@serve.zone/dcrouter 13.17.0 → 13.17.3

package/dist_serve/bundle.js

@@ -42909,10 +42909,10 @@ Customer Support Team`}};async onActivate(b){this.appui=b.appui,this.appui.setCo
         ></dees-statsgrid>
 
         <dees-input-multitoggle
+          class="routeFilterToggle"
           .type=${"single"}
           .options=${["User Routes","System Routes"]}
           .selectedOption=${this.routeFilter}
-          @change=${p=>{this.routeFilter=p.target.value||p.target.selectedOption}}
         ></dees-input-multitoggle>
 
         ${r.length>0?w`
@@ -42991,7 +42991,7 @@ Customer Support Team`}};async onActivate(b){this.appui=b.appui,this.appui.setCo
             </div>
           </div>
         </dees-form>
-      `,menuOptions:[{name:"Cancel",iconName:"lucide:x",action:i(async d=>await d.destroy(),"action")},{name:"Create",iconName:"lucide:plus",action:i(async d=>{let u=d.shadowRoot?.querySelector(".content")?.querySelector("dees-form");if(!u)return;let p=await u.collectFormData();if(!p.name||!p.ports)return;let m=p.ports.split(",").map(E=>parseInt(E.trim(),10)).filter(E=>!isNaN(E)),v=Array.isArray(p.domains)?p.domains.filter(Boolean):[],x=p.priority?parseInt(p.priority,10):void 0,b={name:p.name,match:{ports:m,...v.length>0?{domains:v}:{}},action:{type:"forward",targets:[{host:p.targetHost||"localhost",port:parseInt(p.targetPort,10)||443}]},...x!=null&&!isNaN(x)?{priority:x}:{}},g=p.tlsMode,y=typeof g=="string"?g:g?.key;if(y&&y!=="none"){let E={mode:y};if(y!=="passthrough"){let _=p.tlsCertificate;(typeof _=="string"?_:_?.key)==="custom"&&p.tlsCertKey&&p.tlsCertCert?E.certificate={key:p.tlsCertKey,cert:p.tlsCertCert}:E.certificate="auto"}b.action.tls=E}let k={},C=p.sourceProfileRef,R=typeof C=="string"?C:C?.key;R&&(k.sourceProfileRef=R);let T=p.networkTargetRef,S=typeof T=="string"?T:T?.key;S&&(k.networkTargetRef=S),await Fa.dispatchAction(Kha,{route:b,metadata:Object.keys(k).length>0?k:void 0}),await d.destroy()},"action")}]}))?.shadowRoot?.querySelector(".content")?.querySelector("dees-form");c&&(await c.updateComplete,T8a(c))}refreshData(){Fa.dispatchAction(E2,null)}async firstUpdated(){await Fa.dispatchAction(E2,null)}};In=qt(D8a),met=new WeakMap,get=new WeakMap,bet=new WeakMap,Qe(In,4,"routeFilter",$8a,R2,met),Qe(In,4,"routeState",L8a,R2,get),Qe(In,4,"profilesTargetsState",_8a,R2,bet),R2=Qe(In,0,"OpsViewRoutes",A8a,R2),i(R2,"OpsViewRoutes"),Mt(R2,"styles",[h.defaultStyles,Yt,W`
+      `,menuOptions:[{name:"Cancel",iconName:"lucide:x",action:i(async d=>await d.destroy(),"action")},{name:"Create",iconName:"lucide:plus",action:i(async d=>{let u=d.shadowRoot?.querySelector(".content")?.querySelector("dees-form");if(!u)return;let p=await u.collectFormData();if(!p.name||!p.ports)return;let m=p.ports.split(",").map(E=>parseInt(E.trim(),10)).filter(E=>!isNaN(E)),v=Array.isArray(p.domains)?p.domains.filter(Boolean):[],x=p.priority?parseInt(p.priority,10):void 0,b={name:p.name,match:{ports:m,...v.length>0?{domains:v}:{}},action:{type:"forward",targets:[{host:p.targetHost||"localhost",port:parseInt(p.targetPort,10)||443}]},...x!=null&&!isNaN(x)?{priority:x}:{}},g=p.tlsMode,y=typeof g=="string"?g:g?.key;if(y&&y!=="none"){let E={mode:y};if(y!=="passthrough"){let _=p.tlsCertificate;(typeof _=="string"?_:_?.key)==="custom"&&p.tlsCertKey&&p.tlsCertCert?E.certificate={key:p.tlsCertKey,cert:p.tlsCertCert}:E.certificate="auto"}b.action.tls=E}let k={},C=p.sourceProfileRef,R=typeof C=="string"?C:C?.key;R&&(k.sourceProfileRef=R);let T=p.networkTargetRef,S=typeof T=="string"?T:T?.key;S&&(k.networkTargetRef=S),await Fa.dispatchAction(Kha,{route:b,metadata:Object.keys(k).length>0?k:void 0}),await d.destroy()},"action")}]}))?.shadowRoot?.querySelector(".content")?.querySelector("dees-form");c&&(await c.updateComplete,T8a(c))}refreshData(){Fa.dispatchAction(E2,null)}async firstUpdated(){await Fa.dispatchAction(E2,null);let a=this.shadowRoot.querySelector(".routeFilterToggle");if(a){let r=a.changeSubject.subscribe(()=>{this.routeFilter=a.selectedOption});this.rxSubscriptions.push(r)}}};In=qt(D8a),met=new WeakMap,get=new WeakMap,bet=new WeakMap,Qe(In,4,"routeFilter",$8a,R2,met),Qe(In,4,"routeState",L8a,R2,get),Qe(In,4,"profilesTargetsState",_8a,R2,bet),R2=Qe(In,0,"OpsViewRoutes",A8a,R2),i(R2,"OpsViewRoutes"),Mt(R2,"styles",[h.defaultStyles,Yt,W`
       .routesContainer {
         display: flex;
         flex-direction: column;
@@ -46314,4 +46314,4 @@ ibantools/jsnext/ibantools.js:
    * @preferred
    *)
 */
-//# sourceMappingURL=bundle-1776107622388.js.map
+//# sourceMappingURL=bundle-1776109618689.js.map

package/dist_ts/00_commitinfo_data.d.ts

@@ -0,0 +1,8 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export declare const commitinfo: {
+    name: string;
+    version: string;
+    description: string;
+};

package/dist_ts/00_commitinfo_data.js

@@ -0,0 +1,9 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export const commitinfo = {
+    name: '@serve.zone/dcrouter',
+    version: '13.17.3',
+    description: 'A multifaceted routing service handling mail and SMS delivery functions.'
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSxzQkFBc0I7SUFDNUIsT0FBTyxFQUFFLFNBQVM7SUFDbEIsV0FBVyxFQUFFLDBFQUEwRTtDQUN4RixDQUFBIn0=

package/dist_ts/acme/index.d.ts

@@ -0,0 +1 @@
+export * from './manager.acme-config.js';

package/dist_ts/acme/index.js

@@ -0,0 +1,2 @@
+export * from './manager.acme-config.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9hY21lL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsMEJBQTBCLENBQUMifQ==

package/dist_ts/acme/manager.acme-config.d.ts

@@ -0,0 +1,48 @@
+import type { IDcRouterOptions } from '../classes.dcrouter.js';
+import type { IAcmeConfig } from '../../dist_ts_interfaces/data/acme-config.js';
+/**
+ * AcmeConfigManager — owns the singleton ACME configuration in the DB.
+ *
+ * Lifecycle:
+ *  - `start()` — loads from the DB; if empty, seeds from legacy constructor
+ *    fields (`tls.contactEmail`, `smartProxyConfig.acme.*`) on first boot.
+ *  - `getConfig()` — returns the in-memory cached `IAcmeConfig` (or null)
+ *  - `updateConfig(args, updatedBy)` — upserts and refreshes the cache
+ *
+ * Reload semantics: updates take effect on the next dcrouter restart because
+ * `SmartAcme` is instantiated once in `setupSmartProxy()`. `renewThresholdDays`
+ * applies immediately to the next renewal check. See
+ * `ts_web/elements/domains/ops-view-certificates.ts` for the UI warning.
+ */
+export declare class AcmeConfigManager {
+    private options;
+    private cached;
+    constructor(options: IDcRouterOptions);
+    start(): Promise<void>;
+    stop(): Promise<void>;
+    /**
+     * Returns the current ACME config, or null if not configured.
+     * In-memory — does not hit the DB.
+     */
+    getConfig(): IAcmeConfig | null;
+    /**
+     * True if there is an enabled ACME config. Used by `setupSmartProxy()` to
+     * decide whether to instantiate SmartAcme.
+     */
+    hasEnabledConfig(): boolean;
+    /**
+     * Upsert the ACME config. All fields are optional; missing fields are
+     * preserved from the existing row (or defaulted if there is no row yet).
+     */
+    updateConfig(args: Partial<Omit<IAcmeConfig, 'updatedAt' | 'updatedBy'>>, updatedBy: string): Promise<IAcmeConfig>;
+    /**
+     * Build a seed object from the legacy constructor fields. Returns null
+     * if the user has not provided any of them.
+     *
+     * Supports BOTH `tls.contactEmail` (short form) and `smartProxyConfig.acme`
+     * (full form). `smartProxyConfig.acme` wins when both are present.
+     */
+    private deriveSeedFromOptions;
+    private createSeedDoc;
+    private toPlain;
+}

package/dist_ts/acme/manager.acme-config.js

@@ -0,0 +1,156 @@
+import { logger } from '../logger.js';
+import { AcmeConfigDoc } from '../db/documents/index.js';
+/**
+ * AcmeConfigManager — owns the singleton ACME configuration in the DB.
+ *
+ * Lifecycle:
+ *  - `start()` — loads from the DB; if empty, seeds from legacy constructor
+ *    fields (`tls.contactEmail`, `smartProxyConfig.acme.*`) on first boot.
+ *  - `getConfig()` — returns the in-memory cached `IAcmeConfig` (or null)
+ *  - `updateConfig(args, updatedBy)` — upserts and refreshes the cache
+ *
+ * Reload semantics: updates take effect on the next dcrouter restart because
+ * `SmartAcme` is instantiated once in `setupSmartProxy()`. `renewThresholdDays`
+ * applies immediately to the next renewal check. See
+ * `ts_web/elements/domains/ops-view-certificates.ts` for the UI warning.
+ */
+export class AcmeConfigManager {
+    options;
+    cached = null;
+    constructor(options) {
+        this.options = options;
+    }
+    async start() {
+        logger.log('info', 'AcmeConfigManager: starting');
+        let doc = await AcmeConfigDoc.load();
+        if (!doc) {
+            // First-boot path: seed from legacy constructor fields if present.
+            const seed = this.deriveSeedFromOptions();
+            if (seed) {
+                doc = await this.createSeedDoc(seed);
+                logger.log('info', `AcmeConfigManager: seeded from constructor legacy fields (accountEmail=${seed.accountEmail}, useProduction=${seed.useProduction})`);
+            }
+            else {
+                logger.log('info', 'AcmeConfigManager: no AcmeConfig in DB and no legacy constructor fields — ACME disabled until configured via Domains > Certificates > Settings.');
+            }
+        }
+        else if (this.deriveSeedFromOptions()) {
+            logger.log('warn', 'AcmeConfigManager: ignoring constructor tls.contactEmail / smartProxyConfig.acme — DB already has AcmeConfigDoc. Manage via Domains > Certificates > Settings.');
+        }
+        this.cached = doc ? this.toPlain(doc) : null;
+        if (this.cached) {
+            logger.log('info', `AcmeConfigManager: loaded ACME config (accountEmail=${this.cached.accountEmail}, enabled=${this.cached.enabled}, useProduction=${this.cached.useProduction})`);
+        }
+    }
+    async stop() {
+        this.cached = null;
+    }
+    /**
+     * Returns the current ACME config, or null if not configured.
+     * In-memory — does not hit the DB.
+     */
+    getConfig() {
+        return this.cached;
+    }
+    /**
+     * True if there is an enabled ACME config. Used by `setupSmartProxy()` to
+     * decide whether to instantiate SmartAcme.
+     */
+    hasEnabledConfig() {
+        return this.cached !== null && this.cached.enabled;
+    }
+    /**
+     * Upsert the ACME config. All fields are optional; missing fields are
+     * preserved from the existing row (or defaulted if there is no row yet).
+     */
+    async updateConfig(args, updatedBy) {
+        let doc = await AcmeConfigDoc.load();
+        const now = Date.now();
+        if (!doc) {
+            doc = new AcmeConfigDoc();
+            doc.configId = 'acme-config';
+            doc.accountEmail = args.accountEmail ?? '';
+            doc.enabled = args.enabled ?? true;
+            doc.useProduction = args.useProduction ?? true;
+            doc.autoRenew = args.autoRenew ?? true;
+            doc.renewThresholdDays = args.renewThresholdDays ?? 30;
+        }
+        else {
+            if (args.accountEmail !== undefined)
+                doc.accountEmail = args.accountEmail;
+            if (args.enabled !== undefined)
+                doc.enabled = args.enabled;
+            if (args.useProduction !== undefined)
+                doc.useProduction = args.useProduction;
+            if (args.autoRenew !== undefined)
+                doc.autoRenew = args.autoRenew;
+            if (args.renewThresholdDays !== undefined)
+                doc.renewThresholdDays = args.renewThresholdDays;
+        }
+        doc.updatedAt = now;
+        doc.updatedBy = updatedBy;
+        await doc.save();
+        this.cached = this.toPlain(doc);
+        return this.cached;
+    }
+    // ==========================================================================
+    // Internal helpers
+    // ==========================================================================
+    /**
+     * Build a seed object from the legacy constructor fields. Returns null
+     * if the user has not provided any of them.
+     *
+     * Supports BOTH `tls.contactEmail` (short form) and `smartProxyConfig.acme`
+     * (full form). `smartProxyConfig.acme` wins when both are present.
+     */
+    deriveSeedFromOptions() {
+        const acme = this.options.smartProxyConfig?.acme;
+        const tls = this.options.tls;
+        // Prefer the explicit smartProxyConfig.acme block if present.
+        if (acme?.accountEmail) {
+            return {
+                accountEmail: acme.accountEmail,
+                enabled: acme.enabled !== false,
+                useProduction: acme.useProduction !== false,
+                autoRenew: acme.autoRenew !== false,
+                renewThresholdDays: acme.renewThresholdDays ?? 30,
+            };
+        }
+        // Fall back to the short tls.contactEmail form.
+        if (tls?.contactEmail) {
+            return {
+                accountEmail: tls.contactEmail,
+                enabled: true,
+                useProduction: true,
+                autoRenew: true,
+                renewThresholdDays: 30,
+            };
+        }
+        return null;
+    }
+    async createSeedDoc(seed) {
+        const doc = new AcmeConfigDoc();
+        doc.configId = 'acme-config';
+        doc.accountEmail = seed.accountEmail;
+        doc.enabled = seed.enabled;
+        doc.useProduction = seed.useProduction;
+        doc.autoRenew = seed.autoRenew;
+        doc.renewThresholdDays = seed.renewThresholdDays;
+        doc.updatedAt = Date.now();
+        doc.updatedBy = 'seed';
+        await doc.save();
+        return doc;
+    }
+    toPlain(doc) {
+        return {
+            accountEmail: doc.accountEmail,
+            enabled: doc.enabled,
+            useProduction: doc.useProduction,
+            autoRenew: doc.autoRenew,
+            renewThresholdDays: doc.renewThresholdDays,
+            updatedAt: doc.updatedAt,
+            updatedBy: doc.updatedBy,
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWFuYWdlci5hY21lLWNvbmZpZy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3RzL2FjbWUvbWFuYWdlci5hY21lLWNvbmZpZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ3RDLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUl6RDs7Ozs7Ozs7Ozs7OztHQWFHO0FBQ0gsTUFBTSxPQUFPLGlCQUFpQjtJQUdSO0lBRlosTUFBTSxHQUF1QixJQUFJLENBQUM7SUFFMUMsWUFBb0IsT0FBeUI7UUFBekIsWUFBTyxHQUFQLE9BQU8sQ0FBa0I7SUFBRyxDQUFDO0lBRTFDLEtBQUssQ0FBQyxLQUFLO1FBQ2hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDZCQUE2QixDQUFDLENBQUM7UUFDbEQsSUFBSSxHQUFHLEdBQUcsTUFBTSxhQUFhLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFckMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsbUVBQW1FO1lBQ25FLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1lBQzFDLElBQUksSUFBSSxFQUFFLENBQUM7Z0JBQ1QsR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDckMsTUFBTSxDQUFDLEdBQUcsQ0FDUixNQUFNLEVBQ04sMEVBQTBFLElBQUksQ0FBQyxZQUFZLG1CQUFtQixJQUFJLENBQUMsYUFBYSxHQUFHLENBQ3BJLENBQUM7WUFDSixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxDQUFDLEdBQUcsQ0FDUixNQUFNLEVBQ04saUpBQWlKLENBQ2xKLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQzthQUFNLElBQUksSUFBSSxDQUFDLHFCQUFxQixFQUFFLEVBQUUsQ0FBQztZQUN4QyxNQUFNLENBQUMsR0FBRyxDQUNSLE1BQU0sRUFDTixnS0FBZ0ssQ0FDakssQ0FBQztRQUNKLENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO1FBQzdDLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hCLE1BQU0sQ0FBQyxHQUFHLENBQ1IsTUFBTSxFQUNOLHVEQUF1RCxJQUFJLENBQUMsTUFBTSxDQUFDLFlBQVksYUFBYSxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sbUJBQW1CLElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxHQUFHLENBQy9KLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxJQUFJO1FBQ2YsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLENBQUM7SUFDckIsQ0FBQztJQUVEOzs7T0FHRztJQUNJLFNBQVM7UUFDZCxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDckIsQ0FBQztJQUVEOzs7T0FHRztJQUNJLGdCQUFnQjtRQUNyQixPQUFPLElBQUksQ0FBQyxNQUFNLEtBQUssSUFBSSxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7O09BR0c7SUFDSSxLQUFLLENBQUMsWUFBWSxDQUN2QixJQUEyRCxFQUMzRCxTQUFpQjtRQUVqQixJQUFJLEdBQUcsR0FBRyxNQUFNLGFBQWEsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNyQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFFdkIsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsR0FBRyxHQUFHLElBQUksYUFBYSxFQUFFLENBQUM7WUFDMUIsR0FBRyxDQUFDLFFBQVEsR0FBRyxhQUFhLENBQUM7WUFDN0IsR0FBRyxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsWUFBWSxJQUFJLEVBQUUsQ0FBQztZQUMzQyxHQUFHLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLElBQUksSUFBSSxDQUFDO1lBQ25DLEdBQUcsQ0FBQyxhQUFhLEdBQUcsSUFBSSxDQUFDLGFBQWEsSUFBSSxJQUFJLENBQUM7WUFDL0MsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxJQUFJLElBQUksQ0FBQztZQUN2QyxHQUFHLENBQUMsa0JBQWtCLEdBQUcsSUFBSSxDQUFDLGtCQUFrQixJQUFJLEVBQUUsQ0FBQztRQUN6RCxDQUFDO2FBQU0sQ0FBQztZQUNOLElBQUksSUFBSSxDQUFDLFlBQVksS0FBSyxTQUFTO2dCQUFFLEdBQUcsQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQztZQUMxRSxJQUFJLElBQUksQ0FBQyxPQUFPLEtBQUssU0FBUztnQkFBRSxHQUFHLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUM7WUFDM0QsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLFNBQVM7Z0JBQUUsR0FBRyxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQzdFLElBQUksSUFBSSxDQUFDLFNBQVMsS0FBSyxTQUFTO2dCQUFFLEdBQUcsQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQztZQUNqRSxJQUFJLElBQUksQ0FBQyxrQkFBa0IsS0FBSyxTQUFTO2dCQUFFLEdBQUcsQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDOUYsQ0FBQztRQUVELEdBQUcsQ0FBQyxTQUFTLEdBQUcsR0FBRyxDQUFDO1FBQ3BCLEdBQUcsQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1FBQzFCLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWpCLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUNoQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUM7SUFDckIsQ0FBQztJQUVELDZFQUE2RTtJQUM3RSxtQkFBbUI7SUFDbkIsNkVBQTZFO0lBRTdFOzs7Ozs7T0FNRztJQUNLLHFCQUFxQjtRQUMzQixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLElBQUksQ0FBQztRQUNqRCxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztRQUU3Qiw4REFBOEQ7UUFDOUQsSUFBSSxJQUFJLEVBQUUsWUFBWSxFQUFFLENBQUM7WUFDdkIsT0FBTztnQkFDTCxZQUFZLEVBQUUsSUFBSSxDQUFDLFlBQVk7Z0JBQy9CLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTyxLQUFLLEtBQUs7Z0JBQy9CLGFBQWEsRUFBRSxJQUFJLENBQUMsYUFBYSxLQUFLLEtBQUs7Z0JBQzNDLFNBQVMsRUFBRSxJQUFJLENBQUMsU0FBUyxLQUFLLEtBQUs7Z0JBQ25DLGtCQUFrQixFQUFFLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxFQUFFO2FBQ2xELENBQUM7UUFDSixDQUFDO1FBRUQsZ0RBQWdEO1FBQ2hELElBQUksR0FBRyxFQUFFLFlBQVksRUFBRSxDQUFDO1lBQ3RCLE9BQU87Z0JBQ0wsWUFBWSxFQUFFLEdBQUcsQ0FBQyxZQUFZO2dCQUM5QixPQUFPLEVBQUUsSUFBSTtnQkFDYixhQUFhLEVBQUUsSUFBSTtnQkFDbkIsU0FBUyxFQUFFLElBQUk7Z0JBQ2Ysa0JBQWtCLEVBQUUsRUFBRTthQUN2QixDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQ3pCLElBQWtEO1FBRWxELE1BQU0sR0FBRyxHQUFHLElBQUksYUFBYSxFQUFFLENBQUM7UUFDaEMsR0FBRyxDQUFDLFFBQVEsR0FBRyxhQUFhLENBQUM7UUFDN0IsR0FBRyxDQUFDLFlBQVksR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDO1FBQ3JDLEdBQUcsQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQztRQUMzQixHQUFHLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUM7UUFDdkMsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDO1FBQy9CLEdBQUcsQ0FBQyxrQkFBa0IsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDakQsR0FBRyxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDM0IsR0FBRyxDQUFDLFNBQVMsR0FBRyxNQUFNLENBQUM7UUFDdkIsTUFBTSxHQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDakIsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0lBRU8sT0FBTyxDQUFDLEdBQWtCO1FBQ2hDLE9BQU87WUFDTCxZQUFZLEVBQUUsR0FBRyxDQUFDLFlBQVk7WUFDOUIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLGFBQWEsRUFBRSxHQUFHLENBQUMsYUFBYTtZQUNoQyxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7WUFDeEIsa0JBQWtCLEVBQUUsR0FBRyxDQUFDLGtCQUFrQjtZQUMxQyxTQUFTLEVBQUUsR0FBRyxDQUFDLFNBQVM7WUFDeEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxTQUFTO1NBQ3pCLENBQUM7SUFDSixDQUFDO0NBQ0YifQ==

package/dist_ts/classes.cert-provision-scheduler.d.ts

@@ -0,0 +1,52 @@
+/**
+ * Manages certificate provisioning scheduling with:
+ * - Per-domain exponential backoff persisted via CertBackoffDoc
+ *
+ * Note: Serial stagger queue was removed — smartacme v9 handles
+ * concurrency, per-domain dedup, and rate limiting internally.
+ */
+export declare class CertProvisionScheduler {
+    private maxBackoffHours;
+    private backoffCache;
+    constructor(options?: {
+        maxBackoffHours?: number;
+    });
+    /**
+     * Sanitized domain key for storage lookups
+     */
+    private sanitizeDomain;
+    /**
+     * Load backoff entry from database (with in-memory cache)
+     */
+    private loadBackoff;
+    /**
+     * Save backoff entry to both cache and database
+     */
+    private saveBackoff;
+    /**
+     * Check if a domain is currently in backoff.
+     * Expired entries are pruned from the cache to prevent unbounded growth.
+     */
+    isInBackoff(domain: string): Promise<boolean>;
+    /**
+     * Record a provisioning failure for a domain.
+     * Sets exponential backoff: min(failures^2 * 1h, maxBackoffHours)
+     */
+    recordFailure(domain: string, error?: string): Promise<void>;
+    /**
+     * Clear backoff for a domain (on success or manual override)
+     */
+    clearBackoff(domain: string): Promise<void>;
+    /**
+     * Clear all in-memory backoff cache entries
+     */
+    clear(): void;
+    /**
+     * Get backoff info for UI display
+     */
+    getBackoffInfo(domain: string): Promise<{
+        failures: number;
+        retryAfter?: string;
+        lastError?: string;
+    } | null>;
+}

package/dist_ts/classes.cert-provision-scheduler.js

@@ -0,0 +1,138 @@
+import { logger } from './logger.js';
+import { CertBackoffDoc } from './db/index.js';
+/**
+ * Manages certificate provisioning scheduling with:
+ * - Per-domain exponential backoff persisted via CertBackoffDoc
+ *
+ * Note: Serial stagger queue was removed — smartacme v9 handles
+ * concurrency, per-domain dedup, and rate limiting internally.
+ */
+export class CertProvisionScheduler {
+    maxBackoffHours;
+    // In-memory backoff cache (mirrors storage for fast lookups)
+    backoffCache = new Map();
+    constructor(options) {
+        this.maxBackoffHours = options?.maxBackoffHours ?? 24;
+    }
+    /**
+     * Sanitized domain key for storage lookups
+     */
+    sanitizeDomain(domain) {
+        return domain.replace(/\*/g, '_wildcard_').replace(/[^a-zA-Z0-9._-]/g, '_');
+    }
+    /**
+     * Load backoff entry from database (with in-memory cache)
+     */
+    async loadBackoff(domain) {
+        const cached = this.backoffCache.get(domain);
+        if (cached)
+            return cached;
+        const sanitized = this.sanitizeDomain(domain);
+        const doc = await CertBackoffDoc.findByDomain(sanitized);
+        if (doc) {
+            const entry = {
+                failures: doc.failures,
+                lastFailure: doc.lastFailure,
+                retryAfter: doc.retryAfter,
+                lastError: doc.lastError,
+            };
+            this.backoffCache.set(domain, entry);
+            return entry;
+        }
+        return null;
+    }
+    /**
+     * Save backoff entry to both cache and database
+     */
+    async saveBackoff(domain, entry) {
+        this.backoffCache.set(domain, entry);
+        const sanitized = this.sanitizeDomain(domain);
+        let doc = await CertBackoffDoc.findByDomain(sanitized);
+        if (!doc) {
+            doc = new CertBackoffDoc();
+            doc.domain = sanitized;
+        }
+        doc.failures = entry.failures;
+        doc.lastFailure = entry.lastFailure;
+        doc.retryAfter = entry.retryAfter;
+        doc.lastError = entry.lastError || '';
+        await doc.save();
+    }
+    /**
+     * Check if a domain is currently in backoff.
+     * Expired entries are pruned from the cache to prevent unbounded growth.
+     */
+    async isInBackoff(domain) {
+        const entry = await this.loadBackoff(domain);
+        if (!entry)
+            return false;
+        const retryAfter = new Date(entry.retryAfter);
+        if (retryAfter.getTime() > Date.now()) {
+            return true;
+        }
+        // Backoff has expired — prune the stale entry
+        this.backoffCache.delete(domain);
+        return false;
+    }
+    /**
+     * Record a provisioning failure for a domain.
+     * Sets exponential backoff: min(failures^2 * 1h, maxBackoffHours)
+     */
+    async recordFailure(domain, error) {
+        const existing = await this.loadBackoff(domain);
+        const failures = (existing?.failures ?? 0) + 1;
+        // Exponential backoff: failures^2 hours, capped
+        const backoffHours = Math.min(failures * failures, this.maxBackoffHours);
+        const retryAfter = new Date(Date.now() + backoffHours * 60 * 60 * 1000);
+        const entry = {
+            failures,
+            lastFailure: new Date().toISOString(),
+            retryAfter: retryAfter.toISOString(),
+            lastError: error,
+        };
+        await this.saveBackoff(domain, entry);
+        logger.log('warn', `Cert backoff for ${domain}: ${failures} failures, retry after ${retryAfter.toISOString()}`);
+    }
+    /**
+     * Clear backoff for a domain (on success or manual override)
+     */
+    async clearBackoff(domain) {
+        this.backoffCache.delete(domain);
+        try {
+            const sanitized = this.sanitizeDomain(domain);
+            const doc = await CertBackoffDoc.findByDomain(sanitized);
+            if (doc) {
+                await doc.delete();
+            }
+        }
+        catch {
+            // Ignore delete errors (doc may not exist)
+        }
+    }
+    /**
+     * Clear all in-memory backoff cache entries
+     */
+    clear() {
+        this.backoffCache.clear();
+    }
+    /**
+     * Get backoff info for UI display
+     */
+    async getBackoffInfo(domain) {
+        const entry = await this.loadBackoff(domain);
+        if (!entry)
+            return null;
+        // Only return if still in backoff — prune expired entries
+        const retryAfter = new Date(entry.retryAfter);
+        if (retryAfter.getTime() <= Date.now()) {
+            this.backoffCache.delete(domain);
+            return null;
+        }
+        return {
+            failures: entry.failures,
+            retryAfter: entry.retryAfter,
+            lastError: entry.lastError,
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5jZXJ0LXByb3Zpc2lvbi1zY2hlZHVsZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi90cy9jbGFzc2VzLmNlcnQtcHJvdmlzaW9uLXNjaGVkdWxlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFTL0M7Ozs7OztHQU1HO0FBQ0gsTUFBTSxPQUFPLHNCQUFzQjtJQUN6QixlQUFlLENBQVM7SUFFaEMsNkRBQTZEO0lBQ3JELFlBQVksR0FBRyxJQUFJLEdBQUcsRUFBeUIsQ0FBQztJQUV4RCxZQUNFLE9BQXNDO1FBRXRDLElBQUksQ0FBQyxlQUFlLEdBQUcsT0FBTyxFQUFFLGVBQWUsSUFBSSxFQUFFLENBQUM7SUFDeEQsQ0FBQztJQUVEOztPQUVHO0lBQ0ssY0FBYyxDQUFDLE1BQWM7UUFDbkMsT0FBTyxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxPQUFPLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFjO1FBQ3RDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdDLElBQUksTUFBTTtZQUFFLE9BQU8sTUFBTSxDQUFDO1FBRTFCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3pELElBQUksR0FBRyxFQUFFLENBQUM7WUFDUixNQUFNLEtBQUssR0FBa0I7Z0JBQzNCLFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtnQkFDdEIsV0FBVyxFQUFFLEdBQUcsQ0FBQyxXQUFXO2dCQUM1QixVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVU7Z0JBQzFCLFNBQVMsRUFBRSxHQUFHLENBQUMsU0FBUzthQUN6QixDQUFDO1lBQ0YsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3JDLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUNELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVEOztPQUVHO0lBQ0ssS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFjLEVBQUUsS0FBb0I7UUFDNUQsSUFBSSxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDOUMsSUFBSSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ3ZELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULEdBQUcsR0FBRyxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQzNCLEdBQUcsQ0FBQyxNQUFNLEdBQUcsU0FBUyxDQUFDO1FBQ3pCLENBQUM7UUFDRCxHQUFHLENBQUMsUUFBUSxHQUFHLEtBQUssQ0FBQyxRQUFRLENBQUM7UUFDOUIsR0FBRyxDQUFDLFdBQVcsR0FBRyxLQUFLLENBQUMsV0FBVyxDQUFDO1FBQ3BDLEdBQUcsQ0FBQyxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQztRQUNsQyxHQUFHLENBQUMsU0FBUyxHQUFHLEtBQUssQ0FBQyxTQUFTLElBQUksRUFBRSxDQUFDO1FBQ3RDLE1BQU0sR0FBRyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ25CLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQWM7UUFDOUIsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzdDLElBQUksQ0FBQyxLQUFLO1lBQUUsT0FBTyxLQUFLLENBQUM7UUFFekIsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3RDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELDhDQUE4QztRQUM5QyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqQyxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsYUFBYSxDQUFDLE1BQWMsRUFBRSxLQUFjO1FBQ2hELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoRCxNQUFNLFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxRQUFRLElBQUksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRS9DLGdEQUFnRDtRQUNoRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxRQUFRLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBQ3pFLE1BQU0sVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxZQUFZLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztRQUV4RSxNQUFNLEtBQUssR0FBa0I7WUFDM0IsUUFBUTtZQUNSLFdBQVcsRUFBRSxJQUFJLElBQUksRUFBRSxDQUFDLFdBQVcsRUFBRTtZQUNyQyxVQUFVLEVBQUUsVUFBVSxDQUFDLFdBQVcsRUFBRTtZQUNwQyxTQUFTLEVBQUUsS0FBSztTQUNqQixDQUFDO1FBRUYsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE1BQU0sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN0QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxvQkFBb0IsTUFBTSxLQUFLLFFBQVEsMEJBQTBCLFVBQVUsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDbEgsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUFjO1FBQy9CLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2pDLElBQUksQ0FBQztZQUNILE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDOUMsTUFBTSxHQUFHLEdBQUcsTUFBTSxjQUFjLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3pELElBQUksR0FBRyxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDckIsQ0FBQztRQUNILENBQUM7UUFBQyxNQUFNLENBQUM7WUFDUCwyQ0FBMkM7UUFDN0MsQ0FBQztJQUNILENBQUM7SUFFRDs7T0FFRztJQUNJLEtBQUs7UUFDVixJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzVCLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxjQUFjLENBQUMsTUFBYztRQUtqQyxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDN0MsSUFBSSxDQUFDLEtBQUs7WUFBRSxPQUFPLElBQUksQ0FBQztRQUV4QiwwREFBMEQ7UUFDMUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxJQUFJLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzlDLElBQUksVUFBVSxDQUFDLE9BQU8sRUFBRSxJQUFJLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3ZDLElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELE9BQU87WUFDTCxRQUFRLEVBQUUsS0FBSyxDQUFDLFFBQVE7WUFDeEIsVUFBVSxFQUFFLEtBQUssQ0FBQyxVQUFVO1lBQzVCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztTQUMzQixDQUFDO0lBQ0osQ0FBQztDQUNGIn0=