smartcontext-proxy 0.1.0 → 0.2.0

package/dist/src/system/watchdog.js

@@ -0,0 +1,115 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startWatchdog = startWatchdog;
+exports.stopWatchdog = stopWatchdog;
+const node_http_1 = __importDefault(require("node:http"));
+const macos = __importStar(require("./macos.js"));
+const linux = __importStar(require("./linux.js"));
+const CHECK_INTERVAL = 10_000; // 10 seconds
+let watchdogTimer = null;
+let port = 4800;
+/**
+ * Start watchdog that monitors proxy health.
+ * If proxy becomes unreachable, auto-removes system proxy config
+ * to prevent breaking the user's internet.
+ */
+function startWatchdog(proxyPort) {
+    port = proxyPort;
+    watchdogTimer = setInterval(() => {
+        checkHealth().catch(() => {
+            console.log('[watchdog] Proxy unreachable — clearing system proxy');
+            emergencyClearProxy();
+            stopWatchdog();
+        });
+    }, CHECK_INTERVAL);
+    // Also clear proxy on process exit
+    process.on('exit', emergencyClearProxy);
+    process.on('uncaughtException', (err) => {
+        console.error('[watchdog] Uncaught exception:', err);
+        emergencyClearProxy();
+        process.exit(1);
+    });
+    process.on('unhandledRejection', (err) => {
+        console.error('[watchdog] Unhandled rejection:', err);
+    });
+}
+function stopWatchdog() {
+    if (watchdogTimer) {
+        clearInterval(watchdogTimer);
+        watchdogTimer = null;
+    }
+}
+function checkHealth() {
+    return new Promise((resolve, reject) => {
+        const req = node_http_1.default.get(`http://127.0.0.1:${port}/health`, { timeout: 5000 }, (res) => {
+            let data = '';
+            res.on('data', (chunk) => (data += chunk));
+            res.on('end', () => {
+                try {
+                    const parsed = JSON.parse(data);
+                    if (parsed.ok)
+                        resolve();
+                    else
+                        reject(new Error('Health check failed'));
+                }
+                catch {
+                    reject(new Error('Invalid health response'));
+                }
+            });
+        });
+        req.on('error', reject);
+        req.on('timeout', () => {
+            req.destroy();
+            reject(new Error('Health check timeout'));
+        });
+    });
+}
+function emergencyClearProxy() {
+    try {
+        if (process.platform === 'darwin') {
+            macos.clearAutoproxyURL();
+            macos.clearSystemProxy();
+        }
+        else {
+            linux.clearSystemProxy();
+        }
+    }
+    catch { }
+}
+//# sourceMappingURL=watchdog.js.map

package/dist/src/test/connect-proxy.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/src/test/connect-proxy.test.js

@@ -0,0 +1,147 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const node_test_1 = require("node:test");
+const node_assert_1 = __importDefault(require("node:assert"));
+const node_http_1 = __importDefault(require("node:http"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const connect_proxy_js_1 = require("../proxy/connect-proxy.js");
+const auto_detect_js_1 = require("../config/auto-detect.js");
+const ca_manager_js_1 = require("../tls/ca-manager.js");
+const classifier_js_1 = require("../proxy/classifier.js");
+function httpRequest(url, options) {
+    return new Promise((resolve, reject) => {
+        const req = node_http_1.default.request(url, options, (res) => {
+            let data = '';
+            res.on('data', (chunk) => (data += chunk));
+            res.on('end', () => resolve({ status: res.statusCode || 0, body: data }));
+        });
+        req.on('error', reject);
+        req.end();
+    });
+}
+(0, node_test_1.describe)('Traffic Classifier', () => {
+    (0, node_test_1.it)('identifies Anthropic as LLM', () => {
+        const match = (0, classifier_js_1.classifyHost)('api.anthropic.com', 443);
+        node_assert_1.default.ok(match);
+        node_assert_1.default.strictEqual(match.provider, 'anthropic');
+    });
+    (0, node_test_1.it)('identifies OpenAI as LLM', () => {
+        const match = (0, classifier_js_1.classifyHost)('api.openai.com', 443);
+        node_assert_1.default.ok(match);
+        node_assert_1.default.strictEqual(match.provider, 'openai');
+    });
+    (0, node_test_1.it)('identifies Ollama local as LLM', () => {
+        const match = (0, classifier_js_1.classifyHost)('localhost', 11434);
+        node_assert_1.default.ok(match);
+        node_assert_1.default.strictEqual(match.provider, 'ollama');
+    });
+    (0, node_test_1.it)('returns null for non-LLM hosts', () => {
+        node_assert_1.default.strictEqual((0, classifier_js_1.classifyHost)('google.com', 443), null);
+        node_assert_1.default.strictEqual((0, classifier_js_1.classifyHost)('github.com', 443), null);
+        node_assert_1.default.strictEqual((0, classifier_js_1.classifyHost)('localhost', 3000), null);
+    });
+    (0, node_test_1.it)('identifies all known providers', () => {
+        const providers = [
+            ['api.anthropic.com', 'anthropic'],
+            ['api.openai.com', 'openai'],
+            ['generativelanguage.googleapis.com', 'google'],
+            ['openrouter.ai', 'openrouter'],
+            ['api.groq.com', 'groq'],
+            ['api.deepseek.com', 'deepseek'],
+        ];
+        for (const [host, expected] of providers) {
+            const match = (0, classifier_js_1.classifyHost)(host, 443);
+            node_assert_1.default.ok(match, `Should match ${host}`);
+            node_assert_1.default.strictEqual(match.provider, expected);
+        }
+    });
+});
+(0, node_test_1.describe)('CA Manager', () => {
+    (0, node_test_1.it)('generates CA cert on first call', () => {
+        const result = (0, ca_manager_js_1.ensureCA)();
+        node_assert_1.default.ok(result.cert.includes('BEGIN CERTIFICATE'));
+        node_assert_1.default.ok(result.key.includes('BEGIN RSA PRIVATE KEY'));
+    });
+    (0, node_test_1.it)('returns same cert on subsequent calls', () => {
+        const a = (0, ca_manager_js_1.ensureCA)();
+        const b = (0, ca_manager_js_1.ensureCA)();
+        node_assert_1.default.strictEqual(a.cert, b.cert);
+    });
+    (0, node_test_1.it)('CA cert file exists on disk', () => {
+        node_assert_1.default.ok(node_fs_1.default.existsSync((0, ca_manager_js_1.getCACertPath)()));
+    });
+});
+(0, node_test_1.describe)('CONNECT Proxy', () => {
+    let proxy;
+    const PROXY_PORT = 14820;
+    (0, node_test_1.before)(async () => {
+        (0, ca_manager_js_1.ensureCA)();
+        const config = (0, auto_detect_js_1.buildConfig)({ proxy: { port: PROXY_PORT, host: '127.0.0.1' } });
+        config.logging.level = 'error';
+        proxy = new connect_proxy_js_1.ConnectProxy(config);
+        await proxy.start();
+    });
+    (0, node_test_1.after)(async () => {
+        await proxy.stop();
+    });
+    (0, node_test_1.it)('serves dashboard at root', async () => {
+        const res = await httpRequest(`http://127.0.0.1:${PROXY_PORT}/`, { method: 'GET' });
+        node_assert_1.default.strictEqual(res.status, 200);
+        node_assert_1.default.ok(res.body.includes('SmartContext'));
+    });
+    (0, node_test_1.it)('serves health endpoint', async () => {
+        const res = await httpRequest(`http://127.0.0.1:${PROXY_PORT}/health`, { method: 'GET' });
+        node_assert_1.default.strictEqual(res.status, 200);
+        const data = JSON.parse(res.body);
+        node_assert_1.default.strictEqual(data.ok, true);
+        node_assert_1.default.strictEqual(data.type, 'connect-proxy');
+    });
+    (0, node_test_1.it)('serves PAC file', async () => {
+        const res = await httpRequest(`http://127.0.0.1:${PROXY_PORT}/proxy.pac`, { method: 'GET' });
+        node_assert_1.default.strictEqual(res.status, 200);
+        node_assert_1.default.ok(res.body.includes('FindProxyForURL'));
+        node_assert_1.default.ok(res.body.includes('api.anthropic.com'));
+        node_assert_1.default.ok(res.body.includes('api.openai.com'));
+    });
+    (0, node_test_1.it)('API endpoints work', async () => {
+        const status = await httpRequest(`http://127.0.0.1:${PROXY_PORT}/_sc/status`, { method: 'GET' });
+        node_assert_1.default.strictEqual(JSON.parse(status.body).state, 'running');
+        const stats = await httpRequest(`http://127.0.0.1:${PROXY_PORT}/_sc/stats`, { method: 'GET' });
+        node_assert_1.default.strictEqual(JSON.parse(stats.body).totalRequests, 0);
+    });
+    (0, node_test_1.it)('handles CONNECT to non-LLM host (tunnel)', async () => {
+        // Create a simple target server
+        const targetServer = node_http_1.default.createServer((req, res) => {
+            res.writeHead(200);
+            res.end('target-ok');
+        });
+        await new Promise((r) => targetServer.listen(14821, '127.0.0.1', r));
+        // Send CONNECT through proxy
+        const tunnelOk = await new Promise((resolve) => {
+            const req = node_http_1.default.request({
+                host: '127.0.0.1',
+                port: PROXY_PORT,
+                method: 'CONNECT',
+                path: '127.0.0.1:14821',
+            });
+            req.on('connect', (res, socket) => {
+                // Send HTTP request through tunnel
+                socket.write('GET / HTTP/1.1\r\nHost: 127.0.0.1\r\n\r\n');
+                let data = '';
+                socket.on('data', (chunk) => { data += chunk; });
+                socket.on('end', () => {
+                    socket.destroy();
+                    resolve(data.includes('target-ok'));
+                });
+            });
+            req.on('error', () => resolve(false));
+            req.end();
+        });
+        targetServer.close();
+        node_assert_1.default.ok(tunnelOk, 'Should tunnel non-LLM traffic');
+    });
+});
+//# sourceMappingURL=connect-proxy.test.js.map

package/dist/src/tls/ca-manager.d.ts

@@ -0,0 +1,9 @@
+export interface CertPair {
+    cert: string;
+    key: string;
+}
+/** Ensure root CA exists, generate if not */
+export declare function ensureCA(): CertPair;
+/** Generate a TLS certificate for a specific hostname, signed by our CA */
+export declare function getCertForHost(hostname: string): CertPair;
+export declare function getCACertPath(): string;

package/dist/src/tls/ca-manager.js

@@ -0,0 +1,117 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureCA = ensureCA;
+exports.getCertForHost = getCertForHost;
+exports.getCACertPath = getCACertPath;
+const node_forge_1 = __importDefault(require("node-forge"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const CA_DIR = node_path_1.default.join(process.env['HOME'] || '.', '.smartcontext', 'ca');
+const HOSTS_DIR = node_path_1.default.join(CA_DIR, 'hosts');
+const CA_CERT_PATH = node_path_1.default.join(CA_DIR, 'smartcontext-ca.crt');
+const CA_KEY_PATH = node_path_1.default.join(CA_DIR, 'smartcontext-ca.key');
+let cachedCA = null;
+const hostCertCache = new Map();
+/** Ensure root CA exists, generate if not */
+function ensureCA() {
+    node_fs_1.default.mkdirSync(CA_DIR, { recursive: true });
+    node_fs_1.default.mkdirSync(HOSTS_DIR, { recursive: true });
+    if (node_fs_1.default.existsSync(CA_CERT_PATH) && node_fs_1.default.existsSync(CA_KEY_PATH)) {
+        const cert = node_fs_1.default.readFileSync(CA_CERT_PATH, 'utf-8');
+        const key = node_fs_1.default.readFileSync(CA_KEY_PATH, 'utf-8');
+        cachedCA = {
+            cert: node_forge_1.default.pki.certificateFromPem(cert),
+            key: node_forge_1.default.pki.privateKeyFromPem(key),
+        };
+        return { cert, key };
+    }
+    // Generate new root CA
+    const keys = node_forge_1.default.pki.rsa.generateKeyPair(2048);
+    const cert = node_forge_1.default.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = generateSerial();
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 10);
+    const attrs = [
+        { name: 'commonName', value: 'SmartContext Proxy CA' },
+        { name: 'organizationName', value: 'SmartContext' },
+    ];
+    cert.setSubject(attrs);
+    cert.setIssuer(attrs);
+    cert.setExtensions([
+        { name: 'basicConstraints', cA: true, critical: true },
+        { name: 'keyUsage', keyCertSign: true, cRLSign: true, critical: true },
+        { name: 'subjectKeyIdentifier' },
+    ]);
+    cert.sign(keys.privateKey, node_forge_1.default.md.sha256.create());
+    const certPem = node_forge_1.default.pki.certificateToPem(cert);
+    const keyPem = node_forge_1.default.pki.privateKeyToPem(keys.privateKey);
+    node_fs_1.default.writeFileSync(CA_CERT_PATH, certPem);
+    node_fs_1.default.writeFileSync(CA_KEY_PATH, keyPem, { mode: 0o600 });
+    cachedCA = { cert, key: keys.privateKey };
+    return { cert: certPem, key: keyPem };
+}
+/** Generate a TLS certificate for a specific hostname, signed by our CA */
+function getCertForHost(hostname) {
+    // Check memory cache
+    const cached = hostCertCache.get(hostname);
+    if (cached)
+        return cached;
+    // Check disk cache
+    const certPath = node_path_1.default.join(HOSTS_DIR, `${hostname}.crt`);
+    const keyPath = node_path_1.default.join(HOSTS_DIR, `${hostname}.key`);
+    if (node_fs_1.default.existsSync(certPath) && node_fs_1.default.existsSync(keyPath)) {
+        const pair = {
+            cert: node_fs_1.default.readFileSync(certPath, 'utf-8'),
+            key: node_fs_1.default.readFileSync(keyPath, 'utf-8'),
+        };
+        hostCertCache.set(hostname, pair);
+        return pair;
+    }
+    // Generate new cert
+    if (!cachedCA)
+        ensureCA();
+    const keys = node_forge_1.default.pki.rsa.generateKeyPair(2048);
+    const cert = node_forge_1.default.pki.createCertificate();
+    cert.publicKey = keys.publicKey;
+    cert.serialNumber = generateSerial();
+    cert.validity.notBefore = new Date();
+    cert.validity.notAfter = new Date();
+    cert.validity.notAfter.setFullYear(cert.validity.notAfter.getFullYear() + 1);
+    cert.setSubject([{ name: 'commonName', value: hostname }]);
+    cert.setIssuer(cachedCA.cert.subject.attributes);
+    cert.setExtensions([
+        { name: 'basicConstraints', cA: false },
+        { name: 'keyUsage', digitalSignature: true, keyEncipherment: true },
+        { name: 'extKeyUsage', serverAuth: true },
+        {
+            name: 'subjectAltName',
+            altNames: [
+                { type: 2, value: hostname }, // DNS
+                ...(isIP(hostname) ? [{ type: 7, ip: hostname }] : []),
+            ],
+        },
+    ]);
+    cert.sign(cachedCA.key, node_forge_1.default.md.sha256.create());
+    const certPem = node_forge_1.default.pki.certificateToPem(cert);
+    const keyPem = node_forge_1.default.pki.privateKeyToPem(keys.privateKey);
+    node_fs_1.default.writeFileSync(certPath, certPem);
+    node_fs_1.default.writeFileSync(keyPath, keyPem, { mode: 0o600 });
+    const pair = { cert: certPem, key: keyPem };
+    hostCertCache.set(hostname, pair);
+    return pair;
+}
+function getCACertPath() {
+    return CA_CERT_PATH;
+}
+function generateSerial() {
+    return Date.now().toString(16) + Math.random().toString(16).slice(2, 10);
+}
+function isIP(str) {
+    return /^\d{1,3}(\.\d{1,3}){3}$/.test(str) || str.includes(':');
+}
+//# sourceMappingURL=ca-manager.js.map

package/dist/src/tls/trust-store.d.ts

@@ -0,0 +1,11 @@
+export interface TrustStoreResult {
+    success: boolean;
+    message: string;
+    requiresSudo: boolean;
+}
+/** Install CA cert into system trust store */
+export declare function installCA(): TrustStoreResult;
+/** Remove CA cert from system trust store */
+export declare function uninstallCA(): TrustStoreResult;
+/** Check if CA is installed in trust store */
+export declare function isCAInstalled(): boolean;

package/dist/src/tls/trust-store.js

@@ -0,0 +1,121 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.installCA = installCA;
+exports.uninstallCA = uninstallCA;
+exports.isCAInstalled = isCAInstalled;
+const node_child_process_1 = require("node:child_process");
+const node_fs_1 = __importDefault(require("node:fs"));
+const ca_manager_js_1 = require("./ca-manager.js");
+const CA_NAME = 'SmartContext Proxy CA';
+/** Install CA cert into system trust store */
+function installCA() {
+    const certPath = (0, ca_manager_js_1.getCACertPath)();
+    if (!node_fs_1.default.existsSync(certPath)) {
+        return { success: false, message: 'CA cert not found. Run ensureCA() first.', requiresSudo: false };
+    }
+    if (process.platform === 'darwin') {
+        return installMacOS(certPath);
+    }
+    else if (process.platform === 'linux') {
+        return installLinux(certPath);
+    }
+    return { success: false, message: `Unsupported platform: ${process.platform}`, requiresSudo: false };
+}
+/** Remove CA cert from system trust store */
+function uninstallCA() {
+    if (process.platform === 'darwin') {
+        return uninstallMacOS();
+    }
+    else if (process.platform === 'linux') {
+        return uninstallLinux();
+    }
+    return { success: false, message: `Unsupported platform: ${process.platform}`, requiresSudo: false };
+}
+/** Check if CA is installed in trust store */
+function isCAInstalled() {
+    if (process.platform === 'darwin') {
+        try {
+            const result = (0, node_child_process_1.execFileSync)('security', [
+                'find-certificate', '-c', CA_NAME, '-Z',
+                '/Library/Keychains/System.keychain',
+            ], { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] });
+            return result.includes(CA_NAME);
+        }
+        catch {
+            return false;
+        }
+    }
+    else if (process.platform === 'linux') {
+        const dest = '/usr/local/share/ca-certificates/smartcontext-ca.crt';
+        return node_fs_1.default.existsSync(dest);
+    }
+    return false;
+}
+function installMacOS(certPath) {
+    try {
+        // Add to system keychain (requires admin)
+        (0, node_child_process_1.execFileSync)('sudo', [
+            'security', 'add-trusted-cert',
+            '-d', '-r', 'trustRoot',
+            '-k', '/Library/Keychains/System.keychain',
+            certPath,
+        ], { stdio: 'pipe' });
+        return { success: true, message: 'CA installed in macOS System Keychain', requiresSudo: true };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        if (msg.includes('sudo') || msg.includes('password')) {
+            return { success: false, message: 'Requires sudo. Run: sudo smartcontext-proxy install', requiresSudo: true };
+        }
+        return { success: false, message: `Failed to install CA: ${msg}`, requiresSudo: true };
+    }
+}
+function uninstallMacOS() {
+    try {
+        (0, node_child_process_1.execFileSync)('sudo', [
+            'security', 'remove-trusted-cert',
+            '-d', (0, ca_manager_js_1.getCACertPath)(),
+        ], { stdio: 'pipe' });
+        return { success: true, message: 'CA removed from macOS System Keychain', requiresSudo: true };
+    }
+    catch (err) {
+        // Try alternative: delete by name
+        try {
+            (0, node_child_process_1.execFileSync)('sudo', [
+                'security', 'delete-certificate',
+                '-c', CA_NAME,
+                '/Library/Keychains/System.keychain',
+            ], { stdio: 'pipe' });
+            return { success: true, message: 'CA removed from macOS System Keychain', requiresSudo: true };
+        }
+        catch {
+            return { success: false, message: `Failed to remove CA: ${err}`, requiresSudo: true };
+        }
+    }
+}
+function installLinux(certPath) {
+    const dest = '/usr/local/share/ca-certificates/smartcontext-ca.crt';
+    try {
+        (0, node_child_process_1.execFileSync)('sudo', ['cp', certPath, dest], { stdio: 'pipe' });
+        (0, node_child_process_1.execFileSync)('sudo', ['update-ca-certificates'], { stdio: 'pipe' });
+        return { success: true, message: 'CA installed in Linux trust store', requiresSudo: true };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}`, requiresSudo: true };
+    }
+}
+function uninstallLinux() {
+    const dest = '/usr/local/share/ca-certificates/smartcontext-ca.crt';
+    try {
+        (0, node_child_process_1.execFileSync)('sudo', ['rm', '-f', dest], { stdio: 'pipe' });
+        (0, node_child_process_1.execFileSync)('sudo', ['update-ca-certificates', '--fresh'], { stdio: 'pipe' });
+        return { success: true, message: 'CA removed from Linux trust store', requiresSudo: true };
+    }
+    catch (err) {
+        return { success: false, message: `Failed: ${err}`, requiresSudo: true };
+    }
+}
+//# sourceMappingURL=trust-store.js.map

package/dist/src/tray/bridge.d.ts

@@ -0,0 +1,8 @@
+/** Build the native tray app if not already built */
+export declare function buildTray(): boolean;
+/** Launch the tray app */
+export declare function startTray(): boolean;
+/** Stop the tray app */
+export declare function stopTray(): void;
+/** Check if tray is running */
+export declare function isTrayRunning(): boolean;

package/dist/src/tray/bridge.js

@@ -0,0 +1,66 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildTray = buildTray;
+exports.startTray = startTray;
+exports.stopTray = stopTray;
+exports.isTrayRunning = isTrayRunning;
+const node_child_process_1 = require("node:child_process");
+const node_path_1 = __importDefault(require("node:path"));
+const node_fs_1 = __importDefault(require("node:fs"));
+let trayProcess = null;
+const TRAY_BINARY_DIR = node_path_1.default.join(__dirname, '..', '..', 'native', 'macos', 'SmartContextTray');
+const TRAY_BUILD_DIR = node_path_1.default.join(TRAY_BINARY_DIR, '.build', 'release');
+const TRAY_BINARY = node_path_1.default.join(TRAY_BUILD_DIR, 'SmartContextTray');
+/** Build the native tray app if not already built */
+function buildTray() {
+    if (process.platform !== 'darwin')
+        return false;
+    if (node_fs_1.default.existsSync(TRAY_BINARY))
+        return true;
+    try {
+        const { execFileSync } = require('node:child_process');
+        execFileSync('swift', ['build', '-c', 'release'], {
+            cwd: TRAY_BINARY_DIR,
+            stdio: 'pipe',
+            timeout: 60000,
+        });
+        return node_fs_1.default.existsSync(TRAY_BINARY);
+    }
+    catch (err) {
+        console.log(`Tray build failed: ${err}`);
+        return false;
+    }
+}
+/** Launch the tray app */
+function startTray() {
+    if (process.platform !== 'darwin')
+        return false;
+    if (trayProcess)
+        return true;
+    if (!buildTray()) {
+        console.log('Tray app not available (build failed or not macOS)');
+        return false;
+    }
+    trayProcess = (0, node_child_process_1.execFile)(TRAY_BINARY, [], {}, (err) => {
+        if (err)
+            console.log(`Tray exited: ${err.message}`);
+        trayProcess = null;
+    });
+    trayProcess.unref();
+    return true;
+}
+/** Stop the tray app */
+function stopTray() {
+    if (trayProcess) {
+        trayProcess.kill('SIGTERM');
+        trayProcess = null;
+    }
+}
+/** Check if tray is running */
+function isTrayRunning() {
+    return trayProcess !== null && !trayProcess.killed;
+}
+//# sourceMappingURL=bridge.js.map

package/dist/src/ui/ws-feed.d.ts

@@ -0,0 +1,8 @@
+import type { Server } from 'node:http';
+import type { RequestMetric } from '../metrics/collector.js';
+/** Attach WebSocket server to existing HTTP server */
+export declare function attachWebSocketFeed(server: Server): void;
+/** Broadcast a new request metric to all connected clients */
+export declare function broadcastMetric(metric: RequestMetric): void;
+/** Get count of connected WebSocket clients */
+export declare function getConnectedClients(): number;

package/dist/src/ui/ws-feed.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.attachWebSocketFeed = attachWebSocketFeed;
+exports.broadcastMetric = broadcastMetric;
+exports.getConnectedClients = getConnectedClients;
+const ws_1 = require("ws");
+let wss = null;
+/** Attach WebSocket server to existing HTTP server */
+function attachWebSocketFeed(server) {
+    wss = new ws_1.WebSocketServer({ server, path: '/_sc/ws' });
+    wss.on('connection', (ws) => {
+        ws.send(JSON.stringify({ type: 'connected', timestamp: Date.now() }));
+    });
+}
+/** Broadcast a new request metric to all connected clients */
+function broadcastMetric(metric) {
+    if (!wss)
+        return;
+    const data = JSON.stringify({ type: 'request', data: metric });
+    for (const client of wss.clients) {
+        if (client.readyState === ws_1.WebSocket.OPEN) {
+            client.send(data);
+        }
+    }
+}
+/** Get count of connected WebSocket clients */
+function getConnectedClients() {
+    return wss?.clients.size || 0;
+}
+//# sourceMappingURL=ws-feed.js.map

package/native/macos/SmartContextTray/Package.swift

@@ -0,0 +1,13 @@
+// swift-tools-version:5.9
+import PackageDescription
+
+let package = Package(
+    name: "SmartContextTray",
+    platforms: [.macOS(.v12)],
+    targets: [
+        .executableTarget(
+            name: "SmartContextTray",
+            path: "Sources"
+        ),
+    ]
+)