@sx4im/skillcheck 0.2.6 → 0.2.7

package/docs/skillcheck-cloud.md

@@ -1,111 +0,0 @@
-# Skillcheck Cloud setup
-
-Use this when you want users to install the CLI and run checks without configuring model-provider secrets locally.
-
-## Architecture
-
-```text
-skillcheck CLI
-  -> Skillcheck Cloud API
-  -> model provider
-
-Dashboard
-  -> user signs up
-  -> user creates a Skillcheck token
-  -> token is stored hashed in your database
-```
-
-The CLI only needs:
-
-```bash
-skillcheck setup
-```
-
-The setup wizard asks for:
-
-```bash
-https://api.yourdomain.com/v1
-```
-
-For token-gated private beta, users can additionally set:
-
-```bash
-export SKILLCHECK_TOKEN=sk_live_...
-```
-
-If you want public free trials, the proxy can allow anonymous requests with strict rate limits and no token.
-
-## API contract
-
-The CLI expects an OpenAI-compatible endpoint:
-
-```http
-POST /v1/chat/completions
-Authorization: Bearer <skillcheck-token>
-Content-Type: application/json
-```
-
-Response should match OpenAI chat completions enough for the `openai` Node SDK:
-
-```json
-{
-  "id": "chatcmpl_...",
-  "object": "chat.completion",
-  "created": 1780000000,
-  "model": "your-model",
-  "choices": [
-    {
-      "index": 0,
-      "message": {
-        "role": "assistant",
-        "content": "..."
-      },
-      "finish_reason": "stop"
-    }
-  ],
-  "usage": {
-    "prompt_tokens": 1,
-    "completion_tokens": 1,
-    "total_tokens": 2
-  }
-}
-```
-
-## Minimal proxy
-
-The repo includes a tiny Node proxy in `examples/nvidia-proxy/`. It is useful for testing the `SKILLCHECK_API_URL` flow before building the dashboard.
-
-Run it on a server:
-
-```bash
-export NVIDIA_API_KEY=...
-export SKILLCHECK_PROXY_TOKEN=dev-token
-node examples/nvidia-proxy/server.mjs
-```
-
-Point the CLI at it:
-
-```bash
-export SKILLCHECK_API_URL=https://your-proxy.example.com/v1
-export SKILLCHECK_TOKEN=dev-token
-skillcheck check path/to/SKILL.md
-```
-
-## Dashboard requirements
-
-- `users`: id, email, password/session provider, created_at.
-- `tokens`: id, user_id, token_hash, prefix, created_at, last_used_at, revoked_at.
-- `usage_events`: user_id, token_id, request_id, model, prompt_tokens, completion_tokens, created_at.
-- Rate limit by token and IP.
-- Store model-provider secrets only on the server.
-- Never expose upstream provider secrets to the browser or CLI.
-
-## First production path
-
-1. Deploy the proxy API at `https://api.yourdomain.com/v1`.
-2. Add dashboard auth with GitHub or email login.
-3. Add “Create token” in the dashboard and show the token once.
-4. Hash tokens before storing them.
-5. Verify `Authorization: Bearer <token>` in the proxy.
-6. Add rate limits and usage logging.
-7. Ship the CLI with docs telling users to set `SKILLCHECK_API_URL` and `SKILLCHECK_TOKEN`.

package/examples/dashboard/README.md

@@ -1,15 +0,0 @@
-# Skillcheck dashboard
-
-A single static file (`index.html`) where a user pastes their Skillcheck API URL and gets the commands to start using the CLI, a connection test, and an in-browser "with vs without skill" preview.
-
-```bash
-# open it directly
-xdg-open index.html        # macOS: open index.html  ·  Windows: start index.html
-
-# or serve it
-npx --yes serve .
-```
-
-Nothing to build or configure — the API URL and optional token are entered at runtime and stored in the browser's localStorage.
-
-The live preview calls `POST <apiUrl>/chat/completions`, so the API must allow the page's origin via CORS. The bundled `../nvidia-proxy` already returns `access-control-allow-origin: *`, so the preview works even from `file://`. See [`../../dashboard.md`](../../dashboard.md) for the full write-up and [`../../docs/skillcheck-cloud.md`](../../docs/skillcheck-cloud.md) for the API contract.

package/examples/dashboard/index.html

@@ -1,393 +0,0 @@
-<!doctype html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1" />
-    <title>Skillcheck — Connect &amp; Start</title>
-    <style>
-      :root {
-        --blue: #0a64ff;
-        --deep: #00227a;
-        --ink: #0b1220;
-        --muted: #5b6b7a;
-        --line: #d8e0f0;
-        --bg: #f5f8ff;
-        --card: #ffffff;
-        --ok: #138a36;
-        --bad: #c0233b;
-        --code: #0b1020;
-      }
-      * { box-sizing: border-box; }
-      body {
-        margin: 0;
-        background: var(--bg);
-        color: var(--ink);
-        font: 15px/1.5 -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
-      }
-      a { color: var(--blue); }
-      .wrap { max-width: 860px; margin: 0 auto; padding: 28px 20px 80px; }
-      header { text-align: center; margin-bottom: 8px; }
-      .brand {
-        font-weight: 800; letter-spacing: -0.5px; font-size: 30px; color: var(--deep);
-      }
-      .brand span { color: var(--blue); }
-      .tag { color: var(--muted); margin-top: 2px; }
-      .badge {
-        display: inline-flex; align-items: center; gap: 7px; margin-top: 14px;
-        padding: 5px 12px; border-radius: 999px; font-size: 13px; font-weight: 600;
-        border: 1px solid var(--line); background: #fff;
-      }
-      .dot { width: 9px; height: 9px; border-radius: 50%; background: #b8c2d8; }
-      .badge.connected .dot { background: var(--ok); }
-      .badge.connected { color: var(--ok); border-color: #bfe6c8; }
-      .badge.failed .dot { background: var(--bad); }
-      .badge.failed { color: var(--bad); border-color: #f0c4cc; }
-      .card {
-        background: var(--card); border: 1px solid var(--line); border-radius: 14px;
-        padding: 20px 22px; margin-top: 18px; box-shadow: 0 1px 2px rgba(10,40,120,0.04);
-      }
-      .step { display: flex; align-items: center; gap: 10px; margin: 0 0 14px; }
-      .step .n {
-        width: 26px; height: 26px; border-radius: 50%; background: var(--deep); color: #fff;
-        display: grid; place-items: center; font-size: 14px; font-weight: 700; flex: none;
-      }
-      .step h2 { font-size: 17px; margin: 0; }
-      label { display: block; font-weight: 600; font-size: 13px; margin: 12px 0 5px; }
-      .hint { color: var(--muted); font-weight: 400; }
-      input[type=text], input[type=password], textarea {
-        width: 100%; padding: 10px 12px; border: 1px solid var(--line); border-radius: 9px;
-        font: inherit; background: #fbfcff; color: var(--ink);
-      }
-      input:focus, textarea:focus { outline: 2px solid var(--blue); border-color: var(--blue); }
-      textarea { resize: vertical; min-height: 90px; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 13px; }
-      .row { display: flex; gap: 10px; flex-wrap: wrap; margin-top: 14px; }
-      button {
-        font: inherit; font-weight: 600; cursor: pointer; border-radius: 9px; padding: 10px 16px;
-        border: 1px solid var(--blue); background: var(--blue); color: #fff;
-      }
-      button.ghost { background: #fff; color: var(--blue); }
-      button:disabled { opacity: 0.5; cursor: not-allowed; }
-      .status { margin-top: 12px; font-size: 13px; min-height: 18px; }
-      .status.ok { color: var(--ok); }
-      .status.bad { color: var(--bad); }
-      pre {
-        background: var(--code); color: #e7eefc; border-radius: 9px; padding: 12px 14px; margin: 8px 0 0;
-        overflow-x: auto; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 13px;
-      }
-      .cmd { position: relative; }
-      .cmd button.copy {
-        position: absolute; top: 8px; right: 8px; padding: 4px 10px; font-size: 12px;
-        background: #1b2540; border-color: #2c3a63; color: #cdd8f5;
-      }
-      .cmd .lbl { font-size: 12px; color: var(--muted); margin: 14px 0 0; font-weight: 600; }
-      .grid2 { display: grid; grid-template-columns: 1fr 1fr; gap: 14px; }
-      @media (max-width: 620px) { .grid2 { grid-template-columns: 1fr; } }
-      .out h3 { font-size: 13px; margin: 0 0 6px; }
-      .out .body {
-        white-space: pre-wrap; background: #fbfcff; border: 1px solid var(--line); border-radius: 9px;
-        padding: 11px 12px; font-family: ui-monospace, SFMono-Regular, Menlo, monospace; font-size: 12.5px; min-height: 60px;
-      }
-      .meta { color: var(--muted); font-size: 12px; margin-top: 6px; }
-      .note { color: var(--muted); font-size: 13px; margin-top: 10px; }
-      .pill { display: inline-block; background: #eef3ff; color: var(--deep); border-radius: 6px; padding: 1px 7px; font-size: 12px; font-weight: 600; }
-    </style>
-  </head>
-  <body>
-    <div class="wrap">
-      <header>
-        <div class="brand">Skill<span>check</span></div>
-        <div class="tag">Drop a skill file. Get a verdict.</div>
-        <div id="badge" class="badge"><span class="dot"></span><span id="badgeText">Not connected</span></div>
-      </header>
-
-      <!-- Step 1: Connect -->
-      <section class="card">
-        <div class="step"><div class="n">1</div><h2>Connect your Skillcheck API URL</h2></div>
-        <label for="apiUrl">Skillcheck API URL <span class="hint">— paste the URL your workspace gave you</span></label>
-        <input id="apiUrl" type="text" placeholder="https://api.yourdomain.com/v1" autocomplete="off" spellcheck="false" />
-        <label for="token">Token <span class="hint">— optional; leave blank for open/anonymous proxies</span></label>
-        <input id="token" type="password" placeholder="sk_live_…" autocomplete="off" spellcheck="false" />
-        <div class="row">
-          <button id="saveBtn">Save &amp; connect</button>
-          <button id="testBtn" class="ghost">Test connection</button>
-          <button id="clearBtn" class="ghost">Clear</button>
-        </div>
-        <div id="connectStatus" class="status"></div>
-      </section>
-
-      <!-- Step 2: Start using -->
-      <section class="card">
-        <div class="step"><div class="n">2</div><h2>Start using skillcheck</h2></div>
-        <p class="note">Install once, point the CLI at your URL, then check any <span class="pill">SKILL.md</span> <span class="pill">AGENTS.md</span> <span class="pill">CLAUDE.md</span> <span class="pill">.cursorrules</span> or a folder containing one.</p>
-        <div id="commands"></div>
-      </section>
-
-      <!-- Step 3: Live preview -->
-      <section class="card">
-        <div class="step"><div class="n">3</div><h2>Quick check in the browser <span class="hint" style="font-weight:400">— optional preview</span></h2></div>
-        <p class="note">Runs your task once <strong>with</strong> and once <strong>without</strong> the skill so you can see the contrast and confirm the connection works. This is a single ungraded trial — for the real verdict (N&nbsp;tasks&nbsp;×&nbsp;K&nbsp;trials, blind grading, bootstrap CI) run <code>skillcheck check</code> in the CLI.</p>
-        <label for="skill">Skill instructions</label>
-        <textarea id="skill" placeholder="Paste the body of your SKILL.md here…"></textarea>
-        <label for="task">Task prompt</label>
-        <textarea id="task" placeholder="A concrete task the skill should help with…" style="min-height:64px"></textarea>
-        <div class="row">
-          <button id="runBtn">Run with vs without skill</button>
-          <span id="runStatus" class="status" style="align-self:center"></span>
-        </div>
-        <div class="grid2" style="margin-top:14px">
-          <div class="out">
-            <h3>With skill</h3>
-            <div id="withBody" class="body"></div>
-            <div id="withMeta" class="meta"></div>
-          </div>
-          <div class="out">
-            <h3>Without skill</h3>
-            <div id="noBody" class="body"></div>
-            <div id="noMeta" class="meta"></div>
-          </div>
-        </div>
-        <div id="overhead" class="note"></div>
-      </section>
-
-      <p class="note" style="text-align:center">
-        Settings are stored only in this browser (localStorage). Your token is never sent anywhere except your Skillcheck API URL.
-      </p>
-    </div>
-
-    <script>
-      var DEFAULT_MODEL = 'minimaxai/minimax-m2.7';
-      var KEY_URL = 'skillcheck.apiUrl';
-      var KEY_TOKEN = 'skillcheck.token';
-
-      var $ = function (id) { return document.getElementById(id); };
-
-      // Mirror of the CLI's config.normalizeApiUrl.
-      function normalizeApiUrl(value) {
-        var trimmed = (value || '').trim().replace(/\/+$/, '');
-        if (!trimmed) throw new Error('API URL cannot be empty.');
-        var url = new URL(trimmed);
-        if (url.protocol !== 'https:' && url.protocol !== 'http:') {
-          throw new Error('API URL must start with https:// or http://');
-        }
-        if (url.pathname === '/' || url.pathname === '') url.pathname = '/v1';
-        return url.toString().replace(/\/+$/, '');
-      }
-
-      function savedUrl() { return localStorage.getItem(KEY_URL) || ''; }
-      function savedToken() { return localStorage.getItem(KEY_TOKEN) || ''; }
-
-      function setBadge(state, text) {
-        var b = $('badge');
-        b.className = 'badge' + (state ? ' ' + state : '');
-        $('badgeText').textContent = text;
-      }
-
-      function shellQuote(value) {
-        return "'" + String(value).replace(/'/g, "'\\''") + "'";
-      }
-
-      function renderCommands() {
-        var url = savedUrl();
-        var token = savedToken();
-        var shown = url || 'https://api.yourdomain.com/v1';
-        var blocks = [];
-        blocks.push({ lbl: 'Install (once)', cmd: 'npm install -g @sx4im/skillcheck' });
-
-        var envCmd = 'export SKILLCHECK_API_URL=' + shellQuote(shown);
-        if (token) envCmd += '\nexport SKILLCHECK_TOKEN=' + shellQuote(token);
-        blocks.push({ lbl: 'Point the CLI at your URL', cmd: envCmd });
-
-        blocks.push({ lbl: 'Or set it interactively', cmd: 'skillcheck setup\n# paste when prompted:  ' + shown });
-        blocks.push({ lbl: 'Run your first check', cmd: 'skillcheck check path/to/SKILL.md' });
-
-        var html = '';
-        for (var i = 0; i < blocks.length; i++) {
-          var id = 'cmd' + i;
-          html +=
-            '<p class="lbl">' + blocks[i].lbl + '</p>' +
-            '<div class="cmd"><pre id="' + id + '">' + escapeHtml(blocks[i].cmd) + '</pre>' +
-            '<button class="copy" data-target="' + id + '">Copy</button></div>';
-        }
-        $('commands').innerHTML = html;
-        var btns = document.querySelectorAll('.copy');
-        for (var j = 0; j < btns.length; j++) {
-          btns[j].addEventListener('click', function () {
-            var el = $(this.getAttribute('data-target'));
-            var self = this;
-            copyText(el.textContent, function () {
-              var prev = self.textContent; self.textContent = 'Copied';
-              setTimeout(function () { self.textContent = prev; }, 1200);
-            });
-          });
-        }
-      }
-
-      function escapeHtml(s) {
-        return String(s).replace(/[&<>]/g, function (c) {
-          return c === '&' ? '&amp;' : c === '<' ? '&lt;' : '&gt;';
-        });
-      }
-
-      function copyText(text, done) {
-        if (navigator.clipboard && navigator.clipboard.writeText) {
-          navigator.clipboard.writeText(text).then(done, function () { fallbackCopy(text, done); });
-        } else {
-          fallbackCopy(text, done);
-        }
-      }
-      function fallbackCopy(text, done) {
-        var ta = document.createElement('textarea');
-        ta.value = text; ta.style.position = 'fixed'; ta.style.opacity = '0';
-        document.body.appendChild(ta); ta.select();
-        try { document.execCommand('copy'); } catch (e) {}
-        document.body.removeChild(ta); if (done) done();
-      }
-
-      function save() {
-        var status = $('connectStatus');
-        try {
-          var url = normalizeApiUrl($('apiUrl').value);
-          localStorage.setItem(KEY_URL, url);
-          var token = $('token').value.trim();
-          if (token) localStorage.setItem(KEY_TOKEN, token); else localStorage.removeItem(KEY_TOKEN);
-          $('apiUrl').value = url;
-          status.className = 'status ok';
-          status.textContent = 'Saved ' + url + '. Now test the connection or jump to step 2.';
-          setBadge('', 'Saved — not tested');
-          renderCommands();
-        } catch (e) {
-          status.className = 'status bad';
-          status.textContent = e.message;
-        }
-      }
-
-      function healthUrl(apiUrl) {
-        return new URL(apiUrl).origin + '/health';
-      }
-
-      function authHeaders() {
-        var h = { 'content-type': 'application/json' };
-        var token = savedToken();
-        if (token) h['authorization'] = 'Bearer ' + token;
-        return h;
-      }
-
-      function testConnection() {
-        var status = $('connectStatus');
-        var url = savedUrl();
-        if (!url) { save(); url = savedUrl(); }
-        if (!url) return;
-        status.className = 'status';
-        status.textContent = 'Testing ' + healthUrl(url) + ' …';
-        $('testBtn').disabled = true;
-        fetch(healthUrl(url), { method: 'GET', headers: authHeaders() })
-          .then(function (r) {
-            if (r.ok) {
-              setBadge('connected', 'Connected');
-              status.className = 'status ok';
-              status.textContent = 'Connected. ' + url + ' is reachable.';
-            } else {
-              setBadge('failed', 'Reachable, status ' + r.status);
-              status.className = 'status bad';
-              status.textContent = 'Server answered with HTTP ' + r.status + '. The URL is saved; if /health is not exposed, try a real check in step 3.';
-            }
-          })
-          .catch(function () {
-            setBadge('', 'Saved — not verified');
-            status.className = 'status';
-            status.textContent = 'Could not reach /health from the browser (often CORS or no /health route). Your URL is saved — verify from the CLI: skillcheck check path/to/SKILL.md';
-          })
-          .then(function () { $('testBtn').disabled = false; });
-      }
-
-      function clearAll() {
-        localStorage.removeItem(KEY_URL);
-        localStorage.removeItem(KEY_TOKEN);
-        $('apiUrl').value = '';
-        $('token').value = '';
-        $('connectStatus').className = 'status';
-        $('connectStatus').textContent = 'Cleared.';
-        setBadge('', 'Not connected');
-        renderCommands();
-      }
-
-      function extractContent(data) {
-        var msg = data && data.choices && data.choices[0] && data.choices[0].message;
-        if (!msg) return '';
-        return msg.content || msg.reasoning_content || msg.refusal || '';
-      }
-
-      function callModel(messages) {
-        var url = savedUrl();
-        if (!url) throw new Error('Save your API URL first (step 1).');
-        return fetch(url + '/chat/completions', {
-          method: 'POST',
-          headers: authHeaders(),
-          body: JSON.stringify({
-            model: DEFAULT_MODEL,
-            messages: messages,
-            temperature: 0.7,
-            max_tokens: 1200,
-            stream: false
-          })
-        }).then(function (r) {
-          return r.text().then(function (text) {
-            if (!r.ok) throw new Error('HTTP ' + r.status + ': ' + text.slice(0, 200));
-            var data;
-            try { data = JSON.parse(text); } catch (e) { throw new Error('Non-JSON response: ' + text.slice(0, 200)); }
-            return { content: extractContent(data), usage: data.usage || {} };
-          });
-        });
-      }
-
-      function runPreview() {
-        var skill = $('skill').value.trim();
-        var task = $('task').value.trim();
-        var status = $('runStatus');
-        if (!savedUrl()) { status.className = 'status bad'; status.textContent = 'Save your API URL first.'; return; }
-        if (!skill || !task) { status.className = 'status bad'; status.textContent = 'Add both a skill and a task.'; return; }
-
-        var withMessages = [
-          { role: 'system', content: 'You are completing an evaluation task. Apply the following skill instructions when relevant.\n\n' + skill },
-          { role: 'user', content: task }
-        ];
-        var noMessages = [{ role: 'user', content: task }];
-
-        $('runBtn').disabled = true;
-        status.className = 'status'; status.textContent = 'Running both arms…';
-        $('withBody').textContent = ''; $('noBody').textContent = '';
-        $('withMeta').textContent = ''; $('noMeta').textContent = ''; $('overhead').textContent = '';
-
-        Promise.all([callModel(withMessages), callModel(noMessages)])
-          .then(function (res) {
-            var w = res[0], n = res[1];
-            $('withBody').textContent = w.content || '(empty)';
-            $('noBody').textContent = n.content || '(empty)';
-            $('withMeta').textContent = 'prompt ' + (w.usage.prompt_tokens || 0) + ' · completion ' + (w.usage.completion_tokens || 0) + ' tokens';
-            $('noMeta').textContent = 'prompt ' + (n.usage.prompt_tokens || 0) + ' · completion ' + (n.usage.completion_tokens || 0) + ' tokens';
-            var overhead = (w.usage.prompt_tokens || 0) - (n.usage.prompt_tokens || 0);
-            $('overhead').textContent = 'Token cost of injecting the skill: ' + (overhead > 0 ? '+' + overhead : overhead) + ' prompt tokens.';
-            status.className = 'status ok'; status.textContent = 'Done.';
-          })
-          .catch(function (e) {
-            status.className = 'status bad';
-            status.textContent = e.message + (/Failed to fetch/i.test(e.message) ? ' (likely CORS — run the check from the CLI instead).' : '');
-          })
-          .then(function () { $('runBtn').disabled = false; });
-      }
-
-      function load() {
-        $('apiUrl').value = savedUrl();
-        $('token').value = savedToken();
-        renderCommands();
-        if (savedUrl()) setBadge('', 'Saved — not tested');
-      }
-
-      $('saveBtn').addEventListener('click', save);
-      $('testBtn').addEventListener('click', testConnection);
-      $('clearBtn').addEventListener('click', clearAll);
-      $('runBtn').addEventListener('click', runPreview);
-      load();
-    </script>
-  </body>
-</html>

package/examples/nvidia-proxy/README.md

@@ -1,19 +0,0 @@
-# skillcheck NVIDIA proxy
-
-This is the safe way to let CLI users run `skillcheck` without seeing your NVIDIA key.
-
-Run the proxy on a server:
-
-```bash
-export NVIDIA_API_KEY=...
-node examples/nvidia-proxy/server.mjs
-```
-
-Point the CLI at the proxy:
-
-```bash
-export SKILLCHECK_API_URL=https://your-proxy.example.com/v1
-skillcheck check path/to/SKILL.md
-```
-
-Do not publish `NVIDIA_API_KEY` inside the npm package. If the proxy is public, put it behind rate limiting, quotas, or authentication before sharing it broadly.

package/examples/nvidia-proxy/server.mjs

@@ -1,96 +0,0 @@
-#!/usr/bin/env node
-import { createServer } from 'node:http';
-
-const port = Number(process.env.PORT || 8787);
-const nvidiaApiKey = process.env.NVIDIA_API_KEY?.trim();
-const nvidiaBaseUrl = process.env.NVIDIA_BASE_URL?.trim() || 'https://integrate.api.nvidia.com/v1';
-const proxyToken = process.env.SKILLCHECK_PROXY_TOKEN?.trim();
-const maxBodyBytes = Number(process.env.MAX_BODY_BYTES || 5_000_000);
-
-if (!nvidiaApiKey) {
-  throw new Error('Missing NVIDIA_API_KEY. Set it on the server, never inside the npm CLI.');
-}
-
-function writeJson(res, status, body) {
-  res.writeHead(status, {
-    'access-control-allow-headers': 'authorization, content-type',
-    'access-control-allow-methods': 'POST, OPTIONS',
-    'access-control-allow-origin': '*',
-    'content-type': 'application/json'
-  });
-  res.end(`${JSON.stringify(body)}\n`);
-}
-
-function readBody(req) {
-  return new Promise((resolve, reject) => {
-    const chunks = [];
-    let size = 0;
-    req.on('data', (chunk) => {
-      size += chunk.length;
-      if (size > maxBodyBytes) {
-        reject(new Error('Request body is too large'));
-        req.destroy();
-        return;
-      }
-      chunks.push(chunk);
-    });
-    req.on('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
-    req.on('error', reject);
-  });
-}
-
-function isAuthorized(req) {
-  if (!proxyToken) {
-    return true;
-  }
-  return req.headers.authorization === `Bearer ${proxyToken}`;
-}
-
-const server = createServer(async (req, res) => {
-  const url = new URL(req.url || '/', `http://${req.headers.host || 'localhost'}`);
-
-  if (req.method === 'OPTIONS') {
-    writeJson(res, 204, {});
-    return;
-  }
-
-  if (req.method === 'GET' && url.pathname === '/health') {
-    writeJson(res, 200, { ok: true });
-    return;
-  }
-
-  if (req.method !== 'POST' || url.pathname !== '/v1/chat/completions') {
-    writeJson(res, 404, { error: 'Not found' });
-    return;
-  }
-
-  if (!isAuthorized(req)) {
-    writeJson(res, 401, { error: 'Unauthorized' });
-    return;
-  }
-
-  try {
-    const body = await readBody(req);
-    const upstream = await fetch(`${nvidiaBaseUrl}/chat/completions`, {
-      method: 'POST',
-      headers: {
-        authorization: `Bearer ${nvidiaApiKey}`,
-        'content-type': 'application/json'
-      },
-      body
-    });
-
-    res.writeHead(upstream.status, {
-      'access-control-allow-origin': '*',
-      'content-type': upstream.headers.get('content-type') || 'application/json'
-    });
-    res.end(await upstream.text());
-  } catch (error) {
-    const message = error instanceof Error ? error.message : String(error);
-    writeJson(res, 500, { error: message });
-  }
-});
-
-server.listen(port, () => {
-  console.log(`skillcheck NVIDIA proxy listening on http://localhost:${port}`);
-});