@rubytech/create-realagent 1.0.873 → 1.0.874

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/payload/server/maxy-edge.js +1 -1
  3. package/payload/server/server.js +11 -63
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rubytech/create-realagent",
3
- "version": "1.0.873",
3
+ "version": "1.0.874",
4
4
  "description": "Install Real Agent — Built for agents. By agents.",
5
5
  "bin": {
6
6
  "create-realagent": "./dist/index.js"
package/payload/server/maxy-edge.js CHANGED
@@ -18,7 +18,7 @@ import {
18
18
  streamActionEvents,
19
19
  vncLog,
20
20
  websockifyLog
21
- } from "./chunk-AQAST7T7.js";
21
+ } from "./chunk-5U36PKG4.js";
22
22
  import "./chunk-NDEQBCVI.js";
23
23
  import "./chunk-FHNFKJZN.js";
24
24
  import "./chunk-JSBRDJBE.js";
package/payload/server/server.js CHANGED
@@ -48,7 +48,6 @@ import {
48
48
  launchAction,
49
49
  load,
50
50
  logPath,
51
- passwordFingerprint,
52
51
  pickComponentBytes,
53
52
  preflushSliceOf,
54
53
  recordFailedAttempt,
@@ -84,7 +83,7 @@ import {
84
83
  vncLog,
85
84
  waitForExit,
86
85
  writeChromiumWrapper
87
- } from "./chunk-AQAST7T7.js";
86
+ } from "./chunk-5U36PKG4.js";
88
87
  import {
89
88
  agentLogStream,
90
89
  clearSessionHistory,
@@ -654,7 +653,6 @@ var serveStatic = (options = { root: "" }) => {
654
653
  };
655
654
 
656
655
  // server/index.ts
657
- import { randomUUID as randomUUID7 } from "crypto";
658
656
  import { readFileSync as readFileSync18, existsSync as existsSync23, watchFile } from "fs";
659
657
  import { resolve as resolve21, join as join11, basename as basename4 } from "path";
660
658
  import { homedir as homedir3 } from "os";
@@ -12660,26 +12658,6 @@ function startGraphHealthTimer() {
12660
12658
  // server/index.ts
12661
12659
  import { existsSync as existsSyncBoot } from "fs";
12662
12660
  import { resolve as resolveBoot } from "path";
12663
- function buildHeadersJson(c) {
12664
- return JSON.stringify({
12665
- "content-type": c.req.header("content-type") ?? "",
12666
- "content-length": c.req.header("content-length") ?? "",
12667
- "user-agent": c.req.header("user-agent") ?? "",
12668
- "accept-charset": c.req.header("accept-charset") ?? "",
12669
- "x-forwarded-for": c.req.header("x-forwarded-for") ?? ""
12670
- });
12671
- }
12672
- function pwFields(password) {
12673
- const fp = passwordFingerprint(password);
12674
- return `pwHex=${fp.pwHex} pwLen=${fp.pwLen} pwCodepoints=${fp.pwCodepoints}`;
12675
- }
12676
- function outcomeFields(outcome) {
12677
- const parts = [];
12678
- if (outcome.saltHex !== void 0) parts.push(`saltHex=${outcome.saltHex}`);
12679
- if (outcome.derivedHex !== void 0) parts.push(`derivedHex=${outcome.derivedHex}`);
12680
- if (outcome.storedHex !== void 0) parts.push(`storedHex=${outcome.storedHex}`);
12681
- return parts.join(" ");
12682
- }
12683
12661
  function requestIsTlsTerminated(c) {
12684
12662
  const remote = c.env?.incoming?.socket?.remoteAddress ?? "";
12685
12663
  const peerIsLoopback = remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
@@ -12847,36 +12825,27 @@ app38.post("/__remote-auth/login", async (c) => {
12847
12825
  const remaining = parseInt(rateLimited.match(/(\d+)s/)?.[1] ?? "0", 10);
12848
12826
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), lockoutSeconds: remaining || void 0 }), 200);
12849
12827
  }
12850
- const corr = randomUUID7();
12851
- const headersJson = buildHeadersJson(c);
12852
12828
  const body = await c.req.text();
12853
12829
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12854
12830
  return c.text("Payload too large", 413);
12855
12831
  }
12856
- const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12857
12832
  const params = new URLSearchParams(body);
12858
12833
  const password = params.get("password")?.trim() ?? "";
12859
12834
  const rawRedirect = params.get("redirect")?.trim() || "/";
12860
12835
  const redirect = rawRedirect.startsWith("/") && !rawRedirect.startsWith("//") ? rawRedirect : "/";
12861
12836
  if (!password) {
12862
- console.error(
12863
- `[remote-auth] login failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12864
- );
12837
+ console.error(`[remote-auth] login failed ip=${clientIp} why=empty-input hashBytes=0`);
12865
12838
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), error: "Password is required", redirect }), 200);
12866
12839
  }
12867
12840
  const outcome = await verifyRemotePassword(password);
12868
12841
  if (!outcome.ok) {
12869
12842
  recordFailedAttempt(client);
12870
- console.error(
12871
- `[remote-auth] login failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} ${outcomeFields(outcome)}`.trimEnd()
12872
- );
12843
+ console.error(`[remote-auth] login failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes}`);
12873
12844
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), error: "Invalid credentials", redirect }), 200);
12874
12845
  }
12875
12846
  clearRateLimit(client);
12876
12847
  const token = createRemoteSession();
12877
- console.error(
12878
- `[remote-auth] login success ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} ${outcomeFields(outcome)}`
12879
- );
12848
+ console.error(`[remote-auth] login success ip=${clientIp}`);
12880
12849
  console.error(`[remote-auth] cookie-flags secure=true sameSite=strict`);
12881
12850
  return new Response(null, {
12882
12851
  status: 302,
@@ -12908,13 +12877,10 @@ app38.post("/__remote-auth/change-password", async (c) => {
12908
12877
  const remaining = parseInt(rateLimited.match(/(\d+)s/)?.[1] ?? "0", 10);
12909
12878
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), lockoutSeconds: remaining || void 0 }), 200);
12910
12879
  }
12911
- const corr = randomUUID7();
12912
- const headersJson = buildHeadersJson(c);
12913
12880
  const body = await c.req.text();
12914
12881
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12915
12882
  return c.text("Payload too large", 413);
12916
12883
  }
12917
- const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12918
12884
  const params = new URLSearchParams(body);
12919
12885
  const currentPassword = params.get("current_password")?.trim() ?? "";
12920
12886
  const newPassword = params.get("new_password")?.trim() ?? "";
@@ -12922,17 +12888,13 @@ app38.post("/__remote-auth/change-password", async (c) => {
12922
12888
  const rawRedirect = params.get("redirect")?.trim() || "/";
12923
12889
  const redirect = rawRedirect.startsWith("/") && !rawRedirect.startsWith("//") ? rawRedirect : "/";
12924
12890
  if (!currentPassword || !newPassword || !confirmPassword) {
12925
- console.error(
12926
- `[remote-auth] change-password failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(currentPassword)}`
12927
- );
12891
+ console.error(`[remote-auth] change-password failed ip=${clientIp} why=empty-input hashBytes=0`);
12928
12892
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "All fields are required", redirect }), 200);
12929
12893
  }
12930
12894
  const outcome = await verifyRemotePassword(currentPassword);
12931
12895
  if (!outcome.ok) {
12932
12896
  recordFailedAttempt(client);
12933
- console.error(
12934
- `[remote-auth] change-password failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(currentPassword)} ${outcomeFields(outcome)}`.trimEnd()
12935
- );
12897
+ console.error(`[remote-auth] change-password failed ip=${clientIp} why=${outcome.why} hashBytes=${outcome.hashBytes}`);
12936
12898
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "change", changeError: "Current password is incorrect", redirect }), 200);
12937
12899
  }
12938
12900
  if (newPassword !== confirmPassword) {
@@ -12968,35 +12930,24 @@ app38.post("/__remote-auth/set-initial-password", async (c) => {
12968
12930
  if (isRemoteAuthConfigured()) {
12969
12931
  return c.redirect("/");
12970
12932
  }
12971
- const clientIp = c.var.clientIp || "unknown";
12972
- const corr = randomUUID7();
12973
- const headersJson = buildHeadersJson(c);
12974
12933
  const body = await c.req.text();
12975
12934
  if (Buffer.byteLength(body) > MAX_LOGIN_BODY) {
12976
12935
  return c.text("Payload too large", 413);
12977
12936
  }
12978
- const bodyB64 = Buffer.from(body, "utf-8").toString("base64");
12979
12937
  const params = new URLSearchParams(body);
12980
12938
  const password = params.get("password") ?? "";
12981
12939
  const confirmPassword = params.get("confirm_password") ?? "";
12982
12940
  if (!password || !confirmPassword) {
12983
- console.error(
12984
- `[remote-auth] set-initial-password failed ip=${clientIp} why=empty-input hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12985
- );
12941
+ const clientIp = c.var.clientIp || "unknown";
12942
+ console.error(`[remote-auth] set-initial-password failed ip=${clientIp} why=empty-input hashBytes=0`);
12986
12943
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Both fields are required" }), 200);
12987
12944
  }
12988
12945
  if (password !== confirmPassword) {
12989
- console.error(
12990
- `[remote-auth] set-initial-password failed ip=${clientIp} why=mismatch-confirm hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12991
- );
12992
12946
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Passwords do not match" }), 200);
12993
12947
  }
12994
12948
  if (!isPasswordValid(password)) {
12995
12949
  const reqs = validatePasswordStrength(password);
12996
12950
  const failed = reqs.filter((r) => !r.met);
12997
- console.error(
12998
- `[remote-auth] set-initial-password failed ip=${clientIp} why=strength-fail hashBytes=0 corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
12999
- );
13000
12951
  return c.html(renderLoginPage({
13001
12952
  ...resolveRemoteAuthOpts(),
13002
12953
  mode: "setup",
@@ -13005,14 +12956,11 @@ app38.post("/__remote-auth/set-initial-password", async (c) => {
13005
12956
  }
13006
12957
  try {
13007
12958
  await setRemotePassword(password);
13008
- console.error(
13009
- `[remote-auth] initial password set ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)}`
13010
- );
12959
+ const clientIp = c.var.clientIp || "unknown";
12960
+ console.error(`[remote-auth] initial password set ip=${clientIp}`);
13011
12961
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "success" }), 200);
13012
12962
  } catch (err) {
13013
- console.error(
13014
- `[remote-auth] initial password save failed ip=${clientIp} corr=${corr} bodyB64=${bodyB64} headers=${headersJson} ${pwFields(password)} err=${err}`
13015
- );
12963
+ console.error(`[remote-auth] initial password save failed: ${err}`);
13016
12964
  return c.html(renderLoginPage({ ...resolveRemoteAuthOpts(), mode: "setup", setupError: "Failed to save password. Please try again." }), 200);
13017
12965
  }
13018
12966
  });