sitedrift 0.1.0 → 0.3.0

package/src/agent.mjs

@@ -0,0 +1,73 @@
+import http from 'node:http';
+import https from 'node:https';
+import { readSession } from './session.mjs';
+
+function output(value) {
+  process.stdout.write(`${JSON.stringify(value, null, 2)}\n`);
+}
+
+function routeFor(command) {
+  if (command.name === 'status' || command.name === 'context') return '/api/v1/session';
+  return '/api/v1/notes';
+}
+
+export async function requestSession(session, pathname, init = {}) {
+  const url = new URL(pathname, session.url);
+  const transport = url.protocol === 'https:' ? https : http;
+  const text = await new Promise((resolve, reject) => {
+    const req = transport.request(url, {
+      method: init.method || 'GET',
+      rejectUnauthorized: false,
+      headers: {
+        authorization: `Bearer ${session.token}`,
+        'content-type': 'application/json',
+        ...(init.headers || {}),
+      },
+    }, (res) => {
+      let data = '';
+      res.setEncoding('utf8');
+      res.on('data', (chunk) => { data += chunk; });
+      res.on('end', () => {
+        if ((res.statusCode || 500) >= 400) {
+          try { reject(new Error(JSON.parse(data).error)); } catch { reject(new Error(data || `HTTP ${res.statusCode}`)); }
+        } else {
+          resolve(data);
+        }
+      });
+    });
+    req.on('error', reject);
+    if (init.body) req.write(init.body);
+    req.end();
+  });
+  return JSON.parse(text);
+}
+
+export async function runAgentCommand(command, config) {
+  const session = readSession(config.port);
+  if (command.name === 'status' || command.name === 'context' || command.action === 'list') {
+    output(await requestSession(session, routeFor(command)));
+    return 0;
+  }
+
+  const op = command.action === 'add'
+    ? {
+        op: 'add',
+        text: command.text,
+        author: command.author || config.author,
+        route: command.route || '/',
+        side: command.side || null,
+      }
+    : command.action === 'resolve'
+      ? { op: 'resolve', id: command.id }
+      : command.action === 'reopen'
+        ? { op: 'reopen', id: command.id }
+        : command.action === 'remove'
+          ? { op: 'remove', id: command.id }
+          : { op: 'clear' };
+
+  output(await requestSession(session, '/api/v1/notes', {
+    method: 'POST',
+    body: JSON.stringify(op),
+  }));
+  return 0;
+}

package/src/browser.mjs

@@ -0,0 +1,9 @@
+import { spawn } from 'node:child_process';
+
+export function openBrowser(url) {
+  const cmd = process.platform === 'darwin' ? 'open'
+    : process.platform === 'win32' ? 'start' : 'xdg-open';
+  try {
+    spawn(cmd, [url], { stdio: 'ignore', detached: true, shell: process.platform === 'win32' }).unref();
+  } catch {}
+}

package/src/cli.mjs

@@ -0,0 +1,231 @@
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+// Short flags and the boolean flags that never consume the next argument.
+const ALIASES = { d: 'dev', l: 'live', p: 'port', o: 'open', h: 'help', v: 'version' };
+const BOOLEANS = new Set(['open', 'http', 'https', 'setup-https', 'help', 'version']);
+const VALUE_FLAGS = new Set([
+  'dev', 'live', 'port', 'host', 'cert', 'key', 'notes', 'brand', 'author',
+  'vault', 'config', 'route', 'side', 'dir', 'production-branch',
+]);
+const KNOWN_FLAGS = new Set([...BOOLEANS, ...VALUE_FLAGS]);
+const CONFIG_NAMES = ['sitedrift.config.json', '.sitedriftrc.json'];
+
+export function parseArgs(argv) {
+  const opts = {};
+  const positionals = [];
+  for (let i = 0; i < argv.length; i++) {
+    let arg = argv[i];
+    if (arg === '--') { positionals.push(...argv.slice(i + 1)); break; }
+    if (arg[0] !== '-' || arg === '-') { positionals.push(arg); continue; }
+    arg = arg.replace(/^--?/, '');
+    let value;
+    const eq = arg.indexOf('=');
+    if (eq !== -1) { value = arg.slice(eq + 1); arg = arg.slice(0, eq); }
+    const name = ALIASES[arg] || arg;
+    if (!KNOWN_FLAGS.has(name)) throw new Error(`Unknown option: --${arg}`);
+    if (BOOLEANS.has(name)) { opts[name] = true; continue; }
+    if (value === undefined) {
+      const next = argv[i + 1];
+      if (next !== undefined && next[0] !== '-') { value = next; i++; }
+      else throw new Error(`Option --${name} requires a value.`);
+    }
+    opts[name] = value;
+  }
+  return { opts, positionals };
+}
+
+function findConfigFile(start = process.cwd()) {
+  let dir = path.resolve(start);
+  while (true) {
+    for (const name of CONFIG_NAMES) {
+      const file = path.join(dir, name);
+      if (fs.existsSync(file)) return file;
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) return null;
+    dir = parent;
+  }
+}
+
+function readConfigFile(explicit) {
+  const file = explicit ? path.resolve(explicit) : findConfigFile();
+  if (!file) return {};
+  let value;
+  try {
+    value = JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch (error) {
+    throw new Error(`Could not read config ${file}: ${error.message}`);
+  }
+  if (!value || Array.isArray(value) || typeof value !== 'object') {
+    throw new Error(`Config ${file} must contain a JSON object.`);
+  }
+  const allowed = new Set(['dev', 'live', 'port', 'host', 'cert', 'key', 'notes', 'brand', 'author', 'vault', 'https', 'open']);
+  const unknown = Object.keys(value).filter((key) => !allowed.has(key));
+  if (unknown.length) throw new Error(`Unknown config key${unknown.length === 1 ? '' : 's'}: ${unknown.join(', ')}`);
+  return value;
+}
+
+// SITEDRIFT_<NAME> is the public env var; SITE_COMPARE_<NAME> is the legacy name
+// kept so the `site compare` wrapper keeps working after extraction.
+function envVal(name) {
+  const v = process.env[`SITEDRIFT_${name}`] ?? process.env[`SITE_COMPARE_${name}`];
+  return v === undefined || v === '' ? undefined : v;
+}
+
+// Precedence for every setting: CLI flag > env > built-in default.
+function pick(opts, fileConfig, flag, name, fallback) {
+  return opts[flag] ?? envVal(name) ?? fileConfig[flag] ?? fallback;
+}
+
+function boolean(value, name) {
+  if (typeof value === 'boolean') return value;
+  if (value === undefined) return false;
+  if (value === '1' || value === 'true') return true;
+  if (value === '0' || value === 'false') return false;
+  throw new Error(`${name} must be true/false or 1/0.`);
+}
+
+export function cleanBase(value) {
+  const url = new URL(value);
+  url.pathname = url.pathname.replace(/\/+$/, '');
+  url.search = '';
+  url.hash = '';
+  return url;
+}
+
+export function readVersion() {
+  try {
+    return JSON.parse(fs.readFileSync(new URL('../package.json', import.meta.url), 'utf8')).version;
+  } catch { return '0.0.0'; }
+}
+
+export function printHelp() {
+  console.log(`sitedrift — frame local dev against production, side-by-side on the same route.
+
+Usage:
+  sitedrift [path] [options]
+  npx sitedrift /pricing --dev http://localhost:4321 --live https://example.com --open
+  sitedrift status
+  sitedrift context
+  sitedrift mcp
+  sitedrift cloudflare --dir dist --live https://example.com
+  sitedrift notes list
+  sitedrift notes add <text> [--route /path] [--side dev|live] [--author name]
+  sitedrift notes resolve|reopen|remove <id>
+  sitedrift notes clear
+
+Options:
+  -d, --dev <url>     Left-pane (dev) origin            [default http://127.0.0.1:4321]
+  -l, --live <url>    Right-pane (live) origin          [default https://example.com]
+  -p, --port <n>      Listen port                       [default 4178]
+      --host <addr>   Bind address                      [default 127.0.0.1]
+  -o, --open          Open the viewer in your browser
+      --https         Serve HTTPS with an auto cert (mkcert if present, else openssl)
+      --setup-https   One-time: generate + trust a local cert, then exit
+      --http          Force plain HTTP (the default; overrides --https)
+      --cert <file>   TLS cert (serve HTTPS; needs --key)
+      --key <file>    TLS key
+      --notes <file>  Shared review-notes JSON          [default \$TMPDIR/sitedrift-notes.json]
+      --brand <text>  Strip "| <text>" from pane-header titles
+      --author <name> Byline for notes added in the viewer
+      --vault <dir>   Enable "Send to vault" (writes review markdown here)
+      --config <file> Read project configuration from a JSON file
+  -h, --help          Show this help
+  -v, --version       Print version
+
+Every option also reads SITEDRIFT_<NAME> (e.g. SITEDRIFT_DEV). Binds to
+127.0.0.1 by default — it strips framing/isolation headers, so never expose it
+publicly. See https://github.com/joeseverino/sitedrift`);
+}
+
+export function resolveConfig(argv = process.argv.slice(2)) {
+  const { opts, positionals } = parseArgs(argv);
+  if (positionals.length > 1) throw new Error(`Unexpected argument: ${positionals[1]}`);
+  const fileConfig = readConfigFile(opts.config);
+  const port = Number(pick(opts, fileConfig, 'port', 'PORT', 4178));
+  if (!Number.isInteger(port) || port < 1 || port > 65533) {
+    throw new Error('Port must be an integer from 1 to 65533 (the next two ports isolate DEV and LIVE).');
+  }
+  const certFile = opts.http ? undefined : pick(opts, fileConfig, 'cert', 'CERT', undefined);
+  const keyFile = opts.http ? undefined : pick(opts, fileConfig, 'key', 'KEY', undefined);
+  if (!!certFile !== !!keyFile) throw new Error('--cert and --key must be provided together.');
+  const host = pick(opts, fileConfig, 'host', 'HOST', '127.0.0.1');
+  if (!['127.0.0.1', 'localhost', '::1'].includes(host)) {
+    throw new Error('Host must be loopback (127.0.0.1, localhost, or ::1).');
+  }
+  return {
+    opts,
+    help: !!opts.help,
+    version: !!opts.version,
+    setupHttps: !!opts['setup-https'],
+    https: !opts.http && boolean(pick(opts, fileConfig, 'https', 'HTTPS', false), 'https'),
+    host,
+    port,
+    devBase: cleanBase(pick(opts, fileConfig, 'dev', 'DEV', 'http://127.0.0.1:4321')),
+    liveBase: cleanBase(pick(opts, fileConfig, 'live', 'LIVE', 'https://example.com')),
+    certFile,
+    keyFile,
+    notesFile: pick(opts, fileConfig, 'notes', 'NOTES', `${os.tmpdir()}/sitedrift-notes.json`),
+    brand: pick(opts, fileConfig, 'brand', 'BRAND', ''),
+    author: pick(opts, fileConfig, 'author', 'AUTHOR', 'you'),
+    vaultDir: pick(opts, fileConfig, 'vault', 'VAULT', ''),
+    open: boolean(pick(opts, fileConfig, 'open', 'OPEN', false), 'open'),
+    initialPath: positionals[0]
+      ? '/' + String(positionals[0]).replace(/^\/+/, '')
+      : '',
+  };
+}
+
+export function parseCommand(argv = process.argv.slice(2)) {
+  const name = argv[0];
+  if (!['status', 'context', 'notes', 'mcp', 'cloudflare'].includes(name)) return null;
+  if (name === 'cloudflare') {
+    const { opts, positionals } = parseArgs(argv.slice(1));
+    if (positionals.length) throw new Error(`Unexpected argument: ${positionals[0]}`);
+    if (!opts.live) throw new Error('sitedrift cloudflare requires --live.');
+    return {
+      command: {
+        name,
+        dir: opts.dir || 'dist',
+        live: opts.live,
+        brand: opts.brand || '',
+        productionBranch: opts['production-branch'] || 'main',
+      },
+      argv: [],
+    };
+  }
+  if (name === 'mcp') {
+    if (argv.length > 1) throw new Error('Usage: sitedrift mcp');
+    return { command: { name }, argv: [] };
+  }
+  if (name === 'status' || name === 'context') {
+    return { command: { name }, argv: argv.slice(1) };
+  }
+  const action = argv[1];
+  if (!['list', 'add', 'resolve', 'reopen', 'remove', 'clear'].includes(action)) {
+    throw new Error('Usage: sitedrift notes list|add|resolve|reopen|remove|clear');
+  }
+  const tail = argv.slice(2);
+  let subject;
+  if (action === 'add' || ['resolve', 'reopen', 'remove'].includes(action)) {
+    subject = tail.shift();
+    if (!subject) throw new Error(`sitedrift notes ${action} requires ${action === 'add' ? 'text' : 'an id'}.`);
+  }
+  const { opts, positionals } = parseArgs(tail);
+  if (positionals.length) throw new Error(`Unexpected argument: ${positionals[0]}`);
+  if (opts.side && !['dev', 'live'].includes(opts.side)) throw new Error('--side must be dev or live.');
+  return {
+    command: {
+      name,
+      action,
+      text: action === 'add' ? subject : undefined,
+      id: action === 'add' ? undefined : subject,
+      route: opts.route,
+      side: opts.side,
+      author: opts.author,
+    },
+    argv: tail,
+  };
+}

package/src/cloudflare-runtime.mjs

@@ -0,0 +1,114 @@
+import { frameBridge, rewriteRootPaths } from './frame-content.mjs';
+
+const STRIP_HEADERS = [
+  'content-encoding',
+  'content-length',
+  'content-security-policy',
+  'content-security-policy-report-only',
+  'cross-origin-embedder-policy',
+  'cross-origin-opener-policy',
+  'cross-origin-resource-policy',
+  'transfer-encoding',
+  'x-frame-options',
+];
+
+function cleanHeaders(source) {
+  const headers = new Headers(source);
+  for (const name of STRIP_HEADERS) headers.delete(name);
+  headers.set('cache-control', 'no-store');
+  headers.set('x-robots-tag', 'noindex, nofollow');
+  return headers;
+}
+
+async function configFor(context) {
+  const url = new URL('/__sitedrift/config.json', context.request.url);
+  const response = await context.env.ASSETS.fetch(url);
+  if (!response.ok) throw new Error('sitedrift preview config is unavailable');
+  return response.json();
+}
+
+async function devResponse(context, route) {
+  const requestUrl = new URL(context.request.url);
+  const routeUrl = new URL(route, requestUrl);
+  const pathname = routeUrl.pathname;
+  const accept = context.request.headers.get('accept') || '';
+  if (context.request.method === 'GET' && accept.includes('text/html')) {
+    const clean = pathname.replace(/^\/+/, '');
+    const candidates = pathname.endsWith('/')
+      ? [`/__sitedrift/source/${clean}index.html`]
+      : [`/__sitedrift/source/${clean}.html`, `/__sitedrift/source/${clean}/index.html`];
+    if (pathname === '/') candidates.unshift('/__sitedrift/source/index.html');
+    for (const pathname of candidates) {
+      const response = await context.env.ASSETS.fetch(new URL(pathname, requestUrl));
+      if (response.ok) return response;
+    }
+  }
+  return context.env.ASSETS.fetch(routeUrl);
+}
+
+async function liveResponse(context, route, live) {
+  const base = new URL(live);
+  const target = new URL(route, `${base.href.replace(/\/$/, '')}/`);
+  if (target.origin !== base.origin) return new Response('Invalid live target.', { status: 400 });
+  const headers = new Headers(context.request.headers);
+  headers.delete('host');
+  headers.delete('accept-encoding');
+  const init = {
+    method: context.request.method,
+    headers,
+    redirect: 'manual',
+  };
+  if (!['GET', 'HEAD'].includes(context.request.method)) init.body = context.request.body;
+  return fetch(target, init);
+}
+
+export async function onRequest(context) {
+  const requestUrl = new URL(context.request.url);
+  const match = requestUrl.pathname.match(/^\/__sitedrift\/(dev|live)(\/.*)?$/);
+  if (!match) return context.env.ASSETS.fetch(context.request);
+  if (!['GET', 'HEAD'].includes(context.request.method)) {
+    return new Response('sitedrift preview proxies are read-only.', {
+      status: 405,
+      headers: { allow: 'GET, HEAD' },
+    });
+  }
+
+  const side = match[1];
+  const route = `${match[2] || '/'}${requestUrl.search}`;
+  let upstream;
+  try {
+    const config = await configFor(context);
+    upstream = side === 'dev'
+      ? await devResponse(context, route)
+      : await liveResponse(context, route, config.live);
+  } catch (error) {
+    return new Response(`sitedrift: ${error.message}`, { status: 502 });
+  }
+
+  const headers = cleanHeaders(upstream.headers);
+  const location = upstream.headers.get('location');
+  if (location) {
+    const config = await configFor(context);
+    const base = side === 'live' ? new URL(config.live) : requestUrl;
+    const redirected = new URL(location, base);
+    if (side === 'dev' || redirected.origin === base.origin) {
+      headers.set('location', `/__sitedrift/${side}${redirected.pathname}${redirected.search}${redirected.hash}`);
+    }
+  }
+
+  const type = upstream.headers.get('content-type') || '';
+  const rewritable = /text\/html|text\/css|javascript/.test(type);
+  if (rewritable && context.request.method !== 'HEAD') {
+    let body = rewriteRootPaths(await upstream.text(), `/__sitedrift/${side}`);
+    if (/text\/html/.test(type)) {
+      const bridge = frameBridge(side, `/__sitedrift/${side}`);
+      body = body.includes('</head>') ? body.replace('</head>', `${bridge}</head>`) : `${bridge}${body}`;
+    }
+    return new Response(body, { status: upstream.status, statusText: upstream.statusText, headers });
+  }
+  return new Response(context.request.method === 'HEAD' ? null : upstream.body, {
+    status: upstream.status,
+    statusText: upstream.statusText,
+    headers,
+  });
+}

package/src/cloudflare.mjs

@@ -0,0 +1,78 @@
+import fs from 'node:fs';
+import path from 'node:path';
+
+import { assets, renderHostedViewer } from './viewer.mjs';
+
+function htmlFiles(root) {
+  const found = [];
+  for (const entry of fs.readdirSync(root, { withFileTypes: true })) {
+    const file = path.join(root, entry.name);
+    if (entry.isDirectory()) {
+      if (entry.name !== '__sitedrift') found.push(...htmlFiles(file));
+    } else if (entry.isFile() && entry.name.endsWith('.html')) {
+      found.push(file);
+    }
+  }
+  return found;
+}
+
+function routeFor(relative) {
+  if (relative === 'index.html') return '/';
+  if (relative.endsWith('/index.html')) return `/${relative.slice(0, -'index.html'.length)}`;
+  return `/${relative.slice(0, -'.html'.length)}`;
+}
+
+function secureLive(value) {
+  const url = new URL(value);
+  if (url.protocol !== 'https:' && !['localhost', '127.0.0.1', '::1'].includes(url.hostname)) {
+    throw new Error('--live must use HTTPS.');
+  }
+  url.pathname = url.pathname.replace(/\/+$/, '');
+  url.search = '';
+  url.hash = '';
+  return url.href.replace(/\/$/, '');
+}
+
+export function installCloudflarePreview({
+  dir,
+  live,
+  brand = '',
+  productionBranch = 'main',
+  env = process.env,
+  force = false,
+}) {
+  const branch = env.CF_PAGES_BRANCH || '';
+  if (!force && (env.CF_PAGES !== '1' || !branch || branch === productionBranch)) {
+    return { installed: false, reason: branch === productionBranch ? 'production branch' : 'not a Pages preview' };
+  }
+
+  const output = path.resolve(dir);
+  if (!fs.existsSync(output)) throw new Error(`Build output does not exist: ${output}`);
+  const files = htmlFiles(output);
+  if (!files.length) throw new Error(`No HTML files found in ${output}`);
+
+  const liveUrl = secureLive(live);
+  const internal = path.join(output, '__sitedrift');
+  const source = path.join(internal, 'source');
+  const assetDir = path.join(internal, 'assets');
+  fs.mkdirSync(source, { recursive: true });
+  fs.mkdirSync(assetDir, { recursive: true });
+
+  for (const file of files) {
+    const relative = path.relative(output, file);
+    const preserved = path.join(source, relative);
+    fs.mkdirSync(path.dirname(preserved), { recursive: true });
+    fs.copyFileSync(file, preserved);
+    fs.writeFileSync(file, renderHostedViewer({
+      live: liveUrl,
+      brand,
+      initialPath: routeFor(relative),
+    }));
+  }
+
+  fs.writeFileSync(path.join(assetDir, 'viewer.css'), assets.css);
+  fs.writeFileSync(path.join(assetDir, 'viewer.js'), assets.js);
+  fs.writeFileSync(path.join(assetDir, 'icon.svg'), assets.icon);
+  fs.writeFileSync(path.join(internal, 'config.json'), JSON.stringify({ live: liveUrl }));
+  return { installed: true, branch: branch || 'forced', files: files.length };
+}

package/src/frame-content.mjs

@@ -0,0 +1,65 @@
+export function frameBridge(side, prefix = `/__${side}`) {
+  const script = `(() => {
+    const side=${JSON.stringify(side)},prefix=${JSON.stringify(prefix)};
+    let linked=false,mirror=false;
+    const send=(type,data={})=>parent.postMessage({source:'sitedrift-frame',side,type,...data},'*');
+    const root=()=>document.scrollingElement||document.documentElement;
+    const route=()=>location.pathname.replace(prefix,'')+location.search+location.hash||'/';
+    const snapshot=()=>{
+      const q=(s)=>document.querySelector(s);
+      const imgs=[...document.querySelectorAll('img')];
+      const title=(document.title||'').trim();
+      const description=q('meta[name="description"]')?.content?.trim()||'';
+      const canonical=q('link[rel="canonical"]')?.href||'';
+      const checks=[
+        ['Title present',!!title],['Title 30–60 chars',title.length>=30&&title.length<=60,title.length+''],
+        ['Meta description',!!description],['Description 70–160',description.length>=70&&description.length<=160,description.length+''],
+        ['Exactly one H1',document.querySelectorAll('h1').length===1,document.querySelectorAll('h1').length+' found'],
+        ['Canonical link',!!q('link[rel="canonical"]')],['Viewport meta',!!q('meta[name="viewport"]')],
+        ['html lang',!!document.documentElement.lang],['Open Graph title',!!q('meta[property="og:title"]')],
+        ['Open Graph image',!!q('meta[property="og:image"]')],
+        ['Not noindex',!(q('meta[name="robots"]')?.content||'').toLowerCase().includes('noindex')],
+        ['Favicon',!!q('link[rel~="icon"]')],
+        ['Images have alt',imgs.every((img)=>img.hasAttribute('alt')),imgs.filter((img)=>!img.hasAttribute('alt')).length+' missing']
+      ].map(([label,ok,note])=>({label,ok,note}));
+      send('ready',{route:route(),meta:{title,description,canonical,heading:q('h1')?.textContent?.trim()||'',
+        siteName:q('meta[property="og:site_name"]')?.content?.trim()||'',icon:q('link[rel~="icon"]')?.href||'',checks}});
+      send('scroll',{y:scrollY,max:Math.max(0,root().scrollHeight-innerHeight)});
+    };
+    addEventListener('message',(event)=>{
+      const msg=event.data||{};
+      if(msg.source!=='sitedrift-parent'||msg.side!==side)return;
+      if(msg.type==='settings'){linked=!!msg.linked;mirror=!!msg.mirror;document.documentElement.style.scrollBehavior='auto';}
+      if(msg.type==='scroll'){root().scrollTop=msg.y;}
+      if(msg.type==='reload')location.reload();
+    });
+    addEventListener('scroll',()=>send('scroll',{y:scrollY,max:Math.max(0,root().scrollHeight-innerHeight)}),{passive:true});
+    addEventListener('wheel',(event)=>{if(!linked||!event.deltaY)return;event.preventDefault();send('wheel',{delta:event.deltaY,mode:event.deltaMode,height:innerHeight,y:scrollY});},{passive:false,capture:true});
+    addEventListener('keydown',(event)=>{
+      const typing=/^(INPUT|TEXTAREA|SELECT)$/.test(event.target.tagName)||event.target.isContentEditable;
+      if(!typing&&!event.metaKey&&!event.ctrlKey&&!event.altKey&&['r','s','0','/','o','d'].includes(event.key.toLowerCase())){
+        event.preventDefault();send('key',{key:event.key.toLowerCase()});return;
+      }
+      if(linked&&!typing&&!event.metaKey&&!event.ctrlKey&&!event.altKey)send('key',{key:event.key,shift:event.shiftKey,y:scrollY,height:innerHeight,max:Math.max(0,root().scrollHeight-innerHeight)});
+    },true);
+    addEventListener('click',(event)=>{
+      if(!mirror||event.defaultPrevented||event.button!==0||event.metaKey||event.ctrlKey||event.shiftKey||event.altKey)return;
+      const link=event.target.closest('a[href]');if(!link||link.target==='_blank'||link.hasAttribute('download'))return;
+      const url=new URL(link.href,location.href);if(url.origin!==location.origin||!url.pathname.startsWith(prefix))return;
+      event.preventDefault();send('navigate',{route:url.pathname.slice(prefix.length)||'/'});
+    },true);
+    addEventListener('DOMContentLoaded',snapshot,{once:true});if(document.readyState!=='loading')snapshot();
+  })();`;
+  return `<script>${script.replace(/<\//g, '<\\/')}</script>`;
+}
+
+export function rewriteRootPaths(body, prefix) {
+  return body
+    .replace(/(\b(?:href|src|action|poster)=["'])\/(?!\/)/gi, `$1${prefix}/`)
+    .replace(/\bsrcset=(["'])(.*?)\1/gi, (attribute, quote, value) => {
+      const rewritten = value.replace(/(^|,\s*)\/(?!\/)/g, `$1${prefix}/`);
+      return `srcset=${quote}${rewritten}${quote}`;
+    })
+    .replace(/url\((["']?)\/(?!\/)/gi, `url($1${prefix}/`)
+    .replace(/(["'`])\/(@(?:id|vite|fs)\/|_astro\/)/g, `$1${prefix}/$2`);
+}

package/src/http.mjs

@@ -0,0 +1,21 @@
+// Small shared HTTP helpers used by the request handler and proxy.
+
+export function send(res, status, body, type = 'text/plain; charset=utf-8') {
+  res.writeHead(status, {
+    'Content-Type': type,
+    'Cache-Control': 'no-store',
+  });
+  res.end(body);
+}
+
+export function readBody(req) {
+  return new Promise((resolve) => {
+    let data = '';
+    req.on('data', (chunk) => {
+      data += chunk;
+      if (data.length > 1e6) req.destroy();
+    });
+    req.on('end', () => resolve(data));
+    req.on('error', () => resolve(data));
+  });
+}