smartcontext-proxy 0.1.0 → 0.2.0

package/dist/src/proxy/tls-interceptor.js

@@ -0,0 +1,211 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.interceptTLS = interceptTLS;
+const node_tls_1 = __importDefault(require("node:tls"));
+const node_http_1 = __importDefault(require("node:http"));
+const node_https_1 = __importDefault(require("node:https"));
+const ca_manager_js_1 = require("../tls/ca-manager.js");
+const chunker_js_1 = require("../context/chunker.js");
+const canonical_js_1 = require("../context/canonical.js");
+/**
+ * Intercept TLS connection to an LLM provider.
+ * Terminates TLS with a generated cert, parses the HTTP request inside,
+ * optionally optimizes context, then forwards to the real provider.
+ */
+function interceptTLS(clientSocket, hostname, port, match, options) {
+    const { cert, key } = (0, ca_manager_js_1.getCertForHost)(hostname);
+    const tlsSocket = new node_tls_1.default.TLSSocket(clientSocket, {
+        isServer: true,
+        cert,
+        key,
+    });
+    // Tell client the tunnel is established
+    clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+    // Read HTTP request from decrypted TLS stream
+    let requestData = Buffer.alloc(0);
+    let headersParsed = false;
+    let contentLength = 0;
+    let headerEnd = -1;
+    tlsSocket.on('data', (chunk) => {
+        requestData = Buffer.concat([requestData, chunk]);
+        if (!headersParsed) {
+            headerEnd = requestData.indexOf('\r\n\r\n');
+            if (headerEnd === -1)
+                return; // Wait for more data
+            headersParsed = true;
+            const headersStr = requestData.subarray(0, headerEnd).toString();
+            const clMatch = headersStr.match(/content-length:\s*(\d+)/i);
+            contentLength = clMatch ? parseInt(clMatch[1], 10) : 0;
+        }
+        const bodyStart = headerEnd + 4;
+        const bodyReceived = requestData.length - bodyStart;
+        if (bodyReceived >= contentLength) {
+            tlsSocket.pause();
+            handleInterceptedRequest(requestData, hostname, port, match, options, tlsSocket).catch((err) => {
+                options.log('error', `Intercept error: ${err}`);
+                try {
+                    tlsSocket.write('HTTP/1.1 502 Bad Gateway\r\nContent-Length: 0\r\n\r\n');
+                    tlsSocket.end();
+                }
+                catch { }
+            });
+        }
+    });
+    tlsSocket.on('error', (err) => {
+        options.log('error', `TLS socket error for ${hostname}: ${err.message}`);
+    });
+}
+/**
+ * Handle an intercepted HTTP request: parse, optimize, forward, stream back.
+ */
+async function handleInterceptedRequest(rawRequest, hostname, port, match, options, clientTLS) {
+    const startTime = Date.now();
+    options.requestCounter.value++;
+    const reqId = options.requestCounter.value;
+    // Parse raw HTTP request
+    const headerEnd = rawRequest.indexOf('\r\n\r\n');
+    const headersStr = rawRequest.subarray(0, headerEnd).toString();
+    const body = rawRequest.subarray(headerEnd + 4);
+    const [requestLine, ...headerLines] = headersStr.split('\r\n');
+    const [method, path] = requestLine.split(' ');
+    const headers = {};
+    for (const line of headerLines) {
+        const colonIdx = line.indexOf(':');
+        if (colonIdx > 0) {
+            headers[line.substring(0, colonIdx).toLowerCase().trim()] = line.substring(colonIdx + 1).trim();
+        }
+    }
+    // Find adapter for this provider
+    const adapter = options.adapters.get(match.provider);
+    let forwardBody;
+    let originalTokens = 0;
+    let optimizedTokens = 0;
+    let savingsPercent = 0;
+    let chunksRetrieved = 0;
+    let topScore = 0;
+    let passThrough = true;
+    let reason;
+    let model = 'unknown';
+    if (adapter && body.length > 0) {
+        try {
+            const parsed = JSON.parse(body.toString());
+            model = parsed.model || 'unknown';
+            const canonical = adapter.parseRequest(parsed, headers);
+            originalTokens = (0, chunker_js_1.estimateTokens)(canonical.systemPrompt || '') +
+                canonical.messages.reduce((sum, m) => sum + (0, chunker_js_1.estimateTokens)((0, canonical_js_1.getTextContent)(m)), 0);
+            // Optimize if available and not paused
+            if (options.optimizer && !options.paused) {
+                try {
+                    const result = await options.optimizer.optimize(canonical);
+                    passThrough = result.passThrough;
+                    reason = result.reason;
+                    if (!result.passThrough) {
+                        canonical.messages = result.optimizedMessages;
+                        if (result.systemPrompt !== undefined)
+                            canonical.systemPrompt = result.systemPrompt;
+                        optimizedTokens = result.packed.optimizedTokens;
+                        savingsPercent = result.packed.savingsPercent;
+                    }
+                    if (result.retrieval) {
+                        chunksRetrieved = result.retrieval.chunks.length;
+                        topScore = result.retrieval.topScore;
+                    }
+                }
+                catch (err) {
+                    passThrough = true;
+                    reason = `optimization error: ${err}`;
+                }
+            }
+            if (!passThrough) {
+                forwardBody = Buffer.from(JSON.stringify(adapter.serializeRequest(canonical)));
+            }
+            else {
+                forwardBody = body;
+                optimizedTokens = originalTokens;
+            }
+        }
+        catch {
+            forwardBody = body;
+            optimizedTokens = originalTokens;
+        }
+    }
+    else {
+        forwardBody = body;
+    }
+    const latencyOverhead = Date.now() - startTime;
+    const savingsStr = passThrough ? 'pass' : `-${savingsPercent}%`;
+    options.log('info', `#${reqId} ${match.provider}/${model} ${originalTokens}→${optimizedTokens} ${savingsStr} ${latencyOverhead}ms [intercepted]`);
+    // Forward to real provider
+    const useHTTPS = port === 443 || hostname.includes('.');
+    const transport = useHTTPS ? node_https_1.default : node_http_1.default;
+    const forwardUrl = `${useHTTPS ? 'https' : 'http'}://${hostname}:${port}${path}`;
+    const forwardHeaders = { ...headers };
+    forwardHeaders['host'] = hostname;
+    forwardHeaders['content-length'] = String(forwardBody.length);
+    const providerRes = await new Promise((resolve, reject) => {
+        const proxyReq = transport.request(forwardUrl, {
+            method,
+            headers: forwardHeaders,
+        }, resolve);
+        proxyReq.on('error', reject);
+        proxyReq.write(forwardBody);
+        proxyReq.end();
+    });
+    // Build response headers
+    const resHeaders = [
+        `HTTP/1.1 ${providerRes.statusCode} ${providerRes.statusMessage}`,
+    ];
+    for (const [key, val] of Object.entries(providerRes.headers)) {
+        if (val) {
+            const values = Array.isArray(val) ? val : [val];
+            for (const v of values) {
+                resHeaders.push(`${key}: ${v}`);
+            }
+        }
+    }
+    resHeaders.push('', '');
+    clientTLS.write(resHeaders.join('\r\n'));
+    // Stream response body
+    await new Promise((resolve) => {
+        providerRes.on('data', (chunk) => {
+            clientTLS.write(chunk);
+        });
+        providerRes.on('end', () => {
+            clientTLS.end();
+            resolve();
+        });
+        providerRes.on('error', () => {
+            clientTLS.end();
+            resolve();
+        });
+    });
+    // Record metrics
+    options.metrics.record({
+        id: reqId,
+        timestamp: Date.now(),
+        provider: match.provider,
+        model,
+        streaming: headers['accept']?.includes('text/event-stream') || false,
+        originalTokens,
+        optimizedTokens,
+        savingsPercent,
+        latencyOverheadMs: latencyOverhead,
+        chunksRetrieved,
+        topScore,
+        passThrough,
+        reason,
+    });
+    // Async post-indexing
+    if (options.optimizer && !passThrough && adapter) {
+        try {
+            const parsed = JSON.parse(body.toString());
+            const canonical = adapter.parseRequest(parsed, headers);
+            options.optimizer.indexExchange(canonical.messages, `intercepted-${reqId}`).catch(() => { });
+        }
+        catch { }
+    }
+}
+//# sourceMappingURL=tls-interceptor.js.map

package/dist/src/proxy/tunnel.d.ts

@@ -0,0 +1,7 @@
+import type { Socket } from 'node:net';
+/**
+ * Create a blind TCP tunnel between client and target.
+ * Zero overhead — no inspection, no buffering.
+ * Used for non-LLM HTTPS traffic.
+ */
+export declare function createTunnel(clientSocket: Socket, targetHost: string, targetPort: number): void;

package/dist/src/proxy/tunnel.js

@@ -0,0 +1,33 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createTunnel = createTunnel;
+const node_net_1 = __importDefault(require("node:net"));
+/**
+ * Create a blind TCP tunnel between client and target.
+ * Zero overhead — no inspection, no buffering.
+ * Used for non-LLM HTTPS traffic.
+ */
+function createTunnel(clientSocket, targetHost, targetPort) {
+    const targetSocket = node_net_1.default.connect(targetPort, targetHost, () => {
+        clientSocket.write('HTTP/1.1 200 Connection Established\r\n\r\n');
+        targetSocket.pipe(clientSocket);
+        clientSocket.pipe(targetSocket);
+    });
+    targetSocket.on('error', (err) => {
+        clientSocket.write(`HTTP/1.1 502 Bad Gateway\r\n\r\n`);
+        clientSocket.end();
+    });
+    clientSocket.on('error', () => {
+        targetSocket.destroy();
+    });
+    clientSocket.on('close', () => {
+        targetSocket.destroy();
+    });
+    targetSocket.on('close', () => {
+        clientSocket.destroy();
+    });
+}
+//# sourceMappingURL=tunnel.js.map

package/dist/src/system/installer.d.ts

@@ -0,0 +1,25 @@
+export interface InstallResult {
+    success: boolean;
+    steps: Array<{
+        step: string;
+        success: boolean;
+        message: string;
+    }>;
+}
+/**
+ * Full installation:
+ * 1. Generate CA cert
+ * 2. Install CA in trust store
+ * 3. Configure system proxy
+ * 4. Install system service
+ */
+export declare function install(port: number): InstallResult;
+/**
+ * Full uninstallation:
+ * 1. Remove system service
+ * 2. Clear system proxy
+ * 3. Remove CA from trust store
+ */
+export declare function uninstall(purge?: boolean): InstallResult;
+/** Check installation status */
+export declare function status(port: number): Record<string, boolean | string>;

package/dist/src/system/installer.js

@@ -0,0 +1,180 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.install = install;
+exports.uninstall = uninstall;
+exports.status = status;
+const ca_manager_js_1 = require("../tls/ca-manager.js");
+const trust_store_js_1 = require("../tls/trust-store.js");
+const service_js_1 = require("../daemon/service.js");
+const macos = __importStar(require("./macos.js"));
+const linux = __importStar(require("./linux.js"));
+const platform = process.platform === 'darwin' ? macos : linux;
+/**
+ * Full installation:
+ * 1. Generate CA cert
+ * 2. Install CA in trust store
+ * 3. Configure system proxy
+ * 4. Install system service
+ */
+function install(port) {
+    const steps = [];
+    let allOk = true;
+    // Step 1: Generate CA
+    try {
+        (0, ca_manager_js_1.ensureCA)();
+        steps.push({ step: 'Generate CA certificate', success: true, message: `CA cert at ${(0, ca_manager_js_1.getCACertPath)()}` });
+    }
+    catch (err) {
+        steps.push({ step: 'Generate CA certificate', success: false, message: String(err) });
+        allOk = false;
+    }
+    // Step 2: Install CA in trust store
+    if (allOk) {
+        const result = (0, trust_store_js_1.installCA)();
+        steps.push({ step: 'Install CA in trust store', success: result.success, message: result.message });
+        if (!result.success)
+            allOk = false;
+    }
+    // Step 3: Configure system proxy (PAC URL for selective proxying)
+    if (allOk) {
+        if (process.platform === 'darwin') {
+            const result = macos.setAutoproxyURL(`http://127.0.0.1:${port}/proxy.pac`);
+            steps.push({ step: 'Configure system proxy (PAC)', success: result.success, message: result.message });
+            if (!result.success)
+                allOk = false;
+        }
+        else {
+            const result = platform.setSystemProxy('127.0.0.1', port);
+            steps.push({ step: 'Configure system proxy', success: result.success, message: result.message });
+            if (!result.success)
+                allOk = false;
+        }
+    }
+    // Step 4: Install system service
+    if (allOk) {
+        try {
+            const servicePath = (0, service_js_1.installService)(port);
+            steps.push({ step: 'Install system service', success: true, message: `Service at ${servicePath}` });
+        }
+        catch (err) {
+            steps.push({ step: 'Install system service', success: false, message: String(err) });
+            // Non-fatal: proxy can still run manually
+        }
+    }
+    // Rollback on failure
+    if (!allOk) {
+        rollback(steps);
+    }
+    return { success: allOk, steps };
+}
+/**
+ * Full uninstallation:
+ * 1. Remove system service
+ * 2. Clear system proxy
+ * 3. Remove CA from trust store
+ */
+function uninstall(purge = false) {
+    const steps = [];
+    // Step 1: Remove service
+    try {
+        const msg = (0, service_js_1.uninstallService)();
+        steps.push({ step: 'Remove system service', success: true, message: msg });
+    }
+    catch (err) {
+        steps.push({ step: 'Remove system service', success: false, message: String(err) });
+    }
+    // Step 2: Clear proxy
+    if (process.platform === 'darwin') {
+        const r1 = macos.clearAutoproxyURL();
+        steps.push({ step: 'Clear auto-proxy', success: r1.success, message: r1.message });
+        const r2 = macos.clearSystemProxy();
+        steps.push({ step: 'Clear system proxy', success: r2.success, message: r2.message });
+    }
+    else {
+        const r = linux.clearSystemProxy();
+        steps.push({ step: 'Clear system proxy', success: r.success, message: r.message });
+    }
+    // Step 3: Remove CA
+    const caResult = (0, trust_store_js_1.uninstallCA)();
+    steps.push({ step: 'Remove CA from trust store', success: caResult.success, message: caResult.message });
+    // Step 4: Purge data (optional)
+    if (purge) {
+        try {
+            const fs = require('node:fs');
+            const path = require('node:path');
+            const dataDir = path.join(process.env['HOME'] || '.', '.smartcontext');
+            fs.rmSync(dataDir, { recursive: true, force: true });
+            steps.push({ step: 'Purge data directory', success: true, message: `Removed ${dataDir}` });
+        }
+        catch (err) {
+            steps.push({ step: 'Purge data directory', success: false, message: String(err) });
+        }
+    }
+    const allOk = steps.every((s) => s.success);
+    return { success: allOk, steps };
+}
+/** Check installation status */
+function status(port) {
+    return {
+        caExists: require('node:fs').existsSync((0, ca_manager_js_1.getCACertPath)()),
+        caInstalled: (0, trust_store_js_1.isCAInstalled)(),
+        proxyConfigured: platform.isProxyConfigured(port),
+    };
+}
+/** Rollback completed steps on failure */
+function rollback(completedSteps) {
+    for (const step of completedSteps.reverse()) {
+        if (!step.success)
+            continue;
+        try {
+            if (step.step.includes('CA in trust store'))
+                (0, trust_store_js_1.uninstallCA)();
+            if (step.step.includes('system proxy') || step.step.includes('PAC')) {
+                if (process.platform === 'darwin') {
+                    macos.clearAutoproxyURL();
+                    macos.clearSystemProxy();
+                }
+                else {
+                    linux.clearSystemProxy();
+                }
+            }
+            if (step.step.includes('system service'))
+                (0, service_js_1.uninstallService)();
+        }
+        catch { }
+    }
+}
+//# sourceMappingURL=installer.js.map

package/dist/src/system/linux.d.ts

@@ -0,0 +1,11 @@
+/** Configure Linux system proxy */
+export declare function setSystemProxy(host: string, port: number): {
+    success: boolean;
+    message: string;
+};
+/** Clear Linux system proxy */
+export declare function clearSystemProxy(): {
+    success: boolean;
+    message: string;
+};
+export declare function isProxyConfigured(port: number): boolean;

package/dist/src/system/linux.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setSystemProxy = setSystemProxy;
+exports.clearSystemProxy = clearSystemProxy;
+exports.isProxyConfigured = isProxyConfigured;
+const node_child_process_1 = require("node:child_process");
+/** Configure Linux system proxy */
+function setSystemProxy(host, port) {
+    const proxyUrl = `http://${host}:${port}`;
+    try {
+        // Try GNOME settings
+        try {
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy', 'mode', "'manual'"], { stdio: 'pipe' });
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy.http', 'host', `'${host}'`], { stdio: 'pipe' });
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy.http', 'port', String(port)], { stdio: 'pipe' });
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy.https', 'host', `'${host}'`], { stdio: 'pipe' });
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy.https', 'port', String(port)], { stdio: 'pipe' });
+        }
+        catch { }
+        // Write environment file for shell sessions
+        const envFile = '/etc/profile.d/smartcontext-proxy.sh';
+        const content = `# SmartContext Proxy - auto-generated
+export http_proxy="${proxyUrl}"
+export https_proxy="${proxyUrl}"
+export HTTP_PROXY="${proxyUrl}"
+export HTTPS_PROXY="${proxyUrl}"
+export no_proxy="localhost,127.0.0.1,::1"
+`;
+        try {
+            (0, node_child_process_1.execFileSync)('sudo', ['tee', envFile], { input: content, stdio: ['pipe', 'pipe', 'pipe'] });
+        }
+        catch { }
+        return { success: true, message: `System proxy set to ${proxyUrl}` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}` };
+    }
+}
+/** Clear Linux system proxy */
+function clearSystemProxy() {
+    try {
+        try {
+            (0, node_child_process_1.execFileSync)('gsettings', ['set', 'org.gnome.system.proxy', 'mode', "'none'"], { stdio: 'pipe' });
+        }
+        catch { }
+        try {
+            (0, node_child_process_1.execFileSync)('sudo', ['rm', '-f', '/etc/profile.d/smartcontext-proxy.sh'], { stdio: 'pipe' });
+        }
+        catch { }
+        return { success: true, message: 'System proxy cleared' };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}` };
+    }
+}
+function isProxyConfigured(port) {
+    const proxyEnv = process.env['https_proxy'] || process.env['HTTPS_PROXY'] || '';
+    return proxyEnv.includes(String(port));
+}
+//# sourceMappingURL=linux.js.map

package/dist/src/system/macos.d.ts

@@ -0,0 +1,24 @@
+/** Get active network interface name (e.g., "Wi-Fi", "Ethernet") */
+export declare function getActiveInterface(): string;
+/** Configure macOS system proxy to use SmartContext */
+export declare function setSystemProxy(host: string, port: number): {
+    success: boolean;
+    message: string;
+};
+/** Remove system proxy configuration */
+export declare function clearSystemProxy(): {
+    success: boolean;
+    message: string;
+};
+/** Set PAC URL as auto-proxy configuration */
+export declare function setAutoproxyURL(pacUrl: string): {
+    success: boolean;
+    message: string;
+};
+/** Clear auto-proxy configuration */
+export declare function clearAutoproxyURL(): {
+    success: boolean;
+    message: string;
+};
+/** Check if system proxy is currently set to SmartContext */
+export declare function isProxyConfigured(port: number): boolean;

package/dist/src/system/macos.js

@@ -0,0 +1,98 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getActiveInterface = getActiveInterface;
+exports.setSystemProxy = setSystemProxy;
+exports.clearSystemProxy = clearSystemProxy;
+exports.setAutoproxyURL = setAutoproxyURL;
+exports.clearAutoproxyURL = clearAutoproxyURL;
+exports.isProxyConfigured = isProxyConfigured;
+const node_child_process_1 = require("node:child_process");
+/** Get active network interface name (e.g., "Wi-Fi", "Ethernet") */
+function getActiveInterface() {
+    try {
+        const route = (0, node_child_process_1.execFileSync)('route', ['-n', 'get', 'default'], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+        const ifMatch = route.match(/interface:\s*(\S+)/);
+        if (!ifMatch)
+            return 'Wi-Fi';
+        const ifName = ifMatch[1];
+        // Map interface ID to service name
+        const services = (0, node_child_process_1.execFileSync)('networksetup', ['-listallhardwareports'], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+        const lines = services.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            if (lines[i].includes(`Device: ${ifName}`)) {
+                const nameLine = lines[i - 1];
+                const nameMatch = nameLine?.match(/Hardware Port:\s*(.+)/);
+                if (nameMatch)
+                    return nameMatch[1];
+            }
+        }
+        return 'Wi-Fi';
+    }
+    catch {
+        return 'Wi-Fi';
+    }
+}
+/** Configure macOS system proxy to use SmartContext */
+function setSystemProxy(host, port) {
+    const iface = getActiveInterface();
+    try {
+        // Set HTTPS proxy
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setsecurewebproxy', iface, host, String(port)], { stdio: 'pipe' });
+        // Set HTTP proxy
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setwebproxy', iface, host, String(port)], { stdio: 'pipe' });
+        // Enable them
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setsecurewebproxystate', iface, 'on'], { stdio: 'pipe' });
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setwebproxystate', iface, 'on'], { stdio: 'pipe' });
+        return { success: true, message: `System proxy set to ${host}:${port} on ${iface}` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed to set proxy on ${iface}: ${err}` };
+    }
+}
+/** Remove system proxy configuration */
+function clearSystemProxy() {
+    const iface = getActiveInterface();
+    try {
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setsecurewebproxystate', iface, 'off'], { stdio: 'pipe' });
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setwebproxystate', iface, 'off'], { stdio: 'pipe' });
+        return { success: true, message: `System proxy cleared on ${iface}` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed to clear proxy on ${iface}: ${err}` };
+    }
+}
+/** Set PAC URL as auto-proxy configuration */
+function setAutoproxyURL(pacUrl) {
+    const iface = getActiveInterface();
+    try {
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setautoproxyurl', iface, pacUrl], { stdio: 'pipe' });
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setautoproxystate', iface, 'on'], { stdio: 'pipe' });
+        return { success: true, message: `Auto-proxy URL set to ${pacUrl} on ${iface}` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}` };
+    }
+}
+/** Clear auto-proxy configuration */
+function clearAutoproxyURL() {
+    const iface = getActiveInterface();
+    try {
+        (0, node_child_process_1.execFileSync)('networksetup', ['-setautoproxystate', iface, 'off'], { stdio: 'pipe' });
+        return { success: true, message: `Auto-proxy cleared on ${iface}` };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}` };
+    }
+}
+/** Check if system proxy is currently set to SmartContext */
+function isProxyConfigured(port) {
+    const iface = getActiveInterface();
+    try {
+        const info = (0, node_child_process_1.execFileSync)('networksetup', ['-getsecurewebproxy', iface], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+        return info.includes(`Port: ${port}`) && info.includes('Enabled: Yes');
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=macos.js.map

package/dist/src/system/watchdog.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Start watchdog that monitors proxy health.
+ * If proxy becomes unreachable, auto-removes system proxy config
+ * to prevent breaking the user's internet.
+ */
+export declare function startWatchdog(proxyPort: number): void;
+export declare function stopWatchdog(): void;