npm - gitnexus - Versions diffs - 1.6.6-rc.28 → 1.6.6-rc.29 - Mend

gitnexus 1.6.6-rc.28 → 1.6.6-rc.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/server/api.js +7 -14
package/package.json +1 -1

package/dist/server/api.js CHANGED Viewed

@@ -597,6 +597,13 @@ export const createServer = async (port, host = '127.0.0.1') => {
     // host in those topologies (tracked as a follow-up; not blocking for the
     // local-bound default).
     app.set('trust proxy', 'loopback, linklocal, uniquelocal');
+    // Chromium Private Network Access (required since Chrome 130+). Must run before
+    // cors: the cors middleware ends OPTIONS preflight responses, so this header
+    // has to be set on res before cors writes the preflight reply.
+    app.use((_req, res, next) => {
+        res.setHeader('Access-Control-Allow-Private-Network', 'true');
+        next();
+    });
     // CORS: allow localhost, private/LAN networks, and the deployed site.
     // Non-browser requests (curl, server-to-server) have no origin and are allowed.
     // Disallowed origins get the response without Access-Control-Allow-Origin,
@@ -608,20 +615,6 @@ export const createServer = async (port, host = '127.0.0.1') => {
         },
     }));
     app.use(express.json({ limit: '10mb' }));
-    // Support Chromium Private Network Access (required since Chrome 130+).
-    // Without this header, Chrome/Edge/Brave/Arc block public->loopback requests
-    // which breaks bridge mode entirely.
-    app.use((_req, res, next) => {
-        res.setHeader('Access-Control-Allow-Private-Network', 'true');
-        next();
-    });
-    // Handle PNA preflight: Chromium sends Access-Control-Request-Private-Network
-    // on OPTIONS requests and expects the allow header in the response.
-    // Note: the actual Allow-Private-Network header is already set by the global
-    // middleware above, so we just need to call next() here.
-    app.options('*', (_req, res, next) => {
-        next();
-    });
     // Initialize MCP backend (multi-repo, shared across all MCP sessions)
     const backend = new LocalBackend();
     await backend.init();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gitnexus",
-  "version": "1.6.6-rc.28",
+  "version": "1.6.6-rc.29",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": "Abhigyan Patwari",
   "license": "PolyForm-Noncommercial-1.0.0",