@rubytech/create-realagent 1.0.818 → 1.0.820

package/payload/server/server.js

@@ -51,7 +51,7 @@ import {
   vncLog,
   waitForExit,
   writeChromiumWrapper
-} from "./chunk-AJLGI7Y3.js";
+} from "./chunk-NUXYHO6N.js";
 import {
   agentLogStream,
   clearSessionHistory,
@@ -79,12 +79,27 @@ import {
   sigtermFlushStreamLogs,
   unregisterSession,
   validateSession
-} from "./chunk-ON3LBL2Y.js";
+} from "./chunk-SALVIGXH.js";
 import {
   ACCOUNTS_DIR,
+  PLATFORM_ROOT,
+  getDefaultAccountId,
+  resolveAccount,
+  resolveAgentConfig,
+  resolveDefaultAgentSlug,
+  resolveUserAccounts,
+  validateAgentSlug
+} from "./chunk-5OG7TUQL.js";
+import {
+  CLOUDFLARE_TASK_DIAGNOSTICS,
+  appendCloudflareSteps,
+  completeCloudflareTask,
+  openCloudflareTask,
+  readTunnelState
+} from "./chunk-CZGOB575.js";
+import {
   GREETING_DIRECTIVE,
   HAIKU_MODEL,
-  PLATFORM_ROOT,
   __commonJS,
   __toESM,
   backfillNullUserIdConversations,
@@ -99,7 +114,6 @@ import {
   findRecentConversation,
   generateSessionLabel,
   getAgentSessionIdForConversation,
-  getDefaultAccountId,
   getGroupParticipants,
   getMessagesSince,
   getRecentMessages,
@@ -110,16 +124,11 @@ import {
   loadOnboardingStep,
   projectAgent,
   renameConversation,
-  resolveAccount,
-  resolveAgentConfig,
-  resolveDefaultAgentSlug,
-  resolveUserAccounts,
   runBootMigrations,
-  validateAgentSlug,
   verifyAndGetConversationUpdatedAt,
   verifyConversationOwnership,
   writeAdminUserAndPerson
-} from "./chunk-PXQA2MA3.js";
+} from "./chunk-ZT6LKDTP.js";
 
 // ../lib/graph-trash/dist/index.js
 var require_dist = __commonJS({
@@ -7275,7 +7284,7 @@ var app11 = new Hono();
 app11.post("/cancel", requireAdminSession, async (c) => {
   const session_key = c.var.sessionKey;
   try {
-    const { interruptClient: interruptClient2 } = await import("./client-pool-GBY5I2KQ.js");
+    const { interruptClient: interruptClient2 } = await import("./client-pool-IQU6H43X.js");
     await interruptClient2(session_key);
     return c.json({ ok: true });
   } catch (err) {
@@ -8642,6 +8651,12 @@ function resolvePort() {
   }
   return n;
 }
+function isValidTunnelId(s) {
+  return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(s);
+}
+function isValidTunnelName(s) {
+  return /^[A-Za-z0-9_.-]{1,64}$/.test(s);
+}
 function validateBody(body) {
   if (!body || typeof body !== "object") return { field: "request", message: "Invalid request body" };
   if (typeof body.adminLabel !== "string" || !isValidLabel(body.adminLabel)) {
@@ -8666,6 +8681,20 @@ function validateBody(body) {
       return { field: "request", message: "Apex must be a valid domain or omitted." };
     }
   }
+  const idSet = typeof body.tunnelId === "string" && body.tunnelId.length > 0;
+  const nameSet = typeof body.tunnelName === "string" && body.tunnelName.length > 0;
+  if (!idSet && !nameSet) {
+    return { field: "tunnel", message: "Pick an existing tunnel from the list, or type a name to create a new one." };
+  }
+  if (idSet && nameSet) {
+    return { field: "tunnel", message: "Pick OR create \u2014 not both. Clear one of the tunnel inputs." };
+  }
+  if (idSet && !isValidTunnelId(body.tunnelId)) {
+    return { field: "tunnel", message: "Selected tunnel UUID is malformed." };
+  }
+  if (nameSet && !isValidTunnelName(body.tunnelName)) {
+    return { field: "tunnel", message: "New-tunnel name must be 1\u201364 characters of letters, digits, dot, dash, underscore." };
+  }
   return null;
 }
 var app21 = new Hono();
@@ -8778,6 +8807,91 @@ ${result.stderr}` : ""}`;
   );
   return c.json(success, 200);
 });
+var TUNNELS_TIMEOUT_MS = 30 * 1e3;
+app21.get("/tunnels", requireAdminSession, async (c) => {
+  const started = Date.now();
+  const sessionKey = c.var.sessionKey;
+  let correlationId;
+  let sessionKeyTail;
+  let streamLogPath;
+  function tag() {
+    if (!correlationId) return "";
+    return ` conversationId=${correlationId} session_key=${sessionKeyTail ?? "unknown"}`;
+  }
+  function log(line) {
+    console.log(`[cloudflare-tunnels] ${line}${tag()}`);
+  }
+  function logErr(line) {
+    console.error(`[cloudflare-tunnels] ${line}${tag()}`);
+  }
+  function err(field, message, output) {
+    logErr(`phase=error field=${field} reason="${message.slice(0, 160).replace(/"/g, "'")}"`);
+    if (streamLogPath) {
+      writeRouteMilestone(
+        streamLogPath,
+        "cloudflare-tunnels",
+        `phase=error field=${field} reason="${message.slice(0, 160).replace(/"/g, "'")}"`
+      );
+    }
+    const body = { ok: false, field, message, output, correlationId, streamLogPath };
+    return c.json(body, 200);
+  }
+  const accountId = getAccountIdForSession(sessionKey);
+  correlationId = getConversationIdForSession(sessionKey);
+  sessionKeyTail = sessionKey.slice(-8);
+  if (!accountId) return err("session", "No account bound to session \u2014 refresh chat.");
+  if (!correlationId) return err("session", "No active conversation for session \u2014 refresh chat.");
+  streamLogPath = streamLogPathFor(accountId, correlationId).streamLogPath;
+  const brand = loadBrandInfo();
+  const certPath = resolve14(homedir(), brand.configDir, "cloudflared", "cert.pem");
+  const { existsSync: existsSync22 } = await import("fs");
+  if (!existsSync22(certPath)) {
+    return err("cert", `Cloudflare origin certificate is not on disk yet (${certPath}). Complete the Cloudflare login first by submitting the form once \u2014 the OAuth flow writes cert.pem.`);
+  }
+  const result = await runFormSpawn({
+    scriptPath: "cloudflared",
+    args: ["--origincert", certPath, "tunnel", "list", "--output", "json"],
+    streamLogPath,
+    correlationId,
+    timeoutMs: TUNNELS_TIMEOUT_MS,
+    log,
+    logErr,
+    broadcast: broadcastToConversation
+  });
+  const combined = `${result.stdout}${result.stderr ? `
+---
+${result.stderr}` : ""}`;
+  if (result.code !== 0) {
+    const message = result.timedOut ? `cloudflared tunnel list timed out after ${TUNNELS_TIMEOUT_MS / 1e3}s` : `cloudflared tunnel list exited with code ${result.code ?? "null"}${result.signal ? ` (signal ${result.signal})` : ""}`;
+    return err("script", message, combined);
+  }
+  let tunnels;
+  try {
+    const parsed = JSON.parse(result.stdout.trim());
+    if (!Array.isArray(parsed)) throw new Error("cloudflared response is not an array");
+    tunnels = parsed.filter((t) => t.deleted_at == null).map((t) => {
+      if (typeof t.id !== "string" || typeof t.name !== "string") {
+        throw new Error("tunnel entry missing id or name");
+      }
+      return { id: t.id, name: t.name };
+    });
+  } catch (e) {
+    return err(
+      "script",
+      `cloudflared returned malformed JSON: ${e instanceof Error ? e.message : String(e)}`,
+      combined
+    );
+  }
+  const total = Date.now() - started;
+  log(`phase=response-sent total_ms=${total} count=${tunnels.length}`);
+  writeRouteMilestone(
+    streamLogPath,
+    "cloudflare-tunnels",
+    `phase=response-sent total_ms=${total} count=${tunnels.length} source=cloudflared`
+  );
+  const success = { ok: true, tunnels, correlationId, streamLogPath };
+  return c.json(success, 200);
+});
 app21.post("/setup", requireAdminSession, async (c) => {
   const started = Date.now();
   const sessionKey = c.var.sessionKey;
@@ -8867,10 +8981,35 @@ app21.post("/setup", requireAdminSession, async (c) => {
   if (await isActionActive("cloudflare-setup")) {
     return err("request", "Another Cloudflare setup is already running. Wait for it to finish before starting a new one.");
   }
+  let cloudflareTask;
+  try {
+    cloudflareTask = await openCloudflareTask({
+      accountId,
+      conversationKey: sessionKey,
+      inputsProvided: ["adminLabel", "adminDomain", publicFqdn ? "publicLabel" : null, apex ? "apex" : null, "password"].filter((s) => typeof s === "string"),
+      inputs: {
+        adminLabel: body.adminLabel,
+        adminDomain: body.adminDomain,
+        publicLabel: body.publicLabel,
+        publicDomain: body.publicDomain,
+        apex: body.apex
+      },
+      messageId: typeof body.messageId === "string" && body.messageId.length > 0 ? body.messageId : void 0
+    });
+    log(`phase=task-opened taskId=${cloudflareTask.taskId}`);
+  } catch (e) {
+    return err("script", `Failed to open process-provenance Task record: ${e instanceof Error ? e.message : String(e)}`);
+  }
   let actionId;
   let unit;
   try {
-    const launched = await launchAction("cloudflare-setup", { positional: args, streamLogPath, accountDir });
+    const launched = await launchAction("cloudflare-setup", {
+      positional: args,
+      streamLogPath,
+      accountDir,
+      tunnelId: typeof body.tunnelId === "string" && body.tunnelId.length > 0 ? body.tunnelId : void 0,
+      tunnelName: typeof body.tunnelName === "string" && body.tunnelName.length > 0 ? body.tunnelName : void 0
+    });
     actionId = launched.actionId;
     unit = launched.unit;
   } catch (e) {
@@ -8879,8 +9018,27 @@ app21.post("/setup", requireAdminSession, async (c) => {
   log(`phase=action-launched id=${actionId} unit=${unit}`);
   void (async () => {
     const status = await waitForExit(unit, SETUP_TIMEOUT_MS);
+    try {
+      const appendedSteps = await appendCloudflareSteps(cloudflareTask.taskId, accountId, streamLogPath);
+      log(`phase=task-steps-appended count=${appendedSteps.length}`);
+    } catch (e) {
+      logErr(`phase=task-steps-append-failed reason="${e instanceof Error ? e.message : String(e)}"`);
+    }
     if (!status || status.execMainStatus !== 0) {
       logErr(`phase=post-exit-skipped reason=${status ? `exit=${status.execMainStatus}` : "unit-gone"} id=${actionId}`);
+      try {
+        const diagnostic = status ? `${CLOUDFLARE_TASK_DIAGNOSTICS.scriptExitedNonzero} exit=${status.execMainStatus}` : CLOUDFLARE_TASK_DIAGNOSTICS.endpointDiedPreReconcile;
+        await completeCloudflareTask({
+          taskId: cloudflareTask.taskId,
+          taskElementId: cloudflareTask.taskElementId,
+          accountId,
+          conversationKey: sessionKey,
+          status: "failed",
+          errorMessage: diagnostic
+        });
+      } catch (e) {
+        logErr(`phase=task-close-failed status=failed reason="${e instanceof Error ? e.message : String(e)}"`);
+      }
       return;
     }
     const candidates = [publicFqdn, apex].filter((h) => typeof h === "string" && h.length > 0);
@@ -8900,6 +9058,30 @@ app21.post("/setup", requireAdminSession, async (c) => {
         logErr(`phase=alias-domain-write host=${host} result=error reason="${e instanceof Error ? e.message : String(e)}"`);
       }
     }
+    try {
+      const tunnelState = readTunnelState(brand.configDir);
+      const allHostnames = [adminFqdn, publicFqdn, apex].filter(
+        (h) => typeof h === "string" && h.length > 0
+      );
+      const hostnameRecords = allHostnames.map((value) => ({
+        hostnameValue: value,
+        // Apex heuristic: exactly one dot in the FQDN. Mirrors setup-tunnel.sh:332.
+        isApex: (value.match(/\./g)?.length ?? 0) === 1
+      }));
+      await completeCloudflareTask({
+        taskId: cloudflareTask.taskId,
+        taskElementId: cloudflareTask.taskElementId,
+        accountId,
+        conversationKey: sessionKey,
+        tunnelId: tunnelState?.tunnelId,
+        tunnelName: tunnelState?.tunnelName,
+        hostnames: tunnelState ? hostnameRecords : void 0,
+        status: "completed"
+      });
+      log(`phase=task-closed status=completed tunnelId=${tunnelState?.tunnelId ?? "absent"} hostnames=${allHostnames.length}`);
+    } catch (e) {
+      logErr(`phase=task-close-failed status=completed reason="${e instanceof Error ? e.message : String(e)}"`);
+    }
     log(`phase=done action=${actionId}`);
   })().catch((e) => logErr(`post-exit handler threw: ${e}`));
   const total = Date.now() - started;
@@ -10300,6 +10482,12 @@ async function handleDefault(c, accountId) {
 var NEIGHBOURHOOD_SEARCH_DEFAULT_LIMIT = 100;
 var NEIGHBOURHOOD_SEARCH_MAX_LIMIT = 2e3;
 var NEIGHBOURHOOD_LIMIT = 2e3;
+var CLUSTER_CONVERSATION_LABELS = /* @__PURE__ */ new Set([
+  "Conversation",
+  "AdminConversation",
+  "PublicConversation"
+]);
+var MAX_CLUSTER_MESSAGES = 200;
 async function handleNeighbourhood(c, accountId) {
   const elementId = c.req.query("elementId");
   if (!elementId) {
@@ -10337,7 +10525,12 @@ async function handleNeighbourhood(c, accountId) {
       // `neo4j.int` keeps the LIMIT value as a 64-bit Integer on the wire —
       // bare JS `number` works on Pi 4 today but errors on driver versions
       // that strictly type-check LIMIT clauses against Long.
-      neighbourhoodLimit: neo4j2.int(NEIGHBOURHOOD_LIMIT)
+      neighbourhoodLimit: neo4j2.int(NEIGHBOURHOOD_LIMIT),
+      // Task 886 §C — same Long-int discipline for the cluster-expand cap.
+      // Used by NEIGHBOURHOOD_CYPHER's `siblingMessages[0..$clusterMessagesCap]`
+      // slice. The search-intersect variant ignores it (cluster-expand
+      // does not apply when search is narrowing the canvas).
+      clusterMessagesCap: neo4j2.int(MAX_CLUSTER_MESSAGES)
     };
     if (allowedIds !== null) cypherParams.allowedIds = allowedIds;
     const result = await session.executeRead(async (tx) => {
@@ -10360,6 +10553,15 @@ async function handleNeighbourhood(c, accountId) {
     console.error(
       `[graph-page] load mode=neighbourhood account=${accountId} agentActions=${includeAgentActions} elementId=${elementId} nodes=${nodes.length} edges=${edges.length} ms=${elapsed}`
     );
+    if (allowedIds === null) {
+      const conversationNode = nodes.find((n) => n.labels.some((lbl) => CLUSTER_CONVERSATION_LABELS.has(lbl)));
+      const messageCount = nodes.filter((n) => n.labels.includes("Message")).length;
+      if (conversationNode && messageCount >= 2) {
+        console.error(
+          `[graph] cluster-expand kind=conversation conversationId=${conversationNode.id} messageCount=${messageCount} reason=click-target-is-${nodes[0]?.labels.includes("Message") ? "message" : "conversation"}`
+        );
+      }
+    }
     if (allowedIds !== null) {
       console.error(
         `[graph-page] neighbourhood-search-intersect q="${q}" allowed=${allowedIds.length} root=${elementId} rendered=${nodes.length}`
@@ -10460,15 +10662,50 @@ var NEIGHBOURHOOD_CYPHER = `
     AND n.accountId = $accountId
     AND NOT n:Trashed
     AND n.deletedAt IS NULL
+
+  // Resolve the owning Conversation: either n itself if it carries a
+  // Conversation sublabel, or the Conversation reached by one PART_OF
+  // hop (Messages \u2192 Conversation). For non-cluster roots both branches
+  // null out and \`conv\` stays null.
+  OPTIONAL MATCH (n)-[:PART_OF]->(convFromMsg:Conversation)
+    WHERE convFromMsg.accountId = $accountId
+      AND NOT convFromMsg:Trashed
+      AND convFromMsg.deletedAt IS NULL
+  WITH n, CASE
+    WHEN any(lbl IN labels(n) WHERE lbl IN ['Conversation','AdminConversation','PublicConversation']) THEN n
+    ELSE convFromMsg
+  END AS conv
+
+  // Pull all sibling messages of that conversation (or all messages of
+  // n itself when n is a Conversation). EXCLUDE n from the collection
+  // so the later \`[n] + \u2026\` doesn't double-count.
+  OPTIONAL MATCH (conv)<-[:PART_OF]-(siblingMsg:Message)
+    WHERE siblingMsg.accountId = $accountId
+      AND NOT siblingMsg:Trashed
+      AND siblingMsg.deletedAt IS NULL
+      AND elementId(siblingMsg) <> elementId(n)
+  WITH n, conv, collect(DISTINCT siblingMsg) AS siblingMessages
+  WITH n, conv, siblingMessages[0..$clusterMessagesCap] AS clusterMessages
+
   OPTIONAL MATCH (n)-[]-(m)
     WHERE m.accountId = $accountId
       AND NOT m:Trashed
       AND m.deletedAt IS NULL
       AND NOT any(lbl IN labels(m) WHERE lbl IN $agentActionLabels)
-  WITH n, m
+  WITH n, conv, clusterMessages, m
   LIMIT $neighbourhoodLimit
-  WITH n, collect(DISTINCT m) AS neighbours
-  WITH [n] + [x IN neighbours WHERE x IS NOT NULL] AS windowNodes
+  WITH n, conv, clusterMessages, collect(DISTINCT m) AS neighbours
+
+  // Compose the window: root + (conv if non-null and not already n) +
+  // cluster messages + 1-hop neighbours not already in the cluster.
+  WITH [n]
+       + (CASE WHEN conv IS NOT NULL AND elementId(conv) <> elementId(n) THEN [conv] ELSE [] END)
+       + clusterMessages
+       + [x IN neighbours WHERE x IS NOT NULL
+            AND elementId(x) <> elementId(n)
+            AND (conv IS NULL OR elementId(x) <> elementId(conv))
+            AND none(c IN clusterMessages WHERE elementId(c) = elementId(x))]
+       AS windowNodes
   WITH windowNodes, [x IN windowNodes | elementId(x)] AS windowIds
   UNWIND windowNodes AS w
   OPTIONAL MATCH (w)-[r]-(o)
@@ -12356,6 +12593,29 @@ var bootEntitlement = bootAccountConfig ? resolveEntitlement(
   }
 ) : null;
 autoDeliverPremiumPlugins(bootEntitlement?.purchasedPlugins ?? void 0);
+(async () => {
+  if (!bootAccount) return;
+  try {
+    const { recoverRunningCloudflareTasks } = await import("./cloudflare-task-tracker-Q4X5BYR7.js");
+    const result = await recoverRunningCloudflareTasks(
+      bootAccount.accountId,
+      configDirForWhatsApp,
+      // No conversationKey at boot — the tracker's writeNodeWithEdges path
+      // requires it for the Conversation join, but the recovery path is
+      // operating on Tasks whose Conversation is already linked. Pass null
+      // and let the tracker pick up the linked Conversation via the Task's
+      // existing edge.
+      null
+    );
+    if (result.scanned > 0) {
+      console.error(
+        `[task] reconciler-startup kind=cloudflare-tunnel-login scanned=${result.scanned} resolved=${result.resolved.length}`
+      );
+    }
+  } catch (err) {
+    console.error(`[task] reconciler-startup failed: ${err instanceof Error ? err.message : String(err)}`);
+  }
+})();
 var bootEnabled = Array.isArray(bootAccountConfig?.enabledPlugins) ? bootAccountConfig.enabledPlugins : [];
 var bootDelivered = [];
 var bootDistMissing = [];