@openape/proxy 0.2.13 → 0.2.15

package/dist/index.js

@@ -0,0 +1,710 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { createServer } from "http";
+import { parseArgs } from "util";
+
+// src/config.ts
+import { readFileSync } from "fs";
+import { parse as parseTOML } from "smol-toml";
+function loadMultiAgentConfig(path, overrides) {
+  const raw = readFileSync(path, "utf-8");
+  let parsed;
+  if (path.endsWith(".json")) {
+    parsed = JSON.parse(raw);
+  } else {
+    parsed = parseTOML(raw);
+  }
+  const proxy = parsed.proxy;
+  if (!proxy?.listen) {
+    throw new Error("Config must have [proxy] with listen");
+  }
+  const baseProxy = {
+    listen: proxy.listen,
+    default_action: proxy.default_action ?? "block",
+    audit_log: proxy.audit_log,
+    mandatory_auth: overrides?.mandatoryAuth ?? proxy.mandatory_auth
+  };
+  if (Array.isArray(parsed.agents)) {
+    return {
+      proxy: baseProxy,
+      agents: parsed.agents
+    };
+  }
+  const idpUrl = proxy.idp_url;
+  const agentEmail = proxy.agent_email;
+  if (!idpUrl || !agentEmail) {
+    throw new Error("Single-agent config requires proxy.idp_url and proxy.agent_email");
+  }
+  return {
+    proxy: baseProxy,
+    agents: [{
+      email: agentEmail,
+      idp_url: idpUrl,
+      allow: parsed.allow ?? [],
+      deny: parsed.deny ?? [],
+      grant_required: parsed.grant_required ?? []
+    }]
+  };
+}
+
+// src/proxy.ts
+import { createHash } from "crypto";
+
+// src/matcher.ts
+function globMatch(pattern, value) {
+  const regex = new RegExp(
+    `^${pattern.replace(/[.+^${}()|[\]\\]/g, "\\$&").replace(/\*\*/g, "<<<DOUBLESTAR>>>").replace(/\*/g, "[^/]*").replace(/<<<DOUBLESTAR>>>/g, ".*")}$`
+  );
+  return regex.test(value);
+}
+function matchesRule(rule, domain, method, path) {
+  if (!globMatch(rule.domain, domain)) return false;
+  if (rule.methods && rule.methods.length > 0) {
+    if (!rule.methods.includes(method.toUpperCase())) return false;
+  }
+  if (rule.path) {
+    if (!globMatch(rule.path, path)) return false;
+  }
+  return true;
+}
+function evaluateRules(config2, domain, method, path) {
+  for (const rule of config2.deny) {
+    if (matchesRule(rule, domain, method, path)) {
+      return { type: "deny", note: rule.note };
+    }
+  }
+  for (const rule of config2.allow) {
+    if (matchesRule(rule, domain, method, path)) {
+      return { type: "allow" };
+    }
+  }
+  for (const rule of config2.grant_required) {
+    if (matchesRule(rule, domain, method, path)) {
+      return { type: "grant_required", rule };
+    }
+  }
+  if (config2.proxy.default_action === "block") {
+    return { type: "deny", note: "No matching rule (default: block)" };
+  }
+  return {
+    type: "grant_required",
+    rule: {
+      domain: "*",
+      grant_type: "once"
+    }
+  };
+}
+
+// src/auth.ts
+import { verifyJWT, createRemoteJWKS } from "@openape/core";
+var AuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthError";
+  }
+};
+async function verifyAgentAuth(authHeader, idpUrl, mandatory = false) {
+  if (!authHeader) {
+    if (mandatory) throw new AuthError("JWT required");
+    return null;
+  }
+  const match = authHeader.match(/^Bearer (.+)$/i);
+  if (!match) {
+    if (mandatory) throw new AuthError("Invalid authorization header");
+    return null;
+  }
+  const token = match[1];
+  try {
+    const jwks = createRemoteJWKS(`${idpUrl}/.well-known/jwks.json`);
+    const { payload } = await verifyJWT(token, jwks, { issuer: idpUrl });
+    if (payload.act !== "agent" || !payload.sub) {
+      if (mandatory) throw new AuthError("Invalid agent token");
+      return null;
+    }
+    return {
+      email: payload.sub,
+      act: "agent"
+    };
+  } catch (err) {
+    if (err instanceof AuthError) throw err;
+    if (mandatory) throw new AuthError("JWT verification failed");
+    return null;
+  }
+}
+
+// src/grants-client.ts
+var GrantsClient = class {
+  idpUrl;
+  agentToken;
+  constructor(idpUrl) {
+    this.idpUrl = idpUrl.replace(/\/$/, "");
+  }
+  setAgentToken(token) {
+    this.agentToken = token;
+  }
+  headers() {
+    const h = { "Content-Type": "application/json" };
+    if (this.agentToken) {
+      h.Authorization = `Bearer ${this.agentToken}`;
+    }
+    return h;
+  }
+  /**
+   * Create a grant request on the IdP.
+   */
+  async requestGrant(opts) {
+    const res = await fetch(`${this.idpUrl}/api/grants`, {
+      method: "POST",
+      headers: this.headers(),
+      body: JSON.stringify({
+        requester: opts.requester,
+        target_host: opts.targetHost,
+        audience: opts.audience,
+        grant_type: opts.grantType,
+        permissions: opts.permissions,
+        reason: opts.reason,
+        request_hash: opts.requestHash,
+        duration: opts.duration
+      })
+    });
+    if (!res.ok) {
+      throw new Error(`Grant request failed: ${res.status} ${await res.text()}`);
+    }
+    return res.json();
+  }
+  /**
+   * Poll a grant until it's approved, denied, or timeout.
+   */
+  async waitForApproval(grantId, timeoutMs = 3e5, pollIntervalMs = 2e3) {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+      const res = await fetch(`${this.idpUrl}/api/grants/${grantId}`, {
+        headers: this.headers()
+      });
+      if (!res.ok) {
+        throw new Error(`Grant poll failed: ${res.status}`);
+      }
+      const grant = await res.json();
+      if (grant.status !== "pending") {
+        return grant;
+      }
+      await new Promise((r) => setTimeout(r, pollIntervalMs));
+    }
+    throw new Error(`Grant approval timed out after ${timeoutMs}ms`);
+  }
+  /**
+   * Check if there's an existing approved grant for a host+audience+permissions combo.
+   * Ignores `once` grants (they're single-use).
+   */
+  async findExistingGrant(requester, targetHost, audience, permissions) {
+    const params = new URLSearchParams({
+      requester,
+      status: "approved"
+    });
+    const res = await fetch(`${this.idpUrl}/api/grants?${params}`, {
+      headers: this.headers()
+    });
+    if (!res.ok) return null;
+    const grants = await res.json();
+    const now = Math.floor(Date.now() / 1e3);
+    return grants.find((g) => {
+      if (g.status !== "approved") return false;
+      if (g.expires_at && g.expires_at <= now) return false;
+      if (g.request?.grant_type === "once") return false;
+      if (g.request?.target_host !== targetHost) return false;
+      if (g.request?.audience !== audience) return false;
+      if (permissions?.length && g.request?.permissions?.length) {
+        const grantedPerms = new Set(g.request.permissions);
+        if (!permissions.every((p) => grantedPerms.has(p))) return false;
+      }
+      return true;
+    }) ?? null;
+  }
+};
+
+// src/audit.ts
+import { appendFileSync } from "fs";
+var auditPath;
+function initAudit(path) {
+  auditPath = path;
+}
+function writeAudit(entry) {
+  const line = JSON.stringify(entry);
+  console.error(`[audit] ${entry.action} ${entry.method} ${entry.domain}${entry.path}${entry.grant_id ? ` grant=${entry.grant_id}` : ""}`);
+  if (auditPath) {
+    appendFileSync(auditPath, `${line}
+`);
+  }
+}
+
+// src/ssrf.ts
+import { resolve4, resolve6 } from "dns/promises";
+import { isIP } from "net";
+var PRIVATE_RANGES_V4 = [
+  { prefix: 2130706432, mask: 4278190080 },
+  // 127.0.0.0/8
+  { prefix: 167772160, mask: 4278190080 },
+  // 10.0.0.0/8
+  { prefix: 2886729728, mask: 4293918720 },
+  // 172.16.0.0/12
+  { prefix: 3232235520, mask: 4294901760 },
+  // 192.168.0.0/16
+  { prefix: 2851995648, mask: 4294901760 },
+  // 169.254.0.0/16
+  { prefix: 0, mask: 4278190080 }
+  // 0.0.0.0/8
+];
+function ipv4ToNumber(ip) {
+  const parts = ip.split(".").map(Number);
+  return (parts[0] << 24 | parts[1] << 16 | parts[2] << 8 | parts[3]) >>> 0;
+}
+function isPrivateIPv4(ip) {
+  const num = ipv4ToNumber(ip);
+  return PRIVATE_RANGES_V4.some((r) => (num & r.mask) >>> 0 === r.prefix);
+}
+function isPrivateIPv6(ip) {
+  const normalized = ip.toLowerCase();
+  if (normalized === "::1") return true;
+  if (normalized === "::") return true;
+  if (normalized.startsWith("fe8") || normalized.startsWith("fe9") || normalized.startsWith("fea") || normalized.startsWith("feb")) {
+    return true;
+  }
+  if (normalized.startsWith("fd")) return true;
+  const v4mapped = normalized.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/);
+  if (v4mapped) return isPrivateIPv4(v4mapped[1]);
+  return false;
+}
+function isPrivateIP(ip) {
+  if (isIP(ip) === 4) return isPrivateIPv4(ip);
+  if (isIP(ip) === 6) return isPrivateIPv6(ip);
+  return false;
+}
+async function isPrivateOrLoopback(hostname2) {
+  if (isIP(hostname2)) {
+    return isPrivateIP(hostname2);
+  }
+  if (hostname2 === "localhost") return true;
+  try {
+    const [v4, v6] = await Promise.allSettled([
+      resolve4(hostname2),
+      resolve6(hostname2)
+    ]);
+    const addrs = [];
+    if (v4.status === "fulfilled") addrs.push(...v4.value);
+    if (v6.status === "fulfilled") addrs.push(...v6.value);
+    if (addrs.length === 0) return true;
+    return addrs.some((addr) => isPrivateIP(addr));
+  } catch {
+    return true;
+  }
+}
+
+// src/connect.ts
+import { connect } from "net";
+async function handleConnect(config2, req, clientSocket, _head) {
+  const target = req.url ?? "";
+  const [host, portStr] = target.split(":");
+  const port2 = Number.parseInt(portStr || "443");
+  if (!host || !port2) {
+    clientSocket.write("HTTP/1.1 400 Bad Request\r\n\r\n");
+    clientSocket.destroy();
+    return;
+  }
+  const mandatoryAuth = config2.proxy.mandatory_auth ?? false;
+  let agentEmail;
+  try {
+    const authHeader = req.headers["proxy-authorization"];
+    let identity = null;
+    for (const agentConf of config2.agents) {
+      identity = await verifyAgentAuth(
+        authHeader ?? null,
+        agentConf.idp_url,
+        mandatoryAuth && config2.agents.length === 1
+      );
+      if (identity) break;
+    }
+    if (mandatoryAuth && !identity) {
+      throw new AuthError("JWT required");
+    }
+    agentEmail = identity?.email;
+    if (agentEmail) {
+      const known = config2.agents.find((a) => a.email === agentEmail);
+      if (!known) {
+        clientSocket.write("HTTP/1.1 403 Forbidden\r\n\r\n");
+        clientSocket.destroy();
+        return;
+      }
+    } else if (config2.agents.length > 1) {
+      throw new AuthError("JWT required for multi-agent proxy");
+    }
+  } catch (err) {
+    if (err instanceof AuthError) {
+      clientSocket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+      clientSocket.destroy();
+      return;
+    }
+    throw err;
+  }
+  if (await isPrivateOrLoopback(host)) {
+    writeAudit({
+      ts: (/* @__PURE__ */ new Date()).toISOString(),
+      agent: agentEmail ?? config2.agents[0]?.email ?? "unknown",
+      action: "deny",
+      domain: host,
+      method: "CONNECT",
+      path: target,
+      rule: "ssrf-blocked"
+    });
+    clientSocket.write("HTTP/1.1 403 Forbidden\r\n\r\n");
+    clientSocket.destroy();
+    return;
+  }
+  const targetSocket = connect(port2, host, () => {
+    clientSocket.write("HTTP/1.1 200 Connection Established\r\n\r\n");
+    targetSocket.pipe(clientSocket);
+    clientSocket.pipe(targetSocket);
+  });
+  targetSocket.on("error", () => {
+    clientSocket.write("HTTP/1.1 502 Bad Gateway\r\n\r\n");
+    clientSocket.destroy();
+  });
+  clientSocket.on("error", () => {
+    targetSocket.destroy();
+  });
+  clientSocket.on("close", () => targetSocket.destroy());
+  targetSocket.on("close", () => clientSocket.destroy());
+}
+
+// src/proxy.ts
+async function computeRequestHash(method, targetUrl, body) {
+  const hash = createHash("sha256");
+  hash.update(`${method} ${targetUrl}
+`);
+  if (body && body.byteLength > 0) {
+    hash.update(new Uint8Array(body));
+  }
+  return hash.digest("hex");
+}
+function createMultiAgentProxy(config2) {
+  const grantsClients = /* @__PURE__ */ new Map();
+  for (const agent of config2.agents) {
+    grantsClients.set(agent.email, new GrantsClient(agent.idp_url));
+  }
+  const mandatoryAuth = config2.proxy.mandatory_auth ?? false;
+  return {
+    port: Number.parseInt(config2.proxy.listen.split(":")[1] || "9090"),
+    hostname: config2.proxy.listen.split(":")[0] || "127.0.0.1",
+    async fetch(req) {
+      const url = new URL(req.url);
+      const startTime = Date.now();
+      if (url.pathname === "/healthz") {
+        return Response.json({
+          status: "ok",
+          agents: config2.agents.map((a) => a.email)
+        });
+      }
+      const targetUrl = url.pathname.slice(1) + url.search;
+      let targetParsed;
+      try {
+        targetParsed = new URL(targetUrl);
+      } catch {
+        return new Response(
+          "Invalid target URL. Send requests as: http://proxy:port/https://target.com/path",
+          { status: 400 }
+        );
+      }
+      const domain = targetParsed.hostname;
+      const method = req.method;
+      const path = targetParsed.pathname;
+      if (await isPrivateOrLoopback(domain)) {
+        return new Response("Blocked: private/loopback IP", { status: 403 });
+      }
+      const bodyBuffer = req.body ? await req.arrayBuffer() : null;
+      let agentIdentity = null;
+      try {
+        for (const agentConf2 of config2.agents) {
+          agentIdentity = await verifyAgentAuth(
+            req.headers.get("proxy-authorization"),
+            agentConf2.idp_url,
+            mandatoryAuth && config2.agents.length === 1
+          );
+          if (agentIdentity) break;
+        }
+        if (mandatoryAuth && !agentIdentity) {
+          throw new AuthError("JWT required");
+        }
+      } catch (err) {
+        if (err instanceof AuthError) {
+          return new Response(`Unauthorized: ${err.message}`, { status: 401 });
+        }
+        throw err;
+      }
+      const agentEmail = agentIdentity?.email;
+      let agentConf;
+      if (agentEmail) {
+        agentConf = config2.agents.find((a) => a.email === agentEmail);
+        if (!agentConf) {
+          return new Response(`Forbidden: unknown agent ${agentEmail}`, { status: 403 });
+        }
+      } else if (config2.agents.length === 1) {
+        agentConf = config2.agents[0];
+      } else {
+        return new Response("Unauthorized: JWT required for multi-agent proxy", { status: 401 });
+      }
+      const effectiveEmail = agentEmail ?? agentConf.email;
+      const grantsClient = grantsClients.get(agentConf.email);
+      const rulesConfig = {
+        proxy: {
+          listen: config2.proxy.listen,
+          idp_url: agentConf.idp_url,
+          agent_email: agentConf.email,
+          default_action: config2.proxy.default_action
+        },
+        allow: agentConf.allow ?? [],
+        deny: agentConf.deny ?? [],
+        grant_required: agentConf.grant_required ?? []
+      };
+      const action = evaluateRules(rulesConfig, domain, method, path);
+      const baseAudit = {
+        ts: (/* @__PURE__ */ new Date()).toISOString(),
+        agent: effectiveEmail,
+        domain,
+        method,
+        path
+      };
+      if (action.type === "deny") {
+        writeAudit({ ...baseAudit, action: "deny", rule: "deny-list", grant_id: null });
+        return new Response(`Blocked: ${action.note || "deny rule"}`, { status: 403 });
+      }
+      if (action.type === "allow") {
+        writeAudit({ ...baseAudit, action: "allow", rule: "allow-list", grant_id: null });
+        return forwardRequest(req, targetUrl, bodyBuffer);
+      }
+      const rule = action.rule;
+      const permissions = rule.permissions ?? [`${method.toLowerCase()}:${domain}`];
+      const requestHash = await computeRequestHash(method, targetUrl, bodyBuffer);
+      const existing = await grantsClient.findExistingGrant(
+        effectiveEmail,
+        domain,
+        "proxy",
+        permissions
+      ).catch(() => null);
+      if (existing) {
+        writeAudit({
+          ...baseAudit,
+          action: "grant_approved",
+          rule: "standing-grant",
+          grant_id: existing.id,
+          request_hash: requestHash
+        });
+        return forwardRequest(req, targetUrl, bodyBuffer);
+      }
+      if (config2.proxy.default_action === "block") {
+        writeAudit({ ...baseAudit, action: "deny", rule: "no-grant (block mode)", grant_id: null });
+        return new Response("No grant \u2014 blocked", { status: 403 });
+      }
+      if (config2.proxy.default_action === "request-async") {
+        const grant = await grantsClient.requestGrant({
+          requester: effectiveEmail,
+          targetHost: domain,
+          audience: "proxy",
+          grantType: rule.grant_type,
+          permissions,
+          reason: `${method} ${targetUrl}`,
+          requestHash,
+          duration: rule.duration
+        }).catch(() => null);
+        writeAudit({
+          ...baseAudit,
+          action: "grant_denied",
+          rule: "grant_required (async)",
+          grant_id: grant?.id ?? null
+        });
+        return new Response(
+          JSON.stringify({
+            error: "Grant required",
+            grant_id: grant?.id,
+            message: "Grant request created. Retry after approval."
+          }),
+          { status: 407, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      console.error(`[proxy] Requesting grant for ${method} ${domain}${path} \u2014 waiting for approval...`);
+      try {
+        const grant = await grantsClient.requestGrant({
+          requester: effectiveEmail,
+          targetHost: domain,
+          audience: "proxy",
+          grantType: rule.grant_type,
+          permissions,
+          reason: `${method} ${targetUrl}`,
+          requestHash,
+          duration: rule.duration
+        });
+        const approved = await grantsClient.waitForApproval(grant.id);
+        const waitedMs = Date.now() - startTime;
+        if (approved.status === "approved") {
+          writeAudit({
+            ...baseAudit,
+            action: "grant_approved",
+            rule: "grant_required",
+            grant_id: approved.id,
+            request_hash: requestHash,
+            waited_ms: waitedMs
+          });
+          return forwardRequest(req, targetUrl, bodyBuffer);
+        }
+        writeAudit({
+          ...baseAudit,
+          action: "grant_denied",
+          rule: "grant_required",
+          grant_id: approved.id,
+          waited_ms: waitedMs
+        });
+        return new Response(`Grant denied by ${approved.decided_by}`, { status: 403 });
+      } catch (err) {
+        const msg = err instanceof Error ? err.message : "Unknown error";
+        writeAudit({
+          ...baseAudit,
+          action: "grant_timeout",
+          rule: "grant_required",
+          error: msg
+        });
+        return new Response(`Grant request failed: ${msg}`, { status: 504 });
+      }
+    }
+  };
+}
+function createNodeHandler(config2) {
+  const proxy = createMultiAgentProxy(config2);
+  return {
+    handleRequest(req, res) {
+      const url = `http://${req.headers.host || "localhost"}${req.url || "/"}`;
+      const chunks = [];
+      req.on("data", (chunk) => chunks.push(chunk));
+      req.on("end", async () => {
+        try {
+          const body = chunks.length > 0 ? Buffer.concat(chunks) : void 0;
+          const headers = new Headers();
+          for (const [key, value] of Object.entries(req.headers)) {
+            if (value) {
+              headers.set(key, Array.isArray(value) ? value.join(", ") : value);
+            }
+          }
+          const request = new Request(url, {
+            method: req.method,
+            headers,
+            body: body && req.method !== "GET" && req.method !== "HEAD" ? body : void 0,
+            duplex: "half"
+          });
+          const response = await proxy.fetch(request);
+          res.writeHead(response.status, response.statusText, Object.fromEntries(response.headers));
+          if (response.body) {
+            const reader = response.body.getReader();
+            const pump = async () => {
+              const { done, value } = await reader.read();
+              if (done) {
+                res.end();
+                return;
+              }
+              res.write(value);
+              return pump();
+            };
+            await pump();
+          } else {
+            res.end();
+          }
+        } catch {
+          res.writeHead(502);
+          res.end("Proxy error");
+        }
+      });
+    },
+    handleConnect(req, socket, head) {
+      handleConnect(config2, req, socket, head);
+    }
+  };
+}
+async function forwardRequest(originalReq, targetUrl, cachedBody) {
+  const headers = new Headers(originalReq.headers);
+  headers.delete("proxy-authorization");
+  headers.delete("proxy-connection");
+  headers.delete("host");
+  const body = cachedBody && cachedBody.byteLength > 0 ? cachedBody : null;
+  try {
+    const res = await fetch(targetUrl, {
+      method: originalReq.method,
+      headers,
+      body,
+      duplex: "half",
+      redirect: "manual"
+    });
+    const responseHeaders = new Headers(res.headers);
+    responseHeaders.delete("transfer-encoding");
+    responseHeaders.delete("connection");
+    return new Response(res.body, {
+      status: res.status,
+      statusText: res.statusText,
+      headers: responseHeaders
+    });
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : "Upstream error";
+    return new Response(`Proxy error: ${msg}`, { status: 502 });
+  }
+}
+
+// src/index.ts
+var { values } = parseArgs({
+  options: {
+    config: { type: "string", short: "c", default: "config.toml" },
+    "dry-run": { type: "boolean", default: false },
+    "mandatory-auth": { type: "boolean", default: false }
+  }
+});
+var configPath = values.config;
+console.log(`[openape-proxy] Loading config from ${configPath}`);
+var config = loadMultiAgentConfig(configPath, {
+  mandatoryAuth: values["mandatory-auth"] || void 0
+});
+initAudit(config.proxy.audit_log);
+if (values["dry-run"]) {
+  console.log("[openape-proxy] DRY RUN mode \u2014 logging only, not blocking");
+  console.log("[openape-proxy] Config loaded:");
+  console.log(`  Listen: ${config.proxy.listen}`);
+  console.log(`  Default action: ${config.proxy.default_action}`);
+  console.log(`  Mandatory auth: ${config.proxy.mandatory_auth ?? false}`);
+  console.log(`  Agents: ${config.agents.length}`);
+  for (const agent of config.agents) {
+    const allowCount = agent.allow?.length ?? 0;
+    const denyCount = agent.deny?.length ?? 0;
+    const grantCount = agent.grant_required?.length ?? 0;
+    console.log(`    ${agent.email} (${agent.idp_url}) \u2014 ${allowCount} allow, ${denyCount} deny, ${grantCount} grant`);
+  }
+  process.exit(0);
+}
+var handler = createNodeHandler(config);
+var port = Number.parseInt(config.proxy.listen.split(":")[1] || "9090");
+var hostname = config.proxy.listen.split(":")[0] || "127.0.0.1";
+var server = createServer(handler.handleRequest);
+server.on("connect", handler.handleConnect);
+server.listen(port, hostname, () => {
+  const addr = server.address();
+  const actualPort = typeof addr === "object" && addr ? addr.port : port;
+  console.log(`[openape-proxy] Listening on http://${hostname}:${actualPort}`);
+  console.log(`[openape-proxy] CONNECT tunneling enabled`);
+  console.log(`[openape-proxy] Mandatory auth: ${config.proxy.mandatory_auth ?? false}`);
+  console.log(`[openape-proxy] Agents: ${config.agents.map((a) => a.email).join(", ")}`);
+  console.log(`[openape-proxy] Default action: ${config.proxy.default_action}`);
+});
+process.on("SIGINT", () => {
+  console.log("\n[openape-proxy] Shutting down...");
+  server.close();
+  process.exit(0);
+});
+process.on("SIGTERM", () => {
+  console.log("[openape-proxy] Shutting down...");
+  server.close();
+  process.exit(0);
+});
+//# sourceMappingURL=index.js.map