@duckfly/proxy 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Duckfly
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,86 @@
+<p align="center">
+  <img src="icons/logo-duck.png" alt="Duckfly" width="140" />
+</p>
+
+<h1 align="center">Duckfly Proxy</h1>
+
+<p align="center">
+  Observe real API usage, continuously enrich documentation, and generate MCP servers with Duckfly.
+</p>
+
+<p align="center">
+  <a href="https://www.npmjs.com/package/@duckfly/proxy"><img src="https://img.shields.io/npm/v/@duckfly/proxy.svg" alt="npm version" /></a>
+  <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT" /></a>
+</p>
+
+## Overview
+
+**Duckfly Proxy** is a lightweight HTTP proxy that observes real API usage and sends only **structural request metadata** to the Duckfly platform.
+
+This allows your API documentation and MCP (Model Context Protocol) servers to be **continuously enriched** based on how your application actually behaves, keeping everything aligned as the system evolves.
+
+## Why use Duckfly Proxy
+
+- Continuously enriched API documentation
+- MCP server generation for AI integrations
+- Documentation aligned with real API usage
+
+## Quick Start
+
+### Global install
+
+```bash
+npm install -g @duckfly/proxy
+```
+
+### Or run directly with npx
+
+```bash
+npx @duckfly/proxy
+```
+
+After running, the CLI will ask for:
+
+| Prompt | Description | Default |
+|---|---|---|
+| **Token** | Your Duckfly application token | — |
+| **Proxy Port** | Port where the proxy listens | `8080` |
+| **Target URL** | Your backend API address | `http://localhost:3000` |
+
+Configuration is saved locally in `.duckfly-proxy.json` so you don't need to re-enter it every time.
+
+## How It Works
+
+```
+┌─────────────┐        ┌──────────────┐        ┌──────────────┐
+│ Application │ ───>   │ Duckfly Proxy│ ───>   │   Backend    │
+└─────────────┘        └──────────────┘        └──────────────┘
+                               │
+              Sends API structure (with placeholders)
+                               │
+                               ▼
+                       ┌─────────────────┐
+                       │   Duckfly API   │
+                       │ Documentation & │
+                       │ MCP Generation  │
+                       └─────────────────┘
+```
+
+1. Your application routes requests through Duckfly Proxy
+2. The proxy forwards requests to your backend without changing behavior
+3. Structural API information is sent to Duckfly
+4. Documentation and MCP servers evolve continuously
+
+## Data Handling
+
+Duckfly Proxy processes only technical and structural information such as HTTP methods, routes, headers, and payload formats.
+
+Request and response values are replaced with **placeholders** before being sent, ensuring no sensitive or user-specific data is transmitted.
+
+## License
+
+MIT License
+
+This license applies only to the Duckfly Proxy package. The Duckfly platform and services are governed by separate terms.
+
+<p align="center">Made with 🦆 by Duckfly</p>

package/bin/cli.js

@@ -0,0 +1,283 @@
+#!/usr/bin/env node
+
+const inquirer = require('inquirer');
+const chalk = require('chalk');
+const { Spinner } = require('cli-spinner');
+const ProxyServer = require('../src/proxy-server');
+const ApiClient = require('../src/api-client');
+const fs = require('fs');
+const path = require('path');
+
+const yellow = chalk.hex('#FFD54F');
+const gold = chalk.hex('#FFC107');
+
+const DUCKFLY_LOGO = `
+${yellow(`
+                 @@@@@@@@@              
+               @%+-------=%@            
+             @@+-----------=@@          
+            @@=-----=##=-----@@         
+            @*------@@=#---+*%@         
+            @+------+%%+-=%*+*%@@       
+            @*---------=#%++%+++#%%@    
+            @@=-------=@%#++++++++%@    
+             @@+-------=*%%@@@@@@@      
+              @@@*-------===%@          
+           @%+---------------#@         
+         @%----------+--------#@        
+    @@@@%=------------#-------=@@       
+    @*------+*=-------%-------=@@       
+    @%--+@*+---------##-------+@        
+     @%=-=#%%#+----+%*------=+@@        
+      @@*==+%%##%%#=-----===*@@@        
+        @@#=============+*%#+=+*@@      
+           @@@%****#%%*+#@@@@%@@@       
+                @@@@%#++#@@@            
+`)}
+${gold('═══════════════════════════════════════════════════════════════════════════════════════════')}
+${chalk.bold.yellow('                        🦆 DUCKFLY PROXY v1.0.0                                  ')}
+${gold('═══════════════════════════════════════════════════════════════════════════════════════════')}
+${chalk.gray('                  Capture and document your APIs automatically                      ')}
+${chalk.gray('                          https://duckfly.dev                                        ')}
+${gold('═══════════════════════════════════════════════════════════════════════════════════════════')}
+`;
+
+const DUCKFLY_API_URL = 'https://api.duckfly.dev';
+const DUCKFLY_PROXY_URL = 'https://proxy.duckfly.dev';
+
+let config = {
+  token: null,
+  appName: null,
+  appUrl: null,
+  domainPackageId: null,
+  proxyPort: 8080,
+  targetUrl: 'http://localhost:3000',
+  apiUrl: DUCKFLY_API_URL,
+  proxyUrl: DUCKFLY_PROXY_URL
+};
+
+const CONFIG_FILE = path.join(process.cwd(), '.duckfly-proxy.json');
+
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      const saved = JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+      config = { ...config, ...saved };
+      return true;
+    }
+  } catch (error) {
+    console.log(chalk.yellow('⚠️  Erro ao carregar configuração salva'));
+  }
+  return false;
+}
+
+function saveConfig() {
+  try {
+    fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+  } catch (error) {
+    console.log(chalk.yellow('⚠️  Não foi possível salvar a configuração'));
+  }
+}
+
+async function validateToken(token) {
+  const spinner = new Spinner(chalk.yellow('%s Validando token...'));
+  spinner.setSpinnerString('|/-\\');
+  spinner.start();
+
+  try {
+    const apiClient = new ApiClient(config.apiUrl, config.proxyUrl, token);
+    const result = await apiClient.validateToken();
+
+    spinner.stop(true);
+
+    if (result.valid) {
+      console.log(chalk.green('✅ Token validado com sucesso!\n'));
+      console.log(chalk.bold.white('📋 Informações da Aplicação:'));
+      console.log(chalk.gray('─'.repeat(60)));
+      console.log(chalk.yellow('  Nome:        ') + chalk.white(result.appName));
+      console.log(chalk.yellow('  URL:         ') + chalk.white(result.appUrl));
+      console.log(chalk.yellow('  Package ID:  ') + chalk.white(result.domainPackageId));
+      console.log(chalk.gray('─'.repeat(60)) + '\n');
+
+      config.appName = result.appName;
+      config.appUrl = result.appUrl;
+      config.domainPackageId = result.domainPackageId;
+      return true;
+    }
+
+    console.log(chalk.red('❌ Token inválido ou expirado\n'));
+    return false;
+  } catch (error) {
+    spinner.stop(true);
+    console.log(chalk.red('❌ Erro ao validar token: ') + chalk.gray(error.message) + '\n');
+    return false;
+  }
+}
+
+async function askQuestions() {
+  if (!config.token) {
+    const { token } = await inquirer.prompt([
+      {
+        type: 'password',
+        name: 'token',
+        message: chalk.yellow('🔑 Cole seu token do Duckfly:'),
+        mask: '*',
+        validate: (input) => {
+          if (!input || input.trim().length === 0) {
+            return 'Token não pode ser vazio';
+          }
+          return true;
+        }
+      }
+    ]);
+
+    config.token = token;
+
+    console.log('');
+    const valid = await validateToken(config.token);
+
+    if (!valid) {
+      console.log(chalk.red('❌ Token inválido. Não é possível continuar.\n'));
+      console.log(chalk.yellow('💡 Obtenha um token válido em: ') + chalk.white('https://duckfly.dev\n'));
+      process.exit(1);
+    }
+  }
+
+  config.apiUrl = DUCKFLY_API_URL;
+  config.proxyUrl = DUCKFLY_PROXY_URL;
+
+  const questions = [
+    {
+      type: 'input',
+      name: 'proxyPort',
+      message: chalk.yellow('🔌 Porta do proxy (porta que vai receber as requisições):'),
+      default: config.proxyPort,
+      validate: (input) => {
+        const port = parseInt(input);
+        if (isNaN(port) || port < 1 || port > 65535) {
+          return 'Porta inválida (1-65535)';
+        }
+        return true;
+      }
+    },
+    {
+      type: 'input',
+      name: 'targetUrl',
+      message: chalk.yellow('🎯 URL de destino (para onde encaminhar as requisições):'),
+      default: config.targetUrl,
+      validate: (input) => {
+        try {
+          new URL(input);
+          return true;
+        } catch {
+          return 'URL inválida (ex: http://localhost:3000)';
+        }
+      }
+    }
+  ];
+
+  const answers = await inquirer.prompt(questions);
+
+  Object.assign(config, answers);
+
+  return answers;
+}
+
+let proxyServer = null;
+
+async function startProxy() {
+  console.log(chalk.yellow('\n🚀 Iniciando Duckfly Proxy...\n'));
+
+  proxyServer = new ProxyServer(config);
+
+  try {
+    await proxyServer.start();
+
+    console.log(chalk.green('✅ Proxy iniciado com sucesso!\n'));
+    console.log(chalk.bold.white('📊 Status:'));
+    console.log(chalk.gray('─'.repeat(60)));
+    console.log(chalk.yellow('  Aplicação:         ') + chalk.white(config.appName));
+    console.log(chalk.yellow('  Proxy rodando em:  ') + chalk.white(`http://localhost:${config.proxyPort}`));
+    console.log(chalk.yellow('  Encaminhando para: ') + chalk.white(config.targetUrl));
+    console.log(chalk.gray('─'.repeat(60)));
+    console.log(chalk.yellow('\n💡 Dica: Configure sua aplicação para apontar para ') + chalk.white(`http://localhost:${config.proxyPort}`));
+    console.log(chalk.yellow('   Todas as requisições serão capturadas e documentadas automaticamente!\n'));
+    console.log(chalk.gray('Pressione Ctrl+C para parar o proxy\n'));
+
+    saveConfig();
+
+  } catch (error) {
+    console.log(chalk.red('❌ Erro ao iniciar proxy: ') + chalk.gray(error.message));
+    process.exit(1);
+  }
+}
+
+async function main() {
+  console.clear();
+
+  console.log(DUCKFLY_LOGO);
+
+  const hasConfig = loadConfig();
+  let useExisting = false;
+
+  if (hasConfig) {
+    console.log(chalk.green('✅ Configuração anterior encontrada!\n'));
+    console.log(chalk.gray('─'.repeat(60)));
+    console.log(chalk.yellow('  App:    ') + chalk.white(config.appName || 'N/A'));
+    console.log(chalk.yellow('  Porta:  ') + chalk.white(config.proxyPort));
+    console.log(chalk.yellow('  Alvo:   ') + chalk.white(config.targetUrl));
+    console.log(chalk.gray('─'.repeat(60)) + '\n');
+
+    const answer = await inquirer.prompt([
+      {
+        type: 'confirm',
+        name: 'useExisting',
+        message: chalk.yellow('Deseja usar a configuração salva?'),
+        default: true
+      }
+    ]);
+
+    useExisting = answer.useExisting;
+
+    if (!useExisting) {
+      config.token = null;
+      config.appName = null;
+      config.proxyPort = 8080;
+      config.targetUrl = 'http://localhost:3000';
+    }
+  }
+
+  if (!useExisting) {
+    await askQuestions();
+  } else {
+    console.log('');
+    const valid = await validateToken(config.token);
+
+    if (!valid) {
+      console.log(chalk.red('❌ Token salvo está inválido. Configurando novamente...\n'));
+      config.token = null;
+      await askQuestions();
+    }
+  }
+
+  await startProxy();
+}
+
+process.on('unhandledRejection', (error) => {
+  console.error(chalk.red('\n❌ Erro não tratado:'), error);
+  process.exit(1);
+});
+
+process.on('SIGINT', async () => {
+  console.log(chalk.yellow('\n\n👋 Encerrando Duckfly Proxy...'));
+  if (proxyServer) {
+    await proxyServer.stop();
+  }
+  console.log(chalk.gray('Até logo! 🦆\n'));
+  process.exit(0);
+});
+
+main().catch(error => {
+  console.error(chalk.red('❌ Erro fatal:'), error);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@duckfly/proxy",
+  "version": "1.0.0",
+  "description": "Duckfly Proxy observes real API usage to continuously enrich and generate API documentation and MCP servers on Duckfly.",
+  "main": "dist/index.js",
+  "bin": {
+    "duckfly-proxy": "./bin/cli.js",
+    "duckfly": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node bin/cli.js",
+    "dev": "node bin/cli.js",
+    "build": "echo 'No build needed'",
+    "test": "echo 'No tests yet'"
+  },
+  "keywords": [
+    "proxy",
+    "api",
+    "documentation",
+    "duckfly",
+    "http",
+    "request",
+    "capture"
+  ],
+  "author": "Duckfly",
+  "license": "MIT",
+  "dependencies": {
+    "inquirer": "^8.2.6",
+    "chalk": "^4.1.2",
+    "http-proxy": "^1.18.1",
+    "axios": "^1.6.5",
+    "express": "^4.18.2",
+    "cli-spinner": "^0.2.10"
+  },
+  "devDependencies": {},
+  "engines": {
+    "node": ">=14.0.0"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/duckfly-dev/proxy"
+  },
+  "bugs": {
+    "url": "https://github.com/duckfly-dev/proxy/issues"
+  },
+  "homepage": "https://duckfly.dev",
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/api-client.js

@@ -0,0 +1,83 @@
+const axios = require('axios');
+
+class ApiClient {
+  constructor(apiUrl, proxyUrl, token) {
+    this.apiUrl = apiUrl;
+    this.proxyUrl = proxyUrl;
+    this.token = token;
+  }
+
+  async validateToken() {
+    try {
+      const url = `${this.apiUrl}/internal/v1/core/token/${this.token}`;
+
+      const response = await axios.get(url, {
+        timeout: 30000,
+        headers: {
+          'User-Agent': 'Duckfly-Proxy/1.0.0'
+        }
+      });
+
+      return {
+        valid: true,
+        appName: response.data.name || 'Aplicação',
+        appUrl: response.data.url || '',
+        domainPackageId: response.data.domainPackageId || ''
+      };
+    } catch (error) {
+      if (error.response) {
+        return {
+          valid: false,
+          error: `HTTP ${error.response.status}: ${error.response.statusText}`
+        };
+      } else if (error.request) {
+        return {
+          valid: false,
+          error: 'Servidor não respondeu. Verifique sua conexão.'
+        };
+      } else {
+        return {
+          valid: false,
+          error: error.message
+        };
+      }
+    }
+  }
+
+  async sendRequest(capturedData) {
+    try {
+      const url = `${this.proxyUrl}/api/proxy`;
+
+      const response = await axios.post(url, capturedData, {
+        timeout: 30000,
+        headers: {
+          'Authorization': `Bearer ${this.token}`,
+          'Content-Type': 'application/json',
+          'User-Agent': 'Duckfly-Proxy/1.0.0'
+        }
+      });
+
+      return {
+        success: true,
+        data: response.data
+      };
+    } catch (error) {
+      let errorMessage = 'Unknown error';
+
+      if (error.response) {
+        errorMessage = `HTTP ${error.response.status}: ${error.response.statusText}`;
+      } else if (error.request) {
+        errorMessage = 'No response from server';
+      } else {
+        errorMessage = error.message;
+      }
+
+      return {
+        success: false,
+        error: errorMessage
+      };
+    }
+  }
+}
+
+module.exports = ApiClient;

package/src/proxy-server.js

@@ -0,0 +1,425 @@
+const httpProxy = require('http-proxy');
+const express = require('express');
+const { Readable } = require('stream');
+const chalk = require('chalk');
+const ApiClient = require('./api-client');
+const RequestQueue = require('./request-queue');
+const { sanitizeRequestData } = require('./sanitizer');
+
+class ProxyServer {
+  constructor(config) {
+    this.config = config;
+    this.proxy = httpProxy.createProxyServer({});
+    this.app = express();
+    this.server = null;
+    this.apiClient = new ApiClient(config.apiUrl, config.proxyUrl, config.token);
+    this.requestQueue = new RequestQueue(this.apiClient);
+
+    this.stats = {
+      totalRequests: 0,
+      captured: 0,
+      sent: 0,
+      failed: 0,
+      startTime: null
+    };
+
+    this.statsShown = false;
+    this.statsInterval = null;
+
+    this.setupProxyHandlers();
+  }
+
+  setupProxyHandlers() {
+    this.proxy.on('proxyReq', (proxyReq, req, res) => {
+      this.stats.totalRequests++;
+
+      console.log(
+        chalk.blue('→'),
+        chalk.white(req.method),
+        chalk.gray(req.url),
+        chalk.dim(`[${this.stats.totalRequests}]`)
+      );
+
+      this.captureRequest(req, res);
+    });
+
+    this.proxy.on('proxyRes', (proxyRes, req, res) => {
+      let bodyChunks = [];
+
+      proxyRes.on('data', (chunk) => {
+        bodyChunks.push(chunk);
+      });
+
+      proxyRes.on('end', () => {
+        const responseBody = Buffer.concat(bodyChunks);
+
+        const statusColor = proxyRes.statusCode >= 400 ? chalk.red :
+          proxyRes.statusCode >= 300 ? chalk.yellow :
+            chalk.green;
+
+        console.log(
+          chalk.blue('←'),
+          statusColor(proxyRes.statusCode),
+          chalk.gray(req.url),
+          chalk.dim(`${responseBody.length} bytes`)
+        );
+
+        this.captureResponse(req, proxyRes, responseBody);
+      });
+    });
+
+    this.proxy.on('error', (err, req, res) => {
+      console.log(chalk.red('✗'), chalk.white('Erro no proxy:'), chalk.gray(err.message));
+
+      if (!res.headersSent && !res.destroyed) {
+        res.writeHead(500, {
+          'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+          error: 'Proxy Error',
+          message: err.message
+        }));
+      }
+    });
+  }
+
+  captureRequest(req, res) {
+    try {
+      req._captureData = {
+        method: req.method,
+        url: req.url,
+        headers: { ...req.headers },
+        body: this.parseBody(req.rawBody, req.headers['content-type']),
+        protocol: req.socket.encrypted ? 'https' : 'http',
+        timestamp: new Date().toISOString(),
+        socket: {
+          localPort: req.socket.localPort,
+          remoteAddress: req.socket.remoteAddress
+        }
+      };
+    } catch (error) {
+      console.log(chalk.yellow('⚠'), chalk.gray('Erro ao capturar requisição:'), error.message);
+    }
+  }
+
+  captureResponse(req, proxyRes, responseBody) {
+    try {
+      if (!req._captureData) return;
+
+      const urlObj = new URL(req._captureData.url, `${req._captureData.protocol}://localhost`);
+      const queryParams = {};
+      urlObj.searchParams.forEach((value, key) => {
+        queryParams[key] = value;
+      });
+
+      const securityInfo = this.detectSecurity(req._captureData.headers, queryParams);
+
+      const responseData = {
+        statusCode: proxyRes.statusCode,
+        statusMessage: proxyRes.statusMessage,
+        headers: { ...proxyRes.headers },
+        body: this.parseBody(responseBody, proxyRes.headers['content-type'])
+      };
+
+      const capturedData = {
+        req: {
+          method: req._captureData.method,
+          protocol: req._captureData.protocol,
+          headers: req._captureData.headers,
+          originalUrl: req._captureData.url,
+          body: req._captureData.body,
+          socket: req._captureData.socket,
+          security: securityInfo.length > 0 ? securityInfo : undefined
+        },
+        res: responseData
+      };
+
+      const sanitizedCapturedData = sanitizeRequestData(capturedData);
+
+      this.requestQueue.add(sanitizedCapturedData);
+      this.stats.captured++;
+
+    } catch (error) {
+      console.log(chalk.yellow('⚠'), chalk.gray('Erro ao capturar resposta:'), error.message);
+    }
+  }
+
+  detectSecurity(headers, queryParams = {}) {
+    const security = [];
+    const normalizedHeaders = {};
+
+    for (const [key, value] of Object.entries(headers)) {
+      normalizedHeaders[key.toLowerCase()] = value;
+    }
+
+    if (normalizedHeaders['authorization']) {
+      const authValue = normalizedHeaders['authorization'];
+
+      if (authValue.toLowerCase().startsWith('bearer ')) {
+        const token = authValue.substring(7).trim();
+        const bearerFormat = this.detectBearerFormat(token);
+
+        security.push({
+          type: 'http',
+          scheme: 'bearer',
+          in: 'header',
+          name: 'authorization',
+          bearerFormat: bearerFormat
+        });
+      } else if (authValue.toLowerCase().startsWith('basic ')) {
+        security.push({
+          type: 'http',
+          scheme: 'basic',
+          in: 'header',
+          name: 'authorization'
+        });
+      } else if (authValue.toLowerCase().startsWith('digest ')) {
+        security.push({
+          type: 'http',
+          scheme: 'digest',
+          in: 'header',
+          name: 'authorization'
+        });
+      }
+    }
+
+    const apiKeyHeaders = [
+      'x-api-key',
+      'api-key',
+      'apikey',
+      'x-api-token',
+      'api-token',
+      'apitoken',
+      'x-auth-token',
+      'access-token',
+      'x-access-token'
+    ];
+
+    for (const headerName of apiKeyHeaders) {
+      if (normalizedHeaders[headerName]) {
+        security.push({
+          type: 'apiKey',
+          in: 'header',
+          name: headerName
+        });
+      }
+    }
+
+    const apiKeyParams = [
+      'api_key',
+      'apikey',
+      'api-key',
+      'key',
+      'token',
+      'access_token',
+      'auth_token'
+    ];
+
+    for (const paramName of apiKeyParams) {
+      if (queryParams[paramName]) {
+        security.push({
+          type: 'apiKey',
+          in: 'query',
+          name: paramName
+        });
+      }
+    }
+
+    if (normalizedHeaders['cookie']) {
+      const cookies = this.parseCookieHeader(normalizedHeaders['cookie']);
+      const authCookies = [
+        'session',
+        'sessionid',
+        'session_id',
+        'sid',
+        'auth',
+        'auth_token',
+        'token',
+        'access_token'
+      ];
+
+      for (const cookieName of authCookies) {
+        if (cookies[cookieName]) {
+          security.push({
+            type: 'apiKey',
+            in: 'cookie',
+            name: cookieName
+          });
+        }
+      }
+    }
+
+    return security;
+  }
+
+  detectBearerFormat(token) {
+    if (token.split('.').length === 3) {
+      return 'JWT';
+    }
+
+    if (/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(token)) {
+      return 'UUID';
+    }
+
+    return undefined;
+  }
+
+  parseCookieHeader(cookieHeader) {
+    const cookies = {};
+    if (!cookieHeader) return cookies;
+
+    const parts = cookieHeader.split(';');
+    for (const part of parts) {
+      const [name, ...valueParts] = part.split('=');
+      if (name && valueParts.length > 0) {
+        cookies[name.trim().toLowerCase()] = valueParts.join('=').trim();
+      }
+    }
+
+    return cookies;
+  }
+
+  parseBody(buffer, contentType = '') {
+    if (!buffer || buffer.length === 0) {
+      return null;
+    }
+
+    const MAX_SIZE = 10 * 1024 * 1024;
+    if (buffer.length > MAX_SIZE) {
+      return `[Body too large: ${buffer.length} bytes]`;
+    }
+
+    const binaryTypes = ['image/', 'video/', 'audio/', 'application/octet-stream', 'application/pdf'];
+    if (binaryTypes.some(type => contentType.toLowerCase().includes(type))) {
+      return `[Binary content: ${contentType}, ${buffer.length} bytes]`;
+    }
+
+    try {
+      const text = buffer.toString('utf8');
+
+      if (contentType.includes('application/json')) {
+        try {
+          return JSON.parse(text);
+        } catch {
+          return text;
+        }
+      }
+
+      if (contentType.includes('application/x-www-form-urlencoded')) {
+        const params = new URLSearchParams(text);
+        const obj = {};
+        for (const [key, value] of params) {
+          obj[key] = value;
+        }
+        return obj;
+      }
+
+      if (contentType.includes('multipart/form-data')) {
+        return '[Multipart form data]';
+      }
+
+      return text;
+    } catch (error) {
+      return '[Error parsing body]';
+    }
+  }
+
+  async start() {
+    return new Promise((resolve, reject) => {
+      this.app.use((req, res) => {
+        const chunks = [];
+
+        req.on('data', (chunk) => chunks.push(chunk));
+
+        req.on('end', () => {
+          req.rawBody = Buffer.concat(chunks);
+
+          const bufferStream = new Readable();
+          bufferStream.push(req.rawBody);
+          bufferStream.push(null);
+
+          this.proxy.web(req, res, {
+            target: this.config.targetUrl,
+            changeOrigin: true,
+            preserveHeaderKeyCase: true,
+            buffer: bufferStream
+          });
+        });
+
+        req.on('error', (err) => {
+          console.log(chalk.red('✗'), chalk.white('Erro ao ler requisição:'), chalk.gray(err.message));
+          if (!res.headersSent && !res.destroyed) {
+            res.writeHead(502, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: 'Request Error', message: err.message }));
+          }
+        });
+      });
+
+      this.server = this.app.listen(this.config.proxyPort, (err) => {
+        if (err) {
+          reject(err);
+        } else {
+          this.stats.startTime = new Date();
+
+          this.requestQueue.on('sent', () => {
+            this.stats.sent++;
+          });
+
+          this.requestQueue.on('failed', () => {
+            this.stats.failed++;
+          });
+
+          this.requestQueue.start();
+
+          this.statsInterval = setInterval(() => {
+            this.logStats();
+          }, 30000);
+
+          resolve();
+        }
+      });
+    });
+  }
+
+  logStats() {
+    const uptime = Math.floor((Date.now() - this.stats.startTime) / 1000);
+    const hours = Math.floor(uptime / 3600);
+    const minutes = Math.floor((uptime % 3600) / 60);
+    const seconds = uptime % 60;
+
+    if (this.statsShown) {
+      process.stdout.write('\x1b[9A');
+    }
+    this.statsShown = true;
+
+    process.stdout.write('\r' + chalk.gray('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━') + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.bold.white('📊 Estatísticas:') + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Uptime:       ') + chalk.white(`${hours}h ${minutes}m ${seconds}s`) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Total:        ') + chalk.white(this.stats.totalRequests) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Capturadas:   ') + chalk.white(this.stats.captured) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Enviadas:     ') + chalk.green(this.stats.sent) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Falhas:       ') + (this.stats.failed > 0 ? chalk.red(this.stats.failed) : chalk.gray(this.stats.failed)) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.yellow('  Na fila:      ') + chalk.yellow(this.requestQueue.getQueueSize()) + '\x1b[K\n');
+    process.stdout.write('\r' + chalk.gray('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━') + '\x1b[K\n');
+  }
+
+  async stop() {
+    return new Promise((resolve) => {
+      if (this.statsInterval) {
+        clearInterval(this.statsInterval);
+        this.statsInterval = null;
+      }
+      if (this.server) {
+        this.requestQueue.stop();
+        this.server.close(() => {
+          console.log(chalk.yellow('Proxy encerrado'));
+          resolve();
+        });
+      } else {
+        resolve();
+      }
+    });
+  }
+}
+
+module.exports = ProxyServer;

package/src/request-queue.js

@@ -0,0 +1,154 @@
+const EventEmitter = require('events');
+const chalk = require('chalk');
+
+class RequestQueue extends EventEmitter {
+  constructor(apiClient, options = {}) {
+    super();
+
+    this.apiClient = apiClient;
+    this.queue = [];
+    this.isProcessing = false;
+    this.isRunning = false;
+
+    this.options = {
+      maxQueueSize: options.maxQueueSize || 1000,
+      retryAttempts: options.retryAttempts || 3,
+      retryDelay: options.retryDelay || 1000,
+      processDelay: options.processDelay || 100,
+      batchSize: options.batchSize || 1
+    };
+
+    this.stats = {
+      added: 0,
+      processed: 0,
+      sent: 0,
+      failed: 0,
+      dropped: 0
+    };
+  }
+
+  add(requestData) {
+    if (this.queue.length >= this.options.maxQueueSize) {
+      this.queue.shift();
+      this.stats.dropped++;
+      console.log(chalk.yellow('⚠'), chalk.gray('Fila cheia, item mais antigo descartado'));
+    }
+
+    this.queue.push({
+      data: requestData,
+      retryCount: 0,
+      addedAt: Date.now()
+    });
+
+    this.stats.added++;
+
+    if (this.isRunning && !this.isProcessing) {
+      this.processQueue();
+    }
+  }
+
+  async processQueue() {
+    if (this.isProcessing || this.queue.length === 0) {
+      return;
+    }
+
+    this.isProcessing = true;
+
+    while (this.isRunning && this.queue.length > 0) {
+      const item = this.queue.shift();
+
+      try {
+        await this.sendRequest(item);
+      } catch (error) { }
+
+      if (this.queue.length > 0) {
+        await this.delay(this.options.processDelay);
+      }
+    }
+
+    this.isProcessing = false;
+  }
+
+  async sendRequest(item) {
+    try {
+      const result = await this.apiClient.sendRequest(item.data);
+
+      if (result.success) {
+        this.stats.processed++;
+        this.stats.sent++;
+        this.emit('sent', item.data);
+
+        console.log(
+          chalk.green('✓'),
+          chalk.gray('Enviado para API'),
+          chalk.dim(`[${item.data.req.method} ${item.data.req.originalUrl}]`)
+        );
+      } else {
+        throw new Error(result.error);
+      }
+    } catch (error) {
+      item.retryCount++;
+
+      if (item.retryCount < this.options.retryAttempts) {
+        console.log(
+          chalk.yellow('⟳'),
+          chalk.gray(`Retry ${item.retryCount}/${this.options.retryAttempts}:`),
+          chalk.dim(error.message)
+        );
+
+        await this.delay(this.options.retryDelay * item.retryCount);
+
+        this.queue.unshift(item);
+      } else {
+        this.stats.processed++;
+        this.stats.failed++;
+        this.emit('failed', item.data, error);
+
+        console.log(
+          chalk.red('✗'),
+          chalk.gray('Falha ao enviar após retries:'),
+          chalk.dim(error.message)
+        );
+      }
+    }
+  }
+
+  delay(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+  }
+
+  start() {
+    this.isRunning = true;
+    console.log(chalk.cyan('▶'), chalk.white('Fila de processamento iniciada'));
+
+    if (this.queue.length > 0 && !this.isProcessing) {
+      this.processQueue();
+    }
+  }
+
+  stop() {
+    this.isRunning = false;
+    console.log(chalk.yellow('⏸'), chalk.white('Fila de processamento pausada'));
+  }
+
+  clear() {
+    const count = this.queue.length;
+    this.queue = [];
+    console.log(chalk.yellow('🗑'), chalk.white(`Fila limpa: ${count} itens removidos`));
+  }
+
+  getQueueSize() {
+    return this.queue.length;
+  }
+
+  getStats() {
+    return {
+      ...this.stats,
+      queueSize: this.queue.length,
+      isProcessing: this.isProcessing,
+      isRunning: this.isRunning
+    };
+  }
+}
+
+module.exports = RequestQueue;

package/src/sanitizer.js

@@ -0,0 +1,303 @@
+const SENSITIVE_KEY_RE = [
+  /passw(or)?d/i,
+  /\bsecret\b/i,
+  /\btoken\b/i,
+  /api[_-]?key/i,
+  /\bauth\b/i,
+  /\bcredential/i,
+  /session[_-]?id/i,
+  /private[_-]?key/i,
+  /client[_-]?secret/i,
+  /\bssn\b/i,
+  /credit[_-]?card/i,
+  /card[_-]?number/i,
+  /\bcvv\b/i,
+  /\bcvc\b/i,
+  /\bpin\b/i,
+  /\bcpf\b/i,
+  /\bcnpj\b/i,
+  /\bsalt\b/i,
+];
+
+const SAFE_HEADERS = new Set([
+  'content-type', 'accept', 'accept-language', 'accept-encoding',
+  'cache-control', 'connection', 'host', 'origin', 'referer',
+  'user-agent', 'content-length', 'content-encoding',
+  'access-control-allow-origin', 'access-control-allow-methods',
+  'access-control-allow-headers', 'access-control-allow-credentials',
+  'access-control-max-age', 'access-control-expose-headers',
+  'vary', 'x-powered-by', 'x-request-id', 'x-correlation-id',
+  'transfer-encoding', 'etag', 'last-modified', 'if-none-match',
+  'if-modified-since', 'x-ratelimit-limit', 'x-ratelimit-remaining',
+  'x-ratelimit-reset', 'retry-after', 'server',
+  'date', 'expires', 'pragma', 'x-content-type-options',
+  'x-frame-options', 'strict-transport-security',
+  'content-security-policy', 'x-xss-protection',
+]);
+
+const SENSITIVE_HEADER_NAMES = new Set([
+  'x-api-key', 'api-key', 'apikey',
+  'x-api-token', 'api-token', 'apitoken',
+  'x-auth-token', 'access-token', 'x-access-token',
+  'x-csrf-token', 'x-xsrf-token',
+]);
+
+const SENSITIVE_PARAMS = new Set([
+  'api_key', 'apikey', 'api-key', 'key',
+  'token', 'access_token', 'auth_token', 'refresh_token',
+  'secret', 'password', 'passwd', 'session', 'sid',
+  'client_secret',
+]);
+
+const VP = {
+  email: /^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/,
+  jwt: /^eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]+$/,
+  uuid: /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i,
+  phone: /^[+]?[(]?[0-9]{1,4}[)]?[-\s.]?[0-9]{1,4}[-\s.]?[0-9]{1,9}$/,
+  creditCard: /^\d{4}[-\s]?\d{4}[-\s]?\d{4}[-\s]?\d{4}$/,
+  ipv4: /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/,
+  hexToken: /^[0-9a-f]{32,}$/i,
+  base64Long: /^[A-Za-z0-9+/]{20,}={0,2}$/,
+  isoDate: /^\d{4}-\d{2}-\d{2}(T\d{2}:\d{2}:\d{2})?/,
+  url: /^https?:\/\/.+/i,
+  bearer: /^Bearer\s+(.+)$/i,
+  basic: /^Basic\s+(.+)$/i,
+};
+
+const INTERCEPTOR_MARKERS = /^\[(File:|Binary Data:|String too large|Response too large|FormData|Binary Content|Error)/;
+
+function isSensitiveKey(key) {
+  if (!key || typeof key !== 'string') return false;
+  return SENSITIVE_KEY_RE.some(re => re.test(key));
+}
+
+function smartPlaceholder(value) {
+  if (value === null || value === undefined) return value;
+  if (typeof value === 'boolean') return value;
+
+  if (typeof value === 'number') {
+    if (Number.isInteger(value)) {
+      if (value === 0) return 0;
+      const sign = value < 0 ? -1 : 1;
+      const digits = String(Math.abs(value)).length;
+      if (digits === 1) return sign * (Math.floor(Math.random() * 9) + 1);
+      const min = Math.pow(10, digits - 1);
+      const max = Math.pow(10, digits) - 1;
+      return sign * (Math.floor(Math.random() * (max - min + 1)) + min);
+    }
+    return Math.round(Math.random() * 100 * 100) / 100;
+  }
+
+  if (typeof value !== 'string') return value;
+  if (value.length === 0) return '';
+
+  if (INTERCEPTOR_MARKERS.test(value)) return value;
+
+  if (VP.email.test(value)) return 'user@example.com';
+  if (VP.jwt.test(value)) return 'eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.REDACTED';
+  if (VP.uuid.test(value)) return '550e8400-e29b-41d4-a716-446655440000';
+  if (VP.creditCard.test(value)) return '4111 1111 1111 1111';
+  if (VP.phone.test(value)) return '+1 555-000-0000';
+  if (VP.ipv4.test(value)) return '192.168.1.1';
+  if (VP.isoDate.test(value)) return '2025-01-01T00:00:00.000Z';
+  if (VP.url.test(value)) return 'https://example.com/path';
+  if (VP.hexToken.test(value)) return 'a'.repeat(Math.min(value.length, 40));
+  if (VP.base64Long.test(value) && value.length > 30) return '[REDACTED_TOKEN]';
+
+  if (value.length <= 5) return 'text';
+  if (value.length <= 20) return 'string_value';
+  return 'lorem ipsum dolor sit amet';
+}
+
+function redactForKey(key) {
+  const k = (key || '').toLowerCase();
+  if (k.includes('password') || k.includes('passwd')) return '[REDACTED_PASSWORD]';
+  if (k.includes('token')) return '[REDACTED_TOKEN]';
+  if (k.includes('secret')) return '[REDACTED_SECRET]';
+  if (k.includes('key')) return '[REDACTED_KEY]';
+  if (k.includes('credential')) return '[REDACTED_CREDENTIAL]';
+  if (k.includes('session')) return '[REDACTED_SESSION]';
+  if (k.includes('cpf')) return '[REDACTED_CPF]';
+  if (k.includes('cnpj')) return '[REDACTED_CNPJ]';
+  return '[REDACTED]';
+}
+
+function sanitizeBody(data, depth = 0) {
+  if (depth > 20) return data;
+
+  if (data === null || data === undefined) return data;
+  if (typeof data === 'boolean') return data;
+  if (typeof data === 'number') return smartPlaceholder(data);
+  if (typeof data === 'string') return smartPlaceholder(data);
+
+  if (Array.isArray(data)) {
+    return data.map(item => sanitizeBody(item, depth + 1));
+  }
+
+  if (typeof data === 'object') {
+    const result = {};
+    for (const key in data) {
+      if (!Object.prototype.hasOwnProperty.call(data, key)) continue;
+      if (isSensitiveKey(key)) {
+        result[key] = redactForKey(key);
+      } else {
+        result[key] = sanitizeBody(data[key], depth + 1);
+      }
+    }
+    return result;
+  }
+
+  return data;
+}
+
+function sanitizeCookieHeader(cookieStr) {
+  if (!cookieStr || typeof cookieStr !== 'string') return cookieStr;
+
+  return cookieStr
+    .split(';')
+    .map((part) => {
+      const eqIndex = part.indexOf('=');
+      if (eqIndex === -1) return part;
+      const name = part.substring(0, eqIndex);
+      return name + '=[REDACTED_COOKIE]';
+    })
+    .join('; ');
+}
+
+function sanitizeSetCookieHeader(value) {
+  if (!value || typeof value !== 'string') return value;
+  const parts = value.split(';');
+  if (parts.length > 0) {
+    const eqIndex = parts[0].indexOf('=');
+    if (eqIndex !== -1) {
+      const name = parts[0].substring(0, eqIndex);
+      parts[0] = name + '=[REDACTED_COOKIE]';
+    }
+  }
+  return parts.join(';');
+}
+
+function sanitizeHeaders(headers) {
+  if (!headers || typeof headers !== 'object') return headers;
+
+  const sanitized = {};
+
+  for (const key in headers) {
+    if (!Object.prototype.hasOwnProperty.call(headers, key)) continue;
+    const value = headers[key];
+    const lower = String(key).toLowerCase();
+
+    if (SAFE_HEADERS.has(lower)) {
+      sanitized[key] = value;
+      continue;
+    }
+
+    if (lower === 'authorization' || lower === 'proxy-authorization') {
+      if (typeof value === 'string') {
+        if (VP.bearer.test(value)) {
+          const token = value.replace(VP.bearer, '$1');
+          sanitized[key] = 'Bearer ' + smartPlaceholder(token);
+        } else if (VP.basic.test(value)) {
+          sanitized[key] = 'Basic [REDACTED]';
+        } else {
+          sanitized[key] = '[REDACTED]';
+        }
+      } else {
+        sanitized[key] = '[REDACTED]';
+      }
+      continue;
+    }
+
+    if (lower === 'cookie') {
+      sanitized[key] = sanitizeCookieHeader(value);
+      continue;
+    }
+
+    if (lower === 'set-cookie') {
+      sanitized[key] = Array.isArray(value)
+        ? value.map(v => sanitizeSetCookieHeader(v))
+        : sanitizeSetCookieHeader(value);
+      continue;
+    }
+
+    if (SENSITIVE_HEADER_NAMES.has(lower)) {
+      sanitized[key] = '[REDACTED]';
+      continue;
+    }
+
+    sanitized[key] = value;
+  }
+
+  return sanitized;
+}
+
+function sanitizeUrl(originalUrl) {
+  if (!originalUrl || typeof originalUrl !== 'string') return originalUrl;
+
+  const qIndex = originalUrl.indexOf('?');
+  if (qIndex === -1) return originalUrl;
+
+  const path = originalUrl.substring(0, qIndex);
+  const rest = originalUrl.substring(qIndex + 1);
+  const hashIndex = rest.indexOf('#');
+  const rawQuery = hashIndex !== -1 ? rest.substring(0, hashIndex) : rest;
+  const hash = hashIndex !== -1 ? rest.substring(hashIndex) : '';
+
+  try {
+    const params = new URLSearchParams(rawQuery);
+    const sanitizedParts = [];
+
+    params.forEach((value, key) => {
+      if (SENSITIVE_PARAMS.has(String(key).toLowerCase()) || isSensitiveKey(key)) {
+        sanitizedParts.push(encodeURIComponent(key) + '=' + encodeURIComponent('[REDACTED]'));
+      } else {
+        sanitizedParts.push(encodeURIComponent(key) + '=' + encodeURIComponent(smartPlaceholder(value)));
+      }
+    });
+
+    const newQuery = sanitizedParts.join('&');
+    return path + (newQuery ? '?' + newQuery : '') + hash;
+  } catch (_e) {
+    return originalUrl;
+  }
+}
+
+function sanitizeRequestData(requestData) {
+  if (!requestData) return requestData;
+
+  const sanitized = {};
+
+  if (requestData.req) {
+    sanitized.req = {
+      method: requestData.req.method,
+      protocol: requestData.req.protocol,
+      headers: sanitizeHeaders(requestData.req.headers),
+      originalUrl: sanitizeUrl(requestData.req.originalUrl),
+      body: requestData.req.body != null ? sanitizeBody(requestData.req.body) : requestData.req.body,
+      socket: requestData.req.socket,
+      security: requestData.req.security,
+    };
+  }
+
+  if (requestData.res) {
+    sanitized.res = {
+      statusCode: requestData.res.statusCode,
+      statusMessage: requestData.res.statusMessage,
+      headers: sanitizeHeaders(requestData.res.headers),
+      body: requestData.res.body != null ? sanitizeBody(requestData.res.body) : requestData.res.body,
+    };
+  }
+
+  if (requestData.timestamp) {
+    sanitized.timestamp = requestData.timestamp;
+  }
+
+  return sanitized;
+}
+
+module.exports = {
+  sanitizeRequestData,
+  sanitizeHeaders,
+  sanitizeBody,
+  sanitizeUrl,
+};