@gozargah/xray-schema 0.0.3

package/dist/index.js

@@ -0,0 +1,1309 @@
+import z from "zod";
+//#region src/transport/version/version.ts
+const versionSchema = z.object({
+	min: z.string().optional(),
+	max: z.string().optional()
+});
+//#endregion
+//#region src/log/log.ts
+const logSchema = z.object({
+	access: z.union([z.string(), z.literal("none")]).default("").optional(),
+	error: z.union([z.string(), z.literal("none")]).optional().default("").optional(),
+	loglevel: z.enum([
+		"debug",
+		"info",
+		"warning",
+		"error",
+		"none"
+	]).default("warning").optional(),
+	dnsLog: z.boolean().optional().default(false).optional(),
+	maskAddress: z.union([
+		z.literal(""),
+		z.enum([
+			"quarter",
+			"half",
+			"full"
+		]),
+		z.string().regex(/^\/(?:0|8|16|24|32)\+\/(?:12[0-8]|1[01][0-9]|[0-9]{1,2})$/)
+	]).default("").optional()
+});
+//#endregion
+//#region src/api/api.ts
+const apiServices = z.union([
+	z.literal("HandlerService"),
+	z.literal("RoutingService"),
+	z.literal("LoggerService"),
+	z.literal("StatsService"),
+	z.literal("ReflectionService")
+]);
+const apiSchema = z.object({
+	tag: z.string(),
+	listen: z.string().optional(),
+	services: z.array(apiServices).optional()
+});
+//#endregion
+//#region src/dns/dnsObject/dnsObject.ts
+const dnsObject = z.object({
+	address: z.string(),
+	port: z.number().optional(),
+	domains: z.array(z.string()).optional(),
+	expectedIPs: z.array(z.string()).optional(),
+	unexpectedIPs: z.array(z.string()).optional(),
+	skipFallback: z.boolean().default(false).optional(),
+	finalQuery: z.boolean().default(false).optional(),
+	tag: z.string().optional(),
+	clientIP: z.string().optional(),
+	queryStrategy: z.enum([
+		"UseIP",
+		"UseIPv4",
+		"UseIPv6",
+		"UseSystem"
+	]).default("UseIP").optional(),
+	disableCache: z.boolean().default(false).optional()
+});
+//#endregion
+//#region src/dns/dns.ts
+const dnsSchema = z.object({
+	hosts: z.record(z.string(), z.union([z.string(), z.array(z.string())])).optional(),
+	servers: z.array(z.union([z.string(), dnsObject])).optional(),
+	tag: z.string().optional(),
+	clientIP: z.string().optional(),
+	queryStrategy: z.enum([
+		"UseIP",
+		"UseIPv4",
+		"UseIPv6",
+		"UseSystem"
+	]).default("UseIP").optional(),
+	disableCache: z.boolean().default(false).optional(),
+	disableFallback: z.boolean().default(false).optional(),
+	disableFallbackIfMatch: z.boolean().default(false).optional(),
+	useSystemHosts: z.boolean().default(false).optional(),
+	enableParallelQuery: z.boolean().default(false).optional(),
+	serveStale: z.boolean().default(false).optional(),
+	serveExpiredTTL: z.number().default(0).optional()
+}).loose();
+//#endregion
+//#region src/routing/ruleObject/ruleObject.ts
+const routingRule = z.object({
+	domain: z.array(z.string()).optional(),
+	ip: z.array(z.string()).optional(),
+	port: z.union([z.string(), z.number()]).optional(),
+	sourcePort: z.union([z.string(), z.number()]).optional(),
+	network: z.enum([
+		"tcp",
+		"udp",
+		"tcp,udp"
+	]).optional(),
+	source: z.array(z.string()).optional(),
+	sourceIP: z.array(z.string()).optional(),
+	user: z.array(z.string()).optional(),
+	vlessRoute: z.string().optional(),
+	inboundTag: z.array(z.string()).optional(),
+	protocol: z.array(z.string()).optional(),
+	attrs: z.record(z.string(), z.unknown()).optional(),
+	process: z.array(z.string()).optional(),
+	outboundTag: z.string().optional(),
+	balancerTag: z.string().optional(),
+	ruleTag: z.string().optional(),
+	webhook: z.object({
+		url: z.string(),
+		deduplication: z.number().optional(),
+		headers: z.object().loose()
+	}).optional()
+}).loose();
+//#endregion
+//#region src/routing/balancerObject/strategyObject/leastLoadSettingsObject.ts
+const costsObject = z.object({
+	regexp: z.boolean().default(false).optional(),
+	match: z.string().optional(),
+	value: z.float32().optional()
+});
+const leastLoadSettingsObject = z.object({
+	expected: z.number().optional(),
+	maxRTT: z.string().optional(),
+	tolerance: z.float32().optional(),
+	baselines: z.array(z.string()).optional(),
+	costs: z.array(costsObject).default([]).optional()
+});
+//#endregion
+//#region src/routing/balancerObject/strategyObject/strategyObject.ts
+const strategyObject = z.discriminatedUnion("type", [
+	z.object({ type: z.literal("random") }),
+	z.object({ type: z.literal("roundRobin") }),
+	z.object({ type: z.literal("leastPing") }),
+	z.object({
+		type: z.literal("leastLoad"),
+		settings: leastLoadSettingsObject.optional()
+	})
+]);
+//#endregion
+//#region src/routing/balancerObject/balancerObject.ts
+const balancerObject = z.object({
+	tag: z.string().optional(),
+	selector: z.array(z.string()).optional(),
+	fallbackTag: z.string().optional(),
+	strategy: strategyObject
+});
+//#endregion
+//#region src/routing/routing.ts
+const routingSchema = z.object({
+	domainStrategy: z.union([
+		z.literal("AsIs"),
+		z.literal("IPIfNonMatch"),
+		z.literal("IPOnDemand")
+	]).optional(),
+	rules: z.array(routingRule).optional(),
+	balancers: z.array(balancerObject).optional()
+}).loose();
+//#endregion
+//#region src/policy/policy.ts
+const policySchema = z.object({
+	levels: z.record(z.string(), z.object({
+		handshake: z.number().default(4).optional(),
+		connIdle: z.number().default(300).optional(),
+		uplinkOnly: z.number().default(2).optional(),
+		downlinkOnly: z.number().default(5).optional(),
+		statsUserUplink: z.boolean().default(false).optional(),
+		statsUserDownlink: z.boolean().default(false).optional(),
+		statsUserOnline: z.boolean().default(false).optional(),
+		bufferSize: z.number().optional()
+	})).optional(),
+	system: z.object({
+		statsInboundUplink: z.boolean().default(false).optional(),
+		statsInboundDownlink: z.boolean().default(false).optional(),
+		statsOutboundUplink: z.boolean().default(false).optional(),
+		statsOutboundDownlink: z.boolean().default(false).optional()
+	}).optional()
+});
+//#endregion
+//#region src/inbounds/sniffing/sniffing.ts
+const sniffingSchema = z.object({
+	enabled: z.boolean().default(true).optional(),
+	destOverride: z.array(z.enum([
+		"http",
+		"tls",
+		"quic",
+		"fakedns"
+	])).default([
+		"http",
+		"tls",
+		"fakedns"
+	]),
+	metadataOnly: z.boolean().default(false).optional(),
+	domainsExcluded: z.array(z.string()).default([]).optional(),
+	ipsExcluded: z.array(z.string()).default([]).optional(),
+	routeOnly: z.boolean().default(false).optional()
+});
+//#endregion
+//#region src/transport/finalmask/customSettingsObject.ts
+const headerCustomSettingsObject = z.object({
+	delay: z.int().default(0).optional(),
+	rand: z.int().default(0).optional(),
+	randRange: z.string().default("0-255").optional(),
+	type: z.enum([
+		"array",
+		"str",
+		"hex",
+		"base64"
+	]).default("array").optional(),
+	packet: z.array(z.any()).optional()
+});
+//#endregion
+//#region src/transport/finalmask/sudoku.ts
+const sudoku = z.object({
+	type: z.literal("sudoku"),
+	settings: z.object({
+		password: z.string(),
+		ascii: z.string(),
+		customTable: z.string(),
+		customTables: z.array(z.string()),
+		paddingMin: z.int(),
+		paddingMax: z.int()
+	})
+});
+//#endregion
+//#region src/transport/finalmask/tcpFinalmask.ts
+const tcpHeaderCustom$1 = z.object({
+	type: z.literal("header-custom"),
+	settings: z.object({
+		clients: z.array(z.array(headerCustomSettingsObject)),
+		servers: z.array(z.array(headerCustomSettingsObject)),
+		errors: z.array(z.array(headerCustomSettingsObject))
+	})
+});
+const tcpFragment = z.object({
+	type: z.literal("fragment"),
+	settings: z.object({
+		packets: z.enum(["1-3", "tlshello"]),
+		length: z.string(),
+		delay: z.string(),
+		maxSplit: z.string()
+	})
+});
+const tcpFinalmask = z.array(z.discriminatedUnion("type", [
+	tcpHeaderCustom$1,
+	tcpFragment,
+	sudoku
+]));
+//#endregion
+//#region src/transport/finalmask/udpFinalmask.ts
+const tcpHeaderCustom = z.object({
+	type: z.literal("header-custom"),
+	settings: z.object({
+		client: z.array(headerCustomSettingsObject),
+		server: z.array(headerCustomSettingsObject)
+	})
+});
+const headerDns = z.object({
+	type: z.literal("header-dns"),
+	settings: z.object({ domain: z.string() })
+});
+const mkcpAes128gcm = z.object({
+	type: z.literal("mkcp-aes128gcm"),
+	settings: z.object({ password: z.string() })
+});
+const noise$1 = z.object({
+	type: z.literal("noise"),
+	settings: z.object({
+		reset: z.int(),
+		noise: z.array(z.object({
+			rand: z.string(),
+			randRange: z.string(),
+			type: z.string(),
+			packet: z.array(z.any()),
+			delay: z.string()
+		}))
+	})
+});
+const salamander = z.object({
+	type: z.literal("salamander"),
+	settings: z.object({ password: z.string() })
+});
+const xdns = z.object({
+	type: z.literal("xdns"),
+	settings: z.object({ domains: z.array(z.string()).min(1) }).or(z.object({ resolvers: z.array(z.string()).min(1) }))
+});
+const xicmp = z.object({
+	type: z.literal("xicmp"),
+	settings: z.object({
+		dgram: z.boolean().default(false).optional(),
+		ips: z.array(z.string()).default([]).optional()
+	})
+});
+const realm = z.object({
+	type: z.literal("realm"),
+	settings: z.object({
+		url: z.string().min(1),
+		stunServers: z.array(z.string()).min(1),
+		tlsConfig: z.object({}).loose()
+	})
+});
+const udpFinalmask = z.array(z.discriminatedUnion("type", [
+	tcpHeaderCustom,
+	headerDns,
+	mkcpAes128gcm,
+	noise$1,
+	salamander,
+	sudoku,
+	xdns,
+	xicmp,
+	realm
+]));
+//#endregion
+//#region src/transport/finalmask/quicParams.ts
+const udpHop = z.object({
+	ports: z.string(),
+	interval: z.number().or(z.string()).default(30).optional()
+});
+const quicParams = z.object({
+	congestion: z.enum([
+		"reno",
+		"bbr",
+		"brutal",
+		"force-brutal"
+	]).optional(),
+	bbrProfile: z.enum([
+		"conservative",
+		"standard",
+		"aggressive"
+	]).optional(),
+	debug: z.boolean().default(false).optional(),
+	brutalUp: z.string().or(z.int()).default(0).optional(),
+	brutalDown: z.string().or(z.int()).default(0).optional(),
+	udpHop: udpHop.optional(),
+	initStreamReceiveWindow: z.int().default(8388608).optional(),
+	maxStreamReceiveWindow: z.int().default(8388608).optional(),
+	initConnectionReceiveWindow: z.int().default(20971520).optional(),
+	maxConnectionReceiveWindow: z.int().default(20971520).optional(),
+	maxIdleTimeout: z.int().default(30).optional(),
+	keepAlivePeriod: z.int().default(0).optional(),
+	disablePathMTUDiscovery: z.boolean().default(false).optional(),
+	maxIncomingStreams: z.int().min(8).default(1024).optional()
+});
+//#endregion
+//#region src/transport/finalmask/finalmask.ts
+const finalmask = z.object({
+	tcp: tcpFinalmask.optional(),
+	udp: udpFinalmask.optional(),
+	quicParams: quicParams.optional()
+});
+//#endregion
+//#region src/transport/sockopt/sockopt.ts
+const happyEyeballs = z.object({
+	tryDelayMs: z.int().default(0).optional(),
+	prioritizeIPv6: z.boolean().default(false).optional(),
+	interleave: z.int().default(1).optional(),
+	maxConcurrentTry: z.int().default(4).optional()
+});
+const customSockoptObject = z.object({
+	system: z.enum([
+		"linux",
+		"windows",
+		"darwin",
+		""
+	]).or(z.string()).optional(),
+	type: z.enum(["int", "str"]),
+	level: z.string().or(z.int()).default("6").optional(),
+	opt: z.string().or(z.int()),
+	value: z.string().or(z.int())
+});
+const sockopt = z.object({
+	mark: z.int().optional(),
+	tcpMaxSeg: z.int().optional(),
+	tcpFastOpen: z.boolean().or(z.number()).optional(),
+	tproxy: z.enum([
+		"redirect",
+		"tproxy",
+		"off"
+	]).default("off").optional(),
+	domainStrategy: z.enum([
+		"AsIs",
+		"UseIP",
+		"UseIPv6v4",
+		"UseIPv6",
+		"UseIPv4v6",
+		"UseIPv4",
+		"ForceIP",
+		"ForceIPv6v4",
+		"ForceIPv6",
+		"ForceIPv4v6",
+		"ForceIPv4"
+	]).default("AsIs").optional(),
+	happyEyeballs: happyEyeballs.default({}).optional(),
+	dialerProxy: z.string().optional(),
+	acceptProxyProtocol: z.boolean().default(false).optional(),
+	trustedXForwardedFor: z.array(z.string()).optional(),
+	tcpKeepAliveInterval: z.int().optional(),
+	tcpKeepAliveIdle: z.int().optional(),
+	tcpUserTimeout: z.int().optional(),
+	tcpcongestion: z.enum([
+		"bbr",
+		"cubic",
+		"reno",
+		""
+	]).optional(),
+	interface: z.string().optional(),
+	V6Only: z.boolean().default(false).optional(),
+	tcpWindowClamp: z.int().optional(),
+	tcpMptcp: z.boolean().default(false).optional(),
+	addressPortStrategy: z.enum([
+		"none",
+		"SrvPortOnly",
+		"SrvAddressOnly",
+		"SrvPortAndAddress",
+		"TxtPortOnly",
+		"TxtAddressOnly",
+		"TxtPortAndAddress",
+		"none"
+	]).default("none").optional(),
+	customSockopt: z.array(customSockoptObject).optional()
+});
+//#endregion
+//#region src/transport/base.ts
+const transportBase = z.object({
+	finalmask: finalmask.optional(),
+	sockopt: sockopt.optional()
+});
+//#endregion
+//#region src/transport/raw/raw.ts
+const nonHeaderSchema = z.object({ type: z.literal("none") });
+const httpHeaderRequestSchema = z.object({
+	version: z.string().default("1.1").optional(),
+	method: z.string().default("GET").optional(),
+	path: z.array(z.string()).default(["/"]).optional(),
+	headers: z.record(z.string(), z.union([z.string(), z.array(z.string())])).default({}).optional()
+});
+const httpHeaderResponseSchema = z.object({
+	version: z.string().default("1.1").optional(),
+	status: z.string().default("200").optional(),
+	reason: z.string().default("OK").optional(),
+	headers: z.record(z.string(), z.union([z.string(), z.array(z.string())])).default({}).optional()
+});
+const httpHeaderSchema = z.object({
+	type: z.literal("http"),
+	request: httpHeaderRequestSchema.default({}).optional(),
+	response: httpHeaderResponseSchema.default({}).optional()
+});
+const rawSettingsHeaderSchema = z.discriminatedUnion("type", [nonHeaderSchema, httpHeaderSchema]);
+const rawSettings = z.object({
+	acceptProxyProtocol: z.boolean().default(false).optional(),
+	header: rawSettingsHeaderSchema.default({ type: "none" }).optional()
+}).optional();
+const rawStream = transportBase.extend({
+	network: z.literal("raw"),
+	rawSettings
+});
+const tcpStream = transportBase.extend({
+	network: z.literal("tcp").optional(),
+	tcpSettings: rawSettings
+});
+//#endregion
+//#region src/transport/mkcp/mkcp.ts
+const mkcpStream = transportBase.extend({
+	network: z.literal("kcp").or(z.literal("mkcp")),
+	kcpSettings: z.object({
+		mtu: z.number().int().nonnegative().default(1350).optional(),
+		tti: z.number().int().nonnegative().default(50).optional(),
+		uplinkCapacity: z.number().int().nonnegative().default(5).optional(),
+		downlinkCapacity: z.number().int().nonnegative().default(20).optional(),
+		congestion: z.boolean().default(false).optional(),
+		readBufferSize: z.number().int().nonnegative().default(2).optional(),
+		writeBufferSize: z.number().int().nonnegative().default(2).optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/websocket/websocket.ts
+const websocketStream = transportBase.extend({
+	network: z.literal("websocket").or(z.literal("ws")),
+	wsSettings: z.object({
+		acceptProxyProtocol: z.boolean().default(false).optional(),
+		path: z.string().default("/").optional(),
+		host: z.string().default("").optional(),
+		headers: z.record(z.string(), z.string()).default({}).optional(),
+		heartbeatPeriod: z.number().int().nonnegative().default(0).optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/grpc/grpc.ts
+const grpcStream = transportBase.extend({
+	network: z.literal("grpc"),
+	grpcSettings: z.object({
+		authority: z.string().optional(),
+		serviceName: z.string().default("").optional(),
+		multiMode: z.boolean().default(false).optional(),
+		user_agent: z.string().optional(),
+		idle_timeout: z.number().int().nonnegative().transform((t) => t && t < 10 ? 10 : t).optional(),
+		health_check_timeout: z.number().int().nonnegative().default(20).optional(),
+		permit_without_stream: z.boolean().default(false).optional(),
+		initial_windows_size: z.number().int().nonnegative().default(0).optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/hysteria/hysteria.ts
+const masquerade = z.object({
+	type: z.enum([
+		"file",
+		"proxy",
+		"string",
+		""
+	]).default("").optional(),
+	dir: z.string().default("").optional(),
+	url: z.string().default("").optional(),
+	rewriteHost: z.boolean().default(false).optional(),
+	insecure: z.boolean().default(false).optional(),
+	content: z.string().default("").optional(),
+	headers: z.record(z.string(), z.string()).default({}).optional(),
+	statusCode: z.number().int().default(0).optional()
+});
+const hysteriaStream = transportBase.extend({
+	network: z.literal("hysteria"),
+	hysteriaSettings: z.object({
+		version: z.literal(2).default(2),
+		auth: z.string(),
+		udpIdleTimeout: z.number().int().nonnegative().default(60).optional(),
+		masquerade: masquerade.optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/httpupgrade/httpupgrade.ts
+const httpUpgradeStream = transportBase.extend({
+	network: z.literal("httpupgrade"),
+	httpupgradeSettings: z.object({
+		acceptProxyProtocol: z.boolean().default(false).optional(),
+		path: z.string().default("/").optional(),
+		host: z.string().default("").optional(),
+		headers: z.record(z.string(), z.string()).default({}).optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/security/fingerprint.ts
+const fingerprintSchema = z.enum([
+	"chrome",
+	"firefox",
+	"safari",
+	"ios",
+	"android",
+	"edge",
+	"360",
+	"qq",
+	"random",
+	"randomized"
+]).or(z.string());
+//#endregion
+//#region src/transport/security/tls/tls.ts
+const certificateObject = z.object({
+	ocspStapling: z.number().int().nonnegative().default(0).optional(),
+	oneTimeLoading: z.boolean().default(false).optional(),
+	usage: z.enum([
+		"encipherment",
+		"verify",
+		"issue"
+	]).default("encipherment").optional(),
+	buildChain: z.boolean().default(false).optional(),
+	certificateFile: z.string().optional(),
+	keyFile: z.string().optional(),
+	certificate: z.array(z.string()).optional(),
+	key: z.array(z.string()).optional()
+});
+const tls = z.object({
+	security: z.literal("tls"),
+	tlsSettings: z.object({
+		serverName: z.string().or(z.literal("fromMitm")).default("").optional(),
+		verifyPeerCertByName: z.string().or(z.literal("fromMitm")).optional(),
+		rejectUnknownSni: z.boolean().default(false).optional(),
+		allowInsecure: z.boolean().default(false).optional(),
+		alpn: z.array(z.enum([
+			"http/1.1",
+			"h2",
+			"h3",
+			"fromMitm"
+		])).default(["h2", "http/1.1"]).optional(),
+		minVersion: z.string().optional(),
+		maxVersion: z.string().optional(),
+		cipherSuites: z.string().optional(),
+		certificates: z.array(certificateObject).optional(),
+		disableSystemRoot: z.boolean().default(false).optional(),
+		enableSessionResumption: z.boolean().default(false).optional(),
+		fingerprint: fingerprintSchema.optional(),
+		pinnedPeerCertSha256: z.string().optional(),
+		curvePreferences: z.array(z.enum([
+			"CurveP256",
+			"CurveP384",
+			"CurveP521",
+			"X25519",
+			"X25519MLKEM768",
+			"SecP256r1MLKEM768*",
+			"SecP384r1MLKEM1024*"
+		])).optional(),
+		masterKeyLog: z.string().optional(),
+		echServerKeys: z.string().optional(),
+		echConfigList: z.string().optional(),
+		echSockopt: sockopt.optional()
+	}).optional()
+});
+//#endregion
+//#region src/transport/security/reality/reality.ts
+const limitFallbackObject = z.object({
+	afterBytes: z.number().int().nonnegative().default(0).optional(),
+	bytesPerSec: z.number().int().nonnegative().default(0).optional(),
+	burstBytesPerSec: z.number().int().nonnegative().default(0).optional()
+}).optional();
+const realitySettingsServer = z.object({
+	show: z.boolean().default(false).optional(),
+	target: z.string().min(1).optional(),
+	dest: z.string().min(1).optional(),
+	xver: z.number().default(0).optional(),
+	serverNames: z.array(z.string()).min(1),
+	privateKey: z.string().min(1),
+	minClientVer: z.string().optional(),
+	maxClientVer: z.string().optional(),
+	maxTimeDiff: z.number().int().nonnegative().default(0).optional(),
+	shortIds: z.array(z.string()).min(1),
+	mldsa65Seed: z.string().default("").optional(),
+	limitFallbackUpload: limitFallbackObject.optional(),
+	limitFallbackDownload: limitFallbackObject.optional()
+});
+const base = z.object({
+	serverName: z.string().optional(),
+	fingerprint: fingerprintSchema.optional(),
+	shortId: z.string(),
+	mldsa65Verify: z.string().optional(),
+	spiderX: z.string().optional()
+});
+const realitySettingsClient = z.union([base.merge(z.object({ password: z.string() })), base.merge(z.object({ publicKey: z.string() }))]);
+const reality = z.object({
+	security: z.literal("reality"),
+	realitySettings: realitySettingsServer.or(realitySettingsClient)
+});
+//#endregion
+//#region src/transport/xhttp/xhttp.ts
+const intOrRange = z.union([z.number().int(), z.string().regex(/^-?\d+-\d+$/)]);
+const xmux = z.object({
+	maxConcurrency: intOrRange.default("16-32").optional(),
+	maxConnections: intOrRange.default(0).optional(),
+	cMaxReuseTimes: intOrRange.default(0).optional(),
+	hMaxRequestTimes: intOrRange.optional(),
+	hMaxReusableSecs: intOrRange.optional(),
+	hKeepAlivePeriod: z.number().int().default(0).optional()
+});
+const downloadXhttpSettings = z.object({
+	host: z.string().default("").optional(),
+	path: z.string().default("/").optional(),
+	mode: z.enum([
+		"auto",
+		"packet-up",
+		"stream-up",
+		"stream-one"
+	]).default("auto").optional()
+});
+const xhttpSettingsCommonFields = z.object({
+	address: z.string(),
+	port: z.number().int().nonnegative(),
+	network: z.literal("xhttp"),
+	xhttpSettings: downloadXhttpSettings.optional(),
+	sockopt: sockopt.optional()
+});
+const downloadSettings = z.discriminatedUnion("security", [tls.merge(xhttpSettingsCommonFields), reality.merge(xhttpSettingsCommonFields)]).optional();
+const extra = z.object({
+	headers: z.record(z.string(), z.string()).optional(),
+	xPaddingBytes: intOrRange.default("100-1000").optional(),
+	noGRPCHeader: z.boolean().default(false).optional(),
+	noSSEHeader: z.boolean().default(false).optional(),
+	scMaxEachPostBytes: intOrRange.optional(),
+	scMinPostsIntervalMs: intOrRange.optional(),
+	scMaxBufferedPosts: z.number().int().optional(),
+	scStreamUpServerSecs: intOrRange.optional(),
+	xmux: xmux.optional(),
+	downloadSettings: downloadSettings.optional()
+}).passthrough().optional();
+const xhttpSettings = z.object({
+	host: z.string().default("").optional(),
+	path: z.string().default("/").optional(),
+	mode: z.enum([
+		"auto",
+		"packet-up",
+		"stream-up",
+		"stream-one"
+	]).default("auto").optional(),
+	extra
+});
+const xhttpStream = transportBase.extend({
+	network: z.literal("xhttp"),
+	xhttpSettings: xhttpSettings.optional()
+});
+const splithttpStream = transportBase.extend({
+	network: z.literal("splithttp"),
+	xhttpSettings: xhttpSettings.optional()
+});
+//#endregion
+//#region src/transport/transport.ts
+const noSecurity = z.object({ security: z.literal("none").optional() });
+const mergeStreamWithOtherFields = (schema) => {
+	return [
+		z.object({
+			...schema.shape,
+			...reality.shape
+		}),
+		z.object({
+			...schema.shape,
+			...tls.shape
+		}),
+		z.object({
+			...schema.shape,
+			...noSecurity.shape
+		})
+	];
+};
+const streamSettings = z.union([
+	...mergeStreamWithOtherFields(tcpStream),
+	...mergeStreamWithOtherFields(rawStream),
+	...mergeStreamWithOtherFields(mkcpStream),
+	...mergeStreamWithOtherFields(websocketStream),
+	...mergeStreamWithOtherFields(grpcStream),
+	...mergeStreamWithOtherFields(hysteriaStream),
+	...mergeStreamWithOtherFields(httpUpgradeStream),
+	...mergeStreamWithOtherFields(xhttpStream),
+	...mergeStreamWithOtherFields(splithttpStream)
+]);
+//#endregion
+//#region src/inbounds/baseInbound/baseInbound.ts
+const portLikeSchema = z.union([
+	z.number().int().min(1).max(65535),
+	z.string().regex(/^\d+(?:-\d+)?(?:,\d+(?:-\d+)?)*$/),
+	z.string().regex(/^env:[A-Za-z_][A-Za-z0-9_]*$/)
+]);
+const generalInboundSchema = z.object({
+	tag: z.string().optional(),
+	listen: z.string().optional(),
+	port: portLikeSchema.optional(),
+	streamSettings: streamSettings.optional(),
+	sniffing: sniffingSchema.optional()
+});
+//#endregion
+//#region src/inbounds/protocols/http/http.ts
+const httpUserSchema = z.object({
+	user: z.string().min(1),
+	pass: z.string().min(1)
+});
+const httpSettingsSchema = z.object({
+	users: z.array(httpUserSchema).default([]).optional(),
+	allowTransparent: z.boolean().default(false).optional(),
+	userLevel: z.number().default(0).optional()
+});
+const httpInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("http"),
+	settings: httpSettingsSchema.optional()
+});
+//#endregion
+//#region src/inbounds/protocols/dokodemo-door/dokodemo-door.ts
+const tunnelSettingsSchema = z.object({
+	allowedNetwork: z.enum([
+		"tcp",
+		"udp",
+		"tcp,udp"
+	]).default("tcp").optional(),
+	rewriteAddress: z.string().default("localhost").optional(),
+	rewritePort: z.number().int().min(0).max(65535).optional(),
+	portMap: z.record(z.string(), z.string()).optional(),
+	followRedirect: z.boolean().default(false).optional(),
+	userLevel: z.number().default(0).optional()
+});
+const dokodemoDoorInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("dokodemo-door").or(z.literal("tunnel")),
+	settings: tunnelSettingsSchema
+});
+//#endregion
+//#region src/inbounds/protocols/socks/socks.ts
+const socksSettingsBaseSchema = z.object({
+	udp: z.boolean().default(false).optional(),
+	ip: z.string().optional(),
+	userLevel: z.number().default(0).optional()
+});
+const socksAccount = z.object({
+	user: z.string().min(1),
+	pass: z.string().min(1)
+});
+const socksSettingsSchema = z.discriminatedUnion("auth", [socksSettingsBaseSchema.extend({ auth: z.literal("noauth").optional() }).loose(), socksSettingsBaseSchema.extend({
+	auth: z.literal("password"),
+	users: z.array(socksAccount).default([]).optional()
+}).loose()]);
+const socksInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("socks").or(z.literal("mixed")),
+	settings: socksSettingsSchema.optional()
+});
+//#endregion
+//#region src/inbounds/protocols/shadowsocks/shadowsocks.ts
+const ss22Methods = z.enum([
+	"2022-blake3-aes-128-gcm",
+	"2022-blake3-aes-256-gcm",
+	"2022-blake3-chacha20-poly1305"
+]);
+const ss22UserSchema = z.object({
+	password: z.string().optional(),
+	level: z.number().default(0).optional(),
+	email: z.string().min(1)
+});
+const ssMethods = z.enum([
+	"aes-256-gcm",
+	"aes-128-gcm",
+	"chacha20-poly1305",
+	"chacha20-ietf-poly1305",
+	"xchacha20-poly1305",
+	"xchacha20-ietf-poly1305",
+	"none",
+	""
+]);
+const ssUserSchema = z.object({
+	password: z.string().optional(),
+	level: z.number().default(0).optional(),
+	email: z.string().min(1),
+	method: ssMethods.optional()
+});
+const ssSettingsBaseSchema = z.object({
+	network: z.enum([
+		"tcp",
+		"udp",
+		"tcp,udp"
+	]).default("tcp").optional(),
+	level: z.number().int().default(0).optional(),
+	password: z.string().min(1).optional(),
+	email: z.string().optional()
+});
+const shadowsocksSettingsSchema = z.discriminatedUnion("method", [ssSettingsBaseSchema.extend({
+	method: ss22Methods,
+	password: z.string().min(1),
+	users: z.array(ss22UserSchema).optional()
+}), ssSettingsBaseSchema.extend({
+	method: ssMethods,
+	users: z.array(ssUserSchema).optional()
+})]);
+const shadowsocksInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("shadowsocks"),
+	settings: shadowsocksSettingsSchema
+});
+//#endregion
+//#region src/inbounds/protocols/vless/vless.ts
+const vlessClient = z.object({
+	id: z.string().min(1),
+	level: z.number().default(0).optional(),
+	email: z.string().optional(),
+	flow: z.enum(["", "xtls-rprx-vision"]).default("").optional(),
+	reverse: z.object({ tag: z.string().min(1).optional() }).default({}).optional()
+});
+const vlessFallbackSchema = z.object({
+	name: z.string().default("").optional(),
+	alpn: z.string().default("").optional(),
+	path: z.string().default("").optional(),
+	dest: z.string().or(z.number()).optional(),
+	xver: z.number().default(0).optional()
+});
+const baseVlessSettings = z.object({
+	decryption: z.literal("none").or(z.string()),
+	fallbacks: z.array(vlessFallbackSchema).optional()
+});
+const vlessInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("vless"),
+	settings: baseVlessSettings.extend({ users: z.array(vlessClient.loose()).default([]).optional() }).or(baseVlessSettings.extend({ clients: z.array(vlessClient.loose()).default([]).optional() }))
+});
+//#endregion
+//#region src/inbounds/protocols/vmess/vmess.ts
+const vmessClients = z.object({
+	id: z.string().min(1),
+	level: z.number().optional(),
+	email: z.string().optional()
+});
+const baseVmessSettings = z.object({ default: z.object({ level: z.number() }).optional() });
+const vmessInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("vmess"),
+	settings: baseVmessSettings.extend({ clients: z.array(vmessClients).default([]).optional() }).or(baseVmessSettings.extend({ users: z.array(vmessClients).default([]).optional() }))
+});
+//#endregion
+//#region src/inbounds/protocols/wireguard/wireguard.ts
+const wireguardPeerSchema = z.object({
+	publicKey: z.string().min(1),
+	allowedIPs: z.array(z.string().min(1))
+});
+const wireguardInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("wireguard"),
+	settings: z.object({
+		secretKey: z.string(),
+		peers: z.array(wireguardPeerSchema).default([]).optional(),
+		mtu: z.number().default(1420).optional()
+	})
+});
+//#endregion
+//#region src/inbounds/protocols/trojan/trojan.ts
+const trojanUser = z.object({
+	email: z.string().min(1),
+	password: z.string().min(1),
+	level: z.number().int().default(0).optional()
+});
+const trojanFallback = z.object({
+	name: z.string().default("").optional(),
+	alpn: z.string().default("").optional(),
+	path: z.string().default("").optional(),
+	dest: z.string().or(z.number()).optional(),
+	xver: z.number().default(0).optional()
+});
+const trojanInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("trojan"),
+	settings: z.object({
+		users: z.array(trojanUser).default([]).optional(),
+		fallbacks: z.array(trojanFallback).optional()
+	})
+});
+//#endregion
+//#region src/inbounds/protocols/tun/tun.ts
+const tunInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("tun"),
+	settings: z.object({
+		name: z.string().default("xray0").optional(),
+		mtu: z.number().int().default(1500).optional(),
+		userLevel: z.number().int().default(0).optional(),
+		gateway: z.array(z.string()),
+		dns: z.array(z.string()).default(["1.1.1.1", "8.8.8.8"]),
+		autoSystemRoutingTable: z.array(z.string()).optional(),
+		autoOutboundsInterface: z.string().or(z.literal("auto")).nullable().default(null).optional()
+	})
+});
+//#endregion
+//#region src/inbounds/protocols/hysteria/hysteria.ts
+const hysteriaUser = z.object({
+	auth: z.string().min(1),
+	email: z.string().min(1),
+	level: z.number().int().default(0).optional()
+});
+const hysteriaInboundSchema = generalInboundSchema.extend({
+	protocol: z.literal("hysteria"),
+	settings: z.object({
+		version: z.literal(2),
+		users: z.array(hysteriaUser).default([]).optional()
+	})
+});
+//#endregion
+//#region src/inbounds/inbounds.ts
+const inbound = z.discriminatedUnion("protocol", [
+	dokodemoDoorInboundSchema,
+	httpInboundSchema,
+	socksInboundSchema,
+	shadowsocksInboundSchema,
+	vlessInboundSchema,
+	vmessInboundSchema,
+	wireguardInboundSchema,
+	trojanInboundSchema,
+	tunInboundSchema,
+	hysteriaInboundSchema
+]);
+//#endregion
+//#region src/stats/stats.ts
+const stats = z.looseObject({});
+//#endregion
+//#region src/metrics/metrics.ts
+const metrics = z.object({
+	tag: z.string(),
+	listen: z.string().optional()
+}).or(z.object({
+	tag: z.string().optional(),
+	listen: z.string()
+}));
+//#endregion
+//#region src/observatory/observatory.ts
+const observatory = z.object({
+	subjectSelector: z.array(z.string()),
+	probeUrl: z.string().default("https://www.google.com/generate_204"),
+	probeInterval: z.string(),
+	enableConcurrency: z.boolean().default(false).optional()
+});
+//#endregion
+//#region src/burstObservatory/burstObservatory.ts
+const durationSchema = z.templateLiteral([z.number().int().nonnegative().min(1), z.literal([
+	"ns",
+	"us",
+	"ms",
+	"s",
+	"m",
+	"h"
+])]);
+const burstObservatoryPingConfig = z.object({
+	destination: z.string().default("https://connectivitycheck.gstatic.com/generate_204").optional(),
+	connectivity: z.string().default("").optional(),
+	interval: durationSchema.default("1m").optional(),
+	sampling: z.number().int().nonnegative().default(10).optional(),
+	timeout: durationSchema.default("5s").optional(),
+	httpMethod: z.enum([
+		"GET",
+		"POST",
+		"HEAD",
+		"DELETE",
+		"PATCH",
+		"PUT"
+	]).default("HEAD").optional()
+});
+const burstObservatory = z.object({
+	subjectSelector: z.array(z.string()),
+	pingConfig: burstObservatoryPingConfig.optional()
+});
+//#endregion
+//#region src/reverse/reverse.ts
+const bridgeObject = z.object({
+	tag: z.string().optional(),
+	domain: z.string().optional()
+});
+const portalObject = z.object({
+	tag: z.string().optional(),
+	domain: z.string().optional()
+});
+const reverse = z.object({
+	bridges: z.array(bridgeObject).optional(),
+	portals: z.array(portalObject).min(1)
+}).or(z.object({
+	bridges: z.array(bridgeObject).min(1),
+	portals: z.array(portalObject).optional()
+}));
+//#endregion
+//#region src/outbounds/baseOutbound/baseOutbound.ts
+const outboundSchemaBase = z.object({
+	sendThrough: z.string().or(z.enum(["origin", "srcip"])).optional(),
+	tag: z.string().optional(),
+	streamSettings: streamSettings.optional(),
+	targetStrategy: z.enum([
+		"AsIs",
+		"UseIP",
+		"UseIPv6v4",
+		"UseIPv6",
+		"UseIPv4v6",
+		"UseIPv4",
+		"ForceIP",
+		"ForceIPv6v4",
+		"ForceIPv6",
+		"ForceIPv4v6",
+		"ForceIPv4"
+	]).default("AsIs").optional(),
+	proxySettings: z.object({
+		tag: z.string().min(1),
+		transportLayer: z.boolean().default(false).optional()
+	}).optional(),
+	mux: z.object({
+		enabled: z.boolean().default(false).optional(),
+		concurrency: z.int().optional(),
+		xudpConcurrency: z.int().optional(),
+		xudpProxyUDP443: z.enum([
+			"reject",
+			"allow",
+			"skip"
+		]).default("reject").optional()
+	}).optional()
+});
+//#endregion
+//#region src/outbounds/blackhole/blackhole.ts
+const blackhole = outboundSchemaBase.extend({
+	protocol: z.literal("blackhole").or(z.literal("block")),
+	settings: z.object({ response: z.object({ type: z.enum(["none", "http"]).default("none").optional() }).optional() }).optional()
+});
+//#endregion
+//#region src/outbounds/freedom/freedom.ts
+const fragment = z.object({
+	length: z.int().or(z.string()),
+	interval: z.int().or(z.string()),
+	packets: z.literal("tlshello").or(z.string())
+});
+const noise = z.object({
+	type: z.enum([
+		"rand",
+		"str",
+		"base64"
+	]),
+	packet: z.string(),
+	delay: z.int().or(z.string()).optional()
+});
+const finalRule = z.object({
+	action: z.enum(["allow", "block"]),
+	network: z.enum([
+		"tcp",
+		"udp",
+		"tcp,udp"
+	]),
+	port: portLikeSchema,
+	ip: z.array(z.string()).optional(),
+	blockDelay: z.string().optional()
+});
+const freedom = outboundSchemaBase.extend({
+	protocol: z.literal("freedom").or(z.literal("direct")),
+	settings: z.object({
+		domainStrategy: z.enum([
+			"AsIs",
+			"UseIP",
+			"UseIPv6v4",
+			"UseIPv6",
+			"UseIPv4v6",
+			"UseIPv4",
+			"ForceIP",
+			"ForceIPv6v4",
+			"ForceIPv6",
+			"ForceIPv4v6",
+			"ForceIPv4"
+		]).default("AsIs").optional(),
+		redirect: z.string().optional(),
+		userLevel: z.int().default(0).optional(),
+		fragment: fragment.optional(),
+		noises: z.array(noise).optional(),
+		proxyProtocol: z.literal(0).or(z.literal(1)).or(z.literal(2)).default(0).optional(),
+		finalRules: z.array(finalRule).default([]).optional()
+	}).optional()
+});
+//#endregion
+//#region src/outbounds/dns/dns.ts
+const dnsRule = z.object({
+	action: z.enum([
+		"direct",
+		"hijack",
+		"drop",
+		"return"
+	]),
+	qtype: z.number().or(z.string()).optional(),
+	rCode: z.number().optional(),
+	domain: z.array(z.string())
+});
+const dns = outboundSchemaBase.extend({
+	protocol: z.literal("dns"),
+	settings: z.object({
+		rewriteNetwork: z.enum(["tcp", "udp"]).optional(),
+		rewriteAddress: z.string().optional(),
+		rewritePort: z.string().optional(),
+		userLevel: z.int().default(0).optional(),
+		rules: z.array(dnsRule).default([]).optional()
+	})
+});
+//#endregion
+//#region src/outbounds/hysteria/hysteria.ts
+const hysteria = outboundSchemaBase.extend({
+	protocol: z.literal("hysteria"),
+	settings: z.object({
+		version: z.literal(2),
+		address: z.string(),
+		port: portLikeSchema
+	})
+});
+//#endregion
+//#region src/outbounds/loopback/loopback.ts
+const loopback = outboundSchemaBase.extend({
+	protocol: z.literal("loopback"),
+	settings: z.object({ inboundTag: z.string() })
+});
+//#endregion
+//#region src/outbounds/shadowsocks/shadowsocks.ts
+const shadowsocksServerSettings = z.object({
+	address: z.string(),
+	port: portLikeSchema,
+	email: z.string().optional(),
+	password: z.string().default(""),
+	method: z.union([ss22Methods, ssMethods]),
+	uot: z.boolean().default(true).optional(),
+	UoTVersion: z.literal(1).or(z.literal(2)).default(2).optional(),
+	level: z.int().default(0).optional()
+});
+const shadowsocks = outboundSchemaBase.extend({
+	protocol: z.literal("shadowsocks"),
+	settings: shadowsocksServerSettings.or(z.object({ servers: z.array(shadowsocksServerSettings) }))
+});
+//#endregion
+//#region src/outbounds/socks/socks.ts
+const socksServerSettings = z.object({
+	address: z.string(),
+	port: portLikeSchema,
+	user: z.string().optional(),
+	pass: z.string().optional(),
+	level: z.int().default(0).optional(),
+	email: z.string().optional()
+});
+const socks = outboundSchemaBase.extend({
+	protocol: z.literal("socks"),
+	settings: socksServerSettings.or(z.object({ servers: z.array(socksServerSettings) })).optional()
+});
+//#endregion
+//#region src/outbounds/trojan/trojan.ts
+const trojanServerSettings = z.object({
+	address: z.string(),
+	port: portLikeSchema.optional(),
+	email: z.string().optional(),
+	password: z.string(),
+	level: z.int().default(0).optional()
+});
+const trojan = outboundSchemaBase.extend({
+	protocol: z.literal("trojan"),
+	settings: trojanServerSettings.or(z.object({ servers: z.array(trojanServerSettings) }))
+});
+//#endregion
+//#region src/outbounds/vless/vless.ts
+const vless = outboundSchemaBase.extend({
+	protocol: z.literal("vless"),
+	settings: z.object({
+		address: z.string(),
+		port: portLikeSchema,
+		id: z.string(),
+		encryption: z.string().default("none"),
+		flow: z.enum([
+			"",
+			"xtls-rprx-vision",
+			"xtls-rprx-vision-udp443"
+		]).optional(),
+		level: z.int().default(0).optional(),
+		reverse: z.object({
+			tag: z.string(),
+			sniffing: sniffingSchema.optional()
+		}).optional()
+	})
+});
+//#endregion
+//#region src/outbounds/vmess/vmess.ts
+const vmess = outboundSchemaBase.extend({
+	protocol: z.literal("vmess"),
+	settings: z.object({
+		address: z.string(),
+		port: portLikeSchema,
+		id: z.string(),
+		security: z.enum([
+			"aes-128-gcm",
+			"chacha20-poly1305",
+			"auto",
+			"none",
+			"zero"
+		]).optional(),
+		level: z.int().default(0).optional(),
+		experiments: z.enum([
+			"AuthenticatedLength",
+			"NoTerminationSignal",
+			"AuthenticatedLength|NoTerminationSignal"
+		]).optional()
+	})
+});
+//#endregion
+//#region src/outbounds/wireguard/wireguard.ts
+const peer = z.object({
+	endpoint: z.string(),
+	publicKey: z.string(),
+	preSharedKey: z.string().optional(),
+	keepAlive: z.int().default(0).optional(),
+	allowedIPs: z.array(z.string()).default(["0.0.0.0/0", "::/0"]).optional()
+});
+const wireguard = outboundSchemaBase.extend({
+	protocol: z.literal("wireguard"),
+	settings: z.object({
+		secretKey: z.string(),
+		address: z.array(z.string()).min(1),
+		peers: z.array(peer).min(1),
+		noKernelTun: z.boolean().default(false).optional(),
+		mtu: z.int().default(1420),
+		reserved: z.array(z.int()).default([]).optional(),
+		workers: z.int().optional(),
+		domainStrategy: z.enum([
+			"ForceIPv6v4",
+			"ForceIPv6",
+			"ForceIPv4v6",
+			"ForceIPv4",
+			"ForceIP"
+		]).default("ForceIP").optional()
+	})
+});
+//#endregion
+//#region src/outbounds/outbounds.ts
+const outbound = z.discriminatedUnion("protocol", [
+	blackhole,
+	freedom,
+	dns,
+	hysteria,
+	loopback,
+	shadowsocks,
+	socks,
+	trojan,
+	vless,
+	vmess,
+	wireguard
+]);
+//#endregion
+//#region src/fakedns/fakedns.ts
+const fakednsObject = z.object({
+	ipPool: z.string(),
+	poolSize: z.int().default(65535).optional()
+});
+const fakedns = fakednsObject.or(z.array(fakednsObject));
+//#endregion
+//#region src/schema.ts
+const xraySchema = z.object({
+	version: versionSchema.optional(),
+	log: logSchema.optional(),
+	api: apiSchema.optional(),
+	dns: dnsSchema.optional(),
+	routing: routingSchema.optional(),
+	fakedns: fakedns.optional(),
+	policy: policySchema.optional(),
+	stats: stats.optional(),
+	metrics: metrics.optional(),
+	observatory: observatory.optional(),
+	burstObservatory: burstObservatory.optional(),
+	reverse: reverse.optional(),
+	inbounds: z.array(inbound).optional(),
+	outbounds: z.array(outbound).optional()
+}).loose();
+//#endregion
+export { xraySchema };