mop-agent 0.1.5 → 0.1.7

package/README.md

@@ -5,7 +5,7 @@ through MOP-FLOW. It stores project memory, performs semantic recall and
 consolidation, serves grounded chat, and can request approved actions from a
 linked FLOW node.
 
-> **Release status:** npm package `mop-agent@0.1.5` contains the corrected VPS
+> **Release status:** npm package `mop-agent@0.1.7` contains the corrected VPS
 > installer and first-run Admin/Assistant flow. The canonical installation command is
 > exactly `npx mop-agent`.
 

package/apps/web/app/api/setup/status/route.ts

@@ -3,5 +3,13 @@ import { auth, ownerExists } from "@/lib/auth";
 
 export async function GET(req: Request): Promise<Response> {
   const session = await auth.api.getSession({ headers: req.headers });
-  return Response.json({ ownerExists: ownerExists(), authenticated: !!session });
+  return Response.json(
+    { ownerExists: ownerExists(), authenticated: !!session },
+    {
+      headers: {
+        "Cache-Control": "private, no-store, no-cache, max-age=0, must-revalidate",
+        "Vary": "Cookie",
+      },
+    },
+  );
 }

package/apps/web/app/assistant/layout.tsx

@@ -1,6 +1,9 @@
 import type { ReactNode } from "react";
 import { requirePageSession } from "@/lib/page-auth";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 export default async function AssistantLayout({ children }: { children: ReactNode }) {
   await requirePageSession();
   return children;

package/apps/web/app/brain/layout.tsx

@@ -1,6 +1,9 @@
 import type { ReactNode } from "react";
 import { requirePageSession } from "@/lib/page-auth";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 export default async function BrainLayout({ children }: { children: ReactNode }) {
   await requirePageSession();
   return children;

package/apps/web/app/chat/layout.tsx

@@ -1,6 +1,9 @@
 import type { ReactNode } from "react";
 import { requirePageSession } from "@/lib/page-auth";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 export default async function ChatLayout({ children }: { children: ReactNode }) {
   await requirePageSession();
   return children;

package/apps/web/app/globals.css

@@ -8,9 +8,96 @@
 
 * { box-sizing: border-box; }
 html { color-scheme: light; }
-body { min-height: 100vh; }
+body {
+  min-height: 100vh;
+  position: relative;
+  background-color: var(--mop-cream);
+  background-image:
+    linear-gradient(rgba(45, 74, 62, .055) 1px, transparent 1px),
+    linear-gradient(90deg, rgba(116, 34, 32, .04) 1px, transparent 1px);
+  background-size: 8px 8px;
+}
+
+/* Global CRT/pixel veil: fixed above every route, but never catches input. */
+body::before {
+  content: "";
+  position: fixed;
+  inset: 0;
+  z-index: 2147483646;
+  pointer-events: none;
+  background-image:
+    repeating-linear-gradient(
+      0deg,
+      rgba(45, 74, 62, .035) 0,
+      rgba(45, 74, 62, .035) 1px,
+      transparent 1px,
+      transparent 4px
+    ),
+    repeating-linear-gradient(
+      90deg,
+      rgba(116, 34, 32, .022) 0,
+      rgba(116, 34, 32, .022) 1px,
+      transparent 1px,
+      transparent 4px
+    );
+  background-size: 4px 4px;
+  mix-blend-mode: multiply;
+}
+
+body::after {
+  content: "";
+  position: fixed;
+  inset: 0;
+  z-index: 2147483647;
+  pointer-events: none;
+  background:
+    radial-gradient(circle at center, transparent 56%, rgba(45, 74, 62, .08) 100%),
+    repeating-linear-gradient(0deg, transparent 0, transparent 7px, rgba(116, 34, 32, .025) 7px, rgba(116, 34, 32, .025) 8px);
+}
+
+button,
+input,
+select,
+textarea {
+  border-radius: 3px !important;
+  box-shadow: 2px 2px 0 rgba(45, 74, 62, .17);
+}
+
+button {
+  transition: transform 80ms steps(2, end), box-shadow 80ms steps(2, end);
+}
+
+button:hover:not(:disabled) {
+  transform: translate(-1px, -1px);
+  box-shadow: 3px 3px 0 rgba(45, 74, 62, .24);
+}
+
+button:active:not(:disabled) {
+  transform: translate(1px, 1px);
+  box-shadow: 0 0 0 rgba(45, 74, 62, 0);
+}
+
+code,
+pre,
+input,
+textarea {
+  font-family: "SFMono-Regular", Consolas, "Liberation Mono", monospace;
+}
+
+h1,
+h2,
+h3,
+button {
+  letter-spacing: .025em;
+}
+
 ::selection { background: #742220; color: #fef9e1; }
 
+@media (prefers-reduced-transparency: reduce) {
+  body::before,
+  body::after { display: none; }
+}
+
 @media (max-width: 760px) {
   .mop-setup-shell { grid-template-columns: 1fr !important; }
   .mop-setup-brand { min-height: 34vh; padding: 36px !important; }

package/apps/web/app/page.tsx

@@ -1,6 +1,9 @@
 import { requirePageSession } from "@/lib/page-auth";
 import { redirect } from "next/navigation";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 /**
  * Product entry point. First-run and signed-out users belong in the account
  * setup flow; authenticated users land in the assistant, not the Brain tools.

package/apps/web/app/settings/layout.tsx

@@ -1,6 +1,9 @@
 import type { ReactNode } from "react";
 import { requirePageSession } from "@/lib/page-auth";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 export default async function SettingsLayout({ children }: { children: ReactNode }) {
   await requirePageSession();
   return children;

package/apps/web/app/setup/page.tsx

@@ -3,6 +3,30 @@
 import { useEffect, useState } from "react";
 import { signIn, signUp } from "@/lib/auth-client";
 
+type SetupStatus = { ownerExists: boolean; authenticated: boolean };
+
+async function getSetupStatus(): Promise<SetupStatus> {
+  const response = await fetch(`/api/setup/status?t=${Date.now()}`, {
+    cache: "no-store",
+    credentials: "include",
+    headers: { "cache-control": "no-cache" },
+  });
+  if (!response.ok) throw new Error(`setup status ${response.status}`);
+  return response.json() as Promise<SetupStatus>;
+}
+
+async function waitForSession(): Promise<boolean> {
+  for (let attempt = 0; attempt < 5; attempt += 1) {
+    try {
+      if ((await getSetupStatus()).authenticated) return true;
+    } catch {
+      // A short deployment/network gap should not strand the form in busy mode.
+    }
+    await new Promise((resolve) => setTimeout(resolve, 250));
+  }
+  return false;
+}
+
 export default function SetupPage() {
   const [ownerExists, setOwnerExists] = useState<boolean | null>(null);
   const [email, setEmail] = useState("");
@@ -13,11 +37,10 @@ export default function SetupPage() {
   const [mode, setMode] = useState<"signup" | "signin">("signup");
 
   useEffect(() => {
-    fetch("/api/setup/status")
-      .then((r) => r.json() as Promise<{ ownerExists: boolean; authenticated: boolean }>)
+    getSetupStatus()
       .then((status) => {
         if (status.authenticated) {
-          window.location.replace("/assistant");
+          window.location.replace(`/assistant?auth=${Date.now()}`);
           return;
         }
         setOwnerExists(status.ownerExists);
@@ -38,8 +61,26 @@ export default function SetupPage() {
         setBusy(false);
         return;
       }
-      // Better Auth creates the first session together with the owner account.
-      window.location.replace("/assistant");
+      // Verify the cookie before entering a server-protected route. If the
+      // signup response did not establish it, explicitly sign in once.
+      if (!(await waitForSession())) {
+        const login = await signIn.email({ email, password });
+        if (login.error) {
+          setMode("signin");
+          setOwnerExists(true);
+          setMsg(login.error.message ?? "Admin created, but sign in failed. Please sign in below.");
+          setBusy(false);
+          return;
+        }
+      }
+      if (await waitForSession()) {
+        window.location.replace(`/assistant?auth=${Date.now()}`);
+        return;
+      }
+      setMode("signin");
+      setOwnerExists(true);
+      setMsg("Admin created, but the session cookie was not accepted. Please sign in again.");
+      setBusy(false);
       return;
     }
 
@@ -49,7 +90,12 @@ export default function SetupPage() {
       setBusy(false);
       return;
     }
-    window.location.replace("/assistant");
+    if (await waitForSession()) {
+      window.location.replace(`/assistant?auth=${Date.now()}`);
+      return;
+    }
+    setMsg("Sign in succeeded, but the session cookie was not accepted. Check that you are using the configured HTTPS domain.");
+    setBusy(false);
   }
 
   const loading = ownerExists === null && !msg;

package/apps/web/app/team/layout.tsx

@@ -1,6 +1,9 @@
 import type { ReactNode } from "react";
 import { requirePageSession } from "@/lib/page-auth";
 
+export const dynamic = "force-dynamic";
+export const revalidate = 0;
+
 export default async function TeamLayout({ children }: { children: ReactNode }) {
   await requirePageSession();
   return children;

package/apps/web/lib/page-auth.ts

@@ -1,9 +1,12 @@
 import { auth, ownerExists } from "@/lib/auth";
 import { headers } from "next/headers";
 import { redirect } from "next/navigation";
+import { unstable_noStore as noStore } from "next/cache";
 
 /** Server-side guard for authenticated application pages. */
 export async function requirePageSession() {
+  // Auth redirects are cookie-specific and must never enter Next's route cache.
+  noStore();
   if (!ownerExists()) redirect("/setup");
 
   const session = await auth.api.getSession({ headers: await headers() });

package/npm-shrinkwrap.json

@@ -1,12 +1,12 @@
 {
   "name": "mop-agent",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "mop-agent",
-      "version": "0.1.5",
+      "version": "0.1.7",
       "license": "UNLICENSED",
       "workspaces": [
         "packages/*",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mop-agent",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Self-hosted AI assistant with persistent cross-project memory, installed with npx mop-agent.",
   "author": "BURHANDEV ENTERPRISE",
   "license": "UNLICENSED",