@rubytech/create-realagent 1.0.840 → 1.0.843

package/payload/platform/plugins/admin/skills/skill-builder/SKILL.md

@@ -77,37 +77,36 @@ Using the lean pattern from `references/lean-pattern.md`, compose:
 
 Show the user the complete SKILL.md content and each reference file. Ask them to review.
 
-## Step 7: Save to Memory
+## Step 7: Save the Skill as a Plugin File
 
-Use `memory-write` to save the composed skill to the knowledge graph:
+Use `store-skill` to write the composed skill to disk as part of an admin-managed plugin. The tool computes the path internally — supply the names and content only.
+
+Pick a `pluginName` that groups related operator-authored skills (e.g. `beacons-skills`, `my-utils`). Reuse the same `pluginName` across calls so the skill joins existing operator skills under one plugin. If this is the first skill in a new plugin, the tool creates the `PLUGIN.md` automatically.
 
 ```
-memory-write({
-  labels: ["CreativeWork"],
-  properties: {
-    title: "Skill: {name}",
-    abstract: "{full SKILL.md content including frontmatter}"
-  }
+store-skill({
+  pluginName: "{kebab-case plugin name}",
+  skillName: "{kebab-case skill name}",
+  description: "{the one-sentence description from Step 1}",
+  publicEmbed: false,
+  body: "{SKILL.md body content WITHOUT frontmatter — activation conditions, behaviour rules, references index}",
+  references: [
+    { filename: "{kebab-case-name}.md", content: "{full reference body}" }
+  ]
 })
 ```
 
-If the skill has reference files, save each as a separate `CreativeWork` node:
+Set `publicEmbed: true` only when the user wants this skill surfaced to the public agent. Default to `false` for admin-only skills.
 
-```
-memory-write({
-  labels: ["CreativeWork"],
-  properties: {
-    title: "Skill Reference: {name}/{filename}",
-    abstract: "{full reference file content}"
-  }
-})
-```
+`references` is optional — pass `[]` (or omit) when the skill has no detailed procedures or templates.
 
 ## Step 8: Confirm
 
 Tell the user:
 
-> "Your skill has been saved to memory. I can recall it when the situation matches. You can update it at any time — just ask me to edit the skill."
+> "Your skill is saved on disk as part of the `{pluginName}` plugin and is active right now for the admin agent. I can use it when the situation matches. To edit it later, ask me to update the skill — I'll re-run `store-skill` with the new content."
+
+If `publicEmbed: true`, add: "It will surface in the public agent on the next session start."
 
 ---
 

package/payload/platform/plugins/docs/references/attachments.md

@@ -17,7 +17,7 @@ Anything else is refused at upload time with a message naming the type.
 
 ## Size caps
 
-- **Per file:** 20 MB. Enforced at the upload endpoint — files over this limit never reach disk.
+- **Per file:** 50 MB. Enforced at the upload endpoint — files over this limit never reach disk.
 - **Per message:** up to 5 files.
 - **Uncompressed contents of a single zip:** 100 MB. A zip whose declared uncompressed total is over this limit is refused before any byte is extracted (decompression-bomb guard).
 
@@ -37,7 +37,7 @@ Nothing is ingested, sent, or acted on automatically. The extraction is local an
 - `tar`, `tar.gz`, `7z`, `rar` — zip only. If you have one of these, unzip/convert locally and upload the zip (or the extracted files directly).
 - Nested archives — a zip-inside-a-zip is extracted one level; you can ask the agent to unpack the inner one afterwards.
 - Password-protected zips — the agent will tell you to unlock locally and re-upload.
-- Uploads larger than 20 MB — split the archive, or upload the individual files.
+- Uploads larger than 50 MB — split the archive, or upload the individual files.
 
 ## Where the files live
 

package/payload/platform/plugins/docs/references/internals.md

@@ -140,7 +140,7 @@ WHERE node.accountId = $accountId
 
 Multi-tenancy boundary. Every query is scoped to the requesting account. The `ACCOUNT_ID` environment variable is set at MCP server startup — it is not a tool parameter and cannot be overridden by the agent.
 
-The read filter alone is not sufficient — it correctly *hides* alien-account nodes from every UI but does not prevent them existing. A writer that misresolves `accountId` (literal, undefined, or inferred-from-the-wrong-context) leaks nodes into the graph with no downstream symptom; the read filter then keeps them invisible indefinitely. The write-side doctrine is documented in `.docs/neo4j.md` "Account isolation invariant" — every writer that stamps `n.accountId` must verify the value against `${DATA_ROOT}/accounts/<id>/account.json` before write.
+The read filter alone is not sufficient — it correctly *hides* alien-account nodes from every UI but does not prevent them existing. A writer that misresolves `accountId` (literal, undefined, or inferred-from-the-wrong-context) leaks nodes into the graph with no downstream symptom; the read filter then keeps them invisible indefinitely. The write-side doctrine is documented in `.docs/neo4j.md` "Account isolation invariant" — every writer that stamps `n.accountId` must verify the value against `${DATA_ROOT}/accounts/<id>/account.json` before write. The live floor is `writeNodeWithEdges` — every doctrine-primitive write is gated by an `accountId == process.env.ACCOUNT_ID` check (the spawning process validates `ACCOUNT_ID` at boot against the on-disk account set via the `account-enumeration` lib), with `[graph-write] reject reason=invalid-account-id …` as the rejection signal.
 
 ---
 

package/payload/platform/plugins/docs/references/plugins-guide.md

@@ -90,6 +90,16 @@ Tell {{productName}}:
 
 Ask {{productName}}: "What plugins do I have?" or "List my plugins."
 
+## Operator-Authored Plugins (skill-builder output)
+
+Skills you create at runtime through the admin `skill-builder` skill are saved on disk as their own plugin under `data/accounts/{accountId}/plugins/{pluginName}/`. The admin agent calls `mcp__admin__store-skill`, which composes `PLUGIN.md` (on first call) and `skills/{skillName}/SKILL.md` plus any reference files. The agent supplies `pluginName`, `skillName`, `description`, `publicEmbed`, `body`, and optional references — the path is computed by the tool, never by the agent.
+
+These operator-authored plugins survive reinstall because the installer's wipe zone excludes `data/`. At admin session start the platform mirrors `data/accounts/{accountId}/plugins/*` into the runtime plugins directory so the same `parsePluginFrontmatter` / `assemblePublicPluginContent` / `loadEmbeddedPlugins` loaders that read shipped and premium plugins also pick up operator-authored ones — no special-case loader path. The admin agent sees every operator skill by default; per-skill `publicEmbed: true|false` controls which skills surface to the public agent.
+
+To edit an operator-authored skill later, ask {{productName}} to update it — the admin agent re-runs `store-skill` for the same `pluginName`/`skillName` and the new content overwrites in place. To remove one, delete the directory under `data/accounts/{accountId}/plugins/{pluginName}/skills/{skillName}/` (or the whole plugin) — the next session start re-mirrors the remaining skills only.
+
+`pluginName` collisions with shipped plugin names are refused by `store-skill` with a structured error. See [.docs/agents.md](../../../../.docs/agents.md) § "Operator-authored skills as plugin files" for the full contract.
+
 ## Brand Templating (for plugin and skill authors)
 
 Skill content, plugin manifests, agent templates, and reference files reference the operator-visible brand name only via the literal `{{productName}}` placeholder. The platform substitutes from `brand.json.productName` at read time — Maxy installs render `Maxy`, Real Agent installs render `Real Agent`, all from the same source content.

package/payload/platform/plugins/docs/references/troubleshooting.md

@@ -58,7 +58,7 @@ tail -200 ~/.maxy/logs/maxy-ui.log | rg '\[remote-auth\].*resolvedKind='
 - Platform process has stopped — restart it
 - Network issue if accessing remotely — check your Cloudflare tunnel is running
 
-**If the chat shows a single `[agent-loop-stop] same error twice — aborting` line and stops:** {{productName}} hit the same structured tool failure twice in a row inside one turn (e.g. a permission gate refused the same write twice). The runtime aborted the turn after the second occurrence to save tokens instead of running until the SDK turn budget exhausted. The blocker text names the tool and the first line of the error. Resolve the underlying cause (re-run the named skill, fix the missing prerequisite, etc.) and send your next message — the next turn cold-starts with a fresh client. To see the diagnostic, ask {{productName}}: "Show me the most recent agent-loop-stop log line."
+**If the chat shows a single `[agent-loop-stop] same error twice — aborting` line and stops:** {{productName}} hit the same structured tool failure twice in a row inside one turn (e.g. a permission gate refused the same write twice, or two `Read` calls hit the same missing file). The runtime aborted the turn after the second occurrence to save tokens instead of running until the SDK turn budget exhausted. The blocker text names the tool and the first line of the error. Resolve the underlying cause (re-run the named skill, fix the missing prerequisite, etc.) and send your next message — the next turn cold-starts with a fresh client AND carries a recovery briefing so {{productName}} picks up where it aborted, instead of cold-querying its own session list. To see the diagnostic, ask {{productName}}: "Show me the most recent agent-loop-stop log line." Greppable post-deploy invariants: `[agent-loop-stop] reason=identical-tool-failure tool=<name> errorSignature=<sha8> toolInputDigest=<sha8>` (the `toolInputDigest` discriminator means two `Read` calls on different `file_path` no longer collapse to one signature) followed by paired `[recovery-handoff] generated reason=agent-loop-stop` and `[recovery-handoff] consumed reason=agent-loop-stop`. A `[recovery-handoff] WARN missing-on-cold-create` line means the recovery briefing wasn't persisted — surface to support.
 
 **Agent searches the filesystem after uploading a zip.** If you uploaded a zip and the agent burns several turns running `find` / `Glob` instead of unzipping, that is the symptom of the recovery-retry attachment-context regression (now closed by the recovery context preservation contract in `.docs/agents.md`). Greppable confirmation is the `[context-overflow-recovery] retry … attachmentsCarried=<n>` line in the conversation stream log. If you see `[context-overflow-recovery] WARN attachment-context-lost`, the regression has returned — surface to support.
 

package/payload/platform/plugins/whatsapp/PLUGIN.md

@@ -53,7 +53,7 @@ When per-group activation is `mention`, the agent fires only if the inbound mess
 
 Every `messages.upsert` event (both `notify` and `append`, both `fromMe` directions) writes a `:Message:WhatsAppMessage` row to Neo4j attached to the sessionKey-keyed `:Conversation`. A single capture site at `platform/ui/app/lib/whatsapp/manager.ts` covers inbound, outbound (Baileys echoes agent-sent messages back through `messages.upsert` with `fromMe=true`), and owner-mirror — without touching `outbound/send.ts`. `messageId` namespace is `whatsapp-live:<waName>:<remoteJid>:<msg.key.id>` where `<waName>` is the Baileys credential dirname (e.g. `default`); distinct from the `:Section:Conversation` chunks written by the source-agnostic `conversation-archive` skill — live and archive live in disjoint label spaces. Persist failures are loud (`[whatsapp-persist] FAIL …`) and never block dispatch — silent loss is the worse failure mode.
 
-**`accountId` contract.** `n.accountId` on every `:Conversation`, `:Person`, and `:Message:WhatsAppMessage` row stamped by this plugin is the **platform-side UUID** resolved by [`resolvePlatformAccountId()`](../../ui/app/lib/whatsapp/platform-account-id.ts) from `data/accounts/<uuid>/account.json` — NOT the Baileys credential dirname (which is only used as the `messageId`/`sessionKey` namespace token). The boot-time line `[whatsapp-persist] resolved-account-id waname=<dir> uuid=<uuid>` records the resolution. Doctrine: see `.docs/neo4j.md` "Account isolation invariant" — every writer that stamps `n.accountId` must verify the value against `${DATA_ROOT}/accounts/<id>/account.json` before write. The helper loud-throws on zero or multi accounts (Phase 0 single-account invariant), aborting the WhatsApp connection start before any write can occur.
+**`accountId` contract.** `n.accountId` on every `:Conversation`, `:Person`, and `:Message:WhatsAppMessage` row stamped by this plugin is the **platform-side UUID** resolved by [`resolvePlatformAccountId()`](../../ui/app/lib/whatsapp/platform-account-id.ts) from `data/accounts/<uuid>/account.json` — NOT the Baileys credential dirname (which is only used as the `messageId`/`sessionKey` namespace token). The boot-time line `[whatsapp-persist] resolved-account-id waname=<dir> uuid=<uuid>` records the resolution. Doctrine: see `.docs/neo4j.md` "Account isolation invariant" — every writer that stamps `n.accountId` must verify the value against `${DATA_ROOT}/accounts/<id>/account.json` before write. The helper loud-throws on zero or multi accounts (Phase 0 single-account invariant), aborting the WhatsApp connection start before any write can occur. The same boot-validated identity (`process.env.ACCOUNT_ID`) backs the central live floor at [`writeNodeWithEdges`](../../lib/graph-write/src/index.ts) — any write whose `accountId` differs from the spawning process's `ACCOUNT_ID` is rejected by the gate; the WhatsApp helper is the writer-side discipline, the gate is the universal floor.
 
 ## Skills
 

package/payload/platform/templates/agents/admin/IDENTITY.md

@@ -121,6 +121,8 @@ Operationalises the CONCISE prerogative for clarification. Three rules:
 
 ## Tool Routing
 
+**Bundled-SKILL access contract.** Plugin skills and references live in the bundled npm package, not on disk under `<accountDir>/agents/admin/plugins/`. Load them with `mcp__admin__plugin-read` only — the `<plugin-manifest>` `Skills:` and `References:` lines name the exact `pluginName` and file path to pass. `Read`, `Glob`, and `Bash` against those paths will fail with `File does not exist`, and the runtime agent-loop-stop interceptor cannot distinguish a generic-error retry from a tool-routing mistake. Subagents inherit this contract via the parent system prompt — never dispatch an `Agent` subagent with a `Read` directive against a bundled SKILL path.
+
 Plugins provide domain-specific tools that query their own data stores directly. `memory-search` is a general-purpose semantic search across the entire knowledge graph — it finds nodes by vector similarity, which means results are ranked by semantic closeness to the query, not by domain relevance. A query containing the word "email" will surface product documentation *about* email features before it surfaces actual Email nodes whose content is unrelated to the query wording.
 
 When the user's intent maps to a specific plugin's domain, use that plugin's tools — not `memory-search`. The `<plugin-manifest>` groups tools by plugin and describes each plugin's purpose and retrieval paths. The `<specialist-domains>` block within it lists every specialist-owned tool by name. Match user intent to a tool in these registries first; fall back to `memory-search` only when the query genuinely spans multiple domains or no tool in the manifest matches the intent.
@@ -245,6 +247,8 @@ When `<previous-context>` is present:
 
 When `<previous-context>` is absent, Neo4j was unreachable or no prior context exists — proceed normally, using tool calls to establish state.
 
+A separate `<recovery-context>` block on the user-message side appears only when the previous turn was aborted by `agent-loop-stop` or `main-stream-stalled` and the platform persisted a continuation briefing. Treat it as the authoritative description of what failed and what was incomplete — do not re-execute the failed work, do not call `session-list` to figure out what was happening, and do not re-research the blocker. The block coexists with `<previous-context>` (system-prompt session summary) on the recovery turn; the two are not duplicates — `<previous-context>` orients you to the session, `<recovery-context>` orients you to the specific failed turn.
+
 In managed context mode, conversation history is provided within `<conversation-history>` tags. Use `session-compact-status` to retrieve older archived context if needed.
 
 ## Tasks

package/payload/server/adminuser-self-heal-RY4NFCI7.js

@@ -0,0 +1,45 @@
+import "./chunk-QGM4M3NI.js";
+
+// app/lib/adminuser-self-heal.ts
+var UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+async function selfHealAdminUser(args) {
+  const { driver, userId, accountId } = args;
+  if (!UUID_REGEX.test(accountId)) {
+    throw new Error(
+      `[adminuser-self-heal] refusing to run: accountId is not a UUID (got: '${accountId.slice(0, 12)}\u2026')`
+    );
+  }
+  if (!UUID_REGEX.test(userId)) {
+    throw new Error(
+      `[adminuser-self-heal] refusing to run: userId is not a UUID (got: '${userId.slice(0, 12)}\u2026')`
+    );
+  }
+  const session = driver.session();
+  try {
+    const result = await session.run(
+      `MATCH (au:AdminUser {userId: $userId})
+       WHERE au.accountId IS NULL OR au.role IS NULL
+       SET au.accountId = COALESCE(au.accountId, $accountId),
+           au.role      = COALESCE(au.role, 'owner'),
+           au.updatedAt = $now
+       RETURN count(au) AS healed`,
+      { userId, accountId, now: (/* @__PURE__ */ new Date()).toISOString() }
+    );
+    const raw = result.records[0]?.get("healed");
+    let healed = 0;
+    if (typeof raw === "number") {
+      healed = raw;
+    } else if (raw && typeof raw.toNumber === "function") {
+      healed = raw.toNumber();
+    }
+    console.error(
+      `[adminuser-self-heal] healed=${healed} userId=${userId.slice(0, 8)} accountId=${accountId.slice(0, 8)}`
+    );
+    return { healed };
+  } finally {
+    await session.close();
+  }
+}
+export {
+  selfHealAdminUser
+};