@push.rocks/smartproxy 21.1.7 → 22.6.0

package/dist_ts/proxies/smart-proxy/security-manager.d.ts

@@ -1,6 +1,7 @@
 import type { SmartProxy } from './smart-proxy.js';
 /**
  * Handles security aspects like IP tracking, rate limiting, and authorization
+ * for SmartProxy. This is a lightweight wrapper that uses shared utilities.
  */
 export declare class SecurityManager {
     private smartProxy;
@@ -9,7 +10,7 @@ export declare class SecurityManager {
     private cleanupInterval;
     constructor(smartProxy: SmartProxy);
     /**
-     * Get connections count by IP
+     * Get connections count by IP (checks normalized variants)
      */
     getConnectionCountByIP(ip: string): number;
     /**
@@ -38,17 +39,6 @@ export declare class SecurityManager {
      * @returns true if IP is authorized, false if blocked
      */
     isIPAuthorized(ip: string, allowedIPs: string[], blockedIPs?: string[]): boolean;
-    /**
-     * Check if the IP matches any of the glob patterns from security configuration
-     *
-     * This method checks IP addresses against glob patterns and handles IPv4/IPv6 normalization.
-     * It's used to implement IP filtering based on the route.security configuration.
-     *
-     * @param ip - The IP address to check
-     * @param patterns - Array of glob patterns from security.ipAllowList or ipBlockList
-     * @returns true if IP matches any pattern, false otherwise
-     */
-    private isGlobIPMatch;
     /**
      * Check if IP should be allowed considering connection rate and max connections
      * @returns Object with result and reason
@@ -57,6 +47,18 @@ export declare class SecurityManager {
         allowed: boolean;
         reason?: string;
     };
+    /**
+     * Atomically validate an IP and track the connection if allowed.
+     * This prevents race conditions where concurrent connections could bypass per-IP limits.
+     *
+     * @param ip - The IP address to validate
+     * @param connectionId - The connection ID to track if validation passes
+     * @returns Object with validation result and reason
+     */
+    validateAndTrackIP(ip: string, connectionId: string): {
+        allowed: boolean;
+        reason?: string;
+    };
     /**
      * Clears all IP tracking data (for shutdown)
      */

package/dist_ts/proxies/smart-proxy/security-manager.js

@@ -1,8 +1,9 @@
 import * as plugins from '../../plugins.js';
-import { logger } from '../../core/utils/logger.js';
 import { connectionLogDeduplicator } from '../../core/utils/log-deduplicator.js';
+import { isIPAuthorized, normalizeIP } from '../../core/utils/security-utils.js';
 /**
  * Handles security aspects like IP tracking, rate limiting, and authorization
+ * for SmartProxy. This is a lightweight wrapper that uses shared utilities.
  */
 export class SecurityManager {
     constructor(smartProxy) {
@@ -14,10 +15,18 @@ export class SecurityManager {
         this.startPeriodicCleanup();
     }
     /**
-     * Get connections count by IP
+     * Get connections count by IP (checks normalized variants)
      */
     getConnectionCountByIP(ip) {
-        return this.connectionsByIP.get(ip)?.size || 0;
+        // Check all normalized variants of the IP
+        const variants = normalizeIP(ip);
+        for (const variant of variants) {
+            const connections = this.connectionsByIP.get(variant);
+            if (connections) {
+                return connections.size;
+            }
+        }
+        return 0;
     }
     /**
      * Check and update connection rate for an IP
@@ -26,14 +35,24 @@ export class SecurityManager {
     checkConnectionRate(ip) {
         const now = Date.now();
         const minute = 60 * 1000;
-        if (!this.connectionRateByIP.has(ip)) {
-            this.connectionRateByIP.set(ip, [now]);
+        // Find existing rate tracking (check normalized variants)
+        const variants = normalizeIP(ip);
+        let existingKey = null;
+        for (const variant of variants) {
+            if (this.connectionRateByIP.has(variant)) {
+                existingKey = variant;
+                break;
+            }
+        }
+        const key = existingKey || ip;
+        if (!this.connectionRateByIP.has(key)) {
+            this.connectionRateByIP.set(key, [now]);
             return true;
         }
         // Get timestamps and filter out entries older than 1 minute
-        const timestamps = this.connectionRateByIP.get(ip).filter((time) => now - time < minute);
+        const timestamps = this.connectionRateByIP.get(key).filter((time) => now - time < minute);
         timestamps.push(now);
-        this.connectionRateByIP.set(ip, timestamps);
+        this.connectionRateByIP.set(key, timestamps);
         // Check if rate exceeds limit
         return timestamps.length <= this.smartProxy.settings.connectionRateLimitPerMinute;
     }
@@ -41,20 +60,35 @@ export class SecurityManager {
      * Track connection by IP
      */
     trackConnectionByIP(ip, connectionId) {
-        if (!this.connectionsByIP.has(ip)) {
-            this.connectionsByIP.set(ip, new Set());
+        // Check if any variant already exists
+        const variants = normalizeIP(ip);
+        let existingKey = null;
+        for (const variant of variants) {
+            if (this.connectionsByIP.has(variant)) {
+                existingKey = variant;
+                break;
+            }
+        }
+        const key = existingKey || ip;
+        if (!this.connectionsByIP.has(key)) {
+            this.connectionsByIP.set(key, new Set());
         }
-        this.connectionsByIP.get(ip).add(connectionId);
+        this.connectionsByIP.get(key).add(connectionId);
     }
     /**
      * Remove connection tracking for an IP
      */
     removeConnectionByIP(ip, connectionId) {
-        if (this.connectionsByIP.has(ip)) {
-            const connections = this.connectionsByIP.get(ip);
-            connections.delete(connectionId);
-            if (connections.size === 0) {
-                this.connectionsByIP.delete(ip);
+        // Check all variants to find where the connection is tracked
+        const variants = normalizeIP(ip);
+        for (const variant of variants) {
+            if (this.connectionsByIP.has(variant)) {
+                const connections = this.connectionsByIP.get(variant);
+                connections.delete(connectionId);
+                if (connections.size === 0) {
+                    this.connectionsByIP.delete(variant);
+                }
+                break;
             }
         }
     }
@@ -71,64 +105,7 @@ export class SecurityManager {
      * @returns true if IP is authorized, false if blocked
      */
     isIPAuthorized(ip, allowedIPs, blockedIPs = []) {
-        // Skip IP validation if allowedIPs is empty
-        if (!ip || (allowedIPs.length === 0 && blockedIPs.length === 0)) {
-            return true;
-        }
-        // First check if IP is blocked - blocked IPs take precedence
-        if (blockedIPs.length > 0 && this.isGlobIPMatch(ip, blockedIPs)) {
-            return false;
-        }
-        // Then check if IP is allowed
-        return this.isGlobIPMatch(ip, allowedIPs);
-    }
-    /**
-     * Check if the IP matches any of the glob patterns from security configuration
-     *
-     * This method checks IP addresses against glob patterns and handles IPv4/IPv6 normalization.
-     * It's used to implement IP filtering based on the route.security configuration.
-     *
-     * @param ip - The IP address to check
-     * @param patterns - Array of glob patterns from security.ipAllowList or ipBlockList
-     * @returns true if IP matches any pattern, false otherwise
-     */
-    isGlobIPMatch(ip, patterns) {
-        if (!ip || !patterns || patterns.length === 0)
-            return false;
-        // Handle IPv4/IPv6 normalization for proper matching
-        const normalizeIP = (ip) => {
-            if (!ip)
-                return [];
-            // Handle IPv4-mapped IPv6 addresses (::ffff:127.0.0.1)
-            if (ip.startsWith('::ffff:')) {
-                const ipv4 = ip.slice(7);
-                return [ip, ipv4];
-            }
-            // Handle IPv4 addresses by also checking IPv4-mapped form
-            if (/^\d{1,3}(\.\d{1,3}){3}$/.test(ip)) {
-                return [ip, `::ffff:${ip}`];
-            }
-            return [ip];
-        };
-        // Normalize the IP being checked
-        const normalizedIPVariants = normalizeIP(ip);
-        if (normalizedIPVariants.length === 0)
-            return false;
-        // Expand shorthand patterns and normalize IPs for consistent comparison
-        const expandShorthand = (pattern) => {
-            // Expand shorthand IP patterns like '192.168.*' to '192.168.*.*'
-            if (pattern.includes('*') && !pattern.includes(':')) {
-                const parts = pattern.split('.');
-                while (parts.length < 4) {
-                    parts.push('*');
-                }
-                return parts.join('.');
-            }
-            return pattern;
-        };
-        const expandedPatterns = patterns.map(expandShorthand).flatMap(normalizeIP);
-        // Check for any match between normalized IP variants and patterns
-        return normalizedIPVariants.some((ipVariant) => expandedPatterns.some((pattern) => plugins.minimatch(ipVariant, pattern)));
+        return isIPAuthorized(ip, allowedIPs, blockedIPs);
     }
     /**
      * Check if IP should be allowed considering connection rate and max connections
@@ -153,6 +130,35 @@ export class SecurityManager {
         }
         return { allowed: true };
     }
+    /**
+     * Atomically validate an IP and track the connection if allowed.
+     * This prevents race conditions where concurrent connections could bypass per-IP limits.
+     *
+     * @param ip - The IP address to validate
+     * @param connectionId - The connection ID to track if validation passes
+     * @returns Object with validation result and reason
+     */
+    validateAndTrackIP(ip, connectionId) {
+        // Check connection count limit BEFORE tracking
+        if (this.smartProxy.settings.maxConnectionsPerIP &&
+            this.getConnectionCountByIP(ip) >= this.smartProxy.settings.maxConnectionsPerIP) {
+            return {
+                allowed: false,
+                reason: `Maximum connections per IP (${this.smartProxy.settings.maxConnectionsPerIP}) exceeded`
+            };
+        }
+        // Check connection rate limit
+        if (this.smartProxy.settings.connectionRateLimitPerMinute &&
+            !this.checkConnectionRate(ip)) {
+            return {
+                allowed: false,
+                reason: `Connection rate limit (${this.smartProxy.settings.connectionRateLimitPerMinute}/min) exceeded`
+            };
+        }
+        // Validation passed - immediately track to prevent race conditions
+        this.trackConnectionByIP(ip, connectionId);
+        return { allowed: true };
+    }
     /**
      * Clears all IP tracking data (for shutdown)
      */
@@ -218,4 +224,4 @@ export class SecurityManager {
         }
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Byb3hpZXMvc21hcnQtcHJveHkvc2VjdXJpdHktbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBRTVDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUNwRCxPQUFPLEVBQUUseUJBQXlCLEVBQUUsTUFBTSxzQ0FBc0MsQ0FBQztBQUVqRjs7R0FFRztBQUNILE1BQU0sT0FBTyxlQUFlO0lBSzFCLFlBQW9CLFVBQXNCO1FBQXRCLGVBQVUsR0FBVixVQUFVLENBQVk7UUFKbEMsb0JBQWUsR0FBNkIsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUN0RCx1QkFBa0IsR0FBMEIsSUFBSSxHQUFHLEVBQUUsQ0FBQztRQUN0RCxvQkFBZSxHQUEwQixJQUFJLENBQUM7UUFHcEQsMENBQTBDO1FBQzFDLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO0lBQzlCLENBQUM7SUFFRDs7T0FFRztJQUNJLHNCQUFzQixDQUFDLEVBQVU7UUFDdEMsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxJQUFJLElBQUksQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFRDs7O09BR0c7SUFDSSxtQkFBbUIsQ0FBQyxFQUFVO1FBQ25DLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUN2QixNQUFNLE1BQU0sR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBRXpCLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDckMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1lBQ3ZDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELDREQUE0RDtRQUM1RCxNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsR0FBRyxHQUFHLElBQUksR0FBRyxNQUFNLENBQUMsQ0FBQztRQUMxRixVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3JCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBRTVDLDhCQUE4QjtRQUM5QixPQUFPLFVBQVUsQ0FBQyxNQUFNLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTZCLENBQUM7SUFDckYsQ0FBQztJQUVEOztPQUVHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3pELElBQUksQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2xDLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDMUMsQ0FBQztRQUNELElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxvQkFBb0IsQ0FBQyxFQUFVLEVBQUUsWUFBb0I7UUFDMUQsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBRSxDQUFDO1lBQ2xELFdBQVcsQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDakMsSUFBSSxXQUFXLENBQUMsSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDO2dCQUMzQixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNsQyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7Ozs7Ozs7Ozs7T0FXRztJQUNJLGNBQWMsQ0FBQyxFQUFVLEVBQUUsVUFBb0IsRUFBRSxhQUF1QixFQUFFO1FBQy9FLDRDQUE0QztRQUM1QyxJQUFJLENBQUMsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO1lBQ2hFLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELDZEQUE2RDtRQUM3RCxJQUFJLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxFQUFFLENBQUM7WUFDaEUsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxFQUFFLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFDNUMsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNLLGFBQWEsQ0FBQyxFQUFVLEVBQUUsUUFBa0I7UUFDbEQsSUFBSSxDQUFDLEVBQUUsSUFBSSxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUU1RCxxREFBcUQ7UUFDckQsTUFBTSxXQUFXLEdBQUcsQ0FBQyxFQUFVLEVBQVksRUFBRTtZQUMzQyxJQUFJLENBQUMsRUFBRTtnQkFBRSxPQUFPLEVBQUUsQ0FBQztZQUNuQix1REFBdUQ7WUFDdkQsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3pCLE9BQU8sQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDcEIsQ0FBQztZQUNELDBEQUEwRDtZQUMxRCxJQUFJLHlCQUF5QixDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDO2dCQUN2QyxPQUFPLENBQUMsRUFBRSxFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUM5QixDQUFDO1lBQ0QsT0FBTyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2QsQ0FBQyxDQUFDO1FBRUYsaUNBQWlDO1FBQ2pDLE1BQU0sb0JBQW9CLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLElBQUksb0JBQW9CLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPLEtBQUssQ0FBQztRQUVwRCx3RUFBd0U7UUFDeEUsTUFBTSxlQUFlLEdBQUcsQ0FBQyxPQUFlLEVBQVUsRUFBRTtZQUNsRCxpRUFBaUU7WUFDakUsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUNwRCxNQUFNLEtBQUssR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUNqQyxPQUFPLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7b0JBQ3hCLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQ2xCLENBQUM7Z0JBQ0QsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ3pCLENBQUM7WUFDRCxPQUFPLE9BQU8sQ0FBQztRQUNqQixDQUFDLENBQUM7UUFFRixNQUFNLGdCQUFnQixHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUMsZUFBZSxDQUFDLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBRTVFLGtFQUFrRTtRQUNsRSxPQUFPLG9CQUFvQixDQUFDLElBQUksQ0FBQyxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQzdDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUMsQ0FDMUUsQ0FBQztJQUNKLENBQUM7SUFFRDs7O09BR0c7SUFDSSxVQUFVLENBQUMsRUFBVTtRQUMxQiwrQkFBK0I7UUFDL0IsSUFDRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUI7WUFDNUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixFQUMvRSxDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsK0JBQStCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixZQUFZO2FBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLElBQ0UsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTRCO1lBQ3JELENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQyxFQUM3QixDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsMEJBQTBCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLDRCQUE0QixnQkFBZ0I7YUFDeEcsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRDs7T0FFRztJQUNJLGVBQWU7UUFDcEIsSUFBSSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQztZQUNwQyxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksQ0FBQztRQUM5QixDQUFDO1FBQ0QsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUM3QixJQUFJLENBQUMsa0JBQWtCLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDbEMsQ0FBQztJQUVEOztPQUVHO0lBQ0ssb0JBQW9CO1FBQzFCLElBQUksQ0FBQyxlQUFlLEdBQUcsV0FBVyxDQUFDLEdBQUcsRUFBRTtZQUN0QyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDeEIsQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUMsbUJBQW1CO1FBRTlCLHVEQUF1RDtRQUN2RCxJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDL0IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUMvQixDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ssY0FBYztRQUNwQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QixJQUFJLGlCQUFpQixHQUFHLENBQUMsQ0FBQztRQUMxQixJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7UUFFbkIseUNBQXlDO1FBQ3pDLEtBQUssTUFBTSxDQUFDLEVBQUUsRUFBRSxVQUFVLENBQUMsSUFBSSxJQUFJLENBQUMsa0JBQWtCLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUNqRSxNQUFNLGVBQWUsR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsR0FBRyxHQUFHLElBQUksR0FBRyxNQUFNLENBQUMsQ0FBQztZQUV2RSxJQUFJLGVBQWUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQ2pDLDJDQUEyQztnQkFDM0MsSUFBSSxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDbkMsaUJBQWlCLEVBQUUsQ0FBQztZQUN0QixDQUFDO2lCQUFNLElBQUksZUFBZSxDQUFDLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ3RELGtEQUFrRDtnQkFDbEQsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsZUFBZSxDQUFDLENBQUM7WUFDbkQsQ0FBQztRQUNILENBQUM7UUFFRCwwQ0FBMEM7UUFDMUMsS0FBSyxNQUFNLENBQUMsRUFBRSxFQUFFLFdBQVcsQ0FBQyxJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztZQUMvRCxJQUFJLFdBQVcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzNCLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUNoQyxVQUFVLEVBQUUsQ0FBQztZQUNmLENBQUM7UUFDSCxDQUFDO1FBRUQsNENBQTRDO1FBQzVDLElBQUksaUJBQWlCLEdBQUcsQ0FBQyxJQUFJLFVBQVUsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUM1QyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLHFCQUFxQixFQUFFLENBQUM7Z0JBQ25ELHlCQUF5QixDQUFDLEdBQUcsQ0FDM0IsWUFBWSxFQUNaLE9BQU8sRUFDUCwrQkFBK0IsRUFDL0I7b0JBQ0UsaUJBQWlCO29CQUNqQixVQUFVO29CQUNWLFlBQVksRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUk7b0JBQ3ZDLG1CQUFtQixFQUFFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJO29CQUNqRCxTQUFTLEVBQUUsa0JBQWtCO2lCQUM5QixFQUNELGtCQUFrQixDQUNuQixDQUFDO1lBQ0osQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0NBQ0YifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VjdXJpdHktbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3Byb3hpZXMvc21hcnQtcHJveHkvc2VjdXJpdHktbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGtCQUFrQixDQUFDO0FBRTVDLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLHNDQUFzQyxDQUFDO0FBQ2pGLE9BQU8sRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFFakY7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLGVBQWU7SUFLMUIsWUFBb0IsVUFBc0I7UUFBdEIsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUpsQyxvQkFBZSxHQUE2QixJQUFJLEdBQUcsRUFBRSxDQUFDO1FBQ3RELHVCQUFrQixHQUEwQixJQUFJLEdBQUcsRUFBRSxDQUFDO1FBQ3RELG9CQUFlLEdBQTBCLElBQUksQ0FBQztRQUdwRCwwQ0FBMEM7UUFDMUMsSUFBSSxDQUFDLG9CQUFvQixFQUFFLENBQUM7SUFDOUIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksc0JBQXNCLENBQUMsRUFBVTtRQUN0QywwQ0FBMEM7UUFDMUMsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDdEQsSUFBSSxXQUFXLEVBQUUsQ0FBQztnQkFDaEIsT0FBTyxXQUFXLENBQUMsSUFBSSxDQUFDO1lBQzFCLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxDQUFDLENBQUM7SUFDWCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksbUJBQW1CLENBQUMsRUFBVTtRQUNuQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsTUFBTSxNQUFNLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUV6QiwwREFBMEQ7UUFDMUQsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksV0FBVyxHQUFrQixJQUFJLENBQUM7UUFDdEMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDekMsV0FBVyxHQUFHLE9BQU8sQ0FBQztnQkFDdEIsTUFBTTtZQUNSLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUcsV0FBVyxJQUFJLEVBQUUsQ0FBQztRQUU5QixJQUFJLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3RDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztZQUN4QyxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCw0REFBNEQ7UUFDNUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEdBQUcsR0FBRyxJQUFJLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFDM0YsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNyQixJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRSxVQUFVLENBQUMsQ0FBQztRQUU3Qyw4QkFBOEI7UUFDOUIsT0FBTyxVQUFVLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLDRCQUE2QixDQUFDO0lBQ3JGLENBQUM7SUFFRDs7T0FFRztJQUNJLG1CQUFtQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUN6RCxzQ0FBc0M7UUFDdEMsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ2pDLElBQUksV0FBVyxHQUFrQixJQUFJLENBQUM7UUFFdEMsS0FBSyxNQUFNLE9BQU8sSUFBSSxRQUFRLEVBQUUsQ0FBQztZQUMvQixJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7Z0JBQ3RDLFdBQVcsR0FBRyxPQUFPLENBQUM7Z0JBQ3RCLE1BQU07WUFDUixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sR0FBRyxHQUFHLFdBQVcsSUFBSSxFQUFFLENBQUM7UUFDOUIsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbkMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLElBQUksR0FBRyxFQUFFLENBQUMsQ0FBQztRQUMzQyxDQUFDO1FBQ0QsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFFLENBQUMsR0FBRyxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7T0FFRztJQUNJLG9CQUFvQixDQUFDLEVBQVUsRUFBRSxZQUFvQjtRQUMxRCw2REFBNkQ7UUFDN0QsTUFBTSxRQUFRLEdBQUcsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRWpDLEtBQUssTUFBTSxPQUFPLElBQUksUUFBUSxFQUFFLENBQUM7WUFDL0IsSUFBSSxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUN0QyxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUUsQ0FBQztnQkFDdkQsV0FBVyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDakMsSUFBSSxXQUFXLENBQUMsSUFBSSxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUMzQixJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDdkMsQ0FBQztnQkFDRCxNQUFNO1lBQ1IsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7O09BV0c7SUFDSSxjQUFjLENBQUMsRUFBVSxFQUFFLFVBQW9CLEVBQUUsYUFBdUIsRUFBRTtRQUMvRSxPQUFPLGNBQWMsQ0FBQyxFQUFFLEVBQUUsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7O09BR0c7SUFDSSxVQUFVLENBQUMsRUFBVTtRQUMxQiwrQkFBK0I7UUFDL0IsSUFDRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxtQkFBbUI7WUFDNUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixFQUMvRSxDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsK0JBQStCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQixZQUFZO2FBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLElBQ0UsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTRCO1lBQ3JELENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsQ0FBQyxFQUM3QixDQUFDO1lBQ0QsT0FBTztnQkFDTCxPQUFPLEVBQUUsS0FBSztnQkFDZCxNQUFNLEVBQUUsMEJBQTBCLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLDRCQUE0QixnQkFBZ0I7YUFDeEcsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzNCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0ksa0JBQWtCLENBQUMsRUFBVSxFQUFFLFlBQW9CO1FBQ3hELCtDQUErQztRQUMvQyxJQUNFLElBQUksQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLG1CQUFtQjtZQUM1QyxJQUFJLENBQUMsc0JBQXNCLENBQUMsRUFBRSxDQUFDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLEVBQy9FLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwrQkFBK0IsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsbUJBQW1CLFlBQVk7YUFDaEcsQ0FBQztRQUNKLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsSUFDRSxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyw0QkFBNEI7WUFDckQsQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxDQUFDLEVBQzdCLENBQUM7WUFDRCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLE1BQU0sRUFBRSwwQkFBMEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsNEJBQTRCLGdCQUFnQjthQUN4RyxDQUFDO1FBQ0osQ0FBQztRQUVELG1FQUFtRTtRQUNuRSxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRTNDLE9BQU8sRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFDM0IsQ0FBQztJQUVEOztPQUVHO0lBQ0ksZUFBZTtRQUNwQixJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN6QixhQUFhLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ3BDLElBQUksQ0FBQyxlQUFlLEdBQUcsSUFBSSxDQUFDO1FBQzlCLENBQUM7UUFDRCxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztJQUNsQyxDQUFDO0lBRUQ7O09BRUc7SUFDSyxvQkFBb0I7UUFDMUIsSUFBSSxDQUFDLGVBQWUsR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFO1lBQ3RDLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUN4QixDQUFDLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxtQkFBbUI7UUFFOUIsdURBQXVEO1FBQ3ZELElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUMvQixJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQy9CLENBQUM7SUFDSCxDQUFDO0lBRUQ7O09BRUc7SUFDSyxjQUFjO1FBQ3BCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUN2QixNQUFNLE1BQU0sR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO1FBQ3pCLElBQUksaUJBQWlCLEdBQUcsQ0FBQyxDQUFDO1FBQzFCLElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztRQUVuQix5Q0FBeUM7UUFDekMsS0FBSyxNQUFNLENBQUMsRUFBRSxFQUFFLFVBQVUsQ0FBQyxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQ2pFLE1BQU0sZUFBZSxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsSUFBSSxHQUFHLE1BQU0sQ0FBQyxDQUFDO1lBRXZFLElBQUksZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDakMsMkNBQTJDO2dCQUMzQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO2dCQUNuQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ3RCLENBQUM7aUJBQU0sSUFBSSxlQUFlLENBQUMsTUFBTSxHQUFHLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDdEQsa0RBQWtEO2dCQUNsRCxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxlQUFlLENBQUMsQ0FBQztZQUNuRCxDQUFDO1FBQ0gsQ0FBQztRQUVELDBDQUEwQztRQUMxQyxLQUFLLE1BQU0sQ0FBQyxFQUFFLEVBQUUsV0FBVyxDQUFDLElBQUksSUFBSSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQy9ELElBQUksV0FBVyxDQUFDLElBQUksS0FBSyxDQUFDLEVBQUUsQ0FBQztnQkFDM0IsSUFBSSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUM7Z0JBQ2hDLFVBQVUsRUFBRSxDQUFDO1lBQ2YsQ0FBQztRQUNILENBQUM7UUFFRCw0Q0FBNEM7UUFDNUMsSUFBSSxpQkFBaUIsR0FBRyxDQUFDLElBQUksVUFBVSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzVDLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMscUJBQXFCLEVBQUUsQ0FBQztnQkFDbkQseUJBQXlCLENBQUMsR0FBRyxDQUMzQixZQUFZLEVBQ1osT0FBTyxFQUNQLCtCQUErQixFQUMvQjtvQkFDRSxpQkFBaUI7b0JBQ2pCLFVBQVU7b0JBQ1YsWUFBWSxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUMsSUFBSTtvQkFDdkMsbUJBQW1CLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLElBQUk7b0JBQ2pELFNBQVMsRUFBRSxrQkFBa0I7aUJBQzlCLEVBQ0Qsa0JBQWtCLENBQ25CLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRiJ9

package/dist_ts/proxies/smart-proxy/smart-proxy.d.ts

@@ -1,208 +1,90 @@
 import * as plugins from '../../plugins.js';
-import { ConnectionManager } from './connection-manager.js';
-import { SecurityManager } from './security-manager.js';
-import { TlsManager } from './tls-manager.js';
-import { HttpProxyBridge } from './http-proxy-bridge.js';
-import { TimeoutManager } from './timeout-manager.js';
 import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js';
-import { RouteConnectionHandler } from './route-connection-handler.js';
-import { NFTablesManager } from './nftables-manager.js';
-import { SmartCertManager, type ICertStatus } from './certificate-manager.js';
 import type { ISmartProxyOptions } from './models/interfaces.js';
 import type { IRouteConfig } from './models/route-types.js';
-import { AcmeStateManager } from './acme-state-manager.js';
-import { MetricsCollector } from './metrics-collector.js';
 import type { IMetrics } from './models/metrics-types.js';
 /**
- * SmartProxy - Pure route-based API
+ * SmartProxy - Rust-backed proxy engine with TypeScript configuration API.
  *
- * SmartProxy is a unified proxy system that works with routes to define connection handling behavior.
- * Each route contains matching criteria (ports, domains, etc.) and an action to take (forward, redirect, block).
- *
- * Configuration is provided through a set of routes, with each route defining:
- * - What to match (ports, domains, paths, client IPs)
- * - What to do with matching traffic (forward, redirect, block)
- * - How to handle TLS (passthrough, terminate, terminate-and-reencrypt)
- * - Security settings (IP restrictions, connection limits)
- * - Advanced options (timeout, headers, etc.)
+ * All networking (TCP, TLS, HTTP reverse proxy, connection management, security,
+ * NFTables) is handled by the Rust binary. TypeScript is only:
+ * - The npm module interface (types, route helpers)
+ * - The thin IPC wrapper (this class)
+ * - Socket-handler callback relay (for JS-defined handlers)
+ * - Certificate provisioning callbacks (certProvisionFunction)
  */
 export declare class SmartProxy extends plugins.EventEmitter {
-    private portManager;
-    private connectionLogger;
-    private isShuttingDown;
-    connectionManager: ConnectionManager;
-    securityManager: SecurityManager;
-    tlsManager: TlsManager;
-    httpProxyBridge: HttpProxyBridge;
-    timeoutManager: TimeoutManager;
+    settings: ISmartProxyOptions;
     routeManager: RouteManager;
-    routeConnectionHandler: RouteConnectionHandler;
-    nftablesManager: NFTablesManager;
-    certManager: SmartCertManager | null;
-    private globalChallengeRouteActive;
+    private bridge;
+    private preprocessor;
+    private socketHandlerServer;
+    private metricsAdapter;
     private routeUpdateLock;
-    acmeStateManager: AcmeStateManager;
-    metricsCollector: MetricsCollector;
-    private routeOrchestrator;
-    private portUsageMap;
-    /**
-     * Constructor for SmartProxy
-     *
-     * @param settingsArg Configuration options containing routes and other settings
-     * Routes define how traffic is matched and handled, with each route having:
-     * - match: criteria for matching traffic (ports, domains, paths, IPs)
-     * - action: what to do with matched traffic (forward, redirect, block)
-     *
-     * Example:
-     * ```ts
-     * const proxy = new SmartProxy({
-     *   routes: [
-     *     {
-     *       match: {
-     *         ports: 443,
-     *         domains: ['example.com', '*.example.com']
-     *       },
-     *       action: {
-     *         type: 'forward',
-     *         target: { host: '10.0.0.1', port: 8443 },
-     *         tls: { mode: 'passthrough' }
-     *       }
-     *     }
-     *   ],
-     *   defaults: {
-     *     target: { host: 'localhost', port: 8080 },
-     *     security: { ipAllowList: ['*'] }
-     *   }
-     * });
-     * ```
-     */
+    private stopping;
     constructor(settingsArg: ISmartProxyOptions);
     /**
-     * The settings for the SmartProxy
-     */
-    settings: ISmartProxyOptions;
-    /**
-     * Helper method to create and configure certificate manager
-     * This ensures consistent setup including the required ACME callback
-     */
-    private createCertificateManager;
-    /**
-     * Initialize certificate manager
-     */
-    private initializeCertificateManager;
-    /**
-     * Check if we have routes with static certificates
-     */
-    private hasStaticCertRoutes;
-    /**
-     * Start the proxy server with support for both configuration types
+     * Start the proxy.
+     * Spawns the Rust binary, configures socket relay if needed, sends routes, handles cert provisioning.
      */
     start(): Promise<void>;
     /**
-     * Extract domain configurations from routes for certificate provisioning
-     *
-     * Note: This method has been removed as we now work directly with routes
-     */
-    /**
-     * Stop the proxy server
+     * Stop the proxy.
      */
     stop(): Promise<void>;
     /**
-     * Updates the domain configurations for the proxy
-     *
-     * Note: This legacy method has been removed. Use updateRoutes instead.
-     */
-    updateDomainConfigs(): Promise<void>;
-    /**
-     * Verify the challenge route has been properly removed from routes
-     */
-    private verifyChallengeRouteRemoved;
-    /**
-     * Update routes with new configuration
-     *
-     * This method replaces the current route configuration with the provided routes.
-     * It also provisions certificates for routes that require TLS termination and have
-     * `certificate: 'auto'` set in their TLS configuration.
-     *
-     * @param newRoutes Array of route configurations to use
-     *
-     * Example:
-     * ```ts
-     * proxy.updateRoutes([
-     *   {
-     *     match: { ports: 443, domains: 'secure.example.com' },
-     *     action: {
-     *       type: 'forward',
-     *       target: { host: '10.0.0.1', port: 8443 },
-     *       tls: { mode: 'terminate', certificate: 'auto' }
-     *     }
-     *   }
-     * ]);
-     * ```
+     * Update routes atomically.
      */
     updateRoutes(newRoutes: IRouteConfig[]): Promise<void>;
     /**
-     * Manually provision a certificate for a route
+     * Provision a certificate for a named route.
      */
     provisionCertificate(routeName: string): Promise<void>;
     /**
-     * Force renewal of a certificate
+     * Force renewal of a certificate.
      */
     renewCertificate(routeName: string): Promise<void>;
     /**
-     * Get certificate status for a route
+     * Get certificate status for a route (async - calls Rust).
      */
-    getCertificateStatus(routeName: string): ICertStatus | undefined;
+    getCertificateStatus(routeName: string): Promise<any>;
     /**
-     * Get proxy metrics with clean API
-     *
-     * @returns IMetrics interface with grouped metrics methods
+     * Get the metrics interface.
      */
     getMetrics(): IMetrics;
     /**
-     * Validates if a domain name is valid for certificate issuance
+     * Get statistics (async - calls Rust).
      */
-    private isValidDomain;
+    getStatistics(): Promise<any>;
     /**
-     * Add a new listening port without changing the route configuration
-     *
-     * This allows you to add a port listener without updating routes.
-     * Useful for preparing to listen on a port before adding routes for it.
-     *
-     * @param port The port to start listening on
-     * @returns Promise that resolves when the port is listening
+     * Add a listening port at runtime.
      */
     addListeningPort(port: number): Promise<void>;
     /**
-     * Stop listening on a specific port without changing the route configuration
-     *
-     * This allows you to stop a port listener without updating routes.
-     * Useful for temporary maintenance or port changes.
-     *
-     * @param port The port to stop listening on
-     * @returns Promise that resolves when the port is closed
+     * Remove a listening port at runtime.
      */
     removeListeningPort(port: number): Promise<void>;
     /**
-     * Get a list of all ports currently being listened on
-     *
-     * @returns Array of port numbers
-     */
-    getListeningPorts(): number[];
-    /**
-     * Get statistics about current connections
+     * Get all currently listening ports (async - calls Rust).
      */
-    getStatistics(): any;
+    getListeningPorts(): Promise<number[]>;
     /**
-     * Get a list of eligible domains for ACME certificates
+     * Get eligible domains for ACME certificates (sync - reads local routes).
      */
     getEligibleDomainsForCertificates(): string[];
     /**
-     * Get NFTables status
+     * Get NFTables status (async - calls Rust).
      */
     getNfTablesStatus(): Promise<Record<string, any>>;
     /**
-     * Validate ACME configuration
+     * Build the Rust configuration object from TS settings.
      */
-    private validateAcmeConfiguration;
+    private buildRustConfig;
+    /**
+     * For routes with certificate: 'auto', call certProvisionFunction if set.
+     * If the callback returns a cert object, load it into Rust.
+     * If it returns 'http01', let Rust handle ACME.
+     */
+    private provisionCertificatesViaCallback;
+    private isValidDomain;
 }