@serve.zone/dcrouter 13.17.0 → 13.17.2

package/dist_ts/config/classes.route-config-manager.js

@@ -0,0 +1,370 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { RouteDoc } from '../db/index.js';
+import { augmentRouteWithHttp3 } from '../http3/index.js';
+/**
+ * Simple async mutex — serializes concurrent applyRoutes() calls so the Rust engine
+ * never receives rapid overlapping route updates that can churn UDP/QUIC listeners.
+ */
+class RouteUpdateMutex {
+    locked = false;
+    queue = [];
+    async runExclusive(fn) {
+        await new Promise((resolve) => {
+            if (!this.locked) {
+                this.locked = true;
+                resolve();
+            }
+            else {
+                this.queue.push(resolve);
+            }
+        });
+        try {
+            return await fn();
+        }
+        finally {
+            this.locked = false;
+            const next = this.queue.shift();
+            if (next) {
+                this.locked = true;
+                next();
+            }
+        }
+    }
+}
+export class RouteConfigManager {
+    getSmartProxy;
+    getHttp3Config;
+    getVpnClientIpsForRoute;
+    referenceResolver;
+    onRoutesApplied;
+    routes = new Map();
+    warnings = [];
+    routeUpdateMutex = new RouteUpdateMutex();
+    constructor(getSmartProxy, getHttp3Config, getVpnClientIpsForRoute, referenceResolver, onRoutesApplied) {
+        this.getSmartProxy = getSmartProxy;
+        this.getHttp3Config = getHttp3Config;
+        this.getVpnClientIpsForRoute = getVpnClientIpsForRoute;
+        this.referenceResolver = referenceResolver;
+        this.onRoutesApplied = onRoutesApplied;
+    }
+    /** Expose routes map for reference resolution lookups. */
+    getRoutes() {
+        return this.routes;
+    }
+    /**
+     * Load persisted routes, seed config/email/dns routes, compute warnings, apply to SmartProxy.
+     */
+    async initialize(configRoutes = [], emailRoutes = [], dnsRoutes = []) {
+        await this.loadRoutes();
+        await this.seedRoutes(configRoutes, 'config');
+        await this.seedRoutes(emailRoutes, 'email');
+        await this.seedRoutes(dnsRoutes, 'dns');
+        this.computeWarnings();
+        this.logWarnings();
+        await this.applyRoutes();
+    }
+    // =========================================================================
+    // Route listing
+    // =========================================================================
+    getMergedRoutes() {
+        const merged = [];
+        for (const route of this.routes.values()) {
+            merged.push({
+                route: route.route,
+                id: route.id,
+                enabled: route.enabled,
+                origin: route.origin,
+                createdAt: route.createdAt,
+                updatedAt: route.updatedAt,
+                metadata: route.metadata,
+            });
+        }
+        return { routes: merged, warnings: [...this.warnings] };
+    }
+    // =========================================================================
+    // Route CRUD
+    // =========================================================================
+    async createRoute(route, createdBy, enabled = true, metadata) {
+        const id = plugins.uuid.v4();
+        const now = Date.now();
+        // Ensure route has a name
+        if (!route.name) {
+            route.name = `route-${id.slice(0, 8)}`;
+        }
+        // Resolve references if metadata has refs and resolver is available
+        let resolvedMetadata = metadata;
+        if (metadata && this.referenceResolver) {
+            const resolved = this.referenceResolver.resolveRoute(route, metadata);
+            route = resolved.route;
+            resolvedMetadata = resolved.metadata;
+        }
+        const stored = {
+            id,
+            route,
+            enabled,
+            createdAt: now,
+            updatedAt: now,
+            createdBy,
+            origin: 'api',
+            metadata: resolvedMetadata,
+        };
+        this.routes.set(id, stored);
+        await this.persistRoute(stored);
+        await this.applyRoutes();
+        return id;
+    }
+    async updateRoute(id, patch) {
+        const stored = this.routes.get(id);
+        if (!stored)
+            return false;
+        if (patch.route) {
+            const mergedAction = patch.route.action
+                ? { ...stored.route.action, ...patch.route.action }
+                : stored.route.action;
+            // Handle explicit null to remove nested action properties (e.g., tls: null)
+            if (patch.route.action) {
+                for (const [key, val] of Object.entries(patch.route.action)) {
+                    if (val === null) {
+                        delete mergedAction[key];
+                    }
+                }
+            }
+            stored.route = { ...stored.route, ...patch.route, action: mergedAction };
+        }
+        if (patch.enabled !== undefined) {
+            stored.enabled = patch.enabled;
+        }
+        if (patch.metadata !== undefined) {
+            stored.metadata = { ...stored.metadata, ...patch.metadata };
+        }
+        // Re-resolve if metadata refs exist and resolver is available
+        if (stored.metadata && this.referenceResolver) {
+            const resolved = this.referenceResolver.resolveRoute(stored.route, stored.metadata);
+            stored.route = resolved.route;
+            stored.metadata = resolved.metadata;
+        }
+        stored.updatedAt = Date.now();
+        await this.persistRoute(stored);
+        await this.applyRoutes();
+        return true;
+    }
+    async deleteRoute(id) {
+        if (!this.routes.has(id))
+            return false;
+        this.routes.delete(id);
+        const doc = await RouteDoc.findById(id);
+        if (doc)
+            await doc.delete();
+        await this.applyRoutes();
+        return true;
+    }
+    async toggleRoute(id, enabled) {
+        return this.updateRoute(id, { enabled });
+    }
+    // =========================================================================
+    // Private: seed routes from constructor config
+    // =========================================================================
+    /**
+     * Upsert seed routes by name+origin. Preserves user's `enabled` state.
+     * Deletes stale DB routes whose origin matches but name is not in the seed set.
+     */
+    async seedRoutes(seedRoutes, origin) {
+        if (seedRoutes.length === 0)
+            return;
+        const seedNames = new Set();
+        let seeded = 0;
+        let updated = 0;
+        for (const route of seedRoutes) {
+            const name = route.name || '';
+            seedNames.add(name);
+            // Check if a route with this name+origin already exists in memory
+            let existingId;
+            for (const [id, r] of this.routes) {
+                if (r.origin === origin && r.route.name === name) {
+                    existingId = id;
+                    break;
+                }
+            }
+            if (existingId) {
+                // Update route config but preserve enabled state
+                const existing = this.routes.get(existingId);
+                existing.route = route;
+                existing.updatedAt = Date.now();
+                await this.persistRoute(existing);
+                updated++;
+            }
+            else {
+                // Insert new seed route
+                const id = plugins.uuid.v4();
+                const now = Date.now();
+                const newRoute = {
+                    id,
+                    route,
+                    enabled: true,
+                    createdAt: now,
+                    updatedAt: now,
+                    createdBy: 'system',
+                    origin,
+                };
+                this.routes.set(id, newRoute);
+                await this.persistRoute(newRoute);
+                seeded++;
+            }
+        }
+        // Delete stale routes: same origin but name not in current seed set
+        const staleIds = [];
+        for (const [id, r] of this.routes) {
+            if (r.origin === origin && !seedNames.has(r.route.name || '')) {
+                staleIds.push(id);
+            }
+        }
+        for (const id of staleIds) {
+            this.routes.delete(id);
+            const doc = await RouteDoc.findById(id);
+            if (doc)
+                await doc.delete();
+        }
+        if (seeded > 0 || updated > 0 || staleIds.length > 0) {
+            logger.log('info', `Seed routes (${origin}): ${seeded} new, ${updated} updated, ${staleIds.length} stale removed`);
+        }
+    }
+    // =========================================================================
+    // Private: persistence
+    // =========================================================================
+    async loadRoutes() {
+        const docs = await RouteDoc.findAll();
+        for (const doc of docs) {
+            if (doc.id) {
+                this.routes.set(doc.id, {
+                    id: doc.id,
+                    route: doc.route,
+                    enabled: doc.enabled,
+                    createdAt: doc.createdAt,
+                    updatedAt: doc.updatedAt,
+                    createdBy: doc.createdBy,
+                    origin: doc.origin || 'api',
+                    metadata: doc.metadata,
+                });
+            }
+        }
+        if (this.routes.size > 0) {
+            logger.log('info', `Loaded ${this.routes.size} route(s) from database`);
+        }
+    }
+    async persistRoute(stored) {
+        const existingDoc = await RouteDoc.findById(stored.id);
+        if (existingDoc) {
+            existingDoc.route = stored.route;
+            existingDoc.enabled = stored.enabled;
+            existingDoc.updatedAt = stored.updatedAt;
+            existingDoc.createdBy = stored.createdBy;
+            existingDoc.origin = stored.origin;
+            existingDoc.metadata = stored.metadata;
+            await existingDoc.save();
+        }
+        else {
+            const doc = new RouteDoc();
+            doc.id = stored.id;
+            doc.route = stored.route;
+            doc.enabled = stored.enabled;
+            doc.createdAt = stored.createdAt;
+            doc.updatedAt = stored.updatedAt;
+            doc.createdBy = stored.createdBy;
+            doc.origin = stored.origin;
+            doc.metadata = stored.metadata;
+            await doc.save();
+        }
+    }
+    // =========================================================================
+    // Private: warnings
+    // =========================================================================
+    computeWarnings() {
+        this.warnings = [];
+        for (const route of this.routes.values()) {
+            if (!route.enabled) {
+                const name = route.route.name || route.id;
+                this.warnings.push({
+                    type: 'disabled-route',
+                    routeName: name,
+                    message: `Route '${name}' (id: ${route.id}) is disabled`,
+                });
+            }
+        }
+    }
+    logWarnings() {
+        for (const w of this.warnings) {
+            logger.log('warn', w.message);
+        }
+    }
+    // =========================================================================
+    // Re-resolve routes after profile/target changes
+    // =========================================================================
+    /**
+     * Re-resolve specific routes by ID (after a profile or target is updated).
+     * Persists each route and calls applyRoutes() once at the end.
+     */
+    async reResolveRoutes(routeIds) {
+        if (!this.referenceResolver || routeIds.length === 0)
+            return;
+        for (const routeId of routeIds) {
+            const stored = this.routes.get(routeId);
+            if (!stored?.metadata)
+                continue;
+            const resolved = this.referenceResolver.resolveRoute(stored.route, stored.metadata);
+            stored.route = resolved.route;
+            stored.metadata = resolved.metadata;
+            stored.updatedAt = Date.now();
+            await this.persistRoute(stored);
+        }
+        await this.applyRoutes();
+        logger.log('info', `Re-resolved ${routeIds.length} route(s) after profile/target change`);
+    }
+    // =========================================================================
+    // Apply routes to SmartProxy
+    // =========================================================================
+    async applyRoutes() {
+        await this.routeUpdateMutex.runExclusive(async () => {
+            const smartProxy = this.getSmartProxy();
+            if (!smartProxy)
+                return;
+            const enabledRoutes = [];
+            const http3Config = this.getHttp3Config?.();
+            const vpnCallback = this.getVpnClientIpsForRoute;
+            // Helper: inject VPN security into a vpnOnly route
+            const injectVpn = (route, routeId) => {
+                if (!vpnCallback)
+                    return route;
+                const dcRoute = route;
+                if (!dcRoute.vpnOnly)
+                    return route;
+                const vpnEntries = vpnCallback(dcRoute, routeId);
+                const existingEntries = route.security?.ipAllowList || [];
+                return {
+                    ...route,
+                    security: {
+                        ...route.security,
+                        ipAllowList: [...existingEntries, ...vpnEntries],
+                    },
+                };
+            };
+            // Add all enabled routes with HTTP/3 and VPN augmentation
+            for (const route of this.routes.values()) {
+                if (route.enabled) {
+                    let r = route.route;
+                    if (http3Config?.enabled !== false) {
+                        r = augmentRouteWithHttp3(r, { enabled: true, ...http3Config });
+                    }
+                    enabledRoutes.push(injectVpn(r, route.id));
+                }
+            }
+            await smartProxy.updateRoutes(enabledRoutes);
+            // Notify listeners (e.g. RemoteIngressManager) of the route set
+            if (this.onRoutesApplied) {
+                this.onRoutesApplied(enabledRoutes);
+            }
+            logger.log('info', `Applied ${enabledRoutes.length} routes to SmartProxy (${this.routes.size} total)`);
+        });
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5yb3V0ZS1jb25maWctbWFuYWdlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL2NvbmZpZy9jbGFzc2VzLnJvdXRlLWNvbmZpZy1tYW5hZ2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxPQUFPLE1BQU0sZUFBZSxDQUFDO0FBQ3pDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDdEMsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBUTFDLE9BQU8sRUFBcUIscUJBQXFCLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQU03RTs7O0dBR0c7QUFDSCxNQUFNLGdCQUFnQjtJQUNaLE1BQU0sR0FBRyxLQUFLLENBQUM7SUFDZixLQUFLLEdBQXNCLEVBQUUsQ0FBQztJQUV0QyxLQUFLLENBQUMsWUFBWSxDQUFJLEVBQW9CO1FBQ3hDLE1BQU0sSUFBSSxPQUFPLENBQU8sQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUNsQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQztnQkFDbkIsT0FBTyxFQUFFLENBQUM7WUFDWixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDM0IsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLEVBQUUsRUFBRSxDQUFDO1FBQ3BCLENBQUM7Z0JBQVMsQ0FBQztZQUNULElBQUksQ0FBQyxNQUFNLEdBQUcsS0FBSyxDQUFDO1lBQ3BCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDaEMsSUFBSSxJQUFJLEVBQUUsQ0FBQztnQkFDVCxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksQ0FBQztnQkFDbkIsSUFBSSxFQUFFLENBQUM7WUFDVCxDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7Q0FDRjtBQUVELE1BQU0sT0FBTyxrQkFBa0I7SUFNbkI7SUFDQTtJQUNBO0lBQ0E7SUFDQTtJQVRGLE1BQU0sR0FBRyxJQUFJLEdBQUcsRUFBa0IsQ0FBQztJQUNuQyxRQUFRLEdBQW9CLEVBQUUsQ0FBQztJQUMvQixnQkFBZ0IsR0FBRyxJQUFJLGdCQUFnQixFQUFFLENBQUM7SUFFbEQsWUFDVSxhQUE4RCxFQUM5RCxjQUErQyxFQUMvQyx1QkFBNEYsRUFDNUYsaUJBQXFDLEVBQ3JDLGVBQXFFO1FBSnJFLGtCQUFhLEdBQWIsYUFBYSxDQUFpRDtRQUM5RCxtQkFBYyxHQUFkLGNBQWMsQ0FBaUM7UUFDL0MsNEJBQXVCLEdBQXZCLHVCQUF1QixDQUFxRTtRQUM1RixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW9CO1FBQ3JDLG9CQUFlLEdBQWYsZUFBZSxDQUFzRDtJQUM1RSxDQUFDO0lBRUosMERBQTBEO0lBQ25ELFNBQVM7UUFDZCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDckIsQ0FBQztJQUVEOztPQUVHO0lBQ0ksS0FBSyxDQUFDLFVBQVUsQ0FDckIsZUFBdUMsRUFBRSxFQUN6QyxjQUFzQyxFQUFFLEVBQ3hDLFlBQW9DLEVBQUU7UUFFdEMsTUFBTSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDeEIsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksRUFBRSxRQUFRLENBQUMsQ0FBQztRQUM5QyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQzVDLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDeEMsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNuQixNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRUQsNEVBQTRFO0lBQzVFLGdCQUFnQjtJQUNoQiw0RUFBNEU7SUFFckUsZUFBZTtRQUNwQixNQUFNLE1BQU0sR0FBbUIsRUFBRSxDQUFDO1FBRWxDLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ1YsS0FBSyxFQUFFLEtBQUssQ0FBQyxLQUFLO2dCQUNsQixFQUFFLEVBQUUsS0FBSyxDQUFDLEVBQUU7Z0JBQ1osT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO2dCQUN0QixNQUFNLEVBQUUsS0FBSyxDQUFDLE1BQU07Z0JBQ3BCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztnQkFDMUIsU0FBUyxFQUFFLEtBQUssQ0FBQyxTQUFTO2dCQUMxQixRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7YUFDekIsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7SUFDMUQsQ0FBQztJQUVELDRFQUE0RTtJQUM1RSxhQUFhO0lBQ2IsNEVBQTRFO0lBRXJFLEtBQUssQ0FBQyxXQUFXLENBQ3RCLEtBQTJCLEVBQzNCLFNBQWlCLEVBQ2pCLE9BQU8sR0FBRyxJQUFJLEVBQ2QsUUFBeUI7UUFFekIsTUFBTSxFQUFFLEdBQUcsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUM3QixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdkIsMEJBQTBCO1FBQzFCLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDaEIsS0FBSyxDQUFDLElBQUksR0FBRyxTQUFTLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDekMsQ0FBQztRQUVELG9FQUFvRTtRQUNwRSxJQUFJLGdCQUFnQixHQUFHLFFBQVEsQ0FBQztRQUNoQyxJQUFJLFFBQVEsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUN2QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxRQUFRLENBQUMsQ0FBQztZQUN0RSxLQUFLLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQztZQUN2QixnQkFBZ0IsR0FBRyxRQUFRLENBQUMsUUFBUSxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBVztZQUNyQixFQUFFO1lBQ0YsS0FBSztZQUNMLE9BQU87WUFDUCxTQUFTLEVBQUUsR0FBRztZQUNkLFNBQVMsRUFBRSxHQUFHO1lBQ2QsU0FBUztZQUNULE1BQU0sRUFBRSxLQUFLO1lBQ2IsUUFBUSxFQUFFLGdCQUFnQjtTQUMzQixDQUFDO1FBRUYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzVCLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN6QixPQUFPLEVBQUUsQ0FBQztJQUNaLENBQUM7SUFFTSxLQUFLLENBQUMsV0FBVyxDQUN0QixFQUFVLEVBQ1YsS0FJQztRQUVELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ25DLElBQUksQ0FBQyxNQUFNO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFMUIsSUFBSSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDaEIsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyxNQUFNO2dCQUNyQyxDQUFDLENBQUMsRUFBRSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyxNQUFNLEVBQUU7Z0JBQ25ELENBQUMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQztZQUN4Qiw0RUFBNEU7WUFDNUUsSUFBSSxLQUFLLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO2dCQUN2QixLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxFQUFFLENBQUM7b0JBQzVELElBQUksR0FBRyxLQUFLLElBQUksRUFBRSxDQUFDO3dCQUNqQixPQUFRLFlBQW9CLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQ3BDLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7WUFDRCxNQUFNLENBQUMsS0FBSyxHQUFHLEVBQUUsR0FBRyxNQUFNLENBQUMsS0FBSyxFQUFFLEdBQUcsS0FBSyxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsWUFBWSxFQUEwQixDQUFDO1FBQ25HLENBQUM7UUFDRCxJQUFJLEtBQUssQ0FBQyxPQUFPLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDaEMsTUFBTSxDQUFDLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDO1FBQ2pDLENBQUM7UUFDRCxJQUFJLEtBQUssQ0FBQyxRQUFRLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsTUFBTSxDQUFDLFFBQVEsR0FBRyxFQUFFLEdBQUcsTUFBTSxDQUFDLFFBQVEsRUFBRSxHQUFHLEtBQUssQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUM5RCxDQUFDO1FBRUQsOERBQThEO1FBQzlELElBQUksTUFBTSxDQUFDLFFBQVEsSUFBSSxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztZQUM5QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ3BGLE1BQU0sQ0FBQyxLQUFLLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQztZQUM5QixNQUFNLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQyxRQUFRLENBQUM7UUFDdEMsQ0FBQztRQUVELE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBRTlCLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN6QixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxLQUFLLENBQUMsV0FBVyxDQUFDLEVBQVU7UUFDakMsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUFFLE9BQU8sS0FBSyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3ZCLE1BQU0sR0FBRyxHQUFHLE1BQU0sUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUN4QyxJQUFJLEdBQUc7WUFBRSxNQUFNLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUM1QixNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN6QixPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTSxLQUFLLENBQUMsV0FBVyxDQUFDLEVBQVUsRUFBRSxPQUFnQjtRQUNuRCxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUMsRUFBRSxFQUFFLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztJQUMzQyxDQUFDO0lBRUQsNEVBQTRFO0lBQzVFLCtDQUErQztJQUMvQyw0RUFBNEU7SUFFNUU7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLFVBQVUsQ0FDdEIsVUFBa0MsRUFDbEMsTUFBa0M7UUFFbEMsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUM7WUFBRSxPQUFPO1FBRXBDLE1BQU0sU0FBUyxHQUFHLElBQUksR0FBRyxFQUFVLENBQUM7UUFDcEMsSUFBSSxNQUFNLEdBQUcsQ0FBQyxDQUFDO1FBQ2YsSUFBSSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1FBRWhCLEtBQUssTUFBTSxLQUFLLElBQUksVUFBVSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLEdBQUcsS0FBSyxDQUFDLElBQUksSUFBSSxFQUFFLENBQUM7WUFDOUIsU0FBUyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUVwQixrRUFBa0U7WUFDbEUsSUFBSSxVQUE4QixDQUFDO1lBQ25DLEtBQUssTUFBTSxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ2xDLElBQUksQ0FBQyxDQUFDLE1BQU0sS0FBSyxNQUFNLElBQUksQ0FBQyxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssSUFBSSxFQUFFLENBQUM7b0JBQ2pELFVBQVUsR0FBRyxFQUFFLENBQUM7b0JBQ2hCLE1BQU07Z0JBQ1IsQ0FBQztZQUNILENBQUM7WUFFRCxJQUFJLFVBQVUsRUFBRSxDQUFDO2dCQUNmLGlEQUFpRDtnQkFDakQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFFLENBQUM7Z0JBQzlDLFFBQVEsQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO2dCQUN2QixRQUFRLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDaEMsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNsQyxPQUFPLEVBQUUsQ0FBQztZQUNaLENBQUM7aUJBQU0sQ0FBQztnQkFDTix3QkFBd0I7Z0JBQ3hCLE1BQU0sRUFBRSxHQUFHLE9BQU8sQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7Z0JBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxRQUFRLEdBQVc7b0JBQ3ZCLEVBQUU7b0JBQ0YsS0FBSztvQkFDTCxPQUFPLEVBQUUsSUFBSTtvQkFDYixTQUFTLEVBQUUsR0FBRztvQkFDZCxTQUFTLEVBQUUsR0FBRztvQkFDZCxTQUFTLEVBQUUsUUFBUTtvQkFDbkIsTUFBTTtpQkFDUCxDQUFDO2dCQUNGLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxRQUFRLENBQUMsQ0FBQztnQkFDOUIsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNsQyxNQUFNLEVBQUUsQ0FBQztZQUNYLENBQUM7UUFDSCxDQUFDO1FBRUQsb0VBQW9FO1FBQ3BFLE1BQU0sUUFBUSxHQUFhLEVBQUUsQ0FBQztRQUM5QixLQUFLLE1BQU0sQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2xDLElBQUksQ0FBQyxDQUFDLE1BQU0sS0FBSyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQzlELFFBQVEsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDcEIsQ0FBQztRQUNILENBQUM7UUFDRCxLQUFLLE1BQU0sRUFBRSxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQzFCLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZCLE1BQU0sR0FBRyxHQUFHLE1BQU0sUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4QyxJQUFJLEdBQUc7Z0JBQUUsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDOUIsQ0FBQztRQUVELElBQUksTUFBTSxHQUFHLENBQUMsSUFBSSxPQUFPLEdBQUcsQ0FBQyxJQUFJLFFBQVEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDckQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsZ0JBQWdCLE1BQU0sTUFBTSxNQUFNLFNBQVMsT0FBTyxhQUFhLFFBQVEsQ0FBQyxNQUFNLGdCQUFnQixDQUFDLENBQUM7UUFDckgsQ0FBQztJQUNILENBQUM7SUFFRCw0RUFBNEU7SUFDNUUsdUJBQXVCO0lBQ3ZCLDRFQUE0RTtJQUVwRSxLQUFLLENBQUMsVUFBVTtRQUN0QixNQUFNLElBQUksR0FBRyxNQUFNLFFBQVEsQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUN0QyxLQUFLLE1BQU0sR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3ZCLElBQUksR0FBRyxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUNYLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFLEVBQUU7b0JBQ3RCLEVBQUUsRUFBRSxHQUFHLENBQUMsRUFBRTtvQkFDVixLQUFLLEVBQUUsR0FBRyxDQUFDLEtBQUs7b0JBQ2hCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztvQkFDcEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO29CQUN4QixTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7b0JBQ3hCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUztvQkFDeEIsTUFBTSxFQUFFLEdBQUcsQ0FBQyxNQUFNLElBQUksS0FBSztvQkFDM0IsUUFBUSxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN2QixDQUFDLENBQUM7WUFDTCxDQUFDO1FBQ0gsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDekIsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsVUFBVSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUkseUJBQXlCLENBQUMsQ0FBQztRQUMxRSxDQUFDO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyxZQUFZLENBQUMsTUFBYztRQUN2QyxNQUFNLFdBQVcsR0FBRyxNQUFNLFFBQVEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3ZELElBQUksV0FBVyxFQUFFLENBQUM7WUFDaEIsV0FBVyxDQUFDLEtBQUssR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDO1lBQ2pDLFdBQVcsQ0FBQyxPQUFPLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUNyQyxXQUFXLENBQUMsU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDekMsV0FBVyxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQ3pDLFdBQVcsQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUNuQyxXQUFXLENBQUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUM7WUFDdkMsTUFBTSxXQUFXLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDM0IsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLEdBQUcsR0FBRyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQzNCLEdBQUcsQ0FBQyxFQUFFLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQztZQUNuQixHQUFHLENBQUMsS0FBSyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUM7WUFDekIsR0FBRyxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQzdCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsQ0FBQztZQUNqQyxHQUFHLENBQUMsU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDakMsR0FBRyxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxDQUFDO1lBQ2pDLEdBQUcsQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUMzQixHQUFHLENBQUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUM7WUFDL0IsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDbkIsQ0FBQztJQUNILENBQUM7SUFFRCw0RUFBNEU7SUFDNUUsb0JBQW9CO0lBQ3BCLDRFQUE0RTtJQUVwRSxlQUFlO1FBQ3JCLElBQUksQ0FBQyxRQUFRLEdBQUcsRUFBRSxDQUFDO1FBRW5CLEtBQUssTUFBTSxLQUFLLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO1lBQ3pDLElBQUksQ0FBQyxLQUFLLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ25CLE1BQU0sSUFBSSxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsSUFBSSxJQUFJLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDO29CQUNqQixJQUFJLEVBQUUsZ0JBQWdCO29CQUN0QixTQUFTLEVBQUUsSUFBSTtvQkFDZixPQUFPLEVBQUUsVUFBVSxJQUFJLFVBQVUsS0FBSyxDQUFDLEVBQUUsZUFBZTtpQkFDekQsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sV0FBVztRQUNqQixLQUFLLE1BQU0sQ0FBQyxJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUM5QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDaEMsQ0FBQztJQUNILENBQUM7SUFFRCw0RUFBNEU7SUFDNUUsaURBQWlEO0lBQ2pELDRFQUE0RTtJQUU1RTs7O09BR0c7SUFDSSxLQUFLLENBQUMsZUFBZSxDQUFDLFFBQWtCO1FBQzdDLElBQUksQ0FBQyxJQUFJLENBQUMsaUJBQWlCLElBQUksUUFBUSxDQUFDLE1BQU0sS0FBSyxDQUFDO1lBQUUsT0FBTztRQUU3RCxLQUFLLE1BQU0sT0FBTyxJQUFJLFFBQVEsRUFBRSxDQUFDO1lBQy9CLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3hDLElBQUksQ0FBQyxNQUFNLEVBQUUsUUFBUTtnQkFBRSxTQUFTO1lBRWhDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDcEYsTUFBTSxDQUFDLEtBQUssR0FBRyxRQUFRLENBQUMsS0FBSyxDQUFDO1lBQzlCLE1BQU0sQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQztZQUNwQyxNQUFNLENBQUMsU0FBUyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUM5QixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEMsQ0FBQztRQUVELE1BQU0sSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ3pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGVBQWUsUUFBUSxDQUFDLE1BQU0sdUNBQXVDLENBQUMsQ0FBQztJQUM1RixDQUFDO0lBRUQsNEVBQTRFO0lBQzVFLDZCQUE2QjtJQUM3Qiw0RUFBNEU7SUFFckUsS0FBSyxDQUFDLFdBQVc7UUFDdEIsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQ2xELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUN4QyxJQUFJLENBQUMsVUFBVTtnQkFBRSxPQUFPO1lBRXhCLE1BQU0sYUFBYSxHQUFzQyxFQUFFLENBQUM7WUFFNUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLGNBQWMsRUFBRSxFQUFFLENBQUM7WUFDNUMsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1lBRWpELG1EQUFtRDtZQUNuRCxNQUFNLFNBQVMsR0FBRyxDQUFDLEtBQXNDLEVBQUUsT0FBZ0IsRUFBbUMsRUFBRTtnQkFDOUcsSUFBSSxDQUFDLFdBQVc7b0JBQUUsT0FBTyxLQUFLLENBQUM7Z0JBQy9CLE1BQU0sT0FBTyxHQUFHLEtBQTZCLENBQUM7Z0JBQzlDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTztvQkFBRSxPQUFPLEtBQUssQ0FBQztnQkFDbkMsTUFBTSxVQUFVLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztnQkFDakQsTUFBTSxlQUFlLEdBQUcsS0FBSyxDQUFDLFFBQVEsRUFBRSxXQUFXLElBQUksRUFBRSxDQUFDO2dCQUMxRCxPQUFPO29CQUNMLEdBQUcsS0FBSztvQkFDUixRQUFRLEVBQUU7d0JBQ1IsR0FBRyxLQUFLLENBQUMsUUFBUTt3QkFDakIsV0FBVyxFQUFFLENBQUMsR0FBRyxlQUFlLEVBQUUsR0FBRyxVQUFVLENBQUM7cUJBQ2pEO2lCQUNGLENBQUM7WUFDSixDQUFDLENBQUM7WUFFRiwwREFBMEQ7WUFDMUQsS0FBSyxNQUFNLEtBQUssSUFBSSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUM7Z0JBQ3pDLElBQUksS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDO29CQUNsQixJQUFJLENBQUMsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDO29CQUNwQixJQUFJLFdBQVcsRUFBRSxPQUFPLEtBQUssS0FBSyxFQUFFLENBQUM7d0JBQ25DLENBQUMsR0FBRyxxQkFBcUIsQ0FBQyxDQUFDLEVBQUUsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLEdBQUcsV0FBVyxFQUFFLENBQUMsQ0FBQztvQkFDbEUsQ0FBQztvQkFDRCxhQUFhLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQzdDLENBQUM7WUFDSCxDQUFDO1lBRUQsTUFBTSxVQUFVLENBQUMsWUFBWSxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBRTdDLGdFQUFnRTtZQUNoRSxJQUFJLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztnQkFDekIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUN0QyxDQUFDO1lBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsV0FBVyxhQUFhLENBQUMsTUFBTSwwQkFBMEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLFNBQVMsQ0FBQyxDQUFDO1FBQ3pHLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztDQUNGIn0=

package/dist_ts/config/classes.target-profile-manager.d.ts

@@ -0,0 +1,82 @@
+import { VpnClientDoc } from '../db/index.js';
+import type { ITargetProfile, ITargetProfileTarget } from '../../dist_ts_interfaces/data/target-profile.js';
+import type { IDcRouterRouteConfig } from '../../dist_ts_interfaces/data/remoteingress.js';
+import type { IRoute } from '../../dist_ts_interfaces/data/route-management.js';
+/**
+ * Manages TargetProfiles (target-side: what can be accessed).
+ * TargetProfiles define what resources a VPN client can reach:
+ * domains, specific IP:port targets, and/or direct route references.
+ */
+export declare class TargetProfileManager {
+    private profiles;
+    initialize(): Promise<void>;
+    createProfile(data: {
+        name: string;
+        description?: string;
+        domains?: string[];
+        targets?: ITargetProfileTarget[];
+        routeRefs?: string[];
+        createdBy: string;
+    }): Promise<string>;
+    updateProfile(id: string, patch: Partial<Omit<ITargetProfile, 'id' | 'createdAt' | 'createdBy'>>): Promise<void>;
+    deleteProfile(id: string, force?: boolean): Promise<{
+        success: boolean;
+        message?: string;
+    }>;
+    getProfile(id: string): ITargetProfile | undefined;
+    listProfiles(): ITargetProfile[];
+    /**
+     * Get which VPN clients reference a target profile.
+     */
+    getProfileUsage(profileId: string): Promise<Array<{
+        clientId: string;
+        description?: string;
+    }>>;
+    /**
+     * For a set of target profile IDs, collect all explicit target IPs.
+     * These IPs bypass the SmartProxy forceTarget rewrite — VPN clients can
+     * connect to them directly through the tunnel.
+     */
+    getDirectTargetIps(targetProfileIds: string[]): string[];
+    /**
+     * For a vpnOnly route, find all enabled VPN clients whose assigned TargetProfile
+     * matches the route. Returns IP allow entries for injection into ipAllowList.
+     *
+     * Entries are domain-scoped when a profile matches via specific domains that are
+     * a subset of the route's wildcard. Plain IPs are returned for routeRef/target matches
+     * or when profile domains exactly equal the route's domains.
+     */
+    getMatchingClientIps(route: IDcRouterRouteConfig, routeId: string | undefined, clients: VpnClientDoc[]): Array<string | {
+        ip: string;
+        domains: string[];
+    }>;
+    /**
+     * For a given client (by its targetProfileIds), compute the set of
+     * domains and target IPs it can access. Used for WireGuard AllowedIPs.
+     */
+    getClientAccessSpec(targetProfileIds: string[], allRoutes: Map<string, IRoute>): {
+        domains: string[];
+        targetIps: string[];
+    };
+    /**
+     * Check if a route matches a profile (boolean convenience wrapper).
+     */
+    private routeMatchesProfile;
+    /**
+     * Detailed match: returns 'full' (plain IP, entire route), 'scoped' (domain-limited),
+     * or 'none' (no match).
+     *
+     * - routeRefs / target matches → 'full' (explicit reference = full access)
+     * - domain match where profile domains are a subset of route wildcard → 'scoped'
+     * - domain match where domains are identical or profile is a wildcard → 'full'
+     */
+    private routeMatchesProfileDetailed;
+    /**
+     * Check if a domain matches a pattern.
+     * - '*.example.com' matches 'sub.example.com', 'a.b.example.com'
+     * - 'example.com' matches only 'example.com'
+     */
+    private domainMatchesPattern;
+    private loadProfiles;
+    private persistProfile;
+}