npm - @xopcai/xopc - Versions diffs - 0.0.77 → 0.0.78 - Mend

@xopcai/xopc 0.0.77 → 0.0.78

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

package/dist/src/tunnel/acme-cert-store.d.ts DELETED Viewed

@@ -1,34 +0,0 @@
-import { type AcmeConfig, type AcmeCertResult } from './acme-client.js';
-export type StoredCert = {
-    certPem: string;
-    keyPem: string;
-    domain: string;
-    issuedAt: string;
-    expiresAt: string;
-};
-type CertStatusListener = (summary: ReturnType<typeof getCertStatusSummary>) => void;
-export declare function subscribeCertStatus(listener: CertStatusListener): () => void;
-export declare function recordRenewalFailure(err: unknown): void;
-export declare function clearRenewalFailure(): void;
-export declare function loadStoredCert(): StoredCert | null;
-export declare function needsRenewal(cert: StoredCert): boolean;
-export declare function saveCert(result: AcmeCertResult): void;
-export declare function ensureValidCert(acmeConfig: AcmeConfig): Promise<StoredCert>;
-export declare function startRenewalScheduler(acmeConfig: AcmeConfig, onRenewed: () => void): void;
-export declare function stopRenewalScheduler(): void;
-export declare function getCertStatusSummary(): {
-    status: 'no_cert' | 'healthy' | 'expiring_soon' | 'critical' | 'renewal_failed';
-    domain: string | null;
-    issuedAt: string | null;
-    expiresAt: string | null;
-    daysUntilExpiry: number | null;
-    autoRenewal: boolean;
-    renewalFailed: boolean;
-    lastRenewalError: string | null;
-    lastRenewalErrorAt: string | null;
-};
-/** @internal */
-export declare function stopRenewalSchedulerForTests(): void;
-/** @internal */
-export declare function resetCertStoreStateForTests(): void;
-export {};

package/dist/src/tunnel/acme-cert-store.js DELETED Viewed

@@ -1,184 +0,0 @@
-import { resolveStateDir } from "../config/paths-state.js";
-import { createLogger } from "../utils/logger/index.js";
-import { init_logger } from "../utils/logger.js";
-import { init_paths } from "../config/paths.js";
-import { requestCertificate } from "./acme-client.js";
-import { join } from "node:path";
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
-//#region src/tunnel/acme-cert-store.ts
-init_paths();
-init_logger();
-const log = createLogger("TunnelCert");
-const RENEWAL_THRESHOLD_DAYS = 30;
-const RENEWAL_CHECK_INTERVAL_MS = 720 * 60 * 1e3;
-let renewalTimer = null;
-let lastRenewalError = null;
-let lastRenewalErrorAt = null;
-const certStatusListeners = /* @__PURE__ */ new Set();
-function subscribeCertStatus(listener) {
-	certStatusListeners.add(listener);
-	return () => certStatusListeners.delete(listener);
-}
-function emitCertStatusChange() {
-	const summary = getCertStatusSummary();
-	for (const listener of certStatusListeners) try {
-		listener(summary);
-	} catch (err) {
-		log.warn({
-			err,
-			phase: "cert_status_listener"
-		}, "Cert status listener failed");
-	}
-}
-function recordRenewalFailure(err) {
-	const errorMessage = err instanceof Error ? err.message : String(err);
-	lastRenewalError = errorMessage;
-	lastRenewalErrorAt = (/* @__PURE__ */ new Date()).toISOString();
-	log.error({
-		err,
-		errorMessage,
-		phase: "cert_renewal"
-	}, `Tunnel certificate renewal failed: ${errorMessage}`);
-	emitCertStatusChange();
-}
-function clearRenewalFailure() {
-	if (!lastRenewalError && !lastRenewalErrorAt) return;
-	lastRenewalError = null;
-	lastRenewalErrorAt = null;
-	emitCertStatusChange();
-}
-function getCertDir() {
-	const dir = join(resolveStateDir(), "tunnel", "cert");
-	mkdirSync(dir, { recursive: true });
-	return dir;
-}
-function loadStoredCert() {
-	const metaPath = join(getCertDir(), "cert-meta.json");
-	if (!existsSync(metaPath)) return null;
-	try {
-		const meta = JSON.parse(readFileSync(metaPath, "utf8"));
-		const certPath = join(getCertDir(), "fullchain.pem");
-		const keyPath = join(getCertDir(), "privkey.pem");
-		if (!existsSync(certPath) || !existsSync(keyPath)) return null;
-		meta.certPem = readFileSync(certPath, "utf8");
-		meta.keyPem = readFileSync(keyPath, "utf8");
-		return meta;
-	} catch {
-		return null;
-	}
-}
-function needsRenewal(cert) {
-	return (new Date(cert.expiresAt).getTime() - Date.now()) / 864e5 <= RENEWAL_THRESHOLD_DAYS;
-}
-function storedCertIsStaging(certPem) {
-	return certPem.includes("(STAGING)");
-}
-function storedCertMatchesAcmeConfig(existing, acmeConfig) {
-	const staging = acmeConfig.staging ?? false;
-	return storedCertIsStaging(existing.certPem) === staging;
-}
-function saveCert(result) {
-	const dir = getCertDir();
-	writeFileSync(join(dir, "fullchain.pem"), result.certPem, { mode: 420 });
-	writeFileSync(join(dir, "privkey.pem"), result.keyPem, { mode: 384 });
-	writeFileSync(join(dir, "cert-meta.json"), JSON.stringify({
-		domain: result.domain,
-		issuedAt: result.issuedAt.toISOString(),
-		expiresAt: result.expiresAt.toISOString()
-	}), "utf8");
-	log.info({
-		domain: result.domain,
-		expiresAt: result.expiresAt.toISOString()
-	}, "Certificate saved");
-	clearRenewalFailure();
-}
-async function ensureValidCert(acmeConfig) {
-	const existing = loadStoredCert();
-	const expectedDomain = `${acmeConfig.subdomain}.${acmeConfig.frpSubdomainHost}`;
-	if (existing && existing.domain === expectedDomain && !needsRenewal(existing) && storedCertMatchesAcmeConfig(existing, acmeConfig)) return existing;
-	if (existing && !storedCertMatchesAcmeConfig(existing, acmeConfig)) log.info({
-		domain: existing.domain,
-		staging: acmeConfig.staging ?? false
-	}, "Certificate CA mode mismatch, re-issuing");
-	else if (existing) log.info({ domain: existing.domain }, "Certificate expiring soon, renewing");
-	else log.info({ subdomain: acmeConfig.subdomain }, "No certificate, requesting new one");
-	try {
-		const result = await requestCertificate(acmeConfig);
-		saveCert(result);
-		return {
-			certPem: result.certPem,
-			keyPem: result.keyPem,
-			domain: result.domain,
-			issuedAt: result.issuedAt.toISOString(),
-			expiresAt: result.expiresAt.toISOString()
-		};
-	} catch (err) {
-		recordRenewalFailure(err);
-		throw err;
-	}
-}
-function startRenewalScheduler(acmeConfig, onRenewed) {
-	stopRenewalScheduler();
-	renewalTimer = setInterval(() => {
-		(async () => {
-			const cert = loadStoredCert();
-			if (!cert || !needsRenewal(cert)) return;
-			log.info({ domain: cert.domain }, "Auto-renewing certificate");
-			try {
-				await ensureValidCert(acmeConfig);
-				onRenewed();
-			} catch {}
-		})();
-	}, RENEWAL_CHECK_INTERVAL_MS);
-}
-function stopRenewalScheduler() {
-	if (renewalTimer) {
-		clearInterval(renewalTimer);
-		renewalTimer = null;
-	}
-}
-function getCertStatusSummary() {
-	const cert = loadStoredCert();
-	if (!cert) return {
-		status: lastRenewalError ? "renewal_failed" : "no_cert",
-		domain: null,
-		issuedAt: null,
-		expiresAt: null,
-		daysUntilExpiry: null,
-		autoRenewal: true,
-		renewalFailed: Boolean(lastRenewalError),
-		lastRenewalError,
-		lastRenewalErrorAt
-	};
-	const daysUntilExpiry = Math.floor((new Date(cert.expiresAt).getTime() - Date.now()) / 864e5);
-	let status = "healthy";
-	if (lastRenewalError) status = "renewal_failed";
-	else if (daysUntilExpiry <= 7) status = "critical";
-	else if (daysUntilExpiry <= 30) status = "expiring_soon";
-	return {
-		status,
-		domain: cert.domain,
-		issuedAt: cert.issuedAt,
-		expiresAt: cert.expiresAt,
-		daysUntilExpiry,
-		autoRenewal: true,
-		renewalFailed: Boolean(lastRenewalError),
-		lastRenewalError,
-		lastRenewalErrorAt
-	};
-}
-/** @internal */
-function stopRenewalSchedulerForTests() {
-	stopRenewalScheduler();
-}
-/** @internal */
-function resetCertStoreStateForTests() {
-	stopRenewalScheduler();
-	lastRenewalError = null;
-	lastRenewalErrorAt = null;
-	certStatusListeners.clear();
-}
-//#endregion
-export { clearRenewalFailure, ensureValidCert, getCertStatusSummary, loadStoredCert, needsRenewal, recordRenewalFailure, resetCertStoreStateForTests, saveCert, startRenewalScheduler, stopRenewalScheduler, stopRenewalSchedulerForTests, subscribeCertStatus };
-//# sourceMappingURL=acme-cert-store.js.map

package/dist/src/tunnel/acme-cert-store.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"acme-cert-store.js","names":[],"sources":["../../../src/tunnel/acme-cert-store.ts"],"sourcesContent":["import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs';\nimport { join } from 'node:path';\n\nimport { resolveStateDir } from '../config/paths.js';\nimport { createLogger } from '../utils/logger.js';\nimport { requestCertificate, type AcmeConfig, type AcmeCertResult } from './acme-client.js';\n\nconst log = createLogger('TunnelCert');\n\nconst RENEWAL_THRESHOLD_DAYS = 30;\nconst RENEWAL_CHECK_INTERVAL_MS = 12 * 60 * 60 * 1000;\n\nexport type StoredCert = {\n certPem: string;\n keyPem: string;\n domain: string;\n issuedAt: string;\n expiresAt: string;\n};\n\nlet renewalTimer: ReturnType<typeof setInterval> | null = null;\nlet lastRenewalError: string | null = null;\nlet lastRenewalErrorAt: string | null = null;\n\ntype CertStatusListener = (summary: ReturnType<typeof getCertStatusSummary>) => void;\nconst certStatusListeners = new Set<CertStatusListener>();\n\nexport function subscribeCertStatus(listener: CertStatusListener): () => void {\n certStatusListeners.add(listener);\n return () => certStatusListeners.delete(listener);\n}\n\nfunction emitCertStatusChange(): void {\n const summary = getCertStatusSummary();\n for (const listener of certStatusListeners) {\n try {\n listener(summary);\n } catch (err) {\n log.warn({ err, phase: 'cert_status_listener' }, 'Cert status listener failed');\n }\n }\n}\n\nexport function recordRenewalFailure(err: unknown): void {\n const errorMessage = err instanceof Error ? err.message : String(err);\n lastRenewalError = errorMessage;\n lastRenewalErrorAt = new Date().toISOString();\n log.error({ err, errorMessage, phase: 'cert_renewal' }, `Tunnel certificate renewal failed: ${errorMessage}`);\n emitCertStatusChange();\n}\n\nexport function clearRenewalFailure(): void {\n if (!lastRenewalError && !lastRenewalErrorAt) return;\n lastRenewalError = null;\n lastRenewalErrorAt = null;\n emitCertStatusChange();\n}\n\nfunction getCertDir(): string {\n const dir = join(resolveStateDir(), 'tunnel', 'cert');\n mkdirSync(dir, { recursive: true });\n return dir;\n}\n\nexport function loadStoredCert(): StoredCert | null {\n const metaPath = join(getCertDir(), 'cert-meta.json');\n if (!existsSync(metaPath)) return null;\n try {\n const meta = JSON.parse(readFileSync(metaPath, 'utf8')) as StoredCert;\n const certPath = join(getCertDir(), 'fullchain.pem');\n const keyPath = join(getCertDir(), 'privkey.pem');\n if (!existsSync(certPath) || !existsSync(keyPath)) return null;\n meta.certPem = readFileSync(certPath, 'utf8');\n meta.keyPem = readFileSync(keyPath, 'utf8');\n return meta;\n } catch {\n return null;\n }\n}\n\nexport function needsRenewal(cert: StoredCert): boolean {\n const days = (new Date(cert.expiresAt).getTime() - Date.now()) / 86_400_000;\n return days <= RENEWAL_THRESHOLD_DAYS;\n}\n\nfunction storedCertIsStaging(certPem: string): boolean {\n return certPem.includes('(STAGING)');\n}\n\nfunction storedCertMatchesAcmeConfig(existing: StoredCert, acmeConfig: AcmeConfig): boolean {\n const staging = acmeConfig.staging ?? false;\n return storedCertIsStaging(existing.certPem) === staging;\n}\n\nexport function saveCert(result: AcmeCertResult): void {\n const dir = getCertDir();\n writeFileSync(join(dir, 'fullchain.pem'), result.certPem, { mode: 0o644 });\n writeFileSync(join(dir, 'privkey.pem'), result.keyPem, { mode: 0o600 });\n writeFileSync(\n join(dir, 'cert-meta.json'),\n JSON.stringify({\n domain: result.domain,\n issuedAt: result.issuedAt.toISOString(),\n expiresAt: result.expiresAt.toISOString(),\n }),\n 'utf8',\n );\n log.info({ domain: result.domain, expiresAt: result.expiresAt.toISOString() }, 'Certificate saved');\n clearRenewalFailure();\n}\n\nexport async function ensureValidCert(acmeConfig: AcmeConfig): Promise<StoredCert> {\n const existing = loadStoredCert();\n const expectedDomain = `${acmeConfig.subdomain}.${acmeConfig.frpSubdomainHost}`;\n if (\n existing &&\n existing.domain === expectedDomain &&\n !needsRenewal(existing) &&\n storedCertMatchesAcmeConfig(existing, acmeConfig)\n ) {\n return existing;\n }\n\n if (existing && !storedCertMatchesAcmeConfig(existing, acmeConfig)) {\n log.info(\n { domain: existing.domain, staging: acmeConfig.staging ?? false },\n 'Certificate CA mode mismatch, re-issuing',\n );\n } else if (existing) {\n log.info({ domain: existing.domain }, 'Certificate expiring soon, renewing');\n } else {\n log.info({ subdomain: acmeConfig.subdomain }, 'No certificate, requesting new one');\n }\n\n try {\n const result = await requestCertificate(acmeConfig);\n saveCert(result);\n return {\n certPem: result.certPem,\n keyPem: result.keyPem,\n domain: result.domain,\n issuedAt: result.issuedAt.toISOString(),\n expiresAt: result.expiresAt.toISOString(),\n };\n } catch (err) {\n recordRenewalFailure(err);\n throw err;\n }\n}\n\nexport function startRenewalScheduler(acmeConfig: AcmeConfig, onRenewed: () => void): void {\n stopRenewalScheduler();\n renewalTimer = setInterval(() => {\n void (async () => {\n const cert = loadStoredCert();\n if (!cert || !needsRenewal(cert)) return;\n log.info({ domain: cert.domain }, 'Auto-renewing certificate');\n try {\n await ensureValidCert(acmeConfig);\n onRenewed();\n } catch {\n /* failure recorded in ensureValidCert */\n }\n })();\n }, RENEWAL_CHECK_INTERVAL_MS);\n}\n\nexport function stopRenewalScheduler(): void {\n if (renewalTimer) {\n clearInterval(renewalTimer);\n renewalTimer = null;\n }\n}\n\nexport function getCertStatusSummary(): {\n status: 'no_cert' | 'healthy' | 'expiring_soon' | 'critical' | 'renewal_failed';\n domain: string | null;\n issuedAt: string | null;\n expiresAt: string | null;\n daysUntilExpiry: number | null;\n autoRenewal: boolean;\n renewalFailed: boolean;\n lastRenewalError: string | null;\n lastRenewalErrorAt: string | null;\n} {\n const cert = loadStoredCert();\n if (!cert) {\n return {\n status: lastRenewalError ? 'renewal_failed' : 'no_cert',\n domain: null,\n issuedAt: null,\n expiresAt: null,\n daysUntilExpiry: null,\n autoRenewal: true,\n renewalFailed: Boolean(lastRenewalError),\n lastRenewalError,\n lastRenewalErrorAt,\n };\n }\n const daysUntilExpiry = Math.floor(\n (new Date(cert.expiresAt).getTime() - Date.now()) / 86_400_000,\n );\n let status: 'healthy' | 'expiring_soon' | 'critical' | 'renewal_failed' = 'healthy';\n if (lastRenewalError) status = 'renewal_failed';\n else if (daysUntilExpiry <= 7) status = 'critical';\n else if (daysUntilExpiry <= 30) status = 'expiring_soon';\n\n return {\n status,\n domain: cert.domain,\n issuedAt: cert.issuedAt,\n expiresAt: cert.expiresAt,\n daysUntilExpiry,\n autoRenewal: true,\n renewalFailed: Boolean(lastRenewalError),\n lastRenewalError,\n lastRenewalErrorAt,\n };\n}\n\n/** @internal */\nexport function stopRenewalSchedulerForTests(): void {\n stopRenewalScheduler();\n}\n\n/** @internal */\nexport function resetCertStoreStateForTests(): void {\n stopRenewalScheduler();\n lastRenewalError = null;\n lastRenewalErrorAt = null;\n certStatusListeners.clear();\n}\n"],"mappings":";;;;;;;;YAGqD;aACH;AAGlD,MAAM,MAAM,aAAa,aAAa;AAEtC,MAAM,yBAAyB;AAC/B,MAAM,4BAA4B,MAAU,KAAK;AAUjD,IAAI,eAAsD;AAC1D,IAAI,mBAAkC;AACtC,IAAI,qBAAoC;AAGxC,MAAM,sCAAsB,IAAI,KAAyB;AAEzD,SAAgB,oBAAoB,UAA0C;AAC5E,qBAAoB,IAAI,SAAS;AACjC,cAAa,oBAAoB,OAAO,SAAS;;AAGnD,SAAS,uBAA6B;CACpC,MAAM,UAAU,sBAAsB;AACtC,MAAK,MAAM,YAAY,oBACrB,KAAI;AACF,WAAS,QAAQ;UACV,KAAK;AACZ,MAAI,KAAK;GAAE;GAAK,OAAO;GAAwB,EAAE,8BAA8B;;;AAKrF,SAAgB,qBAAqB,KAAoB;CACvD,MAAM,eAAe,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AACrE,oBAAmB;AACnB,uCAAqB,IAAI,MAAM,EAAC,aAAa;AAC7C,KAAI,MAAM;EAAE;EAAK;EAAc,OAAO;EAAgB,EAAE,sCAAsC,eAAe;AAC7G,uBAAsB;;AAGxB,SAAgB,sBAA4B;AAC1C,KAAI,CAAC,oBAAoB,CAAC,mBAAoB;AAC9C,oBAAmB;AACnB,sBAAqB;AACrB,uBAAsB;;AAGxB,SAAS,aAAqB;CAC5B,MAAM,MAAM,KAAK,iBAAiB,EAAE,UAAU,OAAO;AACrD,WAAU,KAAK,EAAE,WAAW,MAAM,CAAC;AACnC,QAAO;;AAGT,SAAgB,iBAAoC;CAClD,MAAM,WAAW,KAAK,YAAY,EAAE,iBAAiB;AACrD,KAAI,CAAC,WAAW,SAAS,CAAE,QAAO;AAClC,KAAI;EACF,MAAM,OAAO,KAAK,MAAM,aAAa,UAAU,OAAO,CAAC;EACvD,MAAM,WAAW,KAAK,YAAY,EAAE,gBAAgB;EACpD,MAAM,UAAU,KAAK,YAAY,EAAE,cAAc;AACjD,MAAI,CAAC,WAAW,SAAS,IAAI,CAAC,WAAW,QAAQ,CAAE,QAAO;AAC1D,OAAK,UAAU,aAAa,UAAU,OAAO;AAC7C,OAAK,SAAS,aAAa,SAAS,OAAO;AAC3C,SAAO;SACD;AACN,SAAO;;;AAIX,SAAgB,aAAa,MAA2B;AAEtD,SADc,IAAI,KAAK,KAAK,UAAU,CAAC,SAAS,GAAG,KAAK,KAAK,IAAI,SAClD;;AAGjB,SAAS,oBAAoB,SAA0B;AACrD,QAAO,QAAQ,SAAS,YAAY;;AAGtC,SAAS,4BAA4B,UAAsB,YAAiC;CAC1F,MAAM,UAAU,WAAW,WAAW;AACtC,QAAO,oBAAoB,SAAS,QAAQ,KAAK;;AAGnD,SAAgB,SAAS,QAA8B;CACrD,MAAM,MAAM,YAAY;AACxB,eAAc,KAAK,KAAK,gBAAgB,EAAE,OAAO,SAAS,EAAE,MAAM,KAAO,CAAC;AAC1E,eAAc,KAAK,KAAK,cAAc,EAAE,OAAO,QAAQ,EAAE,MAAM,KAAO,CAAC;AACvE,eACE,KAAK,KAAK,iBAAiB,EAC3B,KAAK,UAAU;EACb,QAAQ,OAAO;EACf,UAAU,OAAO,SAAS,aAAa;EACvC,WAAW,OAAO,UAAU,aAAa;EAC1C,CAAC,EACF,OACD;AACD,KAAI,KAAK;EAAE,QAAQ,OAAO;EAAQ,WAAW,OAAO,UAAU,aAAa;EAAE,EAAE,oBAAoB;AACnG,sBAAqB;;AAGvB,eAAsB,gBAAgB,YAA6C;CACjF,MAAM,WAAW,gBAAgB;CACjC,MAAM,iBAAiB,GAAG,WAAW,UAAU,GAAG,WAAW;AAC7D,KACE,YACA,SAAS,WAAW,kBACpB,CAAC,aAAa,SAAS,IACvB,4BAA4B,UAAU,WAAW,CAEjD,QAAO;AAGT,KAAI,YAAY,CAAC,4BAA4B,UAAU,WAAW,CAChE,KAAI,KACF;EAAE,QAAQ,SAAS;EAAQ,SAAS,WAAW,WAAW;EAAO,EACjE,2CACD;UACQ,SACT,KAAI,KAAK,EAAE,QAAQ,SAAS,QAAQ,EAAE,sCAAsC;KAE5E,KAAI,KAAK,EAAE,WAAW,WAAW,WAAW,EAAE,qCAAqC;AAGrF,KAAI;EACF,MAAM,SAAS,MAAM,mBAAmB,WAAW;AACnD,WAAS,OAAO;AAChB,SAAO;GACL,SAAS,OAAO;GAChB,QAAQ,OAAO;GACf,QAAQ,OAAO;GACf,UAAU,OAAO,SAAS,aAAa;GACvC,WAAW,OAAO,UAAU,aAAa;GAC1C;UACM,KAAK;AACZ,uBAAqB,IAAI;AACzB,QAAM;;;AAIV,SAAgB,sBAAsB,YAAwB,WAA6B;AACzF,uBAAsB;AACtB,gBAAe,kBAAkB;AAC/B,GAAM,YAAY;GAChB,MAAM,OAAO,gBAAgB;AAC7B,OAAI,CAAC,QAAQ,CAAC,aAAa,KAAK,CAAE;AAClC,OAAI,KAAK,EAAE,QAAQ,KAAK,QAAQ,EAAE,4BAA4B;AAC9D,OAAI;AACF,UAAM,gBAAgB,WAAW;AACjC,eAAW;WACL;MAGN;IACH,0BAA0B;;AAG/B,SAAgB,uBAA6B;AAC3C,KAAI,cAAc;AAChB,gBAAc,aAAa;AAC3B,iBAAe;;;AAInB,SAAgB,uBAUd;CACA,MAAM,OAAO,gBAAgB;AAC7B,KAAI,CAAC,KACH,QAAO;EACL,QAAQ,mBAAmB,mBAAmB;EAC9C,QAAQ;EACR,UAAU;EACV,WAAW;EACX,iBAAiB;EACjB,aAAa;EACb,eAAe,QAAQ,iBAAiB;EACxC;EACA;EACD;CAEH,MAAM,kBAAkB,KAAK,OAC1B,IAAI,KAAK,KAAK,UAAU,CAAC,SAAS,GAAG,KAAK,KAAK,IAAI,MACrD;CACD,IAAI,SAAsE;AAC1E,KAAI,iBAAkB,UAAS;UACtB,mBAAmB,EAAG,UAAS;UAC/B,mBAAmB,GAAI,UAAS;AAEzC,QAAO;EACL;EACA,QAAQ,KAAK;EACb,UAAU,KAAK;EACf,WAAW,KAAK;EAChB;EACA,aAAa;EACb,eAAe,QAAQ,iBAAiB;EACxC;EACA;EACD;;;AAIH,SAAgB,+BAAqC;AACnD,uBAAsB;;;AAIxB,SAAgB,8BAAoC;AAClD,uBAAsB;AACtB,oBAAmB;AACnB,sBAAqB;AACrB,qBAAoB,OAAO"}

package/dist/src/tunnel/acme-client.d.ts DELETED Viewed

@@ -1,50 +0,0 @@
-import type { TunnelBrokerClient } from './broker-client.js';
-import type { TunnelAcmeProgressStep } from './tunnel-types.js';
-/** Public resolvers — LE validators use global DNS, not the host's stale cache. */
-export declare const ACME_DNS_RESOLVERS: readonly ["8.8.8.8", "1.1.1.1", "9.9.9.9"];
-export type AcmeDnsTxtProbe = {
-    resolver: string;
-    values: string[];
-    error?: string;
-};
-/** Query each public resolver independently (Node tries setServers in order — not sufficient for LE). */
-export declare function probeAcmeDnsTxtAllResolvers(fqdn: string): Promise<AcmeDnsTxtProbe[]>;
-export declare function allAcmeDnsResolversHaveTxt(probes: AcmeDnsTxtProbe[], expectedValue: string): boolean;
-export type AcmeConfig = {
-    broker: TunnelBrokerClient;
-    tunnelId: string;
-    tunnelToken: string;
-    subdomain: string;
-    frpSubdomainHost: string;
-    staging?: boolean;
-    onProgress?: (step: TunnelAcmeProgressStep) => void;
-};
-export type AcmeCertResult = {
-    certPem: string;
-    keyPem: string;
-    domain: string;
-    expiresAt: Date;
-    issuedAt: Date;
-};
-/** LE always validates `_acme-challenge.{domain}` (RFC 8555 §8.4). */
-export declare function resolveAcmeChallengeFqdn(domain: string): string;
-export declare function formatAcmeDnsChallengeInvalidError(fqdn: string, data: {
-    error?: {
-        detail?: string;
-        type?: string;
-    };
-    validationRecord?: unknown[];
-}): string;
-export declare function isRetryableAcmeDnsError(err: unknown): boolean;
-export type WaitForDnsTxtOptions = {
-    minPropagationMs?: number;
-    stableMs?: number;
-    timeoutMs?: number;
-    consensusRounds?: number;
-    pollIntervalMs?: number;
-    probe?: (fqdn: string) => Promise<AcmeDnsTxtProbe[]>;
-    sleep?: (ms: number) => Promise<void>;
-};
-/** Poll public resolvers until TXT is stable — no blind initial sleep. */
-export declare function waitForDnsTxtConsensus(fqdn: string, expectedValue: string, opts?: WaitForDnsTxtOptions): Promise<void>;
-export declare function requestCertificate(config: AcmeConfig): Promise<AcmeCertResult>;