Add WASM resolver support for GitHub/GitLab previews

[SirajChokshi]

Summary

• merged latest origin/main into cursor/wasm-resolvers-support-dfb8
• resolved all merge conflicts and preserved WASM resolver functionality already present on this branch

Conflict Classification

• src/utils/fetch.ts: simple
  • same intent (proxying), with only endpoint normalization and duplicate network error check overlap
  • resolution: kept main /api/proxy approach and a single network error check
• src/utils/logger.ts: complicated intent
  • branch used logbench-based fallback logic, while main replaced logger architecture with a native formatted logger and removed logbench
  • resolution: adopted main logger architecture
• src/utils/preview.ts: complicated intent
  • branch generalized script inlining flow; main introduced targeted proxied-script loading (script[src]) with module handling and explicit script removal
  • resolution: adopted main script-loading architecture

Validation

• npm run test
• npm run lint
• npm run check

Existing WASM Walkthrough Artifacts

  

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
static-preview	Ready	Preview, Comment	Apr 6, 2026 9:18pm

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Autofix Details

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Logger creates two instances, only uses one
  • Resolved the factory value once using a typeof check before calling createLogger, eliminating the wasteful second instance creation and the three-variable resolution logic.

Or push these changes by commenting:

@cursor push 5adf589ded

Preview (5adf589ded)

diff --git a/src/utils/logger.ts b/src/utils/logger.ts
--- a/src/utils/logger.ts
+++ b/src/utils/logger.ts
@@ -47,14 +47,9 @@
   }
 }
 
-const logger = createLogger(logbench)
+const factory =
+  typeof logbench === 'function'
+    ? logbench
+    : (logbench as { default?: unknown }).default
 
-// Keep existing styling behavior for compatible environments.
-const styledLogger = createLogger((logbench as { default?: unknown }).default)
-
-const resolvedLogger =
-  typeof (logbench as { default?: unknown }).default === 'function'
-    ? styledLogger
-    : logger
-
-export default resolvedLogger
+export default createLogger(factory)

_{You can send follow-ups to the cloud agent here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: WASM resolver uses deprecated third-party proxy service
  • Replaced the third-party api.codetabs.com proxy with the first-party /api/proxy endpoint by constructing the proxy URL using window.location.origin + '/api/proxy?url=', which correctly resolves to the SvelteKit app's origin inside the iframe rendered via document.write().

Or push these changes by commenting:

@cursor push e714e5b361

Preview (e714e5b361)

diff --git a/src/utils/lang/html.ts b/src/utils/lang/html.ts
--- a/src/utils/lang/html.ts
+++ b/src/utils/lang/html.ts
@@ -7,7 +7,7 @@
 function getFetchResolverScript() {
   return `<script data-static-preview-fetch-resolver>
 ;(() => {
-  const proxyPrefix = 'https://api.codetabs.com/v1/proxy/?quest='
+  const proxyPath = '/api/proxy'
   const nativeFetch = window.fetch.bind(window)
 
   const shouldProxy = (url) => {
@@ -15,7 +15,7 @@
       return false
     }
 
-    if (url.href.startsWith(proxyPrefix)) {
+    if (url.origin === window.location.origin && url.pathname === proxyPath) {
       return false
     }
 
@@ -35,7 +35,7 @@
       const absoluteUrl = new URL(requestUrl, document.baseURI)
 
       if (shouldProxy(absoluteUrl)) {
-        const proxiedUrl = \`\${proxyPrefix}\${encodeURIComponent(absoluteUrl.href)}\`
+        const proxiedUrl = \`\${window.location.origin}\${proxyPath}?url=\${encodeURIComponent(absoluteUrl.href)}\`
 
         if (typeof input !== 'string' && !(input instanceof URL)) {
           return nativeFetch(new Request(proxiedUrl, input), init)

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit 3109a57. Configure here.}

[cursor]

WASM resolver uses deprecated third-party proxy service

High Severity

The new fetch resolver script incorrectly routes WASM fetch calls through api.codetabs.com. This third-party proxy, explicitly replaced by our first-party /api/proxy endpoint, introduces privacy and reliability risks (e.g., rate limits) and bypasses our security controls. Our first-party proxy is already equipped to handle these requests.

 

^{Reviewed by Cursor Bugbot for commit 3109a57. Configure here.}