@rubytech/create-realagent 1.0.832 → 1.0.833

package/dist/index.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 import { execFileSync, spawn, spawnSync } from "node:child_process";
-import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, symlinkSync, unlinkSync, lstatSync, readlinkSync, accessSync, constants as fsConstants } from "node:fs";
+import { existsSync, mkdirSync, writeFileSync, cpSync, readFileSync, rmSync, readdirSync, appendFileSync, openSync, closeSync, chmodSync, symlinkSync, unlinkSync, lstatSync, statSync, readlinkSync, accessSync, constants as fsConstants } from "node:fs";
 import { resolve, join, dirname } from "node:path";
 import { randomBytes } from "node:crypto";
 import { resolveInstallPortFromFs, buildMaxyUnitFile } from "./port-resolution.js";
@@ -1334,6 +1334,90 @@ function provisionRemoteSessionSecret() {
     writeFileSync(secretFile, randomBytes(32).toString("hex"), { mode: 0o600 });
     console.log(`  [install] remote-session-secret provisioned path=${secretFile}`);
 }
+// Task 904 — install-time admin-auth invariant. Walks every account.json
+// under accountsDir and compares its admins[] to the persistent users.json,
+// emitting one [install-invariant] line per divergence and one summary line.
+// Log-only (no install abort) so pre-Task-904 devices with already-divergent
+// state still upgrade; future sprint can promote to refuse-or-degrade once
+// the deployed fleet is audited clean. Mirror of
+// checkAdminAuthInvariant() in platform/lib/admins-write/src/index.ts.
+function runInstallInvariantCheck(usersFile, accountsDir) {
+    const TAG = "[install-invariant]";
+    const usersUserIds = new Set();
+    if (existsSync(usersFile)) {
+        try {
+            const raw = readFileSync(usersFile, "utf-8").trim();
+            if (raw) {
+                const users = JSON.parse(raw);
+                for (const u of users) {
+                    if (typeof u.userId === "string")
+                        usersUserIds.add(u.userId);
+                }
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.log(`  ${TAG} users.json unreadable usersFile=${usersFile} error=${msg}`);
+        }
+    }
+    const accountUserIds = new Set();
+    let divergences = 0;
+    if (existsSync(accountsDir)) {
+        let entries = [];
+        try {
+            entries = readdirSync(accountsDir);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.log(`  ${TAG} accounts-dir unreadable accountsDir=${accountsDir} error=${msg}`);
+            console.log(`  ${TAG} check complete divergences=0 (accounts-dir unreadable)`);
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.startsWith("."))
+                continue;
+            const accountDir = join(accountsDir, entry);
+            try {
+                if (!statSync(accountDir).isDirectory())
+                    continue;
+            }
+            catch {
+                continue;
+            }
+            const accountJsonPath = join(accountDir, "account.json");
+            if (!existsSync(accountJsonPath))
+                continue;
+            let admins = [];
+            try {
+                const config = JSON.parse(readFileSync(accountJsonPath, "utf-8"));
+                admins = (config.admins ?? []);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.log(`  ${TAG} account.json unreadable source=${accountJsonPath} error=${msg}`);
+                continue;
+            }
+            for (const a of admins) {
+                if (typeof a.userId !== "string")
+                    continue;
+                accountUserIds.add(a.userId);
+                if (!usersUserIds.has(a.userId)) {
+                    const userIdShort = a.userId.slice(0, 8);
+                    console.log(`  ${TAG} direction=account-without-users userId=${userIdShort} source=${accountJsonPath}`);
+                    divergences += 1;
+                }
+            }
+        }
+    }
+    for (const uid of usersUserIds) {
+        if (!accountUserIds.has(uid)) {
+            const userIdShort = uid.slice(0, 8);
+            console.log(`  ${TAG} direction=users-without-account userId=${userIdShort} source=${usersFile}`);
+            divergences += 1;
+        }
+    }
+    console.log(`  ${TAG} check complete divergences=${divergences}`);
+}
 function deployPayload() {
     log("8", TOTAL, `Deploying ${BRAND.productName}...`);
     if (!existsSync(PAYLOAD_DIR)) {
@@ -1354,14 +1438,24 @@ function deployPayload() {
         mkdirSync(persistentDir, { recursive: true });
         cpSync(oldAccountsDir, persistentAccountsDir, { recursive: true });
     }
-    // Migrate users.json to persistent dir — userId must survive across installs.
-    // Without this, every reinstall generates a new UUID and orphans all prior conversations.
+    // Task 904 — users.json lives at <persistentDir>/users.json. Pre-Task-904
+    // installs wrote to <INSTALL_DIR>/platform/config/users.json (the wipe zone)
+    // and relied on a one-shot copy-up at first install plus a copy-back after
+    // every wipe. The copy-back overwrote LIVE with the FROZEN-AT-FIRST-INSTALL
+    // backup, dropping every admin row added since first install. Writers (paths.ts,
+    // admin-add, set-pin, seed-neo4j.sh, migrate-import.sh) now target the
+    // persistent file directly — see comment in platform/ui/app/lib/paths.ts.
+    //
+    // Legacy pickup: if a pre-Task-904 install left users.json inside the wipe
+    // zone, copy it up once. Idempotent — guarded by !existsSync(persistentUsersFile).
+    // Safe to delete this block one release after Task 904 has been deployed
+    // everywhere; until then it absorbs upgrades from any pre-Task-904 version.
     const persistentUsersFile = join(persistentDir, "users.json");
     const oldUsersFile = join(INSTALL_DIR, "platform/config/users.json");
     if (existsSync(oldUsersFile) && !existsSync(persistentUsersFile)) {
         mkdirSync(persistentDir, { recursive: true });
         cpSync(oldUsersFile, persistentUsersFile);
-        console.log("  Migrated users.json to persistent storage.");
+        console.log("  Migrated pre-Task-904 users.json to persistent storage.");
     }
     // Brand isolation: installer does not read ~/.maxy/, ~/.cloudflared/, or
     // ~/.cloudflare/ on non-default brands. These are peer-brand or shared-singleton
@@ -1440,13 +1534,41 @@ function deployPayload() {
         cpSync(persistentPasswordFile, join(configDir, ".neo4j-password"));
         console.log("  Restored Neo4j password.");
     }
+    // Task 904 — users.json is read directly from persistentDir by both
+    // platform/ui/app/lib/paths.ts (USERS_FILE = MAXY_DIR/users.json) and the
+    // admin MCP plugin (USERS_FILE = CONFIG_DIR/users.json). No copy into the
+    // wipe zone — the pre-Task-904 cpSync to platform/config/users.json was the
+    // copy that overwrote new admin rows on every install. The line below
+    // observes the row count + userId prefixes so a future regression is grep-
+    // detectable in the install log without any runtime change (singular
+    // "userId preserved" hid the multi-row failure mode).
     if (existsSync(persistentUsersFile)) {
-        cpSync(persistentUsersFile, join(configDir, "users.json"));
-        console.log("  Restored users.json — userId preserved across install.");
+        try {
+            const raw = readFileSync(persistentUsersFile, "utf-8").trim();
+            const rows = raw ? JSON.parse(raw) : [];
+            const ids = rows
+                .map(r => (typeof r.userId === "string" ? r.userId.slice(0, 8) : "?"))
+                .join(",");
+            console.log(`  [install] users.json preserved: rows=${rows.length} userIds=${ids}`);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.log(`  [install] users.json preserved: rows=? parse-failed error=${msg}`);
+        }
     }
-    // Account data no longer needs restoring — it lives at {installDir}/data/accounts/
-    // which is outside the wipe zone. The migration block above handles the one-time move
-    // from the old platform/config/accounts/ location.
+    else {
+        console.log("  [install] users.json: no persistent file (fresh install — set-pin will create it)");
+    }
+    // Task 904 item 3 — install-time admin-auth invariant check. Walks every
+    // data/accounts/*/account.json admins[] and compares to the persistent
+    // users.json. Log-only (does NOT refuse install) so pre-Task-904 devices
+    // with already-divergent state still upgrade; the [install-invariant]
+    // line surfaces the bug to the operator without bricking the device.
+    // Inline rather than imported from platform/lib/admins-write because the
+    // installer is its own npm package and doesn't bundle the platform lib.
+    // Mirrors checkAdminAuthInvariant() in platform/lib/admins-write/src/index.ts;
+    // future divergence between the two should be caught by the test suite.
+    runInstallInvariantCheck(persistentUsersFile, join(INSTALL_DIR, "data", "accounts"));
     // Write version marker so the running platform knows which create-maxy produced this deployment
     writeFileSync(join(configDir, `.${BRAND.hostname}-version`), PKG_VERSION, "utf-8");
     console.log(`  Deployed to ${INSTALL_DIR}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.832",
+  "version": "1.0.833",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/lib/admins-write/dist/index.d.ts

@@ -0,0 +1,87 @@
+export interface UserEntry {
+    userId: string;
+    pin: string;
+    name?: string;
+}
+export interface AdminEntry {
+    userId: string;
+    role: "owner" | "admin";
+}
+export interface AdminWriteInput {
+    userId: string;
+    pin: string;
+    role: "owner" | "admin";
+    usersFile: string;
+    accountDir: string;
+    caller: string;
+}
+export interface AdminWriteResult {
+    usersJsonResult: "ok" | "fail" | "noop";
+    accountJsonResult: "ok" | "fail" | "noop";
+    usersError?: string;
+    accountError?: string;
+}
+/**
+ * Write a single admin entry across both auth stores (users.json + account.json admins[]).
+ *
+ * Idempotent on userId: if the userId already exists in users.json, the PIN
+ * field is updated in place rather than duplicated; admins[] is checked for
+ * presence before pushing.
+ *
+ * Always emits exactly one `[admins-write] caller=… userId=<prefix> usersJsonResult=… accountJsonResult=…`
+ * line — success and failure paths both fire it. Operators grep for this single
+ * predicate when reconstructing a partial-write incident.
+ */
+export declare function writeAdminEntry(input: AdminWriteInput): AdminWriteResult;
+export interface AdminRemoveInput {
+    userId: string;
+    accountDir: string;
+    caller: string;
+}
+export interface AdminRemoveResult {
+    accountJsonResult: "ok" | "fail" | "noop";
+    accountError?: string;
+}
+/**
+ * Remove a single admin entry from account.json admins[] — does NOT touch
+ * users.json (the device-level entry is preserved because the user may admin
+ * other accounts). Single-file operation; the [admins-write] line records
+ * `usersJsonResult=skip` so the grep-by-helper-call still picks it up.
+ */
+export declare function removeAdminFromAccount(input: AdminRemoveInput): AdminRemoveResult;
+export interface InvariantCheckInput {
+    /** Absolute path to users.json (persistent location). */
+    usersFile: string;
+    /** Absolute path to the accounts root (e.g. <INSTALL_DIR>/data/accounts). */
+    accountsDir: string;
+    /** Tag for the log prefix — `install-invariant` or `admin-invariant`. */
+    tag: "install-invariant" | "admin-invariant";
+}
+export interface InvariantCheckResult {
+    divergences: number;
+    /** Userids in account.json admins[] that have no row in users.json. */
+    accountWithoutUsers: Array<{
+        userId: string;
+        source: string;
+    }>;
+    /** Userids in users.json that no account.json admins[] references. */
+    usersWithoutAccount: Array<{
+        userId: string;
+    }>;
+}
+/**
+ * Walk every account.json under accountsDir and compare its admins[] to
+ * users.json. Emits one log line per divergence and one summary line.
+ *
+ * Behaviour: log-only — does NOT throw, does NOT refuse boot or install.
+ * Pre-Task-904 installs that already diverged would otherwise brick on the
+ * first boot of a Task-904 device. The summary line `divergences=<n>` is
+ * always emitted (wired-up assertion); per-divergence lines fire only when
+ * divergences > 0. Operators grep `[install-invariant]` or `[admin-invariant]`
+ * to detect the regression class without reading every install log.
+ *
+ * Promotion to refuse-or-degrade is a future sprint; capture as a TODO once
+ * the deployed fleet has been audited clean.
+ */
+export declare function checkAdminAuthInvariant(input: InvariantCheckInput): InvariantCheckResult;
+//# sourceMappingURL=index.d.ts.map

package/payload/platform/lib/admins-write/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAwBA,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IAGZ,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC;CACzB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IACxC,iBAAiB,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAmBD;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,eAAe,GAAG,gBAAgB,CA4DxE;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,CAAC;IAC1C,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;GAKG;AACH,wBAAgB,sBAAsB,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CA+BjF;AAED,MAAM,WAAW,mBAAmB;IAClC,yDAAyD;IACzD,SAAS,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,GAAG,EAAE,mBAAmB,GAAG,iBAAiB,CAAC;CAC9C;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,uEAAuE;IACvE,mBAAmB,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC/D,sEAAsE;IACtE,mBAAmB,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAChD;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,uBAAuB,CAAC,KAAK,EAAE,mBAAmB,GAAG,oBAAoB,CAsFxF"}

package/payload/platform/lib/admins-write/dist/index.js

@@ -0,0 +1,248 @@
+"use strict";
+// admins-write — single chokepoint for the dual-file admin write
+// (users.json device-level PIN auth + account.json account-level role).
+//
+// Task 904 background: pre-Task-904 the two writers — `admin-add`
+// (platform/plugins/admin/mcp/src/index.ts) and `set-pin` POST
+// (platform/ui/server/routes/onboarding.ts) — each performed the dual write
+// inline. They drifted: admin-add returned `is_error: true` with a per-leg
+// `[admin-auth-store]` line on partial failure; set-pin logged on stderr but
+// otherwise rolled forward. This module collapses both into one routed write
+// so the static check `grep -rnE 'admins\.push|config\.admins\s*=' platform/`
+// returns 0 outside this file (excluding tests, scripts, and the reader paths
+// which never push).
+//
+// Atomicity contract — single file: write-temp + rename, durable.
+// Atomicity contract — across files: NOT atomic. POSIX has no two-file
+// transaction. The helper writes users.json first, then account.json. On
+// account.json failure with users.json already written, the result names the
+// partial state. Callers MUST surface partial state to the operator (admin-add
+// returns is_error: true with the [admins-write] line; set-pin returns 500
+// with the same). Same trust model as Task 850's [admin-auth-store] pair.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writeAdminEntry = writeAdminEntry;
+exports.removeAdminFromAccount = removeAdminFromAccount;
+exports.checkAdminAuthInvariant = checkAdminAuthInvariant;
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+function logLine(input, result) {
+    const userIdShort = input.userId.slice(0, 8);
+    console.error(`[admins-write] caller=${input.caller} userId=${userIdShort} ` +
+        `usersJsonResult=${result.usersJsonResult} accountJsonResult=${result.accountJsonResult}` +
+        (result.usersError ? ` usersError=${result.usersError}` : "") +
+        (result.accountError ? ` accountError=${result.accountError}` : ""));
+}
+function writeFileAtomic(filePath, contents, mode) {
+    (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(filePath), { recursive: true });
+    const tempPath = `${filePath}.tmp-${process.pid}-${Date.now()}`;
+    (0, node_fs_1.writeFileSync)(tempPath, contents, mode !== undefined ? { mode } : undefined);
+    (0, node_fs_1.renameSync)(tempPath, filePath);
+}
+/**
+ * Write a single admin entry across both auth stores (users.json + account.json admins[]).
+ *
+ * Idempotent on userId: if the userId already exists in users.json, the PIN
+ * field is updated in place rather than duplicated; admins[] is checked for
+ * presence before pushing.
+ *
+ * Always emits exactly one `[admins-write] caller=… userId=<prefix> usersJsonResult=… accountJsonResult=…`
+ * line — success and failure paths both fire it. Operators grep for this single
+ * predicate when reconstructing a partial-write incident.
+ */
+function writeAdminEntry(input) {
+    const result = { usersJsonResult: "noop", accountJsonResult: "noop" };
+    // 1. users.json — read-modify-write atomically.
+    try {
+        let users = [];
+        if ((0, node_fs_1.existsSync)(input.usersFile)) {
+            const raw = (0, node_fs_1.readFileSync)(input.usersFile, "utf-8").trim();
+            if (raw) {
+                const parsed = JSON.parse(raw);
+                if (!Array.isArray(parsed)) {
+                    throw new Error("users.json is not an array");
+                }
+                users = parsed;
+            }
+        }
+        const existing = users.findIndex(u => u.userId === input.userId);
+        if (existing === -1) {
+            users.push({ userId: input.userId, pin: input.pin });
+        }
+        else {
+            // Preserve any sibling fields that other writers may have set, but
+            // overwrite pin. Strip the deprecated `name` field on touch (Task 829).
+            const merged = { ...users[existing], pin: input.pin };
+            delete merged.name;
+            users[existing] = merged;
+        }
+        writeFileAtomic(input.usersFile, JSON.stringify(users, null, 2) + "\n", 0o600);
+        result.usersJsonResult = "ok";
+    }
+    catch (err) {
+        result.usersJsonResult = "fail";
+        result.usersError = err instanceof Error ? err.message : String(err);
+        logLine(input, result);
+        return result;
+    }
+    // 2. account.json — read-modify-write atomically.
+    try {
+        const accountJsonPath = (0, node_path_1.join)(input.accountDir, "account.json");
+        if (!(0, node_fs_1.existsSync)(accountJsonPath)) {
+            throw new Error(`account.json not found at ${accountJsonPath}`);
+        }
+        const config = JSON.parse((0, node_fs_1.readFileSync)(accountJsonPath, "utf-8"));
+        const admins = (config.admins ?? []);
+        if (admins.some(a => a.userId === input.userId)) {
+            result.accountJsonResult = "noop";
+        }
+        else {
+            admins.push({ userId: input.userId, role: input.role });
+            config.admins = admins;
+            writeFileAtomic(accountJsonPath, JSON.stringify(config, null, 2) + "\n");
+            result.accountJsonResult = "ok";
+        }
+    }
+    catch (err) {
+        result.accountJsonResult = "fail";
+        result.accountError = err instanceof Error ? err.message : String(err);
+    }
+    logLine(input, result);
+    return result;
+}
+/**
+ * Remove a single admin entry from account.json admins[] — does NOT touch
+ * users.json (the device-level entry is preserved because the user may admin
+ * other accounts). Single-file operation; the [admins-write] line records
+ * `usersJsonResult=skip` so the grep-by-helper-call still picks it up.
+ */
+function removeAdminFromAccount(input) {
+    const result = { accountJsonResult: "noop" };
+    const userIdShort = input.userId.slice(0, 8);
+    try {
+        const accountJsonPath = (0, node_path_1.join)(input.accountDir, "account.json");
+        if (!(0, node_fs_1.existsSync)(accountJsonPath)) {
+            throw new Error(`account.json not found at ${accountJsonPath}`);
+        }
+        const config = JSON.parse((0, node_fs_1.readFileSync)(accountJsonPath, "utf-8"));
+        const admins = (config.admins ?? []);
+        const targetIndex = admins.findIndex(a => a.userId === input.userId);
+        if (targetIndex === -1) {
+            result.accountJsonResult = "noop";
+        }
+        else {
+            admins.splice(targetIndex, 1);
+            config.admins = admins;
+            writeFileAtomic(accountJsonPath, JSON.stringify(config, null, 2) + "\n");
+            result.accountJsonResult = "ok";
+        }
+    }
+    catch (err) {
+        result.accountJsonResult = "fail";
+        result.accountError = err instanceof Error ? err.message : String(err);
+    }
+    console.error(`[admins-write] caller=${input.caller} userId=${userIdShort} ` +
+        `usersJsonResult=skip accountJsonResult=${result.accountJsonResult}` +
+        (result.accountError ? ` accountError=${result.accountError}` : ""));
+    return result;
+}
+/**
+ * Walk every account.json under accountsDir and compare its admins[] to
+ * users.json. Emits one log line per divergence and one summary line.
+ *
+ * Behaviour: log-only — does NOT throw, does NOT refuse boot or install.
+ * Pre-Task-904 installs that already diverged would otherwise brick on the
+ * first boot of a Task-904 device. The summary line `divergences=<n>` is
+ * always emitted (wired-up assertion); per-divergence lines fire only when
+ * divergences > 0. Operators grep `[install-invariant]` or `[admin-invariant]`
+ * to detect the regression class without reading every install log.
+ *
+ * Promotion to refuse-or-degrade is a future sprint; capture as a TODO once
+ * the deployed fleet has been audited clean.
+ */
+function checkAdminAuthInvariant(input) {
+    const result = {
+        divergences: 0,
+        accountWithoutUsers: [],
+        usersWithoutAccount: [],
+    };
+    // Read users.json userIds (persistent file). Absent file == empty set; do
+    // not abort — first-boot before set-pin has run is a legitimate state.
+    const usersUserIds = new Set();
+    if ((0, node_fs_1.existsSync)(input.usersFile)) {
+        try {
+            const raw = (0, node_fs_1.readFileSync)(input.usersFile, "utf-8").trim();
+            if (raw) {
+                const users = JSON.parse(raw);
+                for (const u of users) {
+                    if (typeof u.userId === "string")
+                        usersUserIds.add(u.userId);
+                }
+            }
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.error(`[${input.tag}] users.json unreadable usersFile=${input.usersFile} error=${msg}`);
+        }
+    }
+    // Walk account dirs. Skip dotfiles (.trash/) and missing account.json.
+    const accountUserIds = new Set();
+    if ((0, node_fs_1.existsSync)(input.accountsDir)) {
+        let entries;
+        try {
+            entries = (0, node_fs_1.readdirSync)(input.accountsDir);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            console.error(`[${input.tag}] accounts-dir unreadable accountsDir=${input.accountsDir} error=${msg}`);
+            console.error(`[${input.tag}] check complete divergences=0 (accounts-dir unreadable)`);
+            return result;
+        }
+        for (const entry of entries) {
+            if (entry.startsWith("."))
+                continue;
+            const accountDir = (0, node_path_1.join)(input.accountsDir, entry);
+            try {
+                if (!(0, node_fs_1.statSync)(accountDir).isDirectory())
+                    continue;
+            }
+            catch {
+                continue;
+            }
+            const accountJsonPath = (0, node_path_1.join)(accountDir, "account.json");
+            if (!(0, node_fs_1.existsSync)(accountJsonPath))
+                continue;
+            let admins = [];
+            try {
+                const config = JSON.parse((0, node_fs_1.readFileSync)(accountJsonPath, "utf-8"));
+                admins = (config.admins ?? []);
+            }
+            catch (err) {
+                const msg = err instanceof Error ? err.message : String(err);
+                console.error(`[${input.tag}] account.json unreadable source=${accountJsonPath} error=${msg}`);
+                continue;
+            }
+            for (const a of admins) {
+                if (typeof a.userId !== "string")
+                    continue;
+                accountUserIds.add(a.userId);
+                if (!usersUserIds.has(a.userId)) {
+                    const userIdShort = a.userId.slice(0, 8);
+                    console.error(`[${input.tag}] direction=account-without-users userId=${userIdShort} source=${accountJsonPath}`);
+                    result.accountWithoutUsers.push({ userId: a.userId, source: accountJsonPath });
+                    result.divergences += 1;
+                }
+            }
+        }
+    }
+    for (const uid of usersUserIds) {
+        if (!accountUserIds.has(uid)) {
+            const userIdShort = uid.slice(0, 8);
+            console.error(`[${input.tag}] direction=users-without-account userId=${userIdShort} source=${input.usersFile}`);
+            result.usersWithoutAccount.push({ userId: uid });
+            result.divergences += 1;
+        }
+    }
+    console.error(`[${input.tag}] check complete divergences=${result.divergences}`);
+    return result;
+}
+//# sourceMappingURL=index.js.map

package/payload/platform/lib/admins-write/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA,iEAAiE;AACjE,wEAAwE;AACxE,EAAE;AACF,kEAAkE;AAClE,+DAA+D;AAC/D,4EAA4E;AAC5E,2EAA2E;AAC3E,6EAA6E;AAC7E,6EAA6E;AAC7E,8EAA8E;AAC9E,8EAA8E;AAC9E,qBAAqB;AACrB,EAAE;AACF,kEAAkE;AAClE,uEAAuE;AACvE,yEAAyE;AACzE,6EAA6E;AAC7E,+EAA+E;AAC/E,2EAA2E;AAC3E,0EAA0E;;AA8D1E,0CA4DC;AAmBD,wDA+BC;AAiCD,0DAsFC;AAjSD,qCAAgH;AAChH,yCAA0C;AA+B1C,SAAS,OAAO,CAAC,KAAsB,EAAE,MAAwB;IAC/D,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7C,OAAO,CAAC,KAAK,CACX,yBAAyB,KAAK,CAAC,MAAM,WAAW,WAAW,GAAG;QAC5D,mBAAmB,MAAM,CAAC,eAAe,sBAAsB,MAAM,CAAC,iBAAiB,EAAE;QACzF,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,eAAe,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACtE,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,QAAgB,EAAE,QAAgB,EAAE,IAAa;IACxE,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,GAAG,QAAQ,QAAQ,OAAO,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAChE,IAAA,uBAAa,EAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC7E,IAAA,oBAAU,EAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;AACjC,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,eAAe,CAAC,KAAsB;IACpD,MAAM,MAAM,GAAqB,EAAE,eAAe,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAExF,gDAAgD;IAChD,IAAI,CAAC;QACH,IAAI,KAAK,GAAgB,EAAE,CAAC;QAC5B,IAAI,IAAA,oBAAU,EAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAChC,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;gBAC/B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;gBAChD,CAAC;gBACD,KAAK,GAAG,MAAqB,CAAC;YAChC,CAAC;QACH,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAAC,CAAC;QACjE,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,mEAAmE;YACnE,wEAAwE;YACxE,MAAM,MAAM,GAAc,EAAE,GAAG,KAAK,CAAC,QAAQ,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,CAAC;YACjE,OAAO,MAAM,CAAC,IAAI,CAAC;YACnB,KAAK,CAAC,QAAQ,CAAC,GAAG,MAAM,CAAC;QAC3B,CAAC;QAED,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC,CAAC;QAC/E,MAAM,CAAC,eAAe,GAAG,IAAI,CAAC;IAChC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,eAAe,GAAG,MAAM,CAAC;QAChC,MAAM,CAAC,UAAU,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACrE,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACvB,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,kDAAkD;IAClD,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC/D,IAAI,CAAC,IAAA,oBAAU,EAAC,eAAe,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,6BAA6B,eAAe,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,eAAe,EAAE,OAAO,CAAC,CAA4B,CAAC;QAC7F,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAiB,CAAC;QACrD,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;YAChD,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YACxD,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;YACvB,eAAe,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACzE,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC;QAClC,MAAM,CAAC,YAAY,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;IACvB,OAAO,MAAM,CAAC;AAChB,CAAC;AAaD;;;;;GAKG;AACH,SAAgB,sBAAsB,CAAC,KAAuB;IAC5D,MAAM,MAAM,GAAsB,EAAE,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAChE,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE7C,IAAI,CAAC;QACH,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,KAAK,CAAC,UAAU,EAAE,cAAc,CAAC,CAAC;QAC/D,IAAI,CAAC,IAAA,oBAAU,EAAC,eAAe,CAAC,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CAAC,6BAA6B,eAAe,EAAE,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,eAAe,EAAE,OAAO,CAAC,CAA4B,CAAC;QAC7F,MAAM,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAiB,CAAC;QACrD,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,KAAK,CAAC,MAAM,CAAC,CAAC;QACrE,IAAI,WAAW,KAAK,CAAC,CAAC,EAAE,CAAC;YACvB,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;YAC9B,MAAM,CAAC,MAAM,GAAG,MAAM,CAAC;YACvB,eAAe,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;YACzE,MAAM,CAAC,iBAAiB,GAAG,IAAI,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC;QAClC,MAAM,CAAC,YAAY,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAED,OAAO,CAAC,KAAK,CACX,yBAAyB,KAAK,CAAC,MAAM,WAAW,WAAW,GAAG;QAC5D,0CAA0C,MAAM,CAAC,iBAAiB,EAAE;QACpE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,iBAAiB,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CACtE,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAmBD;;;;;;;;;;;;;GAaG;AACH,SAAgB,uBAAuB,CAAC,KAA0B;IAChE,MAAM,MAAM,GAAyB;QACnC,WAAW,EAAE,CAAC;QACd,mBAAmB,EAAE,EAAE;QACvB,mBAAmB,EAAE,EAAE;KACxB,CAAC;IAEF,0EAA0E;IAC1E,uEAAuE;IACvE,MAAM,YAAY,GAAG,IAAI,GAAG,EAAU,CAAC;IACvC,IAAI,IAAA,oBAAU,EAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAA,sBAAY,EAAC,KAAK,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YAC1D,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAgB,CAAC;gBAC7C,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;oBACtB,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;wBAAE,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBAC/D,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,GAAG,qCAAqC,KAAK,CAAC,SAAS,UAAU,GAAG,EAAE,CAAC,CAAC;QAClG,CAAC;IACH,CAAC;IAED,uEAAuE;IACvE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAU,CAAC;IACzC,IAAI,IAAA,oBAAU,EAAC,KAAK,CAAC,WAAW,CAAC,EAAE,CAAC;QAClC,IAAI,OAAiB,CAAC;QACtB,IAAI,CAAC;YACH,OAAO,GAAG,IAAA,qBAAW,EAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC7D,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,GAAG,yCAAyC,KAAK,CAAC,WAAW,UAAU,GAAG,EAAE,CAAC,CAAC;YACtG,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,GAAG,0DAA0D,CAAC,CAAC;YACvF,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE,CAAC;YAC5B,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YACpC,MAAM,UAAU,GAAG,IAAA,gBAAI,EAAC,KAAK,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC;gBACH,IAAI,CAAC,IAAA,kBAAQ,EAAC,UAAU,CAAC,CAAC,WAAW,EAAE;oBAAE,SAAS;YACpD,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS;YACX,CAAC;YACD,MAAM,eAAe,GAAG,IAAA,gBAAI,EAAC,UAAU,EAAE,cAAc,CAAC,CAAC;YACzD,IAAI,CAAC,IAAA,oBAAU,EAAC,eAAe,CAAC;gBAAE,SAAS;YAC3C,IAAI,MAAM,GAAiB,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAA,sBAAY,EAAC,eAAe,EAAE,OAAO,CAAC,CAA4B,CAAC;gBAC7F,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAiB,CAAC;YACjD,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,GAAG,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC7D,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,GAAG,oCAAoC,eAAe,UAAU,GAAG,EAAE,CAAC,CAAC;gBAC/F,SAAS;YACX,CAAC;YAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;gBACvB,IAAI,OAAO,CAAC,CAAC,MAAM,KAAK,QAAQ;oBAAE,SAAS;gBAC3C,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;gBAC7B,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;oBAChC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;oBACzC,OAAO,CAAC,KAAK,CACX,IAAI,KAAK,CAAC,GAAG,4CAA4C,WAAW,WAAW,eAAe,EAAE,CACjG,CAAC;oBACF,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;oBAC/E,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;gBAC1B,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,KAAK,MAAM,GAAG,IAAI,YAAY,EAAE,CAAC;QAC/B,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACpC,OAAO,CAAC,KAAK,CACX,IAAI,KAAK,CAAC,GAAG,4CAA4C,WAAW,WAAW,KAAK,CAAC,SAAS,EAAE,CACjG,CAAC;YACF,MAAM,CAAC,mBAAmB,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACjD,MAAM,CAAC,WAAW,IAAI,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,GAAG,gCAAgC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACjF,OAAO,MAAM,CAAC;AAChB,CAAC"}