domsniper 0.1.0

package/src/market-client.ts

@@ -0,0 +1,186 @@
+import { readFileSync, writeFileSync, existsSync, mkdirSync, unlinkSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+const APP_DIR = join(homedir(), ".domain-sniper");
+const AUTH_FILE = join(APP_DIR, "market-auth.json");
+
+interface AuthState {
+  serverUrl: string;
+  cookies: string;
+  userId: string;
+  email: string;
+  name: string;
+}
+
+function loadAuth(): AuthState | null {
+  if (!existsSync(AUTH_FILE)) return null;
+  try {
+    return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
+  } catch { return null; }
+}
+
+function saveAuth(state: AuthState): void {
+  if (!existsSync(APP_DIR)) mkdirSync(APP_DIR, { recursive: true });
+  writeFileSync(AUTH_FILE, JSON.stringify(state, null, 2), "utf-8");
+}
+
+function clearAuth(): void {
+  if (existsSync(AUTH_FILE)) {
+    unlinkSync(AUTH_FILE);
+  }
+}
+
+export function getServerUrl(): string {
+  return loadAuth()?.serverUrl || process.env.MARKET_URL || "http://localhost:3000";
+}
+
+export function isLoggedIn(): boolean {
+  return loadAuth() !== null;
+}
+
+export function getAuthInfo(): { email: string; name: string; userId: string } | null {
+  const auth = loadAuth();
+  if (!auth) return null;
+  return { email: auth.email, name: auth.name, userId: auth.userId };
+}
+
+async function request(method: string, path: string, body?: unknown): Promise<{ ok: boolean; status: number; data: any }> {
+  const auth = loadAuth();
+  const url = `${getServerUrl()}${path}`;
+  const headers: Record<string, string> = { "Content-Type": "application/json", "Origin": getServerUrl() };
+  if (auth?.cookies) headers["Cookie"] = auth.cookies;
+
+  try {
+    const resp = await fetch(url, {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : undefined,
+    });
+
+    // Save cookies from response
+    const setCookies = resp.headers.getSetCookie();
+    if (setCookies.length > 0 && auth) {
+      const cookieStr = setCookies.map((c) => c.split(";")[0]).join("; ");
+      saveAuth({ ...auth, cookies: cookieStr });
+    }
+
+    const data = await resp.json().catch(() => null);
+    return { ok: resp.ok, status: resp.status, data };
+  } catch (err: unknown) {
+    return { ok: false, status: 0, data: { error: err instanceof Error ? err.message : "Request failed" } };
+  }
+}
+
+// ─── Auth ────────────────────────────────────────────────
+
+export async function signUp(email: string, password: string, name: string, serverUrl?: string): Promise<{ success: boolean; error?: string }> {
+  const base = serverUrl || getServerUrl();
+  try {
+    const resp = await fetch(`${base}/api/auth/sign-up/email`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", "Origin": base },
+      body: JSON.stringify({ email, password, name }),
+    });
+    const data = await resp.json() as any;
+    if (resp.ok && data?.user) {
+      const setCookies = resp.headers.getSetCookie();
+      const cookieStr = setCookies.map((c: string) => c.split(";")[0]).join("; ");
+      saveAuth({ serverUrl: base, cookies: cookieStr, userId: data.user.id, email: data.user.email, name: data.user.name });
+      return { success: true };
+    }
+    return { success: false, error: data?.message || data?.error || "Sign up failed" };
+  } catch (err: unknown) {
+    return { success: false, error: err instanceof Error ? err.message : "Connection failed" };
+  }
+}
+
+export async function signIn(email: string, password: string, serverUrl?: string): Promise<{ success: boolean; error?: string }> {
+  const base = serverUrl || getServerUrl();
+  try {
+    const resp = await fetch(`${base}/api/auth/sign-in/email`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json", "Origin": base },
+      body: JSON.stringify({ email, password }),
+    });
+    const data = await resp.json() as any;
+    if (resp.ok && data?.user) {
+      const setCookies = resp.headers.getSetCookie();
+      const cookieStr = setCookies.map((c: string) => c.split(";")[0]).join("; ");
+      saveAuth({ serverUrl: base, cookies: cookieStr, userId: data.user.id, email: data.user.email, name: data.user.name });
+      return { success: true };
+    }
+    return { success: false, error: data?.message || data?.error || "Sign in failed" };
+  } catch (err: unknown) {
+    return { success: false, error: err instanceof Error ? err.message : "Connection failed" };
+  }
+}
+
+export function signOut(): void {
+  clearAuth();
+}
+
+// ─── Listings ────────────────────────────────────────────
+
+export async function browseListings(query: {
+  search?: string; category?: string; minPrice?: number; maxPrice?: number;
+  verified?: boolean; sort?: string; limit?: number; offset?: number;
+} = {}): Promise<{ ok: boolean; data: any }> {
+  const params = new URLSearchParams();
+  if (query.search) params.set("q", query.search);
+  if (query.category) params.set("category", query.category);
+  if (query.minPrice !== undefined) params.set("min", String(query.minPrice));
+  if (query.maxPrice !== undefined) params.set("max", String(query.maxPrice));
+  if (query.verified) params.set("verified", "true");
+  if (query.sort) params.set("sort", query.sort);
+  if (query.limit) params.set("limit", String(query.limit));
+  if (query.offset) params.set("offset", String(query.offset));
+  const qs = params.toString();
+  return request("GET", `/api/listings${qs ? `?${qs}` : ""}`);
+}
+
+export async function viewListing(id: number): Promise<{ ok: boolean; data: any }> {
+  return request("GET", `/api/listings/${id}`);
+}
+
+export async function createListingApi(domain: string, askingPrice: number, details: {
+  title?: string; description?: string; minOffer?: number; buyNow?: boolean; category?: string;
+} = {}): Promise<{ ok: boolean; data: any }> {
+  return request("POST", "/api/listings", { domain, askingPrice, ...details });
+}
+
+export async function verifyListingApi(listingId: number): Promise<{ ok: boolean; data: any }> {
+  return request("POST", `/api/listings/${listingId}/verify`);
+}
+
+export async function cancelListingApi(listingId: number): Promise<{ ok: boolean; data: any }> {
+  return request("DELETE", `/api/listings/${listingId}`);
+}
+
+export async function getMyListings(): Promise<{ ok: boolean; data: any }> {
+  return request("GET", "/api/my/listings");
+}
+
+// ─── Offers ──────────────────────────────────────────────
+
+export async function makeOffer(listingId: number, amount: number, message: string = ""): Promise<{ ok: boolean; data: any }> {
+  return request("POST", "/api/offers", { listingId, amount, message });
+}
+
+export async function respondToOffer(offerId: number, status: string, counterAmount?: number): Promise<{ ok: boolean; data: any }> {
+  return request("PUT", `/api/offers/${offerId}`, { status, counterAmount });
+}
+
+export async function getMyOffers(role: "buyer" | "seller" = "buyer"): Promise<{ ok: boolean; data: any }> {
+  return request("GET", `/api/my/offers?role=${role}`);
+}
+
+// ─── Other ───────────────────────────────────────────────
+
+export async function getMarketStatsApi(): Promise<{ ok: boolean; data: any }> {
+  return request("GET", "/api/stats");
+}
+
+export async function getUnreadApi(): Promise<{ ok: boolean; data: any }> {
+  return request("GET", "/api/my/unread");
+}

package/src/proxy/ca.ts

@@ -0,0 +1,116 @@
+import { existsSync, mkdirSync, readFileSync, writeFileSync, unlinkSync, chmodSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { execFileSync } from "child_process";
+
+const CA_DIR = join(homedir(), ".domain-sniper", "ca");
+const CA_KEY = join(CA_DIR, "ca.key");
+const CA_CERT = join(CA_DIR, "ca.crt");
+const CERTS_DIR = join(CA_DIR, "certs");
+
+function ensureDirs(): void {
+  if (!existsSync(CA_DIR)) mkdirSync(CA_DIR, { recursive: true });
+  if (!existsSync(CERTS_DIR)) mkdirSync(CERTS_DIR, { recursive: true });
+}
+
+export function hasCA(): boolean {
+  return existsSync(CA_KEY) && existsSync(CA_CERT);
+}
+
+export function getCACertPath(): string {
+  return CA_CERT;
+}
+
+export function generateCA(): { keyPath: string; certPath: string } {
+  ensureDirs();
+  if (hasCA()) return { keyPath: CA_KEY, certPath: CA_CERT };
+
+  // Generate CA private key
+  execFileSync("openssl", [
+    "genrsa", "-out", CA_KEY, "2048",
+  ], { stdio: "pipe" });
+  chmodSync(CA_KEY, 0o600);
+
+  // Generate CA certificate (valid for 10 years)
+  execFileSync("openssl", [
+    "req", "-new", "-x509", "-key", CA_KEY,
+    "-out", CA_CERT, "-days", "3650",
+    "-subj", "/CN=Domain Sniper CA/O=Domain Sniper/OU=Proxy",
+  ], { stdio: "pipe" });
+
+  return { keyPath: CA_KEY, certPath: CA_CERT };
+}
+
+export function generateHostCert(hostname: string): { key: string; cert: string } {
+  // Validate hostname format
+  const HOSTNAME_RE = /^[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?(\.[a-z0-9]([a-z0-9\-]{0,61}[a-z0-9])?)*$/i;
+  if (!HOSTNAME_RE.test(hostname)) {
+    throw new Error(`Invalid hostname: ${hostname}`);
+  }
+
+  ensureDirs();
+  if (!hasCA()) generateCA();
+
+  // Sanitize hostname for filename and openssl arguments
+  const safe = hostname.replace(/[^a-z0-9.-]/gi, "_");
+  const hostKey = join(CERTS_DIR, `${safe}.key`);
+  const hostCert = join(CERTS_DIR, `${safe}.crt`);
+  const hostCsr = join(CERTS_DIR, `${safe}.csr`);
+  const extFile = join(CERTS_DIR, `${safe}.ext`);
+
+  // Return cached cert if exists and not expired
+  if (existsSync(hostKey) && existsSync(hostCert)) {
+    return { key: readFileSync(hostKey, "utf-8"), cert: readFileSync(hostCert, "utf-8") };
+  }
+
+  // Generate host key
+  execFileSync("openssl", ["genrsa", "-out", hostKey, "2048"], { stdio: "pipe" });
+  chmodSync(hostKey, 0o600);
+
+  // Generate CSR
+  execFileSync("openssl", [
+    "req", "-new", "-key", hostKey, "-out", hostCsr,
+    "-subj", `/CN=${safe}`,
+  ], { stdio: "pipe" });
+
+  // Create extensions file for SAN
+  writeFileSync(extFile, [
+    "authorityKeyIdentifier=keyid,issuer",
+    "basicConstraints=CA:FALSE",
+    "keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment",
+    `subjectAltName = DNS:${safe}, DNS:*.${safe}`,
+  ].join("\n"), "utf-8");
+
+  // Sign with CA
+  execFileSync("openssl", [
+    "x509", "-req", "-in", hostCsr, "-CA", CA_CERT, "-CAkey", CA_KEY,
+    "-CAcreateserial", "-out", hostCert, "-days", "365",
+    "-extfile", extFile,
+  ], { stdio: "pipe" });
+
+  // Clean up CSR and ext
+  try { unlinkSync(hostCsr); } catch {}
+  try { unlinkSync(extFile); } catch {}
+
+  return { key: readFileSync(hostKey, "utf-8"), cert: readFileSync(hostCert, "utf-8") };
+}
+
+export function getInstallInstructions(): string {
+  const certPath = getCACertPath();
+  return [
+    "Install the Domain Sniper CA certificate to intercept HTTPS:",
+    "",
+    "macOS:",
+    `  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "${certPath}"`,
+    "",
+    "Linux (Ubuntu/Debian):",
+    `  sudo cp "${certPath}" /usr/local/share/ca-certificates/domain-sniper-ca.crt`,
+    "  sudo update-ca-certificates",
+    "",
+    "Firefox (manual):",
+    "  Settings > Privacy & Security > Certificates > View Certificates > Import",
+    `  Select: ${certPath}`,
+    "",
+    `Certificate: ${certPath}`,
+  ].join("\n");
+}

package/src/proxy/db.ts

@@ -0,0 +1,175 @@
+import { Database } from "bun:sqlite";
+import { mkdirSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+const APP_DIR = join(homedir(), ".domain-sniper");
+const PROXY_DB_FILE = join(APP_DIR, "proxy.db");
+
+let _db: Database | null = null;
+let _dbPath: string | null = null;
+
+/**
+ * Override the database path. Call BEFORE getProxyDb().
+ * Use ":memory:" for tests to avoid polluting the real database.
+ */
+export function setProxyDbPath(path: string): void {
+  if (_db) { _db.close(); _db = null; }
+  _dbPath = path;
+}
+
+export function getProxyDb(): Database {
+  if (_db) return _db;
+  const dbPath = _dbPath || PROXY_DB_FILE;
+  if (dbPath !== ":memory:") {
+    if (!existsSync(APP_DIR)) mkdirSync(APP_DIR, { recursive: true });
+  }
+  _db = new Database(dbPath);
+  _db.run("PRAGMA journal_mode = WAL");
+  _db.run("PRAGMA foreign_keys = ON");
+  initSchema(_db);
+  return _db;
+}
+
+export function closeProxyDb(): void {
+  if (_db) { _db.close(); _db = null; }
+}
+
+function initSchema(db: Database): void {
+  db.run(`
+    CREATE TABLE IF NOT EXISTS requests (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      method TEXT NOT NULL,
+      url TEXT NOT NULL,
+      host TEXT NOT NULL,
+      path TEXT NOT NULL,
+      scheme TEXT DEFAULT 'http',
+      request_headers TEXT DEFAULT '{}',
+      request_body TEXT DEFAULT '',
+      request_size INTEGER DEFAULT 0,
+      status_code INTEGER,
+      response_headers TEXT DEFAULT '{}',
+      response_body TEXT DEFAULT '',
+      response_size INTEGER DEFAULT 0,
+      duration_ms INTEGER DEFAULT 0,
+      intercepted_at TEXT DEFAULT (datetime('now')),
+      tags TEXT DEFAULT '[]',
+      notes TEXT DEFAULT '',
+      flagged INTEGER DEFAULT 0
+    )
+  `);
+
+  db.run("CREATE INDEX IF NOT EXISTS idx_req_host ON requests(host)");
+  db.run("CREATE INDEX IF NOT EXISTS idx_req_method ON requests(method)");
+  db.run("CREATE INDEX IF NOT EXISTS idx_req_status ON requests(status_code)");
+  db.run("CREATE INDEX IF NOT EXISTS idx_req_time ON requests(intercepted_at)");
+  db.run("CREATE INDEX IF NOT EXISTS idx_req_flagged ON requests(flagged)");
+}
+
+// ─── CRUD ────────────────────────────────────────────────
+
+export interface InterceptedRequest {
+  id: number;
+  method: string;
+  url: string;
+  host: string;
+  path: string;
+  scheme: string;
+  request_headers: string;
+  request_body: string;
+  request_size: number;
+  status_code: number | null;
+  response_headers: string;
+  response_body: string;
+  response_size: number;
+  duration_ms: number;
+  intercepted_at: string;
+  tags: string;
+  notes: string;
+  flagged: number;
+}
+
+export function saveRequest(data: {
+  method: string;
+  url: string;
+  host: string;
+  path: string;
+  scheme: string;
+  requestHeaders: Record<string, string>;
+  requestBody: string;
+  statusCode: number | null;
+  responseHeaders: Record<string, string>;
+  responseBody: string;
+  durationMs: number;
+}): number {
+  const db = getProxyDb();
+  const result = db.run(`
+    INSERT INTO requests (method, url, host, path, scheme, request_headers, request_body, request_size, status_code, response_headers, response_body, response_size, duration_ms)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `, [
+    data.method, data.url, data.host, data.path, data.scheme,
+    JSON.stringify(data.requestHeaders), data.requestBody, data.requestBody.length,
+    data.statusCode,
+    JSON.stringify(data.responseHeaders), data.responseBody, data.responseBody.length,
+    data.durationMs,
+  ]);
+  return Number(result.lastInsertRowid);
+}
+
+export function getRequests(options: {
+  host?: string; method?: string; statusCode?: number;
+  search?: string; flagged?: boolean;
+  limit?: number; offset?: number;
+} = {}): { requests: InterceptedRequest[]; total: number } {
+  const db = getProxyDb();
+  const conditions: string[] = [];
+  const params: (string | number)[] = [];
+
+  if (options.host) { conditions.push("host LIKE ?"); params.push(`%${options.host}%`); }
+  if (options.method) { conditions.push("method = ?"); params.push(options.method); }
+  if (options.statusCode) { conditions.push("status_code = ?"); params.push(options.statusCode); }
+  if (options.search) { conditions.push("(url LIKE ? OR request_body LIKE ? OR response_body LIKE ?)"); params.push(`%${options.search}%`, `%${options.search}%`, `%${options.search}%`); }
+  if (options.flagged) { conditions.push("flagged = 1"); }
+
+  const where = conditions.length > 0 ? `WHERE ${conditions.join(" AND ")}` : "";
+  const limit = Math.min(options.limit || 50, 500);
+  const offset = options.offset || 0;
+
+  const total = (db.query(`SELECT COUNT(*) as c FROM requests ${where}`).get(...params) as { c: number }).c;
+  const requests = db.query(`SELECT * FROM requests ${where} ORDER BY intercepted_at DESC LIMIT ? OFFSET ?`).all(...params, limit, offset) as InterceptedRequest[];
+
+  return { requests, total };
+}
+
+export function getRequest(id: number): InterceptedRequest | null {
+  return getProxyDb().query("SELECT * FROM requests WHERE id = ?").get(id) as InterceptedRequest | null;
+}
+
+export function flagRequest(id: number, flagged: boolean = true): void {
+  getProxyDb().run("UPDATE requests SET flagged = ? WHERE id = ?", [flagged ? 1 : 0, id]);
+}
+
+export function addNote(id: number, note: string): void {
+  getProxyDb().run("UPDATE requests SET notes = ? WHERE id = ?", [note, id]);
+}
+
+export function clearRequests(host?: string): number {
+  const db = getProxyDb();
+  if (host) {
+    return db.run("DELETE FROM requests WHERE host LIKE ?", [`%${host}%`]).changes;
+  }
+  return db.run("DELETE FROM requests").changes;
+}
+
+export function getProxyStats(): { totalRequests: number; uniqueHosts: number; flagged: number; avgDuration: number } {
+  const db = getProxyDb();
+  const total = (db.query("SELECT COUNT(*) as c FROM requests").get() as { c: number }).c;
+  const hosts = (db.query("SELECT COUNT(DISTINCT host) as c FROM requests").get() as { c: number }).c;
+  const flagged = (db.query("SELECT COUNT(*) as c FROM requests WHERE flagged = 1").get() as { c: number }).c;
+  const avg = (db.query("SELECT COALESCE(AVG(duration_ms), 0) as a FROM requests").get() as { a: number }).a;
+  return { totalRequests: total, uniqueHosts: hosts, flagged, avgDuration: Math.round(avg) };
+}
+
+export function getTopHosts(limit: number = 10): Array<{ host: string; count: number }> {
+  return getProxyDb().query("SELECT host, COUNT(*) as count FROM requests GROUP BY host ORDER BY count DESC LIMIT ?").all(limit) as Array<{ host: string; count: number }>;
+}

package/src/proxy/server.ts

@@ -0,0 +1,155 @@
+import { generateHostCert, hasCA, generateCA } from "./ca.js";
+import { saveRequest } from "./db.js";
+
+export interface ProxyConfig {
+  port: number;
+  httpsInterception: boolean;
+  onRequest?: (req: ProxyLogEntry) => void;
+  filterHosts?: string[];  // Only intercept these hosts (empty = all)
+}
+
+export interface ProxyLogEntry {
+  id: number;
+  method: string;
+  url: string;
+  host: string;
+  statusCode: number | null;
+  durationMs: number;
+  size: number;
+}
+
+export function startProxy(config: ProxyConfig): { stop: () => void } {
+  const { port, httpsInterception, onRequest, filterHosts } = config;
+
+  // Ensure CA exists if HTTPS interception is enabled
+  if (httpsInterception && !hasCA()) {
+    generateCA();
+  }
+
+  function shouldIntercept(host: string): boolean {
+    if (!filterHosts || filterHosts.length === 0) return true;
+    return filterHosts.some((f) => host.includes(f));
+  }
+
+  const server = Bun.serve({
+    port,
+    hostname: "127.0.0.1",  // Only bind to localhost — never expose on public interface
+    async fetch(req) {
+      const url = new URL(req.url);
+      const host = url.hostname || req.headers.get("host")?.split(":")[0] || "";
+
+      if (!shouldIntercept(host)) {
+        // Pass through without logging
+        try {
+          const resp = await fetch(req.url, {
+            method: req.method,
+            headers: req.headers,
+            body: req.method !== "GET" && req.method !== "HEAD" ? await req.text() : undefined,
+          });
+          return resp;
+        } catch {
+          return new Response("Proxy error", { status: 502 });
+        }
+      }
+
+      const startTime = Date.now();
+      const method = req.method;
+      const path = url.pathname + url.search;
+      const scheme = url.protocol.replace(":", "");
+
+      // Capture request
+      const SENSITIVE_HEADERS = ["authorization", "cookie", "set-cookie", "x-api-key", "proxy-authorization"];
+      const reqHeaders: Record<string, string> = {};
+      req.headers.forEach((v, k) => { reqHeaders[k] = v; });
+      for (const h of SENSITIVE_HEADERS) {
+        if (reqHeaders[h]) reqHeaders[h] = "[REDACTED]";
+      }
+      let reqBody = "";
+      if (method !== "GET" && method !== "HEAD") {
+        try { reqBody = await req.clone().text(); } catch {}
+      }
+
+      // Forward request
+      let statusCode: number | null = null;
+      let respHeaders: Record<string, string> = {};
+      let respBody = "";
+
+      try {
+        const targetUrl = req.url;
+        const forwardHeaders = new Headers(req.headers);
+        // Remove proxy headers
+        forwardHeaders.delete("proxy-connection");
+
+        const resp = await fetch(targetUrl, {
+          method: req.method,
+          headers: forwardHeaders,
+          body: method !== "GET" && method !== "HEAD" ? reqBody : undefined,
+          redirect: "manual",
+        });
+
+        statusCode = resp.status;
+        resp.headers.forEach((v, k) => { respHeaders[k] = v; });
+
+        // Capture response body (limit to 1MB)
+        try {
+          const bodyBuf = await resp.arrayBuffer();
+          if (bodyBuf.byteLength < 1024 * 1024) {
+            respBody = new TextDecoder().decode(bodyBuf);
+          } else {
+            respBody = `[Body too large: ${bodyBuf.byteLength} bytes]`;
+          }
+        } catch {}
+
+        const durationMs = Date.now() - startTime;
+
+        // Redact sensitive response headers before saving
+        for (const h of SENSITIVE_HEADERS) {
+          if (respHeaders[h]) respHeaders[h] = "[REDACTED]";
+        }
+
+        // Save to database
+        const id = saveRequest({
+          method, url: req.url, host, path, scheme,
+          requestHeaders: reqHeaders, requestBody: reqBody,
+          statusCode, responseHeaders: respHeaders, responseBody: respBody,
+          durationMs,
+        });
+
+        // Notify callback
+        onRequest?.({ id, method, url: req.url, host, statusCode, durationMs, size: respBody.length });
+
+        // Return response to client
+        return new Response(respBody, {
+          status: statusCode,
+          headers: respHeaders,
+        });
+      } catch (err: unknown) {
+        const durationMs = Date.now() - startTime;
+        const errMsg = err instanceof Error ? err.message : "Proxy error";
+
+        saveRequest({
+          method, url: req.url, host, path, scheme,
+          requestHeaders: reqHeaders, requestBody: reqBody,
+          statusCode: 502, responseHeaders: {}, responseBody: errMsg,
+          durationMs,
+        });
+
+        return new Response(errMsg, { status: 502 });
+      }
+    },
+  });
+
+  console.log(`\n◆ Domain Sniper Proxy running on http://127.0.0.1:${port}`);
+  console.log(`  ⚠ Bound to localhost only — do not expose on a public interface`);
+  console.log(`  HTTPS interception: ${httpsInterception ? "ON (CA cert required)" : "OFF"}`);
+  if (filterHosts && filterHosts.length > 0) {
+    console.log(`  Filtering: ${filterHosts.join(", ")}`);
+  }
+  console.log(`  Requests are logged to ~/.domain-sniper/proxy.db\n`);
+
+  return {
+    stop() {
+      server.stop();
+    },
+  };
+}

package/tsconfig.json

@@ -0,0 +1,30 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "jsxImportSource": "@opentui/react",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}