summaryrefslogtreecommitdiff
path: root/internal/handlers/proxy.go
AgeCommit message (Collapse)Author
12 daysfix(proxy): set Host header to upstream target to satisfy loopback MCP ↵Peter Stone
DNS-rebinding check mcp.NewStreamableHTTPHandler rejects requests where the server is bound to loopback but the Host header is not (DNS-rebinding protection). Requests proxied through doot arrived at claudomator with Host: doot.terst.org, triggering a 403. Set req.Host = target.Host in the ReverseProxy Director so upstream services see the target host (e.g. 127.0.0.1:8484) rather than the original public hostname.
2026-06-15feat: service gateway framework + playground demoPeter Stone
Formalizes doot as an authenticated reverse proxy for arbitrary upstream services. Any local HTTP service can now be registered behind doot's existing auth + SSL layer with 3 lines of config. - Rename NewClaudomatorProxy → NewServiceProxy (generic) - Replace hard-coded claudomator proxy block with serviceMount slice loop - Add PlaygroundURL config (PLAYGROUND_URL env var) - Add playground/web/server.py: stdlib Python status page on port 9090 - Document pattern in .agent/design.md; update .env.example To add a new service: set its URL env var, add a config field, append one mount entry in main.go. Claudomator's GitHub webhook bypass is expressed as webhookPaths on its mount. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>