dist_ts/mail/security/classes.spfverifier.d.ts

import type { Email } from '../core/classes.email.js';
/**
 * SPF result qualifiers
 */
export declare enum SpfQualifier {
    PASS = "+",
    NEUTRAL = "?",
    SOFTFAIL = "~",
    FAIL = "-"
}
/**
 * SPF mechanism types
 */
export declare enum SpfMechanismType {
    ALL = "all",
    INCLUDE = "include",
    A = "a",
    MX = "mx",
    IP4 = "ip4",
    IP6 = "ip6",
    EXISTS = "exists",
    REDIRECT = "redirect",
    EXP = "exp"
}
/**
 * SPF mechanism definition
 */
export interface SpfMechanism {
    qualifier: SpfQualifier;
    type: SpfMechanismType;
    value?: string;
}
/**
 * SPF record parsed data
 */
export interface SpfRecord {
    version: string;
    mechanisms: SpfMechanism[];
    modifiers: Record<string, string>;
}
/**
 * SPF verification result
 */
export interface SpfResult {
    result: 'pass' | 'neutral' | 'softfail' | 'fail' | 'temperror' | 'permerror' | 'none';
    explanation?: string;
    domain: string;
    ip: string;
    record?: string;
    error?: string;
}
/**
 * Class for verifying SPF records.
 * Delegates actual SPF evaluation to the Rust security bridge.
 * Retains parseSpfRecord() for lightweight local parsing.
 */
export declare class SpfVerifier {
    constructor(_dnsManager?: any);
    /**
     * Parse SPF record from TXT record (pure string parsing, no DNS)
     */
    parseSpfRecord(record: string): SpfRecord | null;
    /**
     * Verify SPF for a given email — delegates to Rust bridge
     */
    verify(email: Email, ip: string, heloDomain: string): Promise<SpfResult>;
    /**
     * Check if email passes SPF verification and apply headers
     */
    verifyAndApply(email: Email, ip: string, heloDomain: string): Promise<boolean>;
}
start the path to rust 2026-02-10 15:54:09 +00:00			`import type { Email } from '../core/classes.email.js';`
			`/**`
			`* SPF result qualifiers`
			`*/`
			`export declare enum SpfQualifier {`
			`PASS = "+",`
			`NEUTRAL = "?",`
			`SOFTFAIL = "~",`
			`FAIL = "-"`
			`}`
			`/**`
			`* SPF mechanism types`
			`*/`
			`export declare enum SpfMechanismType {`
			`ALL = "all",`
			`INCLUDE = "include",`
			`A = "a",`
			`MX = "mx",`
			`IP4 = "ip4",`
			`IP6 = "ip6",`
			`EXISTS = "exists",`
			`REDIRECT = "redirect",`
			`EXP = "exp"`
			`}`
			`/**`
			`* SPF mechanism definition`
			`*/`
			`export interface SpfMechanism {`
			`qualifier: SpfQualifier;`
			`type: SpfMechanismType;`
			`value?: string;`
			`}`
			`/**`
			`* SPF record parsed data`
			`*/`
			`export interface SpfRecord {`
			`version: string;`
			`mechanisms: SpfMechanism[];`
			`modifiers: Record<string, string>;`
			`}`
			`/**`
			`* SPF verification result`
			`*/`
			`export interface SpfResult {`
			`result: 'pass' \| 'neutral' \| 'softfail' \| 'fail' \| 'temperror' \| 'permerror' \| 'none';`
			`explanation?: string;`
			`domain: string;`
			`ip: string;`
			`record?: string;`
			`error?: string;`
			`}`
			`/**`
BREAKING CHANGE(rust-bridge): make Rust the primary security backend, remove all TS fallbacks Phase 3 of the Rust migration: the Rust security bridge is now mandatory and all TypeScript security fallback implementations have been removed. - UnifiedEmailServer.start() throws if Rust bridge fails to start - SpfVerifier gutted to thin wrapper (parseSpfRecord stays in TS) - DKIMVerifier gutted to thin wrapper delegating to bridge.verifyDkim() - IPReputationChecker delegates to bridge.checkIpReputation(), keeps LRU cache - DmarcVerifier keeps alignment logic (works with pre-computed results) - DKIM signing via bridge.signDkim() in all 4 locations - Removed mailauth and ip packages from plugins.ts (~1,200 lines deleted) 2026-02-10 20:30:43 +00:00			`* Class for verifying SPF records.`
			`* Delegates actual SPF evaluation to the Rust security bridge.`
			`* Retains parseSpfRecord() for lightweight local parsing.`
start the path to rust 2026-02-10 15:54:09 +00:00			`*/`
			`export declare class SpfVerifier {`
BREAKING CHANGE(rust-bridge): make Rust the primary security backend, remove all TS fallbacks Phase 3 of the Rust migration: the Rust security bridge is now mandatory and all TypeScript security fallback implementations have been removed. - UnifiedEmailServer.start() throws if Rust bridge fails to start - SpfVerifier gutted to thin wrapper (parseSpfRecord stays in TS) - DKIMVerifier gutted to thin wrapper delegating to bridge.verifyDkim() - IPReputationChecker delegates to bridge.checkIpReputation(), keeps LRU cache - DmarcVerifier keeps alignment logic (works with pre-computed results) - DKIM signing via bridge.signDkim() in all 4 locations - Removed mailauth and ip packages from plugins.ts (~1,200 lines deleted) 2026-02-10 20:30:43 +00:00			`constructor(_dnsManager?: any);`
start the path to rust 2026-02-10 15:54:09 +00:00			`/**`
BREAKING CHANGE(rust-bridge): make Rust the primary security backend, remove all TS fallbacks Phase 3 of the Rust migration: the Rust security bridge is now mandatory and all TypeScript security fallback implementations have been removed. - UnifiedEmailServer.start() throws if Rust bridge fails to start - SpfVerifier gutted to thin wrapper (parseSpfRecord stays in TS) - DKIMVerifier gutted to thin wrapper delegating to bridge.verifyDkim() - IPReputationChecker delegates to bridge.checkIpReputation(), keeps LRU cache - DmarcVerifier keeps alignment logic (works with pre-computed results) - DKIM signing via bridge.signDkim() in all 4 locations - Removed mailauth and ip packages from plugins.ts (~1,200 lines deleted) 2026-02-10 20:30:43 +00:00			`* Parse SPF record from TXT record (pure string parsing, no DNS)`
start the path to rust 2026-02-10 15:54:09 +00:00			`*/`
			`parseSpfRecord(record: string): SpfRecord \| null;`
			`/**`
BREAKING CHANGE(rust-bridge): make Rust the primary security backend, remove all TS fallbacks Phase 3 of the Rust migration: the Rust security bridge is now mandatory and all TypeScript security fallback implementations have been removed. - UnifiedEmailServer.start() throws if Rust bridge fails to start - SpfVerifier gutted to thin wrapper (parseSpfRecord stays in TS) - DKIMVerifier gutted to thin wrapper delegating to bridge.verifyDkim() - IPReputationChecker delegates to bridge.checkIpReputation(), keeps LRU cache - DmarcVerifier keeps alignment logic (works with pre-computed results) - DKIM signing via bridge.signDkim() in all 4 locations - Removed mailauth and ip packages from plugins.ts (~1,200 lines deleted) 2026-02-10 20:30:43 +00:00			`* Verify SPF for a given email — delegates to Rust bridge`
start the path to rust 2026-02-10 15:54:09 +00:00			`*/`
			`verify(email: Email, ip: string, heloDomain: string): Promise<SpfResult>;`
			`/**`
BREAKING CHANGE(rust-bridge): make Rust the primary security backend, remove all TS fallbacks Phase 3 of the Rust migration: the Rust security bridge is now mandatory and all TypeScript security fallback implementations have been removed. - UnifiedEmailServer.start() throws if Rust bridge fails to start - SpfVerifier gutted to thin wrapper (parseSpfRecord stays in TS) - DKIMVerifier gutted to thin wrapper delegating to bridge.verifyDkim() - IPReputationChecker delegates to bridge.checkIpReputation(), keeps LRU cache - DmarcVerifier keeps alignment logic (works with pre-computed results) - DKIM signing via bridge.signDkim() in all 4 locations - Removed mailauth and ip packages from plugins.ts (~1,200 lines deleted) 2026-02-10 20:30:43 +00:00			`* Check if email passes SPF verification and apply headers`
start the path to rust 2026-02-10 15:54:09 +00:00			`*/`
			`verifyAndApply(email: Email, ip: string, heloDomain: string): Promise<boolean>;`
			`}`