Sterister
680d6386f3
Plumbing fix only — both createPrekeyRoutes and createInboxRoutes already accepted disableRateLimit; standalone.ts just didn't read the env. Now SHADE_DISABLE_RATE_LIMIT=1 turns off IP rate-limits on every prekey + inbox route, with a WARN log on startup so operators see it. Single-tenant deployments only — multi-tenant relays must leave it unset. Documented in docs/DEPLOYMENT.md. Reported by Prism: ~6 pair attempts/hour from a single dev IP + the sidecar's register call tripped the 5/hour REGISTER_LIMIT every dev iteration. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@shade/transport-bridge
Transport-agnostic delivery for Shade: WS → SSE → long-poll, in priority
order, behind a single IncomingMessage interface.
import {
FallbackBridgeTransport,
WsBridge,
SseBridge,
LongPollBridge,
} from '@shade/transport-bridge';
const auth = { crypto, signingPrivateKey, address: 'bob' };
const bridge = new FallbackBridgeTransport([
new WsBridge({ baseUrl, auth }),
new SseBridge({ baseUrl, auth }),
new LongPollBridge({ baseUrl, auth }),
]);
await bridge.connect({
onMessage: (msg) => {
// msg: { from: string; bytes: Uint8Array; receivedAt: number; msgId?: string }
},
});
console.log(bridge.activeKind); // "ws" | "sse" | "long-poll"
Pair with createBridgeRoutes in @shade/inbox-server to expose the
matching /v1/bridge/{stream,poll,ws} endpoints. Full design + threat
model in docs/transport.md.
What it solves
Browser extensions, strict corporate proxies, and edge runtimes routinely block long-lived WebSockets. Apps that already use the Shade inbox shouldn't have to write three custom delivery paths to handle the realistic mix of hostile networks they ship into. This package is the canonical answer.
Status
V3.7. Stable wire format, additive change to @shade/inbox-server. See
CHANGELOG.