@broberg/seti-server 0.1.0

package/README.md

@@ -0,0 +1,36 @@
+# @broberg/seti-server
+
+Mountable [Hono](https://hono.dev) proxy router for **buddycloud.cc's SETI API v1** —
+embed SET/SETI live streaming chat in a host app while the consumer token stays
+server-side. The browser talks same-origin to the host (no CORS, host-app auth in
+front, EventSource/fetch-SSE works with the host's cookies); this proxy injects the
+bearer token server-to-server.
+
+```ts
+import { createSetiProxy } from "@broberg/seti-server";
+
+// Gate with YOUR auth first, then mount:
+app.use("/api/seti/*", hostAuthMiddleware);
+app.route(
+  "/api/seti",
+  createSetiProxy({
+    cloudUrl: process.env.SETI_CLOUD_URL!, // e.g. https://buddycloud.cc
+    token: process.env.SETI_TOKEN!,        // a BUDDY_SETI_TOKENS consumer token
+  }),
+);
+```
+
+## Routes (1:1 against `{cloudUrl}/api/seti/v1/*`)
+
+| Route | Method | Purpose |
+| --- | --- | --- |
+| `/sessions` | GET | Fleet roster: `{ edges: [{ edgeId, connected, tmuxSessions, sessions }] }`. `tmuxSessions` are the **streamable** units — use them as the `session` param. |
+| `/stream?edge=&session=` | GET | SSE pass-through: `hello` / `frame` (full pane snapshot) / `ping`. |
+| `/input` | POST | `{ edge, session, text? \| key? }` — text lines or nav-keys (`SETI_KEYS`). |
+
+Pairs with [`@broberg/seti-client`](https://www.npmjs.com/package/@broberg/seti-client)
+(typed client + frame-merge engine + Preact `<SetiChat>` component).
+
+Peer dependency: `hono ^4`. No runtime dependencies.
+
+MIT © broberg.ai

package/dist/index.cjs

@@ -0,0 +1,84 @@
+'use strict';
+
+var hono = require('hono');
+
+// src/index.ts
+var SETI_KEYS = [
+  "Escape",
+  "Up",
+  "Down",
+  "Left",
+  "Right",
+  "Enter",
+  "BSpace",
+  "Tab"
+];
+function createSetiProxy(opts) {
+  const base = opts.cloudUrl.replace(/\/$/, "");
+  const doFetch = opts.fetch ?? globalThis.fetch.bind(globalThis);
+  const auth = { Authorization: `Bearer ${opts.token}` };
+  const app = new hono.Hono();
+  app.get("/sessions", async (c) => {
+    try {
+      const res = await doFetch(`${base}/api/seti/v1/sessions`, { headers: auth });
+      const body = await res.text();
+      return new Response(body, {
+        status: res.status,
+        headers: { "content-type": "application/json" }
+      });
+    } catch {
+      return c.json({ edges: [], error: "cloud_unreachable" }, 502);
+    }
+  });
+  app.get("/stream", async (c) => {
+    const edge = c.req.query("edge") ?? "";
+    const session = c.req.query("session") ?? "";
+    if (!edge || !session) return c.json({ error: "edge_and_session_required" }, 400);
+    let upstream;
+    try {
+      upstream = await doFetch(
+        `${base}/api/seti/v1/stream?edge=${encodeURIComponent(edge)}&session=${encodeURIComponent(session)}`,
+        // Propagate the client abort so the upstream attach heartbeat stops
+        // (and the edge's capture loop expires) when the viewer leaves.
+        { headers: auth, signal: c.req.raw.signal }
+      );
+    } catch {
+      return c.json({ error: "cloud_unreachable" }, 502);
+    }
+    if (!upstream.ok || !upstream.body) {
+      return c.json({ error: `upstream_${upstream.status}` }, 502);
+    }
+    return new Response(upstream.body, {
+      status: 200,
+      headers: {
+        "content-type": "text/event-stream",
+        "cache-control": "no-cache",
+        connection: "keep-alive",
+        "x-accel-buffering": "no"
+      }
+    });
+  });
+  app.post("/input", async (c) => {
+    const body = await c.req.text();
+    try {
+      const res = await doFetch(`${base}/api/seti/v1/input`, {
+        method: "POST",
+        headers: { ...auth, "content-type": "application/json" },
+        body
+      });
+      const out = await res.text();
+      return new Response(out, {
+        status: res.status,
+        headers: { "content-type": "application/json" }
+      });
+    } catch {
+      return c.json({ ok: false, error: "cloud_unreachable" }, 502);
+    }
+  });
+  return app;
+}
+
+exports.SETI_KEYS = SETI_KEYS;
+exports.createSetiProxy = createSetiProxy;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"names":["Hono"],"mappings":";;;;;AA6BO,IAAM,SAAA,GAAY;AAAA,EACvB,QAAA;AAAA,EACA,IAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAEO,SAAS,gBAAgB,IAAA,EAA8B;AAC5D,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC5C,EAAA,MAAM,UAAU,IAAA,CAAK,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAC9D,EAAA,MAAM,OAAO,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,KAAK,CAAA,CAAA,EAAG;AACrD,EAAA,MAAM,GAAA,GAAM,IAAIA,SAAA,EAAK;AAErB,EAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,OAAA,CAAQ,CAAA,EAAG,IAAI,CAAA,qBAAA,CAAA,EAAyB,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA;AAC3E,MAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,OAC/C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,EAAC,EAAG,KAAA,EAAO,mBAAA,EAAoB,EAAG,GAAG,CAAA;AAAA,IAC9D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,GAAA,CAAI,GAAA,CAAI,SAAA,EAAW,OAAO,CAAA,KAAM;AAC9B,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA,IAAK,EAAA;AACpC,IAAA,MAAM,OAAA,GAAU,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,SAAS,CAAA,IAAK,EAAA;AAC1C,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,OAAA,EAAS,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,KAAA,EAAO,2BAAA,EAA4B,EAAG,GAAG,CAAA;AAChF,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,OAAA;AAAA,QACf,CAAA,EAAG,IAAI,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,IAAI,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,OAAO,CAAC,CAAA,CAAA;AAAA;AAAA;AAAA,QAGlG,EAAE,OAAA,EAAS,IAAA,EAAM,QAAQ,CAAA,CAAE,GAAA,CAAI,IAAI,MAAA;AAAO,OAC5C;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,IAAA,EAAM;AAClC,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,YAAY,QAAA,CAAS,MAAM,CAAA,CAAA,EAAG,EAAG,GAAG,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,IAAI,QAAA,CAAS,QAAA,CAAS,IAAA,EAAM;AAAA,MACjC,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,mBAAA;AAAA,QAChB,eAAA,EAAiB,UAAA;AAAA,QACjB,UAAA,EAAY,YAAA;AAAA,QACZ,mBAAA,EAAqB;AAAA;AACvB,KACD,CAAA;AAAA,EACH,CAAC,CAAA;AAED,EAAA,GAAA,CAAI,IAAA,CAAK,QAAA,EAAU,OAAO,CAAA,KAAM;AAC9B,IAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAK;AAC9B,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,OAAA,CAAQ,CAAA,EAAG,IAAI,CAAA,kBAAA,CAAA,EAAsB;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,GAAG,IAAA,EAAM,gBAAgB,kBAAA,EAAmB;AAAA,QACvD;AAAA,OACD,CAAA;AACD,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,IAAA,EAAK;AAC3B,MAAA,OAAO,IAAI,SAAS,GAAA,EAAK;AAAA,QACvB,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,OAC/C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,EAAA,EAAI,OAAO,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IAC9D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,GAAA;AACT","file":"index.cjs","sourcesContent":["import { Hono } from \"hono\";\n\n/**\n * @broberg/seti-server — mountable Hono proxy for buddycloud.cc's SETI API v1.\n *\n * The host app gates with its OWN auth, then mounts:\n *\n *   app.use('/api/seti/*', hostAuthMiddleware);\n *   app.route('/api/seti', createSetiProxy({ cloudUrl, token }));\n *\n * The consumer token never reaches the browser: the page talks same-origin to\n * the host (so EventSource works with the host's cookie auth and no CORS is\n * needed), and this proxy injects the bearer token server-to-server.\n *\n * Routes (1:1 against `${cloudUrl}/api/seti/v1/*`):\n *   GET  /sessions  — fleet roster ({ edges: [{ edgeId, connected, tmuxSessions, sessions }] })\n *   GET  /stream    — SSE pass-through (hello / frame / ping events)\n *   POST /input     — { edge, session, text? | key? }\n */\nexport interface SetiProxyOptions {\n  /** The buddy cloud hub, e.g. \"https://buddycloud.cc\". */\n  cloudUrl: string;\n  /** A SETI consumer token (one of the cloud's BUDDY_SETI_TOKENS). */\n  token: string;\n  /** Override fetch (tests). Defaults to globalThis.fetch. */\n  fetch?: typeof fetch;\n}\n\n/** tmux key names accepted by POST /input's `key` field. */\nexport const SETI_KEYS = [\n  \"Escape\",\n  \"Up\",\n  \"Down\",\n  \"Left\",\n  \"Right\",\n  \"Enter\",\n  \"BSpace\",\n  \"Tab\",\n] as const;\n\nexport function createSetiProxy(opts: SetiProxyOptions): Hono {\n  const base = opts.cloudUrl.replace(/\\/$/, \"\");\n  const doFetch = opts.fetch ?? globalThis.fetch.bind(globalThis);\n  const auth = { Authorization: `Bearer ${opts.token}` };\n  const app = new Hono();\n\n  app.get(\"/sessions\", async (c) => {\n    try {\n      const res = await doFetch(`${base}/api/seti/v1/sessions`, { headers: auth });\n      const body = await res.text();\n      return new Response(body, {\n        status: res.status,\n        headers: { \"content-type\": \"application/json\" },\n      });\n    } catch {\n      return c.json({ edges: [], error: \"cloud_unreachable\" }, 502);\n    }\n  });\n\n  app.get(\"/stream\", async (c) => {\n    const edge = c.req.query(\"edge\") ?? \"\";\n    const session = c.req.query(\"session\") ?? \"\";\n    if (!edge || !session) return c.json({ error: \"edge_and_session_required\" }, 400);\n    let upstream: Response;\n    try {\n      upstream = await doFetch(\n        `${base}/api/seti/v1/stream?edge=${encodeURIComponent(edge)}&session=${encodeURIComponent(session)}`,\n        // Propagate the client abort so the upstream attach heartbeat stops\n        // (and the edge's capture loop expires) when the viewer leaves.\n        { headers: auth, signal: c.req.raw.signal },\n      );\n    } catch {\n      return c.json({ error: \"cloud_unreachable\" }, 502);\n    }\n    if (!upstream.ok || !upstream.body) {\n      return c.json({ error: `upstream_${upstream.status}` }, 502);\n    }\n    return new Response(upstream.body, {\n      status: 200,\n      headers: {\n        \"content-type\": \"text/event-stream\",\n        \"cache-control\": \"no-cache\",\n        connection: \"keep-alive\",\n        \"x-accel-buffering\": \"no\",\n      },\n    });\n  });\n\n  app.post(\"/input\", async (c) => {\n    const body = await c.req.text();\n    try {\n      const res = await doFetch(`${base}/api/seti/v1/input`, {\n        method: \"POST\",\n        headers: { ...auth, \"content-type\": \"application/json\" },\n        body,\n      });\n      const out = await res.text();\n      return new Response(out, {\n        status: res.status,\n        headers: { \"content-type\": \"application/json\" },\n      });\n    } catch {\n      return c.json({ ok: false, error: \"cloud_unreachable\" }, 502);\n    }\n  });\n\n  return app;\n}\n"]}

package/dist/index.d.cts

@@ -0,0 +1,32 @@
+import { Hono } from 'hono';
+
+/**
+ * @broberg/seti-server — mountable Hono proxy for buddycloud.cc's SETI API v1.
+ *
+ * The host app gates with its OWN auth, then mounts:
+ *
+ *   app.use('/api/seti/*', hostAuthMiddleware);
+ *   app.route('/api/seti', createSetiProxy({ cloudUrl, token }));
+ *
+ * The consumer token never reaches the browser: the page talks same-origin to
+ * the host (so EventSource works with the host's cookie auth and no CORS is
+ * needed), and this proxy injects the bearer token server-to-server.
+ *
+ * Routes (1:1 against `${cloudUrl}/api/seti/v1/*`):
+ *   GET  /sessions  — fleet roster ({ edges: [{ edgeId, connected, tmuxSessions, sessions }] })
+ *   GET  /stream    — SSE pass-through (hello / frame / ping events)
+ *   POST /input     — { edge, session, text? | key? }
+ */
+interface SetiProxyOptions {
+    /** The buddy cloud hub, e.g. "https://buddycloud.cc". */
+    cloudUrl: string;
+    /** A SETI consumer token (one of the cloud's BUDDY_SETI_TOKENS). */
+    token: string;
+    /** Override fetch (tests). Defaults to globalThis.fetch. */
+    fetch?: typeof fetch;
+}
+/** tmux key names accepted by POST /input's `key` field. */
+declare const SETI_KEYS: readonly ["Escape", "Up", "Down", "Left", "Right", "Enter", "BSpace", "Tab"];
+declare function createSetiProxy(opts: SetiProxyOptions): Hono;
+
+export { SETI_KEYS, type SetiProxyOptions, createSetiProxy };

package/dist/index.d.ts

@@ -0,0 +1,32 @@
+import { Hono } from 'hono';
+
+/**
+ * @broberg/seti-server — mountable Hono proxy for buddycloud.cc's SETI API v1.
+ *
+ * The host app gates with its OWN auth, then mounts:
+ *
+ *   app.use('/api/seti/*', hostAuthMiddleware);
+ *   app.route('/api/seti', createSetiProxy({ cloudUrl, token }));
+ *
+ * The consumer token never reaches the browser: the page talks same-origin to
+ * the host (so EventSource works with the host's cookie auth and no CORS is
+ * needed), and this proxy injects the bearer token server-to-server.
+ *
+ * Routes (1:1 against `${cloudUrl}/api/seti/v1/*`):
+ *   GET  /sessions  — fleet roster ({ edges: [{ edgeId, connected, tmuxSessions, sessions }] })
+ *   GET  /stream    — SSE pass-through (hello / frame / ping events)
+ *   POST /input     — { edge, session, text? | key? }
+ */
+interface SetiProxyOptions {
+    /** The buddy cloud hub, e.g. "https://buddycloud.cc". */
+    cloudUrl: string;
+    /** A SETI consumer token (one of the cloud's BUDDY_SETI_TOKENS). */
+    token: string;
+    /** Override fetch (tests). Defaults to globalThis.fetch. */
+    fetch?: typeof fetch;
+}
+/** tmux key names accepted by POST /input's `key` field. */
+declare const SETI_KEYS: readonly ["Escape", "Up", "Down", "Left", "Right", "Enter", "BSpace", "Tab"];
+declare function createSetiProxy(opts: SetiProxyOptions): Hono;
+
+export { SETI_KEYS, type SetiProxyOptions, createSetiProxy };

package/dist/index.js

@@ -0,0 +1,81 @@
+import { Hono } from 'hono';
+
+// src/index.ts
+var SETI_KEYS = [
+  "Escape",
+  "Up",
+  "Down",
+  "Left",
+  "Right",
+  "Enter",
+  "BSpace",
+  "Tab"
+];
+function createSetiProxy(opts) {
+  const base = opts.cloudUrl.replace(/\/$/, "");
+  const doFetch = opts.fetch ?? globalThis.fetch.bind(globalThis);
+  const auth = { Authorization: `Bearer ${opts.token}` };
+  const app = new Hono();
+  app.get("/sessions", async (c) => {
+    try {
+      const res = await doFetch(`${base}/api/seti/v1/sessions`, { headers: auth });
+      const body = await res.text();
+      return new Response(body, {
+        status: res.status,
+        headers: { "content-type": "application/json" }
+      });
+    } catch {
+      return c.json({ edges: [], error: "cloud_unreachable" }, 502);
+    }
+  });
+  app.get("/stream", async (c) => {
+    const edge = c.req.query("edge") ?? "";
+    const session = c.req.query("session") ?? "";
+    if (!edge || !session) return c.json({ error: "edge_and_session_required" }, 400);
+    let upstream;
+    try {
+      upstream = await doFetch(
+        `${base}/api/seti/v1/stream?edge=${encodeURIComponent(edge)}&session=${encodeURIComponent(session)}`,
+        // Propagate the client abort so the upstream attach heartbeat stops
+        // (and the edge's capture loop expires) when the viewer leaves.
+        { headers: auth, signal: c.req.raw.signal }
+      );
+    } catch {
+      return c.json({ error: "cloud_unreachable" }, 502);
+    }
+    if (!upstream.ok || !upstream.body) {
+      return c.json({ error: `upstream_${upstream.status}` }, 502);
+    }
+    return new Response(upstream.body, {
+      status: 200,
+      headers: {
+        "content-type": "text/event-stream",
+        "cache-control": "no-cache",
+        connection: "keep-alive",
+        "x-accel-buffering": "no"
+      }
+    });
+  });
+  app.post("/input", async (c) => {
+    const body = await c.req.text();
+    try {
+      const res = await doFetch(`${base}/api/seti/v1/input`, {
+        method: "POST",
+        headers: { ...auth, "content-type": "application/json" },
+        body
+      });
+      const out = await res.text();
+      return new Response(out, {
+        status: res.status,
+        headers: { "content-type": "application/json" }
+      });
+    } catch {
+      return c.json({ ok: false, error: "cloud_unreachable" }, 502);
+    }
+  });
+  return app;
+}
+
+export { SETI_KEYS, createSetiProxy };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/index.ts"],"names":[],"mappings":";;;AA6BO,IAAM,SAAA,GAAY;AAAA,EACvB,QAAA;AAAA,EACA,IAAA;AAAA,EACA,MAAA;AAAA,EACA,MAAA;AAAA,EACA,OAAA;AAAA,EACA,OAAA;AAAA,EACA,QAAA;AAAA,EACA;AACF;AAEO,SAAS,gBAAgB,IAAA,EAA8B;AAC5D,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,QAAA,CAAS,OAAA,CAAQ,OAAO,EAAE,CAAA;AAC5C,EAAA,MAAM,UAAU,IAAA,CAAK,KAAA,IAAS,UAAA,CAAW,KAAA,CAAM,KAAK,UAAU,CAAA;AAC9D,EAAA,MAAM,OAAO,EAAE,aAAA,EAAe,CAAA,OAAA,EAAU,IAAA,CAAK,KAAK,CAAA,CAAA,EAAG;AACrD,EAAA,MAAM,GAAA,GAAM,IAAI,IAAA,EAAK;AAErB,EAAA,GAAA,CAAI,GAAA,CAAI,WAAA,EAAa,OAAO,CAAA,KAAM;AAChC,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,OAAA,CAAQ,CAAA,EAAG,IAAI,CAAA,qBAAA,CAAA,EAAyB,EAAE,OAAA,EAAS,IAAA,EAAM,CAAA;AAC3E,MAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,IAAA,EAAK;AAC5B,MAAA,OAAO,IAAI,SAAS,IAAA,EAAM;AAAA,QACxB,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,OAC/C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,EAAC,EAAG,KAAA,EAAO,mBAAA,EAAoB,EAAG,GAAG,CAAA;AAAA,IAC9D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,GAAA,CAAI,GAAA,CAAI,SAAA,EAAW,OAAO,CAAA,KAAM;AAC9B,IAAA,MAAM,IAAA,GAAO,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,MAAM,CAAA,IAAK,EAAA;AACpC,IAAA,MAAM,OAAA,GAAU,CAAA,CAAE,GAAA,CAAI,KAAA,CAAM,SAAS,CAAA,IAAK,EAAA;AAC1C,IAAA,IAAI,CAAC,IAAA,IAAQ,CAAC,OAAA,EAAS,OAAO,CAAA,CAAE,IAAA,CAAK,EAAE,KAAA,EAAO,2BAAA,EAA4B,EAAG,GAAG,CAAA;AAChF,IAAA,IAAI,QAAA;AACJ,IAAA,IAAI;AACF,MAAA,QAAA,GAAW,MAAM,OAAA;AAAA,QACf,CAAA,EAAG,IAAI,CAAA,yBAAA,EAA4B,kBAAA,CAAmB,IAAI,CAAC,CAAA,SAAA,EAAY,kBAAA,CAAmB,OAAO,CAAC,CAAA,CAAA;AAAA;AAAA;AAAA,QAGlG,EAAE,OAAA,EAAS,IAAA,EAAM,QAAQ,CAAA,CAAE,GAAA,CAAI,IAAI,MAAA;AAAO,OAC5C;AAAA,IACF,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,EAAE,IAAA,CAAK,EAAE,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IACnD;AACA,IAAA,IAAI,CAAC,QAAA,CAAS,EAAA,IAAM,CAAC,SAAS,IAAA,EAAM;AAClC,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,KAAA,EAAO,YAAY,QAAA,CAAS,MAAM,CAAA,CAAA,EAAG,EAAG,GAAG,CAAA;AAAA,IAC7D;AACA,IAAA,OAAO,IAAI,QAAA,CAAS,QAAA,CAAS,IAAA,EAAM;AAAA,MACjC,MAAA,EAAQ,GAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,mBAAA;AAAA,QAChB,eAAA,EAAiB,UAAA;AAAA,QACjB,UAAA,EAAY,YAAA;AAAA,QACZ,mBAAA,EAAqB;AAAA;AACvB,KACD,CAAA;AAAA,EACH,CAAC,CAAA;AAED,EAAA,GAAA,CAAI,IAAA,CAAK,QAAA,EAAU,OAAO,CAAA,KAAM;AAC9B,IAAA,MAAM,IAAA,GAAO,MAAM,CAAA,CAAE,GAAA,CAAI,IAAA,EAAK;AAC9B,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,MAAM,OAAA,CAAQ,CAAA,EAAG,IAAI,CAAA,kBAAA,CAAA,EAAsB;AAAA,QACrD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS,EAAE,GAAG,IAAA,EAAM,gBAAgB,kBAAA,EAAmB;AAAA,QACvD;AAAA,OACD,CAAA;AACD,MAAA,MAAM,GAAA,GAAM,MAAM,GAAA,CAAI,IAAA,EAAK;AAC3B,MAAA,OAAO,IAAI,SAAS,GAAA,EAAK;AAAA,QACvB,QAAQ,GAAA,CAAI,MAAA;AAAA,QACZ,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA;AAAmB,OAC/C,CAAA;AAAA,IACH,CAAA,CAAA,MAAQ;AACN,MAAA,OAAO,CAAA,CAAE,KAAK,EAAE,EAAA,EAAI,OAAO,KAAA,EAAO,mBAAA,IAAuB,GAAG,CAAA;AAAA,IAC9D;AAAA,EACF,CAAC,CAAA;AAED,EAAA,OAAO,GAAA;AACT","file":"index.js","sourcesContent":["import { Hono } from \"hono\";\n\n/**\n * @broberg/seti-server — mountable Hono proxy for buddycloud.cc's SETI API v1.\n *\n * The host app gates with its OWN auth, then mounts:\n *\n *   app.use('/api/seti/*', hostAuthMiddleware);\n *   app.route('/api/seti', createSetiProxy({ cloudUrl, token }));\n *\n * The consumer token never reaches the browser: the page talks same-origin to\n * the host (so EventSource works with the host's cookie auth and no CORS is\n * needed), and this proxy injects the bearer token server-to-server.\n *\n * Routes (1:1 against `${cloudUrl}/api/seti/v1/*`):\n *   GET  /sessions  — fleet roster ({ edges: [{ edgeId, connected, tmuxSessions, sessions }] })\n *   GET  /stream    — SSE pass-through (hello / frame / ping events)\n *   POST /input     — { edge, session, text? | key? }\n */\nexport interface SetiProxyOptions {\n  /** The buddy cloud hub, e.g. \"https://buddycloud.cc\". */\n  cloudUrl: string;\n  /** A SETI consumer token (one of the cloud's BUDDY_SETI_TOKENS). */\n  token: string;\n  /** Override fetch (tests). Defaults to globalThis.fetch. */\n  fetch?: typeof fetch;\n}\n\n/** tmux key names accepted by POST /input's `key` field. */\nexport const SETI_KEYS = [\n  \"Escape\",\n  \"Up\",\n  \"Down\",\n  \"Left\",\n  \"Right\",\n  \"Enter\",\n  \"BSpace\",\n  \"Tab\",\n] as const;\n\nexport function createSetiProxy(opts: SetiProxyOptions): Hono {\n  const base = opts.cloudUrl.replace(/\\/$/, \"\");\n  const doFetch = opts.fetch ?? globalThis.fetch.bind(globalThis);\n  const auth = { Authorization: `Bearer ${opts.token}` };\n  const app = new Hono();\n\n  app.get(\"/sessions\", async (c) => {\n    try {\n      const res = await doFetch(`${base}/api/seti/v1/sessions`, { headers: auth });\n      const body = await res.text();\n      return new Response(body, {\n        status: res.status,\n        headers: { \"content-type\": \"application/json\" },\n      });\n    } catch {\n      return c.json({ edges: [], error: \"cloud_unreachable\" }, 502);\n    }\n  });\n\n  app.get(\"/stream\", async (c) => {\n    const edge = c.req.query(\"edge\") ?? \"\";\n    const session = c.req.query(\"session\") ?? \"\";\n    if (!edge || !session) return c.json({ error: \"edge_and_session_required\" }, 400);\n    let upstream: Response;\n    try {\n      upstream = await doFetch(\n        `${base}/api/seti/v1/stream?edge=${encodeURIComponent(edge)}&session=${encodeURIComponent(session)}`,\n        // Propagate the client abort so the upstream attach heartbeat stops\n        // (and the edge's capture loop expires) when the viewer leaves.\n        { headers: auth, signal: c.req.raw.signal },\n      );\n    } catch {\n      return c.json({ error: \"cloud_unreachable\" }, 502);\n    }\n    if (!upstream.ok || !upstream.body) {\n      return c.json({ error: `upstream_${upstream.status}` }, 502);\n    }\n    return new Response(upstream.body, {\n      status: 200,\n      headers: {\n        \"content-type\": \"text/event-stream\",\n        \"cache-control\": \"no-cache\",\n        connection: \"keep-alive\",\n        \"x-accel-buffering\": \"no\",\n      },\n    });\n  });\n\n  app.post(\"/input\", async (c) => {\n    const body = await c.req.text();\n    try {\n      const res = await doFetch(`${base}/api/seti/v1/input`, {\n        method: \"POST\",\n        headers: { ...auth, \"content-type\": \"application/json\" },\n        body,\n      });\n      const out = await res.text();\n      return new Response(out, {\n        status: res.status,\n        headers: { \"content-type\": \"application/json\" },\n      });\n    } catch {\n      return c.json({ ok: false, error: \"cloud_unreachable\" }, 502);\n    }\n  });\n\n  return app;\n}\n"]}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@broberg/seti-server",
+  "version": "0.1.0",
+  "description": "Mountable Hono proxy router for buddycloud.cc's SETI API v1 — embed SET/SETI live streaming chat in a host app while the consumer token stays server-side (no CORS, host-app auth in front).",
+  "type": "module",
+  "license": "MIT",
+  "sideEffects": false,
+  "files": ["dist", "README.md"],
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "peerDependencies": {
+    "hono": "^4.0.0"
+  },
+  "devDependencies": {
+    "hono": "^4.6.14",
+    "tsup": "^8.3.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "keywords": [
+    "seti",
+    "set",
+    "streaming",
+    "terminal",
+    "tmux",
+    "sse",
+    "proxy",
+    "hono",
+    "buddycloud",
+    "broberg"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/broberg-ai/components",
+    "directory": "packages/seti-server"
+  },
+  "publishConfig": { "access": "public" }
+}