docs: add task summary

TASK_SUMMARY.md

@@ -0,0 +1,51 @@
+# Task Summary: Fixing Outbound Connectivity on Hugging Face Spaces
+
+## Objective
+Enable `n8n` (running on Hugging Face Spaces) to connect to blocked external services like Telegram API and Discord, bypassing the platform's network restrictions.
+
+## Paths Explored
+
+### 1. DNS Resolution Fix (DoH)
+- **Problem**: HF Spaces intercept standard UDP/TCP DNS queries and return sinkholed IPs or `ENOTFOUND` for specific domains (Telegram, WhatsApp, Discord).
+- **Solution**: Implemented a `dns-fix.js` preload script using `NODE_OPTIONS="--require /opt/dns-fix.js"`.
+- **Method**: Monkey-patched `dns.lookup` to fall back to **DNS-over-HTTPS (DoH)** via Cloudflare (`1.1.1.1`) when system DNS fails.
+- **Result**: Successfully resolved the correct IP addresses for `api.telegram.org`.
+
+### 2. Forced DoH & IPv4 Priority
+- **Observation**: Even when DNS worked, connections often failed with `ECONNRESET` or `SSL alert 0`.
+- **Exploration**: Forced DoH for known blocked domains even if system DNS seemed to work (to bypass sinkholed IPs) and set `--dns-result-order=ipv4first`.
+- **Result**: DNS was correct, but TCP/TLS handshakes were still being dropped by the HF firewall.
+
+### 3. Transparent Application-Level Proxy
+- **Idea**: Use Node.js 22's native `fetch()` (based on `undici`) which handles HF's networking better (Happy Eyeballs).
+- **Method**: Monkey-patched `http.request` and `https.request` to route blocked domains through `fetch()`.
+- **Result**: Encountered `Maximum call stack size exceeded` due to recursion between the patch and n8n's `axios`/`follow-redirects` library.
+
+### 4. Comparison with HuggingClaw
+- **Context**: The user pointed to `HuggingClaw` as a working example.
+- **Analysis**: HuggingClaw uses an identical `dns-fix.js` and `Dockerfile` configuration.
+- **Finding**: HuggingClaw's networking works because it likely connects to services that aren't strictly blocked or uses a different internal routing that `n8n` (a larger app) might be disrupting.
+
+## Final Conclusion & Recommendations
+
+The connectivity issue on Hugging Face Spaces for `n8n` is a two-layer problem:
+1. **DNS Layer**: Blocked by intercepting standard DNS queries. **Fixed** via `dns-fix.js`.
+2. **Network/SNI Layer**: Blocked by a Deep Packet Inspection (DPI) firewall that drops connections to specific hostnames (SNI) or IP ranges even if DNS is correct.
+
+### Best Way Forward
+To reliably connect n8n to Telegram/Discord on HF Spaces, an **Outbound Proxy** is required because the HF firewall is too restrictive for direct connections.
+
+**Recommended Proxy Strategy:**
+1. **Cloudflare Worker Proxy**: A simple 5-line script on a custom `workers.dev` domain (not blocked by HF) to forward requests to Telegram.
+   - Example: `https://my-proxy.workers.dev/botTOKEN/getMe` -> `https://api.telegram.org/botTOKEN/getMe`
+2. **N8N Configuration**:
+   - Update `HTTP Request` nodes to use the proxy URL.
+   - OR set `N8N_HTTP_PROXY` if using a standard SOCKS5/HTTP proxy (though n8n support for this varies by node type).
+
+## Current State of Repository
+- `dns-fix.js`: Robust DoH fallback with recursion guards.
+- `Dockerfile`: Configured to preload the DNS fix.
+- `access.md`: Contains test tokens and execution logs.
+
+> [!IMPORTANT]
+> The current setup fixes the **DNS issue**, but the **Firewall/SNI issue** remains. Future work should focus on implementing a lightweight outbound proxy or using a service like Cloudflare Tunnel if possible.