webpeel 0.20.21 → 0.21.1

package/dist/cli/commands/fetch.js

@@ -205,6 +205,55 @@ export async function runFetch(url, options) {
         console.error(usageCheck.message);
         process.exit(1);
     }
+    // ── --export: YouTube transcript download (early exit) ────────────────
+    if (options.export) {
+        const exportFmt = options.export.toLowerCase();
+        const validExportFmts = ['srt', 'txt', 'md', 'json'];
+        if (!validExportFmts.includes(exportFmt)) {
+            console.error(`Error: --export format must be one of: ${validExportFmts.join(', ')}`);
+            process.exit(1);
+        }
+        const exportCfg = loadConfig();
+        const exportApiKey = exportCfg.apiKey || process.env.WEBPEEL_API_KEY;
+        const exportApiUrl = process.env.WEBPEEL_API_URL || 'https://api.webpeel.dev';
+        if (!exportApiKey) {
+            console.error('No API key configured. Run: webpeel auth <your-key>');
+            console.error('Get a free key at: https://app.webpeel.dev/keys');
+            process.exit(2);
+        }
+        const lang = options.language || 'en';
+        const exportUrl = `${exportApiUrl}/v1/transcript/export?url=${encodeURIComponent(url)}&format=${exportFmt}&language=${lang}`;
+        const exportRes = await fetch(exportUrl, {
+            headers: { 'Authorization': `Bearer ${exportApiKey}` },
+            signal: AbortSignal.timeout(options.timeout ?? 90000),
+        });
+        if (!exportRes.ok) {
+            const errBody = await exportRes.text().catch(() => '');
+            try {
+                const errJson = JSON.parse(errBody);
+                const msg = errJson?.error?.message || errJson?.message || exportRes.statusText;
+                console.error(`Export failed (${exportRes.status}): ${msg}`);
+            }
+            catch {
+                console.error(`Export failed (${exportRes.status}): ${exportRes.statusText}`);
+            }
+            process.exit(1);
+        }
+        const exportContent = await exportRes.text();
+        if (options.output) {
+            writeFileSync(options.output, exportContent, 'utf-8');
+            if (!options.silent) {
+                console.error(`Transcript saved to: ${options.output}`);
+            }
+        }
+        else {
+            process.stdout.write(exportContent);
+            if (!exportContent.endsWith('\n'))
+                process.stdout.write('\n');
+        }
+        await cleanup();
+        process.exit(0);
+    }
     // Check cache first (before spinner/network)
     // Default: 5m TTL for all CLI fetches unless --no-cache is set
     let cacheTtlMs;
@@ -1077,6 +1126,8 @@ export function registerFetchCommands(program) {
         .option('--content-only', 'Output only the raw content field (no metadata, no JSON wrapper) — ideal for piping to LLMs')
         .option('--progress', 'Show engine escalation steps (simple → browser → stealth) with timing')
         .option('--stdin', 'Read HTML from stdin instead of fetching a URL — converts to markdown')
+        .option('--export <format>', 'Export YouTube transcript in the given format: srt, txt, md, json')
+        .option('--output <file>', 'Write output to a file instead of stdout')
         .action(async (url, options) => {
         if (options.stdin) {
             await runStdin(options);

package/dist/core/dns-cache.js

@@ -40,6 +40,21 @@ const DNS_WARMUP_DOMAINS = [
     'tools.ietf.org',
     'unicode.org',
     'www.bbc.com',
+    'bbc.co.uk',
+    'stripe.com',
+    'docs.stripe.com',
+    'vuejs.org',
+    'angular.io',
+    'www.washingtonpost.com',
+    'www.theguardian.com',
+    'techcrunch.com',
+    'www.wired.com',
+    'arstechnica.com',
+    'docs.google.com',
+    'drive.google.com',
+    'www.notion.so',
+    'www.producthunt.com',
+    'www.crunchbase.com',
     'news.google.com',
     'www.youtube.com',
     'example.com',

package/dist/core/http-fetch.js

@@ -42,11 +42,13 @@ const HTTP_STATUS_TEXT = {
 // ── HTTP connection pool ──────────────────────────────────────────────────────
 function createHttpPool() {
     return new Agent({
-        connections: 20,
-        pipelining: 6,
+        connections: 50,
+        pipelining: 10,
         keepAliveTimeout: 60000,
         keepAliveMaxTimeout: 60000,
         allowH2: true,
+        headersTimeout: 10000,
+        bodyTimeout: 30000,
         connect: {
             lookup: cachedLookup,
         },

package/dist/core/pipeline.d.ts

@@ -75,6 +75,8 @@ export interface PipelineContext {
     domainApiHandled?: boolean;
     /** True when server returned pre-rendered markdown (Content-Type: text/markdown) */
     serverMarkdown?: boolean;
+    /** True when HTTP fetch completed in < 500ms — enables fast path (skip challenge detection) */
+    fastPath?: boolean;
     /** Non-fatal warnings accumulated during the pipeline run */
     warnings: string[];
     /** Raw HTML size in characters (measured from fetched content before any conversion) */

package/dist/core/pipeline.js

@@ -399,7 +399,17 @@ export async function fetchContent(ctx) {
         }
         throw fetchError;
     }
-    ctx.timer.end('fetch');
+    const fetchDuration = ctx.timer.end('fetch');
+    // Fast path: if a plain HTTP fetch completed quickly with real HTML content,
+    // mark it so post-processing can skip expensive heuristics (challenge detection).
+    // Only applies to non-browser fetches that succeeded with HTML content.
+    if (fetchDuration < 500 &&
+        !ctx.render &&
+        fetchResult.statusCode === 200 &&
+        (fetchResult.contentType || '').includes('html') &&
+        (fetchResult.html?.length || 0) > 200) {
+        ctx.fastPath = true;
+    }
     // Auto-scroll to load lazy content, then grab fresh HTML
     if (needsAutoScroll && fetchResult.page) {
         try {
@@ -927,7 +937,9 @@ export async function postProcess(ctx) {
     // === Challenge / bot-protection page detection ===
     // If the extracted content looks like a challenge page (not real content),
     // mark it and try the search-as-proxy fallback to get the real info.
-    if (ctx.content && ctx.content.length < 2000) {
+    // Fast path: skip this check for HTTP fetches that completed in < 500ms —
+    // a fast successful response is virtually never a challenge page.
+    if (!ctx.fastPath && ctx.content && ctx.content.length < 2000) {
         const lowerContent = ctx.content.toLowerCase();
         const challengeSignals = [
             'please verify you are a human',

package/dist/core/transcript-export.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Transcript export format converters.
+ *
+ * Converts YouTube transcript data into SRT, plain text, Markdown, or JSON
+ * so users can download transcripts in their preferred format.
+ */
+import type { TranscriptSegment, YouTubeTranscript } from './youtube.js';
+export type { TranscriptSegment, YouTubeTranscript as TranscriptResult };
+/**
+ * Format seconds as an SRT timestamp: HH:MM:SS,mmm
+ *
+ * @example formatSRTTimestamp(3661.5) → "01:01:01,500"
+ */
+export declare function formatSRTTimestamp(seconds: number): string;
+/**
+ * Convert transcript segments to SRT subtitle format.
+ *
+ * SRT structure:
+ * ```
+ * 1
+ * 00:00:01,000 --> 00:00:04,500
+ * We're no strangers to love
+ *
+ * 2
+ * 00:00:04,500 --> 00:00:08,000
+ * You know the rules and so do I
+ * ```
+ */
+export declare function toSRT(segments: TranscriptSegment[]): string;
+/**
+ * Convert transcript segments to plain text.
+ * One line per segment, no timestamps.
+ */
+export declare function toTXT(segments: TranscriptSegment[]): string;
+/**
+ * Convert transcript to a clean Markdown document.
+ * Includes title, channel header, and timestamped transcript lines.
+ *
+ * @param title   - Video title
+ * @param channel - Channel name
+ * @param segments - Transcript segments
+ */
+export declare function toMarkdownDoc(title: string, channel: string, segments: TranscriptSegment[]): string;
+/**
+ * Convert full transcript result to pretty-printed JSON.
+ */
+export declare function toJSON(result: YouTubeTranscript): string;

package/dist/core/transcript-export.js

@@ -0,0 +1,107 @@
+/**
+ * Transcript export format converters.
+ *
+ * Converts YouTube transcript data into SRT, plain text, Markdown, or JSON
+ * so users can download transcripts in their preferred format.
+ */
+// ---------------------------------------------------------------------------
+// Timestamp helpers
+// ---------------------------------------------------------------------------
+/**
+ * Format seconds as an SRT timestamp: HH:MM:SS,mmm
+ *
+ * @example formatSRTTimestamp(3661.5) → "01:01:01,500"
+ */
+export function formatSRTTimestamp(seconds) {
+    const totalMs = Math.round(Math.max(0, seconds) * 1000);
+    const ms = totalMs % 1000;
+    const totalSec = Math.floor(totalMs / 1000);
+    const s = totalSec % 60;
+    const totalMin = Math.floor(totalSec / 60);
+    const m = totalMin % 60;
+    const h = Math.floor(totalMin / 60);
+    return (`${String(h).padStart(2, '0')}:` +
+        `${String(m).padStart(2, '0')}:` +
+        `${String(s).padStart(2, '0')},` +
+        `${String(ms).padStart(3, '0')}`);
+}
+/**
+ * Format seconds as a human-readable timestamp: M:SS or H:MM:SS
+ *
+ * @example formatReadableTimestamp(125.3) → "2:05"
+ */
+function formatReadableTimestamp(seconds) {
+    const totalSec = Math.floor(Math.max(0, seconds));
+    const h = Math.floor(totalSec / 3600);
+    const m = Math.floor((totalSec % 3600) / 60);
+    const s = totalSec % 60;
+    if (h > 0) {
+        return `${h}:${String(m).padStart(2, '0')}:${String(s).padStart(2, '0')}`;
+    }
+    return `${m}:${String(s).padStart(2, '0')}`;
+}
+// ---------------------------------------------------------------------------
+// Export functions
+// ---------------------------------------------------------------------------
+/**
+ * Convert transcript segments to SRT subtitle format.
+ *
+ * SRT structure:
+ * ```
+ * 1
+ * 00:00:01,000 --> 00:00:04,500
+ * We're no strangers to love
+ *
+ * 2
+ * 00:00:04,500 --> 00:00:08,000
+ * You know the rules and so do I
+ * ```
+ */
+export function toSRT(segments) {
+    if (segments.length === 0)
+        return '';
+    return segments
+        .map((seg, i) => {
+        const start = formatSRTTimestamp(seg.start);
+        const end = formatSRTTimestamp(seg.start + Math.max(0, seg.duration));
+        return `${i + 1}\n${start} --> ${end}\n${seg.text}`;
+    })
+        .join('\n\n');
+}
+/**
+ * Convert transcript segments to plain text.
+ * One line per segment, no timestamps.
+ */
+export function toTXT(segments) {
+    return segments.map((seg) => seg.text).join('\n');
+}
+/**
+ * Convert transcript to a clean Markdown document.
+ * Includes title, channel header, and timestamped transcript lines.
+ *
+ * @param title   - Video title
+ * @param channel - Channel name
+ * @param segments - Transcript segments
+ */
+export function toMarkdownDoc(title, channel, segments) {
+    const lines = [];
+    lines.push(`# ${title || 'Transcript'}`);
+    lines.push('');
+    if (channel) {
+        lines.push(`**Channel:** ${channel}`);
+        lines.push('');
+    }
+    lines.push('## Transcript');
+    lines.push('');
+    for (const seg of segments) {
+        const ts = formatReadableTimestamp(seg.start);
+        lines.push(`**[${ts}]** ${seg.text}`);
+    }
+    return lines.join('\n');
+}
+/**
+ * Convert full transcript result to pretty-printed JSON.
+ */
+export function toJSON(result) {
+    return JSON.stringify(result, null, 2);
+}

package/dist/server/app.js

@@ -31,6 +31,7 @@ import { createAskRouter } from './routes/ask.js';
 import { createMcpRouter } from './routes/mcp.js';
 import { createDoRouter } from './routes/do.js';
 import { createYouTubeRouter } from './routes/youtube.js';
+import { createTranscriptExportRouter } from './routes/transcript-export.js';
 import { createDeepFetchRouter } from './routes/deep-fetch.js';
 import { createWatchRouter } from './routes/watch.js';
 import pg from 'pg';
@@ -38,6 +39,7 @@ import { createScreenshotRouter } from './routes/screenshot.js';
 import { createDemoRouter } from './routes/demo.js';
 import { createPlaygroundRouter } from './routes/playground.js';
 import { createReaderRouter } from './routes/reader.js';
+import { createSharePublicRouter, createShareRouter } from './routes/share.js';
 import { createJobQueue } from './job-queue.js';
 import { createCompatRouter } from './routes/compat.js';
 import { createCrawlRouter } from './routes/crawl.js';
@@ -46,6 +48,7 @@ import { createExtractRouter } from './routes/extract.js';
 import { createAgentRouter } from './routes/agent.js';
 import { createSessionRouter } from './routes/session.js';
 import { createSentryHooks } from './sentry.js';
+import { requireScope } from './middleware/scope-guard.js';
 import { warmup, cleanup as cleanupFetcher } from '../core/fetcher.js';
 import { registerPremiumHooks } from './premium/index.js';
 import { readFileSync } from 'fs';
@@ -239,6 +242,9 @@ export function createApp(config = {}) {
     app.use(createDemoRouter());
     // Playground endpoint — unauthenticated, CORS-locked to webpeel.dev/localhost
     app.use('/v1/playground', createPlaygroundRouter());
+    // Public share endpoint — GET /s/:id (no auth required, must be before reader router)
+    // Registered first so valid share IDs are served before falling through to reader's /s/* search
+    app.use(createSharePublicRouter(pool));
     // Zero-auth reader API — Jina-style URL prefix (/r/URL) and search (/s/query)
     // Must be BEFORE auth middleware so no API key is required
     app.use(createReaderRouter());
@@ -246,17 +252,33 @@ export function createApp(config = {}) {
     app.use(createAuthMiddleware(authStore));
     // Apply rate limiting middleware globally
     app.use(createRateLimitMiddleware(rateLimiter));
+    // Share links — POST /v1/share (auth required, after auth middleware)
+    app.use(createShareRouter(pool));
     // First-class native routes (registered before compat so they take precedence)
-    app.use('/v1/crawl', createCrawlRouter(jobQueue));
-    app.use('/v1/map', createMapRouter());
+    //
+    // Scope guards enforce API key permission scopes; JWT sessions bypass them.
+    // For routers with relative paths: app.use(path, guard, router)    ← prefix stripped, relative paths match
+    // For routers with absolute paths: app.use(path, guard) then app.use(router) ← guard at path, router sees full path
+    // /v1/crawl — full or read only (router uses relative paths)
+    app.use('/v1/crawl', requireScope('full', 'read'), createCrawlRouter(jobQueue));
+    // /v1/map — full or read only (router uses relative paths)
+    app.use('/v1/map', requireScope('full', 'read'), createMapRouter());
+    // Compat routes (/v1/scrape, /v1/search) — all scopes allowed, no guard needed
     app.use(createCompatRouter(jobQueue));
     app.use(createSessionRouter());
     app.use(createExtractRouter());
+    // /v1/deep-fetch — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/deep-fetch', requireScope('full', 'read'));
     app.use(createDeepFetchRouter());
+    // /v1/watch — full or read only (router uses absolute paths, guard before router)
     if (pool) {
+        app.use('/v1/watch', requireScope('full', 'read'));
         app.use(createWatchRouter(pool));
     }
+    // /v1/fetch, /v1/search — all scopes allowed, no guard needed
     app.use(createFetchRouter(authStore));
+    // /v1/screenshot — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/screenshot', requireScope('full', 'read'));
     app.use(createScreenshotRouter(authStore));
     app.use(createSearchRouter(authStore));
     app.use(createBillingPortalRouter(pool));
@@ -266,6 +288,8 @@ export function createApp(config = {}) {
     app.use(createActivityRouter(authStore));
     app.use(createCLIUsageRouter());
     app.use(createJobsRouter(jobQueue, authStore));
+    // /v1/batch — full or read only (router uses absolute paths, guard before router)
+    app.use('/v1/batch', requireScope('full', 'read'));
     app.use(createBatchRouter(jobQueue));
     // Deprecation headers for declining endpoints
     app.use('/v1/answer', (_req, res, next) => {
@@ -274,11 +298,15 @@ export function createApp(config = {}) {
         res.set('Link', '</v1/ask>; rel="successor-version"');
         next();
     });
+    // /v1/answer, /v1/ask — all scopes allowed, no guard needed
     app.use(createAnswerRouter());
     app.use(createAskRouter());
-    app.use('/v1/agent', createAgentRouter());
-    app.use('/v1/do', createDoRouter());
+    // /v1/agent — full or read only (router uses relative paths)
+    app.use('/v1/agent', requireScope('full', 'read'), createAgentRouter());
+    // /v1/do — full only (router uses relative paths; admin-level operation)
+    app.use('/v1/do', requireScope('full'), createDoRouter());
     app.use(createYouTubeRouter());
+    app.use(createTranscriptExportRouter());
     app.use(createMcpRouter(authStore, pool));
     // 404 handler
     app.use((req, res) => {

package/dist/server/auth-store.d.ts

@@ -8,6 +8,7 @@ export interface ApiKeyInfo {
     rateLimit: number;
     accountId?: string;
     createdAt: Date;
+    scope?: 'full' | 'read' | 'restricted';
 }
 export interface AuthStore {
     validateKey(key: string): Promise<ApiKeyInfo | null>;

package/dist/server/middleware/auth.d.ts

@@ -11,6 +11,7 @@
  */
 import { Request, Response, NextFunction } from 'express';
 import { AuthStore, ApiKeyInfo } from '../auth-store.js';
+import { KeyScope } from '../pg-auth-store.js';
 import '../types.js';
 declare global {
     namespace Express {
@@ -22,6 +23,12 @@ declare global {
                 softLimited: boolean;
                 extraUsageAvailable: boolean;
             };
+            /**
+             * Permission scope of the authenticated API key.
+             * Undefined when authenticated via JWT (dashboard session) — JWT users bypass scope enforcement.
+             * Set to 'full' | 'read' | 'restricted' for API key requests.
+             */
+            keyScope?: KeyScope;
         }
     }
 }

package/dist/server/middleware/auth.js

@@ -204,6 +204,10 @@ export function createAuthMiddleware(authStore) {
                 softLimited,
                 extraUsageAvailable,
             };
+            // Attach API key scope (only for API key auth; JWT users get undefined = bypass scope checks)
+            if (keyInfo) {
+                req.keyScope = keyInfo.scope || 'full';
+            }
             next();
         }
         catch (_error) {

package/dist/server/middleware/scope-guard.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Scope enforcement middleware for API key permission scoping.
+ *
+ * Keys have one of three scopes:
+ *   'full'       — all endpoints (default)
+ *   'read'       — read/fetch operations only
+ *   'restricted' — /v1/scrape only (for limited sharing)
+ *
+ * JWT-authenticated requests (dashboard sessions) bypass scope enforcement:
+ * req.keyScope is undefined for JWT requests, which are always allowed through.
+ */
+import { Request, Response, NextFunction } from 'express';
+import { KeyScope } from '../pg-auth-store.js';
+/**
+ * Middleware factory that enforces API key scope.
+ * Pass the set of scopes that are permitted to access the guarded route.
+ *
+ * @example
+ * // Only full-access keys may manage billing:
+ * router.post('/v1/billing', requireScope('full'), handler);
+ *
+ * // Read and full keys may scrape:
+ * app.use('/v1/scrape', requireScope('full', 'read', 'restricted'), scrapeRouter);
+ */
+export declare function requireScope(...allowedScopes: KeyScope[]): (req: Request, res: Response, next: NextFunction) => void;

package/dist/server/middleware/scope-guard.js

@@ -0,0 +1,45 @@
+/**
+ * Scope enforcement middleware for API key permission scoping.
+ *
+ * Keys have one of three scopes:
+ *   'full'       — all endpoints (default)
+ *   'read'       — read/fetch operations only
+ *   'restricted' — /v1/scrape only (for limited sharing)
+ *
+ * JWT-authenticated requests (dashboard sessions) bypass scope enforcement:
+ * req.keyScope is undefined for JWT requests, which are always allowed through.
+ */
+/**
+ * Middleware factory that enforces API key scope.
+ * Pass the set of scopes that are permitted to access the guarded route.
+ *
+ * @example
+ * // Only full-access keys may manage billing:
+ * router.post('/v1/billing', requireScope('full'), handler);
+ *
+ * // Read and full keys may scrape:
+ * app.use('/v1/scrape', requireScope('full', 'read', 'restricted'), scrapeRouter);
+ */
+export function requireScope(...allowedScopes) {
+    return (req, res, next) => {
+        // JWT sessions (req.keyScope === undefined) always pass through.
+        // Scope enforcement only applies to API key requests.
+        if (req.keyScope === undefined) {
+            return next();
+        }
+        if (!allowedScopes.includes(req.keyScope)) {
+            res.status(403).json({
+                success: false,
+                error: {
+                    type: 'insufficient_scope',
+                    message: `This API key has '${req.keyScope}' scope. This endpoint requires: ${allowedScopes.join(' or ')}.`,
+                    docs: 'https://webpeel.dev/docs/authentication#scopes',
+                    hint: 'Create a new API key with the required scope in your dashboard.',
+                },
+                requestId: req.requestId,
+            });
+            return;
+        }
+        next();
+    };
+}

package/dist/server/pg-auth-store.d.ts

@@ -3,6 +3,8 @@
  * Uses SHA-256 hashing for API keys and tracks WEEKLY usage with burst limits
  */
 import { AuthStore, ApiKeyInfo } from './auth-store.js';
+/** Permission scope for an API key */
+export type KeyScope = 'full' | 'read' | 'restricted';
 export interface WeeklyUsageInfo {
     week: string;
     basicCount: number;
@@ -39,6 +41,11 @@ export interface ExtraUsageInfo {
 export declare class PostgresAuthStore implements AuthStore {
     private pool;
     constructor(connectionString?: string);
+    /**
+     * Run idempotent schema migrations.
+     * Safe to call on every startup — all statements use IF NOT EXISTS / IF EXISTS.
+     */
+    private ensureSchema;
     /**
      * Hash API key with SHA-256
      * SECURITY: Never store raw API keys

package/dist/server/pg-auth-store.js

@@ -34,6 +34,36 @@ export class PostgresAuthStore {
             idleTimeoutMillis: 30000,
             connectionTimeoutMillis: 10000,
         });
+        // Run idempotent schema migrations on startup
+        this.ensureSchema().catch(err => console.error('[pg-auth-store] Schema migration failed:', err));
+    }
+    /**
+     * Run idempotent schema migrations.
+     * Safe to call on every startup — all statements use IF NOT EXISTS / IF EXISTS.
+     */
+    async ensureSchema() {
+        await this.pool.query(`
+      ALTER TABLE api_keys ADD COLUMN IF NOT EXISTS scope VARCHAR(20) NOT NULL DEFAULT 'full';
+    `);
+        await this.pool.query(`
+      CREATE TABLE IF NOT EXISTS shared_reads (
+        id VARCHAR(12) PRIMARY KEY,
+        url TEXT NOT NULL,
+        title TEXT,
+        content TEXT NOT NULL,
+        tokens INTEGER,
+        created_by TEXT REFERENCES users(id),
+        created_at TIMESTAMPTZ DEFAULT NOW(),
+        expires_at TIMESTAMPTZ DEFAULT NOW() + INTERVAL '30 days',
+        view_count INTEGER DEFAULT 0
+      );
+    `);
+        await this.pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_shared_reads_url ON shared_reads(url);
+    `);
+        await this.pool.query(`
+      CREATE INDEX IF NOT EXISTS idx_shared_reads_created_by ON shared_reads(created_by);
+    `);
     }
     /**
      * Hash API key with SHA-256
@@ -108,6 +138,7 @@ export class PostgresAuthStore {
           ak.user_id,
           ak.key_prefix,
           ak.name,
+          ak.scope,
           u.tier,
           u.rate_limit,
           u.weekly_limit,
@@ -129,6 +160,7 @@ export class PostgresAuthStore {
                 rateLimit: row.rate_limit,
                 accountId: row.user_id,
                 createdAt: new Date(),
+                scope: row.scope || 'full',
             };
         }
         catch (error) {

package/dist/server/routes/activity.js

@@ -34,10 +34,12 @@ export function createActivityRouter(authStore) {
         SELECT 
           id,
           url,
+          endpoint,
           method,
           status_code,
           processing_time_ms,
           tokens_used,
+          ip_address,
           created_at
         FROM usage_logs
         WHERE user_id = $1
@@ -49,11 +51,14 @@ export function createActivityRouter(authStore) {
             const requests = result.rows.map((row) => ({
                 id: row.id,
                 url: row.url || 'N/A',
+                endpoint: row.endpoint || null,
                 status: (row.status_code >= 200 && row.status_code < 300) ? 'success' : 'error',
                 responseTime: row.processing_time_ms || 0,
                 mode: row.method || 'basic',
                 timestamp: row.created_at,
                 tokensUsed: row.tokens_used || null,
+                ipAddress: row.ip_address || null,
+                statusCode: row.status_code || null,
             }));
             res.json({ requests });
         }