@naarang/ccc 3.2.0-beta.1 → 3.3.0-beta.1

package/dist/scripts/api-test-server.ts

@@ -0,0 +1,340 @@
+/**
+ * api-test-server.ts — echo backend for verifying the C3 mobile API
+ * client end-to-end.
+ *
+ * Run:
+ *   bun run scripts/api-test-server.ts          # listens on :3000
+ *   PORT=4000 bun run scripts/api-test-server.ts
+ *
+ * Then forward port 3000 from the C3 mobile app, open the API
+ * client, and hit `localhost:3000/<endpoint>` from any of the
+ * editor's body types.
+ *
+ * Routes:
+ *   ANY  /                       — Echo: method, headers, query,
+ *                                  body (auto-parsed by content-type),
+ *                                  duration, content-length.
+ *   ANY  /echo                   — Same as `/`. Two paths so users
+ *                                  can save requests against either.
+ *   GET  /status/:code           — Returns the given HTTP status code
+ *                                  (200, 404, 500, etc.) with a small
+ *                                  JSON body. Useful for verifying
+ *                                  status badge coloring.
+ *   GET  /delay?ms=N             — Sleeps N ms before responding 200.
+ *                                  Caps at 30s to avoid hangs.
+ *   GET  /large?bytes=N          — Streams N bytes of `A`s. Caps at
+ *                                  20 MB so the mobile 10 MB cap can
+ *                                  be exercised without OOM here.
+ *   GET  /headers                — Returns the request headers as
+ *                                  JSON. Useful for auth preset
+ *                                  verification (Authorization,
+ *                                  Bearer, custom X- headers).
+ *   GET  /redirect?to=URL        — 302 redirect to the given URL.
+ *                                  Lets you verify the client surfaces
+ *                                  the redirect rather than following
+ *                                  silently.
+ *   POST /upload                 — Accepts multipart/form-data with any
+ *                                  number of file and text fields.
+ *                                  Returns each field's metadata
+ *                                  (name, size, mimeType for files;
+ *                                  raw value for text).
+ *   POST /binary                 — Accepts a raw binary body. Returns
+ *                                  the byte count, content-type, and
+ *                                  a SHA-256 hex digest so the client
+ *                                  can verify integrity.
+ *   GET  /healthz                — Liveness check. Returns 200 OK.
+ *
+ * Logging: every request prints a one-line summary to stdout
+ * (method, path, status, duration). Bodies aren't logged to avoid
+ * leaking secrets while you're testing auth.
+ */
+
+const PORT = Number(process.env.PORT ?? 3000);
+
+const server = Bun.serve({
+  port: PORT,
+  hostname: '0.0.0.0',
+
+  async fetch(req) {
+    const start = Date.now();
+    const url = new URL(req.url);
+    const path = url.pathname;
+
+    let response: Response;
+    try {
+      response = await route(req, url, path);
+    } catch (err) {
+      response = jsonResponse(
+        500,
+        {
+          error: 'handler_error',
+          message: err instanceof Error ? err.message : String(err),
+        },
+      );
+    }
+
+    const duration = Date.now() - start;
+    log(req.method, path, response.status, duration);
+    return response;
+  },
+});
+
+console.log(`[api-test-server] listening on http://0.0.0.0:${server.port}`);
+console.log(`[api-test-server] try: curl http://localhost:${server.port}/`);
+
+// ────────────────────────────────────────────────────────────────────
+// Router
+// ────────────────────────────────────────────────────────────────────
+
+async function route(req: Request, url: URL, path: string): Promise<Response> {
+  // Health check — no body, fast path.
+  if (path === '/healthz') return new Response('ok', { status: 200 });
+
+  // Status-code probe.
+  const statusMatch = path.match(/^\/status\/(\d{3})$/);
+  if (statusMatch) {
+    const code = Number(statusMatch[1]);
+    return jsonResponse(code, { status: code, message: statusText(code) });
+  }
+
+  if (path === '/delay') return await handleDelay(url);
+  if (path === '/large') return handleLarge(url);
+  if (path === '/headers') return handleHeaders(req);
+  if (path === '/redirect') return handleRedirect(url);
+  if (path === '/upload') return await handleUpload(req);
+  if (path === '/binary') return await handleBinary(req);
+
+  // Default: echo.
+  if (path === '/' || path === '/echo') return await handleEcho(req, url);
+
+  return jsonResponse(404, { error: 'not_found', path });
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Handlers
+// ────────────────────────────────────────────────────────────────────
+
+async function handleEcho(req: Request, url: URL): Promise<Response> {
+  const headers = headerObject(req);
+  const query = Object.fromEntries(url.searchParams.entries());
+  const body = await parseRequestBody(req);
+
+  return jsonResponse(200, {
+    ok: true,
+    method: req.method,
+    path: url.pathname,
+    headers,
+    query,
+    body,
+  });
+}
+
+async function handleDelay(url: URL): Promise<Response> {
+  const ms = clamp(Number(url.searchParams.get('ms') ?? 1000), 0, 30_000);
+  await new Promise((r) => setTimeout(r, ms));
+  return jsonResponse(200, { ok: true, delayedMs: ms });
+}
+
+function handleLarge(url: URL): Response {
+  const requested = Number(url.searchParams.get('bytes') ?? 1024 * 1024);
+  const bytes = clamp(requested, 1, 20 * 1024 * 1024);
+  // Single allocation — `A`.charCodeAt = 0x41
+  const buf = new Uint8Array(bytes).fill(0x41);
+  return new Response(buf, {
+    status: 200,
+    headers: {
+      'content-type': 'text/plain; charset=utf-8',
+      'content-length': String(bytes),
+    },
+  });
+}
+
+function handleHeaders(req: Request): Response {
+  return jsonResponse(200, { headers: headerObject(req) });
+}
+
+function handleRedirect(url: URL): Response {
+  const to = url.searchParams.get('to') ?? '/';
+  return new Response(null, {
+    status: 302,
+    headers: { location: to },
+  });
+}
+
+async function handleUpload(req: Request): Promise<Response> {
+  const ct = req.headers.get('content-type') ?? '';
+  if (!ct.includes('multipart/form-data')) {
+    return jsonResponse(415, {
+      error: 'wrong_content_type',
+      expected: 'multipart/form-data',
+      got: ct,
+    });
+  }
+
+  const fd = await req.formData();
+  const fields: Array<Record<string, unknown>> = [];
+  for (const [key, value] of fd.entries()) {
+    if (value instanceof Blob) {
+      // Read enough bytes to compute a SHA-256 digest. We hash the
+      // whole file — if the test file is huge this will be slow, but
+      // honest checksums beat fast-but-misleading.
+      const buf = await value.arrayBuffer();
+      fields.push({
+        key,
+        kind: 'file',
+        // `name` exists when the client sent a `filename=` in the part.
+        name: (value as File).name ?? null,
+        mimeType: value.type || null,
+        size: buf.byteLength,
+        sha256: await sha256Hex(buf),
+      });
+    } else {
+      fields.push({ key, kind: 'text', value });
+    }
+  }
+  return jsonResponse(200, { ok: true, fields });
+}
+
+async function handleBinary(req: Request): Promise<Response> {
+  const ct = req.headers.get('content-type') ?? 'application/octet-stream';
+  const buf = await req.arrayBuffer();
+  return jsonResponse(200, {
+    ok: true,
+    contentType: ct,
+    size: buf.byteLength,
+    sha256: await sha256Hex(buf),
+  });
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Body parsing — auto-detect by Content-Type so JSON / form / text
+// each come back in their natural shape.
+// ────────────────────────────────────────────────────────────────────
+
+async function parseRequestBody(req: Request): Promise<unknown> {
+  if (req.method === 'GET' || req.method === 'HEAD') return null;
+
+  const ct = (req.headers.get('content-type') ?? '').toLowerCase();
+  if (!ct) {
+    // No content-type → try as text; empty body is fine.
+    const text = await req.text();
+    return text.length === 0 ? null : { kind: 'unknown', text };
+  }
+
+  if (ct.includes('application/json')) {
+    try {
+      return { kind: 'json', value: await req.json() };
+    } catch (err) {
+      const text = await req.text().catch(() => '');
+      return { kind: 'json_parse_error', error: String(err), raw: text };
+    }
+  }
+
+  if (ct.includes('application/x-www-form-urlencoded')) {
+    const text = await req.text();
+    const pairs: Record<string, string> = {};
+    for (const [k, v] of new URLSearchParams(text).entries()) pairs[k] = v;
+    return { kind: 'form-urlencoded', value: pairs };
+  }
+
+  if (ct.includes('multipart/form-data')) {
+    const fd = await req.formData();
+    const fields: Array<Record<string, unknown>> = [];
+    for (const [k, v] of fd.entries()) {
+      if (v instanceof Blob) {
+        const buf = await v.arrayBuffer();
+        fields.push({
+          key: k,
+          kind: 'file',
+          name: (v as File).name ?? null,
+          mimeType: v.type || null,
+          size: buf.byteLength,
+        });
+      } else {
+        fields.push({ key: k, kind: 'text', value: v });
+      }
+    }
+    return { kind: 'multipart', fields };
+  }
+
+  if (ct.includes('xml')) {
+    return { kind: 'xml', value: await req.text() };
+  }
+
+  if (ct.startsWith('text/')) {
+    return { kind: 'text', value: await req.text() };
+  }
+
+  // Anything else — treat as binary, return size + checksum so the
+  // client can verify integrity without us shipping the bytes back.
+  const buf = await req.arrayBuffer();
+  return {
+    kind: 'binary',
+    contentType: ct,
+    size: buf.byteLength,
+    sha256: await sha256Hex(buf),
+  };
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Helpers
+// ────────────────────────────────────────────────────────────────────
+
+function headerObject(req: Request): Record<string, string> {
+  const out: Record<string, string> = {};
+  req.headers.forEach((v, k) => {
+    out[k] = v;
+  });
+  return out;
+}
+
+function jsonResponse(status: number, body: unknown): Response {
+  return new Response(JSON.stringify(body, null, 2), {
+    status,
+    headers: { 'content-type': 'application/json; charset=utf-8' },
+  });
+}
+
+function clamp(n: number, lo: number, hi: number): number {
+  if (!Number.isFinite(n)) return lo;
+  return Math.max(lo, Math.min(hi, n));
+}
+
+async function sha256Hex(buf: ArrayBuffer): Promise<string> {
+  const digest = await crypto.subtle.digest('SHA-256', buf);
+  return Array.from(new Uint8Array(digest))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+}
+
+function statusText(code: number): string {
+  // Spot-check common ones; everything else gets a generic label.
+  const known: Record<number, string> = {
+    200: 'OK',
+    201: 'Created',
+    204: 'No Content',
+    301: 'Moved Permanently',
+    302: 'Found',
+    400: 'Bad Request',
+    401: 'Unauthorized',
+    403: 'Forbidden',
+    404: 'Not Found',
+    409: 'Conflict',
+    418: "I'm a teapot",
+    422: 'Unprocessable Entity',
+    429: 'Too Many Requests',
+    500: 'Internal Server Error',
+    502: 'Bad Gateway',
+    503: 'Service Unavailable',
+    504: 'Gateway Timeout',
+  };
+  return known[code] ?? 'Status';
+}
+
+function log(method: string, path: string, status: number, durationMs: number): void {
+  const color = status >= 500 ? '\x1b[31m' : status >= 400 ? '\x1b[33m' : '\x1b[32m';
+  const reset = '\x1b[0m';
+  console.log(
+    `${color}${status}${reset} ${method.padEnd(6)} ${path}  ${durationMs}ms`,
+  );
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naarang/ccc",
-  "version": "3.2.0-beta.1",
+  "version": "3.3.0-beta.1",
   "description": "Code Chat Connect - Control Claude Code from your mobile device",
   "type": "module",
   "main": "dist/index.js",

package/scripts/api-test-server.ts

@@ -0,0 +1,340 @@
+/**
+ * api-test-server.ts — echo backend for verifying the C3 mobile API
+ * client end-to-end.
+ *
+ * Run:
+ *   bun run scripts/api-test-server.ts          # listens on :3000
+ *   PORT=4000 bun run scripts/api-test-server.ts
+ *
+ * Then forward port 3000 from the C3 mobile app, open the API
+ * client, and hit `localhost:3000/<endpoint>` from any of the
+ * editor's body types.
+ *
+ * Routes:
+ *   ANY  /                       — Echo: method, headers, query,
+ *                                  body (auto-parsed by content-type),
+ *                                  duration, content-length.
+ *   ANY  /echo                   — Same as `/`. Two paths so users
+ *                                  can save requests against either.
+ *   GET  /status/:code           — Returns the given HTTP status code
+ *                                  (200, 404, 500, etc.) with a small
+ *                                  JSON body. Useful for verifying
+ *                                  status badge coloring.
+ *   GET  /delay?ms=N             — Sleeps N ms before responding 200.
+ *                                  Caps at 30s to avoid hangs.
+ *   GET  /large?bytes=N          — Streams N bytes of `A`s. Caps at
+ *                                  20 MB so the mobile 10 MB cap can
+ *                                  be exercised without OOM here.
+ *   GET  /headers                — Returns the request headers as
+ *                                  JSON. Useful for auth preset
+ *                                  verification (Authorization,
+ *                                  Bearer, custom X- headers).
+ *   GET  /redirect?to=URL        — 302 redirect to the given URL.
+ *                                  Lets you verify the client surfaces
+ *                                  the redirect rather than following
+ *                                  silently.
+ *   POST /upload                 — Accepts multipart/form-data with any
+ *                                  number of file and text fields.
+ *                                  Returns each field's metadata
+ *                                  (name, size, mimeType for files;
+ *                                  raw value for text).
+ *   POST /binary                 — Accepts a raw binary body. Returns
+ *                                  the byte count, content-type, and
+ *                                  a SHA-256 hex digest so the client
+ *                                  can verify integrity.
+ *   GET  /healthz                — Liveness check. Returns 200 OK.
+ *
+ * Logging: every request prints a one-line summary to stdout
+ * (method, path, status, duration). Bodies aren't logged to avoid
+ * leaking secrets while you're testing auth.
+ */
+
+const PORT = Number(process.env.PORT ?? 3000);
+
+const server = Bun.serve({
+  port: PORT,
+  hostname: '0.0.0.0',
+
+  async fetch(req) {
+    const start = Date.now();
+    const url = new URL(req.url);
+    const path = url.pathname;
+
+    let response: Response;
+    try {
+      response = await route(req, url, path);
+    } catch (err) {
+      response = jsonResponse(
+        500,
+        {
+          error: 'handler_error',
+          message: err instanceof Error ? err.message : String(err),
+        },
+      );
+    }
+
+    const duration = Date.now() - start;
+    log(req.method, path, response.status, duration);
+    return response;
+  },
+});
+
+console.log(`[api-test-server] listening on http://0.0.0.0:${server.port}`);
+console.log(`[api-test-server] try: curl http://localhost:${server.port}/`);
+
+// ────────────────────────────────────────────────────────────────────
+// Router
+// ────────────────────────────────────────────────────────────────────
+
+async function route(req: Request, url: URL, path: string): Promise<Response> {
+  // Health check — no body, fast path.
+  if (path === '/healthz') return new Response('ok', { status: 200 });
+
+  // Status-code probe.
+  const statusMatch = path.match(/^\/status\/(\d{3})$/);
+  if (statusMatch) {
+    const code = Number(statusMatch[1]);
+    return jsonResponse(code, { status: code, message: statusText(code) });
+  }
+
+  if (path === '/delay') return await handleDelay(url);
+  if (path === '/large') return handleLarge(url);
+  if (path === '/headers') return handleHeaders(req);
+  if (path === '/redirect') return handleRedirect(url);
+  if (path === '/upload') return await handleUpload(req);
+  if (path === '/binary') return await handleBinary(req);
+
+  // Default: echo.
+  if (path === '/' || path === '/echo') return await handleEcho(req, url);
+
+  return jsonResponse(404, { error: 'not_found', path });
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Handlers
+// ────────────────────────────────────────────────────────────────────
+
+async function handleEcho(req: Request, url: URL): Promise<Response> {
+  const headers = headerObject(req);
+  const query = Object.fromEntries(url.searchParams.entries());
+  const body = await parseRequestBody(req);
+
+  return jsonResponse(200, {
+    ok: true,
+    method: req.method,
+    path: url.pathname,
+    headers,
+    query,
+    body,
+  });
+}
+
+async function handleDelay(url: URL): Promise<Response> {
+  const ms = clamp(Number(url.searchParams.get('ms') ?? 1000), 0, 30_000);
+  await new Promise((r) => setTimeout(r, ms));
+  return jsonResponse(200, { ok: true, delayedMs: ms });
+}
+
+function handleLarge(url: URL): Response {
+  const requested = Number(url.searchParams.get('bytes') ?? 1024 * 1024);
+  const bytes = clamp(requested, 1, 20 * 1024 * 1024);
+  // Single allocation — `A`.charCodeAt = 0x41
+  const buf = new Uint8Array(bytes).fill(0x41);
+  return new Response(buf, {
+    status: 200,
+    headers: {
+      'content-type': 'text/plain; charset=utf-8',
+      'content-length': String(bytes),
+    },
+  });
+}
+
+function handleHeaders(req: Request): Response {
+  return jsonResponse(200, { headers: headerObject(req) });
+}
+
+function handleRedirect(url: URL): Response {
+  const to = url.searchParams.get('to') ?? '/';
+  return new Response(null, {
+    status: 302,
+    headers: { location: to },
+  });
+}
+
+async function handleUpload(req: Request): Promise<Response> {
+  const ct = req.headers.get('content-type') ?? '';
+  if (!ct.includes('multipart/form-data')) {
+    return jsonResponse(415, {
+      error: 'wrong_content_type',
+      expected: 'multipart/form-data',
+      got: ct,
+    });
+  }
+
+  const fd = await req.formData();
+  const fields: Array<Record<string, unknown>> = [];
+  for (const [key, value] of fd.entries()) {
+    if (value instanceof Blob) {
+      // Read enough bytes to compute a SHA-256 digest. We hash the
+      // whole file — if the test file is huge this will be slow, but
+      // honest checksums beat fast-but-misleading.
+      const buf = await value.arrayBuffer();
+      fields.push({
+        key,
+        kind: 'file',
+        // `name` exists when the client sent a `filename=` in the part.
+        name: (value as File).name ?? null,
+        mimeType: value.type || null,
+        size: buf.byteLength,
+        sha256: await sha256Hex(buf),
+      });
+    } else {
+      fields.push({ key, kind: 'text', value });
+    }
+  }
+  return jsonResponse(200, { ok: true, fields });
+}
+
+async function handleBinary(req: Request): Promise<Response> {
+  const ct = req.headers.get('content-type') ?? 'application/octet-stream';
+  const buf = await req.arrayBuffer();
+  return jsonResponse(200, {
+    ok: true,
+    contentType: ct,
+    size: buf.byteLength,
+    sha256: await sha256Hex(buf),
+  });
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Body parsing — auto-detect by Content-Type so JSON / form / text
+// each come back in their natural shape.
+// ────────────────────────────────────────────────────────────────────
+
+async function parseRequestBody(req: Request): Promise<unknown> {
+  if (req.method === 'GET' || req.method === 'HEAD') return null;
+
+  const ct = (req.headers.get('content-type') ?? '').toLowerCase();
+  if (!ct) {
+    // No content-type → try as text; empty body is fine.
+    const text = await req.text();
+    return text.length === 0 ? null : { kind: 'unknown', text };
+  }
+
+  if (ct.includes('application/json')) {
+    try {
+      return { kind: 'json', value: await req.json() };
+    } catch (err) {
+      const text = await req.text().catch(() => '');
+      return { kind: 'json_parse_error', error: String(err), raw: text };
+    }
+  }
+
+  if (ct.includes('application/x-www-form-urlencoded')) {
+    const text = await req.text();
+    const pairs: Record<string, string> = {};
+    for (const [k, v] of new URLSearchParams(text).entries()) pairs[k] = v;
+    return { kind: 'form-urlencoded', value: pairs };
+  }
+
+  if (ct.includes('multipart/form-data')) {
+    const fd = await req.formData();
+    const fields: Array<Record<string, unknown>> = [];
+    for (const [k, v] of fd.entries()) {
+      if (v instanceof Blob) {
+        const buf = await v.arrayBuffer();
+        fields.push({
+          key: k,
+          kind: 'file',
+          name: (v as File).name ?? null,
+          mimeType: v.type || null,
+          size: buf.byteLength,
+        });
+      } else {
+        fields.push({ key: k, kind: 'text', value: v });
+      }
+    }
+    return { kind: 'multipart', fields };
+  }
+
+  if (ct.includes('xml')) {
+    return { kind: 'xml', value: await req.text() };
+  }
+
+  if (ct.startsWith('text/')) {
+    return { kind: 'text', value: await req.text() };
+  }
+
+  // Anything else — treat as binary, return size + checksum so the
+  // client can verify integrity without us shipping the bytes back.
+  const buf = await req.arrayBuffer();
+  return {
+    kind: 'binary',
+    contentType: ct,
+    size: buf.byteLength,
+    sha256: await sha256Hex(buf),
+  };
+}
+
+// ────────────────────────────────────────────────────────────────────
+// Helpers
+// ────────────────────────────────────────────────────────────────────
+
+function headerObject(req: Request): Record<string, string> {
+  const out: Record<string, string> = {};
+  req.headers.forEach((v, k) => {
+    out[k] = v;
+  });
+  return out;
+}
+
+function jsonResponse(status: number, body: unknown): Response {
+  return new Response(JSON.stringify(body, null, 2), {
+    status,
+    headers: { 'content-type': 'application/json; charset=utf-8' },
+  });
+}
+
+function clamp(n: number, lo: number, hi: number): number {
+  if (!Number.isFinite(n)) return lo;
+  return Math.max(lo, Math.min(hi, n));
+}
+
+async function sha256Hex(buf: ArrayBuffer): Promise<string> {
+  const digest = await crypto.subtle.digest('SHA-256', buf);
+  return Array.from(new Uint8Array(digest))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+}
+
+function statusText(code: number): string {
+  // Spot-check common ones; everything else gets a generic label.
+  const known: Record<number, string> = {
+    200: 'OK',
+    201: 'Created',
+    204: 'No Content',
+    301: 'Moved Permanently',
+    302: 'Found',
+    400: 'Bad Request',
+    401: 'Unauthorized',
+    403: 'Forbidden',
+    404: 'Not Found',
+    409: 'Conflict',
+    418: "I'm a teapot",
+    422: 'Unprocessable Entity',
+    429: 'Too Many Requests',
+    500: 'Internal Server Error',
+    502: 'Bad Gateway',
+    503: 'Service Unavailable',
+    504: 'Gateway Timeout',
+  };
+  return known[code] ?? 'Status';
+}
+
+function log(method: string, path: string, status: number, durationMs: number): void {
+  const color = status >= 500 ? '\x1b[31m' : status >= 400 ? '\x1b[33m' : '\x1b[32m';
+  const reset = '\x1b[0m';
+  console.log(
+    `${color}${status}${reset} ${method.padEnd(6)} ${path}  ${durationMs}ms`,
+  );
+}