cc-wiretap 1.0.0

package/dist/index.js

@@ -0,0 +1,968 @@
+#!/usr/bin/env node
+
+// src/index.ts
+import { Command } from "commander";
+import chalk7 from "chalk";
+
+// src/ca.ts
+import { homedir } from "os";
+import { join } from "path";
+import { mkdir, readFile, writeFile, access, constants } from "fs/promises";
+import { generateCACertificate } from "mockttp";
+import chalk from "chalk";
+var CA_DIR = join(homedir(), ".cc-wiretap");
+var CA_CERT_PATH = join(CA_DIR, "ca.pem");
+var CA_KEY_PATH = join(CA_DIR, "ca-key.pem");
+async function fileExists(path) {
+  try {
+    await access(path, constants.F_OK);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function ensureCADirectory() {
+  try {
+    await mkdir(CA_DIR, { recursive: true });
+  } catch (error) {
+    if (error.code !== "EEXIST") {
+      throw error;
+    }
+  }
+}
+async function loadOrGenerateCA() {
+  await ensureCADirectory();
+  const certExists = await fileExists(CA_CERT_PATH);
+  const keyExists = await fileExists(CA_KEY_PATH);
+  if (certExists && keyExists) {
+    console.log(chalk.green("\u2713"), "Using existing CA certificate from", chalk.cyan(CA_DIR));
+    const cert2 = await readFile(CA_CERT_PATH, "utf-8");
+    const key2 = await readFile(CA_KEY_PATH, "utf-8");
+    return {
+      certPath: CA_CERT_PATH,
+      keyPath: CA_KEY_PATH,
+      cert: cert2,
+      key: key2
+    };
+  }
+  console.log(chalk.yellow("\u2699"), "Generating new CA certificate...");
+  const { cert, key } = await generateCACertificate({
+    commonName: "CC Wiretap CA",
+    organizationName: "CC Wiretap"
+  });
+  await writeFile(CA_CERT_PATH, cert);
+  await writeFile(CA_KEY_PATH, key);
+  console.log(chalk.green("\u2713"), "CA certificate generated at", chalk.cyan(CA_DIR));
+  console.log();
+  console.log(chalk.yellow("To trust the CA certificate, run:"));
+  console.log();
+  console.log(chalk.gray("  # macOS:"));
+  console.log(chalk.white(`  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${CA_CERT_PATH}"`));
+  console.log();
+  console.log(chalk.gray("  # Linux (Debian/Ubuntu):"));
+  console.log(chalk.white(`  sudo cp "${CA_CERT_PATH}" /usr/local/share/ca-certificates/cc-wiretap.crt`));
+  console.log(chalk.white("  sudo update-ca-certificates"));
+  console.log();
+  console.log(chalk.gray("  # For Node.js/Claude Code, use:"));
+  console.log(chalk.white(`  NODE_EXTRA_CA_CERTS="${CA_CERT_PATH}"`));
+  console.log();
+  return {
+    certPath: CA_CERT_PATH,
+    keyPath: CA_KEY_PATH,
+    cert,
+    key
+  };
+}
+function getCAPath() {
+  return CA_CERT_PATH;
+}
+
+// src/proxy.ts
+import * as mockttp from "mockttp";
+import chalk3 from "chalk";
+import { gunzipSync, brotliDecompressSync } from "zlib";
+
+// src/interceptor.ts
+import { randomUUID } from "crypto";
+import chalk2 from "chalk";
+
+// src/parser.ts
+function parseSSELine(line) {
+  if (!line.startsWith("data: ")) {
+    return null;
+  }
+  const jsonStr = line.slice(6).trim();
+  if (!jsonStr || jsonStr === "[DONE]") {
+    return null;
+  }
+  try {
+    return JSON.parse(jsonStr);
+  } catch {
+    return null;
+  }
+}
+function parseSSEChunk(chunk) {
+  const events = [];
+  const lines = chunk.split("\n");
+  for (const line of lines) {
+    const trimmed = line.trim();
+    if (trimmed.startsWith("data: ")) {
+      const event = parseSSELine(trimmed);
+      if (event) {
+        events.push(event);
+      }
+    }
+  }
+  return events;
+}
+var SSEStreamParser = class {
+  buffer = "";
+  events = [];
+  /**
+   * Feed data to the parser
+   */
+  feed(data) {
+    this.buffer += data;
+    const newEvents = [];
+    const parts = this.buffer.split("\n\n");
+    this.buffer = parts.pop() || "";
+    for (const part of parts) {
+      const lines = part.split("\n");
+      for (const line of lines) {
+        const trimmed = line.trim();
+        if (trimmed.startsWith("data: ")) {
+          const event = parseSSELine(trimmed);
+          if (event) {
+            newEvents.push(event);
+            this.events.push(event);
+          }
+        }
+      }
+    }
+    return newEvents;
+  }
+  /**
+   * Flush any remaining buffered data
+   */
+  flush() {
+    if (!this.buffer.trim()) {
+      return [];
+    }
+    const events = parseSSEChunk(this.buffer);
+    this.events.push(...events);
+    this.buffer = "";
+    return events;
+  }
+  /**
+   * Get all parsed events
+   */
+  getAllEvents() {
+    return [...this.events];
+  }
+  /**
+   * Reset the parser
+   */
+  reset() {
+    this.buffer = "";
+    this.events = [];
+  }
+};
+function reconstructResponseFromEvents(events) {
+  let messageStart = null;
+  let messageDelta = null;
+  const contentBlocks = /* @__PURE__ */ new Map();
+  const textDeltas = /* @__PURE__ */ new Map();
+  const jsonDeltas = /* @__PURE__ */ new Map();
+  for (const event of events) {
+    switch (event.type) {
+      case "message_start":
+        messageStart = event;
+        break;
+      case "content_block_start": {
+        const startEvent = event;
+        contentBlocks.set(startEvent.index, {
+          type: startEvent.content_block.type,
+          content: { ...startEvent.content_block }
+        });
+        if (startEvent.content_block.type === "text") {
+          textDeltas.set(startEvent.index, []);
+        } else if (startEvent.content_block.type === "tool_use") {
+          jsonDeltas.set(startEvent.index, []);
+        }
+        break;
+      }
+      case "content_block_delta": {
+        const deltaEvent = event;
+        if (deltaEvent.delta.type === "text_delta") {
+          const deltas = textDeltas.get(deltaEvent.index) || [];
+          deltas.push(deltaEvent.delta.text);
+          textDeltas.set(deltaEvent.index, deltas);
+        } else if (deltaEvent.delta.type === "input_json_delta") {
+          const deltas = jsonDeltas.get(deltaEvent.index) || [];
+          deltas.push(deltaEvent.delta.partial_json);
+          jsonDeltas.set(deltaEvent.index, deltas);
+        }
+        break;
+      }
+      case "message_delta":
+        messageDelta = event;
+        break;
+    }
+  }
+  if (!messageStart) {
+    return null;
+  }
+  const content = [];
+  const sortedIndices = Array.from(contentBlocks.keys()).sort((a, b) => a - b);
+  for (const index of sortedIndices) {
+    const block = contentBlocks.get(index);
+    if (block.type === "text") {
+      const text = (textDeltas.get(index) || []).join("");
+      content.push({
+        type: "text",
+        text
+      });
+    } else if (block.type === "tool_use") {
+      const jsonStr = (jsonDeltas.get(index) || []).join("");
+      let input = {};
+      try {
+        input = jsonStr ? JSON.parse(jsonStr) : {};
+      } catch {
+      }
+      content.push({
+        type: "tool_use",
+        id: block.content.id || "",
+        name: block.content.name || "",
+        input
+      });
+    }
+  }
+  const usage = {
+    input_tokens: messageStart.message.usage.input_tokens,
+    output_tokens: messageDelta?.usage.output_tokens || messageStart.message.usage.output_tokens,
+    cache_creation_input_tokens: messageStart.message.usage.cache_creation_input_tokens,
+    cache_read_input_tokens: messageStart.message.usage.cache_read_input_tokens
+  };
+  return {
+    id: messageStart.message.id,
+    type: "message",
+    role: "assistant",
+    content,
+    model: messageStart.message.model,
+    stop_reason: messageDelta?.delta.stop_reason || null,
+    stop_sequence: messageDelta?.delta.stop_sequence || null,
+    usage
+  };
+}
+
+// src/interceptor.ts
+var CLAUDE_API_HOSTS = [
+  "api.anthropic.com",
+  "api.claude.ai"
+];
+var CLAUDE_MESSAGES_PATH = "/v1/messages";
+var ClaudeInterceptor = class {
+  wsServer;
+  activeRequests = /* @__PURE__ */ new Map();
+  constructor(wsServer) {
+    this.wsServer = wsServer;
+  }
+  isClaudeRequest(request) {
+    const host = request.headers.host || new URL(request.url).host;
+    const path = new URL(request.url).pathname;
+    return CLAUDE_API_HOSTS.some((h) => host.includes(h)) && path.includes(CLAUDE_MESSAGES_PATH) && request.method === "POST";
+  }
+  async handleRequest(request) {
+    if (!this.isClaudeRequest(request)) {
+      return null;
+    }
+    const requestId = randomUUID();
+    const timestamp = Date.now();
+    let requestBody;
+    try {
+      const bodyBuffer = request.body.buffer;
+      if (bodyBuffer.length > 0) {
+        const bodyText = bodyBuffer.toString("utf-8");
+        requestBody = JSON.parse(bodyText);
+      }
+    } catch (error) {
+      console.error(chalk2.yellow("\u26A0"), "Failed to parse request body:", error);
+    }
+    const intercepted = {
+      id: requestId,
+      timestamp,
+      method: request.method,
+      url: request.url,
+      requestHeaders: this.headersToRecord(request.headers),
+      requestBody,
+      sseEvents: []
+    };
+    this.activeRequests.set(requestId, {
+      request: intercepted,
+      parser: new SSEStreamParser()
+    });
+    this.wsServer.addRequest(intercepted);
+    this.wsServer.broadcast({
+      type: "request_start",
+      requestId,
+      timestamp,
+      method: request.method,
+      url: request.url,
+      headers: intercepted.requestHeaders
+    });
+    if (requestBody) {
+      this.wsServer.broadcast({
+        type: "request_body",
+        requestId,
+        body: requestBody
+      });
+      const model = requestBody.model || "unknown";
+      const messageCount = requestBody.messages?.length || 0;
+      const hasTools = requestBody.tools && requestBody.tools.length > 0;
+      const isStreaming = requestBody.stream === true;
+      console.log(
+        chalk2.cyan("\u2192"),
+        chalk2.white(`[${requestId.slice(0, 8)}]`),
+        chalk2.green(model),
+        `${messageCount} messages`,
+        hasTools ? chalk2.yellow(`+ ${requestBody.tools.length} tools`) : "",
+        isStreaming ? chalk2.magenta("streaming") : ""
+      );
+    }
+    return requestId;
+  }
+  async handleResponseStart(requestId, statusCode, headers) {
+    const active = this.activeRequests.get(requestId);
+    if (!active) {
+      return;
+    }
+    const timestamp = Date.now();
+    active.request.responseStartTime = timestamp;
+    active.request.statusCode = statusCode;
+    active.request.responseHeaders = headers;
+    this.wsServer.broadcast({
+      type: "response_start",
+      requestId,
+      timestamp,
+      statusCode,
+      headers
+    });
+  }
+  handleResponseChunk(requestId, chunk) {
+    const active = this.activeRequests.get(requestId);
+    if (!active) {
+      return;
+    }
+    const data = typeof chunk === "string" ? chunk : chunk.toString("utf-8");
+    const events = active.parser.feed(data);
+    for (const event of events) {
+      active.request.sseEvents.push(event);
+      this.wsServer.broadcast({
+        type: "response_chunk",
+        requestId,
+        event
+      });
+      if (event.type === "content_block_delta" && event.delta.type === "text_delta") {
+        process.stdout.write(chalk2.gray("."));
+      }
+    }
+  }
+  async handleResponseComplete(requestId) {
+    const active = this.activeRequests.get(requestId);
+    if (!active) {
+      return;
+    }
+    const remainingEvents = active.parser.flush();
+    for (const event of remainingEvents) {
+      active.request.sseEvents.push(event);
+      this.wsServer.broadcast({
+        type: "response_chunk",
+        requestId,
+        event
+      });
+    }
+    const response = reconstructResponseFromEvents(active.request.sseEvents);
+    const timestamp = Date.now();
+    const durationMs = timestamp - active.request.timestamp;
+    active.request.response = response || void 0;
+    active.request.durationMs = durationMs;
+    if (response) {
+      this.wsServer.broadcast({
+        type: "response_complete",
+        requestId,
+        timestamp,
+        response,
+        durationMs
+      });
+      console.log();
+      console.log(
+        chalk2.green("\u2713"),
+        chalk2.white(`[${requestId.slice(0, 8)}]`),
+        `${response.usage.input_tokens} in / ${response.usage.output_tokens} out`,
+        chalk2.gray(`(${durationMs}ms)`),
+        response.stop_reason === "tool_use" ? chalk2.yellow("\u2192 tool_use") : ""
+      );
+    }
+    this.activeRequests.delete(requestId);
+  }
+  handleResponseError(requestId, error) {
+    const active = this.activeRequests.get(requestId);
+    if (!active) {
+      return;
+    }
+    active.request.error = error.message;
+    this.wsServer.broadcast({
+      type: "error",
+      requestId,
+      error: error.message,
+      timestamp: Date.now()
+    });
+    console.log(
+      chalk2.red("\u2717"),
+      chalk2.white(`[${requestId.slice(0, 8)}]`),
+      error.message
+    );
+    this.activeRequests.delete(requestId);
+  }
+  handleNonStreamingResponse(requestId, _statusCode, bodyText) {
+    const active = this.activeRequests.get(requestId);
+    if (!active) {
+      return;
+    }
+    try {
+      if (bodyText) {
+        const claudeResponse = JSON.parse(bodyText);
+        const timestamp = Date.now();
+        const durationMs = timestamp - active.request.timestamp;
+        active.request.response = claudeResponse;
+        active.request.durationMs = durationMs;
+        this.wsServer.broadcast({
+          type: "response_complete",
+          requestId,
+          timestamp,
+          response: claudeResponse,
+          durationMs
+        });
+        if (claudeResponse.type === "message") {
+          console.log(
+            chalk2.green("\u2713"),
+            chalk2.white(`[${requestId.slice(0, 8)}]`),
+            `${claudeResponse.usage.input_tokens} in / ${claudeResponse.usage.output_tokens} out`,
+            chalk2.gray(`(${durationMs}ms)`),
+            claudeResponse.stop_reason === "tool_use" ? chalk2.yellow("\u2192 tool_use") : ""
+          );
+        } else if (claudeResponse.type === "error") {
+          console.log(
+            chalk2.yellow("\u26A0"),
+            chalk2.white(`[${requestId.slice(0, 8)}]`),
+            chalk2.red(claudeResponse.error.message),
+            chalk2.gray(`(${durationMs}ms)`)
+          );
+        }
+      }
+    } catch (error) {
+      console.error(chalk2.yellow("\u26A0"), "Failed to parse response body:", error);
+    }
+    this.activeRequests.delete(requestId);
+  }
+  headersToRecord(headers) {
+    const result = {};
+    for (const [key, value] of Object.entries(headers)) {
+      if (value !== void 0) {
+        result[key] = Array.isArray(value) ? value.join(", ") : value;
+      }
+    }
+    return result;
+  }
+  getActiveRequestCount() {
+    return this.activeRequests.size;
+  }
+};
+
+// src/proxy.ts
+function decompressBody(buffer, contentEncoding) {
+  if (!buffer.length) return "";
+  try {
+    if (contentEncoding === "gzip") {
+      return gunzipSync(buffer).toString("utf-8");
+    }
+    if (contentEncoding === "br") {
+      return brotliDecompressSync(buffer).toString("utf-8");
+    }
+  } catch {
+  }
+  return buffer.toString("utf-8");
+}
+function isAnthropicHost(url) {
+  try {
+    const host = new URL(url).host;
+    return CLAUDE_API_HOSTS.some((h) => host.includes(h));
+  } catch {
+    return false;
+  }
+}
+async function createProxy(options) {
+  const { port, ca, wsServer } = options;
+  const server = mockttp.getLocal({
+    https: {
+      cert: ca.cert,
+      key: ca.key
+    }
+  });
+  const interceptor = new ClaudeInterceptor(wsServer);
+  const requestIds = /* @__PURE__ */ new Map();
+  await server.forAnyRequest().thenPassThrough({
+    beforeRequest: async (request) => {
+      if (!isAnthropicHost(request.url)) {
+        return {};
+      }
+      const requestId = await interceptor.handleRequest(request);
+      if (requestId) {
+        requestIds.set(request.id, requestId);
+      }
+      return {};
+    },
+    beforeResponse: async (response) => {
+      const requestId = requestIds.get(response.id);
+      if (!requestId) {
+        return {};
+      }
+      await interceptor.handleResponseStart(requestId, response.statusCode, response.headers);
+      const contentType = response.headers["content-type"] || "";
+      const isStreaming = contentType.includes("text/event-stream");
+      if (isStreaming) {
+        const bodyBuffer = response.body.buffer;
+        if (bodyBuffer.length > 0) {
+          const bodyText = bodyBuffer.toString("utf-8");
+          interceptor.handleResponseChunk(requestId, bodyText);
+        }
+        await interceptor.handleResponseComplete(requestId);
+      } else {
+        const bodyBuffer = response.body.buffer;
+        const contentEncoding = response.headers["content-encoding"];
+        const bodyText = decompressBody(bodyBuffer, contentEncoding);
+        interceptor.handleNonStreamingResponse(requestId, response.statusCode, bodyText);
+      }
+      requestIds.delete(response.id);
+      return {};
+    }
+  });
+  await server.start(port);
+  console.log(chalk3.green("\u2713"), `Proxy server started on port ${chalk3.cyan(port)}`);
+  console.log(chalk3.gray("  Intercepting:"), CLAUDE_API_HOSTS.join(", "));
+  console.log(chalk3.gray("  All other traffic: transparent passthrough"));
+  return {
+    server,
+    interceptor,
+    stop: async () => {
+      await server.stop();
+      console.log(chalk3.gray("\u25CB"), "Proxy server stopped");
+    }
+  };
+}
+
+// src/websocket.ts
+import { WebSocketServer, WebSocket } from "ws";
+import chalk4 from "chalk";
+var WiretapWebSocketServer = class {
+  wss;
+  clients = /* @__PURE__ */ new Set();
+  requests = /* @__PURE__ */ new Map();
+  constructor(options = {}) {
+    if (options.server) {
+      this.wss = new WebSocketServer({ server: options.server });
+    } else {
+      this.wss = new WebSocketServer({ port: options.port || 8081 });
+    }
+    this.wss.on("connection", (ws, req) => {
+      const clientIp = req.socket.remoteAddress || "unknown";
+      console.log(chalk4.blue("\u2B24"), `UI client connected from ${clientIp}`);
+      this.clients.add(ws);
+      this.sendCurrentState(ws);
+      ws.on("message", (data) => {
+        try {
+          const message = JSON.parse(data.toString());
+          if (message.type === "clear_all") {
+            console.log(chalk4.yellow("\u27F2"), "Clearing all requests");
+            this.requests.clear();
+            this.broadcast({ type: "clear_all" });
+          }
+        } catch (error) {
+          console.error(chalk4.red("\u2717"), `Failed to parse client message: ${error}`);
+        }
+      });
+      ws.on("close", () => {
+        console.log(chalk4.gray("\u25CB"), `UI client disconnected from ${clientIp}`);
+        this.clients.delete(ws);
+      });
+      ws.on("error", (error) => {
+        console.error(chalk4.red("\u2717"), `WebSocket error: ${error.message}`);
+        this.clients.delete(ws);
+      });
+    });
+    this.wss.on("error", (error) => {
+      console.error(chalk4.red("\u2717"), `WebSocket server error: ${error.message}`);
+    });
+  }
+  sendCurrentState(ws) {
+    if (this.requests.size > 0) {
+      this.sendToClient(ws, {
+        type: "history_sync",
+        requests: Array.from(this.requests.values())
+      });
+    }
+  }
+  sendToClient(ws, message) {
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify(message));
+    }
+  }
+  broadcast(message) {
+    const data = JSON.stringify(message);
+    for (const client of this.clients) {
+      if (client.readyState === WebSocket.OPEN) {
+        client.send(data);
+      }
+    }
+  }
+  // Request management
+  addRequest(request) {
+    this.requests.set(request.id, request);
+  }
+  getRequest(requestId) {
+    return this.requests.get(requestId);
+  }
+  // Stats
+  getClientCount() {
+    return this.clients.size;
+  }
+  getRequestCount() {
+    return this.requests.size;
+  }
+  // Lifecycle
+  close() {
+    return new Promise((resolve, reject) => {
+      for (const client of this.clients) {
+        client.close();
+      }
+      this.clients.clear();
+      this.wss.close((err) => {
+        if (err) {
+          reject(err);
+        } else {
+          resolve();
+        }
+      });
+    });
+  }
+  getPort() {
+    const address = this.wss.address();
+    if (address && typeof address === "object") {
+      return address.port;
+    }
+    return void 0;
+  }
+};
+
+// src/setup-server.ts
+import { createServer } from "http";
+import chalk5 from "chalk";
+var SETUP_PORT = 8082;
+function generateSetupScript(proxyPort) {
+  const caPath = getCAPath();
+  return `#!/bin/bash
+# CC Wiretap - Terminal Setup Script
+# This script configures your terminal session to route traffic through the proxy
+
+# Proxy settings (for most HTTP clients)
+export HTTP_PROXY="http://localhost:${proxyPort}"
+export HTTPS_PROXY="http://localhost:${proxyPort}"
+export http_proxy="http://localhost:${proxyPort}"
+export https_proxy="http://localhost:${proxyPort}"
+
+# Node.js CA certificate
+export NODE_EXTRA_CA_CERTS="${caPath}"
+
+# Python/OpenSSL CA certificates
+export SSL_CERT_FILE="${caPath}"
+export REQUESTS_CA_BUNDLE="${caPath}"
+
+# curl CA certificate
+export CURL_CA_BUNDLE="${caPath}"
+
+# Ruby CA certificate
+export SSL_CERT_DIR=""
+
+# Git CA certificate (for HTTPS remotes)
+export GIT_SSL_CAINFO="${caPath}"
+
+# AWS CLI
+export AWS_CA_BUNDLE="${caPath}"
+
+# Disable proxy for localhost (prevents loops)
+export NO_PROXY="localhost,127.0.0.1,::1"
+export no_proxy="localhost,127.0.0.1,::1"
+
+# Visual indicator that proxy is active
+export WIRETAP_ACTIVE="1"
+
+# Update PS1 to show proxy is active (optional - uncomment if desired)
+# export PS1="[wiretap] $PS1"
+
+echo ""
+echo "  \u2713 CC Wiretap proxy configured for this terminal"
+echo ""
+echo "  Proxy:  http://localhost:${proxyPort}"
+echo "  CA:     ${caPath}"
+echo ""
+echo "  All HTTP/HTTPS traffic from this terminal will be intercepted."
+echo "  Run 'unset-wiretap' to disable."
+echo ""
+
+# Create unset function
+unset-wiretap() {
+  unset HTTP_PROXY HTTPS_PROXY http_proxy https_proxy
+  unset NODE_EXTRA_CA_CERTS SSL_CERT_FILE REQUESTS_CA_BUNDLE
+  unset CURL_CA_BUNDLE SSL_CERT_DIR GIT_SSL_CAINFO AWS_CA_BUNDLE
+  unset NO_PROXY no_proxy WIRETAP_ACTIVE
+  echo "\u2713 Wiretap proxy disabled for this terminal"
+}
+export -f unset-wiretap 2>/dev/null || true
+`;
+}
+function generateFishScript(proxyPort) {
+  const caPath = getCAPath();
+  return `# CC Wiretap - Fish Shell Setup Script
+
+set -gx HTTP_PROXY "http://localhost:${proxyPort}"
+set -gx HTTPS_PROXY "http://localhost:${proxyPort}"
+set -gx http_proxy "http://localhost:${proxyPort}"
+set -gx https_proxy "http://localhost:${proxyPort}"
+set -gx NODE_EXTRA_CA_CERTS "${caPath}"
+set -gx SSL_CERT_FILE "${caPath}"
+set -gx REQUESTS_CA_BUNDLE "${caPath}"
+set -gx CURL_CA_BUNDLE "${caPath}"
+set -gx GIT_SSL_CAINFO "${caPath}"
+set -gx AWS_CA_BUNDLE "${caPath}"
+set -gx NO_PROXY "localhost,127.0.0.1,::1"
+set -gx no_proxy "localhost,127.0.0.1,::1"
+set -gx WIRETAP_ACTIVE "1"
+
+echo ""
+echo "  \u2713 CC Wiretap proxy configured for this terminal"
+echo ""
+echo "  Proxy:  http://localhost:${proxyPort}"
+echo "  CA:     ${caPath}"
+echo ""
+
+function unset-wiretap
+  set -e HTTP_PROXY HTTPS_PROXY http_proxy https_proxy
+  set -e NODE_EXTRA_CA_CERTS SSL_CERT_FILE REQUESTS_CA_BUNDLE
+  set -e CURL_CA_BUNDLE GIT_SSL_CAINFO AWS_CA_BUNDLE
+  set -e NO_PROXY no_proxy WIRETAP_ACTIVE
+  echo "\u2713 Wiretap proxy disabled"
+end
+`;
+}
+function createSetupServer(proxyPort) {
+  const server = createServer((req, res) => {
+    const url = new URL(req.url || "/", `http://localhost:${SETUP_PORT}`);
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET");
+    if (url.pathname === "/" || url.pathname === "/setup") {
+      const shell = url.searchParams.get("shell") || "bash";
+      res.setHeader("Content-Type", "text/plain; charset=utf-8");
+      if (shell === "fish") {
+        res.end(generateFishScript(proxyPort));
+      } else {
+        res.end(generateSetupScript(proxyPort));
+      }
+    } else if (url.pathname === "/status") {
+      res.setHeader("Content-Type", "application/json");
+      res.end(JSON.stringify({
+        active: true,
+        proxyPort,
+        caPath: getCAPath()
+      }));
+    } else {
+      res.statusCode = 404;
+      res.end("Not found");
+    }
+  });
+  server.listen(SETUP_PORT, () => {
+    console.log(chalk5.green("\u2713"), `Setup server started on port ${chalk5.cyan(SETUP_PORT)}`);
+  });
+  return server;
+}
+function getSetupCommand() {
+  return `eval "$(curl -s http://localhost:${SETUP_PORT}/setup)"`;
+}
+
+// src/ui-server.ts
+import { createServer as createServer2 } from "http";
+import { createReadStream, existsSync, statSync } from "fs";
+import { join as join2, extname } from "path";
+import { fileURLToPath } from "url";
+import chalk6 from "chalk";
+var __dirname2 = fileURLToPath(new URL(".", import.meta.url));
+var MIME_TYPES = {
+  ".html": "text/html; charset=utf-8",
+  ".js": "application/javascript; charset=utf-8",
+  ".mjs": "application/javascript; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".eot": "application/vnd.ms-fontobject"
+};
+function getUIDistPath() {
+  return join2(__dirname2, "ui");
+}
+function serveFile(res, filePath) {
+  const ext = extname(filePath).toLowerCase();
+  const contentType = MIME_TYPES[ext] || "application/octet-stream";
+  res.setHeader("Content-Type", contentType);
+  res.setHeader("Cache-Control", "public, max-age=31536000, immutable");
+  const stream = createReadStream(filePath);
+  stream.pipe(res);
+  stream.on("error", () => {
+    res.statusCode = 500;
+    res.end("Internal Server Error");
+  });
+}
+function handleRequest(req, res, uiPath) {
+  const url = new URL(req.url || "/", "http://localhost");
+  let pathname = url.pathname;
+  let relativePath = decodeURIComponent(pathname.slice(1));
+  if (relativePath === "" || relativePath === "/") {
+    relativePath = "index.html";
+  }
+  const filePath = join2(uiPath, relativePath);
+  if (!filePath.startsWith(uiPath)) {
+    res.statusCode = 403;
+    res.end("Forbidden");
+    return;
+  }
+  if (existsSync(filePath) && statSync(filePath).isFile()) {
+    serveFile(res, filePath);
+    return;
+  }
+  const indexPath = join2(uiPath, "index.html");
+  if (existsSync(indexPath)) {
+    res.setHeader("Content-Type", "text/html; charset=utf-8");
+    res.setHeader("Cache-Control", "no-cache");
+    createReadStream(indexPath).pipe(res);
+    return;
+  }
+  res.statusCode = 404;
+  res.end("Not Found");
+}
+function createUIServer(options) {
+  const { port } = options;
+  const uiPath = getUIDistPath();
+  if (!existsSync(uiPath) || !existsSync(join2(uiPath, "index.html"))) {
+    console.log(chalk6.yellow("!"), "UI not bundled. Run in dev mode or build first.");
+    return null;
+  }
+  const server = createServer2((req, res) => {
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET");
+    handleRequest(req, res, uiPath);
+  });
+  server.listen(port, () => {
+    console.log(chalk6.green("\u2713"), `UI server started on port ${chalk6.cyan(port)}`);
+  });
+  return server;
+}
+
+// src/index.ts
+var VERSION = "1.0.0";
+var BANNER = `
+${chalk7.cyan("\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557")}
+${chalk7.cyan("\u2551")}                                                           ${chalk7.cyan("\u2551")}
+${chalk7.cyan("\u2551")}   ${chalk7.bold.white("CC Wiretap")} ${chalk7.gray("v" + VERSION)}                                     ${chalk7.cyan("\u2551")}
+${chalk7.cyan("\u2551")}   ${chalk7.gray("HTTP/HTTPS proxy for Claude Code traffic inspection")}    ${chalk7.cyan("\u2551")}
+${chalk7.cyan("\u2551")}                                                           ${chalk7.cyan("\u2551")}
+${chalk7.cyan("\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D")}
+`;
+async function main() {
+  const program = new Command();
+  program.name("cc-wiretap").description("HTTP/HTTPS proxy for intercepting and visualizing Claude Code traffic").version(VERSION).option("-p, --port <port>", "Proxy server port", "8080").option("-w, --ws-port <port>", "WebSocket server port for UI", "8081").option("-u, --ui-port <port>", "UI dashboard server port", "3000").option("-q, --quiet", "Suppress banner and verbose output", false).action(async (options) => {
+    if (!options.quiet) {
+      console.log(BANNER);
+    }
+    const proxyPort = parseInt(options.port, 10);
+    const wsPort = parseInt(options.wsPort, 10);
+    const uiPort = parseInt(options.uiPort, 10);
+    try {
+      const ca = await loadOrGenerateCA();
+      const wsServer = new WiretapWebSocketServer({ port: wsPort });
+      console.log(chalk7.green("\u2713"), `WebSocket server started on port ${chalk7.cyan(wsPort)}`);
+      const proxy = await createProxy({
+        port: proxyPort,
+        ca,
+        wsServer
+      });
+      const setupServer = createSetupServer(proxyPort);
+      const uiServer = createUIServer({ port: uiPort });
+      console.log();
+      console.log(chalk7.white("Ready to intercept Claude API traffic."));
+      console.log();
+      console.log(chalk7.yellow.bold("Quick setup - run this in any terminal:"));
+      console.log();
+      console.log(chalk7.white.bold(`  ${getSetupCommand()}`));
+      console.log();
+      console.log(chalk7.gray("Or manually:"));
+      console.log();
+      console.log(chalk7.gray(`  NODE_EXTRA_CA_CERTS="${getCAPath()}" \\`));
+      console.log(chalk7.gray(`  HTTPS_PROXY=http://localhost:${proxyPort} \\`));
+      console.log(chalk7.gray("  claude"));
+      console.log();
+      console.log(chalk7.gray("UI:"), chalk7.cyan(`http://localhost:${uiPort}`));
+      console.log();
+      console.log(chalk7.gray("\u2500".repeat(60)));
+      console.log();
+      const shutdown = async () => {
+        console.log();
+        console.log(chalk7.yellow("Shutting down..."));
+        await proxy.stop();
+        await wsServer.close();
+        setupServer.close();
+        uiServer?.close();
+        process.exit(0);
+      };
+      process.on("SIGINT", shutdown);
+      process.on("SIGTERM", shutdown);
+    } catch (error) {
+      console.error(chalk7.red("\u2717"), "Failed to start:", error);
+      process.exit(1);
+    }
+  });
+  program.parse();
+}
+main().catch((error) => {
+  console.error(chalk7.red("Fatal error:"), error);
+  process.exit(1);
+});
+export {
+  CLAUDE_API_HOSTS,
+  ClaudeInterceptor,
+  SSEStreamParser,
+  WiretapWebSocketServer,
+  createProxy,
+  createSetupServer,
+  createUIServer,
+  getCAPath,
+  getSetupCommand,
+  loadOrGenerateCA,
+  parseSSEChunk,
+  reconstructResponseFromEvents
+};
+//# sourceMappingURL=index.js.map