@surf-ai/sdk 0.1.6-beta → 1.0.0-alpha.1

package/dist/server/index.d.cts

@@ -1,10 +1,9 @@
 import express from 'express';
 
 /**
- * Express server runtime — replaces scaffold server.js + routes/proxy.js.
+ * Express server runtime — replaces scaffold server.js.
  *
  * Handles:
- *   - /proxy/* passthrough (env-aware: sandbox → OutboundProxy, deployed → hermod)
  *   - Auto-loading routes from routes/*.js → /api/{name}
  *   - Cron job system from cron.json
  *   - DB schema sync on startup
@@ -12,18 +11,16 @@ import express from 'express';
  */
 
 interface ServerOptions {
-    /** Port to listen on (default: PORT env, fallback 3001) */
+    /** Port to listen on. Falls back to the PORT env var when omitted. */
     port?: number;
     /** Directory containing route files (default: ./routes) */
     routesDir?: string;
     /** Directory containing cron.json (default: .) */
     cronDir?: string;
-    /** Enable /proxy/* passthrough (default: true) */
-    proxy?: boolean;
 }
 declare function createServer(options?: ServerOptions): {
     app: express.Express;
-    port: number;
+    port: number | undefined;
     start(): Promise<void>;
 };
 
@@ -3454,17 +3451,14 @@ interface V2PolymarketVolumeChartParams {
 }
 
 /**
- * Environment-aware data API client.
+ * 1.0 data API client.
  *
- * Reads env vars to determine routing (prefixed vars take priority):
- *   - SURF_SANDBOX_PROXY_BASE → sandbox (OutboundProxy handles auth)
- *   - SURF_DEPLOYED_GATEWAY_URL + SURF_DEPLOYED_APP_TOKEN → deployed (hermod with Bearer)
- *   - Neither → public (api.ask.surf, caller provides own auth)
+ * Reads:
+ *   - SURF_API_BASE_URL (default: https://api.asksurf.ai/gateway/v1)
+ *   - SURF_API_KEY      (required)
  *
- * Backward-compatible aliases:
- *   DATA_PROXY_BASE → SURF_SANDBOX_PROXY_BASE
- *   GATEWAY_URL     → SURF_DEPLOYED_GATEWAY_URL
- *   APP_TOKEN       → SURF_DEPLOYED_APP_TOKEN
+ * All requests are sent directly to the configured API base URL using
+ * Authorization: Bearer <SURF_API_KEY>.
  */
 /** Low-level GET — escape hatch for endpoints not yet in the SDK. */
 declare function get<T = any>(path: string, params?: Record<string, any>): Promise<T>;

package/dist/server/index.d.ts

@@ -1,10 +1,9 @@
 import express from 'express';
 
 /**
- * Express server runtime — replaces scaffold server.js + routes/proxy.js.
+ * Express server runtime — replaces scaffold server.js.
  *
  * Handles:
- *   - /proxy/* passthrough (env-aware: sandbox → OutboundProxy, deployed → hermod)
  *   - Auto-loading routes from routes/*.js → /api/{name}
  *   - Cron job system from cron.json
  *   - DB schema sync on startup
@@ -12,18 +11,16 @@ import express from 'express';
  */
 
 interface ServerOptions {
-    /** Port to listen on (default: PORT env, fallback 3001) */
+    /** Port to listen on. Falls back to the PORT env var when omitted. */
     port?: number;
     /** Directory containing route files (default: ./routes) */
     routesDir?: string;
     /** Directory containing cron.json (default: .) */
     cronDir?: string;
-    /** Enable /proxy/* passthrough (default: true) */
-    proxy?: boolean;
 }
 declare function createServer(options?: ServerOptions): {
     app: express.Express;
-    port: number;
+    port: number | undefined;
     start(): Promise<void>;
 };
 
@@ -3454,17 +3451,14 @@ interface V2PolymarketVolumeChartParams {
 }
 
 /**
- * Environment-aware data API client.
+ * 1.0 data API client.
  *
- * Reads env vars to determine routing (prefixed vars take priority):
- *   - SURF_SANDBOX_PROXY_BASE → sandbox (OutboundProxy handles auth)
- *   - SURF_DEPLOYED_GATEWAY_URL + SURF_DEPLOYED_APP_TOKEN → deployed (hermod with Bearer)
- *   - Neither → public (api.ask.surf, caller provides own auth)
+ * Reads:
+ *   - SURF_API_BASE_URL (default: https://api.asksurf.ai/gateway/v1)
+ *   - SURF_API_KEY      (required)
  *
- * Backward-compatible aliases:
- *   DATA_PROXY_BASE → SURF_SANDBOX_PROXY_BASE
- *   GATEWAY_URL     → SURF_DEPLOYED_GATEWAY_URL
- *   APP_TOKEN       → SURF_DEPLOYED_APP_TOKEN
+ * All requests are sent directly to the configured API base URL using
+ * Authorization: Bearer <SURF_API_KEY>.
  */
 /** Low-level GET — escape hatch for endpoints not yet in the SDK. */
 declare function get<T = any>(path: string, params?: Record<string, any>): Promise<T>;

package/dist/server/index.js

@@ -1,41 +1,280 @@
-import {
-  __require,
-  get,
-  post
-} from "../chunk-J4OMYO3F.js";
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
 
 // src/server/runtime.ts
 import express from "express";
 import cors from "cors";
-import fs from "fs";
+import fs2 from "fs";
 import path from "path";
-import { createProxyMiddleware, responseInterceptor } from "http-proxy-middleware";
 import { Cron } from "croner";
+
+// src/core/config.ts
+var DEFAULT_API_BASE_URL = "https://api.ask.surf/gateway/v1";
+function trimTrailingSlashes(value) {
+  return String(value || "").replace(/\/+$/, "");
+}
+function readSurfApiConfig() {
+  return {
+    baseUrl: trimTrailingSlashes(process.env.SURF_API_BASE_URL || DEFAULT_API_BASE_URL),
+    apiKey: process.env.SURF_API_KEY
+  };
+}
+function requireSurfApiConfig() {
+  const config = readSurfApiConfig();
+  if (!config.apiKey) {
+    throw new Error("SURF_API_KEY is required");
+  }
+  return { baseUrl: config.baseUrl, apiKey: config.apiKey };
+}
+function readAdminApiKey() {
+  return process.env.SURF_API_KEY;
+}
+
+// src/db/schema-sync.ts
+import fs from "fs";
+
+// src/core/transport.ts
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function normalizePath(path2) {
+  return String(path2 || "").replace(/^\/+/, "");
+}
+function buildUrl(path2, params) {
+  const { baseUrl } = requireSurfApiConfig();
+  const url = new URL(`${baseUrl}/${normalizePath(path2)}`);
+  if (params) {
+    for (const [key, value] of Object.entries(params)) {
+      if (value != null) {
+        url.searchParams.set(key, String(value));
+      }
+    }
+  }
+  return url.toString();
+}
+function buildHeaders(extra) {
+  const { apiKey } = requireSurfApiConfig();
+  const headers = new Headers(extra);
+  headers.set("Authorization", `Bearer ${apiKey}`);
+  return headers;
+}
+async function fetchJson(url, init, retries = 1) {
+  for (let attempt = 0; attempt <= retries; attempt++) {
+    const res = await fetch(url, init);
+    if (!res.ok) {
+      const text2 = await res.text();
+      throw new Error(`API error ${res.status}: ${text2.slice(0, 200)}`);
+    }
+    const text = await res.text();
+    if (text) {
+      return JSON.parse(text);
+    }
+    if (attempt < retries) {
+      await sleep(1e3);
+    }
+  }
+  throw new Error(`Empty response from ${url}`);
+}
+async function getJson(path2, params) {
+  return fetchJson(buildUrl(path2, params), {
+    headers: buildHeaders()
+  });
+}
+async function postJson(path2, body) {
+  return fetchJson(buildUrl(path2), {
+    method: "POST",
+    headers: buildHeaders({
+      "Content-Type": "application/json"
+    }),
+    body: body ? JSON.stringify(body) : void 0
+  });
+}
+
+// src/data/client.ts
+async function get(path2, params) {
+  return getJson(path2, params);
+}
+async function post(path2, body) {
+  return postJson(path2, body);
+}
+
+// src/db/schema-sync.ts
+var syncing = false;
+async function syncSchema(options) {
+  const { schemaPath, retries = 3, retryDelay = 2e3 } = options;
+  for (let i = 0; i < retries; i++) {
+    try {
+      await doSyncSchema(schemaPath);
+      return;
+    } catch (err) {
+      console.error(`DB schema sync attempt ${i + 1}/${retries} failed: ${err.message}`);
+      if (i < retries - 1) await new Promise((r) => setTimeout(r, retryDelay * (i + 1)));
+    }
+  }
+  console.error("DB schema sync failed after all retries");
+}
+async function doSyncSchema(schemaPath) {
+  if (syncing) return;
+  syncing = true;
+  try {
+    if (!fs.existsSync(schemaPath)) return;
+    let schema;
+    if (schemaPath.endsWith(".ts")) {
+      try {
+        schema = await import(`${schemaPath}?t=${Date.now()}`);
+      } catch (err) {
+        if (err instanceof SyntaxError) {
+          console.log("DB: schema file has syntax error, waiting for next change...");
+          return;
+        }
+        if (err.message.includes("Cannot find module") || err.message.includes("is not a function")) {
+          return;
+        }
+        throw err;
+      }
+    } else {
+      try {
+        delete __require.cache[__require.resolve(schemaPath)];
+      } catch {
+      }
+      try {
+        schema = __require(schemaPath);
+      } catch (err) {
+        if (err instanceof SyntaxError) {
+          console.log("DB: schema file has syntax error, waiting for next change...");
+          return;
+        }
+        if (err.message.includes("Cannot find module") || err.message.includes("is not a function")) {
+          return;
+        }
+        throw err;
+      }
+    }
+    let getTableConfig;
+    try {
+      getTableConfig = __require("drizzle-orm/pg-core").getTableConfig;
+    } catch {
+      return;
+    }
+    const tables = Object.values(schema).filter(
+      (t) => t && typeof t === "object" && /* @__PURE__ */ Symbol.for("drizzle:Name") in t
+    );
+    if (tables.length === 0) return;
+    await post("db/provision", {});
+    const existing = (await get("db/tables")).map((t) => t.name);
+    const missing = tables.filter((t) => !existing.includes(getTableConfig(t).name));
+    if (missing.length > 0) {
+      const { generateDrizzleJson, generateMigration } = __require("drizzle-kit/api");
+      const missingSchema = {};
+      for (const t of missing) missingSchema[getTableConfig(t).name] = t;
+      const sqls = await generateMigration(generateDrizzleJson({}), generateDrizzleJson(missingSchema));
+      for (const sql of sqls) {
+        for (let attempt = 0; attempt < 2; attempt++) {
+          try {
+            await post("db/query", { sql, params: [] });
+            console.log(`DB: Executed: ${sql.slice(0, 80)}...`);
+            break;
+          } catch (err) {
+            if (attempt === 0) {
+              console.warn(`DB: Retrying after: ${err.message}`);
+              await new Promise((r) => setTimeout(r, 1500));
+            } else {
+              console.error(`DB: Failed: ${sql.slice(0, 80)}... \u2014 ${err.message}`);
+            }
+          }
+        }
+      }
+    }
+    const existingTables = tables.filter((t) => existing.includes(getTableConfig(t).name));
+    for (const t of existingTables) {
+      const cfg = getTableConfig(t);
+      try {
+        const live = await get("db/table-schema", { table: cfg.name });
+        const liveCols = new Set((live.columns || []).map((c) => c.name));
+        for (const col of cfg.columns) {
+          if (!liveCols.has(col.name)) {
+            const colType = col.getSQLType();
+            const ddl = `ALTER TABLE "${cfg.name}" ADD COLUMN IF NOT EXISTS "${col.name}" ${colType}`;
+            try {
+              await post("db/query", { sql: ddl, params: [] });
+              console.log(`DB: Added column ${col.name} to ${cfg.name}`);
+            } catch (err) {
+              console.warn(`DB: Failed to add column ${col.name} to ${cfg.name}: ${err.message}`);
+            }
+          }
+        }
+      } catch (err) {
+        console.warn(`DB: Column check failed for ${cfg.name}: ${err.message}`);
+      }
+    }
+  } finally {
+    syncing = false;
+  }
+}
+function watchSchema(schemaPath, options) {
+  const { debounceMs = 1e3, retries = 2, retryDelay = 1500 } = options || {};
+  if (!fs.existsSync(schemaPath)) return () => {
+  };
+  let debounce = null;
+  fs.watchFile(schemaPath, { interval: 2e3 }, () => {
+    if (debounce) clearTimeout(debounce);
+    debounce = setTimeout(async () => {
+      console.log("DB: schema file changed, re-syncing tables...");
+      try {
+        await syncSchema({ schemaPath, retries, retryDelay });
+        console.log("DB: schema re-sync complete");
+      } catch (err) {
+        console.error(`DB: schema re-sync failed: ${err.message}`);
+      }
+    }, debounceMs);
+  });
+  return () => {
+    fs.unwatchFile(schemaPath);
+    if (debounce) clearTimeout(debounce);
+  };
+}
+
+// src/server/runtime.ts
+function requireBearerAuth(req, res, next) {
+  const apiKey = readAdminApiKey();
+  if (!apiKey) {
+    return res.status(503).json({ error: "SURF_API_KEY is not configured" });
+  }
+  if (req.headers.authorization !== `Bearer ${apiKey}`) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+  next();
+}
 function createServer(options = {}) {
-  const port = options.port || parseInt(process.env.PORT || "3001", 10);
+  const rawPort = process.env.BACKEND_PORT;
+  const port = options.port ?? (rawPort ? Number.parseInt(rawPort, 10) : void 0);
+  if (!Number.isInteger(port)) {
+    throw new Error("createServer requires a port via options.port or BACKEND_PORT env var");
+  }
   const routesDir = options.routesDir || path.join(process.cwd(), "routes");
   const cronDir = options.cronDir || process.cwd();
-  const enableProxy = options.proxy !== false;
   const app = express();
   app.use(cors());
-  if (enableProxy) {
-    setupProxy(app, port);
-  }
   app.use(express.json());
   app.get("/api/health", (_req, res) => {
     res.json({ status: "ok" });
   });
-  if (fs.existsSync(routesDir)) {
-    for (const file of fs.readdirSync(routesDir)) {
+  if (fs2.existsSync(routesDir)) {
+    for (const file of fs2.readdirSync(routesDir)) {
       if (!file.endsWith(".js") && !file.endsWith(".ts")) continue;
       const name = file.replace(/\.(js|ts)$/, "");
       try {
-        const route = __require(path.join(routesDir, file));
-        const handler = route.default || route;
+        const handler = __require(path.join(routesDir, file));
         if (typeof handler === "function") {
           app.use(`/api/${name}`, handler);
           console.log(`Route registered: /api/${name}`);
+          continue;
         }
+        throw new Error(`Route module must export a handler function via module.exports`);
       } catch (err) {
         console.error(`Failed to load route ${file}: ${err.message}`);
       }
@@ -59,157 +298,15 @@ function createServer(options = {}) {
     }
   };
 }
-function env(surfName, legacyName) {
-  return process.env[surfName] || process.env[legacyName];
-}
-function setupProxy(app, port) {
-  const gatewayUrl = env("SURF_DEPLOYED_GATEWAY_URL", "GATEWAY_URL");
-  const appToken = env("SURF_DEPLOYED_APP_TOKEN", "APP_TOKEN");
-  const proxyBase = env("SURF_SANDBOX_PROXY_BASE", "DATA_PROXY_BASE");
-  const isDeployed = Boolean(gatewayUrl && appToken);
-  const bufferResponse = responseInterceptor(async (buf) => buf);
-  if (isDeployed) {
-    app.use("/proxy", createProxyMiddleware({
-      target: gatewayUrl,
-      changeOrigin: true,
-      selfHandleResponse: true,
-      pathRewrite: (p) => "/gateway/v1" + p,
-      headers: {
-        Authorization: `Bearer ${appToken}`,
-        "Accept-Encoding": "identity"
-      },
-      on: { proxyRes: bufferResponse }
-    }));
-    const loopback = `http://127.0.0.1:${port}/proxy`;
-    process.env.SURF_SANDBOX_PROXY_BASE = loopback;
-    process.env.DATA_PROXY_BASE = loopback;
-  } else if (proxyBase) {
-    const target = proxyBase.replace(/\/proxy$/, "");
-    app.use(createProxyMiddleware({
-      target,
-      changeOrigin: true,
-      pathFilter: "/proxy",
-      on: {
-        proxyReq: (proxyReq, req) => {
-          console.log(`[proxy] >> ${req.method} ${req.originalUrl}`);
-        },
-        proxyRes: (proxyRes, req) => {
-          console.log(`[proxy] << ${proxyRes.statusCode} ${req.method} ${req.originalUrl}`);
-        },
-        error: (err, req, res) => {
-          console.error(`[proxy] !! ${req.method} ${req.originalUrl} error: ${err.message}`);
-          if (!res.headersSent) res.status(502).json({ error: err.message });
-        }
-      }
-    }));
-  }
-}
 var schemaSync = { run: async () => {
 }, watch: () => {
 } };
 function setupSchemaSync(app, schemaDir) {
-  let syncing = false;
   let schemaReady = false;
-  async function doSyncSchema() {
-    if (syncing) return;
-    syncing = true;
-    try {
-      const schemaPath = path.join(schemaDir, "schema.js");
-      if (!fs.existsSync(schemaPath)) return;
-      try {
-        delete __require.cache[__require.resolve(schemaPath)];
-      } catch {
-      }
-      let schema;
-      try {
-        schema = __require(schemaPath);
-      } catch (err) {
-        if (err instanceof SyntaxError) {
-          console.log("DB: schema.js has syntax error, waiting for next change...");
-          return;
-        }
-        if (err.message.includes("Cannot find module") || err.message.includes("is not a function")) {
-          return;
-        }
-        throw err;
-      }
-      let getTableConfig;
-      try {
-        getTableConfig = __require("drizzle-orm/pg-core").getTableConfig;
-      } catch {
-        return;
-      }
-      const tables = Object.values(schema).filter(
-        (t) => t && typeof t === "object" && /* @__PURE__ */ Symbol.for("drizzle:Name") in t
-      );
-      if (tables.length === 0) return;
-      const { get: dbGet, post: dbPost } = await import("../client-3YMIRPDV.js");
-      await dbPost("db/provision");
-      const existing = (await dbGet("db/tables")).map((t) => t.name);
-      const missing = tables.filter((t) => !existing.includes(getTableConfig(t).name));
-      if (missing.length > 0) {
-        const { generateDrizzleJson, generateMigration } = __require("drizzle-kit/api");
-        const missingSchema = {};
-        for (const t of missing) missingSchema[getTableConfig(t).name] = t;
-        const sqls = await generateMigration(generateDrizzleJson({}), generateDrizzleJson(missingSchema));
-        for (const sql of sqls) {
-          for (let attempt = 0; attempt < 2; attempt++) {
-            try {
-              await dbPost("db/query", { sql, params: [] });
-              console.log(`DB: Executed: ${sql.slice(0, 80)}...`);
-              break;
-            } catch (err) {
-              if (attempt === 0) {
-                console.warn(`DB: Retrying after: ${err.message}`);
-                await new Promise((r) => setTimeout(r, 1500));
-              } else {
-                console.error(`DB: Failed: ${sql.slice(0, 80)}... \u2014 ${err.message}`);
-              }
-            }
-          }
-        }
-      }
-      const existingTables = tables.filter((t) => existing.includes(getTableConfig(t).name));
-      for (const t of existingTables) {
-        const cfg = getTableConfig(t);
-        try {
-          const live = await dbGet("db/table-schema", { table: cfg.name });
-          const liveCols = new Set((live.columns || []).map((c) => c.name));
-          for (const col of cfg.columns) {
-            if (!liveCols.has(col.name)) {
-              const colType = col.getSQLType();
-              const ddl = `ALTER TABLE "${cfg.name}" ADD COLUMN IF NOT EXISTS "${col.name}" ${colType}`;
-              try {
-                await dbPost("db/query", { sql: ddl, params: [] });
-                console.log(`DB: Added column ${col.name} to ${cfg.name}`);
-              } catch (err) {
-                console.warn(`DB: Failed to add column ${col.name} to ${cfg.name}: ${err.message}`);
-              }
-            }
-          }
-        } catch (err) {
-          console.warn(`DB: Column check failed for ${cfg.name}: ${err.message}`);
-        }
-      }
-    } finally {
-      syncing = false;
-    }
-  }
-  async function syncWithRetry(retries = 3, delay = 2e3) {
-    for (let i = 0; i < retries; i++) {
-      try {
-        await doSyncSchema();
-        return;
-      } catch (err) {
-        console.error(`DB schema sync attempt ${i + 1}/${retries} failed: ${err.message}`);
-        if (i < retries - 1) await new Promise((r) => setTimeout(r, delay * (i + 1)));
-      }
-    }
-    console.error("DB schema sync failed after all retries");
-  }
-  app.post("/api/__sync-schema", async (_req, res) => {
+  const schemaPath = path.join(schemaDir, "schema.js");
+  app.post("/api/__sync-schema", requireBearerAuth, async (_req, res) => {
     try {
-      await syncWithRetry(2, 1500);
+      await syncSchema({ schemaPath, retries: 2, retryDelay: 1500 });
       res.json({ ok: true });
     } catch (err) {
       res.status(500).json({ ok: false, error: err.message });
@@ -221,7 +318,7 @@ function setupSchemaSync(app, schemaDir) {
   });
   schemaSync.run = async () => {
     try {
-      await syncWithRetry();
+      await syncSchema({ schemaPath });
       schemaReady = true;
       console.log("Schema sync complete, API ready");
     } catch {
@@ -230,21 +327,7 @@ function setupSchemaSync(app, schemaDir) {
     }
   };
   schemaSync.watch = () => {
-    const schemaPath = path.join(schemaDir, "schema.js");
-    if (!fs.existsSync(schemaPath)) return;
-    let debounce = null;
-    fs.watchFile(schemaPath, { interval: 2e3 }, () => {
-      if (debounce) clearTimeout(debounce);
-      debounce = setTimeout(async () => {
-        console.log("DB: schema.js changed, re-syncing tables...");
-        try {
-          await syncWithRetry(2, 1500);
-          console.log("DB: schema re-sync complete");
-        } catch (err) {
-          console.error(`DB: schema re-sync failed: ${err.message}`);
-        }
-      }, 1e3);
-    });
+    watchSchema(schemaPath);
   };
 }
 function setupCron(app, cronDir) {
@@ -260,10 +343,10 @@ function setupCron(app, cronDir) {
     }
     cronJobs.clear();
     const cronPath = path.join(cronDir, "cron.json");
-    if (!fs.existsSync(cronPath)) return;
+    if (!fs2.existsSync(cronPath)) return;
     let tasks;
     try {
-      tasks = JSON.parse(fs.readFileSync(cronPath, "utf-8"));
+      tasks = JSON.parse(fs2.readFileSync(cronPath, "utf-8"));
     } catch (e) {
       console.error("Failed to parse cron.json:", e.message);
       return;
@@ -311,16 +394,7 @@ function setupCron(app, cronDir) {
       console.log(`Cron registered: [${task.id}] ${task.name} (${task.schedule})`);
     }
   }
-  const envFn = (s, l) => process.env[s] || process.env[l];
-  app.use("/api/cron", (req, res, next) => {
-    const appToken = envFn("SURF_DEPLOYED_APP_TOKEN", "APP_TOKEN");
-    if (!appToken) return next();
-    const auth = req.headers.authorization;
-    if (!auth || auth !== `Bearer ${appToken}`) {
-      return res.status(401).json({ error: "Unauthorized" });
-    }
-    next();
-  });
+  app.use("/api/cron", requireBearerAuth);
   app.get("/api/cron", (_req, res) => {
     res.json(cronTasks.map((t) => {
       const state = cronState.get(t.id) || { lastRunAt: null, lastStatus: null, lastError: null };
@@ -353,7 +427,7 @@ function setupCron(app, cronDir) {
     const cronPath = path.join(cronDir, "cron.json");
     let tasks = [];
     try {
-      if (fs.existsSync(cronPath)) tasks = JSON.parse(fs.readFileSync(cronPath, "utf8"));
+      if (fs2.existsSync(cronPath)) tasks = JSON.parse(fs2.readFileSync(cronPath, "utf8"));
     } catch {
       tasks = [];
     }
@@ -362,7 +436,7 @@ function setupCron(app, cronDir) {
     }
     const newTask = { id, name, schedule, handler, enabled, timeout };
     tasks.push(newTask);
-    fs.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
+    fs2.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
     loadCronJobs();
     res.status(201).json(newTask);
   });
@@ -370,7 +444,7 @@ function setupCron(app, cronDir) {
     const cronPath = path.join(cronDir, "cron.json");
     let tasks = [];
     try {
-      if (fs.existsSync(cronPath)) tasks = JSON.parse(fs.readFileSync(cronPath, "utf8"));
+      if (fs2.existsSync(cronPath)) tasks = JSON.parse(fs2.readFileSync(cronPath, "utf8"));
     } catch {
       tasks = [];
     }
@@ -391,7 +465,7 @@ function setupCron(app, cronDir) {
       }
     }
     tasks[idx] = { ...tasks[idx], ...updates, id: req.params.id };
-    fs.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
+    fs2.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
     loadCronJobs();
     res.json(tasks[idx]);
   });
@@ -399,14 +473,14 @@ function setupCron(app, cronDir) {
     const cronPath = path.join(cronDir, "cron.json");
     let tasks = [];
     try {
-      if (fs.existsSync(cronPath)) tasks = JSON.parse(fs.readFileSync(cronPath, "utf8"));
+      if (fs2.existsSync(cronPath)) tasks = JSON.parse(fs2.readFileSync(cronPath, "utf8"));
     } catch {
       tasks = [];
     }
     const idx = tasks.findIndex((t) => t.id === req.params.id);
     if (idx === -1) return res.status(404).json({ error: "Task not found" });
     tasks.splice(idx, 1);
-    fs.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
+    fs2.writeFileSync(cronPath, JSON.stringify(tasks, null, 2));
     cronState.delete(req.params.id);
     loadCronJobs();
     res.json({ ok: true });