upfynai-code 2.9.1 → 2.9.2

package/server/routes/workflows.js

@@ -0,0 +1,312 @@
+import express from 'express';
+import { workflowDb, webhookDb, credentialsDb } from '../database/db.js';
+import { refreshWorkflowSchedule, stopWorkflowSchedule, executeWorkflow } from '../services/workflowScheduler.js';
+import { INTEGRATION_CATALOG } from '../../shared/integrationCatalog.js';
+
+const router = express.Router();
+
+// ── BYOK helpers ────────────────────────────────────────────────────
+async function getUserProviderKey(userId, providerType) {
+  if (!userId) return null;
+  try {
+    const creds = await credentialsDb.getCredentials(userId, providerType);
+    const active = creds.find(c => c.is_active);
+    return active?.credential_value || null;
+  } catch { return null; }
+}
+
+// ── AI workflow generation prompt ───────────────────────────────────
+function buildWorkflowGenerationPrompt(description, availableWebhooks, connectedIntegrations) {
+  const integrationsList = INTEGRATION_CATALOG.map(i => {
+    const connected = connectedIntegrations.includes(i.id);
+    const actions = i.popularActions.map(a => `  - ${a.slug}: ${a.label} (params: ${a.params.join(', ')})`).join('\n');
+    return `${i.name} (${i.id})${connected ? ' [CONNECTED]' : ''}:\n${actions}`;
+  }).join('\n\n');
+
+  const webhooksList = availableWebhooks.length
+    ? availableWebhooks.map(w => `- ID ${w.id}: "${w.name}" (${w.method} ${w.url})`).join('\n')
+    : 'No webhooks configured.';
+
+  return `You are a workflow automation builder. Given a natural language description, generate a workflow JSON.
+
+AVAILABLE STEP TYPES:
+1. "ai-prompt" — Run an AI prompt. Config: { prompt: string }
+2. "webhook" — Call an HTTP endpoint. Config: { webhookId: string, payloadTemplate?: string }
+3. "delay" — Wait N seconds (max 30). Config: { seconds: number }
+4. "condition" — Branch on expression. Config: { expression: string }
+5. "integration" — Use a connected app via Composio. Config: { integrationId: string, toolSlug: string, arguments: { param: value } }
+
+AVAILABLE INTEGRATIONS:
+${integrationsList}
+
+AVAILABLE WEBHOOKS:
+${webhooksList}
+
+RULES:
+- Each step needs: id (unique string), type, label (human-readable), config, order (0-indexed)
+- Step IDs should be like "step_1", "step_2", etc.
+- For integration steps, only use integrations marked [CONNECTED] or suggest connecting them
+- Use {{prev.field}} syntax in config values to reference previous step output
+- If the user mentions a schedule, include schedule (cron) and schedule_enabled: true
+- Keep workflows focused and practical
+
+Respond with ONLY valid JSON in this exact format (no markdown, no explanation):
+{
+  "name": "Workflow Name",
+  "description": "What this workflow does",
+  "steps": [...],
+  "schedule": null,
+  "schedule_enabled": false,
+  "schedule_timezone": "UTC"
+}
+
+USER REQUEST: ${description}`;
+}
+
+// ── Routes ──────────────────────────────────────────────────────────
+
+// GET /api/workflows — list all workflows for the user
+router.get('/', async (req, res) => {
+  try {
+    const workflows = await workflowDb.getAll(req.user.id);
+    const parsed = workflows.map(w => ({
+      ...w,
+      steps: typeof w.steps === 'string' ? JSON.parse(w.steps) : w.steps
+    }));
+    res.json({ workflows: parsed });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch workflows' });
+  }
+});
+
+// POST /api/workflows — create a workflow
+router.post('/', async (req, res) => {
+  try {
+    const { name, description, steps, schedule, schedule_enabled, schedule_timezone } = req.body;
+    if (!name || !name.trim()) return res.status(400).json({ error: 'Name is required' });
+    if (!Array.isArray(steps)) return res.status(400).json({ error: 'Steps must be an array' });
+
+    const workflow = await workflowDb.create(req.user.id, {
+      name: name.trim(),
+      description: description?.trim() || null,
+      steps,
+      schedule: schedule || null,
+      schedule_enabled: !!schedule_enabled,
+      schedule_timezone: schedule_timezone || 'UTC'
+    });
+
+    // Sync cron scheduler
+    if (workflow.id) refreshWorkflowSchedule(workflow.id, req.user.id);
+
+    res.json({ success: true, workflow });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to create workflow' });
+  }
+});
+
+// POST /api/workflows/generate — AI-powered workflow generation from natural language
+router.post('/generate', async (req, res) => {
+  try {
+    const { description } = req.body;
+    if (!description || !description.trim()) {
+      return res.status(400).json({ error: 'Description is required' });
+    }
+
+    // Get user's API key (try Anthropic first, then OpenRouter)
+    let apiKey = await getUserProviderKey(req.user.id, 'anthropic_key');
+    let provider = 'anthropic';
+
+    if (!apiKey) {
+      apiKey = await getUserProviderKey(req.user.id, 'openrouter_key');
+      provider = 'openrouter';
+    }
+
+    // Fall back to server key
+    if (!apiKey) {
+      apiKey = process.env.ANTHROPIC_API_KEY;
+      provider = 'anthropic';
+    }
+
+    if (!apiKey) {
+      return res.status(400).json({ error: 'No AI provider key available. Add an API key in Settings > AI Providers.' });
+    }
+
+    // Get available webhooks and connected integrations for context
+    const webhooks = await webhookDb.getAll(req.user.id);
+    const connectedIntegrations = []; // Will be populated if Composio is available
+
+    const prompt = buildWorkflowGenerationPrompt(description.trim(), webhooks, connectedIntegrations);
+
+    let generatedJson;
+
+    if (provider === 'anthropic') {
+      const response = await fetch('https://api.anthropic.com/v1/messages', {
+        method: 'POST',
+        headers: {
+          'x-api-key': apiKey,
+          'anthropic-version': '2023-06-01',
+          'content-type': 'application/json',
+        },
+        body: JSON.stringify({
+          model: 'claude-sonnet-4-20250514',
+          max_tokens: 2048,
+          messages: [{ role: 'user', content: prompt }],
+        }),
+      });
+
+      if (!response.ok) {
+        return res.status(502).json({ error: 'AI provider returned an error' });
+      }
+
+      const data = await response.json();
+      const text = data.content?.[0]?.text || '';
+      generatedJson = text.trim();
+    } else {
+      // OpenRouter
+      const response = await fetch('https://openrouter.ai/api/v1/chat/completions', {
+        method: 'POST',
+        headers: {
+          'Authorization': `Bearer ${apiKey}`,
+          'Content-Type': 'application/json',
+          'HTTP-Referer': 'https://cli.upfyn.com',
+          'X-Title': 'Upfyn-Code',
+        },
+        body: JSON.stringify({
+          model: 'anthropic/claude-sonnet-4',
+          messages: [{ role: 'user', content: prompt }],
+          max_tokens: 2048,
+        }),
+      });
+
+      if (!response.ok) {
+        return res.status(502).json({ error: 'AI provider returned an error' });
+      }
+
+      const data = await response.json();
+      generatedJson = data.choices?.[0]?.message?.content?.trim() || '';
+    }
+
+    // Parse the AI response — strip markdown fences if present
+    let cleaned = generatedJson;
+    if (cleaned.startsWith('```')) {
+      cleaned = cleaned.replace(/^```(?:json)?\n?/, '').replace(/\n?```$/, '');
+    }
+
+    let workflow;
+    try {
+      workflow = JSON.parse(cleaned);
+    } catch {
+      return res.status(422).json({ error: 'AI generated invalid workflow format. Try rephrasing your description.' });
+    }
+
+    // Validate required fields
+    if (!workflow.name || !Array.isArray(workflow.steps)) {
+      return res.status(422).json({ error: 'AI generated incomplete workflow. Try being more specific.' });
+    }
+
+    // Ensure step IDs are unique
+    workflow.steps = workflow.steps.map((step, i) => ({
+      ...step,
+      id: step.id || `step_${Date.now()}_${i}`,
+      order: i,
+    }));
+
+    // Save to Turso
+    const saved = await workflowDb.create(req.user.id, {
+      name: workflow.name.trim(),
+      description: workflow.description?.trim() || description.trim(),
+      steps: workflow.steps,
+      schedule: workflow.schedule || null,
+      schedule_enabled: !!workflow.schedule_enabled,
+      schedule_timezone: workflow.schedule_timezone || 'UTC',
+    });
+
+    if (saved.id && workflow.schedule_enabled) {
+      refreshWorkflowSchedule(saved.id, req.user.id);
+    }
+
+    res.json({
+      success: true,
+      workflow: {
+        ...saved,
+        steps: workflow.steps,
+      },
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to generate workflow' });
+  }
+});
+
+// PUT /api/workflows/:id — update a workflow
+router.put('/:id', async (req, res) => {
+  try {
+    const { name, description, steps, schedule, schedule_enabled, schedule_timezone } = req.body;
+    if (!name || !name.trim()) return res.status(400).json({ error: 'Name is required' });
+
+    const wfId = Number(req.params.id);
+    const updated = await workflowDb.update(wfId, req.user.id, {
+      name: name.trim(),
+      description: description?.trim() || null,
+      steps: steps || [],
+      schedule: schedule || null,
+      schedule_enabled: !!schedule_enabled,
+      schedule_timezone: schedule_timezone || 'UTC'
+    });
+
+    if (!updated) return res.status(404).json({ error: 'Workflow not found' });
+
+    // Sync cron scheduler
+    refreshWorkflowSchedule(wfId, req.user.id);
+
+    res.json({ success: true });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to update workflow' });
+  }
+});
+
+// DELETE /api/workflows/:id — delete a workflow
+router.delete('/:id', async (req, res) => {
+  try {
+    const wfId = Number(req.params.id);
+    const deleted = await workflowDb.delete(wfId, req.user.id);
+    if (!deleted) return res.status(404).json({ error: 'Workflow not found' });
+
+    stopWorkflowSchedule(wfId);
+
+    res.json({ success: true });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to delete workflow' });
+  }
+});
+
+// POST /api/workflows/:id/run — execute a workflow (manual trigger)
+router.post('/:id/run', async (req, res) => {
+  try {
+    const workflow = await workflowDb.getById(Number(req.params.id), req.user.id);
+    if (!workflow) return res.status(404).json({ error: 'Workflow not found' });
+
+    const steps = typeof workflow.steps === 'string' ? JSON.parse(workflow.steps) : workflow.steps;
+    if (!steps.length) return res.status(400).json({ error: 'Workflow has no steps' });
+
+    const result = await executeWorkflow({ ...workflow, steps });
+    res.json(result);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to run workflow' });
+  }
+});
+
+// GET /api/workflows/:id/runs — list execution history for a workflow
+router.get('/:id/runs', async (req, res) => {
+  try {
+    const runs = await workflowDb.getRuns(Number(req.params.id), req.user.id);
+    const parsed = runs.map(r => ({
+      ...r,
+      result: typeof r.result === 'string' ? (() => { try { return JSON.parse(r.result); } catch { return r.result; } })() : r.result
+    }));
+    res.json({ runs: parsed });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch workflow runs' });
+  }
+});
+
+export default router;

package/server/sandbox.js

@@ -0,0 +1,120 @@
+/**
+ * Sandbox Client — connects the backend to the separate sandbox-service on Railway.
+ * All sandbox operations are proxied to the sandbox service via HTTP.
+ */
+
+const SANDBOX_SERVICE_URL = process.env.SANDBOX_SERVICE_URL || 'http://localhost:4300';
+const SANDBOX_SERVICE_SECRET = process.env.SANDBOX_SERVICE_SECRET || 'dev-sandbox-secret';
+
+async function sandboxFetch(path, userId, body = null) {
+  const opts = {
+    method: body ? 'POST' : 'GET',
+    headers: {
+      'Content-Type': 'application/json',
+      'x-sandbox-secret': SANDBOX_SERVICE_SECRET,
+      'x-user-id': String(userId),
+    },
+  };
+  if (body) opts.body = JSON.stringify(body);
+
+  const res = await fetch(`${SANDBOX_SERVICE_URL}${path}`, opts);
+  const data = await res.json();
+  if (!res.ok) throw new Error(data.error || `Sandbox service error: ${res.status}`);
+  return data;
+}
+
+const sandboxClient = {
+
+  /**
+   * Check if the sandbox service is reachable.
+   */
+  async isAvailable() {
+    try {
+      const res = await fetch(`${SANDBOX_SERVICE_URL}/health`, { signal: AbortSignal.timeout(3000) });
+      return res.ok;
+    } catch {
+      return false;
+    }
+  },
+
+  /**
+   * Initialize a user's sandbox (creates if doesn't exist).
+   */
+  async initSandbox(userId) {
+    return sandboxFetch('/api/sandbox/init', userId, {});
+  },
+
+  /**
+   * Get sandbox status.
+   */
+  async getStatus(userId) {
+    return sandboxFetch('/api/sandbox/status', userId);
+  },
+
+  /**
+   * Destroy a user's sandbox.
+   */
+  async destroySandbox(userId) {
+    const res = await fetch(`${SANDBOX_SERVICE_URL}/api/sandbox`, {
+      method: 'DELETE',
+      headers: {
+        'Content-Type': 'application/json',
+        'x-sandbox-secret': SANDBOX_SERVICE_SECRET,
+        'x-user-id': String(userId),
+      },
+    });
+    const data = await res.json();
+    if (!res.ok) throw new Error(data.error || 'Failed to destroy sandbox');
+    return data;
+  },
+
+  /**
+   * Execute a command in the user's sandbox.
+   */
+  async exec(userId, command, opts = {}) {
+    return sandboxFetch('/api/exec', userId, {
+      command,
+      cwd: opts.cwd,
+      timeout: opts.timeout,
+      userKeys: opts.userKeys,
+    });
+  },
+
+  /**
+   * Read a file from the user's sandbox.
+   */
+  async readFile(userId, filePath) {
+    return sandboxFetch('/api/file/read', userId, { filePath });
+  },
+
+  /**
+   * Write a file to the user's sandbox.
+   */
+  async writeFile(userId, filePath, content) {
+    return sandboxFetch('/api/file/write', userId, { filePath, content });
+  },
+
+  /**
+   * Get file tree from the user's sandbox.
+   */
+  async getFileTree(userId, dirPath, depth = 3) {
+    return sandboxFetch('/api/file/tree', userId, { dirPath, depth });
+  },
+
+  /**
+   * Run a git command in the user's sandbox.
+   */
+  async gitOperation(userId, gitCommand, cwd) {
+    return sandboxFetch('/api/git', userId, { gitCommand, cwd });
+  },
+
+  /**
+   * Get the WebSocket URL for an interactive shell session.
+   */
+  getShellWsUrl(userId, sessionId) {
+    const wsBase = SANDBOX_SERVICE_URL.replace(/^http/, 'ws');
+    return `${wsBase}/shell?secret=${encodeURIComponent(SANDBOX_SERVICE_SECRET)}&userId=${userId}&sessionId=${sessionId || 'default'}`;
+  },
+};
+
+export { sandboxClient, SANDBOX_SERVICE_URL };

package/server/services/composio.js

@@ -0,0 +1,204 @@
+/**
+ * Composio Service — wraps the Composio SDK for OAuth management + tool execution.
+ * Single API key for the app, user isolation via entity mapping.
+ */
+
+
+let Composio = null;
+let composioClient = null;
+let sdkReady = null; // resolved promise once SDK is loaded
+
+// Eagerly attempt to load the SDK — store the promise so getClient can await it
+sdkReady = (async () => {
+  try {
+    const mod = await import('composio-core');
+    Composio = mod.Composio || mod.default;
+  } catch {
+    // SDK not installed — composio features will be unavailable
+  }
+})();
+
+/**
+ * Lazy-init the Composio client singleton.
+ * Returns null if COMPOSIO_API_KEY is not set.
+ */
+async function getClient() {
+  if (composioClient) return composioClient;
+  if (!process.env.COMPOSIO_API_KEY) return null;
+
+  // Wait for SDK to finish loading
+  await sdkReady;
+
+  try {
+    if (!Composio) return null;
+    composioClient = new Composio({ apiKey: process.env.COMPOSIO_API_KEY });
+    return composioClient;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Map internal user ID to Composio entity ID.
+ */
+function composioUserId(internalId) {
+  return `upfyn_user_${internalId}`;
+}
+
+/**
+ * Get or create an entity for the given user.
+ */
+async function getEntity(userId) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+  return client.getEntity(composioUserId(userId));
+}
+
+/**
+ * Initiate an OAuth connection for a user.
+ * OAuth credentials are managed on the Composio dashboard — not injected here.
+ *
+ * @param {number} userId - Internal user ID
+ * @param {string} appName - Composio app name (e.g., 'GMAIL', 'SLACK')
+ * @param {string|null} authConfigId - Optional specific auth config
+ * @returns {{ redirectUrl: string, connectedAccountId: string }}
+ */
+async function initiateConnection(userId, appName, authConfigId = null) {
+  const entity = await getEntity(userId);
+
+  const params = { appName };
+  if (authConfigId) params.authConfigId = authConfigId;
+
+  const connectionRequest = await entity.initiateConnection(params);
+  return {
+    redirectUrl: connectionRequest.redirectUrl,
+    connectedAccountId: connectionRequest.connectedAccountId,
+  };
+}
+
+/**
+ * Wait/poll for a connection to complete.
+ * @param {string} connectedAccountId - The connection ID from initiateConnection
+ * @returns {{ status: string, appName: string }}
+ */
+async function waitForConnection(connectedAccountId) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+
+  const connection = await client.connectedAccounts.get({ connectedAccountId });
+  return {
+    status: connection.status,
+    appName: connection.appName,
+    id: connection.id,
+  };
+}
+
+/**
+ * List connected accounts for a user.
+ * @param {number} userId
+ * @returns {Array<{ id, appName, status, createdAt }>}
+ */
+async function listConnectedAccounts(userId) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+
+  const entityId = composioUserId(userId);
+  try {
+    const accounts = await client.connectedAccounts.list({ entityId });
+    return (accounts.items || accounts || []).map(a => ({
+      id: a.id,
+      appName: a.appName,
+      status: a.status,
+      createdAt: a.createdAt,
+    }));
+  } catch {
+    return [];
+  }
+}
+
+/**
+ * Get available tools for given toolkits.
+ * @param {string[]} apps - e.g., ['GMAIL', 'SLACK']
+ * @returns {Array<{ name, description, parameters }>}
+ */
+async function getTools(apps = []) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+
+  const tools = await client.actions.list({ apps });
+  return (tools.items || tools || []).map(t => ({
+    name: t.name,
+    displayName: t.displayName || t.name,
+    description: t.description,
+    parameters: t.parameters,
+    appName: t.appName,
+  }));
+}
+
+/**
+ * Get schema for a specific tool.
+ * @param {string} actionName - e.g., 'GMAIL_SEND_EMAIL'
+ * @returns {{ name, description, parameters }}
+ */
+async function getToolSchema(actionName) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+
+  const action = await client.actions.get({ actionName });
+  return {
+    name: action.name,
+    displayName: action.displayName || action.name,
+    description: action.description,
+    parameters: action.parameters,
+    appName: action.appName,
+  };
+}
+
+/**
+ * Execute a Composio tool action.
+ * @param {number} userId - Internal user ID
+ * @param {string} actionName - e.g., 'GMAIL_SEND_EMAIL'
+ * @param {object} params - Action parameters
+ * @returns {{ success, data, error }}
+ */
+async function executeTool(userId, actionName, params = {}) {
+  const entity = await getEntity(userId);
+
+  try {
+    const result = await entity.execute(actionName, params);
+    return { success: true, data: result };
+  } catch (err) {
+    return { success: false, error: err.message };
+  }
+}
+
+/**
+ * Disconnect an account.
+ * @param {string} connectedAccountId
+ */
+async function disconnectAccount(connectedAccountId) {
+  const client = await getClient();
+  if (!client) throw new Error('Composio not configured');
+
+  await client.connectedAccounts.delete({ connectedAccountId });
+}
+
+/**
+ * Check if Composio is available and configured.
+ */
+async function isAvailable() {
+  await sdkReady;
+  return !!(Composio && process.env.COMPOSIO_API_KEY);
+}
+
+export {
+  isAvailable,
+  composioUserId,
+  initiateConnection,
+  waitForConnection,
+  listConnectedAccounts,
+  getTools,
+  getToolSchema,
+  executeTool,
+  disconnectAccount,
+};