fca-phantom 1.0.0

package/phantom/datastore/models/cipher/vault.js

@@ -0,0 +1,153 @@
+"use strict";
+
+const crypto = require("crypto");
+
+const SUPPORTED_ALGOS = {
+    "aes-256-gcm":   { keyLen: 32, ivLen: 12, tagLen: 16, aead: true },
+    "aes-192-gcm":   { keyLen: 24, ivLen: 12, tagLen: 16, aead: true },
+    "aes-128-gcm":   { keyLen: 16, ivLen: 12, tagLen: 16, aead: true },
+    "chacha20-poly1305": { keyLen: 32, ivLen: 12, tagLen: 16, aead: true },
+};
+
+class PhantomCipher {
+    constructor(algo = "aes-256-gcm") {
+        if (!SUPPORTED_ALGOS[algo]) throw new Error(`Unsupported algorithm: ${algo}`);
+        this._algo   = algo;
+        this._spec   = SUPPORTED_ALGOS[algo];
+        this._keyRing = new Map();
+        this._activeKeyID = null;
+    }
+
+    generateKey() {
+        return crypto.randomBytes(this._spec.keyLen);
+    }
+
+    generateKeyID() {
+        return crypto.randomBytes(8).toString("hex");
+    }
+
+    addKey(keyID, key) {
+        if (!Buffer.isBuffer(key) || key.length !== this._spec.keyLen) {
+            throw new Error(`Key must be ${this._spec.keyLen} bytes for ${this._algo}`);
+        }
+        this._keyRing.set(keyID, key);
+        if (!this._activeKeyID) this._activeKeyID = keyID;
+        return this;
+    }
+
+    setActiveKey(keyID) {
+        if (!this._keyRing.has(keyID)) throw new Error(`Key ${keyID} not found in keyring`);
+        this._activeKeyID = keyID;
+        return this;
+    }
+
+    rotateKey() {
+        const newID  = this.generateKeyID();
+        const newKey = this.generateKey();
+        this.addKey(newID, newKey);
+        this._activeKeyID = newID;
+        return { keyID: newID, key: newKey };
+    }
+
+    removeKey(keyID) {
+        if (keyID === this._activeKeyID) throw new Error("Cannot remove the active key");
+        this._keyRing.delete(keyID);
+    }
+
+    encrypt(plaintext, key = null) {
+        const k = key ?? (this._activeKeyID ? this._keyRing.get(this._activeKeyID) : null);
+        if (!k) throw new Error("No encryption key provided");
+        const buf    = typeof plaintext === "string" ? Buffer.from(plaintext, "utf8") : Buffer.from(JSON.stringify(plaintext));
+        const iv     = crypto.randomBytes(this._spec.ivLen);
+        const cipher = crypto.createCipheriv(this._algo, k, iv);
+        const enc    = Buffer.concat([cipher.update(buf), cipher.final()]);
+        const tag    = cipher.getAuthTag();
+        const payload = {
+            v:    1,
+            alg:  this._algo,
+            kid:  this._activeKeyID,
+            data: Buffer.concat([iv, tag, enc]).toString("base64url"),
+        };
+        return Buffer.from(JSON.stringify(payload)).toString("base64url");
+    }
+
+    decrypt(token, key = null) {
+        let payload;
+        try {
+            payload = JSON.parse(Buffer.from(token, "base64url").toString("utf8"));
+        } catch (_) {
+            payload = { v: 0, alg: this._algo, data: token };
+        }
+        const k = key ?? (payload.kid ? this._keyRing.get(payload.kid) : null) ??
+                  (this._activeKeyID ? this._keyRing.get(this._activeKeyID) : null);
+        if (!k) throw new Error("No decryption key available");
+        const algo = payload.alg || this._algo;
+        const spec = SUPPORTED_ALGOS[algo] || this._spec;
+        const buf  = Buffer.from(payload.data, "base64url");
+        const iv   = buf.slice(0, spec.ivLen);
+        const tag  = buf.slice(spec.ivLen, spec.ivLen + spec.tagLen);
+        const enc  = buf.slice(spec.ivLen + spec.tagLen);
+        const decipher = crypto.createDecipheriv(algo, k, iv);
+        decipher.setAuthTag(tag);
+        const plain = Buffer.concat([decipher.update(enc), decipher.final()]).toString("utf8");
+        try { return JSON.parse(plain); } catch (_) { return plain; }
+    }
+
+    deriveKey(passphrase, salt = null) {
+        const s   = salt instanceof Buffer ? salt : (salt ? Buffer.from(salt, "hex") : crypto.randomBytes(32));
+        const key = crypto.scryptSync(passphrase, s, this._spec.keyLen, { N: 32768, r: 8, p: 1 });
+        return { key, salt: s.toString("hex") };
+    }
+
+    hash(data, algo = "sha256", encoding = "hex") {
+        return crypto.createHash(algo).update(data).digest(encoding);
+    }
+
+    hmac(data, key, algo = "sha256", encoding = "hex") {
+        return crypto.createHmac(algo, key).update(data).digest(encoding);
+    }
+
+    sign(data, privateKeyOrSecret) {
+        const payload  = typeof data === "string" ? data : JSON.stringify(data);
+        const ts       = Date.now();
+        const toSign   = `${ts}.${payload}`;
+        const sig      = this.hmac(toSign, privateKeyOrSecret, "sha256", "base64url");
+        return `${Buffer.from(toSign).toString("base64url")}.${sig}`;
+    }
+
+    verify(token, secretOrKey, maxAgeMs = 0) {
+        try {
+            const parts     = token.split(".");
+            if (parts.length < 2) return { valid: false, reason: "malformed_token" };
+            const sig       = parts.pop();
+            const raw       = parts.join(".");
+            const decoded   = Buffer.from(raw, "base64url").toString("utf8");
+            const dot       = decoded.indexOf(".");
+            const ts        = parseInt(decoded.slice(0, dot), 10);
+            const payload   = decoded.slice(dot + 1);
+            const expected  = this.hmac(decoded, secretOrKey, "sha256", "base64url");
+            const valid     = crypto.timingSafeEqual(Buffer.from(sig), Buffer.from(expected));
+            if (!valid) return { valid: false, reason: "invalid_signature" };
+            if (maxAgeMs > 0 && Date.now() - ts > maxAgeMs) return { valid: false, reason: "token_expired" };
+            try { return { valid: true, data: JSON.parse(payload), ts }; }
+            catch (_) { return { valid: true, data: payload, ts }; }
+        } catch (_) {
+            return { valid: false, reason: "verification_error" };
+        }
+    }
+
+    randomBytes(n = 32) { return crypto.randomBytes(n); }
+    randomHex(n = 32)   { return crypto.randomBytes(n).toString("hex"); }
+    randomBase64(n = 32){ return crypto.randomBytes(n).toString("base64url"); }
+
+    secureCompare(a, b) {
+        const ba = Buffer.from(String(a));
+        const bb = Buffer.from(String(b));
+        if (ba.length !== bb.length) return false;
+        return crypto.timingSafeEqual(ba, bb);
+    }
+}
+
+const globalCipher = new PhantomCipher("aes-256-gcm");
+
+module.exports = { PhantomCipher, globalCipher, SUPPORTED_ALGOS };

package/phantom/datastore/models/index.js

@@ -0,0 +1,3 @@
+"use strict";
+async function syncAll() { return true; }
+module.exports = { ...require("../schema"), syncAll };

package/phantom/datastore/models/matrix/auth.js

@@ -0,0 +1,151 @@
+"use strict";
+
+const crypto = require("crypto");
+
+const REGION_MAP = new Map([
+    ["PRN", { code: "PRN", name: "Pacific Northwest",    dc: "sjc" }],
+    ["VLL", { code: "VLL", name: "Valley Region",        dc: "sjc" }],
+    ["ASH", { code: "ASH", name: "Ashburn",              dc: "iad" }],
+    ["DFW", { code: "DFW", name: "Dallas / Fort Worth",  dc: "dfw" }],
+    ["LLA", { code: "LLA", name: "Los Angeles",          dc: "lax" }],
+    ["FRA", { code: "FRA", name: "Frankfurt",            dc: "fra" }],
+    ["SIN", { code: "SIN", name: "Singapore",            dc: "sin" }],
+    ["NRT", { code: "NRT", name: "Tokyo",                dc: "nrt" }],
+    ["HKG", { code: "HKG", name: "Hong Kong",            dc: "hkg" }],
+    ["SYD", { code: "SYD", name: "Sydney",               dc: "syd" }],
+    ["PNB", { code: "PNB", name: "Pacific Northwest Beta",dc: "sjc2"}],
+    ["AMS", { code: "AMS", name: "Amsterdam",            dc: "ams" }],
+    ["CDG", { code: "CDG", name: "Paris",                dc: "cdg" }],
+    ["GRU", { code: "GRU", name: "Sao Paulo",            dc: "gru" }],
+    ["BOM", { code: "BOM", name: "Mumbai",               dc: "bom" }],
+    ["ICN", { code: "ICN", name: "Seoul",                dc: "icn" }],
+    ["JNB", { code: "JNB", name: "Johannesburg",         dc: "jnb" }],
+    ["MEL", { code: "MEL", name: "Melbourne",            dc: "mel" }],
+    ["ORD", { code: "ORD", name: "Chicago",              dc: "ord" }],
+    ["MIA", { code: "MIA", name: "Miami",                dc: "mia" }],
+]);
+
+function parseRegion(html) {
+    try {
+        for (const pattern of [
+            /"endpoint":"([^"]+)"/,
+            /endpoint\\":\\"([^\\"]+)\\"/,
+            /"mqttEndpoint":"([^"]+)"/,
+            /"chat_endpoint":"([^"]+)"/,
+        ]) {
+            const m = html.match(pattern);
+            if (!m) continue;
+            const raw = m[1].replace(/\\\//g, "/");
+            try {
+                const url  = new URL(raw);
+                const code = url.searchParams.get("region")?.toUpperCase();
+                if (code && REGION_MAP.has(code)) return code;
+            } catch (_) {}
+        }
+    } catch (_) {}
+    return "PRN";
+}
+
+function getRegionInfo(code) { return REGION_MAP.get(code?.toUpperCase()) || null; }
+function getAllRegions()      { return [...REGION_MAP.values()]; }
+function isValidRegion(code) { return REGION_MAP.has(code?.toUpperCase()); }
+
+function _base32Decode(secret) {
+    const alpha   = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    const cleaned = secret.replace(/\s+/g, "").toUpperCase().replace(/=+$/, "");
+    let   bits    = "";
+    for (const c of cleaned) {
+        const v = alpha.indexOf(c);
+        if (v === -1) continue;
+        bits += v.toString(2).padStart(5, "0");
+    }
+    const bytes = [];
+    for (let i = 0; i + 8 <= bits.length; i += 8) {
+        bytes.push(parseInt(bits.substr(i, 8), 2));
+    }
+    return Buffer.from(bytes);
+}
+
+function _computeHotp(key, counter) {
+    const buf = Buffer.alloc(8);
+    buf.writeBigUInt64BE(BigInt(counter));
+    const digest = crypto.createHmac("sha1", key).update(buf).digest();
+    const offset = digest[digest.length - 1] & 0x0f;
+    const code   = (
+        ((digest[offset]     & 0x7f) << 24) |
+        ((digest[offset + 1] & 0xff) << 16) |
+        ((digest[offset + 2] & 0xff) <<  8) |
+         (digest[offset + 3] & 0xff)
+    ) % 1_000_000;
+    return code.toString().padStart(6, "0");
+}
+
+async function genTotp(secret, opts = {}) {
+    const cleaned = String(secret || "").replace(/\s+/g, "").toUpperCase();
+    if (!cleaned) throw new Error("TOTP secret is empty");
+
+    const period    = opts.period    || 30;
+    const algorithm = opts.algorithm || "SHA1";
+    const digits    = opts.digits    || 6;
+
+    try {
+        const gen = require("totp-generator");
+        if (typeof gen?.TOTP?.generate === "function") {
+            const r = await gen.TOTP.generate(cleaned, { period, algorithm, digits });
+            return typeof r === "object" ? r.otp : String(r);
+        }
+        const code = gen(cleaned, { period, algorithm, digits });
+        return String(code);
+    } catch (_) {
+        const key     = _base32Decode(cleaned);
+        const counter = Math.floor(Date.now() / 1000 / period);
+        return _computeHotp(key, counter);
+    }
+}
+
+function getTotpRemainingSeconds(period = 30) {
+    return period - (Math.floor(Date.now() / 1000) % period);
+}
+
+function validateCredentials(creds) {
+    const errors = [];
+    if (!creds || typeof creds !== "object") return { valid: false, errors: ["Credentials must be an object"] };
+    if (!creds.appState && !creds.email && !creds.password) {
+        errors.push("Must provide appState cookies or email+password");
+    }
+    if (creds.email && !creds.password) errors.push("password is required with email");
+    if (creds.password && !creds.email) errors.push("email is required with password");
+    if (creds.totpSecret && typeof creds.totpSecret !== "string") errors.push("totpSecret must be a string");
+    return { valid: errors.length === 0, errors };
+}
+
+function validateCookieArray(arr) {
+    if (!Array.isArray(arr)) return false;
+    const required = ["c_user", "xs"];
+    const names    = arr.map(c => c.name || c.key).filter(Boolean);
+    return required.every(k => names.includes(k));
+}
+
+function parseCookieString(str) {
+    if (!str || typeof str !== "string") return [];
+    return str.split(/;\s*/)
+        .map(p => {
+            const eq = p.indexOf("=");
+            if (eq === -1) return null;
+            return { name: p.slice(0, eq).trim(), value: p.slice(eq + 1).trim() };
+        })
+        .filter(Boolean);
+}
+
+module.exports = {
+    REGION_MAP,
+    parseRegion,
+    genTotp,
+    getTotpRemainingSeconds,
+    getRegionInfo,
+    getAllRegions,
+    isValidRegion,
+    validateCredentials,
+    validateCookieArray,
+    parseCookieString,
+};

package/phantom/datastore/models/matrix/cache.js

@@ -0,0 +1,3 @@
+"use strict";
+const { globalCache, globalStore, SessionCache, DataCache } = require("./store");
+module.exports = { globalCache, DataCache, SessionCache };

package/phantom/datastore/models/matrix/checker.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./validator");

package/phantom/datastore/models/matrix/clients.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./response");

package/phantom/datastore/models/matrix/constants.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./logger");

package/phantom/datastore/models/matrix/credentials.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./auth");

package/phantom/datastore/models/matrix/cycle.js

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./heartbeat");

package/phantom/datastore/models/matrix/gate.js

@@ -0,0 +1,282 @@
+"use strict";
+
+const TOKEN_BUCKET_REFILL_MS = 1000;
+
+class TokenBucket {
+    constructor(capacity, refillRate) {
+        this._capacity   = capacity;
+        this._tokens     = capacity;
+        this._refillRate = refillRate;
+        this._lastRefill = Date.now();
+    }
+
+    _refill() {
+        const now     = Date.now();
+        const elapsed = (now - this._lastRefill) / TOKEN_BUCKET_REFILL_MS;
+        this._tokens  = Math.min(this._capacity, this._tokens + elapsed * this._refillRate);
+        this._lastRefill = now;
+    }
+
+    consume(n = 1) {
+        this._refill();
+        if (this._tokens < n) return false;
+        this._tokens -= n;
+        return true;
+    }
+
+    available() { this._refill(); return this._tokens; }
+    remaining() { return Math.max(0, Math.floor(this.available())); }
+}
+
+const ACTION_COSTS = {
+    sendMessage:        2,
+    sendFile:           3,
+    sendImage:          3,
+    react:              1,
+    markRead:           1,
+    getThread:          1,
+    getThreadList:      2,
+    getUserInfo:        1,
+    getThreadHistory:   2,
+    search:             2,
+    graphql:            3,
+    default:            1,
+};
+
+class TrafficGate {
+    constructor() {
+        this._threadCooldown    = new Map();
+        this._endpointCooldown  = new Map();
+        this._errorLog          = new Map();
+        this._endpointHealth    = new Map();
+        this._priorityQueue     = [];
+        this._processing        = false;
+
+        this.ERROR_LOG_TTL            = 300_000;
+        this.COOLDOWN_DURATION        = 60_000;
+        this.MAX_REQUESTS_PER_MINUTE  = 90;
+        this.MAX_CONCURRENT_REQUESTS  = 10;
+        this.MAX_PER_ENDPOINT_MINUTE  = 35;
+
+        this._active    = 0;
+        this._window    = [];
+        this._WINDOW_MS = 60_000;
+        this._epWindows = new Map();
+        this._cdCache   = new Map();
+        this._CD_TTL    = 400;
+
+        this._errorRate  = 0;
+        this._totalReqs  = 0;
+        this._totalErrors= 0;
+        this._adaptTimer = setInterval(() => this._adaptLimits(), 30_000);
+        try { this._adaptTimer.unref(); } catch (_) {}
+
+        this._globalBucket = new TokenBucket(this.MAX_REQUESTS_PER_MINUTE, this.MAX_REQUESTS_PER_MINUTE / 60);
+    }
+
+    _adaptLimits() {
+        if (this._totalReqs < 10) return;
+        const errRate = this._totalErrors / this._totalReqs;
+        if (errRate > 0.2) {
+            this.MAX_CONCURRENT_REQUESTS  = Math.max(2, this.MAX_CONCURRENT_REQUESTS - 2);
+            this.MAX_REQUESTS_PER_MINUTE  = Math.max(20, this.MAX_REQUESTS_PER_MINUTE - 10);
+        } else if (errRate < 0.02 && this._totalReqs > 30) {
+            this.MAX_CONCURRENT_REQUESTS  = Math.min(20, this.MAX_CONCURRENT_REQUESTS + 1);
+            this.MAX_REQUESTS_PER_MINUTE  = Math.min(120, this.MAX_REQUESTS_PER_MINUTE + 5);
+        }
+        this._errorRate   = errRate;
+        this._totalReqs   = 0;
+        this._totalErrors = 0;
+    }
+
+    recordRequest(ok = true) {
+        this._totalReqs++;
+        if (!ok) this._totalErrors++;
+    }
+
+    configure(opts = {}) {
+        if (typeof opts.maxConcurrentRequests === "number" && opts.maxConcurrentRequests > 0)
+            this.MAX_CONCURRENT_REQUESTS = Math.floor(opts.maxConcurrentRequests);
+        if (typeof opts.maxRequestsPerMinute === "number" && opts.maxRequestsPerMinute > 0)
+            this.MAX_REQUESTS_PER_MINUTE = Math.floor(opts.maxRequestsPerMinute);
+        if (typeof opts.requestCooldownMs === "number" && opts.requestCooldownMs >= 0)
+            this.COOLDOWN_DURATION = Math.floor(opts.requestCooldownMs);
+        if (typeof opts.errorCacheTtlMs === "number" && opts.errorCacheTtlMs >= 0)
+            this.ERROR_LOG_TTL = Math.floor(opts.errorCacheTtlMs);
+    }
+
+    _pruneWindow(arr) {
+        const cutoff = Date.now() - this._WINDOW_MS;
+        let lo = 0, hi = arr.length;
+        while (lo < hi) {
+            const mid = (lo + hi) >> 1;
+            arr[mid] < cutoff ? (lo = mid + 1) : (hi = mid);
+        }
+        if (lo > 0) arr.splice(0, lo);
+        return arr.length;
+    }
+
+    _isCooldown(map, key) {
+        const now = Date.now();
+        const ck  = String(key);
+        const hit = this._cdCache.get(ck);
+        if (hit && now - hit.ts < this._CD_TTL) return hit.v;
+        const end = map.get(key);
+        let v = false;
+        if (!end) v = false;
+        else if (now >= end) { map.delete(key); v = false; }
+        else v = true;
+        this._cdCache.set(ck, { ts: now, v });
+        return v;
+    }
+
+    isThreadOnCooldown(tid)      { return this._isCooldown(this._threadCooldown, tid); }
+    isEndpointOnCooldown(ep)     { return this._isCooldown(this._endpointCooldown, ep); }
+
+    setThreadCooldown(tid, ms) {
+        this._threadCooldown.set(tid, Date.now() + (ms || this.COOLDOWN_DURATION));
+        this._cdCache.delete(String(tid));
+    }
+
+    setEndpointCooldown(ep, ms) {
+        this._endpointCooldown.set(ep, Date.now() + (ms || this.COOLDOWN_DURATION));
+        this._cdCache.delete(String(ep));
+        this._updateEndpointHealth(ep, false);
+    }
+
+    _updateEndpointHealth(ep, ok) {
+        const h = this._endpointHealth.get(ep) || { ok: 0, fail: 0, score: 100 };
+        ok ? h.ok++ : h.fail++;
+        const total = h.ok + h.fail;
+        h.score = total > 0 ? Math.round((h.ok / total) * 100) : 100;
+        this._endpointHealth.set(ep, h);
+    }
+
+    getEndpointHealth(ep) { return this._endpointHealth.get(ep)?.score ?? 100; }
+
+    shouldSuppressError(key) {
+        const t = this._errorLog.get(key);
+        if (!t || Date.now() - t > this.ERROR_LOG_TTL) {
+            this._errorLog.set(key, Date.now());
+            return false;
+        }
+        return true;
+    }
+
+    isGloballyThrottled() {
+        return this._pruneWindow(this._window) >= this.MAX_REQUESTS_PER_MINUTE ||
+               !this._globalBucket.consume(0.01);
+    }
+
+    isEndpointThrottled(ep) {
+        if (!this._epWindows.has(ep)) return false;
+        return this._pruneWindow(this._epWindows.get(ep)) >= this.MAX_PER_ENDPOINT_MINUTE;
+    }
+
+    _record(ep) {
+        const now = Date.now();
+        this._window.push(now);
+        if (this._window.length > this.MAX_REQUESTS_PER_MINUTE * 3) this._pruneWindow(this._window);
+        if (ep) {
+            if (!this._epWindows.has(ep)) this._epWindows.set(ep, []);
+            const w = this._epWindows.get(ep);
+            w.push(now);
+            if (w.length > this.MAX_PER_ENDPOINT_MINUTE * 3) this._pruneWindow(w);
+        }
+    }
+
+    getAdaptiveDelay(retry, errorCode = null) {
+        const bases = [600, 1500, 3500, 7000, 15_000];
+        const base  = bases[Math.min(retry, bases.length - 1)];
+        const jitter = Math.floor(Math.random() * 500);
+        let   mult  = 1;
+        if (errorCode === 1545012 || errorCode === 1675004) mult = 2;
+        else if (errorCode === 368 || errorCode === 10)     mult = 3;
+        else if (this._errorRate > 0.1)                     mult = 1.5;
+        return Math.floor(base * mult) + jitter;
+    }
+
+    async addHumanDelay(min = 60, max = 280) {
+        const ms = Math.floor(Math.random() * (max - min + 1)) + min;
+        await new Promise(r => setTimeout(r, ms));
+    }
+
+    getActionCost(action) {
+        return ACTION_COSTS[action] || ACTION_COSTS.default;
+    }
+
+    async checkRateLimit(skipDelay = false, ep = null, action = null) {
+        const cost = action ? this.getActionCost(action) : 1;
+
+        const canProceed = () =>
+            this._active < this.MAX_CONCURRENT_REQUESTS &&
+            !this.isGloballyThrottled() &&
+            !(ep && this.isEndpointThrottled(ep)) &&
+            this._globalBucket.consume(cost);
+
+        if (canProceed()) {
+            if (!skipDelay) await this.addHumanDelay();
+            this._active++;
+            this._record(ep);
+            return () => { this._active = Math.max(0, this._active - 1); };
+        }
+
+        let waited = 0;
+        while (!canProceed() && waited < 120_000) {
+            const pause = this._active >= this.MAX_CONCURRENT_REQUESTS ? 30 : 500;
+            await new Promise(r => setTimeout(r, pause));
+            waited += pause;
+        }
+
+        if (!skipDelay) await this.addHumanDelay();
+        this._active++;
+        this._record(ep);
+        return () => { this._active = Math.max(0, this._active - 1); };
+    }
+
+    getRemainingCooldown(key) {
+        const t = this._threadCooldown.get(key) || this._endpointCooldown.get(key);
+        return t ? Math.max(0, t - Date.now()) : 0;
+    }
+
+    cleanup() {
+        const now = Date.now();
+        for (const [k, t] of this._errorLog)       if (now - t > this.ERROR_LOG_TTL)   this._errorLog.delete(k);
+        for (const [k, t] of this._threadCooldown) if (now >= t)                        this._threadCooldown.delete(k);
+        for (const [k, t] of this._endpointCooldown) if (now >= t)                     this._endpointCooldown.delete(k);
+        for (const [k, w] of this._epWindows)      { this._pruneWindow(w); if (!w.length) this._epWindows.delete(k); }
+        this._pruneWindow(this._window);
+        this._cdCache.clear();
+    }
+
+    getStats() {
+        this._pruneWindow(this._window);
+        return {
+            active:             this._active,
+            maxConcurrent:      this.MAX_CONCURRENT_REQUESTS,
+            maxPerMinute:       this.MAX_REQUESTS_PER_MINUTE,
+            requestsLastMinute: this._window.length,
+            threadCooldowns:    this._threadCooldown.size,
+            endpointCooldowns:  this._endpointCooldown.size,
+            suppressedErrors:   this._errorLog.size,
+            tokenBucketTokens:  this._globalBucket.remaining(),
+            adaptedErrorRate:   (this._errorRate * 100).toFixed(1) + "%",
+        };
+    }
+
+    destroy() {
+        clearInterval(this._adaptTimer);
+    }
+}
+
+const globalGate = new TrafficGate();
+setInterval(() => globalGate.cleanup(), 60_000).unref?.();
+
+module.exports = {
+    TrafficGate,
+    TokenBucket,
+    globalRateLimiter:    globalGate,
+    globalGate,
+    configureRateLimiter: (opts) => globalGate.configure(opts),
+    getRateLimiterStats:  ()     => globalGate.getStats(),
+};