npm - @serve.zone/dcrouter - Versions diffs - 15.0.2 → 15.0.4 - Mend

@serve.zone/dcrouter 15.0.2 → 15.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (72) hide show

package/deno.json +1 -1
package/dist_serve/bundle.js +768 -768
package/dist_ts/00_commitinfo_data.js +1 -1
package/dist_ts/classes.dcrouter.js +9 -1
package/dist_ts_web/00_commitinfo_data.js +1 -1
package/dist_ts_web/appstate/acme.d.ts +17 -0
package/dist_ts_web/appstate/acme.js +64 -0
package/dist_ts_web/appstate/certificates.d.ts +37 -0
package/dist_ts_web/appstate/certificates.js +107 -0
package/dist_ts_web/appstate/config.d.ts +9 -0
package/dist_ts_web/appstate/config.js +35 -0
package/dist_ts_web/appstate/domains.d.ts +80 -0
package/dist_ts_web/appstate/domains.js +324 -0
package/dist_ts_web/appstate/email-domains.d.ts +25 -0
package/dist_ts_web/appstate/email-domains.js +104 -0
package/dist_ts_web/appstate/email-ops.d.ts +10 -0
package/dist_ts_web/appstate/email-ops.js +40 -0
package/dist_ts_web/appstate/login.d.ts +30 -0
package/dist_ts_web/appstate/login.js +83 -0
package/dist_ts_web/appstate/logs.d.ts +16 -0
package/dist_ts_web/appstate/logs.js +27 -0
package/dist_ts_web/appstate/network.d.ts +50 -0
package/dist_ts_web/appstate/network.js +122 -0
package/dist_ts_web/appstate/profiles-targets.d.ts +45 -0
package/dist_ts_web/appstate/profiles-targets.js +173 -0
package/dist_ts_web/appstate/remoteingress.d.ts +47 -0
package/dist_ts_web/appstate/remoteingress.js +204 -0
package/dist_ts_web/appstate/routes.d.ts +76 -0
package/dist_ts_web/appstate/routes.js +316 -0
package/dist_ts_web/appstate/runtime.d.ts +1 -0
package/dist_ts_web/appstate/runtime.js +276 -0
package/dist_ts_web/appstate/security.d.ts +29 -0
package/dist_ts_web/appstate/security.js +167 -0
package/dist_ts_web/appstate/shared.d.ts +3 -0
package/dist_ts_web/appstate/shared.js +13 -0
package/dist_ts_web/appstate/stats.d.ts +15 -0
package/dist_ts_web/appstate/stats.js +59 -0
package/dist_ts_web/appstate/target-profiles.d.ts +37 -0
package/dist_ts_web/appstate/target-profiles.js +118 -0
package/dist_ts_web/appstate/ui.d.ts +11 -0
package/dist_ts_web/appstate/ui.js +55 -0
package/dist_ts_web/appstate/users.d.ts +27 -0
package/dist_ts_web/appstate/users.js +85 -0
package/dist_ts_web/appstate/vpn.d.ts +44 -0
package/dist_ts_web/appstate/vpn.js +148 -0
package/dist_ts_web/appstate.d.ts +20 -568
package/dist_ts_web/appstate.js +24 -2418
package/package.json +3 -3
package/ts/00_commitinfo_data.ts +1 -1
package/ts/classes.dcrouter.ts +10 -0
package/ts_web/00_commitinfo_data.ts +1 -1
package/ts_web/appstate/acme.ts +93 -0
package/ts_web/appstate/certificates.ts +159 -0
package/ts_web/appstate/config.ts +49 -0
package/ts_web/appstate/domains.ts +429 -0
package/ts_web/appstate/email-domains.ts +155 -0
package/ts_web/appstate/email-ops.ts +57 -0
package/ts_web/appstate/login.ts +128 -0
package/ts_web/appstate/logs.ts +50 -0
package/ts_web/appstate/network.ts +161 -0
package/ts_web/appstate/profiles-targets.ts +240 -0
package/ts_web/appstate/remoteingress.ts +300 -0
package/ts_web/appstate/routes.ts +447 -0
package/ts_web/appstate/runtime.ts +308 -0
package/ts_web/appstate/security.ts +229 -0
package/ts_web/appstate/shared.ts +15 -0
package/ts_web/appstate/stats.ts +79 -0
package/ts_web/appstate/target-profiles.ts +164 -0
package/ts_web/appstate/ui.ts +75 -0
package/ts_web/appstate/users.ts +133 -0
package/ts_web/appstate/vpn.ts +234 -0
package/ts_web/appstate.ts +24 -3403

package/ts_web/appstate.ts CHANGED Viewed

@@ -1,3403 +1,24 @@
-import * as plugins from './plugins.js';
-import type * as servezoneInterfaces from '@serve.zone/interfaces';
-import * as interfaces from '../ts_interfaces/index.js';
-// Create main app state instance
-export const appState = new plugins.domtools.plugins.smartstate.Smartstate();
-// Define state interfaces
-export interface ILoginState {
-  identity: interfaces.data.IIdentity | null;
-  isLoggedIn: boolean;
-}
-export type IAdminBootstrapStatus = interfaces.requests.IReq_GetAdminBootstrapStatus['response'];
-export interface IStatsState {
-  serverStats: interfaces.data.IServerStats | null;
-  emailStats: interfaces.data.IEmailStats | null;
-  dnsStats: interfaces.data.IDnsStats | null;
-  securityMetrics: interfaces.data.ISecurityMetrics | null;
-  radiusStats: interfaces.data.IRadiusStats | null;
-  vpnStats: interfaces.data.IVpnStats | null;
-  lastUpdated: number;
-  isLoading: boolean;
-  error: string | null;
-}
-export interface IConfigState {
-  config: interfaces.requests.IConfigData | null;
-  isLoading: boolean;
-  error: string | null;
-}
-export interface IUiState {
-  activeView: string;
-  activeSubview: string | null;
-  sidebarCollapsed: boolean;
-  autoRefresh: boolean;
-  refreshInterval: number; // milliseconds
-  theme: 'light' | 'dark';
-}
-export interface ILogState {
-  recentLogs: interfaces.data.ILogEntry[];
-  isStreaming: boolean;
-  filters: {
-    level?: string[];
-    category?: string[];
-  };
-}
-export interface INetworkState {
-  connections: interfaces.data.IConnectionInfo[];
-  connectionsByIP: { [ip: string]: number };
-  throughputRate: { bytesInPerSecond: number; bytesOutPerSecond: number };
-  totalBytes: { in: number; out: number };
-  topIPs: Array<{ ip: string; count: number }>;
-  topIPsByBandwidth: Array<{ ip: string; count: number; bwIn: number; bwOut: number }>;
-  topASNs: interfaces.data.IAsnActivity[];
-  throughputByIP: Array<{ ip: string; in: number; out: number }>;
-  ipIntelligence: interfaces.data.IIpIntelligenceRecord[];
-  domainActivity: interfaces.data.IDomainActivity[];
-  throughputHistory: Array<{ timestamp: number; in: number; out: number }>;
-  requestsPerSecond: number;
-  requestsTotal: number;
-  backends: interfaces.data.IBackendInfo[];
-  frontendProtocols: interfaces.data.IProtocolDistribution | null;
-  backendProtocols: interfaces.data.IProtocolDistribution | null;
-  lastUpdated: number;
-  isLoading: boolean;
-  error: string | null;
-}
-export interface ISecurityPolicyState {
-  rules: interfaces.data.ISecurityBlockRule[];
-  ipIntelligence: interfaces.data.IIpIntelligenceRecord[];
-  compiledPolicy: interfaces.data.ISecurityCompiledPolicy | null;
-  auditEvents: interfaces.data.ISecurityPolicyAuditEvent[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export interface ICertificateState {
-  certificates: interfaces.requests.ICertificateInfo[];
-  summary: { total: number; valid: number; expiring: number; expired: number; failed: number; unknown: number };
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export interface IEmailOpsState {
-  emails: interfaces.requests.IEmail[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-// Create state parts with appropriate persistence
-export const loginStatePart = await appState.getStatePart<ILoginState>(
-  'login',
-  {
-    identity: null,
-    isLoggedIn: false,
-  },
-  'persistent' // Login state persists across browser sessions
-);
-export const statsStatePart = await appState.getStatePart<IStatsState>(
-  'stats',
-  {
-    serverStats: null,
-    emailStats: null,
-    dnsStats: null,
-    securityMetrics: null,
-    radiusStats: null,
-    vpnStats: null,
-    lastUpdated: 0,
-    isLoading: false,
-    error: null,
-  },
-  'soft' // Stats are cached but not persisted
-);
-export const configStatePart = await appState.getStatePart<IConfigState>(
-  'config',
-  {
-    config: null,
-    isLoading: false,
-    error: null,
-  }
-);
-// Determine initial view from URL path
-const getInitialView = (): string => {
-  const path = typeof window !== 'undefined' ? window.location.pathname : '/';
-  const validViews = ['overview', 'network', 'email', 'logs', 'access', 'security', 'domains'];
-  const segments = path.split('/').filter(Boolean);
-  const view = segments[0];
-  return validViews.includes(view) ? view : 'overview';
-};
-// Determine initial subview (second URL segment) from the path
-const getInitialSubview = (): string | null => {
-  const path = typeof window !== 'undefined' ? window.location.pathname : '/';
-  const segments = path.split('/').filter(Boolean);
-  return segments[1] ?? null;
-};
-export const uiStatePart = await appState.getStatePart<IUiState>(
-  'ui',
-  {
-    activeView: getInitialView(),
-    activeSubview: getInitialSubview(),
-    sidebarCollapsed: false,
-    autoRefresh: true,
-    refreshInterval: 1000, // 1 second
-    theme: 'light',
-  },
-);
-export const logStatePart = await appState.getStatePart<ILogState>(
-  'logs',
-  {
-    recentLogs: [],
-    isStreaming: false,
-    filters: {},
-  },
-  'soft'
-);
-export const networkStatePart = await appState.getStatePart<INetworkState>(
-  'network',
-  {
-    connections: [],
-    connectionsByIP: {},
-    throughputRate: { bytesInPerSecond: 0, bytesOutPerSecond: 0 },
-    totalBytes: { in: 0, out: 0 },
-    topIPs: [],
-    topIPsByBandwidth: [],
-    topASNs: [],
-    throughputByIP: [],
-    ipIntelligence: [],
-    domainActivity: [],
-    throughputHistory: [],
-    requestsPerSecond: 0,
-    requestsTotal: 0,
-    backends: [],
-    frontendProtocols: null,
-    backendProtocols: null,
-    lastUpdated: 0,
-    isLoading: false,
-    error: null,
-  },
-  'soft'
-);
-export const securityPolicyStatePart = await appState.getStatePart<ISecurityPolicyState>(
-  'securityPolicy',
-  {
-    rules: [],
-    ipIntelligence: [],
-    compiledPolicy: null,
-    auditEvents: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft',
-);
-export const emailOpsStatePart = await appState.getStatePart<IEmailOpsState>(
-  'emailOps',
-  {
-    emails: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-export const certificateStatePart = await appState.getStatePart<ICertificateState>(
-  'certificates',
-  {
-    certificates: [],
-    summary: { total: 0, valid: 0, expiring: 0, expired: 0, failed: 0, unknown: 0 },
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-// ============================================================================
-// ACME Config State (DB-backed singleton, managed via Domains > Certificates)
-// ============================================================================
-export interface IAcmeConfigState {
-  config: interfaces.data.IAcmeConfig | null;
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const acmeConfigStatePart = await appState.getStatePart<IAcmeConfigState>(
-  'acmeConfig',
-  {
-    config: null,
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft',
-);
-// ============================================================================
-// Remote Ingress State
-// ============================================================================
-export interface IRemoteIngressState {
-  edges: interfaces.data.IRemoteIngress[];
-  statuses: interfaces.data.IRemoteIngressStatus[];
-  hubSettings: interfaces.data.IRemoteIngressHubSettings | null;
-  selectedEdgeId: string | null;
-  newEdgeId: string | null;
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const remoteIngressStatePart = await appState.getStatePart<IRemoteIngressState>(
-  'remoteIngress',
-  {
-    edges: [],
-    statuses: [],
-    hubSettings: null,
-    selectedEdgeId: null,
-    newEdgeId: null,
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-// ============================================================================
-// Route Management State
-// ============================================================================
-export interface IRouteManagementState {
-  mergedRoutes: interfaces.data.IMergedRoute[];
-  warnings: interfaces.data.IRouteWarning[];
-  httpRedirects: interfaces.data.IHttpRedirectInfo[];
-  apiTokens: interfaces.data.IApiTokenInfo[];
-  gatewayClients: interfaces.data.IGatewayClient[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const routeManagementStatePart = await appState.getStatePart<IRouteManagementState>(
-  'routeManagement',
-  {
-    mergedRoutes: [],
-    warnings: [],
-    httpRedirects: [],
-    apiTokens: [],
-    gatewayClients: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-// ============================================================================
-// Users State (read-only list of OpsServer user accounts)
-// ============================================================================
-export interface IUser {
-  id: string;
-  username: string;
-  email?: string;
-  name?: string;
-  role: string;
-  status?: 'active' | 'disabled';
-  authSources?: Array<'local' | 'idp.global'>;
-}
-export interface IUsersState {
-  users: IUser[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const usersStatePart = await appState.getStatePart<IUsersState>(
-  'users',
-  {
-    users: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft',
-);
-// Actions for state management
-interface IActionContext {
-  identity: interfaces.data.IIdentity | null;
-}
-const getActionContext = (): IActionContext => {
-  const identity = loginStatePart.getState()!.identity;
-  // Treat expired JWTs as no identity — prevents stale persisted sessions from firing requests
-  if (identity && identity.expiresAt && identity.expiresAt < Date.now()) {
-    return { identity: null };
-  }
-  return { identity };
-};
-// Login Action
-export const loginAction = loginStatePart.createAction<{
-  username: string;
-  password: string;
-  authSource?: interfaces.requests.TAdminLoginAuthSource;
-}>(async (statePartArg, dataArg): Promise<ILoginState> => {
-  const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_AdminLoginWithUsernameAndPassword
-  >('/typedrequest', 'adminLoginWithUsernameAndPassword');
-  try {
-    const response = await typedRequest.fire({
-      username: dataArg.username,
-      password: dataArg.password,
-      authSource: dataArg.authSource,
-    });
-    if (response.identity) {
-      return {
-        identity: response.identity,
-        isLoggedIn: true,
-      };
-    }
-    return statePartArg.getState()!;
-  } catch (error: unknown) {
-    console.error('Login failed:', error);
-    return statePartArg.getState()!;
-  }
-});
-export async function getAdminBootstrapStatus(): Promise<IAdminBootstrapStatus> {
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_GetAdminBootstrapStatus
-  >('/typedrequest', 'getAdminBootstrapStatus');
-  return request.fire({});
-}
-export async function createInitialAdminUser(optionsArg: {
-  email: string;
-  name?: string;
-  password: string;
-  enableIdpGlobalAuth?: boolean;
-}) {
-  const context = getActionContext();
-  if (!context.identity) {
-    throw new Error('No identity available for admin bootstrap');
-  }
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_CreateInitialAdminUser
-  >('/typedrequest', 'createInitialAdminUser');
-  const response = await request.fire({
-    identity: context.identity,
-    email: optionsArg.email,
-    name: optionsArg.name,
-    password: optionsArg.password,
-    enableIdpGlobalAuth: optionsArg.enableIdpGlobalAuth,
-  });
-  if (response.identity) {
-    loginStatePart.setState({
-      identity: response.identity,
-      isLoggedIn: true,
-    });
-  }
-  return response;
-}
-// Logout Action — always clears state, even if identity is expired/missing
-export const logoutAction = loginStatePart.createAction(async (statePartArg) => {
-  const context = getActionContext();
-  // Try to notify server, but don't block logout if identity is missing/expired
-  if (context.identity) {
-    const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_AdminLogout
-    >('/typedrequest', 'adminLogout');
-    try {
-      await typedRequest.fire({ identity: context.identity });
-    } catch (error) {
-      console.error('Logout error:', error);
-    }
-  }
-  // Always clear login state
-  return {
-    identity: null,
-    isLoggedIn: false,
-  };
-});
-// Fetch All Stats Action - Using combined endpoint for efficiency
-export const fetchAllStatsAction = statsStatePart.createAction(async (statePartArg): Promise<IStatsState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    // Use combined metrics endpoint - single request instead of 4
-    const combinedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetCombinedMetrics
-    >('/typedrequest', 'getCombinedMetrics');
-    const combinedResponse = await combinedRequest.fire({
-      identity: context.identity,
-      sections: {
-        server: true,
-        email: true,
-        dns: true,
-        security: true,
-        network: false, // Network is fetched separately for the network view
-        radius: true,
-        vpn: true,
-      },
-    });
-    // Update state with all stats from combined response
-    return {
-      serverStats: combinedResponse.metrics.server || currentState.serverStats,
-      emailStats: combinedResponse.metrics.email || currentState.emailStats,
-      dnsStats: combinedResponse.metrics.dns || currentState.dnsStats,
-      securityMetrics: combinedResponse.metrics.security || currentState.securityMetrics,
-      radiusStats: combinedResponse.metrics.radius || currentState.radiusStats,
-      vpnStats: combinedResponse.metrics.vpn || currentState.vpnStats,
-      lastUpdated: Date.now(),
-      isLoading: false,
-      error: null,
-    };
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: (error as Error).message || 'Failed to fetch statistics',
-    };
-  }
-});
-// Fetch Configuration Action (read-only)
-export const fetchConfigurationAction = configStatePart.createAction(async (statePartArg): Promise<IConfigState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const configRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetConfiguration
-    >('/typedrequest', 'getConfiguration');
-    const response = await configRequest.fire({
-      identity: context.identity,
-    });
-    return {
-      config: response.config,
-      isLoading: false,
-      error: null,
-    };
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: (error as Error).message || 'Failed to fetch configuration',
-    };
-  }
-});
-// Fetch Recent Logs Action
-export const fetchRecentLogsAction = logStatePart.createAction<{
-  limit?: number;
-  level?: 'debug' | 'info' | 'warn' | 'error';
-  category?: 'smtp' | 'dns' | 'security' | 'system' | 'email';
-}>(async (statePartArg, dataArg): Promise<ILogState> => {
-  const context = getActionContext();
-  if (!context.identity) return statePartArg.getState()!;
-  const logsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_GetRecentLogs
-  >('/typedrequest', 'getRecentLogs');
-  const response = await logsRequest.fire({
-    identity: context.identity,
-    limit: dataArg.limit || 100,
-    level: dataArg.level,
-    category: dataArg.category,
-  });
-  return {
-    ...statePartArg.getState()!,
-    recentLogs: response.logs,
-  };
-});
-// Toggle Auto Refresh Action
-export const toggleAutoRefreshAction = uiStatePart.createAction(async (statePartArg): Promise<IUiState> => {
-  const currentState = statePartArg.getState()!;
-  return {
-    ...currentState,
-    autoRefresh: !currentState.autoRefresh,
-  };
-});
-// Set Active View Action
-export const setActiveViewAction = uiStatePart.createAction<string>(async (statePartArg, viewName): Promise<IUiState> => {
-  const currentState = statePartArg.getState()!;
-  // If switching to network view, ensure we fetch network data
-  if (viewName === 'network' && currentState.activeView !== 'network') {
-    setTimeout(() => {
-      networkStatePart.dispatchAction(fetchNetworkStatsAction, null);
-    }, 100);
-  }
-  // If switching to the Domains group, ensure we fetch certificate data
-  // (Certificates is a subview of Domains).
-  if (viewName === 'domains' && currentState.activeView !== 'domains') {
-    setTimeout(() => {
-      certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
-    }, 100);
-  }
-  return {
-    ...currentState,
-    activeView: viewName,
-  };
-});
-const backgroundRefreshesInFlight = new Set<string>();
-function runBackgroundRefresh(key: string, errorMessage: string, task: () => Promise<void>): void {
-  if (backgroundRefreshesInFlight.has(key)) return;
-  backgroundRefreshesInFlight.add(key);
-  void task()
-    .catch((error) => console.error(errorMessage, error))
-    .finally(() => backgroundRefreshesInFlight.delete(key));
-}
-function refreshNetworkIpIntelligence(identity: interfaces.data.IIdentity, ipAddresses: string[]): void {
-  const ips = [...new Set(ipAddresses.filter(Boolean))].slice(0, 100);
-  if (ips.length === 0) return;
-  runBackgroundRefresh('networkIpIntelligence', 'IP intelligence refresh failed:', async () => {
-    const intelligenceRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ListIpIntelligence
-    >('/typedrequest', 'listIpIntelligence');
-    const intelligenceResponse = await intelligenceRequest.fire({
-      identity,
-      ipAddresses: ips,
-      limit: Math.max(100, ips.length),
-    });
-    networkStatePart.setState({
-      ...networkStatePart.getState()!,
-      ipIntelligence: intelligenceResponse.records || [],
-    });
-  });
-}
-function refreshSecurityIpIntelligence(identity: interfaces.data.IIdentity): void {
-  runBackgroundRefresh('securityIpIntelligence', 'Security IP intelligence refresh failed:', async () => {
-    const intelligenceRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ListIpIntelligence
-    >('/typedrequest', 'listIpIntelligence');
-    const intelligenceResponse = await intelligenceRequest.fire({
-      identity,
-      limit: 500,
-    });
-    securityPolicyStatePart.setState({
-      ...securityPolicyStatePart.getState()!,
-      ipIntelligence: intelligenceResponse.records || [],
-    });
-  });
-}
-// Fetch Network Stats Action
-export const fetchNetworkStatsAction = networkStatePart.createAction(async (statePartArg): Promise<INetworkState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    // Get network stats for throughput and IP data
-    const networkStatsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetNetworkStats
-    >('/typedrequest', 'getNetworkStats');
-    const networkStatsResponse = await networkStatsRequest.fire({
-      identity: context.identity,
-    });
-    // Use the connections data for the connection list
-    // and network stats for throughput and IP analytics
-    const connectionsByIP: { [ip: string]: number } = {};
-    const throughputByIP = new Map<string, { in: number; out: number }>();
-    for (const item of networkStatsResponse.throughputByIP || []) {
-      throughputByIP.set(item.ip, { in: item.in, out: item.out });
-    }
-    // Build connectionsByIP from network stats if available
-    if (networkStatsResponse.connectionsByIP && Array.isArray(networkStatsResponse.connectionsByIP)) {
-      networkStatsResponse.connectionsByIP.forEach((item: { ip: string; count: number }) => {
-        connectionsByIP[item.ip] = item.count;
-      });
-    }
-    const connections: interfaces.data.IConnectionInfo[] = Object.entries(connectionsByIP).map(([ip, count]) => {
-      const tp = throughputByIP.get(ip);
-      return {
-        id: `ip-${ip}`,
-        remoteAddress: ip,
-        localAddress: 'server',
-        startTime: 0,
-        protocol: 'https',
-        state: 'connected',
-        bytesReceived: tp?.in || 0,
-        bytesSent: tp?.out || 0,
-        connectionCount: count,
-      };
-    });
-    refreshNetworkIpIntelligence(context.identity, [
-      ...Object.keys(connectionsByIP),
-      ...(networkStatsResponse.topIPs || []).map((item) => item.ip),
-      ...(networkStatsResponse.topIPsByBandwidth || []).map((item) => item.ip),
-    ]);
-    return {
-      connections,
-      connectionsByIP,
-      throughputRate: networkStatsResponse.throughputRate || { bytesInPerSecond: 0, bytesOutPerSecond: 0 },
-      totalBytes: networkStatsResponse.totalDataTransferred
-        ? { in: networkStatsResponse.totalDataTransferred.bytesIn, out: networkStatsResponse.totalDataTransferred.bytesOut }
-        : { in: 0, out: 0 },
-      topIPs: networkStatsResponse.topIPs || [],
-      topIPsByBandwidth: networkStatsResponse.topIPsByBandwidth || [],
-      topASNs: networkStatsResponse.topASNs || [],
-      throughputByIP: networkStatsResponse.throughputByIP || [],
-      ipIntelligence: currentState.ipIntelligence,
-      domainActivity: networkStatsResponse.domainActivity || [],
-      throughputHistory: networkStatsResponse.throughputHistory || [],
-      requestsPerSecond: networkStatsResponse.requestsPerSecond || 0,
-      requestsTotal: networkStatsResponse.requestsTotal || 0,
-      backends: networkStatsResponse.backends || [],
-      frontendProtocols: networkStatsResponse.frontendProtocols || null,
-      backendProtocols: networkStatsResponse.backendProtocols || null,
-      lastUpdated: Date.now(),
-      isLoading: false,
-      error: null,
-    };
-  } catch (error) {
-    console.error('Failed to fetch network stats:', error);
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch network stats',
-    };
-  }
-});
-// ============================================================================
-// Security Policy Actions
-// ============================================================================
-export const fetchSecurityPolicyAction = securityPolicyStatePart.createAction(
-  async (statePartArg): Promise<ISecurityPolicyState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const rulesRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_ListSecurityBlockRules
-      >('/typedrequest', 'listSecurityBlockRules');
-      const compiledPolicyRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetCompiledSecurityPolicy
-      >('/typedrequest', 'getCompiledSecurityPolicy');
-      const auditRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_ListSecurityPolicyAudit
-      >('/typedrequest', 'listSecurityPolicyAudit');
-      const [rulesResponse, compiledPolicyResponse, auditResponse] = await Promise.all([
-        rulesRequest.fire({ identity: context.identity }),
-        compiledPolicyRequest.fire({ identity: context.identity }),
-        auditRequest.fire({ identity: context.identity, limit: 100 }),
-      ]);
-      refreshSecurityIpIntelligence(context.identity);
-      return {
-        rules: rulesResponse.rules || [],
-        ipIntelligence: currentState.ipIntelligence,
-        compiledPolicy: compiledPolicyResponse.policy,
-        auditEvents: auditResponse.events || [],
-        isLoading: false,
-        error: null,
-        lastUpdated: Date.now(),
-      };
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        isLoading: false,
-        error: error instanceof Error ? error.message : 'Failed to fetch security policy',
-      };
-    }
-  },
-);
-export const createSecurityBlockRuleAction = securityPolicyStatePart.createAction<{
-  type: interfaces.data.TSecurityBlockRuleType;
-  value: string;
-  matchMode?: interfaces.data.TSecurityBlockRuleMatchMode;
-  reason?: string;
-  enabled?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<ISecurityPolicyState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateSecurityBlockRule
-    >('/typedrequest', 'createSecurityBlockRule');
-    const response = await request.fire({
-      identity: context.identity,
-      type: dataArg.type,
-      value: dataArg.value,
-      matchMode: dataArg.matchMode,
-      reason: dataArg.reason,
-      enabled: dataArg.enabled,
-    });
-    if (!response.success) {
-      return { ...currentState, error: response.message || 'Failed to create security block rule' };
-    }
-    return await actionContext!.dispatch(fetchSecurityPolicyAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to create security block rule',
-    };
-  }
-});
-export const updateSecurityBlockRuleAction = securityPolicyStatePart.createAction<{
-  id: string;
-  value?: string;
-  matchMode?: interfaces.data.TSecurityBlockRuleMatchMode;
-  reason?: string;
-  enabled?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<ISecurityPolicyState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateSecurityBlockRule
-    >('/typedrequest', 'updateSecurityBlockRule');
-    const response = await request.fire({
-      identity: context.identity,
-      id: dataArg.id,
-      value: dataArg.value,
-      matchMode: dataArg.matchMode,
-      reason: dataArg.reason,
-      enabled: dataArg.enabled,
-    });
-    if (!response.success) {
-      return { ...currentState, error: response.message || 'Failed to update security block rule' };
-    }
-    return await actionContext!.dispatch(fetchSecurityPolicyAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update security block rule',
-    };
-  }
-});
-export const deleteSecurityBlockRuleAction = securityPolicyStatePart.createAction<string>(
-  async (statePartArg, ruleId, actionContext): Promise<ISecurityPolicyState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteSecurityBlockRule
-      >('/typedrequest', 'deleteSecurityBlockRule');
-      const response = await request.fire({ identity: context.identity, id: ruleId });
-      if (!response.success) {
-        return { ...currentState, error: response.message || 'Failed to delete security block rule' };
-      }
-      return await actionContext!.dispatch(fetchSecurityPolicyAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete security block rule',
-      };
-    }
-  },
-);
-export const refreshIpIntelligenceAction = securityPolicyStatePart.createAction<string>(
-  async (statePartArg, ipAddress, actionContext): Promise<ISecurityPolicyState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_RefreshIpIntelligence
-      >('/typedrequest', 'refreshIpIntelligence');
-      const response = await request.fire({ identity: context.identity, ipAddress });
-      if (!response.success) {
-        return { ...currentState, error: response.message || 'Failed to refresh IP intelligence' };
-      }
-      const refreshedState = await actionContext!.dispatch(fetchSecurityPolicyAction, null);
-      if (!response.record) return refreshedState;
-      return {
-        ...refreshedState,
-        ipIntelligence: [
-          response.record,
-          ...refreshedState.ipIntelligence.filter((record) => record.ipAddress !== response.record!.ipAddress),
-        ],
-      };
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to refresh IP intelligence',
-      };
-    }
-  },
-);
-// ============================================================================
-// Email Operations Actions
-// ============================================================================
-// Fetch All Emails Action
-export const fetchAllEmailsAction = emailOpsStatePart.createAction(async (statePartArg): Promise<IEmailOpsState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetAllEmails
-    >('/typedrequest', 'getAllEmails');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      emails: response.emails,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch emails',
-    };
-  }
-});
-// ============================================================================
-// Certificate Actions
-// ============================================================================
-export const fetchCertificateOverviewAction = certificateStatePart.createAction(async (statePartArg): Promise<ICertificateState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetCertificateOverview
-    >('/typedrequest', 'getCertificateOverview');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      certificates: response.certificates,
-      summary: response.summary,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch certificate overview',
-    };
-  }
-});
-export const reprovisionCertificateAction = certificateStatePart.createAction<{ domain: string; forceRenew?: boolean }>(
-  async (statePartArg, dataArg, actionContext): Promise<ICertificateState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_ReprovisionCertificateDomain
-      >('/typedrequest', 'reprovisionCertificateDomain');
-      await request.fire({
-        identity: context.identity!,
-        domain: dataArg.domain,
-        forceRenew: dataArg.forceRenew,
-      });
-      // Re-fetch overview after reprovisioning
-      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to reprovision certificate',
-      };
-    }
-  }
-);
-export const deleteCertificateAction = certificateStatePart.createAction<string>(
-  async (statePartArg, domain, actionContext): Promise<ICertificateState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteCertificate
-      >('/typedrequest', 'deleteCertificate');
-      await request.fire({
-        identity: context.identity!,
-        domain,
-      });
-      // Re-fetch overview after deletion
-      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete certificate',
-      };
-    }
-  }
-);
-export const importCertificateAction = certificateStatePart.createAction<{
-  id: string;
-  domainName: string;
-  created: number;
-  validUntil: number;
-  privateKey: string;
-  publicKey: string;
-  csr: string;
-}>(
-  async (statePartArg, cert, actionContext): Promise<ICertificateState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        servezoneInterfaces.requests.gateway.IReq_ImportCertificate
-      >('/typedrequest', 'importCertificate');
-      await request.fire({
-        identity: context.identity!,
-        cert,
-      });
-      // Re-fetch overview after import
-      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to import certificate',
-      };
-    }
-  }
-);
-export async function fetchCertificateExport(domain: string) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    servezoneInterfaces.requests.gateway.IReq_ExportCertificate
-  >('/typedrequest', 'exportCertificate');
-  return request.fire({
-    identity: context.identity!,
-    domain,
-  });
-}
-// ============================================================================
-// Remote Ingress Standalone Functions
-// ============================================================================
-export async function fetchConnectionToken(edgeId: string) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_GetRemoteIngressConnectionToken
-  >('/typedrequest', 'getRemoteIngressConnectionToken');
-  return request.fire({ identity: context.identity!, edgeId });
-}
-// ============================================================================
-// Remote Ingress Actions
-// ============================================================================
-export const fetchRemoteIngressAction = remoteIngressStatePart.createAction(async (statePartArg): Promise<IRemoteIngressState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const edgesRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetRemoteIngresses
-    >('/typedrequest', 'getRemoteIngresses');
-    const statusRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetRemoteIngressStatus
-    >('/typedrequest', 'getRemoteIngressStatus');
-    const hubSettingsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetRemoteIngressHubSettings
-    >('/typedrequest', 'getRemoteIngressHubSettings');
-    const [edgesResponse, statusResponse, hubSettingsResponse] = await Promise.all([
-      edgesRequest.fire({ identity: context.identity }),
-      statusRequest.fire({ identity: context.identity }),
-      hubSettingsRequest.fire({ identity: context.identity }),
-    ]);
-    return {
-      ...currentState,
-      edges: edgesResponse.edges,
-      statuses: statusResponse.statuses,
-      hubSettings: hubSettingsResponse.settings,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch remote ingress data',
-    };
-  }
-});
-export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
-  name: string;
-  listenPorts?: number[];
-  autoDerivePorts?: boolean;
-  performance?: interfaces.data.IRemoteIngressPerformanceConfig;
-  tags?: string[];
-}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateRemoteIngress
-    >('/typedrequest', 'createRemoteIngress');
-    const response = await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      listenPorts: dataArg.listenPorts,
-      autoDerivePorts: dataArg.autoDerivePorts,
-      performance: dataArg.performance,
-      tags: dataArg.tags,
-    });
-    if (response.success) {
-      // Refresh the list
-      await actionContext!.dispatch(fetchRemoteIngressAction, null);
-      return {
-        ...statePartArg.getState()!,
-        newEdgeId: response.edge.id,
-      };
-    }
-    return currentState;
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to create edge',
-    };
-  }
-});
-export const deleteRemoteIngressAction = remoteIngressStatePart.createAction<string>(
-  async (statePartArg, edgeId, actionContext): Promise<IRemoteIngressState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteRemoteIngress
-      >('/typedrequest', 'deleteRemoteIngress');
-      await request.fire({
-        identity: context.identity!,
-        id: edgeId,
-      });
-      return await actionContext!.dispatch(fetchRemoteIngressAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete edge',
-      };
-    }
-  }
-);
-export const updateRemoteIngressAction = remoteIngressStatePart.createAction<{
-  id: string;
-  name?: string;
-  listenPorts?: number[];
-  autoDerivePorts?: boolean;
-  performance?: interfaces.data.IRemoteIngressPerformanceConfig;
-  tags?: string[];
-}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateRemoteIngress
-    >('/typedrequest', 'updateRemoteIngress');
-    await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      listenPorts: dataArg.listenPorts,
-      autoDerivePorts: dataArg.autoDerivePorts,
-      performance: dataArg.performance,
-      tags: dataArg.tags,
-    });
-    return await actionContext!.dispatch(fetchRemoteIngressAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update edge',
-    };
-  }
-});
-export const updateRemoteIngressHubSettingsAction = remoteIngressStatePart.createAction<{
-  enabled?: boolean;
-  tunnelPort?: number;
-  hubDomain?: string | null;
-  performance?: interfaces.data.IRemoteIngressPerformanceConfig | null;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateRemoteIngressHubSettings
-    >('/typedrequest', 'updateRemoteIngressHubSettings');
-    const response = await request.fire({
-      identity: context.identity!,
-      enabled: dataArg.enabled,
-      tunnelPort: dataArg.tunnelPort,
-      hubDomain: dataArg.hubDomain,
-      performance: dataArg.performance,
-    });
-    if (!response.success) {
-      return {
-        ...currentState,
-        error: response.message || 'Failed to update RemoteIngress hub settings',
-      };
-    }
-    return await actionContext!.dispatch(fetchRemoteIngressAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update RemoteIngress hub settings',
-    };
-  }
-});
-export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.createAction<string>(
-  async (statePartArg, edgeId): Promise<IRemoteIngressState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_RegenerateRemoteIngressSecret
-      >('/typedrequest', 'regenerateRemoteIngressSecret');
-      const response = await request.fire({
-        identity: context.identity!,
-        id: edgeId,
-      });
-      if (response.success) {
-        return {
-          ...currentState,
-          newEdgeId: edgeId,
-        };
-      }
-      return currentState;
-    } catch (error) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to regenerate secret',
-      };
-    }
-  }
-);
-export const clearNewEdgeIdAction = remoteIngressStatePart.createAction(
-  async (statePartArg): Promise<IRemoteIngressState> => {
-    return {
-      ...statePartArg.getState()!,
-      newEdgeId: null,
-    };
-  }
-);
-export const toggleRemoteIngressAction = remoteIngressStatePart.createAction<{
-  id: string;
-  enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateRemoteIngress
-    >('/typedrequest', 'updateRemoteIngress');
-    await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      enabled: dataArg.enabled,
-    });
-    return await actionContext!.dispatch(fetchRemoteIngressAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to toggle edge',
-    };
-  }
-});
-// ============================================================================
-// VPN State
-// ============================================================================
-export interface IVpnState {
-  clients: interfaces.data.IVpnClient[];
-  connectedClients: interfaces.data.IVpnConnectedClient[];
-  status: interfaces.data.IVpnServerStatus | null;
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-  /** WireGuard config shown after create/rotate (only shown once) */
-  newClientConfig: string | null;
-}
-export const vpnStatePart = await appState.getStatePart<IVpnState>(
-  'vpn',
-  {
-    clients: [],
-    connectedClients: [],
-    status: null,
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-    newClientConfig: null,
-  },
-  'soft'
-);
-// ============================================================================
-// VPN Actions
-// ============================================================================
-export const fetchVpnAction = vpnStatePart.createAction(async (statePartArg): Promise<IVpnState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const clientsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetVpnClients
-    >('/typedrequest', 'getVpnClients');
-    const statusRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetVpnStatus
-    >('/typedrequest', 'getVpnStatus');
-    const connectedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetVpnConnectedClients
-    >('/typedrequest', 'getVpnConnectedClients');
-    const [clientsResponse, statusResponse, connectedResponse] = await Promise.all([
-      clientsRequest.fire({ identity: context.identity }),
-      statusRequest.fire({ identity: context.identity }),
-      connectedRequest.fire({ identity: context.identity }),
-    ]);
-    return {
-      ...currentState,
-      clients: clientsResponse.clients,
-      connectedClients: connectedResponse.connectedClients,
-      status: statusResponse.status,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch VPN data',
-    };
-  }
-});
-export const createVpnClientAction = vpnStatePart.createAction<{
-  clientId: string;
-  targetProfileIds?: string[];
-  description?: string;
-  destinationAllowList?: string[];
-  destinationBlockList?: string[];
-  useHostIp?: boolean;
-  useDhcp?: boolean;
-  staticIp?: string;
-  forceVlan?: boolean;
-  vlanId?: number;
-}>(async (statePartArg, dataArg, actionContext): Promise<IVpnState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateVpnClient
-    >('/typedrequest', 'createVpnClient');
-    const response = await request.fire({
-      identity: context.identity!,
-      clientId: dataArg.clientId,
-      targetProfileIds: dataArg.targetProfileIds,
-      description: dataArg.description,
-      destinationAllowList: dataArg.destinationAllowList,
-      destinationBlockList: dataArg.destinationBlockList,
-      useHostIp: dataArg.useHostIp,
-      useDhcp: dataArg.useDhcp,
-      staticIp: dataArg.staticIp,
-      forceVlan: dataArg.forceVlan,
-      vlanId: dataArg.vlanId,
-    });
-    if (!response.success) {
-      return { ...currentState, error: response.message || 'Failed to create client' };
-    }
-    const refreshed = await actionContext!.dispatch(fetchVpnAction, null);
-    return {
-      ...refreshed,
-      newClientConfig: response.wireguardConfig || null,
-    };
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to create VPN client',
-    };
-  }
-});
-export const deleteVpnClientAction = vpnStatePart.createAction<string>(
-  async (statePartArg, clientId, actionContext): Promise<IVpnState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteVpnClient
-      >('/typedrequest', 'deleteVpnClient');
-      await request.fire({ identity: context.identity!, clientId });
-      return await actionContext!.dispatch(fetchVpnAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete VPN client',
-      };
-    }
-  },
-);
-export const toggleVpnClientAction = vpnStatePart.createAction<{
-  clientId: string;
-  enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IVpnState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const method = dataArg.enabled ? 'enableVpnClient' : 'disableVpnClient';
-    type TReq = interfaces.requests.IReq_EnableVpnClient | interfaces.requests.IReq_DisableVpnClient;
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<TReq>(
-      '/typedrequest', method,
-    );
-    await request.fire({ identity: context.identity!, clientId: dataArg.clientId });
-    return await actionContext!.dispatch(fetchVpnAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to toggle VPN client',
-    };
-  }
-});
-export const updateVpnClientAction = vpnStatePart.createAction<{
-  clientId: string;
-  description?: string;
-  targetProfileIds?: string[];
-  destinationAllowList?: string[];
-  destinationBlockList?: string[];
-  useHostIp?: boolean;
-  useDhcp?: boolean;
-  staticIp?: string;
-  forceVlan?: boolean;
-  vlanId?: number;
-}>(async (statePartArg, dataArg, actionContext): Promise<IVpnState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateVpnClient
-    >('/typedrequest', 'updateVpnClient');
-    const response = await request.fire({
-      identity: context.identity!,
-      clientId: dataArg.clientId,
-      description: dataArg.description,
-      targetProfileIds: dataArg.targetProfileIds,
-      destinationAllowList: dataArg.destinationAllowList,
-      destinationBlockList: dataArg.destinationBlockList,
-      useHostIp: dataArg.useHostIp,
-      useDhcp: dataArg.useDhcp,
-      staticIp: dataArg.staticIp,
-      forceVlan: dataArg.forceVlan,
-      vlanId: dataArg.vlanId,
-    });
-    if (!response.success) {
-      return { ...currentState, error: response.message || 'Failed to update client' };
-    }
-    return await actionContext!.dispatch(fetchVpnAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update VPN client',
-    };
-  }
-});
-export const clearNewClientConfigAction = vpnStatePart.createAction(
-  async (statePartArg): Promise<IVpnState> => {
-    return { ...statePartArg.getState()!, newClientConfig: null };
-  },
-);
-// ============================================================================
-// Target Profiles State
-// ============================================================================
-export interface ITargetProfilesState {
-  profiles: interfaces.data.ITargetProfile[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const targetProfilesStatePart = await appState.getStatePart<ITargetProfilesState>(
-  'targetProfiles',
-  {
-    profiles: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-// ============================================================================
-// Target Profiles Actions
-// ============================================================================
-export const fetchTargetProfilesAction = targetProfilesStatePart.createAction(
-  async (statePartArg): Promise<ITargetProfilesState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetTargetProfiles
-      >('/typedrequest', 'getTargetProfiles');
-      const response = await request.fire({ identity: context.identity });
-      return {
-        profiles: response.profiles,
-        isLoading: false,
-        error: null,
-        lastUpdated: Date.now(),
-      };
-    } catch (error) {
-      return {
-        ...currentState,
-        isLoading: false,
-        error: error instanceof Error ? error.message : 'Failed to fetch target profiles',
-      };
-    }
-  }
-);
-export const createTargetProfileAction = targetProfilesStatePart.createAction<{
-  name: string;
-  description?: string;
-  domains?: string[];
-  targets?: Array<{ ip: string; port: number }>;
-  routeRefs?: string[];
-  allowRoutesByClientSourceIp?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<ITargetProfilesState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateTargetProfile
-    >('/typedrequest', 'createTargetProfile');
-    const response = await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      description: dataArg.description,
-      domains: dataArg.domains,
-      targets: dataArg.targets,
-      routeRefs: dataArg.routeRefs,
-      allowRoutesByClientSourceIp: dataArg.allowRoutesByClientSourceIp,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to create target profile',
-      };
-    }
-    return await actionContext!.dispatch(fetchTargetProfilesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create target profile',
-    };
-  }
-});
-export const updateTargetProfileAction = targetProfilesStatePart.createAction<{
-  id: string;
-  name?: string;
-  description?: string;
-  domains?: string[];
-  targets?: Array<{ ip: string; port: number }>;
-  routeRefs?: string[];
-  allowRoutesByClientSourceIp?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<ITargetProfilesState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateTargetProfile
-    >('/typedrequest', 'updateTargetProfile');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      description: dataArg.description,
-      domains: dataArg.domains,
-      targets: dataArg.targets,
-      routeRefs: dataArg.routeRefs,
-      allowRoutesByClientSourceIp: dataArg.allowRoutesByClientSourceIp,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to update target profile',
-      };
-    }
-    return await actionContext!.dispatch(fetchTargetProfilesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update target profile',
-    };
-  }
-});
-export const deleteTargetProfileAction = targetProfilesStatePart.createAction<{
-  id: string;
-  force?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<ITargetProfilesState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_DeleteTargetProfile
-    >('/typedrequest', 'deleteTargetProfile');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      force: dataArg.force,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to delete target profile',
-      };
-    }
-    return await actionContext!.dispatch(fetchTargetProfilesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to delete target profile',
-    };
-  }
-});
-// ============================================================================
-// Source Profiles & Network Targets State
-// ============================================================================
-export interface IProfilesTargetsState {
-  profiles: interfaces.data.ISourceProfile[];
-  targets: interfaces.data.INetworkTarget[];
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const profilesTargetsStatePart = await appState.getStatePart<IProfilesTargetsState>(
-  'profilesTargets',
-  {
-    profiles: [],
-    targets: [],
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft'
-);
-// ============================================================================
-// Source Profiles & Network Targets Actions
-// ============================================================================
-export const fetchProfilesAndTargetsAction = profilesTargetsStatePart.createAction(
-  async (statePartArg): Promise<IProfilesTargetsState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const profilesRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetSourceProfiles
-      >('/typedrequest', 'getSourceProfiles');
-      const targetsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetNetworkTargets
-      >('/typedrequest', 'getNetworkTargets');
-      const [profilesResponse, targetsResponse] = await Promise.all([
-        profilesRequest.fire({ identity: context.identity }),
-        targetsRequest.fire({ identity: context.identity }),
-      ]);
-      return {
-        profiles: profilesResponse.profiles,
-        targets: targetsResponse.targets,
-        isLoading: false,
-        error: null,
-        lastUpdated: Date.now(),
-      };
-    } catch (error) {
-      return {
-        ...currentState,
-        isLoading: false,
-        error: error instanceof Error ? error.message : 'Failed to fetch profiles/targets',
-      };
-    }
-  }
-);
-export const createProfileAction = profilesTargetsStatePart.createAction<{
-  name: string;
-  description?: string;
-  security: any;
-  extendsProfiles?: string[];
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateSourceProfile
-    >('/typedrequest', 'createSourceProfile');
-    await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      description: dataArg.description,
-      security: dataArg.security,
-      extendsProfiles: dataArg.extendsProfiles,
-    });
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create profile',
-    };
-  }
-});
-export const updateProfileAction = profilesTargetsStatePart.createAction<{
-  id: string;
-  name?: string;
-  description?: string;
-  security?: any;
-  extendsProfiles?: string[];
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateSourceProfile
-    >('/typedrequest', 'updateSourceProfile');
-    await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      description: dataArg.description,
-      security: dataArg.security,
-      extendsProfiles: dataArg.extendsProfiles,
-    });
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update profile',
-    };
-  }
-});
-export const deleteProfileAction = profilesTargetsStatePart.createAction<{
-  id: string;
-  force?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_DeleteSourceProfile
-    >('/typedrequest', 'deleteSourceProfile');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      force: dataArg.force,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to delete profile',
-      };
-    }
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to delete profile',
-    };
-  }
-});
-export const createTargetAction = profilesTargetsStatePart.createAction<{
-  name: string;
-  description?: string;
-  host: string | string[];
-  port: number;
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateNetworkTarget
-    >('/typedrequest', 'createNetworkTarget');
-    await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      description: dataArg.description,
-      host: dataArg.host,
-      port: dataArg.port,
-    });
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create target',
-    };
-  }
-});
-export const updateTargetAction = profilesTargetsStatePart.createAction<{
-  id: string;
-  name?: string;
-  description?: string;
-  host?: string | string[];
-  port?: number;
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateNetworkTarget
-    >('/typedrequest', 'updateNetworkTarget');
-    await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      description: dataArg.description,
-      host: dataArg.host,
-      port: dataArg.port,
-    });
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update target',
-    };
-  }
-});
-export const deleteTargetAction = profilesTargetsStatePart.createAction<{
-  id: string;
-  force?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IProfilesTargetsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_DeleteNetworkTarget
-    >('/typedrequest', 'deleteNetworkTarget');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      force: dataArg.force,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to delete target',
-      };
-    }
-    return await actionContext!.dispatch(fetchProfilesAndTargetsAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to delete target',
-    };
-  }
-});
-// ============================================================================
-// Domains State (DNS providers + domains + records)
-// ============================================================================
-export interface IDomainsState {
-  providers: interfaces.data.IDnsProviderPublic[];
-  domains: interfaces.data.IDomain[];
-  records: interfaces.data.IDnsRecord[];
-  /** id of the currently-selected domain in the DNS records subview. */
-  selectedDomainId: string | null;
-  isLoading: boolean;
-  error: string | null;
-  lastUpdated: number;
-}
-export const domainsStatePart = await appState.getStatePart<IDomainsState>(
-  'domains',
-  {
-    providers: [],
-    domains: [],
-    records: [],
-    selectedDomainId: null,
-    isLoading: false,
-    error: null,
-    lastUpdated: 0,
-  },
-  'soft',
-);
-export const fetchDomainsAndProvidersAction = domainsStatePart.createAction(
-  async (statePartArg): Promise<IDomainsState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const providersRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetDnsProviders
-      >('/typedrequest', 'getDnsProviders');
-      const domainsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetDomains
-      >('/typedrequest', 'getDomains');
-      const [providersResponse, domainsResponse] = await Promise.all([
-        providersRequest.fire({ identity: context.identity }),
-        domainsRequest.fire({ identity: context.identity }),
-      ]);
-      return {
-        ...currentState,
-        providers: providersResponse.providers,
-        domains: domainsResponse.domains,
-        isLoading: false,
-        error: null,
-        lastUpdated: Date.now(),
-      };
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        isLoading: false,
-        error: error instanceof Error ? error.message : 'Failed to fetch domains/providers',
-      };
-    }
-  },
-);
-export const fetchDnsRecordsForDomainAction = domainsStatePart.createAction<{ domainId: string }>(
-  async (statePartArg, dataArg): Promise<IDomainsState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetDnsRecords
-      >('/typedrequest', 'getDnsRecords');
-      const response = await request.fire({
-        identity: context.identity,
-        domainId: dataArg.domainId,
-      });
-      return {
-        ...currentState,
-        records: response.records,
-        selectedDomainId: dataArg.domainId,
-        error: null,
-      };
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to fetch DNS records',
-      };
-    }
-  },
-);
-export const createDnsProviderAction = domainsStatePart.createAction<{
-  name: string;
-  type: interfaces.data.TDnsProviderType;
-  credentials: interfaces.data.TDnsProviderCredentials;
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateDnsProvider
-    >('/typedrequest', 'createDnsProvider');
-    const response = await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      type: dataArg.type,
-      credentials: dataArg.credentials,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to create provider',
-      };
-    }
-    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create provider',
-    };
-  }
-});
-export const updateDnsProviderAction = domainsStatePart.createAction<{
-  id: string;
-  name?: string;
-  credentials?: interfaces.data.TDnsProviderCredentials;
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateDnsProvider
-    >('/typedrequest', 'updateDnsProvider');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      credentials: dataArg.credentials,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to update provider',
-      };
-    }
-    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update provider',
-    };
-  }
-});
-export const deleteDnsProviderAction = domainsStatePart.createAction<{ id: string; force?: boolean }>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteDnsProvider
-      >('/typedrequest', 'deleteDnsProvider');
-      const response = await request.fire({
-        identity: context.identity!,
-        id: dataArg.id,
-        force: dataArg.force,
-      });
-      if (!response.success) {
-        return {
-          ...statePartArg.getState()!,
-          error: response.message || 'Failed to delete provider',
-        };
-      }
-      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Failed to delete provider',
-      };
-    }
-  },
-);
-export const testDnsProviderAction = domainsStatePart.createAction<{ id: string }>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_TestDnsProvider
-      >('/typedrequest', 'testDnsProvider');
-      await request.fire({ identity: context.identity!, id: dataArg.id });
-      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Failed to test provider',
-      };
-    }
-  },
-);
-/** One-shot fetch for the import-domain modal. Does NOT modify state. */
-export async function fetchProviderDomains(
-  providerId: string,
-): Promise<{ success: boolean; domains?: interfaces.data.IProviderDomainListing[]; message?: string }> {
-  const context = getActionContext();
-  if (!context.identity) return { success: false, message: 'Not authenticated' };
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_ListProviderDomains
-  >('/typedrequest', 'listProviderDomains');
-  return await request.fire({ identity: context.identity, providerId });
-}
-export const createDcrouterDomainAction = domainsStatePart.createAction<{
-  name: string;
-  description?: string;
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateDomain
-    >('/typedrequest', 'createDomain');
-    const response = await request.fire({
-      identity: context.identity!,
-      name: dataArg.name,
-      description: dataArg.description,
-    });
-    if (!response.success) {
-      return { ...statePartArg.getState()!, error: response.message || 'Failed to create domain' };
-    }
-    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create domain',
-    };
-  }
-});
-export const importDomainsFromProviderAction = domainsStatePart.createAction<{
-  providerId: string;
-  domainNames: string[];
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ImportDomain
-    >('/typedrequest', 'importDomain');
-    const response = await request.fire({
-      identity: context.identity!,
-      providerId: dataArg.providerId,
-      domainNames: dataArg.domainNames,
-    });
-    if (!response.success) {
-      return { ...statePartArg.getState()!, error: response.message || 'Failed to import domains' };
-    }
-    return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to import domains',
-    };
-  }
-});
-export const deleteDomainAction = domainsStatePart.createAction<{ id: string }>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteDomain
-      >('/typedrequest', 'deleteDomain');
-      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
-      if (!response.success) {
-        return { ...statePartArg.getState()!, error: response.message || 'Failed to delete domain' };
-      }
-      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Failed to delete domain',
-      };
-    }
-  },
-);
-export const syncDomainAction = domainsStatePart.createAction<{ id: string }>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_SyncDomain
-      >('/typedrequest', 'syncDomain');
-      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
-      if (!response.success) {
-        return { ...statePartArg.getState()!, error: response.message || 'Failed to sync domain' };
-      }
-      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Failed to sync domain',
-      };
-    }
-  },
-);
-export const migrateDomainAction = domainsStatePart.createAction<{
-  id: string;
-  targetSource: interfaces.data.TDomainSource;
-  targetProviderId?: string;
-  deleteExistingProviderRecords?: boolean;
-}>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_MigrateDomain
-      >('/typedrequest', 'migrateDomain');
-      const response = await request.fire({ identity: context.identity!, ...dataArg });
-      if (!response.success) {
-        return { ...statePartArg.getState()!, error: response.message || 'Migration failed' };
-      }
-      return await actionContext!.dispatch(fetchDomainsAndProvidersAction, null);
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Migration failed',
-      };
-    }
-  },
-);
-export const createDnsRecordAction = domainsStatePart.createAction<{
-  domainId: string;
-  name: string;
-  type: interfaces.data.TDnsRecordType;
-  value: string;
-  ttl?: number;
-  proxied?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateDnsRecord
-    >('/typedrequest', 'createDnsRecord');
-    const response = await request.fire({
-      identity: context.identity!,
-      domainId: dataArg.domainId,
-      name: dataArg.name,
-      type: dataArg.type,
-      value: dataArg.value,
-      ttl: dataArg.ttl,
-      proxied: dataArg.proxied,
-    });
-    if (!response.success) {
-      return { ...statePartArg.getState()!, error: response.message || 'Failed to create record' };
-    }
-    return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to create record',
-    };
-  }
-});
-export const updateDnsRecordAction = domainsStatePart.createAction<{
-  id: string;
-  domainId: string;
-  name?: string;
-  value?: string;
-  ttl?: number;
-  proxied?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateDnsRecord
-    >('/typedrequest', 'updateDnsRecord');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      name: dataArg.name,
-      value: dataArg.value,
-      ttl: dataArg.ttl,
-      proxied: dataArg.proxied,
-    });
-    if (!response.success) {
-      return { ...statePartArg.getState()!, error: response.message || 'Failed to update record' };
-    }
-    return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update record',
-    };
-  }
-});
-export const deleteDnsRecordAction = domainsStatePart.createAction<{ id: string; domainId: string }>(
-  async (statePartArg, dataArg, actionContext): Promise<IDomainsState> => {
-    const context = getActionContext();
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteDnsRecord
-      >('/typedrequest', 'deleteDnsRecord');
-      const response = await request.fire({ identity: context.identity!, id: dataArg.id });
-      if (!response.success) {
-        return { ...statePartArg.getState()!, error: response.message || 'Failed to delete record' };
-      }
-      return await actionContext!.dispatch(fetchDnsRecordsForDomainAction, { domainId: dataArg.domainId });
-    } catch (error: unknown) {
-      return {
-        ...statePartArg.getState()!,
-        error: error instanceof Error ? error.message : 'Failed to delete record',
-      };
-    }
-  },
-);
-// ============================================================================
-// ACME Config Actions
-// ============================================================================
-export const fetchAcmeConfigAction = acmeConfigStatePart.createAction(
-  async (statePartArg): Promise<IAcmeConfigState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetAcmeConfig
-      >('/typedrequest', 'getAcmeConfig');
-      const response = await request.fire({ identity: context.identity });
-      return {
-        config: response.config,
-        isLoading: false,
-        error: null,
-        lastUpdated: Date.now(),
-      };
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        isLoading: false,
-        error: error instanceof Error ? error.message : 'Failed to fetch ACME config',
-      };
-    }
-  },
-);
-export const updateAcmeConfigAction = acmeConfigStatePart.createAction<{
-  accountEmail?: string;
-  enabled?: boolean;
-  useProduction?: boolean;
-  autoRenew?: boolean;
-  renewThresholdDays?: number;
-}>(async (statePartArg, dataArg, actionContext): Promise<IAcmeConfigState> => {
-  const context = getActionContext();
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateAcmeConfig
-    >('/typedrequest', 'updateAcmeConfig');
-    const response = await request.fire({
-      identity: context.identity!,
-      accountEmail: dataArg.accountEmail,
-      enabled: dataArg.enabled,
-      useProduction: dataArg.useProduction,
-      autoRenew: dataArg.autoRenew,
-      renewThresholdDays: dataArg.renewThresholdDays,
-    });
-    if (!response.success) {
-      return {
-        ...statePartArg.getState()!,
-        error: response.message || 'Failed to update ACME config',
-      };
-    }
-    return await actionContext!.dispatch(fetchAcmeConfigAction, null);
-  } catch (error: unknown) {
-    return {
-      ...statePartArg.getState()!,
-      error: error instanceof Error ? error.message : 'Failed to update ACME config',
-    };
-  }
-});
-// ============================================================================
-// Route Management Actions
-// ============================================================================
-export const fetchMergedRoutesAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetMergedRoutes
-    >('/typedrequest', 'getMergedRoutes');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      ...currentState,
-      mergedRoutes: response.routes,
-      warnings: response.warnings,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch routes',
-    };
-  }
-});
-export const fetchHttpRedirectsAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetHttpRedirects
-    >('/typedrequest', 'getHttpRedirects');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      ...currentState,
-      httpRedirects: response.redirects,
-      isLoading: false,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      isLoading: false,
-      error: error instanceof Error ? error.message : 'Failed to fetch HTTP redirects',
-    };
-  }
-});
-export const createRouteAction = routeManagementStatePart.createAction<{
-  route: any;
-  enabled?: boolean;
-  metadata?: any;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateRoute
-    >('/typedrequest', 'createRoute');
-    await request.fire({
-      identity: context.identity!,
-      route: dataArg.route,
-      enabled: dataArg.enabled,
-      metadata: dataArg.metadata,
-    });
-    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to create route',
-    };
-  }
-});
-export const updateRouteAction = routeManagementStatePart.createAction<{
-  id: string;
-  route?: any;
-  enabled?: boolean;
-  metadata?: any;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateRoute
-    >('/typedrequest', 'updateRoute');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      route: dataArg.route,
-      enabled: dataArg.enabled,
-      metadata: dataArg.metadata,
-    });
-    if (!response.success) {
-      throw new Error(response.message || 'Failed to update route');
-    }
-    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update route',
-    };
-  }
-});
-export const deleteRouteAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, routeId, actionContext): Promise<IRouteManagementState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteRoute
-      >('/typedrequest', 'deleteRoute');
-      const response = await request.fire({
-        identity: context.identity!,
-        id: routeId,
-      });
-      if (!response.success) {
-        throw new Error(response.message || 'Failed to delete route');
-      }
-      return await actionContext!.dispatch(fetchMergedRoutesAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete route',
-      };
-    }
-  }
-);
-export const toggleRouteAction = routeManagementStatePart.createAction<{
-  id: string;
-  enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ToggleRoute
-    >('/typedrequest', 'toggleRoute');
-    const response = await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      enabled: dataArg.enabled,
-    });
-    if (!response.success) {
-      throw new Error(response.message || 'Failed to toggle route');
-    }
-    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to toggle route',
-    };
-  }
-});
-// ============================================================================
-// API Token Actions
-// ============================================================================
-export const fetchApiTokensAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ListApiTokens
-    >('/typedrequest', 'listApiTokens');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      ...currentState,
-      apiTokens: response.tokens,
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to fetch tokens',
-    };
-  }
-});
-export const fetchGatewayClientsAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ListGatewayClients
-    >('/typedrequest', 'listGatewayClients');
-    const response = await request.fire({ identity: context.identity });
-    return {
-      ...currentState,
-      gatewayClients: response.gatewayClients,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to fetch gateway clients',
-    };
-  }
-});
-export async function createGatewayClient(data: {
-  id?: string;
-  type: interfaces.data.IGatewayClient['type'];
-  name: string;
-  description?: string;
-  hostnamePatterns?: string[];
-  allowedRouteTargets?: interfaces.data.IGatewayClient['allowedRouteTargets'];
-}) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_CreateGatewayClient
-  >('/typedrequest', 'createGatewayClient');
-  return request.fire({
-    identity: context.identity!,
-    capabilities: {
-      readDomains: true,
-      readDnsRecords: true,
-      syncRoutes: true,
-      syncDnsRecords: false,
-      requestCertificates: false,
-    },
-    ...data,
-  });
-}
-export const updateGatewayClientAction = routeManagementStatePart.createAction<{
-  id: string;
-  name?: string;
-  description?: string;
-  hostnamePatterns?: string[];
-  allowedRouteTargets?: interfaces.data.IGatewayClient['allowedRouteTargets'];
-  enabled?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateGatewayClient
-    >('/typedrequest', 'updateGatewayClient');
-    await request.fire({ identity: context.identity!, ...dataArg });
-    return await actionContext!.dispatch(fetchGatewayClientsAction, null);
-  } catch (error) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to update gateway client',
-    };
-  }
-});
-export const deleteGatewayClientAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, gatewayClientId, actionContext): Promise<IRouteManagementState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteGatewayClient
-      >('/typedrequest', 'deleteGatewayClient');
-      await request.fire({ identity: context.identity!, id: gatewayClientId });
-      return await actionContext!.dispatch(fetchGatewayClientsAction, null);
-    } catch (error) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete gateway client',
-      };
-    }
-  },
-);
-export async function createGatewayClientToken(
-  gatewayClientId: string,
-  name?: string,
-  expiresInDays?: number | null,
-) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_CreateGatewayClientToken
-  >('/typedrequest', 'createGatewayClientToken');
-  return request.fire({
-    identity: context.identity!,
-    gatewayClientId,
-    name,
-    expiresInDays,
-  });
-}
-// Users
-export const fetchUsersAction = usersStatePart.createAction(async (statePartArg): Promise<IUsersState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ListUsers
-    >('/typedrequest', 'listUsers');
-    const response = await request.fire({
-      identity: context.identity,
-    });
-    return {
-      ...currentState,
-      users: response.users,
-      error: null,
-      lastUpdated: Date.now(),
-    };
-  } catch (error) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to fetch users',
-    };
-  }
-});
-export const createUserAction = usersStatePart.createAction<{
-  email: string;
-  name?: string;
-  role: interfaces.requests.TUserManagementRole;
-  password: string;
-  enableIdpGlobalAuth?: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IUsersState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  if (!context.identity) return currentState;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateUser
-    >('/typedrequest', 'createUser');
-    const response = await request.fire({
-      identity: context.identity,
-      email: dataArg.email,
-      name: dataArg.name,
-      role: dataArg.role,
-      password: dataArg.password,
-      enableIdpGlobalAuth: dataArg.enableIdpGlobalAuth,
-    });
-    if (!response.success) {
-      throw new Error(response.message || 'Failed to create user');
-    }
-    return await actionContext!.dispatch(fetchUsersAction, null);
-  } catch (error) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to create user',
-    };
-  }
-});
-export const deleteUserAction = usersStatePart.createAction<string>(
-  async (statePartArg, userIdArg, actionContext): Promise<IUsersState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteUser
-      >('/typedrequest', 'deleteUser');
-      const response = await request.fire({
-        identity: context.identity,
-        id: userIdArg,
-      });
-      if (!response.success) {
-        throw new Error(response.message || 'Failed to delete user');
-      }
-      return await actionContext!.dispatch(fetchUsersAction, null);
-    } catch (error) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to delete user',
-      };
-    }
-  },
-);
-export async function createApiToken(
-  name: string,
-  scopes: interfaces.data.TApiTokenScope[],
-  expiresInDays?: number | null,
-  policy?: any,
-) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_CreateApiToken
-  >('/typedrequest', 'createApiToken');
-  return request.fire({
-    identity: context.identity!,
-    name,
-    scopes,
-    policy,
-    expiresInDays,
-  });
-}
-export async function rollApiToken(id: string) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_RollApiToken
-  >('/typedrequest', 'rollApiToken');
-  return request.fire({
-    identity: context.identity!,
-    id,
-  });
-}
-export const revokeApiTokenAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, tokenId, actionContext): Promise<IRouteManagementState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_RevokeApiToken
-      >('/typedrequest', 'revokeApiToken');
-      await request.fire({
-        identity: context.identity!,
-        id: tokenId,
-      });
-      return await actionContext!.dispatch(fetchApiTokensAction, null);
-    } catch (error: unknown) {
-      return {
-        ...currentState,
-        error: error instanceof Error ? error.message : 'Failed to revoke token',
-      };
-    }
-  }
-);
-export const toggleApiTokenAction = routeManagementStatePart.createAction<{
-  id: string;
-  enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_ToggleApiToken
-    >('/typedrequest', 'toggleApiToken');
-    await request.fire({
-      identity: context.identity!,
-      id: dataArg.id,
-      enabled: dataArg.enabled,
-    });
-    return await actionContext!.dispatch(fetchApiTokensAction, null);
-  } catch (error: unknown) {
-    return {
-      ...currentState,
-      error: error instanceof Error ? error.message : 'Failed to toggle token',
-    };
-  }
-});
-// ============================================================================
-// Email Domains State
-// ============================================================================
-export interface IEmailDomainsState {
-  domains: interfaces.data.IEmailDomain[];
-  settings: interfaces.data.IEmailServerSettings | null;
-  isLoading: boolean;
-  lastUpdated: number;
-}
-export const emailDomainsStatePart = await appState.getStatePart<IEmailDomainsState>(
-  'emailDomains',
-  {
-    domains: [],
-    settings: null,
-    isLoading: false,
-    lastUpdated: 0,
-  },
-  'soft',
-);
-export const fetchEmailDomainsAction = emailDomainsStatePart.createAction(
-  async (statePartArg): Promise<IEmailDomainsState> => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    if (!context.identity) return currentState;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetEmailDomains
-      >('/typedrequest', 'getEmailDomains');
-      const settingsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_GetEmailServerSettings
-      >('/typedrequest', 'getEmailServerSettings');
-      const response = await request.fire({ identity: context.identity });
-      const settingsResponse = await settingsRequest.fire({ identity: context.identity });
-      return {
-        ...currentState,
-        domains: response.domains,
-        settings: settingsResponse.settings,
-        isLoading: false,
-        lastUpdated: Date.now(),
-      };
-    } catch {
-      return { ...currentState, isLoading: false };
-    }
-  },
-);
-export const createEmailDomainAction = emailDomainsStatePart.createAction<{
-  linkedDomainId: string;
-  subdomain?: string;
-  dkimSelector?: string;
-  dkimKeySize?: number;
-  rotateKeys?: boolean;
-  rotationIntervalDays?: number;
-}>(async (statePartArg, args, actionContext) => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_CreateEmailDomain
-    >('/typedrequest', 'createEmailDomain');
-    await request.fire({ identity: context.identity!, ...args });
-    return await actionContext!.dispatch(fetchEmailDomainsAction, null);
-  } catch {
-    return currentState;
-  }
-});
-export const updateEmailServerSettingsAction = emailDomainsStatePart.createAction<
-  interfaces.data.TEmailServerSettingsUpdate
->(async (statePartArg, settings, actionContext) => {
-  const context = getActionContext();
-  const currentState = statePartArg.getState()!;
-  try {
-    const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_UpdateEmailServerSettings
-    >('/typedrequest', 'updateEmailServerSettings');
-    const response = await request.fire({ identity: context.identity!, settings });
-    if (!response.success) {
-      return currentState;
-    }
-    return await actionContext!.dispatch(fetchEmailDomainsAction, null);
-  } catch {
-    return currentState;
-  }
-});
-export const deleteEmailDomainAction = emailDomainsStatePart.createAction<string>(
-  async (statePartArg, id, actionContext) => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_DeleteEmailDomain
-      >('/typedrequest', 'deleteEmailDomain');
-      await request.fire({ identity: context.identity!, id });
-      return await actionContext!.dispatch(fetchEmailDomainsAction, null);
-    } catch {
-      return currentState;
-    }
-  },
-);
-export const validateEmailDomainAction = emailDomainsStatePart.createAction<string>(
-  async (statePartArg, id, actionContext) => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_ValidateEmailDomain
-      >('/typedrequest', 'validateEmailDomain');
-      await request.fire({ identity: context.identity!, id });
-      return await actionContext!.dispatch(fetchEmailDomainsAction, null);
-    } catch {
-      return currentState;
-    }
-  },
-);
-export const provisionEmailDomainDnsAction = emailDomainsStatePart.createAction<string>(
-  async (statePartArg, id, actionContext) => {
-    const context = getActionContext();
-    const currentState = statePartArg.getState()!;
-    try {
-      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-        interfaces.requests.IReq_ProvisionEmailDomainDns
-      >('/typedrequest', 'provisionEmailDomainDns');
-      await request.fire({ identity: context.identity!, id });
-      return await actionContext!.dispatch(fetchEmailDomainsAction, null);
-    } catch {
-      return currentState;
-    }
-  },
-);
-// ============================================================================
-// Email Domain Standalone Functions
-// ============================================================================
-export async function fetchEmailDomainDnsRecords(id: string) {
-  const context = getActionContext();
-  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
-    interfaces.requests.IReq_GetEmailDomainDnsRecords
-  >('/typedrequest', 'getEmailDomainDnsRecords');
-  return request.fire({ identity: context.identity!, id });
-}
-// ============================================================================
-// TypedSocket Client for Real-time Log Streaming
-// ============================================================================
-let socketClient: plugins.typedsocket.TypedSocket | null = null;
-const socketRouter = new plugins.domtools.plugins.typedrequest.TypedRouter();
-// Batched log entry handler — buffers incoming entries and flushes once per animation frame
-let logEntryBuffer: interfaces.data.ILogEntry[] = [];
-let logFlushScheduled = false;
-function flushLogEntries() {
-  logFlushScheduled = false;
-  if (logEntryBuffer.length === 0) return;
-  const current = logStatePart.getState()!;
-  const updated = [...current.recentLogs, ...logEntryBuffer];
-  logEntryBuffer = [];
-  // Cap at 2000 entries
-  if (updated.length > 2000) {
-    updated.splice(0, updated.length - 2000);
-  }
-  logStatePart.setState({ ...current, recentLogs: updated } as ILogState);
-}
-// Register handler for pushed log entries from the server
-socketRouter.addTypedHandler(
-  new plugins.domtools.plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PushLogEntry>(
-    'pushLogEntry',
-    async (dataArg) => {
-      logEntryBuffer.push(dataArg.entry);
-      if (!logFlushScheduled) {
-        logFlushScheduled = true;
-        requestAnimationFrame(flushLogEntries);
-      }
-      return {};
-    }
-  )
-);
-async function connectSocket() {
-  if (socketClient) return;
-  try {
-    socketClient = await plugins.typedsocket.TypedSocket.createClient(
-      socketRouter,
-      plugins.typedsocket.TypedSocket.useWindowLocationOriginUrl(),
-    );
-    await socketClient.setTag('role', 'ops_dashboard');
-  } catch (err) {
-    console.error('TypedSocket connection failed:', err);
-    socketClient = null;
-  }
-}
-async function disconnectSocket() {
-  if (socketClient) {
-    try {
-      await socketClient.stop();
-    } catch {
-      // ignore disconnect errors
-    }
-    socketClient = null;
-  }
-}
-// In-flight guard to prevent concurrent refresh requests
-let isRefreshing = false;
-// Combined refresh action for efficient polling
-async function dispatchCombinedRefreshAction() {
-  if (isRefreshing) return;
-  isRefreshing = true;
-  try {
-    await dispatchCombinedRefreshActionInner();
-  } finally {
-    isRefreshing = false;
-  }
-}
-async function dispatchCombinedRefreshActionInner() {
-  const context = getActionContext();
-  if (!context.identity) return;
-  const currentView = uiStatePart.getState()!.activeView;
-  const currentSubview = uiStatePart.getState()!.activeSubview;
-  try {
-    // Always fetch basic stats for dashboard widgets
-    const combinedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
-      interfaces.requests.IReq_GetCombinedMetrics
-    >('/typedrequest', 'getCombinedMetrics');
-    const combinedResponse = await combinedRequest.fire({
-      identity: context.identity,
-      sections: {
-        server: true,
-        email: true,
-        dns: true,
-        security: true,
-        network: currentView === 'network' && currentSubview === 'activity',
-        radius: true,
-        vpn: true,
-      },
-    });
-    // Update all stats from combined response
-    const currentStatsState = statsStatePart.getState()!;
-    statsStatePart.setState({
-      ...currentStatsState,
-      serverStats: combinedResponse.metrics.server || currentStatsState.serverStats,
-      emailStats: combinedResponse.metrics.email || currentStatsState.emailStats,
-      dnsStats: combinedResponse.metrics.dns || currentStatsState.dnsStats,
-      securityMetrics: combinedResponse.metrics.security || currentStatsState.securityMetrics,
-      radiusStats: combinedResponse.metrics.radius || currentStatsState.radiusStats,
-      vpnStats: combinedResponse.metrics.vpn || currentStatsState.vpnStats,
-      lastUpdated: Date.now(),
-      isLoading: false,
-      error: null,
-    });
-    // Update network stats if included
-    if (combinedResponse.metrics.network && currentView === 'network') {
-      const network = combinedResponse.metrics.network;
-      const connectionsByIP: { [ip: string]: number } = {};
-      // Build connectionsByIP from connectionDetails (now populated with real per-IP data)
-      network.connectionDetails.forEach(conn => {
-        connectionsByIP[conn.remoteAddress] = (connectionsByIP[conn.remoteAddress] || 0) + (conn.connectionCount || 1);
-      });
-      // Build connections from connectionDetails (real per-IP aggregates)
-      const connections: interfaces.data.IConnectionInfo[] = network.connectionDetails.map((conn, i) => ({
-        id: `ip-${conn.remoteAddress}`,
-        remoteAddress: conn.remoteAddress,
-        localAddress: 'server',
-        startTime: conn.startTime,
-        protocol: conn.protocol as any,
-        state: conn.state as any,
-        bytesReceived: conn.bytesIn,
-        bytesSent: conn.bytesOut,
-        connectionCount: conn.connectionCount,
-      }));
-      networkStatePart.setState({
-        ...networkStatePart.getState()!,
-        connections,
-        connectionsByIP,
-        throughputRate: {
-          bytesInPerSecond: network.totalBandwidth.in,
-          bytesOutPerSecond: network.totalBandwidth.out,
-        },
-        totalBytes: network.totalBytes || { in: 0, out: 0 },
-        topIPs: network.topEndpoints.map(e => ({ ip: e.endpoint, count: e.connections })),
-        topIPsByBandwidth: (network.topEndpointsByBandwidth || []).map(e => ({
-          ip: e.endpoint,
-          count: e.connections,
-          bwIn: e.bandwidth?.in || 0,
-          bwOut: e.bandwidth?.out || 0,
-        })),
-        topASNs: network.topASNs || [],
-        throughputByIP: network.topEndpoints.map(e => ({ ip: e.endpoint, in: e.bandwidth?.in || 0, out: e.bandwidth?.out || 0 })),
-        domainActivity: network.domainActivity || [],
-        throughputHistory: network.throughputHistory || [],
-        requestsPerSecond: network.requestsPerSecond || 0,
-        requestsTotal: network.requestsTotal || 0,
-        backends: network.backends || [],
-        frontendProtocols: network.frontendProtocols || null,
-        backendProtocols: network.backendProtocols || null,
-        lastUpdated: Date.now(),
-        isLoading: false,
-        error: null,
-      });
-      refreshNetworkIpIntelligence(context.identity, [
-        ...network.connectionDetails.map((conn) => conn.remoteAddress),
-        ...network.topEndpoints.map((endpoint) => endpoint.endpoint),
-        ...(network.topEndpointsByBandwidth || []).map((endpoint) => endpoint.endpoint),
-      ]);
-    }
-    if (currentView === 'security') {
-      runBackgroundRefresh('securityPolicy', 'Security policy refresh failed:', async () => {
-        await securityPolicyStatePart.dispatchAction(fetchSecurityPolicyAction, null);
-      });
-    }
-    // Refresh certificate data if on Domains > Certificates subview
-    if (currentView === 'domains' && currentSubview === 'certificates') {
-      runBackgroundRefresh('certificates', 'Certificate refresh failed:', async () => {
-        await certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
-      });
-    }
-    // Refresh remote ingress data if on the Network → Remote Ingress subview
-    if (currentView === 'network' && currentSubview === 'remoteingress') {
-      runBackgroundRefresh('remoteIngress', 'Remote ingress refresh failed:', async () => {
-        await remoteIngressStatePart.dispatchAction(fetchRemoteIngressAction, null);
-      });
-    }
-    // Refresh VPN data if on the Network → VPN subview
-    if (currentView === 'network' && currentSubview === 'vpn') {
-      runBackgroundRefresh('vpn', 'VPN refresh failed:', async () => {
-        await vpnStatePart.dispatchAction(fetchVpnAction, null);
-      });
-    }
-  } catch (error) {
-    console.error('Combined refresh failed:', error);
-    // If the error looks like an auth failure (invalid JWT), force re-login
-    const errMsg = String(error);
-    if (errMsg.includes('invalid') || errMsg.includes('unauthorized') || errMsg.includes('401')) {
-      await loginStatePart.dispatchAction(logoutAction, null);
-      window.location.reload();
-    }
-  }
-}
-// Create a proper action for the combined refresh so we can use createScheduledAction
-const combinedRefreshAction = statsStatePart.createAction<void>(async (statePartArg) => {
-  await dispatchCombinedRefreshAction();
-  // Return current state — dispatchCombinedRefreshAction already updates all state parts directly
-  return statePartArg.getState()!;
-});
-// Scheduled refresh process with autoPause: 'visibility' — automatically pauses when tab is hidden
-let refreshProcess: ReturnType<typeof statsStatePart.createScheduledAction> | null = null;
-const startAutoRefresh = () => {
-  const uiState = uiStatePart.getState()!;
-  const loginState = loginStatePart.getState()!;
-  if (uiState.autoRefresh && loginState.isLoggedIn) {
-    // Dispose old process if interval changed or not running
-    if (refreshProcess) {
-      refreshProcess.dispose();
-      refreshProcess = null;
-    }
-    refreshProcess = statsStatePart.createScheduledAction({
-      action: combinedRefreshAction,
-      payload: undefined,
-      intervalMs: uiState.refreshInterval,
-      autoPause: 'visibility',
-    });
-  } else {
-    if (refreshProcess) {
-      refreshProcess.dispose();
-      refreshProcess = null;
-    }
-  }
-};
-// Watch for relevant changes
-let previousAutoRefresh = uiStatePart.getState()!.autoRefresh;
-let previousRefreshInterval = uiStatePart.getState()!.refreshInterval;
-let previousIsLoggedIn = loginStatePart.getState()!.isLoggedIn;
-uiStatePart.select((s) => ({ autoRefresh: s.autoRefresh, refreshInterval: s.refreshInterval }))
-  .subscribe((state) => {
-    if (state.autoRefresh !== previousAutoRefresh ||
-        state.refreshInterval !== previousRefreshInterval) {
-      previousAutoRefresh = state.autoRefresh;
-      previousRefreshInterval = state.refreshInterval;
-      startAutoRefresh();
-    }
-  });
-loginStatePart.select((s) => s.isLoggedIn).subscribe((isLoggedIn) => {
-  if (isLoggedIn !== previousIsLoggedIn) {
-    previousIsLoggedIn = isLoggedIn;
-    startAutoRefresh();
-    // Connect/disconnect TypedSocket based on login state
-    if (isLoggedIn) {
-      connectSocket();
-    } else {
-      disconnectSocket();
-    }
-  }
-});
-// Pause/resume WebSocket when tab visibility changes
-document.addEventListener('visibilitychange', () => {
-  if (document.hidden) {
-    disconnectSocket();
-  } else if (loginStatePart.getState()!.isLoggedIn) {
-    connectSocket();
-  }
-});
-// Initial start
-startAutoRefresh();
-// Connect TypedSocket if already logged in (e.g., persistent session)
-if (loginStatePart.getState()!.isLoggedIn) {
-  connectSocket();
-}
+// State management for the dcrouter Ops UI, split into per-domain modules.
+// This barrel preserves the historical import path for all elements.
+export * from './appstate/shared.js';
+export * from './appstate/login.js';
+export * from './appstate/stats.js';
+export * from './appstate/config.js';
+export * from './appstate/logs.js';
+export * from './appstate/network.js';
+export * from './appstate/security.js';
+export * from './appstate/ui.js';
+export * from './appstate/email-ops.js';
+export * from './appstate/certificates.js';
+export * from './appstate/acme.js';
+export * from './appstate/remoteingress.js';
+export * from './appstate/vpn.js';
+export * from './appstate/target-profiles.js';
+export * from './appstate/profiles-targets.js';
+export * from './appstate/domains.js';
+export * from './appstate/routes.js';
+export * from './appstate/users.js';
+export * from './appstate/email-domains.js';
+// Side-effect module: auto-refresh scheduling and TypedSocket log streaming.
+import './appstate/runtime.js';