@serve.zone/dcrouter 11.10.4 → 11.10.7

package/ts/classes.dcrouter.ts

@@ -215,7 +215,7 @@ export class DcRouter {
   public emailServer?: UnifiedEmailServer;
   public radiusServer?: RadiusServer;
   public storageManager: StorageManager;
-  public opsServer: OpsServer;
+  public opsServer!: OpsServer;
   public metricsManager?: MetricsManager;
 
   // Cache system (smartdata + LocalTsmDb)
@@ -448,7 +448,7 @@ export class DcRouter {
     }
 
     // DNS Server: optional, depends on SmartProxy
-    if (this.options.dnsNsDomains?.length > 0 && this.options.dnsScopes?.length > 0) {
+    if (this.options.dnsNsDomains && this.options.dnsNsDomains.length > 0 && this.options.dnsScopes && this.options.dnsScopes.length > 0) {
       this.serviceManager.addService(
         new plugins.taskbuffer.Service('DnsServer')
           .optional()
@@ -787,7 +787,7 @@ export class DcRouter {
             eventComms.log(`Attempting DNS-01 via SmartAcme for ${domain}`);
             eventComms.setSource('smartacme-dns-01');
             const isWildcardDomain = domain.startsWith('*.');
-            const cert = await this.smartAcme.getCertificateForDomain(domain, {
+            const cert = await this.smartAcme!.getCertificateForDomain(domain, {
               includeWildcard: !isWildcardDomain,
             });
             if (cert.validUntil) {
@@ -806,10 +806,10 @@ export class DcRouter {
             // Success — clear any backoff
             await scheduler.clearBackoff(domain);
             return result;
-          } catch (err) {
+          } catch (err: unknown) {
             // Record failure for backoff tracking
-            await scheduler.recordFailure(domain, err.message);
-            eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${err.message}, falling back to http-01`);
+            await scheduler.recordFailure(domain, (err as Error).message);
+            eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${(err as Error).message}, falling back to http-01`);
             return 'http01';
           }
         };
@@ -1248,21 +1248,21 @@ export class DcRouter {
     // Wire delivery events to MetricsManager and logger
     if (this.metricsManager && this.emailServer.deliverySystem) {
       this.emailServer.deliverySystem.on('deliveryStart', (item: any) => {
-        this.metricsManager.trackEmailReceived(item?.from);
+        this.metricsManager!.trackEmailReceived(item?.from);
         logger.log('info', `Email delivery started: ${item?.from} → ${item?.to}`, { zone: 'email' });
       });
       this.emailServer.deliverySystem.on('deliverySuccess', (item: any) => {
-        this.metricsManager.trackEmailSent(item?.to);
+        this.metricsManager!.trackEmailSent(item?.to);
         logger.log('info', `Email delivered to ${item?.to}`, { zone: 'email' });
       });
       this.emailServer.deliverySystem.on('deliveryFailed', (item: any, error: any) => {
-        this.metricsManager.trackEmailFailed(item?.to, error?.message);
+        this.metricsManager!.trackEmailFailed(item?.to, error?.message);
         logger.log('warn', `Email delivery failed to ${item?.to}: ${error?.message}`, { zone: 'email' });
       });
     }
     if (this.metricsManager && this.emailServer) {
       this.emailServer.on('bounceProcessed', () => {
-        this.metricsManager.trackEmailBounced();
+        this.metricsManager!.trackEmailBounced();
         logger.log('warn', 'Email bounce processed', { zone: 'email' });
       });
     }
@@ -1305,12 +1305,12 @@ export class DcRouter {
       }
       
       logger.log('info', 'All unified email components stopped');
-    } catch (error) {
-      logger.log('error', `Error stopping unified email components: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error stopping unified email components: ${(error as Error).message}`);
       throw error;
     }
   }
-  
+
   /**
    * Update domain rules for email routing
    * @param rules New domain rules to apply
@@ -1468,7 +1468,7 @@ export class DcRouter {
       this.dnsServer.on('query', (event: plugins.smartdns.dnsServerMod.IDnsQueryCompletedEvent) => {
         // Metrics tracking
         for (const question of event.questions) {
-          this.metricsManager.trackDnsQuery(
+          this.metricsManager?.trackDnsQuery(
             question.type,
             question.name,
             false,
@@ -1553,8 +1553,8 @@ export class DcRouter {
         // Use the built-in socket handler from smartdns
         // This handles HTTP/2, DoH protocol, etc.
         await (this.dnsServer as any).handleHttpsSocket(socket);
-      } catch (error) {
-        logger.log('error', `DNS socket handler error: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `DNS socket handler error: ${(error as Error).message}`);
         if (!socket.destroyed) {
           socket.destroy();
         }
@@ -1695,14 +1695,14 @@ export class DcRouter {
           } else {
             logger.log('warn', `Invalid DKIM record structure in ${file}`);
           }
-        } catch (error) {
-          logger.log('error', `Failed to load DKIM record from ${file}: ${error.message}`);
+        } catch (error: unknown) {
+          logger.log('error', `Failed to load DKIM record from ${file}: ${(error as Error).message}`);
         }
       }
-    } catch (error) {
-      logger.log('error', `Failed to load DKIM records: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to load DKIM records: ${(error as Error).message}`);
     }
-    
+
     return records;
   }
   
@@ -1734,11 +1734,11 @@ export class DcRouter {
         // This ensures keys are ready even if DNS mode changes later
         await dkimCreator.handleDKIMKeysForDomain(domainConfig.domain);
         logger.log('info', `DKIM keys initialized for ${domainConfig.domain}`);
-      } catch (error) {
-        logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${(error as Error).message}`);
       }
     }
-    
+
     logger.log('info', 'DKIM initialization complete');
   }
   
@@ -1779,10 +1779,10 @@ export class DcRouter {
         } else {
           logger.log('warn', 'Could not auto-discover public IPv4 address');
         }
-      } catch (error) {
-        logger.log('error', `Failed to auto-discover public IP: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `Failed to auto-discover public IP: ${(error as Error).message}`);
       }
-      
+
       if (!publicIp) {
         logger.log('warn', 'No public IP available. Nameserver A records require either proxyIps, publicIp, or successful auto-discovery.');
       }
@@ -1876,8 +1876,8 @@ export class DcRouter {
       }
       
       return null;
-    } catch (error) {
-      logger.log('warn', `Failed to detect public IP: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to detect public IP: ${(error as Error).message}`);
       return null;
     }
   }
@@ -1911,8 +1911,8 @@ export class DcRouter {
         const keyPem = plugins.fs.readFileSync(riCfg.tls.keyPath, 'utf8');
         tlsConfig = { certPem, keyPem };
         logger.log('info', 'Using explicit TLS cert/key for RemoteIngress tunnel');
-      } catch (err) {
-        logger.log('warn', `Failed to read RemoteIngress TLS cert/key files: ${err.message}`);
+      } catch (err: unknown) {
+        logger.log('warn', `Failed to read RemoteIngress TLS cert/key files: ${(err as Error).message}`);
       }
     }
 

package/ts/config/validator.ts

@@ -170,7 +170,7 @@ export class ConfigValidator {
                 } else if (rules.items.schema && itemType === 'object') {
                   const itemResult = this.validate(value[i], rules.items.schema);
                   if (!itemResult.valid) {
-                    errors.push(...itemResult.errors.map(err => `${key}[${i}].${err}`));
+                    errors.push(...itemResult.errors!.map(err => `${key}[${i}].${err}`));
                   }
                 }
               }
@@ -181,7 +181,7 @@ export class ConfigValidator {
             if (rules.schema) {
               const nestedResult = this.validate(value, rules.schema);
               if (!nestedResult.valid) {
-                errors.push(...nestedResult.errors.map(err => `${key}.${err}`));
+                errors.push(...nestedResult.errors!.map(err => `${key}.${err}`));
               }
               validatedConfig[key] = nestedResult.config;
             }
@@ -233,8 +233,8 @@ export class ConfigValidator {
 
       // Apply defaults to array items
       if (result[key] && rules.type === 'array' && rules.items && rules.items.schema) {
-        result[key] = result[key].map(item => 
-          typeof item === 'object' ? this.applyDefaults(item, rules.items.schema) : item
+        result[key] = result[key].map(item =>
+          typeof item === 'object' ? this.applyDefaults(item, rules.items!.schema!) : item
         );
       }
     }
@@ -255,7 +255,7 @@ export class ConfigValidator {
     
     if (!result.valid) {
       throw new ValidationError(
-        `Configuration validation failed: ${result.errors.join(', ')}`,
+        `Configuration validation failed: ${result.errors!.join(', ')}`,
         'CONFIG_VALIDATION_ERROR',
         { data: { errors: result.errors } }
       );

package/ts/errors/base.errors.ts

@@ -227,7 +227,7 @@ export class PlatformError extends Error {
     const { retry } = this.context;
     if (!retry) return false;
     
-    return retry.currentRetry < retry.maxRetries;
+    return (retry.currentRetry ?? 0) < (retry.maxRetries ?? 0);
   }
 
   /**

package/ts/monitoring/classes.metricsmanager.ts

@@ -296,11 +296,11 @@ export class MetricsManager {
       const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
       
       if (!proxyMetrics) {
-        return [];
+        return [] as Array<{ type: string; count: number; source: string; lastActivity: Date }>;
       }
-      
+
       const connectionsByRoute = proxyMetrics.connections.byRoute();
-      const connectionInfo = [];
+      const connectionInfo: Array<{ type: string; count: number; source: string; lastActivity: Date }> = [];
       
       for (const [routeName, count] of connectionsByRoute) {
         connectionInfo.push({

package/ts/opsserver/classes.opsserver.ts

@@ -7,7 +7,7 @@ import { requireValidIdentity, requireAdminIdentity } from './helpers/guards.js'
 
 export class OpsServer {
   public dcRouterRef: DcRouter;
-  public server: plugins.typedserver.utilityservers.UtilityWebsiteServer;
+  public server!: plugins.typedserver.utilityservers.UtilityWebsiteServer;
 
   // Main TypedRouter — unauthenticated endpoints (login/logout/verify) and own-auth handlers
   public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -17,17 +17,17 @@ export class OpsServer {
   public adminRouter = new plugins.typedrequest.TypedRouter<{ request: { identity: interfaces.data.IIdentity } }>();
 
   // Handler instances
-  public adminHandler: handlers.AdminHandler;
-  private configHandler: handlers.ConfigHandler;
-  private logsHandler: handlers.LogsHandler;
-  private securityHandler: handlers.SecurityHandler;
-  private statsHandler: handlers.StatsHandler;
-  private radiusHandler: handlers.RadiusHandler;
-  private emailOpsHandler: handlers.EmailOpsHandler;
-  private certificateHandler: handlers.CertificateHandler;
-  private remoteIngressHandler: handlers.RemoteIngressHandler;
-  private routeManagementHandler: handlers.RouteManagementHandler;
-  private apiTokenHandler: handlers.ApiTokenHandler;
+  public adminHandler!: handlers.AdminHandler;
+  private configHandler!: handlers.ConfigHandler;
+  private logsHandler!: handlers.LogsHandler;
+  private securityHandler!: handlers.SecurityHandler;
+  private statsHandler!: handlers.StatsHandler;
+  private radiusHandler!: handlers.RadiusHandler;
+  private emailOpsHandler!: handlers.EmailOpsHandler;
+  private certificateHandler!: handlers.CertificateHandler;
+  private remoteIngressHandler!: handlers.RemoteIngressHandler;
+  private routeManagementHandler!: handlers.RouteManagementHandler;
+  private apiTokenHandler!: handlers.ApiTokenHandler;
 
   constructor(dcRouterRefArg: DcRouter) {
     this.dcRouterRef = dcRouterRefArg;
@@ -39,7 +39,7 @@ export class OpsServer {
   public async start() {
     this.server = new plugins.typedserver.utilityservers.UtilityWebsiteServer({
       domain: 'localhost',
-      feedMetadata: null,
+      feedMetadata: undefined,
       serveDir: paths.distServe,
     });
     

package/ts/opsserver/handlers/admin.handler.ts

@@ -12,7 +12,7 @@ export class AdminHandler {
   public typedrouter = new plugins.typedrequest.TypedRouter();
   
   // JWT instance
-  public smartjwtInstance: plugins.smartjwt.SmartJwt<IJwtData>;
+  public smartjwtInstance!: plugins.smartjwt.SmartJwt<IJwtData>;
   
   // Simple in-memory user storage (in production, use proper database)
   private users = new Map<string, {

package/ts/opsserver/handlers/certificate.handler.ts

@@ -311,8 +311,8 @@ export class CertificateHandler {
         }
       }
       return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
-    } catch (err) {
-      return { success: false, message: err.message || 'Failed to reprovision certificate' };
+    } catch (err: unknown) {
+      return { success: false, message: (err as Error).message || 'Failed to reprovision certificate' };
     }
   }
 
@@ -340,8 +340,8 @@ export class CertificateHandler {
       try {
         await dcRouter.smartAcme.getCertificateForDomain(domain);
         return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}'` };
-      } catch (err) {
-        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      } catch (err: unknown) {
+        return { success: false, message: (err as Error).message || `Failed to reprovision certificate for ${domain}` };
       }
     }
 
@@ -351,8 +351,8 @@ export class CertificateHandler {
       try {
         await smartProxy.provisionCertificate(routeNames[0]);
         return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}' via route '${routeNames[0]}'` };
-      } catch (err) {
-        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      } catch (err: unknown) {
+        return { success: false, message: (err as Error).message || `Failed to reprovision certificate for ${domain}` };
       }
     }
 

package/ts/opsserver/handlers/radius.handler.ts

@@ -52,8 +52,8 @@ export class RadiusHandler {
           try {
             await radiusServer.addClient(dataArg.client);
             return { success: true };
-          } catch (error) {
-            return { success: false, message: error.message };
+          } catch (error: unknown) {
+            return { success: false, message: (error as Error).message };
           }
         }
       )
@@ -144,8 +144,8 @@ export class RadiusHandler {
                 updatedAt: mapping.updatedAt,
               },
             };
-          } catch (error) {
-            return { success: false, message: error.message };
+          } catch (error: unknown) {
+            return { success: false, message: (error as Error).message };
           }
         }
       )

package/ts/opsserver/handlers/stats.handler.ts

@@ -279,7 +279,7 @@ export class StatsHandler {
           if (sections.network && this.opsServerRef.dcRouterRef.metricsManager) {
             promises.push(
               (async () => {
-                const stats = await this.opsServerRef.dcRouterRef.metricsManager.getNetworkStats();
+                const stats = await this.opsServerRef.dcRouterRef.metricsManager!.getNetworkStats();
                 const serverStats = await this.collectServerStats();
 
                 // Build per-IP bandwidth lookup from throughputByIP

package/ts/radius/classes.accounting.manager.ts

@@ -518,8 +518,8 @@ export class AccountingManager {
       if (deletedCount > 0) {
         logger.log('info', `Cleaned up ${deletedCount} old accounting sessions`);
       }
-    } catch (error) {
-      logger.log('error', `Failed to cleanup old sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to cleanup old sessions: ${(error as Error).message}`);
     }
 
     return deletedCount;
@@ -582,8 +582,8 @@ export class AccountingManager {
           // Ignore individual errors
         }
       }
-    } catch (error) {
-      logger.log('warn', `Failed to load active sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to load active sessions: ${(error as Error).message}`);
     }
   }
 
@@ -598,8 +598,8 @@ export class AccountingManager {
     const key = `${this.config.storagePrefix}/active/${session.sessionId}.json`;
     try {
       await this.storageManager.setJSON(key, session);
-    } catch (error) {
-      logger.log('error', `Failed to persist session ${session.sessionId}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to persist session ${session.sessionId}: ${(error as Error).message}`);
     }
   }
 
@@ -620,8 +620,8 @@ export class AccountingManager {
       const date = new Date(session.endTime);
       const archiveKey = `${this.config.storagePrefix}/archive/${date.getFullYear()}/${String(date.getMonth() + 1).padStart(2, '0')}/${String(date.getDate()).padStart(2, '0')}/${session.sessionId}.json`;
       await this.storageManager.setJSON(archiveKey, session);
-    } catch (error) {
-      logger.log('error', `Failed to archive session ${session.sessionId}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to archive session ${session.sessionId}: ${(error as Error).message}`);
     }
   }
 
@@ -653,8 +653,8 @@ export class AccountingManager {
           // Ignore individual errors
         }
       }
-    } catch (error) {
-      logger.log('warn', `Failed to get archived sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to get archived sessions: ${(error as Error).message}`);
     }
 
     return sessions;

package/ts/radius/classes.radius.server.ts

@@ -310,8 +310,8 @@ export class RadiusServer {
         default:
           logger.log('debug', `RADIUS Acct Unknown status type: ${statusType}`);
       }
-    } catch (error) {
-      logger.log('error', `RADIUS accounting error: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `RADIUS accounting error: ${(error as Error).message}`);
     }
 
     return { code: plugins.smartradius.ERadiusCode.AccountingResponse };

package/ts/radius/classes.vlan.manager.ts

@@ -104,7 +104,7 @@ export class VlanManager {
     if (this.normalizedMacCache.size > 10000) {
       const iterator = this.normalizedMacCache.keys();
       for (let i = 0; i < 1000; i++) {
-        this.normalizedMacCache.delete(iterator.next().value);
+        this.normalizedMacCache.delete(iterator.next().value!);
       }
     }
 
@@ -348,8 +348,8 @@ export class VlanManager {
         }
         logger.log('info', `Loaded ${data.length} VLAN mappings from storage`);
       }
-    } catch (error) {
-      logger.log('warn', `Failed to load VLAN mappings from storage: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to load VLAN mappings from storage: ${(error as Error).message}`);
     }
   }
 
@@ -364,8 +364,8 @@ export class VlanManager {
     try {
       const mappings = Array.from(this.mappings.values());
       await this.storageManager.setJSON(this.config.storagePrefix, mappings);
-    } catch (error) {
-      logger.log('error', `Failed to save VLAN mappings to storage: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to save VLAN mappings to storage: ${(error as Error).message}`);
     }
   }
 }

package/ts/readme.md

@@ -136,7 +136,7 @@ Manages the Rust-based RemoteIngressHub lifecycle. Syncs allowed edges, tracks c
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

package/ts/security/classes.contentscanner.ts

@@ -60,7 +60,7 @@ export enum ThreatCategory {
  * Content Scanner for detecting malicious email content
  */
 export class ContentScanner {
-  private static instance: ContentScanner;
+  private static instance: ContentScanner | undefined;
   private scanCache: LRUCache<string, IScanResult>;
   private options: Required<IContentScannerOptions>;
   
@@ -258,12 +258,12 @@ export class ContentScanner {
       }
       
       return result;
-    } catch (error) {
-      logger.log('error', `Error scanning email: ${error.message}`, {
+    } catch (error: unknown) {
+      logger.log('error', `Error scanning email: ${(error as Error).message}`, {
         messageId: email.getMessageId(),
-        error: error.stack
+        error: (error as Error).stack
       });
-      
+
       // Return a safe default with error indication
       return {
         isClean: true, // Let it pass if scanner fails (configure as desired)
@@ -271,7 +271,7 @@ export class ContentScanner {
         scannedElements: ['error'],
         timestamp: Date.now(),
         threatType: 'scan_error',
-        threatDetails: `Scan error: ${error.message}`
+        threatDetails: `Scan error: ${(error as Error).message}`
       };
     }
   }
@@ -625,8 +625,8 @@ export class ContentScanner {
       return sample.toString('utf8')
         .replace(/[\x00-\x09\x0B-\x1F\x7F-\x9F]/g, '') // Remove control chars
         .replace(/\uFFFD/g, ''); // Remove replacement char
-    } catch (error) {
-      logger.log('warn', `Error extracting text from buffer: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Error extracting text from buffer: ${(error as Error).message}`);
       return '';
     }
   }
@@ -699,10 +699,10 @@ export class ContentScanner {
         subject: email.subject
       },
       success: false,
-      domain: email.getFromDomain()
+      domain: email.getFromDomain() ?? undefined
     });
   }
-  
+
   /**
    * Log a threat finding to the security logger
    * @param email The email containing the threat
@@ -722,10 +722,10 @@ export class ContentScanner {
         subject: email.subject
       },
       success: false,
-      domain: email.getFromDomain()
+      domain: email.getFromDomain() ?? undefined
     });
   }
-  
+
   /**
    * Get threat level description based on score
    * @param score Threat score