@serve.zone/dcrouter 15.0.1 → 15.0.3

package/dist_ts/00_commitinfo_data.js

@@ -3,7 +3,7 @@
  */
 export const commitinfo = {
     name: '@serve.zone/dcrouter',
-    version: '15.0.1',
+    version: '15.0.3',
     description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 };
 //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiMDBfY29tbWl0aW5mb19kYXRhLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vdHMvMDBfY29tbWl0aW5mb19kYXRhLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHO0lBQ3hCLElBQUksRUFBRSxzQkFBc0I7SUFDNUIsT0FBTyxFQUFFLFFBQVE7SUFDakIsV0FBVyxFQUFFLDBFQUEwRTtDQUN4RixDQUFBIn0=

package/dist_ts/acme/classes.smartacme-lifecycle.d.ts

@@ -0,0 +1,25 @@
+import type { DcRouter } from '../classes.dcrouter.js';
+/**
+ * Background start/retry/stop lifecycle for the DcRouter-owned SmartAcme
+ * instance. SmartAcme startup can hit ACME rate limits, so startup runs in
+ * the background with generation-guarded exponential retry, and certificate
+ * provisioning is re-triggered once DNS-01 becomes ready.
+ */
+export declare class SmartAcmeLifecycle {
+    private dcRouterRef;
+    /** True once the SmartAcme DNS-01 provider finished starting. */
+    ready: boolean;
+    /** Tracks whether the taskbuffer SmartAcme service is started, so SmartProxy rebuilds can re-kick startup. */
+    serviceStarted: boolean;
+    private startGeneration;
+    private startPromise?;
+    private retryTimer?;
+    private retryAttempt;
+    constructor(dcRouterRef: DcRouter);
+    startInBackground(): void;
+    stop(): Promise<void>;
+    private scheduleStart;
+    private runStartAttempt;
+    private retriggerCertificateProvisioning;
+    private clearRetryTimer;
+}

package/dist_ts/acme/classes.smartacme-lifecycle.js

@@ -0,0 +1,144 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+/**
+ * Background start/retry/stop lifecycle for the DcRouter-owned SmartAcme
+ * instance. SmartAcme startup can hit ACME rate limits, so startup runs in
+ * the background with generation-guarded exponential retry, and certificate
+ * provisioning is re-triggered once DNS-01 becomes ready.
+ */
+export class SmartAcmeLifecycle {
+    dcRouterRef;
+    /** True once the SmartAcme DNS-01 provider finished starting. */
+    ready = false;
+    /** Tracks whether the taskbuffer SmartAcme service is started, so SmartProxy rebuilds can re-kick startup. */
+    serviceStarted = false;
+    startGeneration = 0;
+    startPromise;
+    retryTimer;
+    retryAttempt = 0;
+    constructor(dcRouterRef) {
+        this.dcRouterRef = dcRouterRef;
+    }
+    startInBackground() {
+        if (!this.dcRouterRef.smartAcme) {
+            this.ready = false;
+            return;
+        }
+        const generation = ++this.startGeneration;
+        this.ready = false;
+        this.retryAttempt = 0;
+        this.clearRetryTimer();
+        this.scheduleStart(generation, 0);
+    }
+    async stop() {
+        this.startGeneration++;
+        this.ready = false;
+        this.retryAttempt = 0;
+        this.clearRetryTimer();
+        const smartAcme = this.dcRouterRef.smartAcme;
+        if (!smartAcme) {
+            return;
+        }
+        try {
+            await smartAcme.stop();
+        }
+        catch (err) {
+            logger.log('error', 'Error stopping SmartAcme', { error: String(err) });
+        }
+        finally {
+            if (this.dcRouterRef.smartAcme === smartAcme) {
+                this.dcRouterRef.smartAcme = undefined;
+            }
+        }
+    }
+    scheduleStart(generation, delayMs) {
+        this.clearRetryTimer();
+        const retryTimer = setTimeout(() => {
+            this.retryTimer = undefined;
+            this.runStartAttempt(generation).catch((err) => {
+                logger.log('error', `Unexpected SmartAcme startup error: ${err.message}`);
+            });
+        }, delayMs);
+        this.retryTimer = retryTimer;
+        const unrefableTimer = retryTimer;
+        if (typeof unrefableTimer?.unref === 'function') {
+            unrefableTimer.unref();
+        }
+    }
+    async runStartAttempt(generation) {
+        const smartAcme = this.dcRouterRef.smartAcme;
+        if (!smartAcme || generation !== this.startGeneration) {
+            return;
+        }
+        const startPromise = smartAcme.start();
+        this.startPromise = startPromise;
+        try {
+            await startPromise;
+            if (generation !== this.startGeneration || this.dcRouterRef.smartAcme !== smartAcme) {
+                await smartAcme.stop().catch((err) => {
+                    logger.log('warn', `Failed to stop stale SmartAcme instance: ${err.message}`);
+                });
+                return;
+            }
+            this.ready = true;
+            this.retryAttempt = 0;
+            logger.log('info', 'SmartAcme DNS-01 provider is now ready');
+            this.retriggerCertificateProvisioning();
+        }
+        catch (err) {
+            if (generation !== this.startGeneration || this.dcRouterRef.smartAcme !== smartAcme) {
+                return;
+            }
+            this.ready = false;
+            await smartAcme.stop().catch((stopErr) => {
+                logger.log('warn', `Failed to clean up SmartAcme after startup failure: ${stopErr.message}`);
+            });
+            this.retryAttempt++;
+            if (this.retryAttempt > 20) {
+                logger.log('error', `SmartAcme DNS-01 provider failed after 20 startup attempts: ${err.message}`);
+                return;
+            }
+            const baseDelayMs = 5000;
+            const maxDelayMs = 3_600_000;
+            const delayMs = Math.min(baseDelayMs * Math.pow(2, this.retryAttempt - 1), maxDelayMs);
+            const jitter = 0.8 + Math.random() * 0.4;
+            const actualDelayMs = Math.floor(delayMs * jitter);
+            logger.log('warn', `SmartAcme DNS-01 provider startup failed: ${err.message}; retrying in ${actualDelayMs}ms (attempt ${this.retryAttempt}/20)`);
+            this.scheduleStart(generation, actualDelayMs);
+        }
+        finally {
+            if (this.startPromise === startPromise) {
+                this.startPromise = undefined;
+            }
+        }
+    }
+    retriggerCertificateProvisioning() {
+        // During startup, certProvisionFunction returns 'http01' while SmartAcme is not ready,
+        // but Rust ACME is disabled when certProvisionFunction is set. Re-applying routes
+        // retries provisioning now that DNS-01 is available.
+        if (this.dcRouterRef.routeConfigManager) {
+            logger.log('info', 'Re-triggering certificate provisioning via RouteConfigManager');
+            this.dcRouterRef.routeConfigManager.applyRoutes().catch((err) => {
+                logger.log('warn', `Failed to re-trigger cert provisioning: ${err?.message || err}`);
+            });
+            return;
+        }
+        if (this.dcRouterRef.smartProxy) {
+            if (this.dcRouterRef.certProvisionScheduler) {
+                this.dcRouterRef.certProvisionScheduler.clear();
+            }
+            const currentRoutes = this.dcRouterRef.smartProxy.routeManager.getRoutes();
+            logger.log('info', `Re-triggering certificate provisioning for ${currentRoutes.length} routes`);
+            this.dcRouterRef.smartProxy.updateRoutes(currentRoutes).catch((err) => {
+                logger.log('warn', `Failed to re-trigger cert provisioning: ${err?.message || err}`);
+            });
+        }
+    }
+    clearRetryTimer() {
+        if (this.retryTimer) {
+            clearTimeout(this.retryTimer);
+            this.retryTimer = undefined;
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5zbWFydGFjbWUtbGlmZWN5Y2xlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vdHMvYWNtZS9jbGFzc2VzLnNtYXJ0YWNtZS1saWZlY3ljbGUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUd0Qzs7Ozs7R0FLRztBQUNILE1BQU0sT0FBTyxrQkFBa0I7SUFXVDtJQVZwQixpRUFBaUU7SUFDMUQsS0FBSyxHQUFHLEtBQUssQ0FBQztJQUNyQiw4R0FBOEc7SUFDdkcsY0FBYyxHQUFHLEtBQUssQ0FBQztJQUV0QixlQUFlLEdBQUcsQ0FBQyxDQUFDO0lBQ3BCLFlBQVksQ0FBaUI7SUFDN0IsVUFBVSxDQUFpQztJQUMzQyxZQUFZLEdBQUcsQ0FBQyxDQUFDO0lBRXpCLFlBQW9CLFdBQXFCO1FBQXJCLGdCQUFXLEdBQVgsV0FBVyxDQUFVO0lBQUcsQ0FBQztJQUV0QyxpQkFBaUI7UUFDdEIsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDaEMsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7WUFDbkIsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLFVBQVUsR0FBRyxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUM7UUFDMUMsSUFBSSxDQUFDLEtBQUssR0FBRyxLQUFLLENBQUM7UUFDbkIsSUFBSSxDQUFDLFlBQVksR0FBRyxDQUFDLENBQUM7UUFDdEIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQ3ZCLElBQUksQ0FBQyxhQUFhLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFTSxLQUFLLENBQUMsSUFBSTtRQUNmLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztRQUN2QixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUNuQixJQUFJLENBQUMsWUFBWSxHQUFHLENBQUMsQ0FBQztRQUN0QixJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFFdkIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLENBQUM7UUFDN0MsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ2YsT0FBTztRQUNULENBQUM7UUFFRCxJQUFJLENBQUM7WUFDSCxNQUFNLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN6QixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDBCQUEwQixFQUFFLEVBQUUsS0FBSyxFQUFFLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDMUUsQ0FBQztnQkFBUyxDQUFDO1lBQ1QsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLFNBQVMsS0FBSyxTQUFTLEVBQUUsQ0FBQztnQkFDN0MsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1lBQ3pDLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVPLGFBQWEsQ0FBQyxVQUFrQixFQUFFLE9BQWU7UUFDdkQsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLEVBQUU7WUFDakMsSUFBSSxDQUFDLFVBQVUsR0FBRyxTQUFTLENBQUM7WUFDNUIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtnQkFDN0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsdUNBQXdDLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQ3ZGLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ1osSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7UUFDN0IsTUFBTSxjQUFjLEdBQUcsVUFBaUIsQ0FBQztRQUN6QyxJQUFJLE9BQU8sY0FBYyxFQUFFLEtBQUssS0FBSyxVQUFVLEVBQUUsQ0FBQztZQUNoRCxjQUFjLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDekIsQ0FBQztJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsZUFBZSxDQUFDLFVBQWtCO1FBQzlDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDO1FBQzdDLElBQUksQ0FBQyxTQUFTLElBQUksVUFBVSxLQUFLLElBQUksQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUN0RCxPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sWUFBWSxHQUFHLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUN2QyxJQUFJLENBQUMsWUFBWSxHQUFHLFlBQVksQ0FBQztRQUVqQyxJQUFJLENBQUM7WUFDSCxNQUFNLFlBQVksQ0FBQztZQUNuQixJQUFJLFVBQVUsS0FBSyxJQUFJLENBQUMsZUFBZSxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxLQUFLLFNBQVMsRUFBRSxDQUFDO2dCQUNwRixNQUFNLFNBQVMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtvQkFDbkMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNENBQTZDLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUMzRixDQUFDLENBQUMsQ0FBQztnQkFDSCxPQUFPO1lBQ1QsQ0FBQztZQUVELElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO1lBQ2xCLElBQUksQ0FBQyxZQUFZLEdBQUcsQ0FBQyxDQUFDO1lBQ3RCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHdDQUF3QyxDQUFDLENBQUM7WUFDN0QsSUFBSSxDQUFDLGdDQUFnQyxFQUFFLENBQUM7UUFDMUMsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixJQUFJLFVBQVUsS0FBSyxJQUFJLENBQUMsZUFBZSxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxLQUFLLFNBQVMsRUFBRSxDQUFDO2dCQUNwRixPQUFPO1lBQ1QsQ0FBQztZQUVELElBQUksQ0FBQyxLQUFLLEdBQUcsS0FBSyxDQUFDO1lBQ25CLE1BQU0sU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO2dCQUN2QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSx1REFBd0QsT0FBaUIsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQzFHLENBQUMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3BCLElBQUksSUFBSSxDQUFDLFlBQVksR0FBRyxFQUFFLEVBQUUsQ0FBQztnQkFDM0IsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsK0RBQWdFLEdBQWEsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUM3RyxPQUFPO1lBQ1QsQ0FBQztZQUVELE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQztZQUN6QixNQUFNLFVBQVUsR0FBRyxTQUFTLENBQUM7WUFDN0IsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxDQUFDLFlBQVksR0FBRyxDQUFDLENBQUMsRUFBRSxVQUFVLENBQUMsQ0FBQztZQUN2RixNQUFNLE1BQU0sR0FBRyxHQUFHLEdBQUcsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEdBQUcsQ0FBQztZQUN6QyxNQUFNLGFBQWEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsQ0FBQztZQUNuRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2Q0FBOEMsR0FBYSxDQUFDLE9BQU8saUJBQWlCLGFBQWEsZUFBZSxJQUFJLENBQUMsWUFBWSxNQUFNLENBQUMsQ0FBQztZQUM1SixJQUFJLENBQUMsYUFBYSxDQUFDLFVBQVUsRUFBRSxhQUFhLENBQUMsQ0FBQztRQUNoRCxDQUFDO2dCQUFTLENBQUM7WUFDVCxJQUFJLElBQUksQ0FBQyxZQUFZLEtBQUssWUFBWSxFQUFFLENBQUM7Z0JBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsU0FBUyxDQUFDO1lBQ2hDLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQztJQUVPLGdDQUFnQztRQUN0Qyx1RkFBdUY7UUFDdkYsa0ZBQWtGO1FBQ2xGLHFEQUFxRDtRQUNyRCxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUN4QyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrREFBK0QsQ0FBQyxDQUFDO1lBQ3BGLElBQUksQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUMsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBUSxFQUFFLEVBQUU7Z0JBQ25FLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJDQUEyQyxHQUFHLEVBQUUsT0FBTyxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7WUFDdkYsQ0FBQyxDQUFDLENBQUM7WUFDSCxPQUFPO1FBQ1QsQ0FBQztRQUVELElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNoQyxJQUFJLElBQUksQ0FBQyxXQUFXLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztnQkFDNUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsTUFBTSxhQUFhLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzNFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDhDQUE4QyxhQUFhLENBQUMsTUFBTSxTQUFTLENBQUMsQ0FBQztZQUNoRyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsYUFBYSxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsR0FBUSxFQUFFLEVBQUU7Z0JBQ3pFLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDJDQUEyQyxHQUFHLEVBQUUsT0FBTyxJQUFJLEdBQUcsRUFBRSxDQUFDLENBQUM7WUFDdkYsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVPLGVBQWU7UUFDckIsSUFBSSxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDcEIsWUFBWSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUM5QixJQUFJLENBQUMsVUFBVSxHQUFHLFNBQVMsQ0FBQztRQUM5QixDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=

package/dist_ts/acme/index.d.ts

@@ -1 +1,2 @@
 export * from './manager.acme-config.js';
+export * from './classes.smartacme-lifecycle.js';

package/dist_ts/acme/index.js

@@ -1,2 +1,3 @@
 export * from './manager.acme-config.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9hY21lL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsMEJBQTBCLENBQUMifQ==
+export * from './classes.smartacme-lifecycle.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9hY21lL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsMEJBQTBCLENBQUM7QUFDekMsY0FBYyxrQ0FBa0MsQ0FBQyJ9

package/dist_ts/classes.dcrouter.d.ts

@@ -6,16 +6,18 @@ import { DcRouterDb, CacheCleaner } from './db/index.js';
 import { OpsServer } from './opsserver/index.js';
 import { MetricsManager } from './monitoring/index.js';
 import { RadiusServer, type IRadiusServerConfig } from './radius/index.js';
-import { RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
-import { VpnManager } from './vpn/index.js';
+import { RemoteIngressHubLifecycle, RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
+import { VpnAccessResolver, VpnManager } from './vpn/index.js';
 import { RouteConfigManager, ApiTokenManager, GatewayClientManager, ReferenceResolver, TargetProfileManager } from './config/index.js';
-import { SecurityPolicyManager } from './security/index.js';
+import { SecurityPolicyManager, RoutePolicyAugmenter } from './security/index.js';
 import { type IHttp3Config } from './http3/index.js';
 import { DnsManager } from './dns/manager.dns.js';
+import { DnsServerRuntime } from './dns/classes.dns-server-runtime.js';
 import { AcmeConfigManager } from './acme/manager.acme-config.js';
-import { EmailDomainManager, EmailSettingsManager, WorkAppMailManager } from './email/index.js';
+import { SmartAcmeLifecycle } from './acme/classes.smartacme-lifecycle.js';
+import { AcceptedEmailSpool, EmailDomainManager, EmailRouteBuilder, EmailSettingsManager, WorkAppMailManager } from './email/index.js';
 import type { IEmailPortConfig, IEmailServerSettings, TEmailServerSettingsUpdate } from '../dist_ts_interfaces/data/email-settings.js';
-import type { IRemoteIngressHubSettings, TRemoteIngressHubSettingsUpdate } from '../dist_ts_interfaces/data/remoteingress.js';
+import type { IDcRouterRouteConfig, IRemoteIngressHubSettings, TRemoteIngressHubSettingsUpdate } from '../dist_ts_interfaces/data/remoteingress.js';
 export interface IDcRouterOptions {
     /** Base directory for all dcrouter data. Defaults to ~/.serve.zone/dcrouter */
     baseDir?: string;
@@ -224,16 +226,8 @@ export declare class DcRouter {
     cacheCleaner?: CacheCleaner;
     remoteIngressManager?: RemoteIngressManager;
     tunnelManager?: TunnelManager;
-    private remoteIngressHubLifecycleChain;
     private smartProxyLifecycleChain;
     private emailLifecycleChain;
-    private acceptedEmailSpoolTimer?;
-    private acceptedEmailSpoolRun?;
-    private acceptedEmailSpoolProcessing;
-    private acceptedEmailSpoolStopping;
-    private acceptedEmailQueueUpdatePromises;
-    private remoteIngressHubStopping;
-    private remoteIngressHubGeneration;
     vpnManager?: VpnManager;
     routeConfigManager?: RouteConfigManager;
     apiTokenManager?: ApiTokenManager;
@@ -245,12 +239,9 @@ export declare class DcRouter {
     emailSettingsManager?: EmailSettingsManager;
     emailDomainManager?: EmailDomainManager;
     workAppMailManager: WorkAppMailManager;
+    acceptedEmailSpool: AcceptedEmailSpool;
     securityPolicyManager?: SecurityPolicyManager;
     detectedPublicIp: string | null;
-    private dnsLogWindowSecond;
-    private dnsLogWindowCount;
-    private dnsBatchCount;
-    private dnsBatchTimer;
     certificateStatusMap: Map<string, {
         status: "valid" | "failed";
         routeNames: string[];
@@ -262,15 +253,15 @@ export declare class DcRouter {
     certProvisionScheduler?: CertProvisionScheduler;
     serviceManager: plugins.taskbuffer.ServiceManager;
     private serviceSubjectSubscription?;
-    smartAcmeReady: boolean;
-    private smartAcmeServiceStarted;
-    private smartAcmeStartGeneration;
-    private smartAcmeStartPromise?;
-    private smartAcmeRetryTimer?;
-    private smartAcmeRetryAttempt;
+    smartAcmeLifecycle: SmartAcmeLifecycle;
+    vpnAccessResolver: VpnAccessResolver;
+    remoteIngressHubLifecycle: RemoteIngressHubLifecycle;
+    dnsServerRuntime: DnsServerRuntime;
+    emailRouteBuilder: EmailRouteBuilder;
+    routePolicyAugmenter: RoutePolicyAugmenter;
     typedrouter: plugins.typedrequest.TypedRouter<import("@api.global/typedrequest-interfaces").ITypedRequest>;
     private seedConfigRoutes;
-    private seedEmailRoutes;
+    seedEmailRoutes: IDcRouterRouteConfig[];
     private seedDnsRoutes;
     private runtimeDnsRoutes;
     private qenv;
@@ -280,15 +271,9 @@ export declare class DcRouter {
      * Services are started in dependency order, with failure isolation for optional services.
      */
     private registerServices;
-    private isRemoteIngressHubEnabled;
+    isRemoteIngressHubEnabled(): boolean;
     private getRemoteIngressHubSettingsMigrationSeed;
     private getEmailSettingsMigrationSeed;
-    private startSmartAcmeInBackground;
-    private scheduleSmartAcmeStart;
-    private runSmartAcmeStartAttempt;
-    private retriggerCertificateProvisioningAfterSmartAcmeReady;
-    private clearSmartAcmeRetryTimer;
-    private stopSmartAcme;
     start(): Promise<void>;
     /**
      * Detect OS-level resource limits and warn if they are too low for production use.
@@ -308,27 +293,10 @@ export declare class DcRouter {
      */
     private setupSmartProxy;
     applySecurityPolicy(): Promise<void>;
-    private mergeSecurityPolicies;
-    private applyInboundProxyProtocolPolicies;
-    private getDesiredInboundProxyProtocolPolicy;
-    private getInboundProxyListenerKeys;
-    private mergeInboundProxyProtocolPolicies;
-    /**
-     * Generate SmartProxy routes for email configuration
-     */
-    private generateEmailRoutes;
     /**
      * Generate SmartProxy routes for DNS configuration
      */
     private generateDnsRoutes;
-    private getRuntimeEmailRoutes;
-    private getCurrentGeneratedEmailRouteNames;
-    private shouldHydrateGeneratedEmailRoute;
-    private createServerFirstEmailRuntimeRoute;
-    private getRemoteIngressEmailInboundProxyPolicy;
-    private createEmailSocketProxyHandler;
-    private createProxyProtocolV1Header;
-    private hydrateStoredRouteForRuntime;
     /**
      * Check if a domain matches a pattern (including wildcard support)
      * @param domain The domain to check
@@ -351,26 +319,6 @@ export declare class DcRouter {
      * This implements the consolidated emailConfig approach
      */
     private setupUnifiedEmailHandling;
-    private acceptSmartMtaMessage;
-    private setDcRouterCacheIdHeader;
-    private processAcceptedCachedEmail;
-    private startAcceptedEmailSpoolProcessor;
-    private clearAcceptedEmailSpoolTimer;
-    private stopAcceptedEmailSpoolProcessor;
-    private runAcceptedEmailSpoolProcessor;
-    private processAcceptedEmailSpool;
-    private buildCachedEmailSession;
-    private parseCachedEmailRouteData;
-    private updateAcceptedEmailFromQueueItem;
-    private trackAcceptedEmailQueueUpdate;
-    private drainAcceptedEmailQueueUpdates;
-    private waitForPromiseToSettleWithTimeout;
-    private recoverQueuedAcceptedEmails;
-    private isCachedEmailTerminal;
-    private getCachedEmailIdFromQueueItem;
-    private getHeaderValue;
-    private removeHeader;
-    private throwIfMessageAcceptanceAborted;
     /**
      * Update the unified email configuration
      * @param config New email configuration
@@ -394,90 +342,24 @@ export declare class DcRouter {
      * Register DNS records with the DNS server
      * @param records Array of DNS records to register
      */
-    private registerDnsRecords;
-    /**
-     * Parse DNS record data based on record type
-     * @param type DNS record type
-     * @param value DNS record value
-     * @returns Parsed data for the DNS response
-     */
-    private parseDnsRecordData;
-    /**
-     * Set up DNS server with socket handler for DoH
-     */
-    private setupDnsWithSocketHandler;
-    /**
-     * Create DNS socket handler for DoH
-     */
-    private createDnsSocketHandler;
-    /**
-     * Validate DNS configuration
-     */
-    private validateDnsConfiguration;
-    /**
-     * Generate email DNS records for domains with internal-dns mode
-     */
-    private generateEmailDnsRecords;
-    /**
-     * Generate DKIM DNS records for internal-dns domains from smartmta's selector-aware DKIM state.
-     */
-    private loadDkimRecords;
-    /**
-     * Initialize DKIM keys for all configured email domains
-     * This ensures DKIM records are available immediately at startup
-     */
-    private initializeDkimForEmailDomains;
-    /**
-     * Generate authoritative DNS records (NS only) for all domains in dnsScopes
-     * SOA records are now automatically generated by smartdns with primaryNameserver setting
-     */
-    private generateAuthoritativeRecords;
-    /**
-     * Extract the base domain from a DNS record name
-     */
-    private extractDomain;
-    /**
-     * Apply proxy IP replacement logic to DNS records
-     */
-    private applyProxyIpReplacement;
     private addEmailEventSubscription;
     private clearEmailEventSubscriptions;
-    /**
-     * Detect the server's public IP address
-     */
-    private detectServerPublicIp;
     /**
      * Set up Remote Ingress hub for edge tunnel connections
      */
-    private setupRemoteIngress;
-    private isRemoteIngressHubGenerationCurrent;
-    private queueRemoteIngressHubTask;
     private queueSmartProxyLifecycleTask;
     private queueEmailLifecycleTask;
-    private stopRemoteIngress;
+    /** Serialized edge mutation on the RemoteIngress hub (delegates to the hub lifecycle). */
     mutateRemoteIngressEdges<T>(mutation: (manager: RemoteIngressManager) => Promise<T>, syncAllowedEdges?: boolean): Promise<T>;
-    private updateRemoteIngressRoutes;
     updateRemoteIngressHubSettings(updates: TRemoteIngressHubSettingsUpdate, updatedBy: string): Promise<IRemoteIngressHubSettings>;
-    private restartSmartProxyForRemoteIngressSettings;
-    private stopRemoteIngressTunnelHubLocked;
-    private restartRemoteIngressTunnelHubLocked;
-    private startRemoteIngressTunnelHubLocked;
-    private resolveRemoteIngressTlsConfig;
+    /** Restart SmartProxy after RemoteIngress hub settings changed listener wiring. Called by RemoteIngressHubLifecycle. */
+    restartSmartProxyForRemoteIngressSettings(): Promise<void>;
+    /** Bootstrap routes the RemoteIngress hub uses to derive edge ports before the DB route set is applied. */
+    getRemoteIngressBootstrapRoutes(): plugins.smartproxy.IRouteConfig[];
     /**
      * Set up VPN server for VPN-based route access control.
      */
-    private createVpnClientAccessResolver;
     private setupVpnServer;
-    /** Cache for DNS-resolved IPs of VPN-gated domains. TTL: 5 minutes. */
-    private vpnDomainIpCache;
-    /** Deduplicate wildcard-resolution warnings for WireGuard AllowedIPs generation. */
-    private warnedWildcardVpnDomains;
-    /**
-     * Resolve a domain's A record(s) for VPN AllowedIPs, with a 5-minute cache.
-     */
-    private resolveVpnDomainIPs;
-    private isWildcardVpnDomain;
-    private logSkippedWildcardAllowedIp;
     /**
      * Set up RADIUS server for network authentication
      */