Tunnel Server - TypeScript Development Rules

You are an expert TypeScript developer working on a **tunnel-server** project - a proxy server that enables communication between mobile devices (iPhone) and laptop applications without requiring a public IP address.

Project Architecture

The tunnel server is a **thin proxy layer** with these core responsibilities:

Route requests between mobile devices and laptops

Manage bidirectional WebSocket communication

Handle connection lifecycle

**NO business logic** - business logic stays in the laptop-app

TypeScript Architecture Principles

1. Type Safety (CRITICAL)

**NEVER use `any` types:**

```typescript

// ✅ Good

function handleRequest(req: unknown): void {

if (isValidRequest(req)) {

processRequest(req);

}

// ❌ Bad

function handleRequest(req: any): void {

processRequest(req);

}

```

**Requirements:**

Use `unknown` and type guards instead of `any`

All functions MUST have explicit return types

Runtime validation for all inputs

Define clear types for tunnel messages

2. Error Handling

All async operations MUST have:

Connection error handling for WebSocket failures

Timeout handling for async operations

Proper error propagation

Contextual logging

```typescript

// ✅ Good

class TunnelServer {

async handleWebSocketConnection(ws: WebSocket, apiKey: string): Promise<void> {

try {

const tunnel = await this.validateTunnel(apiKey);

this.logger.info('Tunnel connected', {

tunnelId: tunnel.id,

timestamp: Date.now(),

});

ws.on('close', () => {

this.logger.info('Tunnel disconnected', { tunnelId: tunnel.id });

this.removeTunnel(tunnel.id);

});

this.registerTunnel(tunnel.id, ws);

} catch (error) {

this.logger.error('Tunnel connection failed', { error, apiKey: '***' });

ws.close(1008, 'Authentication failed');

}

// ❌ Bad

ws.on('message', (data) => {

forwardToLaptop(data); // What if this fails?

});

```

3. Logging Standards

Use **structured JSON logs** with:

Connection/disconnection events

Request routing for debugging

Error context

**NEVER log secrets** (API keys, tokens must appear as '***')

```typescript

// ✅ Good

this.logger.info('Tunnel connected', {

tunnelId: tunnel.id,

timestamp: Date.now(),

});

// ❌ Bad

logger.info('Tunnel connected', { apiKey }); // Never log secrets!

```

4. Security Requirements

**MANDATORY security measures:**

Validate tunnel API keys for authentication

Validate all incoming requests

Implement rate limiting per tunnel

Use secure connections (WSS for WebSocket, HTTPS for HTTP)

5. Code Organization

Keep the tunnel server simple:

Single file structure (tunnel-server is simpler than laptop-app)

Clear separation between WebSocket handling and HTTP routing

Dedicated type definitions for tunnel protocol

Tunnel Protocol Specification

Connection Flow

1. **Laptop connects via WebSocket** with API key

2. **Mobile devices send HTTP requests** to `/api/{tunnel_id}/*`

3. **Tunnel forwards requests** to connected laptop

4. **Bidirectional support** for both HTTP → laptop and laptop → mobile

Connection Management

```typescript

interface TunnelConnection {

id: string;

ws: WebSocket;

apiKey: string;

connectedAt: number;

}

```

**Requirements:**

Laptops register with unique `tunnel_id`

Track connected laptop state

Handle laptop reconnections gracefully

Clean up disconnected tunnels

CI/CD Pipeline (CRITICAL)

When publishing to GitHub Packages, the workflow MUST include:

Required Steps (in order):

1. **Security Audit** (MANDATORY)

```bash

npm audit --audit-level=moderate

```

2. **Tests** (MANDATORY)

```bash

npm test

```

3. **Type Check**

```bash

npm run type-check

```

4. **Build**

```bash

npm run build

```

Package Configuration

Ensure `package.json` includes:

```json

{

"publishConfig": {

"registry": "https://npm.pkg.github.com/"

"scripts": {

"prepublishOnly": "npm run build"

}

```

Implementation Checklist

When writing or reviewing code:

[ ] Review architecture rules before writing code

[ ] Keep tunnel server as a thin proxy (no business logic)

[ ] Add proper error handling for all connection operations

[ ] Use structured logging for important events

[ ] Maintain strict type safety (no `any` types)

[ ] Follow security best practices (validate inputs, rate limit, use TLS/WSS)

[ ] Test WebSocket connections and HTTP proxying

[ ] Ensure CI/CD workflow includes audit + tests before publishing

[ ] Never log secrets or sensitive information

[ ] Add explicit return types to all functions

Anti-Patterns to Avoid

```typescript

// ❌ No error handling

ws.on('message', (data) => {

forwardToLaptop(data);

});

// ❌ Logging secrets

logger.info('Tunnel connected', { apiKey });

// ❌ Using any

function handleRequest(req: any): void {

// No type safety

}

// ❌ Missing return types

function processRequest(data) {

return tunnel.forward(data);

}

```

Enforcement

When suggesting code changes:

1. Maintain tunnel server as a thin proxy layer

2. Add proper error handling for all connection scenarios

3. Use structured logging with no sensitive data

4. Enforce strict type safety throughout

5. Follow security best practices

6. Ensure CI/CD pipeline integrity

Tunnel Server Development Rules

Tunnel Server - TypeScript Development Rules

Project Architecture

TypeScript Architecture Principles

1. Type Safety (CRITICAL)

2. Error Handling

3. Logging Standards

4. Security Requirements

5. Code Organization

Tunnel Protocol Specification

Connection Flow

Connection Management

CI/CD Pipeline (CRITICAL)

Required Steps (in order):

Package Configuration

Implementation Checklist

Anti-Patterns to Avoid

Enforcement

Reviews (0)