maven-proxy 1.2.0 → 1.2.1

package/README.md

@@ -267,7 +267,8 @@ Environment variables:
 - HTTPS_MITM_DOMAINS: MITM domain list (includes registry.npmjs.org by default, wildcards supported).
 - DOWNLOAD_LOG_DIR: log directory.
 - LOG_RETENTION_DAYS: number of days to retain logs.
-- LOG_TO_STDOUT: whether to also print logs to stdout/stderr.
+- LOG_TO_STDOUT: whether to also print runtime logs to stdout/stderr; startup logs are always printed.
+- LOG_CONNECT_EVENTS: whether to print verbose CONNECT/MITM handshake logs. Default false.
 - OUTBOUND_KEEP_ALIVE: enable outbound keep-alive connection pooling.
 - OUTBOUND_KEEP_ALIVE_SECONDS: keep-alive interval in seconds.
 - OUTBOUND_MAX_SOCKETS: max outbound sockets per origin.
@@ -294,7 +295,7 @@ Priority:
 - `REPO_FALLBACK_REPOS`: Comma-separated fallback repository URLs for cache misses.
 - `ENABLE_HTTPS_PROXY`: Enable HTTPS proxy handling (`true/false`).
 - `HTTPS_MITM_DOMAINS`: Comma-separated domains to apply MITM certificate issuance (wildcards supported).
-- `HTTPS_PASSTHROUGH_FOR_UNMATCHED`: Whether unmatched HTTPS domains are tunneled directly.
+- `HTTPS_PASSTHROUGH_FOR_UNMATCHED`: Whether unmatched HTTPS domains are tunneled directly. Default `false`.
 - `NPM_REGISTRY_DOMAINS`: Domains treated as npm ecosystem for cache routing (wildcards supported).
 - `MAVEN_REPO_DOMAINS`: Domains treated as Maven ecosystem for cache routing (wildcards supported).
 - `MULTI_THREAD_DOMAINS`: Domains allowed to use multi-thread download (wildcards supported).
@@ -303,7 +304,8 @@ Priority:
 - `DOWNLOAD_TIMEOUT_SECONDS`: Upstream request timeout in seconds.
 - `DOWNLOAD_LOG_DIR`: Directory for unified app/error logs.
 - `LOG_RETENTION_DAYS`: Number of days to keep log files.
-- `LOG_TO_STDOUT`: Whether to also print logs to stdout/stderr. Default `true`.
+- `LOG_TO_STDOUT`: Whether to also print runtime logs to stdout/stderr. Startup logs are always printed. Default `true`.
+- `LOG_CONNECT_EVENTS`: Whether to print verbose CONNECT/MITM handshake logs. Default `false`.
 - `OUTBOUND_KEEP_ALIVE`: Enable outbound keep-alive connection pooling. Default `true`.
 - `OUTBOUND_KEEP_ALIVE_SECONDS`: Keep-alive interval in seconds. Default `1`.
 - `OUTBOUND_MAX_SOCKETS`: Max outbound sockets per origin. Default `64`.
@@ -404,12 +406,17 @@ Common commands:
 - maven-proxy --config /path/to/config
 - maven-proxy start --mode development
 - maven-proxy start --mode user
+- maven-proxy stop
 - maven-proxy init-config --force
 - maven-proxy truststore print
 - maven-proxy truststore init
 - maven-proxy truststore merge --source /path/source.jks --target /path/target.jks
 - maven-proxy doctor
 
+Start/stop behavior:
+- `maven-proxy start` runs in background and returns immediately.
+- `maven-proxy stop` stops the background process using PID file `~/maven-proxy/maven-proxy.pid`.
+
 Doctor command:
 - Checks config loading, port availability, keytool, JAVA_HOME, cert/truststore paths, and writable log/cache directories.
 - Reports PASS/WARN/FAIL.

package/bin/maven-proxy.js

@@ -3,10 +3,14 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import net from "node:net";
-import { spawnSync } from "node:child_process";
+import { spawn, spawnSync } from "node:child_process";
+import { fileURLToPath } from "node:url";
 
 const defaultConfigDir = path.resolve(os.homedir(), "maven-proxy");
 const defaultConfigFile = path.join(defaultConfigDir, "config.properties");
+const daemonPidFile = path.join(defaultConfigDir, "maven-proxy.pid");
+const internalRunCommand = "__run-server";
+const cliFilePath = fileURLToPath(import.meta.url);
 
 function normalizeMode(value) {
   const normalized = String(value || "").trim().toLowerCase();
@@ -54,6 +58,7 @@ function printHelp() {
   console.log("Usage:");
   console.log("  maven-proxy");
   console.log("  maven-proxy start [--mode <development|user>] [--config <file>]");
+  console.log("  maven-proxy stop");
   console.log("  maven-proxy init-config [--force] [--config <file>]");
   console.log("  maven-proxy truststore <print|init|merge> [options]");
   console.log("  maven-proxy doctor [--mode <development|user>] [--config <file>]");
@@ -62,6 +67,7 @@ function printHelp() {
   console.log("  npx maven-proxy");
   console.log("  maven-proxy init-config");
   console.log("  maven-proxy start --mode development");
+  console.log("  maven-proxy stop");
   console.log("  maven-proxy --config ~/maven-proxy/config.properties");
   console.log("  maven-proxy truststore print");
   console.log("  maven-proxy truststore merge --source ./a.jks --target ./b.jks");
@@ -144,7 +150,7 @@ function getDefaultConfigTemplate() {
     "REPO_FALLBACK_REPOS=https://repo1.maven.org/maven2,https://jitpack.io,https://plugins.gradle.org/m2,https://maven.google.com",
     "ENABLE_HTTPS_PROXY=true",
     "HTTPS_MITM_DOMAINS=repo1.maven.org,repo.maven.apache.org,registry.npmjs.org",
-    "HTTPS_PASSTHROUGH_FOR_UNMATCHED=true",
+    "HTTPS_PASSTHROUGH_FOR_UNMATCHED=false",
     "NPM_REGISTRY_DOMAINS=registry.npmjs.org,registry.npmmirror.com,npm.pkg.github.com",
     "MAVEN_REPO_DOMAINS=repo1.maven.org,repo.maven.apache.org,jitpack.io,plugins.gradle.org,maven.google.com",
     "MULTI_THREAD_DOMAINS=repo1.maven.org",
@@ -217,12 +223,145 @@ async function ensureAutoConfigIfNeeded(options, command) {
   await initConfigFile(defaultConfigFile, false);
 }
 
-async function startServer(options) {
+async function runServerInCurrentProcess(options) {
   applyConfigOverrides(options);
 
   await import("../src/index.js");
 }
 
+function parsePid(rawText) {
+  const pid = Number.parseInt(String(rawText || "").trim(), 10);
+  return Number.isFinite(pid) && pid > 0 ? pid : 0;
+}
+
+function readDaemonPid() {
+  if (!fs.existsSync(daemonPidFile)) {
+    return 0;
+  }
+
+  try {
+    const text = fs.readFileSync(daemonPidFile, "utf8");
+    return parsePid(text);
+  } catch {
+    return 0;
+  }
+}
+
+function isProcessRunning(pid) {
+  if (!pid) {
+    return false;
+  }
+
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (error) {
+    if (error && error.code === "EPERM") {
+      return true;
+    }
+    return false;
+  }
+}
+
+async function removeDaemonPidFile() {
+  await fs.promises.rm(daemonPidFile, { force: true });
+}
+
+function waitMs(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+async function waitForProcessExit(pid, timeoutMs = 5000) {
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < timeoutMs) {
+    if (!isProcessRunning(pid)) {
+      return true;
+    }
+    await waitMs(100);
+  }
+
+  return !isProcessRunning(pid);
+}
+
+async function startServer(options) {
+  await fs.promises.mkdir(defaultConfigDir, { recursive: true });
+
+  const existingPid = readDaemonPid();
+  if (existingPid && isProcessRunning(existingPid)) {
+    console.log(`[maven-proxy] already running (pid=${existingPid})`);
+    console.log(`[maven-proxy] pid file: ${daemonPidFile}`);
+    return;
+  }
+
+  if (existingPid && !isProcessRunning(existingPid)) {
+    await removeDaemonPidFile();
+  }
+
+  const childEnv = {
+    ...process.env,
+    MAVEN_PROXY_CONFIG_MODE: resolveEffectiveMode(options),
+  };
+
+  if (options.configPath) {
+    childEnv.MAVEN_PROXY_CONFIG_FILE = resolvePath(options.configPath);
+  } else {
+    delete childEnv.MAVEN_PROXY_CONFIG_FILE;
+  }
+
+  const child = spawn(
+    process.execPath,
+    [cliFilePath, internalRunCommand, "--mode", resolveEffectiveMode(options)],
+    {
+      cwd: process.cwd(),
+      detached: true,
+      stdio: "ignore",
+      env: childEnv,
+    },
+  );
+
+  child.unref();
+  await fs.promises.writeFile(daemonPidFile, `${child.pid}\n`, "utf8");
+
+  await waitMs(300);
+  if (!isProcessRunning(child.pid)) {
+    await removeDaemonPidFile();
+    throw new Error("start failed: process exited immediately, check app/error logs");
+  }
+
+  console.log(`[maven-proxy] started in background (pid=${child.pid})`);
+  console.log(`[maven-proxy] pid file: ${daemonPidFile}`);
+}
+
+async function stopServer(options) {
+  const pid = readDaemonPid();
+  if (!pid) {
+    console.log("[maven-proxy] not running (pid file not found)");
+    return;
+  }
+
+  if (!isProcessRunning(pid)) {
+    await removeDaemonPidFile();
+    console.log(`[maven-proxy] stale pid removed: ${pid}`);
+    return;
+  }
+
+  process.kill(pid, "SIGTERM");
+  const stopped = await waitForProcessExit(pid, 5000);
+  if (!stopped) {
+    process.kill(pid, "SIGKILL");
+    const forceStopped = await waitForProcessExit(pid, 2000);
+    if (!forceStopped) {
+      throw new Error(`stop failed: unable to terminate pid ${pid}`);
+    }
+  }
+
+  await removeDaemonPidFile();
+  console.log(`[maven-proxy] stopped (pid=${pid})`);
+  if (options.configPath) {
+    console.log(`[maven-proxy] stop requested with config: ${resolvePath(options.configPath)}`);
+  }
+}
+
 function applyConfigOverrides(options) {
   process.env.MAVEN_PROXY_CONFIG_MODE = resolveEffectiveMode(options);
 
@@ -577,6 +716,14 @@ async function main() {
     return;
   }
 
+  if (command === "stop") {
+    if (options.commandArgs.length > 0) {
+      throw new Error(`Unknown argument for stop: ${options.commandArgs[0]}`);
+    }
+    await stopServer(options);
+    return;
+  }
+
   if (command === "start") {
     if (options.commandArgs.length > 0) {
       throw new Error(`Unknown argument for start: ${options.commandArgs[0]}`);
@@ -585,6 +732,14 @@ async function main() {
     return;
   }
 
+  if (command === internalRunCommand) {
+    if (options.commandArgs.length > 0) {
+      throw new Error(`Unknown argument for ${internalRunCommand}: ${options.commandArgs[0]}`);
+    }
+    await runServerInCurrentProcess(options);
+    return;
+  }
+
   throw new Error(`Unknown command: ${command}`);
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "maven-proxy",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Maven proxy with cache, HTTPS MITM for selected domains, and local repo publishing",
   "main": "src/index.js",
   "bin": {
@@ -17,6 +17,7 @@
     "start:cli": "node bin/maven-proxy.js",
     "cli:help": "node bin/maven-proxy.js --help",
     "cli:start": "node bin/maven-proxy.js start --mode development",
+    "cli:stop": "node bin/maven-proxy.js stop",
     "cli:doctor": "node bin/maven-proxy.js doctor --mode development",
     "cli:truststore:print": "node bin/maven-proxy.js truststore print --mode development",
     "cli:truststore:init": "node bin/maven-proxy.js truststore init --mode development",

package/src/cache/maven-affinity-index.js

@@ -75,6 +75,8 @@ export class MavenAffinityIndex {
     this.snapshotPath = path.join(this.indexDir, "maven-affinity.snapshot.json");
     this.eventLogPath = path.join(this.indexDir, "maven-affinity.events.log");
 
+    // Positive entries are persistent and have no TTL. They are removed only
+    // when the cache file disappears or a conflict is detected.
     this.positive = new Map();
     this.negative = new Map();
     this.conflicts = new Map();
@@ -269,7 +271,7 @@ export class MavenAffinityIndex {
     return true;
   }
 
-  recordSuccess({ canonicalKey, host, cachePath, fileName }) {
+  recordSuccess({ canonicalKey, host, cachePath, fileName, urlObj = null }) {
     if (!this.enabled || !canonicalKey || !cachePath || !fileName) {
       return;
     }
@@ -309,8 +311,9 @@ export class MavenAffinityIndex {
       },
     });
 
-    if (host) {
-      const negativeKey = buildNegativeKey(host, canonicalKey);
+    const successScope = buildNegativeScope(urlObj);
+    if (successScope) {
+      const negativeKey = buildNegativeKey(successScope, canonicalKey);
       if (this.negative.has(negativeKey)) {
         this.#applyEvent({
           type: "negative_remove",

package/src/config/config.js

@@ -218,6 +218,7 @@ export const config = {
   downloadLogDir: path.resolve(configBaseDir, process.env.DOWNLOAD_LOG_DIR || "data/logs/downloads"),
   logRetentionDays: Math.max(1, toInt(process.env.LOG_RETENTION_DAYS, 7)),
   logToStdout: toBool(process.env.LOG_TO_STDOUT, true),
+  logConnectEvents: toBool(process.env.LOG_CONNECT_EVENTS, false),
   certDir: path.resolve(configBaseDir, process.env.CERT_DIR || "data/certs"),
   rootCertPath: path.resolve(configBaseDir, process.env.ROOT_CERT_PATH || "data/certs/root-ca.crt"),
   rootKeyPath: path.resolve(configBaseDir, process.env.ROOT_KEY_PATH || "data/certs/root-ca.key.pem"),
@@ -230,7 +231,7 @@ export const config = {
   javaHome: javaHomeResolution.javaHome,
   javaHomeSource: javaHomeResolution.source,
   javaHomeConfigured: javaHomeResolution.configuredJavaHome || "",
-  httpsPassthroughForUnmatched: toBool(process.env.HTTPS_PASSTHROUGH_FOR_UNMATCHED, true),
+  httpsPassthroughForUnmatched: toBool(process.env.HTTPS_PASSTHROUGH_FOR_UNMATCHED, false),
   upstreamProxyUrl: normalizeProxyUrl(process.env.UPSTREAM_PROXY_URL || process.env.ALL_PROXY || process.env.all_proxy || ""),
   upstreamHttpProxyUrl: normalizeProxyUrl(process.env.UPSTREAM_HTTP_PROXY_URL || process.env.HTTP_PROXY || process.env.http_proxy || ""),
   upstreamHttpsProxyUrl: normalizeProxyUrl(process.env.UPSTREAM_HTTPS_PROXY_URL || process.env.HTTPS_PROXY || process.env.https_proxy || ""),

package/src/index.js

@@ -17,6 +17,53 @@ installConsoleLogFileMirror({
 });
 installGlobalErrorLogging();
 
+function startupInfo(message) {
+  if (!config.logToStdout) {
+    process.stdout.write(`${message}\n`);
+  }
+  console.log(message);
+}
+
+function startupError(message, error = null) {
+  if (!config.logToStdout) {
+    process.stderr.write(`${message}\n`);
+    if (error) {
+      process.stderr.write(`${error?.stack || error?.message || String(error)}\n`);
+    }
+  }
+  if (error) {
+    console.error(message, error);
+  } else {
+    console.error(message);
+  }
+}
+
+async function waitForServerListening(server, name) {
+  if (server?.listening) {
+    return;
+  }
+
+  await new Promise((resolve, reject) => {
+    const onListening = () => {
+      cleanup();
+      resolve();
+    };
+
+    const onError = (error) => {
+      cleanup();
+      reject(new Error(`${name} listen failed: ${error.message}`));
+    };
+
+    const cleanup = () => {
+      server.off("listening", onListening);
+      server.off("error", onError);
+    };
+
+    server.once("listening", onListening);
+    server.once("error", onError);
+  });
+}
+
 async function main() {
   await fs.promises.mkdir(config.cacheDir, { recursive: true });
   await fs.promises.mkdir(config.mavenCacheDir, { recursive: true });
@@ -51,46 +98,53 @@ async function main() {
   );
   const repoServer = startRepoServer(config, downloader);
 
+  await Promise.all([
+    waitForServerListening(proxyServer, "proxy server"),
+    waitForServerListening(repoServer, "repo server"),
+  ]);
+
   const trustCommands = getTrustStoreCommands(config);
 
-  console.log("[maven-proxy] started");
-  console.log(`[maven-proxy] config mode: ${config.configMode}`);
-  console.log(`[maven-proxy] config file: ${config.loadedConfigFile || "(none)"}`);
-  console.log(`[maven-proxy] config base: ${config.configBaseDir}`);
+  startupInfo("[maven-proxy] started");
+  startupInfo(`[maven-proxy] config mode: ${config.configMode}`);
+  startupInfo(`[maven-proxy] config file: ${config.loadedConfigFile || "(none)"}`);
+  startupInfo(`[maven-proxy] config base: ${config.configBaseDir}`);
   if (config.configMode === "user") {
-    console.log(`[maven-proxy] default user config: ${config.defaultUserConfigPath}`);
+    startupInfo(`[maven-proxy] default user config: ${config.defaultUserConfigPath}`);
   }
-  console.log(`[maven-proxy] proxy port: ${config.proxyPort}`);
-  console.log(`[maven-proxy] repo  port: ${config.repoPort}`);
-  console.log(`[maven-proxy] cache dir : ${config.cacheDir}`);
-  console.log(`[maven-proxy] cache maven: ${config.mavenCacheDir}`);
-  console.log(`[maven-proxy] cache npm  : ${config.npmCacheDir}`);
-  console.log(`[maven-proxy] cache other: ${config.genericCacheDir}`);
-  console.log(`[maven-proxy] log dir: ${config.downloadLogDir}`);
-  console.log(`[maven-proxy] log retention days: ${config.logRetentionDays}`);
-  console.log(`[maven-proxy] log to stdout: ${config.logToStdout}`);
-  console.log(`[maven-proxy] outbound keep-alive: ${config.outboundKeepAlive}`);
-  console.log(`[maven-proxy] outbound keepAlive(seconds): ${config.outboundKeepAliveMsecs / 1000}`);
-  console.log(`[maven-proxy] outbound maxSockets: ${config.outboundMaxSockets}`);
-  console.log(`[maven-proxy] outbound maxFreeSockets: ${config.outboundMaxFreeSockets}`);
-  console.log(`[maven-proxy] maven affinity enabled: ${config.mavenAffinityEnabled}`);
-  console.log(`[maven-proxy] maven affinity index dir: ${config.mavenAffinityIndexDir}`);
-  console.log(`[maven-proxy] maven negative cache ttl(hours): ${config.mavenNegativeCacheTtlMs / (60 * 60 * 1000)}`);
-  console.log(`[maven-proxy] maven affinity flush interval(seconds): ${config.mavenAffinityFlushIntervalMs / 1000}`);
-  console.log(`[maven-proxy] maven affinity event max(MB): ${config.mavenAffinityEventMaxBytes / (1024 * 1024)}`);
-  console.log(`[maven-proxy] root cert : ${config.rootCertPath}`);
-  console.log(`[maven-proxy] repo fallback repos: ${(config.repoFallbackRepos || []).join(",") || "(none)"}`);
+  startupInfo(`[maven-proxy] proxy port: ${config.proxyPort}`);
+  startupInfo(`[maven-proxy] repo  port: ${config.repoPort}`);
+  startupInfo(`[maven-proxy] cache dir : ${config.cacheDir}`);
+  startupInfo(`[maven-proxy] cache maven: ${config.mavenCacheDir}`);
+  startupInfo(`[maven-proxy] cache npm  : ${config.npmCacheDir}`);
+  startupInfo(`[maven-proxy] cache other: ${config.genericCacheDir}`);
+  startupInfo(`[maven-proxy] log dir: ${config.downloadLogDir}`);
+  startupInfo(`[maven-proxy] log retention days: ${config.logRetentionDays}`);
+  startupInfo(`[maven-proxy] log to stdout: ${config.logToStdout}`);
+  startupInfo(`[maven-proxy] log connect events: ${config.logConnectEvents}`);
+  startupInfo(`[maven-proxy] outbound keep-alive: ${config.outboundKeepAlive}`);
+  startupInfo(`[maven-proxy] outbound keepAlive(seconds): ${config.outboundKeepAliveMsecs / 1000}`);
+  startupInfo(`[maven-proxy] outbound maxSockets: ${config.outboundMaxSockets}`);
+  startupInfo(`[maven-proxy] outbound maxFreeSockets: ${config.outboundMaxFreeSockets}`);
+  startupInfo(`[maven-proxy] maven affinity enabled: ${config.mavenAffinityEnabled}`);
+  startupInfo(`[maven-proxy] maven affinity index dir: ${config.mavenAffinityIndexDir}`);
+  startupInfo(`[maven-proxy] maven negative cache ttl(hours): ${config.mavenNegativeCacheTtlMs / (60 * 60 * 1000)}`);
+  startupInfo(`[maven-proxy] maven affinity flush interval(seconds): ${config.mavenAffinityFlushIntervalMs / 1000}`);
+  startupInfo(`[maven-proxy] maven affinity event max(MB): ${config.mavenAffinityEventMaxBytes / (1024 * 1024)}`);
+  startupInfo(`[maven-proxy] root cert : ${config.rootCertPath}`);
+  startupInfo(`[maven-proxy] repo fallback repos: ${(config.repoFallbackRepos || []).join(",") || "(none)"}`);
   if (config.upstreamProxyUrl || config.upstreamHttpProxyUrl || config.upstreamHttpsProxyUrl) {
-    console.log(`[maven-proxy] upstream proxy (generic): ${config.upstreamProxyUrl || "(none)"}`);
-    console.log(`[maven-proxy] upstream proxy (http)   : ${config.upstreamHttpProxyUrl || "(none)"}`);
-    console.log(`[maven-proxy] upstream proxy (https)  : ${config.upstreamHttpsProxyUrl || "(none)"}`);
-    console.log(`[maven-proxy] upstream no-proxy       : ${(config.upstreamNoProxyDomains || []).join(",") || "(none)"}`);
-    console.log(`[maven-proxy] upstream ignore-domains : ${(config.upstreamIgnoreDomains || []).join(",") || "(none)"}`);
+    startupInfo(`[maven-proxy] upstream proxy (generic): ${config.upstreamProxyUrl || "(none)"}`);
+    startupInfo(`[maven-proxy] upstream proxy (http)   : ${config.upstreamHttpProxyUrl || "(none)"}`);
+    startupInfo(`[maven-proxy] upstream proxy (https)  : ${config.upstreamHttpsProxyUrl || "(none)"}`);
+    startupInfo(`[maven-proxy] upstream no-proxy       : ${(config.upstreamNoProxyDomains || []).join(",") || "(none)"}`);
+    startupInfo(`[maven-proxy] upstream ignore-domains : ${(config.upstreamIgnoreDomains || []).join(",") || "(none)"}`);
   }
-  console.log("[maven-proxy] trust store command (copy):");
-  console.log(trustCommands.copyCmd);
-  console.log("[maven-proxy] trust store command (import):");
-  console.log(trustCommands.importCmd);
+  startupInfo("[maven-proxy] trust store command (copy):");
+  startupInfo(trustCommands.copyCmd);
+  startupInfo("[maven-proxy] trust store command (import):");
+  startupInfo(trustCommands.importCmd);
+  startupInfo(`[maven-proxy] startup success: proxy=127.0.0.1:${config.proxyPort}, repo=127.0.0.1:${config.repoPort}`);
 
   const shutdown = () => {
     proxyServer.close();
@@ -105,6 +159,6 @@ async function main() {
 }
 
 main().catch((error) => {
-  console.error("[maven-proxy] fatal error:", error);
+  startupError("[maven-proxy] fatal error:", error);
   process.exit(1);
 });

package/src/proxy/proxy-connect-handler.js

@@ -20,7 +20,9 @@ async function openConnectUpstreamSocket(targetHost, targetPort, timeoutMs, upst
     upstreamProxyManager.hasProxyFor("https:", targetHost);
 
   if (useUpstreamProxy) {
-    console.log(`[proxy] CONNECT via upstream target=${targetHost}:${targetPort}`);
+    if (upstreamProxyManager?.config?.logConnectEvents) {
+      console.log(`[proxy] CONNECT via upstream target=${targetHost}:${targetPort}`);
+    }
     const tunnel = await upstreamProxyManager.createConnectTunnel(targetHost, targetPort, timeoutMs);
     return {
       upstreamSocket: tunnel.socket,
@@ -81,9 +83,13 @@ async function handlePassThroughConnect(clientSocket, head, targetHost, targetPo
 }
 
 async function handleMitmConnect(clientSocket, head, targetHost, certManager, mitmHttpServer) {
-  console.log(`[proxy] MITM prepare ${targetHost}`);
+  if (certManager?.config?.logConnectEvents) {
+    console.log(`[proxy] MITM prepare ${targetHost}`);
+  }
   const leaf = await certManager.getOrCreateLeaf(targetHost);
-  console.log(`[proxy] MITM cert ready ${targetHost}`);
+  if (certManager?.config?.logConnectEvents) {
+    console.log(`[proxy] MITM cert ready ${targetHost}`);
+  }
 
   await new Promise((resolve, reject) => {
     writeTunnelResponse(clientSocket, "HTTP/1.1 200 Connection Established", (error) => {
@@ -94,7 +100,9 @@ async function handleMitmConnect(clientSocket, head, targetHost, certManager, mi
       resolve();
     });
   });
-  console.log(`[proxy] MITM tunnel established ${targetHost}`);
+  if (certManager?.config?.logConnectEvents) {
+    console.log(`[proxy] MITM tunnel established ${targetHost}`);
+  }
 
   const tlsSocket = new tls.TLSSocket(clientSocket, {
     isServer: true,
@@ -138,7 +146,9 @@ export function attachConnectHandler(server, {
       config.enableHttpsProxy &&
       matchesDomain(host, config.httpsMitmDomains);
 
-    console.log(`[proxy] CONNECT ${host}:${port} mitm=${mitmEnabled}`);
+    if (config.logConnectEvents) {
+      console.log(`[proxy] CONNECT ${host}:${port} mitm=${mitmEnabled}`);
+    }
 
     if (!mitmEnabled) {
       if (!config.httpsPassthroughForUnmatched) {

package/src/proxy/proxy-http-handler.js

@@ -80,6 +80,12 @@ function sendErrorText(res, statusCode, message, context = "proxy") {
   sendText(res, statusCode, message);
 }
 
+export function isPositiveAffinityEligible(fileName) {
+  const lower = String(fileName || "").toLowerCase();
+  const base = lower.replace(/\.(sha1|sha256|sha512|md5|asc)$/i, "");
+  return /\.(jar|aar|war)$/i.test(base);
+}
+
 function buildUrl(req, forcedProtocol = null) {
   const raw = req.url || "/";
   if (/^https?:\/\//i.test(raw)) {
@@ -203,16 +209,19 @@ export function createHttpRequestHandler({
 
     const existing = await statIfFile(cachePath);
     if (existing) {
+      console.log(`[proxy] local cache hit host=${urlObj.hostname} path=${urlObj.pathname}`);
       await serveFile(res, req, cachePath);
       return;
     }
 
     if (canonical && mavenAffinityIndex) {
-      const preferredPath = await mavenAffinityIndex.resolvePreferredCachePath(canonical.canonicalKey);
-      if (preferredPath) {
-        console.log(`[proxy] affinity hit canonical=${canonical.canonicalKey} host=${urlObj.hostname}`);
-        await serveFile(res, req, preferredPath);
-        return;
+      if (isPositiveAffinityEligible(canonical.fileName)) {
+        const preferredPath = await mavenAffinityIndex.resolvePreferredCachePath(canonical.canonicalKey);
+        if (preferredPath) {
+          console.log(`[proxy] affinity hit canonical=${canonical.canonicalKey} host=${urlObj.hostname}`);
+          await serveFile(res, req, preferredPath);
+          return;
+        }
       }
 
       if (mavenAffinityIndex.shouldSkipRequest(canonical.canonicalKey, urlObj)) {
@@ -223,15 +232,17 @@ export function createHttpRequestHandler({
     }
 
     try {
+      console.log(`[proxy] local cache miss host=${urlObj.hostname} path=${urlObj.pathname}`);
       await fs.promises.mkdir(path.dirname(cachePath), { recursive: true });
       await downloader.ensureCached(urlObj, cachePath, req.headers);
 
-      if (canonical && mavenAffinityIndex) {
+      if (canonical && mavenAffinityIndex && isPositiveAffinityEligible(canonical.fileName)) {
         mavenAffinityIndex.recordSuccess({
           canonicalKey: canonical.canonicalKey,
           host: urlObj.hostname,
           cachePath,
           fileName: canonical.fileName,
+          urlObj,
         });
       }