underpost 3.2.8 → 3.2.9

package/CHANGELOG.md

@@ -1,10 +1,110 @@
 # Changelog
 
-## 2026-05-01
+## 2026-05-14
+
+### client-core
+
+- Enhance Modal component to support dynamic tooltip positioning and menu collapse behavior ([4c01f4011](https://github.com/underpostnet/engine/commit/4c01f4011b55feeb8d02b52547f5cf376fff6ca0))
+- Add support for pulling pre-built client bundles and skipping full builds during deployment ([7f86db25a](https://github.com/underpostnet/engine/commit/7f86db25a13ede6a0027b63867b30fc9576a9263))
+- Refactor Docs and Modal components to centralize submenu item rendering and improve code organization ([5fdd051e9](https://github.com/underpostnet/engine/commit/5fdd051e923c9adffc2b5261637b9ade88b96fc9))
+- Enhance modal and docs components to improve submenu behavior and animations ([ebf257c38](https://github.com/underpostnet/engine/commit/ebf257c38c12c0f2d66dda681b2f09f97ccfccbc))
+- Defer service worker registration to improve initial load performance in PwaWorker ([88b52b8fc](https://github.com/underpostnet/engine/commit/88b52b8fc0a49642b0530d5dc0b0edfaa5395c9d))
+- Refactor filter clearing logic in DefaultManagement to use runIsolated for better control over grid/query listeners ([325f6bd66](https://github.com/underpostnet/engine/commit/325f6bd66bb381adec15feb12b0bd0ba8fa539e7))
+- Fix LoadFileActionsRenderer and LoadFolderActionsRenderer to use instance methods for GUI management ([9e6507a0c](https://github.com/underpostnet/engine/commit/9e6507a0ccc667433b9cac6a1cc645ecf6d4e7b3))
+- Fix disable functions to use instance method for visibility checks ([7f5701c8d](https://github.com/underpostnet/engine/commit/7f5701c8df74bc6576894d8b5f7655b64cc6797a))
+
+### cli-run
+
+- Enhance promote method to support TLS configuration for blue/green deployments ([a31185676](https://github.com/underpostnet/engine/commit/a31185676cef0ca639621c722df31114a2b172a1))
+- Add CRI-O installation and configuration methods for kubeadm clusters ([44743552e](https://github.com/underpostnet/engine/commit/44743552ee5e2bcd13c157ab4e30e9dfc15979f6))
+
+### cli-cluster
+
+- Enhance nat-iptables.sh for comprehensive Kubernetes firewall configuration and service exposure ([9087a946a](https://github.com/underpostnet/engine/commit/9087a946ab29526e63d5f87b389f1ad500f30d78))
+
+### cli-dns
+
+- Add MAC address retrieval option to CLI and implement corresponding method in DNS class ([52b319467](https://github.com/underpostnet/engine/commit/52b3194674419624d99835dfe63699ab30683bfb))
+
+### engine
+
+- Update Node.js version to 24.15.0 in setup scripts and documentation ([e05a472ca](https://github.com/underpostnet/engine/commit/e05a472cae67429321b7e1b3c601e0965d3e7b67))
+
+### scripts
+
+- Enable firewalld and configure persistent IP forwarding in nat-iptables.sh ([845a09791](https://github.com/underpostnet/engine/commit/845a09791187613b512f95cea12bc3b0a53dd13f))
+
+### cli-fs
+
+- Enhance UnderpostFileStorage and UnderpostRepository with additional options and methods for improved Git operations ([a812d4e66](https://github.com/underpostnet/engine/commit/a812d4e666edd2cd17c9cafc34dfdc44e5bab994))
+
+### server-valkey
+
+- Enhance Valkey connection handling with reconnecting status and improved retry strategy ([50b26c215](https://github.com/underpostnet/engine/commit/50b26c2155c7160a9e4704aadb8c74554c7d81bd))
+
+### bin-build
+
+- Remove unnecessary copy docs md in cyberia build repo workdlow ([50a5399f6](https://github.com/underpostnet/engine/commit/50a5399f6d3b72dd7dc00092294b425f7ba618b4))
+
+### package
+
+- Update dependencies for @protobufjs packages and fast-uri ([829026a8c](https://github.com/underpostnet/engine/commit/829026a8c685e5714a48bd2fb636c13b0419d818))
+- Add peer dependency flag to multiple packages in package-lock.json ([c2a7870eb](https://github.com/underpostnet/engine/commit/c2a7870eb75cc44af4966a2dcb898a08e9dfe84e))
+
+### docs
+
+- Refactor entryPoints in typedoc configuration files for improved readability and consistency ([fe77bcf3f](https://github.com/underpostnet/engine/commit/fe77bcf3fb17766be2d9af31bd57d6c2481b7f87))
+
+### engine-cyberia
+
+- Update README path in typedoc configuration to point to ARCHITECTURE.md ([74ee0e45e](https://github.com/underpostnet/engine/commit/74ee0e45e355472d4f21eb8795b76c79c84c43e6))
+- Add cyberia-docs path to build and file scripts for documentation inclusion ([851e126bf](https://github.com/underpostnet/engine/commit/851e126bf80b9427661b6477d3bf8f52462cec87))
+- Remove unique constraint from code field in CyberiaQuestSchema ([b39aa3a7b](https://github.com/underpostnet/engine/commit/b39aa3a7b162b7dd230301f7eaf0747687c1c1b4))
+- Rewrite and centralize cyberia docs source ([00e40986a](https://github.com/underpostnet/engine/commit/00e40986a51b87c9f5f0354479c77f841a1b9221))
+- Remove legacy cyberia docs ([a5546128a](https://github.com/underpostnet/engine/commit/a5546128a20945645fe3008f5c98f01772ff055f))
+- Refactor Cyberia schemas and update quest/action definitions for clarity and consistency ([cd7313206](https://github.com/underpostnet/engine/commit/cd7313206903035232da6f842f13475e8af77346))
+- Add source map coordinates to CyberiaQuest schema and update action catalog metadata, and remove lefacy seed runners in cyberia CLI ([b39958485](https://github.com/underpostnet/engine/commit/b3995848556c87def6ff1045c73605c50201a1a3))
+- Refactor CyberiaActionSchema by removing grantQuestCode field and update description in STATUS_ICONS for clarity ([221a8f072](https://github.com/underpostnet/engine/commit/221a8f072393238adf83c26c46d09fe05aa24466))
+- Add seeding commands for Cyberia actions and quests, update schemas and default data structures ([70cd5f17d](https://github.com/underpostnet/engine/commit/70cd5f17d08eb1d6c812d7428b8a5a6c76d72728))
+- Refactor Cyberia schemas to enhance action and quest structures, replacing itemId with more descriptive fields and adding new properties for better data management ([8736f2bac](https://github.com/underpostnet/engine/commit/8736f2bac3534180d798ea2ae2e6aac9781db9c2))
+- Refactor Cyberia dialogue handling to use 'code' instead of 'itemId' for dialogue retrieval and update related schemas and data structures ([d8d50325e](https://github.com/underpostnet/engine/commit/d8d50325e2fbe8a118edde7e9bd7fb01d1507233))
+- Update CyberiaActionSchema to correct action types and add storage payload structure ([88b68cb68](https://github.com/underpostnet/engine/commit/88b68cb6839900230ffb54fa44f6b11056aca5c0))
+- Add Cyberia action and quest default data structures with schemas ([8171b6b43](https://github.com/underpostnet/engine/commit/8171b6b43b2aee98f0d8fe0151362493b09fdfd5))
+- Implement Cyberia Quest and Progress APIs with controllers, services, models, and routers ([ba3c7bcb0](https://github.com/underpostnet/engine/commit/ba3c7bcb05f79f3999ec0f20daf49d4f02a2c9e2))
+
+### github-actions
+
+- Remove run metadata worflow in engine-core sync deploy ([84d684d4b](https://github.com/underpostnet/engine/commit/84d684d4bf694605c67bf521617d60920ea43205))
+- Increase timeout for sync command in engine lampp workflow ([949d693b5](https://github.com/underpostnet/engine/commit/949d693b5d4aaa28226b0417c2e2b87511eec885))
+- Remove ssh-deploy sync-engine-test command from release deployment workflow ([0e6cf3af4](https://github.com/underpostnet/engine/commit/0e6cf3af48a2e0e904dd2e646a66931cf0cea784))
+
+### clien-core
+
+- Optimize sessionOut and guest login process to skip unnecessary network calls ([b16a21fe3](https://github.com/underpostnet/engine/commit/b16a21fe3ce12d6c3c636677b06e1fa064500b6c))
+
+### cli-db
+
+- Add export success tracking and enforce backup retention in UnderpostDB ([678ed675f](https://github.com/underpostnet/engine/commit/678ed675ff51ae681b6177c34ba1295543f5a916))
+
+### api-cyberia
+
+- Remove CyberiaAchievement API controller, service, and router files to streamline codebase ([f5f31700f](https://github.com/underpostnet/engine/commit/f5f31700fed2940a475149ed0a948eae548c78e2))
+
+### runtime-cyberia-client
+
+- Refactor cyberia-client Dockerfile to streamline package installations and improve build process ([66edc28c1](https://github.com/underpostnet/engine/commit/66edc28c1c3877bbf1d1ad0bdb8dbe259746f18d))
+
+### server-data-query
+
+- Refactor DataQuery to use class syntax and static methods for improved structure and clarity ([b27221124](https://github.com/underpostnet/engine/commit/b27221124d096a046141d87fbc37de951c58aa92))
+
+### engine-core
+
+- Fix rename AppointmentFormHealthcare to AppointmentFormHealthCare for consistency ([02839072b](https://github.com/underpostnet/engine/commit/02839072b6aaa77d7f524934a8ab92a24d4d5040))
 
 ### cli-release
 
-- Update workflows to reflect new underpost image versions ([9a5577cba](https://github.com/underpostnet/engine/commit/9a5577cba856b2666e6ac023a9a319782301891d))
+- Update workflows to reflect new underpost image versions ([f5e18de0c](https://github.com/underpostnet/engine/commit/f5e18de0c9209fb6da2254a8dca94e8ef37ae394))
 
 ## New release v:3.2.8 (2026-05-01)
 

package/CLI-HELP.md

@@ -1,4 +1,4 @@
-## underpost ci/cd cli v3.2.8
+## underpost ci/cd cli v3.2.9
 
 ### Usage: `underpost [options] [command]`
   ```
@@ -137,6 +137,10 @@ Options:
                                workspace code directly.
   --skip-full-build            Skips the full client bundle build during
                                deployment.
+  --pull-bundle                Downloads the pre-built client bundle from
+                               Cloudinary via pull-bundle before starting. Use
+                               together with --skip-full-build to skip the local
+                               build entirely.
   -h, --help                   display help for command
  
 ```
@@ -389,6 +393,7 @@ Options:
                         lists.
   --ban-both-remove     Removes IP addresses from both banned ingress and egress
                         lists.
+  --mac                 Prints the MAC address of the main network interface.
   -h, --help            display help for command
  
 ```
@@ -553,6 +558,13 @@ Options:
                                       auto-detected service port).
   --cmd <cmd>                         Custom initialization command for
                                       deployment (comma-separated commands).
+  --skip-full-build                   Skip client bundle rebuild; container will
+                                      pull pre-built bundle via pull-bundle
+                                      instead.
+  --pull-bundle                       Explicitly pull the pre-built client
+                                      bundle from Cloudinary inside the
+                                      container. Use together with
+                                      --skip-full-build.
   -h, --help                          display help for command
  
 ```
@@ -891,7 +903,7 @@ Options:
 Runs specified scripts using various runners.
 
 Arguments:
-  runner-id                                       The runner ID to run. Options: dev-cluster,ipfs-expose,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-local,docker-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,instance-build-manifest,ls-deployments,host-update,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,etc-hosts,sh,log,ps,pid-info,background,ports,deploy-test,tf-vae-test,spark-template,pull-rocky-image,rmi,kill,generate-pass,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job,push-bundle,pull-bundle.
+  runner-id                                       The runner ID to run. Options: dev-cluster,ipfs-expose,metadata,svc-ls,svc-rm,ssh-deploy-info,dev-hosts-expose,dev-hosts-restore,cluster-build,template-deploy,template-deploy-local,docker-image,clean,pull,release-deploy,ssh-deploy,ide,crypto-policy,sync,stop,ssh-deploy-stop,ssh-deploy-db-rollback,ssh-deploy-db,ssh-deploy-db-status,tz,get-proxy,instance-promote,instance,instance-build-manifest,ls-deployments,host-update,install-crio,dd-container,ip-info,db-client,git-conf,promote,metrics,cluster,deploy,disk-clean,disk-devices,disk-usage,dev,service,etc-hosts,sh,log,ps,pid-info,background,ports,deploy-test,tf-vae-test,spark-template,pull-rocky-image,rmi,kill,generate-pass,secret,underpost-config,gpu-env,tf-gpu-test,deploy-job,push-bundle,pull-bundle.
   path                                            The input value, identifier, or path for the operation.
 
 Options:
@@ -959,6 +971,8 @@ Options:
   --create-job-now                                After applying cron manifests, immediately create a Job from each CronJob (forwarded to cron runner).
   --host-aliases <host-aliases>                   Adds entries to the Pod /etc/hosts via hostAliases. Format: semicolon-separated entries of "ip=hostname1,hostname2" (e.g., "127.0.0.1=foo.local,bar.local;10.1.2.3=foo.remote,bar.remote").
   --copy                                          Copies the runner output to the clipboard (supported by: generate-pass, template-deploy-local).
+  --skip-full-build                               Skip client bundle rebuild; triggers pull-bundle in container startup (supported by: sync, template-deploy).
+  --pull-bundle                                   Explicitly download the pre-built client bundle from Cloudinary inside the container (supported by: sync, template-deploy). Use together with --skip-full-build.
   -h, --help                                      display help for command
  
 ```

package/README.md

@@ -10,13 +10,13 @@
 
 <div align="center">
 
-<a target="_top" href='https://download.rockylinux.org/pub/rocky/9/'><img alt='rockylinux' src='https://img.shields.io/badge/Rocky Linux v9.6-100000?style=flat&logo=rockylinux&logoColor=white&labelColor=10b981&color=727273'/></a> <a target="_top" href='https://www.npmjs.com/package/npm?activeTab=versions'><img alt='npm' src='https://img.shields.io/badge/npm v11.6.2-100000?style=flat&logo=npm&logoColor=white&labelColor=CB3837&color=727273'/></a> <a target="_top" href='https://nodejs.org/download/release'><img alt='nodedotjs' src='https://img.shields.io/badge/node v24.10.0-100000?style=flat&logo=nodedotjs&logoColor=white&labelColor=5FA04E&color=727273'/></a> <a target="_top" href='https://pgp.mongodb.com/'><img alt='mongodb' src='https://img.shields.io/badge/mongodb_server v7.0-100000?style=flat&logo=mongodb&logoColor=white&labelColor=47A248&color=727273'/></a>
+<a target="_top" href='https://download.rockylinux.org/pub/rocky/9/'><img alt='rockylinux' src='https://img.shields.io/badge/Rocky Linux v9.6-100000?style=flat&logo=rockylinux&logoColor=white&labelColor=10b981&color=727273'/></a> <a target="_top" href='https://www.npmjs.com/package/npm?activeTab=versions'><img alt='npm' src='https://img.shields.io/badge/npm v11.6.2-100000?style=flat&logo=npm&logoColor=white&labelColor=CB3837&color=727273'/></a> <a target="_top" href='https://nodejs.org/download/release'><img alt='nodedotjs' src='https://img.shields.io/badge/node v24.15.0-100000?style=flat&logo=nodedotjs&logoColor=white&labelColor=5FA04E&color=727273'/></a> <a target="_top" href='https://pgp.mongodb.com/'><img alt='mongodb' src='https://img.shields.io/badge/mongodb_server v7.0-100000?style=flat&logo=mongodb&logoColor=white&labelColor=47A248&color=727273'/></a>
 
 </div>
 
 <div align="center">
 
-[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.2.8)](https://socket.dev/npm/package/underpost/overview/3.2.8) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
+[![Node.js CI](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/docker-image.ci.yml) [![Test](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml/badge.svg?branch=master)](https://github.com/underpostnet/engine/actions/workflows/coverall.ci.yml) [![Downloads](https://img.shields.io/npm/dm/underpost.svg)](https://www.npmjs.com/package/underpost) [![Socket Badge](https://socket.dev/api/badge/npm/package/underpost/3.2.9)](https://socket.dev/npm/package/underpost/overview/3.2.9) [![Coverage Status](https://coveralls.io/repos/github/underpostnet/engine/badge.svg?branch=master)](https://coveralls.io/github/underpostnet/engine?branch=master) [![Version](https://img.shields.io/npm/v/underpost.svg)](https://www.npmjs.org/package/underpost) [![License](https://img.shields.io/npm/l/underpost.svg)](https://www.npmjs.com/package/underpost)
 
 </div>
 
@@ -61,7 +61,7 @@ npm run dev
 <a target="_top" href="https://www.nexodev.org/docs?cid=src">See Docs here.</a>
 
 <!-- cli-index-start -->
-## underpost ci/cd cli v3.2.8
+## underpost ci/cd cli v3.2.9
 
 ### Usage: `underpost [options] [command]`
   ```

package/bin/build.js

@@ -180,9 +180,7 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         ...CyberiaDependencies,
       };
       fs.writeFileSync(`${basePath}/bin/index.js`, fs.readFileSync(`./bin/cyberia.js`, 'utf8'), 'utf8');
-      fs.copyFileSync(`./src/api/object-layer/README.md`, `${basePath}/README.md`);
       fs.copySync(`./hardhat`, `${basePath}/hardhat`);
-      fs.copySync(`./hardhat/WHITE-PAPER.md`, `${basePath}/WHITE-PAPER.md`);
       for (const path of [
         '/src/grpc/cyberia',
         '/src/client/ssr/pages/CyberiaServerMetrics.js',
@@ -198,6 +196,7 @@ const { DefaultConf } = await import(`../conf.${confName}.js`);
         '/src/runtime/cyberia-server',
         '/src/runtime/cyberia-client',
         '/.github/workflows/hardhat.ci.yml',
+        '/src/client/public/cyberia-docs',
       ])
         fs.copySync(`.${path}`, `${basePath}${path}`);
 

package/bin/file.js

@@ -107,6 +107,7 @@ try {
           './src/runtime/cyberia-server',
           './src/runtime/cyberia-client',
           './test/shape-generator.test.js',
+          './src/client/public/cyberia-docs',
           'bin/cyberia.js',
         ]) {
           if (fs.existsSync(deletePath)) fs.removeSync('../pwa-microservices-template/' + deletePath);

package/manifests/cronjobs/dd-cron/dd-cron-backup.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-backup
-              image: underpost/underpost-engine:v3.2.8
+              image: underpost/underpost-engine:v3.2.9
               command:
                 - /bin/sh
                 - -c
@@ -42,7 +42,7 @@ spec:
                 type: Directory
               name: underpost-cron-container-volume
             - hostPath:
-                path: /root/.nvm/versions/node/v24.10.0/lib/node_modules/underpost
+                path: /root/.nvm/versions/node/v24.15.0/lib/node_modules/underpost
                 type: DirectoryOrCreate
               name: underpost-share-env
           restartPolicy: OnFailure

package/manifests/cronjobs/dd-cron/dd-cron-dns.yaml

@@ -23,7 +23,7 @@ spec:
         spec:
           containers:
             - name: dd-cron-dns
-              image: underpost/underpost-engine:v3.2.8
+              image: underpost/underpost-engine:v3.2.9
               command:
                 - /bin/sh
                 - -c
@@ -42,7 +42,7 @@ spec:
                 type: Directory
               name: underpost-cron-container-volume
             - hostPath:
-                path: /root/.nvm/versions/node/v24.10.0/lib/node_modules/underpost
+                path: /root/.nvm/versions/node/v24.15.0/lib/node_modules/underpost
                 type: DirectoryOrCreate
               name: underpost-share-env
           restartPolicy: OnFailure

package/manifests/deployment/dd-default-development/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-blue
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.9
           #          resources:
           #            requests:
           #              memory: "124Ki"
@@ -98,7 +98,7 @@ spec:
     spec:
       containers:
         - name: dd-default-development-green
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.9
           #          resources:
           #            requests:
           #              memory: "124Ki"

package/manifests/deployment/dd-test-development/deployment.yaml

@@ -20,7 +20,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-blue
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.9
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:
@@ -147,7 +147,7 @@ spec:
     spec:
       containers:
         - name: dd-test-development-green
-          image: underpost/underpost-engine:v3.2.8
+          image: underpost/underpost-engine:v3.2.9
           imagePullPolicy: IfNotPresent
           envFrom:
             - secretRef:

package/package.json

@@ -2,7 +2,7 @@
     "type": "module",
     "main": "src/index.js",
     "name": "underpost",
-    "version": "3.2.8",
+    "version": "3.2.9",
     "description": "pwa api rest template",
     "scripts": {
         "start": "node --max-old-space-size=8192 src/server",
@@ -58,7 +58,7 @@
         "@neodrag/vanilla": "^2.3.1",
         "adm-zip": "^0.5.17",
         "ag-grid-community": "^35.2.1",
-        "axios": "^1.15.2",
+        "axios": "^1.16.0",
         "chai": "^6.2.2",
         "clipboardy": "^5.3.1",
         "cloudinary": "^2.10.0",
@@ -70,7 +70,7 @@
         "d3": "^7.9.0",
         "dexie": "^4.2.1",
         "dotenv": "^17.4.2",
-        "easymde": "^2.18.0",
+        "easymde": "^2.21.0",
         "esbuild": "^0.28.0",
         "escape-string-regexp": "^5.0.0",
         "express": "^5.2.1",
@@ -79,21 +79,21 @@
         "express-slow-down": "^3.1.0",
         "fast-json-stable-stringify": "^2.1.0",
         "favicons": "^7.2.0",
-        "fs-extra": "^11.3.4",
+        "fs-extra": "^11.3.5",
         "fullcalendar": "^6.1.15",
         "helmet": "^8.1.0",
         "html-minifier-terser": "^7.2.0",
-        "http-proxy-middleware": "^3.0.5",
-        "ignore-walk": "^8.0.0",
+        "http-proxy-middleware": "^4.0.0",
+        "ignore-walk": "^9.0.0",
         "iovalkey": "^0.3.3",
         "json-colorizer": "^3.0.1",
         "jsonwebtoken": "^9.0.3",
         "mariadb": "^3.2.2",
-        "marked": "^18.0.2",
+        "marked": "^18.0.3",
         "mocha": "^11.3.0",
-        "mongoose": "^9.5.0",
+        "mongoose": "^9.6.2",
         "morgan": "^1.10.0",
-        "nodemailer": "^8.0.6",
+        "nodemailer": "^8.0.7",
         "nodemon": "^3.0.1",
         "peer": "^1.0.2",
         "peerjs": "^1.5.5",
@@ -108,17 +108,17 @@
         "swagger-autogen": "^2.23.7",
         "swagger-ui-express": "^5.0.0",
         "typedoc": "^0.28.19",
-        "typescript": "^5.8.0",
+        "typescript": "^6.0.3",
         "validator": "^13.15.35",
         "vanilla-jsoneditor": "^3.12.0",
         "winston": "^3.19.0",
-        "workbox-background-sync": "^7.4.0",
-        "workbox-cacheable-response": "^7.4.0",
-        "workbox-core": "^7.4.0",
-        "workbox-expiration": "^7.4.0",
-        "workbox-precaching": "^7.4.0",
-        "workbox-routing": "^7.4.0",
-        "workbox-strategies": "^7.4.0"
+        "workbox-background-sync": "^7.4.1",
+        "workbox-cacheable-response": "^7.4.1",
+        "workbox-core": "^7.4.1",
+        "workbox-expiration": "^7.4.1",
+        "workbox-precaching": "^7.4.1",
+        "workbox-routing": "^7.4.1",
+        "workbox-strategies": "^7.4.1"
     },
     "publishConfig": {
         "provenance": true,

package/scripts/k3s-node-setup.sh

@@ -32,8 +32,8 @@ curl -o- https://cdn.jsdelivr.net/gh/nvm-sh/nvm@v0.40.1/install.sh | bash
 export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
 [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
 
-nvm install 24.10.0
-nvm use 24.10.0
+nvm install 24.15.0
+nvm use 24.15.0
 
 echo "
 ██╗░░░██╗███╗░░██╗██████╗░███████╗██████╗░██████╗░░█████╗░░██████╗████████╗

package/scripts/nat-iptables.sh

@@ -1,26 +1,111 @@
 #!/bin/bash
 set -euo pipefail
 
-# Disable firewalld
-sudo systemctl disable --now iptables
-sudo systemctl disable --now ufw
-sudo systemctl disable --now firewalld
+echo "[INFO] Enabling firewalld..."
+sudo systemctl enable --now firewalld
 
+echo "[INFO] Configuring kernel networking..."
 
-# Remove any existing entries, then append exactly one
-sudo sed -i '/^net.ipv4.ip_forward/d' /etc/sysctl.conf
-sudo sed -i '/^net.ipv6.conf.all.forwarding/d' /etc/sysctl.conf
-echo "net.ipv4.ip_forward = 1"               | sudo tee -a /etc/sysctl.conf
-echo "net.ipv6.conf.all.forwarding = 1"       | sudo tee -a /etc/sysctl.conf
-# ---
+sudo tee /etc/sysctl.d/99-kubernetes.conf >/dev/null <<'EOF'
+# Kubernetes networking
+net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding = 1
 
-sudo sysctl -p
+# Required for Kubernetes iptables
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
 
-# Accept all traffic
-sudo iptables -P INPUT ACCEPT
-sudo iptables -P FORWARD ACCEPT
-sudo iptables -P OUTPUT ACCEPT
+# Better conntrack handling
+net.netfilter.nf_conntrack_max = 131072
+EOF
 
-# List iptables rules and forwarding flag
-sudo iptables -L -n
-sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwarding
+# Load br_netfilter immediately
+sudo modprobe br_netfilter
+
+# Apply sysctl
+sudo sysctl --system
+
+echo "[INFO] Opening common WAN/public services..."
+
+# Public services
+sudo firewall-cmd --permanent --zone=public --add-service=ssh
+sudo firewall-cmd --permanent --zone=public --add-service=http
+sudo firewall-cmd --permanent --zone=public --add-service=https
+
+echo "[INFO] Opening Kubernetes control plane ports..."
+
+# Kubernetes API Server
+sudo firewall-cmd --permanent --zone=public --add-port=6443/tcp
+
+# etcd
+sudo firewall-cmd --permanent --zone=public --add-port=2379-2380/tcp
+
+# kubelet API
+sudo firewall-cmd --permanent --zone=public --add-port=10250/tcp
+
+# kube-scheduler
+sudo firewall-cmd --permanent --zone=public --add-port=10259/tcp
+
+# kube-controller-manager
+sudo firewall-cmd --permanent --zone=public --add-port=10257/tcp
+
+echo "[INFO] Opening Kubernetes networking ports..."
+
+# CoreDNS
+sudo firewall-cmd --permanent --zone=public --add-port=53/tcp
+sudo firewall-cmd --permanent --zone=public --add-port=53/udp
+
+# NodePort Services
+sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/tcp
+sudo firewall-cmd --permanent --zone=public --add-port=30000-32767/udp
+
+# Calico VXLAN
+sudo firewall-cmd --permanent --zone=public --add-port=4789/udp
+
+# Calico BGP
+sudo firewall-cmd --permanent --zone=public --add-port=179/tcp
+
+# Calico Typha (required for multi-node Calico deployments)
+sudo firewall-cmd --permanent --zone=public --add-port=5473/tcp
+
+# Calico WireGuard (optional encrypted overlay)
+sudo firewall-cmd --permanent --zone=public --add-port=51820/udp
+sudo firewall-cmd --permanent --zone=public --add-port=51821/udp
+
+# Flannel VXLAN (UDP, required if using Flannel CNI)
+sudo firewall-cmd --permanent --zone=public --add-port=8472/udp
+
+# kube-proxy healthz
+sudo firewall-cmd --permanent --zone=public --add-port=10256/tcp
+
+# metrics-server
+sudo firewall-cmd --permanent --zone=public --add-port=4443/tcp
+
+echo "[INFO] Configuring trusted zone for inter-node pod/service CIDRs..."
+# Allow all traffic from the default pod CIDR and service CIDR so that
+# cross-node pod-to-pod and service routing works without explicit per-port rules.
+sudo firewall-cmd --permanent --zone=trusted --add-source=192.168.0.0/16
+sudo firewall-cmd --permanent --zone=trusted --add-source=10.96.0.0/12
+
+echo "[INFO] Enabling masquerade and forwarding..."
+
+sudo firewall-cmd --permanent --zone=public --add-masquerade
+
+echo "[INFO] Reloading firewall..."
+
+sudo firewall-cmd --reload
+
+echo
+echo "[INFO] Sysctl status:"
+sudo sysctl \
+  net.ipv4.ip_forward \
+  net.ipv6.conf.all.forwarding \
+  net.bridge.bridge-nf-call-iptables \
+  net.bridge.bridge-nf-call-ip6tables
+
+echo
+echo "[INFO] Firewall status:"
+sudo firewall-cmd --zone=public --list-all
+
+echo
+echo "[INFO] Kubernetes firewall configuration completed."