@rubytech/create-realagent 1.0.816 → 1.0.817

package/payload/server/server.js

@@ -6,7 +6,6 @@ import {
   TELEGRAM_ADMIN_WEBHOOK_SECRET_FILE,
   TELEGRAM_WEBHOOK_SECRET_FILE,
   USERS_FILE,
-  actionLogPath,
   autoDeliverPremiumPlugins,
   buildX11Env,
   callOauthLlm,
@@ -30,7 +29,6 @@ import {
   launchAction,
   load,
   logPath,
-  reconcileCloudflareSetupFromLog,
   recordFailedAttempt,
   render,
   renderLoginPage,
@@ -53,7 +51,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-Y3UQFQM7.js";
+} from "./chunk-P3HTEK33.js";
 import {
   agentLogStream,
   clearSessionHistory,
@@ -620,8 +618,8 @@ var serveStatic = (options = { root: "" }) => {
 };
 
 // server/index.ts
-import { readFileSync as readFileSync19, existsSync as existsSync25, watchFile } from "fs";
-import { resolve as resolve25, join as join11, basename as basename7 } from "path";
+import { readFileSync as readFileSync18, existsSync as existsSync24, watchFile } from "fs";
+import { resolve as resolve25, join as join10, basename as basename7 } from "path";
 import { homedir as homedir2 } from "os";
 
 // app/lib/agent-slug-pattern.ts
@@ -807,52 +805,6 @@ function defaultRules() {
       scope: "session",
       suggestedAction: "The WebFetch SPA preflight has fired more than once in this conversation. Either the agent is ignoring the loud-failure directive (retrying WebFetch after seeing WEBFETCH_CANNOT_READ_JS_SPA), or multiple SPA URLs are being asked about. Read the conversation's stream log for the [tool-use] / [tool-result] sequence around each occurrence \u2014 if the agent dispatched WebFetch on the same URL or substituted Playwright silently, revisit the IDENTITY.md `Tool Failure Discipline` paragraph that names structured-error handling."
     },
-    {
-      // Task 867 — fires when setup-tunnel.sh emits step=done but no
-      // `[persist] role=user … Cloudflare setup completed (actionId: <id>)`
-      // line appears within 60s. Covers the three failure modes of the
-      // action-relay-queue plumbing: queue-write failed, boot-drain consumer
-      // skipped the record, or the agent's hoisted persist threw. The
-      // followup pattern is intentionally narrow to the cloudflare-setup
-      // relay shape (not a general "any user persist") so a benign user
-      // typing in chat does not satisfy the followup. logSource=any so
-      // the rule sees both the script tee (in stream logs / server.log)
-      // and the [persist] line (server.log).
-      id: "cloudflare-setup-relay-not-acknowledged",
-      name: "Cloudflare-setup completed but the chat relay never acknowledged",
-      type: "absent-followup",
-      logSource: "any",
-      pattern: "\\[script:setup-tunnel\\] step=done",
-      followupPattern: "\\[persist\\] .*role=user.* Cloudflare setup completed \\(actionId:",
-      followupWindowMs: 6e4,
-      thresholdCount: 0,
-      thresholdWindowMinutes: 0,
-      suggestedAction: "[Task 867] cloudflare-setup completed but the post-action relay never reached the chat history. Check `[action-relay-queue] phase=enqueued` (queue write), `[action-completion-relay] phase=consumed` (boot-drain ran), and `[persist] role=user \u2026 Cloudflare setup completed` (graph write). One of those is missing; the matching grep recipe is in the Task 867 brief Observability section."
-    },
-    {
-      // Task 879 §C — onboarding turn-completion contract: any assistant
-      // turn that narrates a step transition with a non-question-terminated
-      // phrase ("Moving to step 9 — operator persona...", "Step 8 done.")
-      // must be followed within 30s by either a `render-component` call
-      // (the next step's UI surfaces) or `onboarding-complete-step`
-      // (deterministic step advance). The trigger pattern matches the
-      // `[onboarding-step-narration]` line written by stream-parser at the
-      // assistant text block emit site (only for non-question phrases).
-      // Operator's symptom in Task 879's evidence: "Moving to step 9..."
-      // followed by 4 minutes of silence until the operator nudged with
-      // "yeah, so?" — exact failure shape this rule catches.
-      id: "assistant-step-advance-deadend",
-      name: "Onboarding step-advance narration without follow-up tool call",
-      type: "absent-followup",
-      logSource: "session",
-      pattern: "\\[onboarding-step-narration\\]",
-      followupPattern: "\\[render-component\\]|\\[tool-use\\][^\\n]*name=mcp__admin__onboarding-complete-step",
-      followupWindowMs: 3e4,
-      thresholdCount: 0,
-      thresholdWindowMinutes: 0,
-      scope: "session",
-      suggestedAction: '[Task 879 \xA7C] An onboarding turn narrated a step transition (e.g. "Moving to step N", "Step N done.") but did not render a component or call `onboarding-complete-step` within 30s. The operator is left with a dead-end paragraph and no actionable surface. Check the `platform/plugins/admin/skills/onboarding/SKILL.md` Turn-completion contract section \u2014 the agent must end any step-advance turn with `render-component` or a `?`-terminated question, never bare prose.'
-    },
     {
       // Task 538: fires when a [spawn] line appears in a conversation's stream
       // log but no subprocess-lifecycle marker follows within 10s. The three
@@ -8375,7 +8327,7 @@ app9.post("/", async (c) => {
       const safe = typeof v === "string" ? truncate(v, 200) : typeof v === "number" || typeof v === "boolean" ? String(v) : JSON.stringify(v).slice(0, 200);
       return `${k}=${safe}`;
     }).join(" ");
-    const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set(["admin-chat-relay-poll"]);
+    const TAGGED_PREFIX_SOURCES = /* @__PURE__ */ new Set([]);
     if (TAGGED_PREFIX_SOURCES.has(source)) {
       console.log(
         `[${source}] ts=${ts} ip=${ip} version=${version || "unknown"}${extra ? " " + extra : ""}`
@@ -8597,39 +8549,6 @@ app10.post("/", async (c) => {
   const payload = await createAdminSession(selected.accountId, selected.config.thinkingView, userId, userName, selected.role, avatar);
   return c.json(payload);
 });
-app10.post("/rebind", async (c) => {
-  let body;
-  try {
-    body = await c.req.json();
-  } catch {
-    return c.json({ ok: false, error: "invalid_json" }, 400);
-  }
-  const sessionKey = typeof body.session_key === "string" ? body.session_key : "";
-  const conversationId = typeof body.lastKnownConversationId === "string" ? body.lastKnownConversationId : "";
-  if (!sessionKey || !conversationId) {
-    return c.json({ ok: false, error: "session_key and lastKnownConversationId required" }, 400);
-  }
-  const sk8 = sessionKey.slice(0, 8);
-  const cid8 = conversationId.slice(0, 8);
-  const bridge = await tryCookieBridgeForConversation(c, sessionKey, conversationId);
-  if (!bridge.ok) {
-    console.log(`[admin/session/rebind] sessionKey=${sk8}\u2026 result=bridge-rejected reason=${bridge.reason} conversationId=${cid8}\u2026`);
-    const status = bridge.reason === "conversation-not-found" ? 404 : bridge.reason === "account-mismatch" ? 403 : 401;
-    return c.json({ ok: false, error: bridge.reason }, status);
-  }
-  const existing = getConversationIdForSession(sessionKey);
-  if (existing && existing !== conversationId) {
-    console.log(`[admin/session/rebind] sessionKey=${sk8}\u2026 result=conflict conversationId=${existing.slice(0, 8)}\u2026 requested=${cid8}\u2026`);
-    return c.json({ ok: false, error: "conflict", conversationId: existing }, 409);
-  }
-  const bound = setConversationIdForSession(sessionKey, conversationId);
-  if (!bound) {
-    console.error(`[admin/session/rebind] sessionKey=${sk8}\u2026 result=bind-failed conversationId=${cid8}\u2026 (post-bridge session-store missing \u2014 programmer error)`);
-    return c.json({ ok: false, error: "bind_failed" }, 500);
-  }
-  console.log(`[admin/session/rebind] sessionKey=${sk8}\u2026 result=ok conversationId=${cid8}\u2026`);
-  return c.json({ ok: true, conversationId });
-});
 var session_default2 = app10;
 
 // server/routes/admin/chat.ts
@@ -9860,13 +9779,14 @@ app17.delete("/:id", requireAdminSession, async (c) => {
     return c.json({ error: "Failed to delete session" }, 500);
   }
 });
-app17.get("/:id/messages", async (c) => {
+app17.post("/:id/resume", async (c) => {
   const conversationId = c.req.param("id");
   const sessionKey = c.req.query("session_key") ?? "";
   if (!sessionKey) {
     console.error(`[session] middleware-reject status=400 code=session-missing reason="session_key required" path=${c.req.path}`);
     return c.json({ error: "session_key required", code: "session-missing" }, 400);
   }
+  let bridged = false;
   let result = validateSession(sessionKey, "admin");
   if (!result.ok) {
     if (result.reason === "session-not-registered") {
@@ -9879,6 +9799,7 @@ app17.get("/:id/messages", async (c) => {
         console.error(`[session] middleware-reject status=401 code=session-not-registered reason="cookie-bridge-rejected:${bridge.reason}" path=${c.req.path} sessionKey=${tail}\u2026`);
         return c.json({ error: "Invalid or expired admin session", code: "session-not-registered" }, 401);
       }
+      bridged = true;
       result = validateSession(sessionKey, "admin");
       if (!result.ok) {
         const tail = sessionKey.slice(0, 8);
@@ -9893,34 +9814,12 @@ app17.get("/:id/messages", async (c) => {
     }
   }
   const accountId = getAccountIdForSession(sessionKey);
-  if (!accountId) return c.json({ error: "Account not found for session" }, 401);
-  const owned = await verifyConversationOwnership(conversationId, accountId);
-  if (!owned) return c.json({ error: "Conversation not found" }, 404);
-  try {
-    const messages = await getRecentMessages(conversationId, 50);
-    const sanitised = messages.map((m) => ({
-      ...m,
-      attachments: m.attachments.map((a) => ({
-        attachmentId: a.attachmentId,
-        filename: a.filename,
-        mimeType: a.mimeType,
-        sizeBytes: a.sizeBytes,
-        ordinal: a.ordinal
-      }))
-    }));
-    return c.json({ messages: sanitised });
-  } catch (err) {
-    console.error(`[sessions-messages] Failed: ${err instanceof Error ? err.message : String(err)}`);
-    return c.json({ error: "Failed to fetch messages" }, 500);
-  }
-});
-app17.post("/:id/resume", requireAdminSession, async (c) => {
-  const conversationId = c.req.param("id");
-  const sessionKey = c.var.sessionKey;
-  const accountId = getAccountIdForSession(sessionKey);
   const userId = getUserIdForSession(sessionKey);
-  if (!accountId || !userId) {
-    return c.json({ error: "Session missing account or user context" }, 400);
+  if (!accountId) {
+    return c.json({ error: "Session missing account context" }, 400);
+  }
+  if (!userId && !bridged) {
+    return c.json({ error: "Session missing user context" }, 400);
   }
   const updatedAt = await verifyAndGetConversationUpdatedAt(conversationId, accountId);
   if (updatedAt === null) return c.json({ error: "Conversation not found" }, 404);
@@ -9975,8 +9874,9 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
   });
   const textRuns = rehydrated.reduce((n, m) => n + (m.events?.filter((e) => e.type === "text").length ?? 0), 0);
   const userMessageCount = rehydrated.filter((m) => m.role !== "assistant").length;
+  const reason = bridged ? "post-restart" : "page-refresh";
   try {
-    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents} userAttachmentCount=${totalAttachments}
+    appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [admin-resume] reason=${reason} sessionKey=${sessionKey.slice(0, 8)} conversationId=${conversationId.slice(0, 8)} ${tag} loadedMessages=${messages.length} componentCount=${totalComponents} userAttachmentCount=${totalAttachments}
 `);
     if (totalComponents > 0) {
       appendFileSync5(streamLogPath, `[${(/* @__PURE__ */ new Date()).toISOString()}] [component-rehydrate] conversationId=${conversationId.slice(0, 8)} count=${totalComponents} valid=${totalValid} invalid=${totalInvalid} textRuns=${textRuns}
@@ -9989,7 +9889,7 @@ app17.post("/:id/resume", requireAdminSession, async (c) => {
   } catch {
   }
   const age = formatAge(updatedAt);
-  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
+  console.log(`[admin-resume] ${(/* @__PURE__ */ new Date()).toISOString()} reason=${reason} conversationId=${conversationId.slice(0, 8)}\u2026 age=${age} loaded=${messages.length} messages ${tag} components=${totalComponents} attachments=${totalAttachments} sessionKey=${sessionKey.slice(0, 8)}\u2026`);
   return c.json({ conversationId, messages: rehydrated });
 });
 app17.post("/:id/label", requireAdminSession, async (c) => {
@@ -10116,13 +10016,13 @@ async function cdpNavigateNewTab(url, opts = {}) {
 // server/routes/admin/device-browser.ts
 var app19 = new Hono();
 app19.post("/navigate", async (c) => {
-  const TAG20 = "[device-url:click]";
+  const TAG19 = "[device-url:click]";
   let body;
   try {
     body = await c.req.json();
   } catch (err) {
     const detail = err instanceof Error ? err.message : String(err);
-    console.error(`${TAG20} reject reason=body-not-json detail=${detail} browser=fallback navigateResult=error`);
+    console.error(`${TAG19} reject reason=body-not-json detail=${detail} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "Request body was not valid JSON" },
       400
@@ -10132,7 +10032,7 @@ app19.post("/navigate", async (c) => {
   const intent = typeof body.intent === "string" ? body.intent : "";
   const hostname2 = typeof body.hostname === "string" ? body.hostname : "";
   if (!url) {
-    console.error(`${TAG20} reject reason=missing-url intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`);
+    console.error(`${TAG19} reject reason=missing-url intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "url field is required" },
       400
@@ -10142,7 +10042,7 @@ app19.post("/navigate", async (c) => {
   try {
     parsed = new URL(url);
   } catch {
-    console.error(`${TAG20} reject reason=url-malformed intent=${JSON.stringify(intent)} url=${url} browser=fallback navigateResult=error`);
+    console.error(`${TAG19} reject reason=url-malformed intent=${JSON.stringify(intent)} url=${url} browser=fallback navigateResult=error`);
     return c.json(
       { ok: false, navigateResult: "error", browser: "fallback", detail: "url is not a valid URL" },
       400
@@ -10150,7 +10050,7 @@ app19.post("/navigate", async (c) => {
   }
   if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
     console.error(
-      `${TAG20} reject reason=scheme-not-allowed scheme=${parsed.protocol} intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`
+      `${TAG19} reject reason=scheme-not-allowed scheme=${parsed.protocol} intent=${JSON.stringify(intent)} browser=fallback navigateResult=error`
     );
     return c.json(
       {
@@ -10166,7 +10066,7 @@ app19.post("/navigate", async (c) => {
   const cdpOk = await ensureCdp(transport);
   if (!cdpOk) {
     console.error(
-      `${TAG20} intent=${JSON.stringify(intent)} browser=fallback navigateResult=cdp-unreachable hostname=${JSON.stringify(hostname2)}`
+      `${TAG19} intent=${JSON.stringify(intent)} browser=fallback navigateResult=cdp-unreachable hostname=${JSON.stringify(hostname2)}`
     );
     return c.json(
       {
@@ -10182,7 +10082,7 @@ app19.post("/navigate", async (c) => {
   const browser = outcome.result === "ok" ? "vnc" : "fallback";
   const detailStr = outcome.detail ? ` detail=${JSON.stringify(outcome.detail.length > 230 ? outcome.detail.slice(0, 227) + "..." : outcome.detail)}` : "";
   console.error(
-    `${TAG20} intent=${JSON.stringify(intent)} browser=${browser} navigateResult=${outcome.result} hostname=${JSON.stringify(hostname2)} targetId=${outcome.targetId ?? "none"}${detailStr}`
+    `${TAG19} intent=${JSON.stringify(intent)} browser=${browser} navigateResult=${outcome.result} hostname=${JSON.stringify(hostname2)} targetId=${outcome.targetId ?? "none"}${detailStr}`
   );
   if (outcome.result !== "ok") {
     return c.json(
@@ -10213,18 +10113,18 @@ var ALLOWED_EVENTS = /* @__PURE__ */ new Set([
 ]);
 var app20 = new Hono();
 app20.post("/", async (c) => {
-  const TAG20 = "[admin:events]";
+  const TAG19 = "[admin:events]";
   let body;
   try {
     body = await c.req.json();
   } catch (err) {
     const detail = err instanceof Error ? err.message : String(err);
-    console.error(`${TAG20} reject reason=body-not-json detail=${detail}`);
+    console.error(`${TAG19} reject reason=body-not-json detail=${detail}`);
     return c.json({ ok: false, detail: "Request body was not valid JSON" }, 400);
   }
   const event = typeof body.event === "string" ? body.event : "";
   if (!ALLOWED_EVENTS.has(event)) {
-    console.error(`${TAG20} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
+    console.error(`${TAG19} reject reason=event-not-allowed event=${JSON.stringify(event)}`);
     return c.json({ ok: false, detail: `Event "${event}" is not allowed` }, 400);
   }
   const rawFields = body.fields && typeof body.fields === "object" ? body.fields : {};
@@ -10248,7 +10148,7 @@ var events_default = app20;
 // server/routes/admin/cloudflare.ts
 import { homedir } from "os";
 import { resolve as resolve18 } from "path";
-import { readFileSync as readFileSync17 } from "fs";
+import { readFileSync as readFileSync16 } from "fs";
 
 // app/lib/dns-label.ts
 var VALID_LABEL = /^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?$/;
@@ -10286,131 +10186,14 @@ function addAliasDomain(hostname2) {
   writeFileSync9(ALIAS_DOMAINS_PATH, JSON.stringify([...existing], null, 2) + "\n", "utf-8");
 }
 
-// app/lib/action-relay-queue.ts
-import {
-  existsSync as existsSync20,
-  mkdirSync as mkdirSync9,
-  readdirSync as readdirSync6,
-  readFileSync as readFileSync16,
-  unlinkSync as unlinkSync2,
-  writeFileSync as writeFileSync10
-} from "fs";
-import { join as join9 } from "path";
-var TAG19 = "[action-relay-queue]";
-var FILE_PREFIX = "action-completion-relay-";
-var FILE_SUFFIX = ".json";
-function queueDir(accountDir) {
-  return join9(accountDir, "queue");
-}
-function relayFilePath(accountDir, actionId) {
-  return join9(queueDir(accountDir), `${FILE_PREFIX}${actionId}${FILE_SUFFIX}`);
-}
-function enqueueActionCompletionRelay(opts) {
-  const dir = queueDir(opts.accountDir);
-  mkdirSync9(dir, { recursive: true });
-  const filePath = relayFilePath(opts.accountDir, opts.actionId);
-  const record = {
-    actionId: opts.actionId,
-    conversationId: opts.conversationId,
-    message: opts.message,
-    queuedAt: (/* @__PURE__ */ new Date()).toISOString()
-  };
-  const body = JSON.stringify(record);
-  try {
-    writeFileSync10(filePath, body, { flag: "wx", encoding: "utf-8" });
-    console.log(
-      `${TAG19} phase=enqueued actionId=${opts.actionId} conversationId=${opts.conversationId} path=${filePath} bytes=${Buffer.byteLength(body, "utf-8")}`
-    );
-    return { enqueued: true, path: filePath };
-  } catch (e) {
-    if (e.code === "EEXIST") {
-      console.log(
-        `${TAG19} phase=enqueue-skipped actionId=${opts.actionId} reason=already-queued`
-      );
-      return { enqueued: false, reason: "already-queued", path: filePath };
-    }
-    throw e;
-  }
-}
-function consumeActionCompletionRelays(accountDir) {
-  const dir = queueDir(accountDir);
-  if (!existsSync20(dir)) return [];
-  let entries;
-  try {
-    entries = readdirSync6(dir);
-  } catch (e) {
-    console.error(
-      `${TAG19} phase=readdir-failed dir=${dir} error=${e instanceof Error ? e.message : String(e)}`
-    );
-    return [];
-  }
-  const records = [];
-  for (const name of entries) {
-    if (!name.startsWith(FILE_PREFIX) || !name.endsWith(FILE_SUFFIX)) continue;
-    const filePath = join9(dir, name);
-    let raw;
-    try {
-      raw = readFileSync16(filePath, "utf-8");
-    } catch (e) {
-      console.error(
-        `${TAG19} phase=read-failed file=${name} error=${e instanceof Error ? e.message : String(e)}`
-      );
-      continue;
-    }
-    let parsed;
-    try {
-      parsed = JSON.parse(raw);
-    } catch (e) {
-      console.error(
-        `${TAG19} phase=parse-failed file=${name} error=${e instanceof Error ? e.message : String(e)}`
-      );
-      continue;
-    }
-    if (!isActionCompletionRelay(parsed)) {
-      console.error(
-        `${TAG19} phase=shape-invalid file=${name} keys=${parsed && typeof parsed === "object" ? Object.keys(parsed).join(",") : "non-object"}`
-      );
-      continue;
-    }
-    records.push({ rec: parsed, filePath });
-  }
-  records.sort((a, b) => a.rec.queuedAt.localeCompare(b.rec.queuedAt));
-  const out = [];
-  const now = Date.now();
-  for (const { rec, filePath } of records) {
-    const queuedAtMs = Date.parse(rec.queuedAt);
-    const ageMs = Number.isFinite(queuedAtMs) ? now - queuedAtMs : 0;
-    out.push({ ...rec, ageMs, filePath });
-  }
-  return out;
-}
-function deleteConsumedRelay(filePath) {
-  try {
-    unlinkSync2(filePath);
-  } catch (e) {
-    const code = e.code;
-    if (code !== "ENOENT") {
-      console.error(
-        `${TAG19} phase=unlink-failed file=${filePath} error=${e instanceof Error ? e.message : String(e)}`
-      );
-    }
-  }
-}
-function isActionCompletionRelay(value) {
-  if (!value || typeof value !== "object") return false;
-  const v = value;
-  return typeof v.actionId === "string" && typeof v.conversationId === "string" && typeof v.message === "string" && typeof v.queuedAt === "string";
-}
-
 // server/routes/admin/cloudflare.ts
-import { existsSync as existsSyncFs, readFileSync as readFileSyncFs } from "fs";
 var SETUP_TIMEOUT_MS = 10 * 60 * 1e3;
 var DOMAINS_TIMEOUT_MS = 40 * 1e3;
 function loadBrandInfo() {
   const platformRoot2 = process.env.MAXY_PLATFORM_ROOT ?? resolve18(process.cwd(), "..");
   const brandPath = resolve18(platformRoot2, "config", "brand.json");
   try {
-    const parsed = JSON.parse(readFileSync17(brandPath, "utf-8"));
+    const parsed = JSON.parse(readFileSync16(brandPath, "utf-8"));
     const hostname2 = typeof parsed.hostname === "string" && parsed.hostname ? parsed.hostname : "maxy";
     const configDir2 = typeof parsed.configDir === "string" && parsed.configDir ? parsed.configDir : ".maxy";
     return { hostname: hostname2, configDir: configDir2 };
@@ -10706,79 +10489,13 @@ actionId: ${actionId}`,
   };
   return ok(success);
 });
-var RELAY_MAX_BODY = 8 * 1024;
-var RELAY_MAX_MESSAGE = 2048;
-var ACTION_ID_RE = /^[a-z0-9-]+$/;
-app21.post("/relay-completion", requireAdminSession, async (c) => {
-  const sessionKey = c.var.sessionKey;
-  let raw;
-  try {
-    raw = await c.req.text();
-  } catch {
-    return c.json({ ok: false, reason: "invalid-body" }, 400);
-  }
-  if (Buffer.byteLength(raw, "utf-8") > RELAY_MAX_BODY) {
-    return c.json({ ok: false, reason: "body-too-large" }, 413);
-  }
-  let body;
-  try {
-    body = JSON.parse(raw);
-  } catch {
-    return c.json({ ok: false, reason: "invalid-json" }, 400);
-  }
-  if (!body || typeof body !== "object") {
-    return c.json({ ok: false, reason: "invalid-body" }, 400);
-  }
-  const { actionId, message } = body;
-  if (typeof actionId !== "string" || !ACTION_ID_RE.test(actionId) || actionId.length > 200) {
-    console.error(`[cloudflare-relay-completion] phase=enqueue-skipped reason=invalid-actionid sessionKey=${sessionKey.slice(-8)}`);
-    return c.json({ ok: false, reason: "invalid-actionid" }, 400);
-  }
-  if (typeof message !== "string" || message.length === 0 || message.length > RELAY_MAX_MESSAGE) {
-    return c.json({ ok: false, reason: "invalid-message" }, 400);
-  }
-  const conversationId = getConversationIdForSession(sessionKey);
-  if (!conversationId) {
-    console.error(`[cloudflare-relay-completion] phase=enqueue-skipped reason=missing-conversation-id sessionKey=${sessionKey.slice(-8)}`);
-    return c.json({ ok: false, reason: "missing-conversation-id" }, 400);
-  }
-  const account = resolveAccount();
-  if (!account) {
-    console.error(`[cloudflare-relay-completion] phase=enqueue-skipped reason=missing-account-dir actionId=${actionId}`);
-    return c.json({ ok: false, reason: "missing-account-dir" }, 500);
-  }
-  const logPath2 = actionLogPath(actionId);
-  let auditOutcome = "log-absent";
-  if (existsSyncFs(logPath2)) {
-    try {
-      const lines = readFileSyncFs(logPath2, "utf-8").split("\n");
-      const reconciled = reconcileCloudflareSetupFromLog(lines);
-      auditOutcome = reconciled ? reconciled.kind : "log-incomplete";
-    } catch (e) {
-      auditOutcome = `read-failed:${e instanceof Error ? e.message : String(e)}`;
-    }
-  }
-  console.log(`[cloudflare-relay-completion] phase=enqueue-attempt actionId=${actionId} auditOutcome=${auditOutcome} conversationId=${conversationId}`);
-  try {
-    enqueueActionCompletionRelay({
-      accountDir: account.accountDir,
-      actionId,
-      conversationId,
-      message
-    });
-  } catch (e) {
-    console.error(`[cloudflare-relay-completion] phase=enqueue-failed actionId=${actionId} error=${e instanceof Error ? e.message : String(e)}`);
-    return c.json({ ok: false, reason: "enqueue-failed" }, 500);
-  }
-  return c.body(null, 204);
-});
 var cloudflare_default = app21;
 
 // server/routes/admin/files.ts
 import { createReadStream as createReadStream3 } from "fs";
 import { readdir as readdir2, readFile as readFile4, stat as stat4, mkdir as mkdir3, writeFile as writeFile4, unlink as unlink2 } from "fs/promises";
 import { realpathSync as realpathSync4 } from "fs";
-import { basename as basename6, dirname as dirname8, join as join10, resolve as resolve20, sep as sep2 } from "path";
+import { basename as basename6, dirname as dirname8, join as join9, resolve as resolve20, sep as sep2 } from "path";
 import { Readable as Readable2 } from "stream";
 
 // app/lib/data-path.ts
@@ -11136,7 +10853,7 @@ async function cascadeDeleteDocument(params) {
 var UUID_RE4 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 async function readMeta(absDir, baseName) {
   try {
-    const raw = await readFile4(join10(absDir, `${baseName}.meta.json`), "utf8");
+    const raw = await readFile4(join9(absDir, `${baseName}.meta.json`), "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed?.filename === "string") {
       return { filename: parsed.filename, mimeType: typeof parsed.mimeType === "string" ? parsed.mimeType : void 0 };
@@ -11174,7 +10891,7 @@ async function readAccountNames() {
 }
 async function enrich(absolute, entry, accountNames) {
   if (entry.kind === "directory" && UUID_RE4.test(entry.name)) {
-    const meta = await readMeta(join10(absolute, entry.name), entry.name);
+    const meta = await readMeta(join9(absolute, entry.name), entry.name);
     if (meta?.filename) {
       entry.displayName = meta.filename;
       entry.mimeType = meta.mimeType;
@@ -11233,7 +10950,7 @@ app22.get("/", requireAdminSession, async (c) => {
         continue;
       }
       try {
-        const entryPath = join10(absolute, name);
+        const entryPath = join9(absolute, name);
         const s = await stat4(entryPath);
         entries.push({
           name,
@@ -11406,7 +11123,7 @@ app22.delete("/", requireAdminSession, async (c) => {
     }
     const dot = base.lastIndexOf(".");
     const stem = dot === -1 ? base : base.slice(0, dot);
-    const sidecarPath = UUID_RE4.test(stem) && base !== `${stem}.meta.json` ? join10(dirname8(absolute), `${stem}.meta.json`) : null;
+    const sidecarPath = UUID_RE4.test(stem) && base !== `${stem}.meta.json` ? join9(dirname8(absolute), `${stem}.meta.json`) : null;
     await unlink2(absolute);
     if (sidecarPath) {
       try {
@@ -12887,7 +12604,7 @@ var adherence_default = app30;
 import neo4j3 from "neo4j-driver";
 import { readFile as readFile5, readdir as readdir3, stat as stat5 } from "fs/promises";
 import { resolve as resolve21, relative as relative2, isAbsolute } from "path";
-import { existsSync as existsSync21 } from "fs";
+import { existsSync as existsSync20 } from "fs";
 var LIMIT = 50;
 var TEXT_MIME_PREFIXES = ["text/", "application/json", "application/markdown"];
 var ADMIN_AGENT_FILES = ["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"];
@@ -13035,7 +12752,7 @@ async function fetchAgentTemplateRows(accountDir) {
 async function unionSpecialistFilenames(overrideDir, bundledDir) {
   const names = /* @__PURE__ */ new Set();
   for (const dir of [overrideDir, bundledDir]) {
-    if (!existsSync21(dir)) continue;
+    if (!existsSync20(dir)) continue;
     try {
       const entries = await readdir3(dir);
       for (const entry of entries) {
@@ -13050,7 +12767,7 @@ async function unionSpecialistFilenames(overrideDir, bundledDir) {
 }
 async function readAgentTemplateRow(inp) {
   let chosenPath = null;
-  if (existsSync21(inp.overridePath)) {
+  if (existsSync20(inp.overridePath)) {
     try {
       validateFilePathInAccount(inp.overridePath, inp.overrideRoot);
       chosenPath = inp.overridePath;
@@ -13061,7 +12778,7 @@ async function readAgentTemplateRow(inp) {
       );
       return null;
     }
-  } else if (existsSync21(inp.bundledPath)) {
+  } else if (existsSync20(inp.bundledPath)) {
     if (!isWithin(inp.bundledPath, inp.bundledRoot)) {
       console.error(
         `[admin/sidebar-artefacts] agent-template-read-failed agent=${inp.displayName} kind=${inp.logName} error="bundled path outside PLATFORM_ROOT"`
@@ -13103,7 +12820,7 @@ var sidebar_artefacts_default = app31;
 // server/routes/admin/sidebar-artefact-save.ts
 import { mkdir as mkdir4, readdir as readdir4, stat as stat6, writeFile as writeFile5 } from "fs/promises";
 import { resolve as resolve22 } from "path";
-import { existsSync as existsSync22 } from "fs";
+import { existsSync as existsSync21 } from "fs";
 var ADMIN_AGENT_FILES2 = /* @__PURE__ */ new Set(["IDENTITY.md", "SOUL.md", "KNOWLEDGE.md"]);
 var UUID_RE5 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app32 = new Hono();
@@ -13167,7 +12884,7 @@ async function resolveSavePath(id, accountId, accountDir) {
   }
   if (UUID_RE5.test(id)) {
     const dir = resolve22(ATTACHMENTS_ROOT, accountId, id);
-    if (!existsSync22(dir)) {
+    if (!existsSync21(dir)) {
       return { kind: "reject", status: 400, reason: "not-found" };
     }
     try {
@@ -13191,7 +12908,7 @@ var sidebar_artefact_save_default = app32;
 
 // server/routes/admin/sidebar-artefact-content.ts
 import { readFile as readFile6, readdir as readdir5 } from "fs/promises";
-import { existsSync as existsSync23 } from "fs";
+import { existsSync as existsSync22 } from "fs";
 import { resolve as resolve23 } from "path";
 var UUID_RE6 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
 var app33 = new Hono();
@@ -13205,7 +12922,7 @@ app33.get("/", requireAdminSession, async (c) => {
     return new Response("Not found", { status: 404 });
   }
   const dir = resolve23(ATTACHMENTS_ROOT, accountId, id);
-  if (!existsSync23(dir)) {
+  if (!existsSync22(dir)) {
     console.error(`[admin/sidebar-artefact-content] not-found id=${id.slice(0, 8)}`);
     return new Response("Not found", { status: 404 });
   }
@@ -13267,7 +12984,7 @@ app34.route("/sidebar-artefact-content", sidebar_artefact_content_default);
 var admin_default = app34;
 
 // server/routes/sites.ts
-import { existsSync as existsSync24, readFileSync as readFileSync18, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
+import { existsSync as existsSync23, readFileSync as readFileSync17, realpathSync as realpathSync5, statSync as statSync8 } from "fs";
 import { resolve as resolve24 } from "path";
 var SAFE_SEG_RE = /^[a-z0-9_][a-z0-9_.-]{0,99}$/i;
 var MIME = {
@@ -13334,7 +13051,7 @@ app35.get("/:rel{.*}", (c) => {
   }
   let stat7;
   try {
-    stat7 = existsSync24(filePath) ? statSync8(filePath) : null;
+    stat7 = existsSync23(filePath) ? statSync8(filePath) : null;
   } catch {
     stat7 = null;
   }
@@ -13347,7 +13064,7 @@ app35.get("/:rel{.*}", (c) => {
     console.error(`[sites] path-traversal-rejected path=${reqPath} reason=escape status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync24(filePath)) {
+  if (!existsSync23(filePath)) {
     console.error(`[sites] not-found path=${reqPath} status=404`);
     return c.text("Not found", 404);
   }
@@ -13366,7 +13083,7 @@ app35.get("/:rel{.*}", (c) => {
   }
   let body;
   try {
-    body = readFileSync18(realPath);
+    body = readFileSync17(realPath);
   } catch (err) {
     const code = err?.code;
     if (code === "EISDIR") {
@@ -13498,14 +13215,14 @@ function clientFrom(c) {
   );
 }
 var PLATFORM_ROOT7 = process.env.MAXY_PLATFORM_ROOT || "";
-var BRAND_JSON_PATH = PLATFORM_ROOT7 ? join11(PLATFORM_ROOT7, "config", "brand.json") : "";
+var BRAND_JSON_PATH = PLATFORM_ROOT7 ? join10(PLATFORM_ROOT7, "config", "brand.json") : "";
 var BRAND = { productName: "Maxy", hostname: "maxy", configDir: ".maxy", domain: "getmaxy.com" };
-if (BRAND_JSON_PATH && !existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && !existsSync24(BRAND_JSON_PATH)) {
   console.error(`[brand] WARNING: brand.json not found at ${BRAND_JSON_PATH} \u2014 using Maxy defaults`);
 }
-if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
-    const parsed = JSON.parse(readFileSync19(BRAND_JSON_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync18(BRAND_JSON_PATH, "utf-8"));
     BRAND = { ...BRAND, ...parsed };
   } catch (err) {
     console.error(`[brand] Failed to parse brand.json: ${err.message}`);
@@ -13524,11 +13241,11 @@ var brandLoginOpts = {
   bodyFont: BRAND.defaultFonts?.body,
   logoContainsName: !!BRAND.logoContainsName
 };
-var ALIAS_DOMAINS_PATH2 = join11(homedir2(), BRAND.configDir, "alias-domains.json");
+var ALIAS_DOMAINS_PATH2 = join10(homedir2(), BRAND.configDir, "alias-domains.json");
 function loadAliasDomains() {
   try {
-    if (!existsSync25(ALIAS_DOMAINS_PATH2)) return null;
-    const parsed = JSON.parse(readFileSync19(ALIAS_DOMAINS_PATH2, "utf-8"));
+    if (!existsSync24(ALIAS_DOMAINS_PATH2)) return null;
+    const parsed = JSON.parse(readFileSync18(ALIAS_DOMAINS_PATH2, "utf-8"));
     if (!Array.isArray(parsed)) {
       console.error("[alias-domains] malformed alias-domains.json \u2014 expected array");
       return null;
@@ -13874,14 +13591,14 @@ app36.get("/agent-assets/:slug/:filename", (c) => {
     console.error(`[agent-assets] path-traversal-rejected slug=${slug} file=${filename}`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync25(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[agent-assets] serve slug=${slug} file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[agent-assets] serve slug=${slug} file=${filename} status=200`);
-  const body = readFileSync19(filePath);
+  const body = readFileSync18(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=3600"
@@ -13904,14 +13621,14 @@ app36.get("/generated/:filename", (c) => {
     console.error(`[generated] serve file=${filename} status=403`);
     return c.text("Forbidden", 403);
   }
-  if (!existsSync25(filePath)) {
+  if (!existsSync24(filePath)) {
     console.error(`[generated] serve file=${filename} status=404`);
     return c.text("Not found", 404);
   }
   const ext = "." + filename.split(".").pop()?.toLowerCase();
   const contentType = IMAGE_MIME[ext] || "application/octet-stream";
   console.log(`[generated] serve file=${filename} status=200`);
-  const body = readFileSync19(filePath);
+  const body = readFileSync18(filePath);
   return c.body(body, 200, {
     "Content-Type": contentType,
     "Cache-Control": "public, max-age=86400"
@@ -13921,9 +13638,9 @@ app36.route("/sites", sites_default);
 var htmlCache = /* @__PURE__ */ new Map();
 var brandLogoPath = "/brand/maxy-monochrome.png";
 var brandIconPath = "/brand/maxy-monochrome.png";
-if (BRAND_JSON_PATH && existsSync25(BRAND_JSON_PATH)) {
+if (BRAND_JSON_PATH && existsSync24(BRAND_JSON_PATH)) {
   try {
-    const fullBrand = JSON.parse(readFileSync19(BRAND_JSON_PATH, "utf-8"));
+    const fullBrand = JSON.parse(readFileSync18(BRAND_JSON_PATH, "utf-8"));
     if (fullBrand.assets?.logo) brandLogoPath = `/brand/${fullBrand.assets.logo}`;
     brandIconPath = fullBrand.assets?.icon ? `/brand/${fullBrand.assets.icon}` : brandLogoPath;
   } catch {
@@ -13940,9 +13657,9 @@ var brandScript = `<script>window.__BRAND__=${JSON.stringify({
 function readInstalledVersion() {
   try {
     if (!PLATFORM_ROOT7) return "unknown";
-    const versionFile = join11(PLATFORM_ROOT7, "config", `.${BRAND.hostname}-version`);
-    if (!existsSync25(versionFile)) return "unknown";
-    const content = readFileSync19(versionFile, "utf-8").trim();
+    const versionFile = join10(PLATFORM_ROOT7, "config", `.${BRAND.hostname}-version`);
+    if (!existsSync24(versionFile)) return "unknown";
+    const content = readFileSync18(versionFile, "utf-8").trim();
     return content || "unknown";
   } catch {
     return "unknown";
@@ -13983,7 +13700,7 @@ var clientErrorReporterScript = `<script>
 function cachedHtml(file) {
   let html = htmlCache.get(file);
   if (!html) {
-    html = readFileSync19(resolve25(process.cwd(), "public", file), "utf-8");
+    html = readFileSync18(resolve25(process.cwd(), "public", file), "utf-8");
     const productNameEsc = escapeHtml(BRAND.productName);
     html = html.replace(/<title>([^<]*)<\/title>/, (_match, inner) => `<title>${escapeHtml(inner).replace(/Maxy/g, productNameEsc)}</title>`);
     html = html.replace('href="/favicon.ico"', `href="${escapeHtml(brandFaviconPath)}"`);
@@ -13999,26 +13716,26 @@ ${clientErrorReporterScript}
 }
 var brandedHtmlCache = /* @__PURE__ */ new Map();
 function loadBrandingCache(agentSlug) {
-  const configDir2 = join11(homedir2(), BRAND.configDir);
+  const configDir2 = join10(homedir2(), BRAND.configDir);
   try {
-    const accountJsonPath = join11(configDir2, "account.json");
-    if (!existsSync25(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync19(accountJsonPath, "utf-8"));
+    const accountJsonPath = join10(configDir2, "account.json");
+    if (!existsSync24(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync18(accountJsonPath, "utf-8"));
     const accountId = account.accountId;
     if (!accountId) return null;
-    const cachePath = join11(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
-    if (!existsSync25(cachePath)) return null;
-    return JSON.parse(readFileSync19(cachePath, "utf-8"));
+    const cachePath = join10(configDir2, "branding-cache", accountId, `${agentSlug}.json`);
+    if (!existsSync24(cachePath)) return null;
+    return JSON.parse(readFileSync18(cachePath, "utf-8"));
   } catch {
     return null;
   }
 }
 function resolveDefaultSlug() {
   try {
-    const configDir2 = join11(homedir2(), BRAND.configDir);
-    const accountJsonPath = join11(configDir2, "account.json");
-    if (!existsSync25(accountJsonPath)) return null;
-    const account = JSON.parse(readFileSync19(accountJsonPath, "utf-8"));
+    const configDir2 = join10(homedir2(), BRAND.configDir);
+    const accountJsonPath = join10(configDir2, "account.json");
+    if (!existsSync24(accountJsonPath)) return null;
+    const account = JSON.parse(readFileSync18(accountJsonPath, "utf-8"));
     return account.defaultAgent || null;
   } catch {
     return null;
@@ -14091,7 +13808,7 @@ app36.use("/vnc-popout.html", logViewerFetch);
 app36.get("/vnc-popout.html", (c) => {
   let html = htmlCache.get("vnc-popout.html");
   if (!html) {
-    html = readFileSync19(resolve25(process.cwd(), "public", "vnc-popout.html"), "utf-8");
+    html = readFileSync18(resolve25(process.cwd(), "public", "vnc-popout.html"), "utf-8");
     const name = escapeHtml(BRAND.productName);
     html = html.replace("<title>Browser \u2014 Maxy</title>", `<title>${name}</title>`);
     html = html.replace("</head>", `  ${brandScript}
@@ -14181,8 +13898,8 @@ try {
 (async () => {
   try {
     let userId = "";
-    if (existsSync25(USERS_FILE)) {
-      const users = JSON.parse(readFileSync19(USERS_FILE, "utf-8").trim() || "[]");
+    if (existsSync24(USERS_FILE)) {
+      const users = JSON.parse(readFileSync18(USERS_FILE, "utf-8").trim() || "[]");
       userId = users[0]?.userId ?? "";
     }
     await backfillNullUserIdConversations(userId);
@@ -14242,48 +13959,6 @@ for (const dir of bootEnabled) {
   bootDelivered.push(dir);
 }
 console.error(`[plugins] readiness enabled=${bootEnabled.length} delivered=${bootDelivered.length} dist-missing=[${bootDistMissing.join(",")}] missing=[${bootMissing.join(",")}]`);
-(async () => {
-  if (!bootAccount) {
-    console.log("[action-completion-relay] phase=consumed-skip reason=no-account");
-    return;
-  }
-  let records;
-  try {
-    records = consumeActionCompletionRelays(bootAccount.accountDir);
-  } catch (err) {
-    console.error(`[action-completion-relay] phase=consume-failed error=${err instanceof Error ? err.message : String(err)}`);
-    return;
-  }
-  if (records.length === 0) {
-    console.log(`[action-completion-relay] phase=consumed-empty accountId=${bootAccount.accountId.slice(0, 8)}\u2026`);
-    return;
-  }
-  console.log(`[action-completion-relay] phase=consume-batch count=${records.length} accountId=${bootAccount.accountId.slice(0, 8)}\u2026`);
-  for (const rec of records) {
-    const sessionKey = `cloudflare-relay-boot:${rec.actionId}`;
-    let outcome = "injected";
-    let dispatchError;
-    try {
-      registerSession(sessionKey, "admin", bootAccount.accountId);
-      setConversationIdForSession(sessionKey, rec.conversationId);
-      for await (const _ev of invokeAgent({ type: "admin" }, rec.message, sessionKey)) {
-      }
-    } catch (err) {
-      outcome = "dispatch-failed";
-      dispatchError = err instanceof Error ? err.message : String(err);
-    } finally {
-      unregisterSession(sessionKey);
-    }
-    if (outcome === "injected") {
-      deleteConsumedRelay(rec.filePath);
-      console.log(`[action-completion-relay] phase=consumed actionId=${rec.actionId} conversationId=${rec.conversationId} ageMs=${rec.ageMs} outcome=injected`);
-    } else {
-      console.error(`[action-completion-relay] phase=consumed actionId=${rec.actionId} conversationId=${rec.conversationId} ageMs=${rec.ageMs} outcome=${outcome} reason=${JSON.stringify(dispatchError ?? "")} fileRetained=${JSON.stringify(rec.filePath)}`);
-    }
-  }
-})().catch((err) => {
-  console.error(`[action-completion-relay] boot-drain rejected: ${err instanceof Error ? err.message : String(err)}`);
-});
 if (bootAccountConfig?.whatsapp) {
   console.error(`[whatsapp:boot] loading whatsapp config from account.json publicAgent=${bootPublicAgent ?? "none"}`);
 } else {
@@ -14291,7 +13966,7 @@ if (bootAccountConfig?.whatsapp) {
 }
 init({
   configDir: configDirForWhatsApp,
-  platformRoot: resolve25(process.env.MAXY_PLATFORM_ROOT ?? join11(__dirname, "..")),
+  platformRoot: resolve25(process.env.MAXY_PLATFORM_ROOT ?? join10(__dirname, "..")),
   accountConfig: bootAccountConfig,
   onMessage: async (msg) => {
     try {