@serve.zone/dcrouter 13.0.11 → 13.1.1

package/ts/opsserver/handlers/certificate.handler.ts

@@ -295,7 +295,12 @@ export class CertificateHandler {
   }
 
   /**
-   * Legacy route-based reprovisioning
+   * Legacy route-based reprovisioning. Kept for backward compatibility with
+   * older clients that send `reprovisionCertificate` typed-requests.
+   *
+   * Like reprovisionCertificateDomain, this triggers the full route apply
+   * pipeline rather than smartProxy.provisionCertificate(routeName) — which
+   * is a no-op when certProvisionFunction is set (Rust ACME disabled).
    */
   private async reprovisionCertificateByRoute(routeName: string): Promise<{ success: boolean; message?: string }> {
     const dcRouter = this.opsServerRef.dcRouterRef;
@@ -305,13 +310,19 @@ export class CertificateHandler {
       return { success: false, message: 'SmartProxy is not running' };
     }
 
+    // Clear event-based status for domains in this route so the
+    // certificate-issued event can refresh them
+    for (const [domain, entry] of dcRouter.certificateStatusMap) {
+      if (entry.routeNames.includes(routeName)) {
+        dcRouter.certificateStatusMap.delete(domain);
+      }
+    }
+
     try {
-      await smartProxy.provisionCertificate(routeName);
-      // Clear event-based status for domains in this route
-      for (const [domain, entry] of dcRouter.certificateStatusMap) {
-        if (entry.routeNames.includes(routeName)) {
-          dcRouter.certificateStatusMap.delete(domain);
-        }
+      if (dcRouter.routeConfigManager) {
+        await dcRouter.routeConfigManager.applyRoutes();
+      } else {
+        await smartProxy.updateRoutes(smartProxy.routeManager.getRoutes());
       }
       return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
     } catch (err: unknown) {
@@ -320,7 +331,16 @@ export class CertificateHandler {
   }
 
   /**
-   * Domain-based reprovisioning — clears backoff first, then triggers provision
+   * Domain-based reprovisioning — clears backoff first, refreshes the smartacme
+   * cert (when forceRenew is set), then re-applies routes so the running Rust
+   * proxy actually picks up the new cert.
+   *
+   * Why applyRoutes (not smartProxy.provisionCertificate)?
+   *   smartProxy.provisionCertificate(routeName) routes through the Rust ACME
+   *   path, which is forcibly disabled whenever certProvisionFunction is set
+   *   (smart-proxy.ts:168-171). The only path that re-invokes
+   *   certProvisionFunction → bridge.loadCertificate is updateRoutes(), which
+   *   we trigger via routeConfigManager.applyRoutes().
    */
   private async reprovisionCertificateDomain(domain: string, forceRenew?: boolean): Promise<{ success: boolean; message?: string }> {
     const dcRouter = this.opsServerRef.dcRouterRef;
@@ -335,28 +355,37 @@ export class CertificateHandler {
       await dcRouter.certProvisionScheduler.clearBackoff(domain);
     }
 
-    // Find routes matching this domain — needed to provision through SmartProxy
+    // Find routes matching this domain — fail early if none exist
     const routeNames = dcRouter.findRouteNamesForDomain(domain);
     if (routeNames.length === 0) {
       return { success: false, message: `No routes found for domain '${domain}'` };
     }
 
-    // If forceRenew, invalidate SmartAcme's cache so the next provision gets a fresh cert
+    // If forceRenew, order a fresh cert from ACME now so it's already in
+    // AcmeCertDoc by the time certProvisionFunction is invoked below.
     if (forceRenew && dcRouter.smartAcme) {
       try {
         await dcRouter.smartAcme.getCertificateForDomain(domain, { forceRenew: true });
-      } catch {
-        // Cache invalidation failed — proceed with provisioning anyway
+      } catch (err: unknown) {
+        return { success: false, message: `Failed to renew certificate for ${domain}: ${(err as Error).message}` };
       }
     }
 
     // Clear status map entry so it gets refreshed by the certificate-issued event
     dcRouter.certificateStatusMap.delete(domain);
 
-    // Provision through SmartProxy — this triggers the full pipeline:
-    // certProvisionFunction → bridge.loadCertificate → certificate-issued event → status map updated
+    // Trigger the full route apply pipeline:
+    //   applyRoutes → updateRoutes → provisionCertificatesViaCallback →
+    //   certProvisionFunction(domain) → smartAcme.getCertificateForDomain →
+    //   bridge.loadCertificate → Rust hot-swaps `loaded_certs` →
+    //   certificate-issued event → certificateStatusMap updated
     try {
-      await smartProxy.provisionCertificate(routeNames[0]);
+      if (dcRouter.routeConfigManager) {
+        await dcRouter.routeConfigManager.applyRoutes();
+      } else {
+        // Fallback when DB is disabled and there is no RouteConfigManager
+        await smartProxy.updateRoutes(smartProxy.routeManager.getRoutes());
+      }
       return { success: true, message: forceRenew ? `Certificate force-renewed for domain '${domain}'` : `Certificate reprovisioning triggered for domain '${domain}'` };
     } catch (err: unknown) {
       return { success: false, message: (err as Error).message || `Failed to reprovision certificate for ${domain}` };

package/ts/opsserver/handlers/vpn.handler.ts

@@ -31,7 +31,6 @@ export class VpnHandler {
             createdAt: c.createdAt,
             updatedAt: c.updatedAt,
             expiresAt: c.expiresAt,
-            forceDestinationSmartproxy: c.forceDestinationSmartproxy ?? true,
             destinationAllowList: c.destinationAllowList,
             destinationBlockList: c.destinationBlockList,
             useHostIp: c.useHostIp,
@@ -122,7 +121,6 @@ export class VpnHandler {
               clientId: dataArg.clientId,
               targetProfileIds: dataArg.targetProfileIds,
               description: dataArg.description,
-              forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
               destinationAllowList: dataArg.destinationAllowList,
               destinationBlockList: dataArg.destinationBlockList,
               useHostIp: dataArg.useHostIp,
@@ -148,7 +146,6 @@ export class VpnHandler {
                 createdAt: Date.now(),
                 updatedAt: Date.now(),
                 expiresAt: bundle.entry.expiresAt,
-                forceDestinationSmartproxy: persistedClient?.forceDestinationSmartproxy ?? true,
                 destinationAllowList: persistedClient?.destinationAllowList,
                 destinationBlockList: persistedClient?.destinationBlockList,
                 useHostIp: persistedClient?.useHostIp,
@@ -180,7 +177,6 @@ export class VpnHandler {
             await manager.updateClient(dataArg.clientId, {
               description: dataArg.description,
               targetProfileIds: dataArg.targetProfileIds,
-              forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
               destinationAllowList: dataArg.destinationAllowList,
               destinationBlockList: dataArg.destinationBlockList,
               useHostIp: dataArg.useHostIp,

package/ts/tspublish.json

@@ -1,3 +1,3 @@
 {
-  "order": 2
+  "order": 3
 }

package/ts/vpn/classes.vpn-manager.ts

@@ -201,7 +201,6 @@ export class VpnManager {
     clientId: string;
     targetProfileIds?: string[];
     description?: string;
-    forceDestinationSmartproxy?: boolean;
     destinationAllowList?: string[];
     destinationBlockList?: string[];
     useHostIp?: boolean;
@@ -242,9 +241,6 @@ export class VpnManager {
     doc.createdAt = Date.now();
     doc.updatedAt = Date.now();
     doc.expiresAt = bundle.entry.expiresAt;
-    if (opts.forceDestinationSmartproxy !== undefined) {
-      doc.forceDestinationSmartproxy = opts.forceDestinationSmartproxy;
-    }
     if (opts.destinationAllowList !== undefined) {
       doc.destinationAllowList = opts.destinationAllowList;
     }
@@ -349,7 +345,6 @@ export class VpnManager {
   public async updateClient(clientId: string, update: {
     description?: string;
     targetProfileIds?: string[];
-    forceDestinationSmartproxy?: boolean;
     destinationAllowList?: string[];
     destinationBlockList?: string[];
     useHostIp?: boolean;
@@ -362,7 +357,6 @@ export class VpnManager {
     if (!client) throw new Error(`Client not found: ${clientId}`);
     if (update.description !== undefined) client.description = update.description;
     if (update.targetProfileIds !== undefined) client.targetProfileIds = update.targetProfileIds;
-    if (update.forceDestinationSmartproxy !== undefined) client.forceDestinationSmartproxy = update.forceDestinationSmartproxy;
     if (update.destinationAllowList !== undefined) client.destinationAllowList = update.destinationAllowList;
     if (update.destinationBlockList !== undefined) client.destinationBlockList = update.destinationBlockList;
     if (update.useHostIp !== undefined) client.useHostIp = update.useHostIp;
@@ -484,12 +478,11 @@ export class VpnManager {
 
   /**
    * Build per-client security settings for the smartvpn daemon.
-   * Maps dcrouter-level fields (forceDestinationSmartproxy, allow/block lists)
-   * to smartvpn's IClientSecurity with a destinationPolicy.
+   * All VPN traffic is forced through SmartProxy (forceTarget to 127.0.0.1).
+   * TargetProfile direct IP:port targets bypass SmartProxy via allowList.
    */
   private buildClientSecurity(client: VpnClientDoc): plugins.smartvpn.IClientSecurity {
     const security: plugins.smartvpn.IClientSecurity = {};
-    const forceSmartproxy = client.forceDestinationSmartproxy ?? true;
 
     // Collect direct targets from assigned TargetProfiles (bypass forceTarget for these IPs)
     const profileDirectTargets = this.config.getClientDirectTargets?.(client.targetProfileIds || []) || [];
@@ -500,23 +493,12 @@ export class VpnManager {
       ...profileDirectTargets,
     ];
 
-    if (!forceSmartproxy) {
-      // Client traffic goes directly — not forced to SmartProxy
-      security.destinationPolicy = {
-        default: 'allow' as const,
-        blockList: client.destinationBlockList,
-      };
-    } else if (mergedAllowList.length || client.destinationBlockList?.length) {
-      // Client is forced to SmartProxy, but with allow/block overrides
-      // (includes TargetProfile direct targets that bypass SmartProxy)
-      security.destinationPolicy = {
-        default: 'forceTarget' as const,
-        target: '127.0.0.1',
-        allowList: mergedAllowList.length ? mergedAllowList : undefined,
-        blockList: client.destinationBlockList,
-      };
-    }
-    // else: no per-client policy, server-wide applies
+    security.destinationPolicy = {
+      default: 'forceTarget' as const,
+      target: '127.0.0.1',
+      allowList: mergedAllowList.length ? mergedAllowList : undefined,
+      blockList: client.destinationBlockList,
+    };
 
     return security;
   }

package/ts_apiclient/tspublish.json

@@ -1,3 +1,3 @@
 {
-  "order": 4
+  "order": 5
 }

package/ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '13.0.11',
+  version: '13.1.1',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

package/ts_web/appstate.ts

@@ -1015,7 +1015,7 @@ export const createVpnClientAction = vpnStatePart.createAction<{
   clientId: string;
   targetProfileIds?: string[];
   description?: string;
-  forceDestinationSmartproxy?: boolean;
+
   destinationAllowList?: string[];
   destinationBlockList?: string[];
   useHostIp?: boolean;
@@ -1037,7 +1037,7 @@ export const createVpnClientAction = vpnStatePart.createAction<{
       clientId: dataArg.clientId,
       targetProfileIds: dataArg.targetProfileIds,
       description: dataArg.description,
-      forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
+
       destinationAllowList: dataArg.destinationAllowList,
       destinationBlockList: dataArg.destinationBlockList,
       useHostIp: dataArg.useHostIp,
@@ -1113,7 +1113,7 @@ export const updateVpnClientAction = vpnStatePart.createAction<{
   clientId: string;
   description?: string;
   targetProfileIds?: string[];
-  forceDestinationSmartproxy?: boolean;
+
   destinationAllowList?: string[];
   destinationBlockList?: string[];
   useHostIp?: boolean;
@@ -1135,7 +1135,7 @@ export const updateVpnClientAction = vpnStatePart.createAction<{
       clientId: dataArg.clientId,
       description: dataArg.description,
       targetProfileIds: dataArg.targetProfileIds,
-      forceDestinationSmartproxy: dataArg.forceDestinationSmartproxy,
+
       destinationAllowList: dataArg.destinationAllowList,
       destinationBlockList: dataArg.destinationBlockList,
       useHostIp: dataArg.useHostIp,
@@ -1223,7 +1223,7 @@ export const createTargetProfileAction = targetProfilesStatePart.createAction<{
   name: string;
   description?: string;
   domains?: string[];
-  targets?: Array<{ host: string; port: number }>;
+  targets?: Array<{ ip: string; port: number }>;
   routeRefs?: string[];
 }>(async (statePartArg, dataArg, actionContext): Promise<ITargetProfilesState> => {
   const context = getActionContext();
@@ -1259,7 +1259,7 @@ export const updateTargetProfileAction = targetProfilesStatePart.createAction<{
   name?: string;
   description?: string;
   domains?: string[];
-  targets?: Array<{ host: string; port: number }>;
+  targets?: Array<{ ip: string; port: number }>;
   routeRefs?: string[];
 }>(async (statePartArg, dataArg, actionContext): Promise<ITargetProfilesState> => {
   const context = getActionContext();

package/ts_web/elements/ops-view-security.ts

@@ -30,6 +30,20 @@ export class OpsViewSecurity extends DeesElement {
   @state()
   accessor selectedTab: 'overview' | 'blocked' | 'authentication' | 'email-security' = 'overview';
 
+  private tabLabelMap: Record<string, string> = {
+    'overview': 'Overview',
+    'blocked': 'Blocked IPs',
+    'authentication': 'Authentication',
+    'email-security': 'Email Security',
+  };
+
+  private labelToTab: Record<string, 'overview' | 'blocked' | 'authentication' | 'email-security'> = {
+    'Overview': 'overview',
+    'Blocked IPs': 'blocked',
+    'Authentication': 'authentication',
+    'Email Security': 'email-security',
+  };
+
   constructor() {
     super();
     const subscription = appstate.statsStatePart
@@ -40,35 +54,23 @@ export class OpsViewSecurity extends DeesElement {
     this.rxSubscriptions.push(subscription);
   }
 
+  async firstUpdated() {
+    const toggle = this.shadowRoot!.querySelector('dees-input-multitoggle') as any;
+    if (toggle) {
+      const sub = toggle.changeSubject.subscribe(() => {
+        const tab = this.labelToTab[toggle.selectedOption];
+        if (tab) this.selectedTab = tab;
+      });
+      this.rxSubscriptions.push(sub);
+    }
+  }
+
   public static styles = [
     cssManager.defaultStyles,
     shared.viewHostCss,
     css`
-      .tabs {
-        display: flex;
-        gap: 8px;
+      dees-input-multitoggle {
         margin-bottom: 24px;
-        border-bottom: 2px solid ${cssManager.bdTheme('#e9ecef', '#333')};
-      }
-
-      .tab {
-        padding: 12px 24px;
-        background: none;
-        border: none;
-        border-bottom: 2px solid transparent;
-        cursor: pointer;
-        font-size: 16px;
-        color: ${cssManager.bdTheme('#666', '#999')};
-        transition: all 0.2s ease;
-      }
-
-      .tab:hover {
-        color: ${cssManager.bdTheme('#333', '#ccc')};
-      }
-
-      .tab.active {
-        color: ${cssManager.bdTheme('#2196F3', '#4a90e2')};
-        border-bottom-color: ${cssManager.bdTheme('#2196F3', '#4a90e2')};
       }
 
       h2 {
@@ -91,135 +93,22 @@ export class OpsViewSecurity extends DeesElement {
         overflow: hidden;
       }
 
-      .securityCard.alert {
-        border-color: ${cssManager.bdTheme('#f44336', '#ff6666')};
-        background: ${cssManager.bdTheme('#ffebee', '#4a1f1f')};
-      }
-
-      .securityCard.warning {
-        border-color: ${cssManager.bdTheme('#ff9800', '#ffaa33')};
-        background: ${cssManager.bdTheme('#fff3e0', '#4a3a1f')};
-      }
-
-      .securityCard.success {
-        border-color: ${cssManager.bdTheme('#4caf50', '#66cc66')};
-        background: ${cssManager.bdTheme('#e8f5e9', '#1f3f1f')};
-      }
-
-      .cardHeader {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        margin-bottom: 16px;
-      }
-
-      .cardTitle {
-        font-size: 18px;
-        font-weight: 600;
-        color: ${cssManager.bdTheme('#333', '#ccc')};
-      }
-
-      .cardStatus {
-        font-size: 14px;
-        padding: 4px 12px;
-        border-radius: 16px;
-        font-weight: 500;
-      }
-
-      .status-critical {
-        background: ${cssManager.bdTheme('#f44336', '#ff6666')};
-        color: ${cssManager.bdTheme('#fff', '#fff')};
-      }
-
-      .status-warning {
-        background: ${cssManager.bdTheme('#ff9800', '#ffaa33')};
-        color: ${cssManager.bdTheme('#fff', '#fff')};
-      }
-
-      .status-good {
-        background: ${cssManager.bdTheme('#4caf50', '#66cc66')};
-        color: ${cssManager.bdTheme('#fff', '#fff')};
-      }
-
-      .metricValue {
-        font-size: 32px;
-        font-weight: 700;
-        margin-bottom: 8px;
-      }
-
-      .metricLabel {
-        font-size: 14px;
-        color: ${cssManager.bdTheme('#666', '#999')};
-      }
-
       .actionButton {
         margin-top: 16px;
       }
 
-      .blockedIpList {
-        max-height: 400px;
-        overflow-y: auto;
-      }
-
-      .blockedIpItem {
-        display: flex;
-        justify-content: space-between;
-        align-items: center;
-        padding: 12px;
-        border-bottom: 1px solid ${cssManager.bdTheme('#e9ecef', '#333')};
-      }
-
-      .blockedIpItem:last-child {
-        border-bottom: none;
-      }
-
-      .ipAddress {
-        font-family: 'Consolas', 'Monaco', monospace;
-        font-weight: 600;
-      }
-
-      .blockReason {
-        font-size: 14px;
-        color: ${cssManager.bdTheme('#666', '#999')};
-      }
-
-      .blockTime {
-        font-size: 12px;
-        color: ${cssManager.bdTheme('#999', '#666')};
-      }
     `,
   ];
 
   public render() {
     return html`
       <dees-heading level="2">Security</dees-heading>
-      
-      <div class="tabs">
-        <button 
-          class="tab ${this.selectedTab === 'overview' ? 'active' : ''}"
-          @click=${() => this.selectedTab = 'overview'}
-        >
-          Overview
-        </button>
-        <button 
-          class="tab ${this.selectedTab === 'blocked' ? 'active' : ''}"
-          @click=${() => this.selectedTab = 'blocked'}
-        >
-          Blocked IPs
-        </button>
-        <button 
-          class="tab ${this.selectedTab === 'authentication' ? 'active' : ''}"
-          @click=${() => this.selectedTab = 'authentication'}
-        >
-          Authentication
-        </button>
-        <button 
-          class="tab ${this.selectedTab === 'email-security' ? 'active' : ''}"
-          @click=${() => this.selectedTab = 'email-security'}
-        >
-          Email Security
-        </button>
-      </div>
+
+      <dees-input-multitoggle
+        .type=${'single'}
+        .options=${['Overview', 'Blocked IPs', 'Authentication', 'Email Security']}
+        .selectedOption=${this.tabLabelMap[this.selectedTab]}
+      ></dees-input-multitoggle>
 
       ${this.renderTabContent()}
     `;
@@ -328,32 +217,53 @@ export class OpsViewSecurity extends DeesElement {
   }
 
   private renderBlockedIPs(metrics: any) {
+    const blockedIPs: string[] = metrics.blockedIPs || [];
+
+    const tiles: IStatsTile[] = [
+      {
+        id: 'totalBlocked',
+        title: 'Blocked IPs',
+        value: blockedIPs.length,
+        type: 'number',
+        icon: 'lucide:ShieldBan',
+        color: blockedIPs.length > 0 ? '#ef4444' : '#22c55e',
+        description: 'Currently blocked addresses',
+      },
+    ];
+
     return html`
-      <div class="securityCard">
-        <div class="cardHeader">
-          <h3 class="cardTitle">Blocked IP Addresses</h3>
-          <dees-button @click=${() => this.clearBlockedIPs()}>
-            Clear All
-          </dees-button>
-        </div>
-        
-        <div class="blockedIpList">
-          ${metrics.blockedIPs && metrics.blockedIPs.length > 0 ? metrics.blockedIPs.map((ipAddress, index) => html`
-            <div class="blockedIpItem">
-              <div>
-                <div class="ipAddress">${ipAddress}</div>
-                <div class="blockReason">Suspicious activity</div>
-                <div class="blockTime">Blocked</div>
-              </div>
-              <dees-button @click=${() => this.unblockIP(ipAddress)}>
-                Unblock
-              </dees-button>
-            </div>
-          `) : html`
-            <p>No blocked IPs</p>
-          `}
-        </div>
-      </div>
+      <dees-statsgrid
+        .tiles=${tiles}
+        .minTileWidth=${200}
+      ></dees-statsgrid>
+
+      <dees-table
+        .heading1=${'Blocked IP Addresses'}
+        .heading2=${'IPs blocked due to suspicious activity'}
+        .data=${blockedIPs.map((ip) => ({ ip }))}
+        .displayFunction=${(item) => ({
+          'IP Address': item.ip,
+          'Reason': 'Suspicious activity',
+        })}
+        .dataActions=${[
+          {
+            name: 'Unblock',
+            iconName: 'lucide:shield-off',
+            type: ['contextmenu' as const],
+            actionFunc: async (item) => {
+              await this.unblockIP(item.ip);
+            },
+          },
+          {
+            name: 'Clear All',
+            iconName: 'lucide:trash-2',
+            type: ['header' as const],
+            actionFunc: async () => {
+              await this.clearBlockedIPs();
+            },
+          },
+        ]}
+      ></dees-table>
     `;
   }
 

package/ts_web/elements/ops-view-targetprofiles.ts

@@ -91,7 +91,7 @@ export class OpsViewTargetProfiles extends DeesElement {
               ? html`${profile.domains.map(d => html`<span class="tagBadge">${d}</span>`)}`
               : '-',
             Targets: profile.targets?.length
-              ? html`${profile.targets.map(t => html`<span class="tagBadge">${t.host}:${t.port}</span>`)}`
+              ? html`${profile.targets.map(t => html`<span class="tagBadge">${t.ip}:${t.port}</span>`)}`
               : '-',
             'Route Refs': profile.routeRefs?.length
               ? html`${profile.routeRefs.map(r => html`<span class="tagBadge">${r}</span>`)}`
@@ -175,7 +175,7 @@ export class OpsViewTargetProfiles extends DeesElement {
           <dees-input-text .key=${'name'} .label=${'Name'} .required=${true}></dees-input-text>
           <dees-input-text .key=${'description'} .label=${'Description'}></dees-input-text>
           <dees-input-list .key=${'domains'} .label=${'Domains'} .placeholder=${'e.g. *.example.com'} .allowFreeform=${true}></dees-input-list>
-          <dees-input-list .key=${'targets'} .label=${'Targets (host:port)'} .placeholder=${'e.g. 10.0.0.1:443'} .allowFreeform=${true}></dees-input-list>
+          <dees-input-list .key=${'targets'} .label=${'Targets (ip:port)'} .placeholder=${'e.g. 10.0.0.1:443'} .allowFreeform=${true}></dees-input-list>
           <dees-input-list .key=${'routeRefs'} .label=${'Route Refs'} .placeholder=${'Type to search routes...'} .candidates=${routeCandidates} .allowFreeform=${true}></dees-input-list>
         </dees-form>
       `,
@@ -197,11 +197,11 @@ export class OpsViewTargetProfiles extends DeesElement {
                 const lastColon = s.lastIndexOf(':');
                 if (lastColon === -1) return null;
                 return {
-                  host: s.substring(0, lastColon),
+                  ip: s.substring(0, lastColon),
                   port: parseInt(s.substring(lastColon + 1), 10),
                 };
               })
-              .filter((t): t is { host: string; port: number } => t !== null && !isNaN(t.port));
+              .filter((t): t is { ip: string; port: number } => t !== null && !isNaN(t.port));
             const routeRefs: string[] = Array.isArray(data.routeRefs) ? data.routeRefs : [];
 
             await appstate.targetProfilesStatePart.dispatchAction(appstate.createTargetProfileAction, {
@@ -220,7 +220,7 @@ export class OpsViewTargetProfiles extends DeesElement {
 
   private async showEditProfileDialog(profile: interfaces.data.ITargetProfile) {
     const currentDomains = profile.domains || [];
-    const currentTargets = profile.targets?.map(t => `${t.host}:${t.port}`) || [];
+    const currentTargets = profile.targets?.map(t => `${t.ip}:${t.port}`) || [];
     const currentRouteRefs = profile.routeRefs || [];
 
     const { DeesModal } = await import('@design.estate/dees-catalog');
@@ -234,7 +234,7 @@ export class OpsViewTargetProfiles extends DeesElement {
           <dees-input-text .key=${'name'} .label=${'Name'} .value=${profile.name}></dees-input-text>
           <dees-input-text .key=${'description'} .label=${'Description'} .value=${profile.description || ''}></dees-input-text>
           <dees-input-list .key=${'domains'} .label=${'Domains'} .placeholder=${'e.g. *.example.com'} .allowFreeform=${true} .value=${currentDomains}></dees-input-list>
-          <dees-input-list .key=${'targets'} .label=${'Targets (host:port)'} .placeholder=${'e.g. 10.0.0.1:443'} .allowFreeform=${true} .value=${currentTargets}></dees-input-list>
+          <dees-input-list .key=${'targets'} .label=${'Targets (ip:port)'} .placeholder=${'e.g. 10.0.0.1:443'} .allowFreeform=${true} .value=${currentTargets}></dees-input-list>
           <dees-input-list .key=${'routeRefs'} .label=${'Route Refs'} .placeholder=${'Type to search routes...'} .candidates=${routeCandidates} .allowFreeform=${true} .value=${currentRouteRefs}></dees-input-list>
         </dees-form>
       `,
@@ -255,11 +255,11 @@ export class OpsViewTargetProfiles extends DeesElement {
                 const lastColon = s.lastIndexOf(':');
                 if (lastColon === -1) return null;
                 return {
-                  host: s.substring(0, lastColon),
+                  ip: s.substring(0, lastColon),
                   port: parseInt(s.substring(lastColon + 1), 10),
                 };
               })
-              .filter((t): t is { host: string; port: number } => t !== null && !isNaN(t.port));
+              .filter((t): t is { ip: string; port: number } => t !== null && !isNaN(t.port));
             const routeRefs: string[] = Array.isArray(data.routeRefs) ? data.routeRefs : [];
 
             await appstate.targetProfilesStatePart.dispatchAction(appstate.updateTargetProfileAction, {
@@ -327,7 +327,7 @@ export class OpsViewTargetProfiles extends DeesElement {
             <div style="font-size: 11px; font-weight: 600; text-transform: uppercase; letter-spacing: 0.05em; color: ${cssManager.bdTheme('#6b7280', '#9ca3af')};">Targets</div>
             <div style="font-size: 14px; margin-top: 4px;">
               ${profile.targets?.length
-                ? profile.targets.map(t => html`<span class="tagBadge">${t.host}:${t.port}</span>`)
+                ? profile.targets.map(t => html`<span class="tagBadge">${t.ip}:${t.port}</span>`)
                 : '-'}
             </div>
           </div>