@singbox-iac/cli 0.1.6 → 0.1.7

package/dist/modules/transactions/index.d.ts

@@ -0,0 +1,20 @@
+import type { BuilderConfig } from "../../config/schema.js";
+import type { ApplyTransaction } from "../../domain/transaction.js";
+export interface ApplyWithTransactionInput {
+    readonly config: BuilderConfig;
+    readonly generatedPath: string;
+    readonly livePath: string;
+    readonly backupPath: string;
+    readonly verificationSummary: Record<string, unknown>;
+    readonly retainSnapshots?: number;
+    readonly apply: () => Promise<void>;
+}
+export interface RollbackInput {
+    readonly config: BuilderConfig;
+    readonly livePath?: string;
+    readonly afterRestore?: () => Promise<void>;
+}
+export declare function applyWithTransaction(input: ApplyWithTransactionInput): Promise<ApplyTransaction>;
+export declare function listTransactionHistory(config: BuilderConfig): Promise<readonly ApplyTransaction[]>;
+export declare function rollbackToPrevious(input: RollbackInput): Promise<ApplyTransaction>;
+export declare function resolveTransactionHistoryPath(config: BuilderConfig): string;

package/dist/modules/transactions/index.js

@@ -0,0 +1,150 @@
+import { constants } from "node:fs";
+import { access, copyFile, mkdir, readFile, readdir, rm, writeFile } from "node:fs/promises";
+import path from "node:path";
+export async function applyWithTransaction(input) {
+    const txId = createTxId();
+    const historyPath = resolveTransactionHistoryPath(input.config);
+    const snapshotsDir = resolveSnapshotsDir(input.config);
+    await mkdir(path.dirname(historyPath), { recursive: true });
+    await mkdir(snapshotsDir, { recursive: true });
+    const liveExists = await pathExists(input.livePath);
+    const snapshotPath = liveExists ? path.join(snapshotsDir, `${txId}.json`) : undefined;
+    if (snapshotPath) {
+        await copyFile(input.livePath, snapshotPath);
+    }
+    if (input.backupPath && liveExists) {
+        await mkdir(path.dirname(input.backupPath), { recursive: true });
+        await copyFile(input.livePath, input.backupPath);
+    }
+    const pending = {
+        txId,
+        generatedPath: input.generatedPath,
+        livePath: input.livePath,
+        backupPath: input.backupPath,
+        ...(snapshotPath ? { snapshotPath } : {}),
+        startedAt: new Date().toISOString(),
+        status: "pending",
+        verificationSummary: input.verificationSummary,
+    };
+    await appendTransaction(historyPath, pending);
+    try {
+        await input.apply();
+        const applied = {
+            ...pending,
+            completedAt: new Date().toISOString(),
+            status: "applied",
+        };
+        await replaceLatestTransaction(historyPath, applied);
+        await trimSnapshots(historyPath, snapshotsDir, input.retainSnapshots ?? 5);
+        return applied;
+    }
+    catch (error) {
+        if (snapshotPath && (await pathExists(snapshotPath))) {
+            await copyFile(snapshotPath, input.livePath);
+            const rolledBack = {
+                ...pending,
+                completedAt: new Date().toISOString(),
+                status: "rolled-back",
+                error: error instanceof Error ? error.message : String(error),
+            };
+            await replaceLatestTransaction(historyPath, rolledBack);
+        }
+        else {
+            const failed = {
+                ...pending,
+                completedAt: new Date().toISOString(),
+                status: "failed",
+                error: error instanceof Error ? error.message : String(error),
+            };
+            await replaceLatestTransaction(historyPath, failed);
+        }
+        throw error;
+    }
+}
+export async function listTransactionHistory(config) {
+    return (await loadTransactionLog(resolveTransactionHistoryPath(config))).entries;
+}
+export async function rollbackToPrevious(input) {
+    const config = input.config;
+    const livePath = input.livePath ?? config.output.livePath;
+    const historyPath = resolveTransactionHistoryPath(config);
+    const log = await loadTransactionLog(historyPath);
+    const previous = log.entries.find((entry) => entry.status === "applied" && entry.snapshotPath);
+    if (!previous?.snapshotPath) {
+        throw new Error("No previous snapshot is available for rollback.");
+    }
+    if (!(await pathExists(previous.snapshotPath))) {
+        throw new Error(`The previous snapshot is missing: ${previous.snapshotPath}`);
+    }
+    await mkdir(path.dirname(livePath), { recursive: true });
+    await copyFile(previous.snapshotPath, livePath);
+    if (input.afterRestore) {
+        await input.afterRestore();
+    }
+    const tx = {
+        txId: createTxId(),
+        generatedPath: previous.snapshotPath,
+        livePath,
+        backupPath: config.output.backupPath,
+        snapshotPath: previous.snapshotPath,
+        startedAt: new Date().toISOString(),
+        completedAt: new Date().toISOString(),
+        status: "rolled-back",
+        verificationSummary: {
+            rollbackTo: previous.txId,
+        },
+    };
+    await appendTransaction(historyPath, tx);
+    return tx;
+}
+export function resolveTransactionHistoryPath(config) {
+    return path.join(path.dirname(config.output.stagingPath), "transactions.json");
+}
+function resolveSnapshotsDir(config) {
+    return path.join(path.dirname(config.output.stagingPath), "snapshots");
+}
+async function loadTransactionLog(historyPath) {
+    if (!(await pathExists(historyPath))) {
+        return { version: 1, entries: [] };
+    }
+    return JSON.parse(await readFile(historyPath, "utf8"));
+}
+async function appendTransaction(historyPath, entry) {
+    const log = await loadTransactionLog(historyPath);
+    await writeFile(historyPath, `${JSON.stringify({ version: 1, entries: [entry, ...log.entries] }, null, 2)}\n`, "utf8");
+}
+async function replaceLatestTransaction(historyPath, entry) {
+    const log = await loadTransactionLog(historyPath);
+    const [, ...rest] = log.entries;
+    await writeFile(historyPath, `${JSON.stringify({ version: 1, entries: [entry, ...rest] }, null, 2)}\n`, "utf8");
+}
+async function trimSnapshots(historyPath, snapshotsDir, retainSnapshots) {
+    const log = await loadTransactionLog(historyPath);
+    const keep = new Set(log.entries
+        .filter((entry) => entry.snapshotPath)
+        .slice(0, retainSnapshots)
+        .map((entry) => entry.snapshotPath));
+    if (!(await pathExists(snapshotsDir))) {
+        return;
+    }
+    const files = await readdir(snapshotsDir);
+    await Promise.all(files.map(async (fileName) => {
+        const filePath = path.join(snapshotsDir, fileName);
+        if (!keep.has(filePath)) {
+            await rm(filePath, { force: true });
+        }
+    }));
+}
+async function pathExists(filePath) {
+    try {
+        await access(filePath, constants.F_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function createTxId() {
+    return `tx-${Date.now()}-${Math.random().toString(16).slice(2, 10)}`;
+}
+//# sourceMappingURL=index.js.map

package/dist/modules/transactions/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/transactions/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7F,OAAO,IAAI,MAAM,WAAW,CAAC;AA0B7B,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,KAAgC;IAEhC,MAAM,IAAI,GAAG,UAAU,EAAE,CAAC;IAC1B,MAAM,WAAW,GAAG,6BAA6B,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,mBAAmB,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACvD,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE/C,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACtF,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,QAAQ,CAAC,KAAK,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC/C,CAAC;IACD,IAAI,KAAK,CAAC,UAAU,IAAI,UAAU,EAAE,CAAC;QACnC,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACjE,MAAM,QAAQ,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,OAAO,GAAqB;QAChC,IAAI;QACJ,aAAa,EAAE,KAAK,CAAC,aAAa;QAClC,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,UAAU,EAAE,KAAK,CAAC,UAAU;QAC5B,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,MAAM,EAAE,SAAS;QACjB,mBAAmB,EAAE,KAAK,CAAC,mBAAmB;KAC/C,CAAC;IACF,MAAM,iBAAiB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAE9C,IAAI,CAAC;QACH,MAAM,KAAK,CAAC,KAAK,EAAE,CAAC;QACpB,MAAM,OAAO,GAAqB;YAChC,GAAG,OAAO;YACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,MAAM,EAAE,SAAS;SAClB,CAAC;QACF,MAAM,wBAAwB,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QACrD,MAAM,aAAa,CAAC,WAAW,EAAE,YAAY,EAAE,KAAK,CAAC,eAAe,IAAI,CAAC,CAAC,CAAC;QAC3E,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,YAAY,IAAI,CAAC,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YACrD,MAAM,QAAQ,CAAC,YAAY,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC7C,MAAM,UAAU,GAAqB;gBACnC,GAAG,OAAO;gBACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,MAAM,EAAE,aAAa;gBACrB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC;YACF,MAAM,wBAAwB,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAC1D,CAAC;aAAM,CAAC;YACN,MAAM,MAAM,GAAqB;gBAC/B,GAAG,OAAO;gBACV,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACrC,MAAM,EAAE,QAAQ;gBAChB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC;YACF,MAAM,wBAAwB,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,MAAqB;IAErB,OAAO,CAAC,MAAM,kBAAkB,CAAC,6BAA6B,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;AACnF,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,KAAoB;IAC3D,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC5B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;IAC1D,MAAM,WAAW,GAAG,6BAA6B,CAAC,MAAM,CAAC,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,KAAK,SAAS,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC;IAE/F,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;QAC/C,MAAM,IAAI,KAAK,CAAC,qCAAqC,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;IAChF,CAAC;IAED,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,QAAQ,CAAC,QAAQ,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAChD,IAAI,KAAK,CAAC,YAAY,EAAE,CAAC;QACvB,MAAM,KAAK,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,MAAM,EAAE,GAAqB;QAC3B,IAAI,EAAE,UAAU,EAAE;QAClB,aAAa,EAAE,QAAQ,CAAC,YAAY;QACpC,QAAQ;QACR,UAAU,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;QACpC,YAAY,EAAE,QAAQ,CAAC,YAAY;QACnC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACrC,MAAM,EAAE,aAAa;QACrB,mBAAmB,EAAE;YACnB,UAAU,EAAE,QAAQ,CAAC,IAAI;SAC1B;KACF,CAAC;IACF,MAAM,iBAAiB,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IACzC,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,MAAM,UAAU,6BAA6B,CAAC,MAAqB;IACjE,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,mBAAmB,CAAC,CAAC;AACjF,CAAC;AAED,SAAS,mBAAmB,CAAC,MAAqB;IAChD,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,WAAW,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,kBAAkB,CAAC,WAAmB;IACnD,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;IACrC,CAAC;IAED,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC,CAAmB,CAAC;AAC3E,CAAC;AAED,KAAK,UAAU,iBAAiB,CAAC,WAAmB,EAAE,KAAuB;IAC3E,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,SAAS,CACb,WAAW,EACX,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAChF,MAAM,CACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,WAAmB,EACnB,KAAuB;IAEvB,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC;IAChC,MAAM,SAAS,CACb,WAAW,EACX,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EACzE,MAAM,CACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,WAAmB,EACnB,YAAoB,EACpB,eAAuB;IAEvB,MAAM,GAAG,GAAG,MAAM,kBAAkB,CAAC,WAAW,CAAC,CAAC;IAClD,MAAM,IAAI,GAAG,IAAI,GAAG,CAClB,GAAG,CAAC,OAAO;SACR,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC;SACrC,KAAK,CAAC,CAAC,EAAE,eAAe,CAAC;SACzB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,YAAsB,CAAC,CAChD,CAAC;IAEF,IAAI,CAAC,CAAC,MAAM,UAAU,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;QACtC,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,YAAY,CAAC,CAAC;IAC1C,MAAM,OAAO,CAAC,GAAG,CACf,KAAK,CAAC,GAAG,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE;QAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxB,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,CAAC;IACH,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,QAAgB;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,IAAI,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,MAAM,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;AACvE,CAAC"}

package/dist/modules/update/index.d.ts

@@ -19,5 +19,6 @@ export interface UpdateResult {
     readonly livePath: string;
     readonly backupPath?: string;
     readonly reloaded: boolean;
+    readonly transactionId: string;
 }
 export declare function runUpdate(input: RunUpdateInput): Promise<UpdateResult>;

package/dist/modules/update/index.js

@@ -1,6 +1,7 @@
 import { buildConfigArtifact } from "../build/index.js";
 import { applyConfig } from "../manager/index.js";
 import { shouldAutoReloadRuntime } from "../manager/index.js";
+import { applyWithTransaction } from "../transactions/index.js";
 import { assertVerificationReportPassed, verifyConfigRoutes, } from "../verification/index.js";
 export async function runUpdate(input) {
     const build = await buildConfigArtifact({
@@ -22,13 +23,27 @@ export async function runUpdate(input) {
     const livePath = input.livePath ?? input.config.output.livePath;
     const backupPath = input.backupPath ?? input.config.output.backupPath;
     const reloaded = input.reload ?? (await shouldAutoReloadRuntime(input.config.runtime.reload));
-    await applyConfig({
-        stagingPath: build.outputPath,
+    const transaction = await applyWithTransaction({
+        config: input.config,
+        generatedPath: build.outputPath,
         livePath,
-        ...(backupPath ? { backupPath } : {}),
-        ...(input.singBoxBinary ? { singBoxBinary: input.singBoxBinary } : {}),
-        reload: reloaded,
-        runtime: input.config.runtime.reload,
+        backupPath,
+        verificationSummary: verification
+            ? {
+                routeScenariosPassed: verification.scenarios.filter((scenario) => scenario.passed).length,
+                routeScenariosTotal: verification.scenarios.length,
+            }
+            : { routeScenariosSkipped: true },
+        apply: async () => {
+            await applyConfig({
+                stagingPath: build.outputPath,
+                livePath,
+                ...(backupPath ? { backupPath } : {}),
+                ...(input.singBoxBinary ? { singBoxBinary: input.singBoxBinary } : {}),
+                reload: reloaded,
+                runtime: input.config.runtime.reload,
+            });
+        },
     });
     return {
         build,
@@ -36,6 +51,7 @@ export async function runUpdate(input) {
         livePath,
         ...(backupPath ? { backupPath } : {}),
         reloaded,
+        transactionId: transaction.txId,
     };
 }
 //# sourceMappingURL=index.js.map

package/dist/modules/update/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/update/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAEL,8BAA8B,EAC9B,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAuBlC,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAAqB;IACnD,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC;QACtC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC,CAAC;IAEH,IAAI,YAA4C,CAAC;IACjD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,YAAY,GAAG,MAAM,kBAAkB,CAAC;YACtC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS;SACzD,CAAC,CAAC;QACH,8BAA8B,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;IAChE,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;IACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,MAAM,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9F,MAAM,WAAW,CAAC;QAChB,WAAW,EAAE,KAAK,CAAC,UAAU;QAC7B,QAAQ;QACR,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACtE,MAAM,EAAE,QAAQ;QAChB,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM;KACrC,CAAC,CAAC;IAEH,OAAO;QACL,KAAK;QACL,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,QAAQ;QACR,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,QAAQ;KACT,CAAC;AACJ,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/modules/update/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAEL,8BAA8B,EAC9B,kBAAkB,GACnB,MAAM,0BAA0B,CAAC;AAwBlC,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,KAAqB;IACnD,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC;QACtC,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC7D,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,gBAAgB,EAAE,KAAK,CAAC,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/E,GAAG,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,EAAE,eAAe,EAAE,KAAK,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC7E,CAAC,CAAC;IAEH,IAAI,YAA4C,CAAC;IACjD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC3B,YAAY,GAAG,MAAM,kBAAkB,CAAC;YACtC,UAAU,EAAE,KAAK,CAAC,UAAU;YAC5B,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACtE,GAAG,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACnE,mBAAmB,EAAE,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS;SACzD,CAAC,CAAC;QACH,8BAA8B,CAAC,YAAY,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC;IAChE,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC;IACtE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,IAAI,CAAC,MAAM,uBAAuB,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC;IAE9F,MAAM,WAAW,GAAG,MAAM,oBAAoB,CAAC;QAC7C,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,aAAa,EAAE,KAAK,CAAC,UAAU;QAC/B,QAAQ;QACR,UAAU;QACV,mBAAmB,EAAE,YAAY;YAC/B,CAAC,CAAC;gBACE,oBAAoB,EAAE,YAAY,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,MAAM;gBACzF,mBAAmB,EAAE,YAAY,CAAC,SAAS,CAAC,MAAM;aACnD;YACH,CAAC,CAAC,EAAE,qBAAqB,EAAE,IAAI,EAAE;QACnC,KAAK,EAAE,KAAK,IAAI,EAAE;YAChB,MAAM,WAAW,CAAC;gBAChB,WAAW,EAAE,KAAK,CAAC,UAAU;gBAC7B,QAAQ;gBACR,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACrC,GAAG,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBACtE,MAAM,EAAE,QAAQ;gBAChB,OAAO,EAAE,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM;aACrC,CAAC,CAAC;QACL,CAAC;KACF,CAAC,CAAC;IAEH,OAAO;QACL,KAAK;QACL,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,QAAQ;QACR,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrC,QAAQ;QACR,aAAa,EAAE,WAAW,CAAC,IAAI;KAChC,CAAC;AACJ,CAAC"}

package/dist/modules/verification/index.d.ts

@@ -1,4 +1,6 @@
 import type { BuilderConfig } from "../../config/schema.js";
+import type { DNSPlan } from "../../domain/dns-plan.js";
+import type { VerificationPlan } from "../../domain/verification-plan.js";
 type JsonObject = Record<string, unknown>;
 export interface VerifyConfigRoutesInput {
     readonly configPath: string;
@@ -40,6 +42,37 @@ export interface VisibleChromeLaunch {
     readonly urls: readonly string[];
     readonly userDataDir: string;
 }
+export interface DnsVerificationResult {
+    readonly domain: string;
+    readonly passed: boolean;
+    readonly expectedMode: "fake-ip" | "real-ip";
+    readonly actualMode: "fake-ip" | "real-ip";
+    readonly resolver: string;
+}
+export interface AppVerificationResult {
+    readonly app: string;
+    readonly passed: boolean;
+    readonly expectedInbound: "in-proxifier" | "in-default";
+    readonly expectedOutboundGroup: string;
+    readonly details: string;
+}
+export interface ProtocolVerificationResult {
+    readonly target: string;
+    readonly passed: boolean;
+    readonly expectTCPOnly: boolean;
+    readonly details: string;
+}
+export interface EgressVerificationResult {
+    readonly id: string;
+    readonly target: string;
+    readonly inbound: "in-mixed" | "in-proxifier";
+    readonly expectedOutboundGroup: string;
+    readonly passed: boolean;
+    readonly ip?: string;
+    readonly country?: string;
+    readonly asn?: string;
+    readonly details: string;
+}
 export declare function assertVerificationReportPassed(report: VerificationReport): void;
 interface PreparedVerificationConfig {
     readonly config: JsonObject;
@@ -68,6 +101,15 @@ interface RequestRunResult {
     readonly timedOut: boolean;
 }
 export declare function verifyConfigRoutes(input: VerifyConfigRoutesInput): Promise<VerificationReport>;
+export declare function verifyDnsPlan(plan: VerificationPlan, dnsPlan: DNSPlan): readonly DnsVerificationResult[];
+export declare function verifyAppPlan(plan: VerificationPlan, config: JsonObject): readonly AppVerificationResult[];
+export declare function verifyProtocolPlan(plan: VerificationPlan, config: JsonObject): readonly ProtocolVerificationResult[];
+export declare function verifyEgressPlan(input: {
+    readonly configPath: string;
+    readonly checks: VerificationPlan["egressChecks"];
+    readonly singBoxBinary?: string;
+    readonly requestBinary?: string;
+}): Promise<readonly EgressVerificationResult[]>;
 export declare function isRouteLevelProxySuccess(scenario: Pick<RuntimeScenario, "inboundTag">, requestResult: RequestRunResult): boolean;
 export declare function resolveChromeBinary(explicitPath?: string): Promise<string>;
 export declare function openVisibleChromeWindows(input: {

package/dist/modules/verification/index.js

@@ -77,6 +77,161 @@ export async function verifyConfigRoutes(input) {
         await Promise.race([exitPromise, new Promise((resolve) => setTimeout(resolve, 2_000))]);
     }
 }
+export function verifyDnsPlan(plan, dnsPlan) {
+    return plan.dnsChecks.map((check) => ({
+        domain: check.domain,
+        passed: dnsPlan.mode === check.expectedMode,
+        expectedMode: check.expectedMode,
+        actualMode: dnsPlan.mode,
+        resolver: check.expectedResolver ?? dnsPlan.defaultResolvers[0] ?? "unknown",
+    }));
+}
+export function verifyAppPlan(plan, config) {
+    const route = asObject(config.route, "Config is missing route.");
+    const rules = ensureArray(route.rules, "Route is missing rules.");
+    const proxifierProtected = rules.some((rule) => Array.isArray(rule.inbound) &&
+        rule.inbound.includes("in-proxifier") &&
+        rule.action === "route" &&
+        rule.outbound === "Process-Proxy");
+    return plan.appChecks.map((check) => ({
+        app: check.app,
+        passed: check.expectedInbound === "in-proxifier" ? proxifierProtected : true,
+        expectedInbound: check.expectedInbound,
+        expectedOutboundGroup: check.expectedOutboundGroup,
+        details: check.expectedInbound === "in-proxifier"
+            ? "Protected in-proxifier route is present."
+            : "No special app inbound is required.",
+    }));
+}
+export function verifyProtocolPlan(plan, config) {
+    const route = asObject(config.route, "Config is missing route.");
+    const rules = ensureArray(route.rules, "Route is missing rules.");
+    const quicReject = rules.some((rule) => rule.network === "udp" && rule.port === 443 && rule.action === "reject");
+    return plan.protocolChecks.map((check) => ({
+        target: check.target,
+        passed: check.expectTCPOnly ? quicReject : true,
+        expectTCPOnly: check.expectTCPOnly === true,
+        details: check.expectTCPOnly === true
+            ? quicReject
+                ? "UDP 443 reject is present, so TCP-only fallback is enforced."
+                : "UDP 443 reject is missing."
+            : "No protocol restriction requested.",
+    }));
+}
+export async function verifyEgressPlan(input) {
+    if (input.checks.length === 0) {
+        return [];
+    }
+    const singBoxBinary = await resolveSingBoxBinary(input.singBoxBinary);
+    const requestBinary = input.requestBinary ?? (await resolveCurlBinary());
+    const baseConfig = JSON.parse(await readFile(input.configPath, "utf8"));
+    const egressGeoServiceUrls = [
+        "https://api.ip.sb/geoip",
+        "https://ipinfo.io/json",
+        "https://ifconfig.co/json",
+    ];
+    const egressIpServiceUrls = [
+        "https://api.ipify.org?format=json",
+        "https://api64.ipify.org?format=json",
+        "https://ifconfig.me/all.json",
+        "https://icanhazip.com/",
+    ];
+    const results = [];
+    for (const check of input.checks) {
+        const prepared = await prepareVerificationConfig(baseConfig);
+        const route = asObject(prepared.config.route, "Config is missing route.");
+        const rules = ensureArray(route.rules, "Route is missing rules.");
+        rules.unshift({
+            domain_suffix: [...egressGeoServiceUrls, ...egressIpServiceUrls].map((url) => new URL(url).hostname),
+            action: "route",
+            outbound: check.expectedOutboundGroup,
+        });
+        const runDir = await mkdtemp(path.join(tmpdir(), "singbox-iac-egress-"));
+        const verifyConfigPath = path.join(runDir, "egress.config.json");
+        const logPath = path.join(runDir, "egress.log");
+        await writeFile(verifyConfigPath, `${JSON.stringify(prepared.config, null, 2)}\n`, "utf8");
+        await checkConfig({ configPath: verifyConfigPath, singBoxBinary });
+        const logBuffer = { text: "" };
+        const appender = async (chunk) => {
+            const text = chunk.toString();
+            logBuffer.text += text;
+            await writeFile(logPath, text, { encoding: "utf8", flag: "a" });
+        };
+        const child = spawn(singBoxBinary, ["run", "-c", verifyConfigPath], {
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        child.stdout.on("data", (chunk) => void appender(chunk));
+        child.stderr.on("data", (chunk) => void appender(chunk));
+        const exitPromise = new Promise((resolve, reject) => {
+            child.on("error", reject);
+            child.on("close", (code) => resolve(code ?? 0));
+        });
+        try {
+            await waitForLog(logBuffer, /sing-box started/, 15_000, "Timed out waiting for sing-box startup during egress verification.");
+            const proxyPort = check.inbound === "in-proxifier" ? prepared.proxifierPort : prepared.mixedPort;
+            let payload = await probeEgressPayload({
+                requestBinary,
+                proxyPort,
+                targets: [check.target, ...egressGeoServiceUrls.filter((url) => url !== check.target)],
+            });
+            let ip = extractIpAddress(payload);
+            let country = normalizeCountryCode(payload);
+            let asn = normalizeAsn(payload);
+            if (!ip || !country || !asn) {
+                const ipPayload = await probeEgressPayload({
+                    requestBinary,
+                    proxyPort,
+                    targets: egressIpServiceUrls,
+                });
+                payload = { ...payload, ...ipPayload };
+                ip = extractIpAddress(payload);
+                country = normalizeCountryCode(payload);
+                asn = normalizeAsn(payload);
+            }
+            if (ip && (!country || !asn)) {
+                const geoPayload = await probeEgressPayload({
+                    requestBinary,
+                    targets: [`https://api.ip.sb/geoip/${ip}`, `https://ipinfo.io/${ip}/json`],
+                });
+                payload = { ...payload, ...geoPayload, ip };
+                country = normalizeCountryCode(payload);
+                asn = normalizeAsn(payload);
+            }
+            const expectedCountrySatisfied = !check.expectedCountry || check.expectedCountry.length === 0
+                ? true
+                : country !== undefined && check.expectedCountry.includes(country);
+            const expectedAsnSatisfied = !check.expectedASN || check.expectedASN.length === 0
+                ? true
+                : asn !== undefined && check.expectedASN.some((expected) => asn.includes(expected));
+            results.push({
+                id: check.id,
+                target: check.target,
+                inbound: check.inbound,
+                expectedOutboundGroup: check.expectedOutboundGroup,
+                passed: expectedCountrySatisfied && expectedAsnSatisfied,
+                ...(ip ? { ip } : {}),
+                ...(country ? { country } : {}),
+                ...(asn ? { asn } : {}),
+                details: `Exit via ${check.expectedOutboundGroup} returned ${JSON.stringify(payload)}`,
+            });
+        }
+        catch (error) {
+            results.push({
+                id: check.id,
+                target: check.target,
+                inbound: check.inbound,
+                expectedOutboundGroup: check.expectedOutboundGroup,
+                passed: false,
+                details: error instanceof Error ? error.message : String(error),
+            });
+        }
+        finally {
+            child.kill("SIGINT");
+            await Promise.race([exitPromise, new Promise((resolve) => setTimeout(resolve, 2_000))]);
+        }
+    }
+    return results;
+}
 async function verifyRuntimeScenario(scenario, logBuffer, requestBinary) {
     const hostname = new URL(scenario.url).hostname;
     const expectedLog = scenario.expectedOutboundTag === "direct"
@@ -437,6 +592,56 @@ async function runProxyRequestScenario(input) {
         });
     });
 }
+async function runProxyJsonRequestScenario(input) {
+    return runJsonRequestScenario(input);
+}
+async function runJsonRequestScenario(input) {
+    const args = [
+        "--silent",
+        "--show-error",
+        "--location",
+        "--max-time",
+        "12",
+        "--connect-timeout",
+        "5",
+        input.url,
+    ];
+    if (typeof input.proxyPort === "number") {
+        args.splice(args.length - 1, 0, "--proxy", `http://127.0.0.1:${input.proxyPort}`);
+    }
+    return new Promise((resolve, reject) => {
+        const child = spawn(input.requestBinary, args, {
+            stdio: ["ignore", "pipe", "pipe"],
+        });
+        let stdout = "";
+        let stderr = "";
+        let timedOut = false;
+        const timeout = setTimeout(() => {
+            timedOut = true;
+            child.kill("SIGKILL");
+        }, 12_000);
+        child.stdout.on("data", (chunk) => {
+            stdout += chunk.toString();
+        });
+        child.stderr.on("data", (chunk) => {
+            stderr += chunk.toString();
+        });
+        child.on("error", (error) => {
+            clearTimeout(timeout);
+            reject(error);
+        });
+        child.on("close", (code) => {
+            clearTimeout(timeout);
+            resolve({
+                exitCode: code ?? 0,
+                stdout,
+                stderr,
+                timedOut,
+                body: stdout,
+            });
+        });
+    });
+}
 function detectRequestFailure(result) {
     if (result.exitCode !== 0 && !result.timedOut) {
         return `Proxy request exited with code ${result.exitCode}.\n${`${result.stdout}\n${result.stderr}`.trim()}`;
@@ -446,6 +651,75 @@ function detectRequestFailure(result) {
     }
     return undefined;
 }
+function parseEgressPayload(body) {
+    const trimmed = body.trim();
+    if (trimmed.length === 0) {
+        throw new Error("Egress probe returned an empty body.");
+    }
+    if (isIpAddress(trimmed)) {
+        return { ip: trimmed };
+    }
+    try {
+        return JSON.parse(trimmed);
+    }
+    catch {
+        throw new Error(`Unable to parse egress response JSON:\n${trimmed}`);
+    }
+}
+async function probeEgressPayload(input) {
+    const errors = [];
+    for (const target of input.targets) {
+        const result = await runJsonRequestScenario({
+            requestBinary: input.requestBinary,
+            url: target,
+            ...(typeof input.proxyPort === "number" ? { proxyPort: input.proxyPort } : {}),
+        });
+        if (result.exitCode !== 0 || result.timedOut) {
+            errors.push(`${target}: ${detectRequestFailure(result) ?? "request failed"}`);
+            continue;
+        }
+        try {
+            return parseEgressPayload(result.body);
+        }
+        catch (error) {
+            errors.push(`${target}: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    throw new Error(`All egress probes failed.\n${errors.join("\n")}`);
+}
+function extractIpAddress(payload) {
+    const candidates = [payload.ip, payload.query, payload.address];
+    for (const candidate of candidates) {
+        if (typeof candidate === "string" && isIpAddress(candidate.trim())) {
+            return candidate.trim();
+        }
+    }
+    return undefined;
+}
+function normalizeCountryCode(payload) {
+    if (typeof payload.country_code === "string") {
+        return payload.country_code.toUpperCase();
+    }
+    if (typeof payload.country === "string" && payload.country.length <= 3) {
+        return payload.country.toUpperCase();
+    }
+    return undefined;
+}
+function isIpAddress(value) {
+    return /^[\dA-Fa-f:.]+$/.test(value);
+}
+function normalizeAsn(payload) {
+    if (typeof payload.asn === "number") {
+        return `AS${payload.asn}`;
+    }
+    if (typeof payload.asn === "string") {
+        return payload.asn.startsWith("AS") ? payload.asn : `AS${payload.asn}`;
+    }
+    if (typeof payload.org === "string" && payload.org.length > 0) {
+        return payload.org;
+    }
+    return undefined;
+}
 async function waitForScenarioLogs(buffer, offset, patterns, timeoutMs) {
     const startedAt = Date.now();
     while (Date.now() - startedAt < timeoutMs) {