@serve.zone/dcrouter 11.23.5 → 12.1.0

package/dist_ts/00_commitinfo_data.js

@@ -3,7 +3,7 @@
  */
 export const commitinfo = {
     name: '@serve.zone/dcrouter',
-    version: '11.23.5',
+    version: '12.1.0',
     description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSxzQkFBc0I7SUFDNUIsT0FBTyxFQUFFLFNBQVM7SUFDbEIsV0FBVyxFQUFFLDBFQUEwRTtDQUN4RixDQUFBIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSxzQkFBc0I7SUFDNUIsT0FBTyxFQUFFLFFBQVE7SUFDakIsV0FBVyxFQUFFLDBFQUEwRTtDQUN4RixDQUFBIn0=

package/dist_ts/classes.cert-provision-scheduler.d.ts

@@ -1,28 +1,26 @@
-import type { StorageManager } from './storage/index.js';
 /**
  * Manages certificate provisioning scheduling with:
- * - Per-domain exponential backoff persisted in StorageManager
+ * - Per-domain exponential backoff persisted via CertBackoffDoc
  *
  * Note: Serial stagger queue was removed — smartacme v9 handles
  * concurrency, per-domain dedup, and rate limiting internally.
  */
 export declare class CertProvisionScheduler {
-    private storageManager;
     private maxBackoffHours;
     private backoffCache;
-    constructor(storageManager: StorageManager, options?: {
+    constructor(options?: {
         maxBackoffHours?: number;
     });
     /**
-     * Storage key for a domain's backoff entry
+     * Sanitized domain key for storage lookups
      */
-    private backoffKey;
+    private sanitizeDomain;
     /**
-     * Load backoff entry from storage (with in-memory cache)
+     * Load backoff entry from database (with in-memory cache)
      */
     private loadBackoff;
     /**
-     * Save backoff entry to both cache and storage
+     * Save backoff entry to both cache and database
      */
     private saveBackoff;
     /**

package/dist_ts/classes.cert-provision-scheduler.js

@@ -1,46 +1,62 @@
 import { logger } from './logger.js';
+import { CertBackoffDoc } from './db/index.js';
 /**
  * Manages certificate provisioning scheduling with:
- * - Per-domain exponential backoff persisted in StorageManager
+ * - Per-domain exponential backoff persisted via CertBackoffDoc
  *
  * Note: Serial stagger queue was removed — smartacme v9 handles
  * concurrency, per-domain dedup, and rate limiting internally.
  */
 export class CertProvisionScheduler {
-    storageManager;
     maxBackoffHours;
     // In-memory backoff cache (mirrors storage for fast lookups)
     backoffCache = new Map();
-    constructor(storageManager, options) {
-        this.storageManager = storageManager;
+    constructor(options) {
         this.maxBackoffHours = options?.maxBackoffHours ?? 24;
     }
     /**
-     * Storage key for a domain's backoff entry
+     * Sanitized domain key for storage lookups
      */
-    backoffKey(domain) {
-        const clean = domain.replace(/\*/g, '_wildcard_').replace(/[^a-zA-Z0-9._-]/g, '_');
-        return `/cert-backoff/${clean}`;
+    sanitizeDomain(domain) {
+        return domain.replace(/\*/g, '_wildcard_').replace(/[^a-zA-Z0-9._-]/g, '_');
     }
     /**
-     * Load backoff entry from storage (with in-memory cache)
+     * Load backoff entry from database (with in-memory cache)
      */
     async loadBackoff(domain) {
         const cached = this.backoffCache.get(domain);
         if (cached)
             return cached;
-        const entry = await this.storageManager.getJSON(this.backoffKey(domain));
-        if (entry) {
+        const sanitized = this.sanitizeDomain(domain);
+        const doc = await CertBackoffDoc.findByDomain(sanitized);
+        if (doc) {
+            const entry = {
+                failures: doc.failures,
+                lastFailure: doc.lastFailure,
+                retryAfter: doc.retryAfter,
+                lastError: doc.lastError,
+            };
             this.backoffCache.set(domain, entry);
+            return entry;
         }
-        return entry;
+        return null;
     }
     /**
-     * Save backoff entry to both cache and storage
+     * Save backoff entry to both cache and database
      */
     async saveBackoff(domain, entry) {
         this.backoffCache.set(domain, entry);
-        await this.storageManager.setJSON(this.backoffKey(domain), entry);
+        const sanitized = this.sanitizeDomain(domain);
+        let doc = await CertBackoffDoc.findByDomain(sanitized);
+        if (!doc) {
+            doc = new CertBackoffDoc();
+            doc.domain = sanitized;
+        }
+        doc.failures = entry.failures;
+        doc.lastFailure = entry.lastFailure;
+        doc.retryAfter = entry.retryAfter;
+        doc.lastError = entry.lastError || '';
+        await doc.save();
     }
     /**
      * Check if a domain is currently in backoff.
@@ -83,10 +99,14 @@ export class CertProvisionScheduler {
     async clearBackoff(domain) {
         this.backoffCache.delete(domain);
         try {
-            await this.storageManager.delete(this.backoffKey(domain));
+            const sanitized = this.sanitizeDomain(domain);
+            const doc = await CertBackoffDoc.findByDomain(sanitized);
+            if (doc) {
+                await doc.delete();
+            }
         }
         catch {
-            // Ignore delete errors (key may not exist)
+            // Ignore delete errors (doc may not exist)
         }
     }
     /**
@@ -115,4 +135,4 @@ export class CertProvisionScheduler {
         };
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5jZXJ0LXByb3Zpc2lvbi1zY2hlZHVsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9jbGFzc2VzLmNlcnQtcHJvdmlzaW9uLXNjaGVkdWxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBVXJDOzs7Ozs7R0FNRztBQUNILE1BQU0sT0FBTyxzQkFBc0I7SUFDekIsY0FBYyxDQUFpQjtJQUMvQixlQUFlLENBQVM7SUFFaEMsNkRBQTZEO0lBQ3JELFlBQVksR0FBRyxJQUFJLEdBQUcsRUFBeUIsQ0FBQztJQUV4RCxZQUNFLGNBQThCLEVBQzlCLE9BQXNDO1FBRXRDLElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxDQUFDO1FBQ3JDLElBQUksQ0FBQyxlQUFlLEdBQUcsT0FBTyxFQUFFLGVBQWUsSUFBSSxFQUFFLENBQUM7SUFDeEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ssVUFBVSxDQUFDLE1BQWM7UUFDL0IsTUFBTSxLQUFLLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsWUFBWSxDQUFDLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQ25GLE9BQU8saUJBQWlCLEtBQUssRUFBRSxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7T0FFRztJQUNLLEtBQUssQ0FBQyxXQUFXLENBQUMsTUFBYztRQUN0QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM3QyxJQUFJLE1BQU07WUFBRSxPQUFPLE1BQU0sQ0FBQztRQUUxQixNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFnQixJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDeEYsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN2QyxDQUFDO1FBQ0QsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQ7O09BRUc7SUFDSyxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQWMsRUFBRSxLQUFvQjtRQUM1RCxJQUFJLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDckMsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3BFLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQWM7UUFDOUIsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdDLElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFekIsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELDhDQUE4QztRQUM5QyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqQyxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQWMsRUFBRSxLQUFjO1FBQ2hELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoRCxNQUFNLFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxRQUFRLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRS9DLGdEQUFnRDtRQUNoRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxRQUFRLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3pFLE1BQU0sVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxZQUFZLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUV4RSxNQUFNLEtBQUssR0FBa0I7WUFDM0IsUUFBUTtZQUNSLFdBQVcsRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRTtZQUNyQyxVQUFVLEVBQUUsVUFBVSxDQUFDLFdBQVcsRUFBRTtZQUNwQyxTQUFTLEVBQUUsS0FBSztTQUNqQixDQUFDO1FBRUYsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN0QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsTUFBTSxLQUFLLFFBQVEsMEJBQTBCLFVBQVUsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbEgsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUFjO1FBQy9CLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzVELENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCwyQ0FBMkM7UUFDN0MsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUs7UUFDVixJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzVCLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxjQUFjLENBQUMsTUFBYztRQUtqQyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsSUFBSSxDQUFDLEtBQUs7WUFBRSxPQUFPLElBQUksQ0FBQztRQUV4QiwwREFBMEQ7UUFDMUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3ZDLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELE9BQU87WUFDTCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO1lBQzVCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztTQUMzQixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5jZXJ0LXByb3Zpc2lvbi1zY2hlZHVsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9jbGFzc2VzLmNlcnQtcHJvdmlzaW9uLXNjaGVkdWxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFTL0M7Ozs7OztHQU1HO0FBQ0gsTUFBTSxPQUFPLHNCQUFzQjtJQUN6QixlQUFlLENBQVM7SUFFaEMsNkRBQTZEO0lBQ3JELFlBQVksR0FBRyxJQUFJLEdBQUcsRUFBeUIsQ0FBQztJQUV4RCxZQUNFLE9BQXNDO1FBRXRDLElBQUksQ0FBQyxlQUFlLEdBQUcsT0FBTyxFQUFFLGVBQWUsSUFBSSxFQUFFLENBQUM7SUFDeEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ssY0FBYyxDQUFDLE1BQWM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFjO1FBQ3RDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdDLElBQUksTUFBTTtZQUFFLE9BQU8sTUFBTSxDQUFDO1FBRTFCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3pELElBQUksR0FBRyxFQUFFLENBQUM7WUFDUixNQUFNLEtBQUssR0FBa0I7Z0JBQzNCLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtnQkFDdEIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO2dCQUM1QixVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVU7Z0JBQzFCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUzthQUN6QixDQUFDO1lBQ0YsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3JDLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFjLEVBQUUsS0FBb0I7UUFDNUQsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDOUMsSUFBSSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3ZELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULEdBQUcsR0FBRyxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQzNCLEdBQUcsQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1FBQ3pCLENBQUM7UUFDRCxHQUFHLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUM7UUFDOUIsR0FBRyxDQUFDLFdBQVcsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ3BDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQztRQUNsQyxHQUFHLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxTQUFTLElBQUksRUFBRSxDQUFDO1FBQ3RDLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQWM7UUFDOUIsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdDLElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFekIsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELDhDQUE4QztRQUM5QyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqQyxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQWMsRUFBRSxLQUFjO1FBQ2hELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoRCxNQUFNLFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxRQUFRLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRS9DLGdEQUFnRDtRQUNoRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxRQUFRLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3pFLE1BQU0sVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxZQUFZLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUV4RSxNQUFNLEtBQUssR0FBa0I7WUFDM0IsUUFBUTtZQUNSLFdBQVcsRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRTtZQUNyQyxVQUFVLEVBQUUsVUFBVSxDQUFDLFdBQVcsRUFBRTtZQUNwQyxTQUFTLEVBQUUsS0FBSztTQUNqQixDQUFDO1FBRUYsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN0QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsTUFBTSxLQUFLLFFBQVEsMEJBQTBCLFVBQVUsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbEgsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUFjO1FBQy9CLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQztZQUNILE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3pELElBQUksR0FBRyxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDckIsQ0FBQztRQUNILENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCwyQ0FBMkM7UUFDN0MsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUs7UUFDVixJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzVCLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxjQUFjLENBQUMsTUFBYztRQUtqQyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsSUFBSSxDQUFDLEtBQUs7WUFBRSxPQUFPLElBQUksQ0FBQztRQUV4QiwwREFBMEQ7UUFDMUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3ZDLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELE9BQU87WUFDTCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO1lBQzVCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztTQUMzQixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=

package/dist_ts/classes.dcrouter.d.ts

@@ -1,9 +1,8 @@
 import * as plugins from './plugins.js';
 import * as paths from './paths.js';
 import { UnifiedEmailServer, type IUnifiedEmailServerOptions, type IEmailRoute } from '@push.rocks/smartmta';
-import { StorageManager, type IStorageConfig } from './storage/index.js';
 import { CertProvisionScheduler } from './classes.cert-provision-scheduler.js';
-import { CacheDb, CacheCleaner } from './cache/index.js';
+import { DcRouterDb, CacheCleaner } from './db/index.js';
 import { OpsServer } from './opsserver/index.js';
 import { MetricsManager } from './monitoring/index.js';
 import { RadiusServer, type IRadiusServerConfig } from './radius/index.js';
@@ -94,36 +93,23 @@ export interface IDcRouterOptions {
         /** Cloudflare API key for DNS challenges */
         cloudflareApiKey?: string;
     };
-    /** Storage configuration */
-    storage?: IStorageConfig;
     /**
-     * Cache database configuration using smartdata and LocalTsmDb
-     * Provides persistent caching for emails, IP reputation, bounces, etc.
+     * Unified database configuration.
+     * All persistent data (config, certs, VPN, cache, etc.) is stored via smartdata.
+     * If mongoDbUrl is provided, connects to external MongoDB.
+     * Otherwise, starts an embedded LocalSmartDb automatically.
      */
-    cacheConfig?: {
-        /** Enable cache database (default: true) */
+    dbConfig?: {
+        /** Enable database (default: true). Set to false in tests to skip DB startup. */
         enabled?: boolean;
-        /** Storage path for TsmDB data (default: ~/.serve.zone/dcrouter/tsmdb) */
+        /** External MongoDB connection URL. If absent, uses embedded LocalSmartDb. */
+        mongoDbUrl?: string;
+        /** Storage path for embedded database data (default: ~/.serve.zone/dcrouter/tsmdb) */
         storagePath?: string;
         /** Database name (default: dcrouter) */
         dbName?: string;
-        /** Default TTL in days for cached items (default: 30) */
-        defaultTTLDays?: number;
-        /** Cleanup interval in hours (default: 1) */
+        /** Cache cleanup interval in hours (default: 1) */
         cleanupIntervalHours?: number;
-        /** TTL configuration per data type (in days) */
-        ttlConfig?: {
-            /** Email cache TTL (default: 30 days) */
-            emails?: number;
-            /** IP reputation cache TTL (default: 1 day) */
-            ipReputation?: number;
-            /** Bounce records TTL (default: 30 days) */
-            bounces?: number;
-            /** DKIM keys TTL (default: 90 days) */
-            dkimKeys?: number;
-            /** Suppression list TTL (default: 30 days, can be permanent) */
-            suppression?: number;
-        };
     };
     /**
      * RADIUS server configuration for network authentication
@@ -187,6 +173,17 @@ export interface IDcRouterOptions {
             allowList?: string[];
             blockList?: string[];
         };
+        /** Forwarding mode: 'socket' (default, userspace NAT), 'bridge' (L2 bridge to host LAN),
+         *  or 'hybrid' (socket default, bridge for clients with useHostIp=true) */
+        forwardingMode?: 'socket' | 'bridge' | 'hybrid';
+        /** LAN subnet CIDR for bridge mode (e.g., '192.168.1.0/24') */
+        bridgeLanSubnet?: string;
+        /** Physical network interface for bridge mode (auto-detected if omitted) */
+        bridgePhysicalInterface?: string;
+        /** Start of VPN client IP range in LAN subnet (host offset, default: 200) */
+        bridgeIpRangeStart?: number;
+        /** End of VPN client IP range in LAN subnet (host offset, default: 250) */
+        bridgeIpRangeEnd?: number;
     };
 }
 /**
@@ -210,10 +207,10 @@ export declare class DcRouter {
     dnsServer?: plugins.smartdns.dnsServerMod.DnsServer;
     emailServer?: UnifiedEmailServer;
     radiusServer?: RadiusServer;
-    storageManager: StorageManager;
     opsServer: OpsServer;
     metricsManager?: MetricsManager;
-    cacheDb?: CacheDb;
+    storageManager: any;
+    dcRouterDb?: DcRouterDb;
     cacheCleaner?: CacheCleaner;
     remoteIngressManager?: RemoteIngressManager;
     tunnelManager?: TunnelManager;
@@ -257,9 +254,9 @@ export declare class DcRouter {
      */
     private logStartupSummary;
     /**
-     * Set up the cache database (smartdata + LocalTsmDb)
+     * Set up the unified database (smartdata + LocalSmartDb or external MongoDB)
      */
-    private setupCacheDb;
+    private setupDcRouterDb;
     /**
      * Set up SmartProxy with direct configuration and automatic email routes
      */