upfynai-code 3.0.3 → 3.0.4

package/client/dist/offline.html

@@ -1,84 +1,84 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />
-  <title>Upfyn-Code — Offline</title>
-  <meta name="theme-color" content="#0a0f1e" />
-  <style>
-    * { margin: 0; padding: 0; box-sizing: border-box; }
-    body {
-      background: #0a0f1e;
-      color: #e2e8f0;
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      padding: 2rem;
-    }
-    .container {
-      text-align: center;
-      max-width: 400px;
-    }
-    .icon {
-      width: 64px;
-      height: 64px;
-      margin: 0 auto 1.5rem;
-      background: #0d1117;
-      border-radius: 16px;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      border: 1px solid rgba(59, 130, 246, 0.2);
-      box-shadow: 0 4px 24px rgba(59, 130, 246, 0.15);
-    }
-    .icon svg {
-      width: 32px;
-      height: 32px;
-      color: #3b82f6;
-    }
-    h1 {
-      font-size: 1.5rem;
-      font-weight: 700;
-      margin-bottom: 0.75rem;
-    }
-    p {
-      color: #94a3b8;
-      font-size: 0.9rem;
-      line-height: 1.5;
-      margin-bottom: 1.5rem;
-    }
-    .retry-btn {
-      display: inline-block;
-      padding: 12px 32px;
-      background: #3b82f6;
-      color: #fff;
-      border: none;
-      border-radius: 10px;
-      font-size: 0.95rem;
-      font-weight: 600;
-      cursor: pointer;
-      transition: background 0.2s;
-    }
-    .retry-btn:hover {
-      background: #2563eb;
-    }
-    .retry-btn:active {
-      transform: scale(0.97);
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="icon">
-      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
-        <path stroke-linecap="round" stroke-linejoin="round" d="M18.364 5.636a9 9 0 010 12.728M5.636 18.364a9 9 0 010-12.728m2.828 9.9a5 5 0 010-7.072m7.072 0a5 5 0 010 7.072M13 12a1 1 0 11-2 0 1 1 0 012 0z" />
-      </svg>
-    </div>
-    <h1>You're offline</h1>
-    <p>Check your internet connection and try again. Upfyn-Code needs a network connection to work.</p>
-    <button class="retry-btn" onclick="location.reload()">Retry</button>
-  </div>
-</body>
-</html>
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />
+  <title>UpfynAI — Offline</title>
+  <meta name="theme-color" content="#0a0f1e" />
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      background: #0a0f1e;
+      color: #e2e8f0;
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 2rem;
+    }
+    .container {
+      text-align: center;
+      max-width: 400px;
+    }
+    .icon {
+      width: 64px;
+      height: 64px;
+      margin: 0 auto 1.5rem;
+      background: #0d1117;
+      border-radius: 16px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      border: 1px solid rgba(59, 130, 246, 0.2);
+      box-shadow: 0 4px 24px rgba(59, 130, 246, 0.15);
+    }
+    .icon svg {
+      width: 32px;
+      height: 32px;
+      color: #3b82f6;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 700;
+      margin-bottom: 0.75rem;
+    }
+    p {
+      color: #94a3b8;
+      font-size: 0.9rem;
+      line-height: 1.5;
+      margin-bottom: 1.5rem;
+    }
+    .retry-btn {
+      display: inline-block;
+      padding: 12px 32px;
+      background: #3b82f6;
+      color: #fff;
+      border: none;
+      border-radius: 10px;
+      font-size: 0.95rem;
+      font-weight: 600;
+      cursor: pointer;
+      transition: background 0.2s;
+    }
+    .retry-btn:hover {
+      background: #2563eb;
+    }
+    .retry-btn:active {
+      transform: scale(0.97);
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">
+      <svg fill="none" viewBox="0 0 24 24" stroke="currentColor" stroke-width="2">
+        <path stroke-linecap="round" stroke-linejoin="round" d="M18.364 5.636a9 9 0 010 12.728M5.636 18.364a9 9 0 010-12.728m2.828 9.9a5 5 0 010-7.072m7.072 0a5 5 0 010 7.072M13 12a1 1 0 11-2 0 1 1 0 012 0z" />
+      </svg>
+    </div>
+    <h1>You're offline</h1>
+    <p>Check your internet connection and try again. UpfynAI needs a network connection to work.</p>
+    <button class="retry-btn" onclick="location.reload()">Retry</button>
+  </div>
+</body>
+</html>

package/client/dist/sw.js

@@ -1,82 +1,82 @@
-// Service Worker for Upfyn-Code
-// v4 — proper caching: cache-first for static assets, network-first for navigation
-
-const CACHE_NAME = 'upfyn-v4';
-const PRECACHE_ASSETS = [
-  '/offline.html',
-  '/favicon.svg',
-  '/favicon.png',
-  '/manifest.json',
-];
-
-self.addEventListener('install', (event) => {
-  event.waitUntil(
-    caches.open(CACHE_NAME).then((cache) => cache.addAll(PRECACHE_ASSETS))
-  );
-  self.skipWaiting();
-});
-
-self.addEventListener('activate', (event) => {
-  event.waitUntil(
-    caches.keys().then((names) =>
-      Promise.all(
-        names
-          .filter((n) => n !== CACHE_NAME)
-          .map((n) => caches.delete(n))
-      )
-    )
-  );
-  self.clients.claim();
-});
-
-self.addEventListener('fetch', (event) => {
-  const { request } = event;
-  const url = new URL(request.url);
-
-  // API calls and WebSocket: pass through, no caching
-  if (
-    url.pathname.startsWith('/api/') ||
-    url.pathname.startsWith('/ws') ||
-    url.pathname.startsWith('/shell') ||
-    url.pathname.startsWith('/mcp')
-  ) {
-    return;
-  }
-
-  // Static assets (JS, CSS, images, fonts): cache-first
-  if (
-    request.destination === 'script' ||
-    request.destination === 'style' ||
-    request.destination === 'image' ||
-    request.destination === 'font' ||
-    url.pathname.startsWith('/icons/') ||
-    url.pathname.startsWith('/assets/')
-  ) {
-    event.respondWith(
-      caches.match(request).then((cached) => {
-        if (cached) return cached;
-        return fetch(request).then((response) => {
-          if (response.ok) {
-            const clone = response.clone();
-            caches.open(CACHE_NAME).then((cache) => cache.put(request, clone));
-          }
-          return response;
-        }).catch(() => caches.match(request));
-      })
-    );
-    return;
-  }
-
-  // Navigation requests (HTML): network-first, offline fallback
-  if (request.mode === 'navigate') {
-    event.respondWith(
-      fetch(request).catch(() => caches.match('/offline.html'))
-    );
-    return;
-  }
-
-  // Everything else: network with cache fallback
-  event.respondWith(
-    fetch(request).catch(() => caches.match(request))
-  );
-});
+// Service Worker for UpfynAI
+// v4 — proper caching: cache-first for static assets, network-first for navigation
+
+const CACHE_NAME = 'upfyn-v4';
+const PRECACHE_ASSETS = [
+  '/offline.html',
+  '/favicon.svg',
+  '/favicon.png',
+  '/manifest.json',
+];
+
+self.addEventListener('install', (event) => {
+  event.waitUntil(
+    caches.open(CACHE_NAME).then((cache) => cache.addAll(PRECACHE_ASSETS))
+  );
+  self.skipWaiting();
+});
+
+self.addEventListener('activate', (event) => {
+  event.waitUntil(
+    caches.keys().then((names) =>
+      Promise.all(
+        names
+          .filter((n) => n !== CACHE_NAME)
+          .map((n) => caches.delete(n))
+      )
+    )
+  );
+  self.clients.claim();
+});
+
+self.addEventListener('fetch', (event) => {
+  const { request } = event;
+  const url = new URL(request.url);
+
+  // API calls and WebSocket: pass through, no caching
+  if (
+    url.pathname.startsWith('/api/') ||
+    url.pathname.startsWith('/ws') ||
+    url.pathname.startsWith('/shell') ||
+    url.pathname.startsWith('/mcp')
+  ) {
+    return;
+  }
+
+  // Static assets (JS, CSS, images, fonts): cache-first
+  if (
+    request.destination === 'script' ||
+    request.destination === 'style' ||
+    request.destination === 'image' ||
+    request.destination === 'font' ||
+    url.pathname.startsWith('/icons/') ||
+    url.pathname.startsWith('/assets/')
+  ) {
+    event.respondWith(
+      caches.match(request).then((cached) => {
+        if (cached) return cached;
+        return fetch(request).then((response) => {
+          if (response.ok) {
+            const clone = response.clone();
+            caches.open(CACHE_NAME).then((cache) => cache.put(request, clone));
+          }
+          return response;
+        }).catch(() => caches.match(request));
+      })
+    );
+    return;
+  }
+
+  // Navigation requests (HTML): network-first, offline fallback
+  if (request.mode === 'navigate') {
+    event.respondWith(
+      fetch(request).catch(() => caches.match('/offline.html'))
+    );
+    return;
+  }
+
+  // Everything else: network with cache fallback
+  event.respondWith(
+    fetch(request).catch(() => caches.match(request))
+  );
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "upfynai-code",
-  "version": "3.0.3",
+  "version": "3.0.4",
   "description": "Visual AI coding interface for Claude Code, Cursor & Codex. Canvas whiteboard, multi-agent chat, terminal, git, voice assistant. Self-host locally or connect to cli.upfyn.com for remote access.",
   "type": "module",
   "main": "server/index.js",

package/server/browser.js

@@ -0,0 +1,131 @@
+/**
+ * Browser Client — connects the backend to the Steel browser service on Railway.
+ * All browser operations are proxied to the Steel service via HTTP.
+ * Mirrors the sandbox.js client pattern.
+ */
+
+const BROWSER_SERVICE_URL = process.env.BROWSER_SERVICE_URL || 'http://localhost:4400';
+const BROWSER_SERVICE_SECRET = process.env.BROWSER_SERVICE_SECRET || '';
+
+// Warn if no secret in production — inter-service calls will be unauthenticated
+if (!BROWSER_SERVICE_SECRET && process.env.NODE_ENV === 'production') {
+  console.error('[browser] WARNING: BROWSER_SERVICE_SECRET not set — browser service calls are unauthenticated');
+}
+
+async function browserFetch(path, userId, body = null, method = null) {
+  const opts = {
+    method: method || (body ? 'POST' : 'GET'),
+    headers: {
+      'Content-Type': 'application/json',
+      'x-browser-secret': BROWSER_SERVICE_SECRET,
+      'x-user-id': String(userId),
+    },
+  };
+  if (body) opts.body = JSON.stringify(body);
+
+  const res = await fetch(`${BROWSER_SERVICE_URL}${path}`, opts);
+  const data = await res.json();
+  if (!res.ok) throw new Error(data.error || data.message || `Browser service error: ${res.status}`);
+  return data;
+}
+
+const browserClient = {
+
+  /**
+   * Check if the browser service is reachable.
+   */
+  async isAvailable() {
+    try {
+      const res = await fetch(`${BROWSER_SERVICE_URL}/api/health`, {
+        signal: AbortSignal.timeout(3000),
+      });
+      return res.ok;
+    } catch {
+      return false;
+    }
+  },
+
+  /**
+   * Create a new browser session.
+   * Returns: { id, wsEndpoint, debugUrl, sessionViewerUrl, ... }
+   */
+  async createSession(userId, options = {}) {
+    const sessionOpts = {
+      sessionTimeout: options.timeout || 1800000, // 30 min default
+      blockAds: options.blockAds !== false,
+      solveCaptchas: options.solveCaptchas || false,
+      useProxy: options.useProxy || false,
+      dimensions: options.dimensions || { width: 1280, height: 800 },
+      userAgent: options.userAgent || undefined,
+      // Tag with userId for isolation
+      sessionContext: {
+        userId: String(userId),
+        createdAt: new Date().toISOString(),
+      },
+    };
+
+    return browserFetch('/v1/sessions', userId, sessionOpts);
+  },
+
+  /**
+   * Get session details.
+   */
+  async getSession(userId, sessionId) {
+    return browserFetch(`/v1/sessions/${sessionId}`, userId);
+  },
+
+  /**
+   * Release (close) a browser session.
+   */
+  async releaseSession(userId, sessionId) {
+    return browserFetch(`/v1/sessions/${sessionId}/release`, userId, {}, 'POST');
+  },
+
+  /**
+   * List active sessions.
+   */
+  async listSessions(userId) {
+    return browserFetch('/v1/sessions', userId);
+  },
+
+  /**
+   * Get the session viewer URL for embedding in an iframe.
+   * Steel's built-in viewer provides an interactive browser view.
+   */
+  getSessionViewerUrl(sessionId) {
+    return `${BROWSER_SERVICE_URL}/v1/sessions/${sessionId}/viewer?interactive=true&showControls=true`;
+  },
+
+  /**
+   * Get the CDP WebSocket URL for connecting Stagehand/Playwright.
+   */
+  getCdpWsUrl(sessionId) {
+    const wsBase = BROWSER_SERVICE_URL.replace(/^http/, 'ws');
+    return `${wsBase}?sessionId=${sessionId}`;
+  },
+
+  /**
+   * Capture a screenshot of the current page.
+   */
+  async screenshot(userId, sessionId) {
+    return browserFetch(`/v1/sessions/${sessionId}/screenshot`, userId, {});
+  },
+
+  /**
+   * Scrape a URL — returns page content.
+   */
+  async scrape(userId, sessionId, url) {
+    return browserFetch('/v1/scrape', userId, { url, sessionId });
+  },
+
+  /**
+   * Get the sandbox dev server URL that the browser can reach internally.
+   * The sandbox and browser share Railway's internal network.
+   */
+  getSandboxPreviewUrl(userId, port) {
+    const sandboxUrl = process.env.SANDBOX_SERVICE_URL || 'http://localhost:4300';
+    return `${sandboxUrl}/proxy/${userId}/${port}`;
+  },
+};
+
+export { browserClient, BROWSER_SERVICE_URL, BROWSER_SERVICE_SECRET };

package/server/database/db.js

@@ -415,6 +415,22 @@ CREATE TABLE IF NOT EXISTS voice_calls (
 
 CREATE INDEX IF NOT EXISTS idx_voice_calls_user ON voice_calls(user_id);
 CREATE INDEX IF NOT EXISTS idx_voice_calls_vapi ON voice_calls(vapi_call_id);
+
+CREATE TABLE IF NOT EXISTS browser_sessions (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    steel_session_id TEXT NOT NULL UNIQUE,
+    status TEXT NOT NULL DEFAULT 'active',
+    viewer_url TEXT,
+    cdp_url TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_accessed DATETIME DEFAULT CURRENT_TIMESTAMP,
+    metadata TEXT DEFAULT '{}',
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_browser_sessions_user ON browser_sessions(user_id);
+CREATE INDEX IF NOT EXISTS idx_browser_sessions_status ON browser_sessions(status);
 `;
 
 // ─── Migrations ─────────────────────────────────────────────────────────────────
@@ -512,6 +528,15 @@ const runMigrations = async () => {
       }
     } catch { /* column may already exist */ }
 
+    // Add github_origin column to user_projects if missing
+    try {
+      const upCols = await db.execute("PRAGMA table_info(user_projects)");
+      const upColNames = upCols.rows.map(r => r.name);
+      if (!upColNames.includes('github_origin')) {
+        await db.execute('ALTER TABLE user_projects ADD COLUMN github_origin TEXT');
+      }
+    } catch { /* column may already exist */ }
+
     console.log(`${c.info('[DB]')} Migrations complete`);
   } catch (error) {
     console.error('Migration error:', error.message);
@@ -1307,21 +1332,26 @@ const resetTokenDb = {
 // ─── Projects DB (cloud mode) ─────────────────────────────────────────────────
 
 const projectDb = {
-  upsert: async (userId, originalPath, displayName = null) => {
+  upsert: async (userId, originalPath, displayName = null, githubOrigin = null) => {
     const projectName = originalPath.replace(/[\\/:\s~_]/g, '-');
     const existing = await db.execute({
       sql: 'SELECT id FROM user_projects WHERE user_id = ? AND original_path = ?',
       args: [userId, originalPath]
     });
     if (existing.rows.length > 0) {
-      if (displayName) {
-        await db.execute({ sql: 'UPDATE user_projects SET display_name = ? WHERE id = ?', args: [displayName, existing.rows[0].id] });
+      if (displayName || githubOrigin) {
+        const updates = [];
+        const args = [];
+        if (displayName) { updates.push('display_name = ?'); args.push(displayName); }
+        if (githubOrigin) { updates.push('github_origin = ?'); args.push(githubOrigin); }
+        args.push(existing.rows[0].id);
+        await db.execute({ sql: `UPDATE user_projects SET ${updates.join(', ')} WHERE id = ?`, args });
       }
       return { id: Number(existing.rows[0].id), projectName, originalPath, alreadyExists: true };
     }
     const result = await db.execute({
-      sql: 'INSERT INTO user_projects (user_id, project_name, original_path, display_name) VALUES (?, ?, ?, ?)',
-      args: [userId, projectName, originalPath, displayName]
+      sql: 'INSERT INTO user_projects (user_id, project_name, original_path, display_name, github_origin) VALUES (?, ?, ?, ?, ?)',
+      args: [userId, projectName, originalPath, displayName, githubOrigin]
     });
     return { id: Number(result.lastInsertRowid), projectName, originalPath };
   },
@@ -1348,6 +1378,14 @@ const projectDb = {
       args: [displayName, userId, originalPath]
     });
     return result.rowsAffected > 0;
+  },
+
+  getByName: async (userId, projectName) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM user_projects WHERE user_id = ? AND project_name = ?',
+      args: [userId, projectName]
+    });
+    return result.rows[0] || null;
   }
 };
 
@@ -1448,4 +1486,62 @@ const voiceCallDb = {
   },
 };
 
-export { db, initializeDatabase, userDb, apiKeysDb, credentialsDb, relayTokensDb, githubTokensDb, subscriptionDb, paymentDb, webhookDb, workflowDb, fileVersionDb, sessionUsageDb, connectionDb, canvasDb, resetTokenDb, projectDb, voiceCallDb, PLAN_DURATIONS };
+// ─── Browser Sessions DB ─────────────────────────────────────────────────────
+
+const browserSessionDb = {
+  create: async (userId, steelSessionId, viewerUrl = null, cdpUrl = null, metadata = {}) => {
+    const result = await db.execute({
+      sql: 'INSERT INTO browser_sessions (user_id, steel_session_id, viewer_url, cdp_url, metadata) VALUES (?, ?, ?, ?, ?)',
+      args: [userId, steelSessionId, viewerUrl, cdpUrl, JSON.stringify(metadata)]
+    });
+    return { id: Number(result.lastInsertRowid), steelSessionId };
+  },
+
+  getActive: async (userId) => {
+    const result = await db.execute({
+      sql: "SELECT * FROM browser_sessions WHERE user_id = ? AND status = 'active' ORDER BY created_at DESC LIMIT 1",
+      args: [userId]
+    });
+    return getRow(result);
+  },
+
+  getBySessionId: async (userId, steelSessionId) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM browser_sessions WHERE user_id = ? AND steel_session_id = ?',
+      args: [userId, steelSessionId]
+    });
+    return getRow(result);
+  },
+
+  updateAccess: async (userId, steelSessionId) => {
+    await db.execute({
+      sql: "UPDATE browser_sessions SET last_accessed = datetime('now') WHERE user_id = ? AND steel_session_id = ?",
+      args: [userId, steelSessionId]
+    });
+  },
+
+  deactivate: async (userId, steelSessionId) => {
+    await db.execute({
+      sql: "UPDATE browser_sessions SET status = 'closed' WHERE user_id = ? AND steel_session_id = ?",
+      args: [userId, steelSessionId]
+    });
+  },
+
+  listByUser: async (userId) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM browser_sessions WHERE user_id = ? ORDER BY created_at DESC LIMIT 20',
+      args: [userId]
+    });
+    return result.rows;
+  },
+
+  cleanupStale: async (maxAgeMinutes = 30) => {
+    const result = await db.execute({
+      sql: `UPDATE browser_sessions SET status = 'expired' WHERE status = 'active' AND last_accessed < datetime('now', '-' || ? || ' minutes')`,
+      args: [maxAgeMinutes]
+    });
+    return result.rowsAffected || 0;
+  },
+};
+
+export { db, initializeDatabase, userDb, apiKeysDb, credentialsDb, relayTokensDb, githubTokensDb, subscriptionDb, paymentDb, webhookDb, workflowDb, fileVersionDb, sessionUsageDb, connectionDb, canvasDb, resetTokenDb, projectDb, voiceCallDb, browserSessionDb, PLAN_DURATIONS };