@rip-lang/server 0.5.0

package/server.rip

@@ -0,0 +1,1082 @@
+# ==============================================================================
+# @rip-lang/server — Pure Rip Application Server
+# ==============================================================================
+#
+# A multi-worker application server written entirely in Rip.
+# Provides hot reloading, HTTPS, mDNS, and production-grade features.
+#
+# Usage:
+#   bun server.rip <app-path>              # Start server
+#   bun server.rip <app-path>@alias        # Start with mDNS alias
+#   bun server.rip stop                    # Stop server
+#   bun server.rip list                    # List registered hosts
+# ==============================================================================
+
+import { existsSync, statSync, readFileSync, unlinkSync, mkdirSync } from 'node:fs'
+import { basename, dirname, isAbsolute, join, resolve } from 'node:path'
+import { homedir, cpus } from 'node:os'
+import { X509Certificate } from 'node:crypto'
+
+# Match capture holder for Rip's =~
+_ = null
+
+# ==============================================================================
+# Utilities
+# ==============================================================================
+
+nowMs = -> Date.now()
+
+getWorkerSocketPath = (prefix, id) -> "/tmp/#{prefix}.#{id}.sock"
+getControlSocketPath = (prefix) -> "/tmp/#{prefix}.ctl.sock"
+
+coerceInt = (value, fallback) ->
+  return fallback unless value? and value isnt ''
+  n = parseInt(String(value))
+  if Number.isFinite(n) then n else fallback
+
+isDev = ->
+  env = (process.env.NODE_ENV or '').toLowerCase()
+  env in ['development', 'dev', '']
+
+formatTimestamp = ->
+  now = new Date()
+  pad = (n, w = 2) -> String(n).padStart(w, '0')
+  timestamp = "#{now.getFullYear()}-#{pad(now.getMonth() + 1)}-#{pad(now.getDate())} #{pad(now.getHours())}:#{pad(now.getMinutes())}:#{pad(now.getSeconds())}.#{String(now.getMilliseconds()).padStart(3, '0')}"
+  tzMin = now.getTimezoneOffset()
+  tzSign = if tzMin <= 0 then '+' else '-'
+  tzAbs = Math.abs(tzMin)
+  timezone = "#{tzSign}#{String(Math.floor(tzAbs / 60)).padStart(2, '0')}#{String(tzAbs % 60).padStart(2, '0')}"
+  { timestamp, timezone }
+
+scale = (value, unit, pad = true) ->
+  if value > 0 and Number.isFinite(value)
+    span = ['T', 'G', 'M', 'k', (if pad then ' ' else ''), 'm', 'µ', 'n', 'p']
+    base = 4
+    minSlot = 0
+    maxSlot = span.length - 1
+    slot = base
+
+    while value < 0.05 and slot <= maxSlot
+      value *= 1000
+      slot++
+    while value >= 999.5 and slot >= minSlot
+      value /= 1000
+      slot--
+
+    if slot >= minSlot and slot <= maxSlot
+      tens = Math.round(value * 10) / 10
+      if tens >= 99.5
+        nums = Math.round(value).toString()
+      else if tens >= 10
+        nums = Math.round(value).toString()
+      else
+        nums = tens.toFixed(1)
+      nums = nums.padStart(3, ' ') if pad
+      return "#{nums}#{span[slot]}#{unit}"
+
+  return (if pad then '  0 ' else '0') + unit if value is 0
+  '???' + (if pad then ' ' else '') + unit
+
+logAccessJson = (app, req, res, totalSeconds, workerSeconds) ->
+  url = new URL(req.url)
+  len = res.headers.get('content-length')
+  type = (res.headers.get('content-type') or '').split(';')[0] or undefined
+  console.log JSON.stringify
+    t: new Date().toISOString()
+    app: app
+    method: req.method or 'GET'
+    path: url.pathname
+    status: res.status
+    totalSeconds: totalSeconds
+    workerSeconds: workerSeconds
+    type: type
+    length: if len then Number(len) else undefined
+
+logAccessHuman = (app, req, res, totalSeconds, workerSeconds) ->
+  { timestamp, timezone } = formatTimestamp()
+  d1 = scale(totalSeconds, 's')
+  d2 = scale(workerSeconds, 's')
+  method = req.method or 'GET'
+  url = new URL(req.url)
+  path = url.pathname
+  status = res.status
+  lenHeader = res.headers.get('content-length') or ''
+  len = if lenHeader then "#{lenHeader}B" else ''
+  contentType = (res.headers.get('content-type') or '').split(';')[0] or ''
+  type = if contentType.includes('/') then contentType.split('/')[1] else contentType
+  console.log "[#{timestamp} #{timezone} #{d1} #{d2}] #{method} #{path} → #{status} #{type} #{len}"
+
+INTERNAL_HEADERS = new Set(['rip-worker-busy', 'rip-worker-id'])
+
+stripInternalHeaders = (h) ->
+  out = new Headers()
+  for [k, v] from h.entries()
+    continue if INTERNAL_HEADERS.has(k.toLowerCase())
+    out.append(k, v)
+  out
+
+# ==============================================================================
+# Flag Parsing
+# ==============================================================================
+
+parseWorkersToken = (token, fallback) ->
+  return fallback unless token
+  cores = cpus().length
+  return Math.max(1, cores) if token is 'auto'
+  return Math.max(1, Math.floor(cores / 2)) if token is 'half'
+  return Math.max(1, cores * 2) if token is '2x'
+  return Math.max(1, cores * 3) if token is '3x'
+  n = parseInt(token)
+  if Number.isFinite(n) and n > 0 then n else fallback
+
+parseRestartPolicy = (token, defReqs, defSecs, defReloads) ->
+  return { maxRequests: defReqs, maxSeconds: defSecs, maxReloads: defReloads } unless token
+  maxRequests = defReqs
+  maxSeconds = defSecs
+  maxReloads = defReloads
+
+  for part in token.split(',').map((s) -> s.trim()).filter(Boolean)
+    if part.endsWith('s')
+      secs = parseInt(part.slice(0, -1))
+      maxSeconds = secs if Number.isFinite(secs) and secs >= 0
+    else if part.endsWith('r')
+      rls = parseInt(part.slice(0, -1))
+      maxReloads = rls if Number.isFinite(rls) and rls >= 0
+    else
+      n = parseInt(part)
+      maxRequests = n if Number.isFinite(n) and n > 0
+
+  { maxRequests, maxSeconds, maxReloads }
+
+resolveAppEntry = (appPathInput) ->
+  abs = if isAbsolute(appPathInput) then appPathInput else resolve(process.cwd(), appPathInput)
+
+  if existsSync(abs) and statSync(abs).isDirectory()
+    baseDir = abs
+    one = join(abs, 'index.rip')
+    two = join(abs, 'index.ts')
+    if existsSync(one)
+      entryPath = one
+    else if existsSync(two)
+      entryPath = two
+    else
+      console.error "No app entry found. Probed: #{one}, #{two}"
+      process.exit(2)
+  else
+    unless existsSync(abs)
+      console.error "App path not found: #{abs}"
+      process.exit(2)
+    baseDir = dirname(abs)
+    entryPath = abs
+
+  appName = basename(baseDir)
+  { baseDir, entryPath, appName }
+
+parseFlags = (argv) ->
+  rawFlags = new Set()
+  appPathInput = null
+  appAliases = []
+
+  tryResolveApp = (tok) ->
+    looksLikePath = tok.includes('/') or tok.startsWith('.') or isAbsolute(tok) or tok.endsWith('.rip') or tok.endsWith('.ts')
+    return undefined unless looksLikePath
+    try
+      abs = if isAbsolute(tok) then tok else resolve(process.cwd(), tok)
+      if existsSync(abs) then tok else undefined
+    catch
+      undefined
+
+  for i in [2...argv.length]
+    tok = argv[i]
+    unless appPathInput
+      if tok.includes('@')
+        [pathPart, aliasesPart] = tok.split('@')
+        maybe = tryResolveApp(pathPart)
+        if maybe
+          appPathInput = maybe
+          appAliases = aliasesPart.split(',').map((a) -> a.trim()).filter((a) -> a)
+          continue
+      maybe = tryResolveApp(tok)
+      if maybe
+        appPathInput = maybe
+        continue
+    rawFlags.add(tok)
+
+  unless appPathInput
+    console.error 'Usage: bun server.rip [flags] <app-path>'
+    console.error '       bun server.rip [flags] <app-path>@<alias1>,<alias2>,...'
+    process.exit(2)
+
+  getKV = (prefix) ->
+    for f from rawFlags
+      return f.slice(prefix.length) if f.startsWith(prefix)
+    undefined
+
+  has = (name) -> rawFlags.has(name)
+
+  { baseDir, entryPath, appName } = resolveAppEntry(appPathInput)
+  appAliases = [appName] if appAliases.length is 0
+
+  # Parse listener tokens
+  tokens = Array.from(rawFlags)
+  bareIntPort = null
+  hasHttpsKeyword = false
+  httpsPortToken = null
+  hasHttpKeyword = false
+  httpPortToken = null
+
+  for t in tokens
+    if /^\d+$/.test(t)
+      bareIntPort = parseInt(t)
+    else if t is 'https'
+      hasHttpsKeyword = true
+    else if t.startsWith('https:')
+      httpsPortToken = coerceInt(t.slice(6), 0)
+    else if t is 'http'
+      hasHttpKeyword = true
+    else if t.startsWith('http:')
+      httpPortToken = coerceInt(t.slice(5), 0)
+
+  httpsIntent = bareIntPort? or hasHttpsKeyword or httpsPortToken?
+  httpIntent = hasHttpKeyword or httpPortToken?
+  httpsIntent = true unless httpsIntent or httpIntent
+
+  httpPort = if httpIntent then (httpPortToken ? 0) else 0
+  httpsPortDerived = if not httpIntent then (bareIntPort or httpsPortToken or 0) else null
+
+  socketPrefixOverride = getKV('--socket-prefix=')
+  socketPrefix = socketPrefixOverride or "rip_#{appName}"
+
+  cores = cpus().length
+  workers = parseWorkersToken(getKV('w:'), Math.max(1, Math.floor(cores / 2)))
+
+  policy = parseRestartPolicy(
+    getKV('r:'),
+    coerceInt(process.env.RIP_MAX_REQUESTS, 10000),
+    coerceInt(process.env.RIP_MAX_SECONDS, 3600),
+    coerceInt(process.env.RIP_MAX_RELOADS, 10)
+  )
+
+  reloadFlag = getKV('--reload=') or process.env.RIP_RELOAD
+  reload = if reloadFlag in ['none', 'process', 'module'] then reloadFlag else 'process'
+
+  httpsPort = do ->
+    kv = getKV('--https-port=')
+    return coerceInt(kv, 443) if kv?
+    httpsPortDerived
+
+  {
+    appPath: resolve(appPathInput)
+    appBaseDir: baseDir
+    appEntry: entryPath
+    appName
+    appAliases
+    workers
+    maxRequestsPerWorker: policy.maxRequests
+    maxSecondsPerWorker: policy.maxSeconds
+    maxReloadsPerWorker: policy.maxReloads
+    httpPort
+    httpsPort
+    certPath: getKV('--cert=')
+    keyPath: getKV('--key=')
+    autoTls: has('--auto-tls')
+    hsts: has('--hsts')
+    redirectHttp: not has('--no-redirect-http')
+    reload
+    socketPrefix
+    maxQueue: coerceInt(getKV('--max-queue='), coerceInt(process.env.RIP_MAX_QUEUE, 8192))
+    queueTimeoutMs: coerceInt(getKV('--queue-timeout-ms='), coerceInt(process.env.RIP_QUEUE_TIMEOUT_MS, 2000))
+    connectTimeoutMs: coerceInt(getKV('--connect-timeout-ms='), coerceInt(process.env.RIP_CONNECT_TIMEOUT_MS, 200))
+    readTimeoutMs: coerceInt(getKV('--read-timeout-ms='), coerceInt(process.env.RIP_READ_TIMEOUT_MS, 5000))
+    jsonLogging: has('--json-logging')
+    accessLog: not has('--no-access-log')
+  }
+
+# ==============================================================================
+# Worker Mode
+# ==============================================================================
+
+runWorker = ->
+  workerId = parseInt(process.env.WORKER_ID or '0')
+  maxRequests = parseInt(process.env.MAX_REQUESTS or '10000')
+  maxReloads = parseInt(process.env.MAX_RELOADS or '10')
+  maxSeconds = parseInt(process.env.MAX_SECONDS or '0')
+  appEntry = process.env.APP_ENTRY
+  socketPath = process.env.SOCKET_PATH
+  hotReloadMode = process.env.RIP_RELOAD or 'none'
+  socketPrefix = process.env.SOCKET_PREFIX
+  version = parseInt(process.env.RIP_VERSION or '1')
+
+  appReady = false
+  inflight = false
+  handled = 0
+  startedAtMs = Date.now()
+  lastMtime = 0
+  cachedHandler = null
+  hotReloadCount = 0
+  lastCheckTime = 0
+  CHECK_INTERVAL_MS = 100
+
+  checkForChanges = ->
+    return false unless hotReloadMode is 'module'
+    now = Date.now()
+    return false if now - lastCheckTime < CHECK_INTERVAL_MS
+    lastCheckTime = now
+    try
+      stats = statSync(appEntry)
+      currentMtime = stats.mtime.getTime()
+      if lastMtime is 0
+        lastMtime = currentMtime
+        return false
+      if currentMtime > lastMtime
+        lastMtime = currentMtime
+        return true
+      false
+    catch
+      false
+
+  getHandler = ->
+    hasChanged = checkForChanges()
+    if hasChanged
+      hotReloadCount++
+      console.log "[worker #{workerId}] File changed, reloading... (#{hotReloadCount}/#{maxReloads})"
+      cachedHandler = null
+
+      if hotReloadCount >= maxReloads
+        console.log "[worker #{workerId}] Reached maxReloads (#{maxReloads}), graceful exit"
+        setTimeout (-> process.exit(0)), 100
+        return -> new Response('Worker cycling', { status: 503 })
+
+    return cachedHandler if cachedHandler and not hasChanged
+
+    try
+      # Try to import the API for resetGlobals
+      api = null
+      try
+        api = await import('@rip-lang/api')
+      catch
+        null
+
+      api?.resetGlobals?()
+
+      bustQuery = if hotReloadMode is 'module' then "?bust=#{Date.now()}" else ''
+      mod = await import(appEntry + bustQuery)
+      fresh = mod.default or mod
+
+      if typeof fresh is 'function'
+        h = fresh
+      else if fresh?.fetch?
+        h = fresh.fetch.bind(fresh)
+      else
+        h = null
+
+      h = api?.startHandler?() unless h
+      cachedHandler = h or cachedHandler
+      cachedHandler or (-> new Response('not ready', { status: 503 }))
+    catch e
+      console.error "[worker #{workerId}] import failed:", e if process.env.RIP_DEBUG
+      cachedHandler or (-> new Response('not ready', { status: 503 }))
+
+  selfJoin = ->
+    try
+      payload = { op: 'join', workerId, pid: process.pid, socket: socketPath, version }
+      body = JSON.stringify(payload)
+      ctl = getControlSocketPath(socketPrefix)
+      fetch!('http://localhost/worker', { method: 'POST', body, headers: { 'content-type': 'application/json' }, unix: ctl })
+    catch
+      null
+
+  selfQuit = ->
+    try
+      payload = { op: 'quit', workerId }
+      body = JSON.stringify(payload)
+      ctl = getControlSocketPath(socketPrefix)
+      fetch!('http://localhost/worker', { method: 'POST', body, headers: { 'content-type': 'application/json' }, unix: ctl })
+    catch
+      null
+
+  # Preload handler
+  try
+    initial = getHandler!
+    appReady = typeof initial is 'function'
+  catch
+    null
+
+  server = Bun.serve
+    unix: socketPath
+    maxRequestBodySize: 100 * 1024 * 1024
+    fetch: (req) ->
+      url = new URL(req.url)
+      return new Response(if appReady then 'ok' else 'not-ready') if url.pathname is '/ready'
+
+      if inflight
+        return new Response 'busy',
+          status: 503
+          headers: { 'Rip-Worker-Busy': '1', 'Retry-After': '0', 'Rip-Worker-Id': String(workerId) }
+
+      handlerFn = getHandler!
+      appReady = typeof handlerFn is 'function'
+      inflight = true
+
+      try
+        return new Response('not ready', { status: 503 }) unless typeof handlerFn is 'function'
+        res = handlerFn!(req)
+        res = res!(req) if typeof res is 'function'
+        if res instanceof Response then res else new Response(String(res))
+      catch
+        new Response('error', { status: 500 })
+      finally
+        inflight = false
+        handled++
+        exceededReqs = handled >= maxRequests
+        exceededTime = maxSeconds > 0 and (Date.now() - startedAtMs) / 1000 >= maxSeconds
+        setTimeout (-> process.exit(0)), 10 if exceededReqs or exceededTime
+
+  selfJoin!
+
+  shutdown = ->
+    while inflight
+      await new Promise (r) -> setTimeout(r, 10)
+    try server.stop() catch then null
+    selfQuit!
+    process.exit(0)
+
+  process.on 'SIGTERM', shutdown
+  process.on 'SIGINT', shutdown
+
+# ==============================================================================
+# Manager Class
+# ==============================================================================
+
+class Manager
+  constructor: (@flags) ->
+    @workers = []
+    @shuttingDown = false
+    @lastCheck = 0
+    @currentMtime = 0
+    @isRolling = false
+    @lastRollAt = 0
+    @nextWorkerId = -1
+    @retiringIds = new Set()
+    @currentVersion = 1
+
+    process.on 'SIGTERM', => @shutdown!
+    process.on 'SIGINT', => @shutdown!
+
+  start: ->
+    @stop!
+    @workers = []
+    for i in [0...@flags.workers]
+      w = @spawnWorker!(@currentVersion)
+      @workers.push(w)
+
+    if @flags.reload is 'process'
+      @currentMtime = @getEntryMtime()
+      interval = setInterval =>
+        return clearInterval(interval) if @shuttingDown
+        now = Date.now()
+        return if now - @lastCheck < 100
+        @lastCheck = now
+        mt = @getEntryMtime()
+        if mt > @currentMtime
+          return if @isRolling or (now - @lastRollAt) < 200
+          @currentMtime = mt
+          @isRolling = true
+          @lastRollAt = now
+          @rollingRestart!.finally => @isRolling = false
+      , 50
+
+  stop: ->
+    for w in @workers
+      try w.process.kill() catch then null
+      try w.process.exited catch then null
+      try Bun.spawn(['rm', '-f', w.socketPath]).exited catch then null
+    @workers = []
+
+  spawnWorker: (version) ->
+    workerId = ++@nextWorkerId
+    socketPath = getWorkerSocketPath(@flags.socketPrefix, workerId)
+    try Bun.spawn(['rm', '-f', socketPath]).exited catch then null
+
+    workerEnv = Object.assign {}, process.env,
+      RIP_WORKER_MODE: '1'
+      WORKER_ID: String(workerId)
+      SOCKET_PATH: socketPath
+      SOCKET_PREFIX: @flags.socketPrefix
+      APP_ENTRY: @flags.appEntry
+      MAX_REQUESTS: String(@flags.maxRequestsPerWorker)
+      MAX_RELOADS: String(@flags.maxReloadsPerWorker)
+      MAX_SECONDS: String(@flags.maxSecondsPerWorker)
+      RIP_LOG_JSON: if @flags.jsonLogging then '1' else '0'
+      RIP_RELOAD: @flags.reload
+      RIP_VERSION: String(version or @currentVersion)
+
+    proc = Bun.spawn ['bun', '--preload', './rip-loader.js', __filename],
+      stdout: 'inherit'
+      stderr: 'inherit'
+      stdin: 'ignore'
+      cwd: process.cwd()
+      env: workerEnv
+
+    tracked = { id: workerId, process: proc, socketPath, restartCount: 0, backoffMs: 1000, startedAt: nowMs() }
+    @monitor(tracked)
+    tracked
+
+  monitor: (w) ->
+    w.process.exited
+    return if @shuttingDown
+    return if @retiringIds.has(w.id)
+    w.restartCount++
+    w.backoffMs = Math.min(w.backoffMs * 2, 30000)
+    return if w.restartCount > 10
+    await new Promise (r) -> setTimeout(r, w.backoffMs)
+    idx = @workers.findIndex((x) -> x.id is w.id)
+    @workers[idx] = @spawnWorker!() if idx >= 0
+
+  waitWorkerReady: (socketPath, timeoutMs = 5000) ->
+    start = Date.now()
+    while Date.now() - start < timeoutMs
+      try
+        res = fetch!('http://localhost/ready', { unix: socketPath, method: 'GET' })
+        if res.ok
+          txt = res.text!
+          return true if txt is 'ok'
+      catch
+        null
+      await new Promise (r) -> setTimeout(r, 30)
+    false
+
+  rollingRestart: ->
+    olds = [...@workers]
+    pairs = []
+    @currentVersion++
+
+    for oldWorker in olds
+      replacement = @spawnWorker!(@currentVersion)
+      @workers.push(replacement)
+      pairs.push({ old: oldWorker, replacement })
+
+    Promise.all!(pairs.map((p) => @waitWorkerReady(p.replacement.socketPath, 3000)))
+
+    for { old } in pairs
+      @retiringIds.add(old.id)
+      try old.process.kill() catch then null
+
+    Promise.all!(pairs.map(({ old }) -> old.process.exited.catch(-> null)))
+
+    retiring = new Set(pairs.map((p) -> p.old.id))
+    @workers = @workers.filter((w) -> not retiring.has(w.id))
+    @retiringIds.delete(id) for id from retiring
+
+  shutdown: ->
+    return if @shuttingDown
+    @shuttingDown = true
+    @stop!
+    process.exit(0)
+
+  getEntryMtime: ->
+    try statSync(@flags.appEntry).mtimeMs catch then 0
+
+# ==============================================================================
+# Server Class
+# ==============================================================================
+
+class Server
+  constructor: (@flags) ->
+    @server = null
+    @httpsServer = null
+    @control = null
+    @sockets = []
+    @availableWorkers = []
+    @inflightTotal = 0
+    @queue = []
+    @startedAt = nowMs()
+    @newestVersion = null
+    @httpsActive = false
+    @hostRegistry = new Set(['localhost', '127.0.0.1', 'rip.local'])
+    @mdnsProcesses = new Map()
+
+    for alias in @flags.appAliases
+      host = if alias.includes('.') then alias else "#{alias}.local"
+      @hostRegistry.add(host)
+
+  start: ->
+    httpOnly = @flags.httpsPort is null
+
+    startOnPort = (p, fetchFn) =>
+      port = p
+      while true
+        try
+          return Bun.serve({ port, idleTimeout: 8, fetch: fetchFn })
+        catch e
+          if e?.code is 'EADDRINUSE'
+            port++
+            continue
+          throw e
+
+    if httpOnly
+      if @flags.httpPort is 0
+        try
+          @server = Bun.serve({ port: 80, idleTimeout: 8, fetch: @fetch.bind(@) })
+        catch e
+          if e?.code in ['EADDRINUSE', 'EACCES']
+            @server = startOnPort(5700, @fetch.bind(@))
+          else
+            throw e
+      else
+        @server = startOnPort(@flags.httpPort, @fetch.bind(@))
+      @flags.httpPort = @server.port
+    else
+      tls = @loadTlsMaterial!
+
+      startOnTlsPort = (p) =>
+        port = p
+        while true
+          try
+            return Bun.serve({ port, idleTimeout: 8, tls, fetch: @fetch.bind(@) })
+          catch e
+            if e?.code is 'EADDRINUSE'
+              port++
+              continue
+            throw e
+
+      if not @flags.httpsPort or @flags.httpsPort is 0
+        try
+          @httpsServer = Bun.serve({ port: 443, idleTimeout: 8, tls, fetch: @fetch.bind(@) })
+        catch e
+          if e?.code in ['EADDRINUSE', 'EACCES']
+            @httpsServer = startOnTlsPort(5700)
+          else
+            throw e
+      else
+        @httpsServer = startOnTlsPort(@flags.httpsPort)
+
+      httpsPort = @httpsServer.port
+      @flags.httpsPort = httpsPort
+      @httpsActive = true
+
+      if @flags.redirectHttp
+        try
+          @server = Bun.serve
+            port: 80
+            idleTimeout: 8
+            fetch: (req) ->
+              url = new URL(req.url)
+              loc = "https://#{url.hostname}:#{httpsPort}#{url.pathname}#{url.search}"
+              new Response(null, { status: 301, headers: { Location: loc } })
+        catch
+          console.warn 'Warn: could not bind port 80 for HTTP→HTTPS redirect'
+
+      @flags.httpPort = if @server then @server.port else 0
+
+    @startControl!
+
+  stop: ->
+    try @server?.stop() catch then null
+    try @httpsServer?.stop() catch then null
+    try @control?.stop() catch then null
+
+    for [host, proc] from @mdnsProcesses
+      try
+        proc.kill()
+        console.log "rip-server: stopped advertising #{host} via mDNS"
+      catch
+        null
+    @mdnsProcesses.clear()
+
+  fetch: (req) ->
+    url = new URL(req.url)
+    host = url.hostname.toLowerCase()
+
+    # Dashboard for rip.local
+    if host is 'rip.local' and url.pathname in ['/', '']
+      headers = new Headers({ 'content-type': 'text/html; charset=utf-8' })
+      @maybeAddSecurityHeaders(headers)
+      return new Response(@getDashboardHTML(), { headers })
+
+    return @status() if url.pathname is '/status'
+
+    if url.pathname is '/server'
+      headers = new Headers({ 'content-type': 'text/plain' })
+      @maybeAddSecurityHeaders(headers)
+      return new Response('ok', { headers })
+
+    # Host-based routing guard
+    if @hostRegistry.size > 0 and not @hostRegistry.has(host)
+      return new Response('Host not found', { status: 404 })
+
+    # Fast path: try available worker
+    if @inflightTotal < Math.max(1, @sockets.length)
+      sock = @getNextAvailableSocket()
+      if sock
+        @inflightTotal++
+        try
+          return @forwardToWorker!(req, sock)
+        finally
+          @inflightTotal--
+          setImmediate => @drainQueue()
+
+    if @queue.length >= @flags.maxQueue
+      return new Response('Server busy', { status: 503, headers: { 'Retry-After': '1' } })
+
+    new Promise (resolve, reject) =>
+      @queue.push({ req, resolve, reject, enqueuedAt: nowMs() })
+
+  status: ->
+    uptime = Math.floor((nowMs() - @startedAt) / 1000)
+    healthy = @sockets.length > 0
+    body = JSON.stringify
+      status: if healthy then 'healthy' else 'degraded'
+      app: @flags.appName
+      workers: @sockets.length
+      ports: { http: @flags.httpPort or undefined, https: @flags.httpsPort or undefined }
+      uptime
+      hosts: Array.from(@hostRegistry.values())
+    headers = new Headers({ 'content-type': 'application/json', 'cache-control': 'no-cache' })
+    @maybeAddSecurityHeaders(headers)
+    new Response(body, { headers })
+
+  getNextAvailableSocket: ->
+    while @availableWorkers.length > 0
+      worker = @availableWorkers.pop()
+      return worker if worker.inflight is 0 and @isCurrentVersion(worker)
+    null
+
+  isCurrentVersion: (worker) ->
+    @newestVersion is null or worker.version is null or worker.version >= @newestVersion
+
+  releaseWorker: (worker) ->
+    worker.inflight = 0
+    @availableWorkers.push(worker) if @isCurrentVersion(worker)
+
+  forwardToWorker: (req, socket) ->
+    start = performance.now()
+    res = null
+    workerSeconds = 0
+    released = false
+
+    try
+      socket.inflight = 1
+      t0 = performance.now()
+      res = @forwardOnce!(req, socket.socket)
+      workerSeconds = (performance.now() - t0) / 1000
+
+      if res.status is 503 and res.headers.get('Rip-Worker-Busy') is '1'
+        retry = @getNextAvailableSocket()
+        if retry and retry isnt socket
+          @releaseWorker(socket)
+          released = true
+          retry.inflight = 1
+          t1 = performance.now()
+          res = @forwardOnce!(req, retry.socket)
+          workerSeconds = (performance.now() - t1) / 1000
+          headers = stripInternalHeaders(res.headers)
+          headers.delete('date')
+          if @flags.jsonLogging
+            logAccessJson(@flags.appName, req, res, (performance.now() - start) / 1000, workerSeconds)
+          else if @flags.accessLog
+            logAccessHuman(@flags.appName, req, res, (performance.now() - start) / 1000, workerSeconds)
+          @releaseWorker(retry)
+          return new Response(res.body, { status: res.status, statusText: res.statusText, headers })
+    catch
+      @sockets = @sockets.filter((x) -> x.socket isnt socket.socket)
+      @availableWorkers = @availableWorkers.filter((x) -> x.socket isnt socket.socket)
+      released = true
+      return new Response('Service unavailable', { status: 503, headers: { 'Retry-After': '1' } })
+    finally
+      @releaseWorker(socket) unless released
+
+    return new Response('Service unavailable', { status: 503, headers: { 'Retry-After': '1' } }) unless res
+
+    headers = stripInternalHeaders(res.headers)
+    headers.delete('date')
+    @maybeAddSecurityHeaders(headers)
+
+    if @flags.jsonLogging
+      logAccessJson(@flags.appName, req, res, (performance.now() - start) / 1000, workerSeconds)
+    else if @flags.accessLog
+      logAccessHuman(@flags.appName, req, res, (performance.now() - start) / 1000, workerSeconds)
+
+    new Response(res.body, { status: res.status, statusText: res.statusText, headers })
+
+  forwardOnce: (req, socketPath) ->
+    inUrl = new URL(req.url)
+    forwardUrl = "http://localhost#{inUrl.pathname}#{inUrl.search}"
+    controller = new AbortController()
+    timer = setTimeout (-> controller.abort()), @flags.connectTimeoutMs
+
+    try
+      upstream = fetch!(forwardUrl, { method: req.method, headers: req.headers, body: req.body, unix: socketPath, signal: controller.signal })
+      clearTimeout(timer)
+      readGuard = new Promise (_, rej) ->
+        setTimeout (-> rej(new Response('Upstream timeout', { status: 504 }))), @flags.readTimeoutMs
+      Promise.race!([Promise.resolve(upstream), readGuard])
+    finally
+      clearTimeout(timer)
+
+  drainQueue: ->
+    while @inflightTotal < Math.max(1, @sockets.length) and @availableWorkers.length > 0
+      job = @queue.shift()
+      break unless job
+      if nowMs() - job.enqueuedAt > @flags.queueTimeoutMs
+        job.resolve(new Response('Queue timeout', { status: 504 }))
+        continue
+      @inflightTotal++
+      worker = @getNextAvailableSocket()
+      unless worker
+        @inflightTotal--
+        break
+      @forwardToWorker(job.req, worker)
+        .then((r) -> job.resolve(r))
+        .catch((e) -> job.resolve(if e instanceof Response then e else new Response('Internal error', { status: 500 })))
+        .finally =>
+          @inflightTotal--
+          setImmediate => @drainQueue()
+
+  startControl: ->
+    ctlPath = getControlSocketPath(@flags.socketPrefix)
+    try unlinkSync(ctlPath) catch then null
+    @control = Bun.serve({ unix: ctlPath, fetch: @controlFetch.bind(@) })
+
+    @startMdnsAdvertisement('rip.local')
+    for alias in @flags.appAliases
+      host = if alias.includes('.') then alias else "#{alias}.local"
+      @startMdnsAdvertisement(host)
+
+  controlFetch: (req) ->
+    url = new URL(req.url)
+
+    if req.method is 'POST' and url.pathname is '/worker'
+      try
+        j = req.json!
+        if j?.op is 'join' and typeof j.socket is 'string' and typeof j.workerId is 'number'
+          version = if typeof j.version is 'number' then j.version else null
+          exists = @sockets.find((x) -> x.socket is j.socket)
+          unless exists
+            worker = { socket: j.socket, inflight: 0, version, workerId: j.workerId }
+            @sockets.push(worker)
+            @availableWorkers.push(worker)
+          @newestVersion = if @newestVersion is null then version else Math.max(@newestVersion, version) if version?
+          return new Response(JSON.stringify({ ok: true }), { headers: { 'content-type': 'application/json' } })
+
+        if j?.op is 'quit' and typeof j.workerId is 'number'
+          @sockets = @sockets.filter((x) -> x.workerId isnt j.workerId)
+          @availableWorkers = @availableWorkers.filter((x) -> x.workerId isnt j.workerId)
+          return new Response(JSON.stringify({ ok: true }), { headers: { 'content-type': 'application/json' } })
+      catch
+        null
+      return new Response(JSON.stringify({ ok: false }), { status: 400, headers: { 'content-type': 'application/json' } })
+
+    if url.pathname is '/registry' and req.method is 'GET'
+      return new Response(JSON.stringify({ ok: true, hosts: Array.from(@hostRegistry.values()) }), { headers: { 'content-type': 'application/json' } })
+
+    new Response('not-found', { status: 404 })
+
+  maybeAddSecurityHeaders: (headers) ->
+    if @httpsActive and @flags.hsts
+      headers.set('strict-transport-security', 'max-age=31536000; includeSubDomains') unless headers.has('strict-transport-security')
+
+  loadTlsMaterial: ->
+    # Explicit cert/key paths
+    if @flags.certPath and @flags.keyPath
+      try
+        cert = readFileSync(@flags.certPath, 'utf8')
+        key = readFileSync(@flags.keyPath, 'utf8')
+        @printCertSummary(cert)
+        return { cert, key }
+      catch
+        console.error 'Failed to read TLS cert/key from provided paths. Use http or fix paths.'
+        process.exit(2)
+
+    # mkcert path under ~/.rip/certs
+    if @flags.autoTls
+      dir = join(homedir(), '.rip', 'certs')
+      try mkdirSync(dir, { recursive: true }) catch then null
+      certPath = join(dir, 'localhost.pem')
+      keyPath = join(dir, 'localhost-key.pem')
+      unless existsSync(certPath) and existsSync(keyPath)
+        try
+          gen = Bun.spawn(['mkcert', '-install'])
+          try gen.exited catch then null
+          p = Bun.spawn(['mkcert', '-key-file', keyPath, '-cert-file', certPath, 'localhost', '127.0.0.1', '::1'])
+          p.exited
+        catch
+          null  # fall through to self-signed
+      if existsSync(certPath) and existsSync(keyPath)
+        cert = readFileSync(certPath, 'utf8')
+        key = readFileSync(keyPath, 'utf8')
+        @printCertSummary(cert)
+        return { cert, key }
+
+    # Self-signed via openssl
+    dir = join(homedir(), '.rip', 'certs')
+    try mkdirSync(dir, { recursive: true }) catch then null
+    certPath = join(dir, 'selfsigned-localhost.pem')
+    keyPath = join(dir, 'selfsigned-localhost-key.pem')
+    unless existsSync(certPath) and existsSync(keyPath)
+      try
+        p = Bun.spawn(['openssl', 'req', '-x509', '-nodes', '-newkey', 'rsa:2048', '-keyout', keyPath, '-out', certPath, '-subj', '/CN=localhost', '-days', '1'])
+        p.exited
+      catch
+        console.error 'TLS required but could not provision a certificate (mkcert/openssl missing). Use http or provide --cert/--key.'
+        process.exit(2)
+    try
+      cert = readFileSync(certPath, 'utf8')
+      key = readFileSync(keyPath, 'utf8')
+      @printCertSummary(cert)
+      return { cert, key }
+    catch
+      console.error 'Failed to read generated self-signed cert/key from ~/.rip/certs'
+      process.exit(2)
+
+  printCertSummary: (certPem) ->
+    try
+      x = new X509Certificate(certPem)
+      subject = x.subject.split(/,/)[0]?.trim() or x.subject
+      issuer = x.issuer.split(/,/)[0]?.trim() or x.issuer
+      exp = new Date(x.validTo)
+      console.log "rip-server: tls cert #{subject} issued by #{issuer} expires #{exp.toISOString()}"
+    catch
+      null
+
+  getLanIP: ->
+    try
+      output = Bun.spawnSync(['ifconfig'], { stdout: 'pipe' }).stdout.toString()
+      matches = output.match(/inet\s+(\d+\.\d+\.\d+\.\d+)/g)
+      if matches
+        for match in matches
+          ip = match.split(/\s+/)[1]
+          return ip if ip and ip isnt '127.0.0.1' and not ip.startsWith('169.254.')
+    catch
+      null
+    null
+
+  startMdnsAdvertisement: (host) ->
+    return unless host.endsWith('.local')
+    return if @mdnsProcesses.has(host)
+
+    lanIP = @getLanIP()
+    unless lanIP
+      console.log "rip-server: unable to detect LAN IP for mDNS advertisement of #{host}"
+      return
+
+    port = @flags.httpsPort or @flags.httpPort or 80
+    protocol = if @flags.httpsPort then 'https' else 'http'
+    serviceName = host.replace('.local', '')
+
+    try
+      proc = Bun.spawn [
+        'dns-sd', '-P'
+        serviceName
+        '_http._tcp'
+        'local'
+        String(port)
+        host
+        lanIP
+      ],
+        stdout: 'ignore'
+        stderr: 'ignore'
+
+      @mdnsProcesses.set(host, proc)
+      console.log "rip-server: #{protocol}://#{host}:#{port}"
+    catch e
+      console.error "rip-server: failed to advertise #{host} via mDNS:", e.message
+
+  getDashboardHTML: ->
+    try
+      readFileSync(join(__dirname, 'dashboard.html'), 'utf8')
+    catch
+      '<!DOCTYPE html><html><body><h1>Rip Server</h1><p>Dashboard not found</p></body></html>'
+
+# ==============================================================================
+# Main Entry
+# ==============================================================================
+
+main = ->
+  # Subcommand: stop
+  if 'stop' in process.argv
+    try
+      Bun.spawn(['pkill', '-f', __filename]).exited
+      Bun.spawn(['pkill', '-f', 'dns-sd -P.*_http._tcp']).exited
+    catch
+      null
+    console.log 'rip-server: stop requested'
+    return
+
+  # Subcommand: list
+  if 'list' in process.argv
+    getKV = (prefix) ->
+      for tok in process.argv
+        return tok.slice(prefix.length) if tok.startsWith(prefix)
+      undefined
+
+    findAppPathToken = ->
+      for i in [2...process.argv.length]
+        tok = process.argv[i]
+        pathPart = if tok.includes('@') then tok.split('@')[0] else tok
+        looksLikePath = pathPart.includes('/') or pathPart.startsWith('.') or pathPart.endsWith('.rip') or pathPart.endsWith('.ts')
+        try
+          return pathPart if looksLikePath and existsSync(if isAbsolute(pathPart) then pathPart else resolve(process.cwd(), pathPart))
+        catch
+          null
+      undefined
+
+    computeSocketPrefix = ->
+      override = getKV('--socket-prefix=')
+      return override if override
+      appTok = findAppPathToken()
+      if appTok
+        try
+          { appName } = resolveAppEntry(appTok)
+          return "rip_#{appName}"
+        catch
+          null
+      'rip_server'
+
+    controlUnix = getControlSocketPath(computeSocketPrefix())
+    try
+      res = fetch!('http://localhost/registry', { unix: controlUnix, method: 'GET' })
+      throw new Error("list failed: #{res.status}") unless res.ok
+      j = res.json!
+      hosts = if Array.isArray(j?.hosts) then j.hosts else []
+      console.log if hosts.length then hosts.join('\n') else '(no hosts)'
+    catch e
+      console.error "list command failed: #{e?.message or e}"
+      process.exit(1)
+    return
+
+  # Normal startup
+  flags = parseFlags(process.argv)
+  svr = new Server(flags)
+  mgr = new Manager(flags)
+
+  cleanup = ->
+    console.log 'rip-server: shutting down...'
+    svr.stop()
+    mgr.stop!
+    process.exit(0)
+
+  process.on 'SIGTERM', cleanup
+  process.on 'SIGINT', cleanup
+  process.on 'uncaughtException', (err) ->
+    console.error 'rip-server: uncaught exception:', err
+    cleanup()
+  process.on 'unhandledRejection', (err) ->
+    console.error 'rip-server: unhandled rejection:', err
+    cleanup()
+
+  svr.start!
+  mgr.start!
+
+  httpOnly = flags.httpsPort is null
+  url = if httpOnly then "http://localhost:#{flags.httpPort}/server" else "https://localhost:#{flags.httpsPort}/server"
+  console.log "rip-server: app=#{flags.appName} workers=#{flags.workers} url=#{url}"
+
+# ==============================================================================
+# Entry Point
+# ==============================================================================
+
+if process.env.RIP_WORKER_MODE
+  runWorker()
+else
+  main!