upfynai-code 2.9.8 → 3.0.0

package/server/cli.js

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 /**
  * Upfyn-Code CLI
  * by Thinqmesh Technologies
@@ -46,6 +46,12 @@ const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
 const CONFIG_DIR = path.join(os.homedir(), '.upfynai');
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
 
+/** Mask internal Railway URL for display */
+function displayServerUrl(url) {
+    if (!url || url === 'https://upfynai-code-production.up.railway.app') return 'Upfyn Cloud';
+    try { return new URL(url).host; } catch { return url; }
+}
+
 // Load environment variables from .env file if it exists
 function loadEnvFile() {
     try {
@@ -351,7 +357,7 @@ async function launchInteractive() {
     // 5. Show launch screen
     showLaunchScreen(packageJson.version, claudeBin, {
         relayStatus: config.relayKey && config.server
-            ? `Auto-connecting to ${config.server}`
+            ? `Auto-connecting to ${displayServerUrl(config.server)}`
             : null,
         apiKey: config.anthropicApiKey || null,
     });

package/server/database/db.js

@@ -1,8 +1,8 @@
 let createClient;
 try {
   createClient = (await import('@libsql/client')).createClient;
-} catch {
-  // @libsql/client not available — will use fallback or fail at runtime if DB is needed
+} catch (e) {
+  console.warn('[DB] @libsql/client not available — cloud database features disabled.', e?.message || '');
 }
 import path from 'path';
 import fs from 'fs';
@@ -49,6 +49,9 @@ function resolveDbConfig() {
 
 function getDb() {
   if (!_db) {
+    if (!createClient) {
+      throw new Error('[DB] @libsql/client is not installed. Run: npm install @libsql/client');
+    }
     resolveDbConfig();
     _db = createClient({ url: _dbUrl, ...(_dbAuthToken ? { authToken: _dbAuthToken } : {}) });
   }

package/server/index.js

@@ -552,16 +552,24 @@ if (server) {
         server,
         verifyClient: (info, done) => {
             const reqUrl = info.req.url || '';
-            const origin = info.req.headers?.origin || 'no-origin';
+            const clientIp = info.req.headers['x-forwarded-for']?.split(',')[0]?.trim() || info.req.socket?.remoteAddress || 'unknown';
+            // Timeout the entire verifyClient to prevent hung upgrades
+            const authTimeout = setTimeout(() => {
+                console.warn(`[WS] Auth TIMEOUT for ${reqUrl} from ${clientIp}`);
+                done(false, 504, 'Auth timeout');
+            }, 15000);
             authenticateWebSocket(info.req).then(user => {
+                clearTimeout(authTimeout);
                 if (!user) {
+                    console.warn(`[WS] Auth REJECTED for ${reqUrl} from ${clientIp} — no valid token`);
                     done(false, 401, 'Unauthorized');
                     return;
                 }
                 info.req.user = user;
                 done(true);
             }).catch(err => {
-                console.error(`[WS] Auth ERROR for ${reqUrl}:`, err.message);
+                clearTimeout(authTimeout);
+                console.error(`[WS] Auth ERROR for ${reqUrl} from ${clientIp}:`, err.message);
                 done(false, 500, 'Auth error');
             });
         }

package/server/middleware/auth.js

@@ -147,11 +147,16 @@ const authenticateWebSocket = async (request) => {
   // Relay token (upfyn_ prefix) — validate against DB, not JWT
   if (token.startsWith('upfyn_') || token.startsWith('rt_')) {
     try {
-      const tokenData = await relayTokensDb.validateToken(token);
+      // Timeout relay token validation to prevent hung WebSocket upgrades when Turso is slow
+      const tokenData = await Promise.race([
+        relayTokensDb.validateToken(token),
+        new Promise((_, reject) => setTimeout(() => reject(new Error('Token validation timeout')), 10000))
+      ]);
       if (tokenData) {
         return { userId: Number(tokenData.user_id), username: tokenData.username };
       }
-    } catch {
+    } catch (err) {
+      console.warn('[WS] Relay token validation failed:', err.message);
     }
     return null;
   }

package/server/relay-client.js

@@ -36,6 +36,13 @@ try {
 
 const CONFIG_DIR = path.join(os.homedir(), '.upfynai');
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const CLOUD_SERVER = 'https://upfynai-code-production.up.railway.app';
+
+/** Mask internal server URL for display */
+function displayUrl(url) {
+  if (!url || url === CLOUD_SERVER) return 'Upfyn Cloud (cli.upfyn.com)';
+  try { return new URL(url).host; } catch { return url; }
+}
 
 function loadConfig() {
   try {
@@ -163,7 +170,7 @@ function createRelayConnection(wsUrl, config = {}) {
  */
 export async function connectToServer(options = {}) {
   const config = loadConfig();
-  const serverUrl = options.server || config.server || 'https://upfynai-code-production.up.railway.app';
+  const serverUrl = options.server || config.server || CLOUD_SERVER;
   const relayKey = options.key || config.relayKey;
 
   if (!relayKey) {
@@ -182,7 +189,7 @@ export async function connectToServer(options = {}) {
 
   saveConfig({ ...config, server: serverUrl, relayKey });
 
-  await showConnectStartup(serverUrl, os.hostname(), os.userInfo().username, VERSION);
+  await showConnectStartup(displayUrl(serverUrl), os.hostname(), os.userInfo().username, VERSION);
 
   const wsUrl = serverUrl.replace(/^http/, 'ws') + '/relay?token=' + encodeURIComponent(relayKey);
 
@@ -210,7 +217,7 @@ export async function connectToServer(options = {}) {
           spinner.stop('Connected!');
           const nameMatch = data.message?.match(/Connected as (.+?)\./);
           const username = nameMatch ? nameMatch[1] : 'Unknown';
-          showConnectionBanner(username, serverUrl);
+          showConnectionBanner(username, displayUrl(serverUrl));
 
           const agents = detectInstalledAgents();
           const installed = Object.entries(agents)
@@ -271,13 +278,17 @@ export async function connectToServer(options = {}) {
 
     ws.on('error', (err) => {
       if (err.code === 'ECONNREFUSED') {
-        spinner.fail(`Cannot reach ${serverUrl}. Is the server running?`);
-      } else if (err.message?.includes('401')) {
+        spinner.fail(`Cannot reach ${displayUrl(serverUrl)}. Is the server running?`);
+      } else if (err.message?.includes('401') || err.message?.includes('Unauthorized')) {
         spinner.fail('Authentication failed (401). Your relay token may be invalid or expired.');
-        logRelayEvent('!', 'Get a new token from the dashboard: https://cli.upfyn.com/dashboard', 'yellow');
-        logRelayEvent('!', 'Then run: uc connect --server <url> --key <new_token>', 'yellow');
+        logRelayEvent('!', 'Get a new token from Settings > Keys & Connect at: https://cli.upfyn.com', 'yellow');
+        logRelayEvent('!', 'Then run: uc connect --key <new_token>', 'yellow');
       } else if (err.message?.includes('403') || err.message?.includes('Forbidden')) {
-        spinner.fail('Access forbidden (403). Your account may be inactive.');
+        spinner.fail('Access forbidden (403). Your account may be inactive or subscription expired.');
+      } else if (err.message?.includes('504') || err.message?.includes('timeout')) {
+        spinner.fail('Server auth timed out. The server may be overloaded — retrying...');
+      } else if (err.code === 'ENOTFOUND' || err.code === 'EAI_AGAIN') {
+        spinner.fail('DNS resolution failed. Check your internet connection.');
       } else {
         logRelayEvent('!', `WebSocket error: ${err.message || err.code || 'unknown'}`, 'red');
       }

package/server/routes/agent.js

@@ -9,7 +9,14 @@ import { addProjectManually } from '../projects.js';
 import { queryClaudeSDK } from '../claude-sdk.js';
 import { spawnCursor } from '../cursor-cli.js';
 import { queryCodex } from '../openai-codex.js';
-import { Octokit } from '@octokit/rest';
+// @octokit/rest is cloud-only — lazy-loaded so local installs don't crash
+let _Octokit = null;
+async function getOctokit(auth) {
+  if (!_Octokit) {
+    try { _Octokit = (await import('@octokit/rest')).Octokit; } catch { return null; }
+  }
+  return new _Octokit({ auth });
+}
 import { CLAUDE_MODELS, CURSOR_MODELS, CODEX_MODELS } from '../../shared/modelConstants.js';
 import { queryOpenRouter, OPENROUTER_MODELS } from '../openrouter.js';
 import { IS_PLATFORM } from '../constants/config.js';
@@ -1000,8 +1007,9 @@ router.post('/', validateExternalApiKey, async (req, res) => {
           throw new Error('GitHub token required for branch/PR creation. Please configure a GitHub token in settings.');
         }
 
-        // Initialize Octokit
-        const octokit = new Octokit({ auth: tokenToUse });
+        // Initialize Octokit (cloud-only)
+        const octokit = await getOctokit(tokenToUse);
+        if (!octokit) throw new Error('GitHub integration not available. @octokit/rest is not installed.');
 
         // Get GitHub URL - either from parameter or from git remote
         let repoUrl = githubUrl;

package/server/services/workflowScheduler.js

@@ -1,4 +1,7 @@
-import cron from 'node-cron';
+// node-cron is cloud-only — dynamically imported so local installs don't crash
+let cron = null;
+try { cron = (await import('node-cron')).default; } catch { /* not installed locally */ }
+
 import { workflowDb, webhookDb } from '../database/db.js';
 import * as composioService from './composio.js';
 
@@ -131,6 +134,8 @@ async function executeWorkflow(workflow) {
  * Schedule a single workflow's cron job.
  */
 function scheduleWorkflow(workflow) {
+  if (!cron) return; // node-cron not available (local install)
+
   const id = workflow.id;
 
   // Stop existing job if any