fifony 0.1.47 → 0.1.48

package/dist/chunk-7R7XFXJM.js

@@ -0,0 +1,1247 @@
+import {
+  isProcessAlive
+} from "./chunk-3NE23NYW.js";
+import {
+  STATE_ROOT,
+  init_constants
+} from "./chunk-X37RNTWU.js";
+import {
+  logger
+} from "./chunk-PXTIWKLQ.js";
+
+// src/persistence/plugins/reverse-proxy-manager.ts
+init_constants();
+import {
+  closeSync,
+  existsSync as existsSync2,
+  mkdirSync as mkdirSync2,
+  openSync,
+  readSync,
+  readFileSync as readFileSync2,
+  rmSync as rmSync2,
+  statSync,
+  writeFileSync as writeFileSync2
+} from "fs";
+import { spawn } from "child_process";
+import { fileURLToPath } from "url";
+import { dirname, join as join2, resolve } from "path";
+
+// src/persistence/plugins/reverse-proxy-runtime.ts
+init_constants();
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  rmSync,
+  unlinkSync,
+  writeFileSync
+} from "fs";
+import { createServer } from "http";
+import { join } from "path";
+import { createSign, generateKeyPairSync } from "crypto";
+
+// src/domains/traffic-proxy.ts
+var TrafficRingBuffer = class {
+  constructor(capacity = 1e3) {
+    this.capacity = capacity;
+    this.buf = new Array(capacity);
+  }
+  buf;
+  head = 0;
+  count = 0;
+  push(entry) {
+    this.buf[this.head] = entry;
+    this.head = (this.head + 1) % this.capacity;
+    if (this.count < this.capacity) this.count++;
+  }
+  getAll() {
+    if (this.count === 0) return [];
+    if (this.count < this.capacity) return this.buf.slice(0, this.count);
+    return [...this.buf.slice(this.head), ...this.buf.slice(0, this.head)];
+  }
+  getRecent(n) {
+    const all = this.getAll();
+    return n >= all.length ? all : all.slice(-n);
+  }
+  clear() {
+    this.head = 0;
+    this.count = 0;
+  }
+  get size() {
+    return this.count;
+  }
+};
+function resolveTargetService(url, services) {
+  try {
+    const parsed = new URL(url);
+    const port = Number(parsed.port || (parsed.protocol === "https:" ? 443 : 80));
+    const match = services.find((s) => s.port === port);
+    return match?.id ?? null;
+  } catch {
+    return null;
+  }
+}
+function buildProxyEnvVars(proxyPort, serviceId, dashboardPort, extraNoPorts = []) {
+  const proxyUrl = `http://${encodeURIComponent(serviceId)}:fifony@localhost:${proxyPort}`;
+  const noProxyList = [`localhost:${dashboardPort}`, ...extraNoPorts.map((p) => `localhost:${p}`)].join(",");
+  return {
+    HTTP_PROXY: proxyUrl,
+    http_proxy: proxyUrl,
+    NO_PROXY: noProxyList,
+    no_proxy: noProxyList
+  };
+}
+var entrySeq = 0;
+function buildTrafficEntry(method, url, requestSize, statusCode, responseSize, sourceServiceId, targetServiceId, startTime, error) {
+  let path;
+  try {
+    path = new URL(url).pathname;
+  } catch {
+    path = url;
+  }
+  const protocol = (() => {
+    try {
+      return new URL(url).protocol.replace(":", "").toLowerCase();
+    } catch {
+      if (/^https:\/\//i.test(url)) return "https";
+      if (/^wss:\/\//i.test(url)) return "wss";
+      if (/^ws:\/\//i.test(url)) return "ws";
+      if (/^http:\/\//i.test(url)) return "http";
+      if (/^tcp:\/\//i.test(url)) return "tcp";
+      return "unknown";
+    }
+  })();
+  return {
+    id: `tr_${Date.now()}_${++entrySeq}`,
+    sourceServiceId,
+    targetServiceId,
+    method,
+    protocol,
+    url,
+    path,
+    statusCode,
+    requestSize,
+    responseSize,
+    startedAt: new Date(startTime).toISOString(),
+    durationMs: Date.now() - startTime,
+    error
+  };
+}
+
+// src/domains/raffel-telemetry.ts
+async function loadCreateProxyTelemetry() {
+  const raffel = await import("raffel");
+  const publicFactory = raffel.createProxyTelemetry;
+  if (typeof publicFactory === "function") {
+    return publicFactory;
+  }
+  const internal = await import("./telemetry-KVUFHDQS.js");
+  const internalFactory = internal.createProxyTelemetry;
+  if (typeof internalFactory === "function") {
+    return internalFactory;
+  }
+  throw new Error("Raffel proxy telemetry factory is unavailable.");
+}
+async function createRaffelProxyTelemetry(config) {
+  const factory = await loadCreateProxyTelemetry();
+  return factory(config);
+}
+
+// src/persistence/plugins/reverse-proxy-runtime.ts
+var reverseProxy = null;
+var meshProxy = null;
+var meshBuffer = null;
+var meshTelemetryUnsubscribe = null;
+var meshTelemetryEvents = [];
+var meshTelemetryCollector = null;
+var meshExpireTimer = null;
+var MAX_MESH_TELEMETRY_EVENTS = 2e3;
+var MESH_EXPIRE_INTERVAL_MS = 30 * 1e3;
+var NETWORK_RUNTIME_ID = "reverse-proxy";
+var RUNTIME_CONFIG_PATH = join(STATE_ROOT, `service-${NETWORK_RUNTIME_ID}.runtime.json`);
+var RUNTIME_PID_PATH = join(STATE_ROOT, `service-${NETWORK_RUNTIME_ID}.pid`);
+function writeRuntimePidInfo(info) {
+  writeFileSync(RUNTIME_PID_PATH, JSON.stringify(info));
+}
+function removeRuntimePidInfo() {
+  try {
+    rmSync(RUNTIME_PID_PATH, { force: true });
+  } catch {
+  }
+}
+function removeRuntimeConfig() {
+  try {
+    rmSync(RUNTIME_CONFIG_PATH, { force: true });
+  } catch {
+  }
+}
+function derLen(n) {
+  if (n < 128) return Buffer.from([n]);
+  const bytes = [];
+  let tmp = n;
+  while (tmp > 0) {
+    bytes.unshift(tmp & 255);
+    tmp >>= 8;
+  }
+  return Buffer.from([128 | bytes.length, ...bytes]);
+}
+function tlv(tag, value) {
+  return Buffer.concat([Buffer.from([tag]), derLen(value.length), value]);
+}
+function encodeOID(oidStr) {
+  const parts = oidStr.split(".").map(Number);
+  const body = [parts[0] * 40 + parts[1]];
+  for (let i = 2; i < parts.length; i++) {
+    let v = parts[i];
+    const chunk = [];
+    chunk.push(v & 127);
+    v >>= 7;
+    while (v > 0) {
+      chunk.unshift(v & 127 | 128);
+      v >>= 7;
+    }
+    body.push(...chunk);
+  }
+  return tlv(6, Buffer.from(body));
+}
+function algId(oidStr) {
+  return tlv(48, Buffer.concat([encodeOID(oidStr), tlv(5, Buffer.alloc(0))]));
+}
+function encodeRDN(attrOid, value) {
+  return tlv(49, tlv(48, Buffer.concat([encodeOID(attrOid), tlv(12, Buffer.from(value, "utf8"))])));
+}
+function encodeName(components) {
+  return tlv(48, Buffer.concat(components.map(([oid, v]) => encodeRDN(oid, v))));
+}
+function encodeUTCTime(d) {
+  const p = (n) => String(n).padStart(2, "0");
+  const s = `${String(d.getUTCFullYear()).slice(-2)}${p(d.getUTCMonth() + 1)}${p(d.getUTCDate())}${p(d.getUTCHours())}${p(d.getUTCMinutes())}${p(d.getUTCSeconds())}Z`;
+  return tlv(23, Buffer.from(s, "ascii"));
+}
+function encodeExtension(extOid, critical, extValueDer) {
+  const parts = [encodeOID(extOid)];
+  if (critical) parts.push(tlv(1, Buffer.from([255])));
+  parts.push(tlv(4, extValueDer));
+  return tlv(48, Buffer.concat(parts));
+}
+function encodeSAN(hosts) {
+  const names = hosts.map(
+    (h) => /^\d+\.\d+\.\d+\.\d+$/.test(h) ? tlv(135, Buffer.from(h.split(".").map(Number))) : tlv(130, Buffer.from(h, "ascii"))
+  );
+  return encodeExtension("2.5.29.17", false, tlv(48, Buffer.concat(names)));
+}
+function encodeBasicConstraints() {
+  return encodeExtension("2.5.29.19", true, tlv(48, Buffer.alloc(0)));
+}
+function posInt(bytes) {
+  return bytes.length > 0 && bytes[0] & 128 ? Buffer.concat([Buffer.from([0]), bytes]) : bytes;
+}
+function toPEM(der, label) {
+  const lines = der.toString("base64").match(/.{1,64}/g) ?? [];
+  return `-----BEGIN ${label}-----
+${lines.join("\n")}
+-----END ${label}-----
+`;
+}
+var SHA256_WITH_RSA = "1.2.840.113549.1.1.11";
+var OID_CN = "2.5.4.3";
+async function generateMultiSanCert(hosts) {
+  const { getDefaultCA } = await import("raffel");
+  const ca = getDefaultCA();
+  const { privateKey, publicKey } = generateKeyPairSync("rsa", { modulusLength: 2048 });
+  const privateKeyPem = privateKey.export({ type: "pkcs8", format: "pem" });
+  const spkiDer = publicKey.export({ type: "spki", format: "der" });
+  const { X509Certificate } = await import("crypto");
+  let caIssuerName;
+  try {
+    const x509 = new X509Certificate(ca.cert);
+    const cnMatch = x509.subject.match(/CN=([^\n,/]+)/);
+    const cn = cnMatch?.[1]?.trim() ?? "Spark Local CA";
+    caIssuerName = encodeName([[OID_CN, cn]]);
+  } catch {
+    caIssuerName = encodeName([[OID_CN, "Spark Local CA"]]);
+  }
+  const now = /* @__PURE__ */ new Date();
+  const notAfter = new Date(now.getTime() + 825 * 24 * 60 * 60 * 1e3);
+  const sigAlg = algId(SHA256_WITH_RSA);
+  const serialBytes = Buffer.from(Array.from({ length: 16 }, () => Math.floor(Math.random() * 256)));
+  serialBytes[0] = serialBytes[0] & 127;
+  const version = tlv(160, tlv(2, Buffer.from([2])));
+  const serial = tlv(2, posInt(serialBytes));
+  const validity = tlv(48, Buffer.concat([encodeUTCTime(now), encodeUTCTime(notAfter)]));
+  const subjectName = encodeName([[OID_CN, hosts[0]]]);
+  const exts = tlv(163, tlv(48, Buffer.concat([encodeBasicConstraints(), encodeSAN(hosts)])));
+  const tbs = tlv(48, Buffer.concat([
+    version,
+    serial,
+    sigAlg,
+    caIssuerName,
+    validity,
+    subjectName,
+    spkiDer,
+    exts
+  ]));
+  const signer = createSign("SHA256");
+  signer.update(tbs);
+  const sig = signer.sign(ca.key);
+  const certDer = tlv(48, Buffer.concat([
+    tbs,
+    sigAlg,
+    tlv(3, Buffer.concat([Buffer.from([0]), sig]))
+  ]));
+  return { key: privateKeyPem, cert: toPEM(certDer, "CERTIFICATE"), ca: ca.cert };
+}
+var TLS_DIR = join(STATE_ROOT, "tls");
+var KEY_PATH = join(TLS_DIR, "key.pem");
+var CERT_PATH = join(TLS_DIR, "cert.pem");
+var CA_PATH = join(TLS_DIR, "ca.pem");
+var DOMAIN_PATH = join(TLS_DIR, "domain.txt");
+var LOCAL_DOMAIN_PORT_SUFFIX = /:\d+$/;
+function getReverseProxyCaCertPath() {
+  return CA_PATH;
+}
+async function ensureReverseProxyTlsCert(localDomain) {
+  mkdirSync(TLS_DIR, { recursive: true });
+  const storedDomain = existsSync(DOMAIN_PATH) ? readFileSync(DOMAIN_PATH, "utf8").trim() : "";
+  const needsRegen = !existsSync(KEY_PATH) || !existsSync(CERT_PATH) || storedDomain !== (localDomain ?? "");
+  if (!needsRegen) {
+    return { key: readFileSync(KEY_PATH, "utf8"), cert: readFileSync(CERT_PATH, "utf8") };
+  }
+  const hosts = ["localhost", "127.0.0.1"];
+  if (localDomain) {
+    hosts.push(localDomain);
+    hosts.push(`*.${localDomain}`);
+  }
+  logger.info({ hosts }, "[NetworkRuntime] Generating TLS cert");
+  const { key, cert, ca } = await generateMultiSanCert(hosts);
+  writeFileSync(KEY_PATH, key);
+  writeFileSync(CERT_PATH, cert);
+  writeFileSync(CA_PATH, ca);
+  writeFileSync(DOMAIN_PATH, localDomain ?? "");
+  return { key, cert };
+}
+function invalidateReverseProxyCert() {
+  try {
+    if (existsSync(DOMAIN_PATH)) unlinkSync(DOMAIN_PATH);
+  } catch {
+  }
+}
+function buildRaffelRoutes(routes, services, dashPort) {
+  const normalizeOneHost = (value) => {
+    const trimmed = value.trim();
+    if (!trimmed) return void 0;
+    const withoutScheme = trimmed.replace(/^[a-z][a-z0-9+.-]*:\/\//i, "");
+    const hostOnly = withoutScheme.split("/")[0]?.split("?")[0] ?? "";
+    const normalized = hostOnly.replace(LOCAL_DOMAIN_PORT_SUFFIX, "").toLowerCase();
+    return normalized || void 0;
+  };
+  const normalizeHost = (value) => {
+    if (!value) return void 0;
+    if (Array.isArray(value)) {
+      const normalized = value.map(normalizeOneHost).filter((h) => !!h);
+      return normalized.length === 1 ? normalized[0] : normalized.length > 1 ? normalized : void 0;
+    }
+    return normalizeOneHost(value);
+  };
+  const normalizePathPrefix = (value) => {
+    if (!value) return void 0;
+    const trimmed = value.trim();
+    if (!trimmed) return void 0;
+    return trimmed.startsWith("/") ? trimmed : `/${trimmed}`;
+  };
+  const portById = new Map(services.map((s) => [s.id, s.port]));
+  const normalizedRoutes = routes.map((route) => ({
+    ...route,
+    host: normalizeHost(route.host),
+    pathPrefix: normalizePathPrefix(route.pathPrefix),
+    target: route.target?.trim() || void 0
+  }));
+  const specificity = (r) => ((Array.isArray(r.host) ? r.host.length > 0 : !!r.host) ? 2 : 0) + (r.pathPrefix ? 1 : 0);
+  const sorted = [...normalizedRoutes].sort((a, b) => specificity(b) - specificity(a));
+  const raffelRoutes = [];
+  for (const route of sorted) {
+    const port = route.serviceId ? portById.get(route.serviceId) : void 0;
+    const target = port ? `http://127.0.0.1:${port}` : route.target?.trim() ?? null;
+    if (!target) {
+      logger.warn({ routeId: route.id }, "[NetworkRuntime] Skipping route \u2014 no resolvable target");
+      continue;
+    }
+    const match = {};
+    if (route.host) match.host = route.host;
+    if (route.pathPrefix) match.pathPrefix = route.pathPrefix;
+    const raffelRoute = { match, target };
+    if (route.pathPrefix && route.stripPrefix !== false) {
+      raffelRoute.stripPrefix = route.pathPrefix;
+    }
+    raffelRoutes.push(raffelRoute);
+  }
+  raffelRoutes.push({ match: { pathPrefix: "/" }, target: `http://127.0.0.1:${dashPort}` });
+  return raffelRoutes;
+}
+function toRuntimeServiceStatuses(services) {
+  return services.map((service) => ({
+    id: service.id,
+    name: service.name,
+    command: service.command,
+    cwd: service.cwd,
+    env: service.env,
+    autoStart: service.autoStart,
+    autoRestart: service.autoRestart,
+    maxCrashes: service.maxCrashes,
+    port: service.port,
+    state: "running",
+    running: true,
+    pid: null,
+    startedAt: null,
+    uptime: 0,
+    logSize: 0,
+    crashCount: 0,
+    errorCount: 0
+  }));
+}
+async function startReverseProxy(options) {
+  if (!options.reverseProxyEnabled) return null;
+  if (reverseProxy?.isRunning) {
+    logger.warn("[NetworkRuntime] Reverse proxy already running, skipping start");
+    return reverseProxy.boundPort;
+  }
+  const { key, cert } = await ensureReverseProxyTlsCert(options.localDomain);
+  const { createReverseProxy } = await import("raffel");
+  const routes = buildRaffelRoutes(options.routes ?? [], options.services ?? [], options.dashPort);
+  reverseProxy = await createReverseProxy({
+    server: { host: "0.0.0.0", port: options.port ?? 4433, tls: { key, cert } },
+    routes
+  });
+  const boundPort = await reverseProxy.start();
+  logger.info({ port: boundPort, routeCount: routes.length, localDomain: options.localDomain }, "[NetworkRuntime] HTTPS reverse proxy started");
+  return boundPort;
+}
+async function stopReverseProxy() {
+  if (!reverseProxy?.isRunning) return;
+  await reverseProxy.stop();
+  logger.info("[NetworkRuntime] HTTPS reverse proxy stopped");
+  reverseProxy = null;
+}
+var meshRequestStartTimes = /* @__PURE__ */ new Map();
+function buildMeshMiddleware(services) {
+  return async (ctx, next) => {
+    if (ctx.kind === "http-request") {
+      meshRequestStartTimes.set(ctx.clientAddress, Date.now());
+      await next();
+      return;
+    }
+    if (ctx.kind === "http-response") {
+      await next();
+      const startTime = meshRequestStartTimes.get(ctx.clientAddress) ?? Date.now();
+      meshRequestStartTimes.delete(ctx.clientAddress);
+      const url = ctx.request?.url ?? "";
+      const method = ctx.request?.method ?? "GET";
+      const sourceId = ctx.authUsername ?? null;
+      const targetId = resolveTargetService(url, toRuntimeServiceStatuses(services));
+      const entry = buildTrafficEntry(
+        method,
+        url,
+        0,
+        ctx.response?.statusCode ?? 0,
+        0,
+        sourceId,
+        targetId,
+        startTime
+      );
+      meshBuffer?.push(entry);
+    }
+  };
+}
+function queueMeshTelemetryEvent(event) {
+  meshTelemetryEvents.push(event);
+  if (meshTelemetryEvents.length > MAX_MESH_TELEMETRY_EVENTS) {
+    meshTelemetryEvents = meshTelemetryEvents.slice(-MAX_MESH_TELEMETRY_EVENTS);
+  }
+}
+function getMeshLiveWindowMs(options) {
+  const seconds = Number(options?.meshLiveWindowSeconds ?? 900);
+  if (!Number.isFinite(seconds)) return 9e5;
+  return Math.min(Math.max(seconds, 30), 86400) * 1e3;
+}
+function resolveMeshDestinationNode(services, host, port) {
+  if (!host && !port) return null;
+  const match = services.find((service) => service.port != null && service.port === port);
+  if (match?.id) return match.id;
+  if (host && port != null) return `${host}:${port}`;
+  return host ?? null;
+}
+async function startMeshProxy(options) {
+  if (!options.meshEnabled) return null;
+  if (meshProxy?.isRunning) {
+    logger.warn("[NetworkRuntime] Mesh proxy already running, skipping start");
+    return meshProxy.boundPort;
+  }
+  meshBuffer = new TrafficRingBuffer(options.meshBufferSize ?? 1e3);
+  meshTelemetryEvents = [];
+  const { createExplicitProxy } = await import("raffel");
+  meshTelemetryCollector = await createRaffelProxyTelemetry({
+    rateWindowMs: 6e4
+  });
+  meshProxy = createExplicitProxy({
+    port: options.meshPort ?? 0,
+    host: "127.0.0.1",
+    forward: {
+      timeout: 3e4,
+      maxBodySize: 10 * 1024 * 1024
+    },
+    telemetry: {
+      collector: meshTelemetryCollector,
+      resolveNode: (ctx) => {
+        if (ctx.role === "destination") {
+          return resolveMeshDestinationNode(options.services ?? [], ctx.host, ctx.port);
+        }
+        if (ctx.authUsername) return ctx.authUsername;
+        return null;
+      },
+      metricsEndpoint: false,
+      graphEndpoint: false
+    },
+    middleware: [buildMeshMiddleware(options.services ?? [])]
+  });
+  await meshProxy.start();
+  meshTelemetryUnsubscribe?.();
+  meshTelemetryUnsubscribe = meshProxy.subscribe((event) => {
+    queueMeshTelemetryEvent(event);
+  });
+  if (meshExpireTimer) clearInterval(meshExpireTimer);
+  meshExpireTimer = setInterval(() => {
+    if (!meshTelemetryCollector) return;
+    const cutoff = new Date(Date.now() - getMeshLiveWindowMs(options)).toISOString();
+    meshTelemetryCollector.expireEdgesBefore(cutoff);
+  }, MESH_EXPIRE_INTERVAL_MS);
+  logger.info({ port: meshProxy.boundPort }, "[NetworkRuntime] Mesh proxy started");
+  return meshProxy.boundPort;
+}
+async function stopMeshProxy() {
+  if (!meshProxy?.isRunning) return;
+  await meshProxy.stop();
+  logger.info("[NetworkRuntime] Mesh proxy stopped");
+  if (meshExpireTimer) clearInterval(meshExpireTimer);
+  meshExpireTimer = null;
+  meshTelemetryUnsubscribe?.();
+  meshTelemetryUnsubscribe = null;
+  meshProxy = null;
+  meshBuffer = null;
+  meshTelemetryEvents = [];
+  meshTelemetryCollector = null;
+}
+function isReverseProxyRunning() {
+  return reverseProxy?.isRunning ?? false;
+}
+function isMeshProxyRunning() {
+  return meshProxy?.isRunning ?? false;
+}
+function getReverseProxyPort() {
+  return reverseProxy?.boundPort ?? null;
+}
+function getMeshProxyPort() {
+  return meshProxy?.boundPort ?? null;
+}
+function getReverseProxyCaCert() {
+  return reverseProxy?.caCert ?? null;
+}
+function getReverseProxyStats() {
+  return reverseProxy?.stats ?? null;
+}
+function getReverseProxyGraphSnapshot() {
+  if (!reverseProxy?.isRunning) return null;
+  return reverseProxy.graphSnapshot();
+}
+function getMeshStats() {
+  return meshProxy?.stats ?? null;
+}
+function getMeshNativeGraphSnapshot() {
+  if (!meshProxy?.isRunning) return null;
+  return meshProxy.graphSnapshot();
+}
+function getMeshMetrics(format = "prometheus") {
+  return meshProxy?.metricsRegistry?.export(format) ?? null;
+}
+function getMeshTrafficEntries(limit = 200) {
+  return meshBuffer?.getRecent(limit) ?? [];
+}
+async function clearMeshData() {
+  meshBuffer?.clear();
+  if (!meshTelemetryCollector || !meshProxy?.isRunning) {
+    meshTelemetryEvents = [];
+    return;
+  }
+  meshTelemetryCollector.reset();
+  meshTelemetryEvents = [];
+}
+function getMeshServiceGraph(services) {
+  if (!meshProxy?.isRunning) return null;
+  const snapshot = meshProxy.graphSnapshot();
+  const serviceStatuses = toRuntimeServiceStatuses(services);
+  const serviceNames = new Map(serviceStatuses.map((service) => [service.id, service.name]));
+  const servicePorts = new Map(serviceStatuses.map((service) => [service.id, service.port]));
+  const serviceStates = new Map(serviceStatuses.map((service) => [service.id, service.state]));
+  const nodeIds = new Set(serviceStatuses.map((service) => service.id));
+  const snapshotNodes = new Map(snapshot.nodes.map((node) => [node.id, node]));
+  const edges = snapshot.edges.filter((edge) => nodeIds.has(edge.target)).map((edge) => ({
+    id: edge.id,
+    source: edge.source,
+    target: edge.target,
+    requestCount: edge.requestsTotal > 0 ? edge.requestsTotal : edge.flowsTotal,
+    errorCount: edge.errorsTotal,
+    dominantProtocol: edge.protocol,
+    protocolCounts: [{ protocol: edge.protocol, count: edge.flowsTotal }],
+    avgLatencyMs: edge.latency.averageSeconds != null ? Math.round(edge.latency.averageSeconds * 1e3) : 0,
+    p50LatencyMs: edge.latency.percentiles.p50 != null ? Math.round(edge.latency.percentiles.p50 * 1e3) : 0,
+    p90LatencyMs: edge.latency.percentiles.p90 != null ? Math.round(edge.latency.percentiles.p90 * 1e3) : 0,
+    p95LatencyMs: edge.latency.percentiles.p95 != null ? Math.round(edge.latency.percentiles.p95 * 1e3) : 0,
+    p99LatencyMs: edge.latency.percentiles.p99 != null ? Math.round(edge.latency.percentiles.p99 * 1e3) : 0,
+    lastSeenAt: edge.lastSeenAt,
+    topPaths: edge.topPaths,
+    bytesIn: edge.bytesFromSource,
+    bytesOut: edge.bytesToSource,
+    activeFlows: edge.activeFlows,
+    flowsTotal: edge.flowsTotal,
+    statusClassCounts: edge.statusClassCounts,
+    methodCounts: edge.methodCounts
+  }));
+  const externalIds = /* @__PURE__ */ new Set();
+  for (const edge of edges) {
+    if (edge.source && !nodeIds.has(edge.source)) externalIds.add(edge.source);
+  }
+  const externalNodes = [...externalIds].map((id) => ({
+    id,
+    name: id.length > 22 ? id.slice(0, 20) + "\u2026" : id,
+    state: "external",
+    port: null,
+    requestsIn: 0,
+    requestsOut: 0,
+    errorsIn: 0,
+    errorsOut: 0,
+    bytesIn: 0,
+    bytesOut: 0,
+    activeFlows: 0,
+    protocols: {},
+    lastSeenAt: null,
+    external: true
+  }));
+  return {
+    nodes: [
+      ...serviceStatuses.map((service) => ({
+        id: service.id,
+        name: serviceNames.get(service.id) ?? service.id,
+        state: serviceStates.get(service.id) ?? "running",
+        port: servicePorts.get(service.id),
+        requestsIn: snapshotNodes.get(service.id)?.requestsIn ?? 0,
+        requestsOut: snapshotNodes.get(service.id)?.requestsOut ?? 0,
+        errorsIn: snapshotNodes.get(service.id)?.errorsIn ?? 0,
+        errorsOut: snapshotNodes.get(service.id)?.errorsOut ?? 0,
+        bytesIn: snapshotNodes.get(service.id)?.bytesIn ?? 0,
+        bytesOut: snapshotNodes.get(service.id)?.bytesOut ?? 0,
+        activeFlows: snapshotNodes.get(service.id)?.activeFlows ?? 0,
+        protocols: snapshotNodes.get(service.id)?.protocols ?? {},
+        lastSeenAt: snapshotNodes.get(service.id)?.lastSeenAt ?? null
+      })),
+      ...externalNodes
+    ],
+    edges,
+    capturedSince: snapshot.windowStart,
+    totalRequests: edges.reduce((sum, edge) => sum + (typeof edge.requestCount === "number" ? edge.requestCount : 0), 0),
+    windowStart: snapshot.windowStart,
+    windowEnd: snapshot.windowEnd,
+    seq: snapshot.seq
+  };
+}
+function getMeshTelemetryEvents(afterSeq = 0, limit = 200) {
+  return meshTelemetryEvents.filter((event) => event.seq > afterSeq).slice(0, Math.max(1, limit)).map((event) => event);
+}
+async function runReverseProxyRuntimeProcess(configPath) {
+  const syncErr = (msg) => {
+    try {
+      process.stderr.write(`[NetworkRuntime] ${msg}
+`);
+    } catch {
+    }
+  };
+  let config;
+  try {
+    const raw = readFileSync(configPath, "utf8");
+    config = JSON.parse(raw);
+  } catch (err) {
+    syncErr(`Failed to read config: ${err instanceof Error ? err.message : String(err)}`);
+    process.exitCode = 1;
+    process.exit(1);
+    return;
+  }
+  const startedAt = (/* @__PURE__ */ new Date()).toISOString();
+  let proxyPort;
+  let meshPort;
+  try {
+    proxyPort = await startReverseProxy(config);
+    meshPort = await startMeshProxy(config);
+  } catch (err) {
+    syncErr(`Failed to start proxy: ${err instanceof Error ? err.stack ?? err.message : String(err)}`);
+    process.exitCode = 1;
+    process.exit(1);
+    return;
+  }
+  const controlServer = createServer(async (req, res) => {
+    const sendJson = (statusCode, payload) => {
+      res.statusCode = statusCode;
+      res.setHeader("content-type", "application/json");
+      res.end(JSON.stringify(payload));
+    };
+    if (!req.url) return void sendJson(404, { ok: false });
+    const url = new URL(req.url, "http://127.0.0.1");
+    if (req.method === "GET" && url.pathname === "/status") {
+      return void sendJson(200, {
+        ok: true,
+        running: isReverseProxyRunning() || isMeshProxyRunning(),
+        startedAt,
+        pid: process.pid,
+        controlPort: controlServer.address()?.port ?? null,
+        localDomain: config.localDomain ?? null,
+        reverseProxy: {
+          enabled: config.reverseProxyEnabled === true,
+          running: isReverseProxyRunning(),
+          proxyPort: getReverseProxyPort()
+        },
+        mesh: {
+          enabled: config.meshEnabled === true,
+          running: isMeshProxyRunning(),
+          port: getMeshProxyPort()
+        }
+      });
+    }
+    if (req.method === "GET" && url.pathname === "/stats") return void sendJson(200, { ok: true, stats: getReverseProxyStats() });
+    if (req.method === "GET" && url.pathname === "/graph") return void sendJson(200, { ok: true, snapshot: getReverseProxyGraphSnapshot() });
+    if (req.method === "GET" && url.pathname === "/mesh/status") {
+      return void sendJson(200, { ok: true, running: isMeshProxyRunning(), port: getMeshProxyPort() });
+    }
+    if (req.method === "GET" && url.pathname === "/mesh/traffic") {
+      const limit = Number(url.searchParams.get("limit") ?? "200");
+      return void sendJson(200, { ok: true, entries: getMeshTrafficEntries(limit) });
+    }
+    if (req.method === "GET" && url.pathname === "/mesh/events") {
+      const afterSeq = Number(url.searchParams.get("afterSeq") ?? "0");
+      const limit = Number(url.searchParams.get("limit") ?? "200");
+      return void sendJson(200, {
+        ok: true,
+        events: getMeshTelemetryEvents(Number.isFinite(afterSeq) ? afterSeq : 0, Number.isFinite(limit) ? limit : 200),
+        currentSeq: meshProxy?.graphSnapshot().seq ?? 0
+      });
+    }
+    if (req.method === "GET" && url.pathname === "/mesh/stats") {
+      return void sendJson(200, { ok: true, stats: getMeshStats() });
+    }
+    if (req.method === "GET" && url.pathname === "/mesh/graph") {
+      return void sendJson(200, {
+        ok: true,
+        graph: getMeshServiceGraph(config.services ?? []),
+        nativeGraph: getMeshNativeGraphSnapshot()
+      });
+    }
+    if (req.method === "GET" && url.pathname === "/mesh/metrics") {
+      const format = url.searchParams.get("format") === "json" ? "json" : "prometheus";
+      const metrics = getMeshMetrics(format);
+      return void sendJson(200, { ok: true, metrics, format });
+    }
+    if (req.method === "POST" && url.pathname === "/mesh/clear") {
+      await clearMeshData();
+      return void sendJson(200, { ok: true });
+    }
+    if (req.method === "POST" && url.pathname === "/stop") {
+      sendJson(200, { ok: true });
+      setTimeout(() => {
+        Promise.allSettled([stopReverseProxy(), stopMeshProxy()]).finally(() => {
+          try {
+            controlServer.close();
+          } catch {
+          }
+          removeRuntimePidInfo();
+          removeRuntimeConfig();
+          process.exit(0);
+        });
+      }, 20);
+      return;
+    }
+    sendJson(404, { ok: false });
+  });
+  await new Promise((resolvePromise, rejectPromise) => {
+    controlServer.once("error", rejectPromise);
+    controlServer.listen(0, "127.0.0.1", () => resolvePromise());
+  });
+  writeRuntimePidInfo({
+    pid: process.pid,
+    command: process.argv.join(" "),
+    startedAt,
+    controlPort: controlServer.address()?.port,
+    proxyPort: proxyPort ?? void 0,
+    meshPort: meshPort ?? void 0,
+    dashPort: config.dashPort,
+    localDomain: config.localDomain
+  });
+  const shutdown = async () => {
+    await Promise.allSettled([stopReverseProxy(), stopMeshProxy()]);
+    try {
+      controlServer.close();
+    } catch {
+    }
+    removeRuntimePidInfo();
+    removeRuntimeConfig();
+    process.exit(0);
+  };
+  process.once("SIGINT", () => {
+    void shutdown();
+  });
+  process.once("SIGTERM", () => {
+    void shutdown();
+  });
+  await new Promise(() => {
+  });
+}
+
+// src/persistence/plugins/reverse-proxy-manager.ts
+var NETWORK_RUNTIME_LOGICAL_ID = "reverse-proxy";
+var RUNTIME_CONFIG_PATH2 = join2(STATE_ROOT, `service-${NETWORK_RUNTIME_LOGICAL_ID}.runtime.json`);
+var RUNTIME_PID_PATH2 = join2(STATE_ROOT, `service-${NETWORK_RUNTIME_LOGICAL_ID}.pid`);
+var RUNTIME_LOG_PATH = join2(STATE_ROOT, `service-${NETWORK_RUNTIME_LOGICAL_ID}.log`);
+var RUNTIME_READY_TIMEOUT_MS = 2e4;
+var RUNTIME_EXISTING_READY_TIMEOUT_MS = 1e4;
+var RUNTIME_POLL_INTERVAL_MS = 100;
+function readRuntimePidInfo() {
+  if (!existsSync2(RUNTIME_PID_PATH2)) return null;
+  try {
+    const data = JSON.parse(readFileSync2(RUNTIME_PID_PATH2, "utf8"));
+    if (!data?.pid || typeof data.pid !== "number") return null;
+    return data;
+  } catch {
+    return null;
+  }
+}
+function writeRuntimePidInfo2(info) {
+  writeFileSync2(RUNTIME_PID_PATH2, JSON.stringify(info));
+}
+function readRuntimeConfig() {
+  if (!existsSync2(RUNTIME_CONFIG_PATH2)) return null;
+  try {
+    return JSON.parse(readFileSync2(RUNTIME_CONFIG_PATH2, "utf8"));
+  } catch {
+    return null;
+  }
+}
+function removeRuntimePidInfo2() {
+  try {
+    rmSync2(RUNTIME_PID_PATH2, { force: true });
+  } catch {
+  }
+}
+function removeRuntimeConfig2() {
+  try {
+    rmSync2(RUNTIME_CONFIG_PATH2, { force: true });
+  } catch {
+  }
+}
+function getReverseProxyRuntimeLogPath() {
+  return RUNTIME_LOG_PATH;
+}
+function getMeshRuntimeLogPath() {
+  return RUNTIME_LOG_PATH;
+}
+function getReverseProxyRuntimePidPath() {
+  return RUNTIME_PID_PATH2;
+}
+function getPackageRoot() {
+  const filePath = fileURLToPath(import.meta.url);
+  return resolve(dirname(filePath), "../../..");
+}
+function getNetworkRuntimeCommand() {
+  const packageRoot = process.env.FIFONY_PKG_ROOT ?? getPackageRoot();
+  const file = resolve(packageRoot, "bin", "fifony.js");
+  return {
+    file,
+    command: `${process.execPath} ${file} reverse-proxy-runtime --runtimeConfig ${RUNTIME_CONFIG_PATH2}`
+  };
+}
+function readRuntimeLogTail(bytes = 4096) {
+  if (!existsSync2(RUNTIME_LOG_PATH)) return "";
+  try {
+    const size = statSync(RUNTIME_LOG_PATH).size;
+    const readSize = Math.min(size, bytes);
+    if (readSize <= 0) return "";
+    const fd = openSync(RUNTIME_LOG_PATH, "r");
+    const buf = Buffer.alloc(readSize);
+    readSync(fd, buf, 0, readSize, Math.max(0, size - readSize));
+    closeSync(fd);
+    return buf.toString("utf8");
+  } catch {
+    return "";
+  }
+}
+async function queryRuntimeControl(pathname, init) {
+  const info = readRuntimePidInfo();
+  if (!info?.controlPort) return { ok: false, kind: "missing" };
+  if (!isProcessAlive(info.pid)) return { ok: false, kind: "dead" };
+  try {
+    const response = await fetch(`http://127.0.0.1:${info.controlPort}${pathname}`, {
+      ...init,
+      signal: AbortSignal.timeout(2e3)
+    });
+    if (!response.ok) return { ok: false, kind: "http_error", status: response.status };
+    return { ok: true, data: await response.json(), status: response.status };
+  } catch {
+    return { ok: false, kind: "unreachable" };
+  }
+}
+function configRequiresReadiness(config, info) {
+  if (!info.controlPort) return false;
+  if (config.reverseProxyEnabled && !info.proxyPort) return false;
+  if (config.meshEnabled && !info.meshPort) return false;
+  return true;
+}
+async function waitForRuntimeReady(expectedPid, config, timeoutMs) {
+  const started = Date.now();
+  while (Date.now() - started < timeoutMs) {
+    const info = readRuntimePidInfo();
+    if (info && configRequiresReadiness(config, info) && isProcessAlive(expectedPid)) {
+      return info;
+    }
+    if (!isProcessAlive(expectedPid)) break;
+    await new Promise((resolvePromise) => setTimeout(resolvePromise, RUNTIME_POLL_INTERVAL_MS));
+  }
+  const logTail = readRuntimeLogTail();
+  const suffix = logTail.trim() ? ` Log tail: ${logTail.slice(-500)}` : "";
+  throw new Error(`Network runtime did not become ready within ${timeoutMs}ms.${suffix}`);
+}
+function runtimeMatchesConfig(status, config) {
+  const reverseRunning = status.reverseProxy?.running === true;
+  const meshRunning = status.mesh?.running === true;
+  const reversePort = status.reverseProxy?.proxyPort ?? null;
+  const meshPort = status.mesh?.port ?? null;
+  if (config.reverseProxyEnabled) {
+    if (!reverseRunning) return false;
+    if (config.port && reversePort !== config.port) return false;
+  } else if (reverseRunning) {
+    return false;
+  }
+  if (config.meshEnabled) {
+    if (!meshRunning) return false;
+    if (config.meshPort && meshPort !== config.meshPort) return false;
+  } else if (meshRunning) {
+    return false;
+  }
+  return true;
+}
+async function spawnRuntime(config) {
+  mkdirSync2(STATE_ROOT, { recursive: true });
+  writeFileSync2(RUNTIME_CONFIG_PATH2, JSON.stringify(config));
+  try {
+    writeFileSync2(RUNTIME_LOG_PATH, "");
+  } catch {
+  }
+  const { file, command } = getNetworkRuntimeCommand();
+  const logFd = openSync(RUNTIME_LOG_PATH, "a");
+  const child = spawn(process.execPath, [file, "reverse-proxy-runtime", "--runtimeConfig", RUNTIME_CONFIG_PATH2], {
+    cwd: process.cwd(),
+    detached: true,
+    stdio: ["ignore", logFd, logFd],
+    env: process.env
+  });
+  try {
+    closeSync(logFd);
+  } catch {
+  }
+  child.unref();
+  if (child.pid == null) throw new Error("Failed to spawn network runtime process.");
+  writeRuntimePidInfo2({
+    pid: child.pid,
+    command,
+    startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+    dashPort: config.dashPort,
+    proxyPort: config.port,
+    meshPort: config.meshPort,
+    localDomain: config.localDomain
+  });
+  return waitForRuntimeReady(child.pid, config, RUNTIME_READY_TIMEOUT_MS);
+}
+var _runtimeLock = Promise.resolve();
+async function withRuntimeLock(fn) {
+  const prev = _runtimeLock;
+  let release;
+  _runtimeLock = new Promise((r) => {
+    release = r;
+  });
+  await prev;
+  try {
+    return await fn();
+  } finally {
+    release();
+  }
+}
+async function stopNetworkRuntimeImpl() {
+  const info = readRuntimePidInfo();
+  if (!info) return;
+  if (info.controlPort) await queryRuntimeControl("/stop", { method: "POST" });
+  if (isProcessAlive(info.pid)) {
+    try {
+      process.kill(-info.pid, "SIGTERM");
+    } catch (error) {
+      logger.debug({ err: error, pid: info.pid }, "[NetworkRuntime] Failed to SIGTERM process group");
+    }
+    try {
+      process.kill(info.pid, "SIGTERM");
+    } catch (error) {
+      logger.debug({ err: error, pid: info.pid }, "[NetworkRuntime] Failed to SIGTERM process");
+    }
+  }
+  const started = Date.now();
+  while (Date.now() - started < 3e3) {
+    if (!isProcessAlive(info.pid)) break;
+    await new Promise((resolvePromise) => setTimeout(resolvePromise, 100));
+  }
+  if (isProcessAlive(info.pid)) {
+    try {
+      process.kill(-info.pid, "SIGKILL");
+    } catch (error) {
+      logger.debug({ err: error, pid: info.pid }, "[NetworkRuntime] Failed to SIGKILL process group");
+    }
+    try {
+      process.kill(info.pid, "SIGKILL");
+    } catch (error) {
+      logger.debug({ err: error, pid: info.pid }, "[NetworkRuntime] Failed to SIGKILL process");
+    }
+  }
+  removeRuntimePidInfo2();
+  removeRuntimeConfig2();
+}
+async function applyNetworkRuntimeConfigImpl(config) {
+  if (!config.reverseProxyEnabled && !config.meshEnabled) {
+    await stopNetworkRuntimeImpl();
+    return;
+  }
+  const existing = readRuntimePidInfo();
+  if (existing?.pid && isProcessAlive(existing.pid)) {
+    if (existing.controlPort) {
+      const currentConfig = readRuntimeConfig();
+      const status = await queryRuntimeControl("/status");
+      const proxyConfig = (c) => c ? { ...c, services: [] } : null;
+      if (status.ok && runtimeMatchesConfig(status.data, config) && JSON.stringify(proxyConfig(currentConfig)) === JSON.stringify(proxyConfig(config))) {
+        return;
+      }
+      await stopNetworkRuntimeImpl();
+      await spawnRuntime(config);
+      return;
+    }
+    await waitForRuntimeReady(existing.pid, config, RUNTIME_EXISTING_READY_TIMEOUT_MS);
+    return;
+  }
+  await spawnRuntime(config);
+}
+async function stopNetworkRuntime() {
+  return withRuntimeLock(() => stopNetworkRuntimeImpl());
+}
+async function applyNetworkRuntimeConfig(config) {
+  return withRuntimeLock(() => applyNetworkRuntimeConfigImpl(config));
+}
+async function startReverseProxyRuntime(options) {
+  return withRuntimeLock(async () => {
+    const config = { ...options, reverseProxyEnabled: true };
+    await applyNetworkRuntimeConfigImpl(config);
+    const state = await getReverseProxyRuntimeState();
+    return state.proxyPort ?? options.port ?? 4433;
+  });
+}
+async function stopReverseProxyRuntime() {
+  return withRuntimeLock(() => stopNetworkRuntimeImpl());
+}
+async function restartReverseProxyRuntime(options) {
+  return withRuntimeLock(async () => {
+    await stopNetworkRuntimeImpl();
+    const config = { ...options, reverseProxyEnabled: true };
+    await applyNetworkRuntimeConfigImpl(config);
+    const state = await getReverseProxyRuntimeState();
+    return state.proxyPort ?? options.port ?? 4433;
+  });
+}
+function readLogSize() {
+  if (!existsSync2(RUNTIME_LOG_PATH)) return 0;
+  try {
+    return statSync(RUNTIME_LOG_PATH).size;
+  } catch {
+    return 0;
+  }
+}
+function getReverseProxyRuntimeSnapshotStatus(options) {
+  const info = readRuntimePidInfo();
+  const alive = info?.pid != null && isProcessAlive(info.pid);
+  const ready = alive && Boolean(info?.controlPort) && Boolean(info?.proxyPort);
+  return {
+    id: "reverse-proxy",
+    name: "HTTPS Reverse Proxy",
+    command: info?.command ?? getNetworkRuntimeCommand().command,
+    port: info?.proxyPort ?? options?.configuredPort,
+    state: ready ? "running" : "stopped",
+    running: ready,
+    pid: ready ? info?.pid ?? null : null,
+    startedAt: info?.startedAt ?? null,
+    uptime: alive && info?.startedAt ? Math.max(0, Date.now() - Date.parse(info.startedAt)) : 0,
+    logSize: readLogSize(),
+    crashCount: 0,
+    errorCount: 0,
+    isRuntimeService: true,
+    runtimeServiceKind: "reverse-proxy",
+    managedByFifonyRuntime: true,
+    enabled: options?.enabled ?? false,
+    localDomain: options?.localDomain ?? null
+  };
+}
+function getMeshRuntimeSnapshotStatus(options) {
+  const info = readRuntimePidInfo();
+  const alive = info?.pid != null && isProcessAlive(info.pid);
+  const ready = alive && Boolean(info?.controlPort) && Boolean(info?.meshPort);
+  return {
+    id: "mesh",
+    name: "Service Mesh",
+    command: info?.command ?? getNetworkRuntimeCommand().command,
+    port: info?.meshPort ?? options?.configuredPort,
+    state: ready ? "running" : "stopped",
+    running: ready,
+    pid: ready ? info?.pid ?? null : null,
+    startedAt: info?.startedAt ?? null,
+    uptime: alive && info?.startedAt ? Math.max(0, Date.now() - Date.parse(info.startedAt)) : 0,
+    logSize: readLogSize(),
+    crashCount: 0,
+    errorCount: 0,
+    isRuntimeService: true,
+    runtimeServiceKind: "mesh",
+    managedByFifonyRuntime: true,
+    enabled: options?.enabled ?? false
+  };
+}
+function getMeshRuntimePortSnapshot() {
+  const info = readRuntimePidInfo();
+  return info?.meshPort ?? null;
+}
+async function getReverseProxyRuntimeStats() {
+  const payload = await queryRuntimeControl("/stats");
+  return payload.ok ? payload.data.stats ?? null : null;
+}
+async function getReverseProxyRuntimeGraphSnapshot() {
+  const payload = await queryRuntimeControl("/graph");
+  return payload.ok ? payload.data.snapshot ?? null : null;
+}
+async function getMeshRuntimeState() {
+  const payload = await queryRuntimeControl("/mesh/status");
+  if (!payload.ok) return { running: false, port: null };
+  return {
+    running: payload.data.running === true,
+    port: payload.data.port ?? null
+  };
+}
+async function getMeshRuntimeTraffic(limit = 200) {
+  const payload = await queryRuntimeControl(`/mesh/traffic?limit=${limit}`);
+  return payload.ok ? payload.data.entries ?? null : null;
+}
+async function getMeshRuntimeEvents(afterSeq = 0, limit = 200) {
+  const payload = await queryRuntimeControl(
+    `/mesh/events?afterSeq=${afterSeq}&limit=${limit}`
+  );
+  return payload.ok ? {
+    events: payload.data.events ?? [],
+    currentSeq: typeof payload.data.currentSeq === "number" ? payload.data.currentSeq : null
+  } : null;
+}
+async function clearMeshRuntimeTraffic() {
+  const payload = await queryRuntimeControl("/mesh/clear", { method: "POST" });
+  return payload.ok;
+}
+async function getMeshRuntimeStats() {
+  const payload = await queryRuntimeControl("/mesh/stats");
+  return payload.ok ? payload.data.stats ?? null : null;
+}
+async function getMeshRuntimeGraph() {
+  const payload = await queryRuntimeControl("/mesh/graph");
+  return payload.ok ? {
+    graph: payload.data.graph ?? null,
+    nativeGraph: payload.data.nativeGraph ?? null
+  } : null;
+}
+async function getMeshRuntimeMetrics(format = "prometheus") {
+  const payload = await queryRuntimeControl(`/mesh/metrics?format=${format}`);
+  return payload.ok ? payload.data.metrics ?? null : null;
+}
+async function getReverseProxyRuntimeState() {
+  const info = readRuntimePidInfo();
+  const alive = info?.pid != null && isProcessAlive(info.pid);
+  if (!info) {
+    return { running: false, pid: null, proxyPort: null, controlPort: null, startedAt: null, localDomain: null };
+  }
+  const status = await queryRuntimeControl("/status");
+  if (status.ok) {
+    return {
+      running: status.data.reverseProxy?.running ?? false,
+      pid: alive ? info.pid : null,
+      proxyPort: status.data.reverseProxy?.proxyPort ?? info.proxyPort ?? null,
+      controlPort: status.data.controlPort ?? info.controlPort ?? null,
+      startedAt: status.data.startedAt ?? info.startedAt ?? null,
+      localDomain: status.data.localDomain ?? info.localDomain ?? null
+    };
+  }
+  return {
+    running: false,
+    pid: null,
+    proxyPort: info.proxyPort ?? null,
+    controlPort: info.controlPort ?? null,
+    startedAt: info.startedAt ?? null,
+    localDomain: info.localDomain ?? null
+  };
+}
+
+export {
+  buildProxyEnvVars,
+  getReverseProxyCaCertPath,
+  ensureReverseProxyTlsCert,
+  invalidateReverseProxyCert,
+  buildRaffelRoutes,
+  startReverseProxy,
+  stopReverseProxy,
+  startMeshProxy,
+  stopMeshProxy,
+  isReverseProxyRunning,
+  isMeshProxyRunning,
+  getReverseProxyPort,
+  getMeshProxyPort,
+  getReverseProxyCaCert,
+  getReverseProxyStats,
+  getReverseProxyGraphSnapshot,
+  getMeshStats,
+  getMeshNativeGraphSnapshot,
+  getMeshMetrics,
+  getMeshTrafficEntries,
+  clearMeshData,
+  getMeshServiceGraph,
+  getMeshTelemetryEvents,
+  runReverseProxyRuntimeProcess,
+  getReverseProxyRuntimeLogPath,
+  getMeshRuntimeLogPath,
+  getReverseProxyRuntimePidPath,
+  stopNetworkRuntime,
+  applyNetworkRuntimeConfig,
+  startReverseProxyRuntime,
+  stopReverseProxyRuntime,
+  restartReverseProxyRuntime,
+  getReverseProxyRuntimeSnapshotStatus,
+  getMeshRuntimeSnapshotStatus,
+  getMeshRuntimePortSnapshot,
+  getReverseProxyRuntimeStats,
+  getReverseProxyRuntimeGraphSnapshot,
+  getMeshRuntimeState,
+  getMeshRuntimeTraffic,
+  getMeshRuntimeEvents,
+  clearMeshRuntimeTraffic,
+  getMeshRuntimeStats,
+  getMeshRuntimeGraph,
+  getMeshRuntimeMetrics,
+  getReverseProxyRuntimeState
+};
+//# sourceMappingURL=chunk-7R7XFXJM.js.map