upfynai-code 2.9.9 → 3.0.0

package/commands/upfynai-connect.md

@@ -31,7 +31,7 @@ You are the Upfyn-Code assistant. The user wants to connect their current Claude
      Local server is not running and no hosted config found.
 
      Option A: Connect to hosted server:
-       uc connect --server https://upfynai-code-production.up.railway.app --key upfyn_your_token
+       uc connect --key upfyn_your_token
 
      Option B: Start local server first:
        uc start

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "upfynai-code",
-  "version": "2.9.9",
+  "version": "3.0.0",
   "description": "Visual AI coding interface for Claude Code, Cursor & Codex. Canvas whiteboard, multi-agent chat, terminal, git, voice assistant. Self-host locally or connect to cli.upfyn.com for remote access.",
   "type": "module",
   "main": "server/index.js",
@@ -58,27 +58,20 @@
     "@iarna/toml": "^2.2.5",
     "@libsql/client": "^0.14.0",
     "@modelcontextprotocol/sdk": "^1.26.0",
-    "@neondatabase/serverless": "^0.10.4",
-    "@octokit/rest": "^22.0.0",
     "@openai/codex-sdk": "^0.101.0",
     "bcryptjs": "^3.0.3",
     "chokidar": "^4.0.3",
-    "composio-core": "^0.5.39",
     "cookie-parser": "^1.4.7",
     "cors": "^2.8.5",
     "cross-spawn": "^7.0.3",
     "edge-tts-universal": "^1.3.3",
     "express": "^4.18.2",
     "form-data": "^4.0.5",
-    "google-auth-library": "^9.15.1",
     "gray-matter": "^4.0.3",
     "js-yaml": "^4.1.0",
     "jsonwebtoken": "^9.0.2",
     "mime-types": "^3.0.1",
     "multer": "^2.0.2",
-    "node-cron": "^4.2.1",
-    "razorpay": "^2.9.6",
-    "resend": "^4.5.1",
     "ws": "^8.14.2",
     "zod": "^3.25.76"
   },

package/server/index.js

@@ -552,16 +552,24 @@ if (server) {
         server,
         verifyClient: (info, done) => {
             const reqUrl = info.req.url || '';
-            const origin = info.req.headers?.origin || 'no-origin';
+            const clientIp = info.req.headers['x-forwarded-for']?.split(',')[0]?.trim() || info.req.socket?.remoteAddress || 'unknown';
+            // Timeout the entire verifyClient to prevent hung upgrades
+            const authTimeout = setTimeout(() => {
+                console.warn(`[WS] Auth TIMEOUT for ${reqUrl} from ${clientIp}`);
+                done(false, 504, 'Auth timeout');
+            }, 15000);
             authenticateWebSocket(info.req).then(user => {
+                clearTimeout(authTimeout);
                 if (!user) {
+                    console.warn(`[WS] Auth REJECTED for ${reqUrl} from ${clientIp} — no valid token`);
                     done(false, 401, 'Unauthorized');
                     return;
                 }
                 info.req.user = user;
                 done(true);
             }).catch(err => {
-                console.error(`[WS] Auth ERROR for ${reqUrl}:`, err.message);
+                clearTimeout(authTimeout);
+                console.error(`[WS] Auth ERROR for ${reqUrl} from ${clientIp}:`, err.message);
                 done(false, 500, 'Auth error');
             });
         }

package/server/middleware/auth.js

@@ -147,11 +147,16 @@ const authenticateWebSocket = async (request) => {
   // Relay token (upfyn_ prefix) — validate against DB, not JWT
   if (token.startsWith('upfyn_') || token.startsWith('rt_')) {
     try {
-      const tokenData = await relayTokensDb.validateToken(token);
+      // Timeout relay token validation to prevent hung WebSocket upgrades when Turso is slow
+      const tokenData = await Promise.race([
+        relayTokensDb.validateToken(token),
+        new Promise((_, reject) => setTimeout(() => reject(new Error('Token validation timeout')), 10000))
+      ]);
       if (tokenData) {
         return { userId: Number(tokenData.user_id), username: tokenData.username };
       }
-    } catch {
+    } catch (err) {
+      console.warn('[WS] Relay token validation failed:', err.message);
     }
     return null;
   }

package/server/relay-client.js

@@ -279,12 +279,16 @@ export async function connectToServer(options = {}) {
     ws.on('error', (err) => {
       if (err.code === 'ECONNREFUSED') {
         spinner.fail(`Cannot reach ${displayUrl(serverUrl)}. Is the server running?`);
-      } else if (err.message?.includes('401')) {
+      } else if (err.message?.includes('401') || err.message?.includes('Unauthorized')) {
         spinner.fail('Authentication failed (401). Your relay token may be invalid or expired.');
-        logRelayEvent('!', 'Get a new token from the dashboard: https://cli.upfyn.com/dashboard', 'yellow');
-        logRelayEvent('!', 'Then run: uc connect --server <url> --key <new_token>', 'yellow');
+        logRelayEvent('!', 'Get a new token from Settings > Keys & Connect at: https://cli.upfyn.com', 'yellow');
+        logRelayEvent('!', 'Then run: uc connect --key <new_token>', 'yellow');
       } else if (err.message?.includes('403') || err.message?.includes('Forbidden')) {
-        spinner.fail('Access forbidden (403). Your account may be inactive.');
+        spinner.fail('Access forbidden (403). Your account may be inactive or subscription expired.');
+      } else if (err.message?.includes('504') || err.message?.includes('timeout')) {
+        spinner.fail('Server auth timed out. The server may be overloaded — retrying...');
+      } else if (err.code === 'ENOTFOUND' || err.code === 'EAI_AGAIN') {
+        spinner.fail('DNS resolution failed. Check your internet connection.');
       } else {
         logRelayEvent('!', `WebSocket error: ${err.message || err.code || 'unknown'}`, 'red');
       }

package/server/routes/agent.js

@@ -9,7 +9,14 @@ import { addProjectManually } from '../projects.js';
 import { queryClaudeSDK } from '../claude-sdk.js';
 import { spawnCursor } from '../cursor-cli.js';
 import { queryCodex } from '../openai-codex.js';
-import { Octokit } from '@octokit/rest';
+// @octokit/rest is cloud-only — lazy-loaded so local installs don't crash
+let _Octokit = null;
+async function getOctokit(auth) {
+  if (!_Octokit) {
+    try { _Octokit = (await import('@octokit/rest')).Octokit; } catch { return null; }
+  }
+  return new _Octokit({ auth });
+}
 import { CLAUDE_MODELS, CURSOR_MODELS, CODEX_MODELS } from '../../shared/modelConstants.js';
 import { queryOpenRouter, OPENROUTER_MODELS } from '../openrouter.js';
 import { IS_PLATFORM } from '../constants/config.js';
@@ -1000,8 +1007,9 @@ router.post('/', validateExternalApiKey, async (req, res) => {
           throw new Error('GitHub token required for branch/PR creation. Please configure a GitHub token in settings.');
         }
 
-        // Initialize Octokit
-        const octokit = new Octokit({ auth: tokenToUse });
+        // Initialize Octokit (cloud-only)
+        const octokit = await getOctokit(tokenToUse);
+        if (!octokit) throw new Error('GitHub integration not available. @octokit/rest is not installed.');
 
         // Get GitHub URL - either from parameter or from git remote
         let repoUrl = githubUrl;

package/server/services/workflowScheduler.js

@@ -1,4 +1,7 @@
-import cron from 'node-cron';
+// node-cron is cloud-only — dynamically imported so local installs don't crash
+let cron = null;
+try { cron = (await import('node-cron')).default; } catch { /* not installed locally */ }
+
 import { workflowDb, webhookDb } from '../database/db.js';
 import * as composioService from './composio.js';
 
@@ -131,6 +134,8 @@ async function executeWorkflow(workflow) {
  * Schedule a single workflow's cron job.
  */
 function scheduleWorkflow(workflow) {
+  if (!cron) return; // node-cron not available (local install)
+
   const id = workflow.id;
 
   // Stop existing job if any