smartproxy/changelog.md

# Changelog

## 2025-05-02 - 9.0.0 - BREAKING CHANGE(acme)
Refactor ACME configuration and certificate provisioning by replacing legacy port80HandlerConfig with unified acme options and updating CertProvisioner event subscriptions

- Remove deprecated port80HandlerConfig references and merge configuration into a single acme options schema
- Use buildPort80Handler factory for consistent Port80Handler instantiation
- Integrate subscribeToPort80Handler utility in CertProvisioner and NetworkProxyBridge for event management
- Update types in common modules and IPortProxySettings to reflect unified acme configurations
- Adjust documentation (readme.plan.md and code-level comments) to reflect the new refactored flow

## 2025-05-02 - 8.0.0 - BREAKING CHANGE(certProvisioner)
Refactor: Introduce unified CertProvisioner to centralize certificate provisioning and renewal; remove legacy ACME config from Port80Handler and update SmartProxy to delegate certificate lifecycle management.

- Removed deprecated acme properties and renewal scheduler from IPort80HandlerOptions and Port80Handler.
- Created new CertProvisioner component in ts/smartproxy/classes.pp.certprovisioner.ts to handle static and HTTP-01 certificate workflows.
- Updated SmartProxy to initialize CertProvisioner and re-emit certificate events.
- Eliminated legacy renewal logic and associated autoRenew settings from Port80Handler.
- Adjusted tests to reflect changes in certificate provisioning and renewal behavior.

## 2025-05-01 - 7.2.0 - feat(ACME/Certificate)
Introduce certificate provider hook and observable certificate events; remove legacy ACME flow

- Extended IPortProxySettings with a new certProvider callback that allows returning a static certificate or 'http01' for ACME challenges.
- Updated Port80Handler to leverage SmartAcme's getCertificateForDomain and removed outdated methods such as getAcmeClient and processAuthorizations.
- Enhanced SmartProxy to extend EventEmitter, invoking certProvider on non-wildcard domains and re-emitting certificate events (with domain, publicKey, privateKey, expiryDate, source, and isRenewal flag).
- Updated NetworkProxyBridge to support applying external certificates via a new applyExternalCertificate method.
- Revised documentation (readme.md and readme.plan.md) to include usage examples for the new certificate provider hook.

## 2025-04-30 - 7.1.4 - fix(dependencies)
Update dependency versions in package.json

- Bump @git.zone/tsbuild from ^2.2.6 to ^2.3.2
- Bump @push.rocks/tapbundle from ^5.5.10 to ^6.0.0
- Bump @types/node from ^22.13.10 to ^22.15.3
- Bump typescript from ^5.8.2 to ^5.8.3
- Bump @push.rocks/lik from ^6.1.0 to ^6.2.2
- Add @push.rocks/smartnetwork at ^4.0.0
- Bump @push.rocks/smartrequest from ^2.0.23 to ^2.1.0
- Bump @tsclass/tsclass from ^5.0.0 to ^9.1.0
- Bump @types/ws from ^8.18.0 to ^8.18.1
- Update ws to ^8.18.1

## 2025-04-28 - 7.1.3 - fix(docs)
Update project hints documentation in readme.hints.md

- Added comprehensive hints covering project overview, repository structure, and development setup.
- Outlined testing framework, coding conventions, and key components including ProxyRouter and SmartProxy.
- Included detailed information on TSConfig settings, Mermaid diagrams, CLI usage, and future TODOs.

## 2025-04-19 - 7.1.2 - fix(networkproxy/requesthandler)
Improve HTTP/2 request handling and error management in the proxy request handler; add try-catch around routing and update header processing to support per-backend protocol overrides.

- Wrapped the routing call (router.routeReq) in a try-catch block to better handle errors and missing host headers.
- Returns a 500 error and increments failure metrics if routing fails.
- Refactored HTTP/2 branch to copy all headers appropriately and map response headers into HTTP/1 response.
- Added support for per-backend protocol override via the new backendProtocol option in IReverseProxyConfig.

## 2025-04-19 - 7.1.1 - fix(commit-info)
Update commit metadata and synchronize project configuration (no code changes)

- Verified that all files remain unchanged
- Commit reflects a metadata or build system sync without functional modifications

## 2025-04-19 - 7.1.0 - feat(core)
Add backendProtocol option to support HTTP/2 client sessions alongside HTTP/1. This update enhances NetworkProxy's core functionality by integrating HTTP/2 support in server creation and request handling, while updating plugin exports and documentation accordingly.

- Introduced 'backendProtocol' configuration option (http1 | http2) with default 'http1'.
- Updated creation of secure server to use http2.createSecureServer with HTTP/1 fallback.
- Enhanced request handling to establish HTTP/2 client sessions when backendProtocol is set to 'http2'.
- Exported http2 module in plugins.
- Updated readme.md to document backendProtocol usage with example code.

## 2025-04-05 - 7.0.1 - fix(package.json)
Update packageManager field in package.json to specify the pnpm version for improved reproducibility.

- Added the packageManager field to clearly specify the pnpm version and its checksum.

## 2025-04-04 - 7.0.0 - BREAKING CHANGE(redirect)
Remove deprecated SSL redirect implementation and update exports to use the new redirect module

- Deleted ts/classes.sslredirect.ts which contained the old SSL redirect logic
- Updated ts/index.ts to export 'redirect/classes.redirect.js' instead of the removed SSL redirect module
- Adopted a new redirect implementation that provides enhanced features and a more consistent API

## 2025-03-25 - 6.0.1 - fix(readme)
Update README documentation: replace all outdated 'PortProxy' references with 'SmartProxy', adjust architecture diagrams, code examples, and configuration details (including correcting IPTables to NfTables) to reflect the new naming.

- Renamed 'PortProxy' to 'SmartProxy' in diagrams, flow sequences, and descriptive text
- Updated code examples and installation instructions accordingly
- Corrected references from IPTables to NfTables for modern system support

## 2025-03-18 - 5.1.0 - feat(docs)
docs: replace IPTablesProxy references with NfTablesProxy in README and examples, updating configuration options and diagrams for advanced nftables features

- Updated README diagrams to reflect nftables integration for low-level port forwarding.
- Replaced all occurrences of 'IPTablesProxy' with 'NfTablesProxy' in documentation and code examples.
- Included additional details on QoS, advanced NAT, and IP set options in the configuration options section.

## 2025-03-18 - 5.0.0 - BREAKING CHANGE(nftables)
Replace IPTablesProxy with NfTablesProxy and update module exports in index.ts

- Removed ts/classes.iptablesproxy.ts
- Added ts/classes.nftablesproxy.ts for enhanced nftables integration
- Updated ts/index.ts to export NfTablesProxy instead of IPTablesProxy

## 2025-03-18 - 4.3.0 - feat(Port80Handler)
Add glob pattern support for domain certificate management in Port80Handler. Wildcard domains are now detected and skipped in certificate issuance and retrieval, ensuring that only explicit domains receive ACME certificates and improving route matching.

- Introduced isGlobPattern to detect wildcard domains.
- Added getDomainInfoForRequest and domainMatchesPattern methods to enable glob pattern matching for domain configurations.
- Modified setCertificate and getCertificate to prevent certificate operations for glob patterns.
- Updated request handling to skip ACME challenge processing and certificate issuance for wildcard domains.
- Updated documentation and tests to reflect the new glob pattern support.

## 2025-03-18 - 4.2.6 - fix(Port80Handler)
Restrict ACME HTTP-01 challenge handling to domains with acmeMaintenance or acmeForward enabled

- Updated challenge handler in ts/classes.port80handler.ts to include a check for (options.acmeMaintenance || options.acmeForward)
- Prevents unintended processing of ACME challenges when ACME configuration is not enabled

## 2025-03-18 - 4.2.5 - fix(networkproxy)
Refactor certificate management components: rename AcmeCertManager to Port80Handler and update related event names from CertManagerEvents to Port80HandlerEvents. The changes update internal API usage in ts/classes.networkproxy.ts and ts/classes.port80handler.ts to unify and simplify ACME certificate handling and HTTP-01 challenge management.

- Renamed AcmeCertManager to Port80Handler in ts/classes.networkproxy.ts
- Updated event names from CertManagerEvents to Port80HandlerEvents
- Modified API calls for certificate issuance and renewal in ts/classes.port80handler.ts
- Refactored domain registration and certificate extraction logic

## 2025-03-18 - 4.2.4 - fix(ts/index.ts)
Fix export order in ts/index.ts by moving the port proxy export back and adding interfaces export for proper module exposure

- Reorder exports to place './classes.pp.portproxy.js' in the correct position
- Add export for './classes.pp.interfaces.js' to expose internal interfaces

## 2025-03-18 - 4.2.3 - fix(connectionhandler)
Remove unnecessary delay in TLS session ticket handling for connections without SNI

- Eliminated the extra setTimeout waiting period before cleaning up connections flagged as session_ticket_blocked_no_sni
- Ensures immediate cleanup and improves connection responsiveness during TLS handshake failures

## 2025-03-18 - 4.2.2 - fix(connectionhandler)
Ensure proper termination of TLS connections without SNI by explicitly ending the socket after sending the unrecognized_name alert. This prevents the connection from hanging and avoids potential duplicate handling.

- Added socket.end() after uncorking the alert packet in ClientHello handling to force connection closure.
- Prevents duplicate data events and ensures the warning alert is processed by clients like Chrome.

## 2025-03-17 - 4.2.1 - fix(core)
No uncommitted changes detected in the project.


## 2025-03-17 - 4.2.0 - feat(tlsalert)
add sendForceSniSequence and sendFatalAndClose helper functions to TlsAlert for improved SNI enforcement

- Introduce sendForceSniSequence to combine multiple alerts and force clients to provide SNI
- Add sendFatalAndClose to immediately send a fatal alert and close the connection
- Enhance TLS alert handling for better browser compatibility and error management

## 2025-03-17 - 4.1.16 - fix(tls)
Improve TLS alert handling in connection handler: use the new TlsAlert class to send proper unrecognized_name alerts when a ClientHello is missing SNI and wait for a retry on the same connection before closing. Also, add alertFallbackTimeout tracking to connection records for better timeout management.

- Replaced hardcoded alert buffers in ConnectionHandler with calls to the TlsAlert class.
- Removed old warnings and implemented a mechanism to remove existing 'data' listeners and await a new ClientHello.
- Introduced alertFallbackTimeout property in connection records to track fallback timeout and ensure proper cleanup.
- Extended the delay before closing the connection after sending an alert, providing the client more time to retry.

## 2025-03-17 - 4.1.15 - fix(connectionhandler)
Delay socket termination in TLS session resumption handling to allow proper alert processing

- Removed the immediate socket.end() call in finishConnection and moved it inside the setTimeout, ensuring that clients (especially Chrome) have additional time to process the TLS alert before connection termination
- This prevents premature socket closure on ClientHello without SNI when session tickets are disallowed

## 2025-03-17 - 4.1.14 - fix(ConnectionHandler)
Use the correct TLS alert data and increase the delay before socket termination when session resumption without SNI is detected.

- Replaced certificateExpiredAlert with serverNameUnknownAlertData for sending the appropriate alert.
- Increased the cleanup delay from 1000ms to 5000ms to allow a more graceful termination.

## 2025-03-17 - 4.1.13 - fix(tls-handshake)
Set certificate_expired TLS alert level to warning instead of fatal to allow graceful termination.

- In the TLS handshake alert for certificate_expired (0x2F), changed the alert level from 0x02 (fatal) to 0x01 (warning).
- This change avoids abrupt connection termination, enabling a smoother handling of certificate expiration alerts.

## 2025-03-17 - 4.1.12 - fix(classes.pp.connectionhandler)
Replace unrecognized_name alert data with certificate_expired alert in TLS handshake handling for session resumption without SNI

- Switched the alert payload from serverNameUnknownAlertData to a new certificateExpiredAlert buffer
- Now sends a fatal certificate_expired alert (code 47) instead of a warning unrecognized_name alert
- Improves TLS error reporting and encourages immediate disconnection when a ClientHello lacks SNI and session tickets are disallowed

## 2025-03-17 - 4.1.11 - fix(connectionhandler)
Increase delay before cleaning up connections when session resumption is blocked due to missing SNI, allowing more natural socket termination.

- Changed cleanup delay in ts/classes.pp.connectionhandler.ts from 300ms to 1000ms.
- This fix ensures that sockets get sufficient time to terminate gracefully.

## 2025-03-16 - 4.1.10 - fix(connectionhandler)
Increase delay timings for TLS alert transmission in session ticket blocking to allow graceful socket termination

- Updated finishConnection: replaced immediate socket.destroy with a graceful end call
- Increased delay after successful write from 50ms to 200ms to allow alert processing
- Raised safety timeout from 250ms to 400ms when waiting for 'drain' event

## 2025-03-16 - 4.1.9 - fix(ConnectionHandler)
Replace closeNotify alert with handshake failure alert in TLS ClientHello handling to properly signal missing SNI and enforce session ticket restrictions.

- Switched alert data sent on missing SNI from closeNotifyAlert to sslHandshakeFailureAlertData.
- Ensures consistent TLS alert behavior during handshake failure.

## 2025-03-16 - 4.1.8 - fix(ConnectionHandler/tls)
Change the TLS alert sent when a ClientHello lacks SNI: use the close_notify alert instead of handshake_failure to prompt immediate retry with SNI.

- Replaced the previously sent handshake_failure alert (code 0x28) with a close_notify alert (code 0x00) in the TLS session resumption handling in ConnectionHandler.
- This change encourages clients to immediately retry and include SNI when allowSessionTicket is false.

## 2025-03-16 - 4.1.7 - fix(classes.pp.connectionhandler)
Improve TLS alert handling in ClientHello when SNI is missing and session tickets are disallowed

- Replace the unrecognized_name alert with a handshake_failure alert to ensure better client behavior.
- Refactor the alert sending mechanism using cork/uncork and add a safety timeout for the drain event.
- Enhance logging for debugging TLS handshake failures when SNI is absent.

## 2025-03-16 - 4.1.6 - fix(tls)
Refine TLS ClientHello handling when allowSessionTicket is false by replacing extensive alert timeout logic with a concise warning alert and short delay, encouraging immediate client retry with proper SNI

- Update the TLS alert sending mechanism to use cork/uncork and a short, fixed delay instead of long timeouts
- Remove redundant event listeners and excessive cleanup logic after sending the alert
- Improve code clarity and encourage clients (e.g., Chrome) to retry handshake with SNI more responsively

## 2025-03-16 - 4.1.5 - fix(TLS/ConnectionHandler)
Improve handling of TLS session resumption without SNI by sending an 'unrecognized_name' alert instead of immediately terminating the connection. This change adds a grace period for the client to retry the handshake with proper SNI and cleans up the connection if no valid response is received.

- Send a TLS warning (unrecognized_name alert, code 112) when a ClientHello is received without SNI and session tickets are disallowed.
- Utilize socket cork/uncork to ensure the alert is sent as a single packet.
- Add a 5-second alert timeout and a subsequent 30-second grace period to allow clients to initiate a new handshake with SNI.
- Clean up and terminate the connection if no valid SNI is provided after the grace period, logging appropriate termination reasons.

## 2025-03-15 - 4.1.4 - fix(ConnectionHandler)
Refactor ConnectionHandler code formatting for improved readability and consistency in log messages and whitespace handling

- Standardized indentation and spacing in method signatures and log statements
- Aligned inline comments and string concatenations for clarity
- Minor refactoring of parameter formatting without changing functionality

## 2025-03-15 - 4.1.3 - fix(connectionhandler)
Improve handling of TLS ClientHello messages when allowSessionTicket is disabled and no SNI is provided by sending a warning alert (unrecognized_name, code 0x70) with a proper callback and delay to ensure the alert is transmitted before closing the connection.

- Replace the fatal alert (0x02/0x40) with a warning alert (0x01/0x70) to notify clients to send SNI.
- Use socket.write callback to wait 100ms after sending the alert before terminating the connection.
- Remove the previous short (50ms) delay in favor of a more reliable delay mechanism before cleanup.

## 2025-03-15 - 4.1.2 - fix(connectionhandler)
Send proper TLS alert before terminating connections when SNI is missing and session tickets are disallowed.

- Added logic to transmit a fatal TLS alert (Handshake Failure) before closing the connection when no SNI is present with allowSessionTicket=false.
- Introduced a slight 50ms delay after sending the alert to ensure the client receives the alert properly.
- Applied these changes both for the initial ClientHello and when handling subsequent TLS data.

## 2025-03-15 - 4.1.1 - fix(tls)
Enforce strict SNI handling in TLS connections by terminating ClientHello messages lacking SNI when session tickets are disallowed and removing legacy session cache code.

- In classes.pp.connectionhandler.ts, if allowSessionTicket is false and no SNI is extracted from a ClientHello, the connection is terminated to force a new handshake with SNI.
- In classes.pp.snihandler.ts, removed session cache and related cleanup functions used for tab reactivation, simplifying SNI extraction logic.
- Improved logging in TLS processing to aid in diagnosing handshake and session resumption issues.

## 2025-03-14 - 4.1.0 - feat(SniHandler)
Enhance SNI extraction to support session caching and tab reactivation by adding session cache initialization, cleanup and helper methods. Update processTlsPacket to use cached SNI for session resumption and connection racing scenarios.

- Introduce initSessionCacheCleanup, cleanupSessionCache, createClientKey, cacheSession, and getCachedSession methods to manage SNI information.
- Cache SNI based on client IP and client random to improve handling of fragmented ClientHello messages and tab reactivation.
- Update processTlsPacket to leverage cached SNI when standard extraction fails, reducing redundant extraction and enhancing connection racing behavior.

## 2025-03-14 - 4.0.0 - BREAKING CHANGE(core)
refactor: reorganize internal module structure to use 'classes.pp.*' modules

- Renamed port proxy and SNI handler source files to 'classes.pp.portproxy.js' and 'classes.pp.snihandler.js' respectively
- Updated import paths in index.ts and test files (e.g. in test.ts and test.router.ts) to reference the new file names
- This refactor improves code organization but breaks direct imports from the old paths

- Renamed 'ts/classes.portproxy.ts' to 'ts/classes.pp.portproxy.ts'
- Renamed 'ts/classes.snihandler.ts' to 'ts/classes.pp.snihandler.ts'
- Updated exports in index.ts to export from 'classes.pp.portproxy.js' and 'classes.pp.snihandler.js'
- Updated test files to import modules from new paths

## 2025-03-12 - 3.41.8 - fix(portproxy)
Improve TLS handshake timeout handling and connection piping in PortProxy

- Increase the default initial handshake timeout from 60 seconds to 120 seconds
- Add a 30-second grace period before terminating connections waiting for initial TLS data
- Refactor piping logic by removing redundant callback and establishing piping immediately after flushing buffered data
- Enhance debug logging during TLS ClientHello processing for improved SNI extraction insights

## 2025-03-12 - 3.41.7 - fix(core)
Refactor PortProxy and SniHandler: improve configuration handling, logging, and whitespace consistency

- Standardized indentation and spacing for configuration properties in PortProxy settings (e.g. ACME options, keepAliveProbes, allowSessionTicket)
- Simplified conditional formatting and improved inline comments in PortProxy
- Enhanced logging messages in SniHandler for TLS handshake and session resumption detection
- Improved debugging output (e.g. hexdump of initial TLS packet) and consistency of multi-line expressions

## 2025-03-12 - 3.41.6 - fix(SniHandler)
Refactor SniHandler: update whitespace, comment formatting, and consistent type definitions

- Unified inline comment style and spacing in SniHandler
- Refactored session cache type declaration for clarity
- Adjusted buffer length calculations to include TLS record header consistently
- Minor improvements to logging messages during ClientHello reassembly and SNI extraction

## 2025-03-12 - 3.41.5 - fix(portproxy)
Enforce TLS handshake and SNI validation on port 443 by blocking non-TLS connections and terminating session resumption attempts without SNI when allowSessionTicket is disabled.

- Added explicit check to block non-TLS connections on port 443 to ensure proper TLS usage.
- Enhanced logging for TLS ClientHello to include details on SNI extraction and session resumption status.
- Terminate connections with missing SNI by setting termination reasons ('session_ticket_blocked' or 'no_sni_blocked').
- Ensured consistent rejection of non-TLS handshakes on standard HTTPS port.

## 2025-03-12 - 3.41.4 - fix(tls/sni)
Improve logging for TLS session resumption by extracting and logging SNI values from ClientHello messages.

- Added logging to output the extracted SNI value during renegotiation, initial ClientHello and in the SNI handler.
- Enhanced error handling during SNI extraction to aid troubleshooting of TLS session resumption issues.

## 2025-03-12 - 3.41.3 - fix(TLS/SNI)
Improve TLS session resumption handling and logging. Now, session resumption attempts are always logged with details, and connections without a proper SNI are rejected when allowSessionTicket is disabled. In addition, empty SNI extensions are explicitly treated as missing, ensuring stricter and more consistent TLS handshake validation.

- Always log session resumption in both renegotiation and initial ClientHello processing.
- Terminate connections that attempt session resumption without SNI when allowSessionTicket is false.
- Treat empty SNI extensions as absence of SNI to improve consistency in TLS handshake processing.

## 2025-03-11 - 3.41.2 - fix(SniHandler)
Refactor hasSessionResumption to return detailed session resumption info

- Changed the return type of hasSessionResumption from boolean to an object with properties isResumption and hasSNI
- Updated early return conditions to return { isResumption: false, hasSNI: false } when buffer is too short or invalid
- Modified corresponding documentation to reflect the new return type

## 2025-03-11 - 3.41.1 - fix(SniHandler)
Improve TLS SNI session resumption handling: connections containing a session ticket are now only rejected when no SNI is present and allowSessionTicket is disabled. Updated return values and logging for clearer resumption detection.

- Changed SniHandler.hasSessionResumption to return an object with 'isResumption' and 'hasSNI' flags.
- Adjusted PortProxy logic to only terminate connections when a session ticket is detected without an accompanying SNI (when allowSessionTicket is false).
- Enhanced debug logging to clearly differentiate between session resumption scenarios with and without SNI.

## 2025-03-11 - 3.41.0 - feat(PortProxy/TLS)
Add allowSessionTicket option to control TLS session ticket handling

- Introduce 'allowSessionTicket' flag (default true) in PortProxy settings to enable or disable TLS session resumption via session tickets.
- Update SniHandler with a new hasSessionResumption method to detect session ticket and PSK extensions in ClientHello messages.
- Force connection cleanup during renegotiation and initial handshake when allowSessionTicket is set to false and a session ticket is detected.

## 2025-03-11 - 3.40.0 - feat(SniHandler)
Add session cache support and tab reactivation detection to improve SNI extraction in TLS handshakes

- Introduce a session cache mechanism to store and retrieve cached SNI values based on client IP (and optionally client random) to better handle tab reactivation scenarios.
- Implement functions to initialize, update, and clean up the session cache for TLS ClientHello messages.
- Enhance SNI extraction logic to check for tab reactivation handshakes and to return cached SNI for resumed connections or 0-RTT scenarios.
- Update PSK extension handling to safely skip over obfuscated ticket age bytes.

## 2025-03-11 - 3.39.0 - feat(PortProxy)
Add domain-specific NetworkProxy integration support to PortProxy

- Introduced new properties 'useNetworkProxy' and 'networkProxyPort' in domain configurations.
- Updated forwardToNetworkProxy to accept an optional custom proxy port parameter.
- Enhanced TLS handshake processing to extract SNI and, if a matching domain config specifies NetworkProxy usage, forward the connection using the domain-specific port.
- Refined connection routing logic to check for domain-specific NetworkProxy settings before falling back to default behavior.

## 2025-03-11 - 3.38.2 - fix(core)
No code changes detected; bumping patch version for consistency.


## 2025-03-11 - 3.38.1 - fix(PortProxy)
Improve SNI extraction handling in PortProxy by passing explicit connection info to extractSNIWithResumptionSupport for better TLS renegotiation and debug logging.

- In the renegotiation handler, create and pass a connection info object (sourceIp, sourcePort, destIp, destPort) instead of a boolean flag.
- Update the TLS handshake processing to construct a connection info object for detailed SNI extraction and logging.
- Enhance consistency by using processTlsPacket with cached SNI hints during fallback.

## 2025-03-11 - 3.38.0 - feat(SniHandler)
Enhance SNI extraction to support fragmented ClientHello messages, TLS 1.3 early data, and improved PSK parsing

- Added isTlsApplicationData method for detecting TLS application data packets
- Implemented handleFragmentedClientHello to buffer and reassemble fragmented ClientHello messages
- Extended extractSNIWithResumptionSupport to accept connection information and use reassembled data
- Added detection for TLS 1.3 early data (0-RTT) in the ClientHello, supporting session resumption scenarios
- Improved logging and heuristics for handling potential connection racing in modern browsers

## 2025-03-11 - 3.37.3 - fix(snihandler)
Enhance SNI extraction to support TLS 1.3 PSK-based session resumption by adding a dedicated extractSNIFromPSKExtension method and improved logging for session resumption indicators.

- Defined TLS_PSK_EXTENSION_TYPE and TLS_PSK_KE_MODES_EXTENSION_TYPE constants.
- Added extractSNIFromPSKExtension method to handle ClientHello messages containing PSK identities.
- Improved logging to indicate when session resumption indicators (ticket or PSK) are present but no standard SNI is found.
- Enhanced extractSNIWithResumptionSupport to attempt PSK extraction if standard SNI extraction fails.

## 2025-03-11 - 3.37.2 - fix(PortProxy)
Improve buffering and data handling during connection setup in PortProxy to prevent data loss

- Added a safeDataHandler and processDataQueue to buffer incoming data reliably during the TLS handshake phase
- Introduced a queue with pause/resume logic to avoid exceeding maxPendingDataSize and ensure all pending data is flushed before piping begins
- Refactored the piping setup to install the renegotiation handler only after proper data flushing

## 2025-03-11 - 3.37.1 - fix(PortProxy/SNI)
Refactor SNI extraction in PortProxy to use the dedicated SniHandler class

- Removed local SNI extraction and handshake detection functions from classes.portproxy.ts
- Introduced a standalone SniHandler class in ts/classes.snihandler.ts for robust SNI extraction and improved logging
- Replaced inlined calls to isTlsHandshake and extractSNI with calls to SniHandler methods
- Ensured consistency in handling TLS ClientHello messages across the codebase

## 2025-03-11 - 3.37.0 - feat(portproxy)
Add ACME certificate management options to PortProxy, update ACME settings handling, and bump dependency versions

- Bumped version in package.json from 3.34.0 to 3.36.0 and updated commitinfo accordingly
- Updated dependencies: @push.rocks/tapbundle to ^5.5.10, @types/node to ^22.13.10, and @tsclass/tsclass to ^5.0.0
- Added ACME certificate management configuration to PortProxy settings (acme options, updateAcmeSettings, requestCertificate)
- Enhanced sync of domain configs to NetworkProxy with fallback for missing default certificates

## 2025-03-11 - 3.34.0 - feat(core)
Improve wildcard domain matching and enhance NetworkProxy integration in PortProxy. Added support for TLD wildcards and complex wildcard patterns in the router, and refactored TLS renegotiation handling for stricter SNI enforcement.

- Added support for TLD wildcard matching (e.g., 'example.*') to improve domain routing.
- Implemented complex wildcard pattern matching (e.g., '*.lossless*') in the router.
- Enhanced NetworkProxy integration by initializing a single NetworkProxy instance and forwarding TLS connections accordingly.
- Refactored TLS renegotiation handling to terminate connections on SNI mismatch for stricter enforcement.
- Updated tests to cover the new wildcard matching scenarios.

## 2025-03-11 - 3.33.0 - feat(portproxy)
Add browser-friendly mode and SNI renegotiation configuration options to PortProxy

- Introduce new properties: browserFriendlyMode (default true) to optimize handling for browser connections.
- Add allowRenegotiationWithDifferentSNI (default false) to enable or disable SNI changes during renegotiation.
- Include relatedDomainPatterns to define patterns for related domains that can share connections.
- Update TypeScript interfaces and internal renegotiation logic to support these options.

## 2025-03-11 - 3.32.2 - fix(PortProxy)
Simplify TLS handshake SNI extraction and update timeout settings in PortProxy for improved maintainability and reliability.

- Removed legacy and deprecated fields related to chained proxy configurations (isChainedProxy, chainPosition, aggressiveTlsRefresh).
- Refactored the extractSNI functions to use a simpler, more robust approach for TLS ClientHello processing.
- Adjusted default timeout and keep-alive settings to more standard values (e.g. initialDataTimeout set to 60s, socketTimeout to 1h).
- Eliminated redundant TLS session cache and deep TLS refresh logic.
- Improved logging and error handling during connection setup and renegotiation phases.

## 2025-03-11 - 3.32.1 - fix(portproxy)
Relax TLS handshake and connection timeout settings for improved stability in chained proxy scenarios; update TLS session cache defaults and add keep-alive flags to connection records.

- Increased TLS session cache maximum entries from 10,000 to 20,000, expiry time from 24 hours to 7 days, and cleanup interval from 10 minutes to 30 minutes
- Relaxed socket timeouts: standalone connections now use up to 6 hours, with chained proxies adjusted for 5–6 hours based on proxy position
- Updated inactivity, connection, and initial handshake timeouts to provide a more relaxed behavior under high-traffic chained proxy scenarios
- Increased keepAliveInitialDelay from 10 seconds to 30 seconds and introduced separate incoming and outgoing keep-alive flags
- Enhanced TLS renegotiation handling with more detailed logging and temporary processing flags to avoid duplicate processing
- Updated NetworkProxy integration to use optimized connection settings and more aggressive application-level keep-alive probes

## 2025-03-11 - 3.32.0 - feat(PortProxy)
Enhance TLS session cache, SNI extraction, and chained proxy support in PortProxy. Improve handling of multiple and fragmented TLS records, and add new configuration options (isChainedProxy, chainPosition, aggressiveTlsRefresh, tlsSessionCache) for robust TLS certificate refresh.

- Implement TlsSessionCache with configurable cleanup, eviction, and statistics.
- Improve extractSNIInfo to process multiple TLS records and partial handshake data.
- Add new settings to detect chained proxy scenarios and adjust timeouts accordingly.
- Enhance TLS state refresh with aggressive probing and deep refresh sequence.

## 2025-03-11 - 3.31.2 - fix(PortProxy)
Improve SNI renegotiation handling by adding flexible domain configuration matching on rehandshake and session resumption events.

- When a rehandshake is detected with a changed SNI, first check existing domain config rules and log if allowed.
- If the exact domain config is not found, additionally attempt flexible matching using parent domain and wildcard patterns.
- For resumed sessions, try an exact match first and then use fallback logic to select a similar domain config based on matching target IP.
- Enhanced logging added to help diagnose missing or mismatched domain configurations.

## 2025-03-11 - 3.31.1 - fix(PortProxy)
Improve TLS handshake buffering and enhance debug logging for SNI forwarding in PortProxy

- Explicitly copy the initial TLS handshake data to prevent mutation before buffering
- Log buffered TLS handshake data with SNI information for better diagnostics
- Add detailed error logs on TLS connection failures, including server and domain config status
- Output additional debug messages during ClientHello forwarding to verify proper TLS handshake processing

## 2025-03-11 - 3.31.0 - feat(PortProxy)
Improve TLS handshake SNI extraction and add session resumption tracking in PortProxy

- Added ITlsSessionInfo interface and a global tlsSessionCache to track TLS session IDs for session resumption
- Implemented a cleanup timer for the TLS session cache with startSessionCleanupTimer and stopSessionCleanupTimer
- Enhanced extractSNIInfo to return detailed SNI information including session IDs, ticket details, and resumption status
- Updated renegotiation handlers to use extractSNIInfo for proper SNI extraction during TLS rehandshake

## 2025-03-11 - 3.30.8 - fix(core)
No changes in this commit.


## 2025-03-11 - 3.30.7 - fix(PortProxy)
Improve TLS renegotiation SNI handling by first checking if the new SNI is allowed under the existing domain config. If not, attempt to find an alternative domain config and update the locked domain accordingly; otherwise, terminate the connection on SNI mismatch.

- Added a preliminary check against the original domain config to allow re-handshakes if the new SNI matches allowed patterns.
- If the original config does not allow, search for an alternative domain config and validate IP rules.
- Update the locked domain when allowed, ensuring connection reuse with valid certificate context.
- Terminate the connection if no suitable domain config is found or IP restrictions are violated.

## 2025-03-11 - 3.30.6 - fix(PortProxy)
Improve TLS renegotiation handling in PortProxy by validating the new SNI against allowed domain configurations. If the new SNI is permitted based on existing IP rules, update the locked domain to allow connection reuse; otherwise, terminate the connection to prevent misrouting.

- Added logic to check if a new SNI during renegotiation is allowed by comparing IP rules from the matching domain configuration.
- Updated detailed logging to indicate when a valid SNI change is accepted and when it results in a mismatch termination.

## 2025-03-10 - 3.30.5 - fix(internal)
No uncommitted changes detected; project files and tests remain unchanged.


## 2025-03-10 - 3.30.4 - fix(PortProxy)
Fix TLS renegotiation handling and adjust TLS keep-alive timeouts in PortProxy implementation

- Allow TLS renegotiation data without an explicit SNI extraction to pass through, ensuring valid renegotiations are not dropped (critical for Chrome).
- Update TLS keep-alive timeout from an aggressive 30 minutes to a more generous 4 hours to reduce unnecessary reconnections.
- Increase inactivity thresholds for TLS connections from 20 minutes to 2 hours with an additional verification interval extended from 5 to 15 minutes.
- Adjust long-lived TLS connection timeout from 45 minutes to 8 hours for improved certificate context refresh in chained proxy scenarios.

## 2025-03-10 - 3.30.3 - fix(classes.portproxy.ts)
Simplify timeout management in PortProxy and fix chained proxy certificate refresh issues

- Reduced TLS keep-alive timeout from 8 hours to 30 minutes to ensure frequent certificate refresh
- Added aggressive TLS state refresh after 20 minutes of inactivity and secondary verification checks
- Lowered long-lived TLS connection lifetime from 12 hours to 45 minutes to prevent stale certificates
- Removed configurable timeout settings from the public API in favor of hardcoded sensible defaults
- Simplified internal timeout management to reduce code complexity and improve certificate handling in chained proxies

## 2025-03-10 - 3.31.0 - fix(classes.portproxy.ts)
Simplified timeout management and fixed certificate issues in chained proxy scenarios

- Dramatically reduced TLS keep-alive timeout from 8 hours to 30 minutes to ensure fresh certificates
- Added aggressive certificate refresh after 20 minutes of inactivity (down from 4 hours)
- Added secondary verification checks for TLS refresh operations
- Reduced long-lived TLS connection lifetime from 12 hours to 45 minutes
- Removed configurable timeouts completely from the public API in favor of hardcoded sensible defaults
- Simplified interface by removing no-longer-configurable settings while maintaining internal compatibility
- Reduced overall code complexity by eliminating complex timeout management
- Fixed chained proxy certificate issues by ensuring more frequent certificate refreshes in all deployment scenarios

## 2025-03-10 - 3.30.2 - fix(classes.portproxy.ts)
Adjust TLS keep-alive timeout to refresh certificate context.

- Modified TLS keep-alive timeout for connections to 8 hours to refresh certificate context.
- Updated timeout log messages for clarity on TLS certificate refresh.

## 2025-03-10 - 3.30.1 - fix(PortProxy)
Improve TLS keep-alive management and fix whitespace formatting

- Implemented better handling for TLS keep-alive connections after sleep or long inactivity.
- Reformatted whitespace for better readability and consistency.

## 2025-03-08 - 3.30.0 - feat(PortProxy)
Add advanced TLS keep-alive handling and system sleep detection

- Implemented system sleep detection to maintain keep-alive connections.
- Enhanced TLS keep-alive connections with extended timeout and sleep detection mechanisms.
- Introduced automatic TLS state refresh after system wake-up to prevent connection drops.

## 2025-03-07 - 3.29.3 - fix(core)
Fix functional errors in the proxy setup and enhance pnpm configuration

- Corrected pnpm configuration to include specific dependencies as 'onlyBuiltDependencies'.

## 2025-03-07 - 3.29.2 - fix(PortProxy)
Fix test for PortProxy handling of custom IPs in Docker/CI environments.

- Ensure compatibility with Docker/CI environments by standardizing on 127.0.0.1 for test server setup.
- Simplify test configuration by using a unique port rather than different IPs.

## 2025-03-07 - 3.29.1 - fix(readme)
Update readme for IPTablesProxy options

- Add comprehensive examples for IPTablesProxy usage.
- Expand IPTablesProxy settings with IPv6, logging, and advanced features.
- Clarify option defaults and descriptions for IPTablesProxy.
- Enhance 'Troubleshooting' section with IPTables tips.

## 2025-03-07 - 3.29.0 - feat(IPTablesProxy)
Enhanced IPTablesProxy with multi-port and IPv6 support

- Added support for specifying multiple ports and port ranges, allowing for more complex network proxy configurations.
- Introduced IPv6 support to allow handling of IPv6 addressed networks.
- Implemented more detailed logging and error handling features to improve debugging capabilities.
- Enhanced integration options with NetworkProxy, allowing for a more seamless routing and termination process.
- Restructured the initialization and validation process to ensure robust handling of configuration settings.

## 2025-03-07 - 3.28.6 - fix(PortProxy)
Adjust default timeout settings and enhance keep-alive connection handling in PortProxy.

- Updated default value for maxConnectionLifetime to 24 hours and inactivityTimeout to 4 hours.
- Introduced enhanced settings for treating keep-alive connections as 'extended' or 'immortal'.
- Modified logic to avoid closing keep-alive connections unnecessarily by adding inactivity warnings and grace periods.

## 2025-03-07 - 3.28.5 - fix(core)
Ensure proper resource cleanup during server shutdown.

- Fixed potential hanging of server shutdown due to improper cleanup in promise handling.
- Corrected potential memory leaks by ensuring all pending and active connections are properly closed during shutdown.

## 2025-03-07 - 3.28.4 - fix(router)
Improve path pattern matching and hostname prioritization in router

- Enhance path pattern matching capabilities
- Ensure hostname prioritization in routing logic

## 2025-03-06 - 3.28.3 - fix(PortProxy)
Ensure timeout values are within Node.js safe limits

- Implemented `ensureSafeTimeout` to keep timeout values under the maximum safe integer for Node.js.
- Updated timeout configurations in `PortProxy` to include safety checks.

## 2025-03-06 - 3.28.2 - fix(portproxy)
Adjust safe timeout defaults in PortProxy to prevent overflow issues.

- Adjusted socketTimeout to maximum safe limit (~24.8 days) for PortProxy.
- Adjusted maxConnectionLifetime to maximum safe limit (~24.8 days) for PortProxy.
- Ensured enhanced default timeout settings in PortProxy.

## 2025-03-06 - 3.28.1 - fix(PortProxy)
Improved code formatting and readability in PortProxy class by adjusting spacing and comments.

- Adjusted comment and spacing for better code readability.
- No functional changes made in the PortProxy class.

## 2025-03-06 - 3.28.0 - feat(router)
Add detailed routing tests and refactor ProxyRouter for improved path matching

- Implemented a comprehensive test suite for the ProxyRouter class to ensure accurate routing based on hostnames and path patterns.
- Refactored the ProxyRouter to enhance path matching logic with improvements in wildcard and parameter handling.
- Improved logging capabilities within the ProxyRouter for enhanced debugging and info level insights.
- Optimized the data structures for storing and accessing proxy configurations to reduce overhead in routing operations.

## 2025-03-06 - 3.27.0 - feat(AcmeCertManager)
Introduce AcmeCertManager for enhanced ACME certificate management

- Refactored the existing Port80Handler to AcmeCertManager.
- Added event-driven certificate management with CertManagerEvents.
- Introduced options for configuration such as renew thresholds and production mode.
- Implemented certificate renewal checks and logging improvements.

## 2025-03-05 - 3.26.0 - feat(readme)
Updated README with enhanced TLS handling, connection management, and troubleshooting sections.

- Added details on enhanced TLS handling and browser compatibility improvements.
- Included advanced connection management features like random timeout prevention.
- Provided comprehensive troubleshooting tips for browser certificate errors and connection stability.
- Clarified default configuration options and optimization settings for PortProxy.

## 2025-03-05 - 3.25.4 - fix(portproxy)
Improve connection timeouts and detailed logging for PortProxy

- Refactored timeout management for connections to include enhanced defaults and prevent thundering herd.
- Improved support for TLS handshake detection with logging capabilities in PortProxy.
- Removed protocol-specific handling which is now managed generically.
- Introduced enhanced logging for SNI extraction and connection management.

## 2025-03-05 - 3.25.3 - fix(core)
Update dependencies and configuration improvements.

- Upgrade TypeScript version to 5.8.2 for better compatibility.
- Ensure all proxy and server tests pass with updated configurations.
- Improve logging for better traceability in proxy operations.
- Add handlers for WebSockets and HTTPS improvements.
- Fix various issues related to proxy timeout and connection handling.
- Update test certificates validation for better test coverage.

## 2025-03-05 - 3.25.2 - fix(PortProxy)
Adjust timeout settings and handle inactivity properly in PortProxy.

- Changed initialDataTimeout default to 30 seconds for better handling of initial data reception.
- Adjusted keepAliveInitialDelay to 30 seconds for consistent socket optimization.
- Introduced proper inactivity handling with updated timeout logic.
- Parity check now accounts for a 120-second threshold for outgoing socket closure.

## 2025-03-05 - 3.25.1 - fix(PortProxy)
Adjust inactivity threshold to a random value between 20 and 30 minutes for better variability

- Modified inactivity threshold calculation within PortProxy to use a random value between 1.2 and 1.8 million milliseconds.

## 2025-03-05 - 3.25.0 - feat(PortProxy)
Enhanced PortProxy with detailed logging, protocol detection, and rate limiting.

- Added detailed logging capabilities for connection tracking in the PortProxy.
- Introduced protocol detection allowing HTTP and WebSocket upgrades.
- Implemented rate limiting for connections by IP.
- Enhanced timeout handling for various protocol-specific scenarios.

## 2025-03-05 - 3.24.0 - feat(core)
Enhance core functionalities and test coverage for NetworkProxy and PortProxy

- Added maximum connections, timeout settings, log levels, and CORS support in NetworkProxy.
- Improved WebSocket handling with heartbeat and metrics tracking.
- Enhanced connection management in PortProxy with optimizations for socket settings.
- SNI and IP validation improvements.
- Updates to test cases for comprehensive coverage.

## 2025-03-05 - 3.23.1 - fix(PortProxy)
Enhanced connection setup to handle pending data buffering before establishing outgoing connection

- Introduced pending data buffering to address issues with data reception before outgoing connection is fully established.
- Removed immediate data piping in favor of buffering to ensure complete initial data transfer.
- Added temporary data handler to collect incoming data during connection setup for precise activity tracking.

## 2025-03-03 - 3.23.0 - feat(documentation)
Updated documentation with architecture flow diagrams.

- Added detailed architecture and flow diagrams for SmartProxy components.
- Included HTTPS Reverse Proxy Flow diagram.
- Integrated Port Proxy with SNI-based Routing diagram.
- Added Let's Encrypt Certificate Acquisition flow.

## 2025-03-03 - 3.22.5 - fix(documentation)
Refactored readme for clarity and consistency, fixed documentation typos

- Updated readme to improve clarity and remove redundant information.
- Fixed minor documentation issues in the code comments.
- Reorganized readme structure for better readability.
- Improved sample code snippets for easier understanding.

## 2025-03-03 - 3.22.4 - fix(core)
Addressed minor issues in the core modules to improve stability and performance.


## 2025-03-03 - 3.22.3 - fix(core)
Improve connection management and error handling in PortProxy

- Refactored connection cleanup to handle errors more gracefully.
- Introduced comprehensive comments for better code understanding.
- Revised SNI data timeout logic for connection handling.
- Enhanced logging and error reporting during connection management.
- Improved inactivity checks and parity checks for existing connections.

## 2025-03-03 - 3.22.2 - fix(portproxy)
Refactored connection cleanup logic in PortProxy

- Simplified the connection cleanup logic by removing redundant methods.
- Consolidated the cleanup initiation and execution into a single cleanup method.
- Improved error handling by ensuring connections are closed appropriately.

## 2025-03-03 - 3.22.1 - fix(PortProxy)
Fix connection timeout and IP validation handling for PortProxy

- Adjusted initial data timeout setting for SNI-enabled connections in PortProxy.
- Restored IP validation logic to original behavior, ensuring compatibility with domain configurations.

## 2025-03-03 - 3.22.0 - feat(classes.portproxy)
Enhanced PortProxy to support initial data timeout and improved IP handling

- Added `initialDataTimeout` to PortProxy settings for handling data flow in chained proxies.
- Improved IP validation by allowing relaxed checks in chained proxy setups.
- Introduced dynamic logging for connection lifecycle and proxy configurations.
- Enhanced timeout handling for better proxy resilience.

## 2025-03-03 - 3.21.0 - feat(PortProxy)
Enhancements to connection management in PortProxy

- Introduced a unique ID for each connection record for improved tracking.
- Enhanced cleanup mechanism for connections with dual states: initiated and executed.
- Implemented shutdown process handling to ensure graceful connection closure.
- Added logging for better tracing of connection activities and states.
- Improved connection setup with explicit timeouts and data flow management.
- Integrated inactivity and parity checks to monitor connection health.

## 2025-03-01 - 3.20.2 - fix(PortProxy)
Enhance connection cleanup handling in PortProxy

- Add checks to ensure timers are reset only if outgoing socket is active
- Prevent setting outgoingActive if the connection is already closed

## 2025-03-01 - 3.20.1 - fix(PortProxy)
Improve IP allowance check for forced domains

- Enhanced IP allowance check logic by incorporating blocked IPs and default allowed IPs for forced domains within port proxy configurations.

## 2025-03-01 - 3.20.0 - feat(PortProxy)
Enhance PortProxy with advanced connection cleanup and logging

- Introduced `cleanupConnection` method for improved connection management.
- Added logging for connection cleanup including special conditions.
- Implemented parity check to clean up connections when outgoing side closes but incoming remains active.
- Improved logging during interval checks for active connections and their durations.

## 2025-03-01 - 3.19.0 - feat(PortProxy)
Enhance PortProxy with default blocked IPs

- Introduced defaultBlockedIPs in IPortProxySettings to handle globally blocked IPs.
- Added logic for merging domain-specific and default allowed and blocked IPs for effective IP filtering.
- Refactored helper functions for IP and port range checks to improve modularity in PortProxy.

## 2025-02-27 - 3.18.2 - fix(portproxy)
Fixed typographical errors in comments within PortProxy class.

- Corrected typographical errors in comments within the PortProxy class.

## 2025-02-27 - 3.18.1 - fix(PortProxy)
Refactor and enhance PortProxy test cases and handling

- Refactored test cases in test/test.portproxy.ts for clarity and added coverage.
- Improved TCP server helper functions for better flexibility.
- Fixed issues with domain handling in PortProxy configuration.
- Introduced round-robin logic for multi-IP domains in PortProxy.
- Ensured proper cleanup and stopping of test servers in the test suite.

## 2025-02-27 - 3.18.0 - feat(PortProxy)
Add SNI-based renegotiation handling in PortProxy

- Introduced a new field 'lockedDomain' in IConnectionRecord to store initial SNI.
- Enhanced connection management by enforcing termination if rehandshake is detected with different SNI.

## 2025-02-27 - 3.17.1 - fix(PortProxy)
Fix handling of SNI re-negotiation in PortProxy

- Removed connection locking to the initially negotiated SNI
- Improved handling of SNI during renegotiation in PortProxy

## 2025-02-27 - 3.17.0 - feat(smartproxy)
Enhance description clarity and improve SNI handling with domain locking.

- Improved package description in package.json, readme.md, and npmextra.json for better clarity and keyword optimization.
- Enhanced SNI handling in PortProxy by adding domain locking and extra checks to terminate connections if a different SNI is detected post-handshake.
- Refactored readme.md to better explain the usage and functionalities of the proxy features including SSL redirection, WebSocket handling, and dynamic routing.

## 2025-02-27 - 3.16.9 - fix(portproxy)
Extend domain input validation to support string arrays in port proxy configurations.

- Modify IDomainConfig interface to allow domain specification as string array.
- Update connection setup logic to handle multiple domain patterns.
- Enhance domain rejection logging to include all domain patterns.

## 2025-02-27 - 3.16.8 - fix(PortProxy)
Fix IP filtering for domain and global default allowed lists and improve port-based routing logic.

- Improved logic to prioritize domain-specific allowed IPs over global defaults.
- Fixed port-based rules application to handle global port ranges more effectively.
- Enhanced rejection handling for unauthorized IP addresses in both domain-specific and default global lists.

## 2025-02-27 - 3.16.7 - fix(PortProxy)
Improved IP validation logic in PortProxy to ensure correct domain matching and fallback

- Refactored the setupConnection function inside PortProxy to enhance IP address validation.
- Domain-specific allowed IP preference is applied before default list lookup.
- Removed redundant condition checks to streamline connection rejection paths.

## 2025-02-27 - 3.16.6 - fix(PortProxy)
Optimize connection cleanup logic in PortProxy by removing unnecessary delays.

- Removed multiple await plugins.smartdelay.delayFor(0) calls.
- Improved performance by ensuring timely resource release during connection termination.

## 2025-02-27 - 3.16.5 - fix(PortProxy)
Improved connection cleanup process with added asynchronous delays

- Connection cleanup now includes asynchronous delays for reliable order of operations.

## 2025-02-27 - 3.16.4 - fix(PortProxy)
Fix and enhance port proxy handling

- Ensure that all created proxy servers are correctly checked for listening state.
- Corrected the handling of ports and domain configurations within port proxy setups.
- Expanded test coverage for handling multiple concurrent and chained proxy connections.

## 2025-02-27 - 3.16.3 - fix(PortProxy)
Refactored PortProxy to support multiple listening ports and improved modularity.

- Updated PortProxy to allow multiple listening ports with flexible configuration.
- Moved helper functions for IP and port range checks outside the class for cleaner code structure.

## 2025-02-27 - 3.16.2 - fix(PortProxy)
Fix port-based routing logic in PortProxy

- Optimized the handling and checking of local ports in the global port range.
- Fixed the logic for rejecting or accepting connections based on predefined port ranges.
- Improved handling of the default and specific domain configurations during port-based connections.

## 2025-02-27 - 3.16.1 - fix(core)
Updated minor version numbers in dependencies for patch release.

- No specific file changes detected.
- Dependencies versioning adjusted for stability.

## 2025-02-27 - 3.16.0 - feat(PortProxy)
Enhancements made to PortProxy settings and capabilities

- Added 'forwardAllGlobalRanges' and 'targetIP' to IPortProxySettings.
- Improved PortProxy to forward connections based on domain-specific configurations.
- Added comprehensive handling for global port-range based connection forwarding.
- Enabled forwarding of all connections on global port ranges directly to global target IP.

## 2025-02-27 - 3.15.0 - feat(classes.portproxy)
Add support for port range-based routing with enhanced IP and port validation.

- Introduced globalPortRanges in IPortProxySettings for routing based on port ranges.
- Improved connection handling with port range and domain configuration validations.
- Updated connection logging to include the local port information.

## 2025-02-26 - 3.14.2 - fix(PortProxy)
Fix cleanup timer reset for PortProxy

- Resolved an issue where the cleanup timer in the PortProxy class did not reset correctly if both incoming and outgoing data events were triggered without clearing flags.

## 2025-02-26 - 3.14.1 - fix(PortProxy)
Increased default maxConnectionLifetime for PortProxy to 600000 ms

- Updated PortProxy settings to extend default maxConnectionLifetime to 10 minutes.

## 2025-02-26 - 3.14.0 - feat(PortProxy)
Introduce max connection lifetime feature

- Added an optional maxConnectionLifetime setting for PortProxy.
- Forces cleanup of long-lived connections based on inactivity or lifetime limit.

## 2025-02-25 - 3.13.0 - feat(core)
Add support for tagging iptables rules with comments and cleaning them up on process exit

- Extended IPTablesProxy class to include tagging rules with unique comments.
- Added feature to clean up iptables rules via comments during process exit.

## 2025-02-24 - 3.12.0 - feat(IPTablesProxy)
Introduce IPTablesProxy class for managing iptables NAT rules

- Added IPTablesProxy class to facilitate basic port forwarding using iptables.
- Introduced IIpTableProxySettings interface for configuring IPTablesProxy.
- Implemented start and stop methods for managing iptables rules dynamically.

## 2025-02-24 - 3.11.0 - feat(Port80Handler)
Add automatic certificate issuance with ACME client

- Implemented automatic certificate issuance using 'acme-client' for Port80Handler.
- Converts account key and CSR from Buffers to strings for processing.
- Implemented HTTP-01 challenge handling for certificate acquisition.
- New certificates are fetched and added dynamically.

## 2025-02-24 - 3.10.5 - fix(portproxy)
Fix incorrect import path in test file

- Change import path from '../ts/smartproxy.portproxy.js' to '../ts/classes.portproxy.js' in test/test.portproxy.ts

## 2025-02-23 - 3.10.4 - fix(PortProxy)
Refactor connection tracking to utilize unified records in PortProxy

- Implemented a unified record system for tracking incoming and outgoing connections.
- Replaced individual connection tracking sets with a Set of IConnectionRecord.
- Improved logging of connection activities and statistics.

## 2025-02-23 - 3.10.3 - fix(PortProxy)
Refactor and optimize PortProxy for improved readability and maintainability

- Simplified and clarified inline comments.
- Optimized the extractSNI function for better readability.
- Streamlined the cleanup process for connections in PortProxy.
- Improved handling and logging of incoming and outgoing connections.

## 2025-02-23 - 3.10.2 - fix(PortProxy)
Fix connection handling to include timeouts for SNI-enabled connections.

- Added initial data timeout for SNI-enabled connections to improve connection handling.
- Cleared timeout once data is received to prevent premature socket closure.

## 2025-02-22 - 3.10.1 - fix(PortProxy)
Improve socket cleanup logic to prevent potential resource leaks

- Updated socket cleanup in PortProxy to ensure sockets are forcefully destroyed if not already destroyed.

## 2025-02-22 - 3.10.0 - feat(smartproxy.portproxy)
Enhance PortProxy with detailed connection statistics and termination tracking

- Added tracking of termination statistics for incoming and outgoing connections
- Enhanced logging to include detailed termination statistics
- Introduced helpers to update and log termination stats
- Retained detailed connection duration and active connection logging

## 2025-02-22 - 3.9.4 - fix(PortProxy)
Ensure proper cleanup on connection rejection in PortProxy

- Added cleanup calls after socket end in connection rejection scenarios within PortProxy

## 2025-02-21 - 3.9.3 - fix(PortProxy)
Fix handling of optional outgoing socket in PortProxy

- Refactored the cleanUpSockets function to correctly handle cases where the outgoing socket may be undefined.
- Ensured correct handling of socket events with non-null assertions where applicable.
- Improved robustness in connection establishment and cleanup processes.

## 2025-02-21 - 3.9.2 - fix(PortProxy)
Improve timeout handling for port proxy connections

- Added console logging for both incoming and outgoing side timeouts in the PortProxy class.
- Updated the timeout event handlers to ensure proper cleanup of connections.

## 2025-02-21 - 3.9.1 - fix(dependencies)
Ensure correct ordering of dependencies and improve logging format.

- Reorder dependencies in package.json for better readability.
- Use pretty-ms for displaying time durations in logs.

## 2025-02-21 - 3.9.0 - feat(smartproxy.portproxy)
Add logging of connection durations to PortProxy

- Track start times for incoming and outgoing connections.
- Log duration of longest running incoming and outgoing connections every 10 seconds.

## 2025-02-21 - 3.8.1 - fix(plugins)
Simplified plugin import structure across codebase

- Consolidated plugin imports under a single 'plugins.ts' file.
- Replaced individual plugin imports in smartproxy files with the consolidated plugin imports.
- Fixed error handling for early socket errors in PortProxy setup.

## 2025-02-21 - 3.8.0 - feat(PortProxy)
Add active connection tracking and logging in PortProxy

- Implemented a feature to track active incoming connections in PortProxy.
- Active connections are now logged every 10 seconds for monitoring purposes.
- Refactored connection handling to ensure proper cleanup and logging.

## 2025-02-21 - 3.7.3 - fix(portproxy)
Fix handling of connections in PortProxy to improve stability and performance.

- Improved IP normalization and matching
- Better SNI extraction and handling for TLS
- Streamlined connection handling with robust error management

## 2025-02-21 - 3.7.2 - fix(PortProxy)
Improve SNICallback and connection handling in PortProxy

- Fixed SNICallback to create minimal TLS context for SNI.
- Changed connection setup to use net.connect for raw passthrough.

## 2025-02-21 - 3.7.1 - fix(smartproxy.portproxy)
Optimize SNI handling by simplifying context creation

- Removed unnecessary SecureContext creation for SNI requests in PortProxy
- Improved handling of SNI passthrough by acknowledging requests without context creation

## 2025-02-21 - 3.7.0 - feat(PortProxy)
Add optional source IP preservation support in PortProxy

- Added a feature to optionally preserve the client's source IP when proxying connections.
- Enhanced test cases to include scenarios for source IP preservation.

## 2025-02-21 - 3.6.0 - feat(PortProxy)
Add feature to preserve original client IP through chained proxies

- Added support to bind local address in PortProxy to preserve original client IP.
- Implemented test for chained proxies to ensure client IP is preserved.

## 2025-02-21 - 3.5.0 - feat(PortProxy)
Enhance PortProxy to support domain-specific target IPs

- Introduced support for domain-specific target IP configurations in PortProxy.
- Updated connection handling to prioritize domain-specific target IPs if provided.
- Added tests to verify forwarding based on domain-specific target IPs.

## 2025-02-21 - 3.4.4 - fix(PortProxy)
Fixed handling of SNI domain connections and IP allowance checks

- Improved logic for handling SNI domain checks, ensuring IPs are correctly verified.
- Fixed issue where default allowed IPs were not being checked correctly for non-SNI connections.
- Revised the SNICallback behavior to handle connections more gracefully when domain configurations are unavailable.

## 2025-02-21 - 3.4.3 - fix(PortProxy)
Fixed indentation issue and ensured proper cleanup of sockets in PortProxy

- Fixed inconsistent indentation in IP allowance check.
- Ensured proper cleanup of sockets on connection end in PortProxy.

## 2025-02-21 - 3.4.2 - fix(smartproxy)
Enhance SSL/TLS handling with SNI and error logging

- Improved handling for SNI-enabled and non-SNI connections
- Added detailed logging for connection establishment and rejections
- Introduced error logging for TLS client errors and server errors

## 2025-02-21 - 3.4.1 - fix(PortProxy)
Normalize IP addresses for port proxy to handle IPv4-mapped IPv6 addresses.

- Improved IP normalization logic in PortProxy to support IPv4-mapped IPv6 addresses.
- Updated isAllowed function to expand patterns for better matching accuracy.

## 2025-02-21 - 3.4.0 - feat(PortProxy)
Enhanced PortProxy with custom target host and improved testing

- PortProxy constructor now accepts 'fromPort', 'toPort', and optional 'toHost' directly from settings
- Refactored test cases to cover forwarding to the custom host
- Added support to handle multiple concurrent connections
- Refactored internal connection handling logic to utilize default configurations

## 2025-02-21 - 3.3.1 - fix(PortProxy)
fixed import usage of net and tls libraries for PortProxy

- Corrected the use of plugins for importing 'tls' and 'net' libraries in the PortProxy module.
- Updated the constructor of PortProxy to accept combined tls options with ProxySettings.

## 2025-02-21 - 3.3.0 - feat(PortProxy)
Enhanced PortProxy with domain and IP filtering, SNI support, and minimatch integration

- Added new ProxySettings interface to configure domain patterns, SNI, and default allowed IPs.
- Integrated minimatch to filter allowed IPs and domains.
- Enabled SNI support for PortProxy connections.
- Updated port proxy test to accommodate new settings.

## 2025-02-04 - 3.2.0 - feat(testing)
Added a comprehensive test suite for the PortProxy class

- Set up a test environment for PortProxy using net.Server.
- Test coverage includes starting and stopping the proxy, handling TCP connections, concurrent connections, and timeouts.
- Ensures proper resource cleanup after tests.

## 2025-02-04 - 3.1.4 - fix(core)
No uncommitted changes. Preparing for potential minor improvements or bug fixes.


## 2025-02-04 - 3.1.3 - fix(networkproxy)
Refactor and improve WebSocket handling and request processing

- Improved error handling in WebSocket connection and request processing.
- Refactored the WebSocket handling in NetworkProxy to use a unified error logging mechanism.

## 2025-02-04 - 3.1.2 - fix(core)
Refactor certificate handling across the project

- Moved certificate keys and certs to the assets/certs directory.
- Updated test utilities to load certificates from the central location.
- Cleaned up redundant code and improved error logging regarding certificates.
- Ensured correct handling of host header in ProxyRouter class.

## 2025-02-03 - 3.1.1 - fix(workflow)
Update Gitea workflow paths and dependencies

- Updated registry paths for npmci image and repositories in Gitea workflow files.
- Fixed dependency paths in package.json.
- Completed adding typescript to the list of devDependencies.

## 2024-10-07 - 3.1.0 - feat(NetworkProxy)
Introduce WebSocket heartbeat to maintain active connections in NetworkProxy

- Added heartbeat mechanism to WebSocket connections to ensure they remain active.
- Terminating WebSocket if no pong is received for 5 minutes.
- Set up heartbeat interval to run every 1 minute for connection checks.

## 2024-10-07 - 3.0.61 - fix(networkproxy)
Improve error handling for proxy requests

- Wrapped proxy request logic in a try-catch block to handle errors gracefully.
- Improved error handling for WebSocket communication by checking errors before attempting to send messages.
- Added logging for error cases to aid in debugging.

## 2024-05-29 - 3.0.60 - various updates
Maintenance updates and adjustments.

- Updated project description
- Updated tsconfig settings
- Updated npmextra.json with new githost info

## 2023-07-27 - 3.0.58 to 3.0.59 - core improvements
Improvements and internal restructuring.

- Switch to a new organizational scheme
- Core updates and adjustments

## 2022-07-29 - 2.0.16 to 3.0.0 - major transition
This release marks a major transition with several breaking changes.

- BREAKING CHANGE: switched core to ESM (EcmaScript Module)
- Major core updates