Skip to content

Block tunnel subdomain registration#950

Merged
onchainlu merged 1 commit into
mainfrom
debug-registration-1c35
Jun 3, 2026
Merged

Block tunnel subdomain registration#950
onchainlu merged 1 commit into
mainfrom
debug-registration-1c35

Conversation

@onchainlu

@onchainlu onchainlu commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Summary

  • Adds isTunnelUrl check that blocks registration for known ephemeral tunnel services (trycloudflare, ngrok, loca.lt, serveo, localhost.run, bore.pub, tunnelmole)
  • Blocks both registration paths: origin-based discovery (fetchDiscoveryDocument) and single-endpoint (registerEndpoint) — covers REST API, TRPC, and UI
  • Returns clear error: "Tunnel URLs are ephemeral and can't be reliably discovered by agents. Deploy your API to a permanent URL to register."

Context: A single "py.scm" service registered 17+ ephemeral trycloudflare origins in ~2 hours, polluting the marketplace with dead URLs. 159 tunnel origins exist total (5.4% of all origins), plus 221 empty-shell origin rows with 0 resources.

Test plan

  • Unit tests for isTunnelUrl — 6 tests covering all tunnel domains, permanent domains, false-positive resistance, and invalid URLs
  • pnpm format && pnpm lint && pnpm check all pass
  • Manual: enter a trycloudflare/ngrok URL in the registration UI — should show error immediately without probing

@onchainlu
Block tunnel subdomain registration
308fe84 
Ephemeral tunnel URLs (trycloudflare, ngrok, etc.) pollute the
marketplace with dead origins that agents can't reach. This adds an
isTunnelUrl check on both registration paths — origin-based discovery
and single-endpoint — so they're rejected before any probing or DB
writes happen.
@vercel

vercel Bot commented Jun 3, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
x402scan Ready Ready Preview, Comment Jun 3, 2026 2:19pm

Request Review

@onchainlu onchainlu merged commit ed365be into main Jun 3, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@onchainlu