Launch hosted captun.sh tunnels

[mmkal]

Summary

Adds the hosted captun.sh path so a first-time user can get a public tunnel without deploying anything first.

# with something listening on localhost:3000
npx captun 3000

The CLI now defaults to the hosted https://captun.sh gateway when there is no local config, generates a random tunnel name, and prints a public URL like:

https://abc123.captun.sh -> localhost:3000

No Cloudflare account, config file, token, or deploy wizard is needed for that first run. Users can still run npx captun deploy later if they want their own self-hosted gateway.

What Changed

• defaults missing local config to the hosted https://captun.sh gateway
• changes createCaptunTunnel to connect with { gateway, name, token, fetch } and wait for the gateway to return { url, token }
• renames the low-level Cap'n Web accept APIs to acceptFetcherCapability and acceptFetcherCapabilityFromSocket
• updates the CLI, deploy wizard, config file, smoke scripts, benchmarks, docs, and hosted browser demo to use gateway/token
• keeps the self-hosted Cloudflare Tunnel Gateway readable in src/worker.ts, with the hosted captun.sh product surface isolated under src/hosted/
• reserves product/control-plane tunnel names, serves www.captun.sh, and redirects the apex host to www
• adds CONTEXT.md and ADR-0001 to keep the Fetcher Capability / Tunnel / Gateway language clear

#20 is superseded by this shape; hosted rate limiting and ownership controls are rebuilt in #22 on top of the gateway-owned protocol.

Library Example

import { createCaptunTunnel } from "captun";

const tunnel = await createCaptunTunnel({
  fetch: (request) => Response.json({ path: new URL(request.url).pathname }),
});

console.log(tunnel.url); // https://abc123.captun.sh

Self-hosted use now passes the gateway URL, not a tunnel URL template:

npx captun 3000 --gateway 'https://captun.youraccount.workers.dev' --token abc123

Structure

• src/index.ts contains the client API and low-level Fetcher Capability helpers.
• src/worker.ts is the deployable self-hosted Cloudflare Tunnel Gateway.
• src/hosted/site.ts and src/hosted/worker.ts are the Iterate-operated hosted surface for captun.sh.
• wrangler.jsonc is for self-hosted deployment; wrangler.hosted.jsonc is for the hosted service.

Verification

• pnpm run check
• pnpm test
• pnpm run build
• pnpm exec vitest run test/worker.test.ts test/e2e.test.ts examples/weather-reporter/e2e.test.ts
• CAPTUN_PUBLIC_E2E=1 pnpm exec vitest run test/public-hosted.test.ts
• deployed captun-public to Iterate prd with captun.sh/* and *.captun.sh/*

[pkg-pr-new]

Open in StackBlitz

npx https://pkg.pr.new/captun@16

commit: 1a924a7

[cursor]

Cursor Bugbot has reviewed your changes and found 2 potential issues.

There are 4 total unresolved issues (including 2 from previous reviews).

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit ead1f28. Configure here.}