feat(config): add reusable security profiles and network targets with route reference resolution

ts_interfaces/data/route-management.ts

@@ -1,10 +1,77 @@
 import type { IRouteConfig } from '@push.rocks/smartproxy';
 
+// Derive IRouteSecurity from IRouteConfig since it's not directly exported
+export type IRouteSecurity = NonNullable<IRouteConfig['security']>;
+
 // ============================================================================
 // Route Management Data Types
 // ============================================================================
 
-export type TApiTokenScope = 'routes:read' | 'routes:write' | 'config:read' | 'tokens:read' | 'tokens:manage';
+export type TApiTokenScope =
+  | 'routes:read' | 'routes:write'
+  | 'config:read'
+  | 'tokens:read' | 'tokens:manage'
+  | 'profiles:read' | 'profiles:write'
+  | 'targets:read' | 'targets:write';
+
+// ============================================================================
+// Security Profile Types
+// ============================================================================
+
+/**
+ * A reusable, named security profile that can be referenced by routes.
+ * Stores the full IRouteSecurity shape from SmartProxy.
+ */
+export interface ISecurityProfile {
+  id: string;
+  name: string;
+  description?: string;
+  /** The security configuration — mirrors SmartProxy's IRouteSecurity. */
+  security: IRouteSecurity;
+  /** IDs of profiles this one extends (resolved top-down, later overrides earlier). */
+  extendsProfiles?: string[];
+  createdAt: number;
+  updatedAt: number;
+  createdBy: string;
+}
+
+// ============================================================================
+// Network Target Types
+// ============================================================================
+
+/**
+ * A reusable, named network target (host + port) that can be referenced by routes.
+ */
+export interface INetworkTarget {
+  id: string;
+  name: string;
+  description?: string;
+  host: string | string[];
+  port: number;
+  createdAt: number;
+  updatedAt: number;
+  createdBy: string;
+}
+
+// ============================================================================
+// Route Metadata Types
+// ============================================================================
+
+/**
+ * Metadata on a stored route tracking where its resolved values came from.
+ */
+export interface IRouteMetadata {
+  /** ID of the SecurityProfileDoc used to resolve this route's security. */
+  securityProfileRef?: string;
+  /** ID of the NetworkTargetDoc used to resolve this route's targets. */
+  networkTargetRef?: string;
+  /** Snapshot of the profile name at resolution time, for display. */
+  securityProfileName?: string;
+  /** Snapshot of the target name at resolution time, for display. */
+  networkTargetName?: string;
+  /** Timestamp of last reference resolution. */
+  lastResolvedAt?: number;
+}
 
 /**
  * A merged route combining hardcoded and programmatic sources.
@@ -17,6 +84,7 @@ export interface IMergedRoute {
   storedRouteId?: string;
   createdAt?: number;
   updatedAt?: number;
+  metadata?: IRouteMetadata;
 }
 
 /**
@@ -55,6 +123,7 @@ export interface IStoredRoute {
   createdAt: number;
   updatedAt: number;
   createdBy: string;
+  metadata?: IRouteMetadata;
 }
 
 /**