cruss-agent 1.0.4 → 1.0.5

package/package.json

@@ -1,17 +1,11 @@
 {
   "name": "cruss-agent",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "description": "Local API relay for Cruss — test localhost APIs from cruss-ten.vercel.app",
   "main": "server.js",
   "bin": {
-    "cruss-agent": "server.js"
+    "cruss-agent": "./server.js"
   },
-  "keywords": [
-    "cruss",
-    "api",
-    "localhost",
-    "cors",
-    "proxy"
-  ],
+  "keywords": ["cruss", "api", "localhost", "cors", "proxy"],
   "license": "MIT"
-}
+}

package/server.js

@@ -1,27 +1,4 @@
 #!/usr/bin/env node
-/**
- * cruss-agent — Cruss Local API Agent  v1.0.4
- *
- * A lightweight HTTP proxy that runs on your machine (port 9119).
- * The Cruss web app routes local API requests through this agent
- * instead of the cloud proxy or the browser — so there are zero
- * CORS or mixed-content restrictions, on any port, any protocol.
- *
- * Usage:
- *   npx cruss-agent          # recommended
- *   node agent/server.js     # from repo root
- *
- * The agent listens on http://localhost:9119 and accepts:
- *   GET  /health              — liveness check (Cruss pings this)
- *   POST /proxy               — proxy a request
- *
- * Changelog:
- *   v1.0.4 — bind to 0.0.0.0 (fixes macOS IPv6 detection), IPv4/IPv6
- *             fallback in proxyRequest (fixes 127.0.0.1 vs ::1 mismatch),
- *             wildcard CORS (no more domain allowlist to maintain)
- * 
- */
-
 'use strict'
 
 const http  = require('http')
@@ -29,13 +6,8 @@ const https = require('https')
 const url   = require('url')
 
 const PORT    = 9119
-const VERSION = '1.0.2'
+const VERSION = '1.0.5'
 
-// ── CORS ─────────────────────────────────────────────────────────────────
-// The agent binds to 0.0.0.0 but is never reachable from the internet
-// (no port forwarding, no public IP exposure). Wildcard CORS is therefore
-// safe here — the only pages that can reach localhost:9119 are pages
-// already running on the user's own machine.
 function corsHeaders() {
   return {
     'Access-Control-Allow-Origin':  '*',
@@ -45,7 +17,6 @@ function corsHeaders() {
   }
 }
 
-// ── Body reader ──────────────────────────────────────────────────────────
 function readBody(req) {
   return new Promise((resolve, reject) => {
     const chunks = []
@@ -55,27 +26,22 @@ function readBody(req) {
   })
 }
 
-// ── Hop-by-hop headers to strip ─────────────────────────────────────────
 const HOP_BY_HOP = new Set([
   'connection', 'keep-alive', 'proxy-authenticate', 'proxy-authorization',
   'te', 'trailers', 'transfer-encoding', 'upgrade',
 ])
 
-// ── IPv4 / IPv6 loopback alternatives ────────────────────────────────────
-// On macOS, localhost resolves to ::1 (IPv6) by default.
-// A dev server started with `python3 -m http.server` binds to :: (IPv6).
-// A server started with `node server.js` may bind to 0.0.0.0 (IPv4).
-// When the two stacks don't match we get ECONNREFUSED.
-// Fix: if the first attempt fails with ECONNREFUSED on a loopback address,
-// retry automatically on the other stack.
-function loopbackAlternative(hostname) {
-  if (hostname === '127.0.0.1') return '::1'
-  if (hostname === '::1')       return '127.0.0.1'
-  if (hostname === 'localhost') return null // node will resolve — no manual retry needed
-  return null
+// Returns all addresses to try for a given hostname.
+// On macOS, python3 -m http.server binds to :: (IPv6 only).
+// Node resolves localhost -> 127.0.0.1 (IPv4) -> ECONNREFUSED.
+// Trying both 127.0.0.1 and ::1 guarantees one works.
+function loopbackCandidates(hostname) {
+  if (hostname === 'localhost')  return ['127.0.0.1', '::1']
+  if (hostname === '127.0.0.1') return ['127.0.0.1', '::1']
+  if (hostname === '::1')       return ['::1', '127.0.0.1']
+  return [hostname]
 }
 
-// ── Single proxy attempt ──────────────────────────────────────────────────
 function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
   return new Promise((resolve, reject) => {
     const lib = isHttps ? https : http
@@ -87,7 +53,6 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
       headers: outHeaders,
       timeout: 30000,
     }
-
     const t0  = Date.now()
     const req = lib.request(options, res => {
       const chunks = []
@@ -96,38 +61,29 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
         const elapsed = Date.now() - t0
         const rawBody = Buffer.concat(chunks)
         const bodyStr = rawBody.toString('utf8')
-
         const respHeaders = {}
         for (const [k, v] of Object.entries(res.headers || {})) {
-          // Strip upstream CORS headers — the agent adds its own
-          if (!['access-control-allow-origin', 'access-control-allow-headers',
+          if (!['access-control-allow-origin','access-control-allow-headers',
                 'access-control-allow-methods'].includes(k.toLowerCase())) {
             respHeaders[k] = Array.isArray(v) ? v.join(', ') : v
           }
         }
-
         resolve({
-          status:       res.statusCode,
-          statusText:   res.statusMessage,
-          headers:      respHeaders,
-          body:         bodyStr,
-          responseTime: elapsed,
-          size:         rawBody.length,
+          status: res.statusCode, statusText: res.statusMessage,
+          headers: respHeaders, body: bodyStr,
+          responseTime: elapsed, size: rawBody.length,
         })
       })
       res.on('error', reject)
     })
-
     req.on('timeout', () => { req.destroy(); reject(new Error('Request timed out (30s)')) })
     req.on('error', reject)
-
-    const hasBody = body && !['GET', 'HEAD', 'OPTIONS'].includes((method || 'GET').toUpperCase())
+    const hasBody = body && !['GET','HEAD','OPTIONS'].includes((method||'GET').toUpperCase())
     if (hasBody) req.write(typeof body === 'string' ? body : JSON.stringify(body))
     req.end()
   })
 }
 
-// ── Main proxy logic — with automatic IPv4/IPv6 fallback ─────────────────
 async function proxyRequest(targetUrl, method, reqHeaders, body) {
   const parsed  = url.parse(targetUrl)
   const isHttps = parsed.protocol === 'https:'
@@ -137,94 +93,61 @@ async function proxyRequest(targetUrl, method, reqHeaders, body) {
     if (!HOP_BY_HOP.has(k.toLowerCase())) outHeaders[k] = v
   }
 
-  try {
-    return await proxyOnce(
-      parsed.hostname, parsed.port, parsed.path,
-      method, outHeaders, body, isHttps
-    )
-  } catch (firstErr) {
-    // On ECONNREFUSED for a loopback address, retry on the other IP stack.
-    // This handles the macOS case where python3's HTTP server binds to ::
-    // but the user typed 127.0.0.1 (IPv4), or vice versa.
-    if (firstErr.code === 'ECONNREFUSED') {
-      const alt = loopbackAlternative(parsed.hostname)
-      if (alt) {
-        try {
-          return await proxyOnce(
-            alt, parsed.port, parsed.path,
-            method, outHeaders, body, isHttps
-          )
-        } catch (secondErr) {
-          // Throw a clear message combining both attempts
-          throw new Error(
-            `Connection refused on both ${parsed.hostname} and ${alt}:${parsed.port || (isHttps ? 443 : 80)}. ` +
-            `Is your server actually running on that port?`
-          )
-        }
-      }
+  const candidates = loopbackCandidates(parsed.hostname)
+  let lastErr
+
+  for (const host of candidates) {
+    try {
+      return await proxyOnce(host, parsed.port, parsed.path, method, outHeaders, body, isHttps)
+    } catch (err) {
+      lastErr = err
+      if (err.code !== 'ECONNREFUSED' && err.code !== 'EADDRNOTAVAIL') throw err
     }
-    throw firstErr
   }
+
+  throw new Error(
+    `Connection refused on all addresses (${candidates.join(', ')}) port ${parsed.port || (isHttps ? 443 : 80)}. ` +
+    `Is your server running?`
+  )
 }
 
-// ── HTTP server ──────────────────────────────────────────────────────────
 const server = http.createServer(async (req, res) => {
   const cors    = corsHeaders()
   const reqPath = url.parse(req.url).pathname
 
-  // Preflight
   if (req.method === 'OPTIONS') {
-    res.writeHead(204, cors)
-    res.end()
-    return
+    res.writeHead(204, cors); res.end(); return
   }
 
   function send(status, body) {
-    const json = JSON.stringify(body)
     res.writeHead(status, { 'Content-Type': 'application/json', ...cors })
-    res.end(json)
+    res.end(JSON.stringify(body))
   }
 
-  // ── GET /health ──────────────────────────────────────────────────────
   if (req.method === 'GET' && reqPath === '/health') {
     send(200, { ok: true, version: VERSION, agent: 'cruss-agent', port: PORT })
     return
   }
 
-  // ── POST /proxy ──────────────────────────────────────────────────────
   if (req.method === 'POST' && reqPath === '/proxy') {
     let payload
     try {
-      const raw = await readBody(req)
-      payload   = JSON.parse(raw)
+      payload = JSON.parse(await readBody(req))
     } catch {
-      send(400, { error: 'Request body must be valid JSON' })
-      return
+      send(400, { error: 'Request body must be valid JSON' }); return
     }
 
     const { method, url: targetUrl, headers, body } = payload || {}
 
-    if (!targetUrl || typeof targetUrl !== 'string') {
-      send(400, { error: 'url is required' })
-      return
-    }
-    if (!method || typeof method !== 'string') {
-      send(400, { error: 'method is required' })
-      return
-    }
+    if (!targetUrl || typeof targetUrl !== 'string') { send(400, { error: 'url is required' }); return }
+    if (!method   || typeof method   !== 'string')   { send(400, { error: 'method is required' }); return }
 
     try {
       const result = await proxyRequest(targetUrl, method, headers || {}, body)
       send(200, { data: result })
     } catch (err) {
       const msg = err instanceof Error ? err.message : String(err)
-      send(200, {
-        data: {
-          status: 0, statusText: 'Network Error',
-          headers: {}, body: null, error: msg,
-          responseTime: 0, size: 0,
-        }
-      })
+      send(200, { data: { status: 0, statusText: 'Network Error', headers: {}, body: null, error: msg, responseTime: 0, size: 0 } })
     }
     return
   }
@@ -232,10 +155,6 @@ const server = http.createServer(async (req, res) => {
   send(404, { error: 'Not found' })
 })
 
-// ── Listen on 0.0.0.0 ────────────────────────────────────────────────────
-// Binding to 0.0.0.0 (all interfaces) instead of 127.0.0.1 means the agent
-// accepts connections whether the browser resolves localhost to 127.0.0.1
-// (IPv4) or ::1 (IPv6). It is still only reachable from the local machine.
 server.listen(PORT, '0.0.0.0', () => {
   console.log('')
   console.log('  ╔═══════════════════════════════════════╗')
@@ -245,7 +164,7 @@ server.listen(PORT, '0.0.0.0', () => {
   console.log('  ║   Listening on  http://localhost:' + PORT + '  ║')
   console.log('  ║   Cruss will auto-detect this agent.  ║')
   console.log('  ║                                       ║')
-  console.log('  ║   Open cruss-ten.vercel.app →        ║')
+  console.log('  ║   Open cruss-ten.vercel.app ->       ║')
   console.log('  ║   Ctrl+C to stop                      ║')
   console.log('  ╚═══════════════════════════════════════╝')
   console.log('')
@@ -255,11 +174,9 @@ server.listen(PORT, '0.0.0.0', () => {
 
 server.on('error', err => {
   if (err.code === 'EADDRINUSE') {
-    console.error(`\n  ✗ Port ${PORT} is already in use.`)
-    console.error('    Stop the existing agent first: find the terminal running it and press Ctrl+C.')
-    console.error(`    Or force-kill it: kill $(lsof -ti:${PORT})`)
+    console.error(`\n  Port ${PORT} is already in use. Run: kill $(lsof -ti:${PORT})`)
   } else {
-    console.error('\n  ✗ Agent failed to start:', err.message)
+    console.error('\n  Agent failed to start:', err.message)
   }
   process.exit(1)
 })