ocpp-ws-io 2.1.4 → 2.1.6

package/dist/{index-CagcFzyZ.d.mts → index-1QBeqAuc.d.mts}

@@ -4740,6 +4740,9 @@ interface ValidatorSchema {
 /**
  * Schema validator using AJV for OCPP message validation.
  * Each validator is bound to a specific subprotocol version.
+ *
+ * E2: Schemas are registered at construction time but compiled lazily
+ * on first use, reducing startup time from ~400ms to ~5ms.
  */
 declare class Validator {
     readonly subprotocol: string;
@@ -4753,6 +4756,8 @@ declare class Validator {
     /**
      * Validate a payload against a schema identified by its $id.
      * Throws a typed RPCError if validation fails.
+     *
+     * E2: Schema is compiled on first call to this method (lazy).
      */
     validate(schemaId: string, params: unknown): void;
     /**
@@ -4761,7 +4766,9 @@ declare class Validator {
     hasSchema(schemaId: string): boolean;
 }
 /**
- * Create a validator for a specific subprotocol version.
+ * Create or retrieve a cached validator for a specific subprotocol version.
+ * E5: Returns an existing instance if one was already created for this subprotocol,
+ * preventing duplicate AJV instances and saving memory.
  */
 declare function createValidator(subprotocol: string, schemas: ValidatorSchema[]): Validator;
 
@@ -5179,6 +5186,13 @@ interface ServerOptions {
      * (default: false)
      */
     healthEndpoint?: boolean;
+    /**
+     * I1: Maximum WebSocket payload size in bytes. Messages exceeding this limit
+     * are rejected at the transport layer before JSON parsing, preventing OOM
+     * from oversized or malicious payloads.
+     * (default: 65536 / 64KB — sufficient for any standard OCPP message)
+     */
+    maxPayloadBytes?: number;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5252,6 +5266,22 @@ interface ClientEvents {
     }];
 }
 
+/**
+ * I3: Structured security event for SIEM integration.
+ * Emitted by the server for audit-relevant actions.
+ */
+interface SecurityEvent {
+    /** Event type identifier */
+    type: "AUTH_FAILED" | "RATE_LIMIT_EXCEEDED" | "UPGRADE_ABORTED" | "CONNECTION_RATE_LIMIT" | "INVALID_PAYLOAD";
+    /** Station identity (if known) */
+    identity?: string;
+    /** Remote IP address */
+    ip?: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Event-specific details */
+    details?: Record<string, unknown>;
+}
 interface ServerEvents {
     client: [OCPPServerClient];
     error: [Error];
@@ -5269,6 +5299,8 @@ interface ServerEvents {
     ];
     closing: [];
     close: [];
+    /** I3: Structured security event for SIEM/audit pipelines */
+    securityEvent: [SecurityEvent];
     connection: [
         socket: WebSocket.WebSocket,
         request: node_http.IncomingMessage
@@ -5431,4 +5463,4 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _rehydratePresence;
 }
 
-export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };
+export { createValidator as $, type AuthCallback as A, MiddlewareStack as B, type ConnectionMiddleware as C, type OCPP16Methods as D, type EventAdapterInterface as E, type OCPP201Methods as F, type OCPP21Methods as G, type HandlerContext as H, type OCPPCall as I, type OCPPCallError as J, type OCPPCallResult as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, OCPPClient as P, type OCPPMessage as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPMethodMap as U, Validator as V, type OCPPProtocolKey as W, RedisAdapter as X, SecurityProfile as Y, type SessionData as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type TLSOptions as n, type CloseOptions as o, type CallOptions as p, type AnyOCPPProtocol as q, type AuthAccept as r, type CallHandler as s, type ClientEvents as t, type ClientOptions as u, type ConnectionContext as v, ConnectionState as w, type HandshakeInfo as x, MessageType as y, type MiddlewareNext as z };

package/dist/{index-CagcFzyZ.d.ts → index-1QBeqAuc.d.ts}

@@ -4740,6 +4740,9 @@ interface ValidatorSchema {
 /**
  * Schema validator using AJV for OCPP message validation.
  * Each validator is bound to a specific subprotocol version.
+ *
+ * E2: Schemas are registered at construction time but compiled lazily
+ * on first use, reducing startup time from ~400ms to ~5ms.
  */
 declare class Validator {
     readonly subprotocol: string;
@@ -4753,6 +4756,8 @@ declare class Validator {
     /**
      * Validate a payload against a schema identified by its $id.
      * Throws a typed RPCError if validation fails.
+     *
+     * E2: Schema is compiled on first call to this method (lazy).
      */
     validate(schemaId: string, params: unknown): void;
     /**
@@ -4761,7 +4766,9 @@ declare class Validator {
     hasSchema(schemaId: string): boolean;
 }
 /**
- * Create a validator for a specific subprotocol version.
+ * Create or retrieve a cached validator for a specific subprotocol version.
+ * E5: Returns an existing instance if one was already created for this subprotocol,
+ * preventing duplicate AJV instances and saving memory.
  */
 declare function createValidator(subprotocol: string, schemas: ValidatorSchema[]): Validator;
 
@@ -5179,6 +5186,13 @@ interface ServerOptions {
      * (default: false)
      */
     healthEndpoint?: boolean;
+    /**
+     * I1: Maximum WebSocket payload size in bytes. Messages exceeding this limit
+     * are rejected at the transport layer before JSON parsing, preventing OOM
+     * from oversized or malicious payloads.
+     * (default: 65536 / 64KB — sufficient for any standard OCPP message)
+     */
+    maxPayloadBytes?: number;
 }
 interface OCPPServerStats {
     /** Number of currently connected WebSockets */
@@ -5252,6 +5266,22 @@ interface ClientEvents {
     }];
 }
 
+/**
+ * I3: Structured security event for SIEM integration.
+ * Emitted by the server for audit-relevant actions.
+ */
+interface SecurityEvent {
+    /** Event type identifier */
+    type: "AUTH_FAILED" | "RATE_LIMIT_EXCEEDED" | "UPGRADE_ABORTED" | "CONNECTION_RATE_LIMIT" | "INVALID_PAYLOAD";
+    /** Station identity (if known) */
+    identity?: string;
+    /** Remote IP address */
+    ip?: string;
+    /** ISO 8601 timestamp */
+    timestamp: string;
+    /** Event-specific details */
+    details?: Record<string, unknown>;
+}
 interface ServerEvents {
     client: [OCPPServerClient];
     error: [Error];
@@ -5269,6 +5299,8 @@ interface ServerEvents {
     ];
     closing: [];
     close: [];
+    /** I3: Structured security event for SIEM/audit pipelines */
+    securityEvent: [SecurityEvent];
     connection: [
         socket: WebSocket.WebSocket,
         request: node_http.IncomingMessage
@@ -5431,4 +5463,4 @@ declare class RedisAdapter implements EventAdapterInterface {
     private _rehydratePresence;
 }
 
-export { createValidator as $, type AuthCallback as A, type OCPP16Methods as B, type ConnectionMiddleware as C, type OCPP201Methods as D, type EventAdapterInterface as E, type OCPP21Methods as F, type OCPPCall as G, type HandlerContext as H, type OCPPCallError as I, type OCPPCallResult as J, OCPPClient as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, type OCPPMessage as P, type OCPPMethodMap as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPProtocolKey as U, Validator as V, RedisAdapter as W, SecurityProfile as X, type SessionData as Y, type TLSOptions as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type CloseOptions as n, type CallOptions as o, type AnyOCPPProtocol as p, type AuthAccept as q, type CallHandler as r, type ClientEvents as s, type ClientOptions as t, type ConnectionContext as u, ConnectionState as v, type HandshakeInfo as w, MessageType as x, type MiddlewareNext as y, MiddlewareStack as z };
+export { createValidator as $, type AuthCallback as A, MiddlewareStack as B, type ConnectionMiddleware as C, type OCPP16Methods as D, type EventAdapterInterface as E, type OCPP201Methods as F, type OCPP21Methods as G, type HandlerContext as H, type OCPPCall as I, type OCPPCallError as J, type OCPPCallResult as K, type LoggerLike as L, type MiddlewareFunction as M, NOREPLY as N, type OCPPProtocol as O, OCPPClient as P, type OCPPMessage as Q, type RouterConfig as R, type ServerEvents as S, type TypedEventEmitter as T, type OCPPMethodMap as U, Validator as V, type OCPPProtocolKey as W, RedisAdapter as X, SecurityProfile as Y, type SessionData as Z, type WildcardHandler as _, type LoggingConfig as a, type RedisAdapterOptions as a0, type MiddlewareContext as b, type CORSOptions as c, type AllMethodNames as d, type RouterHandlerContext as e, type OCPPRequestType as f, type OCPPResponseType as g, type RouterWildcardHandler as h, type ServerOptions as i, type LoggerLikeNotOptional as j, OCPPServerClient as k, type OCPPServerStats as l, type ListenOptions as m, type TLSOptions as n, type CloseOptions as o, type CallOptions as p, type AnyOCPPProtocol as q, type AuthAccept as r, type CallHandler as s, type ClientEvents as t, type ClientOptions as u, type ConnectionContext as v, ConnectionState as w, type HandshakeInfo as x, MessageType as y, type MiddlewareNext as z };

package/dist/index.d.mts

@@ -1,5 +1,5 @@
-import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-CagcFzyZ.mjs';
-export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-CagcFzyZ.mjs';
+import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as TLSOptions, o as CloseOptions, p as CallOptions, V as Validator } from './index-1QBeqAuc.mjs';
+export { q as AnyOCPPProtocol, r as AuthAccept, s as CallHandler, t as ClientEvents, u as ClientOptions, v as ConnectionContext, w as ConnectionState, H as HandlerContext, x as HandshakeInfo, y as MessageType, z as MiddlewareNext, B as MiddlewareStack, N as NOREPLY, D as OCPP16Methods, F as OCPP201Methods, G as OCPP21Methods, I as OCPPCall, J as OCPPCallError, K as OCPPCallResult, P as OCPPClient, Q as OCPPMessage, U as OCPPMethodMap, W as OCPPProtocolKey, X as RedisAdapter, Y as SecurityProfile, Z as SessionData, _ as WildcardHandler, $ as createValidator } from './index-1QBeqAuc.mjs';
 import { Server, IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
 import 'ws';
@@ -399,6 +399,28 @@ declare class OCPPServer extends OCPPServer_base {
      */
     private _registerRouter;
     listen(port?: number, host?: string, options?: ListenOptions): Promise<Server>;
+    /**
+     * Hot-reloads the TLS certificate on all active HTTPS servers without
+     * dropping any existing WebSocket connections.
+     *
+     * **When to use:** Call this whenever your TLS certificate is renewed —
+     * for example, after a Let's Encrypt auto-renewal (every ~90 days).
+     * Without this, you would need to restart the Node.js process to pick up
+     * the new certificate, disconnecting all connected charging stations.
+     *
+     * **How to use:**
+     * ```ts
+     * server.updateTLS({ cert: newCert, key: newKey });
+     * ```
+     *
+     * **Optional:** Only relevant if you are terminating TLS directly in Node.js
+     * (i.e. `SecurityProfile.TLS_BASIC_AUTH` or `TLS_CLIENT_CERT`). If you are
+     * running behind a reverse proxy (Nginx, AWS ALB, etc.) that handles TLS,
+     * you do not need this method — just rotate the cert on the proxy.
+     *
+     * @throws If the server is not using a TLS Security Profile.
+     */
+    updateTLS(tlsOpts: TLSOptions): void;
     get handleUpgrade(): (req: IncomingMessage, socket: Duplex, head: Buffer) => Promise<void>;
     /**
      * Core upgrade handler. Follows a strict pipeline:
@@ -456,11 +478,7 @@ declare class OCPPServer extends OCPPServer_base {
     broadcastBatch<V extends AllMethodNames<any>>(identities: string[], method: V, params: OCPPRequestType<any, V>, options?: CallOptions): Promise<void>;
 }
 
-/**
- * Pre-built validators for all supported OCPP protocol versions.
- * These are automatically registered when strict mode is enabled.
- */
-declare const standardValidators: Validator[];
+declare function getStandardValidators(): Validator[];
 
 /**
  * Instantiate a typed RPCError from a string error code.
@@ -484,4 +502,4 @@ declare function getErrorPlainObject(err: Error): Record<string, unknown>;
  */
 declare function getPackageIdent(): string;
 
-export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };
+export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TLSOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, getStandardValidators };

package/dist/index.d.ts

@@ -1,5 +1,5 @@
-import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as CloseOptions, o as CallOptions, V as Validator } from './index-CagcFzyZ.js';
-export { p as AnyOCPPProtocol, q as AuthAccept, r as CallHandler, s as ClientEvents, t as ClientOptions, u as ConnectionContext, v as ConnectionState, H as HandlerContext, w as HandshakeInfo, x as MessageType, y as MiddlewareNext, z as MiddlewareStack, N as NOREPLY, B as OCPP16Methods, D as OCPP201Methods, F as OCPP21Methods, G as OCPPCall, I as OCPPCallError, J as OCPPCallResult, K as OCPPClient, P as OCPPMessage, Q as OCPPMethodMap, U as OCPPProtocolKey, W as RedisAdapter, X as SecurityProfile, Y as SessionData, Z as TLSOptions, _ as WildcardHandler, $ as createValidator } from './index-CagcFzyZ.js';
+import { E as EventAdapterInterface, A as AuthCallback, L as LoggerLike, a as LoggingConfig, M as MiddlewareFunction, b as MiddlewareContext, C as ConnectionMiddleware, T as TypedEventEmitter, S as ServerEvents, c as CORSOptions, R as RouterConfig, O as OCPPProtocol, d as AllMethodNames, e as RouterHandlerContext, f as OCPPRequestType, g as OCPPResponseType, h as RouterWildcardHandler, i as ServerOptions, j as LoggerLikeNotOptional, k as OCPPServerClient, l as OCPPServerStats, m as ListenOptions, n as TLSOptions, o as CloseOptions, p as CallOptions, V as Validator } from './index-1QBeqAuc.js';
+export { q as AnyOCPPProtocol, r as AuthAccept, s as CallHandler, t as ClientEvents, u as ClientOptions, v as ConnectionContext, w as ConnectionState, H as HandlerContext, x as HandshakeInfo, y as MessageType, z as MiddlewareNext, B as MiddlewareStack, N as NOREPLY, D as OCPP16Methods, F as OCPP201Methods, G as OCPP21Methods, I as OCPPCall, J as OCPPCallError, K as OCPPCallResult, P as OCPPClient, Q as OCPPMessage, U as OCPPMethodMap, W as OCPPProtocolKey, X as RedisAdapter, Y as SecurityProfile, Z as SessionData, _ as WildcardHandler, $ as createValidator } from './index-1QBeqAuc.js';
 import { Server, IncomingMessage } from 'node:http';
 import { Duplex } from 'node:stream';
 import 'ws';
@@ -399,6 +399,28 @@ declare class OCPPServer extends OCPPServer_base {
      */
     private _registerRouter;
     listen(port?: number, host?: string, options?: ListenOptions): Promise<Server>;
+    /**
+     * Hot-reloads the TLS certificate on all active HTTPS servers without
+     * dropping any existing WebSocket connections.
+     *
+     * **When to use:** Call this whenever your TLS certificate is renewed —
+     * for example, after a Let's Encrypt auto-renewal (every ~90 days).
+     * Without this, you would need to restart the Node.js process to pick up
+     * the new certificate, disconnecting all connected charging stations.
+     *
+     * **How to use:**
+     * ```ts
+     * server.updateTLS({ cert: newCert, key: newKey });
+     * ```
+     *
+     * **Optional:** Only relevant if you are terminating TLS directly in Node.js
+     * (i.e. `SecurityProfile.TLS_BASIC_AUTH` or `TLS_CLIENT_CERT`). If you are
+     * running behind a reverse proxy (Nginx, AWS ALB, etc.) that handles TLS,
+     * you do not need this method — just rotate the cert on the proxy.
+     *
+     * @throws If the server is not using a TLS Security Profile.
+     */
+    updateTLS(tlsOpts: TLSOptions): void;
     get handleUpgrade(): (req: IncomingMessage, socket: Duplex, head: Buffer) => Promise<void>;
     /**
      * Core upgrade handler. Follows a strict pipeline:
@@ -456,11 +478,7 @@ declare class OCPPServer extends OCPPServer_base {
     broadcastBatch<V extends AllMethodNames<any>>(identities: string[], method: V, params: OCPPRequestType<any, V>, options?: CallOptions): Promise<void>;
 }
 
-/**
- * Pre-built validators for all supported OCPP protocol versions.
- * These are automatically registered when strict mode is enabled.
- */
-declare const standardValidators: Validator[];
+declare function getStandardValidators(): Validator[];
 
 /**
  * Instantiate a typed RPCError from a string error code.
@@ -484,4 +502,4 @@ declare function getErrorPlainObject(err: Error): Record<string, unknown>;
  */
 declare function getPackageIdent(): string;
 
-export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, standardValidators };
+export { AllMethodNames, AuthCallback, CORSOptions, CallOptions, CloseOptions, ConnectionMiddleware, EventAdapterInterface, InMemoryAdapter, LRUMap, ListenOptions, LoggerLike, LoggingConfig, MiddlewareFunction, OCPPProtocol, OCPPRequestType, OCPPResponseType, OCPPRouter, OCPPServer, OCPPServerClient, type RPCError, RPCFormatViolationError, RPCFormationViolationError, RPCFrameworkError, RPCGenericError, RPCInternalError, RPCMessageTypeNotSupportedError, RPCNotImplementedError, RPCNotSupportedError, RPCOccurrenceConstraintViolationError, RPCPropertyConstraintViolationError, RPCProtocolError, RPCSecurityError, RPCTypeConstraintViolationError, RouterConfig, ServerEvents, ServerOptions, TLSOptions, TimeoutError, TypedEventEmitter, UnexpectedHttpResponse, Validator, WebsocketUpgradeError, combineAuth, createLoggingMiddleware, createRPCError, createRouter, defineAdapter, defineAuth, defineMiddleware, defineRpcMiddleware, getErrorPlainObject, getPackageIdent, getStandardValidators };

package/dist/index.js

@@ -70,7 +70,7 @@ __export(src_exports, {
   defineRpcMiddleware: () => defineRpcMiddleware,
   getErrorPlainObject: () => getErrorPlainObject,
   getPackageIdent: () => getPackageIdent,
-  standardValidators: () => standardValidators
+  getStandardValidators: () => getStandardValidators
 });
 module.exports = __toCommonJS(src_exports);
 
@@ -386,9 +386,9 @@ var RedisAdapter = class {
   // Active streams to poll
   _polling = false;
   _closed = false;
-  // C4: Per-stream sequence counter for message ordering
+  // Per-stream sequence counter for message ordering
   _sequenceCounters = /* @__PURE__ */ new Map();
-  // C3: Rehydration callbacks
+  // Rehydration callbacks
   _unsubError;
   _unsubReconnect;
   // Stored presence entries for rehydration on reconnect
@@ -36991,6 +36991,8 @@ var Validator = class {
   /**
    * Validate a payload against a schema identified by its $id.
    * Throws a typed RPCError if validation fails.
+   *
+   * E2: Schema is compiled on first call to this method (lazy).
    */
   validate(schemaId, params) {
     const resolvedId = this._normalizeSchemaId(schemaId);
@@ -37013,16 +37015,26 @@ var Validator = class {
     return !!this._ajv.getSchema(this._normalizeSchemaId(schemaId));
   }
 };
+var _validatorRegistry = /* @__PURE__ */ new Map();
 function createValidator(subprotocol, schemas) {
-  return new Validator(subprotocol, schemas);
+  const existing = _validatorRegistry.get(subprotocol);
+  if (existing) return existing;
+  const validator = new Validator(subprotocol, schemas);
+  _validatorRegistry.set(subprotocol, validator);
+  return validator;
 }
 
 // src/standard-validators.ts
-var standardValidators = [
-  createValidator("ocpp1.6", ocpp1_6_default),
-  createValidator("ocpp2.0.1", ocpp2_0_1_default),
-  createValidator("ocpp2.1", ocpp2_1_default)
-];
+var _cached = null;
+function getStandardValidators() {
+  if (_cached) return _cached;
+  _cached = [
+    createValidator("ocpp1.6", ocpp1_6_default),
+    createValidator("ocpp2.0.1", ocpp2_0_1_default),
+    createValidator("ocpp2.1", ocpp2_1_default)
+  ];
+  return _cached;
+}
 
 // src/types.ts
 var ConnectionState = {
@@ -37215,6 +37227,7 @@ var OCPPClient = class _OCPPClient extends import_node_events.EventEmitter {
   _prettify = false;
   constructor(options) {
     super();
+    this.setMaxListeners(0);
     if (!options.identity) {
       throw new Error("identity is required");
     }
@@ -37716,11 +37729,13 @@ var OCPPClient = class _OCPPClient extends import_node_events.EventEmitter {
     this._recordActivity();
     let message;
     try {
-      const str = rawData.toString();
-      message = JSON.parse(str);
+      message = JSON.parse(rawData);
       if (!Array.isArray(message)) throw new Error("Message is not an array");
     } catch (err) {
-      this._onBadMessage(rawData.toString(), err);
+      this._onBadMessage(
+        typeof rawData === "string" ? rawData : rawData.toString(),
+        err
+      );
       return;
     }
     const messageType = message[0];
@@ -38047,10 +38062,14 @@ var OCPPClient = class _OCPPClient extends import_node_events.EventEmitter {
     }
     if (ws.bufferedAmount > _OCPPClient._BACKPRESSURE_THRESHOLD) {
       this._logger?.warn?.("Backpressure \u2014 pausing send", {
+        identity: this._identity,
         bufferedAmount: ws.bufferedAmount,
         threshold: _OCPPClient._BACKPRESSURE_THRESHOLD
       });
-      this.emit("backpressure", { bufferedAmount: ws.bufferedAmount });
+      this.emit("backpressure", {
+        identity: this._identity,
+        bufferedAmount: ws.bufferedAmount
+      });
       let waited = 0;
       const drainCheck = setInterval(() => {
         waited += 50;
@@ -38114,7 +38133,7 @@ var OCPPClient = class _OCPPClient extends import_node_events.EventEmitter {
     if (this._options.strictModeValidators) {
       this._validators = this._options.strictModeValidators;
     } else {
-      this._validators = standardValidators;
+      this._validators = getStandardValidators();
     }
     if (Array.isArray(this._options.strictMode)) {
       this._strictProtocols = this._options.strictMode;
@@ -38668,8 +38687,7 @@ var OCPPServerClient = class extends OCPPClient {
         let pData;
         if (limits.methods) {
           try {
-            const str = data.toString();
-            pData = JSON.parse(str);
+            pData = JSON.parse(data);
             if (Array.isArray(pData) && pData[0] === 2) {
               method = pData[2];
             }
@@ -38796,6 +38814,7 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
   _sessionTimeoutMs;
   constructor(options = {}) {
     super();
+    this.setMaxListeners(0);
     if (options.strictMode) {
       if (!options.strictModeValidators && !options.protocols?.length) {
         throw new Error(
@@ -38818,7 +38837,10 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
     this._sessionTimeoutMs = this._options.sessionTtlMs;
     const maxSessions = this._options.maxSessions ?? 5e4;
     this._sessions = new LRUMap(maxSessions);
-    this._wss = new import_ws2.WebSocketServer({ noServer: true });
+    this._wss = new import_ws2.WebSocketServer({
+      noServer: true,
+      maxPayload: this._options.maxPayloadBytes ?? 65536
+    });
     this._gcInterval = setInterval(() => {
       const now = Date.now();
       for (const [identity, session] of this._sessions.entries()) {
@@ -39124,6 +39146,51 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
     }
     return httpServer;
   }
+  /**
+   * Hot-reloads the TLS certificate on all active HTTPS servers without
+   * dropping any existing WebSocket connections.
+   *
+   * **When to use:** Call this whenever your TLS certificate is renewed —
+   * for example, after a Let's Encrypt auto-renewal (every ~90 days).
+   * Without this, you would need to restart the Node.js process to pick up
+   * the new certificate, disconnecting all connected charging stations.
+   *
+   * **How to use:**
+   * ```ts
+   * server.updateTLS({ cert: newCert, key: newKey });
+   * ```
+   *
+   * **Optional:** Only relevant if you are terminating TLS directly in Node.js
+   * (i.e. `SecurityProfile.TLS_BASIC_AUTH` or `TLS_CLIENT_CERT`). If you are
+   * running behind a reverse proxy (Nginx, AWS ALB, etc.) that handles TLS,
+   * you do not need this method — just rotate the cert on the proxy.
+   *
+   * @throws If the server is not using a TLS Security Profile.
+   */
+  updateTLS(tlsOpts) {
+    const profile = this._options.securityProfile ?? 0 /* NONE */;
+    if (profile !== 2 /* TLS_BASIC_AUTH */ && profile !== 3 /* TLS_CLIENT_CERT */) {
+      throw new Error(
+        "updateTLS() requires a TLS Security Profile (TLS_BASIC_AUTH or TLS_CLIENT_CERT)"
+      );
+    }
+    this._options.tls = { ...this._options.tls, ...tlsOpts };
+    const httpsOptions = {};
+    if (tlsOpts.cert) httpsOptions.cert = tlsOpts.cert;
+    if (tlsOpts.key) httpsOptions.key = tlsOpts.key;
+    if (tlsOpts.ca) httpsOptions.ca = tlsOpts.ca;
+    if (tlsOpts.passphrase) httpsOptions.passphrase = tlsOpts.passphrase;
+    let updated = 0;
+    for (const srv of this._httpServers) {
+      if ("setSecureContext" in srv && typeof srv.setSecureContext === "function") {
+        srv.setSecureContext(httpsOptions);
+        updated++;
+      }
+    }
+    this._logger?.info?.(
+      `TLS context hot-reloaded across ${updated} active server(s)`
+    );
+  }
   // ─── Handle Upgrade ──────────────────────────────────────────
   get handleUpgrade() {
     return (req, socket, head) => {
@@ -39177,6 +39244,12 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
       }
       if (bucket.tokens < 1) {
         this._logger?.warn?.("Connection rate limit exceeded", { ip });
+        this.emit("securityEvent", {
+          type: "CONNECTION_RATE_LIMIT",
+          ip,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          details: { tokensRemaining: bucket.tokens }
+        });
         abortHandshake(socket, 429, "Too Many Requests");
         return;
       }
@@ -39433,6 +39506,13 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
         if (ac.signal.aborted) {
           const reason = err instanceof Error ? err.message : "Unknown abort";
           this._logger?.warn?.("Handshake aborted", { identity, reason });
+          this.emit("securityEvent", {
+            type: "UPGRADE_ABORTED",
+            identity,
+            ip: req.socket.remoteAddress,
+            timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+            details: { reason }
+          });
           this.emit("upgradeAborted", {
             identity,
             reason,
@@ -39446,6 +39526,13 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
         const code = typeof errObj?.code === "number" ? errObj.code : 401;
         const message = typeof errObj?.message === "string" ? errObj.message : "Unauthorized";
         this._logger?.warn?.("Auth rejected", { identity, code });
+        this.emit("securityEvent", {
+          type: "AUTH_FAILED",
+          identity,
+          ip: req.socket.remoteAddress,
+          timestamp: (/* @__PURE__ */ new Date()).toISOString(),
+          details: { code, message }
+        });
         abortHandshake(socket, code, message);
         return;
       } finally {
@@ -39469,7 +39556,10 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
       return;
     }
     if (!this._wss) {
-      this._wss = new import_ws2.WebSocketServer({ noServer: true });
+      this._wss = new import_ws2.WebSocketServer({
+        noServer: true,
+        maxPayload: this._options.maxPayloadBytes ?? 65536
+      });
     }
     this._wss.handleUpgrade(req, socket, head, (ws) => {
       const clientOptions = {
@@ -39857,6 +39947,6 @@ var OCPPServer = class extends import_node_events3.EventEmitter {
   defineRpcMiddleware,
   getErrorPlainObject,
   getPackageIdent,
-  standardValidators
+  getStandardValidators
 });
 //# sourceMappingURL=index.js.map