ocpp-ws-io 2.1.3 → 2.1.4

package/dist/{index-BixJj_yJ.d.mts → index-CagcFzyZ.d.mts}

@@ -4486,6 +4486,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     private _badMessageCount;
     private _lastActivity;
     private _outboundBuffer;
+    private _offlineQueue;
     private _middleware;
     private _validators;
     private _strictProtocols;
@@ -4557,7 +4558,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this version and method is already registered on this client instance.
      */
-    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>>): void;
+    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension protocol/method not in the typed OCPP method maps.
      * `handle("my-protocol", "my-method", handler)`
@@ -4573,7 +4574,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this method is already registered on this client instance.
      */
-    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>>): void;
+    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension method not in the typed OCPP method maps.
      *
@@ -4653,6 +4654,26 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     /** Errors that should stop reconnection immediately */
     private static readonly _INTOLERABLE_ERRORS;
     private _scheduleReconnect;
+    /**
+     * Atomically drains the offline queue and sends each message via _sendCall.
+     * Uses splice(0) to prevent re-entry bugs (double billing) if the connection
+     * drops again mid-flush — the queue is empty before any sends begin.
+     */
+    private _flushOfflineQueue;
+    /**
+     * Retry wrapper using Full Jitter exponential backoff.
+     * delay = random(0, min(retryMaxDelayMs, retryDelayMs * 2^attempt))
+     * Only retries on TimeoutError — all other errors propagate immediately.
+     */
+    private _callWithRetry;
+    /** Maximum bytes allowed in the ws send buffer before applying backpressure (512KB) */
+    private static readonly _BACKPRESSURE_THRESHOLD;
+    /**
+     * Wraps ws.send() with backpressure protection.
+     * If bufferedAmount exceeds the threshold, waits for the buffer to drain
+     * before sending. Prevents OOM on slow 2G/3G charger connections.
+     */
+    private _safeSend;
     private _startPing;
     private _stopPing;
     private _recordActivity;
@@ -4829,6 +4850,22 @@ interface CallOptions {
     timeoutMs?: number;
     /** Abort signal */
     signal?: AbortSignal;
+    /**
+     * Max retry attempts on TimeoutError (default: 0 = no retry).
+     * Uses Full Jitter exponential backoff between retries.
+     */
+    retries?: number;
+    /** Base delay in ms for exponential backoff between retries (default: 1000) */
+    retryDelayMs?: number;
+    /** Max delay cap in ms to prevent unbounded backoff (default: 30000) */
+    retryMaxDelayMs?: number;
+    /**
+     * Idempotency key for deduplication. If provided, this value is used
+     * as the OCPP messageId instead of generating a new random one.
+     * Consumers can use the same key to guarantee exactly-once semantics
+     * when retrying calls across reconnections.
+     */
+    idempotencyKey?: string;
 }
 interface CloseOptions {
     /** WebSocket close code (default: 1000) */
@@ -5014,6 +5051,16 @@ interface ClientOptions {
     logging?: LoggingConfig | false;
     /** Rate Limiting configuration (Token Bucket) */
     rateLimit?: RateLimitOptions;
+    /**
+     * If true, calls made while disconnected are queued in-memory
+     * and flushed automatically on reconnect. (default: false)
+     */
+    offlineQueue?: boolean;
+    /**
+     * Maximum number of messages to queue while offline.
+     * Oldest messages are dropped when exceeded. (default: 100)
+     */
+    offlineQueueMaxSize?: number;
 }
 interface RateLimitOptions {
     /** Maximum number of messages allowed within the window */
@@ -5109,6 +5156,29 @@ interface ServerOptions {
      * - `LoggingConfig` → custom configuration
      */
     logging?: LoggingConfig | false;
+    /**
+     * Connection-level rate limiting (per-IP) applied at the HTTP upgrade boundary,
+     * before any auth, TLS or JSON parsing occurs — blocks DDoS connection floods in ~1µs.
+     * - `limit`: Max upgrade requests per IP within `windowMs` (default: 20)
+     * - `windowMs`: Sliding window in ms (default: 10000)
+     */
+    connectionRateLimit?: {
+        limit: number;
+        windowMs: number;
+    };
+    /**
+     * Maximum number of inactive sessions to retain in the bounded LRU cache.
+     * Prevents OOM under DDoS or reconnection storms with transient identities.
+     * (default: 50000)
+     */
+    maxSessions?: number;
+    /**
+     * Enable the built-in HTTP health/metrics endpoint.
+     * When enabled, non-upgrade HTTP requests to `/health` return a JSON health check,
+     * and requests to `/metrics` return Prometheus-compatible text metrics.
+     * (default: false)
+     */
+    healthEndpoint?: boolean;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5219,6 +5289,15 @@ interface EventAdapterInterface {
     getPresence?(identity: string): Promise<string | null>;
     getPresenceBatch?(identities: string[]): Promise<(string | null)[]>;
     removePresence?(identity: string): Promise<void>;
+    /**
+     * Batch set multiple presence entries in a single pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch?(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
     metrics?(): Promise<Record<string, unknown>>;
 }
 declare const NOREPLY: unique symbol;
@@ -5287,6 +5366,16 @@ interface RedisAdapterOptions {
     prefix?: string;
     /** StreamMaxLen for trimming (default: 1000) */
     streamMaxLen?: number;
+    /**
+     * TTL in seconds for ephemeral stream keys (default: 300).
+     * Prevents abandoned channel keys from leaking memory in Redis.
+     */
+    streamTtlSeconds?: number;
+    /**
+     * Presence TTL in seconds (default: 300).
+     * Used for batch presence heartbeat pipeline.
+     */
+    presenceTtlSeconds?: number;
 }
 /**
  * Redis adapter for cross-process event distribution.
@@ -5298,11 +5387,17 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _driver;
     private _prefix;
     private _streamMaxLen;
+    private _streamTtlSeconds;
+    private _presenceTtlSeconds;
     private _handlers;
     private _streamOffsets;
     private _streams;
     private _polling;
     private _closed;
+    private _sequenceCounters;
+    private _unsubError?;
+    private _unsubReconnect?;
+    private _presenceCache;
     constructor(options: RedisAdapterOptions);
     publish(channel: string, data: unknown): Promise<void>;
     publishBatch(messages: {
@@ -5320,6 +5415,20 @@ declare class RedisAdapter implements EventAdapterInterface {
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
     metrics(): Promise<Record<string, unknown>>;
+    /**
+     * Set multiple presence entries in a single Redis pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
+    /**
+     * Re-syncs all cached presence entries to Redis after a reconnection.
+     * Called automatically when the Redis client reconnects.
+     */
+    private _rehydratePresence;
 }
 
 export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };

package/dist/{index-BixJj_yJ.d.ts → index-CagcFzyZ.d.ts}

@@ -4486,6 +4486,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     private _badMessageCount;
     private _lastActivity;
     private _outboundBuffer;
+    private _offlineQueue;
     private _middleware;
     private _validators;
     private _strictProtocols;
@@ -4557,7 +4558,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this version and method is already registered on this client instance.
      */
-    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>>): void;
+    handle<V extends OCPPProtocol, M extends AllMethodNames<V>>(version: V, method: M, handler: (context: HandlerContext<OCPPRequestType<V, M>>) => OCPPResponseType<V, M> | Promise<OCPPResponseType<V, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension protocol/method not in the typed OCPP method maps.
      * `handle("my-protocol", "my-method", handler)`
@@ -4573,7 +4574,7 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
      *
      * @throws {Error} If a handler for this method is already registered on this client instance.
      */
-    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>>): void;
+    handle<M extends AllMethodNames<P>>(method: M, handler: (context: HandlerContext<OCPPRequestType<P, M>>) => OCPPResponseType<P, M> | Promise<OCPPResponseType<P, M>> | typeof NOREPLY): void;
     /**
      * Register a handler for a custom/extension method not in the typed OCPP method maps.
      *
@@ -4653,6 +4654,26 @@ declare class OCPPClient<P extends OCPPProtocol = OCPPProtocol> extends OCPPClie
     /** Errors that should stop reconnection immediately */
     private static readonly _INTOLERABLE_ERRORS;
     private _scheduleReconnect;
+    /**
+     * Atomically drains the offline queue and sends each message via _sendCall.
+     * Uses splice(0) to prevent re-entry bugs (double billing) if the connection
+     * drops again mid-flush — the queue is empty before any sends begin.
+     */
+    private _flushOfflineQueue;
+    /**
+     * Retry wrapper using Full Jitter exponential backoff.
+     * delay = random(0, min(retryMaxDelayMs, retryDelayMs * 2^attempt))
+     * Only retries on TimeoutError — all other errors propagate immediately.
+     */
+    private _callWithRetry;
+    /** Maximum bytes allowed in the ws send buffer before applying backpressure (512KB) */
+    private static readonly _BACKPRESSURE_THRESHOLD;
+    /**
+     * Wraps ws.send() with backpressure protection.
+     * If bufferedAmount exceeds the threshold, waits for the buffer to drain
+     * before sending. Prevents OOM on slow 2G/3G charger connections.
+     */
+    private _safeSend;
     private _startPing;
     private _stopPing;
     private _recordActivity;
@@ -4829,6 +4850,22 @@ interface CallOptions {
     timeoutMs?: number;
     /** Abort signal */
     signal?: AbortSignal;
+    /**
+     * Max retry attempts on TimeoutError (default: 0 = no retry).
+     * Uses Full Jitter exponential backoff between retries.
+     */
+    retries?: number;
+    /** Base delay in ms for exponential backoff between retries (default: 1000) */
+    retryDelayMs?: number;
+    /** Max delay cap in ms to prevent unbounded backoff (default: 30000) */
+    retryMaxDelayMs?: number;
+    /**
+     * Idempotency key for deduplication. If provided, this value is used
+     * as the OCPP messageId instead of generating a new random one.
+     * Consumers can use the same key to guarantee exactly-once semantics
+     * when retrying calls across reconnections.
+     */
+    idempotencyKey?: string;
 }
 interface CloseOptions {
     /** WebSocket close code (default: 1000) */
@@ -5014,6 +5051,16 @@ interface ClientOptions {
     logging?: LoggingConfig | false;
     /** Rate Limiting configuration (Token Bucket) */
     rateLimit?: RateLimitOptions;
+    /**
+     * If true, calls made while disconnected are queued in-memory
+     * and flushed automatically on reconnect. (default: false)
+     */
+    offlineQueue?: boolean;
+    /**
+     * Maximum number of messages to queue while offline.
+     * Oldest messages are dropped when exceeded. (default: 100)
+     */
+    offlineQueueMaxSize?: number;
 }
 interface RateLimitOptions {
     /** Maximum number of messages allowed within the window */
@@ -5109,6 +5156,29 @@ interface ServerOptions {
      * - `LoggingConfig` → custom configuration
      */
     logging?: LoggingConfig | false;
+    /**
+     * Connection-level rate limiting (per-IP) applied at the HTTP upgrade boundary,
+     * before any auth, TLS or JSON parsing occurs — blocks DDoS connection floods in ~1µs.
+     * - `limit`: Max upgrade requests per IP within `windowMs` (default: 20)
+     * - `windowMs`: Sliding window in ms (default: 10000)
+     */
+    connectionRateLimit?: {
+        limit: number;
+        windowMs: number;
+    };
+    /**
+     * Maximum number of inactive sessions to retain in the bounded LRU cache.
+     * Prevents OOM under DDoS or reconnection storms with transient identities.
+     * (default: 50000)
+     */
+    maxSessions?: number;
+    /**
+     * Enable the built-in HTTP health/metrics endpoint.
+     * When enabled, non-upgrade HTTP requests to `/health` return a JSON health check,
+     * and requests to `/metrics` return Prometheus-compatible text metrics.
+     * (default: false)
+     */
+    healthEndpoint?: boolean;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5219,6 +5289,15 @@ interface EventAdapterInterface {
     getPresence?(identity: string): Promise<string | null>;
     getPresenceBatch?(identities: string[]): Promise<(string | null)[]>;
     removePresence?(identity: string): Promise<void>;
+    /**
+     * Batch set multiple presence entries in a single pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch?(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
     metrics?(): Promise<Record<string, unknown>>;
 }
 declare const NOREPLY: unique symbol;
@@ -5287,6 +5366,16 @@ interface RedisAdapterOptions {
     prefix?: string;
     /** StreamMaxLen for trimming (default: 1000) */
     streamMaxLen?: number;
+    /**
+     * TTL in seconds for ephemeral stream keys (default: 300).
+     * Prevents abandoned channel keys from leaking memory in Redis.
+     */
+    streamTtlSeconds?: number;
+    /**
+     * Presence TTL in seconds (default: 300).
+     * Used for batch presence heartbeat pipeline.
+     */
+    presenceTtlSeconds?: number;
 }
 /**
  * Redis adapter for cross-process event distribution.
@@ -5298,11 +5387,17 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _driver;
     private _prefix;
     private _streamMaxLen;
+    private _streamTtlSeconds;
+    private _presenceTtlSeconds;
     private _handlers;
     private _streamOffsets;
     private _streams;
     private _polling;
     private _closed;
+    private _sequenceCounters;
+    private _unsubError?;
+    private _unsubReconnect?;
+    private _presenceCache;
     constructor(options: RedisAdapterOptions);
     publish(channel: string, data: unknown): Promise<void>;
     publishBatch(messages: {
@@ -5320,6 +5415,20 @@ declare class RedisAdapter implements EventAdapterInterface {
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
     metrics(): Promise<Record<string, unknown>>;
+    /**
+     * Set multiple presence entries in a single Redis pipeline.
+     * Reduces N network round-trips to 1 for bulk presence updates.
+     */
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
+    /**
+     * Re-syncs all cached presence entries to Redis after a reconnection.
+     * Called automatically when the Redis client reconnects.
+     */
+    private _rehydratePresence;
 }
 
 export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-BixJj_yJ.mjs';
-export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-BixJj_yJ.mjs';
+import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-CagcFzyZ.mjs';
+export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-CagcFzyZ.mjs';
 import { Server, IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
 import 'ws';
@@ -28,6 +28,11 @@ declare class InMemoryAdapter implements EventAdapterInterface {
     getPresence(identity: string): Promise<string | null>;
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
 }
 /**
  * Helper function to create a custom EventAdapter without needing to define a rigid Class.
@@ -160,6 +165,38 @@ declare function combineAuth(...cbs: AuthCallback[]): AuthCallback;
  */
 declare function createLoggingMiddleware(logger: LoggerLike, identity: string, config?: LoggingConfig | boolean): MiddlewareFunction<MiddlewareContext, any>;
 
+/**
+ * LRUMap — A zero-dependency, drop-in Map replacement with a maximum capacity.
+ *
+ * Evicts the **least recently used** entry when the capacity is exceeded.
+ * Uses native Map insertion-order semantics for O(1) LRU tracking
+ * (delete + re-insert moves a key to the "most recent" end).
+ *
+ * @remarks
+ * This is used by OCPPServer to bound the `_sessions` map and prevent OOM under
+ * DDoS or reconnection storms with transient identities.
+ */
+declare class LRUMap<K, V> extends Map<K, V> {
+    private _maxSize;
+    constructor(maxSize: number);
+    /**
+     * Returns the configured maximum capacity of this LRU cache.
+     */
+    get maxSize(): number;
+    /**
+     * Sets a key-value pair. If the key already exists, it is promoted to the
+     * most-recently-used position. If inserting a new key would exceed capacity,
+     * the oldest (least-recently-used) entry is evicted.
+     */
+    set(key: K, value: V): this;
+    /**
+     * Gets a value by key and promotes it to the most-recently-used position.
+     * Uses `this.has(key)` instead of a value truthiness check to correctly
+     * handle stored values of `undefined`, `null`, `0`, `""`, etc.
+     */
+    get(key: K): V | undefined;
+}
+
 /**
  * Compiled regex pattern for RegExp-based route fallback.
  * Only used when a user registers a RegExp pattern (not string patterns).
@@ -280,6 +317,7 @@ declare class OCPPServer extends OCPPServer_base {
     private _httpServerAbortControllers;
     private _logger;
     private _globalCORS?;
+    private _connectionBuckets;
     private readonly _nodeId;
     private _sessions;
     private _gcInterval;
@@ -446,4 +484,4 @@ declare function getErrorPlainObject(err: Error): Record<string, unknown>;
  */
 declare function getPackageIdent(): string;
 
-export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };
+export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-BixJj_yJ.js';
-export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-BixJj_yJ.js';
+import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-CagcFzyZ.js';
+export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-CagcFzyZ.js';
 import { Server, IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
 import 'ws';
@@ -28,6 +28,11 @@ declare class InMemoryAdapter implements EventAdapterInterface {
     getPresence(identity: string): Promise<string | null>;
     getPresenceBatch(identities: string[]): Promise<(string | null)[]>;
     removePresence(identity: string): Promise<void>;
+    setPresenceBatch(entries: {
+        identity: string;
+        nodeId: string;
+        ttl?: number;
+    }[]): Promise<void>;
 }
 /**
  * Helper function to create a custom EventAdapter without needing to define a rigid Class.
@@ -160,6 +165,38 @@ declare function combineAuth(...cbs: AuthCallback[]): AuthCallback;
  */
 declare function createLoggingMiddleware(logger: LoggerLike, identity: string, config?: LoggingConfig | boolean): MiddlewareFunction<MiddlewareContext, any>;
 
+/**
+ * LRUMap — A zero-dependency, drop-in Map replacement with a maximum capacity.
+ *
+ * Evicts the **least recently used** entry when the capacity is exceeded.
+ * Uses native Map insertion-order semantics for O(1) LRU tracking
+ * (delete + re-insert moves a key to the "most recent" end).
+ *
+ * @remarks
+ * This is used by OCPPServer to bound the `_sessions` map and prevent OOM under
+ * DDoS or reconnection storms with transient identities.
+ */
+declare class LRUMap<K, V> extends Map<K, V> {
+    private _maxSize;
+    constructor(maxSize: number);
+    /**
+     * Returns the configured maximum capacity of this LRU cache.
+     */
+    get maxSize(): number;
+    /**
+     * Sets a key-value pair. If the key already exists, it is promoted to the
+     * most-recently-used position. If inserting a new key would exceed capacity,
+     * the oldest (least-recently-used) entry is evicted.
+     */
+    set(key: K, value: V): this;
+    /**
+     * Gets a value by key and promotes it to the most-recently-used position.
+     * Uses `this.has(key)` instead of a value truthiness check to correctly
+     * handle stored values of `undefined`, `null`, `0`, `""`, etc.
+     */
+    get(key: K): V | undefined;
+}
+
 /**
  * Compiled regex pattern for RegExp-based route fallback.
  * Only used when a user registers a RegExp pattern (not string patterns).
@@ -280,6 +317,7 @@ declare class OCPPServer extends OCPPServer_base {
     private _httpServerAbortControllers;
     private _logger;
     private _globalCORS?;
+    private _connectionBuckets;
     private readonly _nodeId;
     private _sessions;
     private _gcInterval;
@@ -446,4 +484,4 @@ declare function getErrorPlainObject(err: Error): Record<string, unknown>;
  */
 declare function getPackageIdent(): string;
 
-export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };
+export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };