@rubytech/create-realagent 1.0.795 → 1.0.798

package/payload/server/server.js

@@ -42,6 +42,7 @@ import {
   setRemotePassword,
   sleep,
   streamLogPathFor,
+  stripAttachmentMetaSuffix,
   validateKey,
   validatePasswordStrength,
   verifyPassword,
@@ -49,14 +50,12 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-3SQJW5Y5.js";
+} from "./chunk-SBHI2NMF.js";
 import {
   ACCOUNTS_DIR,
   GREETING_DIRECTIVE,
   HAIKU_MODEL,
   PLATFORM_ROOT,
-  __commonJS,
-  __toESM,
   agentLogStream,
   backfillNullUserIdConversations,
   bindVisitorToGroup,
@@ -103,6 +102,7 @@ import {
   resolveAgentConfig,
   resolveDefaultAgentSlug,
   resolveUserAccounts,
+  runBootMigrations,
   setAgentSessionId,
   setConversationIdForSession,
   setGroupContextForSession,
@@ -113,7 +113,11 @@ import {
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership,
   writeAdminUserAndPerson
-} from "./chunk-2N7XJW6Q.js";
+} from "./chunk-WHF6YXJ5.js";
+import {
+  __commonJS,
+  __toESM
+} from "./chunk-JSBRDJBE.js";
 
 // ../lib/graph-trash/dist/index.js
 var require_dist = __commonJS({
@@ -612,8 +616,8 @@ var serveStatic = (options = { root: "" }) => {
 };
 
 // server/index.ts
-import { readFileSync as readFileSync16, existsSync as existsSync22, watchFile } from "fs";
-import { resolve as resolve23, join as join10, basename as basename7 } from "path";
+import { readFileSync as readFileSync17, existsSync as existsSync24, watchFile } from "fs";
+import { resolve as resolve24, join as join10, basename as basename7 } from "path";
 import { homedir as homedir2 } from "os";
 
 // app/lib/agent-slug-pattern.ts
@@ -2193,9 +2197,10 @@ var WhatsAppAccountSchema = z.object({
   groups: z.record(
     z.string(),
     z.object({
-      activation: z.enum(["always", "mention", "off"]).optional()
+      activation: z.enum(["always", "mention", "off"]).optional(),
+      publicAgent: z.string().optional().describe("Per-group public-agent slug override. When set, inbound messages in this group route to this agent instead of the per-account or top-level publicAgent.")
     }).strict().optional()
-  ).optional().describe("Per-group settings controlling when the agent responds: 'always' (every message), 'mention' (only when @mentioned), 'off' (silent)."),
+  ).optional().describe("Per-group settings: 'activation' controls when the agent responds ('always', 'mention', 'off'); 'publicAgent' optionally overrides the public-agent slug for this group (precedence: group \u2192 account \u2192 top-level)."),
   ackReaction: z.object({
     emoji: z.string().optional(),
     direct: z.boolean().optional().default(true),
@@ -2449,20 +2454,107 @@ function setPublicAgent(accountDir, slug) {
     return { ok: false, error: msg };
   }
 }
-function getPublicAgent(accountDir) {
+function resolvePublicAgent(accountDir, opts) {
   try {
     const config = readConfig(accountDir);
     const wa = config.whatsapp;
     if (!wa) return null;
-    const slug = wa.publicAgent;
-    if (typeof slug === "string" && slug.trim()) {
-      return slug.trim();
+    if (opts.groupJid) {
+      const accounts2 = wa.accounts;
+      const account2 = accounts2?.[opts.accountId];
+      const groups = account2?.groups;
+      const group = groups?.[opts.groupJid];
+      const groupSlug = group?.publicAgent;
+      if (typeof groupSlug === "string" && groupSlug.trim()) {
+        return { slug: groupSlug.trim(), source: "group" };
+      }
+    }
+    const accounts = wa.accounts;
+    const account = accounts?.[opts.accountId];
+    const accountSlug = account?.publicAgent;
+    if (typeof accountSlug === "string" && accountSlug.trim()) {
+      return { slug: accountSlug.trim(), source: "account" };
+    }
+    const topSlug = wa.publicAgent;
+    if (typeof topSlug === "string" && topSlug.trim()) {
+      return { slug: topSlug.trim(), source: "top-level" };
     }
     return null;
   } catch {
     return null;
   }
 }
+function setGroupPublicAgent(accountDir, accountId, groupJid, slug) {
+  const trimmedSlug = slug.trim();
+  const trimmedGroup = groupJid.trim();
+  const trimmedAccount = accountId.trim();
+  if (!trimmedSlug) return { ok: false, error: "Agent slug cannot be empty." };
+  if (!trimmedGroup) return { ok: false, error: "Group JID cannot be empty." };
+  if (!trimmedAccount) return { ok: false, error: "Account ID cannot be empty." };
+  const agentConfigPath = join3(accountDir, "agents", trimmedSlug, "config.json");
+  if (!existsSync5(agentConfigPath)) {
+    return { ok: false, error: `Agent "${trimmedSlug}" not found \u2014 no config.json at ${agentConfigPath}. Check the agent slug and try again.` };
+  }
+  try {
+    const config = readConfig(accountDir);
+    if (!config.whatsapp || typeof config.whatsapp !== "object") config.whatsapp = {};
+    const wa = config.whatsapp;
+    if (!wa.accounts || typeof wa.accounts !== "object") wa.accounts = {};
+    const accounts = wa.accounts;
+    if (!accounts[trimmedAccount] || typeof accounts[trimmedAccount] !== "object") accounts[trimmedAccount] = {};
+    const account = accounts[trimmedAccount];
+    if (!account.groups || typeof account.groups !== "object") account.groups = {};
+    const groups = account.groups;
+    const existing = groups[trimmedGroup] && typeof groups[trimmedGroup] === "object" ? groups[trimmedGroup] : {};
+    groups[trimmedGroup] = { ...existing, publicAgent: trimmedSlug };
+    const parsed = WhatsAppConfigSchema.safeParse(wa);
+    if (!parsed.success) {
+      const msg = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+      return { ok: false, error: `Validation failed: ${msg}` };
+    }
+    config.whatsapp = parsed.data;
+    writeConfig(accountDir, config);
+    console.error(`${TAG} setGroupPublicAgent account=${trimmedAccount} groupJid=${trimmedGroup} slug=${trimmedSlug}`);
+    reloadManagerConfig(accountDir);
+    return { ok: true, message: `Per-group public agent set to "${trimmedSlug}" for group ${trimmedGroup}.` };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG} setGroupPublicAgent failed: ${msg}`);
+    return { ok: false, error: msg };
+  }
+}
+function unsetGroupPublicAgent(accountDir, accountId, groupJid) {
+  const trimmedGroup = groupJid.trim();
+  const trimmedAccount = accountId.trim();
+  if (!trimmedGroup) return { ok: false, error: "Group JID cannot be empty." };
+  if (!trimmedAccount) return { ok: false, error: "Account ID cannot be empty." };
+  try {
+    const config = readConfig(accountDir);
+    const wa = config.whatsapp ?? {};
+    const accounts = wa.accounts;
+    const account = accounts?.[trimmedAccount];
+    const groups = account?.groups;
+    const group = groups?.[trimmedGroup];
+    if (!group || typeof group.publicAgent !== "string") {
+      return { ok: true, message: `No per-group publicAgent override for group ${trimmedGroup}; nothing to remove.` };
+    }
+    delete group.publicAgent;
+    const parsed = WhatsAppConfigSchema.safeParse(wa);
+    if (!parsed.success) {
+      const msg = parsed.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join("; ");
+      return { ok: false, error: `Validation failed: ${msg}` };
+    }
+    config.whatsapp = parsed.data;
+    writeConfig(accountDir, config);
+    console.error(`${TAG} unsetGroupPublicAgent account=${trimmedAccount} groupJid=${trimmedGroup}`);
+    reloadManagerConfig(accountDir);
+    return { ok: true, message: `Per-group public agent override removed for group ${trimmedGroup}.` };
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    console.error(`${TAG} unsetGroupPublicAgent failed: ${msg}`);
+    return { ok: false, error: msg };
+  }
+}
 function updateConfig(accountDir, fields) {
   const fieldNames = Object.keys(fields);
   if (fieldNames.length === 0) {
@@ -2698,7 +2790,7 @@ var credsSaveQueue = Promise.resolve();
 async function drainCredsSaveQueue(timeoutMs = 5e3) {
   console.error(`${TAG3} draining credential save queue\u2026`);
   const timer2 = new Promise(
-    (resolve24) => setTimeout(() => resolve24("timeout"), timeoutMs)
+    (resolve25) => setTimeout(() => resolve25("timeout"), timeoutMs)
   );
   const result = await Promise.race([
     credsSaveQueue.then(() => "drained"),
@@ -2826,11 +2918,11 @@ async function createWaSocket(opts) {
   return sock;
 }
 async function waitForConnection(sock) {
-  return new Promise((resolve24, reject) => {
+  return new Promise((resolve25, reject) => {
     const handler = (update) => {
       if (update.connection === "open") {
         sock.ev.off("connection.update", handler);
-        resolve24();
+        resolve25();
       }
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
@@ -2944,14 +3036,14 @@ ${inspected}`;
   return inspect2(err, INSPECT_OPTS2);
 }
 function withTimeout(label, promise, timeoutMs) {
-  return new Promise((resolve24, reject) => {
+  return new Promise((resolve25, reject) => {
     const timer2 = setTimeout(() => {
       reject(new Error(`${label} timed out after ${timeoutMs}ms`));
     }, timeoutMs);
     promise.then(
       (value) => {
         clearTimeout(timer2);
-        resolve24(value);
+        resolve25(value);
       },
       (err) => {
         clearTimeout(timer2);
@@ -4165,11 +4257,11 @@ async function connectWithReconnect(conn) {
       console.error(
         `${TAG11} reconnecting account=${conn.accountId} in ${delay}ms (attempt ${decision.nextAttempts}/${maxAttempts})`
       );
-      await new Promise((resolve24) => {
-        const timer2 = setTimeout(resolve24, delay);
+      await new Promise((resolve25) => {
+        const timer2 = setTimeout(resolve25, delay);
         conn.abortController.signal.addEventListener("abort", () => {
           clearTimeout(timer2);
-          resolve24();
+          resolve25();
         }, { once: true });
       });
     }
@@ -4177,16 +4269,16 @@ async function connectWithReconnect(conn) {
   }
 }
 function waitForDisconnectEvent(conn) {
-  return new Promise((resolve24) => {
+  return new Promise((resolve25) => {
     if (!conn.sock) {
-      resolve24();
+      resolve25();
       return;
     }
     const sock = conn.sock;
     const handler = (update) => {
       if (update.connection === "close") {
         sock.ev.off("connection.update", handler);
-        resolve24();
+        resolve25();
       }
     };
     sock.ev.on("connection.update", handler);
@@ -4403,8 +4495,8 @@ async function handleInboundMessage(conn, msg) {
     const conversationKey = isGroup ? remoteJid : senderPhone;
     const debounceKey = `${conn.accountId}:${conversationKey}:${senderPhone}`;
     let resolvePending;
-    const sttPending = new Promise((resolve24) => {
-      resolvePending = resolve24;
+    const sttPending = new Promise((resolve25) => {
+      resolvePending = resolve25;
     });
     if (conn.debouncer) conn.debouncer.registerPending(debounceKey, sttPending);
     try {
@@ -4517,20 +4609,20 @@ async function probeApiKey() {
   return result.status;
 }
 function checkPort(port2, timeoutMs = 500) {
-  return new Promise((resolve24) => {
+  return new Promise((resolve25) => {
     const socket = createConnection(port2, "127.0.0.1");
     socket.setTimeout(timeoutMs);
     socket.once("connect", () => {
       socket.destroy();
-      resolve24(true);
+      resolve25(true);
     });
     socket.once("error", () => {
       socket.destroy();
-      resolve24(false);
+      resolve25(false);
     });
     socket.once("timeout", () => {
       socket.destroy();
-      resolve24(false);
+      resolve25(false);
     });
   });
 }
@@ -4726,7 +4818,7 @@ app2.post("/", async (c) => {
   }
   const cookieHeader = c.req.header("cookie");
   if (body.session_key && typeof body.session_key === "string") {
-    if (validateSession(body.session_key, "public")) {
+    if (validateSession(body.session_key, "public").ok) {
       const storedAgent = getAgentNameForSession(body.session_key);
       if (storedAgent && storedAgent !== agentSlug) {
         console.log(`[session] hot-resume agent mismatch: session=${body.session_key.slice(0, 8)}\u2026 has=${storedAgent} requested=${agentSlug} \u2014 creating new session`);
@@ -5414,7 +5506,7 @@ app3.post("/", async (c) => {
     if (!session_key) {
       return c.json({ error: "session_key required" }, 400);
     }
-    if (!validateSession(session_key, "public")) {
+    if (!validateSession(session_key, "public").ok) {
       return c.json({ error: "Invalid or expired session" }, 401);
     }
     const files = formData.getAll("attachments");
@@ -5483,7 +5575,7 @@ app3.post("/", async (c) => {
     if (!message) {
       return c.json({ error: "message required" }, 400);
     }
-    if (!validateSession(session_key, "public")) {
+    if (!validateSession(session_key, "public").ok) {
       return c.json({ error: "Invalid or expired session" }, 401);
     }
   }
@@ -5623,7 +5715,7 @@ app4.get("/messages", async (c) => {
   if (isNaN(sinceDate.getTime())) {
     return c.json({ error: "Invalid since parameter \u2014 expected ISO 8601" }, 400);
   }
-  if (!validateSession(sessionKey, "public")) {
+  if (!validateSession(sessionKey, "public").ok) {
     return c.json({ error: "Session expired" }, 401);
   }
   const groupSlug = getGroupSlugForSession(sessionKey);
@@ -6247,7 +6339,7 @@ app5.post("/create-credentials", async (c) => {
   const { session_key, password } = body;
   if (!session_key || typeof session_key !== "string") return c.json({ error: "session_key required" }, 400);
   if (!password || typeof password !== "string") return c.json({ error: "password required" }, 400);
-  if (!validateSession(session_key, "public")) {
+  if (!validateSession(session_key, "public").ok) {
     return c.json({ error: "Invalid or expired session" }, 401);
   }
   const grant = getGrantForSession(session_key);
@@ -6743,8 +6835,8 @@ async function startLogin(opts) {
   resetActiveLogin(accountId);
   let resolveQr = null;
   let rejectQr = null;
-  const qrPromise = new Promise((resolve24, reject) => {
-    resolveQr = resolve24;
+  const qrPromise = new Promise((resolve25, reject) => {
+    resolveQr = resolve25;
     rejectQr = reject;
   });
   const qrTimer = setTimeout(
@@ -7071,7 +7163,7 @@ app7.post("/send", async (c) => {
 app7.post("/config", async (c) => {
   try {
     const body = await c.req.json().catch(() => ({}));
-    const { action, phone, slug, fields, accountId } = body;
+    const { action, phone, slug, groupJid, fields, accountId } = body;
     if (!action || typeof action !== "string") {
       return c.json({ ok: false, error: 'Missing required field "action".' }, 400);
     }
@@ -7110,9 +7202,32 @@ app7.post("/config", async (c) => {
         return c.json(result, result.ok ? 200 : 400);
       }
       case "get-public-agent": {
-        const currentSlug = getPublicAgent(account.accountDir);
-        console.error(`${TAG16} config action=get-public-agent slug=${currentSlug ?? "none"}`);
-        return c.json({ ok: true, slug: currentSlug });
+        const targetAccount = typeof accountId === "string" && accountId.trim() ? accountId.trim() : "default";
+        const targetGroup = typeof groupJid === "string" && groupJid.trim() ? groupJid.trim() : void 0;
+        const resolved = resolvePublicAgent(account.accountDir, { accountId: targetAccount, groupJid: targetGroup });
+        console.error(`${TAG16} config action=get-public-agent accountId=${targetAccount} groupJid=${targetGroup ?? "none"} slug=${resolved?.slug ?? "none"} source=${resolved?.source ?? "none"}`);
+        return c.json({ ok: true, slug: resolved?.slug ?? null, source: resolved?.source ?? null });
+      }
+      case "set-group-public-agent": {
+        if (!slug || typeof slug !== "string") {
+          return c.json({ ok: false, error: 'Missing required field "slug" (the public-agent directory name, e.g. "my-agent").' }, 400);
+        }
+        if (!groupJid || typeof groupJid !== "string") {
+          return c.json({ ok: false, error: 'Missing required field "groupJid" (group JID ending in @g.us).' }, 400);
+        }
+        const targetAccount = typeof accountId === "string" && accountId.trim() ? accountId.trim() : "default";
+        const result = setGroupPublicAgent(account.accountDir, targetAccount, groupJid, slug);
+        console.error(`${TAG16} config action=set-group-public-agent accountId=${targetAccount} groupJid=${groupJid} slug=${slug} ok=${result.ok}`);
+        return c.json(result, result.ok ? 200 : 400);
+      }
+      case "unset-group-public-agent": {
+        if (!groupJid || typeof groupJid !== "string") {
+          return c.json({ ok: false, error: 'Missing required field "groupJid" (group JID ending in @g.us).' }, 400);
+        }
+        const targetAccount = typeof accountId === "string" && accountId.trim() ? accountId.trim() : "default";
+        const result = unsetGroupPublicAgent(account.accountDir, targetAccount, groupJid);
+        console.error(`${TAG16} config action=unset-group-public-agent accountId=${targetAccount} groupJid=${groupJid} ok=${result.ok}`);
+        return c.json(result, result.ok ? 200 : 400);
       }
       case "list-public-agents": {
         const agentsDir = resolve10(account.accountDir, "agents");
@@ -7180,7 +7295,7 @@ app7.post("/config", async (c) => {
       }
       default:
         return c.json(
-          { ok: false, error: `Unknown action "${action}". Valid actions: add-admin-phone, remove-admin-phone, list-admin-phones, set-public-agent, get-public-agent, list-public-agents, update-config, get-config, schema, list-groups.` },
+          { ok: false, error: `Unknown action "${action}". Valid actions: add-admin-phone, remove-admin-phone, list-admin-phones, set-public-agent, get-public-agent, set-group-public-agent, unset-group-public-agent, list-public-agents, update-config, get-config, schema, list-groups.` },
           400
         );
     }
@@ -7813,7 +7928,7 @@ async function createAdminSession(accountId, thinkingView, userId, userName, rol
 var app10 = new Hono();
 app10.get("/", async (c) => {
   const sessionKey = c.req.query("session_key");
-  if (!sessionKey || !validateSession(sessionKey, "admin")) {
+  if (!sessionKey || !validateSession(sessionKey, "admin").ok) {
     return c.json({ error: "Invalid or expired admin session" }, 401);
   }
   const accountId = getAccountIdForSession(sessionKey);
@@ -8210,7 +8325,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-CTMWNDMO.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-4YDRTKAT.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -8661,10 +8776,15 @@ app13.get("/", async (c) => {
       const filePath = resolve13(dir, safe);
       searched.push(filePath);
       try {
-        const content = readFileSync12(filePath, "utf-8");
-        const headers = { "Content-Type": "text/plain; charset=utf-8" };
+        const buffer = readFileSync12(filePath);
+        const onDiskBytes = statSync7(filePath).size;
+        const headers = {
+          "Content-Type": "text/plain; charset=utf-8",
+          "Content-Length": String(buffer.byteLength)
+        };
         if (download) headers["Content-Disposition"] = `attachment; filename="${safe}"`;
-        return new Response(content, { headers });
+        console.info(`[stream-log-download] file=${safe} bytesServed=${buffer.byteLength} onDiskBytes=${onDiskBytes}`);
+        return new Response(buffer, { headers });
       } catch (err) {
         const reason = err instanceof Error ? err.message : String(err);
         console.debug(`[admin/logs] miss dir=${dir} name=${safe} reason=${reason}`);
@@ -8729,9 +8849,9 @@ app13.get("/", async (c) => {
       const hit = hits[0];
       console.info(`[admin/logs] resolved sessionKey=${sessionKeySlice} conversationId=${conversationIdSlice} shape=${hit.shape} stalePreflushCount=${stalePreflushCount}`);
       try {
-        const content = readFileSync12(hit.path, "utf-8");
         const filename = basename5(hit.path);
         if (stalePreflushCount > 0 && !download) {
+          const content = readFileSync12(hit.path, "utf-8");
           return c.json({
             log: content,
             filename,
@@ -8739,9 +8859,15 @@ app13.get("/", async (c) => {
             warnings: stalePreflushPaths.map((path2) => ({ kind: "stale-preflush", path: path2 }))
           });
         }
-        const headers = { "Content-Type": "text/plain; charset=utf-8" };
+        const buffer = readFileSync12(hit.path);
+        const onDiskBytes = statSync7(hit.path).size;
+        const headers = {
+          "Content-Type": "text/plain; charset=utf-8",
+          "Content-Length": String(buffer.byteLength)
+        };
         if (download) headers["Content-Disposition"] = `attachment; filename="${filename}"`;
-        return new Response(content, { headers });
+        console.info(`[stream-log-download] file=${filename} bytesServed=${buffer.byteLength} onDiskBytes=${onDiskBytes}`);
+        return new Response(buffer, { headers });
       } catch (err) {
         const reason2 = err instanceof Error ? err.message : String(err);
         console.warn(`[admin/logs] read-fail path=${hit.path} reason=${reason2}`);
@@ -8953,7 +9079,35 @@ var agents_default = app16;
 // server/routes/admin/sessions.ts
 import crypto2 from "crypto";
 import { resolve as resolvePath } from "path";
-import { appendFileSync as appendFileSync5 } from "fs";
+import { appendFileSync as appendFileSync5, existsSync as existsSync18 } from "fs";
+function validateAndShapeAttachments(raws, conversationAccountId, conversationId, messageId, streamLogPath) {
+  const chips = [];
+  let valid = 0;
+  let invalid = 0;
+  for (const a of raws) {
+    let reason = null;
+    if (!a.attachmentId || !a.filename || !a.mimeType || !a.storagePath) reason = "schema-fail";
+    else if (a.accountId !== conversationAccountId) reason = "account-mismatch";
+    else if (!existsSync18(a.storagePath)) reason = "missing-file";
+    if (reason) {
+      invalid++;
+      try {
+        appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [attachment-rehydrate-invalid] conversationId=${conversationId.slice(0, 8)} messageId=${messageId.slice(0, 8)} attachmentId=${(a.attachmentId || "").slice(0, 8)} reason=${reason}
+`);
+      } catch {
+      }
+      continue;
+    }
+    valid++;
+    chips.push({
+      attachmentId: a.attachmentId,
+      filename: a.filename,
+      mimeType: a.mimeType,
+      sizeBytes: a.sizeBytes
+    });
+  }
+  return { chips, valid, invalid };
+}
 function reconstructAssistantEvents(content, components, conversationId, messageId, streamLogPath) {
   if (components.length === 0) {
     return {
@@ -9106,7 +9260,17 @@ app17.get("/:id/messages", requireAdminSession, async (c) => {
   if (!owned) return c.json({ error: "Conversation not found" }, 404);
   try {
     const messages = await getRecentMessages(conversationId, 50);
-    return c.json({ messages });
+    const sanitised = messages.map((m) => ({
+      ...m,
+      attachments: m.attachments.map((a) => ({
+        attachmentId: a.attachmentId,
+        filename: a.filename,
+        mimeType: a.mimeType,
+        sizeBytes: a.sizeBytes,
+        ordinal: a.ordinal
+      }))
+    }));
+    return c.json({ messages: sanitised });
   } catch (err) {
     console.error(`[sessions-messages] Failed: ${err instanceof Error ? err.message : String(err)}`);
     return c.json({ error: "Failed to fetch messages" }, 500);
@@ -9139,10 +9303,23 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
   let totalValid = 0;
   let totalInvalid = 0;
   let totalComponents = 0;
+  let totalAttachments = 0;
+  let totalAttachmentInvalid = 0;
   const rehydrated = messages.map((m) => {
     const components = m.components ?? [];
+    const rawAttachments = m.attachments ?? [];
     if (m.role !== "assistant") {
-      return { messageId: m.messageId, role: m.role, content: m.content, createdAt: m.createdAt };
+      const { chips, valid: valid2, invalid: invalid2 } = validateAndShapeAttachments(rawAttachments, accountId, conversationId, m.messageId, streamLogPath);
+      totalAttachments += valid2;
+      totalAttachmentInvalid += invalid2;
+      const cleanedContent = chips.length > 0 ? stripAttachmentMetaSuffix(m.content) : m.content;
+      return {
+        messageId: m.messageId,
+        role: m.role,
+        content: cleanedContent,
+        createdAt: m.createdAt,
+        ...chips.length > 0 ? { attachments: chips } : {}
+      };
     }
     const { events, valid, invalid, submittedEventIndices } = reconstructAssistantEvents(m.content, components, conversationId, m.messageId, streamLogPath);
     totalValid += valid;
@@ -9159,17 +9336,22 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
     };
   });
   const textRuns = rehydrated.reduce((n, m) => n + (m.events?.filter((e) => e.type === "text").length ?? 0), 0);
+  const userMessageCount = rehydrated.filter((m) => m.role !== "assistant").length;
   try {
-    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents}
+    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents} userAttachmentCount=${totalAttachments}
 `);
     if (totalComponents > 0) {
       appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-rehydrate] conversationId=${conversationId.slice(0, 8)} count=${totalComponents} valid=${totalValid} invalid=${totalInvalid} textRuns=${textRuns}
+`);
+    }
+    if (totalAttachments > 0 || totalAttachmentInvalid > 0) {
+      appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [attachment-rehydrate] conversationId=${conversationId.slice(0, 8)} userMessages=${userMessageCount} attachments=${totalAttachments} invalid=${totalAttachmentInvalid}
 `);
     }
   } catch {
   }
   const age = formatAge(updatedAt);
-  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
+  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
   return c.json({ conversationId, messages: rehydrated });
 });
 app17.post("/:id/label", requireAdminSession, async (c) => {
@@ -9444,12 +9626,12 @@ function isValidDomain(value) {
 }
 
 // app/lib/alias-domains.ts
-import { existsSync as existsSync18, mkdirSync as mkdirSync8, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
+import { existsSync as existsSync19, mkdirSync as mkdirSync8, readFileSync as readFileSync14, writeFileSync as writeFileSync9 } from "fs";
 import { dirname as dirname7 } from "path";
 import { resolve as resolve16 } from "path";
 var ALIAS_DOMAINS_PATH = resolve16(MAXY_DIR, "alias-domains.json");
 function readExisting() {
-  if (!existsSync18(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
+  if (!existsSync19(ALIAS_DOMAINS_PATH)) return /* @__PURE__ */ new Set();
   try {
     const parsed = JSON.parse(readFileSync14(ALIAS_DOMAINS_PATH, "utf-8"));
     if (!Array.isArray(parsed)) return /* @__PURE__ */ new Set();
@@ -11786,7 +11968,7 @@ var adherence_default = app30;
 import neo4j3 from "neo4j-driver";
 import { readFile as readFile5, readdir as readdir3, stat as stat5 } from "fs/promises";
 import { resolve as resolve20, relative as relative2, isAbsolute } from "path";
-import { existsSync as existsSync19 } from "fs";
+import { existsSync as existsSync20 } from "fs";
 var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
@@ -11934,7 +12116,7 @@ async function fetchAgentTemplateRows(accountDir) {
 async function unionSpecialistFilenames(overrideDir, bundledDir) {
   const names = /* @__PURE__ */ new Set();
   for (const dir of [overrideDir, bundledDir]) {
-    if (!existsSync19(dir)) continue;
+    if (!existsSync20(dir)) continue;
     try {
       const entries = await readdir3(dir);
       for (const entry of entries) {
@@ -11949,7 +12131,7 @@ async function unionSpecialistFilenames(overrideDir, bundledDir) {
 }
 async function readAgentTemplateRow(inp) {
   let chosenPath = null;
-  if (existsSync19(inp.overridePath)) {
+  if (existsSync20(inp.overridePath)) {
     try {
       validateFilePathInAccount(inp.overridePath, inp.overrideRoot);
       chosenPath = inp.overridePath;
@@ -11960,7 +12142,7 @@ async function readAgentTemplateRow(inp) {
       );
       return null;
     }
-  } else if (existsSync19(inp.bundledPath)) {
+  } else if (existsSync20(inp.bundledPath)) {
     if (!isWithin(inp.bundledPath, inp.bundledRoot)) {
       console.error(
         `[admin/sidebar-artefacts] agent-template-read-failed agent=${inp.displayName} kind=${inp.logName} error="bundled path outside PLATFORM_ROOT"`
@@ -12002,7 +12184,7 @@ var sidebar_artefacts_default = app31;
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir4, readdir as readdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve21 } from "path";
-import { existsSync as existsSync20 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
 var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app32 = new Hono();
@@ -12066,7 +12248,7 @@ async function resolveSavePath(id, accountId, accountDir) {
   }
   if (UUID_RE4.test(id)) {
     const dir = resolve21(ATTACHMENTS_ROOT, accountId, id);
-    if (!existsSync20(dir)) {
+    if (!existsSync21(dir)) {
       return { kind: "reject", status: 400, reason: "not-found" };
     }
     try {
@@ -12090,7 +12272,7 @@ var sidebar_artefact_save_default = app32;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile6, readdir as readdir5 } from "fs/promises";
-import { existsSync as existsSync21 } from "fs";
+import { existsSync as existsSync22 } from "fs";
 import { resolve as resolve22 } from "path";
 var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app33 = new Hono();
@@ -12104,7 +12286,7 @@ app33.get("/", requireAdminSession, async (c) => {
     return new Response("Not found", { status: 404 });
   }
   const dir = resolve22(ATTACHMENTS_ROOT, accountId, id);
-  if (!existsSync21(dir)) {
+  if (!existsSync22(dir)) {
     console.error(`[admin/sidebar-artefact-content] not-found id=${id.slice(0, 8)}`);
     return new Response("Not found", { status: 404 });
   }
@@ -12165,6 +12347,140 @@ app34.route("/sidebar-artefact-save", sidebar_artefact_save_default);
 app34.route("/sidebar-artefact-content", sidebar_artefact_content_default);
 var admin_default = app34;
 
+// server/routes/sites.ts
+import { existsSync as existsSync23, readFileSync as readFileSync16, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
+import { resolve as resolve23 } from "path";
+var SAFE_SEG_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
+var MIME = {
+  ".html": "text/html; charset=utf-8",
+  ".htm": "text/html; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".js": "text/javascript; charset=utf-8",
+  ".mjs": "text/javascript; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".txt": "text/plain; charset=utf-8",
+  ".md": "text/plain; charset=utf-8",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".otf": "font/otf"
+};
+var HTML_EXTS = /* @__PURE__ */ new Set([".html", ".htm"]);
+var CSP_HTML = "default-src 'self' https: data:; script-src 'none'";
+function getExt(p) {
+  const idx = p.lastIndexOf(".");
+  if (idx < 0) return "";
+  if (idx < p.lastIndexOf("/")) return "";
+  return p.slice(idx).toLowerCase();
+}
+var app35 = new Hono();
+app35.get("/:rel{.*}", (c) => {
+  const reqPath = c.req.path;
+  const rawRel = c.req.param("rel") ?? "";
+  const trimmed = rawRel.replace(/^\/+/, "").replace(/\/+$/, "");
+  const isDirRequest = rawRel === "" || rawRel.endsWith("/") || reqPath.endsWith("/");
+  const account = resolveAccount();
+  if (!account) {
+    console.error(`[sites] no-account path=${reqPath} status=404`);
+    return c.text("Not found", 404);
+  }
+  const rawSegments = trimmed === "" ? [] : trimmed.split("/");
+  const segments = [];
+  for (const raw of rawSegments) {
+    let seg;
+    try {
+      seg = decodeURIComponent(raw);
+    } catch {
+      console.error(`[sites] path-traversal-rejected path=${reqPath} reason=segment status=403`);
+      return c.text("Forbidden", 403);
+    }
+    if (seg === ".." || seg === "." || !SAFE_SEG_RE.test(seg)) {
+      console.error(`[sites] path-traversal-rejected path=${reqPath} reason=segment status=403`);
+      return c.text("Forbidden", 403);
+    }
+    segments.push(seg);
+  }
+  const rootDir = resolve23(account.accountDir, "sites");
+  let filePath = segments.length === 0 ? rootDir : resolve23(rootDir, ...segments);
+  if (filePath !== rootDir && !filePath.startsWith(rootDir + "/")) {
+    console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
+    return c.text("Forbidden", 403);
+  }
+  let stat7;
+  try {
+    stat7 = existsSync23(filePath) ? statSync8(filePath) : null;
+  } catch {
+    stat7 = null;
+  }
+  if (stat7?.isDirectory()) {
+    filePath = resolve23(filePath, "index.html");
+  } else if (stat7 === null && isDirRequest) {
+    filePath = resolve23(filePath, "index.html");
+  }
+  if (!filePath.startsWith(rootDir + "/")) {
+    console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
+    return c.text("Forbidden", 403);
+  }
+  if (!existsSync23(filePath)) {
+    console.error(`[sites] not-found path=${reqPath} status=404`);
+    return c.text("Not found", 404);
+  }
+  let realPath;
+  let realRoot;
+  try {
+    realPath = realpathSync5(filePath);
+    realRoot = realpathSync5(rootDir);
+  } catch {
+    console.error(`[sites] not-found path=${reqPath} status=404`);
+    return c.text("Not found", 404);
+  }
+  if (realPath !== realRoot && !realPath.startsWith(realRoot + "/")) {
+    console.error(`[sites] symlink-escape-rejected path=${reqPath} real=${realPath} status=403`);
+    return c.text("Forbidden", 403);
+  }
+  let body;
+  try {
+    body = readFileSync16(realPath);
+  } catch (err) {
+    const code = err?.code;
+    if (code === "EISDIR") {
+      console.error(`[sites] not-found path=${reqPath} reason=is-directory status=404`);
+      return c.text("Not found", 404);
+    }
+    if (code === "ENOENT") {
+      console.error(`[sites] not-found path=${reqPath} status=404`);
+      return c.text("Not found", 404);
+    }
+    throw err;
+  }
+  const ext = getExt(realPath);
+  const contentType = MIME[ext] ?? "application/octet-stream";
+  const isHtml = HTML_EXTS.has(ext);
+  console.log(`[sites] serve path=${reqPath} ext=${ext || "(none)"} status=200 bytes=${body.length}`);
+  const view = Uint8Array.from(body);
+  if (isHtml) {
+    return c.body(view, 200, {
+      "Content-Type": contentType,
+      "Cache-Control": "no-cache",
+      "X-Content-Type-Options": "nosniff",
+      "Content-Security-Policy": CSP_HTML
+    });
+  }
+  return c.body(view, 200, {
+    "Content-Type": contentType,
+    "Cache-Control": "public, max-age=3600",
+    "X-Content-Type-Options": "nosniff"
+  });
+});
+var sites_default = app35;
+
 // app/lib/graph-health.ts
 var HOUR_MS = 60 * 60 * 1e3;
 var timer = null;
@@ -12265,12 +12581,12 @@ function clientFrom(c) {
 var PLATFORM_ROOT7 = process.env.MAXY_PLATFORM_ROOT || "";
 var BRAND_JSON_PATH = PLATFORM_ROOT7 ? join10(PLATFORM_ROOT7, "config", "brand.json") : "";
 var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", domain: "getmaxy.com" };
-if (BRAND_JSON_PATH && !existsSync22(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && !existsSync24(BRAND_JSON_PATH)) {
   console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
 }
-if (BRAND_JSON_PATH && existsSync22(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
-    const parsed = JSON.parse(readFileSync16(BRAND_JSON_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync17(BRAND_JSON_PATH, "utf-8"));
     BRAND = { ...BRAND, ...parsed };
   } catch (err) {
     console.error(`[brand] Failed to parse brand.json: ${err.message}`);
@@ -12292,8 +12608,8 @@ var brandLoginOpts = {
 var ALIAS_DOMAINS_PATH2 = join10(homedir2(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync22(ALIAS_DOMAINS_PATH2)) return null;
-    const parsed = JSON.parse(readFileSync16(ALIAS_DOMAINS_PATH2, "utf-8"));
+    if (!existsSync24(ALIAS_DOMAINS_PATH2)) return null;
+    const parsed = JSON.parse(readFileSync17(ALIAS_DOMAINS_PATH2, "utf-8"));
     if (!Array.isArray(parsed)) {
       console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
       return null;
@@ -12317,9 +12633,9 @@ watchFile(ALIAS_DOMAINS_PATH2, { interval: 2e3 }, () => {
 function isPublicHost(host) {
   return host.startsWith("public.") || aliasDomains.has(host);
 }
-var app35 = new Hono();
-app35.use("*", clientIpMiddleware);
-app35.use("*", async (c, next) => {
+var app36 = new Hono();
+app36.use("*", clientIpMiddleware);
+app36.use("*", async (c, next) => {
   await next();
   c.header("X-Content-Type-Options", "nosniff");
   c.header("Referrer-Policy", "strict-origin-when-cross-origin");
@@ -12339,10 +12655,11 @@ var PUBLIC_ALLOWED_PREFIXES = [
   "/brand/",
   "/agent-assets/",
   "/generated/",
-  "/g/"
+  "/g/",
+  "/sites/"
 ];
 var PUBLIC_ALLOWED_EXACT = ["/favicon.ico"];
-app35.use("*", async (c, next) => {
+app36.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (!isPublicHost(host)) {
     await next();
@@ -12382,7 +12699,7 @@ function resolveRemoteAuthOpts() {
   return brandLoginOpts;
 }
 var MAX_LOGIN_BODY = 8 * 1024;
-app35.post("/__remote-auth/login", async (c) => {
+app36.post("/__remote-auth/login", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   if (!requestIsTlsTerminated(c)) {
@@ -12426,7 +12743,7 @@ app35.post("/__remote-auth/login", async (c) => {
     }
   });
 });
-app35.get("/__remote-auth/logout", (c) => {
+app36.get("/__remote-auth/logout", (c) => {
   return new Response(null, {
     status: 302,
     headers: {
@@ -12436,7 +12753,7 @@ app35.get("/__remote-auth/logout", (c) => {
     }
   });
 });
-app35.post("/__remote-auth/change-password", async (c) => {
+app36.post("/__remote-auth/change-password", async (c) => {
   const client = clientFrom(c);
   const clientIp = client.ip || "unknown";
   const rateLimited = checkRateLimit(client);
@@ -12486,13 +12803,13 @@ app35.post("/__remote-auth/change-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Failed to save password", redirect }), 200);
   }
 });
-app35.get("/__remote-auth/setup", (c) => {
+app36.get("/__remote-auth/setup", (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup" }), 200);
 });
-app35.post("/__remote-auth/set-initial-password", async (c) => {
+app36.post("/__remote-auth/set-initial-password", async (c) => {
   if (isRemoteAuthConfigured()) {
     return c.redirect("/");
   }
@@ -12528,17 +12845,17 @@ app35.post("/__remote-auth/set-initial-password", async (c) => {
     return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
   }
 });
-app35.get("/api/remote-auth/status", (c) => {
+app36.get("/api/remote-auth/status", (c) => {
   return c.json({ configured: isRemoteAuthConfigured() });
 });
-app35.post("/api/remote-auth/set-password", async (c) => {
+app36.post("/api/remote-auth/set-password", async (c) => {
   let body;
   try {
     body = await c.req.json();
   } catch {
     return c.json({ error: "Invalid request" }, 400);
   }
-  if (!body.session_key || !validateSession(body.session_key, "admin")) {
+  if (!body.session_key || !validateSession(body.session_key, "admin").ok) {
     return c.json({ error: "Unauthorized" }, 401);
   }
   if (!body.password) {
@@ -12561,9 +12878,9 @@ app35.post("/api/remote-auth/set-password", async (c) => {
     return c.json({ error: "Failed to save password" }, 500);
   }
 });
-app35.route("/api/_client-error", client_error_default);
+app36.route("/api/_client-error", client_error_default);
 console.log("[client-error-route] mounted");
-app35.use("*", async (c, next) => {
+app36.use("*", async (c, next) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   const path2 = c.req.path;
   if (path2 === "/favicon.ico" || path2.startsWith("/assets/") || path2.startsWith("/brand/")) {
@@ -12596,15 +12913,15 @@ app35.use("*", async (c, next) => {
   console.error(`[remote-auth] login required ip=${clientIp} path=${path2} ${disambig}`);
   return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), redirect: path2 }), 200);
 });
-app35.route("/api/health", health_default);
-app35.route("/api/session", session_default);
-app35.route("/api/chat", chat_default);
-app35.route("/api/group", group_default);
-app35.route("/api/access", access_default);
-app35.route("/api/telegram", telegram_default);
-app35.route("/api/whatsapp", whatsapp_default);
-app35.route("/api/onboarding", onboarding_default);
-app35.route("/api/admin", admin_default);
+app36.route("/api/health", health_default);
+app36.route("/api/session", session_default);
+app36.route("/api/chat", chat_default);
+app36.route("/api/group", group_default);
+app36.route("/api/access", access_default);
+app36.route("/api/telegram", telegram_default);
+app36.route("/api/whatsapp", whatsapp_default);
+app36.route("/api/onboarding", onboarding_default);
+app36.route("/api/admin", admin_default);
 var SAFE_SLUG_RE = /^[a-z][a-z0-9-]{2,49}$/;
 var SAFE_FILENAME_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var IMAGE_MIME = {
@@ -12616,7 +12933,7 @@ var IMAGE_MIME = {
   ".svg": "image/svg+xml",
   ".ico": "image/x-icon"
 };
-app35.get("/agent-assets/:slug/:filename", (c) => {
+app36.get("/agent-assets/:slug/:filename", (c) => {
   const slug = c.req.param("slug");
   const filename = c.req.param("filename");
   if (!SAFE_SLUG_RE.test(slug)) {
@@ -12632,26 +12949,26 @@ app35.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] no-account slug=${slug} file=${filename}`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve23(account.accountDir, "agents", slug, "assets", filename);
-  const expectedDir = resolve23(account.accountDir, "agents", slug, "assets");
+  const filePath = resolve24(account.accountDir, "agents", slug, "assets", filename);
+  const expectedDir = resolve24(account.accountDir, "agents", slug, "assets");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync22(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[agent-assets] serve slug=${slug} file=${filename} status=200`);
-  const body = readFileSync16(filePath);
+  const body = readFileSync17(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=3600"
   });
 });
-app35.get("/generated/:filename", (c) => {
+app36.get("/generated/:filename", (c) => {
   const filename = c.req.param("filename");
   if (!SAFE_FILENAME_RE.test(filename) || filename.includes("..")) {
     console.error(`[generated] serve file=${filename} status=403`);
@@ -12662,31 +12979,32 @@ app35.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
-  const filePath = resolve23(account.accountDir, "generated", filename);
-  const expectedDir = resolve23(account.accountDir, "generated");
+  const filePath = resolve24(account.accountDir, "generated", filename);
+  const expectedDir = resolve24(account.accountDir, "generated");
   if (!filePath.startsWith(expectedDir + "/")) {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync22(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[generated] serve file=${filename} status=200`);
-  const body = readFileSync16(filePath);
+  const body = readFileSync17(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=86400"
   });
 });
+app36.route("/sites", sites_default);
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
-if (BRAND_JSON_PATH && existsSync22(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
-    const fullBrand = JSON.parse(readFileSync16(BRAND_JSON_PATH, "utf-8"));
+    const fullBrand = JSON.parse(readFileSync17(BRAND_JSON_PATH, "utf-8"));
     if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
     brandIconPath = fullBrand.assets?.icon ? `/brand/${fullBrand.assets.icon}` : brandLogoPath;
   } catch {
@@ -12704,8 +13022,8 @@ function readInstalledVersion() {
   try {
     if (!PLATFORM_ROOT7) return "unknown";
     const versionFile = join10(PLATFORM_ROOT7, "config", `.${BRAND.hostname}-version`);
-    if (!existsSync22(versionFile)) return "unknown";
-    const content = readFileSync16(versionFile, "utf-8").trim();
+    if (!existsSync24(versionFile)) return "unknown";
+    const content = readFileSync17(versionFile, "utf-8").trim();
     return content || "unknown";
   } catch {
     return "unknown";
@@ -12746,7 +13064,7 @@ var clientErrorReporterScript = `<script>
 function cachedHtml(file) {
   let html = htmlCache.get(file);
   if (!html) {
-    html = readFileSync16(resolve23(process.cwd(), "public", file), "utf-8");
+    html = readFileSync17(resolve24(process.cwd(), "public", file), "utf-8");
     const productNameEsc = escapeHtml(BRAND.productName);
     html = html.replace(/<title>([^<]*)<\/title>/, (_match, inner) => `<title>${escapeHtml(inner).replace(/Maxy/g, productNameEsc)}</title>`);
     html = html.replace('href="/favicon.ico"', `href="${escapeHtml(brandFaviconPath)}"`);
@@ -12765,13 +13083,13 @@ function loadBrandingCache(agentSlug) {
   const configDir2 = join10(homedir2(), BRAND.configDir);
   try {
     const accountJsonPath = join10(configDir2, "account.json");
-    if (!existsSync22(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync16(accountJsonPath, "utf-8"));
+    if (!existsSync24(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync17(accountJsonPath, "utf-8"));
     const accountId = account.accountId;
     if (!accountId) return null;
     const cachePath = join10(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
-    if (!existsSync22(cachePath)) return null;
-    return JSON.parse(readFileSync16(cachePath, "utf-8"));
+    if (!existsSync24(cachePath)) return null;
+    return JSON.parse(readFileSync17(cachePath, "utf-8"));
   } catch {
     return null;
   }
@@ -12780,8 +13098,8 @@ function resolveDefaultSlug() {
   try {
     const configDir2 = join10(homedir2(), BRAND.configDir);
     const accountJsonPath = join10(configDir2, "account.json");
-    if (!existsSync22(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync16(accountJsonPath, "utf-8"));
+    if (!existsSync24(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync17(accountJsonPath, "utf-8"));
     return account.defaultAgent || null;
   } catch {
     return null;
@@ -12817,7 +13135,7 @@ function brandedPublicHtml(agentSlug) {
 function escapeHtml(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
-app35.get("/", (c) => {
+app36.get("/", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) {
     const defaultSlug = resolveDefaultSlug();
@@ -12825,12 +13143,12 @@ app35.get("/", (c) => {
   }
   return c.html(cachedHtml("index.html"));
 });
-app35.get("/public", (c) => {
+app36.get("/public", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
 });
-app35.get("/chat", (c) => {
+app36.get("/chat", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("public.html"));
@@ -12849,12 +13167,12 @@ async function logViewerFetch(c, next) {
     duration_ms: Date.now() - start
   });
 }
-app35.use("/vnc-viewer.html", logViewerFetch);
-app35.use("/vnc-popout.html", logViewerFetch);
-app35.get("/vnc-popout.html", (c) => {
+app36.use("/vnc-viewer.html", logViewerFetch);
+app36.use("/vnc-popout.html", logViewerFetch);
+app36.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
-    html = readFileSync16(resolve23(process.cwd(), "public", "vnc-popout.html"), "utf-8");
+    html = readFileSync17(resolve24(process.cwd(), "public", "vnc-popout.html"), "utf-8");
     const name = escapeHtml(BRAND.productName);
     html = html.replace("<title>Browser \u2014 Maxy</title>", `<title>${name}</title>`);
     html = html.replace("</head>", `  ${brandScript}
@@ -12864,7 +13182,7 @@ app35.get("/vnc-popout.html", (c) => {
   }
   return c.html(html);
 });
-app35.post("/api/vnc/client-event", async (c) => {
+app36.post("/api/vnc/client-event", async (c) => {
   let body;
   try {
     body = await c.req.json();
@@ -12885,20 +13203,20 @@ app35.post("/api/vnc/client-event", async (c) => {
   });
   return c.json({ ok: true });
 });
-app35.get("/g/:slug", (c) => {
+app36.get("/g/:slug", (c) => {
   return c.html(brandedPublicHtml());
 });
-app35.get("/graph", (c) => {
+app36.get("/graph", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("graph.html"));
 });
-app35.get("/data", (c) => {
+app36.get("/data", (c) => {
   const host = (c.req.header("host") ?? "").split(":")[0];
   if (isPublicHost(host)) return c.text("Not found", 404);
   return c.html(cachedHtml("data.html"));
 });
-app35.get("/:slug", async (c, next) => {
+app36.get("/:slug", async (c, next) => {
   const slug = c.req.param("slug");
   if (AGENT_SLUG_PATTERN.test(`/${slug}`)) {
     const branding = loadBrandingCache(slug);
@@ -12907,10 +13225,10 @@ app35.get("/:slug", async (c, next) => {
   }
   await next();
 });
-app35.use("/*", serveStatic({ root: "./public" }));
+app36.use("/*", serveStatic({ root: "./public" }));
 var port = parseInt(process.env.MAXY_UI_INTERNAL_PORT ?? process.env.PORT ?? "19199", 10);
 var hostname = process.env.HOSTNAME ?? "127.0.0.1";
-var httpServer = serve({ fetch: app35.fetch, port, hostname });
+var httpServer = serve({ fetch: app36.fetch, port, hostname });
 console.log(`${BRAND.productName} listening on http://${hostname}:${port}`);
 var SUBAPP_MANIFEST = [
   { prefix: "/api/health", file: "server/routes/health.ts", subapp: health_default },
@@ -12930,7 +13248,7 @@ for (const m of SUBAPP_MANIFEST) {
 }
 try {
   const registered = [];
-  for (const r of app35.routes ?? []) {
+  for (const r of app36.routes ?? []) {
     if (typeof r.path !== "string" || r.path.includes(":") || r.path.includes("*")) continue;
     if (AGENT_SLUG_PATTERN.test(r.path)) {
       registered.push({ method: (r.method ?? "ALL").toUpperCase(), path: r.path });
@@ -12944,8 +13262,8 @@ try {
 (async () => {
   try {
     let userId = "";
-    if (existsSync22(USERS_FILE)) {
-      const users = JSON.parse(readFileSync16(USERS_FILE, "utf-8").trim() || "[]");
+    if (existsSync24(USERS_FILE)) {
+      const users = JSON.parse(readFileSync17(USERS_FILE, "utf-8").trim() || "[]");
       userId = users[0]?.userId ?? "";
     }
     await backfillNullUserIdConversations(userId);
@@ -12953,6 +13271,13 @@ try {
     console.error(`[session] backfill startup failed: ${err instanceof Error ? err.message : String(err)}`);
   }
 })();
+(async () => {
+  try {
+    await runBootMigrations();
+  } catch (err) {
+    console.error(`[migration] runBootMigrations rejected: ${err instanceof Error ? err.message : String(err)}`);
+  }
+})();
 (async () => {
   try {
     await startReviewDetector();
@@ -12964,7 +13289,7 @@ startGraphHealthTimer();
 var configDirForWhatsApp = basename7(MAXY_DIR) || ".maxy";
 var bootAccount = resolveAccount();
 var bootAccountConfig = bootAccount?.config;
-var bootPublicAgent = bootAccount ? getPublicAgent(bootAccount.accountDir) : null;
+var bootPublicAgent = bootAccount ? resolvePublicAgent(bootAccount.accountDir, { accountId: bootAccount.accountId })?.slug ?? null : null;
 var bootEntitlement = bootAccountConfig ? resolveEntitlement(
   { configDir: MAXY_DIR, platformRoot: PLATFORM_ROOT, commercialMode: COMMERCIAL_MODE },
   {
@@ -13005,7 +13330,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve23(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
+  platformRoot: resolve24(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {
@@ -13029,12 +13354,20 @@ init({
       if (msg.agentType === "admin") {
         agentName = "admin";
       } else {
-        const publicAgentSlug = bootAccount ? getPublicAgent(bootAccount.accountDir) : null;
-        if (!publicAgentSlug) {
-          console.error(`[whatsapp:route] rejected: no publicAgent configured account=${msg.accountId} from=${msg.senderPhone}`);
+        const resolved = bootAccount ? resolvePublicAgent(bootAccount.accountDir, { accountId: msg.accountId, groupJid: msg.groupJid }) : null;
+        console.error(`[whatsapp:route] resolved publicAgent account=${msg.accountId} groupJid=${msg.groupJid ?? "none"} source=${resolved?.source ?? "null"} slug=${resolved?.slug ?? "none"}`);
+        if (!resolved) {
+          console.error(`[whatsapp:route] rejected: no publicAgent configured account=${msg.accountId} groupJid=${msg.groupJid ?? "none"} from=${msg.senderPhone}`);
           return;
         }
-        agentName = publicAgentSlug;
+        if (bootAccount) {
+          const agentConfigPath = resolveBoot(bootAccount.accountDir, "agents", resolved.slug, "config.json");
+          if (!existsSyncBoot(agentConfigPath)) {
+            console.error(`[whatsapp:route] rejected: slug-missing-agent-dir account=${msg.accountId} groupJid=${msg.groupJid ?? "none"} slug=${resolved.slug} source=${resolved.source} expected=${agentConfigPath}`);
+            return;
+          }
+        }
+        agentName = resolved.slug;
       }
       let enrichedText = msg.text || msg.mediaPath || msg.mediaType || msg.replyContext ? buildEnrichedText2(msg.text ?? "") : "";
       if (msg.sessionKey) {