feat(wireguard): add WireGuard transport support with management APIs and config generation

ts/smartvpn.interfaces.ts

@@ -32,10 +32,24 @@ export interface IVpnClientConfig {
   mtu?: number;
   /** Keepalive interval in seconds (default: 30) */
   keepaliveIntervalSecs?: number;
-  /** Transport protocol: 'auto' (default, tries QUIC then WS), 'websocket', or 'quic' */
-  transport?: 'auto' | 'websocket' | 'quic';
+  /** Transport protocol: 'auto' (default, tries QUIC then WS), 'websocket', 'quic', or 'wireguard' */
+  transport?: 'auto' | 'websocket' | 'quic' | 'wireguard';
   /** For QUIC: SHA-256 hash of server certificate (base64) for cert pinning */
   serverCertHash?: string;
+  /** WireGuard: client private key (base64, X25519) */
+  wgPrivateKey?: string;
+  /** WireGuard: client TUN address (e.g. 10.8.0.2) */
+  wgAddress?: string;
+  /** WireGuard: client TUN address prefix length (default: 24) */
+  wgAddressPrefix?: number;
+  /** WireGuard: preshared key (base64, optional) */
+  wgPresharedKey?: string;
+  /** WireGuard: persistent keepalive interval in seconds */
+  wgPersistentKeepalive?: number;
+  /** WireGuard: server endpoint (host:port, e.g. vpn.example.com:51820) */
+  wgEndpoint?: string;
+  /** WireGuard: allowed IPs (CIDR strings, e.g. ['0.0.0.0/0']) */
+  wgAllowedIps?: string[];
 }
 
 export interface IVpnClientOptions {
@@ -72,12 +86,16 @@ export interface IVpnServerConfig {
   defaultRateLimitBytesPerSec?: number;
   /** Default burst size for new clients (bytes). Omit for unlimited. */
   defaultBurstBytes?: number;
-  /** Transport mode: 'both' (default, WS+QUIC), 'websocket', or 'quic' */
-  transportMode?: 'websocket' | 'quic' | 'both';
+  /** Transport mode: 'both' (default, WS+QUIC), 'websocket', 'quic', or 'wireguard' */
+  transportMode?: 'websocket' | 'quic' | 'both' | 'wireguard';
   /** QUIC listen address (host:port). Defaults to listenAddr. */
   quicListenAddr?: string;
   /** QUIC idle timeout in seconds (default: 30) */
   quicIdleTimeoutSecs?: number;
+  /** WireGuard: UDP listen port (default: 51820) */
+  wgListenPort?: number;
+  /** WireGuard: configured peers */
+  wgPeers?: IWgPeerConfig[];
 }
 
 export interface IVpnServerOptions {
@@ -187,6 +205,35 @@ export interface IVpnClientTelemetry {
   burstBytes?: number;
 }
 
+// ============================================================================
+// WireGuard-specific types
+// ============================================================================
+
+export interface IWgPeerConfig {
+  /** Peer's public key (base64, X25519) */
+  publicKey: string;
+  /** Optional preshared key (base64) */
+  presharedKey?: string;
+  /** Allowed IP ranges (CIDR strings) */
+  allowedIps: string[];
+  /** Peer endpoint (host:port) — optional for server peers, required for client */
+  endpoint?: string;
+  /** Persistent keepalive interval in seconds */
+  persistentKeepalive?: number;
+}
+
+export interface IWgPeerInfo {
+  publicKey: string;
+  allowedIps: string[];
+  endpoint?: string;
+  persistentKeepalive?: number;
+  bytesSent: number;
+  bytesReceived: number;
+  packetsSent: number;
+  packetsReceived: number;
+  lastHandshakeTime?: string;
+}
+
 // ============================================================================
 // IPC Command maps (used by smartrust RustBridge<TCommands>)
 // ============================================================================
@@ -211,6 +258,10 @@ export type TVpnServerCommands = {
   setClientRateLimit: { params: { clientId: string; rateBytesPerSec: number; burstBytes: number }; result: void };
   removeClientRateLimit: { params: { clientId: string }; result: void };
   getClientTelemetry: { params: { clientId: string }; result: IVpnClientTelemetry };
+  generateWgKeypair: { params: Record<string, never>; result: IVpnKeypair };
+  addWgPeer: { params: { peer: IWgPeerConfig }; result: void };
+  removeWgPeer: { params: { publicKey: string }; result: void };
+  listWgPeers: { params: Record<string, never>; result: { peers: IWgPeerInfo[] } };
 };
 
 // ============================================================================