
+  return null;
+}
+// server/routes/admin/cloudflare.ts
+var SETUP_TIMEOUT_MS = 10 * 60 * 1e3;
+var DOMAINS_TIMEOUT_MS = 40 * 1e3;
+function loadBrandInfo2() {
+  const platformRoot2 = process.env.MAXY_PLATFORM_ROOT ?? resolve25(process.cwd(), "..");
+  const brandPath = resolve25(platformRoot2, "config", "brand.json");
+  try {
+    const parsed = JSON.parse(readFileSync25(brandPath, "utf-8"));
+    const hostname2 = typeof parsed.hostname === "string" && parsed.hostname ? parsed.hostname : "maxy";
+    const configDir2 = typeof parsed.configDir === "string" && parsed.configDir ? parsed.configDir : ".maxy";
+    return { hostname: hostname2, configDir: configDir2 };
+  } catch {
+    return { hostname: "maxy", configDir: ".maxy" };
+  }
+}
 function resolvePort() {
   const raw2 = process.env.PORT;
   if (!raw2) throw new Error("PORT env var is not set \u2014 refusing to guess");
@@ -19100,8 +19431,8 @@ app23.get("/domains", requireAdminSession, async (c) => {
   if (!correlationId) return err("session", "No active conversation for session \u2014 refresh chat.");
   streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
   log2(`phase=stream-log-resolved path=${streamLogPath}`);
-  const brand = loadBrandInfo();
-  const scriptPath = resolve24(homedir3(), "list-cf-domains.sh");
+  const brand = loadBrandInfo2();
+  const scriptPath = resolve25(homedir4(), "list-cf-domains.sh");
   const result = await runFormSpawn({
     scriptPath,
     args: [brand.hostname],
@@ -19186,8 +19517,8 @@ app23.post("/setup", requireAdminSession, async (c) => {
     };
     return c.json(body2, 200);
   }
-  function ok(result2) {
-    return c.json(result2, 200);
+  function ok(result) {
+    return c.json(result, 200);
   }
   let body;
   try {
@@ -19219,93 +19550,90 @@ app23.post("/setup", requireAdminSession, async (c) => {
   let brand;
   let port2;
   try {
-    brand = loadBrandInfo();
+    brand = loadBrandInfo2();
     port2 = resolvePort();
   } catch (e) {
     return err("script", `Server misconfigured: ${e instanceof Error ? e.message : String(e)}`);
   }
   streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
   log2(`phase=stream-log-resolved path=${streamLogPath}`);
-  const scriptPath = resolve24(homedir3(), "setup-tunnel.sh");
   const args = [brand.hostname, String(port2), adminFqdn];
   if (publicFqdn) args.push(publicFqdn);
   if (apex) args.push(apex);
-  const result = await runFormSpawn({
-    scriptPath,
-    args,
-    streamLogPath,
-    correlationId,
-    timeoutMs: SETUP_TIMEOUT_MS,
-    log: log2,
-    logErr,
-    broadcast: broadcastToConversation
-  });
-  const combined = `${result.stdout}${result.stderr ? `
----
-${result.stderr}` : ""}`;
-  if (result.code !== 0) {
-    const reason = result.timedOut ? `Timed out after ${SETUP_TIMEOUT_MS / 1e3}s` : `Exited with code ${result.code ?? "null"}${result.signal ? ` (signal ${result.signal})` : ""}`;
-    return err("script", reason, combined);
-  }
-  const candidates = [publicFqdn, apex].filter((h) => typeof h === "string" && h.length > 0);
-  const aliasesWritten = [];
-  for (const host of candidates) {
-    if (host === adminFqdn) {
-      log2(`phase=alias-domain-write host=${host} result=skipped-admin`);
-      continue;
-    }
-    if (host.startsWith("public.")) {
-      log2(`phase=alias-domain-write host=${host} result=skipped-public-prefix`);
-      continue;
+  if (await isActionActive("cloudflare-setup")) {
+    return err("request", "Another Cloudflare setup is already running. Wait for it to finish before starting a new one.");
+  }
+  let actionId;
+  let unit;
+  try {
+    const launched = await launchAction("cloudflare-setup", { positional: args });
+    actionId = launched.actionId;
+    unit = launched.unit;
+  } catch (e) {
+    return err("script", `Failed to launch cloudflare-setup action: ${e instanceof Error ? e.message : String(e)}`);
+  }
+  log2(`phase=action-launched id=${actionId} unit=${unit}`);
+  void (async () => {
+    const status = await waitForExit(unit, SETUP_TIMEOUT_MS);
+    if (!status || status.execMainStatus !== 0) {
+      logErr(`phase=post-exit-skipped reason=${status ? `exit=${status.execMainStatus}` : "unit-gone"} id=${actionId}`);
+      return;
     }
-    try {
-      addAliasDomain(host);
-      aliasesWritten.push(host);
-      log2(`phase=alias-domain-write host=${host} result=written`);
-    } catch (e) {
-      return err(
-        "script",
-        `Tunnel created but alias-domains.json write failed for ${host}: ${e instanceof Error ? e.message : String(e)}`,
-        combined
-      );
+    const candidates = [publicFqdn, apex].filter((h) => typeof h === "string" && h.length > 0);
+    for (const host of candidates) {
+      if (host === adminFqdn) {
+        log2(`phase=alias-domain-write host=${host} result=skipped-admin`);
+        continue;
+      }
+      if (host.startsWith("public.")) {
+        log2(`phase=alias-domain-write host=${host} result=skipped-public-prefix`);
+        continue;
+      }
+      try {
+        addAliasDomain(host);
+        log2(`phase=alias-domain-write host=${host} result=written`);
+      } catch (e) {
+        logErr(`phase=alias-domain-write host=${host} result=error reason="${e instanceof Error ? e.message : String(e)}"`);
+      }
     }
-  }
+    log2(`phase=done action=${actionId}`);
+  })().catch((e) => logErr(`post-exit handler threw: ${e}`));
   const total = Date.now() - started;
-  log2(`phase=done total_ms=${total} aliases=${aliasesWritten.length}`);
+  log2(`phase=response-sent action_id=${actionId} total_ms=${total}`);
   writeRouteMilestone(
     streamLogPath,
     "cloudflare-setup",
-    `phase=done total_ms=${total} aliases=${aliasesWritten.length}`
+    `phase=action-launched id=${actionId}`
   );
   const success = {
     ok: true,
-    output: combined,
+    output: `Action launched \u2014 see live log in the form panel.
+actionId: ${actionId}`,
     adminFqdn,
     publicFqdn,
     apex,
-    aliasesWritten
+    aliasesWritten: [],
+    actionId
   };
-  const resp = ok(success);
-  log2(`phase=response-sent`);
-  return resp;
+  return ok(success);
 });
 var cloudflare_default = app23;
 // server/routes/admin/files.ts
-import { createReadStream as createReadStream3 } from "fs";
+import { createReadStream as createReadStream4 } from "fs";
 import { readdir as readdir2, readFile as readFile4, stat as stat4, mkdir as mkdir3, writeFile as writeFile4, unlink as unlink2 } from "fs/promises";
 import { realpathSync as realpathSync4 } from "fs";
-import { basename as basename6, dirname as dirname10, join as join11, resolve as resolve26, sep as sep2 } from "path";
+import { basename as basename6, dirname as dirname10, join as join12, resolve as resolve27, sep as sep2 } from "path";
 import { Readable as Readable3 } from "stream";
 // app/lib/data-path.ts
 import { realpathSync as realpathSync3 } from "fs";
-import { resolve as resolve25, normalize, sep, relative } from "path";
-var PLATFORM_ROOT9 = process.env.MAXY_PLATFORM_ROOT ?? resolve25(process.cwd(), "../platform");
-var DATA_ROOT = resolve25(PLATFORM_ROOT9, "..", "data");
+import { resolve as resolve26, normalize, sep, relative } from "path";
+var PLATFORM_ROOT9 = process.env.MAXY_PLATFORM_ROOT ?? resolve26(process.cwd(), "../platform");
+var DATA_ROOT = resolve26(PLATFORM_ROOT9, "..", "data");
 function resolveDataPath(raw2) {
   const cleaned = normalize("/" + (raw2 ?? "").replace(/\\/g, "/")).replace(/^\/+/, "");
-  const absolute = resolve25(DATA_ROOT, cleaned);
+  const absolute = resolve26(DATA_ROOT, cleaned);
   let dataRootReal;
   try {
     dataRootReal = realpathSync3(DATA_ROOT);
@@ -19653,7 +19981,7 @@ async function cascadeDeleteDocument(params) {
 var UUID_RE3 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 async function readMeta(absDir, baseName) {
   try {
-    const raw2 = await readFile4(join11(absDir, `${baseName}.meta.json`), "utf8");
+    const raw2 = await readFile4(join12(absDir, `${baseName}.meta.json`), "utf8");
     const parsed = JSON.parse(raw2);
     if (typeof parsed?.filename === "string") {
       return { filename: parsed.filename, mimeType: typeof parsed.mimeType === "string" ? parsed.mimeType : void 0 };
@@ -19664,7 +19992,7 @@ async function readMeta(absDir, baseName) {
 }
 async function readAccountNames() {
   const map = /* @__PURE__ */ new Map();
-  const accountsDir = resolve26(DATA_ROOT, "accounts");
+  const accountsDir = resolve27(DATA_ROOT, "accounts");
   let names;
   try {
     names = await readdir2(accountsDir);
@@ -19673,7 +20001,7 @@ async function readAccountNames() {
   }
   for (const name of names) {
     if (!UUID_RE3.test(name)) continue;
-    const configPath2 = resolve26(accountsDir, name, "account.json");
+    const configPath2 = resolve27(accountsDir, name, "account.json");
     try {
       const raw2 = await readFile4(configPath2, "utf8");
       const parsed = JSON.parse(raw2);
@@ -19691,7 +20019,7 @@ async function readAccountNames() {
 }
 async function enrich(absolute, entry, accountNames) {
   if (entry.kind === "directory" && UUID_RE3.test(entry.name)) {
-    const meta = await readMeta(join11(absolute, entry.name), entry.name);
+    const meta = await readMeta(join12(absolute, entry.name), entry.name);
     if (meta?.filename) {
       entry.displayName = meta.filename;
       entry.mimeType = meta.mimeType;
@@ -19750,7 +20078,7 @@ app24.get("/", requireAdminSession, async (c) => {
         continue;
       }
       try {
-        const entryPath = join11(absolute, name);
+        const entryPath = join12(absolute, name);
         const s = await stat4(entryPath);
         entries.push({
           name,
@@ -19807,7 +20135,7 @@ app24.get("/download", requireAdminSession, async (c) => {
     }
     const filename = basename6(absolute);
     const mimeType = detectMimeType(absolute);
-    const nodeStream = createReadStream3(absolute);
+    const nodeStream = createReadStream4(absolute);
     const webStream = Readable3.toWeb(nodeStream);
     console.error(`[data] file-download path="${relPath}" size=${info.size}`);
     const safeQuotedName = filename.replace(/[\r\n"\\]/g, "_");
@@ -19864,8 +20192,8 @@ app24.post("/upload", requireAdminSession, async (c) => {
   }
   const safeName = basename6(file.name).replace(/[\0/\\]/g, "_");
   const finalName = `${Date.now()}-${safeName}`;
-  const destDir = resolve26(DATA_ROOT, "uploads", accountId);
-  const destPath = resolve26(destDir, finalName);
+  const destDir = resolve27(DATA_ROOT, "uploads", accountId);
+  const destPath = resolve27(destDir, finalName);
   try {
     await mkdir3(destDir, { recursive: true });
     const dataRootReal = realpathSync4(DATA_ROOT);
@@ -19923,7 +20251,7 @@ app24.delete("/", requireAdminSession, async (c) => {
     }
     const dot = base.lastIndexOf(".");
     const stem = dot === -1 ? base : base.slice(0, dot);
-    const sidecarPath = UUID_RE3.test(stem) && base !== `${stem}.meta.json` ? join11(dirname10(absolute), `${stem}.meta.json`) : null;
+    const sidecarPath = UUID_RE3.test(stem) && base !== `${stem}.meta.json` ? join12(dirname10(absolute), `${stem}.meta.json`) : null;
     await unlink2(absolute);
     if (sidecarPath) {
       try {
@@ -20200,7 +20528,8 @@ async function handleDefault(c, accountId) {
       );
     }
     const warnedClasses = /* @__PURE__ */ new Set();
-    const nodes = result.rawNodes.map((n) => pruneNode(n, warnedClasses));
+    const conversationWarnings = { loggedMissingMessageCount: false };
+    const nodes = result.rawNodes.map((n) => pruneNode(n, warnedClasses, conversationWarnings));
     const edges = result.rawEdges.filter((e) => e && e.id != null);
     const trashedSuffix = includeTrashed ? " includeTrashed=1" : "";
     console.error(
@@ -20244,7 +20573,8 @@ async function handleNeighbourhood(c, accountId) {
       return c.json({ error: "Node not found" }, 404);
     }
     const warnedClasses = /* @__PURE__ */ new Set();
-    const nodes = rawNodes.map((n) => pruneNode(n, warnedClasses));
+    const conversationWarnings = { loggedMissingMessageCount: false };
+    const nodes = rawNodes.map((n) => pruneNode(n, warnedClasses, conversationWarnings));
     const edges = rawEdges.filter((e) => e && e.id != null);
     console.error(
       `[graph-page] load mode=neighbourhood account=${accountId} elementId=${elementId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
@@ -20270,6 +20600,11 @@ var DEFAULT_COUNT_CYPHER = `
     AND n.deletedAt IS NULL
   RETURN count(n) AS matched
 `;
+var CONVERSATION_PROPS_PROJECTION = `CASE
+           WHEN 'Conversation' IN labels(x)
+           THEN properties(x) + {messageCount: size([(x)<-[:PART_OF]-(m:Message) WHERE NOT m:Trashed AND m.deletedAt IS NULL | m])}
+           ELSE properties(x)
+         END`;
 var DEFAULT_FETCH_CYPHER = `
   MATCH (n)
   WHERE n.accountId = $accountId
@@ -20288,7 +20623,7 @@ var DEFAULT_FETCH_CYPHER = `
          type: type(r)
        } END) AS rawEdges
   RETURN
-    [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [x IN nodes | {id: elementId(x), labels: labels(x), properties: ${CONVERSATION_PROPS_PROJECTION}}] AS nodes,
     [e IN rawEdges WHERE e IS NOT NULL] AS edges
 `;
 var DEFAULT_COUNT_CYPHER_INCLUDE_TRASHED = `
@@ -20315,7 +20650,7 @@ var DEFAULT_FETCH_CYPHER_INCLUDE_TRASHED = `
          type: type(r)
        } END) AS rawEdges
   RETURN
-    [x IN nodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [x IN nodes | {id: elementId(x), labels: labels(x), properties: ${CONVERSATION_PROPS_PROJECTION}}] AS nodes,
     [e IN rawEdges WHERE e IS NOT NULL] AS edges
 `;
 var NEIGHBOURHOOD_CYPHER = `
@@ -20342,7 +20677,7 @@ var NEIGHBOURHOOD_CYPHER = `
          type: type(r)
        } END) AS rawEdges
   RETURN
-    [x IN windowNodes | {id: elementId(x), labels: labels(x), properties: properties(x)}] AS nodes,
+    [x IN windowNodes | {id: elementId(x), labels: labels(x), properties: ${CONVERSATION_PROPS_PROJECTION}}] AS nodes,
     [e IN rawEdges WHERE e IS NOT NULL] AS edges
 `;
 var KNOWN_DRIVER_CLASS_NAMES = /* @__PURE__ */ new Set([
@@ -20384,7 +20719,7 @@ function convertNeo4jValue(value, warnedClasses) {
   }
   return value;
 }
-function pruneNode(node, warnedClasses) {
+function pruneNode(node, warnedClasses, conversationWarnings) {
   const properties = {};
   for (const [key, value] of Object.entries(node.properties ?? {})) {
     if (STRIPPED_PROPERTIES.has(key)) continue;
@@ -20392,6 +20727,12 @@ function pruneNode(node, warnedClasses) {
   }
   const trashed = (node.labels ?? []).includes("Trashed");
   const labels = (node.labels ?? []).filter((l) => l !== "Trashed");
+  if (labels.includes("Conversation") && typeof properties.messageCount !== "number" && !conversationWarnings.loggedMissingMessageCount) {
+    console.error(
+      `[graph-subgraph] conversation-message-count missing elementId=${node.id} labels=${labels.join(",")}`
+    );
+    conversationWarnings.loggedMissingMessageCount = true;
+  }
   return trashed ? { id: node.id, labels, properties, trashed: true } : { id: node.id, labels, properties };
 }
 var graph_subgraph_default = app26;
@@ -20781,43 +21122,274 @@ app32.get("/", requireAdminSession, async (c) => {
 });
 var adherence_default = app32;
-// server/routes/admin/index.ts
+// server/routes/admin/actions/run.ts
 var app33 = new Hono2();
-app33.route("/session", session_default2);
-app33.route("/chat", chat_default2);
-app33.route("/compact", compact_default);
-app33.route("/logs", logs_default);
-app33.route("/claude-info", claude_info_default);
-app33.route("/attachment", attachment_default);
-app33.route("/account", account_default);
-app33.route("/agents", agents_default);
-app33.route("/version", version_default);
-app33.route("/sessions", sessions_default);
-app33.route("/browser", browser_default);
-app33.route("/device-browser", device_browser_default);
-app33.route("/events", events_default);
-app33.route("/cloudflare", cloudflare_default);
-app33.route("/files", files_default);
-app33.route("/graph-search", graph_search_default);
-app33.route("/graph-subgraph", graph_subgraph_default);
-app33.route("/graph-delete", graph_delete_default);
-app33.route("/graph-restore", graph_restore_default);
-app33.route("/graph-labels-in-graph", graph_labels_in_graph_default);
-app33.route("/graph-default-view", graph_default_view_default);
-app33.route("/file-attach", file_attach_default);
-app33.route("/adherence", adherence_default);
-var admin_default = app33;
+app33.post("/:name", requireAdminSession, async (c) => {
+  const name = c.req.param("name");
+  if (!isKnownAction(name)) {
+    return c.json({ error: `unknown action: ${name}` }, 400);
+  }
+  const actionName = name;
+  if (await isActionActive(actionName)) {
+    return c.json({ error: `action ${actionName} is already running`, code: "already-active" }, 409);
+  }
+  let body = {};
+  try {
+    body = await c.req.json();
+  } catch {
+  }
+  const launchArgs = {};
+  if (Array.isArray(body.positional)) {
+    if (!body.positional.every((x) => typeof x === "string")) {
+      return c.json({ error: "positional args must be strings" }, 400);
+    }
+    launchArgs.positional = body.positional;
+  }
+  if (typeof body.sudoPassword === "string" && body.sudoPassword) {
+    launchArgs.sudoPassword = body.sudoPassword;
+  }
+  try {
+    const result = await launchAction(actionName, launchArgs);
+    return c.json({ ok: true, actionId: result.actionId, unit: result.unit, logPath: result.logPath });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/actions/run] launch failed action=${actionName}: ${message}`);
+    return c.json({ error: `launch failed: ${message}` }, 500);
+  }
+});
+var run_default = app33;
+// node_modules/hono/dist/utils/stream.js
+var StreamingApi = class {
+  writer;
+  encoder;
+  writable;
+  abortSubscribers = [];
+  responseReadable;
+  /**
+   * Whether the stream has been aborted.
+   */
+  aborted = false;
+  /**
+   * Whether the stream has been closed normally.
+   */
+  closed = false;
+  constructor(writable, _readable) {
+    this.writable = writable;
+    this.writer = writable.getWriter();
+    this.encoder = new TextEncoder();
+    const reader = _readable.getReader();
+    this.abortSubscribers.push(async () => {
+      await reader.cancel();
+    });
+    this.responseReadable = new ReadableStream({
+      async pull(controller) {
+        const { done, value } = await reader.read();
+        done ? controller.close() : controller.enqueue(value);
+      },
+      cancel: () => {
+        this.abort();
+      }
+    });
+  }
+  async write(input) {
+    try {
+      if (typeof input === "string") {
+        input = this.encoder.encode(input);
+      }
+      await this.writer.write(input);
+    } catch {
+    }
+    return this;
+  }
+  async writeln(input) {
+    await this.write(input + "\n");
+    return this;
+  }
+  sleep(ms) {
+    return new Promise((res) => setTimeout(res, ms));
+  }
+  async close() {
+    try {
+      await this.writer.close();
+    } catch {
+    }
+    this.closed = true;
+  }
+  async pipe(body) {
+    this.writer.releaseLock();
+    await body.pipeTo(this.writable, { preventClose: true });
+    this.writer = this.writable.getWriter();
+  }
+  onAbort(listener) {
+    this.abortSubscribers.push(listener);
+  }
+  /**
+   * Abort the stream.
+   * You can call this method when stream is aborted by external event.
+   */
+  abort() {
+    if (!this.aborted) {
+      this.aborted = true;
+      this.abortSubscribers.forEach((subscriber) => subscriber());
+    }
+  }
+};
+// node_modules/hono/dist/helper/streaming/utils.js
+var isOldBunVersion = () => {
+  const version = typeof Bun !== "undefined" ? Bun.version : void 0;
+  if (version === void 0) {
+    return false;
+  }
+  const result = version.startsWith("1.1") || version.startsWith("1.0") || version.startsWith("0.");
+  isOldBunVersion = () => result;
+  return result;
+};
+// node_modules/hono/dist/helper/streaming/stream.js
+var contextStash = /* @__PURE__ */ new WeakMap();
+var stream = (c, cb, onError) => {
+  const { readable, writable } = new TransformStream();
+  const stream2 = new StreamingApi(writable, readable);
+  if (isOldBunVersion()) {
+    c.req.raw.signal.addEventListener("abort", () => {
+      if (!stream2.closed) {
+        stream2.abort();
+      }
+    });
+  }
+  contextStash.set(stream2.responseReadable, c);
+  (async () => {
+    try {
+      await cb(stream2);
+    } catch (e) {
+      if (e === void 0) {
+      } else if (e instanceof Error && onError) {
+        await onError(e, stream2);
+      } else {
+        console.error(e);
+      }
+    } finally {
+      stream2.close();
+    }
+  })();
+  return c.newResponse(stream2.responseReadable);
+};
+// server/routes/admin/actions/stream.ts
+import { existsSync as existsSync24 } from "fs";
+var app34 = new Hono2();
+var ACTION_ID_RE = /^[a-z0-9-]+-[a-z0-9]+-[a-f0-9]{8}$/;
+app34.get("/:id/stream", requireAdminSession, async (c) => {
+  const id = c.req.param("id");
+  if (!ACTION_ID_RE.test(id)) {
+    return c.json({ error: "invalid action id" }, 400);
+  }
+  const logPath2 = actionLogPath(id);
+  if (!existsSync24(logPath2)) {
+    return c.json({ error: "action not found (log missing)" }, 404);
+  }
+  const lastEventId = c.req.header("Last-Event-ID") ?? c.req.query("from") ?? "";
+  const fromByteOffset = lastEventId ? Math.max(0, Number(lastEventId) || 0) : 0;
+  const unit = `maxy-action-${id}`;
+  const abort = new AbortController();
+  c.req.raw.signal.addEventListener("abort", () => abort.abort());
+  return stream(c, async (s) => {
+    s.onAbort(() => abort.abort());
+    c.header("Content-Type", "text/event-stream");
+    c.header("Cache-Control", "no-cache, no-transform");
+    c.header("Connection", "keep-alive");
+    await s.write(": ok\n\n");
+    try {
+      for await (const ev of streamActionEvents({ actionId: id, unit, fromByteOffset, signal: abort.signal })) {
+        const id_ = ev.type === "line" ? String(ev.byteOffset) : "";
+        const payload = JSON.stringify(ev);
+        const frame = `${id_ ? `id: ${id_}
+` : ""}event: ${ev.type}
+data: ${payload}
+`;
+        await s.write(frame);
+      }
+    } catch (err) {
+      console.error(`[admin/actions/stream] action=${id} error: ${err instanceof Error ? err.message : err}`);
+    }
+  });
+});
+var stream_default = app34;
+// server/routes/admin/actions/sudo-prime.ts
+var app35 = new Hono2();
+app35.post("/", requireAdminSession, async (c) => {
+  let body = {};
+  try {
+    body = await c.req.json();
+  } catch {
+  }
+  if (typeof body.password !== "string" || !body.password) {
+    return c.json({ error: "password required" }, 400);
+  }
+  const clientIp = c.var.clientIp ?? "unknown";
+  const result = await primeSudo(body.password, clientIp);
+  switch (result) {
+    case "ok":
+      return c.body(null, 204);
+    case "invalid":
+      return c.json({ error: "invalid password" }, 401);
+    case "limited":
+      return c.json({ error: "too many attempts; wait a minute" }, 429);
+    case "error":
+      return c.json({ error: "sudo prime failed \u2014 check server logs" }, 500);
+  }
+});
+var sudo_prime_default = app35;
+// server/routes/admin/actions/index.ts
+var app36 = new Hono2();
+app36.route("/sudo-prime", sudo_prime_default);
+app36.route("/", stream_default);
+app36.route("/", run_default);
+var actions_default = app36;
+// server/routes/admin/index.ts
+var app37 = new Hono2();
+app37.route("/session", session_default2);
+app37.route("/chat", chat_default2);
+app37.route("/compact", compact_default);
+app37.route("/logs", logs_default);
+app37.route("/claude-info", claude_info_default);
+app37.route("/attachment", attachment_default);
+app37.route("/account", account_default);
+app37.route("/agents", agents_default);
+app37.route("/version", version_default);
+app37.route("/sessions", sessions_default);
+app37.route("/browser", browser_default);
+app37.route("/device-browser", device_browser_default);
+app37.route("/events", events_default);
+app37.route("/cloudflare", cloudflare_default);
+app37.route("/files", files_default);
+app37.route("/graph-search", graph_search_default);
+app37.route("/graph-subgraph", graph_subgraph_default);
+app37.route("/graph-delete", graph_delete_default);
+app37.route("/graph-restore", graph_restore_default);
+app37.route("/graph-labels-in-graph", graph_labels_in_graph_default);
+app37.route("/graph-default-view", graph_default_view_default);
+app37.route("/file-attach", file_attach_default);
+app37.route("/adherence", adherence_default);
+app37.route("/actions", actions_default);
+var admin_default = app37;
 // server/index.ts
 var PLATFORM_ROOT10 = process.env.MAXY_PLATFORM_ROOT || "";
-var BRAND_JSON_PATH = PLATFORM_ROOT10 ? join12(PLATFORM_ROOT10, "config", "brand.json") : "";
+var BRAND_JSON_PATH = PLATFORM_ROOT10 ? join13(PLATFORM_ROOT10, "config", "brand.json") : "";
 var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", domain: "getmaxy.com" };
-if (BRAND_JSON_PATH && !existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && !existsSync25(BRAND_JSON_PATH)) {
   console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
 }
-if (BRAND_JSON_PATH && existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
   try {
-    const parsed = JSON.parse(readFileSync25(BRAND_JSON_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync26(BRAND_JSON_PATH, "utf-8"));
     BRAND = { ...BRAND, ...parsed };
   } catch (err) {
     console.error(`[brand] Failed to parse brand.json: ${err.message}`);
@@ -20836,11 +21408,11 @@ var brandLoginOpts = {
   bodyFont: BRAND.defaultFonts?.body,
   logoContainsName: !!BRAND.logoContainsName
 };
-var ALIAS_DOMAINS_PATH2 = join12(homedir4(), BRAND.configDir, "alias-domains.json");
+var ALIAS_DOMAINS_PATH2 = join13(homedir5(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync23(ALIAS_DOMAINS_PATH2)) return null;
-    const parsed = JSON.parse(readFileSync25(ALIAS_DOMAINS_PATH2, "utf-8"));
+    if (!existsSync25(ALIAS_DOMAINS_PATH2)) return null;
+    const parsed = JSON.parse(readFileSync26(ALIAS_DOMAINS_PATH2, "utf-8"));
     if (!Array.isArray(parsed)) {
       console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
       return null;
@@ -20864,9 +21436,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app34 = new Hono2();
-app34.use("*", clientIpMiddleware);
-app34.use("*", async (c, next) => {
+var app38 = new Hono2();
+app38.use("*", clientIpMiddleware);
+app38.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -20889,7 +21461,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app34.use("*", async (c, next) => {
+app38.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -20929,7 +21501,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app34.post("/__remote-auth/login", async (c) => {
+app38.post("/__remote-auth/login", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -20965,7 +21537,7 @@ app34.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app34.get("/__remote-auth/logout", () => {
+app38.get("/__remote-auth/logout", () => {
   return new Response(null, {
     status: 302,
     headers: {
@@ -20975,7 +21547,7 @@ app34.get("/__remote-auth/logout", () => {
     }
   });
 });
-app34.post("/__remote-auth/change-password", async (c) => {
+app38.post("/__remote-auth/change-password", async (c) => {
   const clientIp = c.var.clientIp || "unknown";
   const rateLimited = checkRateLimit(clientIp);
   if (rateLimited) {
@@ -21024,13 +21596,13 @@ app34.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app34.get("/__remote-auth/setup", (c) => {
+app38.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app34.post("/__remote-auth/set-initial-password", async (c) => {
+app38.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -21066,10 +21638,10 @@ app34.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app34.get("/api/remote-auth/status", (c) => {
+app38.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app34.post("/api/remote-auth/set-password", async (c) => {
+app38.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -21099,9 +21671,9 @@ app34.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app34.route("/api/_client-error", client_error_default);
+app38.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app34.use("*", async (c, next) => {
+app38.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -21131,15 +21703,15 @@ app34.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app34.route("/api/health", health_default);
-app34.route("/api/session", session_default);
-app34.route("/api/chat", chat_default);
-app34.route("/api/group", group_default);
-app34.route("/api/access", access_default);
-app34.route("/api/telegram", telegram_default);
-app34.route("/api/whatsapp", whatsapp_default);
-app34.route("/api/onboarding", onboarding_default);
-app34.route("/api/admin", admin_default);
+app38.route("/api/health", health_default);
+app38.route("/api/session", session_default);
+app38.route("/api/chat", chat_default);
+app38.route("/api/group", group_default);
+app38.route("/api/access", access_default);
+app38.route("/api/telegram", telegram_default);
+app38.route("/api/whatsapp", whatsapp_default);
+app38.route("/api/onboarding", onboarding_default);
+app38.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -21151,7 +21723,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app34.get("/agent-assets/:slug/:filename", (c) => {
+app38.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -21167,26 +21739,26 @@ app34.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] no-account slug=${slug} file=${filename}`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve27(account.accountDir, "agents", slug, "assets", filename);
-  const expectedDir = resolve27(account.accountDir, "agents", slug, "assets");
+  const filePath = resolve28(account.accountDir, "agents", slug, "assets", filename);
+  const expectedDir = resolve28(account.accountDir, "agents", slug, "assets");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync23(filePath)) {
+  if (!existsSync25(filePath)) {
     console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[agent-assets] serve slug=${slug} file=${filename} status=200`);
-  const body = readFileSync25(filePath);
+  const body = readFileSync26(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=3600"
   });
 });
-app34.get("/generated/:filename", (c) => {
+app38.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -21197,20 +21769,20 @@ app34.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve27(account.accountDir, "generated", filename);
-  const expectedDir = resolve27(account.accountDir, "generated");
+  const filePath = resolve28(account.accountDir, "generated", filename);
+  const expectedDir = resolve28(account.accountDir, "generated");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync23(filePath)) {
+  if (!existsSync25(filePath)) {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[generated] serve file=${filename} status=200`);
-  const body = readFileSync25(filePath);
+  const body = readFileSync26(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=86400"
@@ -21219,9 +21791,9 @@ app34.get("/generated/:filename", (c) => {
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
-if (BRAND_JSON_PATH && existsSync23(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
   try {
-    const fullBrand = JSON.parse(readFileSync25(BRAND_JSON_PATH, "utf-8"));
+    const fullBrand = JSON.parse(readFileSync26(BRAND_JSON_PATH, "utf-8"));
     if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
     brandIconPath = fullBrand.assets?.icon ? `/brand/${fullBrand.assets.icon}` : brandLogoPath;
   } catch {
@@ -21238,9 +21810,9 @@ var brandScript = `<script>window.__BRAND__=${JSON.stringify({
 function readInstalledVersion() {
   try {
     if (!PLATFORM_ROOT10) return "unknown";
-    const versionFile = join12(PLATFORM_ROOT10, "config", `.${BRAND.hostname}-version`);
-    if (!existsSync23(versionFile)) return "unknown";
-    const content = readFileSync25(versionFile, "utf-8").trim();
+    const versionFile = join13(PLATFORM_ROOT10, "config", `.${BRAND.hostname}-version`);
+    if (!existsSync25(versionFile)) return "unknown";
+    const content = readFileSync26(versionFile, "utf-8").trim();
     return content || "unknown";
   } catch {
     return "unknown";
@@ -21281,7 +21853,7 @@ var clientErrorReporterScript = `<script>
 function cachedHtml(file) {
   let html = htmlCache.get(file);
   if (!html) {
-    html = readFileSync25(resolve27(process.cwd(), "public", file), "utf-8");
+    html = readFileSync26(resolve28(process.cwd(), "public", file), "utf-8");
     html = html.replace("<title>Maxy</title>", `<title>${escapeHtml(BRAND.productName)}</title>`);
     html = html.replace('href="/favicon.ico"', `href="${escapeHtml(brandFaviconPath)}"`);
     const headInjection = file === "index.html" ? `${brandScript}
@@ -21296,26 +21868,26 @@ ${clientErrorReporterScript}
 }
 var brandedHtmlCache = /* @__PURE__ */ new Map();
 function loadBrandingCache(agentSlug) {
-  const configDir2 = join12(homedir4(), BRAND.configDir);
+  const configDir2 = join13(homedir5(), BRAND.configDir);
   try {
-    const accountJsonPath = join12(configDir2, "account.json");
-    if (!existsSync23(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync25(accountJsonPath, "utf-8"));
+    const accountJsonPath = join13(configDir2, "account.json");
+    if (!existsSync25(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync26(accountJsonPath, "utf-8"));
     const accountId = account.accountId;
     if (!accountId) return null;
-    const cachePath = join12(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
-    if (!existsSync23(cachePath)) return null;
-    return JSON.parse(readFileSync25(cachePath, "utf-8"));
+    const cachePath = join13(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
+    if (!existsSync25(cachePath)) return null;
+    return JSON.parse(readFileSync26(cachePath, "utf-8"));
   } catch {
     return null;
   }
 }
 function resolveDefaultSlug() {
   try {
-    const configDir2 = join12(homedir4(), BRAND.configDir);
-    const accountJsonPath = join12(configDir2, "account.json");
-    if (!existsSync23(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync25(accountJsonPath, "utf-8"));
+    const configDir2 = join13(homedir5(), BRAND.configDir);
+    const accountJsonPath = join13(configDir2, "account.json");
+    if (!existsSync25(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync26(accountJsonPath, "utf-8"));
     return account.defaultAgent || null;
   } catch {
     return null;
@@ -21351,7 +21923,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app34.get("/", (c) => {
+app38.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -21359,12 +21931,12 @@ app34.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app34.get("/public", (c) => {
+app38.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app34.get("/chat", (c) => {
+app38.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -21383,12 +21955,12 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app34.use("/vnc-viewer.html", logViewerFetch);
-app34.use("/vnc-popout.html", logViewerFetch);
-app34.get("/vnc-popout.html", (c) => {
+app38.use("/vnc-viewer.html", logViewerFetch);
+app38.use("/vnc-popout.html", logViewerFetch);
+app38.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
-    html = readFileSync25(resolve27(process.cwd(), "public", "vnc-popout.html"), "utf-8");
+    html = readFileSync26(resolve28(process.cwd(), "public", "vnc-popout.html"), "utf-8");
     const name = escapeHtml(BRAND.productName);
     html = html.replace("<title>Browser \u2014 Maxy</title>", `<title>${name}</title>`);
     html = html.replace("</head>", `  ${brandScript}
@@ -21398,7 +21970,7 @@ app34.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app34.post("/api/vnc/client-event", async (c) => {
+app38.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -21419,20 +21991,20 @@ app34.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app34.get("/g/:slug", (c) => {
+app38.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app34.get("/graph", (c) => {
+app38.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app34.get("/data", (c) => {
+app38.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app34.get("/:slug", async (c, next) => {
+app38.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -21441,10 +22013,10 @@ app34.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app34.use("/*", serveStatic({ root: "./public" }));
+app38.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app34.fetch, port, hostname });
+var httpServer = serve({ fetch: app38.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 var SUBAPP_MANIFEST = [
   { prefix: "/api/health", file: "server/routes/health.ts", subapp: health_default },
@@ -21464,7 +22036,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app34.routes ?? []) {
+  for (const r of app38.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -21478,8 +22050,8 @@ try {
 (async () => {
   try {
     let userId = "";
-    if (existsSync23(USERS_FILE)) {
-      const users = JSON.parse(readFileSync25(USERS_FILE, "utf-8").trim() || "[]");
+    if (existsSync25(USERS_FILE)) {
+      const users = JSON.parse(readFileSync26(USERS_FILE, "utf-8").trim() || "[]");
       userId = users[0]?.userId ?? "";
     }
     await backfillNullUserIdConversations(userId);
@@ -21505,7 +22077,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve27(process.env.MAXY_PLATFORM_ROOT ?? join12(__dirname, "..")),
+  platformRoot: resolve28(process.env.MAXY_PLATFORM_ROOT ?? join13(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {