Bun's fetch was following Go's 303 redirects internally, which
caused ECONNRESET errors during the auto-login redirect chain.
Let the browser handle redirects instead.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Proxy to Go server on 127.0.0.1:8000 instead of unix socket.
Go sees localhost connections as trusted for auto-login.
Removes all the unix socket, IP forwarding, and socket path
plumbing complexity.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The Go server checks if the client is on a private network for
auto-login. Since we proxy over a unix socket, the Go server
can't see the real client IP. Forward it via X-Forwarded-For
and X-Real-IP headers.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Go server always sends gzip regardless of accept-encoding. Bun
decompresses it automatically but leaves the content-encoding
header. Strip it so the toes proxy doesn't try to decompress
the already-decompressed response.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Toes' Bun fetch auto-decompresses responses. If Go sends gzip
through our proxy, toes gets raw gzip bytes it can't handle.
Stripping accept-encoding tells Go to send uncompressed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Bun's fetch has a decompress option that passes responses through
without interpreting content-encoding. This replaces all the manual
header stripping workarounds.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Streaming req.body through the double proxy (toes -> bun -> go)
caused POST requests to fail. Buffer the body as an ArrayBuffer
first so content-length is set correctly.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- proxy.ts: HTTP and WebSocket proxy to Go unix socket
- binary.ts: Go binary download, validation, spawning, lifecycle
- server.ts: entry point wiring everything together
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
