Nicolas Cantu
255acbaf97
Initial state: - claw-harness-proxy accepted absolute-form / scheme-relative request targets, allowing proxying to arbitrary hosts. - claw-harness-proxy forwarded client Authorization headers upstream. - @4nk/smart-ide-http-utils did not provide helpers for Node http.request-based proxies. - docs/repo/ia-dev-smart-ide-integration.md still documented the old IA_DEV_ROOT default resolution order. Motivation: - Ensure safe proxy behavior for every HTTP relay in the monorepo. - Keep the IA_DEV_ROOT contract consistent across code and docs. Resolution: - Extend @4nk/smart-ide-http-utils with copyOutgoingHeadersForProxy() for http.request. - Harden claw-harness-proxy: reject absolute URLs and '//' targets, validate safe proxy paths, avoid forwarding Authorization, and avoid leaking internal error details. - Align ia-dev-smart-ide-integration doc default order to ./services/ia_dev then ./ia_dev. Root cause: - Proxy implementation treated req.url as a URL to be resolved and allowed absolute inputs. - Cross-proxy utilities were only implemented for fetch-based proxies. Impacted features: - claw-harness-proxy HTTP forwarding. - shared HTTP utility package. - IA_DEV_ROOT documentation. Code modified: - packages/smart-ide-http-utils/src/* + dist/* - services/claw-harness-api/proxy/src/server.ts Documentation modified: - docs/repo/ia-dev-smart-ide-integration.md - CHANGELOG.md Configurations modified: - services/claw-harness-api/proxy/package.json Files in deploy modified: - None Files in logs impacted: - None Databases and other sources modified: - None Off-project modifications: - None Files in .smartIde modified: - None Files in .secrets modified: - None New patch version in VERSION: - 0.0.7 CHANGELOG.md updated: - yes
1 line
216 B
Plaintext
1 line
216 B
Plaintext
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,2BAA2B,EAC3B,UAAU,EACV,cAAc,EACd,mBAAmB,EACnB,2BAA2B,EAC3B,eAAe,GAChB,MAAM,YAAY,CAAC"} |