@ait-co/devtools 0.1.69 → 0.1.71

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ait-co/devtools",
-  "version": "0.1.69",
+  "version": "0.1.71",
   "description": "Development tools for Apps in Toss mini-apps — mock SDK, floating devtools panel, and universal bundler plugin",
   "type": "module",
   "engines": {

package/dist/chii-relay-BNd3G3UG.js

@@ -1,152 +0,0 @@
-import { createRequire } from "node:module";
-import { createServer } from "node:http";
-//#region src/mcp/chii-relay.ts
-/**
-* Boots the local Chii relay server.
-*
-* Chii (liriliri/chii) is a chobitsu-based CDP relay that lets non-Chrome
-* WebViews (iOS WKWebView / Android WebView — i.e. the Toss app) expose CDP.
-* The relay accepts a `target` websocket from the phone's injected `target.js`
-* and `client` websockets from CDP frontends (our MCP connection).
-*
-* Node-only: `chii` pulls in Koa + ws. Never bundled into the browser/in-app
-* entries.
-*
-* TOTP auth (relay-side, authoritative gate):
-*   When `verifyAuth` is provided, this module registers HTTP 'upgrade' and
-*   'request' listeners on the server BEFORE calling `chii.start({server})`.
-*   Node's `http.Server` calls listeners in registration order; the first to
-*   call `socket.destroy()` (upgrade) or `res.end()` (request) wins. Invalid
-*   auth → 401 + destroy (chii never sees the connection). Valid auth →
-*   return without side-effect (chii handles it).
-*
-* TOTP code transports (issue #466) — two equivalent ways to carry the code:
-*   1. Query param `at=<code>` — used by the daemon-side `/client` connection
-*      (`chii-connection.ts` appends it; it holds the secret).
-*   2. Path prefix `/at/<code>/…` — used by the phone-side target. Chii's
-*      stock `target.js` derives its WS endpoint from the script `src`
-*      (`scriptEl.src.replace('target.js','')`), so the only way for the
-*      phone to carry a code is to embed it in the script URL path. The
-*      in-app attach injects `https://<host>/at/<code>/target.js`; both the
-*      script fetch and the derived `wss://<host>/at/<code>/target/<id>` WS
-*      dial then carry the prefix. The listeners below rewrite the prefix
-*      into the query form (`rewriteAtPathPrefix`) and MUTATE `req.url`
-*      before chii's own handlers (registered later) parse it — chii only
-*      ever sees the stripped URL.
-*
-* Threat model: "URL leak" — someone obtains the tunnel URL (Slack paste, QR
-*   screenshot, shoulder-surfing) but does not have the shared TOTP secret.
-*   Rotating 6-digit code makes the URL stale after 30 s.
-*   A determined attacker who extracts the secret from the dogfood bundle can
-*   still compute valid codes; that is out of scope (see umbrella CLAUDE.md §4).
-*
-* SECRET-HANDLING: The secret value and computed TOTP codes MUST NOT appear
-*   in any log, error message, or process output. `verifyAuth` is a black-box
-*   predicate from the caller's perspective; this module only forwards pass/fail.
-*/
-const require = createRequire(import.meta.url);
-function loadChiiServer() {
-	const mod = require("chii");
-	if (typeof mod === "object" && mod !== null && "start" in mod && typeof mod.start === "function") return mod;
-	throw new Error("chii server module did not expose start()");
-}
-/**
-* Rewrites a `/at/<code>/…` path-prefixed request URL into the equivalent
-* query-based form, e.g.:
-*
-*   `/at/123456/target.js`        → `/target.js?at=123456`
-*   `/at/123456/target/x?url=u`   → `/target/x?url=u&at=123456`
-*   `/at/123456/`                 → `/?at=123456`
-*
-* Returns `null` when the URL does not carry the prefix (including an empty
-* code segment) — callers fall back to the unmodified URL and the existing
-* query-based auth path.
-*
-* Pure string surgery — this function knows nothing about secrets or code
-* validity; verification stays inside the caller-provided `verifyAuth`
-* predicate (which parses the query). The raw path segment is appended
-* verbatim to the query: both path segments and query values are
-* percent-decoded exactly once by their consumers, so no re-encoding is
-* needed (TOTP codes are 6 digits and never percent-encoded in practice).
-*/
-function rewriteAtPathPrefix(rawUrl) {
-	const match = /^\/at\/([^/?]+)(\/[^?]*)?(\?.*)?$/.exec(rawUrl);
-	if (match === null) return null;
-	const code = match[1];
-	const path = match[2] === void 0 || match[2] === "" ? "/" : match[2];
-	const query = match[3] ?? "";
-	return `${path}${query}${query === "" ? "?" : "&"}at=${code}`;
-}
-/**
-* Starts the Chii relay and resolves once listening.
-*
-* Default port is 0 (OS-assigned). With port 0 the OS picks a free ephemeral
-* port on every start, so a stale cloudflared orphan holding any particular
-* port cannot cause EADDRINUSE. The resolved `ChiiRelay.port` and `baseUrl`
-* always reflect the actual bound port.
-*
-* chii.start() is called with `server` (our pre-created httpServer) BEFORE
-* httpServer.listen(). This is intentional: chii attaches its Koa handler and
-* WS upgrade listener to the server object, but the actual TCP bind is
-* performed by our httpServer.listen() call below. The `port`/`domain` values
-* passed to chii.start() are used for display/banner purposes inside chii and
-* do not affect which port the server binds. The connection path (clients
-* connecting to `relay.baseUrl`) always uses the post-listen confirmed port.
-*/
-async function startChiiRelay(options = {}) {
-	const requestedPort = options.port ?? 0;
-	const host = options.host ?? "127.0.0.1";
-	const { verifyAuth, onAuthReject } = options;
-	const httpServer = createServer();
-	const notifyAuthReject = (kind) => {
-		if (onAuthReject === void 0) return;
-		try {
-			onAuthReject({ kind });
-		} catch {}
-	};
-	if (verifyAuth) {
-		httpServer.on("upgrade", (req, socket) => {
-			const rewritten = rewriteAtPathPrefix(req.url ?? "");
-			if (rewritten !== null) req.url = rewritten;
-			if (!verifyAuth(req)) {
-				socket.write("HTTP/1.1 401 Unauthorized\r\nContent-Length: 0\r\n\r\n");
-				socket.destroy();
-				notifyAuthReject("ws-upgrade");
-				return;
-			}
-		});
-		httpServer.on("request", (req, res) => {
-			const rewritten = rewriteAtPathPrefix(req.url ?? "");
-			if (rewritten === null) return;
-			req.url = rewritten;
-			if (!verifyAuth(req)) {
-				res.statusCode = 401;
-				res.end();
-				notifyAuthReject("http-request");
-			}
-		});
-	}
-	await loadChiiServer().start({
-		server: httpServer,
-		domain: `${host}:${requestedPort}`,
-		port: requestedPort
-	});
-	const actualPort = await new Promise((resolve, reject) => {
-		httpServer.once("error", reject);
-		httpServer.listen(requestedPort, host, () => {
-			httpServer.off("error", reject);
-			resolve(httpServer.address().port);
-		});
-	});
-	return {
-		port: actualPort,
-		baseUrl: `http://${host}:${actualPort}`,
-		close: () => new Promise((resolve) => {
-			httpServer.close(() => resolve());
-		})
-	};
-}
-//#endregion
-export { startChiiRelay };
-
-//# sourceMappingURL=chii-relay-BNd3G3UG.js.map

package/dist/chii-relay-BNd3G3UG.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"chii-relay-BNd3G3UG.js","names":[],"sources":["../src/mcp/chii-relay.ts"],"sourcesContent":["/**\n * Boots the local Chii relay server.\n *\n * Chii (liriliri/chii) is a chobitsu-based CDP relay that lets non-Chrome\n * WebViews (iOS WKWebView / Android WebView — i.e. the Toss app) expose CDP.\n * The relay accepts a `target` websocket from the phone's injected `target.js`\n * and `client` websockets from CDP frontends (our MCP connection).\n *\n * Node-only: `chii` pulls in Koa + ws. Never bundled into the browser/in-app\n * entries.\n *\n * TOTP auth (relay-side, authoritative gate):\n *   When `verifyAuth` is provided, this module registers HTTP 'upgrade' and\n *   'request' listeners on the server BEFORE calling `chii.start({server})`.\n *   Node's `http.Server` calls listeners in registration order; the first to\n *   call `socket.destroy()` (upgrade) or `res.end()` (request) wins. Invalid\n *   auth → 401 + destroy (chii never sees the connection). Valid auth →\n *   return without side-effect (chii handles it).\n *\n * TOTP code transports (issue #466) — two equivalent ways to carry the code:\n *   1. Query param `at=<code>` — used by the daemon-side `/client` connection\n *      (`chii-connection.ts` appends it; it holds the secret).\n *   2. Path prefix `/at/<code>/…` — used by the phone-side target. Chii's\n *      stock `target.js` derives its WS endpoint from the script `src`\n *      (`scriptEl.src.replace('target.js','')`), so the only way for the\n *      phone to carry a code is to embed it in the script URL path. The\n *      in-app attach injects `https://<host>/at/<code>/target.js`; both the\n *      script fetch and the derived `wss://<host>/at/<code>/target/<id>` WS\n *      dial then carry the prefix. The listeners below rewrite the prefix\n *      into the query form (`rewriteAtPathPrefix`) and MUTATE `req.url`\n *      before chii's own handlers (registered later) parse it — chii only\n *      ever sees the stripped URL.\n *\n * Threat model: \"URL leak\" — someone obtains the tunnel URL (Slack paste, QR\n *   screenshot, shoulder-surfing) but does not have the shared TOTP secret.\n *   Rotating 6-digit code makes the URL stale after 30 s.\n *   A determined attacker who extracts the secret from the dogfood bundle can\n *   still compute valid codes; that is out of scope (see umbrella CLAUDE.md §4).\n *\n * SECRET-HANDLING: The secret value and computed TOTP codes MUST NOT appear\n *   in any log, error message, or process output. `verifyAuth` is a black-box\n *   predicate from the caller's perspective; this module only forwards pass/fail.\n */\n\nimport { createServer, type IncomingMessage, type Server } from 'node:http';\nimport { createRequire } from 'node:module';\nimport type { AddressInfo } from 'node:net';\nimport type { Duplex } from 'node:stream';\n\nconst require = createRequire(import.meta.url);\n\n/** `chii/server` is CommonJS and shipped without TypeScript types. */\ninterface ChiiServerModule {\n  start(options: {\n    port?: number;\n    host?: string;\n    domain?: string;\n    server?: Server;\n    basePath?: string;\n  }): Promise<void>;\n}\n\nfunction loadChiiServer(): ChiiServerModule {\n  // `chii`'s package `main` is `./server/index.js`, exposing `{ start }`.\n  const mod: unknown = require('chii');\n  if (\n    typeof mod === 'object' &&\n    mod !== null &&\n    'start' in mod &&\n    typeof (mod as { start: unknown }).start === 'function'\n  ) {\n    return mod as ChiiServerModule;\n  }\n  throw new Error('chii server module did not expose start()');\n}\n\nexport interface ChiiRelay {\n  port: number;\n  /** Base URL for the relay HTTP/WS server, e.g. `http://127.0.0.1:54321`. */\n  baseUrl: string;\n  close(): Promise<void>;\n}\n\n/**\n * Secret-free metadata about a single auth rejection (issue #467).\n *\n * SECRET-HANDLING: this event carries ONLY the surface kind. It must never\n * grow fields for `req.url`, query strings, codes, or secrets — observers\n * (diagnostics counters, console hints) only need \"a rejection happened\".\n */\nexport interface RelayAuthRejectEvent {\n  /** Which inbound surface was rejected. */\n  kind: 'ws-upgrade' | 'http-request';\n}\n\n/**\n * Rewrites a `/at/<code>/…` path-prefixed request URL into the equivalent\n * query-based form, e.g.:\n *\n *   `/at/123456/target.js`        → `/target.js?at=123456`\n *   `/at/123456/target/x?url=u`   → `/target/x?url=u&at=123456`\n *   `/at/123456/`                 → `/?at=123456`\n *\n * Returns `null` when the URL does not carry the prefix (including an empty\n * code segment) — callers fall back to the unmodified URL and the existing\n * query-based auth path.\n *\n * Pure string surgery — this function knows nothing about secrets or code\n * validity; verification stays inside the caller-provided `verifyAuth`\n * predicate (which parses the query). The raw path segment is appended\n * verbatim to the query: both path segments and query values are\n * percent-decoded exactly once by their consumers, so no re-encoding is\n * needed (TOTP codes are 6 digits and never percent-encoded in practice).\n */\nexport function rewriteAtPathPrefix(rawUrl: string): string | null {\n  const match = /^\\/at\\/([^/?]+)(\\/[^?]*)?(\\?.*)?$/.exec(rawUrl);\n  if (match === null) return null;\n  const code = match[1];\n  const path = match[2] === undefined || match[2] === '' ? '/' : match[2];\n  const query = match[3] ?? '';\n  const separator = query === '' ? '?' : '&';\n  return `${path}${query}${separator}at=${code}`;\n}\n\nexport interface StartChiiRelayOptions {\n  /**\n   * Local port for the relay. Default 0 (OS-assigned ephemeral port).\n   *\n   * Using 0 means the OS picks a free port — this is the safe default because\n   * a stale cloudflared child process (PPID 1, orphaned after SIGKILL) may still\n   * be holding a fixed port. A fixed port causes EADDRINUSE on the next startup,\n   * which makes the MCP handshake fail with -32000. With port 0 the new relay\n   * always gets a fresh port, making any orphaned process harmless.\n   *\n   * Pass an explicit number to restore fixed-port behaviour (backwards-compatible).\n   */\n  port?: number;\n  /** Bind host. Default 127.0.0.1 (tunnel reaches it locally). */\n  host?: string;\n  /**\n   * Optional auth predicate for WebSocket upgrade requests.\n   *\n   * When provided, every inbound WebSocket upgrade is checked by calling\n   * `verifyAuth(req)` before Chii processes it. Return `true` to allow the\n   * upgrade; return `false` to reject with HTTP 401 and destroy the socket.\n   *\n   * The predicate MUST NOT log the secret or any TOTP code — it is a black-box\n   * from this module's perspective.\n   *\n   * @param req - The raw HTTP `IncomingMessage` from the upgrade handshake.\n   *   Inspect `req.url` for query parameters (e.g. `at=<code>`). Path-prefixed\n   *   URLs (`/at/<code>/…`, the phone-target transport — issue #466) are\n   *   rewritten into the query form BEFORE this predicate runs, so a\n   *   query-only predicate covers both transports.\n   * @returns `true` if the upgrade is authorised, `false` to reject.\n   */\n  verifyAuth?: (req: IncomingMessage) => boolean;\n  /**\n   * Secret-free observability callback fired on every auth rejection\n   * (issue #467). Only meaningful together with `verifyAuth`.\n   *\n   * SECRET-HANDLING: the event carries ONLY the rejection kind — never\n   * `req.url`, query strings, TOTP codes, or the secret. Implementations must\n   * keep it that way (e.g. increment a counter + timestamp). Exceptions thrown\n   * by the callback are swallowed so observability can never break the gate.\n   */\n  onAuthReject?: (event: RelayAuthRejectEvent) => void;\n}\n\n/**\n * Starts the Chii relay and resolves once listening.\n *\n * Default port is 0 (OS-assigned). With port 0 the OS picks a free ephemeral\n * port on every start, so a stale cloudflared orphan holding any particular\n * port cannot cause EADDRINUSE. The resolved `ChiiRelay.port` and `baseUrl`\n * always reflect the actual bound port.\n *\n * chii.start() is called with `server` (our pre-created httpServer) BEFORE\n * httpServer.listen(). This is intentional: chii attaches its Koa handler and\n * WS upgrade listener to the server object, but the actual TCP bind is\n * performed by our httpServer.listen() call below. The `port`/`domain` values\n * passed to chii.start() are used for display/banner purposes inside chii and\n * do not affect which port the server binds. The connection path (clients\n * connecting to `relay.baseUrl`) always uses the post-listen confirmed port.\n */\nexport async function startChiiRelay(options: StartChiiRelayOptions = {}): Promise<ChiiRelay> {\n  const requestedPort = options.port ?? 0;\n  const host = options.host ?? '127.0.0.1';\n  const { verifyAuth, onAuthReject } = options;\n\n  const httpServer = createServer();\n\n  // Secret-free observability hook (issue #467). Swallow callback exceptions —\n  // a broken observer must never turn into an open gate or a crashed relay.\n  const notifyAuthReject = (kind: RelayAuthRejectEvent['kind']): void => {\n    if (onAuthReject === undefined) return;\n    try {\n      onAuthReject({ kind });\n    } catch {\n      // Ignore — observability is best-effort.\n    }\n  };\n\n  // Register our auth listeners BEFORE chii.start() so they fire first.\n  // Node's http.Server emits 'upgrade'/'request' to all listeners in\n  // registration order; the first to destroy() the socket (upgrade) or end()\n  // the response (request) wins. Valid requests return without side-effect so\n  // chii's own handlers take over normally — and because listeners run\n  // synchronously in order, mutating `req.url` here (path-prefix strip,\n  // issue #466) means chii's later-registered handlers only ever see the\n  // stripped URL.\n  //\n  // We only register when verifyAuth is provided so the no-auth path is\n  // zero-overhead for tests and local-only dev sessions. (The phone-side\n  // `/at/<code>/` prefix only ever appears when TOTP is armed — the launcher\n  // QR carries the `at` code — so the no-auth path never needs the strip.)\n  if (verifyAuth) {\n    httpServer.on('upgrade', (req: IncomingMessage, socket: Duplex) => {\n      // Phone-target transport (issue #466): normalise a `/at/<code>/…` path\n      // prefix into the query form before verification, and strip it from the\n      // URL chii will see. No-prefix URLs pass through untouched (daemon\n      // client query transport — back-compat).\n      const rewritten = rewriteAtPathPrefix(req.url ?? '');\n      if (rewritten !== null) {\n        req.url = rewritten;\n      }\n      if (!verifyAuth(req)) {\n        // Reject: send a minimal HTTP 401 response and close the socket.\n        // We do NOT log req.url or any auth param here to avoid leaking codes.\n        socket.write('HTTP/1.1 401 Unauthorized\\r\\nContent-Length: 0\\r\\n\\r\\n');\n        socket.destroy();\n        notifyAuthReject('ws-upgrade');\n        // Early return — chii's handler is NOT called for this socket.\n        return;\n      }\n      // Auth passed: no-op. Chii's upgrade listener (registered below by\n      // chii.start) will handle the rest.\n    });\n\n    // Plain HTTP requests: only the path-prefixed form is ours — the phone\n    // fetches `target.js` via `https://<host>/at/<code>/target.js` (issue\n    // #466), which must be verified + stripped so chii's Koa static handler\n    // serves `/target.js`. Non-prefixed requests keep today's behaviour\n    // (ungated pass-through to chii).\n    httpServer.on('request', (req, res) => {\n      const rewritten = rewriteAtPathPrefix(req.url ?? '');\n      if (rewritten === null) return;\n      req.url = rewritten;\n      if (!verifyAuth(req)) {\n        // We do NOT log req.url or any auth param here to avoid leaking codes.\n        res.statusCode = 401;\n        res.end();\n        notifyAuthReject('http-request');\n      }\n      // Auth passed: no-op — chii's Koa 'request' listener (registered below\n      // by chii.start) serves the rewritten URL. (Koa skips writing when an\n      // earlier listener already ended the response, so the 401 path is safe\n      // even though Koa still runs.)\n    });\n  }\n\n  const chii = loadChiiServer();\n  // Passing an existing `server` makes chii attach its Koa handler + WS upgrade\n  // to our HTTP server rather than creating its own listener.\n  // Note: port/domain here are display-only inside chii — the TCP bind is ours.\n  await chii.start({ server: httpServer, domain: `${host}:${requestedPort}`, port: requestedPort });\n\n  const actualPort = await new Promise<number>((resolve, reject) => {\n    httpServer.once('error', reject);\n    httpServer.listen(requestedPort, host, () => {\n      httpServer.off('error', reject);\n      // httpServer.address() is non-null immediately after the listen callback.\n      const addr = httpServer.address() as AddressInfo;\n      resolve(addr.port);\n    });\n  });\n\n  return {\n    port: actualPort,\n    baseUrl: `http://${host}:${actualPort}`,\n    close: () =>\n      new Promise<void>((resolve) => {\n        httpServer.close(() => resolve());\n      }),\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiDA,MAAM,UAAU,cAAc,OAAO,KAAK,IAAI;AAa9C,SAAS,iBAAmC;CAE1C,MAAM,MAAe,QAAQ,OAAO;AACpC,KACE,OAAO,QAAQ,YACf,QAAQ,QACR,WAAW,OACX,OAAQ,IAA2B,UAAU,WAE7C,QAAO;AAET,OAAM,IAAI,MAAM,4CAA4C;;;;;;;;;;;;;;;;;;;;;AAyC9D,SAAgB,oBAAoB,QAA+B;CACjE,MAAM,QAAQ,oCAAoC,KAAK,OAAO;AAC9D,KAAI,UAAU,KAAM,QAAO;CAC3B,MAAM,OAAO,MAAM;CACnB,MAAM,OAAO,MAAM,OAAO,KAAA,KAAa,MAAM,OAAO,KAAK,MAAM,MAAM;CACrE,MAAM,QAAQ,MAAM,MAAM;AAE1B,QAAO,GAAG,OAAO,QADC,UAAU,KAAK,MAAM,IACJ,KAAK;;;;;;;;;;;;;;;;;;AAgE1C,eAAsB,eAAe,UAAiC,EAAE,EAAsB;CAC5F,MAAM,gBAAgB,QAAQ,QAAQ;CACtC,MAAM,OAAO,QAAQ,QAAQ;CAC7B,MAAM,EAAE,YAAY,iBAAiB;CAErC,MAAM,aAAa,cAAc;CAIjC,MAAM,oBAAoB,SAA6C;AACrE,MAAI,iBAAiB,KAAA,EAAW;AAChC,MAAI;AACF,gBAAa,EAAE,MAAM,CAAC;UAChB;;AAkBV,KAAI,YAAY;AACd,aAAW,GAAG,YAAY,KAAsB,WAAmB;GAKjE,MAAM,YAAY,oBAAoB,IAAI,OAAO,GAAG;AACpD,OAAI,cAAc,KAChB,KAAI,MAAM;AAEZ,OAAI,CAAC,WAAW,IAAI,EAAE;AAGpB,WAAO,MAAM,yDAAyD;AACtE,WAAO,SAAS;AAChB,qBAAiB,aAAa;AAE9B;;IAIF;AAOF,aAAW,GAAG,YAAY,KAAK,QAAQ;GACrC,MAAM,YAAY,oBAAoB,IAAI,OAAO,GAAG;AACpD,OAAI,cAAc,KAAM;AACxB,OAAI,MAAM;AACV,OAAI,CAAC,WAAW,IAAI,EAAE;AAEpB,QAAI,aAAa;AACjB,QAAI,KAAK;AACT,qBAAiB,eAAe;;IAMlC;;AAOJ,OAJa,gBAAgB,CAIlB,MAAM;EAAE,QAAQ;EAAY,QAAQ,GAAG,KAAK,GAAG;EAAiB,MAAM;EAAe,CAAC;CAEjG,MAAM,aAAa,MAAM,IAAI,SAAiB,SAAS,WAAW;AAChE,aAAW,KAAK,SAAS,OAAO;AAChC,aAAW,OAAO,eAAe,YAAY;AAC3C,cAAW,IAAI,SAAS,OAAO;AAG/B,WADa,WAAW,SAAS,CACpB,KAAK;IAClB;GACF;AAEF,QAAO;EACL,MAAM;EACN,SAAS,UAAU,KAAK,GAAG;EAC3B,aACE,IAAI,SAAe,YAAY;AAC7B,cAAW,YAAY,SAAS,CAAC;IACjC;EACL"}

package/dist/chii-relay-DngjQ2_A.cjs

@@ -1,151 +0,0 @@
-let node_http = require("node:http");
-//#region src/mcp/chii-relay.ts
-/**
-* Boots the local Chii relay server.
-*
-* Chii (liriliri/chii) is a chobitsu-based CDP relay that lets non-Chrome
-* WebViews (iOS WKWebView / Android WebView — i.e. the Toss app) expose CDP.
-* The relay accepts a `target` websocket from the phone's injected `target.js`
-* and `client` websockets from CDP frontends (our MCP connection).
-*
-* Node-only: `chii` pulls in Koa + ws. Never bundled into the browser/in-app
-* entries.
-*
-* TOTP auth (relay-side, authoritative gate):
-*   When `verifyAuth` is provided, this module registers HTTP 'upgrade' and
-*   'request' listeners on the server BEFORE calling `chii.start({server})`.
-*   Node's `http.Server` calls listeners in registration order; the first to
-*   call `socket.destroy()` (upgrade) or `res.end()` (request) wins. Invalid
-*   auth → 401 + destroy (chii never sees the connection). Valid auth →
-*   return without side-effect (chii handles it).
-*
-* TOTP code transports (issue #466) — two equivalent ways to carry the code:
-*   1. Query param `at=<code>` — used by the daemon-side `/client` connection
-*      (`chii-connection.ts` appends it; it holds the secret).
-*   2. Path prefix `/at/<code>/…` — used by the phone-side target. Chii's
-*      stock `target.js` derives its WS endpoint from the script `src`
-*      (`scriptEl.src.replace('target.js','')`), so the only way for the
-*      phone to carry a code is to embed it in the script URL path. The
-*      in-app attach injects `https://<host>/at/<code>/target.js`; both the
-*      script fetch and the derived `wss://<host>/at/<code>/target/<id>` WS
-*      dial then carry the prefix. The listeners below rewrite the prefix
-*      into the query form (`rewriteAtPathPrefix`) and MUTATE `req.url`
-*      before chii's own handlers (registered later) parse it — chii only
-*      ever sees the stripped URL.
-*
-* Threat model: "URL leak" — someone obtains the tunnel URL (Slack paste, QR
-*   screenshot, shoulder-surfing) but does not have the shared TOTP secret.
-*   Rotating 6-digit code makes the URL stale after 30 s.
-*   A determined attacker who extracts the secret from the dogfood bundle can
-*   still compute valid codes; that is out of scope (see umbrella CLAUDE.md §4).
-*
-* SECRET-HANDLING: The secret value and computed TOTP codes MUST NOT appear
-*   in any log, error message, or process output. `verifyAuth` is a black-box
-*   predicate from the caller's perspective; this module only forwards pass/fail.
-*/
-const require$1 = (0, require("node:module").createRequire)(require("url").pathToFileURL(__filename).href);
-function loadChiiServer() {
-	const mod = require$1("chii");
-	if (typeof mod === "object" && mod !== null && "start" in mod && typeof mod.start === "function") return mod;
-	throw new Error("chii server module did not expose start()");
-}
-/**
-* Rewrites a `/at/<code>/…` path-prefixed request URL into the equivalent
-* query-based form, e.g.:
-*
-*   `/at/123456/target.js`        → `/target.js?at=123456`
-*   `/at/123456/target/x?url=u`   → `/target/x?url=u&at=123456`
-*   `/at/123456/`                 → `/?at=123456`
-*
-* Returns `null` when the URL does not carry the prefix (including an empty
-* code segment) — callers fall back to the unmodified URL and the existing
-* query-based auth path.
-*
-* Pure string surgery — this function knows nothing about secrets or code
-* validity; verification stays inside the caller-provided `verifyAuth`
-* predicate (which parses the query). The raw path segment is appended
-* verbatim to the query: both path segments and query values are
-* percent-decoded exactly once by their consumers, so no re-encoding is
-* needed (TOTP codes are 6 digits and never percent-encoded in practice).
-*/
-function rewriteAtPathPrefix(rawUrl) {
-	const match = /^\/at\/([^/?]+)(\/[^?]*)?(\?.*)?$/.exec(rawUrl);
-	if (match === null) return null;
-	const code = match[1];
-	const path = match[2] === void 0 || match[2] === "" ? "/" : match[2];
-	const query = match[3] ?? "";
-	return `${path}${query}${query === "" ? "?" : "&"}at=${code}`;
-}
-/**
-* Starts the Chii relay and resolves once listening.
-*
-* Default port is 0 (OS-assigned). With port 0 the OS picks a free ephemeral
-* port on every start, so a stale cloudflared orphan holding any particular
-* port cannot cause EADDRINUSE. The resolved `ChiiRelay.port` and `baseUrl`
-* always reflect the actual bound port.
-*
-* chii.start() is called with `server` (our pre-created httpServer) BEFORE
-* httpServer.listen(). This is intentional: chii attaches its Koa handler and
-* WS upgrade listener to the server object, but the actual TCP bind is
-* performed by our httpServer.listen() call below. The `port`/`domain` values
-* passed to chii.start() are used for display/banner purposes inside chii and
-* do not affect which port the server binds. The connection path (clients
-* connecting to `relay.baseUrl`) always uses the post-listen confirmed port.
-*/
-async function startChiiRelay(options = {}) {
-	const requestedPort = options.port ?? 0;
-	const host = options.host ?? "127.0.0.1";
-	const { verifyAuth, onAuthReject } = options;
-	const httpServer = (0, node_http.createServer)();
-	const notifyAuthReject = (kind) => {
-		if (onAuthReject === void 0) return;
-		try {
-			onAuthReject({ kind });
-		} catch {}
-	};
-	if (verifyAuth) {
-		httpServer.on("upgrade", (req, socket) => {
-			const rewritten = rewriteAtPathPrefix(req.url ?? "");
-			if (rewritten !== null) req.url = rewritten;
-			if (!verifyAuth(req)) {
-				socket.write("HTTP/1.1 401 Unauthorized\r\nContent-Length: 0\r\n\r\n");
-				socket.destroy();
-				notifyAuthReject("ws-upgrade");
-				return;
-			}
-		});
-		httpServer.on("request", (req, res) => {
-			const rewritten = rewriteAtPathPrefix(req.url ?? "");
-			if (rewritten === null) return;
-			req.url = rewritten;
-			if (!verifyAuth(req)) {
-				res.statusCode = 401;
-				res.end();
-				notifyAuthReject("http-request");
-			}
-		});
-	}
-	await loadChiiServer().start({
-		server: httpServer,
-		domain: `${host}:${requestedPort}`,
-		port: requestedPort
-	});
-	const actualPort = await new Promise((resolve, reject) => {
-		httpServer.once("error", reject);
-		httpServer.listen(requestedPort, host, () => {
-			httpServer.off("error", reject);
-			resolve(httpServer.address().port);
-		});
-	});
-	return {
-		port: actualPort,
-		baseUrl: `http://${host}:${actualPort}`,
-		close: () => new Promise((resolve) => {
-			httpServer.close(() => resolve());
-		})
-	};
-}
-//#endregion
-exports.startChiiRelay = startChiiRelay;
-
-//# sourceMappingURL=chii-relay-DngjQ2_A.cjs.map

package/dist/chii-relay-DngjQ2_A.cjs.map

@@ -1 +0,0 @@
-{"version":3,"file":"chii-relay-DngjQ2_A.cjs","names":["require"],"sources":["../src/mcp/chii-relay.ts"],"sourcesContent":["/**\n * Boots the local Chii relay server.\n *\n * Chii (liriliri/chii) is a chobitsu-based CDP relay that lets non-Chrome\n * WebViews (iOS WKWebView / Android WebView — i.e. the Toss app) expose CDP.\n * The relay accepts a `target` websocket from the phone's injected `target.js`\n * and `client` websockets from CDP frontends (our MCP connection).\n *\n * Node-only: `chii` pulls in Koa + ws. Never bundled into the browser/in-app\n * entries.\n *\n * TOTP auth (relay-side, authoritative gate):\n *   When `verifyAuth` is provided, this module registers HTTP 'upgrade' and\n *   'request' listeners on the server BEFORE calling `chii.start({server})`.\n *   Node's `http.Server` calls listeners in registration order; the first to\n *   call `socket.destroy()` (upgrade) or `res.end()` (request) wins. Invalid\n *   auth → 401 + destroy (chii never sees the connection). Valid auth →\n *   return without side-effect (chii handles it).\n *\n * TOTP code transports (issue #466) — two equivalent ways to carry the code:\n *   1. Query param `at=<code>` — used by the daemon-side `/client` connection\n *      (`chii-connection.ts` appends it; it holds the secret).\n *   2. Path prefix `/at/<code>/…` — used by the phone-side target. Chii's\n *      stock `target.js` derives its WS endpoint from the script `src`\n *      (`scriptEl.src.replace('target.js','')`), so the only way for the\n *      phone to carry a code is to embed it in the script URL path. The\n *      in-app attach injects `https://<host>/at/<code>/target.js`; both the\n *      script fetch and the derived `wss://<host>/at/<code>/target/<id>` WS\n *      dial then carry the prefix. The listeners below rewrite the prefix\n *      into the query form (`rewriteAtPathPrefix`) and MUTATE `req.url`\n *      before chii's own handlers (registered later) parse it — chii only\n *      ever sees the stripped URL.\n *\n * Threat model: \"URL leak\" — someone obtains the tunnel URL (Slack paste, QR\n *   screenshot, shoulder-surfing) but does not have the shared TOTP secret.\n *   Rotating 6-digit code makes the URL stale after 30 s.\n *   A determined attacker who extracts the secret from the dogfood bundle can\n *   still compute valid codes; that is out of scope (see umbrella CLAUDE.md §4).\n *\n * SECRET-HANDLING: The secret value and computed TOTP codes MUST NOT appear\n *   in any log, error message, or process output. `verifyAuth` is a black-box\n *   predicate from the caller's perspective; this module only forwards pass/fail.\n */\n\nimport { createServer, type IncomingMessage, type Server } from 'node:http';\nimport { createRequire } from 'node:module';\nimport type { AddressInfo } from 'node:net';\nimport type { Duplex } from 'node:stream';\n\nconst require = createRequire(import.meta.url);\n\n/** `chii/server` is CommonJS and shipped without TypeScript types. */\ninterface ChiiServerModule {\n  start(options: {\n    port?: number;\n    host?: string;\n    domain?: string;\n    server?: Server;\n    basePath?: string;\n  }): Promise<void>;\n}\n\nfunction loadChiiServer(): ChiiServerModule {\n  // `chii`'s package `main` is `./server/index.js`, exposing `{ start }`.\n  const mod: unknown = require('chii');\n  if (\n    typeof mod === 'object' &&\n    mod !== null &&\n    'start' in mod &&\n    typeof (mod as { start: unknown }).start === 'function'\n  ) {\n    return mod as ChiiServerModule;\n  }\n  throw new Error('chii server module did not expose start()');\n}\n\nexport interface ChiiRelay {\n  port: number;\n  /** Base URL for the relay HTTP/WS server, e.g. `http://127.0.0.1:54321`. */\n  baseUrl: string;\n  close(): Promise<void>;\n}\n\n/**\n * Secret-free metadata about a single auth rejection (issue #467).\n *\n * SECRET-HANDLING: this event carries ONLY the surface kind. It must never\n * grow fields for `req.url`, query strings, codes, or secrets — observers\n * (diagnostics counters, console hints) only need \"a rejection happened\".\n */\nexport interface RelayAuthRejectEvent {\n  /** Which inbound surface was rejected. */\n  kind: 'ws-upgrade' | 'http-request';\n}\n\n/**\n * Rewrites a `/at/<code>/…` path-prefixed request URL into the equivalent\n * query-based form, e.g.:\n *\n *   `/at/123456/target.js`        → `/target.js?at=123456`\n *   `/at/123456/target/x?url=u`   → `/target/x?url=u&at=123456`\n *   `/at/123456/`                 → `/?at=123456`\n *\n * Returns `null` when the URL does not carry the prefix (including an empty\n * code segment) — callers fall back to the unmodified URL and the existing\n * query-based auth path.\n *\n * Pure string surgery — this function knows nothing about secrets or code\n * validity; verification stays inside the caller-provided `verifyAuth`\n * predicate (which parses the query). The raw path segment is appended\n * verbatim to the query: both path segments and query values are\n * percent-decoded exactly once by their consumers, so no re-encoding is\n * needed (TOTP codes are 6 digits and never percent-encoded in practice).\n */\nexport function rewriteAtPathPrefix(rawUrl: string): string | null {\n  const match = /^\\/at\\/([^/?]+)(\\/[^?]*)?(\\?.*)?$/.exec(rawUrl);\n  if (match === null) return null;\n  const code = match[1];\n  const path = match[2] === undefined || match[2] === '' ? '/' : match[2];\n  const query = match[3] ?? '';\n  const separator = query === '' ? '?' : '&';\n  return `${path}${query}${separator}at=${code}`;\n}\n\nexport interface StartChiiRelayOptions {\n  /**\n   * Local port for the relay. Default 0 (OS-assigned ephemeral port).\n   *\n   * Using 0 means the OS picks a free port — this is the safe default because\n   * a stale cloudflared child process (PPID 1, orphaned after SIGKILL) may still\n   * be holding a fixed port. A fixed port causes EADDRINUSE on the next startup,\n   * which makes the MCP handshake fail with -32000. With port 0 the new relay\n   * always gets a fresh port, making any orphaned process harmless.\n   *\n   * Pass an explicit number to restore fixed-port behaviour (backwards-compatible).\n   */\n  port?: number;\n  /** Bind host. Default 127.0.0.1 (tunnel reaches it locally). */\n  host?: string;\n  /**\n   * Optional auth predicate for WebSocket upgrade requests.\n   *\n   * When provided, every inbound WebSocket upgrade is checked by calling\n   * `verifyAuth(req)` before Chii processes it. Return `true` to allow the\n   * upgrade; return `false` to reject with HTTP 401 and destroy the socket.\n   *\n   * The predicate MUST NOT log the secret or any TOTP code — it is a black-box\n   * from this module's perspective.\n   *\n   * @param req - The raw HTTP `IncomingMessage` from the upgrade handshake.\n   *   Inspect `req.url` for query parameters (e.g. `at=<code>`). Path-prefixed\n   *   URLs (`/at/<code>/…`, the phone-target transport — issue #466) are\n   *   rewritten into the query form BEFORE this predicate runs, so a\n   *   query-only predicate covers both transports.\n   * @returns `true` if the upgrade is authorised, `false` to reject.\n   */\n  verifyAuth?: (req: IncomingMessage) => boolean;\n  /**\n   * Secret-free observability callback fired on every auth rejection\n   * (issue #467). Only meaningful together with `verifyAuth`.\n   *\n   * SECRET-HANDLING: the event carries ONLY the rejection kind — never\n   * `req.url`, query strings, TOTP codes, or the secret. Implementations must\n   * keep it that way (e.g. increment a counter + timestamp). Exceptions thrown\n   * by the callback are swallowed so observability can never break the gate.\n   */\n  onAuthReject?: (event: RelayAuthRejectEvent) => void;\n}\n\n/**\n * Starts the Chii relay and resolves once listening.\n *\n * Default port is 0 (OS-assigned). With port 0 the OS picks a free ephemeral\n * port on every start, so a stale cloudflared orphan holding any particular\n * port cannot cause EADDRINUSE. The resolved `ChiiRelay.port` and `baseUrl`\n * always reflect the actual bound port.\n *\n * chii.start() is called with `server` (our pre-created httpServer) BEFORE\n * httpServer.listen(). This is intentional: chii attaches its Koa handler and\n * WS upgrade listener to the server object, but the actual TCP bind is\n * performed by our httpServer.listen() call below. The `port`/`domain` values\n * passed to chii.start() are used for display/banner purposes inside chii and\n * do not affect which port the server binds. The connection path (clients\n * connecting to `relay.baseUrl`) always uses the post-listen confirmed port.\n */\nexport async function startChiiRelay(options: StartChiiRelayOptions = {}): Promise<ChiiRelay> {\n  const requestedPort = options.port ?? 0;\n  const host = options.host ?? '127.0.0.1';\n  const { verifyAuth, onAuthReject } = options;\n\n  const httpServer = createServer();\n\n  // Secret-free observability hook (issue #467). Swallow callback exceptions —\n  // a broken observer must never turn into an open gate or a crashed relay.\n  const notifyAuthReject = (kind: RelayAuthRejectEvent['kind']): void => {\n    if (onAuthReject === undefined) return;\n    try {\n      onAuthReject({ kind });\n    } catch {\n      // Ignore — observability is best-effort.\n    }\n  };\n\n  // Register our auth listeners BEFORE chii.start() so they fire first.\n  // Node's http.Server emits 'upgrade'/'request' to all listeners in\n  // registration order; the first to destroy() the socket (upgrade) or end()\n  // the response (request) wins. Valid requests return without side-effect so\n  // chii's own handlers take over normally — and because listeners run\n  // synchronously in order, mutating `req.url` here (path-prefix strip,\n  // issue #466) means chii's later-registered handlers only ever see the\n  // stripped URL.\n  //\n  // We only register when verifyAuth is provided so the no-auth path is\n  // zero-overhead for tests and local-only dev sessions. (The phone-side\n  // `/at/<code>/` prefix only ever appears when TOTP is armed — the launcher\n  // QR carries the `at` code — so the no-auth path never needs the strip.)\n  if (verifyAuth) {\n    httpServer.on('upgrade', (req: IncomingMessage, socket: Duplex) => {\n      // Phone-target transport (issue #466): normalise a `/at/<code>/…` path\n      // prefix into the query form before verification, and strip it from the\n      // URL chii will see. No-prefix URLs pass through untouched (daemon\n      // client query transport — back-compat).\n      const rewritten = rewriteAtPathPrefix(req.url ?? '');\n      if (rewritten !== null) {\n        req.url = rewritten;\n      }\n      if (!verifyAuth(req)) {\n        // Reject: send a minimal HTTP 401 response and close the socket.\n        // We do NOT log req.url or any auth param here to avoid leaking codes.\n        socket.write('HTTP/1.1 401 Unauthorized\\r\\nContent-Length: 0\\r\\n\\r\\n');\n        socket.destroy();\n        notifyAuthReject('ws-upgrade');\n        // Early return — chii's handler is NOT called for this socket.\n        return;\n      }\n      // Auth passed: no-op. Chii's upgrade listener (registered below by\n      // chii.start) will handle the rest.\n    });\n\n    // Plain HTTP requests: only the path-prefixed form is ours — the phone\n    // fetches `target.js` via `https://<host>/at/<code>/target.js` (issue\n    // #466), which must be verified + stripped so chii's Koa static handler\n    // serves `/target.js`. Non-prefixed requests keep today's behaviour\n    // (ungated pass-through to chii).\n    httpServer.on('request', (req, res) => {\n      const rewritten = rewriteAtPathPrefix(req.url ?? '');\n      if (rewritten === null) return;\n      req.url = rewritten;\n      if (!verifyAuth(req)) {\n        // We do NOT log req.url or any auth param here to avoid leaking codes.\n        res.statusCode = 401;\n        res.end();\n        notifyAuthReject('http-request');\n      }\n      // Auth passed: no-op — chii's Koa 'request' listener (registered below\n      // by chii.start) serves the rewritten URL. (Koa skips writing when an\n      // earlier listener already ended the response, so the 401 path is safe\n      // even though Koa still runs.)\n    });\n  }\n\n  const chii = loadChiiServer();\n  // Passing an existing `server` makes chii attach its Koa handler + WS upgrade\n  // to our HTTP server rather than creating its own listener.\n  // Note: port/domain here are display-only inside chii — the TCP bind is ours.\n  await chii.start({ server: httpServer, domain: `${host}:${requestedPort}`, port: requestedPort });\n\n  const actualPort = await new Promise<number>((resolve, reject) => {\n    httpServer.once('error', reject);\n    httpServer.listen(requestedPort, host, () => {\n      httpServer.off('error', reject);\n      // httpServer.address() is non-null immediately after the listen callback.\n      const addr = httpServer.address() as AddressInfo;\n      resolve(addr.port);\n    });\n  });\n\n  return {\n    port: actualPort,\n    baseUrl: `http://${host}:${actualPort}`,\n    close: () =>\n      new Promise<void>((resolve) => {\n        httpServer.close(() => resolve());\n      }),\n  };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiDA,MAAMA,aAAAA,0BAAAA,eAAAA,QAAAA,MAAAA,CAAAA,cAAAA,WAAAA,CAAAA,KAAwC;AAa9C,SAAS,iBAAmC;CAE1C,MAAM,MAAeA,UAAQ,OAAO;AACpC,KACE,OAAO,QAAQ,YACf,QAAQ,QACR,WAAW,OACX,OAAQ,IAA2B,UAAU,WAE7C,QAAO;AAET,OAAM,IAAI,MAAM,4CAA4C;;;;;;;;;;;;;;;;;;;;;AAyC9D,SAAgB,oBAAoB,QAA+B;CACjE,MAAM,QAAQ,oCAAoC,KAAK,OAAO;AAC9D,KAAI,UAAU,KAAM,QAAO;CAC3B,MAAM,OAAO,MAAM;CACnB,MAAM,OAAO,MAAM,OAAO,KAAA,KAAa,MAAM,OAAO,KAAK,MAAM,MAAM;CACrE,MAAM,QAAQ,MAAM,MAAM;AAE1B,QAAO,GAAG,OAAO,QADC,UAAU,KAAK,MAAM,IACJ,KAAK;;;;;;;;;;;;;;;;;;AAgE1C,eAAsB,eAAe,UAAiC,EAAE,EAAsB;CAC5F,MAAM,gBAAgB,QAAQ,QAAQ;CACtC,MAAM,OAAO,QAAQ,QAAQ;CAC7B,MAAM,EAAE,YAAY,iBAAiB;CAErC,MAAM,cAAA,GAAA,UAAA,eAA2B;CAIjC,MAAM,oBAAoB,SAA6C;AACrE,MAAI,iBAAiB,KAAA,EAAW;AAChC,MAAI;AACF,gBAAa,EAAE,MAAM,CAAC;UAChB;;AAkBV,KAAI,YAAY;AACd,aAAW,GAAG,YAAY,KAAsB,WAAmB;GAKjE,MAAM,YAAY,oBAAoB,IAAI,OAAO,GAAG;AACpD,OAAI,cAAc,KAChB,KAAI,MAAM;AAEZ,OAAI,CAAC,WAAW,IAAI,EAAE;AAGpB,WAAO,MAAM,yDAAyD;AACtE,WAAO,SAAS;AAChB,qBAAiB,aAAa;AAE9B;;IAIF;AAOF,aAAW,GAAG,YAAY,KAAK,QAAQ;GACrC,MAAM,YAAY,oBAAoB,IAAI,OAAO,GAAG;AACpD,OAAI,cAAc,KAAM;AACxB,OAAI,MAAM;AACV,OAAI,CAAC,WAAW,IAAI,EAAE;AAEpB,QAAI,aAAa;AACjB,QAAI,KAAK;AACT,qBAAiB,eAAe;;IAMlC;;AAOJ,OAJa,gBAAgB,CAIlB,MAAM;EAAE,QAAQ;EAAY,QAAQ,GAAG,KAAK,GAAG;EAAiB,MAAM;EAAe,CAAC;CAEjG,MAAM,aAAa,MAAM,IAAI,SAAiB,SAAS,WAAW;AAChE,aAAW,KAAK,SAAS,OAAO;AAChC,aAAW,OAAO,eAAe,YAAY;AAC3C,cAAW,IAAI,SAAS,OAAO;AAG/B,WADa,WAAW,SAAS,CACpB,KAAK;IAClB;GACF;AAEF,QAAO;EACL,MAAM;EACN,SAAS,UAAU,KAAK,GAAG;EAC3B,aACE,IAAI,SAAe,YAAY;AAC7B,cAAW,YAAY,SAAS,CAAC;IACjC;EACL"}