squeezr-ai 1.17.12 → 1.17.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/codexMitm.js +29 -27
  2. package/package.json +1 -1
package/dist/codexMitm.js CHANGED
@@ -16,33 +16,35 @@ export const BUNDLE_PATH = join(CA_DIR, 'bundle.crt');
16
16
  export const MITM_PORT = config.mitmPort;
17
17
  // ── CA generation ─────────────────────────────────────────────────────────────
18
18
  function ensureCA() {
19
- if (fs.existsSync(CA_KEY_PATH) && fs.existsSync(CA_CERT_PATH))
20
- return;
21
- fs.mkdirSync(CA_DIR, { recursive: true, mode: 0o700 });
22
- const keys = forge.pki.rsa.generateKeyPair(2048);
23
- const cert = forge.pki.createCertificate();
24
- cert.publicKey = keys.publicKey;
25
- cert.serialNumber = '01';
26
- cert.validity.notBefore = new Date();
27
- cert.validity.notAfter = new Date();
28
- cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10);
29
- const attrs = [{ name: 'commonName', value: 'Squeezr-MITM-CA' }];
30
- cert.setSubject(attrs);
31
- cert.setIssuer(attrs);
32
- cert.setExtensions([
33
- { name: 'basicConstraints', cA: true },
34
- { name: 'keyUsage', keyCertSign: true, cRLSign: true },
35
- ]);
36
- cert.sign(keys.privateKey, forge.md.sha256.create());
37
- fs.writeFileSync(CA_KEY_PATH, forge.pki.privateKeyToPem(keys.privateKey), { mode: 0o600 });
38
- fs.writeFileSync(CA_CERT_PATH, forge.pki.certificateToPem(cert), { mode: 0o644 });
39
- const systemCAs = [
40
- '/etc/ssl/certs/ca-certificates.crt',
41
- '/etc/ssl/cert.pem',
42
- ].find(p => fs.existsSync(p));
43
- const bundle = forge.pki.certificateToPem(cert) + (systemCAs ? fs.readFileSync(systemCAs, 'utf-8') : '');
44
- fs.writeFileSync(BUNDLE_PATH, bundle, { mode: 0o644 });
45
- console.log(`[squeezr/mitm] CA generated ${CA_CERT_PATH}`);
19
+ const certsExist = fs.existsSync(CA_KEY_PATH) && fs.existsSync(CA_CERT_PATH);
20
+ if (!certsExist) {
21
+ fs.mkdirSync(CA_DIR, { recursive: true, mode: 0o700 });
22
+ const keys = forge.pki.rsa.generateKeyPair(2048);
23
+ const cert = forge.pki.createCertificate();
24
+ cert.publicKey = keys.publicKey;
25
+ cert.serialNumber = '01';
26
+ cert.validity.notBefore = new Date();
27
+ cert.validity.notAfter = new Date();
28
+ cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + 10);
29
+ const attrs = [{ name: 'commonName', value: 'Squeezr-MITM-CA' }];
30
+ cert.setSubject(attrs);
31
+ cert.setIssuer(attrs);
32
+ cert.setExtensions([
33
+ { name: 'basicConstraints', cA: true },
34
+ { name: 'keyUsage', keyCertSign: true, cRLSign: true },
35
+ ]);
36
+ cert.sign(keys.privateKey, forge.md.sha256.create());
37
+ fs.writeFileSync(CA_KEY_PATH, forge.pki.privateKeyToPem(keys.privateKey), { mode: 0o600 });
38
+ fs.writeFileSync(CA_CERT_PATH, forge.pki.certificateToPem(cert), { mode: 0o644 });
39
+ console.log(`[squeezr/mitm] CA generated → ${CA_CERT_PATH}`);
40
+ }
41
+ // Always regenerate bundle.crt from the CA cert only.
42
+ // Avoid concatenating system CA bundles — they can contain certs that
43
+ // BoringSSL/Node.js rejects (e.g. on WSL), causing NODE_EXTRA_CA_CERTS to fail.
44
+ // Node.js already trusts its own built-in root CAs, so only the squeezr CA
45
+ // cert is needed here.
46
+ const caCertPem = fs.readFileSync(CA_CERT_PATH, 'utf-8');
47
+ fs.writeFileSync(BUNDLE_PATH, caCertPem, { mode: 0o644 });
46
48
  }
47
49
  // ── Per-host cert (cached) ────────────────────────────────────────────────────
48
50
  const certCache = new Map();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "squeezr-ai",
3
- "version": "1.17.12",
3
+ "version": "1.17.13",
4
4
  "description": "AI proxy that compresses Claude Code, Codex, Aider, Gemini CLI and Ollama context windows to save thousands of tokens per session",
5
5
  "keywords": [
6
6
  "claude",