@rubytech/create-realagent 1.0.686 → 1.0.688

package/payload/server/maxy-edge.js

@@ -1,18 +1,29 @@
 import {
+  Hono,
+  LOG_DIR,
+  actionLogPath,
   canAccessAdmin,
+  clientIpMiddleware,
   describeRemoteSession,
+  getRequestListener,
+  isActionActive,
+  isKnownAction,
+  launchAction,
   newCorrId,
   parseCookieValue,
+  primeSudo,
+  requireAdminCookie,
   sanitizeClientCorrId,
+  streamActionEvents,
   vncLog
-} from "./chunk-3RBKKDHC.js";
+} from "./chunk-ZL2A4ROK.js";
 
 // server/edge.ts
 import { createServer, request as httpRequest } from "http";
 import { createConnection as createConnection2 } from "net";
-import { readFileSync, existsSync, watchFile } from "fs";
+import { readFileSync as readFileSync3, existsSync as existsSync4, watchFile } from "fs";
 import { homedir } from "os";
-import { join } from "path";
+import { join as join3 } from "path";
 
 // server/ws-proxy.ts
 import { createConnection } from "net";
@@ -275,23 +286,402 @@ Content-Length: 0\r
   socket.destroy();
 }
 
+// server/routes/admin/actions/run.ts
+var app = new Hono();
+app.post("/:name", async (c) => {
+  const name = c.req.param("name");
+  if (!isKnownAction(name)) {
+    return c.json({ error: `unknown action: ${name}` }, 400);
+  }
+  const actionName = name;
+  if (await isActionActive(actionName)) {
+    return c.json({ error: `action ${actionName} is already running`, code: "already-active" }, 409);
+  }
+  let body = {};
+  try {
+    body = await c.req.json();
+  } catch {
+  }
+  const launchArgs = {};
+  if (Array.isArray(body.positional)) {
+    if (!body.positional.every((x) => typeof x === "string")) {
+      return c.json({ error: "positional args must be strings" }, 400);
+    }
+    launchArgs.positional = body.positional;
+  }
+  if (typeof body.sudoPassword === "string" && body.sudoPassword) {
+    launchArgs.sudoPassword = body.sudoPassword;
+  }
+  try {
+    const result = await launchAction(actionName, launchArgs);
+    return c.json({ ok: true, actionId: result.actionId, unit: result.unit, logPath: result.logPath });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    console.error(`[admin/actions/run] launch failed action=${actionName}: ${message}`);
+    return c.json({ error: `launch failed: ${message}` }, 500);
+  }
+});
+var run_default = app;
+
+// node_modules/hono/dist/utils/stream.js
+var StreamingApi = class {
+  writer;
+  encoder;
+  writable;
+  abortSubscribers = [];
+  responseReadable;
+  /**
+   * Whether the stream has been aborted.
+   */
+  aborted = false;
+  /**
+   * Whether the stream has been closed normally.
+   */
+  closed = false;
+  constructor(writable, _readable) {
+    this.writable = writable;
+    this.writer = writable.getWriter();
+    this.encoder = new TextEncoder();
+    const reader = _readable.getReader();
+    this.abortSubscribers.push(async () => {
+      await reader.cancel();
+    });
+    this.responseReadable = new ReadableStream({
+      async pull(controller) {
+        const { done, value } = await reader.read();
+        done ? controller.close() : controller.enqueue(value);
+      },
+      cancel: () => {
+        this.abort();
+      }
+    });
+  }
+  async write(input) {
+    try {
+      if (typeof input === "string") {
+        input = this.encoder.encode(input);
+      }
+      await this.writer.write(input);
+    } catch {
+    }
+    return this;
+  }
+  async writeln(input) {
+    await this.write(input + "\n");
+    return this;
+  }
+  sleep(ms) {
+    return new Promise((res) => setTimeout(res, ms));
+  }
+  async close() {
+    try {
+      await this.writer.close();
+    } catch {
+    }
+    this.closed = true;
+  }
+  async pipe(body) {
+    this.writer.releaseLock();
+    await body.pipeTo(this.writable, { preventClose: true });
+    this.writer = this.writable.getWriter();
+  }
+  onAbort(listener) {
+    this.abortSubscribers.push(listener);
+  }
+  /**
+   * Abort the stream.
+   * You can call this method when stream is aborted by external event.
+   */
+  abort() {
+    if (!this.aborted) {
+      this.aborted = true;
+      this.abortSubscribers.forEach((subscriber) => subscriber());
+    }
+  }
+};
+
+// node_modules/hono/dist/helper/streaming/utils.js
+var isOldBunVersion = () => {
+  const version = typeof Bun !== "undefined" ? Bun.version : void 0;
+  if (version === void 0) {
+    return false;
+  }
+  const result = version.startsWith("1.1") || version.startsWith("1.0") || version.startsWith("0.");
+  isOldBunVersion = () => result;
+  return result;
+};
+
+// node_modules/hono/dist/helper/streaming/stream.js
+var contextStash = /* @__PURE__ */ new WeakMap();
+var stream = (c, cb, onError) => {
+  const { readable, writable } = new TransformStream();
+  const stream2 = new StreamingApi(writable, readable);
+  if (isOldBunVersion()) {
+    c.req.raw.signal.addEventListener("abort", () => {
+      if (!stream2.closed) {
+        stream2.abort();
+      }
+    });
+  }
+  contextStash.set(stream2.responseReadable, c);
+  (async () => {
+    try {
+      await cb(stream2);
+    } catch (e) {
+      if (e === void 0) {
+      } else if (e instanceof Error && onError) {
+        await onError(e, stream2);
+      } else {
+        console.error(e);
+      }
+    } finally {
+      stream2.close();
+    }
+  })();
+  return c.newResponse(stream2.responseReadable);
+};
+
+// server/routes/admin/actions/stream.ts
+import { existsSync } from "fs";
+var app2 = new Hono();
+var ACTION_ID_RE = /^[a-z0-9-]+-[a-z0-9]+-[a-f0-9]{8}$/;
+app2.get("/:id/stream", async (c) => {
+  const id = c.req.param("id");
+  if (!ACTION_ID_RE.test(id)) {
+    return c.json({ error: "invalid action id" }, 400);
+  }
+  const logPath = actionLogPath(id);
+  if (!existsSync(logPath)) {
+    return c.json({ error: "action not found (log missing)" }, 404);
+  }
+  const lastEventId = c.req.header("Last-Event-ID") ?? c.req.query("from") ?? "";
+  const fromByteOffset = lastEventId ? Math.max(0, Number(lastEventId) || 0) : 0;
+  const unit = `maxy-action-${id}`;
+  const abort = new AbortController();
+  c.req.raw.signal.addEventListener("abort", () => abort.abort());
+  return stream(c, async (s) => {
+    s.onAbort(() => abort.abort());
+    c.header("Content-Type", "text/event-stream");
+    c.header("Cache-Control", "no-cache, no-transform");
+    c.header("Connection", "keep-alive");
+    await s.write(": ok\n\n");
+    try {
+      for await (const ev of streamActionEvents({ actionId: id, unit, fromByteOffset, signal: abort.signal })) {
+        const id_ = ev.type === "line" ? String(ev.byteOffset) : "";
+        const payload = JSON.stringify(ev);
+        const frame = `${id_ ? `id: ${id_}
+` : ""}event: ${ev.type}
+data: ${payload}
+
+`;
+        await s.write(frame);
+      }
+    } catch (err) {
+      console.error(`[admin/actions/stream] action=${id} error: ${err instanceof Error ? err.message : err}`);
+    }
+  });
+});
+var stream_default = app2;
+
+// server/routes/admin/actions/sudo-prime.ts
+var app3 = new Hono();
+app3.post("/", async (c) => {
+  let body = {};
+  try {
+    body = await c.req.json();
+  } catch {
+  }
+  if (typeof body.password !== "string" || !body.password) {
+    return c.json({ error: "password required" }, 400);
+  }
+  const clientIp = c.var.clientIp ?? "unknown";
+  const result = await primeSudo(body.password, clientIp);
+  switch (result) {
+    case "ok":
+      return c.body(null, 204);
+    case "invalid":
+      return c.json({ error: "invalid password" }, 401);
+    case "limited":
+      return c.json({ error: "too many attempts; wait a minute" }, 429);
+    case "error":
+      return c.json({ error: "sudo prime failed \u2014 check server logs" }, 500);
+  }
+});
+var sudo_prime_default = app3;
+
+// server/routes/admin/actions/index.ts
+var app4 = new Hono();
+app4.route("/sudo-prime", sudo_prime_default);
+app4.route("/", stream_default);
+app4.route("/", run_default);
+var actions_default = app4;
+
+// server/routes/admin/version.ts
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { resolve, join as join2 } from "path";
+
+// server/lib/client-error-count.ts
+import { existsSync as existsSync2, readFileSync, statSync, openSync, readSync, closeSync } from "fs";
+import { join } from "path";
+var CLIENT_ERRORS_LOG = join(LOG_DIR, "client-errors.log");
+var DAY_MS = 24 * 60 * 60 * 1e3;
+var TAIL_BYTES = 256 * 1024;
+function countClientErrors24h() {
+  if (!existsSync2(CLIENT_ERRORS_LOG)) return 0;
+  let tail;
+  try {
+    const size = statSync(CLIENT_ERRORS_LOG).size;
+    if (size <= TAIL_BYTES) {
+      tail = readFileSync(CLIENT_ERRORS_LOG, "utf-8");
+    } else {
+      const fd = openSync(CLIENT_ERRORS_LOG, "r");
+      try {
+        const buf = Buffer.alloc(TAIL_BYTES);
+        readSync(fd, buf, 0, TAIL_BYTES, size - TAIL_BYTES);
+        const text = buf.toString("utf-8");
+        const nl = text.indexOf("\n");
+        tail = nl === -1 ? "" : text.slice(nl + 1);
+      } finally {
+        closeSync(fd);
+      }
+    }
+  } catch (err) {
+    console.error(`[client-error-count] read failed: ${err instanceof Error ? err.message : String(err)}`);
+    return 0;
+  }
+  const cutoff = Date.now() - DAY_MS;
+  let count = 0;
+  for (const line of tail.split("\n")) {
+    if (!line) continue;
+    try {
+      const entry = JSON.parse(line);
+      if (typeof entry.ts !== "string") continue;
+      const ms = Date.parse(entry.ts);
+      if (Number.isFinite(ms) && ms >= cutoff) count++;
+    } catch {
+    }
+  }
+  return count;
+}
+
+// server/routes/admin/version.ts
+var PLATFORM_ROOT = process.env.MAXY_PLATFORM_ROOT ?? resolve(process.cwd(), "..");
+var brandHostname = "maxy";
+var brandNpmPackage = "@rubytech/create-maxy";
+var brandJsonPath = join2(PLATFORM_ROOT, "config", "brand.json");
+if (existsSync3(brandJsonPath)) {
+  try {
+    const brand = JSON.parse(readFileSync2(brandJsonPath, "utf-8"));
+    if (brand.hostname) brandHostname = brand.hostname;
+    if (brand.npm?.packageName) brandNpmPackage = brand.npm.packageName;
+  } catch {
+  }
+}
+var VERSION_FILE = resolve(PLATFORM_ROOT, `config/.${brandHostname}-version`);
+var NPM_PACKAGE = brandNpmPackage;
+var REGISTRY_URL = `https://registry.npmjs.org/${NPM_PACKAGE}/latest`;
+var FETCH_TIMEOUT_MS = 5e3;
+function readInstalled() {
+  if (!existsSync3(VERSION_FILE)) return "unknown";
+  const content = readFileSync2(VERSION_FILE, "utf-8").trim();
+  return content || "unknown";
+}
+async function fetchLatest() {
+  try {
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+    const res = await fetch(REGISTRY_URL, { signal: controller.signal });
+    clearTimeout(timer);
+    if (!res.ok) {
+      console.error(`[admin/version] npm registry returned ${res.status}`);
+      return null;
+    }
+    const data = await res.json();
+    const version = data?.version;
+    if (typeof version !== "string") {
+      console.error("[admin/version] npm registry response missing version field");
+      return null;
+    }
+    return version;
+  } catch (err) {
+    console.error(`[admin/version] npm registry fetch failed: ${err}`);
+    return null;
+  }
+}
+function isNewer(latest, installed) {
+  const parseSemver = (v) => v.replace(/^v/, "").split(".").map(Number);
+  const l = parseSemver(latest);
+  const i = parseSemver(installed);
+  for (let idx = 0; idx < 3; idx++) {
+    const lp = l[idx] ?? 0;
+    const ip = i[idx] ?? 0;
+    if (Number.isNaN(lp) || Number.isNaN(ip)) return false;
+    if (lp > ip) return true;
+    if (lp < ip) return false;
+  }
+  return false;
+}
+var app5 = new Hono();
+app5.get("/", async (c) => {
+  const installed = readInstalled();
+  const latest = await fetchLatest();
+  const updateAvailable = installed !== "unknown" && latest !== null && isNewer(latest, installed);
+  const outcome = installed === "unknown" ? "stale-version-file" : latest === null ? "fetch-failed" : "ok";
+  const clientErrors24h = countClientErrors24h();
+  console.log(
+    `[admin/version] outcome=${outcome} installed=${installed} latest=${latest ?? "null"} updateAvailable=${updateAvailable} clientErrors24h=${clientErrors24h}`
+  );
+  return c.json({ installed, latest, updateAvailable, clientErrors24h });
+});
+app5.post("/alert-surfaced", async (c) => {
+  let installed = "unknown";
+  let latest = null;
+  try {
+    const body = await c.req.json();
+    if (typeof body?.installed === "string") installed = body.installed;
+    if (typeof body?.latest === "string") latest = body.latest;
+  } catch (err) {
+    console.error(`[admin/version] alert-surfaced body parse failed: ${err}`);
+  }
+  console.log(`[admin/version] alert-surfaced installed=${installed} latest=${latest ?? "null"}`);
+  return c.json({ ok: true });
+});
+var version_default = app5;
+
+// server/edge-admin.ts
+function createEdgeAdminApp(opts) {
+  const app6 = new Hono();
+  app6.use("*", clientIpMiddleware);
+  app6.use("*", async (c, next) => {
+    const start = Date.now();
+    await next();
+    console.log(
+      `[edge-admin] method=${c.req.method} path=${c.req.path} status=${c.res.status} duration_ms=${Date.now() - start}`
+    );
+  });
+  app6.use("*", requireAdminCookie(opts.isPublicHost));
+  app6.route("/api/admin/actions", actions_default);
+  app6.route("/api/admin/version", version_default);
+  return app6;
+}
+
 // server/edge.ts
-var PLATFORM_ROOT = process.env.MAXY_PLATFORM_ROOT || "";
-var BRAND_JSON_PATH = PLATFORM_ROOT ? join(PLATFORM_ROOT, "config", "brand.json") : "";
+var PLATFORM_ROOT2 = process.env.MAXY_PLATFORM_ROOT || "";
+var BRAND_JSON_PATH = PLATFORM_ROOT2 ? join3(PLATFORM_ROOT2, "config", "brand.json") : "";
 var BRAND = { configDir: ".maxy" };
-if (BRAND_JSON_PATH && existsSync(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync4(BRAND_JSON_PATH)) {
   try {
-    const parsed = JSON.parse(readFileSync(BRAND_JSON_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync3(BRAND_JSON_PATH, "utf-8"));
     if (typeof parsed.configDir === "string") BRAND.configDir = parsed.configDir;
   } catch (err) {
     console.error(`[edge] brand.json parse error: ${err.message}`);
   }
 }
-var ALIAS_DOMAINS_PATH = join(homedir(), BRAND.configDir, "alias-domains.json");
+var ALIAS_DOMAINS_PATH = join3(homedir(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
-    const parsed = JSON.parse(readFileSync(ALIAS_DOMAINS_PATH, "utf-8"));
+    if (!existsSync4(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
+    const parsed = JSON.parse(readFileSync3(ALIAS_DOMAINS_PATH, "utf-8"));
     if (!Array.isArray(parsed)) return /* @__PURE__ */ new Set();
     return new Set(parsed.filter((h) => typeof h === "string"));
   } catch {
@@ -406,7 +796,18 @@ function forwardUpgrade(req, clientSocket, head) {
     teardown("upstream-timeout");
   });
 }
+var edgeAdminApp = createEdgeAdminApp({ isPublicHost });
+var edgeAdminHandler = getRequestListener(edgeAdminApp.fetch);
+function isEdgeAdminPath(url) {
+  const q = url.indexOf("?");
+  const pathname = q === -1 ? url : url.slice(0, q);
+  return pathname.startsWith("/api/admin/actions") || pathname.startsWith("/api/admin/version");
+}
 var server = createServer((req, res) => {
+  if (isEdgeAdminPath(req.url ?? "")) {
+    edgeAdminHandler(req, res);
+    return;
+  }
   forwardHttp(req, res);
 });
 server.keepAliveTimeout = parseInt(process.env.KEEP_ALIVE_TIMEOUT ?? "61000", 10);