v11.10.7

.vscode/settings.json

@@ -1,7 +1,7 @@
 {
   "json.schemas": [
     {
-      "fileMatch": ["/npmextra.json"],
+      "fileMatch": ["/.smartconfig.json"],
       "schema": {
         "type": "object",
         "properties": {

changelog.md

@@ -1,5 +1,108 @@
 # Changelog
 
+## 2026-03-26 - 11.10.7 - fix(sms)
+update sms service to use async ProjectInfo initialization
+
+- Replace direct ProjectInfo construction with the async create() factory in the SMS service startup flow
+- Bump related dependencies including @push.rocks/projectinfo, @push.rocks/smartdata, @push.rocks/smartmongo, @serve.zone/remoteingress, and @git.zone/tstest
+
+## 2026-03-26 - 11.10.6 - fix(typescript)
+tighten TypeScript null safety and error handling across backend and ops UI
+
+- add explicit unknown error typing and safe message access in logging and handler code
+- mark deferred-initialized class properties with definite assignment assertions to satisfy stricter TypeScript checks
+- harden ops web state access and action return types with non-null assertions and explicit Promise state typing
+- update storage reads to allow missing values and align license file references with the lowercase license filename
+
+## 2026-03-26 - 11.10.5 - fix(build)
+rename smart tooling config to .smartconfig.json and update package references
+
+- Moves the shared tool configuration from npmextra.json to .smartconfig.json.
+- Updates package.json published files and documentation to reference the new config file.
+- Refreshes several development and runtime dependency versions alongside the config migration.
+
+## 2026-03-24 - 11.10.4 - fix(monitoring)
+handle multiple protocol cache entries per backend in metrics output
+
+- Group detected protocol cache entries by backend host and port so multiple domain-specific records are preserved.
+- Emit one backend metrics row per cached domain and avoid dropping unmatched protocol cache entries by tracking seen entries with a composite host:port:domain key.
+- Use cached protocol values when available while keeping backend-only rows for metrics without protocol cache data.
+
+## 2026-03-23 - 11.10.3 - fix(deps)
+bump tstest, smartmetrics, and taskbuffer to latest patch releases
+
+- update @git.zone/tstest from ^3.5.0 to ^3.5.1
+- update @push.rocks/smartmetrics from ^3.0.2 to ^3.0.3
+- update @push.rocks/taskbuffer from ^8.0.0 to ^8.0.2
+
+## 2026-03-23 - 11.10.2 - fix(deps)
+bump @api.global/typedserver to ^8.4.6 and @push.rocks/smartproxy to ^26.2.1
+
+- Updates @api.global/typedserver from ^8.4.2 to ^8.4.6
+- Updates @push.rocks/smartproxy from ^26.2.0 to ^26.2.1
+
+## 2026-03-23 - 11.10.1 - fix(deps)
+bump @push.rocks/smartproxy to ^26.2.0
+
+- Updates the @push.rocks/smartproxy dependency from ^26.1.0 to ^26.2.0 in package.json.
+
+## 2026-03-23 - 11.10.0 - feat(monitoring)
+add backend protocol metrics to network stats and ops dashboard
+
+- Expose backend protocol, connection, error, and suppression metrics in stats responses.
+- Add typed backend info interfaces and app state support for backend metrics.
+- Render a new backend protocols table in the ops network view with detail modal and suppression badges.
+- Update smartproxy and lik dependencies to support backend protocol metrics collection.
+
+## 2026-03-21 - 11.9.1 - fix(lifecycle)
+clean up service subscriptions, proxy retries, and stale runtime state on shutdown
+
+- unsubscribe from ServiceManager event streams and use one-time signal handlers to avoid duplicate shutdown execution
+- reset existing SmartProxy instances before retry setup and prune expired certificate backoff cache entries
+- add periodic sweeping and shutdown cleanup for stale RADIUS accounting sessions
+
+## 2026-03-20 - 11.9.0 - feat(dcrouter)
+add service manager lifecycle orchestration and health-based ops status reporting
+
+- register dcrouter components with a taskbuffer ServiceManager using dependencies, retries, and critical/optional service roles
+- update ops stats health output to reflect aggregated service manager state and per-service error or retry details
+- add @push.rocks/taskbuffer to shared plugins and project dependencies for service lifecycle management
+
+## 2026-03-20 - 11.8.11 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.10
+
+- Updates the @push.rocks/smartproxy dependency from ^25.17.9 to ^25.17.10 in package.json
+
+## 2026-03-20 - 11.8.10 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.9
+
+- Updates @push.rocks/smartproxy from ^25.17.8 to ^25.17.9 in package.json
+
+## 2026-03-20 - 11.8.9 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.8
+
+- Updates the @push.rocks/smartproxy dependency from ^25.17.7 to ^25.17.8.
+
+## 2026-03-20 - 11.8.8 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.7
+
+- Updates the @push.rocks/smartproxy dependency from ^25.17.4 to ^25.17.7 in package.json.
+
+## 2026-03-20 - 11.8.7 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.4
+
+- updates @push.rocks/smartproxy from ^25.17.3 to ^25.17.4 in package.json
+
+## 2026-03-20 - 11.8.6 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.3
+
+- updates @push.rocks/smartproxy from ^25.17.1 to ^25.17.3 in package.json
+
+## 2026-03-20 - 11.8.5 - fix(deps)
+bump @push.rocks/smartproxy to ^25.17.1
+
+- Updates the @push.rocks/smartproxy dependency from ^25.17.0 to ^25.17.1.
+
 ## 2026-03-20 - 11.8.4 - fix(deps)
 bump @serve.zone/remoteingress to ^4.14.0
 

license

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Task Venture Capital GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package.json

@@ -1,7 +1,7 @@
 {
   "name": "@serve.zone/dcrouter",
   "private": false,
-  "version": "11.8.4",
+  "version": "11.10.7",
   "description": "A multifaceted routing service handling mail and SMS delivery functions.",
   "type": "module",
   "exports": {
@@ -22,47 +22,48 @@
     "watch": "tswatch"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^4.3.0",
-    "@git.zone/tsbundle": "^2.9.1",
-    "@git.zone/tsrun": "^2.0.1",
-    "@git.zone/tstest": "^3.5.0",
-    "@git.zone/tswatch": "^3.3.0",
+    "@git.zone/tsbuild": "^4.4.0",
+    "@git.zone/tsbundle": "^2.10.0",
+    "@git.zone/tsrun": "^2.0.2",
+    "@git.zone/tstest": "^3.6.1",
+    "@git.zone/tswatch": "^3.3.2",
     "@types/node": "^25.5.0"
   },
   "dependencies": {
     "@api.global/typedrequest": "^3.3.0",
     "@api.global/typedrequest-interfaces": "^3.0.19",
-    "@api.global/typedserver": "^8.4.2",
+    "@api.global/typedserver": "^8.4.6",
     "@api.global/typedsocket": "^4.1.2",
     "@apiclient.xyz/cloudflare": "^7.1.0",
-    "@design.estate/dees-catalog": "^3.48.5",
+    "@design.estate/dees-catalog": "^3.49.0",
     "@design.estate/dees-element": "^2.2.3",
-    "@push.rocks/lik": "^6.3.1",
-    "@push.rocks/projectinfo": "^5.0.2",
+    "@push.rocks/lik": "^6.4.0",
+    "@push.rocks/projectinfo": "^5.1.0",
     "@push.rocks/qenv": "^6.1.3",
     "@push.rocks/smartacme": "^9.3.0",
-    "@push.rocks/smartdata": "^7.1.0",
+    "@push.rocks/smartdata": "^7.1.3",
     "@push.rocks/smartdns": "^7.9.0",
     "@push.rocks/smartfile": "^13.1.2",
     "@push.rocks/smartguard": "^3.1.0",
     "@push.rocks/smartjwt": "^2.2.1",
     "@push.rocks/smartlog": "^3.2.1",
-    "@push.rocks/smartmetrics": "^3.0.2",
-    "@push.rocks/smartmongo": "^5.1.0",
+    "@push.rocks/smartmetrics": "^3.0.3",
+    "@push.rocks/smartmongo": "^5.1.1",
     "@push.rocks/smartmta": "^5.3.1",
     "@push.rocks/smartnetwork": "^4.4.0",
     "@push.rocks/smartpath": "^6.0.0",
     "@push.rocks/smartpromise": "^4.2.3",
-    "@push.rocks/smartproxy": "^25.17.0",
+    "@push.rocks/smartproxy": "^26.2.4",
     "@push.rocks/smartradius": "^1.1.1",
     "@push.rocks/smartrequest": "^5.0.1",
     "@push.rocks/smartrx": "^3.0.10",
-    "@push.rocks/smartstate": "^2.2.0",
+    "@push.rocks/smartstate": "^2.2.1",
     "@push.rocks/smartunique": "^3.0.9",
+    "@push.rocks/taskbuffer": "^8.0.2",
     "@serve.zone/catalog": "^2.9.0",
     "@serve.zone/interfaces": "^5.3.0",
-    "@serve.zone/remoteingress": "^4.14.0",
-    "@tsclass/tsclass": "^9.4.0",
+    "@serve.zone/remoteingress": "^4.14.3",
+    "@tsclass/tsclass": "^9.5.0",
     "lru-cache": "^11.2.7",
     "uuid": "^13.0.0"
   },
@@ -111,7 +112,7 @@
     "dist_ts_apiclient/**/*",
     "assets/**/*",
     "cli.js",
-    "npmextra.json",
+    ".smartconfig.json",
     "readme.md"
   ]
 }

readme.hints.md

@@ -133,7 +133,7 @@ The project now uses tswatch for development:
 ```bash
 pnpm run watch
 ```
-Configuration in `npmextra.json`:
+Configuration in `.smartconfig.json`:
 ```json
 {
   "@git.zone/tswatch": {

readme.md

@@ -1449,7 +1449,7 @@ The Docker build supports multi-platform (`linux/amd64`, `linux/arm64`) via [tsd
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](./license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.8.4',
+  version: '11.10.7',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

ts/cache/classes.cache.cleaner.ts

@@ -48,14 +48,14 @@ export class CacheCleaner {
     this.isRunning = true;
 
     // Run cleanup immediately on start
-    this.runCleanup().catch((error) => {
-      logger.log('error', `Initial cache cleanup failed: ${error.message}`);
+    this.runCleanup().catch((error: unknown) => {
+      logger.log('error', `Initial cache cleanup failed: ${(error as Error).message}`);
     });
 
     // Schedule periodic cleanup
     this.cleanupInterval = setInterval(() => {
-      this.runCleanup().catch((error) => {
-        logger.log('error', `Cache cleanup failed: ${error.message}`);
+      this.runCleanup().catch((error: unknown) => {
+        logger.log('error', `Cache cleanup failed: ${(error as Error).message}`);
       });
     }, this.options.intervalMs);
 
@@ -113,8 +113,8 @@ export class CacheCleaner {
           `Cache cleanup completed. Deleted ${totalDeleted} expired documents. ${summary || 'No deletions.'}`
         );
       }
-    } catch (error) {
-      logger.log('error', `Cache cleanup error: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Cache cleanup error: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -138,14 +138,14 @@ export class CacheCleaner {
         try {
           await doc.delete();
           deletedCount++;
-        } catch (deleteError) {
-          logger.log('warn', `Failed to delete expired document: ${deleteError.message}`);
+        } catch (deleteError: unknown) {
+          logger.log('warn', `Failed to delete expired document: ${(deleteError as Error).message}`);
         }
       }
 
       return deletedCount;
-    } catch (error) {
-      logger.log('error', `Error cleaning collection: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error cleaning collection: ${(error as Error).message}`);
       return 0;
     }
   }

ts/cache/classes.cached.document.ts

@@ -22,7 +22,7 @@ export abstract class CachedDocument<T extends CachedDocument<T>> extends plugin
    * Timestamp when the document expires and should be cleaned up
    * NOTE: Subclasses must add @svDb() decorator
    */
-  public expiresAt: Date;
+  public expiresAt!: Date;
 
   /**
    * Timestamp of last access (for LRU-style eviction if needed)

ts/cache/classes.cachedb.ts

@@ -23,8 +23,8 @@ export interface ICacheDbOptions {
 export class CacheDb {
   private static instance: CacheDb | null = null;
 
-  private localTsmDb: plugins.smartmongo.LocalTsmDb;
-  private smartdataDb: plugins.smartdata.SmartdataDb;
+  private localTsmDb!: plugins.smartmongo.LocalTsmDb;
+  private smartdataDb!: plugins.smartdata.SmartdataDb;
   private options: Required<ICacheDbOptions>;
   private isStarted: boolean = false;
 
@@ -89,8 +89,8 @@ export class CacheDb {
 
       this.isStarted = true;
       logger.log('info', `CacheDb started at ${this.options.storagePath}`);
-    } catch (error) {
-      logger.log('error', `Failed to start CacheDb: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to start CacheDb: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -116,8 +116,8 @@ export class CacheDb {
 
       this.isStarted = false;
       logger.log('info', 'CacheDb stopped');
-    } catch (error) {
-      logger.log('error', `Error stopping CacheDb: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error stopping CacheDb: ${(error as Error).message}`);
       throw error;
     }
   }

ts/cache/documents/classes.cached.email.ts

@@ -35,55 +35,55 @@ export class CachedEmail extends CachedDocument<CachedEmail> {
    */
   @plugins.smartdata.unI()
   @plugins.smartdata.svDb()
-  public id: string;
+  public id!: string;
 
   /**
    * Email message ID (RFC 822 Message-ID header)
    */
   @plugins.smartdata.svDb()
-  public messageId: string;
+  public messageId!: string;
 
   /**
    * Sender email address (envelope from)
    */
   @plugins.smartdata.svDb()
-  public from: string;
+  public from!: string;
 
   /**
    * Recipient email addresses
    */
   @plugins.smartdata.svDb()
-  public to: string[];
+  public to!: string[];
 
   /**
    * CC recipients
    */
   @plugins.smartdata.svDb()
-  public cc: string[];
+  public cc!: string[];
 
   /**
    * BCC recipients
    */
   @plugins.smartdata.svDb()
-  public bcc: string[];
+  public bcc!: string[];
 
   /**
    * Email subject
    */
   @plugins.smartdata.svDb()
-  public subject: string;
+  public subject!: string;
 
   /**
    * Raw RFC822 email content
    */
   @plugins.smartdata.svDb()
-  public rawContent: string;
+  public rawContent!: string;
 
   /**
    * Current status of the email
    */
   @plugins.smartdata.svDb()
-  public status: TCachedEmailStatus;
+  public status!: TCachedEmailStatus;
 
   /**
    * Number of delivery attempts
@@ -101,25 +101,25 @@ export class CachedEmail extends CachedDocument<CachedEmail> {
    * Timestamp for next delivery attempt
    */
   @plugins.smartdata.svDb()
-  public nextAttempt: Date;
+  public nextAttempt!: Date;
 
   /**
    * Last error message if delivery failed
    */
   @plugins.smartdata.svDb()
-  public lastError: string;
+  public lastError!: string;
 
   /**
    * Timestamp when the email was successfully delivered
    */
   @plugins.smartdata.svDb()
-  public deliveredAt: Date;
+  public deliveredAt!: Date;
 
   /**
    * Sender domain (for querying/filtering)
    */
   @plugins.smartdata.svDb()
-  public senderDomain: string;
+  public senderDomain!: string;
 
   /**
    * Priority level (higher = more important)
@@ -131,7 +131,7 @@ export class CachedEmail extends CachedDocument<CachedEmail> {
    * JSON-serialized route data
    */
   @plugins.smartdata.svDb()
-  public routeData: string;
+  public routeData!: string;
 
   /**
    * DKIM signature status

ts/cache/documents/classes.cached.ip.reputation.ts

@@ -45,61 +45,61 @@ export class CachedIPReputation extends CachedDocument<CachedIPReputation> {
    */
   @plugins.smartdata.unI()
   @plugins.smartdata.svDb()
-  public ipAddress: string;
+  public ipAddress!: string;
 
   /**
    * Reputation score (0-100, higher = better)
    */
   @plugins.smartdata.svDb()
-  public score: number;
+  public score!: number;
 
   /**
    * Whether the IP is flagged as spam source
    */
   @plugins.smartdata.svDb()
-  public isSpam: boolean;
+  public isSpam!: boolean;
 
   /**
    * Whether the IP is a known proxy
    */
   @plugins.smartdata.svDb()
-  public isProxy: boolean;
+  public isProxy!: boolean;
 
   /**
    * Whether the IP is a Tor exit node
    */
   @plugins.smartdata.svDb()
-  public isTor: boolean;
+  public isTor!: boolean;
 
   /**
    * Whether the IP is a VPN endpoint
    */
   @plugins.smartdata.svDb()
-  public isVPN: boolean;
+  public isVPN!: boolean;
 
   /**
    * Country code (ISO 3166-1 alpha-2)
    */
   @plugins.smartdata.svDb()
-  public country: string;
+  public country!: string;
 
   /**
    * Autonomous System Number
    */
   @plugins.smartdata.svDb()
-  public asn: string;
+  public asn!: string;
 
   /**
    * Organization name
    */
   @plugins.smartdata.svDb()
-  public org: string;
+  public org!: string;
 
   /**
    * List of blacklists the IP appears on
    */
   @plugins.smartdata.svDb()
-  public blacklists: string[];
+  public blacklists!: string[];
 
   /**
    * Number of times this IP has been checked

ts/classes.cert-provision-scheduler.ts

@@ -61,14 +61,21 @@ export class CertProvisionScheduler {
   }
 
   /**
-   * Check if a domain is currently in backoff
+   * Check if a domain is currently in backoff.
+   * Expired entries are pruned from the cache to prevent unbounded growth.
    */
   async isInBackoff(domain: string): Promise<boolean> {
     const entry = await this.loadBackoff(domain);
     if (!entry) return false;
 
     const retryAfter = new Date(entry.retryAfter);
-    return retryAfter.getTime() > Date.now();
+    if (retryAfter.getTime() > Date.now()) {
+      return true;
+    }
+
+    // Backoff has expired — prune the stale entry
+    this.backoffCache.delete(domain);
+    return false;
   }
 
   /**
@@ -124,9 +131,12 @@ export class CertProvisionScheduler {
     const entry = await this.loadBackoff(domain);
     if (!entry) return null;
 
-    // Only return if still in backoff
+    // Only return if still in backoff — prune expired entries
     const retryAfter = new Date(entry.retryAfter);
-    if (retryAfter.getTime() <= Date.now()) return null;
+    if (retryAfter.getTime() <= Date.now()) {
+      this.backoffCache.delete(domain);
+      return null;
+    }
 
     return {
       failures: entry.failures,

ts/classes.dcrouter.ts

@@ -215,7 +215,7 @@ export class DcRouter {
   public emailServer?: UnifiedEmailServer;
   public radiusServer?: RadiusServer;
   public storageManager: StorageManager;
-  public opsServer: OpsServer;
+  public opsServer!: OpsServer;
   public metricsManager?: MetricsManager;
 
   // Cache system (smartdata + LocalTsmDb)
@@ -252,6 +252,11 @@ export class DcRouter {
   // Certificate provisioning scheduler with per-domain backoff
   public certProvisionScheduler?: CertProvisionScheduler;
 
+  // Service lifecycle management
+  public serviceManager: plugins.taskbuffer.ServiceManager;
+  private serviceSubjectSubscription?: plugins.smartrx.rxjs.Subscription;
+  public smartAcmeReady = false;
+
   // TypedRouter for API endpoints
   public typedrouter = new plugins.typedrequest.TypedRouter();
 
@@ -279,67 +284,253 @@ export class DcRouter {
 
     // Initialize storage manager
     this.storageManager = new StorageManager(this.options.storage);
+
+    // Initialize service manager and register all services
+    this.serviceManager = new plugins.taskbuffer.ServiceManager({
+      name: 'dcrouter',
+      startupTimeoutMs: 120_000,
+      shutdownTimeoutMs: 30_000,
+    });
+    this.registerServices();
+  }
+
+  /**
+   * Register all dcrouter services with the ServiceManager.
+   * Services are started in dependency order, with failure isolation for optional services.
+   */
+  private registerServices(): void {
+    // OpsServer: critical, no dependencies — provides visibility
+    this.serviceManager.addService(
+      new plugins.taskbuffer.Service('OpsServer')
+        .critical()
+        .withStart(async () => {
+          this.opsServer = new OpsServer(this);
+          await this.opsServer.start();
+        })
+        .withStop(async () => {
+          await this.opsServer?.stop();
+        })
+        .withRetry({ maxRetries: 0 }),
+    );
+
+    // CacheDb: optional, no dependencies
+    if (this.options.cacheConfig?.enabled !== false) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('CacheDb')
+          .optional()
+          .withStart(async () => {
+            await this.setupCacheDb();
+          })
+          .withStop(async () => {
+            if (this.cacheCleaner) {
+              this.cacheCleaner.stop();
+              this.cacheCleaner = undefined;
+            }
+            if (this.cacheDb) {
+              await this.cacheDb.stop();
+              CacheDb.resetInstance();
+              this.cacheDb = undefined;
+            }
+          })
+          .withRetry({ maxRetries: 2, baseDelayMs: 1000, maxDelayMs: 5000 }),
+      );
+    }
+
+    // MetricsManager: optional, depends on OpsServer
+    this.serviceManager.addService(
+      new plugins.taskbuffer.Service('MetricsManager')
+        .optional()
+        .dependsOn('OpsServer')
+        .withStart(async () => {
+          this.metricsManager = new MetricsManager(this);
+          await this.metricsManager.start();
+        })
+        .withStop(async () => {
+          if (this.metricsManager) {
+            await this.metricsManager.stop();
+            this.metricsManager = undefined;
+          }
+        })
+        .withRetry({ maxRetries: 1, baseDelayMs: 1000 }),
+    );
+
+    // SmartProxy: critical, depends on CacheDb (if enabled)
+    const smartProxyDeps: string[] = [];
+    if (this.options.cacheConfig?.enabled !== false) {
+      smartProxyDeps.push('CacheDb');
+    }
+    this.serviceManager.addService(
+      new plugins.taskbuffer.Service('SmartProxy')
+        .critical()
+        .dependsOn(...smartProxyDeps)
+        .withStart(async () => {
+          await this.setupSmartProxy();
+        })
+        .withStop(async () => {
+          if (this.smartProxy) {
+            this.smartProxy.removeAllListeners();
+            await this.smartProxy.stop();
+            this.smartProxy = undefined;
+          }
+        })
+        .withRetry({ maxRetries: 0 }),
+    );
+
+    // SmartAcme: optional, depends on SmartProxy — aggressive retry for rate limits
+    // Only registered if DNS challenge is configured
+    if (this.options.dnsChallenge?.cloudflareApiKey) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('SmartAcme')
+          .optional()
+          .dependsOn('SmartProxy')
+          .withStart(async () => {
+            if (this.smartAcme) {
+              await this.smartAcme.start();
+              this.smartAcmeReady = true;
+              logger.log('info', 'SmartAcme DNS-01 provider is now ready');
+            }
+          })
+          .withStop(async () => {
+            this.smartAcmeReady = false;
+            if (this.smartAcme) {
+              await this.smartAcme.stop();
+              this.smartAcme = undefined;
+            }
+          })
+          .withRetry({ maxRetries: 20, baseDelayMs: 5000, maxDelayMs: 3_600_000, backoffFactor: 2 }),
+      );
+    }
+
+    // ConfigManagers: optional, depends on SmartProxy
+    this.serviceManager.addService(
+      new plugins.taskbuffer.Service('ConfigManagers')
+        .optional()
+        .dependsOn('SmartProxy')
+        .withStart(async () => {
+          this.routeConfigManager = new RouteConfigManager(
+            this.storageManager,
+            () => this.getConstructorRoutes(),
+            () => this.smartProxy,
+            () => this.options.http3,
+          );
+          this.apiTokenManager = new ApiTokenManager(this.storageManager);
+          await this.apiTokenManager.initialize();
+          await this.routeConfigManager.initialize();
+        })
+        .withStop(async () => {
+          this.routeConfigManager = undefined;
+          this.apiTokenManager = undefined;
+        })
+        .withRetry({ maxRetries: 2, baseDelayMs: 1000 }),
+    );
+
+    // Email Server: optional, depends on SmartProxy
+    if (this.options.emailConfig) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('EmailServer')
+          .optional()
+          .dependsOn('SmartProxy')
+          .withStart(async () => {
+            await this.setupUnifiedEmailHandling();
+          })
+          .withStop(async () => {
+            if (this.emailServer) {
+              if ((this.emailServer as any).deliverySystem) {
+                (this.emailServer as any).deliverySystem.removeAllListeners();
+              }
+              this.emailServer.removeAllListeners();
+              await this.emailServer.stop();
+              this.emailServer = undefined;
+            }
+          })
+          .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }),
+      );
+    }
+
+    // DNS Server: optional, depends on SmartProxy
+    if (this.options.dnsNsDomains && this.options.dnsNsDomains.length > 0 && this.options.dnsScopes && this.options.dnsScopes.length > 0) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('DnsServer')
+          .optional()
+          .dependsOn('SmartProxy')
+          .withStart(async () => {
+            await this.setupDnsWithSocketHandler();
+          })
+          .withStop(async () => {
+            // Flush pending DNS batch log
+            if (this.dnsBatchTimer) {
+              clearTimeout(this.dnsBatchTimer);
+              if (this.dnsBatchCount > 0) {
+                logger.log('info', `DNS: ${this.dnsBatchCount} queries processed (final flush)`, { zone: 'dns' });
+              }
+              this.dnsBatchTimer = null;
+              this.dnsBatchCount = 0;
+              this.dnsLogWindowSecond = 0;
+              this.dnsLogWindowCount = 0;
+            }
+            if (this.dnsServer) {
+              this.dnsServer.removeAllListeners();
+              await this.dnsServer.stop();
+              this.dnsServer = undefined;
+            }
+          })
+          .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }),
+      );
+    }
+
+    // RADIUS Server: optional, no dependency on SmartProxy
+    if (this.options.radiusConfig) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('RadiusServer')
+          .optional()
+          .withStart(async () => {
+            await this.setupRadiusServer();
+          })
+          .withStop(async () => {
+            if (this.radiusServer) {
+              await this.radiusServer.stop();
+              this.radiusServer = undefined;
+            }
+          })
+          .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }),
+      );
+    }
+
+    // Remote Ingress: optional, depends on SmartProxy
+    if (this.options.remoteIngressConfig?.enabled) {
+      this.serviceManager.addService(
+        new plugins.taskbuffer.Service('RemoteIngress')
+          .optional()
+          .dependsOn('SmartProxy')
+          .withStart(async () => {
+            await this.setupRemoteIngress();
+          })
+          .withStop(async () => {
+            if (this.tunnelManager) {
+              await this.tunnelManager.stop();
+              this.tunnelManager = undefined;
+            }
+            this.remoteIngressManager = undefined;
+          })
+          .withRetry({ maxRetries: 3, baseDelayMs: 2000, maxDelayMs: 30_000 }),
+      );
+    }
+
+    // Wire up aggregated events for logging
+    this.serviceSubjectSubscription = this.serviceManager.serviceSubject.subscribe((event) => {
+      const level = event.type === 'failed' ? 'error' : event.type === 'retrying' ? 'warn' : 'info';
+      logger.log(level as any, `Service '${event.serviceName}': ${event.type}`, {
+        state: event.state,
+        ...(event.error ? { error: event.error } : {}),
+        ...(event.attempt ? { attempt: event.attempt } : {}),
+      });
+    });
   }
 
   public async start() {
     logger.log('info', 'Starting DcRouter Services');
-    
-
-    this.opsServer = new OpsServer(this);
-    await this.opsServer.start();
-
-    try {
-      // Initialize cache database if enabled (default: enabled)
-      if (this.options.cacheConfig?.enabled !== false) {
-        await this.setupCacheDb();
-      }
-
-      // Initialize MetricsManager
-      this.metricsManager = new MetricsManager(this);
-      await this.metricsManager.start();
-      
-      // Set up SmartProxy for HTTP/HTTPS and all traffic including email routes
-      await this.setupSmartProxy();
-
-      // Initialize programmatic config API managers
-      this.routeConfigManager = new RouteConfigManager(
-        this.storageManager,
-        () => this.getConstructorRoutes(),
-        () => this.smartProxy,
-        () => this.options.http3,
-      );
-      this.apiTokenManager = new ApiTokenManager(this.storageManager);
-      await this.apiTokenManager.initialize();
-      await this.routeConfigManager.initialize();
-
-      // Set up unified email handling if configured
-      if (this.options.emailConfig) {
-        await this.setupUnifiedEmailHandling();
-      }
-      
-      // Set up DNS server if configured with nameservers and scopes
-      if (this.options.dnsNsDomains && this.options.dnsNsDomains.length > 0 &&
-          this.options.dnsScopes && this.options.dnsScopes.length > 0) {
-        await this.setupDnsWithSocketHandler();
-      }
-
-      // Set up RADIUS server if configured
-      if (this.options.radiusConfig) {
-        await this.setupRadiusServer();
-      }
-
-      // Set up Remote Ingress hub if configured
-      if (this.options.remoteIngressConfig?.enabled) {
-        await this.setupRemoteIngress();
-      }
-
-      this.logStartupSummary();
-    } catch (error) {
-      logger.log('error', 'Error starting DcRouter', { error: String(error) });
-      // Try to clean up any services that may have started
-      await this.stop();
-      throw error;
-    }
+    await this.serviceManager.start();
+    this.logStartupSummary();
   }
   
   /**
@@ -399,7 +590,21 @@ export class DcRouter {
       logger.log('info', `Cache Database: storage=${this.cacheDb.getStoragePath()}, db=${this.cacheDb.getDbName()}, cleaner=${this.cacheCleaner?.isActive() ? 'active' : 'inactive'} (${(this.options.cacheConfig?.cleanupIntervalHours || 1)}h interval)`);
     }
 
-    logger.log('info', 'All services are running');
+    // Service status summary from ServiceManager
+    const health = this.serviceManager.getHealth();
+    const statuses = health.services;
+    const running = statuses.filter(s => s.state === 'running').length;
+    const failed = statuses.filter(s => s.state === 'failed').length;
+    const retrying = statuses.filter(s => s.state === 'starting' || s.state === 'degraded').length;
+
+    if (failed > 0) {
+      const failedNames = statuses.filter(s => s.state === 'failed').map(s => `${s.name}: ${s.lastError || 'unknown'}`);
+      logger.log('warn', `DcRouter started in degraded mode — ${running} running, ${failed} failed: ${failedNames.join('; ')}`);
+    } else if (retrying > 0) {
+      logger.log('info', `DcRouter started — ${running} running, ${retrying} still initializing`);
+    } else {
+      logger.log('info', `All ${running} services are running`);
+    }
   }
   
   /**
@@ -435,6 +640,13 @@ export class DcRouter {
    */
   private async setupSmartProxy(): Promise<void> {
     logger.log('info', 'Setting up SmartProxy...');
+
+    // Clean up any existing SmartProxy instance (e.g. from a retry)
+    if (this.smartProxy) {
+      this.smartProxy.removeAllListeners();
+      this.smartProxy = undefined;
+    }
+
     let routes: plugins.smartproxy.IRouteConfig[] = [];
     let acmeConfig: plugins.smartproxy.IAcmeOptions | undefined;
     
@@ -535,10 +747,13 @@ export class DcRouter {
       // Initialize cert provision scheduler
       this.certProvisionScheduler = new CertProvisionScheduler(this.storageManager);
 
-      // If we have DNS challenge handlers, create SmartAcme and wire to certProvisionFunction
+      // If we have DNS challenge handlers, create SmartAcme instance and wire certProvisionFunction
+      // Note: SmartAcme.start() is NOT called here — it runs as a separate optional service
+      // via the ServiceManager, with aggressive retry for rate-limit resilience.
       if (challengeHandlers.length > 0) {
         // Stop old SmartAcme if it exists (e.g., during updateSmartProxyConfig)
         if (this.smartAcme) {
+          this.smartAcmeReady = false;
           await this.smartAcme.stop().catch(err =>
             logger.log('error', 'Error stopping old SmartAcme', { error: String(err) })
           );
@@ -550,10 +765,15 @@ export class DcRouter {
           challengeHandlers: challengeHandlers,
           challengePriority: ['dns-01'],
         });
-        await this.smartAcme.start();
 
         const scheduler = this.certProvisionScheduler;
         smartProxyConfig.certProvisionFunction = async (domain, eventComms) => {
+          // If SmartAcme is not yet ready (still starting or retrying), fall back to HTTP-01
+          if (!this.smartAcmeReady) {
+            eventComms.warn(`SmartAcme not yet initialized, falling back to http-01 for ${domain}`);
+            return 'http01';
+          }
+
           // Check backoff before attempting provision
           if (await scheduler.isInBackoff(domain)) {
             const info = await scheduler.getBackoffInfo(domain);
@@ -567,7 +787,7 @@ export class DcRouter {
             eventComms.log(`Attempting DNS-01 via SmartAcme for ${domain}`);
             eventComms.setSource('smartacme-dns-01');
             const isWildcardDomain = domain.startsWith('*.');
-            const cert = await this.smartAcme.getCertificateForDomain(domain, {
+            const cert = await this.smartAcme!.getCertificateForDomain(domain, {
               includeWildcard: !isWildcardDomain,
             });
             if (cert.validUntil) {
@@ -586,10 +806,10 @@ export class DcRouter {
             // Success — clear any backoff
             await scheduler.clearBackoff(domain);
             return result;
-          } catch (err) {
+          } catch (err: unknown) {
             // Record failure for backoff tracking
-            await scheduler.recordFailure(domain, err.message);
-            eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${err.message}, falling back to http-01`);
+            await scheduler.recordFailure(domain, (err as Error).message);
+            eventComms.warn(`SmartAcme DNS-01 failed for ${domain}: ${(err as Error).message}, falling back to http-01`);
             return 'http01';
           }
         };
@@ -914,105 +1134,29 @@ export class DcRouter {
   public async stop() {
     logger.log('info', 'Stopping DcRouter services...');
 
-    // Flush pending DNS batch log
-    if (this.dnsBatchTimer) {
-      clearTimeout(this.dnsBatchTimer);
-      if (this.dnsBatchCount > 0) {
-        logger.log('info', `DNS: ${this.dnsBatchCount} queries processed (rate limited, final flush)`, { zone: 'dns' });
-      }
-      this.dnsBatchTimer = null;
-      this.dnsBatchCount = 0;
-      this.dnsLogWindowSecond = 0;
-      this.dnsLogWindowCount = 0;
+    // Unsubscribe from service events before stopping services
+    if (this.serviceSubjectSubscription) {
+      this.serviceSubjectSubscription.unsubscribe();
+      this.serviceSubjectSubscription = undefined;
     }
 
-    await this.opsServer.stop();
+    // ServiceManager handles reverse-dependency-ordered shutdown
+    await this.serviceManager.stop();
 
-    try {
-      // Remove event listeners before stopping services to prevent leaks
-      if (this.smartProxy) {
-        this.smartProxy.removeAllListeners();
-      }
-      if (this.emailServer) {
-        if ((this.emailServer as any).deliverySystem) {
-          (this.emailServer as any).deliverySystem.removeAllListeners();
-        }
-        this.emailServer.removeAllListeners();
-      }
-      if (this.dnsServer) {
-        this.dnsServer.removeAllListeners();
-      }
-
-      // Stop all services in parallel for faster shutdown
-      await Promise.all([
-        // Stop cache cleaner if running
-        this.cacheCleaner ? Promise.resolve(this.cacheCleaner.stop()) : Promise.resolve(),
-
-        // Stop metrics manager if running
-        this.metricsManager ? this.metricsManager.stop().catch(err => logger.log('error', 'Error stopping MetricsManager', { error: String(err) })) : Promise.resolve(),
-
-        // Stop unified email server if running
-        this.emailServer ? this.emailServer.stop().catch(err => logger.log('error', 'Error stopping email server', { error: String(err) })) : Promise.resolve(),
-
-        // Stop SmartAcme if running
-        this.smartAcme ? this.smartAcme.stop().catch(err => logger.log('error', 'Error stopping SmartAcme', { error: String(err) })) : Promise.resolve(),
-
-        // Stop HTTP SmartProxy if running
-        this.smartProxy ? this.smartProxy.stop().catch(err => logger.log('error', 'Error stopping SmartProxy', { error: String(err) })) : Promise.resolve(),
-
-        // Stop DNS server if running
-        this.dnsServer ?
-          this.dnsServer.stop().catch(err => logger.log('error', 'Error stopping DNS server', { error: String(err) })) :
-          Promise.resolve(),
-
-        // Stop RADIUS server if running
-        this.radiusServer ?
-          this.radiusServer.stop().catch(err => logger.log('error', 'Error stopping RADIUS server', { error: String(err) })) :
-          Promise.resolve(),
-
-        // Stop Remote Ingress tunnel manager if running
-        this.tunnelManager ?
-          this.tunnelManager.stop().catch(err => logger.log('error', 'Error stopping TunnelManager', { error: String(err) })) :
-          Promise.resolve()
-      ]);
-
-      // Stop cache database after other services (they may need it during shutdown)
-      if (this.cacheDb) {
-        await this.cacheDb.stop().catch(err => logger.log('error', 'Error stopping CacheDb', { error: String(err) }));
-        CacheDb.resetInstance();
-      }
-
-      // Clear backoff cache in cert scheduler
-      if (this.certProvisionScheduler) {
-        this.certProvisionScheduler.clear();
-      }
-
-      // Allow GC of stopped services by nulling references
-      this.smartProxy = undefined;
-      this.emailServer = undefined;
-      this.dnsServer = undefined;
-      this.metricsManager = undefined;
-      this.cacheCleaner = undefined;
-      this.cacheDb = undefined;
-      this.tunnelManager = undefined;
-      this.radiusServer = undefined;
-      this.smartAcme = undefined;
+    // Clear backoff cache in cert scheduler
+    if (this.certProvisionScheduler) {
+      this.certProvisionScheduler.clear();
       this.certProvisionScheduler = undefined;
-      this.remoteIngressManager = undefined;
-      this.routeConfigManager = undefined;
-      this.apiTokenManager = undefined;
-      this.certificateStatusMap.clear();
-
-      // Reset security singletons to allow GC
-      SecurityLogger.resetInstance();
-      ContentScanner.resetInstance();
-      IPReputationChecker.resetInstance();
-
-      logger.log('info', 'All DcRouter services stopped');
-    } catch (error) {
-      logger.log('error', 'Error during DcRouter shutdown', { error: String(error) });
-      throw error;
     }
+
+    this.certificateStatusMap.clear();
+
+    // Reset security singletons to allow GC
+    SecurityLogger.resetInstance();
+    ContentScanner.resetInstance();
+    IPReputationChecker.resetInstance();
+
+    logger.log('info', 'All DcRouter services stopped');
   }
 
   /**
@@ -1104,21 +1248,21 @@ export class DcRouter {
     // Wire delivery events to MetricsManager and logger
     if (this.metricsManager && this.emailServer.deliverySystem) {
       this.emailServer.deliverySystem.on('deliveryStart', (item: any) => {
-        this.metricsManager.trackEmailReceived(item?.from);
+        this.metricsManager!.trackEmailReceived(item?.from);
         logger.log('info', `Email delivery started: ${item?.from} → ${item?.to}`, { zone: 'email' });
       });
       this.emailServer.deliverySystem.on('deliverySuccess', (item: any) => {
-        this.metricsManager.trackEmailSent(item?.to);
+        this.metricsManager!.trackEmailSent(item?.to);
         logger.log('info', `Email delivered to ${item?.to}`, { zone: 'email' });
       });
       this.emailServer.deliverySystem.on('deliveryFailed', (item: any, error: any) => {
-        this.metricsManager.trackEmailFailed(item?.to, error?.message);
+        this.metricsManager!.trackEmailFailed(item?.to, error?.message);
         logger.log('warn', `Email delivery failed to ${item?.to}: ${error?.message}`, { zone: 'email' });
       });
     }
     if (this.metricsManager && this.emailServer) {
       this.emailServer.on('bounceProcessed', () => {
-        this.metricsManager.trackEmailBounced();
+        this.metricsManager!.trackEmailBounced();
         logger.log('warn', 'Email bounce processed', { zone: 'email' });
       });
     }
@@ -1161,12 +1305,12 @@ export class DcRouter {
       }
       
       logger.log('info', 'All unified email components stopped');
-    } catch (error) {
-      logger.log('error', `Error stopping unified email components: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error stopping unified email components: ${(error as Error).message}`);
       throw error;
     }
   }
-  
+
   /**
    * Update domain rules for email routing
    * @param rules New domain rules to apply
@@ -1324,7 +1468,7 @@ export class DcRouter {
       this.dnsServer.on('query', (event: plugins.smartdns.dnsServerMod.IDnsQueryCompletedEvent) => {
         // Metrics tracking
         for (const question of event.questions) {
-          this.metricsManager.trackDnsQuery(
+          this.metricsManager?.trackDnsQuery(
             question.type,
             question.name,
             false,
@@ -1409,8 +1553,8 @@ export class DcRouter {
         // Use the built-in socket handler from smartdns
         // This handles HTTP/2, DoH protocol, etc.
         await (this.dnsServer as any).handleHttpsSocket(socket);
-      } catch (error) {
-        logger.log('error', `DNS socket handler error: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `DNS socket handler error: ${(error as Error).message}`);
         if (!socket.destroyed) {
           socket.destroy();
         }
@@ -1551,14 +1695,14 @@ export class DcRouter {
           } else {
             logger.log('warn', `Invalid DKIM record structure in ${file}`);
           }
-        } catch (error) {
-          logger.log('error', `Failed to load DKIM record from ${file}: ${error.message}`);
+        } catch (error: unknown) {
+          logger.log('error', `Failed to load DKIM record from ${file}: ${(error as Error).message}`);
         }
       }
-    } catch (error) {
-      logger.log('error', `Failed to load DKIM records: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to load DKIM records: ${(error as Error).message}`);
     }
-    
+
     return records;
   }
   
@@ -1590,11 +1734,11 @@ export class DcRouter {
         // This ensures keys are ready even if DNS mode changes later
         await dkimCreator.handleDKIMKeysForDomain(domainConfig.domain);
         logger.log('info', `DKIM keys initialized for ${domainConfig.domain}`);
-      } catch (error) {
-        logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `Failed to initialize DKIM for ${domainConfig.domain}: ${(error as Error).message}`);
       }
     }
-    
+
     logger.log('info', 'DKIM initialization complete');
   }
   
@@ -1635,10 +1779,10 @@ export class DcRouter {
         } else {
           logger.log('warn', 'Could not auto-discover public IPv4 address');
         }
-      } catch (error) {
-        logger.log('error', `Failed to auto-discover public IP: ${error.message}`);
+      } catch (error: unknown) {
+        logger.log('error', `Failed to auto-discover public IP: ${(error as Error).message}`);
       }
-      
+
       if (!publicIp) {
         logger.log('warn', 'No public IP available. Nameserver A records require either proxyIps, publicIp, or successful auto-discovery.');
       }
@@ -1732,8 +1876,8 @@ export class DcRouter {
       }
       
       return null;
-    } catch (error) {
-      logger.log('warn', `Failed to detect public IP: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to detect public IP: ${(error as Error).message}`);
       return null;
     }
   }
@@ -1767,8 +1911,8 @@ export class DcRouter {
         const keyPem = plugins.fs.readFileSync(riCfg.tls.keyPath, 'utf8');
         tlsConfig = { certPem, keyPem };
         logger.log('info', 'Using explicit TLS cert/key for RemoteIngress tunnel');
-      } catch (err) {
-        logger.log('warn', `Failed to read RemoteIngress TLS cert/key files: ${err.message}`);
+      } catch (err: unknown) {
+        logger.log('warn', `Failed to read RemoteIngress TLS cert/key files: ${(err as Error).message}`);
       }
     }
 

ts/config/validator.ts

@@ -170,7 +170,7 @@ export class ConfigValidator {
                 } else if (rules.items.schema && itemType === 'object') {
                   const itemResult = this.validate(value[i], rules.items.schema);
                   if (!itemResult.valid) {
-                    errors.push(...itemResult.errors.map(err => `${key}[${i}].${err}`));
+                    errors.push(...itemResult.errors!.map(err => `${key}[${i}].${err}`));
                   }
                 }
               }
@@ -181,7 +181,7 @@ export class ConfigValidator {
             if (rules.schema) {
               const nestedResult = this.validate(value, rules.schema);
               if (!nestedResult.valid) {
-                errors.push(...nestedResult.errors.map(err => `${key}.${err}`));
+                errors.push(...nestedResult.errors!.map(err => `${key}.${err}`));
               }
               validatedConfig[key] = nestedResult.config;
             }
@@ -233,8 +233,8 @@ export class ConfigValidator {
 
       // Apply defaults to array items
       if (result[key] && rules.type === 'array' && rules.items && rules.items.schema) {
-        result[key] = result[key].map(item => 
-          typeof item === 'object' ? this.applyDefaults(item, rules.items.schema) : item
+        result[key] = result[key].map(item =>
+          typeof item === 'object' ? this.applyDefaults(item, rules.items!.schema!) : item
         );
       }
     }
@@ -255,7 +255,7 @@ export class ConfigValidator {
     
     if (!result.valid) {
       throw new ValidationError(
-        `Configuration validation failed: ${result.errors.join(', ')}`,
+        `Configuration validation failed: ${result.errors!.join(', ')}`,
         'CONFIG_VALIDATION_ERROR',
         { data: { errors: result.errors } }
       );

ts/errors/base.errors.ts

@@ -227,7 +227,7 @@ export class PlatformError extends Error {
     const { retry } = this.context;
     if (!retry) return false;
     
-    return retry.currentRetry < retry.maxRetries;
+    return (retry.currentRetry ?? 0) < (retry.maxRetries ?? 0);
   }
 
   /**

ts/index.ts

@@ -35,6 +35,6 @@ export const runCli = async () => {
     await dcRouter.stop();
     process.exit(0);
   };
-  process.on('SIGINT', shutdown);
-  process.on('SIGTERM', shutdown);
+  process.once('SIGINT', shutdown);
+  process.once('SIGTERM', shutdown);
 };

ts/monitoring/classes.metricsmanager.ts

@@ -296,11 +296,11 @@ export class MetricsManager {
       const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
       
       if (!proxyMetrics) {
-        return [];
+        return [] as Array<{ type: string; count: number; source: string; lastActivity: Date }>;
       }
-      
+
       const connectionsByRoute = proxyMetrics.connections.byRoute();
-      const connectionInfo = [];
+      const connectionInfo: Array<{ type: string; count: number; source: string; lastActivity: Date }> = [];
       
       for (const [routeName, count] of connectionsByRoute) {
         connectionInfo.push({
@@ -558,6 +558,7 @@ export class MetricsManager {
           throughputByIP: new Map<string, { in: number; out: number }>(),
           requestsPerSecond: 0,
           requestsTotal: 0,
+          backends: [] as Array<any>,
         };
       }
 
@@ -590,6 +591,110 @@ export class MetricsManager {
       const requestsPerSecond = proxyMetrics.requests.perSecond();
       const requestsTotal = proxyMetrics.requests.total();
 
+      // Collect backend protocol data
+      const backendMetrics = proxyMetrics.backends.byBackend();
+      const protocolCache = proxyMetrics.backends.detectedProtocols();
+
+      // Group protocol cache entries by host:port so we can match them to backend metrics.
+      // The protocol cache is keyed by (host, port, domain) in Rust, so the same host:port
+      // can have multiple entries for different domains.
+      const cacheByBackend = new Map<string, (typeof protocolCache)[number][]>();
+      for (const entry of protocolCache) {
+        const backendKey = `${entry.host}:${entry.port}`;
+        let entries = cacheByBackend.get(backendKey);
+        if (!entries) {
+          entries = [];
+          cacheByBackend.set(backendKey, entries);
+        }
+        entries.push(entry);
+      }
+
+      const backends: Array<any> = [];
+      const seenCacheKeys = new Set<string>();
+
+      for (const [key, bm] of backendMetrics) {
+        const cacheEntries = cacheByBackend.get(key);
+        if (!cacheEntries || cacheEntries.length === 0) {
+          // No protocol cache entry — emit one row with backend metrics only
+          backends.push({
+            backend: key,
+            domain: null,
+            protocol: bm.protocol,
+            activeConnections: bm.activeConnections,
+            totalConnections: bm.totalConnections,
+            connectErrors: bm.connectErrors,
+            handshakeErrors: bm.handshakeErrors,
+            requestErrors: bm.requestErrors,
+            avgConnectTimeMs: Math.round(bm.avgConnectTimeMs * 10) / 10,
+            poolHitRate: Math.round(bm.poolHitRate * 1000) / 1000,
+            h2Failures: bm.h2Failures,
+            h2Suppressed: false,
+            h3Suppressed: false,
+            h2CooldownRemainingSecs: null,
+            h3CooldownRemainingSecs: null,
+            h2ConsecutiveFailures: null,
+            h3ConsecutiveFailures: null,
+            h3Port: null,
+            cacheAgeSecs: null,
+          });
+        } else {
+          // One row per domain, each enriched with the shared backend metrics
+          for (const cache of cacheEntries) {
+            const compositeKey = `${cache.host}:${cache.port}:${cache.domain ?? ''}`;
+            seenCacheKeys.add(compositeKey);
+            backends.push({
+              backend: key,
+              domain: cache.domain ?? null,
+              protocol: cache.protocol ?? bm.protocol,
+              activeConnections: bm.activeConnections,
+              totalConnections: bm.totalConnections,
+              connectErrors: bm.connectErrors,
+              handshakeErrors: bm.handshakeErrors,
+              requestErrors: bm.requestErrors,
+              avgConnectTimeMs: Math.round(bm.avgConnectTimeMs * 10) / 10,
+              poolHitRate: Math.round(bm.poolHitRate * 1000) / 1000,
+              h2Failures: bm.h2Failures,
+              h2Suppressed: cache.h2Suppressed,
+              h3Suppressed: cache.h3Suppressed,
+              h2CooldownRemainingSecs: cache.h2CooldownRemainingSecs,
+              h3CooldownRemainingSecs: cache.h3CooldownRemainingSecs,
+              h2ConsecutiveFailures: cache.h2ConsecutiveFailures,
+              h3ConsecutiveFailures: cache.h3ConsecutiveFailures,
+              h3Port: cache.h3Port,
+              cacheAgeSecs: cache.ageSecs,
+            });
+          }
+        }
+      }
+
+      // Include protocol cache entries with no matching backend metric
+      for (const entry of protocolCache) {
+        const compositeKey = `${entry.host}:${entry.port}:${entry.domain ?? ''}`;
+        if (!seenCacheKeys.has(compositeKey)) {
+          backends.push({
+            backend: `${entry.host}:${entry.port}`,
+            domain: entry.domain,
+            protocol: entry.protocol,
+            activeConnections: 0,
+            totalConnections: 0,
+            connectErrors: 0,
+            handshakeErrors: 0,
+            requestErrors: 0,
+            avgConnectTimeMs: 0,
+            poolHitRate: 0,
+            h2Failures: 0,
+            h2Suppressed: entry.h2Suppressed,
+            h3Suppressed: entry.h3Suppressed,
+            h2CooldownRemainingSecs: entry.h2CooldownRemainingSecs,
+            h3CooldownRemainingSecs: entry.h3CooldownRemainingSecs,
+            h2ConsecutiveFailures: entry.h2ConsecutiveFailures,
+            h3ConsecutiveFailures: entry.h3ConsecutiveFailures,
+            h3Port: entry.h3Port,
+            cacheAgeSecs: entry.ageSecs,
+          });
+        }
+      }
+
       return {
         connectionsByIP,
         throughputRate,
@@ -599,6 +704,7 @@ export class MetricsManager {
         throughputByIP,
         requestsPerSecond,
         requestsTotal,
+        backends,
       };
     }, 1000); // 1s cache — matches typical dashboard poll interval
   }

ts/opsserver/classes.opsserver.ts

@@ -7,7 +7,7 @@ import { requireValidIdentity, requireAdminIdentity } from './helpers/guards.js'
 
 export class OpsServer {
   public dcRouterRef: DcRouter;
-  public server: plugins.typedserver.utilityservers.UtilityWebsiteServer;
+  public server!: plugins.typedserver.utilityservers.UtilityWebsiteServer;
 
   // Main TypedRouter — unauthenticated endpoints (login/logout/verify) and own-auth handlers
   public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -17,17 +17,17 @@ export class OpsServer {
   public adminRouter = new plugins.typedrequest.TypedRouter<{ request: { identity: interfaces.data.IIdentity } }>();
 
   // Handler instances
-  public adminHandler: handlers.AdminHandler;
-  private configHandler: handlers.ConfigHandler;
-  private logsHandler: handlers.LogsHandler;
-  private securityHandler: handlers.SecurityHandler;
-  private statsHandler: handlers.StatsHandler;
-  private radiusHandler: handlers.RadiusHandler;
-  private emailOpsHandler: handlers.EmailOpsHandler;
-  private certificateHandler: handlers.CertificateHandler;
-  private remoteIngressHandler: handlers.RemoteIngressHandler;
-  private routeManagementHandler: handlers.RouteManagementHandler;
-  private apiTokenHandler: handlers.ApiTokenHandler;
+  public adminHandler!: handlers.AdminHandler;
+  private configHandler!: handlers.ConfigHandler;
+  private logsHandler!: handlers.LogsHandler;
+  private securityHandler!: handlers.SecurityHandler;
+  private statsHandler!: handlers.StatsHandler;
+  private radiusHandler!: handlers.RadiusHandler;
+  private emailOpsHandler!: handlers.EmailOpsHandler;
+  private certificateHandler!: handlers.CertificateHandler;
+  private remoteIngressHandler!: handlers.RemoteIngressHandler;
+  private routeManagementHandler!: handlers.RouteManagementHandler;
+  private apiTokenHandler!: handlers.ApiTokenHandler;
 
   constructor(dcRouterRefArg: DcRouter) {
     this.dcRouterRef = dcRouterRefArg;
@@ -39,7 +39,7 @@ export class OpsServer {
   public async start() {
     this.server = new plugins.typedserver.utilityservers.UtilityWebsiteServer({
       domain: 'localhost',
-      feedMetadata: null,
+      feedMetadata: undefined,
       serveDir: paths.distServe,
     });
     

ts/opsserver/handlers/admin.handler.ts

@@ -12,7 +12,7 @@ export class AdminHandler {
   public typedrouter = new plugins.typedrequest.TypedRouter();
   
   // JWT instance
-  public smartjwtInstance: plugins.smartjwt.SmartJwt<IJwtData>;
+  public smartjwtInstance!: plugins.smartjwt.SmartJwt<IJwtData>;
   
   // Simple in-memory user storage (in production, use proper database)
   private users = new Map<string, {

ts/opsserver/handlers/certificate.handler.ts

@@ -311,8 +311,8 @@ export class CertificateHandler {
         }
       }
       return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
-    } catch (err) {
-      return { success: false, message: err.message || 'Failed to reprovision certificate' };
+    } catch (err: unknown) {
+      return { success: false, message: (err as Error).message || 'Failed to reprovision certificate' };
     }
   }
 
@@ -340,8 +340,8 @@ export class CertificateHandler {
       try {
         await dcRouter.smartAcme.getCertificateForDomain(domain);
         return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}'` };
-      } catch (err) {
-        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      } catch (err: unknown) {
+        return { success: false, message: (err as Error).message || `Failed to reprovision certificate for ${domain}` };
       }
     }
 
@@ -351,8 +351,8 @@ export class CertificateHandler {
       try {
         await smartProxy.provisionCertificate(routeNames[0]);
         return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}' via route '${routeNames[0]}'` };
-      } catch (err) {
-        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      } catch (err: unknown) {
+        return { success: false, message: (err as Error).message || `Failed to reprovision certificate for ${domain}` };
       }
     }
 

ts/opsserver/handlers/radius.handler.ts

@@ -52,8 +52,8 @@ export class RadiusHandler {
           try {
             await radiusServer.addClient(dataArg.client);
             return { success: true };
-          } catch (error) {
-            return { success: false, message: error.message };
+          } catch (error: unknown) {
+            return { success: false, message: (error as Error).message };
           }
         }
       )
@@ -144,8 +144,8 @@ export class RadiusHandler {
                 updatedAt: mapping.updatedAt,
               },
             };
-          } catch (error) {
-            return { success: false, message: error.message };
+          } catch (error: unknown) {
+            return { success: false, message: (error as Error).message };
           }
         }
       )

ts/opsserver/handlers/security.handler.ts

@@ -101,6 +101,7 @@ export class SecurityHandler {
               throughputByIP,
               requestsPerSecond: networkStats.requestsPerSecond || 0,
               requestsTotal: networkStats.requestsTotal || 0,
+              backends: networkStats.backends || [],
             };
           }
 
@@ -114,6 +115,7 @@ export class SecurityHandler {
             throughputByIP: [],
             requestsPerSecond: 0,
             requestsTotal: 0,
+            backends: [],
           };
         }
       )

ts/opsserver/handlers/stats.handler.ts

@@ -279,7 +279,7 @@ export class StatsHandler {
           if (sections.network && this.opsServerRef.dcRouterRef.metricsManager) {
             promises.push(
               (async () => {
-                const stats = await this.opsServerRef.dcRouterRef.metricsManager.getNetworkStats();
+                const stats = await this.opsServerRef.dcRouterRef.metricsManager!.getNetworkStats();
                 const serverStats = await this.collectServerStats();
 
                 // Build per-IP bandwidth lookup from throughputByIP
@@ -309,6 +309,7 @@ export class StatsHandler {
                   throughputHistory: stats.throughputHistory || [],
                   requestsPerSecond: stats.requestsPerSecond || 0,
                   requestsTotal: stats.requestsTotal || 0,
+                  backends: stats.backends || [],
                 };
               })()
             );
@@ -489,44 +490,41 @@ export class StatsHandler {
       message?: string;
     }>;
   }> {
-    const services: Array<{
-      name: string;
-      status: 'healthy' | 'degraded' | 'unhealthy';
-      message?: string;
-    }> = [];
-    
-    // Check HTTP Proxy
-    if (this.opsServerRef.dcRouterRef.smartProxy) {
-      services.push({
-        name: 'HTTP/HTTPS Proxy',
-        status: 'healthy',
-      });
-    }
-    
-    // Check Email Server
-    if (this.opsServerRef.dcRouterRef.emailServer) {
-      services.push({
-        name: 'Email Server',
-        status: 'healthy',
-      });
-    }
-    
-    // Check DNS Server
-    if (this.opsServerRef.dcRouterRef.dnsServer) {
-      services.push({
-        name: 'DNS Server',
-        status: 'healthy',
-      });
-    }
-    
-    // Check OpsServer
-    services.push({
-      name: 'OpsServer',
-      status: 'healthy',
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const health = dcRouter.serviceManager.getHealth();
+
+    const services = health.services.map((svc) => {
+      let status: 'healthy' | 'degraded' | 'unhealthy';
+      switch (svc.state) {
+        case 'running':
+          status = 'healthy';
+          break;
+        case 'starting':
+        case 'degraded':
+          status = 'degraded';
+          break;
+        case 'failed':
+          status = svc.criticality === 'critical' ? 'unhealthy' : 'degraded';
+          break;
+        case 'stopped':
+        case 'stopping':
+        default:
+          status = 'degraded';
+          break;
+      }
+
+      let message: string | undefined;
+      if (svc.state === 'failed' && svc.lastError) {
+        message = svc.lastError;
+      } else if (svc.retryCount > 0 && svc.state !== 'running') {
+        message = `Retry attempt ${svc.retryCount}`;
+      }
+
+      return { name: svc.name, status, message };
     });
-    
-    const healthy = services.every(s => s.status === 'healthy');
-    
+
+    const healthy = health.overall === 'healthy';
+
     return {
       healthy,
       services,

ts/plugins.ts

@@ -62,8 +62,9 @@ import * as smartradius from '@push.rocks/smartradius';
 import * as smartrequest from '@push.rocks/smartrequest';
 import * as smartrx from '@push.rocks/smartrx';
 import * as smartunique from '@push.rocks/smartunique';
+import * as taskbuffer from '@push.rocks/taskbuffer';
 
-export { projectinfo, qenv, smartacme, smartdata, smartdns, smartfile, smartguard, smartjwt, smartlog, smartmetrics, smartmongo, smartmta, smartnetwork, smartpath, smartproxy, smartpromise, smartradius, smartrequest, smartrx, smartunique };
+export { projectinfo, qenv, smartacme, smartdata, smartdns, smartfile, smartguard, smartjwt, smartlog, smartmetrics, smartmongo, smartmta, smartnetwork, smartpath, smartproxy, smartpromise, smartradius, smartrequest, smartrx, smartunique, taskbuffer };
 
 // Define SmartLog types for use in error handling
 export type TLogLevel = 'error' | 'warn' | 'info' | 'success' | 'debug';

ts/radius/classes.accounting.manager.ts

@@ -92,6 +92,8 @@ export interface IAccountingManagerConfig {
   detailedLogging?: boolean;
   /** Maximum active sessions to track in memory */
   maxActiveSessions?: number;
+  /** Stale session timeout in hours — sessions with no update for this long are evicted (default: 24) */
+  staleSessionTimeoutHours?: number;
 }
 
 /**
@@ -105,6 +107,7 @@ export class AccountingManager {
   private activeSessions: Map<string, IAccountingSession> = new Map();
   private config: Required<IAccountingManagerConfig>;
   private storageManager?: StorageManager;
+  private staleSessionSweepTimer?: ReturnType<typeof setInterval>;
 
   // Counters for statistics
   private stats = {
@@ -121,6 +124,7 @@ export class AccountingManager {
       retentionDays: config?.retentionDays ?? 30,
       detailedLogging: config?.detailedLogging ?? false,
       maxActiveSessions: config?.maxActiveSessions ?? 10000,
+      staleSessionTimeoutHours: config?.staleSessionTimeoutHours ?? 24,
     };
     this.storageManager = storageManager;
   }
@@ -132,9 +136,60 @@ export class AccountingManager {
     if (this.storageManager) {
       await this.loadActiveSessions();
     }
+
+    // Start periodic sweep to evict stale sessions (every 15 minutes)
+    this.staleSessionSweepTimer = setInterval(() => {
+      this.sweepStaleSessions();
+    }, 15 * 60 * 1000);
+    // Allow the process to exit even if the timer is pending
+    if (this.staleSessionSweepTimer.unref) {
+      this.staleSessionSweepTimer.unref();
+    }
+
     logger.log('info', `AccountingManager initialized with ${this.activeSessions.size} active sessions`);
   }
 
+  /**
+   * Stop the accounting manager and clean up timers
+   */
+  stop(): void {
+    if (this.staleSessionSweepTimer) {
+      clearInterval(this.staleSessionSweepTimer);
+      this.staleSessionSweepTimer = undefined;
+    }
+  }
+
+  /**
+   * Sweep stale active sessions that have not received any update
+   * within the configured timeout. These are orphaned sessions where
+   * the Stop packet was never received.
+   */
+  private sweepStaleSessions(): void {
+    const timeoutMs = this.config.staleSessionTimeoutHours * 60 * 60 * 1000;
+    const cutoff = Date.now() - timeoutMs;
+    let swept = 0;
+
+    for (const [sessionId, session] of this.activeSessions) {
+      if (session.lastUpdateTime < cutoff) {
+        session.status = 'terminated';
+        session.terminateCause = 'StaleSessionTimeout';
+        session.endTime = Date.now();
+        session.sessionTime = Math.floor((session.endTime - session.startTime) / 1000);
+
+        if (this.storageManager) {
+          this.archiveSession(session).catch(() => {});
+        }
+
+        this.activeSessions.delete(sessionId);
+        swept++;
+      }
+    }
+
+    if (swept > 0) {
+      logger.log('info', `Swept ${swept} stale RADIUS sessions (no update for ${this.config.staleSessionTimeoutHours}h)`);
+    }
+  }
+
   /**
    * Handle accounting start request
    */
@@ -463,8 +518,8 @@ export class AccountingManager {
       if (deletedCount > 0) {
         logger.log('info', `Cleaned up ${deletedCount} old accounting sessions`);
       }
-    } catch (error) {
-      logger.log('error', `Failed to cleanup old sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to cleanup old sessions: ${(error as Error).message}`);
     }
 
     return deletedCount;
@@ -527,8 +582,8 @@ export class AccountingManager {
           // Ignore individual errors
         }
       }
-    } catch (error) {
-      logger.log('warn', `Failed to load active sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to load active sessions: ${(error as Error).message}`);
     }
   }
 
@@ -543,8 +598,8 @@ export class AccountingManager {
     const key = `${this.config.storagePrefix}/active/${session.sessionId}.json`;
     try {
       await this.storageManager.setJSON(key, session);
-    } catch (error) {
-      logger.log('error', `Failed to persist session ${session.sessionId}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to persist session ${session.sessionId}: ${(error as Error).message}`);
     }
   }
 
@@ -565,8 +620,8 @@ export class AccountingManager {
       const date = new Date(session.endTime);
       const archiveKey = `${this.config.storagePrefix}/archive/${date.getFullYear()}/${String(date.getMonth() + 1).padStart(2, '0')}/${String(date.getDate()).padStart(2, '0')}/${session.sessionId}.json`;
       await this.storageManager.setJSON(archiveKey, session);
-    } catch (error) {
-      logger.log('error', `Failed to archive session ${session.sessionId}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to archive session ${session.sessionId}: ${(error as Error).message}`);
     }
   }
 
@@ -598,8 +653,8 @@ export class AccountingManager {
           // Ignore individual errors
         }
       }
-    } catch (error) {
-      logger.log('warn', `Failed to get archived sessions: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to get archived sessions: ${(error as Error).message}`);
     }
 
     return sessions;

ts/radius/classes.radius.server.ts

@@ -183,6 +183,8 @@ export class RadiusServer {
       this.radiusServer = undefined;
     }
 
+    this.accountingManager.stop();
+
     this.running = false;
     logger.log('info', 'RADIUS server stopped');
   }
@@ -308,8 +310,8 @@ export class RadiusServer {
         default:
           logger.log('debug', `RADIUS Acct Unknown status type: ${statusType}`);
       }
-    } catch (error) {
-      logger.log('error', `RADIUS accounting error: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `RADIUS accounting error: ${(error as Error).message}`);
     }
 
     return { code: plugins.smartradius.ERadiusCode.AccountingResponse };

ts/radius/classes.vlan.manager.ts

@@ -104,7 +104,7 @@ export class VlanManager {
     if (this.normalizedMacCache.size > 10000) {
       const iterator = this.normalizedMacCache.keys();
       for (let i = 0; i < 1000; i++) {
-        this.normalizedMacCache.delete(iterator.next().value);
+        this.normalizedMacCache.delete(iterator.next().value!);
       }
     }
 
@@ -348,8 +348,8 @@ export class VlanManager {
         }
         logger.log('info', `Loaded ${data.length} VLAN mappings from storage`);
       }
-    } catch (error) {
-      logger.log('warn', `Failed to load VLAN mappings from storage: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Failed to load VLAN mappings from storage: ${(error as Error).message}`);
     }
   }
 
@@ -364,8 +364,8 @@ export class VlanManager {
     try {
       const mappings = Array.from(this.mappings.values());
       await this.storageManager.setJSON(this.config.storagePrefix, mappings);
-    } catch (error) {
-      logger.log('error', `Failed to save VLAN mappings to storage: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to save VLAN mappings to storage: ${(error as Error).message}`);
     }
   }
 }

ts/readme.md

@@ -136,7 +136,7 @@ Manages the Rust-based RemoteIngressHub lifecycle. Syncs allowed edges, tracks c
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts/security/classes.contentscanner.ts

@@ -60,7 +60,7 @@ export enum ThreatCategory {
  * Content Scanner for detecting malicious email content
  */
 export class ContentScanner {
-  private static instance: ContentScanner;
+  private static instance: ContentScanner | undefined;
   private scanCache: LRUCache<string, IScanResult>;
   private options: Required<IContentScannerOptions>;
   
@@ -258,12 +258,12 @@ export class ContentScanner {
       }
       
       return result;
-    } catch (error) {
-      logger.log('error', `Error scanning email: ${error.message}`, {
+    } catch (error: unknown) {
+      logger.log('error', `Error scanning email: ${(error as Error).message}`, {
         messageId: email.getMessageId(),
-        error: error.stack
+        error: (error as Error).stack
       });
-      
+
       // Return a safe default with error indication
       return {
         isClean: true, // Let it pass if scanner fails (configure as desired)
@@ -271,7 +271,7 @@ export class ContentScanner {
         scannedElements: ['error'],
         timestamp: Date.now(),
         threatType: 'scan_error',
-        threatDetails: `Scan error: ${error.message}`
+        threatDetails: `Scan error: ${(error as Error).message}`
       };
     }
   }
@@ -625,8 +625,8 @@ export class ContentScanner {
       return sample.toString('utf8')
         .replace(/[\x00-\x09\x0B-\x1F\x7F-\x9F]/g, '') // Remove control chars
         .replace(/\uFFFD/g, ''); // Remove replacement char
-    } catch (error) {
-      logger.log('warn', `Error extracting text from buffer: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('warn', `Error extracting text from buffer: ${(error as Error).message}`);
       return '';
     }
   }
@@ -699,10 +699,10 @@ export class ContentScanner {
         subject: email.subject
       },
       success: false,
-      domain: email.getFromDomain()
+      domain: email.getFromDomain() ?? undefined
     });
   }
-  
+
   /**
    * Log a threat finding to the security logger
    * @param email The email containing the threat
@@ -722,10 +722,10 @@ export class ContentScanner {
         subject: email.subject
       },
       success: false,
-      domain: email.getFromDomain()
+      domain: email.getFromDomain() ?? undefined
     });
   }
-  
+
   /**
    * Get threat level description based on score
    * @param score Threat score

ts/security/classes.ipreputationchecker.ts

@@ -61,7 +61,7 @@ export interface IIPReputationOptions {
  * Class for checking IP reputation of inbound email senders
  */
 export class IPReputationChecker {
-  private static instance: IPReputationChecker;
+  private static instance: IPReputationChecker | undefined;
   private reputationCache: LRUCache<string, IReputationResult>;
   private options: Required<IIPReputationOptions>;
   private storageManager?: any; // StorageManager instance
@@ -127,8 +127,8 @@ export class IPReputationChecker {
     // Load cache from disk if enabled
     if (this.options.enableLocalCache) {
       // Fire and forget the load operation
-      this.loadCache().catch(error => {
-        logger.log('error', `Failed to load IP reputation cache during initialization: ${error.message}`);
+      this.loadCache().catch((error: unknown) => {
+        logger.log('error', `Failed to load IP reputation cache during initialization: ${(error as Error).message}`);
       });
     }
   }
@@ -237,13 +237,13 @@ export class IPReputationChecker {
       this.logReputationCheck(ip, result);
       
       return result;
-    } catch (error) {
-      logger.log('error', `Error checking IP reputation for ${ip}: ${error.message}`, {
+    } catch (error: unknown) {
+      logger.log('error', `Error checking IP reputation for ${ip}: ${(error as Error).message}`, {
         ip,
-        stack: error.stack
+        stack: (error as Error).stack
       });
-      
-      return this.createErrorResult(ip, error.message);
+
+      return this.createErrorResult(ip, (error as Error).message);
     }
   }
   
@@ -266,8 +266,8 @@ export class IPReputationChecker {
             const lookupDomain = `${reversedIP}.${server}`;
             await plugins.dns.promises.resolve(lookupDomain);
             return server; // IP is listed in this DNSBL
-          } catch (error) {
-            if (error.code === 'ENOTFOUND') {
+          } catch (error: unknown) {
+            if ((error as any).code === 'ENOTFOUND') {
               return null; // IP is not listed in this DNSBL
             }
             throw error; // Other error
@@ -286,8 +286,8 @@ export class IPReputationChecker {
         listCount: lists.length,
         lists
       };
-    } catch (error) {
-      logger.log('error', `Error checking DNSBL for ${ip}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error checking DNSBL for ${ip}: ${(error as Error).message}`);
       return {
         listCount: 0,
         lists: []
@@ -349,8 +349,8 @@ export class IPReputationChecker {
         org: this.determineOrg(ip), // Simplified, would use real org data
         type
       };
-    } catch (error) {
-      logger.log('error', `Error getting IP info for ${ip}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Error getting IP info for ${ip}: ${(error as Error).message}`);
       return {
         type: IPType.UNKNOWN
       };
@@ -468,8 +468,8 @@ export class IPReputationChecker {
     }
     this.saveCacheTimer = setTimeout(() => {
       this.saveCacheTimer = null;
-      this.saveCache().catch(error => {
-        logger.log('error', `Failed to save IP reputation cache: ${error.message}`);
+      this.saveCache().catch((error: unknown) => {
+        logger.log('error', `Failed to save IP reputation cache: ${(error as Error).message}`);
       });
     }, IPReputationChecker.SAVE_CACHE_DEBOUNCE_MS);
   }
@@ -506,11 +506,11 @@ export class IPReputationChecker {
         
         logger.log('info', `Saved ${entries.length} IP reputation cache entries to disk`);
       }
-    } catch (error) {
-      logger.log('error', `Failed to save IP reputation cache: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to save IP reputation cache: ${(error as Error).message}`);
     }
   }
-  
+
   /**
    * Load cache from disk or storage manager
    */
@@ -542,12 +542,12 @@ export class IPReputationChecker {
                 plugins.fs.unlinkSync(cacheFile);
                 logger.log('info', 'Old cache file removed after migration');
               } catch (deleteError) {
-                logger.log('warn', `Could not delete old cache file: ${deleteError.message}`);
+                logger.log('warn', `Could not delete old cache file: ${(deleteError as Error).message}`);
               }
             }
           }
-        } catch (error) {
-          logger.log('error', `Error loading from StorageManager: ${error.message}`);
+        } catch (error: unknown) {
+          logger.log('error', `Error loading from StorageManager: ${(error as Error).message}`);
         }
       } else {
         // No storage manager, load from filesystem
@@ -578,8 +578,8 @@ export class IPReputationChecker {
         const source = fromFilesystem ? 'disk' : 'StorageManager';
         logger.log('info', `Loaded ${validEntries.length} IP reputation cache entries from ${source}`);
       }
-    } catch (error) {
-      logger.log('error', `Failed to load IP reputation cache: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to load IP reputation cache: ${(error as Error).message}`);
     }
   }
   
@@ -611,8 +611,8 @@ export class IPReputationChecker {
     
     // If cache is enabled and we have entries, save them to the new storage manager
     if (this.options.enableLocalCache && this.reputationCache.size > 0) {
-      this.saveCache().catch(error => {
-        logger.log('error', `Failed to save cache to new storage manager: ${error.message}`);
+      this.saveCache().catch((error: unknown) => {
+        logger.log('error', `Failed to save cache to new storage manager: ${(error as Error).message}`);
       });
     }
   }

ts/security/classes.securitylogger.ts

@@ -58,7 +58,7 @@ export interface ISecurityEvent {
  * Security logger for enhanced security monitoring
  */
 export class SecurityLogger {
-  private static instance: SecurityLogger;
+  private static instance: SecurityLogger | undefined;
   private securityEvents: ISecurityEvent[] = [];
   private maxEventHistory: number;
   private enableNotifications: boolean;
@@ -154,11 +154,13 @@ export class SecurityLogger {
       }
       
       if (filter.fromTimestamp) {
-        filteredEvents = filteredEvents.filter(event => event.timestamp >= filter.fromTimestamp);
+        const fromTs = filter.fromTimestamp;
+        filteredEvents = filteredEvents.filter(event => event.timestamp >= fromTs);
       }
-      
+
       if (filter.toTimestamp) {
-        filteredEvents = filteredEvents.filter(event => event.timestamp <= filter.toTimestamp);
+        const toTs = filter.toTimestamp;
+        filteredEvents = filteredEvents.filter(event => event.timestamp <= toTs);
       }
     }
     

ts/sms/classes.smsservice.ts

@@ -7,7 +7,7 @@ import { smsConfigSchema } from './config/sms.schema.js';
 import { ConfigValidator } from '../config/validator.js';
 
 export class SmsService {
-  public projectinfo: plugins.projectinfo.ProjectInfo;
+  public projectinfo!: plugins.projectinfo.ProjectInfo;
   public typedrouter = new plugins.typedrequest.TypedRouter();
   public config: ISmsConfig;
 
@@ -16,7 +16,7 @@ export class SmsService {
     const validationResult = ConfigValidator.validate(options, smsConfigSchema);
     
     if (!validationResult.valid) {
-      logger.warn(`SMS service configuration has validation errors: ${validationResult.errors.join(', ')}`);
+      logger.warn(`SMS service configuration has validation errors: ${validationResult.errors!.join(', ')}`);
     }
     
     // Set configuration with defaults
@@ -30,7 +30,7 @@ export class SmsService {
    */
   public async start() {
     logger.log('info', `starting sms service`);
-    this.projectinfo = new plugins.projectinfo.ProjectInfo(paths.packageDir);
+    this.projectinfo = await plugins.projectinfo.ProjectInfo.create(paths.packageDir);
     this.typedrouter.addTypedHandler(
       new plugins.typedrequest.TypedHandler<plugins.servezoneInterfaces.platformservice.sms.IRequest_SendSms>(
         'sendSms',

ts/storage/classes.storagemanager.ts

@@ -15,7 +15,7 @@ export interface IStorageConfig {
   /** Filesystem path for storage */
   fsPath?: string;
   /** Custom read function */
-  readFunction?: (key: string) => Promise<string>;
+  readFunction?: (key: string) => Promise<string | null>;
   /** Custom write function */
   writeFunction?: (key: string, value: string) => Promise<void>;
 }
@@ -57,9 +57,7 @@ export class StorageManager {
       this.ensureDirectory(this.fsBasePath);
       
       // Set up internal filesystem read/write functions
-      this.config.readFunction = async (key: string) => {
-        return this.fsRead(key);
-      };
+      this.config.readFunction = (key: string): Promise<string | null> => this.fsRead(key);
       this.config.writeFunction = async (key: string, value: string) => {
         await this.fsWrite(key, value);
       };
@@ -88,8 +86,8 @@ export class StorageManager {
   private async ensureDirectory(dirPath: string): Promise<void> {
     try {
       await plugins.fsUtils.ensureDir(dirPath);
-    } catch (error) {
-      logger.log('error', `Failed to create storage directory: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to create storage directory: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -129,19 +127,19 @@ export class StorageManager {
   /**
    * Internal filesystem read function
    */
-  private async fsRead(key: string): Promise<string> {
+  private async fsRead(key: string): Promise<string | null> {
     const filePath = this.keyToPath(key);
     try {
       const content = await readFile(filePath, 'utf8');
       return content;
-    } catch (error) {
-      if (error.code === 'ENOENT') {
+    } catch (error: unknown) {
+      if ((error as any).code === 'ENOENT') {
         return null;
       }
       throw error;
     }
   }
-  
+
   /**
    * Internal filesystem write function
    */
@@ -186,8 +184,8 @@ export class StorageManager {
         default:
           throw new Error(`Unknown backend: ${this.backend}`);
       }
-    } catch (error) {
-      logger.log('error', `Storage get error for key ${key}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Storage get error for key ${key}: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -230,7 +228,7 @@ export class StorageManager {
           this.memoryStore.set(key, value);
           // Evict oldest entries if memory store exceeds limit
           while (this.memoryStore.size > StorageManager.MAX_MEMORY_ENTRIES) {
-            const firstKey = this.memoryStore.keys().next().value;
+            const firstKey = this.memoryStore.keys().next().value!;
             this.memoryStore.delete(firstKey);
           }
           break;
@@ -239,8 +237,8 @@ export class StorageManager {
         default:
           throw new Error(`Unknown backend: ${this.backend}`);
       }
-    } catch (error) {
-      logger.log('error', `Storage set error for key ${key}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Storage set error for key ${key}: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -257,8 +255,8 @@ export class StorageManager {
           const filePath = this.keyToPath(key);
           try {
             await unlink(filePath);
-          } catch (error) {
-            if (error.code !== 'ENOENT') {
+          } catch (error: unknown) {
+            if ((error as any).code !== 'ENOENT') {
               throw error;
             }
           }
@@ -281,8 +279,8 @@ export class StorageManager {
         default:
           throw new Error(`Unknown backend: ${this.backend}`);
       }
-    } catch (error) {
-      logger.log('error', `Storage delete error for key ${key}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Storage delete error for key ${key}: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -319,8 +317,8 @@ export class StorageManager {
                     }
                   }
                 }
-              } catch (error) {
-                if (error.code !== 'ENOENT') {
+              } catch (error: unknown) {
+                if ((error as any).code !== 'ENOENT') {
                   throw error;
                 }
               }
@@ -348,8 +346,8 @@ export class StorageManager {
         default:
           throw new Error(`Unknown backend: ${this.backend}`);
       }
-    } catch (error) {
-      logger.log('error', `Storage list error for prefix ${prefix}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Storage list error for prefix ${prefix}: ${(error as Error).message}`);
       throw error;
     }
   }
@@ -390,8 +388,8 @@ export class StorageManager {
     
     try {
       return JSON.parse(value) as T;
-    } catch (error) {
-      logger.log('error', `Failed to parse JSON for key ${key}: ${error.message}`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to parse JSON for key ${key}: ${(error as Error).message}`);
       throw error;
     }
   }

ts_apiclient/readme.md

@@ -259,7 +259,7 @@ Resource classes (`Route`, `Certificate`, `ApiToken`, `RemoteIngress`, `Email`)
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts_interfaces/data/stats.ts

@@ -165,6 +165,7 @@ export interface INetworkMetrics {
   throughputHistory?: Array<{ timestamp: number; in: number; out: number }>;
   requestsPerSecond?: number;
   requestsTotal?: number;
+  backends?: IBackendInfo[];
 }
 
 export interface IConnectionDetails {
@@ -174,4 +175,26 @@ export interface IConnectionDetails {
   startTime: number;
   bytesIn: number;
   bytesOut: number;
+}
+
+export interface IBackendInfo {
+  backend: string;
+  domain: string | null;
+  protocol: string;
+  activeConnections: number;
+  totalConnections: number;
+  connectErrors: number;
+  handshakeErrors: number;
+  requestErrors: number;
+  avgConnectTimeMs: number;
+  poolHitRate: number;
+  h2Failures: number;
+  h2Suppressed: boolean;
+  h3Suppressed: boolean;
+  h2CooldownRemainingSecs: number | null;
+  h3CooldownRemainingSecs: number | null;
+  h2ConsecutiveFailures: number | null;
+  h3ConsecutiveFailures: number | null;
+  h3Port: number | null;
+  cacheAgeSecs: number | null;
 }

ts_interfaces/readme.md

@@ -280,7 +280,7 @@ console.log('Connection token:', tokenResponse.token);
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts_interfaces/requests/stats.ts

@@ -179,5 +179,6 @@ export interface IReq_GetNetworkStats extends plugins.typedrequestInterfaces.imp
     throughputByIP: Array<{ ip: string; in: number; out: number }>;
     requestsPerSecond: number;
     requestsTotal: number;
+    backends?: statsInterfaces.IBackendInfo[];
   };
 }

ts_web/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@serve.zone/dcrouter',
-  version: '11.8.4',
+  version: '11.10.7',
   description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

ts_web/appstate.ts

@@ -53,6 +53,7 @@ export interface INetworkState {
   throughputHistory: Array<{ timestamp: number; in: number; out: number }>;
   requestsPerSecond: number;
   requestsTotal: number;
+  backends: interfaces.data.IBackendInfo[];
   lastUpdated: number;
   isLoading: boolean;
   error: string | null;
@@ -148,6 +149,7 @@ export const networkStatePart = await appState.getStatePart<INetworkState>(
     throughputHistory: [],
     requestsPerSecond: 0,
     requestsTotal: 0,
+    backends: [],
     lastUpdated: 0,
     isLoading: false,
     error: null,
@@ -238,7 +240,7 @@ interface IActionContext {
 }
 
 const getActionContext = (): IActionContext => {
-  const identity = loginStatePart.getState().identity;
+  const identity = loginStatePart.getState()!.identity;
   // Treat expired JWTs as no identity — prevents stale persisted sessions from firing requests
   if (identity && identity.expiresAt && identity.expiresAt < Date.now()) {
     return { identity: null };
@@ -250,7 +252,7 @@ const getActionContext = (): IActionContext => {
 export const loginAction = loginStatePart.createAction<{
   username: string;
   password: string;
-}>(async (statePartArg, dataArg) => {
+}>(async (statePartArg, dataArg): Promise<ILoginState> => {
   const typedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
     interfaces.requests.IReq_AdminLoginWithUsernameAndPassword
   >('/typedrequest', 'adminLoginWithUsernameAndPassword');
@@ -267,10 +269,10 @@ export const loginAction = loginStatePart.createAction<{
         isLoggedIn: true,
       };
     }
-    return statePartArg.getState();
-  } catch (error) {
+    return statePartArg.getState()!;
+  } catch (error: unknown) {
     console.error('Login failed:', error);
-    return statePartArg.getState();
+    return statePartArg.getState()!;
   }
 });
 
@@ -298,9 +300,9 @@ export const logoutAction = loginStatePart.createAction(async (statePartArg) =>
 });
 
 // Fetch All Stats Action - Using combined endpoint for efficiency
-export const fetchAllStatsAction = statsStatePart.createAction(async (statePartArg) => {
+export const fetchAllStatsAction = statsStatePart.createAction(async (statePartArg): Promise<IStatsState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -308,7 +310,7 @@ export const fetchAllStatsAction = statsStatePart.createAction(async (statePartA
     const combinedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
       interfaces.requests.IReq_GetCombinedMetrics
     >('/typedrequest', 'getCombinedMetrics');
-    
+
     const combinedResponse = await combinedRequest.fire({
       identity: context.identity,
       sections: {
@@ -330,19 +332,19 @@ export const fetchAllStatsAction = statsStatePart.createAction(async (statePartA
       isLoading: false,
       error: null,
     };
-  } catch (error) {
+  } catch (error: unknown) {
     return {
       ...currentState,
       isLoading: false,
-      error: error.message || 'Failed to fetch statistics',
+      error: (error as Error).message || 'Failed to fetch statistics',
     };
   }
 });
 
 // Fetch Configuration Action (read-only)
-export const fetchConfigurationAction = configStatePart.createAction(async (statePartArg) => {
+export const fetchConfigurationAction = configStatePart.createAction(async (statePartArg): Promise<IConfigState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -359,11 +361,11 @@ export const fetchConfigurationAction = configStatePart.createAction(async (stat
       isLoading: false,
       error: null,
     };
-  } catch (error) {
+  } catch (error: unknown) {
     return {
       ...currentState,
       isLoading: false,
-      error: error.message || 'Failed to fetch configuration',
+      error: (error as Error).message || 'Failed to fetch configuration',
     };
   }
 });
@@ -373,9 +375,9 @@ export const fetchRecentLogsAction = logStatePart.createAction<{
   limit?: number;
   level?: 'debug' | 'info' | 'warn' | 'error';
   category?: 'smtp' | 'dns' | 'security' | 'system' | 'email';
-}>(async (statePartArg, dataArg) => {
+}>(async (statePartArg, dataArg): Promise<ILogState> => {
   const context = getActionContext();
-  if (!context.identity) return statePartArg.getState();
+  if (!context.identity) return statePartArg.getState()!;
 
   const logsRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
     interfaces.requests.IReq_GetRecentLogs
@@ -389,14 +391,14 @@ export const fetchRecentLogsAction = logStatePart.createAction<{
   });
 
   return {
-    ...statePartArg.getState(),
+    ...statePartArg.getState()!,
     recentLogs: response.logs,
   };
 });
 
 // Toggle Auto Refresh Action
-export const toggleAutoRefreshAction = uiStatePart.createAction(async (statePartArg) => {
-  const currentState = statePartArg.getState();
+export const toggleAutoRefreshAction = uiStatePart.createAction(async (statePartArg): Promise<IUiState> => {
+  const currentState = statePartArg.getState()!;
   return {
     ...currentState,
     autoRefresh: !currentState.autoRefresh,
@@ -404,9 +406,9 @@ export const toggleAutoRefreshAction = uiStatePart.createAction(async (statePart
 });
 
 // Set Active View Action
-export const setActiveViewAction = uiStatePart.createAction<string>(async (statePartArg, viewName) => {
-  const currentState = statePartArg.getState();
-  
+export const setActiveViewAction = uiStatePart.createAction<string>(async (statePartArg, viewName): Promise<IUiState> => {
+  const currentState = statePartArg.getState()!;
+
   // If switching to network view, ensure we fetch network data
   if (viewName === 'network' && currentState.activeView !== 'network') {
     setTimeout(() => {
@@ -449,9 +451,9 @@ export const setActiveViewAction = uiStatePart.createAction<string>(async (state
 });
 
 // Fetch Network Stats Action
-export const fetchNetworkStatsAction = networkStatePart.createAction(async (statePartArg) => {
+export const fetchNetworkStatsAction = networkStatePart.createAction(async (statePartArg): Promise<INetworkState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -503,6 +505,7 @@ export const fetchNetworkStatsAction = networkStatePart.createAction(async (stat
       throughputHistory: networkStatsResponse.throughputHistory || [],
       requestsPerSecond: networkStatsResponse.requestsPerSecond || 0,
       requestsTotal: networkStatsResponse.requestsTotal || 0,
+      backends: networkStatsResponse.backends || [],
       lastUpdated: Date.now(),
       isLoading: false,
       error: null,
@@ -522,9 +525,9 @@ export const fetchNetworkStatsAction = networkStatePart.createAction(async (stat
 // ============================================================================
 
 // Fetch All Emails Action
-export const fetchAllEmailsAction = emailOpsStatePart.createAction(async (statePartArg) => {
+export const fetchAllEmailsAction = emailOpsStatePart.createAction(async (statePartArg): Promise<IEmailOpsState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -555,9 +558,9 @@ export const fetchAllEmailsAction = emailOpsStatePart.createAction(async (stateP
 // Certificate Actions
 // ============================================================================
 
-export const fetchCertificateOverviewAction = certificateStatePart.createAction(async (statePartArg) => {
+export const fetchCertificateOverviewAction = certificateStatePart.createAction(async (statePartArg): Promise<ICertificateState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -586,9 +589,9 @@ export const fetchCertificateOverviewAction = certificateStatePart.createAction(
 });
 
 export const reprovisionCertificateAction = certificateStatePart.createAction<string>(
-  async (statePartArg, domain, actionContext) => {
+  async (statePartArg, domain, actionContext): Promise<ICertificateState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -596,13 +599,13 @@ export const reprovisionCertificateAction = certificateStatePart.createAction<st
       >('/typedrequest', 'reprovisionCertificateDomain');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         domain,
       });
 
       // Re-fetch overview after reprovisioning
-      return await actionContext.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to reprovision certificate',
@@ -612,9 +615,9 @@ export const reprovisionCertificateAction = certificateStatePart.createAction<st
 );
 
 export const deleteCertificateAction = certificateStatePart.createAction<string>(
-  async (statePartArg, domain, actionContext) => {
+  async (statePartArg, domain, actionContext): Promise<ICertificateState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -622,13 +625,13 @@ export const deleteCertificateAction = certificateStatePart.createAction<string>
       >('/typedrequest', 'deleteCertificate');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         domain,
       });
 
       // Re-fetch overview after deletion
-      return await actionContext.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to delete certificate',
@@ -646,9 +649,9 @@ export const importCertificateAction = certificateStatePart.createAction<{
   publicKey: string;
   csr: string;
 }>(
-  async (statePartArg, cert, actionContext) => {
+  async (statePartArg, cert, actionContext): Promise<ICertificateState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -656,13 +659,13 @@ export const importCertificateAction = certificateStatePart.createAction<{
       >('/typedrequest', 'importCertificate');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         cert,
       });
 
       // Re-fetch overview after import
-      return await actionContext.dispatch(fetchCertificateOverviewAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchCertificateOverviewAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to import certificate',
@@ -678,7 +681,7 @@ export async function fetchCertificateExport(domain: string) {
   >('/typedrequest', 'exportCertificate');
 
   return request.fire({
-    identity: context.identity,
+    identity: context.identity!,
     domain,
   });
 }
@@ -692,16 +695,16 @@ export async function fetchConnectionToken(edgeId: string) {
   const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
     interfaces.requests.IReq_GetRemoteIngressConnectionToken
   >('/typedrequest', 'getRemoteIngressConnectionToken');
-  return request.fire({ identity: context.identity, edgeId });
+  return request.fire({ identity: context.identity!, edgeId });
 }
 
 // ============================================================================
 // Remote Ingress Actions
 // ============================================================================
 
-export const fetchRemoteIngressAction = remoteIngressStatePart.createAction(async (statePartArg) => {
+export const fetchRemoteIngressAction = remoteIngressStatePart.createAction(async (statePartArg): Promise<IRemoteIngressState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -740,9 +743,9 @@ export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
   listenPorts?: number[];
   autoDerivePorts?: boolean;
   tags?: string[];
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -750,7 +753,7 @@ export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
     >('/typedrequest', 'createRemoteIngress');
 
     const response = await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       name: dataArg.name,
       listenPorts: dataArg.listenPorts,
       autoDerivePorts: dataArg.autoDerivePorts,
@@ -759,16 +762,16 @@ export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
 
     if (response.success) {
       // Refresh the list
-      await actionContext.dispatch(fetchRemoteIngressAction, null);
+      await actionContext!.dispatch(fetchRemoteIngressAction, null);
 
       return {
-        ...statePartArg.getState(),
+        ...statePartArg.getState()!,
         newEdgeId: response.edge.id,
       };
     }
 
     return currentState;
-  } catch (error) {
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to create edge',
@@ -777,9 +780,9 @@ export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
 });
 
 export const deleteRemoteIngressAction = remoteIngressStatePart.createAction<string>(
-  async (statePartArg, edgeId, actionContext) => {
+  async (statePartArg, edgeId, actionContext): Promise<IRemoteIngressState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -787,12 +790,12 @@ export const deleteRemoteIngressAction = remoteIngressStatePart.createAction<str
       >('/typedrequest', 'deleteRemoteIngress');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         id: edgeId,
       });
 
-      return await actionContext.dispatch(fetchRemoteIngressAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchRemoteIngressAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to delete edge',
@@ -807,9 +810,9 @@ export const updateRemoteIngressAction = remoteIngressStatePart.createAction<{
   listenPorts?: number[];
   autoDerivePorts?: boolean;
   tags?: string[];
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -817,7 +820,7 @@ export const updateRemoteIngressAction = remoteIngressStatePart.createAction<{
     >('/typedrequest', 'updateRemoteIngress');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       id: dataArg.id,
       name: dataArg.name,
       listenPorts: dataArg.listenPorts,
@@ -825,8 +828,8 @@ export const updateRemoteIngressAction = remoteIngressStatePart.createAction<{
       tags: dataArg.tags,
     });
 
-    return await actionContext.dispatch(fetchRemoteIngressAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchRemoteIngressAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to update edge',
@@ -835,9 +838,9 @@ export const updateRemoteIngressAction = remoteIngressStatePart.createAction<{
 });
 
 export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.createAction<string>(
-  async (statePartArg, edgeId) => {
+  async (statePartArg, edgeId): Promise<IRemoteIngressState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -845,7 +848,7 @@ export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.create
       >('/typedrequest', 'regenerateRemoteIngressSecret');
 
       const response = await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         id: edgeId,
       });
 
@@ -867,9 +870,9 @@ export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.create
 );
 
 export const clearNewEdgeIdAction = remoteIngressStatePart.createAction(
-  async (statePartArg) => {
+  async (statePartArg): Promise<IRemoteIngressState> => {
     return {
-      ...statePartArg.getState(),
+      ...statePartArg.getState()!,
       newEdgeId: null,
     };
   }
@@ -878,9 +881,9 @@ export const clearNewEdgeIdAction = remoteIngressStatePart.createAction(
 export const toggleRemoteIngressAction = remoteIngressStatePart.createAction<{
   id: string;
   enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRemoteIngressState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -888,13 +891,13 @@ export const toggleRemoteIngressAction = remoteIngressStatePart.createAction<{
     >('/typedrequest', 'updateRemoteIngress');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       id: dataArg.id,
       enabled: dataArg.enabled,
     });
 
-    return await actionContext.dispatch(fetchRemoteIngressAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchRemoteIngressAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to toggle edge',
@@ -906,9 +909,9 @@ export const toggleRemoteIngressAction = remoteIngressStatePart.createAction<{
 // Route Management Actions
 // ============================================================================
 
-export const fetchMergedRoutesAction = routeManagementStatePart.createAction(async (statePartArg) => {
+export const fetchMergedRoutesAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -940,9 +943,9 @@ export const fetchMergedRoutesAction = routeManagementStatePart.createAction(asy
 export const createRouteAction = routeManagementStatePart.createAction<{
   route: any;
   enabled?: boolean;
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -950,13 +953,13 @@ export const createRouteAction = routeManagementStatePart.createAction<{
     >('/typedrequest', 'createRoute');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       route: dataArg.route,
       enabled: dataArg.enabled,
     });
 
-    return await actionContext.dispatch(fetchMergedRoutesAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to create route',
@@ -965,9 +968,9 @@ export const createRouteAction = routeManagementStatePart.createAction<{
 });
 
 export const deleteRouteAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, routeId, actionContext) => {
+  async (statePartArg, routeId, actionContext): Promise<IRouteManagementState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -975,12 +978,12 @@ export const deleteRouteAction = routeManagementStatePart.createAction<string>(
       >('/typedrequest', 'deleteRoute');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         id: routeId,
       });
 
-      return await actionContext.dispatch(fetchMergedRoutesAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchMergedRoutesAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to delete route',
@@ -992,9 +995,9 @@ export const deleteRouteAction = routeManagementStatePart.createAction<string>(
 export const toggleRouteAction = routeManagementStatePart.createAction<{
   id: string;
   enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -1002,13 +1005,13 @@ export const toggleRouteAction = routeManagementStatePart.createAction<{
     >('/typedrequest', 'toggleRoute');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       id: dataArg.id,
       enabled: dataArg.enabled,
     });
 
-    return await actionContext.dispatch(fetchMergedRoutesAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to toggle route',
@@ -1019,9 +1022,9 @@ export const toggleRouteAction = routeManagementStatePart.createAction<{
 export const setRouteOverrideAction = routeManagementStatePart.createAction<{
   routeName: string;
   enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -1029,13 +1032,13 @@ export const setRouteOverrideAction = routeManagementStatePart.createAction<{
     >('/typedrequest', 'setRouteOverride');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       routeName: dataArg.routeName,
       enabled: dataArg.enabled,
     });
 
-    return await actionContext.dispatch(fetchMergedRoutesAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchMergedRoutesAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to set override',
@@ -1044,9 +1047,9 @@ export const setRouteOverrideAction = routeManagementStatePart.createAction<{
 });
 
 export const removeRouteOverrideAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, routeName, actionContext) => {
+  async (statePartArg, routeName, actionContext): Promise<IRouteManagementState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -1054,12 +1057,12 @@ export const removeRouteOverrideAction = routeManagementStatePart.createAction<s
       >('/typedrequest', 'removeRouteOverride');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         routeName,
       });
 
-      return await actionContext.dispatch(fetchMergedRoutesAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchMergedRoutesAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to remove override',
@@ -1072,9 +1075,9 @@ export const removeRouteOverrideAction = routeManagementStatePart.createAction<s
 // API Token Actions
 // ============================================================================
 
-export const fetchApiTokensAction = routeManagementStatePart.createAction(async (statePartArg) => {
+export const fetchApiTokensAction = routeManagementStatePart.createAction(async (statePartArg): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
   if (!context.identity) return currentState;
 
   try {
@@ -1105,7 +1108,7 @@ export async function createApiToken(name: string, scopes: interfaces.data.TApiT
   >('/typedrequest', 'createApiToken');
 
   return request.fire({
-    identity: context.identity,
+    identity: context.identity!,
     name,
     scopes,
     expiresInDays,
@@ -1119,15 +1122,15 @@ export async function rollApiToken(id: string) {
   >('/typedrequest', 'rollApiToken');
 
   return request.fire({
-    identity: context.identity,
+    identity: context.identity!,
     id,
   });
 }
 
 export const revokeApiTokenAction = routeManagementStatePart.createAction<string>(
-  async (statePartArg, tokenId, actionContext) => {
+  async (statePartArg, tokenId, actionContext): Promise<IRouteManagementState> => {
     const context = getActionContext();
-    const currentState = statePartArg.getState();
+    const currentState = statePartArg.getState()!;
 
     try {
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -1135,12 +1138,12 @@ export const revokeApiTokenAction = routeManagementStatePart.createAction<string
       >('/typedrequest', 'revokeApiToken');
 
       await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         id: tokenId,
       });
 
-      return await actionContext.dispatch(fetchApiTokensAction, null);
-    } catch (error) {
+      return await actionContext!.dispatch(fetchApiTokensAction, null);
+    } catch (error: unknown) {
       return {
         ...currentState,
         error: error instanceof Error ? error.message : 'Failed to revoke token',
@@ -1152,9 +1155,9 @@ export const revokeApiTokenAction = routeManagementStatePart.createAction<string
 export const toggleApiTokenAction = routeManagementStatePart.createAction<{
   id: string;
   enabled: boolean;
-}>(async (statePartArg, dataArg, actionContext) => {
+}>(async (statePartArg, dataArg, actionContext): Promise<IRouteManagementState> => {
   const context = getActionContext();
-  const currentState = statePartArg.getState();
+  const currentState = statePartArg.getState()!;
 
   try {
     const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
@@ -1162,13 +1165,13 @@ export const toggleApiTokenAction = routeManagementStatePart.createAction<{
     >('/typedrequest', 'toggleApiToken');
 
     await request.fire({
-      identity: context.identity,
+      identity: context.identity!,
       id: dataArg.id,
       enabled: dataArg.enabled,
     });
 
-    return await actionContext.dispatch(fetchApiTokensAction, null);
-  } catch (error) {
+    return await actionContext!.dispatch(fetchApiTokensAction, null);
+  } catch (error: unknown) {
     return {
       ...currentState,
       error: error instanceof Error ? error.message : 'Failed to toggle token',
@@ -1188,13 +1191,13 @@ socketRouter.addTypedHandler(
   new plugins.domtools.plugins.typedrequest.TypedHandler<interfaces.requests.IReq_PushLogEntry>(
     'pushLogEntry',
     async (dataArg) => {
-      const current = logStatePart.getState();
+      const current = logStatePart.getState()!;
       const updated = [...current.recentLogs, dataArg.entry];
       // Cap at 2000 entries
       if (updated.length > 2000) {
         updated.splice(0, updated.length - 2000);
       }
-      logStatePart.setState({ ...current, recentLogs: updated });
+      logStatePart.setState({ ...current, recentLogs: updated } as ILogState);
       return {};
     }
   )
@@ -1229,14 +1232,14 @@ async function disconnectSocket() {
 async function dispatchCombinedRefreshAction() {
   const context = getActionContext();
   if (!context.identity) return;
-  const currentView = uiStatePart.getState().activeView;
+  const currentView = uiStatePart.getState()!.activeView;
 
   try {
     // Always fetch basic stats for dashboard widgets
     const combinedRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
       interfaces.requests.IReq_GetCombinedMetrics
     >('/typedrequest', 'getCombinedMetrics');
-    
+
     const combinedResponse = await combinedRequest.fire({
       identity: context.identity,
       sections: {
@@ -1249,12 +1252,13 @@ async function dispatchCombinedRefreshAction() {
     });
 
     // Update all stats from combined response
+    const currentStatsState = statsStatePart.getState()!;
     statsStatePart.setState({
-      ...statsStatePart.getState(),
-      serverStats: combinedResponse.metrics.server || statsStatePart.getState().serverStats,
-      emailStats: combinedResponse.metrics.email || statsStatePart.getState().emailStats,
-      dnsStats: combinedResponse.metrics.dns || statsStatePart.getState().dnsStats,
-      securityMetrics: combinedResponse.metrics.security || statsStatePart.getState().securityMetrics,
+      ...currentStatsState,
+      serverStats: combinedResponse.metrics.server || currentStatsState.serverStats,
+      emailStats: combinedResponse.metrics.email || currentStatsState.emailStats,
+      dnsStats: combinedResponse.metrics.dns || currentStatsState.dnsStats,
+      securityMetrics: combinedResponse.metrics.security || currentStatsState.securityMetrics,
       lastUpdated: Date.now(),
       isLoading: false,
       error: null,
@@ -1281,7 +1285,7 @@ async function dispatchCombinedRefreshAction() {
         });
 
         networkStatePart.setState({
-          ...networkStatePart.getState(),
+          ...networkStatePart.getState()!,
           connections: connectionsResponse.connections,
           connectionsByIP,
           throughputRate: {
@@ -1294,14 +1298,15 @@ async function dispatchCombinedRefreshAction() {
           throughputHistory: network.throughputHistory || [],
           requestsPerSecond: network.requestsPerSecond || 0,
           requestsTotal: network.requestsTotal || 0,
+          backends: network.backends || [],
           lastUpdated: Date.now(),
           isLoading: false,
           error: null,
         });
-      } catch (error) {
+      } catch (error: unknown) {
         console.error('Failed to fetch connections:', error);
         networkStatePart.setState({
-          ...networkStatePart.getState(),
+          ...networkStatePart.getState()!,
           connections: [],
           connectionsByIP,
           throughputRate: {
@@ -1314,6 +1319,7 @@ async function dispatchCombinedRefreshAction() {
           throughputHistory: network.throughputHistory || [],
           requestsPerSecond: network.requestsPerSecond || 0,
           requestsTotal: network.requestsTotal || 0,
+          backends: network.backends || [],
           lastUpdated: Date.now(),
           isLoading: false,
           error: null,
@@ -1356,9 +1362,9 @@ let currentRefreshRate = 1000; // Track current refresh rate to avoid unnecessar
 // Initialize auto-refresh when UI state is ready
 (() => {
   const startAutoRefresh = () => {
-    const uiState = uiStatePart.getState();
-    const loginState = loginStatePart.getState();
-    
+    const uiState = uiStatePart.getState()!;
+    const loginState = loginStatePart.getState()!;
+
     // Only start if conditions are met and not already running at the same rate
     if (uiState.autoRefresh && loginState.isLoggedIn) {
       // Check if we need to restart the interval (rate changed or not running)
@@ -1384,9 +1390,9 @@ let currentRefreshRate = 1000; // Track current refresh rate to avoid unnecessar
   };
 
   // Watch for relevant changes only
-  let previousAutoRefresh = uiStatePart.getState().autoRefresh;
-  let previousRefreshInterval = uiStatePart.getState().refreshInterval;
-  let previousIsLoggedIn = loginStatePart.getState().isLoggedIn;
+  let previousAutoRefresh = uiStatePart.getState()!.autoRefresh;
+  let previousRefreshInterval = uiStatePart.getState()!.refreshInterval;
+  let previousIsLoggedIn = loginStatePart.getState()!.isLoggedIn;
   
   uiStatePart.state.subscribe((state) => {
     // Only restart if relevant values changed
@@ -1417,7 +1423,7 @@ let currentRefreshRate = 1000; // Track current refresh rate to avoid unnecessar
   startAutoRefresh();
 
   // Connect TypedSocket if already logged in (e.g., persistent session)
-  if (loginStatePart.getState().isLoggedIn) {
+  if (loginStatePart.getState()!.isLoggedIn) {
     connectSocket();
   }
 })();

ts_web/elements/ops-dashboard.ts

@@ -195,17 +195,18 @@ export class OpsDashboard extends DeesElement {
   }
 
   public async firstUpdated() {
-    const simpleLogin = this.shadowRoot.querySelector('dees-simple-login');
-    simpleLogin.addEventListener('login', (e: CustomEvent) => {
+    const simpleLogin = this.shadowRoot!.querySelector('dees-simple-login') as any;
+    simpleLogin.addEventListener('login', (e: Event) => {
       // Handle logout event
-      this.login(e.detail.data.username, e.detail.data.password);
+      const detail = (e as CustomEvent).detail;
+      this.login(detail.data.username, detail.data.password);
     });
 
     // Handle view changes
-    const appDash = this.shadowRoot.querySelector('dees-simple-appdash');
+    const appDash = this.shadowRoot!.querySelector('dees-simple-appdash');
     if (appDash) {
-      appDash.addEventListener('view-select', (e: CustomEvent) => {
-        const viewName = e.detail.view.name.toLowerCase();
+      appDash.addEventListener('view-select', (e: Event) => {
+        const viewName = (e as CustomEvent).detail.view.name.toLowerCase();
         // Use router for navigation instead of direct state update
         appRouter.navigateToView(viewName);
       });
@@ -217,7 +218,7 @@ export class OpsDashboard extends DeesElement {
     }
 
     // Handle initial state - check if we have a stored session that's still valid
-    const loginState = appstate.loginStatePart.getState();
+    const loginState = appstate.loginStatePart.getState()!;
     if (loginState.identity?.jwt) {
       if (loginState.identity.expiresAt > Date.now()) {
         // Client-side expiry looks valid — verify with server (keypair may have changed)
@@ -229,7 +230,7 @@ export class OpsDashboard extends DeesElement {
           if (response.valid) {
             // JWT confirmed valid by server
             this.loginState = loginState;
-            await simpleLogin.switchToSlottedContent();
+            await (simpleLogin as any).switchToSlottedContent();
             await appstate.statsStatePart.dispatchAction(appstate.fetchAllStatsAction, null);
             await appstate.configStatePart.dispatchAction(appstate.fetchConfigurationAction, null);
           } else {
@@ -250,8 +251,8 @@ export class OpsDashboard extends DeesElement {
   private async login(username: string, password: string) {
     const domtools = await this.domtoolsPromise;
     console.log(`Attempting to login...`);
-    const simpleLogin = this.shadowRoot.querySelector('dees-simple-login');
-    const form = simpleLogin.shadowRoot.querySelector('dees-form');
+    const simpleLogin = this.shadowRoot!.querySelector('dees-simple-login') as any;
+    const form = simpleLogin.shadowRoot!.querySelector('dees-form') as any;
     form.setStatus('pending', 'Logging in...');
     
     const state = await appstate.loginStatePart.dispatchAction(appstate.loginAction, {
@@ -262,14 +263,14 @@ export class OpsDashboard extends DeesElement {
     if (state.identity) {
       console.log('Login successful');
       this.loginState = state;
-      form.setStatus('success', 'Logged in!');
-      await simpleLogin.switchToSlottedContent();
+      form!.setStatus('success', 'Logged in!');
+      await simpleLogin!.switchToSlottedContent();
       await appstate.statsStatePart.dispatchAction(appstate.fetchAllStatsAction, null);
       await appstate.configStatePart.dispatchAction(appstate.fetchConfigurationAction, null);
     } else {
-      form.setStatus('error', 'Login failed!');
+      form!.setStatus('error', 'Login failed!');
       await domtools.convenience.smartdelay.delayFor(2000);
-      form.reset();
+      form!.reset();
     }
   }
 }

ts_web/elements/ops-view-certificates.ts

@@ -21,7 +21,7 @@ declare global {
 @customElement('ops-view-certificates')
 export class OpsViewCertificates extends DeesElement {
   @state()
-  accessor certState: appstate.ICertificateState = appstate.certificateStatePart.getState();
+  accessor certState: appstate.ICertificateState = appstate.certificateStatePart.getState()!;
 
   constructor() {
     super();
@@ -264,10 +264,10 @@ export class OpsViewCertificates extends DeesElement {
                   {
                     name: 'Import',
                     iconName: 'lucide:upload',
-                    action: async (modal) => {
+                    action: async (modal: any) => {
                       const { DeesToast } = await import('@design.estate/dees-catalog');
                       try {
-                        const form = modal.shadowRoot.querySelector('dees-form') as any;
+                        const form = modal.shadowRoot!.querySelector('dees-form') as any;
                         const formData = await form.collectFormData();
                         const files = formData.certJsonFile;
                         if (!files || files.length === 0) {
@@ -287,8 +287,8 @@ export class OpsViewCertificates extends DeesElement {
                         );
                         DeesToast.show({ message: `Certificate imported for ${cert.domainName}`, type: 'success', duration: 3000 });
                         modal.destroy();
-                      } catch (err) {
-                        DeesToast.show({ message: `Import failed: ${err.message}`, type: 'error', duration: 4000 });
+                      } catch (err: unknown) {
+                        DeesToast.show({ message: `Import failed: ${(err as Error).message}`, type: 'error', duration: 4000 });
                       }
                     },
                   },
@@ -339,8 +339,8 @@ export class OpsViewCertificates extends DeesElement {
                 } else {
                   DeesToast.show({ message: response.message || 'Export failed', type: 'error', duration: 4000 });
                 }
-              } catch (err) {
-                DeesToast.show({ message: `Export failed: ${err.message}`, type: 'error', duration: 4000 });
+              } catch (err: unknown) {
+                DeesToast.show({ message: `Export failed: ${(err as Error).message}`, type: 'error', duration: 4000 });
               }
             },
           },
@@ -363,7 +363,7 @@ export class OpsViewCertificates extends DeesElement {
                   {
                     name: 'Delete',
                     iconName: 'lucide:trash-2',
-                    action: async (modal) => {
+                    action: async (modal: any) => {
                       try {
                         await appstate.certificateStatePart.dispatchAction(
                           appstate.deleteCertificateAction,
@@ -371,8 +371,8 @@ export class OpsViewCertificates extends DeesElement {
                         );
                         DeesToast.show({ message: `Certificate deleted for ${cert.domain}`, type: 'success', duration: 3000 });
                         modal.destroy();
-                      } catch (err) {
-                        DeesToast.show({ message: `Delete failed: ${err.message}`, type: 'error', duration: 4000 });
+                      } catch (err: unknown) {
+                        DeesToast.show({ message: `Delete failed: ${(err as Error).message}`, type: 'error', duration: 4000 });
                       }
                     },
                   },

ts_web/elements/ops-view-config.ts

@@ -102,7 +102,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderSystemSection(sys: appstate.IConfigState['config']['system']): TemplateResult {
+  private renderSystemSection(sys: NonNullable<appstate.IConfigState['config']>['system']): TemplateResult {
     // Annotate proxy IPs with source hint when Remote Ingress is active
     const ri = this.configState.config?.remoteIngress;
     let proxyIpValues: string[] | null = sys.proxyIps.length > 0 ? [...sys.proxyIps] : null;
@@ -133,7 +133,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderSmartProxySection(proxy: appstate.IConfigState['config']['smartProxy']): TemplateResult {
+  private renderSmartProxySection(proxy: NonNullable<appstate.IConfigState['config']>['smartProxy']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Route Count', value: proxy.routeCount },
     ];
@@ -164,7 +164,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderEmailSection(email: appstate.IConfigState['config']['email']): TemplateResult {
+  private renderEmailSection(email: NonNullable<appstate.IConfigState['config']>['email']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Ports', value: email.ports.length > 0 ? email.ports.map(String) : null, type: 'pills' },
       { key: 'Hostname', value: email.hostname },
@@ -196,7 +196,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderDnsSection(dns: appstate.IConfigState['config']['dns']): TemplateResult {
+  private renderDnsSection(dns: NonNullable<appstate.IConfigState['config']>['dns']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Port', value: dns.port },
       { key: 'NS Domains', value: dns.nsDomains.length > 0 ? dns.nsDomains : null, type: 'pills' },
@@ -216,7 +216,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderTlsSection(tls: appstate.IConfigState['config']['tls']): TemplateResult {
+  private renderTlsSection(tls: NonNullable<appstate.IConfigState['config']>['tls']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Contact Email', value: tls.contactEmail },
       { key: 'Domain', value: tls.domain },
@@ -242,7 +242,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderCacheSection(cache: appstate.IConfigState['config']['cache']): TemplateResult {
+  private renderCacheSection(cache: NonNullable<appstate.IConfigState['config']>['cache']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Storage Path', value: cache.storagePath },
       { key: 'DB Name', value: cache.dbName },
@@ -267,7 +267,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderRadiusSection(radius: appstate.IConfigState['config']['radius']): TemplateResult {
+  private renderRadiusSection(radius: NonNullable<appstate.IConfigState['config']>['radius']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Auth Port', value: radius.authPort },
       { key: 'Accounting Port', value: radius.acctPort },
@@ -296,7 +296,7 @@ export class OpsViewConfig extends DeesElement {
     `;
   }
 
-  private renderRemoteIngressSection(ri: appstate.IConfigState['config']['remoteIngress']): TemplateResult {
+  private renderRemoteIngressSection(ri: NonNullable<appstate.IConfigState['config']>['remoteIngress']): TemplateResult {
     const fields: IConfigField[] = [
       { key: 'Tunnel Port', value: ri.tunnelPort },
       { key: 'Hub Domain', value: ri.hubDomain },

ts_web/elements/ops-view-emails.ts

@@ -83,13 +83,13 @@ export class OpsViewEmails extends DeesElement {
   private async handleEmailClick(e: CustomEvent<interfaces.requests.IEmail>) {
     const emailSummary = e.detail;
     try {
-      const context = appstate.loginStatePart.getState();
+      const context = appstate.loginStatePart.getState()!;
       const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
         interfaces.requests.IReq_GetEmailDetail
       >('/typedrequest', 'getEmailDetail');
 
       const response = await request.fire({
-        identity: context.identity,
+        identity: context.identity!,
         emailId: emailSummary.id,
       });
 

ts_web/elements/ops-view-network.ts

@@ -1,5 +1,6 @@
 import { DeesElement, property, html, customElement, type TemplateResult, css, state, cssManager } from '@design.estate/dees-element';
 import * as appstate from '../appstate.js';
+import * as interfaces from '../../dist_ts_interfaces/index.js';
 import { viewHostCss } from './shared/css.js';
 import { type IStatsTile } from '@design.estate/dees-catalog';
 
@@ -28,10 +29,10 @@ interface INetworkRequest {
 @customElement('ops-view-network')
 export class OpsViewNetwork extends DeesElement {
   @state()
-  accessor statsState = appstate.statsStatePart.getState();
+  accessor statsState = appstate.statsStatePart.getState()!;
 
   @state()
-  accessor networkState = appstate.networkStatePart.getState();
+  accessor networkState = appstate.networkStatePart.getState()!;
 
 
   @state()
@@ -198,6 +199,38 @@ export class OpsViewNetwork extends DeesElement {
         color: ${cssManager.bdTheme('#00796b', '#4db6ac')};
       }
 
+      .protocolBadge.h1 {
+        background: ${cssManager.bdTheme('#e3f2fd', '#1a2c3a')};
+        color: ${cssManager.bdTheme('#1976d2', '#5a9fd4')};
+      }
+
+      .protocolBadge.h2 {
+        background: ${cssManager.bdTheme('#e8f5e9', '#1a3a1a')};
+        color: ${cssManager.bdTheme('#388e3c', '#66bb6a')};
+      }
+
+      .protocolBadge.h3 {
+        background: ${cssManager.bdTheme('#f3e5f5', '#2a1a3a')};
+        color: ${cssManager.bdTheme('#7b1fa2', '#ba68c8')};
+      }
+
+      .protocolBadge.unknown {
+        background: ${cssManager.bdTheme('#f5f5f5', '#2a2a2a')};
+        color: ${cssManager.bdTheme('#757575', '#999999')};
+      }
+
+      .suppressionBadge {
+        display: inline-flex;
+        align-items: center;
+        padding: 2px 6px;
+        border-radius: 3px;
+        font-size: 11px;
+        font-weight: 500;
+        background: ${cssManager.bdTheme('#fff3e0', '#3a2a1a')};
+        color: ${cssManager.bdTheme('#f57c00', '#ff9933')};
+        margin-left: 4px;
+      }
+
       .statusBadge {
         display: inline-flex;
         align-items: center;
@@ -265,6 +298,9 @@ export class OpsViewNetwork extends DeesElement {
         <!-- Top IPs Section -->
         ${this.renderTopIPs()}
 
+        <!-- Backend Protocols Section -->
+        ${this.renderBackendProtocols()}
+
         <!-- Requests Table -->
         <dees-table
           .data=${this.networkRequests}
@@ -519,6 +555,106 @@ export class OpsViewNetwork extends DeesElement {
     `;
   }
 
+  private renderBackendProtocols(): TemplateResult {
+    const backends = this.networkState.backends;
+    if (!backends || backends.length === 0) {
+      return html``;
+    }
+
+    return html`
+      <dees-table
+        .data=${backends}
+        .displayFunction=${(item: interfaces.data.IBackendInfo) => {
+          const totalErrors = item.connectErrors + item.handshakeErrors + item.requestErrors;
+          const protocolClass = item.protocol.toLowerCase().replace(/[^a-z0-9]/g, '');
+
+          return {
+            'Backend': item.backend,
+            'Domain': item.domain || '-',
+            'Protocol': html`
+              <span class="protocolBadge ${protocolClass}">${item.protocol.toUpperCase()}</span>
+              ${item.h2Suppressed ? html`<span class="suppressionBadge" title="H2 suppressed: ${item.h2ConsecutiveFailures ?? 0} failures, cooldown ${item.h2CooldownRemainingSecs ?? 0}s">H2 suppressed</span>` : ''}
+              ${item.h3Suppressed ? html`<span class="suppressionBadge" title="H3 suppressed: ${item.h3ConsecutiveFailures ?? 0} failures, cooldown ${item.h3CooldownRemainingSecs ?? 0}s">H3 suppressed</span>` : ''}
+            `,
+            'Active': item.activeConnections,
+            'Total': this.formatNumber(item.totalConnections),
+            'Avg Connect': item.avgConnectTimeMs > 0 ? `${item.avgConnectTimeMs.toFixed(1)}ms` : '-',
+            'Pool Hit Rate': item.poolHitRate > 0 ? `${(item.poolHitRate * 100).toFixed(1)}%` : '-',
+            'Errors': totalErrors > 0
+              ? html`<span class="statusBadge error">${totalErrors}</span>`
+              : html`<span class="statusBadge success">0</span>`,
+            'Cache Age': item.cacheAgeSecs != null ? `${Math.round(item.cacheAgeSecs)}s` : '-',
+          };
+        }}
+        .dataActions=${[
+          {
+            name: 'View Details',
+            iconName: 'lucide:info',
+            type: ['inRow', 'doubleClick', 'contextmenu'] as any,
+            actionFunc: async (actionData: any) => {
+              await this.showBackendDetails(actionData.item);
+            }
+          }
+        ]}
+        heading1="Backend Protocols"
+        heading2="Auto-detected backend protocols and connection pool health"
+        searchable
+        .pagination=${false}
+        dataName="backend"
+      ></dees-table>
+    `;
+  }
+
+  private async showBackendDetails(backend: interfaces.data.IBackendInfo) {
+    const { DeesModal } = await import('@design.estate/dees-catalog');
+
+    await DeesModal.createAndShow({
+      heading: `Backend: ${backend.backend}`,
+      content: html`
+        <div style="padding: 20px;">
+          <dees-dataview-codebox
+            .heading=${'Backend Details'}
+            progLang="json"
+            .codeToDisplay=${JSON.stringify({
+              backend: backend.backend,
+              domain: backend.domain,
+              protocol: backend.protocol,
+              activeConnections: backend.activeConnections,
+              totalConnections: backend.totalConnections,
+              avgConnectTimeMs: backend.avgConnectTimeMs,
+              poolHitRate: backend.poolHitRate,
+              errors: {
+                connect: backend.connectErrors,
+                handshake: backend.handshakeErrors,
+                request: backend.requestErrors,
+                h2Failures: backend.h2Failures,
+              },
+              suppression: {
+                h2Suppressed: backend.h2Suppressed,
+                h3Suppressed: backend.h3Suppressed,
+                h2CooldownRemainingSecs: backend.h2CooldownRemainingSecs,
+                h3CooldownRemainingSecs: backend.h3CooldownRemainingSecs,
+                h2ConsecutiveFailures: backend.h2ConsecutiveFailures,
+                h3ConsecutiveFailures: backend.h3ConsecutiveFailures,
+              },
+              h3Port: backend.h3Port,
+              cacheAgeSecs: backend.cacheAgeSecs,
+            }, null, 2)}
+          ></dees-dataview-codebox>
+        </div>
+      `,
+      menuOptions: [
+        {
+          name: 'Copy Backend Key',
+          iconName: 'lucide:Copy',
+          action: async () => {
+            await navigator.clipboard.writeText(backend.backend);
+          }
+        }
+      ]
+    });
+  }
+
   private async updateNetworkData() {
     // Track requests/sec history for the trend sparkline (moved out of render)
     const reqPerSec = this.networkState.requestsPerSecond || 0;

ts_web/elements/ops-view-remoteingress.ts

@@ -21,7 +21,7 @@ declare global {
 @customElement('ops-view-remoteingress')
 export class OpsViewRemoteIngress extends DeesElement {
   @state()
-  accessor riState: appstate.IRemoteIngressState = appstate.remoteIngressStatePart.getState();
+  accessor riState: appstate.IRemoteIngressState = appstate.remoteIngressStatePart.getState()!;
 
   constructor() {
     super();
@@ -184,7 +184,7 @@ export class OpsViewRemoteIngress extends DeesElement {
             @click=${async () => {
               const { DeesToast } = await import('@design.estate/dees-catalog');
               try {
-                const response = await appstate.fetchConnectionToken(this.riState.newEdgeId);
+                const response = await appstate.fetchConnectionToken(this.riState.newEdgeId!);
                 if (response.success && response.token) {
                   if (navigator.clipboard && typeof navigator.clipboard.writeText === 'function') {
                     await navigator.clipboard.writeText(response.token);
@@ -202,8 +202,8 @@ export class OpsViewRemoteIngress extends DeesElement {
                 } else {
                   DeesToast.show({ message: response.message || 'Failed to get token', type: 'error', duration: 4000 });
                 }
-              } catch (err) {
-                DeesToast.show({ message: `Failed: ${err.message}`, type: 'error', duration: 4000 });
+              } catch (err: unknown) {
+                DeesToast.show({ message: `Failed: ${(err as Error).message}`, type: 'error', duration: 4000 });
               }
             }}
           >Copy Connection Token</dees-button>
@@ -399,8 +399,8 @@ export class OpsViewRemoteIngress extends DeesElement {
                   } else {
                     DeesToast.show({ message: response.message || 'Failed to get token', type: 'error', duration: 4000 });
                   }
-                } catch (err) {
-                  DeesToast.show({ message: `Failed: ${err.message}`, type: 'error', duration: 4000 });
+                } catch (err: unknown) {
+                  DeesToast.show({ message: `Failed: ${(err as Error).message}`, type: 'error', duration: 4000 });
                 }
               },
             },

ts_web/readme.md

@@ -237,7 +237,7 @@ export class OpsViewMyView extends DeesElement {
 
 ## License and Legal Information
 
-This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [license](../license) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 

ts_web/router.ts

@@ -71,12 +71,12 @@ class AppRouter {
 
   private updateViewState(view: string): void {
     this.suppressStateUpdate = true;
-    const currentState = appstate.uiStatePart.getState();
+    const currentState = appstate.uiStatePart.getState()!;
     if (currentState.activeView !== view) {
       appstate.uiStatePart.setState({
         ...currentState,
         activeView: view,
-      });
+      } as appstate.IUiState);
     }
     this.suppressStateUpdate = false;
   }
@@ -94,7 +94,7 @@ class AppRouter {
   }
 
   public getCurrentView(): string {
-    return appstate.uiStatePart.getState().activeView;
+    return appstate.uiStatePart.getState()!.activeView;
   }
 
   public destroy(): void {