interface IDkimVerificationResult { is_valid: boolean; domain: string | null; selector: string | null; status: string; details: string | null; } interface ISpfResult { result: string; domain: string; ip: string; explanation: string | null; } interface IDmarcResult { passed: boolean; policy: string; domain: string; dkim_result: string; spf_result: string; action: string; details: string | null; } interface IEmailSecurityResult { dkim: IDkimVerificationResult[]; spf: ISpfResult | null; dmarc: IDmarcResult | null; } interface IValidationResult { valid: boolean; formatValid: boolean; score: number; error: string | null; } interface IBounceDetection { bounce_type: string; category: string; } interface IReputationResult { ip: string; score: number; risk_level: string; ip_type: string; dnsbl_results: Array<{ server: string; listed: boolean; response: string | null; }>; listed_count: number; total_checked: number; } interface IContentScanResult { threatScore: number; threatType: string | null; threatDetails: string | null; scannedElements: string[]; } interface IVersionInfo { bin: string; core: string; security: string; smtp: string; } interface ISmtpServerConfig { hostname: string; ports: number[]; securePort?: number; tlsCertPem?: string; tlsKeyPem?: string; maxMessageSize?: number; maxConnections?: number; maxRecipients?: number; connectionTimeoutSecs?: number; dataTimeoutSecs?: number; authEnabled?: boolean; maxAuthFailures?: number; socketTimeoutSecs?: number; processingTimeoutSecs?: number; rateLimits?: IRateLimitConfig; } interface IRateLimitConfig { maxConnectionsPerIp?: number; maxMessagesPerSender?: number; maxAuthFailuresPerIp?: number; windowSecs?: number; } interface IEmailData { type: 'inline' | 'file'; base64?: string; path?: string; } interface IEmailReceivedEvent { correlationId: string; sessionId: string; mailFrom: string; rcptTo: string[]; data: IEmailData; remoteAddr: string; clientHostname: string | null; secure: boolean; authenticatedUser: string | null; securityResults: any | null; } interface IAuthRequestEvent { correlationId: string; sessionId: string; username: string; password: string; remoteAddr: string; } /** * Bridge between TypeScript and the Rust `mailer-bin` binary. * * Uses `@push.rocks/smartrust` for JSON-over-stdin/stdout IPC. * Singleton — access via `RustSecurityBridge.getInstance()`. */ export declare class RustSecurityBridge { private static instance; private bridge; private _running; private constructor(); /** Get or create the singleton instance. */ static getInstance(): RustSecurityBridge; /** Whether the Rust process is currently running and accepting commands. */ get running(): boolean; /** * Spawn the Rust binary and wait for the ready signal. * @returns `true` if the binary started successfully, `false` otherwise. */ start(): Promise; /** Kill the Rust process. */ stop(): Promise; /** Ping the Rust process. */ ping(): Promise; /** Get version information for all Rust crates. */ getVersion(): Promise; /** Validate an email address. */ validateEmail(email: string): Promise; /** Detect bounce type from SMTP response / diagnostic code. */ detectBounce(opts: { smtpResponse?: string; diagnosticCode?: string; statusCode?: string; }): Promise; /** Scan email content for threats (phishing, spam, malware, etc.). */ scanContent(opts: { subject?: string; textBody?: string; htmlBody?: string; attachmentNames?: string[]; }): Promise; /** Check IP reputation via DNSBL. */ checkIpReputation(ip: string): Promise; /** Verify DKIM signatures on a raw email message. */ verifyDkim(rawMessage: string): Promise; /** Sign an email with DKIM. */ signDkim(opts: { rawMessage: string; domain: string; selector?: string; privateKey: string; }): Promise<{ header: string; signedMessage: string; }>; /** Check SPF for a sender. */ checkSpf(opts: { ip: string; heloDomain: string; hostname?: string; mailFrom: string; }): Promise; /** * Compound email security verification: DKIM + SPF + DMARC in one IPC call. * * This is the preferred method for inbound email verification — it avoids * 3 sequential round-trips and correctly passes raw mail-auth types internally. */ verifyEmail(opts: { rawMessage: string; ip: string; heloDomain: string; hostname?: string; mailFrom: string; }): Promise; /** * Start the Rust SMTP server. * The server will listen on the configured ports and emit events for * emailReceived and authRequest that must be handled by the caller. */ startSmtpServer(config: ISmtpServerConfig): Promise; /** Stop the Rust SMTP server. */ stopSmtpServer(): Promise; /** * Send the result of email processing back to the Rust SMTP server. * This resolves a pending correlation-ID callback, allowing the Rust * server to send the SMTP response to the client. */ sendEmailProcessingResult(opts: { correlationId: string; accepted: boolean; smtpCode?: number; smtpMessage?: string; }): Promise; /** * Send the result of authentication validation back to the Rust SMTP server. */ sendAuthResult(opts: { correlationId: string; success: boolean; message?: string; }): Promise; /** Update rate limit configuration at runtime. */ configureRateLimits(config: IRateLimitConfig): Promise; /** * Register a handler for emailReceived events from the Rust SMTP server. * These events fire when a complete email has been received and needs processing. */ onEmailReceived(handler: (data: IEmailReceivedEvent) => void): void; /** * Register a handler for authRequest events from the Rust SMTP server. * The handler must call sendAuthResult() with the correlationId. */ onAuthRequest(handler: (data: IAuthRequestEvent) => void): void; /** Remove an emailReceived event handler. */ offEmailReceived(handler: (data: IEmailReceivedEvent) => void): void; /** Remove an authRequest event handler. */ offAuthRequest(handler: (data: IAuthRequestEvent) => void): void; } export type { IDkimVerificationResult, ISpfResult, IDmarcResult, IEmailSecurityResult, IValidationResult, IBounceDetection, IContentScanResult, IReputationResult as IRustReputationResult, IVersionInfo, ISmtpServerConfig, IRateLimitConfig, IEmailData, IEmailReceivedEvent, IAuthRequestEvent, };