This document describes the server-side HTTP API that powers the Repomix web interface. The API is built with the Hono framework and provides endpoints for processing repositories remotely or via ZIP file uploads.
The server acts as a robust wrapper around the repomix core library, handling request validation with Zod, structured logging with winston, memory-efficient ZIP decompression with fflate, and real-time progress updates via NDJSON streaming with Gzip flush capabilities.
The server is implemented as a Node.js application using the Hono web framework with the @hono/node-server adapter website/server/src/index.ts2-3 It is optimized for performance using V8 compile cache warmup to reduce cold-start latency in serverless environments website/server/src/index.ts18-32
The server utilizes a middleware stack for security and performance, including CORS, Cloudflare Origin Guard, Gzip compression, and rate limiting website/server/src/index.ts42-60
Architecture Diagram: Server Components and Request Lifecycle
Sources: website/server/src/index.ts18-77 website/server/src/actions/packAction.ts17-71 website/server/src/middlewares/rateLimit.ts12-69 website/server/src/domains/pack/utils/cache.ts16-87
The server enforces strict validation and security constraints to prevent resource exhaustion and malicious input.
The packAction extracts form data and validates it using validateRequest against the packRequestSchema website/server/src/actions/packAction.ts26-61 This utilizes Zod for schema definition and validation website/server/src/actions/packRequestSchema.ts1-15
includePatterns/ignorePatterns via sanitizePattern website/server/src/actions/packAction.ts63-70The server implements a strict "fail-closed" Turnstile verification for the /api/pack endpoint website/server/src/middlewares/turnstile.ts104-106
X-Turnstile-Token header website/server/src/middlewares/turnstile.ts9pack action to prevent replay attacks website/server/src/middlewares/turnstile.ts22repomix.com website/server/src/middlewares/turnstile.ts28When processing ZIP uploads, extractZipWithSecurity enforces ZIP_SECURITY_LIMITS website/server/src/domains/pack/processZipFile.ts12-18:
Sources: website/server/src/actions/packAction.ts17-71 website/server/src/domains/pack/processZipFile.ts146-200 website/server/src/middlewares/turnstile.ts50-161
The server branches logic based on the input type, eventually delegating to the repomix core's runDefaultAction.
The processRemoteRepo function handles URL-based requests website/server/src/domains/pack/remoteRepo.ts29:
--depth 1) into a temporary directory using git clone website/server/src/domains/pack/remoteRepo.ts15-27runDefaultAction with skipLocalConfig: true to prevent loading untrusted configuration from the remote repo website/server/src/domains/pack/remoteRepo.ts71-89The processZipFile function handles uploaded archives website/server/src/domains/pack/processZipFile.ts23:
fflate for memory-efficient decompression into a temporary directory website/server/src/domains/pack/processZipFile.ts152-157securityCheck: true in cliOptions to scan for secrets during core processing website/server/src/domains/pack/processZipFile.ts46Data Mapping: Code Entity to API Interface
| API Entity | Code Source | Logic |
|---|---|---|
PackResult | website/client/components/api/client.ts:31-50 | Defines the structure for content and metadata including totalTokens and suspiciousFiles. |
ProcessPackResult | website/server/src/types.ts:49-52 | Includes the PackResult and a cached boolean. |
RequestCache | website/server/src/domains/pack/utils/cache.ts:16-87 | Uses Brotli compression (brotliCompress) to store results in memory website/server/src/domains/pack/utils/cache.ts5-67 |
NDJSON Stream | website/server/src/actions/packAction.ts:120-149 | Streams progress events and final result with Z_SYNC_FLUSH using Node's zlib website/server/src/actions/packAction.ts110-148 |
Code Entity Interaction: Request Handling
Sources: website/server/src/domains/pack/remoteRepo.ts15-161 website/server/src/domains/pack/processZipFile.ts23-141 website/server/src/actions/packAction.ts110-148 website/client/components/api/client.ts104-180
Repomix uses a structured logging system integrated with Google Cloud Logging.
The logger maps Winston levels to Cloud Logging severity levels (e.g., error -> ERROR) website/server/src/utils/logger.ts7-16 In production, logs are output as JSON via winston.format.json() website/server/src/utils/logger.ts27
The server tracks memory usage and request outcomes:
getMemoryUsage() and logMemoryUsage() website/server/src/utils/logger.ts94-102pack_completed event website/server/src/actions/packEventSchema.ts15-17invalid_url or file_too_large via classifyRejectReason website/server/src/actions/packEventSchema.ts63-79Sources: website/server/src/utils/logger.ts1-103 website/server/src/actions/packEventSchema.ts1-79
The server is deployed to Google Cloud Run using a multi-step Cloud Build pipeline.
The cloudbuild.yaml defines the deployment lifecycle website/server/cloudbuild.yaml1-84:
website/server/Dockerfile website/server/cloudbuild.yaml3-15Sources: website/server/cloudbuild.yaml1-84
Refresh this wiki