Migrate captun to published npm 0.0.3#1440
Closed
mmkal wants to merge 2 commits into
Closed
Conversation
Replaces the pkg.pr.new/captun@14 pin with the published package and its renamed API (acceptCaptunTunnel -> acceptFetcherCapability etc.). (Changes made by Misha in the working tree; committed as found so the branch can merge latest main.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 5d172d6. Configure here.
| // createCaptunTunnel waits for this before resolving on the client side. | ||
| const tunnelUrl = new URL(request.url); | ||
| tunnelUrl.search = ""; | ||
| void tunnel.ready({ url: tunnelUrl.toString() }); |
There was a problem hiding this comment.
Ready handshake runs too early
High Severity
fetcher.ready() is invoked synchronously before the WebSocket upgrade response is returned. Captun’s egress-intercept examples defer ready with queueMicrotask so the handshake finishes first; calling it early can prevent the client from receiving the ready message and make createCaptunTunnel hit its ~5s wait timeout.
Reviewed by Cursor Bugbot for commit 5d172d6. Configure here.
Contributor
Author
mmkal
added a commit
that referenced
this pull request
Jun 10, 2026
Replaces the `merge-to-main-slack` workflow (one Slack message per merged PR — noisy on busy days) with a workflow that maintains **at most one message per day** in `#ci`: a one-line PR dashboard summary, with the full per-PR breakdown in a single threaded reply. Both are created on the first PR event of the day and updated in place after that. Channel message: > **PR dashboard 10th June** — 51 merged · 9 closed without merging · 4 opened · 2 older still open (details in thread) Threaded reply (rendered from real data): > **Merged:** > • [#1410 Fix 5-min logout, deploy-time JWKS, and stream append skeleton flash](#1410) by jonas (ad6da76) > • [#1407 itx: contexts, capabilities, and the one true handle](#1407) by jonas (f256768) > … > **Closed without merging:** > • [#1440 Migrate captun to published npm 0.0.3](#1440) by misha > … > **Opened:** > • [#1448 Replace per-merge Slack messages with a daily PR dashboard](#1448) by misha (draft) > … > Old: [#1349](#1349), [#1355](#1355) How it works: - Content is refetched from the GitHub search API on every run (merged / closed-unmerged / opened-and-still-open today, plus older open PRs), so the message is self-healing — no incremental state to corrupt. - The day's message timestamps live in a repo Actions variable (`SLACK_PR_DASHBOARD_STATE`, `{date, channel, ts, details_ts}`), written with the same `ITERATE_BOT_GITHUB_TOKEN` the nag workflow uses. No new Slack scopes needed: `chat.update` uses the `chat:write` the bot already exercises. - Targets `#ci`, adopting #1452's decision to move merge announcements out of `#building` (that PR edited the workflow this one deletes; the conflict is resolved here by keeping the deletion). - The threaded details go out as chunked mrkdwn section blocks rather than one `text` param: on busy days a single text field hits `chat.update`'s `msg_too_long` (`postMessage` truncates, `update` rejects — found by e2e-testing against today's ~50 merges). - Plain-text author names (no @-mentions) since the messages update many times a day. - Testable two ways: pushing any `*pr-dashboard*` branch runs it for real against `#misha-test` with a separate state variable (create, update-in-place, and threading paths all verified this way — e.g. runs [27280068182](https://github.com/iterate/iterate/actions/runs/27280068182), [27288814028](https://github.com/iterate/iterate/actions/runs/27288814028)), and `node cli.ts github-script pr-dashboard.update_dashboard.update_pr_dashboard --github-token ...` does a local dry run that prints both messages. Task file: `tasks/slack-daily-pr-dashboard.md`. 🤖 Generated with [Claude Code](https://claude.com/claude-code) --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Moves apps/os off the stale
https://pkg.pr.new/captun@14pin — a pre-merge snapshot of iterate/captun#14, merged 2026-05-23 — onto the publishedcaptun@^0.0.3npm release. This is groundwork for switching local dev tunnelling to captun (seetasks/switch-dev-tunnels-to-captun.mdonstream-tui-iterate-cli): future captun features (client reconnect, WebSocket passthrough) will now diff against a real release instead of a frozen PR build.The captun API changed between the snapshot and the release (captun PRs #16–#24), so this is more than a version bump:
Server-side changes that follow from that:
handleCaptunTunnelFetchpassesCAPTUN_TOKENinstead ofCAPTUN_SECRET(0.0.3 throws a descriptive error on the old key).captun-tokenquery param, falling back from theAuthorizationheader.ready({url})handshake — 0.0.3 clients block on it with a 5s timeout, so without this every e2e egress-intercept connect would hang.Verified: apps/os typecheck, repo lint, and
pnpm test:project-ingress(6/6, covers the tunnel accept path including the 401 case) on top of latest main. Not verified locally: the e2e helpers need a deployed environment — worth one e2e pass or abenchmark:intercept-tunnelrun against a dev/preview env before merging.History note: this originally landed as
1a0401fc4onstream-tui-iterate-cli, was reverted there (22d53e2c5), and is cherry-picked here so it can ride to main independently.🤖 Generated with Claude Code
Note
Medium Risk
Touches admin-authenticated tunnel paths and project egress intercept WebSocket handling; mis-wiring would break e2e tunnels or leave connects timing out without
ready.Overview
Replaces the stale
pkg.pr.new/captun@14pin with publishedcaptun@^0.0.3and updates all call sites for the post-release API.Client tunnels (
createCaptunTunnelin e2e helpers and the intercept benchmark) now usegateway/name/tokeninstead ofurlplusAuthorizationheaders; auth rides on thecaptun-tokenquery param because WebSocket clients cannot set headers.Worker captun relay passes
CAPTUN_TOKENinstead ofCAPTUN_SECRET. Project egress intercept switches toacceptFetcherCapability(returnsfetchernottunnel), accepts admin auth fromcaptun-tokenor the bearer header, and callsready({ url })so 0.0.3 clients do not hang on connect.Adds a completed task note documenting verification and follow-ups.
Reviewed by Cursor Bugbot for commit 5d172d6. Bugbot is set up for automated code reviews on this repo. Configure here.