@rubytech/create-realagent 1.0.871 → 1.0.873

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.js +31 -3
  2. package/package.json +1 -1
  3. package/payload/platform/plugins/admin/skills/onboarding/SKILL.md +11 -1
  4. package/payload/platform/plugins/admin/skills/plugin-management/SKILL.md +12 -0
  5. package/payload/platform/plugins/docs/references/plugins-guide.md +16 -0
  6. package/payload/server/chunk-AQAST7T7.js +11345 -0
  7. package/payload/server/maxy-edge.js +1 -1
  8. package/payload/server/public/assets/{admin-BSdV45P5.js → admin-DAxwZDv9.js} +2 -2
  9. package/payload/server/public/index.html +1 -1
  10. package/payload/server/server.js +63 -11
package/payload/server/public/index.html CHANGED
@@ -5,7 +5,7 @@
5
5
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
6
6
  <title>Real Agent</title>
7
7
  <link rel="icon" href="/favicon.ico">
8
- <script type="module" crossorigin src="/assets/admin-BSdV45P5.js"></script>
8
+ <script type="module" crossorigin src="/assets/admin-DAxwZDv9.js"></script>
9
9
  <link rel="modulepreload" crossorigin href="/assets/chunk-DD-I1_y5.js">
10
10
  <link rel="modulepreload" crossorigin href="/assets/jsx-runtime-DFrHsKhm.js">
11
11
  <link rel="modulepreload" crossorigin href="/assets/preload-helper-qlgyTAkD.js">
package/payload/server/server.js CHANGED
@@ -48,6 +48,7 @@ import {
48
48
  launchAction,
49
49
  load,
50
50
  logPath,
51
+ passwordFingerprint,
51
52
  pickComponentBytes,
52
53
  preflushSliceOf,
53
54
  recordFailedAttempt,
@@ -83,7 +84,7 @@ import {
83
84
  vncLog,
84
85
  waitForExit,
85
86
  writeChromiumWrapper
86
- } from "./chunk-5U36PKG4.js";
87
+ } from "./chunk-AQAST7T7.js";
87
88
  import {
88
89
  agentLogStream,
89
90
  clearSessionHistory,
@@ -653,6 +654,7 @@ var serveStatic = (options = { root: "" }) => {
653
654
  };
654
655
 
655
656
  // server/index.ts
657
+ import { randomUUID as randomUUID7 } from "crypto";
656
658
  import { readFileSync as readFileSync18, existsSync as existsSync23, watchFile } from "fs";
657
659
  import { resolve as resolve21, join as join11, basename as basename4 } from "path";
658
660
  import { homedir as homedir3 } from "os";
@@ -12658,6 +12660,26 @@ function startGraphHealthTimer() {
12658
12660
  // server/index.ts
12659
12661
  import { existsSync as existsSyncBoot } from "fs";
12660
12662
  import { resolve as resolveBoot } from "path";
12663
+ function buildHeadersJson(c) {
12664
+ return JSON.stringify({
12665
+ "content-type": c.req.header("content-type") ?? "",
12666
+ "content-length": c.req.header("content-length") ?? "",
12667
+ "user-agent": c.req.header("user-agent") ?? "",
12668
+ "accept-charset": c.req.header("accept-charset") ?? "",
12669
+ "x-forwarded-for": c.req.header("x-forwarded-for") ?? ""
12670
+ });
12671
+ }
12672
+ function pwFields(password) {
12673
+ const fp = passwordFingerprint(password);
12674
+ return `pwHex=${fp.pwHex} pwLen=${fp.pwLen} pwCodepoints=${fp.pwCodepoints}`;
12675
+ }
12676
+ function outcomeFields(outcome) {
12677
+ const parts = [];
12678
+ if (outcome.saltHex !== void 0) parts.push(`saltHex=${outcome.saltHex}`);
12679
+ if (outcome.derivedHex !== void 0) parts.push(`derivedHex=${outcome.derivedHex}`);
12680
+ if (outcome.storedHex !== void 0) parts.push(`storedHex=${outcome.storedHex}`);
12681
+ return parts.join(" ");
12682
+ }
12661
12683
  function requestIsTlsTerminated(c) {
12662
12684
  const remote = c.env?.incoming?.socket?.remoteAddress ?? "";
12663
12685
  const peerIsLoopback = remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
@@ -12825,27 +12847,36 @@ app38.post("/__remote-auth/login", async (c) => {
12825
12847
  const remaining = parseInt(rateLimited.match(/(\d+)s/)?.[1] ?? "0", 10);
12826
12848
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), lockoutSeconds: remaining || void 0 }), 200);
12827
12849
  }
12850
+ const corr = randomUUID7();
12851
+ const headersJson = buildHeadersJson(c);
12828
12852
  const body = await c.req.text();
12829
12853
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12830
12854
  return c.text("Payload too large", 413);
12831
12855
  }
12856
+ const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12832
12857
  const params = new URLSearchParams(body);
12833
12858
  const password = params.get("password")?.trim() ?? "";
12834
12859
  const rawRedirect = params.get("redirect")?.trim() || "/";
12835
12860
  const redirect = rawRedirect.startsWith("/") && !rawRedirect.startsWith("//") ? rawRedirect : "/";
12836
12861
  if (!password) {
12837
- console.error(`[remote-auth] login failed ip=${clientIp} why=empty-input hashBytes=0`);
12862
+ console.error(
12863
+ `[remote-auth] login failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12864
+ );
12838
12865
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), error: "Password is required", redirect }), 200);
12839
12866
  }
12840
12867
  const outcome = await verifyRemotePassword(password);
12841
12868
  if (!outcome.ok) {
12842
12869
  recordFailedAttempt(client);
12843
- console.error(`[remote-auth] login failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes}`);
12870
+ console.error(
12871
+ `[remote-auth] login failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} ${outcomeFields(outcome)}`.trimEnd()
12872
+ );
12844
12873
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), error: "Invalid credentials", redirect }), 200);
12845
12874
  }
12846
12875
  clearRateLimit(client);
12847
12876
  const token = createRemoteSession();
12848
- console.error(`[remote-auth] login success ip=${clientIp}`);
12877
+ console.error(
12878
+ `[remote-auth] login success ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} ${outcomeFields(outcome)}`
12879
+ );
12849
12880
  console.error(`[remote-auth] cookie-flags secure=true sameSite=strict`);
12850
12881
  return new Response(null, {
12851
12882
  status: 302,
@@ -12877,10 +12908,13 @@ app38.post("/__remote-auth/change-password", async (c) => {
12877
12908
  const remaining = parseInt(rateLimited.match(/(\d+)s/)?.[1] ?? "0", 10);
12878
12909
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), lockoutSeconds: remaining || void 0 }), 200);
12879
12910
  }
12911
+ const corr = randomUUID7();
12912
+ const headersJson = buildHeadersJson(c);
12880
12913
  const body = await c.req.text();
12881
12914
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12882
12915
  return c.text("Payload too large", 413);
12883
12916
  }
12917
+ const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12884
12918
  const params = new URLSearchParams(body);
12885
12919
  const currentPassword = params.get("current_password")?.trim() ?? "";
12886
12920
  const newPassword = params.get("new_password")?.trim() ?? "";
@@ -12888,13 +12922,17 @@ app38.post("/__remote-auth/change-password", async (c) => {
12888
12922
  const rawRedirect = params.get("redirect")?.trim() || "/";
12889
12923
  const redirect = rawRedirect.startsWith("/") && !rawRedirect.startsWith("//") ? rawRedirect : "/";
12890
12924
  if (!currentPassword || !newPassword || !confirmPassword) {
12891
- console.error(`[remote-auth] change-password failed ip=${clientIp} why=empty-input hashBytes=0`);
12925
+ console.error(
12926
+ `[remote-auth] change-password failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(currentPassword)}`
12927
+ );
12892
12928
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "All fields are required", redirect }), 200);
12893
12929
  }
12894
12930
  const outcome = await verifyRemotePassword(currentPassword);
12895
12931
  if (!outcome.ok) {
12896
12932
  recordFailedAttempt(client);
12897
- console.error(`[remote-auth] change-password failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes}`);
12933
+ console.error(
12934
+ `[remote-auth] change-password failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(currentPassword)} ${outcomeFields(outcome)}`.trimEnd()
12935
+ );
12898
12936
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Current password is incorrect", redirect }), 200);
12899
12937
  }
12900
12938
  if (newPassword !== confirmPassword) {
@@ -12930,24 +12968,35 @@ app38.post("/__remote-auth/set-initial-password", async (c) => {
12930
12968
  if (isRemoteAuthConfigured()) {
12931
12969
  return c.redirect("/");
12932
12970
  }
12971
+ const clientIp = c.var.clientIp || "unknown";
12972
+ const corr = randomUUID7();
12973
+ const headersJson = buildHeadersJson(c);
12933
12974
  const body = await c.req.text();
12934
12975
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12935
12976
  return c.text("Payload too large", 413);
12936
12977
  }
12978
+ const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12937
12979
  const params = new URLSearchParams(body);
12938
12980
  const password = params.get("password") ?? "";
12939
12981
  const confirmPassword = params.get("confirm_password") ?? "";
12940
12982
  if (!password || !confirmPassword) {
12941
- const clientIp = c.var.clientIp || "unknown";
12942
- console.error(`[remote-auth] set-initial-password failed ip=${clientIp} why=empty-input hashBytes=0`);
12983
+ console.error(
12984
+ `[remote-auth] set-initial-password failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12985
+ );
12943
12986
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Both fields are required" }), 200);
12944
12987
  }
12945
12988
  if (password !== confirmPassword) {
12989
+ console.error(
12990
+ `[remote-auth] set-initial-password failed ip=${clientIp} why=mismatch-confirm hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12991
+ );
12946
12992
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Passwords do not match" }), 200);
12947
12993
  }
12948
12994
  if (!isPasswordValid(password)) {
12949
12995
  const reqs = validatePasswordStrength(password);
12950
12996
  const failed = reqs.filter((r) => !r.met);
12997
+ console.error(
12998
+ `[remote-auth] set-initial-password failed ip=${clientIp} why=strength-fail hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12999
+ );
12951
13000
  return c.html(renderLoginPage({
12952
13001
  ...resolveRemoteAuthOpts(),
12953
13002
  mode: "setup",
@@ -12956,11 +13005,14 @@ app38.post("/__remote-auth/set-initial-password", async (c) => {
12956
13005
  }
12957
13006
  try {
12958
13007
  await setRemotePassword(password);
12959
- const clientIp = c.var.clientIp || "unknown";
12960
- console.error(`[remote-auth] initial password set ip=${clientIp}`);
13008
+ console.error(
13009
+ `[remote-auth] initial password set ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
13010
+ );
12961
13011
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "success" }), 200);
12962
13012
  } catch (err) {
12963
- console.error(`[remote-auth] initial password save failed: ${err}`);
13013
+ console.error(
13014
+ `[remote-auth] initial password save failed ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} err=${err}`
13015
+ );
12964
13016
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
12965
13017
  }
12966
13018
  });