pi-for-excel-proxy 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Thomas Mustier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,38 @@
+# pi-for-excel-proxy
+
+Local HTTPS CORS proxy helper for Pi for Excel OAuth logins.
+
+## Usage
+
+```bash
+npx pi-for-excel-proxy
+```
+
+This command:
+
+1. Ensures `mkcert` exists (installs via Homebrew on macOS if missing)
+2. Creates certificates in `~/.pi-for-excel/certs/` when needed
+3. Starts the proxy at `https://localhost:3003`
+
+Then in Pi for Excel:
+
+1. Open `/settings`
+2. Enable **Proxy**
+3. Set URL to `https://localhost:3003`
+4. Run `/login`
+
+## Publishing (maintainers)
+
+Package source lives in `pkg/proxy/`.
+
+Before packing/publishing, `prepack` copies runtime files from repo root:
+
+- `scripts/cors-proxy-server.mjs`
+- `scripts/proxy-target-policy.mjs`
+
+Publish from this directory:
+
+```bash
+cd pkg/proxy
+npm publish
+```

package/cli.mjs

@@ -0,0 +1,161 @@
+#!/usr/bin/env node
+
+import { spawn, spawnSync } from "node:child_process";
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
+import { fileURLToPath } from "node:url";
+
+const cliDir = path.dirname(fileURLToPath(import.meta.url));
+const proxyScriptPath = path.join(cliDir, "scripts", "cors-proxy-server.mjs");
+
+const homeDir = os.homedir();
+const appDir = path.join(homeDir, ".pi-for-excel");
+const certDir = path.join(appDir, "certs");
+const keyPath = path.join(certDir, "key.pem");
+const certPath = path.join(certDir, "cert.pem");
+
+function commandExists(command) {
+  const whichCommand = process.platform === "win32" ? "where" : "which";
+  const result = spawnSync(whichCommand, [command], { stdio: "ignore" });
+  return result.status === 0;
+}
+
+function run(command, args, options = {}) {
+  const result = spawnSync(command, args, {
+    stdio: "inherit",
+    ...options,
+  });
+
+  if (result.error) {
+    console.error(`[pi-for-excel-proxy] Failed to run: ${command}`);
+    console.error(result.error.message);
+    process.exit(1);
+  }
+
+  if (typeof result.status === "number" && result.status !== 0) {
+    process.exit(result.status);
+  }
+
+  if (result.signal) {
+    console.error(`[pi-for-excel-proxy] ${command} terminated by signal ${result.signal}`);
+    process.exit(1);
+  }
+}
+
+function ensureMkcert() {
+  if (commandExists("mkcert")) {
+    return;
+  }
+
+  console.log("[pi-for-excel-proxy] mkcert not found.");
+
+  if (process.platform === "darwin") {
+    if (!commandExists("brew")) {
+      console.error("[pi-for-excel-proxy] Homebrew is not installed.");
+      console.error("[pi-for-excel-proxy] Install Homebrew first: https://brew.sh");
+      process.exit(1);
+    }
+
+    console.log("[pi-for-excel-proxy] Installing mkcert via Homebrew...");
+    run("brew", ["install", "mkcert"]);
+
+    if (!commandExists("mkcert")) {
+      console.error("[pi-for-excel-proxy] mkcert installation completed but mkcert is still unavailable in PATH.");
+      process.exit(1);
+    }
+
+    return;
+  }
+
+  console.error("[pi-for-excel-proxy] Please install mkcert, then run this command again.");
+  console.error("[pi-for-excel-proxy] Install instructions: https://github.com/FiloSottile/mkcert#installation");
+  process.exit(1);
+}
+
+function ensureCertificates() {
+  fs.mkdirSync(certDir, { recursive: true });
+
+  if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {
+    return;
+  }
+
+  ensureMkcert();
+
+  console.log("[pi-for-excel-proxy] Generating local HTTPS certificates...");
+  run("mkcert", ["-install"]);
+  run("mkcert", ["-key-file", keyPath, "-cert-file", certPath, "localhost"], {
+    cwd: certDir,
+  });
+
+  if (!fs.existsSync(keyPath) || !fs.existsSync(certPath)) {
+    console.error("[pi-for-excel-proxy] Failed to generate TLS certificates.");
+    process.exit(1);
+  }
+}
+
+function resolveProxyConfig() {
+  const userArgs = process.argv.slice(2);
+  const hasExplicitScheme = userArgs.includes("--https") || userArgs.includes("--http");
+  const proxyArgs = hasExplicitScheme ? userArgs : ["--https", ...userArgs];
+
+  const usesHttpOnly = proxyArgs.includes("--http") && !proxyArgs.includes("--https");
+
+  return {
+    proxyArgs,
+    usesHttps: !usesHttpOnly,
+  };
+}
+
+function startProxy(proxyArgs) {
+  fs.mkdirSync(certDir, { recursive: true });
+  console.log(`[pi-for-excel-proxy] Using certificate directory: ${certDir}`);
+
+  const child = spawn(process.execPath, [proxyScriptPath, ...proxyArgs], {
+    cwd: certDir,
+    env: process.env,
+    stdio: "inherit",
+  });
+
+  let shuttingDown = false;
+
+  const forwardSignal = (signal) => {
+    if (shuttingDown) {
+      return;
+    }
+    shuttingDown = true;
+    if (!child.killed) {
+      child.kill(signal);
+    }
+  };
+
+  process.on("SIGINT", () => forwardSignal("SIGINT"));
+  process.on("SIGTERM", () => forwardSignal("SIGTERM"));
+
+  child.on("exit", (code, signal) => {
+    if (signal) {
+      process.kill(process.pid, signal);
+      return;
+    }
+    process.exit(code ?? 1);
+  });
+
+  child.on("error", (error) => {
+    console.error("[pi-for-excel-proxy] Failed to start proxy process.");
+    console.error(error.message);
+    process.exit(1);
+  });
+}
+
+if (!fs.existsSync(proxyScriptPath)) {
+  console.error("[pi-for-excel-proxy] Missing proxy runtime files.");
+  console.error("[pi-for-excel-proxy] Reinstall the package or run npm pack again.");
+  process.exit(1);
+}
+
+const proxyConfig = resolveProxyConfig();
+if (proxyConfig.usesHttps) {
+  ensureCertificates();
+}
+startProxy(proxyConfig.proxyArgs);

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "pi-for-excel-proxy",
+  "version": "0.1.0",
+  "description": "One-command local HTTPS proxy helper for Pi for Excel OAuth logins.",
+  "type": "module",
+  "bin": {
+    "pi-for-excel-proxy": "./cli.mjs"
+  },
+  "files": [
+    "cli.mjs",
+    "scripts/*.mjs",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "prepack": "node ../../scripts/sync-proxy-package.mjs"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "license": "MIT"
+}

package/scripts/cors-proxy-server.mjs

@@ -0,0 +1,457 @@
+#!/usr/bin/env node
+
+/**
+ * Minimal CORS proxy for Pi for Excel.
+ *
+ * Why this exists:
+ * - Some provider OAuth/token endpoints (and some LLM APIs) block browser requests via CORS.
+ * - In dev we rely on Vite's proxy. In production, you can run this locally and point
+ *   Pi for Excel's proxy setting at it (default: https://localhost:3003).
+ *
+ * Usage:
+ *   npm run proxy:https   # HTTPS (recommended for Office webviews)
+ *   npm run proxy         # HTTP  (may be blocked as mixed content)
+ *
+ * Proxy format:
+ *   https://localhost:3003/?url=<target-url>
+ *
+ * Example:
+ *   curl 'https://localhost:3003/?url=https%3A%2F%2Fexample.com'
+ */
+
+import http from "node:http";
+import https from "node:https";
+import fs from "node:fs";
+import path from "node:path";
+import { lookup as dnsLookup } from "node:dns/promises";
+import { Readable } from "node:stream";
+
+import {
+  evaluateTargetHostPolicy,
+  isIpLiteral,
+  normalizeHost,
+  parseAllowedTargetHosts,
+} from "./proxy-target-policy.mjs";
+
+const args = new Set(process.argv.slice(2));
+const useHttps = args.has("--https") || process.env.HTTPS === "1" || process.env.HTTPS === "true";
+const useHttp = args.has("--http");
+
+if (useHttps && useHttp) {
+  console.error("[pi-for-excel] Invalid args: can't use both --https and --http");
+  process.exit(1);
+}
+
+const HOST = process.env.HOST || (useHttps ? "localhost" : "127.0.0.1");
+const PORT = Number.parseInt(process.env.PORT || "3003", 10);
+
+const rootDir = path.resolve(process.cwd());
+const keyPath = path.join(rootDir, "key.pem");
+const certPath = path.join(rootDir, "cert.pem");
+
+const HOP_BY_HOP_HEADERS = new Set([
+  "connection",
+  "keep-alive",
+  "proxy-authenticate",
+  "proxy-authorization",
+  "te",
+  "trailer",
+  "transfer-encoding",
+  "upgrade",
+]);
+
+// SECURITY: local CORS proxies are a common footgun. Even if bound to localhost,
+// a browser tab on any origin can still call it unless we restrict CORS.
+// Default allowlist matches our dev + hosted origins; override via env var.
+const DEFAULT_ALLOWED_ORIGINS = new Set([
+  "https://localhost:3000",
+  "https://pi-for-excel.vercel.app",
+]);
+
+const allowedOrigins = (() => {
+  const raw = process.env.ALLOWED_ORIGINS;
+  if (!raw) return DEFAULT_ALLOWED_ORIGINS;
+  const set = new Set(
+    raw
+      .split(",")
+      .map((s) => s.trim())
+      .filter(Boolean),
+  );
+  return set.size > 0 ? set : DEFAULT_ALLOWED_ORIGINS;
+})();
+
+function isAllowedOrigin(origin) {
+  return typeof origin === "string" && allowedOrigins.has(origin);
+}
+
+function isLoopbackAddress(addr) {
+  if (!addr) return false;
+  if (addr === "::1" || addr === "0:0:0:0:0:0:0:1") return true;
+  if (addr.startsWith("127.")) return true;
+  if (addr.startsWith("::ffff:127.")) return true;
+  return false;
+}
+
+function envFlag(name) {
+  const raw = process.env[name];
+  return raw === "1" || raw === "true";
+}
+
+const DEFAULT_ALLOWED_TARGET_HOSTS = new Set([
+  "api.anthropic.com",
+  "console.anthropic.com",
+  "github.com",
+  "api.github.com",
+  "auth.openai.com",
+  "api.openai.com",
+  "chatgpt.com",
+  "oauth2.googleapis.com",
+  "generativelanguage.googleapis.com",
+  "api.z.ai",
+]);
+
+const allowAllTargetHosts = envFlag("ALLOW_ALL_TARGET_HOSTS");
+const allowLoopbackTargets = envFlag("ALLOW_LOOPBACK_TARGETS");
+const allowPrivateTargets = envFlag("ALLOW_PRIVATE_TARGETS");
+const strictTargetResolution = envFlag("STRICT_TARGET_RESOLUTION");
+
+const hasConfiguredAllowedTargetHosts =
+  typeof process.env.ALLOWED_TARGET_HOSTS === "string"
+  && process.env.ALLOWED_TARGET_HOSTS.trim().length > 0;
+
+const configuredAllowedTargetHosts = hasConfiguredAllowedTargetHosts
+  ? parseAllowedTargetHosts(process.env.ALLOWED_TARGET_HOSTS)
+  : new Set();
+
+const allowedTargetHosts = (() => {
+  if (allowAllTargetHosts) {
+    return new Set();
+  }
+
+  if (configuredAllowedTargetHosts.size > 0) {
+    return configuredAllowedTargetHosts;
+  }
+
+  return new Set(DEFAULT_ALLOWED_TARGET_HOSTS);
+})();
+
+const EMPTY_ALLOWED_TARGET_HOSTS = new Set();
+
+const TARGET_POLICY_MESSAGES = {
+  blocked_target_invalid_host: "Invalid target host",
+  blocked_target_not_allowlisted:
+    "Target host is not allowlisted. Configure ALLOWED_TARGET_HOSTS or set ALLOW_ALL_TARGET_HOSTS=1 to disable host allowlisting.",
+  blocked_target_loopback: "Loopback target URLs are blocked by default. Set ALLOW_LOOPBACK_TARGETS=1 to override.",
+  blocked_target_private_ip: "Private/local target URLs are blocked by default. Set ALLOW_PRIVATE_TARGETS=1 to override.",
+  blocked_target_resolution_failed: "Target hostname could not be resolved (STRICT_TARGET_RESOLUTION=1)",
+};
+
+function isGitHubEnterpriseOAuthPathname(pathname) {
+  return pathname === "/login/device/code" || pathname === "/login/oauth/access_token";
+}
+
+function isGitHubEnterpriseCopilotPathname(pathname) {
+  return pathname.startsWith("/copilot_internal/");
+}
+
+function shouldBypassHostAllowlistForGitHubEnterprise(targetUrl) {
+  const hostname = normalizeHost(targetUrl.hostname);
+  if (!hostname || isIpLiteral(hostname)) return false;
+
+  if (isGitHubEnterpriseOAuthPathname(targetUrl.pathname)) {
+    return hostname !== "github.com";
+  }
+
+  if (isGitHubEnterpriseCopilotPathname(targetUrl.pathname)) {
+    if (hostname === "api.github.com" || hostname === "api.individual.githubcopilot.com") {
+      return false;
+    }
+
+    return hostname.startsWith("api.");
+  }
+
+  return false;
+}
+
+function setCorsHeaders(req, res) {
+  const origin = req.headers.origin;
+  if (isAllowedOrigin(origin)) {
+    res.setHeader("Access-Control-Allow-Origin", origin);
+    res.setHeader("Vary", "Origin");
+  }
+
+  res.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS");
+  res.setHeader(
+    "Access-Control-Allow-Headers",
+    req.headers["access-control-request-headers"] || "*",
+  );
+  res.setHeader("Access-Control-Expose-Headers", "*");
+  res.setHeader("Access-Control-Max-Age", "86400");
+}
+
+function rejectWithReason(res, reason) {
+  const msg = TARGET_POLICY_MESSAGES[reason] || "forbidden";
+  res.statusCode = 403;
+  res.setHeader("Content-Type", "text/plain; charset=utf-8");
+  res.end(`${reason}: ${msg}`);
+}
+
+function extractTargetUrl(rawUrl) {
+  // rawUrl looks like: /?url=https%3A%2F%2Fapi.example.com/path
+  // NOTE: some callers append path segments after the encoded baseUrl,
+  // so we decode everything after `url=` rather than using URLSearchParams.
+  const idx = rawUrl.indexOf("url=");
+  if (idx === -1) return null;
+  const encoded = rawUrl.slice(idx + 4);
+  const normalized = encoded.replace(/\+/g, "%20");
+  try {
+    return decodeURIComponent(normalized);
+  } catch {
+    return null;
+  }
+}
+
+function buildOutboundHeaders(inHeaders) {
+  const out = new Headers();
+  for (const [key, value] of Object.entries(inHeaders)) {
+    if (!value) continue;
+    const lower = key.toLowerCase();
+
+    if (lower === "host") continue;
+    if (lower === "content-length") continue;
+    if (lower === "accept-encoding") continue;
+
+    // Strip browser-only / CORS-triggering headers (mimic server requests)
+    if (lower === "origin") continue;
+    if (lower === "referer") continue;
+    if (lower.startsWith("sec-fetch-")) continue;
+
+    // Anthropic uses this header to explicitly enable direct browser access.
+    // When proxying we want the upstream to behave like a server-to-server call.
+    if (lower === "anthropic-dangerous-direct-browser-access") continue;
+
+    // Never forward cookies through a generic proxy
+    if (lower === "cookie") continue;
+
+    if (HOP_BY_HOP_HEADERS.has(lower)) continue;
+
+    if (Array.isArray(value)) {
+      for (const v of value) out.append(key, v);
+    } else {
+      out.set(key, value);
+    }
+  }
+  return out;
+}
+
+const handler = async (req, res) => {
+  const remote = req.socket?.remoteAddress;
+  if (!isLoopbackAddress(remote)) {
+    res.statusCode = 403;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end("forbidden");
+    console.warn(`[proxy] blocked non-loopback client: ${remote || "unknown"}`);
+    return;
+  }
+
+  const origin = req.headers.origin;
+  if (!isAllowedOrigin(origin)) {
+    res.statusCode = 403;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end("forbidden");
+    console.warn(`[proxy] blocked request from disallowed origin: ${origin || "(none)"}`);
+    return;
+  }
+
+  setCorsHeaders(req, res);
+
+  if (req.method === "OPTIONS") {
+    res.statusCode = 204;
+    res.end();
+    return;
+  }
+
+  const rawUrl = req.url || "/";
+  const target = extractTargetUrl(rawUrl);
+  if (!target) {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end("Missing or invalid ?url=<target-url> query parameter");
+    return;
+  }
+
+  let targetUrl;
+  try {
+    targetUrl = new URL(target);
+  } catch {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end("Invalid target URL");
+    return;
+  }
+
+  if (targetUrl.protocol !== "http:" && targetUrl.protocol !== "https:") {
+    res.statusCode = 400;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end("Only http(s) target URLs are supported");
+    return;
+  }
+
+  const targetHost = normalizeHost(targetUrl.hostname);
+  const safeTarget = `${targetUrl.origin}${targetUrl.pathname}`;
+
+  let resolvedIps = [];
+  if (!isIpLiteral(targetHost)) {
+    try {
+      const records = await dnsLookup(targetHost, { all: true, verbatim: true });
+      resolvedIps = records.map((r) => r.address);
+    } catch (err) {
+      const errorText = err instanceof Error ? err.message : String(err);
+      if (strictTargetResolution) {
+        rejectWithReason(res, "blocked_target_resolution_failed");
+        console.warn(`[proxy] blocked target (blocked_target_resolution_failed): ${safeTarget} (${errorText})`);
+        return;
+      }
+      console.warn(`[proxy] DNS lookup failed for ${targetHost}: ${errorText} (continuing)`);
+    }
+  }
+
+  const bypassHostAllowlistForGitHubEnterprise =
+    !allowAllTargetHosts
+    && configuredAllowedTargetHosts.size === 0
+    && shouldBypassHostAllowlistForGitHubEnterprise(targetUrl);
+
+  const effectiveAllowedTargetHosts = bypassHostAllowlistForGitHubEnterprise
+    ? EMPTY_ALLOWED_TARGET_HOSTS
+    : allowedTargetHosts;
+
+  const targetPolicy = evaluateTargetHostPolicy({
+    hostname: targetHost,
+    resolvedIps,
+    allowLoopbackTargets,
+    allowPrivateTargets,
+    allowedHosts: effectiveAllowedTargetHosts,
+  });
+
+  if (!targetPolicy.allowed) {
+    const reason = targetPolicy.reason || "forbidden";
+    rejectWithReason(res, reason);
+    console.warn(`[proxy] blocked target (${reason}): ${safeTarget}`);
+    return;
+  }
+
+  if (bypassHostAllowlistForGitHubEnterprise) {
+    console.log(`[proxy] allowing GitHub enterprise endpoint outside default host allowlist: ${safeTarget}`);
+  }
+
+  try {
+    const startedAt = Date.now();
+    const headers = buildOutboundHeaders(req.headers);
+
+    const hasBody = req.method && !["GET", "HEAD"].includes(req.method);
+    const body = hasBody ? Readable.toWeb(req) : undefined;
+
+    const upstream = await fetch(targetUrl.toString(), {
+      method: req.method,
+      headers,
+      body,
+      // Required when using a stream body in Node fetch
+      ...(body ? { duplex: "half" } : {}),
+      redirect: "manual",
+    });
+
+    // Log without query string to avoid leaking tokens
+    console.log(`[proxy] ${req.method || "GET"} ${safeTarget} -> ${upstream.status} (${Date.now() - startedAt}ms)`);
+
+    res.statusCode = upstream.status;
+
+    // Copy response headers (but keep our CORS headers)
+    upstream.headers.forEach((value, key) => {
+      const lower = key.toLowerCase();
+      if (lower === "set-cookie") return;
+      if (HOP_BY_HOP_HEADERS.has(lower)) return;
+      // Node fetch transparently decompresses responses but keeps the original
+      // Content-Encoding header (e.g. "gzip"). Forwarding that header would
+      // make the browser try to decompress *again* and fail while reading.
+      if (lower === "content-encoding") return;
+
+      // Content-Length can be wrong after decompression; let Node set it.
+      if (lower === "content-length") return;
+      res.setHeader(key, value);
+    });
+
+    if (!upstream.body) {
+      res.end();
+      return;
+    }
+
+    const nodeStream = Readable.fromWeb(upstream.body);
+    nodeStream.on("error", () => {
+      try {
+        res.end();
+      } catch {
+        // ignore
+      }
+    });
+    nodeStream.pipe(res);
+  } catch (err) {
+    console.warn(`[proxy] ${req.method || "GET"} ${targetUrl.origin}${targetUrl.pathname} -> ERROR (${err instanceof Error ? err.message : String(err)})`);
+    res.statusCode = 502;
+    res.setHeader("Content-Type", "text/plain; charset=utf-8");
+    res.end(`Proxy error: ${err instanceof Error ? err.message : String(err)}`);
+  }
+};
+
+const server = (() => {
+  if (!useHttps) {
+    return http.createServer(handler);
+  }
+
+  if (!fs.existsSync(keyPath) || !fs.existsSync(certPath)) {
+    console.error("[pi-for-excel] HTTPS requested but key.pem/cert.pem not found in repo root.");
+    console.error("Generate them with mkcert (see README). Example: mkcert localhost");
+    process.exit(1);
+  }
+
+  return https.createServer(
+    {
+      key: fs.readFileSync(keyPath),
+      cert: fs.readFileSync(certPath),
+    },
+    handler,
+  );
+})();
+
+server.listen(PORT, HOST, () => {
+  const scheme = useHttps ? "https" : "http";
+  console.log(`[pi-for-excel] CORS proxy listening on ${scheme}://${HOST}:${PORT}`);
+  console.log(`[pi-for-excel] Format: ${scheme}://${HOST}:${PORT}/?url=<target-url>`);
+  console.log(`[pi-for-excel] Allowed origins: ${Array.from(allowedOrigins).join(", ")}`);
+
+  if (allowAllTargetHosts) {
+    console.log("[pi-for-excel] WARNING: target host allowlisting disabled (ALLOW_ALL_TARGET_HOSTS=1)");
+  } else {
+    const source = configuredAllowedTargetHosts.size > 0 ? "ALLOWED_TARGET_HOSTS" : "default";
+    console.log(`[pi-for-excel] Allowed target hosts (${source}): ${Array.from(allowedTargetHosts).join(", ")}`);
+
+    if (configuredAllowedTargetHosts.size === 0) {
+      console.log("[pi-for-excel] GitHub enterprise OAuth/Copilot endpoints on custom domains are allowed by path.");
+    }
+  }
+
+  if (hasConfiguredAllowedTargetHosts && configuredAllowedTargetHosts.size === 0) {
+    console.warn("[pi-for-excel] WARNING: ALLOWED_TARGET_HOSTS had no valid entries; using default allowlist.");
+  }
+
+  if (allowLoopbackTargets) {
+    console.log("[pi-for-excel] WARNING: loopback target blocking disabled (ALLOW_LOOPBACK_TARGETS=1)");
+  }
+
+  if (allowPrivateTargets) {
+    console.log("[pi-for-excel] WARNING: private/local target blocking disabled (ALLOW_PRIVATE_TARGETS=1)");
+  }
+
+  if (strictTargetResolution) {
+    console.log("[pi-for-excel] Strict DNS resolution enabled (STRICT_TARGET_RESOLUTION=1)");
+  }
+});

package/scripts/proxy-target-policy.mjs

@@ -0,0 +1,251 @@
+import net from "node:net";
+
+const LOOPBACK_IPV4 = new net.BlockList();
+LOOPBACK_IPV4.addSubnet("127.0.0.0", 8, "ipv4");
+
+const LOOPBACK_IPV6 = new net.BlockList();
+LOOPBACK_IPV6.addAddress("::1", "ipv6");
+
+const PRIVATE_LOCAL_IPV4 = new net.BlockList();
+PRIVATE_LOCAL_IPV4.addSubnet("10.0.0.0", 8, "ipv4");
+PRIVATE_LOCAL_IPV4.addSubnet("172.16.0.0", 12, "ipv4");
+PRIVATE_LOCAL_IPV4.addSubnet("192.168.0.0", 16, "ipv4");
+PRIVATE_LOCAL_IPV4.addSubnet("169.254.0.0", 16, "ipv4");
+PRIVATE_LOCAL_IPV4.addSubnet("127.0.0.0", 8, "ipv4");
+
+const PRIVATE_LOCAL_IPV6 = new net.BlockList();
+PRIVATE_LOCAL_IPV6.addAddress("::1", "ipv6");
+PRIVATE_LOCAL_IPV6.addSubnet("fc00::", 7, "ipv6");
+PRIVATE_LOCAL_IPV6.addSubnet("fe80::", 10, "ipv6");
+
+const IPV4_MAPPED_IPV6_RE = /^::ffff:(\d{1,3}(?:\.\d{1,3}){3})$/i;
+
+/** Normalize host/hostname strings to a canonical comparison form. */
+export function normalizeHost(hostname) {
+  if (typeof hostname !== "string") return "";
+
+  let host = hostname.trim().toLowerCase();
+  if (!host) return "";
+
+  if (host.startsWith("[") && host.endsWith("]")) {
+    host = host.slice(1, -1);
+  }
+
+  // Strip IPv6 zone index (e.g. fe80::1%lo0).
+  const zoneIndex = host.indexOf("%");
+  if (zoneIndex >= 0) {
+    host = host.slice(0, zoneIndex);
+  }
+
+  return host;
+}
+
+function mappedIPv4FromIPv6(hostname) {
+  const host = normalizeHost(hostname);
+  const match = IPV4_MAPPED_IPV6_RE.exec(host);
+  if (!match) return null;
+
+  const candidate = match[1];
+  return net.isIP(candidate) === 4 ? candidate : null;
+}
+
+function checkBlockList(list, ip) {
+  const family = net.isIP(ip);
+  if (family === 4) return list.check(ip, "ipv4");
+  if (family === 6) return list.check(ip, "ipv6");
+  return false;
+}
+
+/** Parse ALLOWED_TARGET_HOSTS env var into a normalized host set. */
+export function parseAllowedTargetHosts(raw) {
+  if (typeof raw !== "string" || raw.trim().length === 0) {
+    return new Set();
+  }
+
+  const out = new Set();
+  for (const entry of raw.split(",")) {
+    const trimmed = entry.trim();
+    if (!trimmed) continue;
+
+    let host = "";
+
+    if (trimmed.includes("://")) {
+      try {
+        host = normalizeHost(new URL(trimmed).hostname);
+      } catch {
+        host = "";
+      }
+    } else {
+      host = normalizeHost(trimmed);
+    }
+
+    if (host) out.add(host);
+  }
+
+  return out;
+}
+
+export function isIpLiteral(hostname) {
+  const host = normalizeHost(hostname);
+  if (!host) return false;
+  return net.isIP(host) !== 0;
+}
+
+export function isLoopbackHostname(hostname) {
+  const host = normalizeHost(hostname);
+  if (!host) return false;
+
+  if (host === "localhost") return true;
+
+  if (checkBlockList(LOOPBACK_IPV4, host)) return true;
+  if (checkBlockList(LOOPBACK_IPV6, host)) return true;
+
+  const mapped = mappedIPv4FromIPv6(host);
+  return mapped !== null && checkBlockList(LOOPBACK_IPV4, mapped);
+}
+
+/**
+ * True for loopback, RFC1918, and link-local addresses.
+ */
+export function isPrivateOrLocalIp(ip) {
+  const host = normalizeHost(ip);
+  if (!host) return false;
+
+  if (checkBlockList(PRIVATE_LOCAL_IPV4, host)) return true;
+  if (checkBlockList(PRIVATE_LOCAL_IPV6, host)) return true;
+
+  const mapped = mappedIPv4FromIPv6(host);
+  return mapped !== null && checkBlockList(PRIVATE_LOCAL_IPV4, mapped);
+}
+
+/**
+ * Host allowlist check.
+ * - Empty allowlist => allow all hosts.
+ * - Non-empty allowlist => exact normalized host match.
+ */
+export function isAllowedTargetHost(hostname, allowedHosts) {
+  const host = normalizeHost(hostname);
+  if (!host) return false;
+
+  if (!(allowedHosts instanceof Set) || allowedHosts.size === 0) {
+    return true;
+  }
+
+  return allowedHosts.has(host);
+}
+
+/**
+ * Hostname-only block decision (no DNS resolution context).
+ */
+export function getBlockedTargetReasonForHostname(hostname, opts = {}) {
+  const {
+    allowLoopbackTargets = false,
+    allowPrivateTargets = false,
+    allowedHosts = new Set(),
+  } = opts;
+
+  const host = normalizeHost(hostname);
+  if (!host) return "blocked_target_invalid_host";
+
+  const loopback = isLoopbackHostname(host);
+  if (loopback && !allowLoopbackTargets) {
+    return "blocked_target_loopback";
+  }
+
+  // Preserve legacy semantics: if loopback is explicitly allowed, do not
+  // re-block it under private/local checks or host allowlists.
+  if (loopback && allowLoopbackTargets) {
+    return null;
+  }
+
+  const privateOrLocalLiteral = isIpLiteral(host) && isPrivateOrLocalIp(host);
+  if (!allowPrivateTargets && privateOrLocalLiteral) {
+    return "blocked_target_private_ip";
+  }
+
+  // Preserve legacy semantics: if private/local literal targets are explicitly
+  // allowed, do not re-block them under host allowlists.
+  if (allowPrivateTargets && privateOrLocalLiteral) {
+    return null;
+  }
+
+  if (!isAllowedTargetHost(host, allowedHosts)) {
+    return "blocked_target_not_allowlisted";
+  }
+
+  return null;
+}
+
+/**
+ * DNS-resolution-based block decision.
+ * Resolved IPs should come from dns.lookup(host, { all: true }).
+ */
+export function getBlockedTargetReasonForResolvedIps(resolvedIps, opts = {}) {
+  const {
+    allowLoopbackTargets = false,
+    allowPrivateTargets = false,
+  } = opts;
+
+  if (!Array.isArray(resolvedIps) || resolvedIps.length === 0) {
+    return null;
+  }
+
+  for (const ip of resolvedIps) {
+    const normalized = normalizeHost(ip);
+    if (!normalized) continue;
+
+    const loopback = isLoopbackHostname(normalized);
+    if (loopback && !allowLoopbackTargets) {
+      return "blocked_target_loopback";
+    }
+
+    if (loopback && allowLoopbackTargets) {
+      continue;
+    }
+
+    if (!allowPrivateTargets && isPrivateOrLocalIp(normalized)) {
+      return "blocked_target_private_ip";
+    }
+  }
+
+  return null;
+}
+
+/**
+ * Final target policy decision used by proxy server.
+ */
+export function evaluateTargetHostPolicy(opts = {}) {
+  const {
+    hostname,
+    resolvedIps = [],
+    allowLoopbackTargets = false,
+    allowPrivateTargets = false,
+    allowedHosts = new Set(),
+  } = opts;
+
+  const hostReason = getBlockedTargetReasonForHostname(hostname, {
+    allowLoopbackTargets,
+    allowPrivateTargets,
+    allowedHosts,
+  });
+
+  if (hostReason) {
+    return { allowed: false, reason: hostReason };
+  }
+
+  const dnsReason = getBlockedTargetReasonForResolvedIps(resolvedIps, {
+    allowLoopbackTargets,
+    allowPrivateTargets,
+  });
+
+  if (dnsReason) {
+    return { allowed: false, reason: dnsReason };
+  }
+
+  return { allowed: true };
+}
+
+/** Backward-compatible convenience helper. */
+export function isBlockedTargetByHostname(hostname) {
+  return getBlockedTargetReasonForHostname(hostname) !== null;
+}