Reorganize host runtime files

Move the host-only proxy entrypoints into a dedicated directory so it is obvious which files run on the host. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
2026-03-08 17:51:12 +08:00
parent 1c84e61608
commit f90673cb3a
4 changed files with 365 additions and 0 deletions
--- a/host/start.sh
+++ b/host/start.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+set -eu
+
+script_dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)
+state_dir="$script_dir/state"
+pid_file="$state_dir/server.pid"
+log_file="$state_dir/server.log"
+token_file="$state_dir/token"
+config_file="$state_dir/config.env"
+
+host="${GIT_CRED_PROXY_HOST:-127.0.0.1}"
+port="${GIT_CRED_PROXY_PORT:-18765}"
+protocols="${GIT_CRED_PROXY_PROTOCOLS:-https}"
+allowed_hosts="${GIT_CRED_PROXY_ALLOWED_HOSTS:-}"
+public_url="${GIT_CRED_PROXY_PUBLIC_URL:-http://host.docker.internal:${port}}"
+
+mkdir -p "$state_dir"
+
+if [ -f "$pid_file" ]; then
+  old_pid=$(cat "$pid_file" 2>/dev/null || true)
+  if [ -n "${old_pid:-}" ] && kill -0 "$old_pid" 2>/dev/null; then
+    printf 'Proxy already running: pid=%s\n' "$old_pid"
+    printf 'Container URL: %s\n' "$public_url"
+    printf 'Token file: %s\n' "$token_file"
+    exit 0
+  fi
+  rm -f "$pid_file"
+fi
+
+if [ ! -f "$token_file" ]; then
+  if ! command -v openssl >/dev/null 2>&1; then
+    printf 'openssl is required to create the token file\n' >&2
+    exit 1
+  fi
+
+  umask 077
+  openssl rand -hex 32 > "$token_file"
+fi
+
+runtime=''
+if [ -n "${GIT_CRED_PROXY_RUNTIME:-}" ]; then
+  runtime="$GIT_CRED_PROXY_RUNTIME"
+elif command -v bun >/dev/null 2>&1; then
+  runtime='bun'
+elif command -v node >/dev/null 2>&1; then
+  runtime='node'
+else
+  printf 'Either bun or node is required to start the proxy\n' >&2
+  exit 1
+fi
+
+token=$(tr -d '\r\n' < "$token_file")
+
+cat > "$config_file" <<EOF
+GIT_CRED_PROXY_HOST=$host
+GIT_CRED_PROXY_PORT=$port
+GIT_CRED_PROXY_PUBLIC_URL=$public_url
+GIT_CRED_PROXY_PROTOCOLS=$protocols
+GIT_CRED_PROXY_ALLOWED_HOSTS=$allowed_hosts
+EOF
+chmod 600 "$config_file"
+
+GIT_CRED_PROXY_HOST="$host" \
+GIT_CRED_PROXY_PORT="$port" \
+GIT_CRED_PROXY_TOKEN="$token" \
+GIT_CRED_PROXY_PROTOCOLS="$protocols" \
+GIT_CRED_PROXY_ALLOWED_HOSTS="$allowed_hosts" \
+nohup "$runtime" "$script_dir/server.mjs" >>"$log_file" 2>&1 &
+
+pid=$!
+printf '%s\n' "$pid" > "$pid_file"
+
+sleep 1
+
+if ! kill -0 "$pid" 2>/dev/null; then
+  printf 'Proxy failed to start. Check %s\n' "$log_file" >&2
+  exit 1
+fi
+
+printf 'Proxy started\n'
+printf 'Host listen URL: http://%s:%s\n' "$host" "$port"
+printf 'Container URL: %s\n' "$public_url"
+printf 'Token file: %s\n' "$token_file"
+printf 'Log file: %s\n' "$log_file"
+printf 'Next: run /workspaces/host-git-cred-proxy/container/configure-git.sh inside the container\n'