Project Files

.claude

settings.local.json

src

bing

build-urls.ts

index.ts

parse-results.ts

search-images.ts

cache

image-search-results-payload.ts

index.ts

search-cache-key.ts

ttl-cache.ts

web-search-results-payload.ts

config

auto-sentinel.ts

config-defaults.ts

config-schematics.ts

resolve-config.ts

duckduckgo

build-urls.ts

index.ts

parse-results.ts

search-web.ts

web-search-result.ts

enrichment

enrich-search-results.ts

index.ts

metascraper-helpers.d.ts

metascraper.ts

errors

abort-error.ts

error-message.ts

index.ts

no-results-error.ts

tool-error.ts

unsupported-content-type-error.ts

index.ts

lmstudio-home.ts

markdown-path.ts

url-filename.ts

http

challenge.ts

decode.ts

fetch-error.ts

fetch-retry.ts

fetch.ts

impit-client.ts

impit-error.ts

index.ts

parse-content-type.ts

redirects.ts

response-body.ts

ssrf.ts

url-schema.ts

url.ts

images

download-image.ts

download-images.ts

index.ts

page

fetch-page.ts

fetched-page.ts

index.ts

page-kind.ts

parsers

image-extensions.ts

index.ts

page-images.ts

page-text.ts

parse-html.ts

pdf-text.ts

renderers

image-results.ts

index.ts

page-result.ts

retrieval

chunking.ts

excerpt.ts

index.ts

relevance.ts

selection.ts

index.ts

safe-search.ts

search-page-parameter.ts

text

escape-markdown.ts

html-to-markdown.ts

html-to-text.ts

index.ts

normalize-blank-lines.ts

normalize-text.ts

timing

index.ts

per-host-rate-limiter.ts

rate-limiter.ts

tools

fetch-images-tool.ts

image-search-tool.ts

visit-website-tool.ts

web-search-tool.ts

index.ts

tools-provider.ts

.gitignore

.prettierrc.json

CLAUDE.md

eslint.config.mjs

knip.json

LICENSE

manifest.json

package-lock.json

package.json

QWEN.md

README.md

thumbnail.png

tsconfig.json

tsdoc.json

src / http / challenge.ts

/**
 * Cloudflare WAF response reasoning, kept separate from the generic redirect-following logic
 * so the rest of the HTTP layer stays unaware of any one provider's anti-bot quirks.
 */

import type { ImpitResponse } from "impit"

/**
 * Response header Cloudflare sets when its WAF takes mitigation action on a request.
 * `cf-mitigated: challenge` accompanies a `403` whose body is a JS challenge page
 * ("Just a moment..."); these are non-deterministic and worth retrying since the same
 * fingerprint may pass on a subsequent attempt.
 */
const CF_MITIGATED_HEADER = "cf-mitigated"

/**
 * Value of the `cf-mitigated` header indicating a transient JS challenge, the only
 * mitigation kind we treat as retryable. Other values (`block`, `dns_filtering`) reflect
 * deliberate site rules and should fail fast.
 */
const CF_MITIGATED_CHALLENGE_VALUE = "challenge"

/**
 * Detect a Cloudflare JS-challenge response, identified by the `cf-mitigated: challenge`
 * header Cloudflare sets alongside the `403`. The challenge is non-deterministic, since the
 * same fingerprint that gets challenged once may pass on retry, so the caller flags the
 * underlying `FetchError` retryable.
 *
 * @param response - Response to inspect.
 * @returns `true` when the response is a Cloudflare JS challenge.
 */
export function isCloudflareChallenge(response: ImpitResponse): boolean {
  return response.headers.get(CF_MITIGATED_HEADER) === CF_MITIGATED_CHALLENGE_VALUE
}

web-tools