@townco/cli 0.1.125 → 0.1.126

package/dist/lib/proxy-server.d.ts

@@ -0,0 +1,15 @@
+import http from "node:http";
+import type { createLogger } from "@townco/core";
+export interface ProxyServerOptions {
+    port: number;
+    vitePort: number;
+    agentPort: number;
+    basicAuthUser: string | undefined;
+    basicAuthPass: string | undefined;
+    logger: ReturnType<typeof createLogger>;
+}
+export interface ProxyServer {
+    server: http.Server;
+    stop: () => Promise<void>;
+}
+export declare function createProxyServer(options: ProxyServerOptions): ProxyServer;

package/dist/lib/proxy-server.js

@@ -0,0 +1,96 @@
+import crypto from "node:crypto";
+import http from "node:http";
+import httpProxy from "http-proxy";
+// Agent routes that should be proxied to the agent server
+const AGENT_ROUTES = [
+    "/rpc",
+    "/events",
+    "/health",
+    "/sessions",
+    "/sandbox",
+    "/static",
+    "/logs",
+];
+function timingSafeEqual(a, b) {
+    const aBuf = Buffer.from(a);
+    const bBuf = Buffer.from(b);
+    // timingSafeEqual requires equal lengths, so pad the shorter buffer
+    const maxLen = Math.max(aBuf.length, bBuf.length);
+    const paddedA = Buffer.alloc(maxLen);
+    const paddedB = Buffer.alloc(maxLen);
+    aBuf.copy(paddedA);
+    bBuf.copy(paddedB);
+    // Always do both comparisons to avoid leaking length information via timing
+    const lengthsMatch = aBuf.length === bBuf.length;
+    const contentsMatch = crypto.timingSafeEqual(paddedA, paddedB);
+    return lengthsMatch && contentsMatch;
+}
+function getTarget(pathname, options) {
+    // Check for agent routes
+    for (const route of AGENT_ROUTES) {
+        if (pathname === route || pathname.startsWith(`${route}/`)) {
+            return `http://localhost:${options.agentPort}`;
+        }
+    }
+    // Default: Vite server
+    return `http://localhost:${options.vitePort}`;
+}
+export function createProxyServer(options) {
+    const { port, basicAuthUser, basicAuthPass, logger } = options;
+    const proxy = httpProxy.createProxyServer({
+        ws: true,
+        changeOrigin: true,
+        // Don't add X-Forwarded headers
+        xfwd: false,
+    });
+    // Handle proxy errors
+    proxy.on("error", (err, req, res) => {
+        logger.error("Proxy error", { error: err.message, url: req.url });
+        if (res && "writeHead" in res) {
+            res.writeHead(502, {
+                "Content-Type": "text/plain",
+            });
+            res.end("Bad Gateway");
+        }
+    });
+    // Build expected auth header if auth is configured
+    const expectedAuth = basicAuthUser && basicAuthPass
+        ? `Basic ${Buffer.from(`${basicAuthUser}:${basicAuthPass}`).toString("base64")}`
+        : null;
+    const server = http.createServer((req, res) => {
+        // Basic auth check
+        if (expectedAuth) {
+            const authHeader = req.headers.authorization ?? "";
+            if (!timingSafeEqual(authHeader, expectedAuth)) {
+                res.statusCode = 401;
+                res.setHeader("WWW-Authenticate", "Basic");
+                res.end("Unauthorized");
+                return;
+            }
+        }
+        const url = new URL(req.url || "/", `http://localhost:${port}`);
+        const target = getTarget(url.pathname, options);
+        // Proxy the request
+        proxy.web(req, res, { target });
+    });
+    // Handle WebSocket upgrades (for Vite HMR)
+    server.on("upgrade", (req, socket, head) => {
+        // WebSocket upgrades go to Vite for HMR
+        // Note: We don't do auth on WebSocket upgrades since Vite HMR is internal
+        const viteTarget = `http://localhost:${options.vitePort}`;
+        proxy.ws(req, socket, head, { target: viteTarget });
+    });
+    server.on("error", (err) => {
+        logger.error("Proxy server error", { error: err.message, port });
+    });
+    server.listen(port, () => {
+        logger.info("Proxy server started", { port });
+    });
+    const stop = () => {
+        return new Promise((resolve) => {
+            proxy.close();
+            server.close(() => resolve());
+        });
+    };
+    return { server, stop };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@townco/cli",
-  "version": "0.1.125",
+  "version": "0.1.126",
   "type": "module",
   "bin": {
     "town": "./dist/index.js"
@@ -15,7 +15,7 @@
     "build": "tsgo"
   },
   "devDependencies": {
-    "@townco/tsconfig": "0.1.117",
+    "@townco/tsconfig": "0.1.118",
     "@types/archiver": "^7.0.0",
     "@types/bun": "^1.3.1",
     "@types/ignore-walk": "^4.0.3",
@@ -24,13 +24,13 @@
   "dependencies": {
     "@optique/core": "^0.6.2",
     "@optique/run": "^0.6.2",
-    "@townco/agent": "0.1.128",
-    "@townco/apiclient": "0.0.40",
-    "@townco/core": "0.0.98",
-    "@townco/debugger": "0.1.76",
-    "@townco/env": "0.1.70",
-    "@townco/secret": "0.1.120",
-    "@townco/ui": "0.1.120",
+    "@townco/agent": "0.1.129",
+    "@townco/apiclient": "0.0.41",
+    "@townco/core": "0.0.99",
+    "@townco/debugger": "0.1.77",
+    "@townco/env": "0.1.71",
+    "@townco/secret": "0.1.121",
+    "@townco/ui": "0.1.121",
     "@trpc/client": "^11.7.2",
     "archiver": "^7.0.1",
     "eventsource": "^4.1.0",