4nk/smart_ide
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
smart_ide/packages/smart-ide-http-utils
History
Nicolas Cantu 255acbaf97 fix: harden claw-harness-proxy and complete HTTP utils centralization (0.0.7) 
Initial state:
- claw-harness-proxy accepted absolute-form / scheme-relative request targets, allowing proxying to arbitrary hosts.
- claw-harness-proxy forwarded client Authorization headers upstream.
- @4nk/smart-ide-http-utils did not provide helpers for Node http.request-based proxies.
- docs/repo/ia-dev-smart-ide-integration.md still documented the old IA_DEV_ROOT default resolution order.

Motivation:
- Ensure safe proxy behavior for every HTTP relay in the monorepo.
- Keep the IA_DEV_ROOT contract consistent across code and docs.

Resolution:
- Extend @4nk/smart-ide-http-utils with copyOutgoingHeadersForProxy() for http.request.
- Harden claw-harness-proxy: reject absolute URLs and '//' targets, validate safe proxy paths, avoid forwarding Authorization, and avoid leaking internal error details.
- Align ia-dev-smart-ide-integration doc default order to ./services/ia_dev then ./ia_dev.

Root cause:
- Proxy implementation treated req.url as a URL to be resolved and allowed absolute inputs.
- Cross-proxy utilities were only implemented for fetch-based proxies.

Impacted features:
- claw-harness-proxy HTTP forwarding.
- shared HTTP utility package.
- IA_DEV_ROOT documentation.

Code modified:
- packages/smart-ide-http-utils/src/* + dist/*
- services/claw-harness-api/proxy/src/server.ts

Documentation modified:
- docs/repo/ia-dev-smart-ide-integration.md
- CHANGELOG.md

Configurations modified:
- services/claw-harness-api/proxy/package.json

Files in deploy modified:
- None

Files in logs impacted:
- None

Databases and other sources modified:
- None

Off-project modifications:
- None

Files in .smartIde modified:
- None

Files in .secrets modified:
- None

New patch version in VERSION:
- 0.0.7

CHANGELOG.md updated:
- yes
2026-04-04 20:48:11 +02:00
..
dist
fix: harden claw-harness-proxy and complete HTTP utils centralization (0.0.7)
2026-04-04 20:48:11 +02:00
src
fix: harden claw-harness-proxy and complete HTTP utils centralization (0.0.7)
2026-04-04 20:48:11 +02:00
.gitignore
refactor: centralize HTTP proxy helpers and align IA_DEV_ROOT resolution (0.0.6)
2026-04-04 20:34:49 +02:00
package-lock.json
refactor: centralize HTTP proxy helpers and align IA_DEV_ROOT resolution (0.0.6)
2026-04-04 20:34:49 +02:00
package.json
refactor: centralize HTTP proxy helpers and align IA_DEV_ROOT resolution (0.0.6)
2026-04-04 20:34:49 +02:00
README.md
refactor: centralize HTTP proxy helpers and align IA_DEV_ROOT resolution (0.0.6)
2026-04-04 20:34:49 +02:00
tsconfig.json
refactor: centralize HTTP proxy helpers and align IA_DEV_ROOT resolution (0.0.6)
2026-04-04 20:34:49 +02:00

README.md

@4nk/smart-ide-http-utils

Utilitaires HTTP partagés pour les services Node/TypeScript du monorepo smart_ide.

Objectifs :

  • Réduire la duplication (Bearer, limites de body, headers hop-by-hop, etc.).
  • Centraliser les garde-fous de proxy (ex. rejet des segments .. dans les chemins relayés).

Fonctions exposées :

  • readBearer(req) : lit Authorization: Bearer ….
  • readBodyBuffer(req, maxBytes) : lit un corps en mémoire avec plafond explicite.
  • copyHeadersForProxy(req) : copie les headers dentrée en excluant hop-by-hop + Authorization.
  • isSafeProxyPath(path) : valide un chemin relayé (refuse . / .. même encodés).
  • REQUEST_HOP_BY_HOP_HEADERS, RESPONSE_HOP_BY_HOP_HEADERS.

Build

Le répertoire dist/ est versionné pour que les services puissent installer ce paquet via file: sans étape de build préalable.

Après modification de src/ :

cd packages/smart-ide-http-utils
npm ci && npm run build