@serve.zone/dcrouter 11.0.27 → 11.0.29

package/dist_ts/remoteingress/classes.remoteingress-manager.js

@@ -0,0 +1,227 @@
+import * as plugins from '../plugins.js';
+const STORAGE_PREFIX = '/remote-ingress/';
+/**
+ * Flatten a port range (number | number[] | Array<{from, to}>) to a sorted unique number array.
+ */
+function extractPorts(portRange) {
+    const ports = new Set();
+    if (typeof portRange === 'number') {
+        ports.add(portRange);
+    }
+    else if (Array.isArray(portRange)) {
+        for (const entry of portRange) {
+            if (typeof entry === 'number') {
+                ports.add(entry);
+            }
+            else if (typeof entry === 'object' && 'from' in entry && 'to' in entry) {
+                for (let p = entry.from; p <= entry.to; p++) {
+                    ports.add(p);
+                }
+            }
+        }
+    }
+    return [...ports].sort((a, b) => a - b);
+}
+/**
+ * Manages CRUD for remote ingress edge registrations.
+ * Persists edge configs via StorageManager and provides
+ * the allowed edges list for the Rust hub.
+ */
+export class RemoteIngressManager {
+    storageManager;
+    edges = new Map();
+    routes = [];
+    constructor(storageManager) {
+        this.storageManager = storageManager;
+    }
+    /**
+     * Load all edge registrations from storage into memory.
+     */
+    async initialize() {
+        const keys = await this.storageManager.list(STORAGE_PREFIX);
+        for (const key of keys) {
+            const edge = await this.storageManager.getJSON(key);
+            if (edge) {
+                // Migration: old edges without autoDerivePorts default to true
+                if (edge.autoDerivePorts === undefined) {
+                    edge.autoDerivePorts = true;
+                    await this.storageManager.setJSON(key, edge);
+                }
+                this.edges.set(edge.id, edge);
+            }
+        }
+    }
+    /**
+     * Store the current route configs for port derivation.
+     */
+    setRoutes(routes) {
+        this.routes = routes;
+    }
+    /**
+     * Derive listen ports for an edge from routes tagged with remoteIngress.enabled.
+     * When a route specifies edgeFilter, only edges whose id or tags match get that route's ports.
+     * When edgeFilter is absent, the route applies to all edges.
+     */
+    derivePortsForEdge(edgeId, edgeTags) {
+        const ports = new Set();
+        for (const route of this.routes) {
+            if (!route.remoteIngress?.enabled)
+                continue;
+            // Apply edge filter if present
+            const filter = route.remoteIngress.edgeFilter;
+            if (filter && filter.length > 0) {
+                const idMatch = filter.includes(edgeId);
+                const tagMatch = edgeTags?.some((tag) => filter.includes(tag)) ?? false;
+                if (!idMatch && !tagMatch)
+                    continue;
+            }
+            // Extract ports from the route match
+            if (route.match?.ports) {
+                for (const p of extractPorts(route.match.ports)) {
+                    ports.add(p);
+                }
+            }
+        }
+        return [...ports].sort((a, b) => a - b);
+    }
+    /**
+     * Get the effective listen ports for an edge.
+     * Manual ports are always included. Auto-derived ports are added (union) when autoDerivePorts is true.
+     */
+    getEffectiveListenPorts(edge) {
+        const manualPorts = edge.listenPorts || [];
+        const shouldDerive = edge.autoDerivePorts !== false;
+        if (!shouldDerive)
+            return [...manualPorts].sort((a, b) => a - b);
+        const derivedPorts = this.derivePortsForEdge(edge.id, edge.tags);
+        return [...new Set([...manualPorts, ...derivedPorts])].sort((a, b) => a - b);
+    }
+    /**
+     * Get manual and derived port breakdown for an edge (used in API responses).
+     * Derived ports exclude any ports already present in the manual list.
+     */
+    getPortBreakdown(edge) {
+        const manual = edge.listenPorts || [];
+        const shouldDerive = edge.autoDerivePorts !== false;
+        if (!shouldDerive)
+            return { manual, derived: [] };
+        const manualSet = new Set(manual);
+        const allDerived = this.derivePortsForEdge(edge.id, edge.tags);
+        const derived = allDerived.filter((p) => !manualSet.has(p));
+        return { manual, derived };
+    }
+    /**
+     * Create a new edge registration.
+     */
+    async createEdge(name, listenPorts = [], tags, autoDerivePorts = true) {
+        const id = plugins.uuid.v4();
+        const secret = plugins.crypto.randomBytes(32).toString('hex');
+        const now = Date.now();
+        const edge = {
+            id,
+            name,
+            secret,
+            listenPorts,
+            enabled: true,
+            autoDerivePorts,
+            tags: tags || [],
+            createdAt: now,
+            updatedAt: now,
+        };
+        await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+        this.edges.set(id, edge);
+        return edge;
+    }
+    /**
+     * Get an edge by ID.
+     */
+    getEdge(id) {
+        return this.edges.get(id);
+    }
+    /**
+     * Get all edge registrations.
+     */
+    getAllEdges() {
+        return Array.from(this.edges.values());
+    }
+    /**
+     * Update an edge registration.
+     */
+    async updateEdge(id, updates) {
+        const edge = this.edges.get(id);
+        if (!edge) {
+            return null;
+        }
+        if (updates.name !== undefined)
+            edge.name = updates.name;
+        if (updates.listenPorts !== undefined)
+            edge.listenPorts = updates.listenPorts;
+        if (updates.autoDerivePorts !== undefined)
+            edge.autoDerivePorts = updates.autoDerivePorts;
+        if (updates.enabled !== undefined)
+            edge.enabled = updates.enabled;
+        if (updates.tags !== undefined)
+            edge.tags = updates.tags;
+        edge.updatedAt = Date.now();
+        await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+        this.edges.set(id, edge);
+        return edge;
+    }
+    /**
+     * Delete an edge registration.
+     */
+    async deleteEdge(id) {
+        if (!this.edges.has(id)) {
+            return false;
+        }
+        await this.storageManager.delete(`${STORAGE_PREFIX}${id}`);
+        this.edges.delete(id);
+        return true;
+    }
+    /**
+     * Regenerate the secret for an edge.
+     */
+    async regenerateSecret(id) {
+        const edge = this.edges.get(id);
+        if (!edge) {
+            return null;
+        }
+        edge.secret = plugins.crypto.randomBytes(32).toString('hex');
+        edge.updatedAt = Date.now();
+        await this.storageManager.setJSON(`${STORAGE_PREFIX}${id}`, edge);
+        this.edges.set(id, edge);
+        return edge.secret;
+    }
+    /**
+     * Verify an edge's secret using constant-time comparison.
+     */
+    verifySecret(id, secret) {
+        const edge = this.edges.get(id);
+        if (!edge) {
+            return false;
+        }
+        const expected = Buffer.from(edge.secret);
+        const provided = Buffer.from(secret);
+        if (expected.length !== provided.length) {
+            return false;
+        }
+        return plugins.crypto.timingSafeEqual(expected, provided);
+    }
+    /**
+     * Get the list of allowed edges (enabled only) for the Rust hub.
+     */
+    getAllowedEdges() {
+        const result = [];
+        for (const edge of this.edges.values()) {
+            if (edge.enabled) {
+                result.push({
+                    id: edge.id,
+                    secret: edge.secret,
+                    listenPorts: this.getEffectiveListenPorts(edge),
+                });
+            }
+        }
+        return result;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5yZW1vdGVpbmdyZXNzLW1hbmFnZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9yZW1vdGVpbmdyZXNzL2NsYXNzZXMucmVtb3RlaW5ncmVzcy1tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDO0FBSXpDLE1BQU0sY0FBYyxHQUFHLGtCQUFrQixDQUFDO0FBRTFDOztHQUVHO0FBQ0gsU0FBUyxZQUFZLENBQUMsU0FBa0U7SUFDdEYsTUFBTSxLQUFLLEdBQUcsSUFBSSxHQUFHLEVBQVUsQ0FBQztJQUNoQyxJQUFJLE9BQU8sU0FBUyxLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ2xDLEtBQUssQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDdkIsQ0FBQztTQUFNLElBQUksS0FBSyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUFDO1FBQ3BDLEtBQUssTUFBTSxLQUFLLElBQUksU0FBUyxFQUFFLENBQUM7WUFDOUIsSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLEVBQUUsQ0FBQztnQkFDOUIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUNuQixDQUFDO2lCQUFNLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLE1BQU0sSUFBSSxLQUFLLElBQUksSUFBSSxJQUFJLEtBQUssRUFBRSxDQUFDO2dCQUN6RSxLQUFLLElBQUksQ0FBQyxHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQyxJQUFJLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztvQkFDNUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDZixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBQ0QsT0FBTyxDQUFDLEdBQUcsS0FBSyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQzFDLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxPQUFPLG9CQUFvQjtJQUN2QixjQUFjLENBQWlCO0lBQy9CLEtBQUssR0FBZ0MsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUMvQyxNQUFNLEdBQTJCLEVBQUUsQ0FBQztJQUU1QyxZQUFZLGNBQThCO1FBQ3hDLElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxDQUFDO0lBQ3ZDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxVQUFVO1FBQ3JCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDNUQsS0FBSyxNQUFNLEdBQUcsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFpQixHQUFHLENBQUMsQ0FBQztZQUNwRSxJQUFJLElBQUksRUFBRSxDQUFDO2dCQUNULCtEQUErRDtnQkFDL0QsSUFBSyxJQUFZLENBQUMsZUFBZSxLQUFLLFNBQVMsRUFBRSxDQUFDO29CQUNoRCxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUksQ0FBQztvQkFDNUIsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQy9DLENBQUM7Z0JBQ0QsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztZQUNoQyxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLFNBQVMsQ0FBQyxNQUE4QjtRQUM3QyxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQztJQUN2QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLGtCQUFrQixDQUFDLE1BQWMsRUFBRSxRQUFtQjtRQUMzRCxNQUFNLEtBQUssR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBRWhDLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLElBQUksQ0FBQyxLQUFLLENBQUMsYUFBYSxFQUFFLE9BQU87Z0JBQUUsU0FBUztZQUU1QywrQkFBK0I7WUFDL0IsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLGFBQWEsQ0FBQyxVQUFVLENBQUM7WUFDOUMsSUFBSSxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDaEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDeEMsTUFBTSxRQUFRLEdBQUcsUUFBUSxFQUFFLElBQUksQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEtBQUssQ0FBQztnQkFDeEUsSUFBSSxDQUFDLE9BQU8sSUFBSSxDQUFDLFFBQVE7b0JBQUUsU0FBUztZQUN0QyxDQUFDO1lBRUQscUNBQXFDO1lBQ3JDLElBQUksS0FBSyxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsQ0FBQztnQkFDdkIsS0FBSyxNQUFNLENBQUMsSUFBSSxZQUFZLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO29CQUNoRCxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUNmLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sQ0FBQyxHQUFHLEtBQUssQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksdUJBQXVCLENBQUMsSUFBb0I7UUFDakQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLFdBQVcsSUFBSSxFQUFFLENBQUM7UUFDM0MsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGVBQWUsS0FBSyxLQUFLLENBQUM7UUFDcEQsSUFBSSxDQUFDLFlBQVk7WUFBRSxPQUFPLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUM7UUFDakUsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ2pFLE9BQU8sQ0FBQyxHQUFHLElBQUksR0FBRyxDQUFDLENBQUMsR0FBRyxXQUFXLEVBQUUsR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQy9FLENBQUM7SUFFRDs7O09BR0c7SUFDSSxnQkFBZ0IsQ0FBQyxJQUFvQjtRQUMxQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQztRQUN0QyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsZUFBZSxLQUFLLEtBQUssQ0FBQztRQUNwRCxJQUFJLENBQUMsWUFBWTtZQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsT0FBTyxFQUFFLEVBQUUsRUFBRSxDQUFDO1FBQ2xELE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMvRCxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM1RCxPQUFPLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxDQUFDO0lBQzdCLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxVQUFVLENBQ3JCLElBQVksRUFDWixjQUF3QixFQUFFLEVBQzFCLElBQWUsRUFDZixrQkFBMkIsSUFBSTtRQUUvQixNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxDQUFDO1FBQzdCLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM5RCxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdkIsTUFBTSxJQUFJLEdBQW1CO1lBQzNCLEVBQUU7WUFDRixJQUFJO1lBQ0osTUFBTTtZQUNOLFdBQVc7WUFDWCxPQUFPLEVBQUUsSUFBSTtZQUNiLGVBQWU7WUFDZixJQUFJLEVBQUUsSUFBSSxJQUFJLEVBQUU7WUFDaEIsU0FBUyxFQUFFLEdBQUc7WUFDZCxTQUFTLEVBQUUsR0FBRztTQUNmLENBQUM7UUFFRixNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLEdBQUcsY0FBYyxHQUFHLEVBQUUsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ2xFLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN6QixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRDs7T0FFRztJQUNJLE9BQU8sQ0FBQyxFQUFVO1FBQ3ZCLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDNUIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksV0FBVztRQUNoQixPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUssQ0FBQyxVQUFVLENBQ3JCLEVBQVUsRUFDVixPQU1DO1FBRUQsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ1YsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLFNBQVM7WUFBRSxJQUFJLENBQUMsSUFBSSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFDekQsSUFBSSxPQUFPLENBQUMsV0FBVyxLQUFLLFNBQVM7WUFBRSxJQUFJLENBQUMsV0FBVyxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUM7UUFDOUUsSUFBSSxPQUFPLENBQUMsZUFBZSxLQUFLLFNBQVM7WUFBRSxJQUFJLENBQUMsZUFBZSxHQUFHLE9BQU8sQ0FBQyxlQUFlLENBQUM7UUFDMUYsSUFBSSxPQUFPLENBQUMsT0FBTyxLQUFLLFNBQVM7WUFBRSxJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUM7UUFDbEUsSUFBSSxPQUFPLENBQUMsSUFBSSxLQUFLLFNBQVM7WUFBRSxJQUFJLENBQUMsSUFBSSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUM7UUFDekQsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFNUIsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxHQUFHLGNBQWMsR0FBRyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNsRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDekIsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsVUFBVSxDQUFDLEVBQVU7UUFDaEMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDeEIsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBQ0QsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE1BQU0sQ0FBQyxHQUFHLGNBQWMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzNELElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3RCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLGdCQUFnQixDQUFDLEVBQVU7UUFDdEMsTUFBTSxJQUFJLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ1YsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsSUFBSSxDQUFDLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDN0QsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFNUIsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxHQUFHLGNBQWMsR0FBRyxFQUFFLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNsRSxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDekIsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDO0lBQ3JCLENBQUM7SUFFRDs7T0FFRztJQUNJLFlBQVksQ0FBQyxFQUFVLEVBQUUsTUFBYztRQUM1QyxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUNoQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDVixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7UUFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMxQyxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3JDLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEMsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBQ0QsT0FBTyxPQUFPLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDNUQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksZUFBZTtRQUNwQixNQUFNLE1BQU0sR0FBaUUsRUFBRSxDQUFDO1FBQ2hGLEtBQUssTUFBTSxJQUFJLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQ3ZDLElBQUksSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNqQixNQUFNLENBQUMsSUFBSSxDQUFDO29CQUNWLEVBQUUsRUFBRSxJQUFJLENBQUMsRUFBRTtvQkFDWCxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07b0JBQ25CLFdBQVcsRUFBRSxJQUFJLENBQUMsdUJBQXVCLENBQUMsSUFBSSxDQUFDO2lCQUNoRCxDQUFDLENBQUM7WUFDTCxDQUFDO1FBQ0gsQ0FBQztRQUNELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7Q0FDRiJ9

package/dist_ts/remoteingress/classes.tunnel-manager.d.ts

@@ -0,0 +1,59 @@
+import type { IRemoteIngressStatus } from '../../dist_ts_interfaces/data/remoteingress.js';
+import type { RemoteIngressManager } from './classes.remoteingress-manager.js';
+export interface ITunnelManagerConfig {
+    tunnelPort?: number;
+    targetHost?: string;
+    tls?: {
+        certPem?: string;
+        keyPem?: string;
+    };
+}
+/**
+ * Manages the RemoteIngressHub instance and tracks connected edge statuses.
+ */
+export declare class TunnelManager {
+    private hub;
+    private manager;
+    private config;
+    private edgeStatuses;
+    private reconcileInterval;
+    constructor(manager: RemoteIngressManager, config?: ITunnelManagerConfig);
+    /**
+     * Start the tunnel hub and load allowed edges.
+     */
+    start(): Promise<void>;
+    /**
+     * Stop the tunnel hub.
+     */
+    stop(): Promise<void>;
+    /**
+     * Reconcile TS-side edge statuses with the authoritative Rust hub status.
+     * Overwrites event-derived activeTunnels with the real activeStreams count.
+     */
+    private reconcile;
+    /**
+     * Sync allowed edges from the manager to the hub.
+     * Call this after creating/deleting/updating edges.
+     */
+    syncAllowedEdges(): Promise<void>;
+    /**
+     * Get runtime statuses for all known edges.
+     */
+    getEdgeStatuses(): IRemoteIngressStatus[];
+    /**
+     * Get status for a specific edge.
+     */
+    getEdgeStatus(edgeId: string): IRemoteIngressStatus | undefined;
+    /**
+     * Get the count of connected edges.
+     */
+    getConnectedCount(): number;
+    /**
+     * Get the public IPs of all connected edges.
+     */
+    getConnectedEdgeIps(): string[];
+    /**
+     * Get the total number of active tunnels across all edges.
+     */
+    getTotalActiveTunnels(): number;
+}

package/dist_ts/remoteingress/classes.tunnel-manager.js

@@ -0,0 +1,165 @@
+import * as plugins from '../plugins.js';
+/**
+ * Manages the RemoteIngressHub instance and tracks connected edge statuses.
+ */
+export class TunnelManager {
+    hub;
+    manager;
+    config;
+    edgeStatuses = new Map();
+    reconcileInterval = null;
+    constructor(manager, config = {}) {
+        this.manager = manager;
+        this.config = config;
+        this.hub = new plugins.remoteingress.RemoteIngressHub();
+        // Listen for edge connect/disconnect events
+        this.hub.on('edgeConnected', (data) => {
+            this.edgeStatuses.set(data.edgeId, {
+                edgeId: data.edgeId,
+                connected: true,
+                publicIp: data.peerAddr || null,
+                activeTunnels: 0,
+                lastHeartbeat: Date.now(),
+                connectedAt: Date.now(),
+            });
+        });
+        this.hub.on('edgeDisconnected', (data) => {
+            this.edgeStatuses.delete(data.edgeId);
+        });
+        this.hub.on('streamOpened', (data) => {
+            const existing = this.edgeStatuses.get(data.edgeId);
+            if (existing) {
+                existing.activeTunnels++;
+                existing.lastHeartbeat = Date.now();
+            }
+        });
+        this.hub.on('streamClosed', (data) => {
+            const existing = this.edgeStatuses.get(data.edgeId);
+            if (existing && existing.activeTunnels > 0) {
+                existing.activeTunnels--;
+            }
+        });
+    }
+    /**
+     * Start the tunnel hub and load allowed edges.
+     */
+    async start() {
+        await this.hub.start({
+            tunnelPort: this.config.tunnelPort ?? 8443,
+            targetHost: this.config.targetHost ?? '127.0.0.1',
+            tls: this.config.tls,
+        });
+        // Send allowed edges to the hub
+        await this.syncAllowedEdges();
+        // Periodically reconcile with authoritative Rust hub status
+        this.reconcileInterval = setInterval(() => {
+            this.reconcile().catch(() => { });
+        }, 15_000);
+    }
+    /**
+     * Stop the tunnel hub.
+     */
+    async stop() {
+        if (this.reconcileInterval) {
+            clearInterval(this.reconcileInterval);
+            this.reconcileInterval = null;
+        }
+        // Remove event listeners before stopping to prevent leaks
+        this.hub.removeAllListeners();
+        await this.hub.stop();
+        this.edgeStatuses.clear();
+    }
+    /**
+     * Reconcile TS-side edge statuses with the authoritative Rust hub status.
+     * Overwrites event-derived activeTunnels with the real activeStreams count.
+     */
+    async reconcile() {
+        const hubStatus = await this.hub.getStatus();
+        if (!hubStatus || !hubStatus.connectedEdges)
+            return;
+        const rustEdgeIds = new Set();
+        for (const rustEdge of hubStatus.connectedEdges) {
+            rustEdgeIds.add(rustEdge.edgeId);
+            const existing = this.edgeStatuses.get(rustEdge.edgeId);
+            if (existing) {
+                existing.activeTunnels = rustEdge.activeStreams;
+                existing.lastHeartbeat = Date.now();
+                // Update peer address if available from Rust hub
+                if (rustEdge.peerAddr) {
+                    existing.publicIp = rustEdge.peerAddr;
+                }
+            }
+            else {
+                // Missed edgeConnected event — add entry
+                this.edgeStatuses.set(rustEdge.edgeId, {
+                    edgeId: rustEdge.edgeId,
+                    connected: true,
+                    publicIp: rustEdge.peerAddr || null,
+                    activeTunnels: rustEdge.activeStreams,
+                    lastHeartbeat: Date.now(),
+                    connectedAt: rustEdge.connectedAt * 1000,
+                });
+            }
+        }
+        // Remove entries for edges no longer connected in Rust (missed edgeDisconnected)
+        for (const edgeId of this.edgeStatuses.keys()) {
+            if (!rustEdgeIds.has(edgeId)) {
+                this.edgeStatuses.delete(edgeId);
+            }
+        }
+    }
+    /**
+     * Sync allowed edges from the manager to the hub.
+     * Call this after creating/deleting/updating edges.
+     */
+    async syncAllowedEdges() {
+        const edges = this.manager.getAllowedEdges();
+        await this.hub.updateAllowedEdges(edges);
+    }
+    /**
+     * Get runtime statuses for all known edges.
+     */
+    getEdgeStatuses() {
+        return Array.from(this.edgeStatuses.values());
+    }
+    /**
+     * Get status for a specific edge.
+     */
+    getEdgeStatus(edgeId) {
+        return this.edgeStatuses.get(edgeId);
+    }
+    /**
+     * Get the count of connected edges.
+     */
+    getConnectedCount() {
+        let count = 0;
+        for (const status of this.edgeStatuses.values()) {
+            if (status.connected)
+                count++;
+        }
+        return count;
+    }
+    /**
+     * Get the public IPs of all connected edges.
+     */
+    getConnectedEdgeIps() {
+        const ips = [];
+        for (const status of this.edgeStatuses.values()) {
+            if (status.connected && status.publicIp) {
+                ips.push(status.publicIp);
+            }
+        }
+        return ips;
+    }
+    /**
+     * Get the total number of active tunnels across all edges.
+     */
+    getTotalActiveTunnels() {
+        let total = 0;
+        for (const status of this.edgeStatuses.values()) {
+            total += status.activeTunnels;
+        }
+        return total;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy50dW5uZWwtbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL3JlbW90ZWluZ3Jlc3MvY2xhc3Nlcy50dW5uZWwtbWFuYWdlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssT0FBTyxNQUFNLGVBQWUsQ0FBQztBQWF6Qzs7R0FFRztBQUNILE1BQU0sT0FBTyxhQUFhO0lBQ2hCLEdBQUcsQ0FBOEQ7SUFDakUsT0FBTyxDQUF1QjtJQUM5QixNQUFNLENBQXVCO0lBQzdCLFlBQVksR0FBc0MsSUFBSSxHQUFHLEVBQUUsQ0FBQztJQUM1RCxpQkFBaUIsR0FBMEMsSUFBSSxDQUFDO0lBRXhFLFlBQVksT0FBNkIsRUFBRSxTQUErQixFQUFFO1FBQzFFLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSxPQUFPLENBQUMsYUFBYSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFeEQsNENBQTRDO1FBQzVDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLGVBQWUsRUFBRSxDQUFDLElBQTBDLEVBQUUsRUFBRTtZQUMxRSxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO2dCQUNqQyxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07Z0JBQ25CLFNBQVMsRUFBRSxJQUFJO2dCQUNmLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUSxJQUFJLElBQUk7Z0JBQy9CLGFBQWEsRUFBRSxDQUFDO2dCQUNoQixhQUFhLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRTtnQkFDekIsV0FBVyxFQUFFLElBQUksQ0FBQyxHQUFHLEVBQUU7YUFDeEIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDLElBQXdCLEVBQUUsRUFBRTtZQUMzRCxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDeEMsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxJQUEwQyxFQUFFLEVBQUU7WUFDekUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3BELElBQUksUUFBUSxFQUFFLENBQUM7Z0JBQ2IsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUFDO2dCQUN6QixRQUFRLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUN0QyxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxjQUFjLEVBQUUsQ0FBQyxJQUEwQyxFQUFFLEVBQUU7WUFDekUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ3BELElBQUksUUFBUSxJQUFJLFFBQVEsQ0FBQyxhQUFhLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzNDLFFBQVEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMzQixDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSSxLQUFLLENBQUMsS0FBSztRQUNoQixNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO1lBQ25CLFVBQVUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsSUFBSSxJQUFJO1lBQzFDLFVBQVUsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsSUFBSSxXQUFXO1lBQ2pELEdBQUcsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUc7U0FDckIsQ0FBQyxDQUFDO1FBRUgsZ0NBQWdDO1FBQ2hDLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFFOUIsNERBQTREO1FBQzVELElBQUksQ0FBQyxpQkFBaUIsR0FBRyxXQUFXLENBQUMsR0FBRyxFQUFFO1lBQ3hDLElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxLQUFLLENBQUMsR0FBRyxFQUFFLEdBQUUsQ0FBQyxDQUFDLENBQUM7UUFDbkMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2IsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLElBQUk7UUFDZixJQUFJLElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQzNCLGFBQWEsQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztZQUN0QyxJQUFJLENBQUMsaUJBQWlCLEdBQUcsSUFBSSxDQUFDO1FBQ2hDLENBQUM7UUFDRCwwREFBMEQ7UUFDMUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQzlCLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN0QixJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzVCLENBQUM7SUFFRDs7O09BR0c7SUFDSyxLQUFLLENBQUMsU0FBUztRQUNyQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDN0MsSUFBSSxDQUFDLFNBQVMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjO1lBQUUsT0FBTztRQUVwRCxNQUFNLFdBQVcsR0FBRyxJQUFJLEdBQUcsRUFBVSxDQUFDO1FBRXRDLEtBQUssTUFBTSxRQUFRLElBQUksU0FBUyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ2hELFdBQVcsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUN4RCxJQUFJLFFBQVEsRUFBRSxDQUFDO2dCQUNiLFFBQVEsQ0FBQyxhQUFhLEdBQUcsUUFBUSxDQUFDLGFBQWEsQ0FBQztnQkFDaEQsUUFBUSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3BDLGlEQUFpRDtnQkFDakQsSUFBSSxRQUFRLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQ3RCLFFBQVEsQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQztnQkFDeEMsQ0FBQztZQUNILENBQUM7aUJBQU0sQ0FBQztnQkFDTix5Q0FBeUM7Z0JBQ3pDLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUU7b0JBQ3JDLE1BQU0sRUFBRSxRQUFRLENBQUMsTUFBTTtvQkFDdkIsU0FBUyxFQUFFLElBQUk7b0JBQ2YsUUFBUSxFQUFFLFFBQVEsQ0FBQyxRQUFRLElBQUksSUFBSTtvQkFDbkMsYUFBYSxFQUFFLFFBQVEsQ0FBQyxhQUFhO29CQUNyQyxhQUFhLEVBQUUsSUFBSSxDQUFDLEdBQUcsRUFBRTtvQkFDekIsV0FBVyxFQUFFLFFBQVEsQ0FBQyxXQUFXLEdBQUcsSUFBSTtpQkFDekMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUM7UUFFRCxpRkFBaUY7UUFDakYsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUM7WUFDOUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztnQkFDN0IsSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDbkMsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLGdCQUFnQjtRQUMzQixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQzdDLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxlQUFlO1FBQ3BCLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDaEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ksYUFBYSxDQUFDLE1BQWM7UUFDakMsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7O09BRUc7SUFDSSxpQkFBaUI7UUFDdEIsSUFBSSxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQ2QsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7WUFDaEQsSUFBSSxNQUFNLENBQUMsU0FBUztnQkFBRSxLQUFLLEVBQUUsQ0FBQztRQUNoQyxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7O09BRUc7SUFDSSxtQkFBbUI7UUFDeEIsTUFBTSxHQUFHLEdBQWEsRUFBRSxDQUFDO1FBQ3pCLEtBQUssTUFBTSxNQUFNLElBQUksSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQ2hELElBQUksTUFBTSxDQUFDLFNBQVMsSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUM7Z0JBQ3hDLEdBQUcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQzVCLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRUQ7O09BRUc7SUFDSSxxQkFBcUI7UUFDMUIsSUFBSSxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQ2QsS0FBSyxNQUFNLE1BQU0sSUFBSSxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7WUFDaEQsS0FBSyxJQUFJLE1BQU0sQ0FBQyxhQUFhLENBQUM7UUFDaEMsQ0FBQztRQUNELE9BQU8sS0FBSyxDQUFDO0lBQ2YsQ0FBQztDQUNGIn0=

package/dist_ts/remoteingress/index.d.ts

@@ -0,0 +1,2 @@
+export * from './classes.remoteingress-manager.js';
+export * from './classes.tunnel-manager.js';

package/dist_ts/remoteingress/index.js

@@ -0,0 +1,3 @@
+export * from './classes.remoteingress-manager.js';
+export * from './classes.tunnel-manager.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9yZW1vdGVpbmdyZXNzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsb0NBQW9DLENBQUM7QUFDbkQsY0FBYyw2QkFBNkIsQ0FBQyJ9

package/dist_ts/security/classes.securitylogger.d.ts

@@ -0,0 +1,144 @@
+/**
+ * Log level for security events
+ */
+export declare enum SecurityLogLevel {
+    INFO = "info",
+    WARN = "warn",
+    ERROR = "error",
+    CRITICAL = "critical"
+}
+/**
+ * Security event types for categorization
+ */
+export declare enum SecurityEventType {
+    AUTHENTICATION = "authentication",
+    ACCESS_CONTROL = "access_control",
+    EMAIL_VALIDATION = "email_validation",
+    EMAIL_PROCESSING = "email_processing",
+    EMAIL_FORWARDING = "email_forwarding",
+    EMAIL_DELIVERY = "email_delivery",
+    DKIM = "dkim",
+    SPF = "spf",
+    DMARC = "dmarc",
+    RATE_LIMIT = "rate_limit",
+    RATE_LIMITING = "rate_limiting",
+    SPAM = "spam",
+    MALWARE = "malware",
+    CONNECTION = "connection",
+    DATA_EXPOSURE = "data_exposure",
+    CONFIGURATION = "configuration",
+    IP_REPUTATION = "ip_reputation",
+    REJECTED_CONNECTION = "rejected_connection"
+}
+/**
+ * Security event interface
+ */
+export interface ISecurityEvent {
+    timestamp: number;
+    level: SecurityLogLevel;
+    type: SecurityEventType;
+    message: string;
+    details?: any;
+    ipAddress?: string;
+    userId?: string;
+    sessionId?: string;
+    emailId?: string;
+    domain?: string;
+    action?: string;
+    result?: string;
+    success?: boolean;
+}
+/**
+ * Security logger for enhanced security monitoring
+ */
+export declare class SecurityLogger {
+    private static instance;
+    private securityEvents;
+    private maxEventHistory;
+    private enableNotifications;
+    private constructor();
+    /**
+     * Get singleton instance
+     */
+    static getInstance(options?: {
+        maxEventHistory?: number;
+        enableNotifications?: boolean;
+    }): SecurityLogger;
+    /**
+     * Reset the singleton instance (for shutdown/testing)
+     */
+    static resetInstance(): void;
+    /**
+     * Log a security event
+     * @param event The security event to log
+     */
+    logEvent(event: Omit<ISecurityEvent, 'timestamp'>): void;
+    /**
+     * Get recent security events
+     * @param limit Maximum number of events to return
+     * @param filter Filter for specific event types
+     * @returns Recent security events
+     */
+    getRecentEvents(limit?: number, filter?: {
+        level?: SecurityLogLevel;
+        type?: SecurityEventType;
+        fromTimestamp?: number;
+        toTimestamp?: number;
+    }): ISecurityEvent[];
+    /**
+     * Get events by security level
+     * @param level The security level to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events matching the level
+     */
+    getEventsByLevel(level: SecurityLogLevel, limit?: number): ISecurityEvent[];
+    /**
+     * Get events by security type
+     * @param type The event type to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events matching the type
+     */
+    getEventsByType(type: SecurityEventType, limit?: number): ISecurityEvent[];
+    /**
+     * Get security events for a specific IP address
+     * @param ipAddress The IP address to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events for the IP address
+     */
+    getEventsByIP(ipAddress: string, limit?: number): ISecurityEvent[];
+    /**
+     * Get security events for a specific domain
+     * @param domain The domain to filter by
+     * @param limit Maximum number of events to return
+     * @returns Security events for the domain
+     */
+    getEventsByDomain(domain: string, limit?: number): ISecurityEvent[];
+    /**
+     * Send a notification for critical security events
+     * @param event The security event to notify about
+     * @private
+     */
+    private sendNotification;
+    /**
+     * Clear event history
+     */
+    clearEvents(): void;
+    /**
+     * Get statistical summary of security events
+     * @param timeWindow Optional time window in milliseconds
+     * @returns Summary of security events
+     */
+    getEventsSummary(timeWindow?: number): {
+        total: number;
+        byLevel: Record<SecurityLogLevel, number>;
+        byType: Record<SecurityEventType, number>;
+        topIPs: Array<{
+            ip: string;
+            count: number;
+        }>;
+        topDomains: Array<{
+            domain: string;
+            count: number;
+        }>;
+    };
+}

package/dist_ts_web/00_commitinfo_data.js

@@ -3,7 +3,7 @@
  */
 export const commitinfo = {
     name: '@serve.zone/dcrouter',
-    version: '11.0.27',
+    version: '11.0.29',
     description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 };
 //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vdHNfd2ViLzAwX2NvbW1pdGluZm9fZGF0YS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQTs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRztJQUN4QixJQUFJLEVBQUUsc0JBQXNCO0lBQzVCLE9BQU8sRUFBRSxTQUFTO0lBQ2xCLFdBQVcsRUFBRSwwRUFBMEU7Q0FDeEYsQ0FBQSJ9

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@serve.zone/dcrouter",
   "private": false,
-  "version": "11.0.27",
+  "version": "11.0.29",
   "description": "A multifaceted routing service handling mail and SMS delivery functions.",
   "type": "module",
   "exports": {
@@ -19,7 +19,7 @@
     "watch": "tswatch"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^4.1.16",
+    "@git.zone/tsbuild": "^4.1.18",
     "@git.zone/tsbundle": "^2.9.0",
     "@git.zone/tsrun": "^2.0.1",
     "@git.zone/tstest": "^3.2.0",

package/ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.0.27',
+  version: '11.0.29',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.0.27',
+  version: '11.0.29',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }