[Bug]: Cannot create Extract or Scrape robots in Docker Compose setup (JWT invalid signature)

[sdspieg]

Where are you using the app?

Self-Hosted (OSS) with Docker

App Version

0.0.28

Browser

Any

Operating System

Windows 11 Pro + WSL2 (Ubuntu 22.04). Docker Desktop 4.33.0.

Steps to Reproduce

1. Follow https://docs.maxun.dev/category/robots “Docker Compose” guide verbatim:
   • Copy .env and docker-compose.yml into a fresh C:\maxun.
   • Run docker compose up -d (images pulled automatically).
2. Open http://localhost:5173, log in with the seeded test account.
3. Try to “Create robot” → “Extract robot”.
4. Try to “Create robot” → “Scrape robot” (Markdown template).
5. Watch the UI errors and container logs (docker logs maxun-backend-1).

Expected Behavior

• Recorder for Extract robots should launch immediately so we can capture actions.
• Scrape robot wizard should finish and schedule a run.
• Backend log should show the requests being processed without auth errors.

Actual Behavior

• Extract flow instantly shows Remote browsers are currently busy. Please wait for a few minutes and try again.
  (even though Compose’s bundled services are idle).
• Scrape flow ends with Failed to create markdown robot.

Backend log fills with repeated JWT errors for every attempt, e.g.:

2025-12-03T23:55:59.720Z info: Client joined queued-run namespace for user: 4, socket: 5KRBznSwm-Uu8OnMAAAB
JWT verification error: JsonWebTokenError: invalid signature
at /app/node_modules/jsonwebtoken/verify.js:171:19
at getSecret (/app/node_modules/jsonwebtoken/verify.js:97:14)
at module.exports (/app/node_modules/jsonwebtoken/verify.js:101:10)
at requireSignIn (/app/server/src/middlewares/auth.ts:18:11)
...

So neither robot type can be created/run.

Relevant Logs or Screenshots

• docker logs maxun-backend-1 repeatedly shows the JsonWebTokenError: invalid signature snippet above immediately
  after the UI actions.
• Frontend log only shows the standard Vite startup banner (no errors).
• The Compose stack otherwise looks healthy in Docker Desktop; docker exec maxun-backend-1 uname -m and ...frontend-
  1 both output aarch64 even though Docker Desktop (Windows/WSL2) is x86_64.

Additional Context

• These errors appear right after bringing the stack up; resetting the JWT secret plus clearing browser cookies
  temporarily fixes them, but the Guide never mentions needing to regenerate JWT_SECRET or how to handle the Remote browsers ... busy message.
• Would appreciate clarification on:
  1. Why Compose deployments on Windows/WSL2 see aarch64 in the containers.
  2. Whether the “Remote browsers are busy” UI message is masking the JWT failure.
  3. Proper steps to regenerate/align JWT_SECRET (docs don’t cover it) so new installs don’t hit this wall.

Let me know if you need the full .env (with secrets obscured) or additional logs.

[RohitR311]

@sdspieg Thanks for the report. We are reproducing it on our end and will get back soon.

[sdspieg]

Thanks! You guys are truly amazing...