@rubytech/create-realagent 1.0.794 → 1.0.797

package/payload/server/server.js

@@ -49,14 +49,12 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-3SQJW5Y5.js";
+} from "./chunk-KM23Y7SY.js";
 import {
   ACCOUNTS_DIR,
   GREETING_DIRECTIVE,
   HAIKU_MODEL,
   PLATFORM_ROOT,
-  __commonJS,
-  __toESM,
   agentLogStream,
   backfillNullUserIdConversations,
   bindVisitorToGroup,
@@ -103,6 +101,7 @@ import {
   resolveAgentConfig,
   resolveDefaultAgentSlug,
   resolveUserAccounts,
+  runBootMigrations,
   setAgentSessionId,
   setConversationIdForSession,
   setGroupContextForSession,
@@ -113,7 +112,11 @@ import {
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership,
   writeAdminUserAndPerson
-} from "./chunk-2N7XJW6Q.js";
+} from "./chunk-BURNRCKP.js";
+import {
+  __commonJS,
+  __toESM
+} from "./chunk-JSBRDJBE.js";
 
 // ../lib/graph-trash/dist/index.js
 var require_dist = __commonJS({
@@ -4726,7 +4729,7 @@ app2.post("/", async (c) => {
   }
   const cookieHeader = c.req.header("cookie");
   if (body.session_key && typeof body.session_key === "string") {
-    if (validateSession(body.session_key, "public")) {
+    if (validateSession(body.session_key, "public").ok) {
       const storedAgent = getAgentNameForSession(body.session_key);
       if (storedAgent && storedAgent !== agentSlug) {
         console.log(`[session] hot-resume agent mismatch: session=${body.session_key.slice(0, 8)}\u2026 has=${storedAgent} requested=${agentSlug} \u2014 creating new session`);
@@ -5414,7 +5417,7 @@ app3.post("/", async (c) => {
     if (!session_key) {
       return c.json({ error: "session_key required" }, 400);
     }
-    if (!validateSession(session_key, "public")) {
+    if (!validateSession(session_key, "public").ok) {
       return c.json({ error: "Invalid or expired session" }, 401);
     }
     const files = formData.getAll("attachments");
@@ -5483,7 +5486,7 @@ app3.post("/", async (c) => {
     if (!message) {
       return c.json({ error: "message required" }, 400);
     }
-    if (!validateSession(session_key, "public")) {
+    if (!validateSession(session_key, "public").ok) {
       return c.json({ error: "Invalid or expired session" }, 401);
     }
   }
@@ -5623,7 +5626,7 @@ app4.get("/messages", async (c) => {
   if (isNaN(sinceDate.getTime())) {
     return c.json({ error: "Invalid since parameter \u2014 expected ISO 8601" }, 400);
   }
-  if (!validateSession(sessionKey, "public")) {
+  if (!validateSession(sessionKey, "public").ok) {
     return c.json({ error: "Session expired" }, 401);
   }
   const groupSlug = getGroupSlugForSession(sessionKey);
@@ -6247,7 +6250,7 @@ app5.post("/create-credentials", async (c) => {
   const { session_key, password } = body;
   if (!session_key || typeof session_key !== "string") return c.json({ error: "session_key required" }, 400);
   if (!password || typeof password !== "string") return c.json({ error: "password required" }, 400);
-  if (!validateSession(session_key, "public")) {
+  if (!validateSession(session_key, "public").ok) {
     return c.json({ error: "Invalid or expired session" }, 401);
   }
   const grant = getGrantForSession(session_key);
@@ -7813,7 +7816,7 @@ async function createAdminSession(accountId, thinkingView, userId, userName, rol
 var app10 = new Hono();
 app10.get("/", async (c) => {
   const sessionKey = c.req.query("session_key");
-  if (!sessionKey || !validateSession(sessionKey, "admin")) {
+  if (!sessionKey || !validateSession(sessionKey, "admin").ok) {
     return c.json({ error: "Invalid or expired admin session" }, 401);
   }
   const accountId = getAccountIdForSession(sessionKey);
@@ -8210,7 +8213,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-CTMWNDMO.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-PV45NUTN.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -8661,10 +8664,15 @@ app13.get("/", async (c) => {
       const filePath = resolve13(dir, safe);
       searched.push(filePath);
       try {
-        const content = readFileSync12(filePath, "utf-8");
-        const headers = { "Content-Type": "text/plain; charset=utf-8" };
+        const buffer = readFileSync12(filePath);
+        const onDiskBytes = statSync7(filePath).size;
+        const headers = {
+          "Content-Type": "text/plain; charset=utf-8",
+          "Content-Length": String(buffer.byteLength)
+        };
         if (download) headers["Content-Disposition"] = `attachment; filename="${safe}"`;
-        return new Response(content, { headers });
+        console.info(`[stream-log-download] file=${safe} bytesServed=${buffer.byteLength} onDiskBytes=${onDiskBytes}`);
+        return new Response(buffer, { headers });
       } catch (err) {
         const reason = err instanceof Error ? err.message : String(err);
         console.debug(`[admin/logs] miss dir=${dir} name=${safe} reason=${reason}`);
@@ -8729,9 +8737,9 @@ app13.get("/", async (c) => {
       const hit = hits[0];
       console.info(`[admin/logs] resolved sessionKey=${sessionKeySlice} conversationId=${conversationIdSlice} shape=${hit.shape} stalePreflushCount=${stalePreflushCount}`);
       try {
-        const content = readFileSync12(hit.path, "utf-8");
         const filename = basename5(hit.path);
         if (stalePreflushCount > 0 && !download) {
+          const content = readFileSync12(hit.path, "utf-8");
           return c.json({
             log: content,
             filename,
@@ -8739,9 +8747,15 @@ app13.get("/", async (c) => {
             warnings: stalePreflushPaths.map((path2) => ({ kind: "stale-preflush", path: path2 }))
           });
         }
-        const headers = { "Content-Type": "text/plain; charset=utf-8" };
+        const buffer = readFileSync12(hit.path);
+        const onDiskBytes = statSync7(hit.path).size;
+        const headers = {
+          "Content-Type": "text/plain; charset=utf-8",
+          "Content-Length": String(buffer.byteLength)
+        };
         if (download) headers["Content-Disposition"] = `attachment; filename="${filename}"`;
-        return new Response(content, { headers });
+        console.info(`[stream-log-download] file=${filename} bytesServed=${buffer.byteLength} onDiskBytes=${onDiskBytes}`);
+        return new Response(buffer, { headers });
       } catch (err) {
         const reason2 = err instanceof Error ? err.message : String(err);
         console.warn(`[admin/logs] read-fail path=${hit.path} reason=${reason2}`);
@@ -11782,57 +11796,16 @@ app30.get("/", requireAdminSession, async (c) => {
 });
 var adherence_default = app30;
 
-// server/routes/admin/sidebar-projects.ts
-import neo4j3 from "neo4j-driver";
-var LIMIT = 50;
-var app31 = new Hono();
-app31.get("/", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
-  if (!accountId) {
-    return c.json({ error: "Account not found for session" }, 401);
-  }
-  const start = Date.now();
-  const session = getSession();
-  try {
-    const result = await session.run(
-      `MATCH (p:Project { accountId: $accountId })
-       WHERE NOT p:Trashed
-       RETURN p.taskId AS id, elementId(p) AS elementId, p.name AS name, p.updatedAt AS updatedAt
-       ORDER BY p.updatedAt DESC
-       LIMIT $limit`,
-      { accountId, limit: neo4j3.int(LIMIT) }
-    );
-    const projects = result.records.map((r) => ({
-      id: r.get("id"),
-      elementId: r.get("elementId"),
-      name: r.get("name") ?? "",
-      updatedAt: r.get("updatedAt") ?? ""
-    }));
-    const ms = Date.now() - start;
-    console.log(`[admin/sidebar-projects] account=${accountId} count=${projects.length} ms=${ms}`);
-    return c.json({ projects });
-  } catch (err) {
-    const ms = Date.now() - start;
-    const message = err instanceof Error ? err.message : String(err);
-    console.error(`[admin/sidebar-projects] account=${accountId} error="${message}" ms=${ms}`);
-    return c.json({ error: "Failed to load projects" }, 500);
-  } finally {
-    await session.close();
-  }
-});
-var sidebar_projects_default = app31;
-
 // server/routes/admin/sidebar-artefacts.ts
-import neo4j4 from "neo4j-driver";
+import neo4j3 from "neo4j-driver";
 import { readFile as readFile5, readdir as readdir3, stat as stat5 } from "fs/promises";
 import { resolve as resolve20, relative as relative2, isAbsolute } from "path";
 import { existsSync as existsSync19 } from "fs";
-var LIMIT2 = 50;
+var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
-var app32 = new Hono();
-app32.get("/", requireAdminSession, async (c) => {
+var app31 = new Hono();
+app31.get("/", requireAdminSession, async (c) => {
   const sessionKey = c.var.sessionKey;
   const accountId = getAccountIdForSession(sessionKey);
   if (!accountId) {
@@ -11847,7 +11820,7 @@ app32.get("/", requireAdminSession, async (c) => {
   const agents = await fetchAgentTemplateRows(accountDir);
   const artefacts = [...docs, ...agents].sort(
     (a, b) => (b.updatedAt ?? "").localeCompare(a.updatedAt ?? "")
-  ).slice(0, LIMIT2);
+  ).slice(0, LIMIT);
   const ms = Date.now() - start;
   console.log(
     `[admin/sidebar-artefacts] account=${accountId} count=${artefacts.length} docs=${docs.length} agents=${agents.length} ms=${ms}`
@@ -11865,7 +11838,7 @@ async function fetchKnowledgeDocs(accountId) {
               d.attachmentId AS attachmentId, d.encodingFormat AS mimeType
        ORDER BY d.updatedAt DESC
        LIMIT $limit`,
-      { accountId, limit: neo4j4.int(LIMIT2) }
+      { accountId, limit: neo4j3.int(LIMIT) }
     );
     metas = result.records.map((r) => ({
       id: r.get("id"),
@@ -12038,7 +12011,7 @@ function isWithin(target, root) {
   const rel = relative2(root, target);
   return !rel.startsWith("..") && !isAbsolute(rel);
 }
-var sidebar_artefacts_default = app32;
+var sidebar_artefacts_default = app31;
 
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir4, readdir as readdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
@@ -12046,8 +12019,8 @@ import { resolve as resolve21 } from "path";
 import { existsSync as existsSync20 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
 var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
-var app33 = new Hono();
-app33.post("/", requireAdminSession, async (c) => {
+var app32 = new Hono();
+app32.post("/", requireAdminSession, async (c) => {
   const sessionKey = c.var.sessionKey;
   const accountId = getAccountIdForSession(sessionKey);
   if (!accountId) return c.json({ error: "Account not found for session" }, 401);
@@ -12127,15 +12100,15 @@ async function resolveSavePath(id, accountId, accountDir) {
 function relPath(absPath, root) {
   return absPath.startsWith(root) ? absPath.slice(root.length + 1) : absPath;
 }
-var sidebar_artefact_save_default = app33;
+var sidebar_artefact_save_default = app32;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile6, readdir as readdir5 } from "fs/promises";
 import { existsSync as existsSync21 } from "fs";
 import { resolve as resolve22 } from "path";
 var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
-var app34 = new Hono();
-app34.get("/", requireAdminSession, async (c) => {
+var app33 = new Hono();
+app33.get("/", requireAdminSession, async (c) => {
   const sessionKey = c.var.sessionKey;
   const accountId = getAccountIdForSession(sessionKey);
   if (!accountId) return new Response("Unauthorized", { status: 401 });
@@ -12176,36 +12149,35 @@ app34.get("/", requireAdminSession, async (c) => {
     }
   });
 });
-var sidebar_artefact_content_default = app34;
+var sidebar_artefact_content_default = app33;
 
 // server/routes/admin/index.ts
-var app35 = new Hono();
-app35.route("/session", session_default2);
-app35.route("/chat", chat_default2);
-app35.route("/compact", compact_default);
-app35.route("/logs", logs_default);
-app35.route("/claude-info", claude_info_default);
-app35.route("/attachment", attachment_default);
-app35.route("/agents", agents_default);
-app35.route("/sessions", sessions_default);
-app35.route("/browser", browser_default);
-app35.route("/device-browser", device_browser_default);
-app35.route("/events", events_default);
-app35.route("/cloudflare", cloudflare_default);
-app35.route("/files", files_default);
-app35.route("/graph-search", graph_search_default);
-app35.route("/graph-subgraph", graph_subgraph_default);
-app35.route("/graph-delete", graph_delete_default);
-app35.route("/graph-restore", graph_restore_default);
-app35.route("/graph-labels-in-graph", graph_labels_in_graph_default);
-app35.route("/graph-default-view", graph_default_view_default);
-app35.route("/file-attach", file_attach_default);
-app35.route("/adherence", adherence_default);
-app35.route("/sidebar-projects", sidebar_projects_default);
-app35.route("/sidebar-artefacts", sidebar_artefacts_default);
-app35.route("/sidebar-artefact-save", sidebar_artefact_save_default);
-app35.route("/sidebar-artefact-content", sidebar_artefact_content_default);
-var admin_default = app35;
+var app34 = new Hono();
+app34.route("/session", session_default2);
+app34.route("/chat", chat_default2);
+app34.route("/compact", compact_default);
+app34.route("/logs", logs_default);
+app34.route("/claude-info", claude_info_default);
+app34.route("/attachment", attachment_default);
+app34.route("/agents", agents_default);
+app34.route("/sessions", sessions_default);
+app34.route("/browser", browser_default);
+app34.route("/device-browser", device_browser_default);
+app34.route("/events", events_default);
+app34.route("/cloudflare", cloudflare_default);
+app34.route("/files", files_default);
+app34.route("/graph-search", graph_search_default);
+app34.route("/graph-subgraph", graph_subgraph_default);
+app34.route("/graph-delete", graph_delete_default);
+app34.route("/graph-restore", graph_restore_default);
+app34.route("/graph-labels-in-graph", graph_labels_in_graph_default);
+app34.route("/graph-default-view", graph_default_view_default);
+app34.route("/file-attach", file_attach_default);
+app34.route("/adherence", adherence_default);
+app34.route("/sidebar-artefacts", sidebar_artefacts_default);
+app34.route("/sidebar-artefact-save", sidebar_artefact_save_default);
+app34.route("/sidebar-artefact-content", sidebar_artefact_content_default);
+var admin_default = app34;
 
 // app/lib/graph-health.ts
 var HOUR_MS = 60 * 60 * 1e3;
@@ -12359,9 +12331,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app36 = new Hono();
-app36.use("*", clientIpMiddleware);
-app36.use("*", async (c, next) => {
+var app35 = new Hono();
+app35.use("*", clientIpMiddleware);
+app35.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -12384,7 +12356,7 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/g/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app36.use("*", async (c, next) => {
+app35.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -12424,7 +12396,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app36.post("/__remote-auth/login", async (c) => {
+app35.post("/__remote-auth/login", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   if (!requestIsTlsTerminated(c)) {
@@ -12468,7 +12440,7 @@ app36.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app36.get("/__remote-auth/logout", (c) => {
+app35.get("/__remote-auth/logout", (c) => {
   return new Response(null, {
     status: 302,
     headers: {
@@ -12478,7 +12450,7 @@ app36.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app36.post("/__remote-auth/change-password", async (c) => {
+app35.post("/__remote-auth/change-password", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   const rateLimited = checkRateLimit(client);
@@ -12528,13 +12500,13 @@ app36.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app36.get("/__remote-auth/setup", (c) => {
+app35.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app36.post("/__remote-auth/set-initial-password", async (c) => {
+app35.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -12570,17 +12542,17 @@ app36.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app36.get("/api/remote-auth/status", (c) => {
+app35.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app36.post("/api/remote-auth/set-password", async (c) => {
+app35.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
   } catch {
     return c.json({ error: "Invalid request" }, 400);
   }
-  if (!body.session_key || !validateSession(body.session_key, "admin")) {
+  if (!body.session_key || !validateSession(body.session_key, "admin").ok) {
     return c.json({ error: "Unauthorized" }, 401);
   }
   if (!body.password) {
@@ -12603,9 +12575,9 @@ app36.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app36.route("/api/_client-error", client_error_default);
+app35.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app36.use("*", async (c, next) => {
+app35.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -12638,15 +12610,15 @@ app36.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app36.route("/api/health", health_default);
-app36.route("/api/session", session_default);
-app36.route("/api/chat", chat_default);
-app36.route("/api/group", group_default);
-app36.route("/api/access", access_default);
-app36.route("/api/telegram", telegram_default);
-app36.route("/api/whatsapp", whatsapp_default);
-app36.route("/api/onboarding", onboarding_default);
-app36.route("/api/admin", admin_default);
+app35.route("/api/health", health_default);
+app35.route("/api/session", session_default);
+app35.route("/api/chat", chat_default);
+app35.route("/api/group", group_default);
+app35.route("/api/access", access_default);
+app35.route("/api/telegram", telegram_default);
+app35.route("/api/whatsapp", whatsapp_default);
+app35.route("/api/onboarding", onboarding_default);
+app35.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -12658,7 +12630,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app36.get("/agent-assets/:slug/:filename", (c) => {
+app35.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -12693,7 +12665,7 @@ app36.get("/agent-assets/:slug/:filename", (c) => {
     "Cache-Control": "public, max-age=3600"
   });
 });
-app36.get("/generated/:filename", (c) => {
+app35.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -12859,7 +12831,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app36.get("/", (c) => {
+app35.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -12867,12 +12839,12 @@ app36.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app36.get("/public", (c) => {
+app35.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app36.get("/chat", (c) => {
+app35.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -12891,9 +12863,9 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app36.use("/vnc-viewer.html", logViewerFetch);
-app36.use("/vnc-popout.html", logViewerFetch);
-app36.get("/vnc-popout.html", (c) => {
+app35.use("/vnc-viewer.html", logViewerFetch);
+app35.use("/vnc-popout.html", logViewerFetch);
+app35.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
     html = readFileSync16(resolve23(process.cwd(), "public", "vnc-popout.html"), "utf-8");
@@ -12906,7 +12878,7 @@ app36.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app36.post("/api/vnc/client-event", async (c) => {
+app35.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -12927,20 +12899,20 @@ app36.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app36.get("/g/:slug", (c) => {
+app35.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app36.get("/graph", (c) => {
+app35.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app36.get("/data", (c) => {
+app35.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app36.get("/:slug", async (c, next) => {
+app35.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -12949,10 +12921,10 @@ app36.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app36.use("/*", serveStatic({ root: "./public" }));
+app35.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.MAXY_UI_INTERNAL_PORT ?? process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app36.fetch, port, hostname });
+var httpServer = serve({ fetch: app35.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 var SUBAPP_MANIFEST = [
   { prefix: "/api/health", file: "server/routes/health.ts", subapp: health_default },
@@ -12972,7 +12944,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app36.routes ?? []) {
+  for (const r of app35.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -12995,6 +12967,13 @@ try {
     console.error(`[session] backfill startup failed: ${err instanceof Error ? err.message : String(err)}`);
   }
 })();
+(async () => {
+  try {
+    await runBootMigrations();
+  } catch (err) {
+    console.error(`[migration] runBootMigrations rejected: ${err instanceof Error ? err.message : String(err)}`);
+  }
+})();
 (async () => {
   try {
     await startReviewDetector();

package/payload/server/public/assets/data-BhrQjgR5.js

@@ -1 +0,0 @@
-import{i as e,t}from"./jsx-runtime-DJER3a7U.js";import{t as n}from"./page-DIG7s5Jp.js";var r=e(),i=t();(0,r.createRoot)(document.getElementById(`root`)).render((0,i.jsx)(n,{}));

package/payload/server/public/assets/graph-Jj7seS-w.js

@@ -1 +0,0 @@
-import{i as e,t}from"./jsx-runtime-DJER3a7U.js";import{n}from"./page-sZb3wcOM.js";import"./Checkbox-BruL6MSR.js";var r=e(),i=t();(0,r.createRoot)(document.getElementById(`root`)).render((0,i.jsx)(n,{}));

package/payload/server/public/assets/page-DIG7s5Jp.js

@@ -1 +0,0 @@
-import{o as e}from"./chunk-DD-I1_y5.js";import{n as t,o as n,r,t as i}from"./jsx-runtime-DJER3a7U.js";import{a,i as o,n as s,o as c,r as l,s as u,t as d}from"./share-2-BndjMKeG.js";var f=r(`circle-arrow-up`,[[`circle`,{cx:`12`,cy:`12`,r:`10`,key:`1mglay`}],[`path`,{d:`m16 12-4-4-4 4`,key:`177agl`}],[`path`,{d:`M12 16V8`,key:`1sbj14`}]]),p=r(`download`,[[`path`,{d:`M12 15V3`,key:`m9g1x1`}],[`path`,{d:`M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4`,key:`ih7n3h`}],[`path`,{d:`m7 10 5 5 5-5`,key:`brsn70`}]]),m=r(`file`,[[`path`,{d:`M6 22a2 2 0 0 1-2-2V4a2 2 0 0 1 2-2h8a2.4 2.4 0 0 1 1.704.706l3.588 3.588A2.4 2.4 0 0 1 20 8v12a2 2 0 0 1-2 2z`,key:`1oefj6`}],[`path`,{d:`M14 2v5a1 1 0 0 0 1 1h5`,key:`wfsgrz`}]]),h=r(`folder`,[[`path`,{d:`M20 20a2 2 0 0 0 2-2V8a2 2 0 0 0-2-2h-7.9a2 2 0 0 1-1.69-.9L9.6 3.9A2 2 0 0 0 7.93 3H4a2 2 0 0 0-2 2v13a2 2 0 0 0 2 2Z`,key:`1kt360`}]]),g=r(`upload`,[[`path`,{d:`M12 3v12`,key:`1x0j5s`}],[`path`,{d:`m17 8-5-5-5 5`,key:`7q97r8`}],[`path`,{d:`M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4`,key:`ih7n3h`}]]),_=e(n(),1),v=i();function y(){let[e,t]=(0,_.useState)(null),[n,r]=(0,_.useState)(!1);return(0,_.useEffect)(()=>{let e=!1,n=null;try{n=sessionStorage.getItem(`maxy-admin-session-key`)}catch{}if(!n){t(null),r(!0);return}return fetch(`/api/admin/session?session_key=${encodeURIComponent(n)}`).then(i=>{if(!e){if(i.status===401){try{sessionStorage.removeItem(`maxy-admin-session-key`)}catch{}window.location.href=`/`;return}t(n),r(!0)}}).catch(()=>{e||(t(n),r(!0))}),()=>{e=!0}},[]),n?e?(0,v.jsxs)(`div`,{className:`data-page`,children:[(0,v.jsxs)(`header`,{className:`data-header`,children:[(0,v.jsxs)(`h1`,{className:`data-title`,children:[(0,v.jsx)(u,{size:18}),` Data`]}),(0,v.jsx)(x,{})]}),(0,v.jsx)(b,{sessionKey:e})]}):(0,v.jsxs)(`div`,{className:`data-page`,children:[(0,v.jsx)(`header`,{className:`data-header`,children:(0,v.jsxs)(`h1`,{className:`data-title`,children:[(0,v.jsx)(u,{size:18}),` Data`]})}),(0,v.jsxs)(`div`,{className:`data-empty`,children:[(0,v.jsx)(`p`,{children:`You are not signed in.`}),(0,v.jsxs)(`p`,{children:[`Open the `,(0,v.jsx)(`a`,{href:`/`,className:`data-link`,children:`main admin page`}),` and log in, then return here.`]})]})]}):(0,v.jsx)(`div`,{className:`data-page`,children:(0,v.jsxs)(`div`,{className:`data-loading`,children:[(0,v.jsx)(a,{size:18,className:`spin`}),` Loading…`]})})}function b({sessionKey:e}){return(0,v.jsxs)(`main`,{className:`data-main`,children:[(0,v.jsx)(S,{sessionKey:e}),(0,v.jsx)(D,{sessionKey:e})]})}function x(){let[e,t]=(0,_.useState)(!1),n=(0,_.useRef)(null);(0,_.useEffect)(()=>{if(!e)return;let r=e=>{n.current&&(n.current.contains(e.target)||t(!1))},i=e=>{e.key===`Escape`&&t(!1)};return document.addEventListener(`mousedown`,r),document.addEventListener(`keydown`,i),()=>{document.removeEventListener(`mousedown`,r),document.removeEventListener(`keydown`,i)}},[e]);let r=(0,_.useCallback)(()=>{try{sessionStorage.removeItem(`maxy-admin-session-key`)}catch{}window.location.href=`/`},[]);return(0,v.jsxs)(`div`,{className:`chat-burger-wrap`,ref:n,children:[(0,v.jsx)(`button`,{type:`button`,className:`chat-burger`,onClick:()=>t(e=>!e),"aria-label":`Menu`,"aria-haspopup":`true`,"aria-expanded":e,children:(0,v.jsx)(l,{size:20})}),e&&(0,v.jsxs)(`div`,{className:`chat-menu`,children:[(0,v.jsxs)(`button`,{type:`button`,className:`chat-menu-item`,onClick:()=>{t(!1),window.location.href=`/`},children:[(0,v.jsx)(c,{size:14}),` Chat`]}),(0,v.jsxs)(`button`,{type:`button`,className:`chat-menu-item`,onClick:()=>{t(!1),window.location.href=`/graph`},children:[(0,v.jsx)(d,{size:14}),` Graph`]}),(0,v.jsx)(`div`,{className:`chat-menu-divider`}),(0,v.jsxs)(`button`,{type:`button`,className:`chat-menu-item`,onClick:()=>{t(!1),r()},children:[(0,v.jsx)(o,{size:14}),` Log out`]})]})]})}function S({sessionKey:e}){let[t,n]=(0,_.useState)(``),[r,i]=(0,_.useState)(``),[o,c]=(0,_.useState)(null),[l,u]=(0,_.useState)(!1),[d,f]=(0,_.useState)(null);return(0,_.useEffect)(()=>{let e=t.trim();if(!e){i(``),c(null);return}let n=setTimeout(()=>i(e),300);return()=>clearTimeout(n)},[t]),(0,_.useEffect)(()=>{if(!r)return;let t=!1;u(!0),f(null);let n=`/api/admin/graph-search?session_key=${encodeURIComponent(e)}&q=${encodeURIComponent(r)}&limit=20`;return fetch(n).then(async e=>{let t=await e.json().catch(()=>({error:`HTTP ${e.status}`}));if(!e.ok)throw Error(t.error??`HTTP ${e.status}`);return t}).then(e=>{t||c(e.results)}).catch(e=>{t||f(e instanceof Error?e.message:String(e))}).finally(()=>{t||u(!1)}),()=>{t=!0}},[r,e]),(0,v.jsxs)(`section`,{className:`data-panel`,children:[(0,v.jsx)(`h2`,{className:`data-panel-title`,children:`Search`}),(0,v.jsx)(`p`,{className:`data-panel-subtitle`,children:`Find anything in your knowledge base by keyword.`}),(0,v.jsxs)(`div`,{className:`data-search-input`,children:[(0,v.jsx)(s,{size:14}),(0,v.jsx)(`input`,{type:`text`,placeholder:`Search your knowledge…`,value:t,onChange:e=>n(e.target.value),autoFocus:!0,autoComplete:`off`,spellCheck:!1}),l&&(0,v.jsx)(a,{size:14,className:`spin`})]}),d&&(0,v.jsxs)(`div`,{className:`data-error`,children:[`Search failed: `,d]}),o&&!l&&(0,v.jsxs)(`div`,{className:`data-results-meta`,children:[o.length,` result`,o.length===1?``:`s`]}),o&&o.length===0&&!l&&(0,v.jsx)(`div`,{className:`data-empty-results`,children:`No matches. Try a different keyword.`}),o&&o.length>0&&(0,v.jsx)(`ul`,{className:`data-results`,children:o.map(e=>(0,v.jsx)(C,{hit:e},e.nodeId))})]})}function C({hit:e}){let t=T(e.properties),n=E(e.properties),r=w(e.labels),[i,a]=(0,_.useState)(!1),o=n&&n.length>280,s=i||!o?n:n?.slice(0,280)+`…`;return(0,v.jsxs)(`li`,{className:`data-result`,children:[r&&(0,v.jsx)(`div`,{className:`data-result-header`,children:(0,v.jsx)(`span`,{className:`data-result-labels`,children:r})}),t&&(0,v.jsx)(`div`,{className:`data-result-title`,children:t}),n&&(0,v.jsx)(`pre`,{className:`data-result-body`,children:s}),o&&(0,v.jsx)(`button`,{type:`button`,className:`data-result-toggle`,onClick:()=>a(e=>!e),children:i?`Show less`:`Show more`})]})}function w(e){if(e.length===0)return null;let t=e[0].replace(/([a-z])([A-Z])/g,`$1 $2`);return t.charAt(0).toUpperCase()+t.slice(1).toLowerCase()}function T(e){for(let t of[`title`,`name`,`summary`,`headline`]){let n=e[t];if(typeof n==`string`&&n.length>0)return n.length>140?n.slice(0,140)+`…`:n}return null}function E(e){for(let t of[`content`,`summary`,`body`,`description`,`text`]){let n=e[t];if(typeof n==`string`&&n.length>0)return n}return null}function D({sessionKey:e}){let[n,r]=(0,_.useState)(`.`),[i,o]=(0,_.useState)(null),[s,c]=(0,_.useState)([]),[l,u]=(0,_.useState)(!1),[d,y]=(0,_.useState)(null),[b,x]=(0,_.useState)(!1),[S,C]=(0,_.useState)(null),[w,T]=(0,_.useState)(null),[E,D]=(0,_.useState)(null),[A,j]=(0,_.useState)(null),M=(0,_.useRef)(null),[N,P]=(0,_.useState)(0);(0,_.useEffect)(()=>{let t=!1;u(!0),y(null);let r=`/api/admin/files?session_key=${encodeURIComponent(e)}&path=${encodeURIComponent(n===`.`?``:n)}`;return fetch(r).then(async e=>{let t=await e.json().catch(()=>({error:`HTTP ${e.status}`}));if(!e.ok)throw Error(t.error??`HTTP ${e.status}`);return t}).then(e=>{t||(o(e.entries),c(e.displayPath??[]))}).catch(e=>{t||(o([]),c([]),y(e instanceof Error?e.message:String(e)))}).finally(()=>{t||u(!1)}),()=>{t=!0}},[e,n,N]);let F=(0,_.useCallback)(e=>{r(e)},[]),I=(0,_.useCallback)(()=>{if(n===`.`||n===``)return;let e=n.split(`/`).filter(Boolean);e.pop(),r(e.length===0?`.`:e.join(`/`))},[n]),L=(0,_.useCallback)(t=>{let r=n===`.`?t.name:`${n}/${t.name}`,i=`/api/admin/files/download?session_key=${encodeURIComponent(e)}&path=${encodeURIComponent(r)}`,a=document.createElement(`a`);a.href=i,a.rel=`noopener noreferrer`,document.body.appendChild(a),a.click(),a.remove()},[n,e]),R=(0,_.useCallback)(()=>{M.current?.click()},[]),z=(0,_.useCallback)(e=>{T(null),j(e.name)},[]),B=(0,_.useCallback)(()=>{j(null)},[]),V=(0,_.useCallback)(async t=>{let r=n===`.`?t.name:`${n}/${t.name}`;T(null),j(null),D(t.name);try{let t=`/api/admin/files?session_key=${encodeURIComponent(e)}&path=${encodeURIComponent(r)}`,n=await fetch(t,{method:`DELETE`}),i=await n.json().catch(()=>({error:`HTTP ${n.status}`}));if(!n.ok)throw Error(i.error??`HTTP ${n.status}`);P(e=>e+1)}catch(e){T(e instanceof Error?e.message:String(e))}finally{D(null)}},[n,e]);(0,_.useEffect)(()=>{if(!A)return;let e=e=>{e.key===`Escape`&&j(null)};return document.addEventListener(`keydown`,e),()=>document.removeEventListener(`keydown`,e)},[A]);let H=(0,_.useCallback)(async t=>{C(null),x(!0);try{let n=new FormData;n.append(`session_key`,e),n.append(`file`,t);let i=await fetch(`/api/admin/files/upload`,{method:`POST`,body:n}),a=await i.json().catch(()=>({error:`HTTP ${i.status}`}));if(!i.ok)throw Error(a.error??`HTTP ${i.status}`);r(a.path.split(`/`).slice(0,-1).join(`/`)||`.`),P(e=>e+1)}catch(e){C(e instanceof Error?e.message:String(e))}finally{x(!1),M.current&&(M.current.value=``)}},[e]);return(0,v.jsxs)(`section`,{className:`data-panel`,children:[(0,v.jsxs)(`div`,{className:`data-panel-heading`,children:[(0,v.jsx)(`h2`,{className:`data-panel-title`,children:`Files`}),(0,v.jsxs)(`div`,{className:`data-file-actions`,children:[(0,v.jsxs)(`button`,{type:`button`,className:`data-btn`,onClick:R,disabled:b,children:[b?(0,v.jsx)(a,{size:14,className:`spin`}):(0,v.jsx)(g,{size:14}),` Upload`]}),(0,v.jsx)(`input`,{type:`file`,ref:M,hidden:!0,onChange:e=>{let t=e.target.files?.[0];t&&H(t)}})]})]}),(0,v.jsxs)(`p`,{className:`data-panel-subtitle`,children:[`Everything under your install's `,(0,v.jsx)(`code`,{children:`data/`}),` directory. Click a folder to open it, a file to download it. Uploads go to `,(0,v.jsx)(`code`,{children:`data/uploads/`}),`.`]}),(0,v.jsxs)(`div`,{className:`data-breadcrumbs`,children:[(0,v.jsx)(`button`,{type:`button`,className:`data-crumb`,onClick:()=>F(`.`),children:`data`}),s.map((e,t)=>{let n=s.slice(0,t+1).map(e=>e.name).join(`/`);return(0,v.jsxs)(`span`,{className:`data-crumb-wrap`,children:[(0,v.jsx)(`span`,{className:`data-crumb-sep`,children:`/`}),(0,v.jsx)(`button`,{type:`button`,className:`data-crumb`,onClick:()=>F(n),title:e.name,children:e.displayName??e.name})]},n)}),n!==`.`&&(0,v.jsxs)(`button`,{type:`button`,className:`data-btn data-btn-ghost data-up-btn`,onClick:I,children:[(0,v.jsx)(f,{size:14}),` Up`]})]}),S&&(0,v.jsxs)(`div`,{className:`data-error`,children:[`Upload failed: `,S]}),w&&(0,v.jsxs)(`div`,{className:`data-error`,children:[`Delete failed: `,w]}),d&&(0,v.jsx)(`div`,{className:`data-error`,children:d}),l&&(0,v.jsxs)(`div`,{className:`data-loading`,children:[(0,v.jsx)(a,{size:14,className:`spin`}),` Loading…`]}),!l&&i&&i.length===0&&!d&&(0,v.jsx)(`div`,{className:`data-empty-results`,children:`Empty directory.`}),!l&&i&&i.length>0&&(0,v.jsx)(`ul`,{className:`data-entries`,children:i.map(e=>{let r=e.displayName??e.name,i=E===e.name,o=A===e.name;return(0,v.jsx)(`li`,{className:`data-entry`,children:e.kind===`directory`?(0,v.jsxs)(`button`,{type:`button`,className:`data-entry-btn`,onClick:()=>F(n===`.`?e.name:`${n}/${e.name}`),children:[(0,v.jsx)(h,{size:14}),(0,v.jsx)(`span`,{className:`data-entry-name`,title:e.name,children:r})]}):e.kind===`file`?(0,v.jsxs)(v.Fragment,{children:[(0,v.jsxs)(`button`,{type:`button`,className:`data-entry-btn`,onClick:()=>L(e),title:`Download ${r}`,disabled:o,children:[(0,v.jsx)(m,{size:14}),(0,v.jsx)(`span`,{className:`data-entry-name`,title:e.name,children:r}),(0,v.jsxs)(`span`,{className:`data-entry-meta`,title:`Modified ${k(e.modifiedAt)}`,children:[O(e.sizeBytes),` · `,k(e.modifiedAt)]}),(0,v.jsx)(p,{size:12,className:`data-entry-download-icon`})]}),o?(0,v.jsxs)(`div`,{className:`data-entry-confirm`,role:`group`,"aria-label":`Confirm delete ${r}`,children:[(0,v.jsx)(`span`,{className:`data-entry-confirm-label`,children:`Delete?`}),(0,v.jsx)(`button`,{type:`button`,className:`data-entry-confirm-yes`,onClick:()=>V(e),autoFocus:!0,children:`Yes`}),(0,v.jsx)(`button`,{type:`button`,className:`data-entry-confirm-no`,onClick:B,children:`No`})]}):(0,v.jsx)(`button`,{type:`button`,className:`data-entry-delete`,onClick:()=>z(e),disabled:i,title:`Delete ${r}`,"aria-label":`Delete ${r}`,children:i?(0,v.jsx)(a,{size:14,className:`spin`}):(0,v.jsx)(t,{size:14})})]}):(0,v.jsxs)(`div`,{className:`data-entry-btn data-entry-disabled`,children:[(0,v.jsx)(m,{size:14}),(0,v.jsx)(`span`,{className:`data-entry-name`,children:r}),(0,v.jsx)(`span`,{className:`data-entry-meta`,children:`special`})]})},e.name)})})]})}function O(e){return e==null?``:e<1024?`${e} B`:e<1024*1024?`${(e/1024).toFixed(1)} KB`:e<1024*1024*1024?`${(e/1024/1024).toFixed(1)} MB`:`${(e/1024/1024/1024).toFixed(1)} GB`}function k(e){try{let t=new Date(e);if(isNaN(t.getTime()))return`—`;let n=typeof navigator<`u`?navigator.languages&&navigator.languages.length>0?[...navigator.languages]:[navigator.language]:void 0;return t.toLocaleString(n,{dateStyle:`medium`,timeStyle:`short`})}catch{return`—`}}export{p as i,b as n,m as r,y as t};