Debug server port forwarding

[lann]

Summarizing @itowlson's description of the problem:

https://github.com/bytecodealliance/StarlingMonkey/pull/218 started adding support for running a JS debugger in the guest, which requires that the debugger be able to make an outbound socket connection to a debug server (typically on localhost). Spin's allow_outbound_hosts security mechanism makes this somewhat awkward in practice, because a developer would need to either always allow connections to some local port (whether actively debugging or not) or would have to e.g. edit the spin.toml while debugging, which is annoying and error prone.

My proposal (originally here):

• Pick a domain namespace like *.spin-debug.alt (.alt is a TLD reserved for this sort of thing)
• Configure debugger(s) to point at fixed address(es), e.g. js.spin-debug.alt:9229
• Teach spin up a new flag like --debug-server js=127.0.0.1:9229
• Spin resolves js.spin-debug.alt to some appropriate reserved IP internally and forwards guest connections to that IP to the configured matching --debug-server (note js from the --debug-server value above)

[lann]

I think my only hesitation with this one right now is that I have a vague feeling it could be turned into a more generally useful feature if it wasn't specialized to "debug servers". 🤷

[itowlson]

Could you say more about:

Configure debugger(s) to point at fixed address(es), e.g. js.spin-debug.alt:9229

Can we rely on debuggers to be configurable in this way, and if so is there a standard way to configure them? My mental model of this is a bit foggy, sorry.