@serve.zone/dcrouter 15.0.1 → 15.0.3

package/dist_ts/dns/classes.dns-server-runtime.d.ts

@@ -0,0 +1,37 @@
+import * as plugins from '../plugins.js';
+import type { DcRouter } from '../classes.dcrouter.js';
+/**
+ * Sets up and feeds the embedded authoritative smartdns server: validates the
+ * DNS configuration, generates authoritative/email/DKIM records, applies
+ * proxy-IP replacement, registers record handlers, wires rate-limited query
+ * logging/metrics, and provides the DoH socket handler for SmartProxy routes.
+ */
+export declare class DnsServerRuntime {
+    private dcRouterRef;
+    private logWindowSecond;
+    private logWindowCount;
+    private batchCount;
+    private batchTimer;
+    constructor(dcRouterRef: DcRouter);
+    /**
+     * Create the DNS server, start it on UDP, wire metrics/logging, and
+     * register all generated records.
+     */
+    setup(): Promise<void>;
+    /**
+     * Create the DoH socket handler SmartProxy routes hand TLS sockets to.
+     */
+    createSocketHandler(): (socket: plugins.net.Socket) => Promise<void>;
+    /** Flush the pending rate-limited query-log batch and reset logging state. */
+    flushQueryLogBatch(): void;
+    private registerRecords;
+    private parseRecordData;
+    private validateConfiguration;
+    private generateEmailDnsRecords;
+    private loadDkimRecords;
+    private initializeDkimForEmailDomains;
+    private generateAuthoritativeRecords;
+    private extractDomain;
+    private applyProxyIpReplacement;
+    private detectServerPublicIp;
+}

package/dist_ts/dns/classes.dns-server-runtime.js

@@ -0,0 +1,449 @@
+import * as plugins from '../plugins.js';
+import * as paths from '../paths.js';
+import { logger } from '../logger.js';
+import { buildEmailDnsRecords } from '../email/index.js';
+/**
+ * Sets up and feeds the embedded authoritative smartdns server: validates the
+ * DNS configuration, generates authoritative/email/DKIM records, applies
+ * proxy-IP replacement, registers record handlers, wires rate-limited query
+ * logging/metrics, and provides the DoH socket handler for SmartProxy routes.
+ */
+export class DnsServerRuntime {
+    dcRouterRef;
+    // Adaptive query-log rate limiting state
+    logWindowSecond = 0; // epoch second of current window
+    logWindowCount = 0; // queries logged this second
+    batchCount = 0;
+    batchTimer = null;
+    constructor(dcRouterRef) {
+        this.dcRouterRef = dcRouterRef;
+    }
+    /**
+     * Create the DNS server, start it on UDP, wire metrics/logging, and
+     * register all generated records.
+     */
+    async setup() {
+        const options = this.dcRouterRef.options;
+        if (!options.dnsNsDomains || options.dnsNsDomains.length === 0) {
+            throw new Error('dnsNsDomains is required for DNS server setup');
+        }
+        if (!options.dnsScopes || options.dnsScopes.length === 0) {
+            throw new Error('dnsScopes is required for DNS server setup');
+        }
+        const primaryNameserver = options.dnsNsDomains[0];
+        logger.log('info', `Setting up DNS server with primary nameserver: ${primaryNameserver}`);
+        // Get VM IP address for UDP binding
+        const networkInterfaces = plugins.os.networkInterfaces();
+        let vmIpAddress = options.dnsBindInterface || '0.0.0.0'; // Default to all interfaces
+        // Try to find the VM's internal IP address when no explicit bind address is configured.
+        if (!options.dnsBindInterface) {
+            interfaceLoop: for (const [_name, interfaces] of Object.entries(networkInterfaces)) {
+                if (interfaces) {
+                    for (const iface of interfaces) {
+                        if (!iface.internal && iface.family === 'IPv4') {
+                            vmIpAddress = iface.address;
+                            break interfaceLoop;
+                        }
+                    }
+                }
+            }
+        }
+        // Create DNS server instance with manual HTTPS mode
+        const dnsServer = new plugins.smartdns.dnsServerMod.DnsServer({
+            udpPort: 53,
+            udpBindInterface: vmIpAddress,
+            httpsPort: 443, // Required but won't bind due to manual mode
+            manualHttpsMode: true, // Enable manual HTTPS socket handling
+            dnssecZone: primaryNameserver,
+            primaryNameserver: primaryNameserver, // Automatically generates correct SOA records
+            // For now, use self-signed cert until we integrate with Let's Encrypt
+            httpsKey: '',
+            httpsCert: ''
+        });
+        this.dcRouterRef.dnsServer = dnsServer;
+        // Start the DNS server (UDP only)
+        await dnsServer.start();
+        logger.log('info', `DNS server started on UDP ${vmIpAddress}:53`);
+        // Wire DNS query events to MetricsManager and logger with adaptive rate limiting
+        if (this.dcRouterRef.metricsManager) {
+            const flushDnsBatch = () => {
+                if (this.batchCount > 0) {
+                    logger.log('info', `DNS: ${this.batchCount} queries processed (rate limited)`, { zone: 'dns' });
+                    this.batchCount = 0;
+                }
+                this.batchTimer = null;
+            };
+            dnsServer.on('query', (event) => {
+                // Metrics tracking
+                for (const question of event.questions) {
+                    this.dcRouterRef.metricsManager?.trackDnsQuery(question.type, question.name, false, event.responseTimeMs, event.answered);
+                }
+                // Adaptive logging: individual logs up to 2/sec, then batch
+                const nowSec = Math.floor(Date.now() / 1000);
+                if (nowSec !== this.logWindowSecond) {
+                    this.logWindowSecond = nowSec;
+                    this.logWindowCount = 0;
+                }
+                if (this.logWindowCount < 2) {
+                    this.logWindowCount++;
+                    const summary = event.questions.map(q => `${q.type} ${q.name}`).join(', ');
+                    logger.log('info', `DNS query: ${summary} (${event.responseTimeMs}ms, ${event.answered ? 'answered' : 'unanswered'})`, { zone: 'dns' });
+                }
+                else {
+                    this.batchCount++;
+                    if (!this.batchTimer) {
+                        this.batchTimer = setTimeout(flushDnsBatch, 5000);
+                    }
+                }
+            });
+        }
+        // Validate DNS configuration
+        await this.validateConfiguration();
+        // Generate and register authoritative records
+        const authoritativeRecords = await this.generateAuthoritativeRecords();
+        // Generate email DNS records
+        const emailDnsRecords = await this.generateEmailDnsRecords();
+        // Ensure DKIM keys exist for internal-dns domains before generating records.
+        await this.initializeDkimForEmailDomains();
+        // Generate DKIM records directly from smartmta.
+        const dkimRecords = await this.loadDkimRecords();
+        // Combine all records: authoritative, email, DKIM, and user-defined
+        const allRecords = [...authoritativeRecords, ...emailDnsRecords, ...dkimRecords];
+        if (options.dnsRecords && options.dnsRecords.length > 0) {
+            allRecords.push(...options.dnsRecords);
+        }
+        // Apply proxy IP replacement if configured
+        await this.applyProxyIpReplacement(allRecords);
+        // Register all DNS records
+        if (allRecords.length > 0) {
+            this.registerRecords(allRecords);
+            logger.log('info', `Registered ${allRecords.length} DNS records (${authoritativeRecords.length} authoritative, ${emailDnsRecords.length} email, ${dkimRecords.length} DKIM, ${options.dnsRecords?.length || 0} user-defined)`);
+        }
+        // Hand the DnsServer to DnsManager so DB-backed local records on
+        // dcrouter-hosted domains get registered too.
+        if (this.dcRouterRef.dnsManager) {
+            await this.dcRouterRef.dnsManager.attachDnsServer(dnsServer);
+        }
+    }
+    /**
+     * Create the DoH socket handler SmartProxy routes hand TLS sockets to.
+     */
+    createSocketHandler() {
+        return async (socket) => {
+            if (!this.dcRouterRef.dnsServer) {
+                logger.log('error', 'DNS socket handler called but DNS server not initialized');
+                socket.end();
+                return;
+            }
+            // Prevent uncaught exception from socket 'error' events
+            socket.on('error', (err) => {
+                logger.log('error', `DNS socket error: ${err.message}`);
+                if (!socket.destroyed) {
+                    socket.destroy();
+                }
+            });
+            logger.log('debug', 'DNS socket handler: passing socket to DnsServer');
+            try {
+                // Use the built-in socket handler from smartdns
+                // This handles HTTP/2, DoH protocol, etc.
+                await this.dcRouterRef.dnsServer.handleHttpsSocket(socket);
+            }
+            catch (error) {
+                logger.log('error', `DNS socket handler error: ${error.message}`);
+                if (!socket.destroyed) {
+                    socket.destroy();
+                }
+            }
+        };
+    }
+    /** Flush the pending rate-limited query-log batch and reset logging state. */
+    flushQueryLogBatch() {
+        if (this.batchTimer) {
+            clearTimeout(this.batchTimer);
+            if (this.batchCount > 0) {
+                logger.log('info', `DNS: ${this.batchCount} queries processed (final flush)`, { zone: 'dns' });
+            }
+            this.batchTimer = null;
+            this.batchCount = 0;
+            this.logWindowSecond = 0;
+            this.logWindowCount = 0;
+        }
+    }
+    registerRecords(records) {
+        const dnsServer = this.dcRouterRef.dnsServer;
+        if (!dnsServer)
+            return;
+        // Register a separate handler for each record
+        // This ensures multiple records of the same type (like NS records) are all served
+        for (const record of records) {
+            // Register handler for this specific record
+            dnsServer.registerHandler(record.name, [record.type], (question) => {
+                // Check if this handler matches the question
+                if (question.name === record.name && question.type === record.type) {
+                    return {
+                        name: record.name,
+                        type: record.type,
+                        class: 'IN',
+                        ttl: record.ttl || 300,
+                        data: this.parseRecordData(record.type, record.value)
+                    };
+                }
+                return null;
+            });
+        }
+        logger.log('info', `Registered ${records.length} DNS handlers (one per record)`);
+    }
+    parseRecordData(type, value) {
+        switch (type) {
+            case 'A':
+                return value; // IP address as string
+            case 'MX':
+                const [priority, exchange] = value.split(' ');
+                return { priority: parseInt(priority), exchange };
+            case 'TXT':
+                return value;
+            case 'NS':
+                return value;
+            case 'SOA':
+                // SOA format: primary-ns admin-email serial refresh retry expire minimum
+                const parts = value.split(' ');
+                return {
+                    mname: parts[0],
+                    rname: parts[1],
+                    serial: parseInt(parts[2]),
+                    refresh: parseInt(parts[3]),
+                    retry: parseInt(parts[4]),
+                    expire: parseInt(parts[5]),
+                    minimum: parseInt(parts[6])
+                };
+            default:
+                return value;
+        }
+    }
+    async validateConfiguration() {
+        const options = this.dcRouterRef.options;
+        if (!options.dnsNsDomains || !options.dnsScopes) {
+            return;
+        }
+        logger.log('info', 'Validating DNS configuration...');
+        // Check if email domains with internal-dns are in dnsScopes
+        if (options.emailConfig?.domains) {
+            for (const domainConfig of options.emailConfig.domains) {
+                if (domainConfig.dnsMode === 'internal-dns' &&
+                    !options.dnsScopes.includes(domainConfig.domain)) {
+                    logger.log('warn', `Email domain '${domainConfig.domain}' with internal-dns mode is not in dnsScopes. It should be added to dnsScopes.`);
+                }
+            }
+        }
+        // Validate user-provided DNS records are within scopes
+        if (options.dnsRecords) {
+            for (const record of options.dnsRecords) {
+                const recordDomain = this.extractDomain(record.name);
+                const isInScope = options.dnsScopes.some(scope => recordDomain === scope || recordDomain.endsWith(`.${scope}`));
+                if (!isInScope) {
+                    logger.log('warn', `DNS record for '${record.name}' is outside defined scopes [${options.dnsScopes.join(', ')}]`);
+                }
+            }
+        }
+    }
+    async generateEmailDnsRecords() {
+        const options = this.dcRouterRef.options;
+        const records = [];
+        if (!options.emailConfig?.domains) {
+            return records;
+        }
+        // Filter domains with internal-dns mode
+        const internalDnsDomains = options.emailConfig.domains.filter(domain => domain.dnsMode === 'internal-dns');
+        for (const domainConfig of internalDnsDomains) {
+            const domain = domainConfig.domain;
+            const ttl = domainConfig.dns?.internal?.ttl || 3600;
+            const requiredRecords = buildEmailDnsRecords({
+                domain,
+                hostname: options.emailConfig.hostname,
+                mxPriority: domainConfig.dns?.internal?.mxPriority,
+            }).filter((record) => !record.name.includes('._domainkey.'));
+            for (const record of requiredRecords) {
+                records.push({
+                    name: record.name,
+                    type: record.type,
+                    value: record.value,
+                    ttl,
+                });
+            }
+        }
+        logger.log('info', `Generated ${records.length} email DNS records for ${internalDnsDomains.length} internal-dns domains`);
+        return records;
+    }
+    async loadDkimRecords() {
+        const options = this.dcRouterRef.options;
+        const records = [];
+        if (!options.emailConfig?.domains || !this.dcRouterRef.emailServer?.dkimCreator) {
+            return records;
+        }
+        for (const domainConfig of options.emailConfig.domains) {
+            if (domainConfig.dnsMode !== 'internal-dns') {
+                continue;
+            }
+            const selector = domainConfig.dkim?.selector || 'default';
+            try {
+                const dkimRecord = await this.dcRouterRef.emailServer.dkimCreator.getDNSRecordForDomain(domainConfig.domain, selector);
+                records.push({
+                    name: dkimRecord.name,
+                    type: 'TXT',
+                    value: dkimRecord.value,
+                    ttl: domainConfig.dns?.internal?.ttl || 3600,
+                });
+            }
+            catch (error) {
+                logger.log('error', `Failed to generate DKIM record for ${domainConfig.domain}: ${error.message}`);
+            }
+        }
+        return records;
+    }
+    async initializeDkimForEmailDomains() {
+        const options = this.dcRouterRef.options;
+        if (!options.emailConfig?.domains || !this.dcRouterRef.emailServer) {
+            return;
+        }
+        logger.log('info', 'Initializing DKIM keys for email domains...');
+        // Get DKIMCreator instance from email server (public in smartmta)
+        const dkimCreator = this.dcRouterRef.emailServer.dkimCreator;
+        if (!dkimCreator) {
+            logger.log('warn', 'DKIMCreator not available, skipping DKIM initialization');
+            return;
+        }
+        // Ensure necessary directories exist
+        paths.ensureDataDirectories(this.dcRouterRef.resolvedPaths);
+        // Generate DKIM keys for each internal-dns email domain using the configured selector.
+        for (const domainConfig of options.emailConfig.domains) {
+            if (domainConfig.dnsMode !== 'internal-dns') {
+                continue;
+            }
+            try {
+                await dkimCreator.handleDKIMKeysForSelector(domainConfig.domain, domainConfig.dkim?.selector || 'default', domainConfig.dkim?.keySize || 2048);
+                logger.log('info', `DKIM keys initialized for ${domainConfig.domain}`);
+            }
+            catch (error) {
+                logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${error.message}`);
+            }
+        }
+        logger.log('info', 'DKIM initialization complete');
+    }
+    async generateAuthoritativeRecords() {
+        const options = this.dcRouterRef.options;
+        const records = [];
+        if (!options.dnsNsDomains || !options.dnsScopes) {
+            return records;
+        }
+        // Determine the public IP for nameserver A records
+        let publicIp = null;
+        // Use proxy IPs if configured (these should be public IPs)
+        if (options.proxyIps && options.proxyIps.length > 0) {
+            publicIp = options.proxyIps[0]; // Use first proxy IP
+            logger.log('info', `Using proxy IP for nameserver A records: ${publicIp}`);
+        }
+        else if (options.publicIp) {
+            // Use explicitly configured public IP
+            publicIp = options.publicIp;
+            this.dcRouterRef.detectedPublicIp = publicIp;
+            logger.log('info', `Using configured public IP for nameserver A records: ${publicIp}`);
+        }
+        else {
+            // Auto-discover public IP using smartnetwork
+            try {
+                logger.log('info', 'Auto-discovering public IP address...');
+                const smartNetwork = new plugins.smartnetwork.SmartNetwork();
+                const publicIps = await smartNetwork.getPublicIps();
+                if (publicIps.v4) {
+                    publicIp = publicIps.v4;
+                    this.dcRouterRef.detectedPublicIp = publicIp;
+                    logger.log('info', `Auto-discovered public IPv4: ${publicIp}`);
+                }
+                else {
+                    logger.log('warn', 'Could not auto-discover public IPv4 address');
+                }
+            }
+            catch (error) {
+                logger.log('error', `Failed to auto-discover public IP: ${error.message}`);
+            }
+            if (!publicIp) {
+                logger.log('warn', 'No public IP available. Nameserver A records require either proxyIps, publicIp, or successful auto-discovery.');
+            }
+        }
+        // Generate A records for nameservers if we have a public IP
+        if (publicIp) {
+            for (const nsDomain of options.dnsNsDomains) {
+                records.push({
+                    name: nsDomain,
+                    type: 'A',
+                    value: publicIp,
+                    ttl: 3600
+                });
+            }
+            logger.log('info', `Generated A records for ${options.dnsNsDomains.length} nameservers`);
+        }
+        // Generate NS records for each domain in scopes
+        for (const domain of options.dnsScopes) {
+            // Add NS records for all nameservers
+            for (const nsDomain of options.dnsNsDomains) {
+                records.push({
+                    name: domain,
+                    type: 'NS',
+                    value: nsDomain,
+                    ttl: 3600
+                });
+            }
+            // SOA records are now automatically generated by smartdns DnsServer
+            // with the primaryNameserver configuration option
+        }
+        logger.log('info', `Generated ${records.length} total records (A + NS) for ${options.dnsScopes.length} domains`);
+        return records;
+    }
+    extractDomain(recordName) {
+        // Handle wildcards
+        if (recordName.startsWith('*.')) {
+            recordName = recordName.substring(2);
+        }
+        return recordName;
+    }
+    async applyProxyIpReplacement(records) {
+        const options = this.dcRouterRef.options;
+        if (!options.proxyIps || options.proxyIps.length === 0) {
+            return; // No proxy IPs configured, skip replacement
+        }
+        // Get server's public IP
+        const serverIp = await this.detectServerPublicIp();
+        if (!serverIp) {
+            logger.log('warn', 'Could not detect server public IP, skipping proxy IP replacement');
+            return;
+        }
+        logger.log('info', `Applying proxy IP replacement. Server IP: ${serverIp}, Proxy IPs: ${options.proxyIps.join(', ')}`);
+        let proxyIndex = 0;
+        for (const record of records) {
+            if (record.type === 'A' &&
+                record.value === serverIp &&
+                record.useIngressProxy !== false) {
+                // Round-robin through proxy IPs
+                const proxyIp = options.proxyIps[proxyIndex % options.proxyIps.length];
+                logger.log('info', `Replacing A record for ${record.name}: ${record.value} → ${proxyIp}`);
+                record.value = proxyIp;
+                proxyIndex++;
+            }
+        }
+    }
+    async detectServerPublicIp() {
+        try {
+            const smartNetwork = new plugins.smartnetwork.SmartNetwork();
+            const publicIps = await smartNetwork.getPublicIps();
+            if (publicIps.v4) {
+                return publicIps.v4;
+            }
+            return null;
+        }
+        catch (error) {
+            logger.log('warn', `Failed to detect public IP: ${error.message}`);
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xhc3Nlcy5kbnMtc2VydmVyLXJ1bnRpbWUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9kbnMvY2xhc3Nlcy5kbnMtc2VydmVyLXJ1bnRpbWUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLE9BQU8sTUFBTSxlQUFlLENBQUM7QUFDekMsT0FBTyxLQUFLLEtBQUssTUFBTSxhQUFhLENBQUM7QUFDckMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUN0QyxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUt6RDs7Ozs7R0FLRztBQUNILE1BQU0sT0FBTyxnQkFBZ0I7SUFPUDtJQU5wQix5Q0FBeUM7SUFDakMsZUFBZSxHQUFHLENBQUMsQ0FBQyxDQUFDLGlDQUFpQztJQUN0RCxjQUFjLEdBQUcsQ0FBQyxDQUFDLENBQUMsNkJBQTZCO0lBQ2pELFVBQVUsR0FBRyxDQUFDLENBQUM7SUFDZixVQUFVLEdBQXlDLElBQUksQ0FBQztJQUVoRSxZQUFvQixXQUFxQjtRQUFyQixnQkFBVyxHQUFYLFdBQVcsQ0FBVTtJQUFHLENBQUM7SUFFN0M7OztPQUdHO0lBQ0ksS0FBSyxDQUFDLEtBQUs7UUFDaEIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUM7UUFDekMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDL0QsTUFBTSxJQUFJLEtBQUssQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsSUFBSSxPQUFPLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6RCxNQUFNLElBQUksS0FBSyxDQUFDLDRDQUE0QyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUVELE1BQU0saUJBQWlCLEdBQUcsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNsRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxrREFBa0QsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDO1FBRTFGLG9DQUFvQztRQUNwQyxNQUFNLGlCQUFpQixHQUFHLE9BQU8sQ0FBQyxFQUFFLENBQUMsaUJBQWlCLEVBR3JELENBQUM7UUFDRixJQUFJLFdBQVcsR0FBRyxPQUFPLENBQUMsZ0JBQWdCLElBQUksU0FBUyxDQUFDLENBQUMsNEJBQTRCO1FBRXJGLHdGQUF3RjtRQUN4RixJQUFJLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDOUIsYUFBYSxFQUFFLEtBQUssTUFBTSxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztnQkFDbkYsSUFBSSxVQUFVLEVBQUUsQ0FBQztvQkFDZixLQUFLLE1BQU0sS0FBSyxJQUFJLFVBQVUsRUFBRSxDQUFDO3dCQUMvQixJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDOzRCQUMvQyxXQUFXLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQzs0QkFDNUIsTUFBTSxhQUFhLENBQUM7d0JBQ3RCLENBQUM7b0JBQ0gsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxvREFBb0Q7UUFDcEQsTUFBTSxTQUFTLEdBQUcsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUM7WUFDNUQsT0FBTyxFQUFFLEVBQUU7WUFDWCxnQkFBZ0IsRUFBRSxXQUFXO1lBQzdCLFNBQVMsRUFBRSxHQUFHLEVBQUUsNkNBQTZDO1lBQzdELGVBQWUsRUFBRSxJQUFJLEVBQUUsc0NBQXNDO1lBQzdELFVBQVUsRUFBRSxpQkFBaUI7WUFDN0IsaUJBQWlCLEVBQUUsaUJBQWlCLEVBQUUsOENBQThDO1lBQ3BGLHNFQUFzRTtZQUN0RSxRQUFRLEVBQUUsRUFBRTtZQUNaLFNBQVMsRUFBRSxFQUFFO1NBQ2QsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEdBQUcsU0FBUyxDQUFDO1FBRXZDLGtDQUFrQztRQUNsQyxNQUFNLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsV0FBVyxLQUFLLENBQUMsQ0FBQztRQUVsRSxpRkFBaUY7UUFDakYsSUFBSSxJQUFJLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3BDLE1BQU0sYUFBYSxHQUFHLEdBQUcsRUFBRTtnQkFDekIsSUFBSSxJQUFJLENBQUMsVUFBVSxHQUFHLENBQUMsRUFBRSxDQUFDO29CQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxRQUFRLElBQUksQ0FBQyxVQUFVLG1DQUFtQyxFQUFFLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7b0JBQ2hHLElBQUksQ0FBQyxVQUFVLEdBQUcsQ0FBQyxDQUFDO2dCQUN0QixDQUFDO2dCQUNELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDO1lBQ3pCLENBQUMsQ0FBQztZQUVGLFNBQVMsQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLENBQUMsS0FBNEQsRUFBRSxFQUFFO2dCQUNyRixtQkFBbUI7Z0JBQ25CLEtBQUssTUFBTSxRQUFRLElBQUksS0FBSyxDQUFDLFNBQVMsRUFBRSxDQUFDO29CQUN2QyxJQUFJLENBQUMsV0FBVyxDQUFDLGNBQWMsRUFBRSxhQUFhLENBQzVDLFFBQVEsQ0FBQyxJQUFJLEVBQ2IsUUFBUSxDQUFDLElBQUksRUFDYixLQUFLLEVBQ0wsS0FBSyxDQUFDLGNBQWMsRUFDcEIsS0FBSyxDQUFDLFFBQVEsQ0FDZixDQUFDO2dCQUNKLENBQUM7Z0JBRUQsNERBQTREO2dCQUM1RCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztnQkFDN0MsSUFBSSxNQUFNLEtBQUssSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO29CQUNwQyxJQUFJLENBQUMsZUFBZSxHQUFHLE1BQU0sQ0FBQztvQkFDOUIsSUFBSSxDQUFDLGNBQWMsR0FBRyxDQUFDLENBQUM7Z0JBQzFCLENBQUM7Z0JBRUQsSUFBSSxJQUFJLENBQUMsY0FBYyxHQUFHLENBQUMsRUFBRSxDQUFDO29CQUM1QixJQUFJLENBQUMsY0FBYyxFQUFFLENBQUM7b0JBQ3RCLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDM0UsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsY0FBYyxPQUFPLEtBQUssS0FBSyxDQUFDLGNBQWMsT0FBTyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLFlBQVksR0FBRyxFQUFFLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7Z0JBQzFJLENBQUM7cUJBQU0sQ0FBQztvQkFDTixJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7b0JBQ2xCLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7d0JBQ3JCLElBQUksQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsQ0FBQztvQkFDcEQsQ0FBQztnQkFDSCxDQUFDO1lBQ0gsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO1FBRUQsNkJBQTZCO1FBQzdCLE1BQU0sSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7UUFFbkMsOENBQThDO1FBQzlDLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsNEJBQTRCLEVBQUUsQ0FBQztRQUV2RSw2QkFBNkI7UUFDN0IsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsdUJBQXVCLEVBQUUsQ0FBQztRQUU3RCw2RUFBNkU7UUFDN0UsTUFBTSxJQUFJLENBQUMsNkJBQTZCLEVBQUUsQ0FBQztRQUUzQyxnREFBZ0Q7UUFDaEQsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFFakQsb0VBQW9FO1FBQ3BFLE1BQU0sVUFBVSxHQUFxQixDQUFDLEdBQUcsb0JBQW9CLEVBQUUsR0FBRyxlQUFlLEVBQUUsR0FBRyxXQUFXLENBQUMsQ0FBQztRQUNuRyxJQUFJLE9BQU8sQ0FBQyxVQUFVLElBQUksT0FBTyxDQUFDLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDeEQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUN6QyxDQUFDO1FBRUQsMkNBQTJDO1FBQzNDLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRS9DLDJCQUEyQjtRQUMzQixJQUFJLFVBQVUsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDMUIsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUNqQyxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxjQUFjLFVBQVUsQ0FBQyxNQUFNLGlCQUFpQixvQkFBb0IsQ0FBQyxNQUFNLG1CQUFtQixlQUFlLENBQUMsTUFBTSxXQUFXLFdBQVcsQ0FBQyxNQUFNLFVBQVUsT0FBTyxDQUFDLFVBQVUsRUFBRSxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ2pPLENBQUM7UUFFRCxpRUFBaUU7UUFDakUsOENBQThDO1FBQzlDLElBQUksSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUNoQyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUMvRCxDQUFDO0lBQ0gsQ0FBQztJQUVEOztPQUVHO0lBQ0ksbUJBQW1CO1FBQ3hCLE9BQU8sS0FBSyxFQUFFLE1BQTBCLEVBQUUsRUFBRTtZQUMxQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDaEMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUUsMERBQTBELENBQUMsQ0FBQztnQkFDaEYsTUFBTSxDQUFDLEdBQUcsRUFBRSxDQUFDO2dCQUNiLE9BQU87WUFDVCxDQUFDO1lBRUQsd0RBQXdEO1lBQ3hELE1BQU0sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLENBQUMsR0FBRyxFQUFFLEVBQUU7Z0JBQ3pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLHFCQUFxQixHQUFHLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDeEQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQixDQUFDO1lBQ0gsQ0FBQyxDQUFDLENBQUM7WUFFSCxNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxpREFBaUQsQ0FBQyxDQUFDO1lBRXZFLElBQUksQ0FBQztnQkFDSCxnREFBZ0Q7Z0JBQ2hELDBDQUEwQztnQkFDMUMsTUFBTyxJQUFJLENBQUMsV0FBVyxDQUFDLFNBQWlCLENBQUMsaUJBQWlCLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDdEUsQ0FBQztZQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7Z0JBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLDZCQUE4QixLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztnQkFDN0UsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsQ0FBQztvQkFDdEIsTUFBTSxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUNuQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUMsQ0FBQztJQUNKLENBQUM7SUFFRCw4RUFBOEU7SUFDdkUsa0JBQWtCO1FBQ3ZCLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQ3BCLFlBQVksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDOUIsSUFBSSxJQUFJLENBQUMsVUFBVSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxRQUFRLElBQUksQ0FBQyxVQUFVLGtDQUFrQyxFQUFFLEVBQUUsSUFBSSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7WUFDakcsQ0FBQztZQUNELElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDO1lBQ3ZCLElBQUksQ0FBQyxVQUFVLEdBQUcsQ0FBQyxDQUFDO1lBQ3BCLElBQUksQ0FBQyxlQUFlLEdBQUcsQ0FBQyxDQUFDO1lBQ3pCLElBQUksQ0FBQyxjQUFjLEdBQUcsQ0FBQyxDQUFDO1FBQzFCLENBQUM7SUFDSCxDQUFDO0lBRU8sZUFBZSxDQUFDLE9BQXlCO1FBQy9DLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsU0FBUyxDQUFDO1FBQzdDLElBQUksQ0FBQyxTQUFTO1lBQUUsT0FBTztRQUV2Qiw4Q0FBOEM7UUFDOUMsa0ZBQWtGO1FBQ2xGLEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFLENBQUM7WUFDN0IsNENBQTRDO1lBQzVDLFNBQVMsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUFFO2dCQUNqRSw2Q0FBNkM7Z0JBQzdDLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxNQUFNLENBQUMsSUFBSSxJQUFJLFFBQVEsQ0FBQyxJQUFJLEtBQUssTUFBTSxDQUFDLElBQUksRUFBRSxDQUFDO29CQUNuRSxPQUFPO3dCQUNMLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSTt3QkFDakIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJO3dCQUNqQixLQUFLLEVBQUUsSUFBSTt3QkFDWCxHQUFHLEVBQUUsTUFBTSxDQUFDLEdBQUcsSUFBSSxHQUFHO3dCQUN0QixJQUFJLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUM7cUJBQ3RELENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxPQUFPLElBQUksQ0FBQztZQUNkLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGNBQWMsT0FBTyxDQUFDLE1BQU0sZ0NBQWdDLENBQUMsQ0FBQztJQUNuRixDQUFDO0lBRU8sZUFBZSxDQUFDLElBQVksRUFBRSxLQUFhO1FBQ2pELFFBQVEsSUFBSSxFQUFFLENBQUM7WUFDYixLQUFLLEdBQUc7Z0JBQ04sT0FBTyxLQUFLLENBQUMsQ0FBQyx1QkFBdUI7WUFDdkMsS0FBSyxJQUFJO2dCQUNQLE1BQU0sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDOUMsT0FBTyxFQUFFLFFBQVEsRUFBRSxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsUUFBUSxFQUFFLENBQUM7WUFDcEQsS0FBSyxLQUFLO2dCQUNSLE9BQU8sS0FBSyxDQUFDO1lBQ2YsS0FBSyxJQUFJO2dCQUNQLE9BQU8sS0FBSyxDQUFDO1lBQ2YsS0FBSyxLQUFLO2dCQUNSLHlFQUF5RTtnQkFDekUsTUFBTSxLQUFLLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDL0IsT0FBTztvQkFDTCxLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztvQkFDZixLQUFLLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztvQkFDZixNQUFNLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDMUIsT0FBTyxFQUFFLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7b0JBQzNCLEtBQUssRUFBRSxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO29CQUN6QixNQUFNLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztvQkFDMUIsT0FBTyxFQUFFLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7aUJBQzVCLENBQUM7WUFDSjtnQkFDRSxPQUFPLEtBQUssQ0FBQztRQUNqQixDQUFDO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyxxQkFBcUI7UUFDakMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUM7UUFDekMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDaEQsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxpQ0FBaUMsQ0FBQyxDQUFDO1FBRXRELDREQUE0RDtRQUM1RCxJQUFJLE9BQU8sQ0FBQyxXQUFXLEVBQUUsT0FBTyxFQUFFLENBQUM7WUFDakMsS0FBSyxNQUFNLFlBQVksSUFBSSxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDO2dCQUN2RCxJQUFJLFlBQVksQ0FBQyxPQUFPLEtBQUssY0FBYztvQkFDdkMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQztvQkFDckQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsaUJBQWlCLFlBQVksQ0FBQyxNQUFNLGdGQUFnRixDQUFDLENBQUM7Z0JBQzNJLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELHVEQUF1RDtRQUN2RCxJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUN2QixLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDeEMsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7Z0JBQ3JELE1BQU0sU0FBUyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQy9DLFlBQVksS0FBSyxLQUFLLElBQUksWUFBWSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEtBQUssRUFBRSxDQUFDLENBQzdELENBQUM7Z0JBRUYsSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO29CQUNmLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLG1CQUFtQixNQUFNLENBQUMsSUFBSSxnQ0FBZ0MsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUNwSCxDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sS0FBSyxDQUFDLHVCQUF1QjtRQUNuQyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQztRQUN6QyxNQUFNLE9BQU8sR0FBcUIsRUFBRSxDQUFDO1FBRXJDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLE9BQU8sRUFBRSxDQUFDO1lBQ2xDLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLENBQUM7UUFFRCx3Q0FBd0M7UUFDeEMsTUFBTSxrQkFBa0IsR0FBRyxPQUFPLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQzNELE1BQU0sQ0FBQyxFQUFFLENBQUMsTUFBTSxDQUFDLE9BQU8sS0FBSyxjQUFjLENBQzVDLENBQUM7UUFFRixLQUFLLE1BQU0sWUFBWSxJQUFJLGtCQUFrQixFQUFFLENBQUM7WUFDOUMsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUFDLE1BQU0sQ0FBQztZQUNuQyxNQUFNLEdBQUcsR0FBRyxZQUFZLENBQUMsR0FBRyxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksSUFBSSxDQUFDO1lBQ3BELE1BQU0sZUFBZSxHQUFHLG9CQUFvQixDQUFDO2dCQUMzQyxNQUFNO2dCQUNOLFFBQVEsRUFBRSxPQUFPLENBQUMsV0FBVyxDQUFDLFFBQVE7Z0JBQ3RDLFVBQVUsRUFBRSxZQUFZLENBQUMsR0FBRyxFQUFFLFFBQVEsRUFBRSxVQUFVO2FBQ25ELENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQztZQUU3RCxLQUFLLE1BQU0sTUFBTSxJQUFJLGVBQWUsRUFBRSxDQUFDO2dCQUNyQyxPQUFPLENBQUMsSUFBSSxDQUFDO29CQUNYLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSTtvQkFDakIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJO29CQUNqQixLQUFLLEVBQUUsTUFBTSxDQUFDLEtBQUs7b0JBQ25CLEdBQUc7aUJBQ0osQ0FBQyxDQUFDO1lBQ0wsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSxhQUFhLE9BQU8sQ0FBQyxNQUFNLDBCQUEwQixrQkFBa0IsQ0FBQyxNQUFNLHVCQUF1QixDQUFDLENBQUM7UUFDMUgsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVPLEtBQUssQ0FBQyxlQUFlO1FBQzNCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDO1FBQ3pDLE1BQU0sT0FBTyxHQUFxQixFQUFFLENBQUM7UUFDckMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxXQUFXLEVBQUUsV0FBVyxFQUFFLENBQUM7WUFDaEYsT0FBTyxPQUFPLENBQUM7UUFDakIsQ0FBQztRQUVELEtBQUssTUFBTSxZQUFZLElBQUksT0FBTyxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN2RCxJQUFJLFlBQVksQ0FBQyxPQUFPLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQzVDLFNBQVM7WUFDWCxDQUFDO1lBQ0QsTUFBTSxRQUFRLEdBQUcsWUFBWSxDQUFDLElBQUksRUFBRSxRQUFRLElBQUksU0FBUyxDQUFDO1lBQzFELElBQUksQ0FBQztnQkFDSCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDO2dCQUN2SCxPQUFPLENBQUMsSUFBSSxDQUFDO29CQUNYLElBQUksRUFBRSxVQUFVLENBQUMsSUFBSTtvQkFDckIsSUFBSSxFQUFFLEtBQUs7b0JBQ1gsS0FBSyxFQUFFLFVBQVUsQ0FBQyxLQUFLO29CQUN2QixHQUFHLEVBQUUsWUFBWSxDQUFDLEdBQUcsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLElBQUk7aUJBQzdDLENBQUMsQ0FBQztZQUNMLENBQUM7WUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO2dCQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxzQ0FBc0MsWUFBWSxDQUFDLE1BQU0sS0FBTSxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUNoSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTyxLQUFLLENBQUMsNkJBQTZCO1FBQ3pDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDO1FBQ3pDLElBQUksQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDbkUsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2Q0FBNkMsQ0FBQyxDQUFDO1FBRWxFLGtFQUFrRTtRQUNsRSxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUM7UUFDN0QsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHlEQUF5RCxDQUFDLENBQUM7WUFDOUUsT0FBTztRQUNULENBQUM7UUFFRCxxQ0FBcUM7UUFDckMsS0FBSyxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDLENBQUM7UUFFNUQsdUZBQXVGO1FBQ3ZGLEtBQUssTUFBTSxZQUFZLElBQUksT0FBTyxDQUFDLFdBQVcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN2RCxJQUFJLFlBQVksQ0FBQyxPQUFPLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQzVDLFNBQVM7WUFDWCxDQUFDO1lBQ0QsSUFBSSxDQUFDO2dCQUNILE1BQU0sV0FBVyxDQUFDLHlCQUF5QixDQUN6QyxZQUFZLENBQUMsTUFBTSxFQUNuQixZQUFZLENBQUMsSUFBSSxFQUFFLFFBQVEsSUFBSSxTQUFTLEVBQ3hDLFlBQVksQ0FBQyxJQUFJLEVBQUUsT0FBTyxJQUFJLElBQUksQ0FDbkMsQ0FBQztnQkFDRixNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2QkFBNkIsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDekUsQ0FBQztZQUFDLE9BQU8sS0FBYyxFQUFFLENBQUM7Z0JBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLGlDQUFpQyxZQUFZLENBQUMsTUFBTSxLQUFNLEtBQWUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO1lBQzNHLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsOEJBQThCLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRU8sS0FBSyxDQUFDLDRCQUE0QjtRQUN4QyxNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQztRQUN6QyxNQUFNLE9BQU8sR0FBcUIsRUFBRSxDQUFDO1FBRXJDLElBQUksQ0FBQyxPQUFPLENBQUMsWUFBWSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ2hELE9BQU8sT0FBTyxDQUFDO1FBQ2pCLENBQUM7UUFFRCxtREFBbUQ7UUFDbkQsSUFBSSxRQUFRLEdBQWtCLElBQUksQ0FBQztRQUVuQywyREFBMkQ7UUFDM0QsSUFBSSxPQUFPLENBQUMsUUFBUSxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3BELFFBQVEsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMscUJBQXFCO1lBQ3JELE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLDRDQUE0QyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQzdFLENBQUM7YUFBTSxJQUFJLE9BQU8sQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUM1QixzQ0FBc0M7WUFDdEMsUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7WUFDNUIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxnQkFBZ0IsR0FBRyxRQUFRLENBQUM7WUFDN0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsd0RBQXdELFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDekYsQ0FBQzthQUFNLENBQUM7WUFDTiw2Q0FBNkM7WUFDN0MsSUFBSSxDQUFDO2dCQUNILE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLHVDQUF1QyxDQUFDLENBQUM7Z0JBQzVELE1BQU0sWUFBWSxHQUFHLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDN0QsTUFBTSxTQUFTLEdBQUcsTUFBTSxZQUFZLENBQUMsWUFBWSxFQUFFLENBQUM7Z0JBRXBELElBQUksU0FBUyxDQUFDLEVBQUUsRUFBRSxDQUFDO29CQUNqQixRQUFRLEdBQUcsU0FBUyxDQUFDLEVBQUUsQ0FBQztvQkFDeEIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxnQkFBZ0IsR0FBRyxRQUFRLENBQUM7b0JBQzdDLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGdDQUFnQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO2dCQUNqRSxDQUFDO3FCQUFNLENBQUM7b0JBQ04sTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsNkNBQTZDLENBQUMsQ0FBQztnQkFDcEUsQ0FBQztZQUNILENBQUM7WUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO2dCQUN4QixNQUFNLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxzQ0FBdUMsS0FBZSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDeEYsQ0FBQztZQUVELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztnQkFDZCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSwrR0FBK0csQ0FBQyxDQUFDO1lBQ3RJLENBQUM7UUFDSCxDQUFDO1FBRUQsNERBQTREO1FBQzVELElBQUksUUFBUSxFQUFFLENBQUM7WUFDYixLQUFLLE1BQU0sUUFBUSxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDNUMsT0FBTyxDQUFDLElBQUksQ0FBQztvQkFDWCxJQUFJLEVBQUUsUUFBUTtvQkFDZCxJQUFJLEVBQUUsR0FBRztvQkFDVCxLQUFLLEVBQUUsUUFBUTtvQkFDZixHQUFHLEVBQUUsSUFBSTtpQkFDVixDQUFDLENBQUM7WUFDTCxDQUFDO1lBQ0QsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMkJBQTJCLE9BQU8sQ0FBQyxZQUFZLENBQUMsTUFBTSxjQUFjLENBQUMsQ0FBQztRQUMzRixDQUFDO1FBRUQsZ0RBQWdEO1FBQ2hELEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3ZDLHFDQUFxQztZQUNyQyxLQUFLLE1BQU0sUUFBUSxJQUFJLE9BQU8sQ0FBQyxZQUFZLEVBQUUsQ0FBQztnQkFDNUMsT0FBTyxDQUFDLElBQUksQ0FBQztvQkFDWCxJQUFJLEVBQUUsTUFBTTtvQkFDWixJQUFJLEVBQUUsSUFBSTtvQkFDVixLQUFLLEVBQUUsUUFBUTtvQkFDZixHQUFHLEVBQUUsSUFBSTtpQkFDVixDQUFDLENBQUM7WUFDTCxDQUFDO1lBRUQsb0VBQW9FO1lBQ3BFLGtEQUFrRDtRQUNwRCxDQUFDO1FBRUQsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsYUFBYSxPQUFPLENBQUMsTUFBTSwrQkFBK0IsT0FBTyxDQUFDLFNBQVMsQ0FBQyxNQUFNLFVBQVUsQ0FBQyxDQUFDO1FBQ2pILE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFTyxhQUFhLENBQUMsVUFBa0I7UUFDdEMsbUJBQW1CO1FBQ25CLElBQUksVUFBVSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ2hDLFVBQVUsR0FBRyxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFDRCxPQUFPLFVBQVUsQ0FBQztJQUNwQixDQUFDO0lBRU8sS0FBSyxDQUFDLHVCQUF1QixDQUFDLE9BQXlCO1FBQzdELE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDO1FBQ3pDLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3ZELE9BQU8sQ0FBQyw0Q0FBNEM7UUFDdEQsQ0FBQztRQUVELHlCQUF5QjtRQUN6QixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1FBQ25ELElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNkLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLGtFQUFrRSxDQUFDLENBQUM7WUFDdkYsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRSw2Q0FBNkMsUUFBUSxnQkFBZ0IsT0FBTyxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRXZILElBQUksVUFBVSxHQUFHLENBQUMsQ0FBQztRQUNuQixLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRSxDQUFDO1lBQzdCLElBQUksTUFBTSxDQUFDLElBQUksS0FBSyxHQUFHO2dCQUNuQixNQUFNLENBQUMsS0FBSyxLQUFLLFFBQVE7Z0JBQ3pCLE1BQU0sQ0FBQyxlQUFlLEtBQUssS0FBSyxFQUFFLENBQUM7Z0JBQ3JDLGdDQUFnQztnQkFDaEMsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxVQUFVLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztnQkFDdkUsTUFBTSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsMEJBQTBCLE1BQU0sQ0FBQyxJQUFJLEtBQUssTUFBTSxDQUFDLEtBQUssTUFBTSxPQUFPLEVBQUUsQ0FBQyxDQUFDO2dCQUMxRixNQUFNLENBQUMsS0FBSyxHQUFHLE9BQU8sQ0FBQztnQkFDdkIsVUFBVSxFQUFFLENBQUM7WUFDZixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsb0JBQW9CO1FBQ2hDLElBQUksQ0FBQztZQUNILE1BQU0sWUFBWSxHQUFHLElBQUksT0FBTyxDQUFDLFlBQVksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUM3RCxNQUFNLFNBQVMsR0FBRyxNQUFNLFlBQVksQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUVwRCxJQUFJLFNBQVMsQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDakIsT0FBTyxTQUFTLENBQUMsRUFBRSxDQUFDO1lBQ3RCLENBQUM7WUFFRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFBQyxPQUFPLEtBQWMsRUFBRSxDQUFDO1lBQ3hCLE1BQU0sQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLCtCQUFnQyxLQUFlLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUM5RSxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7SUFDSCxDQUFDO0NBQ0YifQ==

package/dist_ts/dns/index.d.ts

@@ -1,2 +1,3 @@
 export * from './manager.dns.js';
 export * from './providers/index.js';
+export * from './classes.dns-server-runtime.js';

package/dist_ts/dns/index.js

@@ -1,3 +1,4 @@
 export * from './manager.dns.js';
 export * from './providers/index.js';
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9kbnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLHNCQUFzQixDQUFDIn0=
+export * from './classes.dns-server-runtime.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90cy9kbnMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLHNCQUFzQixDQUFDO0FBQ3JDLGNBQWMsaUNBQWlDLENBQUMifQ==

package/dist_ts/email/classes.accepted-email-spool.d.ts

@@ -0,0 +1,55 @@
+import type { IMessageAcceptanceContext, IMessageAcceptanceDecision } from '@push.rocks/smartmta';
+import type { DcRouter } from '../classes.dcrouter.js';
+export declare const DCROUTER_CACHE_ID_HEADER = "X-Dcrouter-Cached-Email-Id";
+export type TSmartMtaQueueItemLike = {
+    processingResult?: {
+        headers?: Record<string, string>;
+        email?: {
+            headers?: Record<string, string>;
+        };
+    };
+    status?: 'pending' | 'processing' | 'queued' | 'delivered' | 'failed' | 'deferred';
+    attempts?: number;
+    nextAttempt?: Date;
+    lastError?: string;
+};
+/**
+ * Accept-then-spool pipeline for inbound SMTP messages: persists accepted
+ * messages as CachedEmail docs, replays them through SmartMTA on an interval,
+ * and mirrors SmartMTA delivery-queue outcomes back onto the cached docs.
+ */
+export declare class AcceptedEmailSpool {
+    private dcRouterRef;
+    private spoolTimer?;
+    private spoolRun?;
+    private processing;
+    private stopping;
+    private queueUpdatePromises;
+    constructor(dcRouterRef: DcRouter);
+    acceptMessage(context: IMessageAcceptanceContext, processAfterAccept?: boolean): Promise<IMessageAcceptanceDecision>;
+    /** Start the interval-driven spool processor and trigger an immediate run. */
+    start(): void;
+    /** Mark the spool as stopping and clear the interval without awaiting in-flight work. */
+    beginStop(): void;
+    /** Stop the spool and wait (bounded) for an in-flight run to settle. */
+    stop(): Promise<void>;
+    /** Kick off a spool run unless one is already in flight. */
+    run(): void;
+    trackQueueUpdate(item: TSmartMtaQueueItemLike, status: 'queued' | 'delivered' | 'failed', failureMessage: string): void;
+    drainQueueUpdates(): Promise<void>;
+    /** Requeue emails left in 'queued' state by a previous process as pending. */
+    recoverQueuedEmails(): Promise<void>;
+    private processSpool;
+    private processAcceptedCachedEmail;
+    private buildCachedEmailSession;
+    private parseCachedEmailRouteData;
+    private updateAcceptedEmailFromQueueItem;
+    private waitForPromiseToSettleWithTimeout;
+    private clearSpoolTimer;
+    private setDcRouterCacheIdHeader;
+    private isCachedEmailTerminal;
+    private getCachedEmailIdFromQueueItem;
+    private getHeaderValue;
+    private removeHeader;
+    private throwIfMessageAcceptanceAborted;
+}