Upload folder using huggingface_hub

static/dashboard.html

@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Dashboard - autonomy-labs</title>
     <script src="https://cdn.tailwindcss.com?plugins=typography"></script>
-    <script src="/static/vendor/supabase-js.min.js"></script>
+    <script src="/static/vendor/supabase-loader.js" defer></script>
     <link href="https://cdn.jsdelivr.net/npm/xterm@5.3.0/css/xterm.css" rel="stylesheet">
     <script src="https://cdn.jsdelivr.net/npm/xterm@5.3.0/lib/xterm.min.js"></script>
     <script src="https://cdn.jsdelivr.net/npm/xterm-addon-fit@0.8.0/lib/xterm-addon-fit.min.js"></script>
@@ -1022,7 +1022,7 @@
         <div>autonomy-labs — ship ideas faster.</div>
         <div class="hidden md:block">Chat • Autonomous • Terminal</div>
     </footer>
-    <script src="/static/dashboard.js"></script>
+    <script src="/static/dashboard.js" defer></script>
 </body>
 
 </html>

static/dashboard.js

@@ -327,20 +327,10 @@ let supabase;
 
         async function requireSupabaseLibrary() {
             if (window.supabase && typeof window.supabase.createClient === 'function') return;
-            try {
-                const url = configEndpoint('static/vendor/supabase-js.min.js');
-                const res = await fetch(url, { method: 'GET' });
-                if (!res.ok) {
-                    throw new Error(`Supabase JS bundle missing (${res.status}) at ${url}`);
-                }
-                const text = await res.text();
-                if (text.trimStart().startsWith('<')) {
-                    throw new Error(`Supabase JS bundle URL returned HTML (likely 404 page): ${url}`);
-                }
-            } catch (e) {
-                throw new Error(e?.message || String(e));
+            if (typeof window.__loadSupabase !== 'function') {
+                throw new Error('Supabase loader is missing (static/vendor/supabase-loader.js).');
             }
-            throw new Error('Supabase client library failed to load (bundle fetched but window.supabase is missing).');
+            await window.__loadSupabase();
         }
 
         function configEndpoint(path) {
@@ -349,6 +339,12 @@ let supabase;
             return new URL(cleaned, base).toString();
         }
 
+        function routeUrl(path) {
+            const base = new URL('.', window.location.href);
+            const cleaned = String(path || '').replace(/^\/+/, '');
+            return new URL(cleaned, base).toString();
+        }
+
         async function fetchConfig() {
             const candidates = ['config', 'api/config'];
             let lastError = null;
@@ -1039,7 +1035,7 @@ let supabase;
                 window.__supabaseClient = supabase;
 
                 const { data: { session } } = await supabase.auth.getSession();
-                if (!session) { window.location.href = '/login'; return; }
+                if (!session) { window.location.href = routeUrl('login'); return; }
                 window.__sbAccessToken = (session.access_token || '').trim();
                 supabase.auth.onAuthStateChange((_event, nextSession) => {
                     window.__sbAccessToken = (nextSession?.access_token || '').trim();
@@ -1119,7 +1115,7 @@ let supabase;
 
                 document.getElementById('logout-btn').addEventListener('click', async () => {
                     await supabase.auth.signOut();
-                    window.location.href = '/login';
+                    window.location.href = routeUrl('login');
                 });
 
                 initProviderPresets();

static/index.html

@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Login - autonomy-labs</title>
     <script src="https://cdn.tailwindcss.com"></script>
-    <script src="/static/vendor/supabase-js.min.js"></script>
+    <script src="/static/vendor/supabase-loader.js" defer></script>
     <link rel="stylesheet" href="/static/theme.css">
 </head>
 
@@ -84,7 +84,7 @@
             </div>
         </div>
     </div>
-    <script src="/static/login.js"></script>
+    <script src="/static/login.js" defer></script>
 </body>
 
 </html>

static/login.js

@@ -69,21 +69,20 @@ var supabaseReady = false;
 
         async function requireSupabaseLibrary() {
             if (window.supabase && typeof window.supabase.createClient === 'function') return;
-            // Help debug the most common cause in Spaces: the bundle isn't being served.
-            try {
-                const url = configEndpoint('static/vendor/supabase-js.min.js');
-                const res = await fetch(url, { method: 'GET' });
-                if (!res.ok) {
-                    throw new Error(`Supabase JS bundle missing (${res.status}) at ${url}`);
-                }
-                const text = await res.text();
-                if (text.trimStart().startsWith('<')) {
-                    throw new Error(`Supabase JS bundle URL returned HTML (likely 404 page): ${url}`);
-                }
-            } catch (e) {
-                throw new Error(e?.message || String(e));
+            if (typeof window.__loadSupabase !== 'function') {
+                throw new Error('Supabase loader is missing (static/vendor/supabase-loader.js).');
             }
-            throw new Error('Supabase client library failed to load (bundle fetched but window.supabase is missing).');
+            await window.__loadSupabase();
+        }
+
+        function routeUrl(path) {
+            const base = new URL('.', window.location.href);
+            const cleaned = String(path || '').replace(/^\/+/, '');
+            return new URL(cleaned, base).toString();
+        }
+
+        function replaceUrl(path) {
+            try { window.location.replace(routeUrl(path)); } catch { window.location.href = routeUrl(path); }
         }
 
         function isRecoveryUrl() {
@@ -110,7 +109,11 @@ var supabaseReady = false;
                 const hasSession = !!data?.session;
                 if (hasSession) {
                     // Clean up URL to avoid leaking tokens via screenshots/logs/referrers.
-                    try { history.replaceState({}, '', '/login#type=recovery'); } catch { }
+                    try {
+                        const u = new URL(routeUrl('login'));
+                        u.hash = 'type=recovery';
+                        history.replaceState({}, '', u.pathname + u.search + u.hash);
+                    } catch { }
                 }
                 return { ok: hasSession, isRecovery: true, error: null };
             } catch (e) {
@@ -144,20 +147,24 @@ var supabaseReady = false;
                 supabase.auth.onAuthStateChange((event, session) => {
                     if (event === 'PASSWORD_RECOVERY') {
                         // Best-effort URL cleanup.
-                        try { history.replaceState({}, '', '/login#type=recovery'); } catch { }
+                        try {
+                            const u = new URL(routeUrl('login'));
+                            u.hash = 'type=recovery';
+                            history.replaceState({}, '', u.pathname + u.search + u.hash);
+                        } catch { }
                         showUpdatePanel();
                         return;
                     }
                     const recovery = isRecoveryUrl();
                     if (session && !recovery) {
-                        window.location.href = '/app';
+                        window.location.href = routeUrl('app');
                     }
                 });
 
                 const recovery = consumed.isRecovery || isRecoveryUrl();
                 const { data: { session } } = await supabase.auth.getSession();
                 if (session && !recovery) {
-                    window.location.href = '/app';
+                    window.location.href = routeUrl('app');
                     return;
                 }
                 if (recovery) {
@@ -248,12 +255,12 @@ var supabaseReady = false;
                 if (type === 'register') {
                     if (result.data && result.data.session) {
                         // Email verification is disabled, user is logged in
-                        window.location.href = '/app';
+                        window.location.href = routeUrl('app');
                     } else {
                         showAlert('Registration successful! Please check your email to verify (if enabled) or try logging in.', 'success');
                     }
                 } else {
-                    window.location.href = '/app';
+                    window.location.href = routeUrl('app');
                 }
             } catch (error) {
                 showAlert(error.message);
@@ -297,7 +304,7 @@ var supabaseReady = false;
 
         document.getElementById('cancel-update-btn').addEventListener('click', async () => {
             try { await supabase.auth.signOut(); } catch { }
-            window.location.replace('/login');
+            replaceUrl('login');
         });
 
         document.getElementById('update-password-btn').addEventListener('click', async () => {
@@ -325,7 +332,7 @@ var supabaseReady = false;
                 if (error) throw error;
                 showAlert('Password updated. You can log in now.', 'success');
                 try { await supabase.auth.signOut(); } catch { }
-                window.location.replace('/login');
+                replaceUrl('login');
             } catch (e) {
                 showAlert(e?.message || String(e));
             }

static/vendor/supabase-loader.js

@@ -0,0 +1,102 @@
+// Minimal loader to make Supabase available as `window.supabase.createClient` without relying on external CDNs.
+// This is designed for environments like Hugging Face Spaces where third-party CDNs may be blocked.
+(function () {
+  async function fetchText(url) {
+    const res = await fetch(url, { method: "GET" });
+    if (!res.ok) throw new Error(`Supabase JS bundle missing (${res.status}) at ${url}`);
+    return await res.text();
+  }
+
+  function isProbablyHtml(text) {
+    return String(text || "").trimStart().startsWith("<");
+  }
+
+  function looksLikeEsm(text) {
+    const t = String(text || "");
+    return /\bexport\s+(?:\{|\*)/m.test(t) || /^\s*export\s+/m.test(t) || /\bimport\s+.*from\b/m.test(t);
+  }
+
+  function loadClassicScript(url) {
+    return new Promise((resolve, reject) => {
+      const s = document.createElement("script");
+      s.src = url;
+      s.async = true;
+      s.onload = () => resolve();
+      s.onerror = () => reject(new Error(`Failed to load script ${url}`));
+      document.head.appendChild(s);
+    });
+  }
+
+  async function loadAsModule(url) {
+    // Use dynamic import to support ESM bundles. This will still execute even if it exports nothing.
+    // eslint-disable-next-line no-new-func
+    const importer = new Function("u", "return import(u)");
+    try {
+      return await importer(url);
+    } catch (e) {
+      throw new Error(`Failed to import module ${url}: ${e?.message || e}`);
+    }
+  }
+
+  async function ensureSupabaseLoaded() {
+    if (window.supabase && typeof window.supabase.createClient === "function") return;
+    const url = new URL("static/vendor/supabase-js.min.js", new URL(".", window.location.href)).toString();
+
+    // Fetch first so we can provide better errors, and decide whether to use module import.
+    const text = await fetchText(url);
+    if (isProbablyHtml(text)) {
+      throw new Error(`Supabase JS bundle URL returned HTML (likely 404 page): ${url}`);
+    }
+
+    // Prefer classic script for UMD/IIFE bundles; fall back to module import for ESM bundles.
+    const esm = looksLikeEsm(text);
+    let mod = null;
+    if (!esm) {
+      await loadClassicScript(url);
+    } else {
+      mod = await loadAsModule(url);
+    }
+
+    // Some bundles may be ESM and not set any global; wire it up if possible.
+    const exportedCreateClient =
+      (mod && typeof mod.createClient === "function" && mod.createClient) ||
+      (mod && mod.default && typeof mod.default.createClient === "function" && mod.default.createClient) ||
+      null;
+
+    if (exportedCreateClient) {
+      window.supabase = window.supabase || {};
+      window.supabase.createClient = exportedCreateClient;
+      return;
+    }
+
+    // Some bundles may set a global without providing createClient directly.
+    if (window.supabase && typeof window.supabase.createClient === "function") return;
+    if (typeof window.createClient === "function") {
+      window.supabase = window.supabase || {};
+      window.supabase.createClient = window.createClient;
+      return;
+    }
+
+    // Last resort: even if we loaded as a classic script, try importing as a module to access exports.
+    // This helps when the copied bundle is ESM but our heuristic missed it.
+    if (!mod) {
+      try {
+        mod = await loadAsModule(url);
+        const cc =
+          (mod && typeof mod.createClient === "function" && mod.createClient) ||
+          (mod && mod.default && typeof mod.default.createClient === "function" && mod.default.createClient) ||
+          null;
+        if (cc) {
+          window.supabase = window.supabase || {};
+          window.supabase.createClient = cc;
+          return;
+        }
+      } catch (_e) {
+        // ignore
+      }
+    }
+    throw new Error("Supabase loaded but window.supabase.createClient is missing.");
+  }
+
+  window.__loadSupabase = ensureSupabaseLoaded;
+})();