- Fix race conditions for per-IP connection limits by introducing atomic validate-and-track flow (SecurityManager.validateAndTrackIP) and propagating connectionId for atomic tracking.
- Add connection-manager createConnection options (connectionId, skipIpTracking) and avoid double-tracking IPs when validated atomically.
- RouteConnectionHandler now generates connection IDs earlier and uses atomic IP validation to prevent concurrent connection bypasses; cleans up IP tracking on global-limit rejects.
- Enhanced TLS SNI extraction and ClientHello parsing: robust fragmented ClientHello handling, PSK-based SNI extraction for TLS 1.3 resumption, tab-reactivation heuristics and improved logging (new client-hello-parser and sni-extraction modules).
- HttpProxy integration improvements: HttpProxyBridge initialized/synced from SmartProxy, forwardToHttpProxy forwards initial data and preserves client IP via CLIENT_IP header, robust handling of client disconnects during setup.
- Certificate manager (SmartCertManager) improvements: better ACME initialization sequence (deferred provisioning until ports are bound), improved challenge route add/remove handling, custom certificate provisioning hook, expiry handling fallback behavior and safer error messages for port conflicts.
- Route/port orchestration refactor (RouteOrchestrator): port usage mapping, safer add/remove port sequences, NFTables route lifecycle updates and certificate manager recreation on route changes.
- PortManager now refcounts ports and reuses existing listeners instead of rebinding; provides helpers to add/remove/update multiple ports and improved error handling for EADDRINUSE.
- Connection cleanup, inactivity and zombie detection hardened: batched cleanup queue, optimized inactivity checks, half-zombie detection and safer shutdown workflows.
- Metrics, routing helpers and validators: SharedRouteManager exposes expandPortRange/getListeningPorts, route helpers add convenience HTTPS/redirect/loadbalancer builders, route-validator domain rules relaxed to allow 'localhost', '*' and IPs, and tests updated accordingly.
- Tests updated to reflect behavioral changes (connection limit checks adapted to detect closed/ reset connections, HttpProxy integration test skipped in unit suite to avoid complex TLS setup).
Consolidate and refactor route validators; move to class-based API and update usages
Replaced legacy route-validators.ts with a unified route-validator.ts that provides a class-based RouteValidator plus the previous functional API (isValidPort, isValidDomain, validateRouteMatch, validateRouteAction, validateRouteConfig, validateRoutes, hasRequiredPropertiesForAction, assertValidRoute) for backwards compatibility. Updated utils exports and all imports/tests to reference the new module. Also switched static file loading in certificate manager to use SmartFileFactory.nodeFs(), and added @push.rocks/smartserve to devDependencies.
- Rename and consolidate validator module: route-validators.ts removed; route-validator.ts added with RouteValidator class and duplicated functional API for compatibility.
- Updated exports in ts/proxies/smart-proxy/utils/index.ts and all internal imports/tests to reference './route-validator.js' instead of './route-validators.js'.
- Certificate manager now uses plugins.smartfile.SmartFileFactory.nodeFs() to load key/cert files (safer factory usage instead of direct static calls).
- Added @push.rocks/smartserve to devDependencies in package.json.
- Because the validator filename and some import paths changed, this is a breaking change for consumers importing the old module path.
- Byte counting and throughput: per-route and per-IP throughput trackers with per-second sampling; removed double-counting and improved sampling buffers for accurate rates
- HttpProxy and forwarding: Ensure metricsCollector.recordBytes() is called in forwarding paths so throughput is recorded reliably
- ACME / Certificate Manager: support for custom certProvisionFunction with configurable fallback to ACME (http01) and improved challenge route lifecycle
- Connection lifecycle and cleanup: improved lifecycle component timer/listener cleanup, better cleanup queue batching and zombie/half-zombie detection
- Various utilities and stability improvements: enhanced IP utils, path/domain matching improvements, safer socket handling and more robust fragment/ClientHello handling
- Tests and docs: many test files and readme.hints.md updated with byte-counting audit, connection cleanup and ACME guidance
Fix route security configuration location and improve ACME timing tests and socket mock implementations
- Move route security from action.security to the top-level route.security to correctly enforce IP allow/block lists (addresses failing in test.route-security.ts)
- Update readme.problems.md to document the routing security configuration issue with proper instructions
- Adjust certificate metadata in certs/static-route/meta.json with updated timestamps
- Update test.acme-timing.ts to export default tap.start() instead of tap.start() to ensure proper parsing
- Improve socket simulation and event handling mocks in test.http-fix-verification.ts and test.http-forwarding-fix.ts to more reliably mimic net.Socket behavior
- Minor adjustments in multiple test files to ensure proper port binding, race condition handling and route lookups (e.g. getRoutesForPort implementation)
Fix socket handler race condition by differentiating between async and sync handlers. Now, async socket handlers complete their setup before initial data is emitted, ensuring that no data is lost. Documentation and tests have been updated to reflect this change.
- Added detailed explanation in readme.hints.md about the race condition issue, root cause, and solution implementation.
- Provided a code snippet that checks if the socket handler returns a Promise and waits for its resolution before emitting initial data.
- Updated tests (test.socket-handler-race.ts, test.socket-handler.simple.ts, test.socket-handler.ts) to verify correct behavior of async handlers.
Improve port binding intelligence and ACME challenge route management; update route configuration tests and dependency versions.
- Bumped dev dependency versions in package.json (tsbuild from ^2.5.1 to ^2.6.4, tstest from ^1.9.0 to ^2.3.1, @types/node updated, smartfile from ^11.2.0 to ^11.2.5, smartlog from ^3.1.7 to ^3.1.8)
- Removed readme.plan.md containing legacy development plan information
- Normalized route configuration properties across tests (using 'ports' and 'domains' instead of legacy 'port' or 'domain')
- Enhanced PortManager with reference counting and smarter port conflict detection to avoid redundant bindings
- Refined ACME challenge route integration to merge with existing port bindings and improve error handling
- Adjusted test expectations (e.g. using toEqual instead of toBe, and improved timeout handling) to align with current API changes
Update test mocks to include provisionAllCertificates methods in certificate manager stubs and related objects.
- Added async provisionAllCertificates functions to several test mocks (e.g. in test.port80-management.node.ts, test.route-callback-simple.ts, test.route-update-callback.node.ts, and test.simple-acme-mock.ts) to simulate ACME certificate provisioning.
- Enhanced logging and port-add history debugging for ACME challenge port addition.
Replace raw console logging calls with structured logger usage across certificate management, connection handling, and route processing for improved observability.
- Replaced console.log, console.warn, and console.error in SmartCertManager with logger.log for more consistent logging.
- Updated ConnectionManager and RouteConnectionHandler to log detailed connection events using a structured logger.
- Enhanced logging statements with contextual metadata such as connection IDs, remote IPs, target information, and component identifiers.
- Standardized log output across proxy modules to aid in debugging and monitoring.
Fix race condition in ACME certificate provisioning and refactor certificate manager initialization to defer provisioning until after port listeners are active
