mindroot 9.3.0__py3-none-any.whl → 9.6.0__py3-none-any.whl

mindroot/coreplugins/email/test_email_service.py

@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+"""
+Test script to verify email service functionality.
+Run this to test if email sending works with your configuration.
+"""
+
+import asyncio
+import os
+import sys
+sys.path.append('/files/mindroot/src')
+
+from mindroot.coreplugins.email.mod import init_email_provider, send_email
+
+async def test_email_service():
+    """Test the email service with current environment configuration"""
+    print("Testing email service...")
+    
+    # Check environment variables
+    smtp_email = os.getenv('SMTP_EMAIL')
+    smtp_password = os.getenv('SMTP_PASSWORD')
+    
+    if not smtp_email or not smtp_password:
+        print("❌ Missing SMTP_EMAIL or SMTP_PASSWORD environment variables")
+        print("Please set these environment variables:")
+        print("  export SMTP_EMAIL='your-email@gmail.com'")
+        print("  export SMTP_PASSWORD='your-app-password'")
+        return False
+    
+    print(f"📧 Using SMTP email: {smtp_email}")
+    
+    # Initialize email provider
+    print("Initializing email provider...")
+    success = await init_email_provider()
+    
+    if not success:
+        print("❌ Failed to initialize email provider")
+        return False
+    
+    print("✅ Email provider initialized successfully")
+    
+    # Test sending email
+    test_email = input(f"Enter test email address (or press Enter to use {smtp_email}): ").strip()
+    if not test_email:
+        test_email = smtp_email
+    
+    print(f"Sending test email to {test_email}...")
+    
+    # Test HTML email
+    html_body = """
+    <html>
+    <body>
+        <h1>MindRoot Email Service Test</h1>
+        <p>This is a test email from MindRoot.</p>
+        <p><strong>HTML formatting works!</strong></p>
+        <p>If you can see this styled content, HTML emails are working correctly.</p>
+    </body>
+    </html>
+    """
+    
+    result = await send_email(
+        to=test_email,
+        subject="MindRoot Email Service Test",
+        body=html_body  # HTML will be auto-detected
+    )
+    
+    if result.get('success'):
+        print("✅ Test email sent successfully!")
+        print(f"Message ID: {result.get('message_id')}")
+        return True
+    else:
+        print(f"❌ Failed to send test email: {result.get('error')}")
+        return False
+
+if __name__ == "__main__":
+    asyncio.run(test_email_service())

mindroot/coreplugins/env_manager/mod.py

@@ -22,13 +22,12 @@ def should_skip_directory(directory):
     skip_dirs = [
         '__pycache__', 
         'node_modules', 
-        'static/js', 
+        'static/js',
         'static/css',
         'venv',
         'env',
         '.env',
         'virtualenv',
-        'site-packages',
         'dist-packages',
         '.git',
         '.idea',
@@ -38,6 +37,14 @@ def should_skip_directory(directory):
         'egg-info'
     ]
     
+    # Special handling for site-packages - only skip if it's not mindroot related
+    if 'site-packages' in directory:
+        # Allow mindroot core plugins in site-packages
+        if 'mindroot/coreplugins' in directory or 'mindroot/lib' in directory:
+            return False
+        # Skip other site-packages content
+        return True
+    
     # Check if any part of the path contains a directory to skip
     path_parts = Path(directory).parts
     for skip_dir in skip_dirs:
@@ -66,7 +73,7 @@ def scan_directory_for_env_vars(directory):
         # Use grep to find os.environ references - much faster than parsing each file
         cmd = [
             'grep', '-r', 
-            '-E', r"os\.environ(\.get\(|\[)", 
+            '-E', r"(os\.environ(\.get\(|\[)|os\.getenv\(|getenv\()", 
             '--include=*.py', 
             '--exclude-dir=venv', 
             '--exclude-dir=env',
@@ -85,14 +92,24 @@ def scan_directory_for_env_vars(directory):
             return env_vars
             
         # Extract variable names using regex
-        pattern1 = r"os\.environ\.get\(['\"]([A-Za-z0-9_]+)['\"]"  # os.environ.get('VAR_NAME')
-        pattern2 = r"os\.environ\[['\"]([A-Za-z0-9_]+)['\"]\]"    # os.environ['VAR_NAME']
+        patterns = [
+            r"os\.environ\.get\(['\"]([A-Za-z0-9_]+)['\"]",  # os.environ.get('VAR_NAME')
+            r"os\.environ\[['\"]([A-Za-z0-9_]+)['\"]\]",    # os.environ['VAR_NAME']
+            r"os\.getenv\(['\"]([A-Za-z0-9_]+)['\"]",      # os.getenv('VAR_NAME')
+            r"(?<!os\.)getenv\(['\"]([A-Za-z0-9_]+)['\"]",  # getenv('VAR_NAME') without os. prefix
+        ]
         
         for line in result.stdout.splitlines():
-            for pattern in [pattern1, pattern2]:
+            # Skip lines that are comments containing example patterns
+            if '# os.environ.get(' in line or '# os.environ[' in line or '# os.getenv(' in line:
+                continue
+            
+            for pattern in patterns:
                 for match in re.finditer(pattern, line):
                     var_name = match.group(1)
-                    env_vars.add(var_name)
+                    # Filter out obvious false positives
+                    if var_name not in ['VAR_NAME', 'VARIABLE_NAME', 'ENV_VAR']:
+                        env_vars.add(var_name)
     
     except Exception as e:
         print(f"Error scanning directory {directory}: {e}")
@@ -103,28 +120,38 @@ def scan_directory_for_env_vars(directory):
 async def scan_env_vars(params=None, context=None):
     """Scan all enabled plugins for environment variable references.
     
+    Debug logs added to help troubleshoot path resolution and scanning.
+    
     Returns:
         dict: Dictionary with plugin names as keys and environment variable info as values
     """
     results = {}
     all_env_vars = set()
     
+    print("[ENV_MANAGER DEBUG] Starting scan_env_vars")
+    print(f"[ENV_MANAGER DEBUG] Current working directory: {os.getcwd()}")
+    
     # Get all enabled plugins
     enabled_plugins = list_enabled()
+    print(f"[ENV_MANAGER DEBUG] Found {len(enabled_plugins)} enabled plugins: {[name for name, cat in enabled_plugins]}")
     
     for plugin_name, category in enabled_plugins:
         plugin_path = get_plugin_path(plugin_name)
+        print(f"[ENV_MANAGER DEBUG] Plugin {plugin_name}: path = {plugin_path}")
         if plugin_path:
             # If plugin_path is a file, get its directory
             if os.path.isfile(plugin_path):
                 plugin_path = os.path.dirname(plugin_path)
+                print(f"[ENV_MANAGER DEBUG] Plugin {plugin_name}: converted to directory = {plugin_path}")
                 
             # Skip scanning if this is a directory we should ignore
             if should_skip_directory(plugin_path):
+                print(f"[ENV_MANAGER DEBUG] Plugin {plugin_name}: skipping directory {plugin_path}")
                 continue
                 
             # Scan the plugin directory for environment variable references
             env_vars = scan_directory_for_env_vars(plugin_path)
+            print(f"[ENV_MANAGER DEBUG] Plugin {plugin_name}: found {len(env_vars)} env vars: {sorted(env_vars)}")
             
             if env_vars:
                 results[plugin_name] = {
@@ -133,30 +160,35 @@ async def scan_env_vars(params=None, context=None):
                     'env_vars': list(env_vars)
                 }
                 all_env_vars.update(env_vars)
+        else:
+            print(f"[ENV_MANAGER DEBUG] Plugin {plugin_name}: no path found")
     
-    # Also scan the core directories (lib and coreplugins)
-    core_env_vars = set()
+    # Also scan the lib directory (but not coreplugins since individual plugins are already scanned)
     lib_path = os.path.dirname(lib.__file__)
-    mindroot_path = os.path.dirname(lib_path)
     
-    # Scan lib directory
+    print(f"[ENV_MANAGER DEBUG] lib.__file__ = {lib.__file__}")
+    print(f"[ENV_MANAGER DEBUG] lib_path = {lib_path}")
+    
+    # Scan lib directory for additional core variables
     if os.path.isdir(lib_path):
+        print(f"[ENV_MANAGER DEBUG] Scanning lib directory: {lib_path}")
         lib_vars = scan_directory_for_env_vars(lib_path)
-        core_env_vars.update(lib_vars)
-
-    # Scan coreplugins directory
-    coreplugins_path = os.path.join(mindroot_path, 'coreplugins')
-    if os.path.isdir(coreplugins_path):
-        coreplugins_vars = scan_directory_for_env_vars(coreplugins_path)
-        core_env_vars.update(coreplugins_vars)
+        print(f"[ENV_MANAGER DEBUG] Lib vars found: {sorted(lib_vars)}")
+        
+        if lib_vars:
+            results['lib'] = {
+                'plugin_name': 'lib',
+                'category': 'core',
+                'env_vars': sorted(list(lib_vars))
+            }
+            all_env_vars.update(lib_vars)
+            print(f"[ENV_MANAGER DEBUG] Added lib section to results")
+    else:
+        print(f"[ENV_MANAGER DEBUG] Lib directory not found: {lib_path}")
 
-    if core_env_vars:
-        results['core'] = {
-            'plugin_name': 'core',
-            'category': 'core',
-            'env_vars': sorted(list(core_env_vars))
-        }
-        all_env_vars.update(core_env_vars)
+    # Note: We don't scan the entire coreplugins directory separately because
+    # individual core plugins are already being scanned above in the enabled_plugins loop.
+    # This prevents duplicate entries that would show up as "Multiple Plugins".
 
     # Get current environment variables
     current_env = {}
@@ -174,6 +206,10 @@ async def scan_env_vars(params=None, context=None):
     # Add current environment variables to results
     results['current_env'] = current_env
     
+    print(f"[ENV_MANAGER DEBUG] Results structure: {[(k, len(v.get('env_vars', [])) if isinstance(v, dict) and 'env_vars' in v else 'N/A') for k, v in results.items()]}")
+    
+    print(f"[ENV_MANAGER DEBUG] Final results keys: {list(results.keys())}")
+    print(f"[ENV_MANAGER DEBUG] Total unique env vars: {len(all_env_vars)}")
     return results
 
 

mindroot/coreplugins/home/router.py

@@ -5,6 +5,8 @@ from lib.templates import render
 from lib.route_decorators import add_public_static
 import os
 import glob
+import json
+from lib.providers.services import service_manager
 from datetime import datetime
 import time
 
@@ -18,7 +20,40 @@ add_public_static('/home/static/')
 @router.get("/", response_class=HTMLResponse)
 async def home(request: Request):
     # Get all agent directories
-    agent_dirs = [agent for agent in os.listdir("data/agents/local") if os.path.isdir(os.path.join("data/agents/local", agent))]
+    agent_dirs = []
+    
+    # Check local agents
+    if os.path.exists("data/agents/local"):
+        agent_dirs.extend([agent for agent in os.listdir("data/agents/local") if os.path.isdir(os.path.join("data/agents/local", agent))])
+    
+    # Check shared agents
+    if os.path.exists("data/agents/shared"):
+        shared_agents = [agent for agent in os.listdir("data/agents/shared") if os.path.isdir(os.path.join("data/agents/shared", agent))]
+        agent_dirs.extend(shared_agents)
+    
+    # Get agent data with persona information
+    agents_with_personas = []
+    for agent_name in agent_dirs:
+        try:
+            agent_data = await service_manager.get_agent_data(agent_name)
+            # Get the original persona reference from the agent.json file directly
+            # to preserve registry paths like "registry/owner/name"
+            agent_file_path = f"data/agents/local/{agent_name}/agent.json"
+            if not os.path.exists(agent_file_path):
+                agent_file_path = f"data/agents/shared/{agent_name}/agent.json"
+            
+            with open(agent_file_path, 'r') as f:
+                raw_agent_data = json.load(f)
+            persona_path = raw_agent_data.get('persona', agent_name)
+            
+            agents_with_personas.append({
+                'name': agent_name,
+                'persona': persona_path,
+                'agent_data': agent_data  # Include full agent data for template
+            })
+        except Exception as e:
+            # Fallback if agent data can't be loaded
+            agents_with_personas.append({'name': agent_name, 'persona': agent_name})
     
     # Try to sort agents by last access time
     agent_access_times = []
@@ -50,5 +85,5 @@ async def home(request: Request):
     agents = [agent for agent, _ in agent_access_times]
     
     user = request.state.user
-    html = await render('home', {"user": user, "request": request, "agents": agents })
+    html = await render('home', {"user": user, "request": request, "agents": agents, "agents_with_personas": agents_with_personas })
     return HTMLResponse(html)

mindroot/coreplugins/home/templates/home.jinja2

@@ -16,7 +16,7 @@
     <link rel="stylesheet" href="/home/static/css/default.css">
     <link rel="stylesheet" href="/home/static/css/home.css">
     <link rel="stylesheet" href="/home/static/css/enhanced.css">
-    <link rel="icon" href="/chat/static/imgs/favicon.ico">
+    <link rel="icon" href="/imgs/logo.png">
 {% endblock %}
 
 {% block head_css_end %}
@@ -42,7 +42,7 @@
 
 {% block body_main %}
     <main class="agent-container">
-        <img src="/home/static/imgs/logo.png" alt="MindRoot Logo" class="logo">
+        <img src="/imgs/logo.png" alt="MindRoot Logo" class="logo">
         
         <h1>MindRoot Agent Host</h1>
         
@@ -51,12 +51,21 @@
         <h2>Click an Agent to Start a Chat Session:</h2>
         
         <div class="agent-list" role="list">
-            {% for agent in agents %}
-            <a href="/agent/{{ agent }}" class="agent-link" role="listitem" target="_blank">
-                <img src="/chat/personas/{{ agent }}/avatar.png" alt="{{ agent }} avatar" class="agent-avatar" onerror="this.src='/chat/static/assistant.png'">
+            {% for agent_persona in agents_with_personas %}
+            <a href="/agent/{{ agent_persona.name }}" class="agent-link" role="listitem" target="_blank">
+                {% set persona_path = agent_persona.persona %}
+                {% set has_faceref = false %}
+                {% if agent_persona.agent_data and agent_persona.agent_data.persona and agent_persona.agent_data.persona.faceref %}
+                    {% set has_faceref = true %}
+                {% endif %}
+                {% if has_faceref %}
+                    <img src="/chat/personas/{{ persona_path }}/faceref.png" alt="{{ agent_persona.name }} avatar" class="agent-avatar" onerror="this.src='/chat/personas/{{ persona_path }}/avatar.png'; this.onerror=function(){this.src='/chat/static/assistant.png'}">
+                {% else %}
+                    <img src="/chat/personas/{{ persona_path }}/avatar.png" alt="{{ agent_persona.name }} avatar" class="agent-avatar" onerror="this.src='/chat/static/assistant.png'">
+                {% endif %}
                 <div class="agent-info">
                     <span class="agent-status" aria-hidden="true"></span>
-                    <span class="agent-name">{{ agent | replace('_', ' ') }}</span>
+                    <span class="agent-name">{{ agent_persona.name | replace('_', ' ') }}</span>
                 </div>
             </a>
             {% endfor %}

mindroot/coreplugins/index/indices/default/index.json

@@ -164,7 +164,7 @@
         "swap_face"
       ],
       "dependencies": [],
-      "remote_source": "runvnc/ah_swapface"
+      "github_url": "runvnc/ah_swapface"
     },
     {
       "name": "History",
@@ -186,7 +186,7 @@
         "stream_chat"
       ],
       "dependencies": [],
-      "remote_source": "runvnc/ah_openrouter"
+      "github_url": "runvnc/ah_openrouter"
     },
     {
       "name": "RunPod SD",
@@ -201,7 +201,7 @@
         "select_image_model"
       ],
       "dependencies": [],
-      "remote_source": "runvnc/ah_runpod_sd"
+      "github_url": "runvnc/ah_runpod_sd"
     },
     {
       "name": "Browser Use",
@@ -229,14 +229,14 @@
       ],
 
       "dependencies": [],
-      "remote_source": "runvnc/mr_gemini"
+      "github_url": "runvnc/mr_gemini"
     },
     {
       "name": "Session Data",
       "version": "1.0.0",
       "description": "",
       "source": "github",
-      "remote_source": "runvnc/ah_session_data",
+      "github_url": "runvnc/ah_session_data",
       "commands": [
         "session_data_update",
         "session_data_del",
@@ -252,7 +252,7 @@
       "version": "1.0.0",
       "description": "",
       "source": "github",
-      "remote_source": "runvnc/mr_hud",
+      "github_url": "runvnc/mr_hud",
       "commands": [],
       "services": [],
       "dependencies": [],
@@ -408,5 +408,38 @@
       "flags": [],
       "instructions": "You are an advanced AI software engineer with expertise in the MindRoot agent framework and related technologies.\n\n# MindRoot Plugin System\n\n## Overview\nThe MindRoot plugin system is a modular architecture that combines Python backend functionality with web components for the frontend. It provides a flexible way to extend the system's capabilities through commands, services, and web UI components.\n\n## Plugin Structure\n\nFor frontend component details, see below.\n\nplugin_name/\n\u251c\u2500\u2500 src/\n\u2502   \u2514\u2500\u2500 plugin_name/\n\u2502       \u251c\u2500\u2500 templates/       # Main page templates\n\u2502       \u251c\u2500\u2500 static/         # Static assets (auto-mounted if directory exists)\n\u2502       \u251c\u2500\u2500 inject/         # Templates to inject into existing blocks\n\u2502       \u251c\u2500\u2500 override/       # Templates to replace existing blocks\n\u2502       \u251c\u2500\u2500 mod.py          # Commands and services\n\u2502       \u251c\u2500\u2500 router.py       # FastAPI routes (auto-mounted if present)\n\u2502       \u2514\u2500\u2500 __init__.py     # Plugin initialization\n\u251c\u2500\u2500 plugin_info.json       # Plugin metadata and configuration\n\u251c\u2500\u2500 pyproject.toml        # Build system requirements\n\u251c\u2500\u2500 setup.py             # Package installation\n\u2514\u2500\u2500 README.md           # Documentation\n```\n\n## Key Components\n\n### 1. Plugin Configuration (plugin_info.json)\n```json\n{\n  \"name\": \"Plugin Name\",\n  \"version\": \"1.0.0\",\n  \"description\": \"Plugin description\",\n  \"services\": [\"service_name\"],\n  \"commands\": [\"command_name\"]\n}\n```\n\n### 2. Plugin Initialization (__init__.py)\n```python\n# This import is currently required for the plugin to load properly\n# Will be improved in future versions\nfrom .mod import *\n```\n\n### 3. Backend (Python)\n\n#### Command Registration\n```python\nfrom lib.providers.commands import command\n\n@command()\nasync def my_command(params, context=None):\n    \"\"\"Command implementation\"\"\"\n    pass\n```\n\n#### Service Registration\n```python\nfrom lib.providers.services import service\n\n@service()\nasync def my_service(params, context=None):\n    \"\"\"Service implementation\"\"\"\n    pass\n```\n\n#### Route Handlers (Optional)\n```python\n# router.py - will be automatically mounted if present\nfrom fastapi import APIRouter, Request\nfrom fastapi.responses import HTMLResponse\nfrom lib.templates import render\n\nrouter = APIRouter()\n\n@router.get(\"/endpoint\")\nasync def handler(request: Request):\n    # Templates must be in templates/[page_name].jinja2\n    user = request.state.user.username\n    html = await render('page_name', {\"context\": \"data\", \"user\": user })\n    return HTMLResponse(html)\n```\n\n### 4. Template System\n\nThe main chat template (mindroot/coreplugins/chat/templates/chat.jinja2) provides these blocks for plugin customization:\n\n#### Head Section Blocks\n```jinja2\n{% block head_meta %}      {# Meta tags, charset, viewport #}\n{% block title %}          {# Page title #}\n{% block head_styles %}    {# CSS includes (must include <link> or <style> tag) #}\n{% block head_scripts %}   {# JavaScript includes (must include <script> tags ) #}\n{% block head_favicon %}   {# Favicon definitions #}\n{% block head_extra %}     {# Additional head content #}\n```\n\n#### Body Section Blocks\n```jinja2\n{% block body_init %}      {# Initial JavaScript setup #}\n{% block pre_content %}    {# Left sidebar content #}\n{% block insert %}         {# Additional content area #}\n{% block content %}        {# Main chat interface #}\n{% block body_extra %}     {# Additional body content #}\n```\n\n#### Template Injection Example\n```jinja2\n{# inject/chat.jinja2 - Simple button injection example #}\n{% block pre_content %}\n    <div class=\"my-plugin-section\">\n        <a href=\"/my-plugin/action\">\n            <button class=\"plugin-btn\">Plugin Action</button>\n        </a>\n    </div>\n{% endblock %}\n```\n\n#### Template Override Example\n```jinja2\n{# override/chat.jinja2 - Will replace entire pre_content block #}\n\n{% block pre_content %}\n    <div class=\"custom-sidebar\">\n        <h2>Custom Sidebar</h2>\n        <nav>\n            <ul>\n                <li><a href=\"#\">Menu Item 1</a></li>\n                <li><a href=\"#\">Menu Item 2</a></li>\n            </ul>\n        </nav>\n    </div>\n{% endblock %}\n```\n\n# Frontend Integration Guide\n\nThe chat system is built on web components using the Lit library. The source code is available in the [mindroot repository](https://github.com/runvnc/mindroot).\n\n### Key Source Files\n\n\n- [base.js](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/chat/static/js/base.js) - Base component with theme support\n\n## Chat frontend\n\nTo view these files use a fetch web page or curl command.\n\n- [chat.js](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/chat/static/js/chat.js) - Main chat component and SSE handling\n- [action.js](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/chat/static/js/action.js) - Command result display\n- [chatmessage.js](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/chat/static/js/chatmessage.js) - Message component\n- [chatform.js](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/chat/static/js/chatform.js) - Input handling\n\n## Admin\n\n- [Main admin components](https://github.com/runvnc/mindroot/blob/main/src/mindroot/coreplugins/admin/static/js/) \n\nExample for plugging in a new admin section:\n\nNote that non-core plugins will need to follow the normal stucture with src/ and plugin_info.json etc.\nIf under coreplugins/ then that is not needed but root dir pyproject and MANIFEST.in need to be updated\nwith requirements and files like under static/\n\nUnder `static/js`:\n\n```javascript\n\nimport { LitElement, html, css } from '/admin/static/js/lit-core.min.js';\nimport { BaseEl } from '/admin/static/js/base.js';\n\nclass ApiKeyManager extends BaseEl {\n  static properties = {\n    apiKeys: { type: Array },\n    loading: { type: Boolean },\n    selectedUser: { type: String }\n  }\n\n  static styles = css`\n    :host {\n      display: block;\n      width: 100%;\n      height: 100%;\n    }\n\n    .api-key-manager {\n      display: flex;\n      flex-direction: column;\n      width: 100%;\n      max-width: 1200px;\n      margin: 0 auto;\n      gap: 20px;\n    }\n\n    .section {\n      background: rgb(10, 10, 25);\n      border-radius: 8px;\n      padding: 1rem;\n      border: 1px solid rgba(255, 255, 255, 0.1);\n    }\n\n    .key-list {\n      width: 100%;\n      border-collapse: collapse;\n      margin-top: 1rem;\n    }\n\n    .key-list th,\n    .key-list td {\n      padding: 0.75rem;\n      text-align: left;\n      border-bottom: 1px solid rgba(255, 255, 255, 0.1);\n    }\n\n    .key-list th {\n      background: rgba(0, 0, 0, 0.2);\n      font-weight: 500;\n    }\n\n    .actions {\n      display: flex;\n      gap: 10px;\n      align-items: center;\n    }\n\n    button {\n      background: #2a2a40;\n      color: #fff;\n      border: 1px solid rgba(255, 255, 255, 0.1);\n      padding: 0.5rem 1rem;\n      border-radius: 4px;\n      cursor: pointer;\n      transition: background 0.2s;\n    }\n\n    button:hover {\n      background: #3a3a50;\n    }\n\n    button.delete {\n      background: #402a2a;\n    }\n\n    button.delete:hover {\n      background: #503a3a;\n    }\n\n    .user-select {\n      background: #2a2a40;\n      color: #fff;\n      border: 1px solid rgba(255, 255, 255, 0.1);\n      padding: 0.5rem;\n      border-radius: 4px;\n      margin-right: 10px;\n    }\n\n    .description-input {\n      background: #2a2a40;\n      color: #fff;\n      border: 1px solid rgba(255, 255, 255, 0.1);\n      padding: 0.5rem;\n      border-radius: 4px;\n      margin-right: 10px;\n      width: 200px;\n    }\n\n    .key-value {\n      font-family: monospace;\n      background: rgba(0, 0, 0, 0.2);\n      padding: 0.25rem 0.5rem;\n      border-radius: 4px;\n    }\n  `;\n\n  constructor() {\n    super();\n    this.apiKeys = [];\n    this.loading = false;\n    this.selectedUser = '';\n    this.fetchInitialData();\n  }\n\n  async fetchInitialData() {\n    this.loading = true;\n    await Promise.all([\n      this.fetchApiKeys(),\n    ]);\n    this.loading = false;\n  }\n\n  async fetchApiKeys() {\n    try {\n      const response = await fetch('/api_keys/list');\n      const result = await response.json();\n      if (result.success) {\n        this.apiKeys = result.data;\n      }\n    } catch (error) {\n      console.error('Error fetching API keys:', error);\n    }\n  }\n\n  async handleCreateKey() {\n    const description = this.shadowRoot.querySelector('.description-input').value;\n    const username = this.shadowRoot.querySelector('.user-select').value;\n\n    try {\n      const response = await fetch('/api_keys/create', {\n        method: 'POST',\n        headers: {\n          'Content-Type': 'application/json',\n        },\n        body: JSON.stringify({\n          username,\n          description\n        })\n      });\n\n      const result = await response.json();\n      if (result.success) {\n        await this.fetchApiKeys();\n        this.shadowRoot.querySelector('.description-input').value = '';\n      }\n    } catch (error) {\n      console.error('Error creating API key:', error);\n    }\n  }\n\n  async handleDeleteKey(apiKey) {\n    if (!confirm('Are you sure you want to delete this API key?')) return;\n\n    try {\n      const response = await fetch(`/api_keys/delete/${apiKey}`, {\n        method: 'DELETE'\n      });\n\n      const result = await response.json();\n      if (result.success) {\n        await this.fetchApiKeys();\n      }\n    } catch (error) {\n      console.error('Error deleting API key:', error);\n    }\n  }\n\n  render() {\n    return html`\n      <div class=\"api-key-manager\">\n        <div class=\"section\">\n          <div class=\"actions\">\n            <input type=\"text\"\n                   class=\"user-select\"\n                   placeholder=\"user\"\n            >\n            <input \n              type=\"text\" \n              class=\"description-input\" \n              placeholder=\"Key description\"\n            >\n            <button @click=${this.handleCreateKey}>Create New API Key</button>\n          </div>\n\n          <table class=\"key-list\">\n            <thead>\n              <tr>\n                <th>API Key</th>\n                <th>Username</th>\n                <th>Description</th>\n                <th>Created At</th>\n                <th>Actions</th>\n              </tr>\n            </thead>\n            <tbody>\n              ${this.apiKeys.map(key => html`\n                <tr>\n                  <td><span class=\"key-value\">${key.key}</span></td>\n                  <td>${key.username}</td>\n                  <td>${key.description}</td>\n                  <td>${new Date(key.created_at).toLocaleString()}</td>\n                  <td>\n                    <button \n                      class=\"delete\" \n                      @click=${() => this.handleDeleteKey(key.key)}\n                    >Delete</button>\n                  </td>\n                </tr>\n              `)}\n            </tbody>\n          </table>\n        </div>\n      </div>\n    `;\n  }\n}\n\ncustomElements.define('api-key-manager', ApiKeyManager);\n```\nUnder `inject/`\n```jinja2\n{% block head %}\n{% block head %}\n<script type=\"module\" src=\"/api_keys/static/js/api-key-manager.js\"></script>\n{% endblock %}\n\n{% block content %}\n<details>\n  <summary><span class=\"material-icons\">vpn_key</span>MindRoot API Keys</summary>\n  <div class=\"details-content\">\n    <api-key-manager theme=\"dark\" scope=\"local\"></api-key-manager>\n  </div>\n</details>\n{% endblock %}\n```\n\n### Base Component Class\n\nAll custom components should extend the `BaseEl` class. The BaseEl class provides:\n\n- Automatic theme handling (`this.theme`)\n- Convenient DOM querying (`this.getEl(selector)`)\n- Custom event dispatch helper (`this.dispatch(name, detail)`)\n- Automatic style injection through the render method\n\nExample component:\n\n```javascript\nimport { BaseEl } from '/chat/static/js/base.js';\n\nclass MyComponent extends BaseEl {\n  static properties = {\n    // Your component properties\n  };\n\n  constructor() {\n    super();\n    // Your initialization\n  }\n\n  // Override _render instead of render\n  _render() {\n    return html`\n      <div>Your component content</div>\n    `;\n  }\n}\n```\n\n### Command Handler System\n\nThe chat system uses a global registry for command handlers. Handlers receive events with different phases:\n\n- 'partial' - Incremental updates during command execution\n- 'running' - Command is actively executing\n- 'result' - Final command result\n\nExample command handler:\n\n```javascript\nwindow.registerCommandHandler('my_command', (data) => {\n  console.log('Handler for', data.command);\n  \n  switch(data.event) {\n    case 'partial':\n      // Handle incremental updates\n      return handlePartial(data.params);\n    \n    case 'running':\n      // Show progress indication\n      return showProgress();\n    \n    case 'result':\n      // Process final result\n      return processResult(data.args);\n  }\n});\n```\n\n### Component Integration Example\n\nHere's a complete example of a custom component that handles command results:\n\n```javascript\nimport { BaseEl } from '/chat/static/js/base.js';\nimport { html, css } from '/chat/static/js/lit-core.min.js';\n\nclass MyResultViewer extends BaseEl {\n  static properties = {\n    data: { type: Object }\n  };\n\n  static styles = css`\n    :host {\n      display: block;\n      background: var(--component-bg, var(--background-color));\n      color: var(--component-text, var(--text-color));\n      padding: 1rem;\n    }\n  `;\n\n  constructor() {\n    super();\n    this.data = {};\n  }\n\n  _render() {\n    return html`\n      <div class=\"result-viewer\">\n        <h3>${this.data.title}</h3>\n        <pre>${JSON.stringify(this.data.content, null, 2)}</pre>\n      </div>\n    `;\n  }\n}\n\ncustomElements.define('my-result-viewer', MyResultViewer);\n\n// Register command handler\nwindow.registerCommandHandler('show_result', (data) => {\n  if (data.event === 'result') {\n    return html`<my-result-viewer .data=${data.args}></my-result-viewer>`;\n  }\n  return null;\n});\n```\n\n### Styling Guidelines\n\nComponents should use CSS custom properties for theming to maintain consistency with the core system:\n\n```css\n:host {\n  /* Use theme variables with fallbacks */\n  background: var(--component-bg, var(--background-color));\n  color: var(--component-text, var(--text-color));\n  padding: var(--component-padding, 1rem);\n}\n```\n\nCommon theme variables:\n- `--background-color` - Main background\n- `--text-color` - Main text color\n- `--link-color` - Link text color\n- `--code-bg` - Code block background\n- `--component-bg` - Component background (can override --background-color)\n- `--component-text` - Component text (can override --text-color)\n\nComponents should:\n- Use CSS custom properties for themeable values\n- Provide fallbacks to core theme variables\n- Follow existing component patterns\n- Support both light and dark themes\n\n### Best Practices\n\n1. **Component Design**\n- Extend BaseEl for consistent theming and functionality\n- Override _render() instead of render()\n- Use properties for reactive data\n- Follow web component lifecycle methods\n\n2. **Command Handling**\n- Register handlers early in component initialization\n- Handle all event types (partial, running, result)\n- Provide appropriate loading indicators\n- Clean up resources when component is disconnected\n\n3. **Event System**\n- Use this.dispatch() for custom events\n- Bubble events appropriately (bubbles: true)\n- Include relevant detail data\n- Listen for events at appropriate level\n\n4. **Performance**\n- Throttle frequent updates\n- Use efficient rendering patterns\n- Clean up event listeners and intervals\n- Handle large data sets appropriately\n\n5. **Integration**\n- Follow existing component patterns\n- Use theme variables consistently\n- Support both desktop and mobile layouts\n- Test with different themes and configurations\n\n### Frontend Plugin Integration Points\n\nPlugins can integrate with the frontend in several ways:\n\n1. **Custom Components**\n- Create new web components extending BaseEl\n- Add to chat interface or custom pages\n- Interact with command system\n- Provide specialized visualizations\n\n2. **Command Handlers**\n- Register handlers for plugin commands\n- Process command events (partial/running/result)\n- Update UI in response to commands\n- Handle command parameters and results\n\n3. **Template Injection**\n- Add content to existing template blocks\n- Inject custom styles and scripts\n- Extend core UI functionality\n- Add new UI sections\n\n4. **Static Assets**\n- JavaScript modules and components\n- CSS styles and themes\n- Images and media\n- Third-party dependencies\n\nAll static assets should be placed in the plugin's static/ directory and will be automatically mounted at /[plugin_name]/static.\n\n### Development Tips\n\n1. **Getting Started**\n- Study the core component implementations in the source files\n- Use the browser dev tools to inspect component structure\n- Test components in isolation before integration\n- Start with simple components and build up complexity\n\n2. **Debugging**\n- Use console.log() in command handlers and component methods\n- Inspect component properties and state in dev tools\n- Watch for event propagation issues\n- Check for proper cleanup in disconnectedCallback()\n\n3. **Common Issues**\n- Not extending BaseEl (missing theme support)\n- Overriding render() instead of _render()\n- Forgetting to handle all command event types\n- Not cleaning up event listeners\n- Missing theme variable fallbacks\n\n4. **Testing**\n- Test with different themes\n- Verify mobile responsiveness\n- Check memory usage with long sessions\n- Validate command handler behavior\n- Test component lifecycle methods\n\n### SSE (Server-Sent Events) Integration\n\nMindRoot uses SSE for real-time updates from the AI. The chat component establishes an SSE connection and listens for events:\n\n- 'partial_command' - Incremental command output\n- 'running_command' - Command execution status\n- 'command_result' - Final command results\n- 'image' - Image generation results\n- 'finished_chat' - Chat completion\n\nPlugins can utilize this system by:\n1. Sending events from backend commands\n2. Handling events in frontend components\n3. Using the existing chat message display system\n4. Adding custom event types if needed\n\n### AI Integration Points\n\nComponents can interact with the AI system in several ways:\n\n1. **Command Results**\n- Display command outputs in custom formats\n- Show progress for long-running operations\n- Handle specialized data types\n- Provide interactive UI for results\n\n2. **Message Display**\n- Customize how AI responses appear\n- Add interactive elements to messages\n- Handle special content types\n- Provide context-specific visualizations\n\n3. **Input Handling**\n- Add custom input methods\n- Pre-process user input\n- Provide specialized interfaces\n- Handle file uploads or other data\n\n4. **Context Management**\n- Access session context\n- Store component-specific state\n- Share data between components\n- Maintain conversation history\n\n## Tool Commands\n\nCommands are Python functions that can be called by the AI agent. These must be:\n1. Decorated with @command()\n2. Listed in plugin_info.json\n3. Enabled for specific agents in the /admin interface\n\nExample command:\n\n```python\nfrom lib.providers.commands import command\n\n@command()\nasync def read(fname, context=None):\n    \"\"\"Read text from a file.\n    You must specify the full path to the file.\n    \n    Example:\n    { \"read\": { \"fname\": \"/path/to/file1.txt\" } }\n    \"\"\"\n    with open(fname, 'r') as f:\n        text = f.read()\n        return text\n```\n\nKey points about commands:\n\n- Must be async functions\n- Individual parameters must be specified in the signature, not a generic 'params'\n- Should include detailed docstrings with examples\n- Can access context parameter for session data\n- Should handle errors gracefully\n- Can return data that the AI can use\n- Must be enabled per-agent in admin interface\n\n\n## Reminder: Tool Command Parameters\n\nThe individual parameters in your @command function signature must be specifically\ndefined.  You may NOT use a single generic `params` or similar. This style\nwill NOT work with the system.\n\nValid:\n```python\n@command()\nasync def do_something(first_arg: str, second_thing: string, context=None):\n  ...\n```\n\nThe following is completely invalid:\n```python\nasync def do_something(params, context=None):\n\n\n\n## setup.py and plugin install\n\nIMPORTANT: **setup.py must handle install/inclusion of any files in subdirs, e.g. `static/`, `templates/`, `inject/`**\n\nExample:\n\n```shell\n...\n    package_data={\n        \"mr_pkg1\": [\n            \"static/js/*.js\",\n            \"static/*.js\"\n            \"inject/*.jinja2\",\n            \"override/*.jinja2\"\n        ],\n    },\n ...\n\n```\n\n## Plugin Integration Points\n\n1. **Commands**\n   - Available to the AI through the command system\n   - Registered via Python decorators\n   - Can access context and services\n   - Must be listed in plugin_info.json\n\n2. **Services**\n   - Similar to commands but for internal use\n   - Registered via service decorator\n   - Must be listed in plugin_info.json\n   - Can be accessed by commands or other services\n\n3. **Routes**\n   - FastAPI endpoints for HTTP interactions\n   - Automatically mounted if router.py exists\n   - No configuration needed in plugin_info.json\n\n4. **UI Integration**\n   - inject/ - Templates appended to existing blocks\n   - override/ - Templates replacing existing blocks\n   - static/ - Automatically mounted static assets\n   - Flexible frontend technology choice\n\n## Development Workflow\n\n1. Create plugin structure using modern Python package layout\n2. Define plugin metadata in plugin_info.json\n3. Implement commands and services in mod.py\n4. Create router.py if API endpoints are needed\n5. Add UI components and templates as needed\n6. Ensure proper __init__.py imports\n7. Install plugin with pip install -e .\n\n## Best Practices\n\n1. Use appropriate decorators for commands and services\n2. Follow modern Python package structure\n3. Choose appropriate frontend technology for needs\n4. Properly scope static assets\n5. Document commands and services\n6. Include proper type hints and docstrings\n\n## Common Patterns\n\n1. **State Management**\n   - Components can maintain local state\n   - Backend can store state in context\n   - API endpoints for state synchronization\n\n2. **UI Updates**\n   - Components handle real-time updates\n   - Event-based communication\n   - API polling for data updates\n\n3. **Theme Integration**\n   - Use CSS variables for theming\n   - Respect existing style patterns\n   - Consider dark/light mode support\n\n\n## AI System Integration\n\nPlugins can integrate with the AI system through:\n\n1. **Commands**\n   - Return structured data for UI rendering\n   - Support streaming/partial results\n   - Access conversation context\n   - Handle file operations and external services\n\n2. **Context Management**\n   - Store plugin-specific data in context\n   - Access user session information\n   - Share state between commands\n   - Maintain conversation history\n\n3. **Event System**\n   - Send SSE events from commands\n   - Update UI in real-time\n   - Stream command results\n   - Handle long-running operations\n\n## Pipeline System\n\nMindRoot includes a pipeline system for processing data at different stages. Pipes allow plugins to modify or transform data as it flows through the system.\n\n### Pipe Decorator\n\n```python\nfrom lib.pipelines.pipe import pipe\n\n@pipe(name='filter_messages', priority=8)\ndef my_pipeline(data: dict, context=None) -> dict:\n    # Modify or process data\n    return data\n```\n\n### Pipeline Stages\n- pre_process_msg - Before message processing\n- process_results - After command execution\n- Custom stages as needed\n\n### Priority System\n- Higher numbers run earlier\n- Lower numbers run later\n- Use priority to control execution order\n\nExample use cases:\n- Transform message content\n- Add context information\n- Filter or modify results\n- Integrate with external systems\n"
     }
+    , {
+  "name": "SysAdmin",
+  "description": "This is a sysadmin for Ubuntu Linux",
+  "hashver": "ea5e",
+  "commands": [
+    "tell_and_continue",
+    "wait_for_user_reply",
+    "markdown_await_user",
+    "append",
+    "write",
+    "read",
+    "dir",
+    "apply_udiff",
+    "execute_command",
+    "mkdir",
+    "think",
+    "task_complete"
+  ],
+  "preferred_providers": [],
+  "thinking_level": "off",
+  "persona": "Assistant",
+  "recommended_plugins": [],
+  "instructions": "You are a sysadmin for an Ubuntu Linux system. You have root access. You are installed on a VPS.\n\nThe user may request your help with things that they might alternatively have used a control panel like Plesk for (there is no Plesk unless you install it), or for setting up libraries for software development, making nginx config files, or any system administration task.\n\nKeep track of your system info and changes etc. in /var/lib/ai-sysadmin/system-state.md . Make sure to read that at the start of each session. You can use commands like read(), write(), append(), and apply_udiff() (if necessary) as appropriate. Always double check apply_udiff() edits because they can be problematic.  If you have to rebuild the file and it's a little longer than 400 lines, use write() for the first part followed by chunks in append() (but you should be able to just put details in other files and keep this file more compact).\n\nTry to keep the file under 400 lines or so and if necessary keep supplementary files with extra details for particular in the same directory or refer to system configuration files.\n\nYou should be cautious about system changes that could render the system inoperable if they do not complete properly, because the user is relying on you to update the system. If the system stops operating due to a configuration problem, they will not be able to access your chat interface, and may not be able to recover. If you are not sure, make a backup of key files and ask the user for confirmation. \n\nHowever, for tasks that seem routine and you do not have a reason to suspect they will break the system, go ahead and execute them.\n\n## System state file\n\n/var/lib/ai-sysadmin/system-state.md\n\nNote: if this file does not exist or is blank, start by populating it concisely with key system statistics and information.\n\n## Last command\n\nBefore doing significant changes you can record what you are about to do in /var/lib/ai-sysadmin/last-change.md . This way in case there is a problem there will be a record of the last specific modification made or attempted to help with rolling it back (in addition to the backup you made of any config files edited).\n\n",
+  "technicalInstructions": "",
+  "service_models": {
+    "stream_chat": {
+      "provider": "ah_anthropic",
+      "model": "claude-opus-4-1-20250805"
+    }
+  },
+  "flags": [],
+  "required_plugins": []
+}
   ]
 }

mindroot/coreplugins/jwt_auth/middleware.py

@@ -11,6 +11,7 @@ from lib.session_files import load_session_data
 from lib.utils.debug import debug_box
 import secrets
 from pathlib import Path
+import re
 
 def get_or_create_jwt_secret():
     secret_key = os.environ.get("JWT_SECRET_KEY", None)
@@ -85,6 +86,48 @@ def decode_token(token: str):
         print("Invalid token")
         return False
 
+def path_matches_pattern(request_path: str, route_pattern: str) -> bool:
+    """
+    Check if a request path matches a route pattern with parameters.
+    
+    Examples:
+    - path_matches_pattern('/chat/embed/abc123', '/chat/embed/{token}') -> True
+    - path_matches_pattern('/chat/widget/xyz/session', '/chat/widget/{token}/session') -> True
+    - path_matches_pattern('/login', '/login') -> True
+    """
+    # Handle exact matches first
+    if request_path == route_pattern:
+        return True
+    
+    # Convert FastAPI route pattern to regex
+    # Replace {param} with regex pattern that matches any non-slash characters
+    regex_pattern = re.sub(r'\{[^}]+\}', r'[^/]+', route_pattern)
+    # Escape other regex special characters
+    regex_pattern = regex_pattern.replace('.', '\\.')
+    # Add start and end anchors
+    regex_pattern = f'^{regex_pattern}$'
+    
+    try:
+        return bool(re.match(regex_pattern, request_path))
+    except re.error:
+        # If regex compilation fails, fall back to exact match
+        return request_path == route_pattern
+
+def is_public_route(request_path: str) -> bool:
+    """
+    Check if a request path matches any registered public route pattern.
+    """
+    # Check exact matches and pattern matches
+    for route_pattern in public_routes:
+        if path_matches_pattern(request_path, route_pattern):
+            return True
+    
+    # Check special cases
+    if request_path.startswith('/reset-password'):
+        return True
+        
+    return False
+
 async def middleware(request: Request, call_next):
     try:
         print('-------------------------- auth middleware ----------------------------')
@@ -142,14 +185,16 @@ async def middleware(request: Request, call_next):
             print("Error checking for static file", e)
             pass
         print("Did not find static file")
-        # Accept explicitly-registered public routes, _or_ the password-reset link which carries its own token
-        if request.url.path in public_routes or request.url.path.startswith('/reset-password'):
+        
+        # Use the improved public route checking
+        if is_public_route(request.url.path):
             print('Public route: ', request.url.path)
             return await call_next(request)
         elif any([request.url.path.startswith(path) for path in public_static]):
             return await call_next(request)
         else:
             print('Not a public route: ', request.url.path)
+            print("public routes:", public_routes)
 
         # Check for token in cookies first
         token = request.cookies.get("access_token")