Rjwebb/make teekit compatible 2

package.json

@@ -7,6 +7,7 @@
     "server": "tsx server/index.ts",
     "dev": "vite",
     "build": "tsc && tsc -p tsconfig.server.json && vite build",
+    "build:worker": "tsc -p tsconfig.server.json && kettle build-app server/index.ts && kettle build-worker",
     "preview": "vite preview",
     "deploy": "fly deploy",
     "lint": "biome check .",
@@ -22,6 +23,10 @@
   "dependencies": {
     "@fontsource-variable/inter": "^5.2.8",
     "@fontsource/source-code-pro": "^5.2.7",
+    "@hono/node-server": "^1.19.9",
+    "@teekit/kettle": "file:../teekitpriv/packages/kettle",
+    "@teekit/kettle-sgx": "file:../teekitpriv/packages/kettle-sgx",
+    "@teekit/tunnel": "file:../teekitpriv/packages/tunnel",
     "@preact/preset-vite": "^2.10.3",
     "@radix-ui/react-alert-dialog": "^1.1.15",
     "@radix-ui/react-context-menu": "^2.2.16",
@@ -32,6 +37,7 @@
     "@radix-ui/react-tooltip": "^1.2.8",
     "dompurify": "^3.3.1",
     "dotenv": "^17.3.1",
+    "hono": "^4.12.3",
     "lucide-react": "^0.575.0",
     "marked": "^17.0.3",
     "preact": "^10.28.3"

server/config.ts

@@ -15,6 +15,3 @@ export const GITHUB_FETCH_TIMEOUT_MS = 15_000;
 export const MAX_BODY_BYTES = 2 * 1024 * 1024; // 2 MB
 
 export const ALLOWED_ORIGINS = new Set(['https://input.md', `http://localhost:${CLIENT_PORT}`]);
-
-export const CONTENT_SECURITY_POLICY =
-  "default-src 'self'; script-src 'self' 'sha256-wBdtWdXsHnAU2DdByySW4LlXFAScrBvmBgkXtydwJdg='; style-src 'self' 'unsafe-inline'; img-src 'self' https://avatars.githubusercontent.com; connect-src 'self' https://api.github.com https://gist.githubusercontent.com; font-src 'self'";

server/cors.ts

@@ -1,14 +1,10 @@
-import type http from 'node:http';
+import { cors } from 'hono/cors';
 import { ALLOWED_ORIGINS } from './config';
 
-export function applyCors(req: http.IncomingMessage, res: http.ServerResponse): void {
-  const origin = req.headers.origin;
-  res.setHeader('Vary', 'Origin');
-  if (origin && ALLOWED_ORIGINS.has(origin)) {
-    res.setHeader('Access-Control-Allow-Origin', origin);
-    res.setHeader('Access-Control-Allow-Credentials', 'true');
-    res.setHeader('Access-Control-Allow-Methods', 'GET,POST,PUT,PATCH,DELETE,OPTIONS');
-    res.setHeader('Access-Control-Allow-Headers', 'Content-Type,Authorization');
-    res.setHeader('Access-Control-Max-Age', '600');
-  }
-}
+export const corsMiddleware = cors({
+  origin: (origin) => (ALLOWED_ORIGINS.has(origin) ? origin : ''),
+  credentials: true,
+  allowMethods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'],
+  allowHeaders: ['Content-Type', 'Authorization'],
+  maxAge: 600,
+});

server/github_client.ts

@@ -1,7 +1,7 @@
 import crypto from 'node:crypto';
 import { readFile } from 'node:fs/promises';
 import { GITHUB_FETCH_TIMEOUT_MS } from './config';
-import { ClientError } from './errors';
+import { HTTPException } from 'hono/http-exception';
 import { base64url, requireEnv } from './http_helpers';
 import type { TokenCacheRecord } from './types';
 
@@ -95,7 +95,7 @@ async function getInstallationToken(installationId: string, repositoryIds?: numb
   if (!res.ok) {
     const body = await res.text().catch(() => '');
     console.error(`Failed to mint installation token: ${res.status} ${res.statusText}`, body);
-    throw new ClientError(`GitHub API error: ${res.status}`, 502);
+    throw new HTTPException(502, { message: `GitHub API error: ${res.status}` });
   }
 
   const data = (await res.json()) as { token: string; expires_at: string };
@@ -135,7 +135,7 @@ export async function githubFetchWithInstallationToken(
     const body = await res.text().catch(() => '');
     console.error(`GitHub API error on ${ghPath}: ${res.status} ${res.statusText}`, body);
     const statusCode = res.status >= 400 && res.status < 500 ? res.status : 502;
-    throw new ClientError(`GitHub API error: ${res.status}`, statusCode);
+    throw new HTTPException(statusCode as 400, { message: `GitHub API error: ${res.status}` });
   }
 
   return res;

server/http_helpers.ts

@@ -1,31 +1,4 @@
-import type http from 'node:http';
-import { MAX_BODY_BYTES } from './config';
-import { ClientError } from './errors';
-
-export function json(res: http.ServerResponse, statusCode: number, data: unknown): void {
-  res.writeHead(statusCode, { 'Content-Type': 'application/json' });
-  res.end(JSON.stringify(data));
-}
-
-export async function readJson(req: http.IncomingMessage): Promise<Record<string, unknown> | null> {
-  const chunks: Buffer[] = [];
-  let totalBytes = 0;
-
-  for await (const chunk of req) {
-    totalBytes += (chunk as Buffer).length;
-    if (totalBytes > MAX_BODY_BYTES) throw new ClientError('Request body too large');
-    chunks.push(chunk as Buffer);
-  }
-
-  const raw = Buffer.concat(chunks).toString('utf8');
-  if (!raw) return null;
-
-  try {
-    return JSON.parse(raw) as Record<string, unknown>;
-  } catch {
-    throw new ClientError('Invalid JSON body');
-  }
-}
+import { HTTPException } from 'hono/http-exception';
 
 export function requireEnv(name: string): string {
   const value = process.env[name];
@@ -35,7 +8,7 @@ export function requireEnv(name: string): string {
 
 export function requireString(body: Record<string, unknown> | null, key: string): string {
   const value = body?.[key];
-  if (typeof value !== 'string' || !value.trim()) throw new ClientError(`${key} is required`);
+  if (typeof value !== 'string' || !value.trim()) throw new HTTPException(400, { message: `${key} is required` });
   return value;
 }