@rubytech/create-realagent 1.0.852 → 1.0.854

package/dist/preflight-port-classifier.js

@@ -1,32 +1,39 @@
 // Task 938 — pure classifier for the install-time port collision pre-flight.
-// Extracted from index.ts so the OWN_BRAND / PEER_BRAND / UNRELATED decision
-// can be unit-tested without ss(8), /proc, or kill(2). Mirrors the
-// peer-brand-detect.ts pattern: inputs in, classification out, no I/O.
+// Task 939 — extended with Xtigervnc and websockify holder anchors, closing
+// the laptop + Pi miss where the brand's own VNC stack was misclassified
+// UNRELATED because Xtigervnc has no `--user-data-dir=` argv to anchor on.
 //
 // The wrapper in index.ts owns the side effects: ss read, /proc/<pid>/cmdline
 // read, SIGTERM/SIGKILL escalation, and the operator-override exit. This
-// module owns only the classification rule.
+// module owns only the classification rule — inputs in, decision out.
 //
-// Rule, in order of precedence:
-//   1. ssOutput is empty                              → EMPTY
-//   2. No `pid=N` token in ssOutput                   → UNRELATED (pid undef)
-//   3. getCmdline(pid) throws                         → UNRELATED (cmdlineReadFailed)
-//   4. argv has --user-data-dir=PATH where PATH contains
-//      `/<ownConfigDir>/chromium-profile`             → OWN_BRAND
-//   5. same for any `<peerConfigDir>`                 → PEER_BRAND
-//   6. otherwise                                       → UNRELATED
+// Holder detection (post-pid):
+//   argv[0] basename ∈ chromium-set                    → chromium
+//   argv[0] basename === "Xtigervnc"                   → xtigervnc
+//   any argv basename === "websockify" (full scan      → websockify
+//     because Pi Bookworm invokes it as
+//     `python3 /usr/bin/websockify …`, so argv[0] is
+//     the interpreter, not websockify itself)
+//   else                                                → unknown
 //
-// Why argv parsing instead of substring matching: `cmdline.includes('/.maxy/
-// chromium-profile')` would false-match `--load-extension=/tmp/.maxy/chromium-
-// profile` (or any other flag whose value happens to contain the profile path
-// component). Anchoring on `--user-data-dir=` is the only signal that this
-// process actually owns that profile directory.
+// Per-holder anchor:
+//   chromium   — `--user-data-dir=PATH`; PATH contains `/<configDir>/chromium-profile`
+//                → OWN_BRAND if configDir matches own; PEER_BRAND if matches peer.
+//                False-match guard: argv-anchor on the flag, never substring,
+//                so `--load-extension=…/<configDir>/…` cannot poison.
+//   xtigervnc  — first non-flag argv of the form `:N` (display number);
+//                vnc.sh invokes `Xtigervnc "${VNC_DISPLAY}" -rfbport …` so
+//                argv[1] is literally `:99`, `:100`, etc. Match N against
+//                own.vncDisplay / peer.vncDisplay.
+//   websockify — collect every port number embedded in argv (covers both
+//                `[::]:6080` bind form and `localhost:5900` upstream form).
+//                Per Task 924, brand websockifyPort/rfbPort sets are
+//                disjoint, so at most one brand's websockifyPort can appear.
 //
 // Why "last pid=" instead of "first pid=": ss with `-tlnpH sport = :PORT`
-// emits the LISTEN row last; if a future ss locale or release prepends a
-// header line that contains `pid=` text, the first-match heuristic would
-// lift the wrong pid. The last `pid=` is always inside the LISTEN row's
-// `users:((…))` segment.
+// emits the LISTEN row last; if a future ss locale prepends a header line
+// containing `pid=` text, the first-match heuristic would lift the wrong
+// pid. The last `pid=` is always inside the LISTEN row's `users:((…))`.
 /**
  * `cmdline` should be the raw `/proc/<pid>/cmdline` contents — NUL-separated
  * argv as the kernel emits it. Do NOT replace NUL with space before passing:
@@ -34,11 +41,9 @@
  * different flag whose value happens to contain `--user-data-dir=`.
  */
 export function classifyPortHolder(args) {
-    const { ssOutput, ownConfigDir, peerConfigDirs, getCmdline } = args;
+    const { ssOutput, ownBrand, peerBrands, getCmdline } = args;
     if (ssOutput.trim() === "")
         return { kind: "EMPTY" };
-    // Take the LAST pid= match. ss -tlnpH puts the LISTEN row (which contains
-    // `users:((…,pid=N,fd=…))`) last, so the last pid= is always the listener.
     const pidMatches = [...ssOutput.matchAll(/pid=(\d+)/g)];
     if (pidMatches.length === 0)
         return { kind: "UNRELATED" };
@@ -50,38 +55,168 @@ export function classifyPortHolder(args) {
     catch {
         return { kind: "UNRELATED", pid, cmdlineReadFailed: true };
     }
-    // Pretty cmdline (NULs → spaces) for log output. The argv-aware matching
-    // operates on the raw NUL-separated form.
     const prettyCmdline = cmdline.replace(/\0/g, " ").trim();
     const argv = cmdline.split("\0").filter(s => s.length > 0);
-    const userDataDir = findUserDataDir(argv);
+    const holderType = detectHolderType(argv);
+    switch (holderType) {
+        case "chromium":
+            return classifyChromium(argv, prettyCmdline, pid, ownBrand, peerBrands);
+        case "xtigervnc":
+            return classifyXtigervnc(argv, prettyCmdline, pid, ownBrand, peerBrands);
+        case "websockify":
+            return classifyWebsockify(argv, prettyCmdline, pid, ownBrand, peerBrands);
+        case "unknown":
+            return { kind: "UNRELATED", pid, cmdline: prettyCmdline, holderType };
+    }
+}
+// ---------------------------------------------------------------------------
+// Holder detection
+// ---------------------------------------------------------------------------
+const CHROMIUM_BASENAMES = new Set([
+    "chrome",
+    "chromium",
+    "chromium-browser",
+    "google-chrome",
+    "google-chrome-stable",
+]);
+function basename(p) {
+    const i = p.lastIndexOf("/");
+    return i === -1 ? p : p.slice(i + 1);
+}
+function detectHolderType(argv) {
+    if (argv.length === 0)
+        return "unknown";
+    const head = basename(argv[0]);
+    if (CHROMIUM_BASENAMES.has(head))
+        return "chromium";
+    if (head === "Xtigervnc")
+        return "xtigervnc";
+    // websockify can be invoked directly (shebang) or via python; scan argv.
+    for (const a of argv) {
+        if (basename(a) === "websockify")
+            return "websockify";
+    }
+    return "unknown";
+}
+// ---------------------------------------------------------------------------
+// Per-holder anchors
+// ---------------------------------------------------------------------------
+function classifyChromium(argv, prettyCmdline, pid, ownBrand, peerBrands) {
+    const userDataDir = findFlagValue(argv, "--user-data-dir");
     if (userDataDir === null) {
-        return { kind: "UNRELATED", pid, cmdline: prettyCmdline };
+        // Kernel threads, GPU/zygote/utility chrome processes inherit profile
+        // via fork without re-stating --user-data-dir. They wouldn't be
+        // listening anyway, but classify UNRELATED if one ever shows up here
+        // — never OWN_BRAND on a substring fluke.
+        return { kind: "UNRELATED", pid, cmdline: prettyCmdline, holderType: "chromium" };
     }
-    const ownSuffix = `/${ownConfigDir}/chromium-profile`;
+    const ownSuffix = `/${ownBrand.configDir}/chromium-profile`;
     if (userDataDir.includes(ownSuffix)) {
-        return { kind: "OWN_BRAND", pid, cmdline: prettyCmdline, profilePath: userDataDir };
+        return {
+            kind: "OWN_BRAND", pid, cmdline: prettyCmdline,
+            profilePath: userDataDir, holderType: "chromium",
+        };
     }
-    for (const peerCD of peerConfigDirs) {
-        const peerSuffix = `/${peerCD}/chromium-profile`;
+    for (const peer of peerBrands) {
+        const peerSuffix = `/${peer.configDir}/chromium-profile`;
         if (userDataDir.includes(peerSuffix)) {
-            return { kind: "PEER_BRAND", pid, cmdline: prettyCmdline, profilePath: userDataDir };
+            return {
+                kind: "PEER_BRAND", pid, cmdline: prettyCmdline,
+                profilePath: userDataDir, holderType: "chromium",
+            };
+        }
+    }
+    return { kind: "UNRELATED", pid, cmdline: prettyCmdline, holderType: "chromium" };
+}
+function classifyXtigervnc(argv, prettyCmdline, pid, ownBrand, peerBrands) {
+    const display = parseDisplayArg(argv);
+    if (display === null) {
+        return { kind: "UNRELATED", pid, cmdline: prettyCmdline, holderType: "xtigervnc" };
+    }
+    if (display === ownBrand.vncDisplay) {
+        return {
+            kind: "OWN_BRAND", pid, cmdline: prettyCmdline,
+            vncDisplay: display, holderType: "xtigervnc",
+        };
+    }
+    for (const peer of peerBrands) {
+        if (display === peer.vncDisplay) {
+            return {
+                kind: "PEER_BRAND", pid, cmdline: prettyCmdline,
+                vncDisplay: display, holderType: "xtigervnc",
+            };
         }
     }
-    return { kind: "UNRELATED", pid, cmdline: prettyCmdline };
+    return {
+        kind: "UNRELATED", pid, cmdline: prettyCmdline,
+        vncDisplay: display, holderType: "xtigervnc",
+    };
 }
-// Find the value of `--user-data-dir`, supporting both `--user-data-dir=PATH`
-// (single argv) and `--user-data-dir PATH` (split across two argvs). Returns
-// null if the flag is absent.
-function findUserDataDir(argv) {
-    const FLAG = "--user-data-dir";
-    const PREFIX = `${FLAG}=`;
+function classifyWebsockify(argv, prettyCmdline, pid, ownBrand, peerBrands) {
+    const ports = collectPorts(argv);
+    if (ports.has(ownBrand.websockifyPort)) {
+        return {
+            kind: "OWN_BRAND", pid, cmdline: prettyCmdline,
+            websockifyPort: ownBrand.websockifyPort, holderType: "websockify",
+        };
+    }
+    for (const peer of peerBrands) {
+        if (ports.has(peer.websockifyPort)) {
+            return {
+                kind: "PEER_BRAND", pid, cmdline: prettyCmdline,
+                websockifyPort: peer.websockifyPort, holderType: "websockify",
+            };
+        }
+    }
+    return { kind: "UNRELATED", pid, cmdline: prettyCmdline, holderType: "websockify" };
+}
+// ---------------------------------------------------------------------------
+// argv parsing helpers
+// ---------------------------------------------------------------------------
+// Find --flag=VALUE (single argv) or --flag VALUE (split across two argvs).
+function findFlagValue(argv, flag) {
+    const PREFIX = `${flag}=`;
     for (let i = 0; i < argv.length; i++) {
         const a = argv[i];
         if (a.startsWith(PREFIX))
             return a.slice(PREFIX.length);
-        if (a === FLAG && i + 1 < argv.length)
+        if (a === flag && i + 1 < argv.length)
             return argv[i + 1];
     }
     return null;
 }
+// First non-flag argv of the form `:N` after argv[0]. vnc.sh's invocation
+// puts the display in argv[1], but the function tolerates additional
+// pre-positional flags by scanning past any `-`-prefixed token.
+function parseDisplayArg(argv) {
+    for (let i = 1; i < argv.length; i++) {
+        const a = argv[i];
+        if (a.startsWith("-"))
+            continue;
+        const m = a.match(/^:(\d+)$/);
+        if (m)
+            return Number(m[1]);
+    }
+    return null;
+}
+// Collect every port number embedded in argv. Matches:
+//   "[::]:6080"        → 6080  (websockify bind, IPv6 wildcard)
+//   "0.0.0.0:8080"     → 8080  (bind, IPv4 wildcard)
+//   "localhost:5900"   → 5900  (websockify upstream)
+//   "6080"             → 6080  (bare positional)
+// Skips flag tokens beginning with "-".
+function collectPorts(argv) {
+    const ports = new Set();
+    const portRe = /(?::|^)(\d{1,5})$/;
+    for (const a of argv) {
+        if (a.startsWith("-"))
+            continue;
+        const m = a.match(portRe);
+        if (m === null)
+            continue;
+        const n = Number(m[1]);
+        if (n >= 1 && n <= 65535)
+            ports.add(n);
+    }
+    return ports;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-realagent",
-  "version": "1.0.852",
+  "version": "1.0.854",
   "description": "Install Real Agent — Built for agents. By agents.",
   "bin": {
     "create-realagent": "./dist/index.js"

package/payload/platform/config/brand-registry.json

@@ -0,0 +1,44 @@
+{
+  "brands": [
+    {
+      "hostname": "maxy",
+      "configDir": ".maxy",
+      "vncDisplay": 99,
+      "rfbPort": 5900,
+      "websockifyPort": 6080,
+      "cdpPort": 9222
+    },
+    {
+      "hostname": "maxy-2",
+      "configDir": ".maxy-2",
+      "vncDisplay": 101,
+      "rfbPort": 5902,
+      "websockifyPort": 6082,
+      "cdpPort": 9224
+    },
+    {
+      "hostname": "maxy-3",
+      "configDir": ".maxy-3",
+      "vncDisplay": 102,
+      "rfbPort": 5903,
+      "websockifyPort": 6083,
+      "cdpPort": 9225
+    },
+    {
+      "hostname": "maxy-4",
+      "configDir": ".maxy-4",
+      "vncDisplay": 103,
+      "rfbPort": 5904,
+      "websockifyPort": 6084,
+      "cdpPort": 9226
+    },
+    {
+      "hostname": "realagent",
+      "configDir": ".realagent",
+      "vncDisplay": 100,
+      "rfbPort": 5901,
+      "websockifyPort": 6081,
+      "cdpPort": 9223
+    }
+  ]
+}

package/payload/platform/lib/persistent-components/dist/index.d.ts

@@ -0,0 +1,21 @@
+/**
+ * The component names that the platform UI treats as long-lived editor
+ * surfaces (not single-shot prompts). They survive multiple `onSubmit`
+ * fires because the operator may auto-save mid-edit, and they are also
+ * the **server-side commitment surface** for Task 942: when the admin
+ * agent emits one of these names via `render-component`, the live
+ * stream-parser materialises the inline content as a sibling
+ * `:KnowledgeDocument` artefact so the row appears in the artefacts
+ * panel and survives session compaction.
+ *
+ * Single source of truth — the platform UI (`app/admin-types.ts`) and
+ * the admin MCP server (`plugins/admin/mcp/src/index.ts`) both import
+ * from this module. Any drift here is an account-isolation /
+ * persistence-doctrine bug; keep the constant in one place.
+ */
+export declare const PERSISTENT_COMPONENTS: Set<string>;
+/**
+ * Cheap, allocation-free guard for hot-path checks.
+ */
+export declare function isPersistentComponent(name: string | undefined | null): boolean;
+//# sourceMappingURL=index.d.ts.map

package/payload/platform/lib/persistent-components/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,qBAAqB,aAKhC,CAAC;AAEH;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,GAAG,OAAO,CAE9E"}

package/payload/platform/lib/persistent-components/dist/index.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PERSISTENT_COMPONENTS = void 0;
+exports.isPersistentComponent = isPersistentComponent;
+/**
+ * The component names that the platform UI treats as long-lived editor
+ * surfaces (not single-shot prompts). They survive multiple `onSubmit`
+ * fires because the operator may auto-save mid-edit, and they are also
+ * the **server-side commitment surface** for Task 942: when the admin
+ * agent emits one of these names via `render-component`, the live
+ * stream-parser materialises the inline content as a sibling
+ * `:KnowledgeDocument` artefact so the row appears in the artefacts
+ * panel and survives session compaction.
+ *
+ * Single source of truth — the platform UI (`app/admin-types.ts`) and
+ * the admin MCP server (`plugins/admin/mcp/src/index.ts`) both import
+ * from this module. Any drift here is an account-isolation /
+ * persistence-doctrine bug; keep the constant in one place.
+ */
+exports.PERSISTENT_COMPONENTS = new Set([
+    'action-list',
+    'document-editor',
+    'rich-content-editor',
+    'grid-editor',
+]);
+/**
+ * Cheap, allocation-free guard for hot-path checks.
+ */
+function isPersistentComponent(name) {
+    return typeof name === 'string' && exports.PERSISTENT_COMPONENTS.has(name);
+}
+//# sourceMappingURL=index.js.map

package/payload/platform/lib/persistent-components/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAyBA,sDAEC;AA3BD;;;;;;;;;;;;;;GAcG;AACU,QAAA,qBAAqB,GAAG,IAAI,GAAG,CAAS;IACnD,aAAa;IACb,iBAAiB;IACjB,qBAAqB;IACrB,aAAa;CACd,CAAC,CAAC;AAEH;;GAEG;AACH,SAAgB,qBAAqB,CAAC,IAA+B;IACnE,OAAO,OAAO,IAAI,KAAK,QAAQ,IAAI,6BAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACrE,CAAC"}

package/payload/platform/lib/persistent-components/src/index.ts

@@ -0,0 +1,28 @@
+/**
+ * The component names that the platform UI treats as long-lived editor
+ * surfaces (not single-shot prompts). They survive multiple `onSubmit`
+ * fires because the operator may auto-save mid-edit, and they are also
+ * the **server-side commitment surface** for Task 942: when the admin
+ * agent emits one of these names via `render-component`, the live
+ * stream-parser materialises the inline content as a sibling
+ * `:KnowledgeDocument` artefact so the row appears in the artefacts
+ * panel and survives session compaction.
+ *
+ * Single source of truth — the platform UI (`app/admin-types.ts`) and
+ * the admin MCP server (`plugins/admin/mcp/src/index.ts`) both import
+ * from this module. Any drift here is an account-isolation /
+ * persistence-doctrine bug; keep the constant in one place.
+ */
+export const PERSISTENT_COMPONENTS = new Set<string>([
+  'action-list',
+  'document-editor',
+  'rich-content-editor',
+  'grid-editor',
+]);
+
+/**
+ * Cheap, allocation-free guard for hot-path checks.
+ */
+export function isPersistentComponent(name: string | undefined | null): boolean {
+  return typeof name === 'string' && PERSISTENT_COMPONENTS.has(name);
+}

package/payload/platform/lib/persistent-components/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "extends": "../../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "dist",
+    "rootDir": "src"
+  },
+  "include": ["src"]
+}

package/payload/platform/package.json

@@ -6,8 +6,8 @@
     "plugins/*/mcp"
   ],
   "scripts": {
-    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/account-enumeration/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p lib/admins-write/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
-    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/account-enumeration/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p lib/admins-write/tsconfig.json",
+    "build": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/account-enumeration/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p lib/admins-write/tsconfig.json && tsc -p lib/persistent-components/tsconfig.json && NODE_OPTIONS='--max-old-space-size=8192' tsc -b plugins/*/mcp/tsconfig.json",
+    "build:lib": "tsc -p lib/models/tsconfig.json && tsc -p lib/anthropic-key/tsconfig.json && tsc -p lib/oauth-llm/tsconfig.json && tsc -p lib/mcp-stderr-tee/tsconfig.json && tsc -p lib/mcp-spawn-tee/tsconfig.json && tsc -p lib/account-enumeration/tsconfig.json && tsc -p lib/graph-write/tsconfig.json && tsc -p lib/graph-mcp/tsconfig.json && tsc -p lib/graph-trash/tsconfig.json && tsc -p lib/graph-search/tsconfig.json && tsc -p lib/screening-patterns/tsconfig.json && tsc -p lib/device-url/tsconfig.json && tsc -p lib/brand-templating/tsconfig.json && tsc -p lib/entitlement/tsconfig.json && tsc -p lib/task-secrets/tsconfig.json && tsc -p lib/admins-write/tsconfig.json && tsc -p lib/persistent-components/tsconfig.json",
     "build:memory": "tsc -p plugins/memory/mcp/tsconfig.json",
     "build:contacts": "tsc -p plugins/contacts/mcp/tsconfig.json",
     "build:telegram": "tsc -p plugins/telegram/mcp/tsconfig.json",

package/payload/platform/plugins/admin/PLUGIN.md

@@ -71,5 +71,5 @@ Tools are available via the `admin` MCP server.
 ## Hooks
 
 - `hooks/pre-tool-use.sh` — enforces admin agent write boundaries
-- `hooks/playwright-file-guard.sh` — intercepts file:// URLs with actionable guidance
+- `hooks/playwright-file-guard.sh` — rewrites file:// URLs to a backgrounded loopback http.server before Playwright sees them
 - `hooks/webfetch-preflight.mjs` — short-circuits WebFetch on JS-SPA shells with a structured `WEBFETCH_CANNOT_READ_JS_SPA` error so the agent surfaces a loud failure to the owner instead of paying the 60s extraction timeout. Fail-open on any internal error.