From 200cc7f2dca42ffa79958eda7e70025eb483b25b Mon Sep 17 00:00:00 2001
From: Rene Fichtmueller <renefichtmueller@MacStudio-von-Rene-8.local>
Date: Sun, 26 Apr 2026 21:04:36 +0200
Subject: [PATCH] fix: Correct Cloudflare tunnel and setup script to use port
 3103

The LLM Gateway is configured to run on port 3103 in ecosystem.config.cjs,
but the Cloudflare tunnel configuration and setup script were referencing port
3100, causing 502 Bad Gateway errors.

Updates:
- cloudflare-tunnel.md: Changed tunnel ingress from localhost:3100 to localhost:3103
- setup-erik.sh: Updated health check URL and output messages to port 3103
- This fixes the Cloudflare tunnel connection that was causing public HTTPS access to fail

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
---
 deploy/cloudflare-tunnel.md |  8 ++++----
 deploy/setup-erik.sh        |  8 ++++----
 package-lock.json           | 24 +++++++++++++-----------
 3 files changed, 21 insertions(+), 19 deletions(-)

diff --git a/deploy/cloudflare-tunnel.md b/deploy/cloudflare-tunnel.md
index 386bde5..4071589 100644
--- a/deploy/cloudflare-tunnel.md
+++ b/deploy/cloudflare-tunnel.md
@@ -25,7 +25,7 @@ ingress:
   # ... existing services ...
 
   - hostname: llm-gateway.context-x.org
-    service: http://localhost:3100
+    service: http://localhost:3103
     originRequest:
       connectTimeout: 10s
       noHappyEyeballs: false
@@ -55,7 +55,7 @@ ssh erik "cloudflared tunnel list"
 ```bash
 ssh erik "systemctl restart cloudflared"
 # Verify:
-curl https://llm-gateway.context-x.org/health/live
+curl https://llm-gateway.context-x.org/health
 ```
 
 ## Verify routing
@@ -65,11 +65,11 @@ curl https://llm-gateway.context-x.org/health/live
 curl https://llm-gateway.context-x.org/health
 
 # Expected:
-# {"status":"ok","ollama":{...},"queue":{...}}
+# {"status":"ok","timestamp":"...","checks":{...}}
 ```
 
 ## Notes
 
-- The tunnel connects directly to `localhost:3100` on Erik — nginx is **not** required.
+- The tunnel connects directly to `localhost:3103` on Erik — nginx is **not** required.
 - Cloudflare handles TLS termination and DDoS protection automatically.
 - Rate limiting can be added via Cloudflare WAF rules on top of the gateway's built-in limits.
diff --git a/deploy/setup-erik.sh b/deploy/setup-erik.sh
index d5d4a45..83e1215 100755
--- a/deploy/setup-erik.sh
+++ b/deploy/setup-erik.sh
@@ -161,7 +161,7 @@ sleep 5
 
 MAX_RETRIES=10
 RETRY_DELAY=3
-HEALTH_URL="http://localhost:3100/health/live"
+HEALTH_URL="http://localhost:3103/health"
 
 for i in $(seq 1 $MAX_RETRIES); do
   STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$HEALTH_URL" 2>/dev/null || echo "000")
@@ -183,13 +183,13 @@ done
 # -------------------------------------------------------
 section "Setup complete"
 echo ""
-echo "  Gateway:   http://localhost:3100"
-echo "  Health:    http://localhost:3100/health"
+echo "  Gateway:   http://localhost:3103"
+echo "  Health:    http://localhost:3103/health"
 echo "  Logs:      pm2 logs llm-gateway"
 echo "  PM2 UI:    pm2 monit"
 echo ""
 echo "  Next steps:"
 echo "  1. Add Cloudflare tunnel ingress (see deploy/cloudflare-tunnel.md)"
 echo "  2. Pull Ollama models: bash scripts/pull-models.sh"
-echo "  3. Verify: curl http://localhost:3100/health"
+echo "  3. Verify: curl http://localhost:3103/health"
 echo ""
diff --git a/package-lock.json b/package-lock.json
index d9ad0e7..f0aba6d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,9 @@
         "jose": "^6.2.2"
       }
     },
-    "../../../shieldx": {},
+    "../../../shieldx": {
+      "extraneous": true
+    },
     "node_modules/@esbuild/darwin-arm64": {
       "version": "0.27.7",
       "cpu": [
@@ -323,7 +325,6 @@
       "resolved": "packages/prompt-optimizer",
       "link": true
     },
-    "node_modules/@llm-gateway/types": {},
     "node_modules/@lukeed/ms": {
       "version": "2.0.2",
       "license": "MIT",
@@ -354,10 +355,6 @@
         "darwin"
       ]
     },
-    "node_modules/@shieldx/core": {
-      "resolved": "../../../shieldx",
-      "link": true
-    },
     "node_modules/@sinclair/typebox": {
       "version": "0.27.10",
       "resolved": "https://registry.npmjs.org/@sinclair/typebox/-/typebox-0.27.10.tgz",
@@ -4115,10 +4112,10 @@
         "@fastify/helmet": "^12.0.1",
         "@fastify/rate-limit": "^10.3.0",
         "@fastify/static": "^8.3.0",
-        "@shieldx/core": "file:../../../../../shieldx",
         "ajv": "^8.17.1",
         "fastify": "^5.8.5",
         "franc": "^6.2.0",
+        "jose": "^5.4.0",
         "js-yaml": "^4.1.0",
         "opossum": "^8.1.3",
         "pg": "^8.13.1",
@@ -4138,12 +4135,20 @@
         "vitest": "^2.1.8"
       }
     },
+    "packages/gateway/node_modules/jose": {
+      "version": "5.10.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz",
+      "integrity": "sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "packages/learning": {
       "name": "@llm-gateway/learning",
       "version": "1.0.0",
       "dependencies": {
         "@llm-gateway/prompt-optimizer": "*",
-        "@llm-gateway/types": "*",
         "js-yaml": "^4.1.0",
         "node-cron": "^3.0.3",
         "pg": "^8.13.1",
@@ -4446,9 +4451,6 @@
     "packages/prompt-optimizer": {
       "name": "@llm-gateway/prompt-optimizer",
       "version": "0.1.0",
-      "dependencies": {
-        "@llm-gateway/types": "*"
-      },
       "devDependencies": {
         "@types/node": "^20.10.0",
         "tsup": "^8.0.0",