webveil 0.0.0 → 0.1.1

package/dist/core/backends/registry.js

@@ -0,0 +1,31 @@
+// backend registry — a tiny `name -> Backend` dispatcher (concept trimmed from
+// pi-search-hub's registry). Each backend registers a factory keyed by its config
+// `backend` name; `getBackend` resolves the name to a constructed Backend (handed
+// the resolved config so it knows its instance baseUrl / apiKey) and fails clearly
+// on an unknown name. Later backend tasks (tavily-compat, custom) append their own
+// registrations to FACTORIES below.
+import { createSearxngBackend } from './searxng.js';
+import { createTavilyCompatBackend } from './tavily-compat.js';
+import { createCustomBackend } from './custom.js';
+/** name -> factory. New backends add an entry here. */
+const FACTORIES = {
+    searxng: createSearxngBackend,
+    'tavily-compat': createTavilyCompatBackend,
+    custom: createCustomBackend,
+};
+/** The backend names the registry can resolve. */
+export function backendNames() {
+    return Object.keys(FACTORIES);
+}
+/**
+ * Resolve a backend name to a constructed Backend. Throws clearly on an unknown
+ * name (listing the known ones) so a misconfigured `backend` fails loud, never
+ * silently no-ops.
+ */
+export function getBackend(name, config) {
+    const factory = FACTORIES[name];
+    if (!factory)
+        throw new Error(`webveil: unknown backend '${name}' (known: ${backendNames().join(', ')})`);
+    return factory(config);
+}
+//# sourceMappingURL=registry.js.map

package/dist/core/backends/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../../../src/core/backends/registry.ts"],"names":[],"mappings":"AAAA,+EAA+E;AAC/E,kFAAkF;AAClF,kFAAkF;AAClF,mFAAmF;AACnF,mFAAmF;AACnF,oCAAoC;AAIpC,OAAO,EAAC,oBAAoB,EAAC,MAAM,cAAc,CAAC;AAClD,OAAO,EAAC,yBAAyB,EAAC,MAAM,oBAAoB,CAAC;AAC7D,OAAO,EAAC,mBAAmB,EAAC,MAAM,aAAa,CAAC;AAKhD,uDAAuD;AACvD,MAAM,SAAS,GAAmC;IACjD,OAAO,EAAE,oBAAoB;IAC7B,eAAe,EAAE,yBAAyB;IAC1C,MAAM,EAAE,mBAAmB;CAC3B,CAAC;AAEF,kDAAkD;AAClD,MAAM,UAAU,YAAY;IAC3B,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,UAAU,CAAC,IAAY,EAAE,MAAc;IACtD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAChC,IAAI,CAAC,OAAO;QACX,MAAM,IAAI,KAAK,CACd,6BAA6B,IAAI,aAAa,YAAY,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC1E,CAAC;IACH,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC"}

package/dist/core/backends/searxng.d.ts

@@ -0,0 +1,8 @@
+import type { Config } from '../config.js';
+import type { Backend } from './types.js';
+/**
+ * Build a SearXNG backend bound to the configured instance. The returned backend
+ * only ever touches the network via the injected `http` helper.
+ */
+export declare function createSearxngBackend(config: Config): Backend;
+//# sourceMappingURL=searxng.d.ts.map

package/dist/core/backends/searxng.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"searxng.d.ts","sourceRoot":"","sources":["../../../src/core/backends/searxng.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EAAC,OAAO,EAAoC,MAAM,YAAY,CAAC;AAsC3E;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAqB5D"}

package/dist/core/backends/searxng.js

@@ -0,0 +1,43 @@
+// searxng backend — the keyless, self-hosted metasearch default. Queries a
+// SearXNG instance's JSON API (`/search?format=json`) THROUGH the handed `http`
+// helper (never a direct fetch, so egress is not bypassable) and normalizes the
+// response into SearchResult[].
+function str(value) {
+    return typeof value === 'string' && value.length > 0 ? value : undefined;
+}
+/** Normalize one SearXNG hit; drop entries without a usable url + title. */
+function toResult(hit) {
+    const url = str(hit.url);
+    const title = str(hit.title);
+    if (!url || !title)
+        return undefined;
+    const snippet = str(hit.content);
+    return snippet ? { title, url, snippet } : { title, url };
+}
+/** Build the SearXNG JSON search URL for a query against the instance baseUrl. */
+function buildUrl(baseUrl, query) {
+    const url = new URL('search', baseUrl.endsWith('/') ? baseUrl : baseUrl + '/');
+    url.searchParams.set('q', query);
+    url.searchParams.set('format', 'json');
+    return url.toString();
+}
+/**
+ * Build a SearXNG backend bound to the configured instance. The returned backend
+ * only ever touches the network via the injected `http` helper.
+ */
+export function createSearxngBackend(config) {
+    const baseUrl = config.baseUrl;
+    return {
+        async search(query, http, options = {}) {
+            const body = await http.fetchJson(buildUrl(baseUrl, query), { headers: { accept: 'application/json' }, signal: options.signal });
+            const results = Array.isArray(body.results) ? body.results : [];
+            const normalized = results
+                .map(toResult)
+                .filter((r) => r !== undefined);
+            return options.maxResults !== undefined
+                ? normalized.slice(0, options.maxResults)
+                : normalized;
+        },
+    };
+}
+//# sourceMappingURL=searxng.js.map

package/dist/core/backends/searxng.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"searxng.js","sourceRoot":"","sources":["../../../src/core/backends/searxng.ts"],"names":[],"mappings":"AAAA,2EAA2E;AAC3E,gFAAgF;AAChF,gFAAgF;AAChF,gCAAgC;AAiBhC,SAAS,GAAG,CAAC,KAAc;IAC1B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1E,CAAC;AAED,4EAA4E;AAC5E,SAAS,QAAQ,CAAC,GAAkB;IACnC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,OAAO,CAAC,CAAC,CAAC,EAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAC,CAAC,CAAC,CAAC,EAAC,KAAK,EAAE,GAAG,EAAC,CAAC;AACvD,CAAC;AAED,kFAAkF;AAClF,SAAS,QAAQ,CAAC,OAAe,EAAE,KAAa;IAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAClB,QAAQ,EACR,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,GAAG,CAC/C,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IACvC,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACvB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAc;IAClD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,OAAO;QACN,KAAK,CAAC,MAAM,CACX,KAAa,EACb,IAAU,EACV,UAAyB,EAAE;YAE3B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAChC,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,EACxB,EAAC,OAAO,EAAE,EAAC,MAAM,EAAE,kBAAkB,EAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAC,CAC/D,CAAC;YACF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,UAAU,GAAG,OAAO;iBACxB,GAAG,CAAC,QAAQ,CAAC;iBACb,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC,UAAU,KAAK,SAAS;gBACtC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC;gBACzC,CAAC,CAAC,UAAU,CAAC;QACf,CAAC;KACD,CAAC;AACH,CAAC"}

package/dist/core/backends/tavily-compat.d.ts

@@ -0,0 +1,10 @@
+import type { Config } from '../config.js';
+import type { Backend } from './types.js';
+/**
+ * Build a Tavily-compat backend bound to the configured instance. The returned
+ * backend only ever touches the network via the injected `http` helper. A Bearer
+ * header is added only when an apiKey is set (the covered instances are usually
+ * keyless).
+ */
+export declare function createTavilyCompatBackend(config: Config): Backend;
+//# sourceMappingURL=tavily-compat.d.ts.map

package/dist/core/backends/tavily-compat.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tavily-compat.d.ts","sourceRoot":"","sources":["../../../src/core/backends/tavily-compat.ts"],"names":[],"mappings":"AAYA,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,cAAc,CAAC;AACzC,OAAO,KAAK,EACX,OAAO,EAOP,MAAM,YAAY,CAAC;AAqDpB;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CA2EjE"}

package/dist/core/backends/tavily-compat.js

@@ -0,0 +1,85 @@
+// tavily-compat backend — a generic Tavily-shaped client (POST `/search` and an
+// optional POST `/extract`) selected purely by `baseUrl`, so it covers
+// orio-search / searcharvester / agent-search and any other Tavily-API-shaped
+// instance. Both endpoints go THROUGH the handed `http` helper (never a direct
+// fetch, so egress is not bypassable). `/search` normalizes to SearchResult[];
+// `/extract` is exposed as the optional `Backend.fetch` a later task uses to
+// override the distilly Extractor.
+//
+// Auth: a Bearer header is sent only when an apiKey is configured. The covered
+// self-hosted instances are typically keyless, so a missing key is normal, not
+// an error.
+function str(value) {
+    return typeof value === 'string' && value.length > 0 ? value : undefined;
+}
+/** Normalize one Tavily search hit; drop entries without a usable url + title. */
+function toResult(hit) {
+    const url = str(hit.url);
+    const title = str(hit.title);
+    if (!url || !title)
+        return undefined;
+    const snippet = str(hit.content);
+    return snippet ? { title, url, snippet } : { title, url };
+}
+/** Resolve an endpoint path against the instance baseUrl. */
+function endpoint(baseUrl, path) {
+    return new URL(path, baseUrl.endsWith('/') ? baseUrl : baseUrl + '/').toString();
+}
+/**
+ * Build a Tavily-compat backend bound to the configured instance. The returned
+ * backend only ever touches the network via the injected `http` helper. A Bearer
+ * header is added only when an apiKey is set (the covered instances are usually
+ * keyless).
+ */
+export function createTavilyCompatBackend(config) {
+    const baseUrl = config.baseUrl;
+    const apiKey = config.apiKey;
+    function headers() {
+        const h = {
+            'content-type': 'application/json',
+            accept: 'application/json',
+        };
+        if (apiKey)
+            h.authorization = `Bearer ${apiKey}`;
+        return h;
+    }
+    function post(path, payload, signal) {
+        return {
+            method: 'POST',
+            headers: headers(),
+            body: JSON.stringify(payload),
+            signal,
+        };
+    }
+    return {
+        async search(query, http, options = {}) {
+            const payload = { query };
+            if (options.maxResults !== undefined)
+                payload.max_results = options.maxResults;
+            const body = await http.fetchJson(endpoint(baseUrl, 'search'), post('search', payload, options.signal));
+            const results = Array.isArray(body.results) ? body.results : [];
+            const normalized = results
+                .map(toResult)
+                .filter((r) => r !== undefined);
+            return options.maxResults !== undefined
+                ? normalized.slice(0, options.maxResults)
+                : normalized;
+        },
+        async fetch(url, http, options = {}) {
+            // Tavily `/extract` has no `s/m/l/f` size knob (it has `format` /
+            // `extract_depth` instead); always request markdown. The default
+            // distilly Extractor owns webveil's size presets.
+            const body = await http.fetchJson(endpoint(baseUrl, 'extract'), post('extract', { urls: url, format: 'markdown' }, options.signal));
+            const failure = (body.failed_results ?? []).find((f) => str(f.url) === url);
+            if (failure)
+                throw new Error(`tavily-compat: /extract failed for ${url}: ${str(failure.error) ?? 'unknown error'}`);
+            const hit = (body.results ?? [])[0];
+            const markdown = hit ? str(hit.raw_content) : undefined;
+            if (markdown === undefined)
+                throw new Error(`tavily-compat: no extract result for ${url}`);
+            // Tavily `/extract` returns no `truncated` flag and no page title.
+            return { url, markdown, truncated: false };
+        },
+    };
+}
+//# sourceMappingURL=tavily-compat.js.map

package/dist/core/backends/tavily-compat.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tavily-compat.js","sourceRoot":"","sources":["../../../src/core/backends/tavily-compat.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,uEAAuE;AACvE,8EAA8E;AAC9E,+EAA+E;AAC/E,+EAA+E;AAC/E,6EAA6E;AAC7E,mCAAmC;AACnC,EAAE;AACF,+EAA+E;AAC/E,+EAA+E;AAC/E,YAAY;AA2CZ,SAAS,GAAG,CAAC,KAAc;IAC1B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AAC1E,CAAC;AAED,kFAAkF;AAClF,SAAS,QAAQ,CAAC,GAAoB;IACrC,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IACrC,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACjC,OAAO,OAAO,CAAC,CAAC,CAAC,EAAC,KAAK,EAAE,GAAG,EAAE,OAAO,EAAC,CAAC,CAAC,CAAC,EAAC,KAAK,EAAE,GAAG,EAAC,CAAC;AACvD,CAAC;AAED,6DAA6D;AAC7D,SAAS,QAAQ,CAAC,OAAe,EAAE,IAAY;IAC9C,OAAO,IAAI,GAAG,CACb,IAAI,EACJ,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,GAAG,GAAG,CAC/C,CAAC,QAAQ,EAAE,CAAC;AACd,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,MAAc;IACvD,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;IAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;IAE7B,SAAS,OAAO;QACf,MAAM,CAAC,GAA2B;YACjC,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC1B,CAAC;QACF,IAAI,MAAM;YAAE,CAAC,CAAC,aAAa,GAAG,UAAU,MAAM,EAAE,CAAC;QACjD,OAAO,CAAC,CAAC;IACV,CAAC;IAED,SAAS,IAAI,CACZ,IAAY,EACZ,OAAgB,EAChB,MAAoB;QAEpB,OAAO;YACN,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,OAAO,EAAE;YAClB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM;SACN,CAAC;IACH,CAAC;IAED,OAAO;QACN,KAAK,CAAC,MAAM,CACX,KAAa,EACb,IAAU,EACV,UAAyB,EAAE;YAE3B,MAAM,OAAO,GAA4B,EAAC,KAAK,EAAC,CAAC;YACjD,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS;gBACnC,OAAO,CAAC,WAAW,GAAG,OAAO,CAAC,UAAU,CAAC;YAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAChC,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,EAC3B,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,CACvC,CAAC;YACF,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAChE,MAAM,UAAU,GAAG,OAAO;iBACxB,GAAG,CAAC,QAAQ,CAAC;iBACb,MAAM,CAAC,CAAC,CAAC,EAAqB,EAAE,CAAC,CAAC,KAAK,SAAS,CAAC,CAAC;YACpD,OAAO,OAAO,CAAC,UAAU,KAAK,SAAS;gBACtC,CAAC,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,UAAU,CAAC;gBACzC,CAAC,CAAC,UAAU,CAAC;QACf,CAAC;QAED,KAAK,CAAC,KAAK,CACV,GAAW,EACX,IAAU,EACV,UAAwB,EAAE;YAE1B,kEAAkE;YAClE,iEAAiE;YACjE,kDAAkD;YAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,SAAS,CAChC,QAAQ,CAAC,OAAO,EAAE,SAAS,CAAC,EAC5B,IAAI,CAAC,SAAS,EAAE,EAAC,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,UAAU,EAAC,EAAE,OAAO,CAAC,MAAM,CAAC,CAChE,CAAC;YACF,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,IAAI,CAC/C,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,GAAG,CACzB,CAAC;YACF,IAAI,OAAO;gBACV,MAAM,IAAI,KAAK,CACd,sCAAsC,GAAG,KAAK,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,eAAe,EAAE,CACrF,CAAC;YACH,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,MAAM,QAAQ,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,IAAI,QAAQ,KAAK,SAAS;gBACzB,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;YAChE,mEAAmE;YACnE,OAAO,EAAC,GAAG,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAC,CAAC;QAC1C,CAAC;KACD,CAAC;AACH,CAAC"}

package/dist/core/backends/types.d.ts

@@ -0,0 +1,48 @@
+/** A single search hit. */
+export interface SearchResult {
+    title: string;
+    url: string;
+    snippet?: string;
+}
+/** A fetched, extracted page as budget-bounded markdown. */
+export interface FetchResult {
+    url: string;
+    title?: string;
+    markdown: string;
+    truncated: boolean;
+}
+export interface SearchOptions {
+    maxResults?: number;
+    signal?: AbortSignal;
+}
+export interface FetchOptions {
+    size?: 's' | 'm' | 'l' | 'f';
+    signal?: AbortSignal;
+}
+/** Options the http helper accepts for a single request. */
+export interface HttpRequestOptions {
+    method?: string;
+    headers?: Record<string, string>;
+    body?: string;
+    /** Per-request timeout in ms (the helper aborts past this). */
+    timeoutMs?: number;
+    signal?: AbortSignal;
+}
+/**
+ * The proxied http helper handed to backends. Both methods route through the
+ * egress dispatcher; a backend never gets un-proxied transport of its own.
+ */
+export interface Http {
+    fetchJson<T = unknown>(url: string, options?: HttpRequestOptions): Promise<T>;
+    fetchText(url: string, options?: HttpRequestOptions): Promise<string>;
+}
+/**
+ * A result/content source. `search` is required; `fetch` is optional (a backend
+ * may override the default distilly Extractor with its own `/extract`). Both are
+ * given the proxied `http` helper so they cannot escape the configured egress.
+ */
+export interface Backend {
+    search(query: string, http: Http, options?: SearchOptions): Promise<SearchResult[]>;
+    fetch?(url: string, http: Http, options?: FetchOptions): Promise<FetchResult>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/backends/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/core/backends/types.ts"],"names":[],"mappings":"AAIA,2BAA2B;AAC3B,MAAM,WAAW,YAAY;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,OAAO,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,4DAA4D;AAC5D,MAAM,WAAW,WAAW;IAC3B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,aAAa;IAC7B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,MAAM,WAAW,YAAY;IAC5B,IAAI,CAAC,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;IAC7B,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED,4DAA4D;AAC5D,MAAM,WAAW,kBAAkB;IAClC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,+DAA+D;IAC/D,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,MAAM,CAAC,EAAE,WAAW,CAAC;CACrB;AAED;;;GAGG;AACH,MAAM,WAAW,IAAI;IACpB,SAAS,CAAC,CAAC,GAAG,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IAC9E,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACtE;AAED;;;;GAIG;AACH,MAAM,WAAW,OAAO;IACvB,MAAM,CACL,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,IAAI,EACV,OAAO,CAAC,EAAE,aAAa,GACrB,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC3B,KAAK,CAAC,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC;CAC9E"}

package/dist/core/backends/types.js

@@ -0,0 +1,5 @@
+// backend seam — the contract every result source (searxng | tavily-compat |
+// custom) implements. A Backend is HANDED a proxied `http` helper (bound to the
+// configured egress dispatcher) so it physically cannot bypass the egress.
+export {};
+//# sourceMappingURL=types.js.map

package/dist/core/backends/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/core/backends/types.ts"],"names":[],"mappings":"AAAA,6EAA6E;AAC7E,gFAAgF;AAChF,2EAA2E"}

package/dist/core/baseurl.d.ts

@@ -0,0 +1,42 @@
+import { type Dispatcher } from 'undici';
+/** A parsed Unix-socket baseUrl: the socket file path + the app's base path. */
+export interface UnixBaseUrl {
+    socketPath: string;
+    /** The app's base path (mount point); the backend appends `search` to it. */
+    httpPath: string;
+}
+/** Is this resolved `baseUrl` a Unix-domain-socket form (`unix:…`)? */
+export declare function isUnixBaseUrl(baseUrl: string): boolean;
+/**
+ * Parse a `unix:<socketPath>[:<httpPath>]` baseUrl into `{socketPath, httpPath}`.
+ * Splits on the FIRST `:` after the `unix:` scheme (socket paths conventionally
+ * carry no colon); an absent/empty `<httpPath>` defaults to `/`.
+ *
+ * Throws if the socket path is empty (there is nothing to connect to).
+ */
+export declare function parseUnixBaseUrl(baseUrl: string): UnixBaseUrl;
+/**
+ * The result of resolving a `baseUrl` for the BACKEND hop: the (possibly
+ * rewritten) HTTP base the backend builds its request URL on, plus an OPTIONAL
+ * undici `Dispatcher` to carry that hop. For a normal TCP baseUrl the dispatcher
+ * is `undefined` (the caller uses the config-wide egress dispatcher); for a
+ * `unix:` baseUrl it is a socket-bound `Agent` and the base is a synthetic
+ * `http://localhost<httpPath>`.
+ */
+export interface BackendTransport {
+    baseUrl: string;
+    dispatcher?: Dispatcher;
+}
+/**
+ * Resolve a `baseUrl` into a backend-hop transport. For a `unix:` baseUrl this
+ * builds a socket-bound `Agent({connect:{socketPath}})` and a synthetic
+ * `http://localhost<httpPath>` base (the URL host is irrelevant to routing — the
+ * socket decides — and only becomes the `Host` header). For any other baseUrl it
+ * returns the baseUrl unchanged with NO dispatcher (the caller keeps using the
+ * shared config-wide egress dispatcher).
+ *
+ * NOTE: this is the BACKEND-hop transport only. It is never bound into the
+ * shared egress dispatcher, so `web_fetch`/SSRF egress is unaffected.
+ */
+export declare function resolveBackendTransport(baseUrl: string): BackendTransport;
+//# sourceMappingURL=baseurl.d.ts.map

package/dist/core/baseurl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseurl.d.ts","sourceRoot":"","sources":["../../src/core/baseurl.ts"],"names":[],"mappings":"AA6BA,OAAO,EAAQ,KAAK,UAAU,EAAC,MAAM,QAAQ,CAAC;AAK9C,gFAAgF;AAChF,MAAM,WAAW,WAAW;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,6EAA6E;IAC7E,QAAQ,EAAE,MAAM,CAAC;CACjB;AAED,uEAAuE;AACvE,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CAgB7D;AAED;;;;;;;GAOG;AACH,MAAM,WAAW,gBAAgB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,UAAU,CAAC;CACxB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAQzE"}

package/dist/core/baseurl.js

@@ -0,0 +1,79 @@
+// baseUrl transport parsing — the small, transport-AWARE helper that classifies
+// a resolved `baseUrl` into either a normal TCP HTTP base or a Unix-domain-socket
+// form, and (for the socket form) rewrites it into a synthetic `http://localhost`
+// base that the transport-UNAWARE backends can build their request URL on top of.
+//
+// WHY THIS LIVES HERE (and not in egress.ts): the egress dispatcher
+// (`buildDispatcher`) is built ONCE from config and SHARED by both the backend
+// hop (search.ts) AND the arbitrary-public-URL fetch (fetch.ts). Binding a socket
+// `Agent` into that shared dispatcher would route every `web_fetch` into the
+// SearXNG socket. So the socket transport is scoped to the BACKEND `baseUrl` hop
+// only: search.ts asks this helper to translate the baseUrl, gets back a real
+// `http://localhost…` base (which the searxng backend's `new URL('search', base)`
+// still works on, unchanged) plus the per-hop socket `Agent`, and leaves the
+// fetch/SSRF egress path untouched.
+//
+// GRAMMAR (recorded decision, see the task's done record):
+//   unix:<socketPath>[:<httpPath>]
+//     - `<socketPath>`: the absolute path to the uWSGI Unix domain socket
+//       (e.g. /usr/local/searxng/run/socket). Must not contain a `:` (the parse
+//       splits on the FIRST `:` after the `unix:` scheme; conventional socket
+//       paths never contain a colon).
+//     - `<httpPath>`: OPTIONAL base path the SearXNG app is mounted under,
+//       defaulting to `/`. It is the SAME thing the TCP `baseUrl` encodes as its
+//       path: the backend appends `search` to it (`new URL('search', base + '/')`),
+//       so the install default is just `unix:/usr/local/searxng/run/socket` (the
+//       backend then requests `/search`). A non-root mount is `…/socket:/searxng`.
+//   A raw `unix:…` string is NOT a valid base for `new URL('search', …)`, so this
+//   translation MUST run BEFORE the backend builds its URL.
+import { Agent } from 'undici';
+/** The `unix:` scheme prefix this helper recognizes on a `baseUrl`. */
+const UNIX_PREFIX = 'unix:';
+/** Is this resolved `baseUrl` a Unix-domain-socket form (`unix:…`)? */
+export function isUnixBaseUrl(baseUrl) {
+    return baseUrl.startsWith(UNIX_PREFIX);
+}
+/**
+ * Parse a `unix:<socketPath>[:<httpPath>]` baseUrl into `{socketPath, httpPath}`.
+ * Splits on the FIRST `:` after the `unix:` scheme (socket paths conventionally
+ * carry no colon); an absent/empty `<httpPath>` defaults to `/`.
+ *
+ * Throws if the socket path is empty (there is nothing to connect to).
+ */
+export function parseUnixBaseUrl(baseUrl) {
+    const rest = baseUrl.slice(UNIX_PREFIX.length);
+    const sep = rest.indexOf(':');
+    const socketPath = sep === -1 ? rest : rest.slice(0, sep);
+    const rawHttpPath = sep === -1 ? '' : rest.slice(sep + 1);
+    if (!socketPath)
+        throw new Error(`webveil: malformed unix baseUrl ${JSON.stringify(baseUrl)} — ` +
+            `expected unix:<socketPath>[:<httpPath>] with a non-empty socket path`);
+    const httpPath = rawHttpPath
+        ? rawHttpPath.startsWith('/')
+            ? rawHttpPath
+            : '/' + rawHttpPath
+        : '/';
+    return { socketPath, httpPath };
+}
+/**
+ * Resolve a `baseUrl` into a backend-hop transport. For a `unix:` baseUrl this
+ * builds a socket-bound `Agent({connect:{socketPath}})` and a synthetic
+ * `http://localhost<httpPath>` base (the URL host is irrelevant to routing — the
+ * socket decides — and only becomes the `Host` header). For any other baseUrl it
+ * returns the baseUrl unchanged with NO dispatcher (the caller keeps using the
+ * shared config-wide egress dispatcher).
+ *
+ * NOTE: this is the BACKEND-hop transport only. It is never bound into the
+ * shared egress dispatcher, so `web_fetch`/SSRF egress is unaffected.
+ */
+export function resolveBackendTransport(baseUrl) {
+    if (!isUnixBaseUrl(baseUrl))
+        return { baseUrl };
+    const { socketPath, httpPath } = parseUnixBaseUrl(baseUrl);
+    const dispatcher = new Agent({ connect: { socketPath } });
+    return {
+        baseUrl: `http://localhost${httpPath === '/' ? '' : httpPath}`,
+        dispatcher,
+    };
+}
+//# sourceMappingURL=baseurl.js.map

package/dist/core/baseurl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"baseurl.js","sourceRoot":"","sources":["../../src/core/baseurl.ts"],"names":[],"mappings":"AAAA,gFAAgF;AAChF,kFAAkF;AAClF,kFAAkF;AAClF,kFAAkF;AAClF,EAAE;AACF,oEAAoE;AACpE,+EAA+E;AAC/E,kFAAkF;AAClF,6EAA6E;AAC7E,iFAAiF;AACjF,8EAA8E;AAC9E,kFAAkF;AAClF,6EAA6E;AAC7E,oCAAoC;AACpC,EAAE;AACF,2DAA2D;AAC3D,mCAAmC;AACnC,0EAA0E;AAC1E,gFAAgF;AAChF,8EAA8E;AAC9E,sCAAsC;AACtC,2EAA2E;AAC3E,iFAAiF;AACjF,oFAAoF;AACpF,iFAAiF;AACjF,mFAAmF;AACnF,kFAAkF;AAClF,4DAA4D;AAE5D,OAAO,EAAC,KAAK,EAAkB,MAAM,QAAQ,CAAC;AAE9C,uEAAuE;AACvE,MAAM,WAAW,GAAG,OAAO,CAAC;AAS5B,uEAAuE;AACvE,MAAM,UAAU,aAAa,CAAC,OAAe;IAC5C,OAAO,OAAO,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC/C,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC9B,MAAM,UAAU,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1D,MAAM,WAAW,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC1D,IAAI,CAAC,UAAU;QACd,MAAM,IAAI,KAAK,CACd,mCAAmC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK;YAC9D,sEAAsE,CACvE,CAAC;IACH,MAAM,QAAQ,GAAG,WAAW;QAC3B,CAAC,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;YAC5B,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,GAAG,GAAG,WAAW;QACpB,CAAC,CAAC,GAAG,CAAC;IACP,OAAO,EAAC,UAAU,EAAE,QAAQ,EAAC,CAAC;AAC/B,CAAC;AAeD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,uBAAuB,CAAC,OAAe;IACtD,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC;QAAE,OAAO,EAAC,OAAO,EAAC,CAAC;IAC9C,MAAM,EAAC,UAAU,EAAE,QAAQ,EAAC,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,IAAI,KAAK,CAAC,EAAC,OAAO,EAAE,EAAC,UAAU,EAAC,EAAC,CAAC,CAAC;IACtD,OAAO;QACN,OAAO,EAAE,mBAAmB,QAAQ,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC9D,UAAU;KACV,CAAC;AACH,CAAC"}

package/dist/core/config.d.ts

@@ -0,0 +1,39 @@
+/** How outbound HTTP leaves the machine. See egress.ts. */
+export type Egress = {
+    mode: 'direct';
+} | {
+    mode: 'http';
+    url: string;
+} | {
+    mode: 'socks5';
+    url: string;
+};
+/** Page-size budget preset for fetch (passed through to distilly). */
+export type FetchSize = 's' | 'm' | 'l' | 'f';
+/** The fully-resolved config every webveil module consumes. */
+export interface Config {
+    backend: string;
+    baseUrl: string;
+    apiKey?: string;
+    egress: Egress;
+    fetchSize: FetchSize;
+}
+/** A config file / env layer: any subset of the resolved shape. */
+export type PartialConfig = Partial<Config>;
+export interface ResolveOptions {
+    /** Directory the per-folder walk starts from. Defaults to process.cwd(). */
+    cwd?: string;
+    /** Environment to read overrides from. Defaults to process.env. */
+    env?: Record<string, string | undefined>;
+    /**
+     * Path to the global config file. Defaults to ~/.pi/agent/webveil.json.
+     * Tests point this at a temp dir to isolate the real home directory.
+     */
+    globalPath?: string;
+}
+/**
+ * Resolve the effective config. Higher-precedence layers override lower ones,
+ * key by key: env > project chain > global file > defaults.
+ */
+export declare function resolveConfig(options?: ResolveOptions): Config;
+//# sourceMappingURL=config.d.ts.map

package/dist/core/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAUA,2DAA2D;AAC3D,MAAM,MAAM,MAAM,GACf;IAAC,IAAI,EAAE,QAAQ,CAAA;CAAC,GAChB;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAC,GAC3B;IAAC,IAAI,EAAE,QAAQ,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAC,CAAC;AAEjC,sEAAsE;AACtE,MAAM,MAAM,SAAS,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,CAAC;AAE9C,+DAA+D;AAC/D,MAAM,WAAW,MAAM;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,SAAS,CAAC;CACrB;AAED,mEAAmE;AACnE,MAAM,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAE5C,MAAM,WAAW,cAAc;IAC9B,4EAA4E;IAC5E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,mEAAmE;IACnE,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC,CAAC;IACzC;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;CACpB;AA+CD;;;GAGG;AACH,wBAAgB,aAAa,CAAC,OAAO,GAAE,cAAmB,GAAG,MAAM,CAalE"}

package/dist/core/config.js

@@ -0,0 +1,72 @@
+// config seam — per-folder resolution. Precedence (highest wins):
+//   env > nearest .pi/webveil.json (walking up from cwd) > global
+//   ~/.pi/agent/webveil.json > defaults.
+// "Per folder = per account/egress." Each layer is a partial; later (lower)
+// layers fill gaps the higher layers leave.
+import { readFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { dirname, join, parse } from 'node:path';
+const DEFAULTS = {
+    backend: 'searxng',
+    baseUrl: 'http://127.0.0.1:8080',
+    egress: { mode: 'direct' },
+    fetchSize: 'm',
+};
+const PROJECT_FILE = join('.pi', 'webveil.json');
+function readJson(path) {
+    let text;
+    try {
+        text = readFileSync(path, 'utf8');
+    }
+    catch {
+        return undefined; // absent file is fine; missing layers are expected
+    }
+    return JSON.parse(text);
+}
+/** The nearest `.pi/webveil.json` walking up from `cwd` (first found wins). */
+function readProjectChain(cwd) {
+    let dir = cwd;
+    const { root } = parse(dir);
+    for (;;) {
+        const found = readJson(join(dir, PROJECT_FILE));
+        if (found)
+            return found;
+        if (dir === root)
+            return undefined;
+        dir = dirname(dir);
+    }
+}
+function readEnv(env) {
+    const layer = {};
+    if (env.WEBVEIL_BACKEND)
+        layer.backend = env.WEBVEIL_BACKEND;
+    if (env.WEBVEIL_BASE_URL)
+        layer.baseUrl = env.WEBVEIL_BASE_URL;
+    if (env.WEBVEIL_API_KEY)
+        layer.apiKey = env.WEBVEIL_API_KEY;
+    if (env.WEBVEIL_FETCH_SIZE)
+        layer.fetchSize = env.WEBVEIL_FETCH_SIZE;
+    const mode = env.WEBVEIL_EGRESS;
+    if (mode === 'direct')
+        layer.egress = { mode: 'direct' };
+    else if (mode === 'http' || mode === 'socks5')
+        layer.egress = { mode, url: env.WEBVEIL_EGRESS_URL ?? '' };
+    return layer;
+}
+/**
+ * Resolve the effective config. Higher-precedence layers override lower ones,
+ * key by key: env > project chain > global file > defaults.
+ */
+export function resolveConfig(options = {}) {
+    const cwd = options.cwd ?? process.cwd();
+    const env = options.env ?? process.env;
+    const globalPath = options.globalPath ?? join(homedir(), '.pi', 'agent', 'webveil.json');
+    const layers = [
+        DEFAULTS,
+        readJson(globalPath) ?? {},
+        readProjectChain(cwd) ?? {},
+        readEnv(env),
+    ];
+    return Object.assign({}, ...layers);
+}
+//# sourceMappingURL=config.js.map

package/dist/core/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/core/config.ts"],"names":[],"mappings":"AAAA,kEAAkE;AAClE,kEAAkE;AAClE,yCAAyC;AACzC,4EAA4E;AAC5E,4CAA4C;AAE5C,OAAO,EAAC,YAAY,EAAC,MAAM,SAAS,CAAC;AACrC,OAAO,EAAC,OAAO,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,EAAC,OAAO,EAAE,IAAI,EAAE,KAAK,EAAC,MAAM,WAAW,CAAC;AAmC/C,MAAM,QAAQ,GAAW;IACxB,OAAO,EAAE,SAAS;IAClB,OAAO,EAAE,uBAAuB;IAChC,MAAM,EAAE,EAAC,IAAI,EAAE,QAAQ,EAAC;IACxB,SAAS,EAAE,GAAG;CACd,CAAC;AAEF,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;AAEjD,SAAS,QAAQ,CAAC,IAAY;IAC7B,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACJ,IAAI,GAAG,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,SAAS,CAAC,CAAC,mDAAmD;IACtE,CAAC;IACD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;AAC1C,CAAC;AAED,+EAA+E;AAC/E,SAAS,gBAAgB,CAAC,GAAW;IACpC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,MAAM,EAAC,IAAI,EAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,SAAS,CAAC;QACT,MAAM,KAAK,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,CAAC,CAAC,CAAC;QAChD,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;QACxB,IAAI,GAAG,KAAK,IAAI;YAAE,OAAO,SAAS,CAAC;QACnC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;IACpB,CAAC;AACF,CAAC;AAED,SAAS,OAAO,CAAC,GAAuC;IACvD,MAAM,KAAK,GAAkB,EAAE,CAAC;IAChC,IAAI,GAAG,CAAC,eAAe;QAAE,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC;IAC7D,IAAI,GAAG,CAAC,gBAAgB;QAAE,KAAK,CAAC,OAAO,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC/D,IAAI,GAAG,CAAC,eAAe;QAAE,KAAK,CAAC,MAAM,GAAG,GAAG,CAAC,eAAe,CAAC;IAC5D,IAAI,GAAG,CAAC,kBAAkB;QACzB,KAAK,CAAC,SAAS,GAAG,GAAG,CAAC,kBAA+B,CAAC;IACvD,MAAM,IAAI,GAAG,GAAG,CAAC,cAAc,CAAC;IAChC,IAAI,IAAI,KAAK,QAAQ;QAAE,KAAK,CAAC,MAAM,GAAG,EAAC,IAAI,EAAE,QAAQ,EAAC,CAAC;SAClD,IAAI,IAAI,KAAK,MAAM,IAAI,IAAI,KAAK,QAAQ;QAC5C,KAAK,CAAC,MAAM,GAAG,EAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,kBAAkB,IAAI,EAAE,EAAC,CAAC;IAC1D,OAAO,KAAK,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,aAAa,CAAC,UAA0B,EAAE;IACzD,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC;IACvC,MAAM,UAAU,GACf,OAAO,CAAC,UAAU,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,CAAC,CAAC;IAEvE,MAAM,MAAM,GAAoB;QAC/B,QAAQ;QACR,QAAQ,CAAC,UAAU,CAAC,IAAI,EAAE;QAC1B,gBAAgB,CAAC,GAAG,CAAC,IAAI,EAAE;QAC3B,OAAO,CAAC,GAAG,CAAC;KACZ,CAAC;IACF,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,MAAM,CAAW,CAAC;AAC/C,CAAC"}

package/dist/core/egress.d.ts

@@ -0,0 +1,46 @@
+import { Agent, type Dispatcher, ProxyAgent } from 'undici';
+import type { Config } from './config.js';
+/** Thrown when a configured egress proxy cannot be built. Never swallowed. */
+export declare class EgressError extends Error {
+    constructor(message: string, options?: {
+        cause?: unknown;
+    });
+}
+/**
+ * Fail-loud guard for the false-confidence combo: a `unix:` (local-socket)
+ * backend `baseUrl` configured with a NON-direct egress (`http`/`socks5`). A
+ * Unix socket is inherently local, so proxying that hop is the same fake-
+ * anonymity footgun as proxying a loopback TCP baseUrl: webveil would route a
+ * pointless local call through the proxy while the backend (SearXNG) crawls the
+ * public web from the real IP, OUTSIDE webveil's egress. Refuse it and point at
+ * the real fix.
+ *
+ * OVERLAP SEAM (recorded): this is the loopback false-confidence family. The
+ * sibling task `fail-loud-on-proxied-loopback-backend` adds the broader guard
+ * for loopback TCP baseUrls (127.0.0.0/8, ::1, localhost). When it lands, fold
+ * THIS `unix:`-is-loopback-equivalent case into that single guard instead of
+ * keeping a parallel check here.
+ */
+export declare function assertEgressAllowsBaseUrl(cfg: Config): void;
+/**
+ * Build the undici Dispatcher for the config's egress mode:
+ *   - direct → undefined (undici uses its default, un-proxied transport)
+ *   - http   → ProxyAgent
+ *   - socks5 → socks dispatcher (undici Agent over a socks connector)
+ *
+ * Throws (fail loud) if a configured http/socks5 proxy cannot be built. It
+ * NEVER returns `undefined` (direct) as a fallback for a broken proxy.
+ */
+export declare function buildDispatcher(cfg: Config): Dispatcher | undefined;
+/** A WHATWG-compatible fetch bound to a specific egress dispatcher. */
+export type EgressFetch = typeof globalThis.fetch;
+/**
+ * Build an egress-bound WHATWG `fetch`: undici's `fetch` closed over the
+ * dispatcher from buildDispatcher(cfg). This is the `fetch` injected into
+ * distilly/fetch so distilly never has egress of its own. Same fail-loud
+ * guarantee: a broken proxy throws HERE (before any I/O), never goes un-proxied.
+ */
+export declare function createEgressFetch(cfg: Config): EgressFetch;
+export type { Dispatcher };
+export { Agent, ProxyAgent };
+//# sourceMappingURL=egress.d.ts.map

package/dist/core/egress.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"egress.d.ts","sourceRoot":"","sources":["../../src/core/egress.ts"],"names":[],"mappings":"AAQA,OAAO,EAAC,KAAK,EAAE,KAAK,UAAU,EAAE,UAAU,EAAuB,MAAM,QAAQ,CAAC;AAEhF,OAAO,KAAK,EAAC,MAAM,EAAS,MAAM,aAAa,CAAC;AAGhD,8EAA8E;AAC9E,qBAAa,WAAY,SAAQ,KAAK;gBACzB,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAC;CAIxD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,yBAAyB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAU3D;AAqBD;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS,CAiCnE;AAED,uEAAuE;AACvE,MAAM,MAAM,WAAW,GAAG,OAAO,UAAU,CAAC,KAAK,CAAC;AAElD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,CAU1D;AAED,YAAY,EAAC,UAAU,EAAC,CAAC;AACzB,OAAO,EAAC,KAAK,EAAE,UAAU,EAAC,CAAC"}