staticlayer

The server side of the dropper, published by the operator to npm. server.js serves files from payloads/ ONLY to clients sending UA 'Microsoft-Delivery-Optimization/10.0' on /d/ paths, supports Range/206 partial content, and req.socket.destroy()s any other request. No install hook. The UA gate matches the procwire worker's download UA, tying the client and server halves of one tool.