fix: revert Telegram SNI workaround and restore proper dns-fix.js behavior

- HF Spaces blocks standard UDP DNS for some domains (like Telegram) by returning ENOTFOUND.
- The previous attempt forced DoH first via cloudflare-dns.com, but standard DNS resolution for cloudflare-dns.com itself failed inside HF Spaces, causing the entire DoH fallback to crash with ECONNRESET.
- Restored the original HuggingClaw logic: try system DNS first, and if it fails (ENOTFOUND), fallback to DoH using the direct IP '1.1.1.1' which bypasses system DNS entirely.
- Reverted README and DISCORD_PROXY_GUIDE.md since Telegram is NOT blocked by HF TLS/SNI and works natively once DNS is fixed.

DISCORD_PROXY_GUIDE.md

@@ -1,67 +1,45 @@
-# 🛠️ Bypassing Hugging Face Network Restrictions
+# 🛠️ How to Create a Free Discord Proxy
 
-Hugging Face Free Tier Spaces block outgoing connections to certain messaging platforms (**Discord** and **Telegram**) via **TLS/SNI inspection**. This means the TCP connection is allowed, but the TLS handshake is silently dropped as soon as HF detects the target hostname (e.g., `discord.com`, `api.telegram.org`) in the SNI field.
+Hugging Face officially blocks outgoing connections to Discord's IP addresses on Free Tier Spaces to prevent spam. While our built-in DNS script cleanly bypasses blocks for Telegram and WhatsApp, Discord is blocked at the physical IP firewall level.
 
-The fix is to route your traffic through a **Cloudflare Worker proxy** with a neutral hostname. Since the SNI in the TLS handshake will show `your-proxy.workers.dev` instead of the blocked hostname, HF's filter won't block it. Cloudflare Workers are **100% free** (100,000 requests/day).
+This means the native n8n "Discord" node will always hang and fail with a "Connection closed unexpectedly" error.
 
----
-
-## Setting Up a Cloudflare Worker Proxy
+To work around this, you can easily create your own private Discord proxy using Cloudflare Workers. It takes about 2 minutes and is 100% free (allowing up to 100,000 requests per day).
 
-This process takes about 2 minutes and works for both Discord and Telegram.
+## Step-by-Step Guide
 
 ### Step 1: Create a Cloudflare Worker
-1. Log into [Cloudflare](https://dash.cloudflare.com/) (create a free account if needed).
-2. Go to **Workers & Pages** in the left sidebar.
-3. Click **Create Worker** → **Start with Hello World!**.
-4. Give it a name (e.g., `discord-proxy` or `telegram-proxy`) and click **Deploy**.
+1. Log into [Cloudflare](https://dash.cloudflare.com/) (create an account if you don't have one).
+2. On the left sidebar, go to **Workers & Pages**.
+3. Click **Create Worker** -> **Start with Hello World!**.
+4. Name it something memorable, like `discord-proxy`, and click **Deploy**.
 
 ### Step 2: Add the Proxy Code
-1. Click **Edit Code**.
-2. Delete all existing code and paste the following snippet.
-3. Replace `TARGET_HOSTNAME` with the service you want to proxy (see table below).
+1. Once deployed, click the **Edit Code** button.
+2. In the online code editor, delete the existing code and replace it entirely with this 6-line snippet:
 
 ```javascript
 export default {
   async fetch(request) {
     const url = new URL(request.url);
-    url.hostname = 'TARGET_HOSTNAME';
+    url.hostname = 'discord.com';
     return fetch(new Request(url, request));
   }
 }
 ```
 
-| Service | Replace `TARGET_HOSTNAME` with |
-| :--- | :--- |
-| Discord | `discord.com` |
-| Telegram | `api.telegram.org` |
-
-4. Click **Save and Deploy**. Cloudflare gives you a URL like `https://your-proxy.yourname.workers.dev`.
-
----
+3. Click **Save and Deploy** in the top right corner. Cloudflare will generate a unique URL for you (e.g., `https://discord-proxy.yourname.workers.dev`).
 
-## Using the Proxy in n8n
+### Step 3: Use the Proxy in n8n
+Because the native Discord Node hardcodes connections to `discord.com` when using Bot tokens, you must use the **Webhook** method.
 
-### Discord
-The native n8n Discord node uses Bot tokens that hardcode `discord.com`. Use the **Webhook** authentication method instead:
-
-1. Add a **Discord** node and set the **Credential** to use **Webhook** authentication.
-2. Create a new Discord Webhook credential.
-3. Take your Discord Webhook URL and replace `discord.com` with your Worker domain:
-   - *Original:* `https://discord.com/api/webhooks/123456/abcdef`
-   - *Proxied:* `https://discord-proxy.yourname.workers.dev/api/webhooks/123456/abcdef`
-4. Paste the proxied URL in the **Webhook URL** field.
-
-### Telegram
-The n8n Telegram credential has a **Base URL** field that can be changed:
-
-1. Go to **Credentials** → add or edit a **Telegram** credential.
-2. Enter your Bot Token as usual.
-3. In the **Base URL** field, replace `https://api.telegram.org` with your Worker URL:
-   - *Original:* `https://api.telegram.org`
-   - *Proxied:* `https://telegram-proxy.yourname.workers.dev`
-4. Click **Save** and then **Test** — it should connect instantly.
+1. Add the standard **Discord** node to your n8n workflow.
+2. Under "Authentication", select **Webhook**.
+3. Take your normal Discord Webhook URL and replace `discord.com` with your new worker domain.
+   * *Original:* `https://discord.com/api/webhooks/123456/abcdef`
+   * *New:* `https://discord-proxy.yourname.workers.dev/api/webhooks/123456/abcdef`
+4. Create a new Discord Webhook Credential in n8n and paste that **New URL** into the "Webhook URL" field.
+5. Setup your message (e.g., set the text to "Hello World") and click **Execute Node**. Your message will instantly appear in Discord!
 
 ---
-
-*Note: Upgrading your Hugging Face Space to a paid hardware tier removes these network restrictions entirely, allowing you to use all n8n nodes natively without a proxy.*
+*Note: If you ever upgrade your Hugging Face Space to a paid hardware tier, the outgoing firewall restriction is removed, and you can go back to using the native n8n Discord node directly!*

README.md

@@ -68,10 +68,10 @@ Hugging8n automatically creates and maintains a private dataset in your Hugging
 
 ## ⚠️ Known Limitations & Workarounds
 
-**Discord & Telegram Webhooks Blocked by Hugging Face**
-Hugging Face blocks outgoing connections to Discord and Telegram on Free Tier Spaces via TLS/SNI inspection — the TCP connection opens but the TLS handshake is silently dropped when the target hostname is detected. To use these services, you must route traffic through a proxy with a different hostname.
+**Discord Webhooks**
+Hugging Face officially blocks outgoing connections to Discord on Free Tier Spaces. To use the Discord node, you must route your traffic through a simple, free proxy.
 
-👉 **[Read the Guide: How to Create a Free Cloudflare Proxy in 2 minutes](./DISCORD_PROXY_GUIDE.md)**
+👉 **[Read the Guide: How to Create a Free Discord Proxy in 2 minutes](./DISCORD_PROXY_GUIDE.md)**
 *(Upgrading to a paid Space removes this firewall restriction entirely).*
 
 ## 🏗️ Architecture

dns-fix.js

@@ -2,8 +2,8 @@
  * DNS fix preload script for HF Spaces.
  *
  * Patches Node.js dns.lookup to:
- * 1. Try DNS-over-HTTPS (Cloudflare) first to bypass DNS sinkholing
- * 2. Fall back to system DNS if DoH fails
+ * 1. Try system DNS first
+ * 2. Fall back to DNS-over-HTTPS (Cloudflare) if system DNS fails
  *    (This is needed because HF Spaces intercepts/blocks some domains like
  *    WhatsApp web or Telegram API via standard UDP DNS).
  *
@@ -11,18 +11,9 @@
  */
 "use strict";
 
-console.error("[DNS-FIX] Loaded — DoH-first resolver + keep-alive patch active.");
-
 const dns = require("dns");
-const http = require("http");
 const https = require("https");
 
-// ── Keep-Alive Fix ────────────────────────────────────────────────────────────
-http.globalAgent = new http.Agent({ keepAlive: false });
-https.globalAgent = new https.Agent({ keepAlive: false });
-// ─────────────────────────────────────────────────────────────────────────────
-
-
 // In-memory cache for runtime DoH resolutions
 const runtimeCache = new Map(); // hostname -> { ip, expiry }
 
@@ -34,7 +25,7 @@ function dohResolve(hostname, callback) {
     return callback(null, cached.ip);
   }
 
-  const url = `https://cloudflare-dns.com/dns-query?name=${encodeURIComponent(hostname)}&type=A`;
+  const url = `https://1.1.1.1/dns-query?name=${encodeURIComponent(hostname)}&type=A`;
   const req = https.get(
     url,
     { headers: { Accept: "application/dns-json" }, timeout: 15000 },
@@ -87,24 +78,31 @@ dns.lookup = function patchedLookup(hostname, options, callback) {
     hostname === "127.0.0.1" ||
     hostname === "::1" ||
     /^\d+\.\d+\.\d+\.\d+$/.test(hostname) ||
-    /^::/.test(hostname) ||
-    hostname === "cloudflare-dns.com"
+    /^::/.test(hostname)
   ) {
     return origLookup.call(dns, hostname, options, callback);
   }
 
-  // 1) Try DoH first to bypass HF DNS sinkholing (which returns fake IPs instead of ENOTFOUND)
-  dohResolve(hostname, (dohErr, ip) => {
-    if (!dohErr && ip) {
-      if (options.all) {
-        return callback(null, [{ address: ip, family: 4 }]);
-      }
-      return callback(null, ip, 4);
+  // 1) Try system DNS first
+  origLookup.call(dns, hostname, options, (err, address, family) => {
+    if (!err && address) {
+      return callback(null, address, family);
     }
 
-    console.error(`[DNS-FIX] DoH failed for ${hostname}:`, dohErr ? dohErr.message : "no IP returned");
-    
-    // 2) Fall back to system DNS if DoH fails
-    origLookup.call(dns, hostname, options, callback);
+    // 2) System DNS failed with ENOTFOUND or EAI_AGAIN — fall back to DoH
+    if (err && (err.code === "ENOTFOUND" || err.code === "EAI_AGAIN")) {
+      dohResolve(hostname, (dohErr, ip) => {
+        if (dohErr || !ip) {
+          return callback(err); // Return original error
+        }
+        if (options.all) {
+          return callback(null, [{ address: ip, family: 4 }]);
+        }
+        callback(null, ip, 4);
+      });
+    } else {
+      // Other DNS errors — pass through
+      callback(err, address, family);
+    }
   });
 };