Small Axum service for OAuth callbacks and encrypted webhook inboxes:
GET /?at=<url>&code=...&state=...redirects toat, appending every query parameter exceptat.POST /ccreates or returns the short OAuth callback alias for a target.POST /i/<base64url-public-key>captures a webhook request, encrypts it for that public key, and stores it for later handling.POST /i/<key-a>.<key-b>fans out one encrypted copy per recipient./i/<key>/webmention,/websub,/slack,/pingback,/meta,/cloudevents, and/discord/<app-public-key>add small protocol handling before storing deliveries in the same inbox.GET /i/<key>looks ahead without removing deliveries.POST /i/<key>/claimreserves deliveries for handling.POST /i/<key>/ackremoves handled deliveries in batches.POST /i/<key>/releasemakes claimed deliveries ready again.
Requests are only stored when captured method, path, query, headers, and body fit within 64 KiB. GET and claim responses return only as many items as fit within 1 MiB. If an inbox is full, new captures are rejected and existing deliveries are not removed.
process-compose upThat starts Postgres and the app. The service listens on 127.0.0.1:3000 by
default.
To run the packaged service binary directly:
nix run github:xmit-co/cc.me| Variable | Default | Meaning |
|---|---|---|
BIND_ADDR |
127.0.0.1:3000 |
HTTP bind address |
DATABASE_URL |
postgres://127.0.0.1:5432/postgres |
Postgres connection URL |
INBOX_MAX_REQUESTS |
100 |
Stored encrypted requests per public key |
INBOX_DEFAULT_GET_LIMIT |
1 |
Default GET/claim batch size when a limit is omitted |
INBOX_MAX_GET_LIMIT |
1000 |
Cap for requested batch sizes |
INBOX_LONG_POLL_SECONDS |
25 |
Long-poll wait used by ?p and claim({ poll: true }) |
Static docs live in docs/. The JS client package lives in client/.
The client CLI can forward or inspect inbox deliveries:
npx cc-me http://example.local:8080/webhook
npx cc-me inspectBy xmit dev team. We respect privacy: deliveries are encrypted for your key, no logs are collected, and public stats are aggregate.