feat(config): add reusable security profiles and network targets with route reference resolution

ts_interfaces/data/route-management.ts

@@ -1,10 +1,77 @@
 import type { IRouteConfig } from '@push.rocks/smartproxy';
 
+// Derive IRouteSecurity from IRouteConfig since it's not directly exported
+export type IRouteSecurity = NonNullable<IRouteConfig['security']>;
+
 // ============================================================================
 // Route Management Data Types
 // ============================================================================
 
-export type TApiTokenScope = 'routes:read' | 'routes:write' | 'config:read' | 'tokens:read' | 'tokens:manage';
+export type TApiTokenScope =
+  | 'routes:read' | 'routes:write'
+  | 'config:read'
+  | 'tokens:read' | 'tokens:manage'
+  | 'profiles:read' | 'profiles:write'
+  | 'targets:read' | 'targets:write';
+
+// ============================================================================
+// Security Profile Types
+// ============================================================================
+
+/**
+ * A reusable, named security profile that can be referenced by routes.
+ * Stores the full IRouteSecurity shape from SmartProxy.
+ */
+export interface ISecurityProfile {
+  id: string;
+  name: string;
+  description?: string;
+  /** The security configuration — mirrors SmartProxy's IRouteSecurity. */
+  security: IRouteSecurity;
+  /** IDs of profiles this one extends (resolved top-down, later overrides earlier). */
+  extendsProfiles?: string[];
+  createdAt: number;
+  updatedAt: number;
+  createdBy: string;
+}
+
+// ============================================================================
+// Network Target Types
+// ============================================================================
+
+/**
+ * A reusable, named network target (host + port) that can be referenced by routes.
+ */
+export interface INetworkTarget {
+  id: string;
+  name: string;
+  description?: string;
+  host: string | string[];
+  port: number;
+  createdAt: number;
+  updatedAt: number;
+  createdBy: string;
+}
+
+// ============================================================================
+// Route Metadata Types
+// ============================================================================
+
+/**
+ * Metadata on a stored route tracking where its resolved values came from.
+ */
+export interface IRouteMetadata {
+  /** ID of the SecurityProfileDoc used to resolve this route's security. */
+  securityProfileRef?: string;
+  /** ID of the NetworkTargetDoc used to resolve this route's targets. */
+  networkTargetRef?: string;
+  /** Snapshot of the profile name at resolution time, for display. */
+  securityProfileName?: string;
+  /** Snapshot of the target name at resolution time, for display. */
+  networkTargetName?: string;
+  /** Timestamp of last reference resolution. */
+  lastResolvedAt?: number;
+}
 
 /**
  * A merged route combining hardcoded and programmatic sources.
@@ -17,6 +84,7 @@ export interface IMergedRoute {
   storedRouteId?: string;
   createdAt?: number;
   updatedAt?: number;
+  metadata?: IRouteMetadata;
 }
 
 /**
@@ -55,6 +123,7 @@ export interface IStoredRoute {
   createdAt: number;
   updatedAt: number;
   createdBy: string;
+  metadata?: IRouteMetadata;
 }
 
 /**

ts_interfaces/requests/index.ts

@@ -9,4 +9,6 @@ export * from './certificate.js';
 export * from './remoteingress.js';
 export * from './route-management.js';
 export * from './api-tokens.js';
-export * from './vpn.js';
+export * from './vpn.js';
+export * from './security-profiles.js';
+export * from './network-targets.js';

ts_interfaces/requests/network-targets.ts

@@ -0,0 +1,127 @@
+import * as plugins from '../plugins.js';
+import type * as authInterfaces from '../data/auth.js';
+import type { INetworkTarget } from '../data/route-management.js';
+
+// ============================================================================
+// Network Target Endpoints
+// ============================================================================
+
+/**
+ * Get all network targets.
+ */
+export interface IReq_GetNetworkTargets extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetNetworkTargets
+> {
+  method: 'getNetworkTargets';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+  };
+  response: {
+    targets: INetworkTarget[];
+  };
+}
+
+/**
+ * Get a single network target by ID.
+ */
+export interface IReq_GetNetworkTarget extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetNetworkTarget
+> {
+  method: 'getNetworkTarget';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+  };
+  response: {
+    target: INetworkTarget | null;
+  };
+}
+
+/**
+ * Create a new network target.
+ */
+export interface IReq_CreateNetworkTarget extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_CreateNetworkTarget
+> {
+  method: 'createNetworkTarget';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    name: string;
+    description?: string;
+    host: string | string[];
+    port: number;
+  };
+  response: {
+    success: boolean;
+    id?: string;
+    message?: string;
+  };
+}
+
+/**
+ * Update a network target.
+ */
+export interface IReq_UpdateNetworkTarget extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_UpdateNetworkTarget
+> {
+  method: 'updateNetworkTarget';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+    name?: string;
+    description?: string;
+    host?: string | string[];
+    port?: number;
+  };
+  response: {
+    success: boolean;
+    affectedRouteCount?: number;
+    message?: string;
+  };
+}
+
+/**
+ * Delete a network target.
+ */
+export interface IReq_DeleteNetworkTarget extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_DeleteNetworkTarget
+> {
+  method: 'deleteNetworkTarget';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+    force?: boolean;
+  };
+  response: {
+    success: boolean;
+    message?: string;
+  };
+}
+
+/**
+ * Get which routes reference a network target.
+ */
+export interface IReq_GetNetworkTargetUsage extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetNetworkTargetUsage
+> {
+  method: 'getNetworkTargetUsage';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+  };
+  response: {
+    routes: Array<{ id: string; name: string }>;
+  };
+}

ts_interfaces/requests/route-management.ts

@@ -1,6 +1,6 @@
 import * as plugins from '../plugins.js';
 import type * as authInterfaces from '../data/auth.js';
-import type { IMergedRoute, IRouteWarning } from '../data/route-management.js';
+import type { IMergedRoute, IRouteWarning, IRouteMetadata } from '../data/route-management.js';
 import type { IRouteConfig } from '@push.rocks/smartproxy';
 
 // ============================================================================
@@ -38,6 +38,7 @@ export interface IReq_CreateRoute extends plugins.typedrequestInterfaces.impleme
     apiToken?: string;
     route: IRouteConfig;
     enabled?: boolean;
+    metadata?: IRouteMetadata;
   };
   response: {
     success: boolean;
@@ -60,6 +61,7 @@ export interface IReq_UpdateRoute extends plugins.typedrequestInterfaces.impleme
     id: string;
     route?: Partial<IRouteConfig>;
     enabled?: boolean;
+    metadata?: Partial<IRouteMetadata>;
   };
   response: {
     success: boolean;

ts_interfaces/requests/security-profiles.ts

@@ -0,0 +1,127 @@
+import * as plugins from '../plugins.js';
+import type * as authInterfaces from '../data/auth.js';
+import type { ISecurityProfile, IRouteSecurity } from '../data/route-management.js';
+
+// ============================================================================
+// Security Profile Endpoints
+// ============================================================================
+
+/**
+ * Get all security profiles.
+ */
+export interface IReq_GetSecurityProfiles extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetSecurityProfiles
+> {
+  method: 'getSecurityProfiles';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+  };
+  response: {
+    profiles: ISecurityProfile[];
+  };
+}
+
+/**
+ * Get a single security profile by ID.
+ */
+export interface IReq_GetSecurityProfile extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetSecurityProfile
+> {
+  method: 'getSecurityProfile';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+  };
+  response: {
+    profile: ISecurityProfile | null;
+  };
+}
+
+/**
+ * Create a new security profile.
+ */
+export interface IReq_CreateSecurityProfile extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_CreateSecurityProfile
+> {
+  method: 'createSecurityProfile';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    name: string;
+    description?: string;
+    security: IRouteSecurity;
+    extendsProfiles?: string[];
+  };
+  response: {
+    success: boolean;
+    id?: string;
+    message?: string;
+  };
+}
+
+/**
+ * Update a security profile.
+ */
+export interface IReq_UpdateSecurityProfile extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_UpdateSecurityProfile
+> {
+  method: 'updateSecurityProfile';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+    name?: string;
+    description?: string;
+    security?: IRouteSecurity;
+    extendsProfiles?: string[];
+  };
+  response: {
+    success: boolean;
+    affectedRouteCount?: number;
+    message?: string;
+  };
+}
+
+/**
+ * Delete a security profile.
+ */
+export interface IReq_DeleteSecurityProfile extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_DeleteSecurityProfile
+> {
+  method: 'deleteSecurityProfile';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+    force?: boolean;
+  };
+  response: {
+    success: boolean;
+    message?: string;
+  };
+}
+
+/**
+ * Get which routes reference a security profile.
+ */
+export interface IReq_GetSecurityProfileUsage extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_GetSecurityProfileUsage
+> {
+  method: 'getSecurityProfileUsage';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    apiToken?: string;
+    id: string;
+  };
+  response: {
+    routes: Array<{ id: string; name: string }>;
+  };
+}