v12.1.0

- Added new readme.statsgrid.md outlining the implementation plan for dees-statsgrid component.
- Replaced custom stats cards in ops-view-overview.ts and ops-view-network.ts with dees-statsgrid for better visualization.
- Introduced consistent color scheme for success, warning, error, and info states.
- Enhanced interactive features including click actions, context menus, and real-time updates.
- Developed ops-view-emails.ts for email management with features like composing, searching, and viewing emails.
- Integrated mock data generation for emails and network requests to facilitate testing.
- Added responsive design elements and improved UI consistency across components.

.gitea/workflows/docker_nottags.yaml

@@ -6,7 +6,7 @@ on:
       - '**'
 
 env:
-  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci
+  IMAGE: code.foss.global/host.today/ht-docker-node:szci
   NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
   NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
   NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}

.gitea/workflows/docker_tags.yaml

@@ -6,7 +6,7 @@ on:
       - '*'
 
 env:
-  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci
+  IMAGE: code.foss.global/host.today/ht-docker-node:szci
   NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
   NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
   NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
@@ -74,7 +74,7 @@ jobs:
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     container:
-      image: registry.gitlab.com/hosttoday/ht-docker-dbase:npmci
+      image: code.foss.global/host.today/ht-docker-node:dbase_dind
 
     steps:
       - uses: actions/checkout@v3
@@ -82,15 +82,13 @@ jobs:
       - name: Prepare
         run: |
           pnpm install -g pnpm
-          pnpm install -g @shipzone/npmci
+          pnpm install -g @git.zone/tsdocker
 
       - name: Release
         run: |
-          npmci docker login
-          npmci docker build
-          npmci docker test
-          # npmci docker push gitea.lossless.digital
-          npmci docker push dockerregistry.lossless.digital
+          tsdocker login
+          tsdocker build
+          tsdocker push
 
   metadata:
     needs: test

.gitignore

@@ -19,4 +19,6 @@ dist_*/
 
 # custom
 **/.claude/settings.local.json
-data/
+.nogit/data/
+readme.plan.md
+.playwright-mcp/

.smartconfig.json

@@ -0,0 +1,85 @@
+{
+  "@git.zone/tswatch": {
+    "watchers": [
+      {
+        "name": "dcrouter-dev",
+        "watch": [
+          "ts/**/*.ts",
+          "ts_*/**/*.ts",
+          "test_watch/devserver.ts"
+        ],
+        "command": "pnpm run build && tsrun test_watch/devserver.ts",
+        "restart": true,
+        "debounce": 500,
+        "runOnStart": true
+      }
+    ]
+  },
+  "@git.zone/tsbundle": {
+    "bundles": [
+      {
+        "from": "./ts_web/index.ts",
+        "to": "./dist_serve/bundle.js",
+        "outputMode": "bundle",
+        "bundler": "esbuild",
+        "production": true,
+        "includeFiles": ["./html/**/*.html"]
+      }
+    ]
+  },
+  "@git.zone/cli": {
+    "projectType": "service",
+    "module": {
+      "githost": "gitlab.com",
+      "gitscope": "serve.zone",
+      "gitrepo": "dcrouter",
+      "description": "A traffic router intended to be gating your datacenter.",
+      "npmPackagename": "@serve.zone/dcrouter",
+      "license": "MIT",
+      "projectDomain": "serve.zone",
+      "keywords": [
+        "mail service",
+        "SMS",
+        "letter delivery",
+        "AI services",
+        "SMTP server",
+        "mail parsing",
+        "DKIM",
+        "traffic router",
+        "letterXpress",
+        "OpenAI",
+        "Anthropic AI",
+        "DKIM signing",
+        "mail forwarding",
+        "SMTP TLS",
+        "domain management",
+        "email templating",
+        "rule management",
+        "SMTP STARTTLS",
+        "DNS management"
+      ]
+    },
+    "release": {
+      "registries": [
+        "https://verdaccio.lossless.digital",
+        "https://registry.npmjs.org"
+      ],
+      "accessLevel": "public"
+    }
+  },
+  "@ship.zone/szci": {
+    "npmGlobalTools": [],
+    "dockerRegistryRepoMap": {
+      "registry.gitlab.com": "code.foss.global/serve.zone/dcrouter"
+    },
+    "npmRegistryUrl": "verdaccio.lossless.digital"
+  },
+  "@git.zone/tsdocker": {
+    "registries": ["code.foss.global"],
+    "registryRepoMap": {
+      "code.foss.global": "serve.zone/dcrouter",
+      "dockerregistry.lossless.digital": "serve.zone/dcrouter"
+    },
+    "platforms": ["linux/amd64", "linux/arm64"]
+  }
+}

.vscode/settings.json

@@ -1,7 +1,7 @@
 {
   "json.schemas": [
     {
-      "fileMatch": ["/npmextra.json"],
+      "fileMatch": ["/.smartconfig.json"],
       "schema": {
         "type": "object",
         "properties": {

Dockerfile

@@ -1,46 +1,34 @@
 # gitzone dockerfile_service
 ## STAGE 1 // BUILD
-FROM registry.gitlab.com/hosttoday/ht-docker-node:npmci as node1
+FROM code.foss.global/host.today/ht-docker-node:lts AS build
 COPY ./ /app
 WORKDIR /app
-ARG NPMCI_TOKEN_NPM2
-ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
-RUN npmci npm prepare
 RUN pnpm config set store-dir .pnpm-store
 RUN rm -rf node_modules && pnpm install
 RUN pnpm run build
+RUN rm -rf .pnpm-store node_modules && pnpm install --prod
+
+## STAGE 2 // PRODUCTION
+FROM code.foss.global/host.today/ht-docker-node:alpine-node AS production
+
+# gcompat + libstdc++ for glibc-linked Rust binaries (smartproxy, smartmta, remoteingress)
+RUN apk add --no-cache gcompat libstdc++
 
-# gitzone dockerfile_service
-## STAGE 2 // install production
-FROM registry.gitlab.com/hosttoday/ht-docker-node:npmci as node2
 WORKDIR /app
-COPY --from=node1 /app /app
-RUN rm -rf .pnpm-store
-ARG NPMCI_TOKEN_NPM2
-ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
-RUN npmci npm prepare
-RUN pnpm config set store-dir .pnpm-store
-RUN rm -rf node_modules/ && pnpm install --prod
+COPY --from=build /app /app
 
+ENV DCROUTER_MODE=OCI_CONTAINER
+ENV DCROUTER_HEAP_SIZE=512
+ENV UV_THREADPOOL_SIZE=16
 
-## STAGE 3 // rebuild dependencies for alpine
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpinenpmci as node3
-WORKDIR /app
-COPY --from=node2 /app /app
-ARG NPMCI_TOKEN_NPM2
-ENV NPMCI_TOKEN_NPM2 $NPMCI_TOKEN_NPM2
-RUN npmci npm prepare
-RUN pnpm config set store-dir .pnpm-store
-RUN pnpm rebuild -r
-
-## STAGE 4 // the final production image with all dependencies in place
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine as node4
-WORKDIR /app
-COPY --from=node3 /app /app
-
-### Healthchecks
 RUN pnpm install -g @servezone/healthy
-HEALTHCHECK --interval=30s --timeout=30s --start-period=30s --retries=3 CMD [ "healthy" ]
+HEALTHCHECK --interval=30s --timeout=10s --start-period=120s --retries=3 CMD [ "healthy" ]
 
-EXPOSE 80
-CMD ["npm", "start"]
+LABEL org.opencontainers.image.title="dcrouter" \
+      org.opencontainers.image.description="Multi-service datacenter gateway" \
+      org.opencontainers.image.source="https://code.foss.global/serve.zone/dcrouter"
+
+# HTTP/HTTPS, SMTP/Submission/SMTPS, DNS, RADIUS, OpsServer, RemoteIngress, dynamic range
+EXPOSE 80 443 25 587 465 53/tcp 53/udp 1812/udp 1813/udp 3000 8443 29000-30000
+
+CMD ["sh", "-c", "node --max_old_space_size=${DCROUTER_HEAP_SIZE} ./cli.js"]

cli.child.js

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+process.env.CLI_CALL = 'true';
+import * as cliTool from './ts/index.js';
+cliTool.runCli();

html/index.html

@@ -0,0 +1,121 @@
+<!--gitzone default-->
+<!-- made by Lossless GmbH -->
+<!-- checkout https://maintainedby.lossless.com for awesome OpenSource projects -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <!--Lets set some basic meta tags-->
+    <meta
+      name="viewport"
+      content="user-scalable=0, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height"
+    />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="theme-color" content="#000000" />
+
+    <!--Lets make sure we recognize this as an PWA-->
+    <link rel="manifest" href="/manifest.json" />
+    <link rel="icon" type="image/png" href="/assetbroker/manifest/favicon.png" />
+
+    <!--Lets load standard fonts-->
+    <link rel="preconnect" href="https://assetbroker.lossless.one/" crossorigin>
+    <link rel="stylesheet" href="https://assetbroker.lossless.one/fonts/fonts.css">
+
+
+    <!--Lets avoid a rescaling flicker due to default body margins-->
+    <style>
+      html {
+        -ms-text-size-adjust: 100%;
+        -webkit-text-size-adjust: 100%;
+      }
+      body {
+        position: relative;
+        background: #000;
+        margin: 0px;
+      }
+    </style>
+    <script>
+      projectVersion = '';
+    </script>
+  </head>
+  <body>
+    <noscript>
+      <style>
+        body {
+          background: #303f9f;
+          font-family: Inter, Roboto, sans-serif;
+          color: #ffffff;
+        }
+
+        a {
+          color: #ffffff;
+          text-decoration: none;
+        }
+
+        .logo {
+          margin-top: 100px;
+          text-align: center;
+        }
+
+        img {
+          width: 130px;
+        }
+
+        .container {
+          width: 600px;
+          margin: auto;
+          margin-top: 20px;
+          box-shadow: 0px 0px 5px rgba(0, 0, 0, 0.3);
+          overflow: hidden;
+          border-radius: 3px;
+          background: #4357d9;
+        }
+        .contentHeader {
+          padding: 20px;
+          text-align: center;
+          font-size: 25px;
+          border-bottom: 1px solid rgba(255, 255, 255, 0.1);
+        }
+        .content {
+          padding: 20px;
+        }
+        .footer {
+          padding: 10px;
+          text-align: center;
+        }
+      </style>
+      <div class="logo">
+        <img src="https://assetbroker.lossless.one/brandfiles/lossless/svg-minimal-bright.svg" />
+      </div>
+      <div class="container">
+        <div class="contentHeader">We need JavaScript to run properly!</div>
+        <div class="content">
+          This site is being built using lit-element (made by Google). This technology works with
+          JavaScript. Subsequently this website does not work as intended by Lossless GmbH without
+          JavaScript.
+        </div>
+      </div>
+      <div class="footer">
+        <a href="https://lossless.gmbh">Legal Info</a> |
+        <a href="https://lossless.gmbh/privacy">Privacy Policy</a>
+      </div>
+    </noscript>
+    <script type="text/javascript" async defer>
+      window.revenueEnabled = true;
+      const runRevenueCheck = async () => {
+        var e = document.createElement('div');
+        e.id = '476kjuhzgtr764';
+        e.style.display = 'none';
+        document.body.appendChild(e);
+        if (document.getElementById('476kjuhzgtr764')) {
+          window.revenueEnabled = true;
+        } else {
+          window.revenueEnabled = false;
+        }
+        console.log(`revenue enabled: ${window.revenueEnabled}`);
+      };
+
+      runRevenueCheck();
+    </script>
+  </body>
+  <script defer type="module" src="/bundle.js"></script>
+</html>

license

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Task Venture Capital GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

npmextra.json

@@ -1,45 +0,0 @@
-{
-  "gitzone": {
-    "projectType": "service",
-    "module": {
-      "githost": "gitlab.com",
-      "gitscope": "serve.zone",
-      "gitrepo": "platformservice",
-      "description": "A multifaceted platform service handling mail, SMS, letter delivery, and AI services.",
-      "npmPackagename": "@serve.zone/platformservice",
-      "license": "MIT",
-      "projectDomain": "serve.zone",
-      "keywords": [
-        "mail service",
-        "SMS",
-        "letter delivery",
-        "AI services",
-        "SMTP server",
-        "mail parsing",
-        "DKIM",
-        "platform service",
-        "letterXpress",
-        "OpenAI",
-        "Anthropic AI",
-        "DKIM signing",
-        "mail forwarding",
-        "SMTP TLS",
-        "domain management",
-        "email templating",
-        "rule management",
-        "SMTP STARTTLS",
-        "DNS management"
-      ]
-    }
-  },
-  "npmci": {
-    "npmGlobalTools": [],
-    "dockerRegistryRepoMap": {
-      "registry.gitlab.com": "code.foss.global/serve.zone/platformservice"
-    },
-    "dockerBuildargEnvMap": {
-      "NPMCI_TOKEN_NPM2": "NPMCI_TOKEN_NPM2"
-    },
-    "npmRegistryUrl": "verdaccio.lossless.digital"
-  }
-}

package.json

@@ -1,55 +1,74 @@
 {
-  "name": "@serve.zone/platformservice",
+  "name": "@serve.zone/dcrouter",
   "private": false,
-  "version": "2.12.0",
-  "description": "A multifaceted platform service handling mail, SMS, letter delivery, and AI services.",
-  "main": "dist_ts/index.js",
-  "typings": "dist_ts/index.d.ts",
+  "version": "12.1.0",
+  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
   "type": "module",
+  "exports": {
+    ".": "./dist_ts/index.js",
+    "./interfaces": "./dist_ts_interfaces/index.js",
+    "./apiclient": "./dist_ts_apiclient/index.js"
+  },
   "author": "Task Venture Capital GmbH",
   "license": "MIT",
   "scripts": {
-    "test": "(tstest test/)",
-    "start": "(node --max_old_space_size=250 ./cli.js)",
+    "test": "(tstest test/ --logfile --timeout 60)",
+    "start": "(node ./cli.js)",
     "startTs": "(node cli.ts.js)",
-    "build": "(tsbuild tsfolders --allowimplicitany)",
-    "localPublish": ""
+    "build": "(tsbuild tsfolders --allowimplicitany && npm run bundle)",
+    "build:docker": "tsdocker build --verbose",
+    "release:docker": "tsdocker push --verbose",
+    "bundle": "(tsbundle)",
+    "watch": "tswatch"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^2.5.1",
-    "@git.zone/tsrun": "^1.2.8",
-    "@git.zone/tstest": "^1.9.0",
-    "@git.zone/tswatch": "^2.0.1",
-    "@types/node": "^22.15.18"
+    "@git.zone/tsbuild": "^4.4.0",
+    "@git.zone/tsbundle": "^2.10.0",
+    "@git.zone/tsrun": "^2.0.2",
+    "@git.zone/tstest": "^3.6.3",
+    "@git.zone/tswatch": "^3.3.2",
+    "@types/node": "^25.5.0"
   },
   "dependencies": {
-    "@api.global/typedrequest": "^3.0.19",
-    "@api.global/typedserver": "^3.0.74",
-    "@api.global/typedsocket": "^3.0.0",
-    "@apiclient.xyz/cloudflare": "^6.4.1",
-    "@push.rocks/projectinfo": "^5.0.1",
-    "@push.rocks/qenv": "^6.1.0",
-    "@push.rocks/smartacme": "^7.3.3",
-    "@push.rocks/smartdata": "^5.15.1",
-    "@push.rocks/smartdns": "^6.2.2",
-    "@push.rocks/smartfile": "^11.0.4",
-    "@push.rocks/smartlog": "^3.1.2",
-    "@push.rocks/smartmail": "^2.1.0",
-    "@push.rocks/smartpath": "^5.0.5",
-    "@push.rocks/smartpromise": "^4.0.3",
-    "@push.rocks/smartproxy": "^18.1.0",
-    "@push.rocks/smartrequest": "^2.1.0",
-    "@push.rocks/smartrule": "^2.0.1",
+    "@api.global/typedrequest": "^3.3.0",
+    "@api.global/typedrequest-interfaces": "^3.0.19",
+    "@api.global/typedserver": "^8.4.6",
+    "@api.global/typedsocket": "^4.1.2",
+    "@apiclient.xyz/cloudflare": "^7.1.0",
+    "@design.estate/dees-catalog": "^3.49.1",
+    "@design.estate/dees-element": "^2.2.4",
+    "@push.rocks/lik": "^6.4.0",
+    "@push.rocks/projectinfo": "^5.1.0",
+    "@push.rocks/qenv": "^6.1.3",
+    "@push.rocks/smartacme": "^9.3.1",
+    "@push.rocks/smartdata": "^7.1.3",
+    "@push.rocks/smartdb": "^2.0.0",
+    "@push.rocks/smartdns": "^7.9.0",
+    "@push.rocks/smartfs": "^1.5.0",
+    "@push.rocks/smartguard": "^3.1.0",
+    "@push.rocks/smartjwt": "^2.2.1",
+    "@push.rocks/smartlog": "^3.2.1",
+    "@push.rocks/smartmetrics": "^3.0.3",
+    "@push.rocks/smartmta": "^5.3.1",
+    "@push.rocks/smartnetwork": "^4.5.2",
+    "@push.rocks/smartpath": "^6.0.0",
+    "@push.rocks/smartpromise": "^4.2.3",
+    "@push.rocks/smartproxy": "^27.1.0",
+    "@push.rocks/smartradius": "^1.1.1",
+    "@push.rocks/smartrequest": "^5.0.1",
     "@push.rocks/smartrx": "^3.0.10",
-    "@push.rocks/smartstate": "^2.0.0",
-    "@serve.zone/interfaces": "^5.0.4",
-    "@tsclass/tsclass": "^9.2.0",
-    "@types/mailparser": "^3.4.6",
-    "ip": "^2.0.1",
-    "lru-cache": "^11.1.0",
-    "mailauth": "^4.8.5",
-    "mailparser": "^3.6.9",
-    "uuid": "^11.1.0"
+    "@push.rocks/smartstate": "^2.3.0",
+    "@push.rocks/smartunique": "^3.0.9",
+    "@push.rocks/smartvpn": "1.19.1",
+    "@push.rocks/taskbuffer": "^8.0.2",
+    "@serve.zone/catalog": "^2.9.0",
+    "@serve.zone/interfaces": "^5.3.0",
+    "@serve.zone/remoteingress": "^4.15.3",
+    "@tsclass/tsclass": "^9.5.0",
+    "@types/qrcode": "^1.5.6",
+    "lru-cache": "^11.2.7",
+    "qrcode": "^1.5.4",
+    "uuid": "^13.0.0"
   },
   "keywords": [
     "mail service",
@@ -59,7 +78,7 @@
     "SMTP server",
     "mail parsing",
     "DKIM",
-    "platform service",
+    "mail router",
     "letterXpress",
     "OpenAI",
     "Anthropic AI",
@@ -70,7 +89,12 @@
     "email templating",
     "rule management",
     "SMTP STARTTLS",
-    "DNS management"
+    "DNS management",
+    "RADIUS",
+    "AAA",
+    "network authentication",
+    "VLAN assignment",
+    "MAC authentication"
   ],
   "pnpm": {
     "onlyBuiltDependencies": [
@@ -79,5 +103,19 @@
       "puppeteer"
     ]
   },
-  "packageManager": "pnpm@10.7.0+sha512.6b865ad4b62a1d9842b61d674a393903b871d9244954f652b8842c2b553c72176b278f64c463e52d40fff8aba385c235c8c9ecf5cc7de4fd78b8bb6d49633ab6"
+  "packageManager": "pnpm@10.11.0",
+  "files": [
+    "ts/**/*",
+    "ts_web/**/*",
+    "ts_apiclient/**/*",
+    "dist/**/*",
+    "dist_*/**/*",
+    "dist_ts/**/*",
+    "dist_ts_web/**/*",
+    "dist_ts_apiclient/**/*",
+    "assets/**/*",
+    "cli.js",
+    ".smartconfig.json",
+    "readme.md"
+  ]
 }

readme.hints.md

@@ -1,5 +1,275 @@
 # Implementation Hints and Learnings
 
+## smartmta Migration (2026-02-11)
+
+### Overview
+dcrouter's custom MTA code (~27,149 lines / 68 files in `ts/mail/` + `ts/deliverability/`) has been replaced with `@push.rocks/smartmta` v5.2.1, a TypeScript+Rust hybrid MTA. dcrouter is now an orchestrator that wires together SmartProxy, smartmta, smartdns, smartradius, and OpsServer.
+
+### Architecture
+- **No socket-handler mode** — smartmta's Rust SMTP server binds its own ports directly
+- **SmartProxy forward mode only** — external email ports forwarded to internal ports where smartmta listens
+- Email traffic flow: External Port → SmartProxy → Internal Port → smartmta UnifiedEmailServer
+
+### Key API Differences (smartmta vs old custom MTA)
+- `updateEmailRoutes()` instead of `updateRoutes()`
+- `dkimCreator` is public (no need for `(this.emailServer as any).dkimCreator`)
+- `bounceManager` is private, but exposed via public methods:
+  - `emailServer.getSuppressionList()`
+  - `emailServer.getHardBouncedAddresses()`
+  - `emailServer.getBounceHistory(email)`
+  - `emailServer.removeFromSuppressionList(email)`
+- `Email` class imported from `@push.rocks/smartmta`
+- `IAttachment` type accessed via `Core` namespace: `import { type Core } from '@push.rocks/smartmta'; type IAttachment = Core.IAttachment;`
+
+### Deleted Directories
+- `ts/mail/` (60 files) — replaced by smartmta
+- `ts/deliverability/` (3 files) — IPWarmupManager/SenderReputationMonitor will move to smartmta
+- `ts/errors/email.errors.ts`, `ts/errors/mta.errors.ts` — smartmta has its own errors
+- `ts/cache/documents/classes.cached.bounce.ts`, `classes.cached.suppression.ts`, `classes.cached.dkim.ts` — smartmta handles its own persistence
+
+### Remaining Cache Documents
+- `CachedEmail` — kept (dcrouter-level queue persistence)
+- `CachedIPReputation` — kept (dcrouter-level IP reputation caching)
+
+### Dependencies Removed
+mailauth, mailparser, @types/mailparser, ip, @push.rocks/smartmail, @push.rocks/smartrule, node-forge
+
+### Pre-existing Test Failures (not caused by migration)
+- `test/test.jwt-auth.ts` — `response.text is not a function` (webrequest compatibility issue)
+- `test/test.opsserver-api.ts` — same webrequest issue, timeouts
+
+### smartmta Location
+Source at `../../push.rocks/smartmta`, release with `gitzone commit -ypbrt`
+
+## Dependency Upgrade (2026-02-11)
+
+### SmartProxy v23.1.2 Route Validation
+- SmartProxy 23.1.2 enforces stricter route validation
+- Forward actions MUST use `targets` (array) instead of `target` (singular)
+- Test configurations that call `DcRouter.start()` need `cacheConfig: { enabled: false }` to avoid starting a real MongoDB process in tests
+
+```typescript
+// WRONG - will fail validation
+action: { type: 'forward', target: { host: 'localhost', port: 10025 } }
+
+// CORRECT
+action: { type: 'forward', targets: [{ host: 'localhost', port: 10025 }] }
+```
+
+**Files Fixed:**
+- `ts/classes.dcrouter.ts` - `generateEmailRoutes()` method
+- `test/test.dcrouter.email.ts` - Updated assertions and added `cacheConfig: { enabled: false }`
+
+## Dependency Upgrade (2026-02-10)
+
+### SmartProxy v23.1.0 Upgrade
+- `@push.rocks/smartproxy`: 22.4.2 → 23.1.0
+
+**Key Changes:**
+- Rust-based proxy components for improved performance
+- Rust binary runs as separate process via IPC
+- `getStatistics()` now returns `Promise<any>` (was synchronous)
+- nftables-proxy removed (not used by dcrouter)
+
+**Code Changes Required:**
+```typescript
+// Old (synchronous)
+const proxyStats = this.dcRouter.smartProxy.getStatistics();
+
+// New (async)
+const proxyStats = await this.dcRouter.smartProxy.getStatistics();
+```
+
+**Files Modified:**
+- `ts/monitoring/classes.metricsmanager.ts` - Added `await` to `getStatistics()` call
+
+## Dependency Upgrade (2026-02-01)
+
+### Major Upgrades Completed
+- `@api.global/typedserver`: 3.0.80 → 8.3.0
+- `@api.global/typedsocket`: 3.1.1 → 4.1.0
+- `@apiclient.xyz/cloudflare`: 6.4.3 → 7.1.0
+- `@design.estate/dees-catalog`: 1.12.4 → 3.41.4
+- `@push.rocks/smartpath`: 5.1.0 → 6.0.0
+- `@push.rocks/smartproxy`: 19.6.17 → 22.4.2
+- `@push.rocks/smartrequest`: 2.1.0 → 5.0.1
+- `uuid`: 11.1.0 → 13.0.0
+
+### Breaking Changes Fixed
+
+1. **SmartProxy v22**: `target` → `targets` (array)
+   ```typescript
+   // Old
+   action: { type: 'forward', target: { host: 'x', port: 25 } }
+   // New
+   action: { type: 'forward', targets: [{ host: 'x', port: 25 }] }
+   ```
+
+2. **SmartRequest v5**: `SmartRequestClient` → `SmartRequest`, `.body` → `.json()`
+   ```typescript
+   // Old
+   const resp = await plugins.smartrequest.SmartRequestClient.create()...post();
+   const json = resp.body;
+   // New
+   const resp = await plugins.smartrequest.SmartRequest.create()...post();
+   const json = await resp.json();
+   ```
+
+3. **dees-catalog v3**: Icon naming changed to library-prefixed format
+   ```typescript
+   // Old (deprecated but supported)
+   <dees-icon iconFA="check"></dees-icon>
+   // New
+   <dees-icon icon="fa:check"></dees-icon>
+   <dees-icon icon="lucide:menu"></dees-icon>
+   ```
+
+### TC39 Decorators
+- ts_web components updated to use `accessor` keyword for `@state()` decorators
+- Required for TC39 standard decorator support
+
+### tswatch Configuration
+The project now uses tswatch for development:
+```bash
+pnpm run watch
+```
+Configuration in `.smartconfig.json`:
+```json
+{
+  "@git.zone/tswatch": {
+    "watchers": [{
+      "name": "dcrouter-dev",
+      "watch": ["ts/**/*.ts", "ts_*/**/*.ts", "test_watch/devserver.ts"],
+      "command": "pnpm run build && tsrun test_watch/devserver.ts",
+      "restart": true,
+      "debounce": 500,
+      "runOnStart": true
+    }]
+  }
+}
+```
+
+## RADIUS Server Integration (2026-02-01)
+
+### Overview
+DcRouter now supports RADIUS server functionality for network authentication via `@push.rocks/smartradius`.
+
+### Key Features
+- **MAC Authentication Bypass (MAB)** - Authenticate network devices based on MAC address
+- **VLAN Assignment** - Assign VLANs based on MAC address or OUI patterns
+- **RADIUS Accounting** - Track sessions, data usage, and billing
+
+### Configuration Example
+```typescript
+const dcRouter = new DcRouter({
+  radiusConfig: {
+    authPort: 1812,      // Authentication port (default)
+    acctPort: 1813,      // Accounting port (default)
+    clients: [
+      {
+        name: 'switch-1',
+        ipRange: '192.168.1.0/24',
+        secret: 'shared-secret',
+        enabled: true
+      }
+    ],
+    vlanAssignment: {
+      defaultVlan: 100,   // VLAN for unknown MACs
+      allowUnknownMacs: true,
+      mappings: [
+        { mac: '00:11:22:33:44:55', vlan: 10, enabled: true },
+        { mac: '00:11:22', vlan: 20, enabled: true }  // OUI pattern
+      ]
+    },
+    accounting: {
+      enabled: true,
+      retentionDays: 30
+    }
+  }
+});
+```
+
+### Components
+- `RadiusServer` - Main server wrapping smartradius
+- `VlanManager` - MAC-to-VLAN mapping with OUI pattern support
+- `AccountingManager` - Session tracking and billing data
+
+### OpsServer API Endpoints
+- `getRadiusClients` / `setRadiusClient` / `removeRadiusClient` - Client management
+- `getVlanMappings` / `setVlanMapping` / `removeVlanMapping` - VLAN mappings
+- `testVlanAssignment` - Test what VLAN a MAC would get
+- `getRadiusSessions` / `disconnectRadiusSession` - Session management
+- `getRadiusStatistics` / `getRadiusAccountingSummary` - Statistics
+
+### Files
+- `ts/radius/` - RADIUS module
+- `ts/opsserver/handlers/radius.handler.ts` - OpsServer handler
+- `ts_interfaces/requests/radius.ts` - TypedRequest interfaces
+
+## Test Fix: test.dcrouter.email.ts (2026-02-01)
+
+### Issue
+The test `DcRouter class - Custom email storage path` was failing with "domainConfigs is not iterable".
+
+### Root Cause
+The test was using outdated email config properties:
+- Used `domainRules: []` (non-existent property)
+- Used `defaultMode` (non-existent property)
+- Missing required `domains: []` property
+- Missing required `routes: []` property
+- Referenced `router.unifiedEmailServer` instead of `router.emailServer`
+
+### Fix
+Updated the test to use the correct `IUnifiedEmailServerOptions` interface properties:
+```typescript
+const emailConfig: IEmailConfig = {
+  ports: [2525],
+  hostname: 'mail.example.com',
+  domains: [], // Required: domain configurations
+  routes: []   // Required: email routing rules
+};
+```
+
+And fixed the property name:
+```typescript
+expect(router.emailServer).toBeTruthy();  // Not unifiedEmailServer
+```
+
+### Key Learning
+When using `IUnifiedEmailServerOptions` (aliased as `IEmailConfig` in some tests):
+- `domains: IEmailDomainConfig[]` is required (array of domain configs)
+- `routes: IEmailRoute[]` is required (email routing rules)
+- Access the email server via `dcRouter.emailServer` not `dcRouter.unifiedEmailServer`
+
+## Network Metrics Implementation (2025-06-23)
+
+### SmartProxy Metrics API Integration
+- Updated to use new SmartProxy metrics API (v19.6.7)
+- Use `getMetrics()` for detailed metrics with grouped methods:
+  ```typescript
+  const metrics = smartProxy.getMetrics();
+  metrics.connections.active()      // Current active connections
+  metrics.throughput.instant()      // Real-time throughput {in, out}
+  metrics.connections.topIPs(10)    // Top 10 IPs by connection count
+  ```
+- Use `getStatistics()` for basic stats
+
+### Network Traffic Display
+- All throughput values shown in bits per second (kbit/s, Mbit/s, Gbit/s)
+- Conversion: `bytesPerSecond * 8 / 1000000` for Mbps
+- Network graph shows separate lines for inbound (green) and outbound (purple)
+- Throughput tiles and graph use same data source for consistency
+
+### Requests/sec vs Connections
+- Requests/sec shows HTTP request counts (derived from connections)
+- Single connection can handle multiple requests
+- Current implementation tracks connections, not individual requests
+- Trend line shows historical request counts, not throughput
+
+## DKIM Implementation Status (2025-05-30)
+
+**Note:** DKIM is now handled by `@push.rocks/smartmta`. The `dkimCreator` is a public property on `UnifiedEmailServer`.
+
 ## SmartProxy Usage
 
 ### New Route-Based Architecture (v18+)
@@ -175,31 +445,11 @@ tap.test('stop', async () => {
 
 ## Email Integration with SmartProxy
 
-### Architecture
+### Architecture (Post-Migration)
 - Email traffic is routed through SmartProxy using automatic route generation
-- Email server runs on internal ports and receives forwarded traffic from SmartProxy
+- smartmta's UnifiedEmailServer runs on internal ports and receives forwarded traffic from SmartProxy
 - SmartProxy handles external ports (25, 587, 465) and forwards to internal ports
-
-### Email Route Generation
-```typescript
-// Email configuration automatically generates SmartProxy routes
-emailConfig: {
-  ports: [25, 587, 465],
-  hostname: 'mail.example.com',
-  domainRules: [...]
-}
-
-// Generates routes like:
-{
-  name: 'smtp-route',
-  match: { ports: [25] },
-  action: {
-    type: 'forward',
-    target: { host: 'localhost', port: 10025 }
-  },
-  tls: { mode: 'passthrough' } // STARTTLS handled by email server
-}
-```
+- smartmta's Rust SMTP bridge handles SMTP protocol processing
 
 ### Port Mapping
 - External port 25 → Internal port 10025 (SMTP)
@@ -207,6 +457,317 @@ emailConfig: {
 - External port 465 → Internal port 10465 (SMTPS)
 
 ### TLS Handling
-- Ports 25 and 587: Use 'passthrough' mode (STARTTLS handled by email server)
+- Ports 25 and 587: Use 'passthrough' mode (STARTTLS handled by smartmta)
 - Port 465: Use 'terminate' mode (SmartProxy handles TLS termination)
-- Domain-specific TLS can be configured per email rule
+
+## SmartMetrics Integration (2025-06-12) - COMPLETED
+
+### Overview
+Fixed the UI metrics display to show accurate CPU and memory data from SmartMetrics.
+
+### Key Findings
+1. **CPU Metrics:**
+   - SmartMetrics provides `cpuUsageText` as a string percentage
+   - MetricsManager parses it as `cpuUsage.user` (system is always 0)
+   - UI was incorrectly dividing by 2, showing half the actual CPU usage
+
+2. **Memory Metrics:**
+   - SmartMetrics calculates `maxMemoryMB` as minimum of:
+     - V8 heap size limit
+     - System total memory
+     - Docker memory limit (if available)
+   - Provides `memoryUsageBytes` (total process memory including children)
+   - Provides `memoryPercentage` (pre-calculated percentage)
+   - UI was only showing heap usage, missing actual memory constraints
+
+### Changes Made
+1. **MetricsManager Enhanced:**
+   - Added `maxMemoryMB` from SmartMetrics instance
+   - Added `actualUsageBytes` from SmartMetrics data
+   - Added `actualUsagePercentage` from SmartMetrics data
+   - Kept existing memory fields for compatibility
+
+2. **Interface Updated:**
+   - Added optional fields to `IServerStats.memoryUsage`
+   - Fields are optional to maintain backward compatibility
+
+3. **UI Fixed:**
+   - Removed incorrect CPU division by 2
+   - Uses `actualUsagePercentage` when available (falls back to heap percentage)
+   - Shows actual memory usage vs max memory limit (not just heap)
+
+### Result
+- CPU now shows accurate usage percentage
+- Memory shows percentage of actual constraints (Docker/system/V8 limits)
+- Better monitoring for containerized environments
+
+## Network UI Implementation (2025-06-20) - COMPLETED
+
+### Overview
+Revamped the Network UI to display real network data from SmartProxy instead of mock data.
+
+### Architecture
+1. **MetricsManager Integration:**
+   - Already integrates with SmartProxy via `dcRouter.smartProxy.getStats()`
+   - Extended with `getNetworkStats()` method to expose unused metrics:
+     - `getConnectionsByIP()` - Connection counts by IP address
+     - `getThroughputRate()` - Real-time bandwidth rates (bytes/second)
+     - `getTopIPs()` - Top connecting IPs sorted by connection count
+   - Note: SmartProxy base interface doesn't include all methods, manual implementation required
+
+2. **Existing Infrastructure Leveraged:**
+   - `getActiveConnections` endpoint already exists in security.handler.ts
+   - Enhanced to include real SmartProxy data via MetricsManager
+   - IConnectionInfo interface already supports network data structures
+
+3. **State Management:**
+   - Added `INetworkState` interface following existing patterns
+   - Created `networkStatePart` with connections, throughput, and IP data
+   - Integrated with existing auto-refresh mechanism
+
+4. **UI Changes (Minimal):**
+   - Removed `generateMockData()` method and all mock generation
+   - Connected to real `networkStatePart` state
+   - Added `renderTopIPs()` section to display top connected IPs
+   - Updated traffic chart to show real request data
+   - Kept all existing UI components (DeesTable, DeesChartArea)
+
+### Implementation Details
+1. **Data Transformation:**
+   - Converts IConnectionInfo[] to INetworkRequest[] for table display
+   - Calculates traffic buckets based on selected time range
+   - Maps connection data to chart-compatible format
+
+2. **Real Metrics Displayed:**
+   - Active connections count (from server stats)
+   - Requests per second (calculated from recent connections)
+   - Throughput rates (currently showing 0 until SmartProxy exposes rates)
+   - Top IPs with connection counts and percentages
+
+3. **TypeScript Fixes:**
+   - SmartProxy methods like `getThroughputRate()` not in base interface
+   - Implemented manual fallbacks for missing methods
+   - Fixed `publicIpv4` → `publicIp` property name
+
+### Result
+- Network view now shows real connection activity
+- Auto-refreshes with other stats every second
+- Displays actual IPs and connection counts
+- No more mock/demo data
+- Minimal code changes (streamlined approach)
+
+### Throughput Data Fix (2025-06-20)
+The throughput was showing 0 because:
+1. MetricsManager was hardcoding throughputRate to 0, assuming the method didn't exist
+2. SmartProxy's `getStats()` returns `IProxyStats` interface, but the actual object (`MetricsCollector`) implements `IProxyStatsExtended`
+3. `getThroughputRate()` only exists in the extended interface
+
+**Solution implemented:**
+1. Updated MetricsManager to check if methods exist at runtime and call them
+2. Added property name mapping (`bytesInPerSec` → `bytesInPerSecond`)
+3. Created new `getNetworkStats` endpoint in security.handler.ts
+4. Updated frontend to call the new endpoint for complete network metrics
+
+The throughput data now flows correctly from SmartProxy → MetricsManager → API → UI.
+
+## Email Operations Dashboard (2026-02-01)
+
+### Overview
+Replaced mock data in the email UI with real backend data from the delivery queue and security logger.
+
+### New Files Created
+- `ts_interfaces/requests/email-ops.ts` - TypedRequest interfaces for email operations
+- `ts/opsserver/handlers/email-ops.handler.ts` - Backend handler for email operations
+
+### Key Interfaces
+- `IReq_GetQueuedEmails` - Fetch emails from delivery queue by status
+- `IReq_GetSentEmails` - Fetch delivered emails
+- `IReq_GetFailedEmails` - Fetch failed emails
+- `IReq_ResendEmail` - Re-queue a failed email for retry
+- `IReq_GetSecurityIncidents` - Fetch security events from SecurityLogger
+- `IReq_GetBounceRecords` - Fetch bounce records and suppression list
+- `IReq_RemoveFromSuppressionList` - Remove email from suppression list
+
+### UI Changes (ops-view-emails.ts)
+- Replaced mock folders (inbox/sent/draft/trash) with operations views:
+  - **Queued**: Emails pending delivery
+  - **Sent**: Successfully delivered emails
+  - **Failed**: Failed emails with resend capability
+  - **Security**: Security incidents from SecurityLogger
+- Removed `generateMockEmails()` method
+- Added state management via `emailOpsStatePart` in appstate.ts
+- Added resend button for failed emails
+- Added security incident detail view
+
+### Data Flow
+```
+UnifiedDeliveryQueue → EmailOpsHandler → TypedRequest → Frontend State → UI
+SecurityLogger → EmailOpsHandler → TypedRequest → Frontend State → UI
+BounceManager → EmailOpsHandler → TypedRequest → Frontend State → UI
+```
+
+### Backend Data Access
+The handler accesses data from:
+- `dcRouter.emailServer.deliveryQueue` - Email queue items (IQueueItem)
+- `SecurityLogger.getInstance()` - Security events (ISecurityEvent)
+- `emailServer.bounceManager` - Bounce records and suppression list
+
+## OpsServer UI Fixes (2026-02-02)
+
+### Configuration Page Fix
+The configuration page had field name mismatches between frontend and backend:
+- Frontend expected `server` and `storage` sections
+- Backend returns `proxy` section (not `server`)
+- Backend has no `storage` section
+
+**Fix**: Updated `ops-view-config.ts` to use correct section names:
+- `proxy` instead of `server`
+- Removed non-existent `storage` section
+- Added optional chaining (`?.`) for safety
+
+### Auth Persistence Fix
+Login state was using `'soft'` mode in Smartstate which is memory-only:
+- User login was lost on page refresh
+- State reset to logged out after browser restart
+
+**Changes**:
+1. `ts_web/appstate.ts`: Changed loginStatePart from `'soft'` to `'persistent'`
+   - Now uses IndexedDB to persist across browser sessions
+2. `ts/opsserver/handlers/admin.handler.ts`: JWT expiry changed from 7 days to 24 hours
+3. `ts_web/elements/ops-dashboard.ts`: Added JWT expiry check on session restore
+   - Validates stored JWT hasn't expired before auto-logging in
+   - Clears expired sessions and shows login form
+
+## Config UI Read-Only Conversion (2026-02-03)
+
+### Overview
+The configuration UI has been converted from an editable interface to a read-only display. DcRouter is configured through code or remotely, not through the UI.
+
+### Changes Made
+
+1. **Backend (`ts/opsserver/handlers/config.handler.ts`)**:
+   - Removed `updateConfiguration` handler
+   - Removed `updateConfiguration()` private method
+   - Kept `getConfiguration` handler (read-only)
+
+2. **Interfaces (`ts_interfaces/requests/config.ts`)**:
+   - Removed `IReq_UpdateConfiguration` interface
+   - Kept `IReq_GetConfiguration` interface
+
+3. **Frontend (`ts_web/elements/ops-view-config.ts`)**:
+   - Removed `editingSection` and `editedConfig` state properties
+   - Removed `startEdit()`, `cancelEdit()`, `saveConfig()` methods
+   - Removed Edit/Save/Cancel buttons
+   - Removed warning banner about immediate changes
+   - Enhanced read-only display with:
+     - Status badges for boolean values (enabled/disabled)
+     - Array display as pills/tags with counts
+     - Section icons (mail, globe, network, shield)
+     - Better formatting for numbers and byte sizes
+     - Empty state handling ("Not configured", "None configured")
+     - Info note explaining configuration is read-only
+
+4. **State Management (`ts_web/appstate.ts`)**:
+   - Removed `updateConfigurationAction`
+   - Kept `fetchConfigurationAction` (read-only)
+
+5. **Tests (`test/test.protected-endpoint.ts`)**:
+   - Replaced `updateConfiguration` tests with `verifyIdentity` tests
+   - Added test for read-only config access
+   - Kept auth flow testing with different protected endpoint
+
+6. **Documentation**:
+   - `readme.md`: Updated API endpoints to show config as read-only
+   - `ts_web/readme.md`: Removed `updateConfigurationAction` from actions list
+   - `ts_interfaces/readme.md`: Removed `IReq_UpdateConfiguration` from table
+
+### Visual Display Features
+- Boolean values shown as colored badges (green=enabled, red=disabled)
+- Arrays displayed as pills with count summaries
+- Section headers with relevant Lucide icons
+- Numbers formatted with locale separators
+- Byte sizes auto-formatted (B, KB, MB, GB)
+- Time values shown with "seconds" suffix
+- Nested objects with visual indentation
+
+## Smartdata Cache System (2026-02-03)
+
+### Overview
+DcRouter now uses smartdata + LocalTsmDb for persistent caching. Data is stored at `~/.serve.zone/dcrouter/tsmdb`.
+
+### Technology Stack
+| Layer | Package | Purpose |
+|-------|---------|---------|
+| ORM | `@push.rocks/smartdata` | Document classes, decorators, queries |
+| Database | `@push.rocks/smartmongo` (LocalTsmDb) | Embedded TsmDB via Unix socket |
+
+### TC39 Decorators
+The project uses TC39 Stage 3 decorators (not experimental decorators). The tsconfig was updated:
+- Removed `experimentalDecorators: true`
+- Removed `emitDecoratorMetadata: true`
+
+This is required for smartdata v7+ compatibility.
+
+### Cache Document Classes
+Located in `ts/cache/documents/`:
+
+| Class | Purpose | Default TTL |
+|-------|---------|-------------|
+| `CachedEmail` | Email queue items | 30 days |
+| `CachedIPReputation` | IP reputation lookups | 24 hours |
+
+Note: CachedBounce, CachedSuppression, and CachedDKIMKey were removed in the smartmta migration (smartmta handles its own persistence for those).
+
+### Usage Pattern
+```typescript
+// Document classes use smartdata decorators
+@plugins.smartdata.Collection(() => getDb())
+export class CachedEmail extends CachedDocument<CachedEmail> {
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.DAYS_30);
+
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id: string;
+  // ...
+}
+
+// Query examples
+const email = await CachedEmail.getInstance({ id: 'abc123' });
+const pending = await CachedEmail.getInstances({ status: 'pending' });
+await email.save();
+await email.delete();
+```
+
+### Configuration
+```typescript
+const dcRouter = new DcRouter({
+  cacheConfig: {
+    enabled: true,
+    storagePath: '~/.serve.zone/dcrouter/tsmdb',
+    dbName: 'dcrouter',
+    cleanupIntervalHours: 1,
+    ttlConfig: {
+      emails: 30,       // days
+      ipReputation: 1,  // days
+      bounces: 30,      // days
+      dkimKeys: 90,     // days
+      suppression: 30   // days
+    }
+  }
+});
+```
+
+### Cache Cleaner
+- Runs hourly by default (configurable via `cleanupIntervalHours`)
+- Finds and deletes documents where `expiresAt < now()`
+- Uses smartdata's `getInstances()` + `delete()` pattern
+
+### Key Files
+- `ts/cache/classes.cachedb.ts` - CacheDb singleton wrapper
+- `ts/cache/classes.cached.document.ts` - Base class with TTL support
+- `ts/cache/classes.cache.cleaner.ts` - Periodic cleanup service
+- `ts/cache/documents/*.ts` - Document class definitions

readme.plan.md

@@ -1,428 +0,0 @@
-# Platform Service - SmartProxy Architecture Update Plan
-
-**Command to reread CLAUDE.md: `cat /home/philkunz/.claude/CLAUDE.md`**
-
-## Overview
-
-SmartProxy has undergone a major architectural update, moving from a direct port-to-port proxy configuration to a flexible route-based system. This plan outlines the necessary updates to integrate these changes into the platformservice while retaining all SmartProxy functionality.
-
-## New SmartProxy Architecture
-
-### Previous Architecture (Legacy)
-```typescript
-// Old configuration style
-{
-  fromPort: 443,
-  toPort: 8080,
-  targetIP: 'backend.server.com',
-  sniEnabled: true,
-  domainConfigs: [
-    {
-      domain: 'example.com',
-      target: 'backend1.server.com',
-      port: 8081
-    }
-  ]
-}
-```
-
-### New Architecture (Route-Based)
-```typescript
-// New configuration style - FULL SmartProxy functionality
-{
-  routes: [
-    {
-      name: 'https-traffic',
-      match: {
-        ports: 443,
-        domains: ['example.com', '*.example.com']
-      },
-      action: {
-        type: 'forward',
-        target: {
-          host: 'backend.server.com',
-          port: 8080
-        }
-      },
-      tls: {
-        mode: 'terminate',
-        certificate: 'auto'
-      }
-    }
-  ],
-  defaults: {
-    target: {
-      host: 'fallback.server.com',
-      port: 8080
-    },
-    security: {
-      ipAllowList: ['192.168.1.0/24'],
-      maxConnections: 1000
-    }
-  }
-}
-```
-
-## Integration Approach
-
-### 1. Direct SmartProxy Configuration
-
-The DcRouter will expose the full SmartProxy configuration directly, with additional email integration that automatically adds email routes to SmartProxy:
-
-```typescript
-export interface IDcRouterOptions {
-  /**
-   * Full SmartProxy configuration - ALL SmartProxy features available
-   * This handles HTTP/HTTPS and general TCP/SNI traffic
-   */
-  smartProxyConfig?: plugins.smartproxy.ISmartProxyOptions;
-  
-  /**
-   * Email configuration - automatically creates SmartProxy routes for email ports
-   */
-  emailConfig?: IEmailConfig;
-  
-  /**
-   * Additional configuration options
-   */
-  tls?: {
-    contactEmail: string;
-    domain?: string;
-    certPath?: string;
-    keyPath?: string;
-  };
-  
-  /**
-   * DNS server configuration
-   */
-  dnsServerConfig?: plugins.smartdns.IDnsServerOptions;
-}
-```
-
-### 2. Email Route Auto-Generation
-
-When email configuration is provided, DcRouter will automatically generate SmartProxy routes for email traffic:
-
-```typescript
-private async setupSmartProxy() {
-  let routes: plugins.smartproxy.IRouteConfig[] = [];
-  let acmeConfig: plugins.smartproxy.IAcmeOptions | undefined;
-  
-  // If user provides full SmartProxy config, use it directly
-  if (this.options.smartProxyConfig) {
-    routes = this.options.smartProxyConfig.routes || [];
-    acmeConfig = this.options.smartProxyConfig.acme;
-  }
-  
-  // If email config exists, automatically add email routes
-  if (this.options.emailConfig) {
-    const emailRoutes = this.generateEmailRoutes(this.options.emailConfig);
-    routes = [...routes, ...emailRoutes];
-  }
-  
-  // Merge TLS/ACME configuration if provided at root level
-  if (this.options.tls && !acmeConfig) {
-    acmeConfig = {
-      accountEmail: this.options.tls.contactEmail,
-      enabled: true,
-      useProduction: true,
-      autoRenew: true,
-      renewThresholdDays: 30
-    };
-  }
-  
-  // Initialize SmartProxy with combined configuration
-  this.smartProxy = new plugins.smartproxy.SmartProxy({
-    ...this.options.smartProxyConfig,
-    routes,
-    acme: acmeConfig
-  });
-  
-  await this.smartProxy.start();
-  logger.info('SmartProxy started with route-based configuration');
-}
-
-private generateEmailRoutes(emailConfig: IEmailConfig): plugins.smartproxy.IRouteConfig[] {
-  const emailRoutes: plugins.smartproxy.IRouteConfig[] = [];
-  
-  // Create routes for each email port
-  for (const port of emailConfig.ports) {
-    // Handle different email ports differently
-    switch (port) {
-      case 25: // SMTP
-        emailRoutes.push({
-          name: 'smtp-route',
-          match: {
-            ports: [25]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost', // Forward to internal email server
-              port: 10025 // Internal email server port
-            }
-          },
-          // No TLS termination for port 25 (STARTTLS handled by email server)
-          tls: {
-            mode: 'passthrough'
-          }
-        });
-        break;
-        
-      case 587: // Submission
-        emailRoutes.push({
-          name: 'submission-route',
-          match: {
-            ports: [587]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost',
-              port: 10587
-            }
-          },
-          tls: {
-            mode: 'passthrough' // STARTTLS handled by email server
-          }
-        });
-        break;
-        
-      case 465: // SMTPS
-        emailRoutes.push({
-          name: 'smtps-route',
-          match: {
-            ports: [465]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost',
-              port: 10465
-            }
-          },
-          tls: {
-            mode: 'terminate', // Terminate TLS and re-encrypt to email server
-            certificate: 'auto'
-          }
-        });
-        break;
-    }
-  }
-  
-  // Add domain-specific email routes if configured
-  if (emailConfig.domainRules) {
-    for (const rule of emailConfig.domainRules) {
-      // Extract domain from pattern (e.g., "*@example.com" -> "example.com")
-      const domain = rule.pattern.split('@')[1];
-      
-      if (domain && rule.mode === 'forward' && rule.target) {
-        emailRoutes.push({
-          name: `email-forward-${domain}`,
-          match: {
-            ports: emailConfig.ports,
-            domains: [domain]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: rule.target.server,
-              port: rule.target.port || 25
-            }
-          },
-          tls: {
-            mode: rule.target.useTls ? 'terminate-and-reencrypt' : 'passthrough'
-          }
-        });
-      }
-    }
-  }
-  
-  return emailRoutes;
-}
-```
-
-### 3. Email Server Integration
-
-The email server will run on internal ports and receive traffic from SmartProxy:
-
-```typescript
-private async setupUnifiedEmailHandling() {
-  if (!this.options.emailConfig) {
-    logger.info('No email configuration provided');
-    return;
-  }
-
-  const emailConfig = this.options.emailConfig;
-  
-  // Map external ports to internal ports
-  const portMapping = {
-    25: 10025,   // SMTP
-    587: 10587,  // Submission
-    465: 10465   // SMTPS
-  };
-  
-  // Create internal email server configuration
-  const internalEmailConfig: IEmailConfig = {
-    ...emailConfig,
-    ports: emailConfig.ports.map(port => portMapping[port] || port + 10000),
-    hostname: 'localhost' // Listen on localhost for SmartProxy forwarding
-  };
-  
-  // Initialize email components with internal configuration
-  this.domainRouter = new DomainRouter({
-    domainRules: emailConfig.domainRules,
-    defaultMode: emailConfig.defaultMode,
-    defaultServer: emailConfig.defaultServer,
-    defaultPort: emailConfig.defaultPort,
-    defaultTls: emailConfig.defaultTls
-  });
-  
-  this.unifiedEmailServer = new UnifiedEmailServer({
-    ...internalEmailConfig,
-    domainRouter: this.domainRouter
-  });
-  
-  await this.unifiedEmailServer.start();
-  logger.info('Unified email server started on internal ports');
-}
-```
-
-## Usage Examples
-
-### Example 1: Combined HTTP and Email Configuration
-```typescript
-const dcRouter = new DcRouter({
-  // Full SmartProxy configuration for HTTP/HTTPS
-  smartProxyConfig: {
-    routes: [
-      {
-        name: 'web-traffic',
-        match: {
-          ports: [80, 443],
-          domains: ['www.example.com']
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: 'web-backend.example.com',
-            port: 8080
-          }
-        },
-        tls: {
-          mode: 'terminate',
-          certificate: 'auto'
-        }
-      }
-    ],
-    acme: {
-      accountEmail: 'admin@example.com',
-      enabled: true,
-      useProduction: true
-    }
-  },
-  
-  // Email configuration - automatically creates SmartProxy routes
-  emailConfig: {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    domainRules: [
-      {
-        pattern: '*@example.com',
-        mode: 'mta',
-        mtaOptions: {
-          dkimSign: true,
-          dkimOptions: {
-            domainName: 'example.com',
-            keySelector: 'mail',
-            privateKey: '...'
-          }
-        }
-      }
-    ],
-    defaultMode: 'forward',
-    defaultServer: 'backup-mail.example.com'
-  }
-});
-```
-
-### Example 2: Advanced SmartProxy Features with Email
-```typescript
-const dcRouter = new DcRouter({
-  smartProxyConfig: {
-    routes: [
-      // Custom API route with authentication
-      {
-        name: 'api-route',
-        match: {
-          ports: 443,
-          domains: 'api.example.com',
-          path: '/v1/*'
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: (context) => {
-              // Dynamic host selection based on context
-              return context.headers['x-api-version'] === 'v2' 
-                ? 'api-v2.backend.com' 
-                : 'api-v1.backend.com';
-            },
-            port: 9090
-          }
-        },
-        security: {
-          authentication: {
-            type: 'jwt',
-            jwtSecret: process.env.JWT_SECRET
-          },
-          rateLimit: {
-            maxRequestsPerMinute: 100,
-            maxRequestsPerSecond: 10
-          }
-        }
-      }
-    ],
-    // Advanced SmartProxy options
-    preserveSourceIP: true,
-    enableDetailedLogging: true,
-    maxConnectionsPerIP: 50,
-    connectionRateLimitPerMinute: 1000
-  },
-  
-  // Email automatically integrates with SmartProxy
-  emailConfig: {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    domainRules: []
-  }
-});
-```
-
-## Key Benefits
-
-1. **Full SmartProxy Power**: All SmartProxy features remain available
-2. **Automatic Email Integration**: Email ports are automatically routed through SmartProxy
-3. **Unified TLS Management**: SmartProxy handles all TLS termination and certificates
-4. **Flexible Configuration**: Mix custom SmartProxy routes with automatic email routes
-5. **Performance**: SmartProxy's efficient routing benefits email traffic too
-
-## Implementation Tasks
-
-- [ ] Update DcRouter to preserve full SmartProxy configuration
-- [ ] Implement automatic email route generation
-- [ ] Configure email server to run on internal ports
-- [ ] Test integration between SmartProxy and email server
-- [ ] Update documentation with full SmartProxy examples
-- [ ] Create migration guide showing how to use new features
-- [ ] Test advanced SmartProxy features with email routing
-- [ ] Verify TLS handling for different email ports
-- [ ] Test domain-specific email routing through SmartProxy
-
-## Notes
-
-- SmartProxy acts as the single entry point for all traffic (HTTP, HTTPS, and email)
-- Email server runs on internal ports and receives forwarded traffic from SmartProxy
-- TLS termination is handled by SmartProxy where appropriate
-- STARTTLS for email is handled by the email server itself
-- All SmartProxy features (rate limiting, authentication, dynamic routing) are available

readme.storage.md

@@ -0,0 +1,84 @@
+# DCRouter Storage Overview
+
+DCRouter uses a **unified database layer** backed by `@push.rocks/smartdata` for all persistent data. All data is stored as typed document classes in a single database.
+
+## Database Modes
+
+### Embedded Mode (default)
+When no external MongoDB URL is provided, DCRouter starts an embedded `LocalSmartDb` (Rust-based MongoDB-compatible engine) via `@push.rocks/smartdb`.
+
+```
+~/.serve.zone/dcrouter/tsmdb/
+```
+
+### External Mode
+Connect to any MongoDB-compatible database by providing a connection URL.
+
+```typescript
+dbConfig: {
+  mongoDbUrl: 'mongodb://host:27017',
+  dbName: 'dcrouter',
+}
+```
+
+## Configuration
+
+```typescript
+dbConfig: {
+  enabled: true,                                    // default: true
+  mongoDbUrl: undefined,                            // default: embedded LocalSmartDb
+  storagePath: '~/.serve.zone/dcrouter/tsmdb',     // default (embedded mode only)
+  dbName: 'dcrouter',                               // default
+  cleanupIntervalHours: 1,                          // TTL cleanup interval
+}
+```
+
+## Document Classes
+
+All data is stored as smartdata document classes in `ts/db/documents/`.
+
+| Document Class | Collection | Unique Key | Purpose |
+|---|---|---|---|
+| `StoredRouteDoc` | storedRoutes | `id` | Programmatic routes (created via API) |
+| `RouteOverrideDoc` | routeOverrides | `routeName` | Hardcoded route enable/disable overrides |
+| `ApiTokenDoc` | apiTokens | `id` | API tokens (hashed secrets, scopes, expiry) |
+| `VpnServerKeysDoc` | vpnServerKeys | `configId` (singleton) | VPN server Noise + WireGuard keypairs |
+| `VpnClientDoc` | vpnClients | `clientId` | VPN client registrations |
+| `AcmeCertDoc` | acmeCerts | `domainName` | ACME certificates and keys |
+| `ProxyCertDoc` | proxyCerts | `domain` | SmartProxy TLS certificates |
+| `CertBackoffDoc` | certBackoff | `domain` | Per-domain cert provision backoff state |
+| `RemoteIngressEdgeDoc` | remoteIngressEdges | `id` | Edge node registrations |
+| `VlanMappingsDoc` | vlanMappings | `configId` (singleton) | MAC-to-VLAN mapping table |
+| `AccountingSessionDoc` | accountingSessions | `sessionId` | RADIUS accounting sessions |
+| `CachedEmail` | cachedEmails | `id` | Email metadata (TTL: 30 days) |
+| `CachedIPReputation` | cachedIPReputation | `ipAddress` | IP reputation results (TTL: 24 hours) |
+
+## Architecture
+
+```
+DcRouterDb (singleton)
+  ├── LocalSmartDb (embedded, Rust) ─── or ─── External MongoDB
+  └── SmartdataDb (ORM)
+        └── @Collection(() => getDb())
+              ├── StoredRouteDoc
+              ├── RouteOverrideDoc
+              ├── ApiTokenDoc
+              ├── VpnServerKeysDoc / VpnClientDoc
+              ├── AcmeCertDoc / ProxyCertDoc / CertBackoffDoc
+              ├── RemoteIngressEdgeDoc
+              ├── VlanMappingsDoc / AccountingSessionDoc
+              ├── CachedEmail (TTL)
+              └── CachedIPReputation (TTL)
+```
+
+### TTL Cleanup
+
+`CacheCleaner` runs on a configurable interval (default: 1 hour) and removes expired documents where `expiresAt < now()`.
+
+## Disabling
+
+For tests or lightweight deployments without persistence:
+
+```typescript
+dbConfig: { enabled: false }
+```

test/readme.md

@@ -0,0 +1,443 @@
+# DCRouter SMTP Test Suite
+
+```
+test/
+├── readme.md                              # This file
+├── helpers/
+│   ├── server.loader.ts                  # SMTP server lifecycle management
+│   ├── utils.ts                          # Common test utilities
+│   └── smtp.client.ts                    # Test SMTP client utilities
+└── suite/
+    ├── smtpserver_commands/              # SMTP command tests (CMD)
+    ├── smtpserver_connection/            # Connection management tests (CM)
+    ├── smtpserver_edge-cases/            # Edge case tests (EDGE)
+    ├── smtpserver_email-processing/      # Email processing tests (EP)
+    ├── smtpserver_error-handling/        # Error handling tests (ERR)
+    ├── smtpserver_performance/           # Performance tests (PERF)
+    ├── smtpserver_reliability/           # Reliability tests (REL)
+    ├── smtpserver_rfc-compliance/        # RFC compliance tests (RFC)
+    └── smtpserver_security/              # Security tests (SEC)
+```
+
+## Test ID Convention
+
+All test files follow a strict naming convention: `test.<category-id>.<description>.ts`
+
+Examples:
+- `test.cmd-01.ehlo-command.ts` - EHLO command test
+- `test.cm-01.tls-connection.ts` - TLS connection test
+- `test.sec-01.authentication.ts` - Authentication test
+
+## Test Categories
+
+### 1. Connection Management (CM)
+
+Tests for validating SMTP connection handling, TLS support, and connection lifecycle management.
+
+| ID    | Test Description                          | Priority | Implementation |
+|-------|-------------------------------------------|----------|----------------|
+| CM-01 | TLS Connection Test                       | High     | `suite/smtpserver_connection/test.cm-01.tls-connection.ts` |
+| CM-02 | Multiple Simultaneous Connections         | High     | `suite/smtpserver_connection/test.cm-02.multiple-connections.ts` |
+| CM-03 | Connection Timeout                        | High     | `suite/smtpserver_connection/test.cm-03.connection-timeout.ts` |
+| CM-04 | Connection Limits                         | Medium   | `suite/smtpserver_connection/test.cm-04.connection-limits.ts` |
+| CM-05 | Connection Rejection                      | Medium   | `suite/smtpserver_connection/test.cm-05.connection-rejection.ts` |
+| CM-06 | STARTTLS Connection Upgrade               | High     | `suite/smtpserver_connection/test.cm-06.starttls-upgrade.ts` |
+| CM-07 | Abrupt Client Disconnection               | Medium   | `suite/smtpserver_connection/test.cm-07.abrupt-disconnection.ts` |
+| CM-08 | TLS Version Compatibility                 | Medium   | `suite/smtpserver_connection/test.cm-08.tls-versions.ts` |
+| CM-09 | TLS Cipher Configuration                  | Medium   | `suite/smtpserver_connection/test.cm-09.tls-ciphers.ts` |
+| CM-10 | Plain Connection Test                     | Low      | `suite/smtpserver_connection/test.cm-10.plain-connection.ts` |
+| CM-11 | TCP Keep-Alive Test                       | Low      | `suite/smtpserver_connection/test.cm-11.keepalive.ts` |
+
+### 2. SMTP Commands (CMD)
+
+Tests for validating proper SMTP protocol command implementation.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CMD-01 | EHLO Command                              | High     | `suite/smtpserver_commands/test.cmd-01.ehlo-command.ts` |
+| CMD-02 | MAIL FROM Command                         | High     | `suite/smtpserver_commands/test.cmd-02.mail-from.ts` |
+| CMD-03 | RCPT TO Command                           | High     | `suite/smtpserver_commands/test.cmd-03.rcpt-to.ts` |
+| CMD-04 | DATA Command                              | High     | `suite/smtpserver_commands/test.cmd-04.data-command.ts` |
+| CMD-05 | NOOP Command                              | Medium   | `suite/smtpserver_commands/test.cmd-05.noop-command.ts` |
+| CMD-06 | RSET Command                              | Medium   | `suite/smtpserver_commands/test.cmd-06.rset-command.ts` |
+| CMD-07 | VRFY Command                              | Low      | `suite/smtpserver_commands/test.cmd-07.vrfy-command.ts` |
+| CMD-08 | EXPN Command                              | Low      | `suite/smtpserver_commands/test.cmd-08.expn-command.ts` |
+| CMD-09 | SIZE Extension                            | Medium   | `suite/smtpserver_commands/test.cmd-09.size-extension.ts` |
+| CMD-10 | HELP Command                              | Low      | `suite/smtpserver_commands/test.cmd-10.help-command.ts` |
+| CMD-11 | Command Pipelining                        | Medium   | `suite/smtpserver_commands/test.cmd-11.command-pipelining.ts` |
+| CMD-12 | HELO Command                              | Low      | `suite/smtpserver_commands/test.cmd-12.helo-command.ts` |
+| CMD-13 | QUIT Command                              | High     | `suite/smtpserver_commands/test.cmd-13.quit-command.ts` |
+
+### 3. Email Processing (EP)
+
+Tests for validating email content handling, parsing, and delivery.
+
+| ID    | Test Description                          | Priority | Implementation |
+|-------|-------------------------------------------|----------|----------------|
+| EP-01 | Basic Email Sending                       | High     | `suite/smtpserver_email-processing/test.ep-01.basic-email-sending.ts` |
+| EP-02 | Invalid Email Address Handling            | High     | `suite/smtpserver_email-processing/test.ep-02.invalid-email-addresses.ts` |
+| EP-03 | Multiple Recipients                       | Medium   | `suite/smtpserver_email-processing/test.ep-03.multiple-recipients.ts` |
+| EP-04 | Large Email Handling                      | High     | `suite/smtpserver_email-processing/test.ep-04.large-email.ts` |
+| EP-05 | MIME Handling                             | High     | `suite/smtpserver_email-processing/test.ep-05.mime-handling.ts` |
+| EP-06 | Attachment Handling                       | Medium   | `suite/smtpserver_email-processing/test.ep-06.attachment-handling.ts` |
+| EP-07 | Special Character Handling                | Medium   | `suite/smtpserver_email-processing/test.ep-07.special-character-handling.ts` |
+| EP-08 | Email Routing                             | High     | `suite/smtpserver_email-processing/test.ep-08.email-routing.ts` |
+| EP-09 | Delivery Status Notifications             | Medium   | `suite/smtpserver_email-processing/test.ep-09.delivery-status-notifications.ts` |
+
+### 4. Security (SEC)
+
+Tests for validating security features and protections.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| SEC-01 | Authentication                            | High     | `suite/smtpserver_security/test.sec-01.authentication.ts` |
+| SEC-02 | Authorization                             | High     | `suite/smtpserver_security/test.sec-02.authorization.ts` |
+| SEC-03 | DKIM Processing                           | High     | `suite/smtpserver_security/test.sec-03.dkim-processing.ts` |
+| SEC-04 | SPF Checking                              | High     | `suite/smtpserver_security/test.sec-04.spf-checking.ts` |
+| SEC-05 | DMARC Policy Enforcement                  | Medium   | `suite/smtpserver_security/test.sec-05.dmarc-policy.ts` |
+| SEC-06 | IP Reputation Checking                    | High     | `suite/smtpserver_security/test.sec-06.ip-reputation.ts` |
+| SEC-07 | Content Scanning                          | Medium   | `suite/smtpserver_security/test.sec-07.content-scanning.ts` |
+| SEC-08 | Rate Limiting                             | High     | `suite/smtpserver_security/test.sec-08.rate-limiting.ts` |
+| SEC-09 | TLS Certificate Validation                | High     | `suite/smtpserver_security/test.sec-09.tls-certificate-validation.ts` |
+| SEC-10 | Header Injection Prevention               | High     | `suite/smtpserver_security/test.sec-10.header-injection-prevention.ts` |
+| SEC-11 | Bounce Management                         | Medium   | `suite/smtpserver_security/test.sec-11.bounce-management.ts` |
+
+### 5. Error Handling (ERR)
+
+Tests for validating proper error handling and recovery.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| ERR-01 | Syntax Error Handling                     | High     | `suite/smtpserver_error-handling/test.err-01.syntax-errors.ts` |
+| ERR-02 | Invalid Sequence Handling                 | High     | `suite/smtpserver_error-handling/test.err-02.invalid-sequence.ts` |
+| ERR-03 | Temporary Failure Handling                | Medium   | `suite/smtpserver_error-handling/test.err-03.temporary-failures.ts` |
+| ERR-04 | Permanent Failure Handling                | Medium   | `suite/smtpserver_error-handling/test.err-04.permanent-failures.ts` |
+| ERR-05 | Resource Exhaustion Handling              | High     | `suite/smtpserver_error-handling/test.err-05.resource-exhaustion.ts` |
+| ERR-06 | Malformed MIME Handling                   | Medium   | `suite/smtpserver_error-handling/test.err-06.malformed-mime.ts` |
+| ERR-07 | Exception Handling                        | High     | `suite/smtpserver_error-handling/test.err-07.exception-handling.ts` |
+| ERR-08 | Error Logging                             | Medium   | `suite/smtpserver_error-handling/test.err-08.error-logging.ts` |
+
+### 6. Performance (PERF)
+
+Tests for validating performance characteristics and benchmarks.
+
+| ID      | Test Description                         | Priority | Implementation |
+|---------|------------------------------------------|----------|----------------|
+| PERF-01 | Throughput Testing                       | Medium   | `suite/smtpserver_performance/test.perf-01.throughput.ts` |
+| PERF-02 | Concurrency Testing                      | High     | `suite/smtpserver_performance/test.perf-02.concurrency.ts` |
+| PERF-03 | CPU Utilization                          | Medium   | `suite/smtpserver_performance/test.perf-03.cpu-utilization.ts` |
+| PERF-04 | Memory Usage                             | Medium   | `suite/smtpserver_performance/test.perf-04.memory-usage.ts` |
+| PERF-05 | Connection Processing Time               | Medium   | `suite/smtpserver_performance/test.perf-05.connection-processing-time.ts` |
+| PERF-06 | Message Processing Time                  | Medium   | `suite/smtpserver_performance/test.perf-06.message-processing-time.ts` |
+| PERF-07 | Resource Cleanup                         | High     | `suite/smtpserver_performance/test.perf-07.resource-cleanup.ts` |
+
+### 7. Reliability (REL)
+
+Tests for validating system reliability and stability.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| REL-01 | Long-Running Operation                    | High     | `suite/smtpserver_reliability/test.rel-01.long-running-operation.ts` |
+| REL-02 | Restart Recovery                          | High     | `suite/smtpserver_reliability/test.rel-02.restart-recovery.ts` |
+| REL-03 | Resource Leak Detection                   | High     | `suite/smtpserver_reliability/test.rel-03.resource-leak-detection.ts` |
+| REL-04 | Error Recovery                            | High     | `suite/smtpserver_reliability/test.rel-04.error-recovery.ts` |
+| REL-05 | DNS Resolution Failure Handling           | Medium   | `suite/smtpserver_reliability/test.rel-05.dns-resolution-failure.ts` |
+| REL-06 | Network Interruption Handling             | Medium   | `suite/smtpserver_reliability/test.rel-06.network-interruption.ts` |
+
+### 8. Edge Cases (EDGE)
+
+Tests for validating handling of unusual or extreme scenarios.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| EDGE-01 | Very Large Email                          | Low      | `suite/smtpserver_edge-cases/test.edge-01.very-large-email.ts` |
+| EDGE-02 | Very Small Email                          | Low      | `suite/smtpserver_edge-cases/test.edge-02.very-small-email.ts` |
+| EDGE-03 | Invalid Character Handling                | Medium   | `suite/smtpserver_edge-cases/test.edge-03.invalid-character-handling.ts` |
+| EDGE-04 | Empty Commands                            | Low      | `suite/smtpserver_edge-cases/test.edge-04.empty-commands.ts` |
+| EDGE-05 | Extremely Long Lines                      | Medium   | `suite/smtpserver_edge-cases/test.edge-05.extremely-long-lines.ts` |
+| EDGE-06 | Extremely Long Headers                    | Medium   | `suite/smtpserver_edge-cases/test.edge-06.extremely-long-headers.ts` |
+| EDGE-07 | Unusual MIME Types                        | Low      | `suite/smtpserver_edge-cases/test.edge-07.unusual-mime-types.ts` |
+| EDGE-08 | Nested MIME Structures                    | Low      | `suite/smtpserver_edge-cases/test.edge-08.nested-mime-structures.ts` |
+
+### 9. RFC Compliance (RFC)
+
+Tests for validating compliance with SMTP-related RFCs.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| RFC-01 | RFC 5321 Compliance                       | High     | `suite/smtpserver_rfc-compliance/test.rfc-01.rfc5321-compliance.ts` |
+| RFC-02 | RFC 5322 Compliance                       | High     | `suite/smtpserver_rfc-compliance/test.rfc-02.rfc5322-compliance.ts` |
+| RFC-03 | RFC 7208 SPF Compliance                   | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-03.rfc7208-spf-compliance.ts` |
+| RFC-04 | RFC 6376 DKIM Compliance                  | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-04.rfc6376-dkim-compliance.ts` |
+| RFC-05 | RFC 7489 DMARC Compliance                 | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-05.rfc7489-dmarc-compliance.ts` |
+| RFC-06 | RFC 8314 TLS Compliance                   | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-06.rfc8314-tls-compliance.ts` |
+| RFC-07 | RFC 3461 DSN Compliance                   | Low      | `suite/smtpserver_rfc-compliance/test.rfc-07.rfc3461-dsn-compliance.ts` |
+
+## SMTP Client Test Suite
+
+The following test categories ensure our SMTP client is production-ready, RFC-compliant, and handles all real-world scenarios properly.
+
+### Client Test Organization
+
+```
+test/
+└── suite/
+    ├── smtpclient_connection/          # Client connection management tests (CCM)
+    ├── smtpclient_commands/            # Client command execution tests (CCMD)
+    ├── smtpclient_email-composition/   # Email composition tests (CEP)
+    ├── smtpclient_security/            # Client security tests (CSEC)
+    ├── smtpclient_error-handling/      # Client error handling tests (CERR)
+    ├── smtpclient_performance/         # Client performance tests (CPERF)
+    ├── smtpclient_reliability/         # Client reliability tests (CREL)
+    ├── smtpclient_edge-cases/          # Client edge case tests (CEDGE)
+    └── smtpclient_rfc-compliance/      # Client RFC compliance tests (CRFC)
+```
+
+### 10. Client Connection Management (CCM)
+
+Tests for validating how the SMTP client establishes and manages connections to servers.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CCM-01 | Basic TCP Connection                      | High     | `suite/smtpclient_connection/test.ccm-01.basic-tcp-connection.ts` |
+| CCM-02 | TLS Connection Establishment              | High     | `suite/smtpclient_connection/test.ccm-02.tls-connection.ts` |
+| CCM-03 | STARTTLS Upgrade                          | High     | `suite/smtpclient_connection/test.ccm-03.starttls-upgrade.ts` |
+| CCM-04 | Connection Pooling                        | High     | `suite/smtpclient_connection/test.ccm-04.connection-pooling.ts` |
+| CCM-05 | Connection Reuse                          | Medium   | `suite/smtpclient_connection/test.ccm-05.connection-reuse.ts` |
+| CCM-06 | Connection Timeout Handling               | High     | `suite/smtpclient_connection/test.ccm-06.connection-timeout.ts` |
+| CCM-07 | Automatic Reconnection                    | High     | `suite/smtpclient_connection/test.ccm-07.automatic-reconnection.ts` |
+| CCM-08 | DNS Resolution & MX Records               | High     | `suite/smtpclient_connection/test.ccm-08.dns-mx-resolution.ts` |
+| CCM-09 | IPv4/IPv6 Dual Stack Support             | Medium   | `suite/smtpclient_connection/test.ccm-09.dual-stack-support.ts` |
+| CCM-10 | Proxy Support (SOCKS/HTTP)               | Low      | `suite/smtpclient_connection/test.ccm-10.proxy-support.ts` |
+| CCM-11 | Keep-Alive Management                     | Medium   | `suite/smtpclient_connection/test.ccm-11.keepalive-management.ts` |
+
+### 11. Client Command Execution (CCMD)
+
+Tests for validating how the client sends SMTP commands and processes responses.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CCMD-01 | EHLO/HELO Command Sending                 | High     | `suite/smtpclient_commands/test.ccmd-01.ehlo-helo-sending.ts` |
+| CCMD-02 | MAIL FROM Command with Parameters        | High     | `suite/smtpclient_commands/test.ccmd-02.mail-from-parameters.ts` |
+| CCMD-03 | RCPT TO Command with Multiple Recipients | High     | `suite/smtpclient_commands/test.ccmd-03.rcpt-to-multiple.ts` |
+| CCMD-04 | DATA Command and Content Transmission    | High     | `suite/smtpclient_commands/test.ccmd-04.data-transmission.ts` |
+| CCMD-05 | AUTH Command (LOGIN, PLAIN, CRAM-MD5)   | High     | `suite/smtpclient_commands/test.ccmd-05.auth-mechanisms.ts` |
+| CCMD-06 | Command Pipelining                       | Medium   | `suite/smtpclient_commands/test.ccmd-06.command-pipelining.ts` |
+| CCMD-07 | Response Code Parsing                    | High     | `suite/smtpclient_commands/test.ccmd-07.response-parsing.ts` |
+| CCMD-08 | Extended Response Handling               | Medium   | `suite/smtpclient_commands/test.ccmd-08.extended-responses.ts` |
+| CCMD-09 | QUIT Command and Graceful Disconnect     | High     | `suite/smtpclient_commands/test.ccmd-09.quit-disconnect.ts` |
+| CCMD-10 | RSET Command Usage                       | Medium   | `suite/smtpclient_commands/test.ccmd-10.rset-usage.ts` |
+| CCMD-11 | NOOP Keep-Alive                          | Low      | `suite/smtpclient_commands/test.ccmd-11.noop-keepalive.ts` |
+
+### 12. Client Email Composition (CEP)
+
+Tests for validating email composition, formatting, and encoding.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CEP-01 | Basic Email Headers                       | High     | `suite/smtpclient_email-composition/test.cep-01.basic-headers.ts` |
+| CEP-02 | MIME Multipart Messages                   | High     | `suite/smtpclient_email-composition/test.cep-02.mime-multipart.ts` |
+| CEP-03 | Attachment Encoding                       | High     | `suite/smtpclient_email-composition/test.cep-03.attachment-encoding.ts` |
+| CEP-04 | UTF-8 and International Characters       | High     | `suite/smtpclient_email-composition/test.cep-04.utf8-international.ts` |
+| CEP-05 | Base64 and Quoted-Printable Encoding    | Medium   | `suite/smtpclient_email-composition/test.cep-05.content-encoding.ts` |
+| CEP-06 | HTML Email with Inline Images           | Medium   | `suite/smtpclient_email-composition/test.cep-06.html-inline-images.ts` |
+| CEP-07 | Custom Headers                          | Low      | `suite/smtpclient_email-composition/test.cep-07.custom-headers.ts` |
+| CEP-08 | Message-ID Generation                   | Medium   | `suite/smtpclient_email-composition/test.cep-08.message-id.ts` |
+| CEP-09 | Date Header Formatting                  | Medium   | `suite/smtpclient_email-composition/test.cep-09.date-formatting.ts` |
+| CEP-10 | Line Length Limits (RFC 5322)          | High     | `suite/smtpclient_email-composition/test.cep-10.line-length-limits.ts` |
+
+### 13. Client Security (CSEC)
+
+Tests for client-side security features and protections.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CSEC-01 | TLS Certificate Verification              | High     | `suite/smtpclient_security/test.csec-01.tls-verification.ts` |
+| CSEC-02 | Authentication Mechanisms                 | High     | `suite/smtpclient_security/test.csec-02.auth-mechanisms.ts` |
+| CSEC-03 | OAuth2 Support                           | Medium   | `suite/smtpclient_security/test.csec-03.oauth2-support.ts` |
+| CSEC-04 | Password Security (No Plaintext)         | High     | `suite/smtpclient_security/test.csec-04.password-security.ts` |
+| CSEC-05 | DKIM Signing                             | High     | `suite/smtpclient_security/test.csec-05.dkim-signing.ts` |
+| CSEC-06 | SPF Record Compliance                    | Medium   | `suite/smtpclient_security/test.csec-06.spf-compliance.ts` |
+| CSEC-07 | Secure Credential Storage                | High     | `suite/smtpclient_security/test.csec-07.credential-storage.ts` |
+| CSEC-08 | TLS Version Enforcement                  | High     | `suite/smtpclient_security/test.csec-08.tls-version-enforcement.ts` |
+| CSEC-09 | Certificate Pinning                      | Low      | `suite/smtpclient_security/test.csec-09.certificate-pinning.ts` |
+| CSEC-10 | Injection Attack Prevention              | High     | `suite/smtpclient_security/test.csec-10.injection-prevention.ts` |
+
+### 14. Client Error Handling (CERR)
+
+Tests for how the client handles various error conditions.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CERR-01 | 4xx Error Response Handling              | High     | `suite/smtpclient_error-handling/test.cerr-01.4xx-errors.ts` |
+| CERR-02 | 5xx Error Response Handling              | High     | `suite/smtpclient_error-handling/test.cerr-02.5xx-errors.ts` |
+| CERR-03 | Network Failure Recovery                 | High     | `suite/smtpclient_error-handling/test.cerr-03.network-failures.ts` |
+| CERR-04 | Timeout Recovery                         | High     | `suite/smtpclient_error-handling/test.cerr-04.timeout-recovery.ts` |
+| CERR-05 | Retry Logic with Backoff                | High     | `suite/smtpclient_error-handling/test.cerr-05.retry-backoff.ts` |
+| CERR-06 | Greylisting Handling                    | Medium   | `suite/smtpclient_error-handling/test.cerr-06.greylisting.ts` |
+| CERR-07 | Rate Limit Response Handling            | High     | `suite/smtpclient_error-handling/test.cerr-07.rate-limits.ts` |
+| CERR-08 | Malformed Server Response               | Medium   | `suite/smtpclient_error-handling/test.cerr-08.malformed-responses.ts` |
+| CERR-09 | Connection Drop During Transfer         | High     | `suite/smtpclient_error-handling/test.cerr-09.connection-drops.ts` |
+| CERR-10 | Authentication Failure Handling         | High     | `suite/smtpclient_error-handling/test.cerr-10.auth-failures.ts` |
+
+### 15. Client Performance (CPERF)
+
+Tests for client performance characteristics and optimization.
+
+| ID       | Test Description                          | Priority | Implementation |
+|----------|-------------------------------------------|----------|----------------|
+| CPERF-01 | Bulk Email Sending                       | High     | `suite/smtpclient_performance/test.cperf-01.bulk-sending.ts` |
+| CPERF-02 | Connection Pool Efficiency               | High     | `suite/smtpclient_performance/test.cperf-02.pool-efficiency.ts` |
+| CPERF-03 | Memory Usage Under Load                  | High     | `suite/smtpclient_performance/test.cperf-03.memory-usage.ts` |
+| CPERF-04 | CPU Usage Optimization                   | Medium   | `suite/smtpclient_performance/test.cperf-04.cpu-optimization.ts` |
+| CPERF-05 | Parallel Sending Performance             | High     | `suite/smtpclient_performance/test.cperf-05.parallel-sending.ts` |
+| CPERF-06 | Large Attachment Handling                | Medium   | `suite/smtpclient_performance/test.cperf-06.large-attachments.ts` |
+| CPERF-07 | Queue Management                         | High     | `suite/smtpclient_performance/test.cperf-07.queue-management.ts` |
+| CPERF-08 | DNS Caching Efficiency                   | Medium   | `suite/smtpclient_performance/test.cperf-08.dns-caching.ts` |
+
+### 16. Client Reliability (CREL)
+
+Tests for client reliability and resilience.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CREL-01 | Long Running Stability                   | High     | `suite/smtpclient_reliability/test.crel-01.long-running.ts` |
+| CREL-02 | Failover to Backup MX                   | High     | `suite/smtpclient_reliability/test.crel-02.mx-failover.ts` |
+| CREL-03 | Queue Persistence                       | High     | `suite/smtpclient_reliability/test.crel-03.queue-persistence.ts` |
+| CREL-04 | Crash Recovery                          | High     | `suite/smtpclient_reliability/test.crel-04.crash-recovery.ts` |
+| CREL-05 | Memory Leak Prevention                  | High     | `suite/smtpclient_reliability/test.crel-05.memory-leaks.ts` |
+| CREL-06 | Concurrent Operation Safety             | High     | `suite/smtpclient_reliability/test.crel-06.concurrency-safety.ts` |
+| CREL-07 | Resource Cleanup                        | Medium   | `suite/smtpclient_reliability/test.crel-07.resource-cleanup.ts` |
+
+### 17. Client Edge Cases (CEDGE)
+
+Tests for unusual scenarios and edge cases.
+
+| ID       | Test Description                          | Priority | Implementation |
+|----------|-------------------------------------------|----------|----------------|
+| CEDGE-01 | Extremely Slow Server Response           | Medium   | `suite/smtpclient_edge-cases/test.cedge-01.slow-server.ts` |
+| CEDGE-02 | Server Sending Invalid UTF-8             | Low      | `suite/smtpclient_edge-cases/test.cedge-02.invalid-utf8.ts` |
+| CEDGE-03 | Extremely Large Recipients List          | Medium   | `suite/smtpclient_edge-cases/test.cedge-03.large-recipient-list.ts` |
+| CEDGE-04 | Zero-Byte Attachments                    | Low      | `suite/smtpclient_edge-cases/test.cedge-04.zero-byte-attachments.ts` |
+| CEDGE-05 | Server Disconnect Mid-Command            | High     | `suite/smtpclient_edge-cases/test.cedge-05.mid-command-disconnect.ts` |
+| CEDGE-06 | Unusual Server Banners                   | Low      | `suite/smtpclient_edge-cases/test.cedge-06.unusual-banners.ts` |
+| CEDGE-07 | Non-Standard Port Connections            | Medium   | `suite/smtpclient_edge-cases/test.cedge-07.non-standard-ports.ts` |
+
+### 18. Client RFC Compliance (CRFC)
+
+Tests for RFC compliance from the client perspective.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CRFC-01 | RFC 5321 Client Requirements             | High     | `suite/smtpclient_rfc-compliance/test.crfc-01.rfc5321-client.ts` |
+| CRFC-02 | RFC 5322 Message Format                  | High     | `suite/smtpclient_rfc-compliance/test.crfc-02.rfc5322-format.ts` |
+| CRFC-03 | RFC 2045-2049 MIME Compliance           | High     | `suite/smtpclient_rfc-compliance/test.crfc-03.mime-compliance.ts` |
+| CRFC-04 | RFC 4954 AUTH Extension                 | High     | `suite/smtpclient_rfc-compliance/test.crfc-04.auth-extension.ts` |
+| CRFC-05 | RFC 3207 STARTTLS                      | High     | `suite/smtpclient_rfc-compliance/test.crfc-05.starttls.ts` |
+| CRFC-06 | RFC 1870 SIZE Extension                 | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-06.size-extension.ts` |
+| CRFC-07 | RFC 6152 8BITMIME Extension            | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-07.8bitmime.ts` |
+| CRFC-08 | RFC 2920 Command Pipelining            | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-08.pipelining.ts` |
+
+## Running SMTP Client Tests
+
+### Run All Client Tests
+```bash
+cd dcrouter
+pnpm test test/suite/smtpclient_*
+```
+
+### Run Specific Client Test Category
+```bash
+# Run all client connection tests
+pnpm test test/suite/smtpclient_connection
+
+# Run all client security tests
+pnpm test test/suite/smtpclient_security
+```
+
+### Run Single Client Test File
+```bash
+# Run basic TCP connection test
+tsx test/suite/smtpclient_connection/test.ccm-01.basic-tcp-connection.ts
+
+# Run AUTH mechanisms test
+tsx test/suite/smtpclient_commands/test.ccmd-05.auth-mechanisms.ts
+```
+
+## Client Performance Benchmarks
+
+Expected performance metrics for production-ready SMTP client:
+- **Sending Rate**: >100 emails per second (with connection pooling)
+- **Connection Pool Size**: 10-50 concurrent connections efficiently managed
+- **Memory Usage**: <500MB for 1000 concurrent email operations
+- **DNS Cache Hit Rate**: >90% for repeated domains
+- **Retry Success Rate**: >95% for temporary failures
+- **Large Attachment Support**: Files up to 25MB without performance degradation
+- **Queue Processing**: >1000 emails/minute with persistent queue
+
+## Client Security Requirements
+
+All client security tests must pass for production deployment:
+- **TLS Support**: TLS 1.2+ required, TLS 1.3 preferred
+- **Authentication**: Support for LOGIN, PLAIN, CRAM-MD5, OAuth2
+- **Certificate Validation**: Proper certificate chain validation
+- **DKIM Signing**: Automatic DKIM signature generation
+- **Credential Security**: No plaintext password storage
+- **Injection Prevention**: Protection against header/command injection
+
+## Client Production Readiness Criteria
+
+### Production Gate 1: Core Functionality (>95% tests passing)
+- Basic connection establishment
+- Command execution and response parsing
+- Email composition and sending
+- Error handling and recovery
+
+### Production Gate 2: Advanced Features (>90% tests passing)
+- Connection pooling and reuse
+- Authentication mechanisms
+- TLS/STARTTLS support
+- Retry logic and resilience
+
+### Production Gate 3: Enterprise Ready (>85% tests passing)
+- High-volume sending capabilities
+- Advanced security features
+- Full RFC compliance
+- Performance under load
+
+## Key Differences: Server vs Client Tests
+
+| Aspect | Server Tests | Client Tests |
+|--------|--------------|--------------|
+| **Focus** | Accepting connections, processing commands | Making connections, sending commands |
+| **Security** | Validating incoming data, enforcing policies | Protecting credentials, validating servers |
+| **Performance** | Handling many clients concurrently | Efficient bulk sending, connection reuse |
+| **Reliability** | Staying up under attack/load | Retrying failures, handling timeouts |
+| **RFC Compliance** | Server MUST requirements | Client MUST requirements |
+
+## Test Implementation Priority
+
+1. **Critical** (implement first):
+   - Basic connection and command sending
+   - Authentication mechanisms
+   - Error handling and retry logic
+   - TLS/Security features
+
+2. **High Priority** (implement second):
+   - Connection pooling
+   - Email composition and MIME
+   - Performance optimization
+   - RFC compliance
+
+3. **Medium Priority** (implement third):
+   - Advanced features (OAuth2, etc.)
+   - Edge case handling
+   - Extended performance tests
+   - Additional RFC extensions
+
+4. **Low Priority** (implement last):
+   - Proxy support
+   - Certificate pinning
+   - Unusual scenarios
+   - Optional RFC features
+

test/test.apiclient.ts

@@ -0,0 +1,376 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import {
+  DcRouterApiClient,
+  Route,
+  RouteBuilder,
+  RouteManager,
+  Certificate,
+  CertificateManager,
+  ApiToken,
+  ApiTokenBuilder,
+  ApiTokenManager,
+  RemoteIngress,
+  RemoteIngressBuilder,
+  RemoteIngressManager,
+  Email,
+  EmailManager,
+  StatsManager,
+  ConfigManager,
+  LogManager,
+  RadiusManager,
+  RadiusClientManager,
+  RadiusVlanManager,
+  RadiusSessionManager,
+} from '../ts_apiclient/index.js';
+
+// =============================================================================
+// Instantiation & Structure
+// =============================================================================
+
+tap.test('DcRouterApiClient - should instantiate with baseUrl', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  expect(client).toBeTruthy();
+  expect(client.baseUrl).toEqual('https://localhost:3000');
+  expect(client.identity).toBeUndefined();
+});
+
+tap.test('DcRouterApiClient - should strip trailing slashes from baseUrl', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000///' });
+  expect(client.baseUrl).toEqual('https://localhost:3000');
+});
+
+tap.test('DcRouterApiClient - should accept optional apiToken', async () => {
+  const client = new DcRouterApiClient({
+    baseUrl: 'https://localhost:3000',
+    apiToken: 'dcr_test_token',
+  });
+  expect(client.apiToken).toEqual('dcr_test_token');
+});
+
+tap.test('DcRouterApiClient - should have all resource managers', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  expect(client.routes).toBeInstanceOf(RouteManager);
+  expect(client.certificates).toBeInstanceOf(CertificateManager);
+  expect(client.apiTokens).toBeInstanceOf(ApiTokenManager);
+  expect(client.remoteIngress).toBeInstanceOf(RemoteIngressManager);
+  expect(client.stats).toBeInstanceOf(StatsManager);
+  expect(client.config).toBeInstanceOf(ConfigManager);
+  expect(client.logs).toBeInstanceOf(LogManager);
+  expect(client.emails).toBeInstanceOf(EmailManager);
+  expect(client.radius).toBeInstanceOf(RadiusManager);
+});
+
+// =============================================================================
+// buildRequestPayload
+// =============================================================================
+
+tap.test('DcRouterApiClient - buildRequestPayload includes identity when set', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const identity = {
+    jwt: 'test-jwt',
+    userId: 'user1',
+    name: 'Admin',
+    expiresAt: Date.now() + 3600000,
+  };
+  client.identity = identity;
+
+  const payload = client.buildRequestPayload({ extra: 'data' });
+  expect(payload.identity).toEqual(identity);
+  expect(payload.extra).toEqual('data');
+});
+
+tap.test('DcRouterApiClient - buildRequestPayload includes apiToken when set', async () => {
+  const client = new DcRouterApiClient({
+    baseUrl: 'https://localhost:3000',
+    apiToken: 'dcr_abc123',
+  });
+
+  const payload = client.buildRequestPayload();
+  expect(payload.apiToken).toEqual('dcr_abc123');
+});
+
+tap.test('DcRouterApiClient - buildRequestPayload with both identity and apiToken', async () => {
+  const client = new DcRouterApiClient({
+    baseUrl: 'https://localhost:3000',
+    apiToken: 'dcr_abc123',
+  });
+  client.identity = {
+    jwt: 'test-jwt',
+    userId: 'user1',
+    name: 'Admin',
+    expiresAt: Date.now() + 3600000,
+  };
+
+  const payload = client.buildRequestPayload({ foo: 'bar' });
+  expect(payload.identity).toBeTruthy();
+  expect(payload.apiToken).toEqual('dcr_abc123');
+  expect(payload.foo).toEqual('bar');
+});
+
+// =============================================================================
+// Route Builder
+// =============================================================================
+
+tap.test('RouteBuilder - should support fluent builder pattern', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const builder = client.routes.build();
+  expect(builder).toBeInstanceOf(RouteBuilder);
+
+  // Fluent methods return `this` (same reference)
+  const result = builder
+    .setName('test-route')
+    .setMatch({ ports: 443, domains: 'example.com' })
+    .setAction({ type: 'forward', targets: [{ host: 'backend', port: 8080 }] })
+    .setEnabled(true);
+
+  expect(result === builder).toBeTrue();
+});
+
+// =============================================================================
+// ApiToken Builder
+// =============================================================================
+
+tap.test('ApiTokenBuilder - should support fluent builder pattern', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const builder = client.apiTokens.build();
+  expect(builder).toBeInstanceOf(ApiTokenBuilder);
+
+  const result = builder
+    .setName('ci-token')
+    .setScopes(['routes:read', 'routes:write'])
+    .addScope('config:read')
+    .setExpiresInDays(30);
+
+  expect(result === builder).toBeTrue();
+});
+
+// =============================================================================
+// RemoteIngress Builder
+// =============================================================================
+
+tap.test('RemoteIngressBuilder - should support fluent builder pattern', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const builder = client.remoteIngress.build();
+  expect(builder).toBeInstanceOf(RemoteIngressBuilder);
+
+  const result = builder
+    .setName('edge-1')
+    .setListenPorts([80, 443])
+    .setAutoDerivePorts(true)
+    .setTags(['production']);
+
+  expect(result === builder).toBeTrue();
+});
+
+// =============================================================================
+// Route resource class
+// =============================================================================
+
+tap.test('Route - should hydrate from IMergedRoute data', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const route = new Route(client, {
+    route: {
+      name: 'test-route',
+      match: { ports: 443, domains: 'example.com' },
+      action: { type: 'forward', targets: [{ host: 'backend', port: 8080 }] },
+    },
+    source: 'programmatic',
+    enabled: true,
+    overridden: false,
+    storedRouteId: 'route-123',
+    createdAt: 1000,
+    updatedAt: 2000,
+  });
+
+  expect(route.name).toEqual('test-route');
+  expect(route.source).toEqual('programmatic');
+  expect(route.enabled).toEqual(true);
+  expect(route.overridden).toEqual(false);
+  expect(route.storedRouteId).toEqual('route-123');
+  expect(route.routeConfig.match.ports).toEqual(443);
+});
+
+tap.test('Route - should throw on update/delete/toggle for hardcoded routes', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const route = new Route(client, {
+    route: {
+      name: 'hardcoded-route',
+      match: { ports: 80 },
+      action: { type: 'forward', targets: [{ host: 'localhost', port: 8080 }] },
+    },
+    source: 'hardcoded',
+    enabled: true,
+    overridden: false,
+    // No storedRouteId for hardcoded routes
+  });
+
+  let updateError: Error | undefined;
+  try {
+    await route.update({ name: 'new-name' });
+  } catch (e) {
+    updateError = e as Error;
+  }
+  expect(updateError).toBeTruthy();
+  expect(updateError!.message).toInclude('hardcoded');
+
+  let deleteError: Error | undefined;
+  try {
+    await route.delete();
+  } catch (e) {
+    deleteError = e as Error;
+  }
+  expect(deleteError).toBeTruthy();
+
+  let toggleError: Error | undefined;
+  try {
+    await route.toggle(false);
+  } catch (e) {
+    toggleError = e as Error;
+  }
+  expect(toggleError).toBeTruthy();
+});
+
+// =============================================================================
+// Certificate resource class
+// =============================================================================
+
+tap.test('Certificate - should hydrate from ICertificateInfo data', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const cert = new Certificate(client, {
+    domain: 'example.com',
+    routeNames: ['main-route'],
+    status: 'valid',
+    source: 'acme',
+    tlsMode: 'terminate',
+    expiryDate: '2027-01-01T00:00:00Z',
+    issuer: "Let's Encrypt",
+    canReprovision: true,
+  });
+
+  expect(cert.domain).toEqual('example.com');
+  expect(cert.status).toEqual('valid');
+  expect(cert.source).toEqual('acme');
+  expect(cert.canReprovision).toEqual(true);
+  expect(cert.routeNames.length).toEqual(1);
+});
+
+// =============================================================================
+// ApiToken resource class
+// =============================================================================
+
+tap.test('ApiToken - should hydrate from IApiTokenInfo data', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const token = new ApiToken(
+    client,
+    {
+      id: 'token-1',
+      name: 'ci-token',
+      scopes: ['routes:read', 'routes:write'],
+      createdAt: Date.now(),
+      expiresAt: null,
+      lastUsedAt: null,
+      enabled: true,
+    },
+    'dcr_secret_value',
+  );
+
+  expect(token.id).toEqual('token-1');
+  expect(token.name).toEqual('ci-token');
+  expect(token.scopes.length).toEqual(2);
+  expect(token.enabled).toEqual(true);
+  expect(token.tokenValue).toEqual('dcr_secret_value');
+});
+
+// =============================================================================
+// RemoteIngress resource class
+// =============================================================================
+
+tap.test('RemoteIngress - should hydrate from IRemoteIngress data', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const edge = new RemoteIngress(client, {
+    id: 'edge-1',
+    name: 'test-edge',
+    secret: 'secret123',
+    listenPorts: [80, 443],
+    enabled: true,
+    autoDerivePorts: true,
+    tags: ['prod'],
+    createdAt: 1000,
+    updatedAt: 2000,
+    effectiveListenPorts: [80, 443, 8080],
+    manualPorts: [80, 443],
+    derivedPorts: [8080],
+  });
+
+  expect(edge.id).toEqual('edge-1');
+  expect(edge.name).toEqual('test-edge');
+  expect(edge.listenPorts.length).toEqual(2);
+  expect(edge.effectiveListenPorts!.length).toEqual(3);
+  expect(edge.autoDerivePorts).toEqual(true);
+});
+
+// =============================================================================
+// Email resource class
+// =============================================================================
+
+tap.test('Email - should hydrate from IEmail data', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  const email = new Email(client, {
+    id: 'email-1',
+    direction: 'inbound',
+    status: 'delivered',
+    from: 'sender@example.com',
+    to: 'recipient@example.com',
+    subject: 'Test email',
+    timestamp: '2026-03-06T00:00:00Z',
+    messageId: '<msg-1@example.com>',
+    size: '1234',
+  });
+
+  expect(email.id).toEqual('email-1');
+  expect(email.direction).toEqual('inbound');
+  expect(email.status).toEqual('delivered');
+  expect(email.from).toEqual('sender@example.com');
+  expect(email.subject).toEqual('Test email');
+});
+
+// =============================================================================
+// RadiusManager structure
+// =============================================================================
+
+tap.test('RadiusManager - should have sub-managers', async () => {
+  const client = new DcRouterApiClient({ baseUrl: 'https://localhost:3000' });
+  expect(client.radius.clients).toBeInstanceOf(RadiusClientManager);
+  expect(client.radius.vlans).toBeInstanceOf(RadiusVlanManager);
+  expect(client.radius.sessions).toBeInstanceOf(RadiusSessionManager);
+});
+
+// =============================================================================
+// Exports verification
+// =============================================================================
+
+tap.test('Exports - all expected classes should be importable', async () => {
+  expect(DcRouterApiClient).toBeTruthy();
+  expect(Route).toBeTruthy();
+  expect(RouteBuilder).toBeTruthy();
+  expect(RouteManager).toBeTruthy();
+  expect(Certificate).toBeTruthy();
+  expect(CertificateManager).toBeTruthy();
+  expect(ApiToken).toBeTruthy();
+  expect(ApiTokenBuilder).toBeTruthy();
+  expect(ApiTokenManager).toBeTruthy();
+  expect(RemoteIngress).toBeTruthy();
+  expect(RemoteIngressBuilder).toBeTruthy();
+  expect(RemoteIngressManager).toBeTruthy();
+  expect(Email).toBeTruthy();
+  expect(EmailManager).toBeTruthy();
+  expect(StatsManager).toBeTruthy();
+  expect(ConfigManager).toBeTruthy();
+  expect(LogManager).toBeTruthy();
+  expect(RadiusManager).toBeTruthy();
+  expect(RadiusClientManager).toBeTruthy();
+  expect(RadiusVlanManager).toBeTruthy();
+  expect(RadiusSessionManager).toBeTruthy();
+});
+
+export default tap.start();

test/test.base.ts

@@ -1,65 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-/**
- * Basic test to check if our integrated classes work correctly
- */
-tap.test('verify that SenderReputationMonitor and IPWarmupManager are functioning', async () => {
-  // Create instances of both classes
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['example.com']
-  });
-  
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com']
-  });
-  
-  // Test SenderReputationMonitor
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  
-  const reputationData = reputationMonitor.getReputationData('example.com');
-  expect(reputationData).toBeTruthy();
-  
-  const summary = reputationMonitor.getReputationSummary();
-  expect(summary.length).toBeGreaterThan(0);
-  
-  // Add and remove domains
-  reputationMonitor.addDomain('test.com');
-  reputationMonitor.removeDomain('test.com');
-  
-  // Test IPWarmupManager
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  if (bestIP) {
-    ipWarmupManager.recordSend(bestIP);
-    const canSendMore = ipWarmupManager.canSendMoreToday(bestIP);
-    expect(typeof canSendMore).toEqual('boolean');
-  }
-  
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(stageCount).toBeGreaterThan(0);
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.bouncemanager.ts

@@ -1,197 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { BounceManager, BounceType, BounceCategory } from '../ts/mail/core/classes.bouncemanager.js';
-
-/**
- * Test the BounceManager class
- */
-tap.test('BounceManager - should be instantiable', async () => {
-  const bounceManager = new BounceManager();
-  expect(bounceManager).toBeTruthy();
-});
-
-tap.test('BounceManager - should process basic bounce categories', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Test hard bounce detection
-  const hardBounce = await bounceManager.processBounce({
-    recipient: 'invalid@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'user unknown',
-    domain: 'example.com'
-  });
-  
-  expect(hardBounce.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Test soft bounce detection
-  const softBounce = await bounceManager.processBounce({
-    recipient: 'valid@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'server unavailable',
-    domain: 'example.com'
-  });
-  
-  expect(softBounce.bounceCategory).toEqual(BounceCategory.SOFT);
-  
-  // Test auto-response detection
-  const autoResponse = await bounceManager.processBounce({
-    recipient: 'away@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'auto-reply: out of office',
-    domain: 'example.com'
-  });
-  
-  expect(autoResponse.bounceCategory).toEqual(BounceCategory.AUTO_RESPONSE);
-});
-
-tap.test('BounceManager - should add and check suppression list entries', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Add to suppression list permanently
-  bounceManager.addToSuppressionList('permanent@example.com', 'Test hard bounce', undefined);
-  
-  // Add to suppression list temporarily (5 seconds)
-  const expireTime = Date.now() + 5000;
-  bounceManager.addToSuppressionList('temporary@example.com', 'Test soft bounce', expireTime);
-  
-  // Check suppression status
-  expect(bounceManager.isEmailSuppressed('permanent@example.com')).toEqual(true);
-  expect(bounceManager.isEmailSuppressed('temporary@example.com')).toEqual(true);
-  expect(bounceManager.isEmailSuppressed('notsuppressed@example.com')).toEqual(false);
-  
-  // Get suppression info
-  const info = bounceManager.getSuppressionInfo('permanent@example.com');
-  expect(info).toBeTruthy();
-  expect(info.reason).toEqual('Test hard bounce');
-  expect(info.expiresAt).toBeUndefined();
-
-  // Verify temporary suppression info
-  const tempInfo = bounceManager.getSuppressionInfo('temporary@example.com');
-  expect(tempInfo).toBeTruthy();
-  expect(tempInfo.reason).toEqual('Test soft bounce');
-  expect(tempInfo.expiresAt).toEqual(expireTime);
-  
-  // Wait for expiration (6 seconds)
-  await new Promise(resolve => setTimeout(resolve, 6000));
-  
-  // Verify permanent suppression is still active
-  expect(bounceManager.isEmailSuppressed('permanent@example.com')).toEqual(true);
-  
-  // Verify temporary suppression has expired
-  expect(bounceManager.isEmailSuppressed('temporary@example.com')).toEqual(false);
-});
-
-tap.test('BounceManager - should process SMTP failures correctly', async () => {
-  const bounceManager = new BounceManager();
-  
-  const result = await bounceManager.processSmtpFailure(
-    'recipient@example.com',
-    '550 5.1.1 User unknown',
-    {
-      sender: 'sender@example.com',
-      statusCode: '550'
-    }
-  );
-  
-  expect(result.bounceType).toEqual(BounceType.INVALID_RECIPIENT);
-  expect(result.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Check that the email was added to the suppression list
-  expect(bounceManager.isEmailSuppressed('recipient@example.com')).toEqual(true);
-});
-
-tap.test('BounceManager - should process bounce emails correctly', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Create a mock bounce email as Smartmail
-  const bounceEmail = new plugins.smartmail.Smartmail({
-    from: 'mailer-daemon@example.com',
-    subject: 'Mail delivery failed: returning message to sender',
-    body: `
-      This message was created automatically by mail delivery software.
-      
-      A message that you sent could not be delivered to one or more of its recipients.
-      The following address(es) failed:
-      
-      recipient@example.com
-      mailbox is full
-      
-      ------ This is a copy of the message, including all the headers. ------
-      
-      Original-Recipient: rfc822;recipient@example.com
-      Final-Recipient: rfc822;recipient@example.com
-      Status: 5.2.2
-      diagnostic-code: smtp; 552 5.2.2 Mailbox full
-    `,
-    creationObjectRef: {}
-  });
-  
-  const result = await bounceManager.processBounceEmail(bounceEmail);
-  
-  expect(result).toBeTruthy();
-  expect(result.bounceType).toEqual(BounceType.MAILBOX_FULL);
-  expect(result.bounceCategory).toEqual(BounceCategory.HARD);
-  expect(result.recipient).toEqual('recipient@example.com');
-});
-
-tap.test('BounceManager - should handle retries for soft bounces', async () => {
-  const bounceManager = new BounceManager({
-    retryStrategy: {
-      maxRetries: 2,
-      initialDelay: 100, // 100ms for test
-      maxDelay: 1000,
-      backoffFactor: 2
-    }
-  });
-  
-  // First attempt
-  const result1 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com'
-  });
-  
-  // Email should be suppressed temporarily
-  expect(bounceManager.isEmailSuppressed('retry@example.com')).toEqual(true);
-  expect(result1.retryCount).toEqual(1);
-  expect(result1.nextRetryTime).toBeGreaterThan(Date.now());
-  
-  // Second attempt
-  const result2 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com',
-    retryCount: 1
-  });
-  
-  expect(result2.retryCount).toEqual(2);
-  
-  // Third attempt (should convert to hard bounce)
-  const result3 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com',
-    retryCount: 2
-  });
-  
-  // Should now be a hard bounce after max retries
-  expect(result3.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Email should be suppressed permanently
-  expect(bounceManager.isEmailSuppressed('retry@example.com')).toEqual(true);
-  const info = bounceManager.getSuppressionInfo('retry@example.com');
-  expect(info.expiresAt).toBeUndefined(); // Permanent
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.config.md

@@ -0,0 +1,175 @@
+# DCRouter Test Configuration
+
+## Running Tests
+
+### Run All Tests
+```bash
+cd dcrouter
+pnpm test
+```
+
+### Run Specific Category
+```bash
+# Run all connection tests
+tsx test/run-category.ts connection
+
+# Run all security tests  
+tsx test/run-category.ts security
+
+# Run all performance tests
+tsx test/run-category.ts performance
+```
+
+### Run Individual Test File
+```bash
+# Run TLS connection test
+tsx test/suite/connection/test.tls-connection.ts
+
+# Run authentication test
+tsx test/suite/security/test.authentication.ts
+```
+
+### Run Tests with Verbose Output
+```bash
+# All tests with verbose logging
+pnpm test -- --verbose
+
+# Individual test with verbose
+tsx test/suite/connection/test.tls-connection.ts --verbose
+```
+
+## Test Server Configuration
+
+Each test file starts its own SMTP server with specific configuration. Common configurations:
+
+### Basic Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost'
+});
+```
+
+### TLS-Enabled Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  tlsEnabled: true
+});
+```
+
+### Authenticated Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  authRequired: true
+});
+```
+
+### High-Performance Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  maxConnections: 1000,
+  size: 50 * 1024 * 1024 // 50MB
+});
+```
+
+## Port Allocation
+
+Tests use different ports to avoid conflicts:
+- Connection tests: 2525-2530
+- Command tests: 2531-2540
+- Email processing: 2541-2550
+- Security tests: 2551-2560
+- Performance tests: 2561-2570
+- Edge cases: 2571-2580
+- RFC compliance: 2581-2590
+
+## Test Utilities
+
+### Server Lifecycle
+All tests follow this pattern:
+```typescript
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import { startTestServer, stopTestServer } from '../../helpers/server.loader.js';
+
+let testServer;
+
+tap.test('setup', async () => {
+  testServer = await startTestServer({ port: 2525 });
+});
+
+// Your tests here...
+
+tap.test('cleanup', async () => {
+  await stopTestServer(testServer);
+});
+
+tap.start();
+```
+
+### SMTP Client Testing
+```typescript
+import { createTestSmtpClient } from '../../helpers/smtp.client.js';
+
+const client = createTestSmtpClient({
+  host: 'localhost',
+  port: 2525
+});
+```
+
+### Low-Level SMTP Testing
+```typescript
+import { connectToSmtp, sendSmtpCommand } from '../../helpers/test.utils.js';
+
+const socket = await connectToSmtp('localhost', 2525);
+const response = await sendSmtpCommand(socket, 'EHLO test.example.com', '250');
+```
+
+## Performance Benchmarks
+
+Expected minimums for production:
+- Throughput: >10 emails/second
+- Concurrent connections: >100
+- Memory increase: <2% under load
+- Connection time: <5000ms
+- Error rate: <5%
+
+## Debugging Failed Tests
+
+### Enable Verbose Logging
+```bash
+DEBUG=* tsx test/suite/connection/test.tls-connection.ts
+```
+
+### Check Server Logs
+Tests output server logs to console. Look for:
+- 🚀 Server start messages
+- 📧 Email processing logs
+- ❌ Error messages
+- ✅ Success confirmations
+
+### Common Issues
+
+1. **Port Already in Use**
+   - Tests use unique ports
+   - Check for orphaned processes: `lsof -i :2525`
+   - Kill process: `kill -9 <PID>`
+
+2. **TLS Certificate Errors**
+   - Tests use self-signed certificates
+   - Production should use real certificates
+
+3. **Timeout Errors**
+   - Increase timeout in test configuration
+   - Check network connectivity
+   - Verify server started successfully
+
+4. **Authentication Failures**
+   - Test servers may not validate credentials
+   - Check authRequired configuration
+   - Verify AUTH mechanisms supported

test/test.contentscanner.ts

@@ -1,6 +1,6 @@
 import { tap, expect } from '@git.zone/tstest/tapbundle';
 import { ContentScanner, ThreatCategory } from '../ts/security/classes.contentscanner.js';
-import { Email } from '../ts/mail/core/classes.email.js';
+import { Email } from '@push.rocks/smartmta';
 
 // Test instantiation
 tap.test('ContentScanner - should be instantiable', async () => {

test/test.dcrouter.email.ts

@@ -0,0 +1,160 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import * as plugins from '../ts/plugins.js';
+import * as path from 'path';
+import * as fs from 'fs';
+import { DcRouter, type IDcRouterOptions } from '../ts/classes.dcrouter.js';
+import type { IUnifiedEmailServerOptions } from '@push.rocks/smartmta';
+
+
+tap.test('DcRouter class - Custom email port configuration', async () => {
+  // Define custom port mapping
+  const customPortMapping: Record<number, number> = {
+    25: 11025,    // Custom SMTP port mapping
+    587: 11587,   // Custom submission port mapping
+    465: 11465,   // Custom SMTPS port mapping
+    2525: 12525   // Additional custom port
+  };
+
+  // Create a custom email configuration using smartmta interfaces
+  const emailConfig: IUnifiedEmailServerOptions = {
+    ports: [25, 587, 465, 2525],
+    hostname: 'mail.example.com',
+    maxMessageSize: 50 * 1024 * 1024, // 50MB
+    domains: [
+      {
+        domain: 'example.com',
+        dnsMode: 'external-dns',
+      },
+      {
+        domain: 'example.org',
+        dnsMode: 'external-dns',
+      }
+    ],
+    routes: [
+      {
+        name: 'forward-example-com',
+        match: {
+          recipients: '*@example.com',
+        },
+        action: {
+          type: 'forward',
+          forward: {
+            host: 'mail1.example.com',
+            port: 25,
+          }
+        }
+      },
+      {
+        name: 'deliver-example-org',
+        match: {
+          recipients: '*@example.org',
+        },
+        action: {
+          type: 'deliver',
+          process: {
+            dkim: true,
+          }
+        }
+      }
+    ]
+  };
+
+  // Create DcRouter options with custom email port configuration
+  const options: IDcRouterOptions = {
+    emailConfig,
+    emailPortConfig: {
+      portMapping: customPortMapping,
+      portSettings: {
+        2525: {
+          terminateTls: false,
+          routeName: 'custom-smtp-route'
+        }
+      },
+    },
+    tls: {
+      contactEmail: 'test@example.com'
+    }
+  };
+
+  // Create DcRouter instance
+  const router = new DcRouter(options);
+
+  // Verify the options are correctly set
+  expect(router.options.emailPortConfig).toBeTruthy();
+  expect(router.options.emailPortConfig!.portMapping).toEqual(customPortMapping);
+
+  // Test the generateEmailRoutes method
+  if (typeof (router as any)['generateEmailRoutes'] === 'function') {
+    const routes = (router as any)['generateEmailRoutes'](emailConfig);
+
+    // Verify that all ports are configured
+    expect(routes.length).toBeGreaterThan(0);
+
+    // Check the custom port configuration
+    const customPortRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 2525 || (Array.isArray(ports) && (ports as number[]).includes(2525));
+    });
+    expect(customPortRoute).toBeTruthy();
+    expect(customPortRoute?.name).toEqual('custom-smtp-route');
+    expect(customPortRoute?.action.targets[0].port).toEqual(12525);
+
+    // Check standard port mappings
+    const smtpRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 25 || (Array.isArray(ports) && (ports as number[]).includes(25));
+    });
+    expect(smtpRoute?.action.targets[0].port).toEqual(11025);
+
+    const submissionRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 587 || (Array.isArray(ports) && (ports as number[]).includes(587));
+    });
+    expect(submissionRoute?.action.targets[0].port).toEqual(11587);
+  }
+});
+
+tap.test('DcRouter class - Email config with domains and routes', async () => {
+  // Create a basic email configuration
+  const emailConfig: IUnifiedEmailServerOptions = {
+    ports: [2525],
+    hostname: 'mail.example.com',
+    domains: [],
+    routes: []
+  };
+
+  // Create DcRouter options
+  const options: IDcRouterOptions = {
+    emailConfig,
+    tls: {
+      contactEmail: 'test@example.com'
+    },
+    opsServerPort: 3104,
+    dbConfig: {
+      enabled: false,
+    }
+  };
+
+  // Create DcRouter instance
+  const router = new DcRouter(options);
+
+  // Start the router to initialize email services
+  await router.start();
+
+  // Verify unified email server was initialized
+  expect(router.emailServer).toBeTruthy();
+
+  // Stop the router
+  await router.stop();
+});
+
+// Final clean-up test
+tap.test('clean up after tests', async () => {
+  // No-op
+});
+
+tap.test('stop', async () => {
+  await tap.stopForcefully();
+});
+
+export default tap.start();

test/test.dcrouter.ts

@@ -1,146 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { 
-  DcRouter,
-  type IDcRouterOptions,
-  type IEmailConfig,
-  type EmailProcessingMode,
-  type IDomainRule
-} from '../ts/classes.dcrouter.js';
-
-tap.test('DcRouter class - basic functionality', async () => {
-  // Create a simple DcRouter instance
-  const options: IDcRouterOptions = {
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router).toBeTruthy();
-  expect(router instanceof DcRouter).toEqual(true);
-  expect(router.options.tls.contactEmail).toEqual('test@example.com');
-});
-
-tap.test('DcRouter class - SmartProxy configuration', async () => {
-  // Create SmartProxy configuration
-  const smartProxyConfig: plugins.smartproxy.ISmartProxyOptions = {
-    fromPort: 443,
-    toPort: 8080,
-    targetIP: '10.0.0.10',
-    sniEnabled: true,
-    acme: {
-      port: 80,
-      enabled: true,
-      autoRenew: true,
-      useProduction: false,
-      renewThresholdDays: 30,
-      accountEmail: 'admin@example.com'
-    },
-    globalPortRanges: [
-      { from: 80, to: 80 },
-      { from: 443, to: 443 }
-    ],
-    domainConfigs: [
-      {
-        domains: ['example.com', 'www.example.com'],
-        allowedIPs: ['0.0.0.0/0'],
-        targetIPs: ['10.0.0.10'],
-        portRanges: [
-          { from: 80, to: 80 },
-          { from: 443, to: 443 }
-        ]
-      }
-    ]
-  };
-
-  const options: IDcRouterOptions = {
-    smartProxyConfig,
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router.options.smartProxyConfig).toBeTruthy();
-  expect(router.options.smartProxyConfig.domainConfigs.length).toEqual(1);
-  expect(router.options.smartProxyConfig.domainConfigs[0].domains[0]).toEqual('example.com');
-});
-
-tap.test('DcRouter class - Email configuration', async () => {
-  // Create consolidated email configuration
-  const emailConfig: IEmailConfig = {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    maxMessageSize: 50 * 1024 * 1024, // 50MB
-    
-    defaultMode: 'forward' as EmailProcessingMode,
-    defaultServer: 'fallback-mail.example.com',
-    defaultPort: 25,
-    defaultTls: true,
-    
-    domainRules: [
-      {
-        pattern: '*@example.com',
-        mode: 'forward' as EmailProcessingMode,
-        target: {
-          server: 'mail1.example.com',
-          port: 25,
-          useTls: true
-        }
-      },
-      {
-        pattern: '*@example.org',
-        mode: 'mta' as EmailProcessingMode,
-        mtaOptions: {
-          domain: 'example.org',
-          allowLocalDelivery: true
-        }
-      }
-    ]
-  };
-
-  const options: IDcRouterOptions = {
-    emailConfig,
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router.options.emailConfig).toBeTruthy();
-  expect(router.options.emailConfig.ports.length).toEqual(3);
-  expect(router.options.emailConfig.domainRules.length).toEqual(2);
-  expect(router.options.emailConfig.domainRules[0].pattern).toEqual('*@example.com');
-  expect(router.options.emailConfig.domainRules[1].pattern).toEqual('*@example.org');
-});
-
-tap.test('DcRouter class - Domain pattern matching', async () => {
-  const router = new DcRouter({});
-  
-  // Use the internal method for testing if accessible
-  // This requires knowledge of the implementation, so it's a bit brittle
-  if (typeof router['isDomainMatch'] === 'function') {
-    // Test exact match
-    expect(router['isDomainMatch']('example.com', 'example.com')).toEqual(true);
-    expect(router['isDomainMatch']('example.com', 'example.org')).toEqual(false);
-    
-    // Test wildcard match
-    expect(router['isDomainMatch']('sub.example.com', '*.example.com')).toEqual(true);
-    expect(router['isDomainMatch']('sub.sub.example.com', '*.example.com')).toEqual(true);
-    expect(router['isDomainMatch']('example.com', '*.example.com')).toEqual(false);
-    expect(router['isDomainMatch']('sub.example.org', '*.example.com')).toEqual(false);
-  }
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-// Export a function to run all tests
-export default tap.start();

test/test.deliverability.ts

@@ -1,55 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-
-// Import the components we want to test
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-// Ensure test directories exist
-paths.ensureDirectories();
-
-// Test SenderReputationMonitor functionality
-tap.test('SenderReputationMonitor should track sending events', async () => {
-  // Initialize monitor with test domain
-  const monitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['test-domain.com']
-  });
-
-  // Record some events
-  monitor.recordSendEvent('test-domain.com', { type: 'sent', count: 100 });
-  monitor.recordSendEvent('test-domain.com', { type: 'delivered', count: 95 });
-  
-  // Get domain metrics
-  const metrics = monitor.getReputationData('test-domain.com');
-  
-  // Verify metrics were recorded
-  if (metrics) {
-    expect(metrics.volume.sent).toEqual(100);
-    expect(metrics.volume.delivered).toEqual(95);
-  }
-});
-
-// Test IPWarmupManager functionality
-tap.test('IPWarmupManager should handle IP allocation policies', async () => {
-  // Initialize warmup manager
-  const manager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['test-domain.com']
-  });
-  
-  // Set allocation policy
-  manager.setActiveAllocationPolicy('balanced');
-  
-  // Verify allocation methods work
-  const canSend = manager.canSendMoreToday('192.168.1.1');
-  expect(typeof canSend).toEqual('boolean');
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.dns-server-config.ts

@@ -0,0 +1,140 @@
+#!/usr/bin/env tsx
+
+/**
+ * Test DNS server configuration and record registration
+ */
+
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import * as plugins from '../ts/plugins.js';
+
+// Test DNS configuration
+const testDnsConfig = {
+  udpPort: 5353, // Use non-privileged port for testing
+  httpsPort: 8443,
+  httpsKey: './test/fixtures/test-key.pem',
+  httpsCert: './test/fixtures/test-cert.pem',
+  dnssecZone: 'test.example.com',
+  records: [
+    { name: 'test.example.com', type: 'A', value: '192.168.1.1' },
+    { name: 'mail.test.example.com', type: 'A', value: '192.168.1.2' },
+    { name: 'test.example.com', type: 'MX', value: '10 mail.test.example.com' },
+    { name: 'test.example.com', type: 'TXT', value: 'v=spf1 a:mail.test.example.com ~all' },
+    { name: 'test.example.com', type: 'NS', value: 'ns1.test.example.com' },
+    { name: 'ns1.test.example.com', type: 'A', value: '192.168.1.1' }
+  ]
+};
+
+tap.test('DNS server configuration - should extract records correctly', async () => {
+  const { records, ...dnsServerOptions } = testDnsConfig;
+  
+  expect(dnsServerOptions.udpPort).toEqual(5353);
+  expect(dnsServerOptions.httpsPort).toEqual(8443);
+  expect(dnsServerOptions.dnssecZone).toEqual('test.example.com');
+  expect(records).toBeArray();
+  expect(records.length).toEqual(6);
+});
+
+tap.test('DNS server configuration - should handle record parsing', async () => {
+  const parseDnsRecordData = (type: string, value: string): any => {
+    switch (type) {
+      case 'A':
+        return value;
+      case 'MX':
+        const [priority, exchange] = value.split(' ');
+        return { priority: parseInt(priority), exchange };
+      case 'TXT':
+        return value;
+      case 'NS':
+        return value;
+      default:
+        return value;
+    }
+  };
+  
+  // Test A record parsing
+  const aRecord = parseDnsRecordData('A', '192.168.1.1');
+  expect(aRecord).toEqual('192.168.1.1');
+  
+  // Test MX record parsing
+  const mxRecord = parseDnsRecordData('MX', '10 mail.test.example.com');
+  expect(mxRecord).toHaveProperty('priority', 10);
+  expect(mxRecord).toHaveProperty('exchange', 'mail.test.example.com');
+  
+  // Test TXT record parsing
+  const txtRecord = parseDnsRecordData('TXT', 'v=spf1 a:mail.test.example.com ~all');
+  expect(txtRecord).toEqual('v=spf1 a:mail.test.example.com ~all');
+});
+
+tap.test('DNS server configuration - should group records by domain', async () => {
+  const records = testDnsConfig.records;
+  const recordsByDomain = new Map<string, typeof records>();
+  
+  for (const record of records) {
+    const pattern = record.name.includes('*') ? record.name : `*.${record.name}`;
+    if (!recordsByDomain.has(pattern)) {
+      recordsByDomain.set(pattern, []);
+    }
+    recordsByDomain.get(pattern)!.push(record);
+  }
+  
+  // Check grouping
+  expect(recordsByDomain.size).toBeGreaterThan(0);
+  
+  // Verify each group has records
+  for (const [pattern, domainRecords] of recordsByDomain) {
+    expect(domainRecords.length).toBeGreaterThan(0);
+    console.log(`Pattern: ${pattern}, Records: ${domainRecords.length}`);
+  }
+});
+
+tap.test('DNS server configuration - should extract unique record types', async () => {
+  const records = testDnsConfig.records;
+  const recordTypes = [...new Set(records.map(r => r.type))];
+  
+  expect(recordTypes).toContain('A');
+  expect(recordTypes).toContain('MX');
+  expect(recordTypes).toContain('TXT');
+  expect(recordTypes).toContain('NS');
+  
+  console.log('Unique record types:', recordTypes.join(', '));
+});
+
+tap.test('DNS server - mock handler registration', async () => {
+  // Mock DNS server for testing
+  const mockDnsServer = {
+    handlers: new Map<string, any>(),
+    registerHandler: function(pattern: string, types: string[], handler: Function) {
+      this.handlers.set(pattern, { types, handler });
+      console.log(`Registered handler for pattern: ${pattern}, types: ${types.join(', ')}`);
+    }
+  };
+  
+  // Simulate record registration
+  const records = testDnsConfig.records;
+  const recordsByDomain = new Map<string, typeof records>();
+  
+  for (const record of records) {
+    const pattern = record.name.includes('*') ? record.name : `*.${record.name}`;
+    if (!recordsByDomain.has(pattern)) {
+      recordsByDomain.set(pattern, []);
+    }
+    recordsByDomain.get(pattern)!.push(record);
+  }
+  
+  // Register handlers
+  for (const [domainPattern, domainRecords] of recordsByDomain) {
+    const recordTypes = [...new Set(domainRecords.map(r => r.type))];
+    mockDnsServer.registerHandler(domainPattern, recordTypes, (question: any) => {
+      const matchingRecord = domainRecords.find(
+        r => r.name === question.name && r.type === question.type
+      );
+      return matchingRecord || null;
+    });
+  }
+  
+  expect(mockDnsServer.handlers.size).toBeGreaterThan(0);
+});
+
+tap.start({
+  throwOnError: true
+});

test/test.dns-socket-handler.ts

@@ -0,0 +1,149 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/classes.dcrouter.js';
+import * as plugins from '../ts/plugins.js';
+
+let dcRouter: DcRouter;
+
+tap.test('should NOT instantiate DNS server when dnsNsDomains is not set', async () => {
+  dcRouter = new DcRouter({
+    smartProxyConfig: {
+      routes: []
+    },
+    opsServerPort: 3100,
+    dbConfig: { enabled: false }
+  });
+
+  await dcRouter.start();
+
+  // Check that DNS server is not created
+  expect((dcRouter as any).dnsServer).toBeUndefined();
+
+  await dcRouter.stop();
+});
+
+tap.test('should generate DNS routes when dnsNsDomains is set', async () => {
+  // This test checks the route generation logic WITHOUT starting the full DcRouter
+  // Starting DcRouter would require DNS port 53 and cause conflicts
+
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.test.local', 'ns2.test.local'],
+    dnsScopes: ['test.local'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Check routes are generated correctly (without starting)
+  const generatedRoutes = (dcRouter as any).generateDnsRoutes();
+  expect(generatedRoutes.length).toEqual(2); // /dns-query and /resolve
+
+  // Check that routes have socket-handler action
+  generatedRoutes.forEach((route: any) => {
+    expect(route.action.type).toEqual('socket-handler');
+    expect(route.action.socketHandler).toBeDefined();
+  });
+
+  // Verify routes target the primary nameserver
+  const dnsQueryRoute = generatedRoutes.find((r: any) => r.name === 'dns-over-https-dns-query');
+  expect(dnsQueryRoute).toBeDefined();
+  expect(dnsQueryRoute.match.domains).toContain('ns1.test.local');
+});
+
+tap.test('should create DNS routes with correct configuration', async () => {
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.example.com', 'ns2.example.com'],
+    dnsScopes: ['example.com'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Access the private method to generate routes
+  const dnsRoutes = (dcRouter as any).generateDnsRoutes();
+
+  expect(dnsRoutes.length).toEqual(2);
+
+  // Check first route (dns-query) - uses primary nameserver (first in array)
+  const dnsQueryRoute = dnsRoutes.find((r: any) => r.name === 'dns-over-https-dns-query');
+  expect(dnsQueryRoute).toBeDefined();
+  expect(dnsQueryRoute.match.ports).toContain(443);
+  expect(dnsQueryRoute.match.domains).toContain('ns1.example.com');
+  expect(dnsQueryRoute.match.path).toEqual('/dns-query');
+
+  // Check second route (resolve)
+  const resolveRoute = dnsRoutes.find((r: any) => r.name === 'dns-over-https-resolve');
+  expect(resolveRoute).toBeDefined();
+  expect(resolveRoute.match.ports).toContain(443);
+  expect(resolveRoute.match.domains).toContain('ns1.example.com');
+  expect(resolveRoute.match.path).toEqual('/resolve');
+});
+
+tap.test('DNS socket handler should be created correctly', async () => {
+  // This test verifies the socket handler creation WITHOUT starting the full router
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.test.local', 'ns2.test.local'],
+    dnsScopes: ['test.local'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Get the socket handler (this doesn't require DNS server to be started)
+  const socketHandler = (dcRouter as any).createDnsSocketHandler();
+  expect(socketHandler).toBeDefined();
+  expect(typeof socketHandler).toEqual('function');
+
+  // Create a mock socket to test the handler behavior without DNS server
+  const mockSocket = new plugins.net.Socket();
+  let socketEnded = false;
+
+  mockSocket.end = () => {
+    socketEnded = true;
+    return mockSocket;
+  };
+
+  // When DNS server is not initialized, the handler should end the socket
+  try {
+    await socketHandler(mockSocket);
+  } catch (error) {
+    // Expected - DNS server not initialized
+  }
+
+  // Socket should be ended because DNS server wasn't started
+  expect(socketEnded).toEqual(true);
+});
+
+tap.test('DNS routes should only be generated when dnsNsDomains is configured', async () => {
+  // Test without DNS configuration - should return empty routes
+  dcRouter = new DcRouter({
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  const routesWithoutDns = (dcRouter as any).generateDnsRoutes();
+  expect(routesWithoutDns.length).toEqual(0);
+
+  // Test with DNS configuration - should return routes
+  const dcRouterWithDns = new DcRouter({
+    dnsNsDomains: ['ns1.example.com'],
+    dnsScopes: ['example.com'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  const routesWithDns = (dcRouterWithDns as any).generateDnsRoutes();
+  expect(routesWithDns.length).toEqual(2);
+
+  // Verify socket handler can be created
+  const socketHandler = (dcRouterWithDns as any).createDnsSocketHandler();
+  expect(socketHandler).toBeDefined();
+  expect(typeof socketHandler).toEqual('function');
+});
+
+tap.test('stop', async () => {
+  await tap.stopForcefully();
+});
+
+export default tap.start();

test/test.emailauth.ts

@@ -1,244 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { SpfVerifier, SpfQualifier, SpfMechanismType } from '../ts/mail/security/classes.spfverifier.js';
-import { DmarcVerifier, DmarcPolicy, DmarcAlignment } from '../ts/mail/security/classes.dmarcverifier.js';
-import { Email } from '../ts/mail/core/classes.email.js';
-
-/**
- * Test email authentication systems: SPF and DMARC
- */
-
-// Setup platform service for testing
-let platformService: SzPlatformService;
-
-tap.test('Setup test environment', async () => {
-  // Create platform service with default config from the config module
-  platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: true,
-      host: '0.0.0.0',
-      port: 3000,
-      cors: true
-    },
-    email: {
-      useMta: true,
-      mtaConfig: {
-        smtp: {
-          enabled: true,
-          port: 25,
-          hostname: 'mta.test.local',
-          maxSize: 10 * 1024 * 1024
-        },
-        security: {
-          useDkim: true,
-          verifyDkim: true,
-          verifySpf: true,
-          verifyDmarc: true
-        }
-      }
-    }
-  });
-  // Use start() instead of init() which doesn't exist
-  await platformService.start();
-  expect(platformService.mtaService).toBeTruthy();
-});
-
-// SPF Verifier Tests
-tap.test('SPF Verifier - should parse SPF record', async () => {
-  const spfVerifier = new SpfVerifier(platformService.mtaService);
-  
-  // Test valid SPF record parsing
-  const record = 'v=spf1 a mx ip4:192.168.0.1/24 include:example.org ~all';
-  const parsedRecord = spfVerifier.parseSpfRecord(record);
-  
-  expect(parsedRecord).toBeTruthy();
-  expect(parsedRecord.version).toEqual('spf1');
-  expect(parsedRecord.mechanisms.length).toEqual(5);
-  
-  // Check specific mechanisms
-  expect(parsedRecord.mechanisms[0].type).toEqual(SpfMechanismType.A);
-  expect(parsedRecord.mechanisms[0].qualifier).toEqual(SpfQualifier.PASS);
-  
-  expect(parsedRecord.mechanisms[1].type).toEqual(SpfMechanismType.MX);
-  expect(parsedRecord.mechanisms[1].qualifier).toEqual(SpfQualifier.PASS);
-  
-  expect(parsedRecord.mechanisms[2].type).toEqual(SpfMechanismType.IP4);
-  expect(parsedRecord.mechanisms[2].value).toEqual('192.168.0.1/24');
-  
-  expect(parsedRecord.mechanisms[3].type).toEqual(SpfMechanismType.INCLUDE);
-  expect(parsedRecord.mechanisms[3].value).toEqual('example.org');
-  
-  expect(parsedRecord.mechanisms[4].type).toEqual(SpfMechanismType.ALL);
-  expect(parsedRecord.mechanisms[4].qualifier).toEqual(SpfQualifier.SOFTFAIL);
-  
-  // Test invalid record
-  const invalidRecord = 'not-a-spf-record';
-  const invalidParsed = spfVerifier.parseSpfRecord(invalidRecord);
-  expect(invalidParsed).toBeNull();
-});
-
-// DMARC Verifier Tests
-tap.test('DMARC Verifier - should parse DMARC record', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Test valid DMARC record parsing
-  const record = 'v=DMARC1; p=reject; sp=quarantine; pct=50; adkim=s; aspf=r; rua=mailto:dmarc@example.com';
-  const parsedRecord = dmarcVerifier.parseDmarcRecord(record);
-  
-  expect(parsedRecord).toBeTruthy();
-  expect(parsedRecord.version).toEqual('DMARC1');
-  expect(parsedRecord.policy).toEqual(DmarcPolicy.REJECT);
-  expect(parsedRecord.subdomainPolicy).toEqual(DmarcPolicy.QUARANTINE);
-  expect(parsedRecord.pct).toEqual(50);
-  expect(parsedRecord.adkim).toEqual(DmarcAlignment.STRICT);
-  expect(parsedRecord.aspf).toEqual(DmarcAlignment.RELAXED);
-  expect(parsedRecord.reportUriAggregate).toContain('dmarc@example.com');
-  
-  // Test invalid record
-  const invalidRecord = 'not-a-dmarc-record';
-  const invalidParsed = dmarcVerifier.parseDmarcRecord(invalidRecord);
-  expect(invalidParsed).toBeNull();
-});
-
-tap.test('DMARC Verifier - should verify DMARC alignment', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Test email domains with DMARC alignment
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.net',
-    subject: 'Test DMARC alignment',
-    text: 'This is a test email'
-  });
-  
-  // Test when both SPF and DKIM pass with alignment
-  const dmarcResult = await dmarcVerifier.verify(
-    email,
-    { domain: 'example.com', result: true },  // SPF - aligned and passed
-    { domain: 'example.com', result: true }   // DKIM - aligned and passed
-  );
-  
-  expect(dmarcResult).toBeTruthy();
-  expect(dmarcResult.spfPassed).toEqual(true);
-  expect(dmarcResult.dkimPassed).toEqual(true);
-  expect(dmarcResult.spfDomainAligned).toEqual(true);
-  expect(dmarcResult.dkimDomainAligned).toEqual(true);
-  expect(dmarcResult.action).toEqual('pass');
-  
-  // Test when neither SPF nor DKIM is aligned
-  const dmarcResult2 = await dmarcVerifier.verify(
-    email,
-    { domain: 'differentdomain.com', result: true },  // SPF - passed but not aligned
-    { domain: 'anotherdomain.com', result: true }     // DKIM - passed but not aligned
-  );
-  
-  // We can now see the actual DMARC result and update our expectations
-  
-  expect(dmarcResult2).toBeTruthy();
-  expect(dmarcResult2.spfPassed).toEqual(true);
-  expect(dmarcResult2.dkimPassed).toEqual(true);
-  expect(dmarcResult2.spfDomainAligned).toEqual(false);
-  expect(dmarcResult2.dkimDomainAligned).toEqual(false);
-  
-  // The test environment is returning a 'reject' policy - we can verify that
-  expect(dmarcResult2.policyEvaluated).toEqual('reject');
-  expect(dmarcResult2.actualPolicy).toEqual('reject');
-  expect(dmarcResult2.action).toEqual('reject');
-});
-
-tap.test('DMARC Verifier - should apply policy correctly', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Create test email
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.net',
-    subject: 'Test DMARC policy application',
-    text: 'This is a test email'
-  });
-  
-  // Test pass action
-  const passResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: true,
-    dkimDomainAligned: true,
-    spfPassed: true,
-    dkimPassed: true,
-    policyEvaluated: DmarcPolicy.NONE,
-    actualPolicy: DmarcPolicy.NONE,
-    appliedPercentage: 100,
-    action: 'pass',
-    details: 'DMARC passed'
-  };
-  
-  const passApplied = dmarcVerifier.applyPolicy(email, passResult);
-  expect(passApplied).toEqual(true);
-  expect(email.mightBeSpam).toEqual(false);
-  expect(email.headers['X-DMARC-Result']).toEqual('DMARC passed');
-  
-  // Test quarantine action
-  const quarantineResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: false,
-    dkimDomainAligned: false,
-    spfPassed: false,
-    dkimPassed: false,
-    policyEvaluated: DmarcPolicy.QUARANTINE,
-    actualPolicy: DmarcPolicy.QUARANTINE,
-    appliedPercentage: 100,
-    action: 'quarantine',
-    details: 'DMARC failed, policy=quarantine'
-  };
-  
-  // Reset email spam flag
-  email.mightBeSpam = false;
-  email.headers = {};
-  
-  const quarantineApplied = dmarcVerifier.applyPolicy(email, quarantineResult);
-  expect(quarantineApplied).toEqual(true);
-  expect(email.mightBeSpam).toEqual(true);
-  expect(email.headers['X-Spam-Flag']).toEqual('YES');
-  expect(email.headers['X-DMARC-Result']).toEqual('DMARC failed, policy=quarantine');
-  
-  // Test reject action
-  const rejectResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: false,
-    dkimDomainAligned: false,
-    spfPassed: false,
-    dkimPassed: false,
-    policyEvaluated: DmarcPolicy.REJECT,
-    actualPolicy: DmarcPolicy.REJECT,
-    appliedPercentage: 100,
-    action: 'reject',
-    details: 'DMARC failed, policy=reject'
-  };
-  
-  // Reset email spam flag
-  email.mightBeSpam = false;
-  email.headers = {};
-  
-  const rejectApplied = dmarcVerifier.applyPolicy(email, rejectResult);
-  expect(rejectApplied).toEqual(false);
-  expect(email.mightBeSpam).toEqual(true);
-});
-
-tap.test('Cleanup test environment', async () => {
-  await platformService.stop();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.errors.ts

@@ -1,7 +1,7 @@
 import { tap, expect } from '@git.zone/tstest/tapbundle';
 import * as errors from '../ts/errors/index.js';
 import {
-  PlatformError, 
+  PlatformError,
   ValidationError,
   NetworkError,
   ResourceError,
@@ -12,19 +12,6 @@ import {
   ErrorCategory,
   ErrorRecoverability
 } from '../ts/errors/error.codes.js';
-import {
-  EmailServiceError,
-  EmailTemplateError,
-  EmailValidationError,
-  EmailSendError,
-  EmailReceiveError
-} from '../ts/errors/email.errors.js';
-import {
-  MtaConnectionError,
-  MtaAuthenticationError,
-  MtaDeliveryError,
-  MtaConfigurationError
-} from '../ts/errors/mta.errors.js';
 import {
   ErrorHandler
 } from '../ts/errors/error-handler.js';
@@ -54,9 +41,9 @@ tap.test('Base error classes should set properties correctly', async () => {
   expect(platformError.severity).toEqual(ErrorSeverity.MEDIUM);
   expect(platformError.category).toEqual(ErrorCategory.OPERATION);
   expect(platformError.recoverability).toEqual(ErrorRecoverability.MAYBE_RECOVERABLE);
-  expect(platformError.context.component).toEqual(context.component);
-  expect(platformError.context.operation).toEqual(context.operation);
-  expect(platformError.context.data.foo).toEqual('bar');
+  expect(platformError.context?.component).toEqual(context.component);
+  expect(platformError.context?.operation).toEqual(context.operation);
+  expect(platformError.context?.data?.foo).toEqual('bar');
   expect(platformError.name).toEqual('PlatformError');
 
   // Test ValidationError
@@ -75,94 +62,6 @@ tap.test('Base error classes should set properties correctly', async () => {
   expect(resourceError.category).toEqual(ErrorCategory.RESOURCE);
 });
 
-// Test email error classes
-tap.test('Email error classes should be properly constructed', async () => {
-  // Test EmailServiceError
-  const emailServiceError = new EmailServiceError('Email service error', {
-    component: 'EmailService',
-    operation: 'sendEmail'
-  });
-  expect(emailServiceError.code).toEqual('EMAIL_SERVICE_ERROR');
-  expect(emailServiceError.name).toEqual('EmailServiceError');
-
-  // Test EmailTemplateError
-  const templateError = new EmailTemplateError('Template not found: welcome_email', {
-    data: { templateId: 'welcome_email' }
-  });
-  expect(templateError.code).toEqual('EMAIL_TEMPLATE_ERROR');
-  expect(templateError.context.data.templateId).toEqual('welcome_email');
-
-  // Test EmailSendError with permanent flag
-  const permanentError = EmailSendError.permanent(
-    'Invalid recipient',
-    'user@example.com',
-    { data: { details: 'DNS not found' } }
-  );
-  expect(permanentError.code).toEqual('EMAIL_SEND_ERROR');
-  expect(permanentError.isPermanent()).toEqual(true);
-  expect(permanentError.context.data.permanent).toEqual(true);
-
-  // Test EmailSendError with temporary flag and retry
-  const tempError = EmailSendError.temporary(
-    'Server busy',
-    3,
-    0,
-    1000,
-    { data: { server: 'smtp.example.com' } }
-  );
-  expect(tempError.isPermanent()).toEqual(false);
-  expect(tempError.context.data.permanent).toEqual(false);
-  expect(tempError.context.retry.maxRetries).toEqual(3);
-  expect(tempError.shouldRetry()).toEqual(true);
-});
-
-// Test MTA error classes
-tap.test('MTA error classes should be properly constructed', async () => {
-  // Test MtaConnectionError
-  const dnsError = MtaConnectionError.dnsError('mail.example.com', new Error('DNS lookup failed'));
-  expect(dnsError.code).toEqual('MTA_CONNECTION_ERROR');
-  expect(dnsError.category).toEqual(ErrorCategory.CONNECTIVITY);
-  expect(dnsError.context.data.hostname).toEqual('mail.example.com');
-
-  // Test MtaTimeoutError via MtaConnectionError.timeout
-  const timeoutError = MtaConnectionError.timeout('mail.example.com', 25, 30000);
-  expect(timeoutError.code).toEqual('MTA_CONNECTION_ERROR');
-  expect(timeoutError.context.data.timeout).toEqual(30000);
-
-  // Test MtaAuthenticationError
-  const authError = MtaAuthenticationError.invalidCredentials('mail.example.com', 'user@example.com');
-  expect(authError.code).toEqual('MTA_AUTHENTICATION_ERROR');
-  expect(authError.category).toEqual(ErrorCategory.AUTHENTICATION);
-  expect(authError.context.data.username).toEqual('user@example.com');
-
-  // Test MtaDeliveryError
-  const permDeliveryError = MtaDeliveryError.permanent(
-    'User unknown',
-    'nonexistent@example.com',
-    '550',
-    '550 5.1.1 User unknown'
-  );
-  expect(permDeliveryError.code).toEqual('MTA_DELIVERY_ERROR');
-  expect(permDeliveryError.isPermanent()).toEqual(true);
-  expect(permDeliveryError.getRecipientAddress()).toEqual('nonexistent@example.com');
-  expect(permDeliveryError.getStatusCode()).toEqual('550');
-
-  // Test temporary delivery error with retry
-  const tempDeliveryError = MtaDeliveryError.temporary(
-    'Mailbox temporarily unavailable',
-    'user@example.com',
-    '450',
-    '450 4.2.1 Mailbox temporarily unavailable',
-    3,
-    1,
-    5000
-  );
-  expect(tempDeliveryError.isPermanent()).toEqual(false);
-  expect(tempDeliveryError.shouldRetry()).toEqual(true);
-  expect(tempDeliveryError.context.retry.currentRetry).toEqual(1);
-  expect(tempDeliveryError.context.retry.maxRetries).toEqual(3);
-});
-
 // Test error handler utility
 tap.test('ErrorHandler should properly handle and format errors', async () => {
   // Configure error handler
@@ -187,13 +86,13 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
 
   expect(platformError).toBeInstanceOf(PlatformError);
   expect(platformError.code).toEqual('PLATFORM_OPERATION_ERROR');
-  expect(platformError.context.component).toEqual('TestHandler');
+  expect(platformError.context?.component).toEqual('TestHandler');
 
   // Test formatting error for API response
   const formattedError = ErrorHandler.formatErrorForResponse(platformError, true);
   expect(formattedError.code).toEqual('PLATFORM_OPERATION_ERROR');
   expect(formattedError.message).toEqual('An unexpected error occurred.');
-  expect(formattedError.details.rawMessage).toEqual('Something went wrong');
+  expect(formattedError.details?.rawMessage).toEqual('Something went wrong');
 
   // Test executing a function with error handling
   let executed = false;
@@ -223,6 +122,7 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
     {
       maxAttempts: 5,
       baseDelay: 10, // Use small delay for tests
+      retryableErrorPatterns: [/Temporary failure/], // Add pattern to make error retryable
       onRetry: (error, attempt, delay) => {
         expect(error).toBeInstanceOf(PlatformError);
         expect(attempt).toBeGreaterThan(0);
@@ -245,7 +145,8 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
       'TEST_RETRY_ERROR',
       {
         maxAttempts: 3,
-        baseDelay: 10
+        baseDelay: 10,
+        retryableErrorPatterns: [/Persistent failure/] // Make error retryable so it tries all attempts
       }
     );
   } catch (error) {
@@ -257,7 +158,6 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
 // Test retry utilities
 tap.test('Error retry utilities should work correctly', async () => {
   let attempts = 0;
-  const start = Date.now();
 
   try {
     await errors.retry(
@@ -303,15 +203,25 @@ tap.test('Error retry utilities should work correctly', async () => {
 });
 
 // Helper function that will reject first n times, then resolve
-async function flaky(failTimes: number, result: any = 'success'): Promise<any> {
-  if (flaky.counter < failTimes) {
-    flaky.counter++;
-    throw new Error(`Flaky failure ${flaky.counter}`);
-  }
-  return result;
+interface FlakyFunction {
+  (failTimes: number, result?: any): Promise<any>;
+  counter: number;
+  reset: () => void;
 }
-flaky.counter = 0;
-flaky.reset = () => { flaky.counter = 0; };
+
+const flaky: FlakyFunction = Object.assign(
+  async function (failTimes: number, result: any = 'success'): Promise<any> {
+    if (flaky.counter < failTimes) {
+      flaky.counter++;
+      throw new Error(`Flaky failure ${flaky.counter}`);
+    }
+    return result;
+  },
+  {
+    counter: 0,
+    reset: () => { flaky.counter = 0; }
+  }
+);
 
 // Test error wrapping and retry combination
 tap.test('Error handling can be combined with retry for robust operations', async () => {
@@ -326,30 +236,27 @@ tap.test('Error handling can be combined with retry for robust operations', asyn
   );
 
   // Execute with retry
-  try {
-    const result = await errors.retry(
-      wrapped,
-      {
-        maxRetries: 3,
-        initialDelay: 10,
-      }
-    );
-    expect(result).toEqual('wrapped success');
-    expect(flaky.counter).toEqual(2);
-  } catch (error) {
-    // Should not reach here
-    expect(false).toEqual(true);
-  }
+  const result = await errors.retry(
+    wrapped,
+    {
+      maxRetries: 3,
+      initialDelay: 10,
+      retryableErrors: [/Flaky failure/]
+    }
+  );
+  expect(result).toEqual('wrapped success');
+  expect(flaky.counter).toEqual(2);
 
   // Reset and test failure case
   flaky.reset();
-  
+
   try {
     await errors.retry(
       () => flaky(5, 'never reached'),
       {
         maxRetries: 2, // Only retry twice, but we need 5 attempts to succeed
         initialDelay: 10,
+        retryableErrors: [/Flaky failure/] // Add pattern to make it retry
       }
     );
     // Should not reach here
@@ -361,7 +268,7 @@ tap.test('Error handling can be combined with retry for robust operations', asyn
 });
 
 tap.test('stop', async () => {
-  // This is a placeholder test to ensure we call tap.stopForcefully()
+  await tap.stopForcefully();
 });
 
-export default tap.stopForcefully();
+export default tap.start();

test/test.http3-augmentation.ts

@@ -0,0 +1,304 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import {
+  routeQualifiesForHttp3,
+  augmentRouteWithHttp3,
+  augmentRoutesWithHttp3,
+  type IHttp3Config,
+} from '../ts/http3/index.js';
+import type * as plugins from '../ts/plugins.js';
+
+// Helper to create a basic HTTPS forward route on port 443
+function makeRoute(
+  overrides: Partial<plugins.smartproxy.IRouteConfig> = {},
+): plugins.smartproxy.IRouteConfig {
+  return {
+    match: { ports: 443, ...overrides.match },
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'terminate', certificate: 'auto' },
+      ...overrides.action,
+    },
+    name: overrides.name ?? 'test-https-route',
+    ...Object.fromEntries(
+      Object.entries(overrides).filter(([k]) => !['match', 'action', 'name'].includes(k)),
+    ),
+  } as plugins.smartproxy.IRouteConfig;
+}
+
+const defaultConfig: IHttp3Config = { enabled: true };
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Qualification tests
+// ──────────────────────────────────────────────────────────────────────────────
+
+tap.test('should augment qualifying HTTPS route on port 443', async () => {
+  const route = makeRoute();
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp).toBeTruthy();
+  expect(result.action.udp!.quic).toBeTruthy();
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+  expect(result.action.udp!.quic!.altSvcMaxAge).toEqual(86400);
+});
+
+tap.test('should NOT augment route on non-443 port', async () => {
+  const route = makeRoute({ match: { ports: 8080 } });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toBeUndefined();
+  expect(result.action.udp).toBeUndefined();
+});
+
+tap.test('should NOT augment socket-handler type route', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'socket-handler' as any,
+      socketHandler: (() => {}) as any,
+    },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toBeUndefined();
+});
+
+tap.test('should NOT augment route without TLS', async () => {
+  const route: plugins.smartproxy.IRouteConfig = {
+    match: { ports: 443 },
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+    },
+    name: 'no-tls-route',
+  };
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toBeUndefined();
+});
+
+tap.test('should NOT augment email routes', async () => {
+  const emailNames = ['smtp-route', 'submission-route', 'smtps-route', 'email-port-2525-route'];
+  for (const name of emailNames) {
+    const route = makeRoute({ name });
+    const result = augmentRouteWithHttp3(route, defaultConfig);
+    expect(result.match.transport).toBeUndefined();
+  }
+});
+
+tap.test('should respect per-route opt-out (options.http3 = false)', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'terminate', certificate: 'auto' },
+      options: { http3: false },
+    },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toBeUndefined();
+  expect(result.action.udp).toBeUndefined();
+});
+
+tap.test('should respect per-route opt-in when global is disabled', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'terminate', certificate: 'auto' },
+      options: { http3: true },
+    },
+  });
+  const result = augmentRouteWithHttp3(route, { enabled: false });
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+tap.test('should NOT double-augment routes with transport: all', async () => {
+  const route = makeRoute({
+    match: { ports: 443, transport: 'all' as any },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  // Should be the exact same object (no augmentation)
+  expect(result).toEqual(route);
+});
+
+tap.test('should NOT double-augment routes with existing udp.quic', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'terminate', certificate: 'auto' },
+      udp: { quic: { enableHttp3: true } },
+    },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result).toEqual(route);
+});
+
+tap.test('should augment route with port range including 443', async () => {
+  const route = makeRoute({
+    match: { ports: [{ from: 400, to: 500 }] },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+tap.test('should augment route with port array including 443', async () => {
+  const route = makeRoute({
+    match: { ports: [80, 443] },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+tap.test('should NOT augment route with port range NOT including 443', async () => {
+  const route = makeRoute({
+    match: { ports: [{ from: 8000, to: 9000 }] },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toBeUndefined();
+});
+
+tap.test('should augment TLS passthrough routes', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'passthrough' },
+    },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+tap.test('should augment terminate-and-reencrypt routes', async () => {
+  const route = makeRoute({
+    action: {
+      type: 'forward',
+      targets: [{ host: 'localhost', port: 8080 }],
+      tls: { mode: 'terminate-and-reencrypt', certificate: 'auto' },
+    },
+  });
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Configuration tests
+// ──────────────────────────────────────────────────────────────────────────────
+
+tap.test('should apply default QUIC settings when none provided', async () => {
+  const route = makeRoute();
+  const result = augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(result.action.udp!.quic!.altSvcMaxAge).toEqual(86400);
+  // Undefined means SmartProxy will use its own defaults
+  expect(result.action.udp!.quic!.maxIdleTimeout).toBeUndefined();
+  expect(result.action.udp!.quic!.altSvcPort).toBeUndefined();
+});
+
+tap.test('should apply custom QUIC settings', async () => {
+  const route = makeRoute();
+  const config: IHttp3Config = {
+    enabled: true,
+    quicSettings: {
+      maxIdleTimeout: 60000,
+      maxConcurrentBidiStreams: 200,
+      maxConcurrentUniStreams: 50,
+      initialCongestionWindow: 65536,
+    },
+    altSvc: {
+      port: 8443,
+      maxAge: 3600,
+    },
+    udpSettings: {
+      sessionTimeout: 120000,
+      maxSessionsPerIP: 500,
+      maxDatagramSize: 32768,
+    },
+  };
+  const result = augmentRouteWithHttp3(route, config);
+
+  expect(result.action.udp!.quic!.maxIdleTimeout).toEqual(60000);
+  expect(result.action.udp!.quic!.maxConcurrentBidiStreams).toEqual(200);
+  expect(result.action.udp!.quic!.maxConcurrentUniStreams).toEqual(50);
+  expect(result.action.udp!.quic!.initialCongestionWindow).toEqual(65536);
+  expect(result.action.udp!.quic!.altSvcPort).toEqual(8443);
+  expect(result.action.udp!.quic!.altSvcMaxAge).toEqual(3600);
+  expect(result.action.udp!.sessionTimeout).toEqual(120000);
+  expect(result.action.udp!.maxSessionsPerIP).toEqual(500);
+  expect(result.action.udp!.maxDatagramSize).toEqual(32768);
+});
+
+tap.test('should not mutate the original route', async () => {
+  const route = makeRoute();
+  const originalTransport = route.match.transport;
+  const originalUdp = route.action.udp;
+
+  augmentRouteWithHttp3(route, defaultConfig);
+
+  expect(route.match.transport).toEqual(originalTransport);
+  expect(route.action.udp).toEqual(originalUdp);
+});
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Batch augmentation
+// ──────────────────────────────────────────────────────────────────────────────
+
+tap.test('should augment multiple routes in a batch', async () => {
+  const routes = [
+    makeRoute({ name: 'web-app' }),
+    makeRoute({ name: 'smtp-route', match: { ports: 25 } }),
+    makeRoute({ name: 'api-gateway' }),
+    makeRoute({
+      name: 'dns-query',
+      action: { type: 'socket-handler' as any, socketHandler: (() => {}) as any },
+    }),
+  ];
+
+  const results = augmentRoutesWithHttp3(routes, defaultConfig);
+
+  // web-app and api-gateway should be augmented
+  expect(results[0].match.transport).toEqual('all');
+  expect(results[2].match.transport).toEqual('all');
+
+  // smtp and dns should NOT be augmented
+  expect(results[1].match.transport).toBeUndefined();
+  expect(results[3].match.transport).toBeUndefined();
+});
+
+// ──────────────────────────────────────────────────────────────────────────────
+// Default enabled behavior
+// ──────────────────────────────────────────────────────────────────────────────
+
+tap.test('should treat undefined enabled as true (default on)', async () => {
+  const route = makeRoute();
+  const result = augmentRouteWithHttp3(route, {}); // no enabled field at all
+
+  expect(result.match.transport).toEqual('all');
+  expect(result.action.udp!.quic!.enableHttp3).toBeTrue();
+});
+
+tap.test('should disable when enabled is explicitly false', async () => {
+  const route = makeRoute();
+  const result = augmentRouteWithHttp3(route, { enabled: false });
+
+  expect(result.match.transport).toBeUndefined();
+  expect(result.action.udp).toBeUndefined();
+});
+
+export default tap.start();

test/test.integration.ts

@@ -1,128 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { MtaService } from '../ts/mail/delivery/classes.mta.js';
-import { EmailService } from '../ts/mail/services/classes.emailservice.js';
-import { BounceManager } from '../ts/mail/core/classes.bouncemanager.js';
-import DcRouter from '../ts/classes.dcrouter.js';
-
-// Test the new integration architecture
-tap.test('should be able to create an independent MTA service', async (tools) => {
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-      hostname: 'test.example.com'
-    }
-  });
-  
-  // Verify it was created properly without a platform service reference
-  expect(mta).toBeTruthy();
-  expect(mta.platformServiceRef).toBeUndefined();
-  
-  // Even without a platform service, it should have its own SMTP rule engine
-  expect(mta.smtpRuleEngine).toBeTruthy();
-});
-
-tap.test('should be able to create an EmailService with an existing MTA', async (tools) => {
-  // Create a platform service with test config
-  const platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: false // Disable server for tests
-    }
-  });
-  
-  // Create a shared bounce manager
-  const bounceManager = new BounceManager();
-  
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Manually set the bounce manager for testing
-  // @ts-ignore - adding property for testing
-  mta.bounceManager = bounceManager;
-  
-  // Create an email service that uses the independent MTA
-  // @ts-ignore - passing a third argument to the constructor
-  const emailService = new EmailService(platformService, {}, mta);
-  
-  // Manually set the mtaService property
-  emailService.mtaService = mta;
-  
-  // Verify relationships
-  expect(emailService.mtaService === mta).toBeTrue();
-  expect(emailService.bounceManager).toBeTruthy();
-  
-  // MTA should not have a direct platform service reference
-  expect(mta.platformServiceRef).toBeUndefined();
-  
-  // But it should have access to bounce manager
-  // @ts-ignore - accessing property for testing
-  expect(mta.bounceManager === bounceManager).toBeTrue();
-});
-
-tap.test('MTA service should have SMTP rule engine', async (tools) => {
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Verify the MTA has an SMTP rule engine
-  expect(mta.smtpRuleEngine).toBeTruthy();
-});
-
-tap.test('platform service should support having an MTA service', async (tools) => {
-  // Create a platform service with test config
-  const platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: false // Disable server for tests
-    }
-  });
-  
-  // Create MTA - don't await start() to avoid binding to ports
-  platformService.mtaService = new MtaService(platformService, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Create email service using the platform
-  platformService.emailService = new EmailService(platformService);
-  
-  // Verify the MTA has a reference to the platform service
-  expect(platformService.mtaService).toBeTruthy();
-  expect(platformService.mtaService.platformServiceRef).toBeTruthy();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-// Export for tapbundle execution
-export default tap.start();

test/test.ipreputationchecker.ts

@@ -6,8 +6,8 @@ import * as plugins from '../ts/plugins.js';
 const originalDnsResolve = plugins.dns.promises.resolve;
 let mockDnsResolveImpl: (hostname: string) => Promise<string[]> = async () => ['127.0.0.1'];
 
-// Setup mock DNS resolver
-plugins.dns.promises.resolve = async (hostname: string) => {
+// Setup mock DNS resolver with proper typing
+(plugins.dns.promises as any).resolve = async (hostname: string) => {
   return mockDnsResolveImpl(hostname);
 };
 

test/test.ipwarmupmanager.ts

@@ -1,323 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-// Cleanup any temporary test data
-const cleanupTestData = () => {
-  const warmupDataPath = plugins.path.join(paths.dataDir, 'warmup');
-  if (plugins.fs.existsSync(warmupDataPath)) {
-    // Remove the directory recursively using fs instead of smartfile
-    plugins.fs.rmSync(warmupDataPath, { recursive: true, force: true });
-  }
-};
-
-// Helper to reset the singleton instance between tests
-const resetSingleton = () => {
-  // @ts-ignore - accessing private static field for testing
-  IPWarmupManager.instance = null;
-};
-
-// Before running any tests
-tap.test('setup', async () => {
-  cleanupTestData();
-});
-
-// Test initialization of IPWarmupManager
-tap.test('should initialize IPWarmupManager with default settings', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance();
-  
-  expect(ipWarmupManager).toBeTruthy();
-  expect(typeof ipWarmupManager.getBestIPForSending).toEqual('function');
-  expect(typeof ipWarmupManager.canSendMoreToday).toEqual('function');
-  expect(typeof ipWarmupManager.getStageCount).toEqual('function');
-  expect(typeof ipWarmupManager.setActiveAllocationPolicy).toEqual('function');
-});
-
-// Test initialization with custom settings
-tap.test('should initialize IPWarmupManager with custom settings', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com', 'test.com'],
-    fallbackPercentage: 75
-  });
-  
-  // Test setting allocation policy
-  ipWarmupManager.setActiveAllocationPolicy('roundRobin');
-  
-  // Get best IP for sending
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Check if we can send more today
-  const canSendMore = ipWarmupManager.canSendMoreToday('192.168.1.1');
-  
-  // Check stage count
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(typeof stageCount).toEqual('number');
-});
-
-// Test IP allocation policies
-tap.test('should allocate IPs using balanced policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  // Use getBestIPForSending multiple times and check if all IPs are used
-  const usedIPs = new Set();
-  for (let i = 0; i < 30; i++) {
-    const ip = ipWarmupManager.getBestIPForSending({
-      from: 'test@example.com',
-      to: ['recipient@test.com'],
-      domain: 'example.com'
-    });
-    if (ip) usedIPs.add(ip);
-  }
-  
-  // We should use at least 2 different IPs with balanced policy
-  expect(usedIPs.size >= 2).toBeTrue();
-});
-
-// Test round robin allocation policy
-tap.test('should allocate IPs using round robin policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('roundRobin');
-  
-  // First few IPs should rotate through the available IPs
-  const firstIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const secondIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const thirdIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Round robin should give us different IPs for consecutive calls
-  expect(firstIP !== secondIP).toBeTrue();
-  
-  // With 3 IPs, the fourth call should cycle back to one of the IPs
-  const fourthIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Check that the fourth IP is one of the 3 valid IPs
-  expect(['192.168.1.1', '192.168.1.2', '192.168.1.3'].includes(fourthIP)).toBeTrue();
-});
-
-// Test dedicated domain allocation policy
-tap.test('should allocate IPs using dedicated domain policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com', 'other.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('dedicated');
-  
-  // Instead of mapDomainToIP which doesn't exist, we'll simulate domain mapping
-  // by making dedicated calls per domain - we can't call the internal method directly
-  
-  // Each domain should get its dedicated IP
-  const exampleIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@gmail.com'],
-    domain: 'example.com'
-  });
-  
-  const testIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@test.com',
-    to: ['recipient@gmail.com'],
-    domain: 'test.com'
-  });
-  
-  const otherIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@other.com',
-    to: ['recipient@gmail.com'],
-    domain: 'other.com'
-  });
-  
-  // Since we're not actually mapping domains to IPs, we can only test if they return valid IPs
-  // The original assertions have been modified since we can't guarantee which IP will be returned
-  expect(exampleIP).toBeTruthy();
-  expect(testIP).toBeTruthy();
-  expect(otherIP).toBeTruthy();
-});
-
-// Test daily sending limits
-tap.test('should enforce daily sending limits', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1'],
-    targetDomains: ['example.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  // Override the warmup stage for testing
-  // @ts-ignore - accessing private method for testing
-  ipWarmupManager.warmupStatuses.set('192.168.1.1', {
-    ipAddress: '192.168.1.1',
-    isActive: true,
-    currentStage: 1,
-    startDate: new Date(),
-    currentStageStartDate: new Date(),
-    targetCompletionDate: new Date(),
-    currentDailyAllocation: 5,
-    sentInCurrentStage: 0,
-    totalSent: 0,
-    dailyStats: [],
-    metrics: {
-      openRate: 0,
-      bounceRate: 0,
-      complaintRate: 0
-    }
-  });
-  
-  // Set a very low daily limit for testing 
-  // @ts-ignore - accessing private method for testing
-  ipWarmupManager.config.stages = [
-    { stage: 1, maxDailyVolume: 5, durationDays: 5, targetMetrics: { maxBounceRate: 8, minOpenRate: 15 } }
-  ];
-  
-  // First pass: should be able to get an IP
-  const ip = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  expect(ip === '192.168.1.1').toBeTrue();
-  
-  // Record 5 sends to reach the daily limit
-  for (let i = 0; i < 5; i++) {
-    ipWarmupManager.recordSend('192.168.1.1');
-  }
-  
-  // Check if we can send more today
-  const canSendMore = ipWarmupManager.canSendMoreToday('192.168.1.1');
-  expect(canSendMore).toEqual(false);
-  
-  // After reaching limit, getBestIPForSending should return null
-  // since there are no available IPs
-  const sixthIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  expect(sixthIP === null).toBeTrue();
-});
-
-// Test recording sends
-tap.test('should record send events correctly', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com'],
-  });
-  
-  // Set allocation policy
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  // Get an IP for sending
-  const ip = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // If we got an IP, record some sends
-  if (ip) {
-    // Record a few sends
-    for (let i = 0; i < 5; i++) {
-      ipWarmupManager.recordSend(ip);
-    }
-    
-    // Check if we can still send more
-    const canSendMore = ipWarmupManager.canSendMoreToday(ip);
-    expect(typeof canSendMore).toEqual('boolean');
-  }
-});
-
-// Test that DedicatedDomainPolicy assigns IPs correctly
-tap.test('should assign IPs using dedicated domain policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com', 'other.com']
-  });
-  
-  // Set allocation policy to dedicated domains
-  ipWarmupManager.setActiveAllocationPolicy('dedicated');
-  
-  // Check allocation by querying for different domains
-  const ip1 = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const ip2 = ipWarmupManager.getBestIPForSending({
-    from: 'test@test.com',
-    to: ['recipient@test.com'],
-    domain: 'test.com'
-  });
-  
-  // If we got IPs, they should be consistently assigned
-  if (ip1 && ip2) {
-    // Requesting the same domain again should return the same IP
-    const ip1again = ipWarmupManager.getBestIPForSending({
-      from: 'another@example.com',
-      to: ['recipient@test.com'],
-      domain: 'example.com'
-    });
-    
-    expect(ip1again === ip1).toBeTrue();
-  }
-});
-
-// After all tests, clean up
-tap.test('cleanup', async () => {
-  cleanupTestData();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.jwt-auth.ts

@@ -0,0 +1,132 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+let identity: interfaces.data.IIdentity;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    opsServerPort: 3102,
+    dbConfig: { enabled: false },
+  });
+  
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should login with admin credentials and receive JWT', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3102/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+  
+  const response = await loginRequest.fire({
+    username: 'admin',
+    password: 'admin'
+  });
+  
+  expect(response).toHaveProperty('identity');
+  expect(response.identity).toHaveProperty('jwt');
+  expect(response.identity).toHaveProperty('userId');
+  expect(response.identity).toHaveProperty('name');
+  expect(response.identity).toHaveProperty('expiresAt');
+  expect(response.identity).toHaveProperty('role');
+  expect(response.identity.role).toEqual('admin');
+  
+  identity = response.identity;
+  console.log('JWT:', identity.jwt);
+});
+
+tap.test('should verify valid JWT identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3102/typedrequest',
+    'verifyIdentity'
+  );
+  
+  const response = await verifyRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  expect(response).toHaveProperty('identity');
+  expect(response.identity.userId).toEqual(identity.userId);
+});
+
+tap.test('should reject invalid JWT', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3102/typedrequest',
+    'verifyIdentity'
+  );
+  
+  const response = await verifyRequest.fire({
+    identity: {
+      ...identity,
+      jwt: 'invalid.jwt.token'
+    }
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeFalse();
+});
+
+tap.test('should verify JWT matches identity data', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3102/typedrequest',
+    'verifyIdentity'
+  );
+  
+  // The response should contain the same identity data as the JWT
+  const response = await verifyRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  expect(response.identity.expiresAt).toEqual(identity.expiresAt);
+  expect(response.identity.userId).toEqual(identity.userId);
+});
+
+tap.test('should handle logout', async () => {
+  const logoutRequest = new TypedRequest<interfaces.requests.IReq_AdminLogout>(
+    'http://localhost:3102/typedrequest',
+    'adminLogout'
+  );
+  
+  const response = await logoutRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('success');
+  expect(response.success).toBeTrue();
+});
+
+tap.test('should reject wrong credentials', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3102/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+  
+  let errorOccurred = false;
+  try {
+    await loginRequest.fire({
+      username: 'admin',
+      password: 'wrongpassword'
+    });
+  } catch (error) {
+    errorOccurred = true;
+    // TypedResponseError is thrown
+    expect(error).toBeTruthy();
+  }
+  
+  expect(errorOccurred).toBeTrue();
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.minimal.ts

@@ -1,66 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-/**
- * Basic test to check if our integrated classes work correctly
- */
-tap.test('verify that SenderReputationMonitor and IPWarmupManager are functioning', async (tools) => {
-  // Create instances of both classes
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['example.com']
-  });
-  
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com']
-  });
-  
-  // Test SenderReputationMonitor
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  
-  const reputationData = reputationMonitor.getReputationData('example.com');
-  const summary = reputationMonitor.getReputationSummary();
-  
-  // Basic checks
-  expect(reputationData).toBeTruthy();
-  expect(summary.length).toBeGreaterThan(0);
-  
-  // Add and remove domains
-  reputationMonitor.addDomain('test.com');
-  reputationMonitor.removeDomain('test.com');
-  
-  // Test IPWarmupManager
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  if (bestIP) {
-    ipWarmupManager.recordSend(bestIP);
-    const canSendMore = ipWarmupManager.canSendMoreToday(bestIP);
-    expect(canSendMore !== undefined).toBeTrue();
-  }
-  
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(stageCount).toBeGreaterThan(0);
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.opsserver-api.ts

@@ -0,0 +1,124 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+let adminIdentity: interfaces.data.IIdentity;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    opsServerPort: 3101,
+    dbConfig: { enabled: false },
+  });
+
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should login as admin', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3101/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+
+  const response = await loginRequest.fire({
+    username: 'admin',
+    password: 'admin',
+  });
+
+  expect(response).toHaveProperty('identity');
+  adminIdentity = response.identity;
+});
+
+tap.test('should respond to health status request', async () => {
+  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
+    'http://localhost:3101/typedrequest',
+    'getHealthStatus'
+  );
+
+  const response = await healthRequest.fire({
+    identity: adminIdentity,
+    detailed: false,
+  });
+
+  expect(response).toHaveProperty('health');
+  expect(response.health.healthy).toBeTrue();
+  expect(response.health.services).toHaveProperty('OpsServer');
+});
+
+tap.test('should respond to server statistics request', async () => {
+  const statsRequest = new TypedRequest<interfaces.requests.IReq_GetServerStatistics>(
+    'http://localhost:3101/typedrequest',
+    'getServerStatistics'
+  );
+
+  const response = await statsRequest.fire({
+    identity: adminIdentity,
+    includeHistory: false,
+  });
+
+  expect(response).toHaveProperty('stats');
+  expect(response.stats).toHaveProperty('uptime');
+  expect(response.stats).toHaveProperty('cpuUsage');
+  expect(response.stats).toHaveProperty('memoryUsage');
+});
+
+tap.test('should respond to configuration request', async () => {
+  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
+    'http://localhost:3101/typedrequest',
+    'getConfiguration'
+  );
+
+  const response = await configRequest.fire({
+    identity: adminIdentity,
+  });
+
+  expect(response).toHaveProperty('config');
+  expect(response.config).toHaveProperty('system');
+  expect(response.config).toHaveProperty('smartProxy');
+  expect(response.config).toHaveProperty('email');
+  expect(response.config).toHaveProperty('dns');
+  expect(response.config).toHaveProperty('tls');
+  expect(response.config).toHaveProperty('cache');
+  expect(response.config).toHaveProperty('radius');
+  expect(response.config).toHaveProperty('remoteIngress');
+});
+
+tap.test('should handle log retrieval request', async () => {
+  const logsRequest = new TypedRequest<interfaces.requests.IReq_GetRecentLogs>(
+    'http://localhost:3101/typedrequest',
+    'getRecentLogs'
+  );
+
+  const response = await logsRequest.fire({
+    identity: adminIdentity,
+    limit: 10,
+  });
+
+  expect(response).toHaveProperty('logs');
+  expect(response).toHaveProperty('total');
+  expect(response).toHaveProperty('hasMore');
+  expect(response.logs).toBeArray();
+});
+
+tap.test('should reject unauthenticated requests', async () => {
+  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
+    'http://localhost:3101/typedrequest',
+    'getHealthStatus'
+  );
+
+  try {
+    await healthRequest.fire({} as any);
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+  }
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.protected-endpoint.ts

@@ -0,0 +1,128 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+let adminIdentity: interfaces.data.IIdentity;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    opsServerPort: 3103,
+    dbConfig: { enabled: false },
+  });
+
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should login as admin', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3103/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+
+  const response = await loginRequest.fire({
+    username: 'admin',
+    password: 'admin'
+  });
+
+  expect(response).toHaveProperty('identity');
+  adminIdentity = response.identity;
+  console.log('Admin logged in with JWT');
+});
+
+tap.test('should allow admin to verify identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3103/typedrequest',
+    'verifyIdentity'
+  );
+
+  const response = await verifyRequest.fire({
+    identity: adminIdentity,
+  });
+
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  console.log('Admin identity verified successfully');
+});
+
+tap.test('should reject verify identity without identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3103/typedrequest',
+    'verifyIdentity'
+  );
+
+  try {
+    await verifyRequest.fire({} as any);
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+    console.log('Successfully rejected request without identity');
+  }
+});
+
+tap.test('should reject verify identity with invalid JWT', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3103/typedrequest',
+    'verifyIdentity'
+  );
+
+  try {
+    await verifyRequest.fire({
+      identity: {
+        ...adminIdentity,
+        jwt: 'invalid.jwt.token'
+      },
+    });
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+    console.log('Successfully rejected request with invalid JWT');
+  }
+});
+
+tap.test('should reject protected endpoints without auth', async () => {
+  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
+    'http://localhost:3103/typedrequest',
+    'getHealthStatus'
+  );
+
+  try {
+    // No identity provided — should be rejected
+    await healthRequest.fire({} as any);
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+    console.log('Protected endpoint correctly rejects unauthenticated request');
+  }
+});
+
+tap.test('should allow authenticated access to protected endpoints', async () => {
+  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
+    'http://localhost:3103/typedrequest',
+    'getConfiguration'
+  );
+
+  const response = await configRequest.fire({
+    identity: adminIdentity,
+  });
+
+  expect(response).toHaveProperty('config');
+  expect(response.config).toHaveProperty('system');
+  expect(response.config).toHaveProperty('smartProxy');
+  expect(response.config).toHaveProperty('email');
+  expect(response.config).toHaveProperty('dns');
+  expect(response.config).toHaveProperty('tls');
+  expect(response.config).toHaveProperty('cache');
+  expect(response.config).toHaveProperty('radius');
+  expect(response.config).toHaveProperty('remoteIngress');
+  console.log('Authenticated access to config successful');
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.ratelimiter.ts

@@ -1,141 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import { RateLimiter } from '../ts/mail/delivery/classes.ratelimiter.js';
-
-tap.test('RateLimiter - should be instantiable', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 10,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  expect(limiter).toBeTruthy();
-});
-
-tap.test('RateLimiter - should allow requests within rate limit', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 5,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Should allow 5 requests
-  for (let i = 0; i < 5; i++) {
-    expect(limiter.isAllowed('test')).toEqual(true);
-  }
-  
-  // 6th request should be denied
-  expect(limiter.isAllowed('test')).toEqual(false);
-});
-
-tap.test('RateLimiter - should enforce per-key limits', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 3,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Should allow 3 requests for key1
-  for (let i = 0; i < 3; i++) {
-    expect(limiter.isAllowed('key1')).toEqual(true);
-  }
-  
-  // 4th request for key1 should be denied
-  expect(limiter.isAllowed('key1')).toEqual(false);
-  
-  // But key2 should still be allowed
-  expect(limiter.isAllowed('key2')).toEqual(true);
-});
-
-tap.test('RateLimiter - should refill tokens over time', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 2,
-    periodMs: 100, // Short period for testing
-    perKey: true
-  });
-  
-  // Use all tokens
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Wait for refill
-  await new Promise(resolve => setTimeout(resolve, 150));
-  
-  // Should have tokens again
-  expect(limiter.isAllowed('test')).toEqual(true);
-});
-
-tap.test('RateLimiter - should support burst allowance', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 2,
-    periodMs: 100,
-    perKey: true,
-    burstTokens: 2, // Allow 2 extra tokens for bursts
-    initialTokens: 4  // Start with max + burst tokens
-  });
-  
-  // Should allow 4 requests (2 regular + 2 burst)
-  for (let i = 0; i < 4; i++) {
-    expect(limiter.isAllowed('test')).toEqual(true);
-  }
-  
-  // 5th request should be denied
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Wait for refill
-  await new Promise(resolve => setTimeout(resolve, 150));
-  
-  // Should have 2 tokens again (rate-limited to normal max, not burst)
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  
-  // 3rd request after refill should fail (only normal max is refilled, not burst)
-  expect(limiter.isAllowed('test')).toEqual(false);
-});
-
-tap.test('RateLimiter - should return correct stats', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 10,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Make some requests
-  limiter.isAllowed('test');
-  limiter.isAllowed('test');
-  limiter.isAllowed('test');
-  
-  // Get stats
-  const stats = limiter.getStats('test');
-  
-  expect(stats.remaining).toEqual(7);
-  expect(stats.limit).toEqual(10);
-  expect(stats.allowed).toEqual(3);
-  expect(stats.denied).toEqual(0);
-});
-
-tap.test('RateLimiter - should reset limits', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 3,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Use all tokens
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Reset
-  limiter.reset('test');
-  
-  // Should have tokens again
-  expect(limiter.isAllowed('test')).toEqual(true);
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.reputationmonitor.ts

@@ -1,259 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-
-// Cleanup any temporary test data
-const cleanupTestData = () => {
-  const reputationDataPath = plugins.path.join(paths.dataDir, 'reputation');
-  if (plugins.fs.existsSync(reputationDataPath)) {
-    // Remove the directory recursively using fs instead of smartfile
-    plugins.fs.rmSync(reputationDataPath, { recursive: true, force: true });
-  }
-};
-
-// Helper to reset the singleton instance between tests
-const resetSingleton = () => {
-  // @ts-ignore - accessing private static field for testing
-  SenderReputationMonitor.instance = null;
-  
-  // Clean up any timeout to prevent race conditions
-  const activeSendReputationMonitors = Array.from(Object.values(global))
-    .filter((item: any) => item && typeof item === 'object' && item._idleTimeout)
-    .filter((item: any) => 
-      item._onTimeout && 
-      item._onTimeout.toString && 
-      item._onTimeout.toString().includes('updateAllDomainMetrics'));
-    
-  // Clear any active timeouts to prevent race conditions
-  activeSendReputationMonitors.forEach((timer: any) => {
-    clearTimeout(timer);
-  });
-};
-
-// Before running any tests
-tap.test('setup', async () => {
-  resetSingleton();
-  cleanupTestData();
-});
-
-// Test initialization of SenderReputationMonitor
-tap.test('should initialize SenderReputationMonitor with default settings', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance();
-  
-  expect(reputationMonitor).toBeTruthy();
-  // Check if the object has the expected methods
-  expect(typeof reputationMonitor.recordSendEvent).toEqual('function');
-  expect(typeof reputationMonitor.getReputationData).toEqual('function');
-  expect(typeof reputationMonitor.getReputationSummary).toEqual('function');
-});
-
-// Test initialization with custom settings
-tap.test('should initialize SenderReputationMonitor with custom settings', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com', 'test.com'],
-    updateFrequency: 12 * 60 * 60 * 1000, // 12 hours
-    alertThresholds: {
-      minReputationScore: 80,
-      maxComplaintRate: 0.05
-    }
-  });
-  
-  // Test adding domains
-  reputationMonitor.addDomain('newdomain.com');
-  
-  // Test retrieving reputation data
-  const data = reputationMonitor.getReputationData('example.com');
-  expect(data).toBeTruthy();
-  expect(data.domain).toEqual('example.com');
-});
-
-// Test recording and tracking send events
-tap.test('should record send events and update metrics', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record a series of events
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: true, count: 3 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: false, count: 2 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'complaint', count: 1 });
-  
-  // Check metrics
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  expect(metrics).toBeTruthy();
-  expect(metrics.volume.sent).toEqual(100);
-  expect(metrics.volume.delivered).toEqual(95);
-  expect(metrics.volume.hardBounces).toEqual(3);
-  expect(metrics.volume.softBounces).toEqual(2);
-  expect(metrics.complaints.total).toEqual(1);
-});
-
-// Test reputation score calculation
-tap.test('should calculate reputation scores correctly', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['high.com', 'medium.com', 'low.com']
-  });
-  
-  // Record events for different domains
-  reputationMonitor.recordSendEvent('high.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('high.com', { type: 'delivered', count: 990 });
-  reputationMonitor.recordSendEvent('high.com', { type: 'open', count: 500 });
-  
-  reputationMonitor.recordSendEvent('medium.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('medium.com', { type: 'delivered', count: 950 });
-  reputationMonitor.recordSendEvent('medium.com', { type: 'open', count: 300 });
-  
-  reputationMonitor.recordSendEvent('low.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('low.com', { type: 'delivered', count: 850 });
-  reputationMonitor.recordSendEvent('low.com', { type: 'open', count: 100 });
-  
-  // Get reputation summary
-  const summary = reputationMonitor.getReputationSummary();
-  expect(Array.isArray(summary)).toBeTrue();
-  expect(summary.length >= 3).toBeTrue();
-  
-  // Check that domains are included in the summary
-  const domains = summary.map(item => item.domain);
-  expect(domains.includes('high.com')).toBeTrue();
-  expect(domains.includes('medium.com')).toBeTrue();
-  expect(domains.includes('low.com')).toBeTrue();
-});
-
-// Test adding and removing domains
-tap.test('should add and remove domains for monitoring', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Add a new domain
-  reputationMonitor.addDomain('newdomain.com');
-  
-  // Record data for the new domain
-  reputationMonitor.recordSendEvent('newdomain.com', { type: 'sent', count: 50 });
-  
-  // Check that data was recorded for the new domain
-  const metrics = reputationMonitor.getReputationData('newdomain.com');
-  expect(metrics).toBeTruthy();
-  expect(metrics.volume.sent).toEqual(50);
-  
-  // Remove a domain
-  reputationMonitor.removeDomain('newdomain.com');
-  
-  // Check that data is no longer available
-  const removedMetrics = reputationMonitor.getReputationData('newdomain.com');
-  expect(removedMetrics === null).toBeTrue();
-});
-
-// Test handling open and click events
-tap.test('should track engagement metrics correctly', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record basic sending metrics
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 950 });
-  
-  // Record engagement events
-  reputationMonitor.recordSendEvent('example.com', { type: 'open', count: 500 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'click', count: 250 });
-  
-  // Check engagement metrics
-  const metrics = reputationMonitor.getReputationData('example.com');
-  expect(metrics).toBeTruthy();
-  expect(metrics.engagement.opens).toEqual(500);
-  expect(metrics.engagement.clicks).toEqual(250);
-  expect(typeof metrics.engagement.openRate).toEqual('number');
-  expect(typeof metrics.engagement.clickRate).toEqual('number');
-});
-
-// Test historical data tracking
-tap.test('should store historical reputation data', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record events over multiple days
-  const today = new Date();
-  const todayStr = today.toISOString().split('T')[0];
-  
-  // Record data
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 950 });
-  
-  // Get metrics data
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  // Check that historical data exists
-  expect(metrics.historical).toBeTruthy();
-  expect(metrics.historical.reputationScores).toBeTruthy();
-  
-  // Check that daily send volume is tracked
-  expect(metrics.volume.dailySendVolume).toBeTruthy();
-  expect(metrics.volume.dailySendVolume[todayStr]).toEqual(1000);
-});
-
-// Test event recording for different event types
-tap.test('should correctly handle different event types', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record different types of events
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: true, count: 3 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: false, count: 2 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'complaint', receivingDomain: 'gmail.com', count: 1 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'open', count: 50 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'click', count: 25 });
-  
-  // Check metrics for different event types
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  // Check volume metrics
-  expect(metrics.volume.sent).toEqual(100);
-  expect(metrics.volume.delivered).toEqual(95);
-  expect(metrics.volume.hardBounces).toEqual(3);
-  expect(metrics.volume.softBounces).toEqual(2);
-  
-  // Check complaint metrics
-  expect(metrics.complaints.total).toEqual(1);
-  expect(metrics.complaints.topDomains[0].domain).toEqual('gmail.com');
-  
-  // Check engagement metrics
-  expect(metrics.engagement.opens).toEqual(50);
-  expect(metrics.engagement.clicks).toEqual(25);
-});
-
-// After all tests, clean up
-tap.test('cleanup', async () => {
-  resetSingleton();
-  cleanupTestData();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-
-export default tap.start();

test/test.smartmail.ts

@@ -1,248 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-
-// Import the components we want to test
-import { EmailValidator } from '../ts/mail/core/classes.emailvalidator.js';
-import { TemplateManager } from '../ts/mail/core/classes.templatemanager.js';
-import { Email } from '../ts/mail/core/classes.email.js';
-
-// Ensure test directories exist
-paths.ensureDirectories();
-
-tap.test('EmailValidator - should validate email formats correctly', async (tools) => {
-  const validator = new EmailValidator();
-  
-  // Test valid email formats
-  expect(validator.isValidFormat('user@example.com')).toBeTrue();
-  expect(validator.isValidFormat('firstname.lastname@example.com')).toBeTrue();
-  expect(validator.isValidFormat('user+tag@example.com')).toBeTrue();
-  
-  // Test invalid email formats
-  expect(validator.isValidFormat('user@')).toBeFalse();
-  expect(validator.isValidFormat('@example.com')).toBeFalse();
-  expect(validator.isValidFormat('user@example')).toBeFalse();
-  expect(validator.isValidFormat('user.example.com')).toBeFalse();
-});
-
-tap.test('EmailValidator - should perform comprehensive validation', async (tools) => {
-  const validator = new EmailValidator();
-  
-  // Test basic validation (syntax-only)
-  const basicResult = await validator.validate('user@example.com', { checkSyntaxOnly: true });
-  expect(basicResult.isValid).toBeTrue();
-  expect(basicResult.details.formatValid).toBeTrue();
-  
-  // We can't reliably test MX validation in all environments, but the function should run
-  const mxResult = await validator.validate('user@example.com', { checkMx: true });
-  expect(typeof mxResult.isValid).toEqual('boolean');
-  expect(typeof mxResult.hasMx).toEqual('boolean');
-});
-
-tap.test('EmailValidator - should detect invalid emails', async (tools) => {
-  const validator = new EmailValidator();
-  
-  const invalidResult = await validator.validate('invalid@@example.com', { checkSyntaxOnly: true });
-  expect(invalidResult.isValid).toBeFalse();
-  expect(invalidResult.details.formatValid).toBeFalse();
-});
-
-tap.test('TemplateManager - should register and retrieve templates', async (tools) => {
-  const templateManager = new TemplateManager({
-    from: 'test@example.com'
-  });
-  
-  // Register a custom template
-  templateManager.registerTemplate({
-    id: 'test-template',
-    name: 'Test Template',
-    description: 'A test template',
-    from: 'test@example.com',
-    subject: 'Test Subject: {{name}}',
-    bodyHtml: '<p>Hello, {{name}}!</p>',
-    bodyText: 'Hello, {{name}}!',
-    category: 'test'
-  });
-  
-  // Get the template back
-  const template = templateManager.getTemplate('test-template');
-  expect(template).toBeTruthy();
-  expect(template.id).toEqual('test-template');
-  expect(template.subject).toEqual('Test Subject: {{name}}');
-  
-  // List templates
-  const templates = templateManager.listTemplates();
-  expect(templates.length > 0).toBeTrue();
-  expect(templates.some(t => t.id === 'test-template')).toBeTrue();
-});
-
-tap.test('TemplateManager - should create smartmail from template', async (tools) => {
-  const templateManager = new TemplateManager({
-    from: 'test@example.com'
-  });
-  
-  // Register a template
-  templateManager.registerTemplate({
-    id: 'welcome-test',
-    name: 'Welcome Test',
-    description: 'A welcome test template',
-    from: 'welcome@example.com',
-    subject: 'Welcome, {{name}}!',
-    bodyHtml: '<p>Hello, {{name}}! Welcome to our service.</p>',
-    bodyText: 'Hello, {{name}}! Welcome to our service.',
-    category: 'test'
-  });
-  
-  // Create smartmail from template
-  const smartmail = await templateManager.createSmartmail('welcome-test', {
-    name: 'John Doe'
-  });
-  
-  expect(smartmail).toBeTruthy();
-  expect(smartmail.options.from).toEqual('welcome@example.com');
-  expect(smartmail.getSubject()).toEqual('Welcome, John Doe!');
-  expect(smartmail.getBody(true).indexOf('Hello, John Doe!') > -1).toBeTrue();
-});
-
-tap.test('Email - should handle template variables', async (tools) => {
-  // Create email with variables
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.com',
-    subject: 'Hello {{name}}!',
-    text: 'Welcome, {{name}}! Your order #{{orderId}} has been processed.',
-    html: '<p>Welcome, <strong>{{name}}</strong>! Your order #{{orderId}} has been processed.</p>',
-    variables: {
-      name: 'John Doe',
-      orderId: '12345'
-    }
-  });
-  
-  // Test variable substitution
-  expect(email.getSubjectWithVariables()).toEqual('Hello John Doe!');
-  expect(email.getTextWithVariables()).toEqual('Welcome, John Doe! Your order #12345 has been processed.');
-  expect(email.getHtmlWithVariables().indexOf('<strong>John Doe</strong>') > -1).toBeTrue();
-  
-  // Test with additional variables
-  const additionalVars = {
-    name: 'Jane Smith', // Override existing variable
-    status: 'shipped'   // Add new variable
-  };
-  
-  expect(email.getSubjectWithVariables(additionalVars)).toEqual('Hello Jane Smith!');
-  
-  // Add a new variable
-  email.setVariable('trackingNumber', 'TRK123456');
-  expect(email.getTextWithVariables().indexOf('12345') > -1).toBeTrue();
-  
-  // Update multiple variables at once
-  email.setVariables({
-    orderId: '67890',
-    status: 'delivered'
-  });
-  
-  expect(email.getTextWithVariables().indexOf('67890') > -1).toBeTrue();
-});
-
-tap.test('Email and Smartmail compatibility - should convert between formats', async (tools) => {
-  // Create a Smartmail instance
-  const smartmail = new plugins.smartmail.Smartmail({
-    from: 'smartmail@example.com',
-    subject: 'Test Subject',
-    body: '<p>This is a test email.</p>',
-    creationObjectRef: {
-      orderId: '12345'
-    }
-  });
-  
-  // Add recipient and attachment
-  smartmail.addRecipient('recipient@example.com');
-  
-  const attachment = await plugins.smartfile.SmartFile.fromString(
-    'test.txt',
-    'This is a test attachment',
-    'utf8',
-  );
-  
-  smartmail.addAttachment(attachment);
-  
-  // Convert to Email
-  const resolvedSmartmail = await smartmail;
-  const email = Email.fromSmartmail(resolvedSmartmail);
-  
-  // Verify first conversion (Smartmail to Email)
-  expect(email.from).toEqual('smartmail@example.com');
-  expect(email.to.indexOf('recipient@example.com') > -1).toBeTrue();
-  expect(email.subject).toEqual('Test Subject');
-  expect(email.html?.indexOf('This is a test email') > -1).toBeTrue();
-  expect(email.attachments.length).toEqual(1);
-  
-  // Convert back to Smartmail
-  const convertedSmartmail = await email.toSmartmail();
-  
-  // Verify second conversion (Email back to Smartmail) with simplified assertions
-  expect(convertedSmartmail.options.from).toEqual('smartmail@example.com');
-  expect(Array.isArray(convertedSmartmail.options.to)).toBeTrue();
-  expect(convertedSmartmail.options.to.length).toEqual(1);
-  expect(convertedSmartmail.getSubject()).toEqual('Test Subject');
-  expect(convertedSmartmail.getBody(true).indexOf('This is a test email') > -1).toBeTrue();
-  expect(convertedSmartmail.attachments.length).toEqual(1);
-});
-
-tap.test('Email - should validate email addresses', async (tools) => {
-  // Attempt to create an email with invalid addresses
-  let errorThrown = false;
-  
-  try {
-    const email = new Email({
-      from: 'invalid-email',
-      to: 'recipient@example.com',
-      subject: 'Test',
-      text: 'Test'
-    });
-  } catch (error) {
-    errorThrown = true;
-    expect(error.message.indexOf('Invalid sender email address') > -1).toBeTrue();
-  }
-  
-  expect(errorThrown).toBeTrue();
-  
-  // Attempt with invalid recipient
-  errorThrown = false;
-  
-  try {
-    const email = new Email({
-      from: 'sender@example.com',
-      to: 'invalid-recipient',
-      subject: 'Test',
-      text: 'Test'
-    });
-  } catch (error) {
-    errorThrown = true;
-    expect(error.message.indexOf('Invalid recipient email address') > -1).toBeTrue();
-  }
-  
-  expect(errorThrown).toBeTrue();
-  
-  // Valid email should not throw
-  let validEmail: Email;
-  try {
-    validEmail = new Email({
-      from: 'sender@example.com',
-      to: 'recipient@example.com',
-      subject: 'Test',
-      text: 'Test'
-    });
-    
-    expect(validEmail).toBeTruthy();
-    expect(validEmail.from).toEqual('sender@example.com');
-  } catch (error) {
-    expect(error === undefined).toBeTrue(); // This should not happen
-  }
-});
-
-tap.test('stop', async () => {
-  tap.stopForcefully();
-})
-
-export default tap.start();

test/test.ts

@@ -1,9 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-
-tap.test('should create a platform service', async () => {});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test_watch/devserver.ts

@@ -0,0 +1,70 @@
+import { DcRouter } from '../ts/index.js';
+
+const devRouter = new DcRouter({
+  // Server public IP (used for VPN AllowedIPs)
+  publicIp: '203.0.113.1',
+  // SmartProxy routes for development/demo
+  smartProxyConfig: {
+    routes: [
+      {
+        name: 'web-traffic',
+        match: { ports: [18080], domains: ['example.com', '*.example.com'] },
+        action: { type: 'forward', targets: [{ host: 'localhost', port: 3001 }] },
+      },
+      {
+        name: 'api-gateway',
+        match: { ports: [18080], domains: ['api.example.com'], path: '/v1/*' },
+        action: { type: 'forward', targets: [{ host: 'localhost', port: 4000 }] },
+      },
+      {
+        name: 'tls-passthrough',
+        match: { ports: [18443], domains: ['secure.example.com'] },
+        action: {
+          type: 'forward',
+          targets: [{ host: 'localhost', port: 4443 }],
+          tls: { mode: 'passthrough' },
+        },
+      },
+      {
+        name: 'vpn-internal-app',
+        match: { ports: [18080], domains: ['internal.example.com'] },
+        action: { type: 'forward', targets: [{ host: 'localhost', port: 5000 }] },
+        vpn: { enabled: true },
+      },
+      {
+        name: 'vpn-eng-dashboard',
+        match: { ports: [18080], domains: ['eng.example.com'] },
+        action: { type: 'forward', targets: [{ host: 'localhost', port: 5001 }] },
+        vpn: { enabled: true, allowedServerDefinedClientTags: ['engineering'] },
+      },
+    ] as any[],
+  },
+  // VPN with pre-defined clients
+  vpnConfig: {
+    enabled: true,
+    serverEndpoint: 'vpn.dev.local',
+    clients: [
+      { clientId: 'dev-laptop', serverDefinedClientTags: ['engineering', 'dev'], description: 'Developer laptop' },
+      { clientId: 'ci-runner', serverDefinedClientTags: ['engineering', 'ci'], description: 'CI/CD pipeline' },
+      { clientId: 'admin-desktop', serverDefinedClientTags: ['admin'], description: 'Admin workstation' },
+    ],
+  },
+  // Disable db/mongo for dev
+  dbConfig: { enabled: false },
+});
+
+console.log('Starting DcRouter in development mode...');
+
+await devRouter.start();
+
+// Graceful shutdown handlers
+const shutdown = async () => {
+  console.log('\nShutting down...');
+  await devRouter.stop();
+  process.exit(0);
+};
+
+process.on('SIGINT', shutdown);
+process.on('SIGTERM', shutdown);
+
+console.log('DcRouter dev server running. Press Ctrl+C to stop.');

ts/00_commitinfo_data.ts

@@ -2,7 +2,7 @@
  * autocreated commitinfo by @push.rocks/commitinfo
  */
 export const commitinfo = {
-  name: '@serve.zone/platformservice',
-  version: '2.12.0',
-  description: 'A multifaceted platform service handling mail, SMS, letter delivery, and AI services.'
+  name: '@serve.zone/dcrouter',
+  version: '12.1.0',
+  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

ts/aibridge/classes.aibridge.ts

@@ -1,3 +0,0 @@
-export class AIBridge {
-  
-}

ts/classes.cert-provision-scheduler.ts

@@ -0,0 +1,165 @@
+import { logger } from './logger.js';
+import { CertBackoffDoc } from './db/index.js';
+
+interface IBackoffEntry {
+  failures: number;
+  lastFailure: string; // ISO string
+  retryAfter: string;  // ISO string
+  lastError?: string;
+}
+
+/**
+ * Manages certificate provisioning scheduling with:
+ * - Per-domain exponential backoff persisted via CertBackoffDoc
+ *
+ * Note: Serial stagger queue was removed — smartacme v9 handles
+ * concurrency, per-domain dedup, and rate limiting internally.
+ */
+export class CertProvisionScheduler {
+  private maxBackoffHours: number;
+
+  // In-memory backoff cache (mirrors storage for fast lookups)
+  private backoffCache = new Map<string, IBackoffEntry>();
+
+  constructor(
+    options?: { maxBackoffHours?: number }
+  ) {
+    this.maxBackoffHours = options?.maxBackoffHours ?? 24;
+  }
+
+  /**
+   * Sanitized domain key for storage lookups
+   */
+  private sanitizeDomain(domain: string): string {
+    return domain.replace(/\*/g, '_wildcard_').replace(/[^a-zA-Z0-9._-]/g, '_');
+  }
+
+  /**
+   * Load backoff entry from database (with in-memory cache)
+   */
+  private async loadBackoff(domain: string): Promise<IBackoffEntry | null> {
+    const cached = this.backoffCache.get(domain);
+    if (cached) return cached;
+
+    const sanitized = this.sanitizeDomain(domain);
+    const doc = await CertBackoffDoc.findByDomain(sanitized);
+    if (doc) {
+      const entry: IBackoffEntry = {
+        failures: doc.failures,
+        lastFailure: doc.lastFailure,
+        retryAfter: doc.retryAfter,
+        lastError: doc.lastError,
+      };
+      this.backoffCache.set(domain, entry);
+      return entry;
+    }
+    return null;
+  }
+
+  /**
+   * Save backoff entry to both cache and database
+   */
+  private async saveBackoff(domain: string, entry: IBackoffEntry): Promise<void> {
+    this.backoffCache.set(domain, entry);
+    const sanitized = this.sanitizeDomain(domain);
+    let doc = await CertBackoffDoc.findByDomain(sanitized);
+    if (!doc) {
+      doc = new CertBackoffDoc();
+      doc.domain = sanitized;
+    }
+    doc.failures = entry.failures;
+    doc.lastFailure = entry.lastFailure;
+    doc.retryAfter = entry.retryAfter;
+    doc.lastError = entry.lastError || '';
+    await doc.save();
+  }
+
+  /**
+   * Check if a domain is currently in backoff.
+   * Expired entries are pruned from the cache to prevent unbounded growth.
+   */
+  async isInBackoff(domain: string): Promise<boolean> {
+    const entry = await this.loadBackoff(domain);
+    if (!entry) return false;
+
+    const retryAfter = new Date(entry.retryAfter);
+    if (retryAfter.getTime() > Date.now()) {
+      return true;
+    }
+
+    // Backoff has expired — prune the stale entry
+    this.backoffCache.delete(domain);
+    return false;
+  }
+
+  /**
+   * Record a provisioning failure for a domain.
+   * Sets exponential backoff: min(failures^2 * 1h, maxBackoffHours)
+   */
+  async recordFailure(domain: string, error?: string): Promise<void> {
+    const existing = await this.loadBackoff(domain);
+    const failures = (existing?.failures ?? 0) + 1;
+
+    // Exponential backoff: failures^2 hours, capped
+    const backoffHours = Math.min(failures * failures, this.maxBackoffHours);
+    const retryAfter = new Date(Date.now() + backoffHours * 60 * 60 * 1000);
+
+    const entry: IBackoffEntry = {
+      failures,
+      lastFailure: new Date().toISOString(),
+      retryAfter: retryAfter.toISOString(),
+      lastError: error,
+    };
+
+    await this.saveBackoff(domain, entry);
+    logger.log('warn', `Cert backoff for ${domain}: ${failures} failures, retry after ${retryAfter.toISOString()}`);
+  }
+
+  /**
+   * Clear backoff for a domain (on success or manual override)
+   */
+  async clearBackoff(domain: string): Promise<void> {
+    this.backoffCache.delete(domain);
+    try {
+      const sanitized = this.sanitizeDomain(domain);
+      const doc = await CertBackoffDoc.findByDomain(sanitized);
+      if (doc) {
+        await doc.delete();
+      }
+    } catch {
+      // Ignore delete errors (doc may not exist)
+    }
+  }
+
+  /**
+   * Clear all in-memory backoff cache entries
+   */
+  public clear(): void {
+    this.backoffCache.clear();
+  }
+
+  /**
+   * Get backoff info for UI display
+   */
+  async getBackoffInfo(domain: string): Promise<{
+    failures: number;
+    retryAfter?: string;
+    lastError?: string;
+  } | null> {
+    const entry = await this.loadBackoff(domain);
+    if (!entry) return null;
+
+    // Only return if still in backoff — prune expired entries
+    const retryAfter = new Date(entry.retryAfter);
+    if (retryAfter.getTime() <= Date.now()) {
+      this.backoffCache.delete(domain);
+      return null;
+    }
+
+    return {
+      failures: entry.failures,
+      retryAfter: entry.retryAfter,
+      lastError: entry.lastError,
+    };
+  }
+}

ts/classes.platformservicedb.ts

@@ -1,27 +0,0 @@
-import * as plugins from './plugins.js';
-import { SzPlatformService } from './platformservice.js';
-
-
-
-export class PlatformServiceDb {
-  public smartdataDb: plugins.smartdata.SmartdataDb;
-  public platformserviceRef: SzPlatformService;
-
-  constructor(platformserviceRefArg: SzPlatformService) {
-    this.platformserviceRef = platformserviceRefArg;
-  }
-
-  public async start() {
-    this.smartdataDb = new plugins.smartdata.SmartdataDb({
-      mongoDbUser: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_USER'),
-      mongoDbName: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_NAME'),
-      mongoDbPass: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_PASS'),
-      mongoDbUrl: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_URL'),
-    });
-    await this.smartdataDb.init();
-  }
-
-  public async stop() {
-    await this.smartdataDb.close();
-  }
-}

ts/classes.smtp.portconfig.ts

@@ -1,295 +0,0 @@
-import * as plugins from './plugins.js';
-
-/**
- * Configuration options for TLS in SMTP connections
- */
-export interface ISmtpTlsOptions {
-  /** Enable TLS for this SMTP port */
-  enabled: boolean;
-  /** Whether to use STARTTLS (upgrade plain connection) or implicit TLS */
-  useStartTls?: boolean;
-  /** Required TLS protocol version (defaults to TLSv1.2) */
-  minTlsVersion?: 'TLSv1.0' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3';
-  /** TLS ciphers to allow (comma-separated list) */
-  allowedCiphers?: string;
-  /** Whether to require client certificate for authentication */
-  requireClientCert?: boolean;
-  /** Whether to verify client certificate if provided */
-  verifyClientCert?: boolean;
-}
-
-/**
- * Rate limiting options for SMTP connections
- */
-export interface ISmtpRateLimitOptions {
-  /** Maximum connections per minute from a single IP */
-  maxConnectionsPerMinute?: number;
-  /** Maximum concurrent connections from a single IP */
-  maxConcurrentConnections?: number;
-  /** Maximum emails per minute from a single IP */
-  maxEmailsPerMinute?: number;
-  /** Maximum recipients per email */
-  maxRecipientsPerEmail?: number;
-  /** Maximum email size in bytes */
-  maxEmailSize?: number;
-  /** Action to take when rate limit is exceeded (default: 'tempfail') */
-  rateLimitAction?: 'tempfail' | 'drop' | 'delay';
-}
-
-/**
- * Configuration for a specific SMTP port
- */
-export interface ISmtpPortSettings {
-  /** The port number to listen on */
-  port: number;
-  /** Whether this port is enabled */
-  enabled?: boolean;
-  /** Port description (e.g., "Submission Port") */
-  description?: string;
-  /** Whether to require authentication for this port */
-  requireAuth?: boolean;
-  /** TLS options for this port */
-  tls?: ISmtpTlsOptions;
-  /** Rate limiting settings for this port */
-  rateLimit?: ISmtpRateLimitOptions;
-  /** Maximum message size in bytes for this port */
-  maxMessageSize?: number;
-  /** Whether to enable SMTP extensions like PIPELINING, 8BITMIME, etc. */
-  smtpExtensions?: {
-    /** Enable PIPELINING extension */
-    pipelining?: boolean;
-    /** Enable 8BITMIME extension */
-    eightBitMime?: boolean;
-    /** Enable SIZE extension */
-    size?: boolean;
-    /** Enable ENHANCEDSTATUSCODES extension */
-    enhancedStatusCodes?: boolean;
-    /** Enable DSN extension */
-    dsn?: boolean;
-  };
-  /** Custom SMTP greeting banner */
-  banner?: string;
-}
-
-/**
- * Configuration manager for SMTP ports
- */
-export class SmtpPortConfig {
-  /** Port configurations */
-  private portConfigs: Map<number, ISmtpPortSettings> = new Map();
-
-  /** Default port configurations */
-  private static readonly DEFAULT_CONFIGS: Record<number, Partial<ISmtpPortSettings>> = {
-    // Port 25: Standard SMTP
-    25: {
-      description: 'Standard SMTP',
-      requireAuth: false,
-      tls: {
-        enabled: true,
-        useStartTls: true,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 60,
-        maxConcurrentConnections: 10,
-        maxEmailsPerMinute: 30
-      },
-      maxMessageSize: 20 * 1024 * 1024 // 20MB
-    },
-    // Port 587: Submission
-    587: {
-      description: 'Submission Port',
-      requireAuth: true,
-      tls: {
-        enabled: true,
-        useStartTls: true,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 100,
-        maxConcurrentConnections: 20,
-        maxEmailsPerMinute: 60
-      },
-      maxMessageSize: 50 * 1024 * 1024 // 50MB
-    },
-    // Port 465: SMTPS (Legacy Implicit TLS)
-    465: {
-      description: 'SMTPS (Implicit TLS)',
-      requireAuth: true,
-      tls: {
-        enabled: true,
-        useStartTls: false,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 100,
-        maxConcurrentConnections: 20,
-        maxEmailsPerMinute: 60
-      },
-      maxMessageSize: 50 * 1024 * 1024 // 50MB
-    }
-  };
-
-  /**
-   * Create a new SmtpPortConfig
-   * @param initialConfigs Optional initial port configurations
-   */
-  constructor(initialConfigs?: ISmtpPortSettings[]) {
-    // Initialize with default configurations for standard SMTP ports
-    this.initializeDefaults();
-
-    // Apply custom configurations if provided
-    if (initialConfigs) {
-      for (const config of initialConfigs) {
-        this.setPortConfig(config);
-      }
-    }
-  }
-
-  /**
-   * Initialize port configurations with defaults
-   */
-  private initializeDefaults(): void {
-    // Set up default configurations for standard SMTP ports: 25, 587, 465
-    Object.entries(SmtpPortConfig.DEFAULT_CONFIGS).forEach(([portStr, defaults]) => {
-      const port = parseInt(portStr, 10);
-      this.portConfigs.set(port, {
-        port,
-        enabled: true,
-        ...defaults
-      });
-    });
-  }
-
-  /**
-   * Get configuration for a specific port
-   * @param port Port number
-   * @returns Port configuration or null if not found
-   */
-  public getPortConfig(port: number): ISmtpPortSettings | null {
-    return this.portConfigs.get(port) || null;
-  }
-
-  /**
-   * Get all configured ports
-   * @returns Array of port configurations
-   */
-  public getAllPortConfigs(): ISmtpPortSettings[] {
-    return Array.from(this.portConfigs.values());
-  }
-
-  /**
-   * Get only enabled port configurations
-   * @returns Array of enabled port configurations
-   */
-  public getEnabledPortConfigs(): ISmtpPortSettings[] {
-    return this.getAllPortConfigs().filter(config => config.enabled !== false);
-  }
-
-  /**
-   * Set configuration for a specific port
-   * @param config Port configuration
-   */
-  public setPortConfig(config: ISmtpPortSettings): void {
-    // Get existing config if any
-    const existingConfig = this.portConfigs.get(config.port) || { port: config.port };
-
-    // Merge with new configuration
-    this.portConfigs.set(config.port, {
-      ...existingConfig,
-      ...config
-    });
-  }
-
-  /**
-   * Remove configuration for a specific port
-   * @param port Port number
-   * @returns Whether the configuration was removed
-   */
-  public removePortConfig(port: number): boolean {
-    return this.portConfigs.delete(port);
-  }
-
-  /**
-   * Disable a specific port
-   * @param port Port number
-   * @returns Whether the port was disabled
-   */
-  public disablePort(port: number): boolean {
-    const config = this.portConfigs.get(port);
-    if (config) {
-      config.enabled = false;
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Enable a specific port
-   * @param port Port number
-   * @returns Whether the port was enabled
-   */
-  public enablePort(port: number): boolean {
-    const config = this.portConfigs.get(port);
-    if (config) {
-      config.enabled = true;
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Convert port configurations to SmartProxy routes
-   * @returns Array of SmartProxy routes
-   */
-  public toSmartProxyRoutes(): plugins.smartproxy.IRouteConfig[] {
-    const enabledPorts = this.getEnabledPortConfigs();
-    const routes: plugins.smartproxy.IRouteConfig[] = [];
-
-    // Add configured ports as routes
-    for (const portConfig of enabledPorts) {
-      // Create a route for each SMTP port
-      const route: plugins.smartproxy.IRouteConfig = {
-        name: `smtp-port-${portConfig.port}`,
-        match: {
-          ports: [portConfig.port]
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: 'localhost',
-            port: portConfig.port + 10000  // Map to internal port (e.g., 25 -> 10025)
-          }
-        }
-      };
-
-      // Apply TLS settings
-      if (portConfig.port === 465 && portConfig.tls?.enabled) {
-        // For implicit TLS on port 465
-        route.action.tls = {
-          mode: 'terminate',
-          certificate: 'auto'
-        };
-      } else if (portConfig.tls?.useStartTls) {
-        // For STARTTLS on ports 25 and 587
-        route.action.tls = {
-          mode: 'passthrough'
-        };
-      }
-
-      routes.push(route);
-    }
-
-    return routes;
-  }
-
-  /**
-   * Apply port configurations to SmartProxy settings
-   * @param smartProxy SmartProxy instance
-   * @deprecated Use toSmartProxyRoutes() instead to generate routes
-   */
-  public applyToSmartProxy(smartProxy: plugins.smartproxy.SmartProxy): void {
-    console.warn('SmtpPortConfig.applyToSmartProxy() is deprecated. Use toSmartProxyRoutes() instead.');
-    // This method is deprecated and no longer functional
-  }
-}

ts/classes.storage-cert-manager.ts

@@ -0,0 +1,58 @@
+import * as plugins from './plugins.js';
+import { AcmeCertDoc } from './db/index.js';
+
+/**
+ * ICertManager implementation backed by smartdata document classes.
+ * Persists SmartAcme certificates via AcmeCertDoc so they
+ * survive process restarts without re-hitting ACME.
+ */
+export class StorageBackedCertManager implements plugins.smartacme.ICertManager {
+  constructor() {}
+
+  async init(): Promise<void> {}
+
+  async retrieveCertificate(domainName: string): Promise<plugins.smartacme.Cert | null> {
+    const doc = await AcmeCertDoc.findByDomain(domainName);
+    if (!doc) return null;
+    return new plugins.smartacme.Cert({
+      id: doc.id,
+      domainName: doc.domainName,
+      created: doc.created,
+      privateKey: doc.privateKey,
+      publicKey: doc.publicKey,
+      csr: doc.csr,
+      validUntil: doc.validUntil,
+    });
+  }
+
+  async storeCertificate(cert: plugins.smartacme.Cert): Promise<void> {
+    let doc = await AcmeCertDoc.findByDomain(cert.domainName);
+    if (!doc) {
+      doc = new AcmeCertDoc();
+      doc.domainName = cert.domainName;
+    }
+    doc.id = cert.id;
+    doc.created = cert.created;
+    doc.privateKey = cert.privateKey;
+    doc.publicKey = cert.publicKey;
+    doc.csr = cert.csr;
+    doc.validUntil = cert.validUntil;
+    await doc.save();
+  }
+
+  async deleteCertificate(domainName: string): Promise<void> {
+    const doc = await AcmeCertDoc.findByDomain(domainName);
+    if (doc) {
+      await doc.delete();
+    }
+  }
+
+  async close(): Promise<void> {}
+
+  async wipe(): Promise<void> {
+    const docs = await AcmeCertDoc.findAll();
+    for (const doc of docs) {
+      await doc.delete();
+    }
+  }
+}

ts/config/base.config.ts

@@ -1,433 +0,0 @@
-/**
- * Base configuration interface with common properties for all services
- */
-export interface IBaseConfig {
-  /** 
-   * Unique identifier for this configuration
-   * Used to track configuration versions and changes
-   */
-  id?: string;
-
-  /**
-   * Configuration version
-   * Used for migration between different config formats
-   */
-  version?: string;
-
-  /**
-   * Environment this configuration is intended for
-   * (development, test, production, etc.)
-   */
-  environment?: 'development' | 'test' | 'staging' | 'production';
-
-  /**
-   * Display name for this configuration
-   */
-  name?: string;
-
-  /**
-   * Whether this configuration is enabled
-   * Services with disabled configuration shouldn't start
-   */
-  enabled?: boolean;
-  
-  /**
-   * Logging configuration
-   */
-  logging?: {
-    /**
-     * Minimum log level to output
-     */
-    level?: 'error' | 'warn' | 'info' | 'debug';
-    
-    /**
-     * Whether to include structured data in logs
-     */
-    structured?: boolean;
-    
-    /**
-     * Whether to enable correlation tracking in logs
-     */
-    correlationTracking?: boolean;
-  };
-}
-
-/**
- * Base database configuration
- */
-export interface IDatabaseConfig {
-  /**
-   * Database connection string or URL
-   */
-  connectionString?: string;
-  
-  /**
-   * Database host
-   */
-  host?: string;
-  
-  /**
-   * Database port
-   */
-  port?: number;
-  
-  /**
-   * Database name
-   */
-  database?: string;
-  
-  /**
-   * Database username
-   */
-  username?: string;
-  
-  /**
-   * Database password
-   */
-  password?: string;
-  
-  /**
-   * SSL configuration for database connection
-   */
-  ssl?: boolean | {
-    /**
-     * Whether to reject unauthorized SSL connections
-     */
-    rejectUnauthorized?: boolean;
-    
-    /**
-     * Path to CA certificate file
-     */
-    ca?: string;
-    
-    /**
-     * Path to client certificate file
-     */
-    cert?: string;
-    
-    /**
-     * Path to client key file
-     */
-    key?: string;
-  };
-  
-  /**
-   * Connection pool configuration
-   */
-  pool?: {
-    /**
-     * Minimum number of connections in pool
-     */
-    min?: number;
-    
-    /**
-     * Maximum number of connections in pool
-     */
-    max?: number;
-    
-    /**
-     * Connection idle timeout in milliseconds
-     */
-    idleTimeoutMillis?: number;
-  };
-}
-
-/**
- * Base TLS configuration interface
- */
-export interface ITlsConfig {
-  /**
-   * Whether to enable TLS
-   */
-  enabled?: boolean;
-  
-  /**
-   * The domain name for the certificate
-   */
-  domain?: string;
-  
-  /**
-   * Path to certificate file
-   */
-  certPath?: string;
-  
-  /**
-   * Path to private key file
-   */
-  keyPath?: string;
-  
-  /**
-   * Path to CA certificate file
-   */
-  caPath?: string;
-  
-  /**
-   * Minimum TLS version to support
-   */
-  minVersion?: 'TLSv1.2' | 'TLSv1.3';
-  
-  /**
-   * Whether to auto-renew certificates
-   */
-  autoRenew?: boolean;
-  
-  /**
-   * Whether to reject unauthorized certificates
-   */
-  rejectUnauthorized?: boolean;
-}
-
-/**
- * Base retry configuration interface
- */
-export interface IRetryConfig {
-  /**
-   * Maximum number of retry attempts
-   */
-  maxAttempts?: number;
-  
-  /**
-   * Base delay between retries in milliseconds
-   */
-  baseDelay?: number;
-  
-  /**
-   * Maximum delay between retries in milliseconds
-   */
-  maxDelay?: number;
-  
-  /**
-   * Backoff factor for exponential backoff
-   */
-  backoffFactor?: number;
-  
-  /**
-   * Specific error codes that should trigger retries
-   */
-  retryableErrorCodes?: string[];
-  
-  /**
-   * Whether to add jitter to retry delays
-   */
-  useJitter?: boolean;
-}
-
-/**
- * Base rate limiting configuration interface
- */
-export interface IRateLimitConfig {
-  /**
-   * Whether rate limiting is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Maximum number of operations per period
-   */
-  maxPerPeriod?: number;
-  
-  /**
-   * Time period in milliseconds
-   */
-  periodMs?: number;
-  
-  /**
-   * Whether to apply per key (e.g., domain, user, etc.)
-   */
-  perKey?: boolean;
-  
-  /**
-   * Number of burst tokens allowed
-   */
-  burstTokens?: number;
-}
-
-/**
- * Basic HTTP server configuration
- */
-export interface IHttpServerConfig {
-  /**
-   * Whether the HTTP server is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Host to bind to
-   */
-  host?: string;
-  
-  /**
-   * Port to listen on
-   */
-  port?: number;
-  
-  /**
-   * Path prefix for all routes
-   */
-  basePath?: string;
-  
-  /**
-   * CORS configuration
-   */
-  cors?: boolean | {
-    /**
-     * Allowed origins
-     */
-    origins?: string[];
-    
-    /**
-     * Allowed methods
-     */
-    methods?: string[];
-    
-    /**
-     * Allowed headers
-     */
-    headers?: string[];
-    
-    /**
-     * Whether to allow credentials
-     */
-    credentials?: boolean;
-  };
-  
-  /**
-   * TLS configuration
-   */
-  tls?: ITlsConfig;
-  
-  /**
-   * Maximum request body size in bytes
-   */
-  maxBodySize?: number;
-  
-  /**
-   * Request timeout in milliseconds
-   */
-  timeout?: number;
-}
-
-/**
- * Basic queue configuration
- */
-export interface IQueueConfig {
-  /**
-   * Type of storage for the queue
-   */
-  storageType?: 'memory' | 'disk' | 'redis';
-  
-  /**
-   * Path for persistent storage
-   */
-  persistentPath?: string;
-  
-  /**
-   * Redis configuration for queue
-   */
-  redis?: {
-    /**
-     * Redis host
-     */
-    host?: string;
-    
-    /**
-     * Redis port
-     */
-    port?: number;
-    
-    /**
-     * Redis password
-     */
-    password?: string;
-    
-    /**
-     * Redis database number
-     */
-    db?: number;
-  };
-  
-  /**
-   * Maximum size of the queue
-   */
-  maxSize?: number;
-  
-  /**
-   * Maximum number of retry attempts
-   */
-  maxRetries?: number;
-  
-  /**
-   * Base delay between retries in milliseconds
-   */
-  baseRetryDelay?: number;
-  
-  /**
-   * Maximum delay between retries in milliseconds
-   */
-  maxRetryDelay?: number;
-  
-  /**
-   * Check interval for processing in milliseconds
-   */
-  checkInterval?: number;
-  
-  /**
-   * Maximum number of parallel processes
-   */
-  maxParallelProcessing?: number;
-}
-
-/**
- * Basic monitoring configuration
- */
-export interface IMonitoringConfig {
-  /**
-   * Whether monitoring is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Metrics collection interval in milliseconds
-   */
-  metricsInterval?: number;
-  
-  /**
-   * Whether to expose Prometheus metrics
-   */
-  exposePrometheus?: boolean;
-  
-  /**
-   * Port for Prometheus metrics
-   */
-  prometheusPort?: number;
-  
-  /**
-   * Whether to collect detailed metrics
-   */
-  detailedMetrics?: boolean;
-  
-  /**
-   * Alert thresholds
-   */
-  alertThresholds?: Record<string, number>;
-  
-  /**
-   * Notification configuration
-   */
-  notifications?: {
-    /**
-     * Whether to send notifications
-     */
-    enabled?: boolean;
-    
-    /**
-     * Email address to send notifications to
-     */
-    email?: string;
-    
-    /**
-     * Webhook URL to send notifications to
-     */
-    webhook?: string;
-  };
-}

ts/config/classes.api-token-manager.ts

@@ -0,0 +1,204 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { ApiTokenDoc } from '../db/index.js';
+import type {
+  IStoredApiToken,
+  IApiTokenInfo,
+  TApiTokenScope,
+} from '../../ts_interfaces/data/route-management.js';
+
+const TOKEN_PREFIX_STR = 'dcr_';
+
+export class ApiTokenManager {
+  private tokens = new Map<string, IStoredApiToken>();
+
+  constructor() {}
+
+  public async initialize(): Promise<void> {
+    await this.loadTokens();
+    if (this.tokens.size > 0) {
+      logger.log('info', `Loaded ${this.tokens.size} API token(s) from storage`);
+    }
+  }
+
+  // =========================================================================
+  // Token lifecycle
+  // =========================================================================
+
+  /**
+   * Create a new API token. Returns the raw token value (shown once).
+   */
+  public async createToken(
+    name: string,
+    scopes: TApiTokenScope[],
+    expiresInDays: number | null,
+    createdBy: string,
+  ): Promise<{ id: string; rawToken: string }> {
+    const id = plugins.uuid.v4();
+    const randomBytes = plugins.crypto.randomBytes(32);
+    const rawPayload = `${id}:${randomBytes.toString('base64url')}`;
+    const rawToken = `${TOKEN_PREFIX_STR}${rawPayload}`;
+
+    const tokenHash = plugins.crypto.createHash('sha256').update(rawToken).digest('hex');
+
+    const now = Date.now();
+    const stored: IStoredApiToken = {
+      id,
+      name,
+      tokenHash,
+      scopes,
+      createdAt: now,
+      expiresAt: expiresInDays != null ? now + expiresInDays * 86400000 : null,
+      lastUsedAt: null,
+      createdBy,
+      enabled: true,
+    };
+
+    this.tokens.set(id, stored);
+    await this.persistToken(stored);
+    logger.log('info', `API token '${name}' created (id: ${id})`);
+    return { id, rawToken };
+  }
+
+  /**
+   * Validate a raw token string. Returns the stored token if valid, null otherwise.
+   * Also updates lastUsedAt.
+   */
+  public async validateToken(rawToken: string): Promise<IStoredApiToken | null> {
+    if (!rawToken.startsWith(TOKEN_PREFIX_STR)) return null;
+
+    const hash = plugins.crypto.createHash('sha256').update(rawToken).digest('hex');
+
+    for (const stored of this.tokens.values()) {
+      if (stored.tokenHash === hash) {
+        if (!stored.enabled) return null;
+        if (stored.expiresAt !== null && stored.expiresAt < Date.now()) return null;
+
+        // Update lastUsedAt (fire and forget)
+        stored.lastUsedAt = Date.now();
+        this.persistToken(stored).catch(() => {});
+        return stored;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Check if a token has a specific scope.
+   */
+  public hasScope(token: IStoredApiToken, scope: TApiTokenScope): boolean {
+    return token.scopes.includes(scope);
+  }
+
+  /**
+   * List all tokens (safe info only, no hashes).
+   */
+  public listTokens(): IApiTokenInfo[] {
+    const result: IApiTokenInfo[] = [];
+    for (const stored of this.tokens.values()) {
+      result.push({
+        id: stored.id,
+        name: stored.name,
+        scopes: stored.scopes,
+        createdAt: stored.createdAt,
+        expiresAt: stored.expiresAt,
+        lastUsedAt: stored.lastUsedAt,
+        enabled: stored.enabled,
+      });
+    }
+    return result;
+  }
+
+  /**
+   * Revoke (delete) a token.
+   */
+  public async revokeToken(id: string): Promise<boolean> {
+    if (!this.tokens.has(id)) return false;
+    const token = this.tokens.get(id)!;
+    this.tokens.delete(id);
+    const doc = await ApiTokenDoc.findById(id);
+    if (doc) await doc.delete();
+    logger.log('info', `API token '${token.name}' revoked (id: ${id})`);
+    return true;
+  }
+
+  /**
+   * Roll (regenerate) a token's secret while keeping its identity.
+   * Returns the new raw token value (shown once).
+   */
+  public async rollToken(id: string): Promise<{ id: string; rawToken: string } | null> {
+    const stored = this.tokens.get(id);
+    if (!stored) return null;
+
+    const randomBytes = plugins.crypto.randomBytes(32);
+    const rawPayload = `${id}:${randomBytes.toString('base64url')}`;
+    const rawToken = `${TOKEN_PREFIX_STR}${rawPayload}`;
+
+    stored.tokenHash = plugins.crypto.createHash('sha256').update(rawToken).digest('hex');
+    await this.persistToken(stored);
+    logger.log('info', `API token '${stored.name}' rolled (id: ${id})`);
+    return { id, rawToken };
+  }
+
+  /**
+   * Enable or disable a token.
+   */
+  public async toggleToken(id: string, enabled: boolean): Promise<boolean> {
+    const stored = this.tokens.get(id);
+    if (!stored) return false;
+    stored.enabled = enabled;
+    await this.persistToken(stored);
+    logger.log('info', `API token '${stored.name}' ${enabled ? 'enabled' : 'disabled'} (id: ${id})`);
+    return true;
+  }
+
+  // =========================================================================
+  // Private
+  // =========================================================================
+
+  private async loadTokens(): Promise<void> {
+    const docs = await ApiTokenDoc.findAll();
+    for (const doc of docs) {
+      if (doc.id) {
+        this.tokens.set(doc.id, {
+          id: doc.id,
+          name: doc.name,
+          tokenHash: doc.tokenHash,
+          scopes: doc.scopes,
+          createdAt: doc.createdAt,
+          expiresAt: doc.expiresAt,
+          lastUsedAt: doc.lastUsedAt,
+          createdBy: doc.createdBy,
+          enabled: doc.enabled,
+        });
+      }
+    }
+  }
+
+  private async persistToken(stored: IStoredApiToken): Promise<void> {
+    const existing = await ApiTokenDoc.findById(stored.id);
+    if (existing) {
+      existing.name = stored.name;
+      existing.tokenHash = stored.tokenHash;
+      existing.scopes = stored.scopes;
+      existing.createdAt = stored.createdAt;
+      existing.expiresAt = stored.expiresAt;
+      existing.lastUsedAt = stored.lastUsedAt;
+      existing.createdBy = stored.createdBy;
+      existing.enabled = stored.enabled;
+      await existing.save();
+    } else {
+      const doc = new ApiTokenDoc();
+      doc.id = stored.id;
+      doc.name = stored.name;
+      doc.tokenHash = stored.tokenHash;
+      doc.scopes = stored.scopes;
+      doc.createdAt = stored.createdAt;
+      doc.expiresAt = stored.expiresAt;
+      doc.lastUsedAt = stored.lastUsedAt;
+      doc.createdBy = stored.createdBy;
+      doc.enabled = stored.enabled;
+      await doc.save();
+    }
+  }
+}

ts/config/classes.route-config-manager.ts

@@ -0,0 +1,335 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { StoredRouteDoc, RouteOverrideDoc } from '../db/index.js';
+import type {
+  IStoredRoute,
+  IRouteOverride,
+  IMergedRoute,
+  IRouteWarning,
+} from '../../ts_interfaces/data/route-management.js';
+import type { IDcRouterRouteConfig } from '../../ts_interfaces/data/remoteingress.js';
+import { type IHttp3Config, augmentRouteWithHttp3 } from '../http3/index.js';
+
+export class RouteConfigManager {
+  private storedRoutes = new Map<string, IStoredRoute>();
+  private overrides = new Map<string, IRouteOverride>();
+  private warnings: IRouteWarning[] = [];
+
+  constructor(
+    private getHardcodedRoutes: () => plugins.smartproxy.IRouteConfig[],
+    private getSmartProxy: () => plugins.smartproxy.SmartProxy | undefined,
+    private getHttp3Config?: () => IHttp3Config | undefined,
+    private getVpnAllowList?: (tags?: string[]) => string[],
+  ) {}
+
+  /**
+   * Load persisted routes and overrides, compute warnings, apply to SmartProxy.
+   */
+  public async initialize(): Promise<void> {
+    await this.loadStoredRoutes();
+    await this.loadOverrides();
+    this.computeWarnings();
+    this.logWarnings();
+    await this.applyRoutes();
+  }
+
+  // =========================================================================
+  // Merged view
+  // =========================================================================
+
+  public getMergedRoutes(): { routes: IMergedRoute[]; warnings: IRouteWarning[] } {
+    const merged: IMergedRoute[] = [];
+
+    // Hardcoded routes
+    for (const route of this.getHardcodedRoutes()) {
+      const name = route.name || '';
+      const override = this.overrides.get(name);
+      merged.push({
+        route,
+        source: 'hardcoded',
+        enabled: override ? override.enabled : true,
+        overridden: !!override,
+      });
+    }
+
+    // Programmatic routes
+    for (const stored of this.storedRoutes.values()) {
+      merged.push({
+        route: stored.route,
+        source: 'programmatic',
+        enabled: stored.enabled,
+        overridden: false,
+        storedRouteId: stored.id,
+        createdAt: stored.createdAt,
+        updatedAt: stored.updatedAt,
+      });
+    }
+
+    return { routes: merged, warnings: [...this.warnings] };
+  }
+
+  // =========================================================================
+  // Programmatic route CRUD
+  // =========================================================================
+
+  public async createRoute(
+    route: plugins.smartproxy.IRouteConfig,
+    createdBy: string,
+    enabled = true,
+  ): Promise<string> {
+    const id = plugins.uuid.v4();
+    const now = Date.now();
+
+    // Ensure route has a name
+    if (!route.name) {
+      route.name = `programmatic-${id.slice(0, 8)}`;
+    }
+
+    const stored: IStoredRoute = {
+      id,
+      route,
+      enabled,
+      createdAt: now,
+      updatedAt: now,
+      createdBy,
+    };
+
+    this.storedRoutes.set(id, stored);
+    await this.persistRoute(stored);
+    await this.applyRoutes();
+    return id;
+  }
+
+  public async updateRoute(
+    id: string,
+    patch: { route?: Partial<plugins.smartproxy.IRouteConfig>; enabled?: boolean },
+  ): Promise<boolean> {
+    const stored = this.storedRoutes.get(id);
+    if (!stored) return false;
+
+    if (patch.route) {
+      stored.route = { ...stored.route, ...patch.route } as plugins.smartproxy.IRouteConfig;
+    }
+    if (patch.enabled !== undefined) {
+      stored.enabled = patch.enabled;
+    }
+    stored.updatedAt = Date.now();
+
+    await this.persistRoute(stored);
+    await this.applyRoutes();
+    return true;
+  }
+
+  public async deleteRoute(id: string): Promise<boolean> {
+    if (!this.storedRoutes.has(id)) return false;
+    this.storedRoutes.delete(id);
+    const doc = await StoredRouteDoc.findById(id);
+    if (doc) await doc.delete();
+    await this.applyRoutes();
+    return true;
+  }
+
+  public async toggleRoute(id: string, enabled: boolean): Promise<boolean> {
+    return this.updateRoute(id, { enabled });
+  }
+
+  // =========================================================================
+  // Hardcoded route overrides
+  // =========================================================================
+
+  public async setOverride(routeName: string, enabled: boolean, updatedBy: string): Promise<void> {
+    const override: IRouteOverride = {
+      routeName,
+      enabled,
+      updatedAt: Date.now(),
+      updatedBy,
+    };
+    this.overrides.set(routeName, override);
+    const existingDoc = await RouteOverrideDoc.findByRouteName(routeName);
+    if (existingDoc) {
+      existingDoc.enabled = override.enabled;
+      existingDoc.updatedAt = override.updatedAt;
+      existingDoc.updatedBy = override.updatedBy;
+      await existingDoc.save();
+    } else {
+      const doc = new RouteOverrideDoc();
+      doc.routeName = override.routeName;
+      doc.enabled = override.enabled;
+      doc.updatedAt = override.updatedAt;
+      doc.updatedBy = override.updatedBy;
+      await doc.save();
+    }
+    this.computeWarnings();
+    await this.applyRoutes();
+  }
+
+  public async removeOverride(routeName: string): Promise<boolean> {
+    if (!this.overrides.has(routeName)) return false;
+    this.overrides.delete(routeName);
+    const doc = await RouteOverrideDoc.findByRouteName(routeName);
+    if (doc) await doc.delete();
+    this.computeWarnings();
+    await this.applyRoutes();
+    return true;
+  }
+
+  // =========================================================================
+  // Private: persistence
+  // =========================================================================
+
+  private async loadStoredRoutes(): Promise<void> {
+    const docs = await StoredRouteDoc.findAll();
+    for (const doc of docs) {
+      if (doc.id) {
+        this.storedRoutes.set(doc.id, {
+          id: doc.id,
+          route: doc.route,
+          enabled: doc.enabled,
+          createdAt: doc.createdAt,
+          updatedAt: doc.updatedAt,
+          createdBy: doc.createdBy,
+        });
+      }
+    }
+    if (this.storedRoutes.size > 0) {
+      logger.log('info', `Loaded ${this.storedRoutes.size} programmatic route(s) from storage`);
+    }
+  }
+
+  private async loadOverrides(): Promise<void> {
+    const docs = await RouteOverrideDoc.findAll();
+    for (const doc of docs) {
+      if (doc.routeName) {
+        this.overrides.set(doc.routeName, {
+          routeName: doc.routeName,
+          enabled: doc.enabled,
+          updatedAt: doc.updatedAt,
+          updatedBy: doc.updatedBy,
+        });
+      }
+    }
+    if (this.overrides.size > 0) {
+      logger.log('info', `Loaded ${this.overrides.size} route override(s) from storage`);
+    }
+  }
+
+  private async persistRoute(stored: IStoredRoute): Promise<void> {
+    const existingDoc = await StoredRouteDoc.findById(stored.id);
+    if (existingDoc) {
+      existingDoc.route = stored.route;
+      existingDoc.enabled = stored.enabled;
+      existingDoc.updatedAt = stored.updatedAt;
+      existingDoc.createdBy = stored.createdBy;
+      await existingDoc.save();
+    } else {
+      const doc = new StoredRouteDoc();
+      doc.id = stored.id;
+      doc.route = stored.route;
+      doc.enabled = stored.enabled;
+      doc.createdAt = stored.createdAt;
+      doc.updatedAt = stored.updatedAt;
+      doc.createdBy = stored.createdBy;
+      await doc.save();
+    }
+  }
+
+  // =========================================================================
+  // Private: warnings
+  // =========================================================================
+
+  private computeWarnings(): void {
+    this.warnings = [];
+    const hardcodedNames = new Set(this.getHardcodedRoutes().map((r) => r.name || ''));
+
+    // Check overrides
+    for (const [routeName, override] of this.overrides) {
+      if (!hardcodedNames.has(routeName)) {
+        this.warnings.push({
+          type: 'orphaned-override',
+          routeName,
+          message: `Orphaned override for route '${routeName}' — hardcoded route no longer exists`,
+        });
+      } else if (!override.enabled) {
+        this.warnings.push({
+          type: 'disabled-hardcoded',
+          routeName,
+          message: `Route '${routeName}' is disabled via API override`,
+        });
+      }
+    }
+
+    // Check disabled programmatic routes
+    for (const stored of this.storedRoutes.values()) {
+      if (!stored.enabled) {
+        const name = stored.route.name || stored.id;
+        this.warnings.push({
+          type: 'disabled-programmatic',
+          routeName: name,
+          message: `Programmatic route '${name}' (id: ${stored.id}) is disabled`,
+        });
+      }
+    }
+  }
+
+  private logWarnings(): void {
+    for (const w of this.warnings) {
+      logger.log('warn', w.message);
+    }
+  }
+
+  // =========================================================================
+  // Private: apply merged routes to SmartProxy
+  // =========================================================================
+
+  public async applyRoutes(): Promise<void> {
+    const smartProxy = this.getSmartProxy();
+    if (!smartProxy) return;
+
+    const enabledRoutes: plugins.smartproxy.IRouteConfig[] = [];
+
+    const http3Config = this.getHttp3Config?.();
+    const vpnAllowList = this.getVpnAllowList;
+
+    // Helper: inject VPN security into a route if vpn.enabled is set
+    const injectVpn = (route: plugins.smartproxy.IRouteConfig): plugins.smartproxy.IRouteConfig => {
+      if (!vpnAllowList) return route;
+      const dcRoute = route as IDcRouterRouteConfig;
+      if (!dcRoute.vpn?.enabled) return route;
+      const allowList = vpnAllowList(dcRoute.vpn.allowedServerDefinedClientTags);
+      const mandatory = dcRoute.vpn.mandatory === true; // defaults to false
+      return {
+        ...route,
+        security: {
+          ...route.security,
+          ipAllowList: mandatory
+            ? allowList
+            : [...(route.security?.ipAllowList || []), ...allowList],
+        },
+      };
+    };
+
+    // Add enabled hardcoded routes (respecting overrides, with fresh VPN injection)
+    for (const route of this.getHardcodedRoutes()) {
+      const name = route.name || '';
+      const override = this.overrides.get(name);
+      if (override && !override.enabled) {
+        continue; // Skip disabled hardcoded route
+      }
+      enabledRoutes.push(injectVpn(route));
+    }
+
+    // Add enabled programmatic routes (with HTTP/3 and VPN augmentation)
+    for (const stored of this.storedRoutes.values()) {
+      if (stored.enabled) {
+        let route = stored.route;
+        if (http3Config && http3Config.enabled !== false) {
+          route = augmentRouteWithHttp3(route, { enabled: true, ...http3Config });
+        }
+        enabledRoutes.push(injectVpn(route));
+      }
+    }
+
+    await smartProxy.updateRoutes(enabledRoutes);
+    logger.log('info', `Applied ${enabledRoutes.length} routes to SmartProxy (${this.storedRoutes.size} programmatic, ${this.overrides.size} overrides)`);
+  }
+}

ts/config/email.config.ts

@@ -1,266 +0,0 @@
-import type { IBaseConfig, ITlsConfig, IQueueConfig, IRateLimitConfig, IMonitoringConfig } from './base.config.js';
-
-/**
- * Email service configuration
- */
-export interface IEmailConfig extends IBaseConfig {
-  /**
-   * Whether to use MTA for sending emails
-   */
-  useMta?: boolean;
-  
-  /**
-   * MTA configuration
-   */
-  mtaConfig?: IMtaConfig;
-  
-  /**
-   * Template configuration
-   */
-  templateConfig?: {
-    /**
-     * Default sender email address
-     */
-    from?: string;
-    
-    /**
-     * Default reply-to email address
-     */
-    replyTo?: string;
-    
-    /**
-     * Default footer HTML
-     */
-    footerHtml?: string;
-    
-    /**
-     * Default footer text
-     */
-    footerText?: string;
-  };
-  
-  /**
-   * Whether to load templates from directory
-   */
-  loadTemplatesFromDir?: boolean;
-  
-  /**
-   * Directory path for email templates
-   */
-  templatesDir?: string;
-}
-
-/**
- * MTA configuration
- */
-export interface IMtaConfig {
-  /**
-   * SMTP server configuration
-   */
-  smtp?: {
-    /**
-     * Whether to enable the SMTP server
-     */
-    enabled?: boolean;
-    
-    /**
-     * Port to listen on
-     */
-    port?: number;
-    
-    /**
-     * SMTP server hostname
-     */
-    hostname?: string;
-    
-    /**
-     * Maximum allowed email size in bytes
-     */
-    maxSize?: number;
-  };
-  
-  /**
-   * TLS configuration
-   */
-  tls?: ITlsConfig;
-  
-  /**
-   * Outbound email configuration
-   */
-  outbound?: {
-    /**
-     * Maximum concurrent sending jobs
-     */
-    concurrency?: number;
-    
-    /**
-     * Retry configuration
-     */
-    retries?: {
-      /**
-       * Maximum number of retries per message
-       */
-      max?: number;
-      
-      /**
-       * Initial delay between retries (milliseconds)
-       */
-      delay?: number;
-      
-      /**
-       * Whether to use exponential backoff for retries
-       */
-      useBackoff?: boolean;
-    };
-    
-    /**
-     * Rate limiting configuration
-     */
-    rateLimit?: IRateLimitConfig;
-    
-    /**
-     * IP warmup configuration
-     */
-    warmup?: {
-      /**
-       * Whether IP warmup is enabled
-       */
-      enabled?: boolean;
-      
-      /**
-       * IP addresses to warm up
-       */
-      ipAddresses?: string[];
-      
-      /**
-       * Target domains to warm up
-       */
-      targetDomains?: string[];
-      
-      /**
-       * Allocation policy to use
-       */
-      allocationPolicy?: string;
-      
-      /**
-       * Fallback percentage for ESP routing during warmup
-       */
-      fallbackPercentage?: number;
-    };
-    
-    /**
-     * Reputation monitoring configuration
-     */
-    reputation?: IMonitoringConfig & {
-      /**
-       * Alert thresholds
-       */
-      alertThresholds?: {
-        /**
-         * Minimum acceptable reputation score
-         */
-        minReputationScore?: number;
-        
-        /**
-         * Maximum acceptable complaint rate
-         */
-        maxComplaintRate?: number;
-      };
-    };
-  };
-  
-  /**
-   * Security settings
-   */
-  security?: {
-    /**
-     * Whether to use DKIM signing
-     */
-    useDkim?: boolean;
-    
-    /**
-     * Whether to verify inbound DKIM signatures
-     */
-    verifyDkim?: boolean;
-    
-    /**
-     * Whether to verify SPF on inbound
-     */
-    verifySpf?: boolean;
-    
-    /**
-     * Whether to verify DMARC on inbound
-     */
-    verifyDmarc?: boolean;
-    
-    /**
-     * Whether to enforce DMARC policy
-     */
-    enforceDmarc?: boolean;
-    
-    /**
-     * Whether to use TLS for outbound when available
-     */
-    useTls?: boolean;
-    
-    /**
-     * Whether to require valid certificates
-     */
-    requireValidCerts?: boolean;
-    
-    /**
-     * Log level for email security events
-     */
-    securityLogLevel?: 'info' | 'warn' | 'error';
-    
-    /**
-     * Whether to check IP reputation for inbound emails
-     */
-    checkIPReputation?: boolean;
-    
-    /**
-     * Whether to scan content for malicious payloads
-     */
-    scanContent?: boolean;
-    
-    /**
-     * Action to take when malicious content is detected
-     */
-    maliciousContentAction?: 'tag' | 'quarantine' | 'reject';
-    
-    /**
-     * Minimum threat score to trigger action
-     */
-    threatScoreThreshold?: number;
-    
-    /**
-     * Whether to reject connections from high-risk IPs
-     */
-    rejectHighRiskIPs?: boolean;
-  };
-  
-  /**
-   * Domains configuration
-   */
-  domains?: {
-    /**
-     * List of domains that this MTA will handle as local
-     */
-    local?: string[];
-    
-    /**
-     * Whether to auto-create DNS records
-     */
-    autoCreateDnsRecords?: boolean;
-    
-    /**
-     * DKIM selector to use
-     */
-    dkimSelector?: string;
-  };
-  
-  /**
-   * Queue configuration
-   */
-  queue?: IQueueConfig;
-}

ts/config/index.ts

@@ -1,100 +1,4 @@
-// Export configuration interfaces
-export * from './base.config.js';
-export * from './email.config.js';
-export * from './sms.config.js';
-export * from './platform.config.js';
-
-// Export validation tools
+// Export validation tools only
 export * from './validator.js';
-export * from './schemas.js';
-
-// Re-export commonly used types
-import type { IPlatformConfig } from './platform.config.js';
-import type { IEmailConfig, IMtaConfig } from './email.config.js';
-import type { ISmsConfig } from './sms.config.js';
-import type { 
-  IBaseConfig, 
-  ITlsConfig, 
-  IHttpServerConfig, 
-  IRateLimitConfig,
-  IQueueConfig
-} from './base.config.js';
-
-// Default platform configuration
-export const defaultConfig: IPlatformConfig = {
-  id: 'platform-service-config',
-  version: '1.0.0',
-  environment: 'production',
-  name: 'PlatformService',
-  enabled: true,
-  logging: {
-    level: 'info',
-    structured: true,
-    correlationTracking: true
-  },
-  server: {
-    enabled: true,
-    host: '0.0.0.0',
-    port: 3000,
-    cors: true
-  },
-  email: {
-    useMta: true,
-    mtaConfig: {
-      smtp: {
-        enabled: true,
-        port: 25,
-        hostname: 'mta.lossless.one',
-        maxSize: 10 * 1024 * 1024 // 10MB
-      },
-      tls: {
-        domain: 'mta.lossless.one',
-        autoRenew: true
-      },
-      security: {
-        useDkim: true,
-        verifyDkim: true,
-        verifySpf: true,
-        verifyDmarc: true,
-        enforceDmarc: true,
-        useTls: true,
-        requireValidCerts: false,
-        securityLogLevel: 'warn',
-        checkIPReputation: true,
-        scanContent: true,
-        maliciousContentAction: 'tag',
-        threatScoreThreshold: 50,
-        rejectHighRiskIPs: false
-      },
-      domains: {
-        local: ['lossless.one'],
-        autoCreateDnsRecords: true,
-        dkimSelector: 'mta'
-      }
-    },
-    templateConfig: {
-      from: 'no-reply@lossless.one',
-      replyTo: 'support@lossless.one'
-    },
-    loadTemplatesFromDir: true
-  },
-  paths: {
-    dataDir: 'data',
-    logsDir: 'logs',
-    tempDir: 'temp',
-    emailTemplatesDir: 'templates/email'
-  }
-};
-
-// Export main types for convenience
-export type { 
-  IPlatformConfig,
-  IEmailConfig, 
-  IMtaConfig, 
-  ISmsConfig, 
-  IBaseConfig, 
-  ITlsConfig, 
-  IHttpServerConfig,
-  IRateLimitConfig,
-  IQueueConfig
-};
+export { RouteConfigManager } from './classes.route-config-manager.js';
+export { ApiTokenManager } from './classes.api-token-manager.js';

ts/config/platform.config.ts

@@ -1,54 +0,0 @@
-import type { IBaseConfig, IHttpServerConfig, IDatabaseConfig } from './base.config.js';
-import type { IEmailConfig } from './email.config.js';
-import type { ISmsConfig } from './sms.config.js';
-
-/**
- * Platform service configuration
- * Root configuration that includes all service configurations
- */
-export interface IPlatformConfig extends IBaseConfig {
-  /**
-   * HTTP server configuration
-   */
-  server?: IHttpServerConfig;
-  
-  /**
-   * Database configuration
-   */
-  database?: IDatabaseConfig;
-  
-  /**
-   * Email service configuration
-   */
-  email?: IEmailConfig;
-  
-  /**
-   * SMS service configuration
-   */
-  sms?: ISmsConfig;
-  
-  /**
-   * Path configuration
-   */
-  paths?: {
-    /**
-     * Data directory path
-     */
-    dataDir?: string;
-    
-    /**
-     * Logs directory path
-     */
-    logsDir?: string;
-    
-    /**
-     * Temporary directory path
-     */
-    tempDir?: string;
-    
-    /**
-     * Email templates directory path
-     */
-    emailTemplatesDir?: string;
-  };
-}

ts/config/schemas.ts

@@ -1,770 +0,0 @@
-import type { ValidationSchema } from './validator.js';
-
-/**
- * Base TLS configuration schema
- */
-export const tlsConfigSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  domain: {
-    type: 'string',
-    required: false
-  },
-  certPath: {
-    type: 'string',
-    required: false
-  },
-  keyPath: {
-    type: 'string',
-    required: false
-  },
-  caPath: {
-    type: 'string',
-    required: false
-  },
-  minVersion: {
-    type: 'string',
-    required: false,
-    enum: ['TLSv1.2', 'TLSv1.3'],
-    default: 'TLSv1.2'
-  },
-  autoRenew: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  rejectUnauthorized: {
-    type: 'boolean',
-    required: false,
-    default: true
-  }
-};
-
-/**
- * HTTP server configuration schema
- */
-export const httpServerSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  host: {
-    type: 'string',
-    required: false,
-    default: '0.0.0.0'
-  },
-  port: {
-    type: 'number',
-    required: false,
-    default: 3000,
-    min: 1,
-    max: 65535
-  },
-  basePath: {
-    type: 'string',
-    required: false,
-    default: ''
-  },
-  cors: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  tls: {
-    type: 'object',
-    required: false,
-    schema: tlsConfigSchema
-  },
-  maxBodySize: {
-    type: 'number',
-    required: false,
-    default: 1024 * 1024 // 1MB
-  },
-  timeout: {
-    type: 'number',
-    required: false,
-    default: 30000 // 30 seconds
-  }
-};
-
-/**
- * Rate limit configuration schema
- */
-export const rateLimitSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  maxPerPeriod: {
-    type: 'number',
-    required: false,
-    default: 100,
-    min: 1
-  },
-  periodMs: {
-    type: 'number',
-    required: false,
-    default: 60000, // 1 minute
-    min: 1000
-  },
-  perKey: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  burstTokens: {
-    type: 'number',
-    required: false,
-    default: 5,
-    min: 0
-  }
-};
-
-/**
- * Queue configuration schema
- */
-export const queueSchema: ValidationSchema = {
-  storageType: {
-    type: 'string',
-    required: false,
-    enum: ['memory', 'disk', 'redis'],
-    default: 'memory'
-  },
-  persistentPath: {
-    type: 'string',
-    required: false
-  },
-  redis: {
-    type: 'object',
-    required: false,
-    schema: {
-      host: {
-        type: 'string',
-        required: false,
-        default: 'localhost'
-      },
-      port: {
-        type: 'number',
-        required: false,
-        default: 6379,
-        min: 1,
-        max: 65535
-      },
-      password: {
-        type: 'string',
-        required: false
-      },
-      db: {
-        type: 'number',
-        required: false,
-        default: 0,
-        min: 0
-      }
-    }
-  },
-  maxSize: {
-    type: 'number',
-    required: false,
-    default: 10000,
-    min: 1
-  },
-  maxRetries: {
-    type: 'number',
-    required: false,
-    default: 3,
-    min: 0
-  },
-  baseRetryDelay: {
-    type: 'number',
-    required: false,
-    default: 1000, // 1 second
-    min: 1
-  },
-  maxRetryDelay: {
-    type: 'number',
-    required: false,
-    default: 60000, // 1 minute
-    min: 1
-  },
-  checkInterval: {
-    type: 'number',
-    required: false,
-    default: 1000, // 1 second
-    min: 100
-  },
-  maxParallelProcessing: {
-    type: 'number',
-    required: false,
-    default: 5,
-    min: 1
-  }
-};
-
-/**
- * SMS service configuration schema
- */
-export const smsConfigSchema: ValidationSchema = {
-  apiGatewayApiToken: {
-    type: 'string',
-    required: true
-  },
-  defaultSender: {
-    type: 'string',
-    required: false
-  },
-  rateLimit: {
-    type: 'object',
-    required: false,
-    schema: {
-      ...rateLimitSchema,
-      maxPerRecipientPerDay: {
-        type: 'number',
-        required: false,
-        default: 10,
-        min: 1
-      }
-    }
-  },
-  provider: {
-    type: 'object',
-    required: false,
-    schema: {
-      type: {
-        type: 'string',
-        required: false,
-        enum: ['gateway', 'twilio', 'other'],
-        default: 'gateway'
-      },
-      config: {
-        type: 'object',
-        required: false
-      },
-      fallback: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          type: {
-            type: 'string',
-            required: false,
-            enum: ['gateway', 'twilio', 'other']
-          },
-          config: {
-            type: 'object',
-            required: false
-          }
-        }
-      }
-    }
-  },
-  verification: {
-    type: 'object',
-    required: false,
-    schema: {
-      codeLength: {
-        type: 'number',
-        required: false,
-        default: 6,
-        min: 4,
-        max: 10
-      },
-      expirationSeconds: {
-        type: 'number',
-        required: false,
-        default: 300, // 5 minutes
-        min: 60
-      },
-      maxAttempts: {
-        type: 'number',
-        required: false,
-        default: 3,
-        min: 1
-      },
-      cooldownSeconds: {
-        type: 'number',
-        required: false,
-        default: 60, // 1 minute
-        min: 0
-      }
-    }
-  }
-};
-
-/**
- * MTA configuration schema
- */
-export const mtaConfigSchema: ValidationSchema = {
-  smtp: {
-    type: 'object',
-    required: false,
-    schema: {
-      enabled: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      port: {
-        type: 'number',
-        required: false,
-        default: 25,
-        min: 1,
-        max: 65535
-      },
-      hostname: {
-        type: 'string',
-        required: false,
-        default: 'mta.lossless.one'
-      },
-      maxSize: {
-        type: 'number',
-        required: false,
-        default: 10 * 1024 * 1024, // 10MB
-        min: 1024
-      }
-    }
-  },
-  tls: {
-    type: 'object',
-    required: false,
-    schema: tlsConfigSchema
-  },
-  outbound: {
-    type: 'object',
-    required: false,
-    schema: {
-      concurrency: {
-        type: 'number',
-        required: false,
-        default: 5,
-        min: 1
-      },
-      retries: {
-        type: 'object',
-        required: false,
-        schema: {
-          max: {
-            type: 'number',
-            required: false,
-            default: 3,
-            min: 0
-          },
-          delay: {
-            type: 'number',
-            required: false,
-            default: 300000, // 5 minutes
-            min: 1000
-          },
-          useBackoff: {
-            type: 'boolean',
-            required: false,
-            default: true
-          }
-        }
-      },
-      rateLimit: {
-        type: 'object',
-        required: false,
-        schema: rateLimitSchema
-      },
-      warmup: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          ipAddresses: {
-            type: 'array',
-            required: false,
-            items: {
-              type: 'string'
-            }
-          },
-          targetDomains: {
-            type: 'array',
-            required: false,
-            items: {
-              type: 'string'
-            }
-          },
-          allocationPolicy: {
-            type: 'string',
-            required: false,
-            default: 'balanced'
-          },
-          fallbackPercentage: {
-            type: 'number',
-            required: false,
-            default: 50,
-            min: 0,
-            max: 100
-          }
-        }
-      },
-      reputation: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          updateFrequency: {
-            type: 'number',
-            required: false,
-            default: 24 * 60 * 60 * 1000, // 1 day
-            min: 60000
-          },
-          alertThresholds: {
-            type: 'object',
-            required: false,
-            schema: {
-              minReputationScore: {
-                type: 'number',
-                required: false,
-                default: 70,
-                min: 0,
-                max: 100
-              },
-              maxComplaintRate: {
-                type: 'number',
-                required: false,
-                default: 0.1, // 0.1%
-                min: 0,
-                max: 100
-              }
-            }
-          }
-        }
-      }
-    }
-  },
-  security: {
-    type: 'object',
-    required: false,
-    schema: {
-      useDkim: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifyDkim: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifySpf: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifyDmarc: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      enforceDmarc: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      useTls: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      requireValidCerts: {
-        type: 'boolean',
-        required: false,
-        default: false
-      },
-      securityLogLevel: {
-        type: 'string',
-        required: false,
-        enum: ['info', 'warn', 'error'],
-        default: 'warn'
-      },
-      checkIPReputation: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      scanContent: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      maliciousContentAction: {
-        type: 'string',
-        required: false,
-        enum: ['tag', 'quarantine', 'reject'],
-        default: 'tag'
-      },
-      threatScoreThreshold: {
-        type: 'number',
-        required: false,
-        default: 50,
-        min: 0,
-        max: 100
-      },
-      rejectHighRiskIPs: {
-        type: 'boolean',
-        required: false,
-        default: false
-      }
-    }
-  },
-  domains: {
-    type: 'object',
-    required: false,
-    schema: {
-      local: {
-        type: 'array',
-        required: false,
-        items: {
-          type: 'string'
-        },
-        default: ['lossless.one']
-      },
-      autoCreateDnsRecords: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      dkimSelector: {
-        type: 'string',
-        required: false,
-        default: 'mta'
-      }
-    }
-  },
-  queue: {
-    type: 'object',
-    required: false,
-    schema: queueSchema
-  }
-};
-
-/**
- * Email service configuration schema
- */
-export const emailConfigSchema: ValidationSchema = {
-  useMta: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  mtaConfig: {
-    type: 'object',
-    required: false,
-    schema: mtaConfigSchema
-  },
-  templateConfig: {
-    type: 'object',
-    required: false,
-    schema: {
-      from: {
-        type: 'string',
-        required: false,
-        default: 'no-reply@lossless.one'
-      },
-      replyTo: {
-        type: 'string',
-        required: false,
-        default: 'support@lossless.one'
-      },
-      footerHtml: {
-        type: 'string',
-        required: false
-      },
-      footerText: {
-        type: 'string',
-        required: false
-      }
-    }
-  },
-  loadTemplatesFromDir: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  templatesDir: {
-    type: 'string',
-    required: false
-  }
-};
-
-/**
- * Database configuration schema
- */
-export const databaseConfigSchema: ValidationSchema = {
-  connectionString: {
-    type: 'string',
-    required: false
-  },
-  host: {
-    type: 'string',
-    required: false,
-    default: 'localhost'
-  },
-  port: {
-    type: 'number',
-    required: false,
-    default: 5432,
-    min: 1,
-    max: 65535
-  },
-  database: {
-    type: 'string',
-    required: false
-  },
-  username: {
-    type: 'string',
-    required: false
-  },
-  password: {
-    type: 'string',
-    required: false
-  },
-  ssl: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  pool: {
-    type: 'object',
-    required: false,
-    schema: {
-      min: {
-        type: 'number',
-        required: false,
-        default: 2,
-        min: 1
-      },
-      max: {
-        type: 'number',
-        required: false,
-        default: 10,
-        min: 1
-      },
-      idleTimeoutMillis: {
-        type: 'number',
-        required: false,
-        default: 30000,
-        min: 1000
-      }
-    }
-  }
-};
-
-/**
- * Platform service configuration schema
- */
-export const platformConfigSchema: ValidationSchema = {
-  id: {
-    type: 'string',
-    required: false,
-    default: 'platform-service-config'
-  },
-  version: {
-    type: 'string',
-    required: false,
-    default: '1.0.0'
-  },
-  environment: {
-    type: 'string',
-    required: false,
-    enum: ['development', 'test', 'staging', 'production'],
-    default: 'production'
-  },
-  name: {
-    type: 'string',
-    required: false,
-    default: 'PlatformService'
-  },
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  logging: {
-    type: 'object',
-    required: false,
-    schema: {
-      level: {
-        type: 'string',
-        required: false,
-        enum: ['error', 'warn', 'info', 'debug'],
-        default: 'info'
-      },
-      structured: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      correlationTracking: {
-        type: 'boolean',
-        required: false,
-        default: true
-      }
-    }
-  },
-  server: {
-    type: 'object',
-    required: false,
-    schema: httpServerSchema
-  },
-  database: {
-    type: 'object',
-    required: false,
-    schema: databaseConfigSchema
-  },
-  email: {
-    type: 'object',
-    required: false,
-    schema: emailConfigSchema
-  },
-  sms: {
-    type: 'object',
-    required: false,
-    schema: smsConfigSchema
-  },
-  paths: {
-    type: 'object',
-    required: false,
-    schema: {
-      dataDir: {
-        type: 'string',
-        required: false,
-        default: 'data'
-      },
-      logsDir: {
-        type: 'string',
-        required: false,
-        default: 'logs'
-      },
-      tempDir: {
-        type: 'string',
-        required: false,
-        default: 'temp'
-      },
-      emailTemplatesDir: {
-        type: 'string',
-        required: false,
-        default: 'templates/email'
-      }
-    }
-  }
-};

ts/config/validator.ts

@@ -1,6 +1,5 @@
 import * as plugins from '../plugins.js';
 import { ValidationError } from '../errors/base.errors.js';
-import type { IBaseConfig } from './base.config.js';
 
 /**
  * Validation result
@@ -95,56 +94,6 @@ export type ValidationSchema = Record<string, {
  * Validates configuration objects against schemas and provides default values
  */
 export class ConfigValidator {
-  /**
-   * Basic schema for IBaseConfig
-   */
-  private static baseConfigSchema: ValidationSchema = {
-    id: {
-      type: 'string',
-      required: false
-    },
-    version: {
-      type: 'string',
-      required: false
-    },
-    environment: {
-      type: 'string',
-      required: false,
-      enum: ['development', 'test', 'staging', 'production'],
-      default: 'production'
-    },
-    name: {
-      type: 'string',
-      required: false
-    },
-    enabled: {
-      type: 'boolean',
-      required: false,
-      default: true
-    },
-    logging: {
-      type: 'object',
-      required: false,
-      schema: {
-        level: {
-          type: 'string',
-          required: false,
-          enum: ['error', 'warn', 'info', 'debug'],
-          default: 'info'
-        },
-        structured: {
-          type: 'boolean',
-          required: false,
-          default: true
-        },
-        correlationTracking: {
-          type: 'boolean',
-          required: false,
-          default: true
-        }
-      }
-    }
-  };
 
   /**
    * Validate a configuration object against a schema
@@ -221,7 +170,7 @@ export class ConfigValidator {
                 } else if (rules.items.schema && itemType === 'object') {
                   const itemResult = this.validate(value[i], rules.items.schema);
                   if (!itemResult.valid) {
-                    errors.push(...itemResult.errors.map(err => `${key}[${i}].${err}`));
+                    errors.push(...itemResult.errors!.map(err => `${key}[${i}].${err}`));
                   }
                 }
               }
@@ -232,7 +181,7 @@ export class ConfigValidator {
             if (rules.schema) {
               const nestedResult = this.validate(value, rules.schema);
               if (!nestedResult.valid) {
-                errors.push(...nestedResult.errors.map(err => `${key}.${err}`));
+                errors.push(...nestedResult.errors!.map(err => `${key}.${err}`));
               }
               validatedConfig[key] = nestedResult.config;
             }
@@ -261,15 +210,6 @@ export class ConfigValidator {
     };
   }
 
-  /**
-   * Validate base configuration
-   * 
-   * @param config Base configuration
-   * @returns Validation result for base configuration
-   */
-  public static validateBaseConfig(config: IBaseConfig): IValidationResult {
-    return this.validate(config, this.baseConfigSchema);
-  }
 
   /**
    * Apply defaults to a configuration object based on a schema
@@ -293,8 +233,8 @@ export class ConfigValidator {
 
       // Apply defaults to array items
       if (result[key] && rules.type === 'array' && rules.items && rules.items.schema) {
-        result[key] = result[key].map(item => 
-          typeof item === 'object' ? this.applyDefaults(item, rules.items.schema) : item
+        result[key] = result[key].map(item =>
+          typeof item === 'object' ? this.applyDefaults(item, rules.items!.schema!) : item
         );
       }
     }
@@ -315,7 +255,7 @@ export class ConfigValidator {
     
     if (!result.valid) {
       throw new ValidationError(
-        `Configuration validation failed: ${result.errors.join(', ')}`,
+        `Configuration validation failed: ${result.errors!.join(', ')}`,
         'CONFIG_VALIDATION_ERROR',
         { data: { errors: result.errors } }
       );

ts/db/classes.cache.cleaner.ts

@@ -0,0 +1,166 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { DcRouterDb } from './classes.dcrouter-db.js';
+
+// Import document classes for cleanup
+import { CachedEmail } from './documents/classes.cached.email.js';
+import { CachedIPReputation } from './documents/classes.cached.ip.reputation.js';
+
+/**
+ * Configuration for the cache cleaner
+ */
+export interface ICacheCleanerOptions {
+  /** Cleanup interval in milliseconds (default: 1 hour) */
+  intervalMs?: number;
+  /** Enable verbose logging */
+  verbose?: boolean;
+}
+
+/**
+ * CacheCleaner - Periodically removes expired documents from the cache
+ *
+ * Runs on a configurable interval (default: hourly) and queries each
+ * collection for documents where expiresAt < now(), then deletes them.
+ */
+export class CacheCleaner {
+  private cleanupInterval: ReturnType<typeof setInterval> | null = null;
+  private isRunning: boolean = false;
+  private options: Required<ICacheCleanerOptions>;
+  private dcRouterDb: DcRouterDb;
+
+  constructor(dcRouterDb: DcRouterDb, options: ICacheCleanerOptions = {}) {
+    this.dcRouterDb = dcRouterDb;
+    this.options = {
+      intervalMs: options.intervalMs || 60 * 60 * 1000, // 1 hour default
+      verbose: options.verbose || false,
+    };
+  }
+
+  /**
+   * Start the periodic cleanup process
+   */
+  public start(): void {
+    if (this.isRunning) {
+      logger.log('warn', 'CacheCleaner already running');
+      return;
+    }
+
+    this.isRunning = true;
+
+    // Run cleanup immediately on start
+    this.runCleanup().catch((error: unknown) => {
+      logger.log('error', `Initial cache cleanup failed: ${(error as Error).message}`);
+    });
+
+    // Schedule periodic cleanup
+    this.cleanupInterval = setInterval(() => {
+      this.runCleanup().catch((error: unknown) => {
+        logger.log('error', `Cache cleanup failed: ${(error as Error).message}`);
+      });
+    }, this.options.intervalMs);
+
+    logger.log(
+      'info',
+      `CacheCleaner started with interval: ${this.options.intervalMs / 1000 / 60} minutes`
+    );
+  }
+
+  /**
+   * Stop the periodic cleanup process
+   */
+  public stop(): void {
+    if (!this.isRunning) {
+      return;
+    }
+
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+
+    this.isRunning = false;
+    logger.log('info', 'CacheCleaner stopped');
+  }
+
+  /**
+   * Run a single cleanup cycle
+   */
+  public async runCleanup(): Promise<void> {
+    if (!this.dcRouterDb.isReady()) {
+      logger.log('warn', 'DcRouterDb not ready, skipping cleanup');
+      return;
+    }
+
+    const now = new Date();
+    const results: { collection: string; deleted: number }[] = [];
+
+    try {
+      const emailsDeleted = await this.cleanExpiredDocuments(CachedEmail, now);
+      results.push({ collection: 'CachedEmail', deleted: emailsDeleted });
+
+      const ipReputationDeleted = await this.cleanExpiredDocuments(CachedIPReputation, now);
+      results.push({ collection: 'CachedIPReputation', deleted: ipReputationDeleted });
+
+      // Log results
+      const totalDeleted = results.reduce((sum, r) => sum + r.deleted, 0);
+      if (totalDeleted > 0 || this.options.verbose) {
+        const summary = results
+          .filter((r) => r.deleted > 0)
+          .map((r) => `${r.collection}: ${r.deleted}`)
+          .join(', ');
+        logger.log(
+          'info',
+          `Cache cleanup completed. Deleted ${totalDeleted} expired documents. ${summary || 'No deletions.'}`
+        );
+      }
+    } catch (error: unknown) {
+      logger.log('error', `Cache cleanup error: ${(error as Error).message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Clean expired documents from a specific collection using smartdata API
+   */
+  private async cleanExpiredDocuments<T extends { delete: () => Promise<void> }>(
+    documentClass: { getInstances: (filter: any) => Promise<T[]> },
+    now: Date
+  ): Promise<number> {
+    try {
+      // Find all expired documents
+      const expiredDocs = await documentClass.getInstances({
+        expiresAt: { $lt: now },
+      });
+
+      // Delete each expired document
+      let deletedCount = 0;
+      for (const doc of expiredDocs) {
+        try {
+          await doc.delete();
+          deletedCount++;
+        } catch (deleteError: unknown) {
+          logger.log('warn', `Failed to delete expired document: ${(deleteError as Error).message}`);
+        }
+      }
+
+      return deletedCount;
+    } catch (error: unknown) {
+      logger.log('error', `Error cleaning collection: ${(error as Error).message}`);
+      return 0;
+    }
+  }
+
+  /**
+   * Check if the cleaner is running
+   */
+  public isActive(): boolean {
+    return this.isRunning;
+  }
+
+  /**
+   * Get the cleanup interval in milliseconds
+   */
+  public getIntervalMs(): number {
+    return this.options.intervalMs;
+  }
+}

ts/db/classes.cached.document.ts

@@ -0,0 +1,111 @@
+import * as plugins from '../plugins.js';
+
+/**
+ * Base class for all cached documents with TTL support
+ *
+ * Extends smartdata's SmartDataDbDoc to add:
+ * - Automatic timestamps (createdAt, lastAccessedAt)
+ * - TTL/expiration support (expiresAt)
+ * - Helper methods for TTL management
+ *
+ * NOTE: Subclasses MUST add @svDb() decorators to createdAt, expiresAt, and lastAccessedAt
+ * since decorators on abstract classes don't propagate correctly.
+ */
+export abstract class CachedDocument<T extends CachedDocument<T>> extends plugins.smartdata.SmartDataDbDoc<T, T> {
+  /**
+   * Timestamp when the document was created
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public createdAt: Date = new Date();
+
+  /**
+   * Timestamp when the document expires and should be cleaned up
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public expiresAt!: Date;
+
+  /**
+   * Timestamp of last access (for LRU-style eviction if needed)
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * Set the TTL (time to live) for this document
+   * @param ttlMs Time to live in milliseconds
+   */
+  public setTTL(ttlMs: number): void {
+    this.expiresAt = new Date(Date.now() + ttlMs);
+  }
+
+  /**
+   * Set TTL using days
+   * @param days Number of days until expiration
+   */
+  public setTTLDays(days: number): void {
+    this.setTTL(days * 24 * 60 * 60 * 1000);
+  }
+
+  /**
+   * Set TTL using hours
+   * @param hours Number of hours until expiration
+   */
+  public setTTLHours(hours: number): void {
+    this.setTTL(hours * 60 * 60 * 1000);
+  }
+
+  /**
+   * Check if this document has expired
+   */
+  public isExpired(): boolean {
+    if (!this.expiresAt) {
+      return false; // No expiration set
+    }
+    return new Date() > this.expiresAt;
+  }
+
+  /**
+   * Update the lastAccessedAt timestamp
+   */
+  public touch(): void {
+    this.lastAccessedAt = new Date();
+  }
+
+  /**
+   * Get remaining TTL in milliseconds
+   * Returns 0 if expired, -1 if no expiration set
+   */
+  public getRemainingTTL(): number {
+    if (!this.expiresAt) {
+      return -1;
+    }
+    const remaining = this.expiresAt.getTime() - Date.now();
+    return remaining > 0 ? remaining : 0;
+  }
+
+  /**
+   * Extend the TTL by the specified milliseconds from now
+   * @param ttlMs Additional time to live in milliseconds
+   */
+  public extendTTL(ttlMs: number): void {
+    this.expiresAt = new Date(Date.now() + ttlMs);
+  }
+
+  /**
+   * Set the document to never expire (100 years in the future)
+   */
+  public setNeverExpires(): void {
+    this.expiresAt = new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1000);
+  }
+}
+
+/**
+ * TTL constants in milliseconds
+ */
+export const TTL = {
+  HOURS_1: 1 * 60 * 60 * 1000,
+  HOURS_24: 24 * 60 * 60 * 1000,
+  DAYS_7: 7 * 24 * 60 * 60 * 1000,
+  DAYS_30: 30 * 24 * 60 * 60 * 1000,
+  DAYS_90: 90 * 24 * 60 * 60 * 1000,
+} as const;

ts/db/classes.dcrouter-db.ts

@@ -0,0 +1,179 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { defaultTsmDbPath } from '../paths.js';
+
+/**
+ * Configuration options for the unified DCRouter database
+ */
+export interface IDcRouterDbConfig {
+  /** External MongoDB connection URL. If absent, uses embedded LocalSmartDb. */
+  mongoDbUrl?: string;
+  /** Storage path for embedded LocalSmartDb data (default: ~/.serve.zone/dcrouter/tsmdb) */
+  storagePath?: string;
+  /** Database name (default: dcrouter) */
+  dbName?: string;
+  /** Enable debug logging */
+  debug?: boolean;
+}
+
+/**
+ * DcRouterDb - Unified database layer for DCRouter
+ *
+ * Replaces both StorageManager (flat-file key-value) and CacheDb (embedded MongoDB).
+ * All data is stored as smartdata document classes in a single database.
+ *
+ * Two modes:
+ * - **Embedded** (default): Spawns a LocalSmartDb (Rust-based MongoDB-compatible engine)
+ * - **External**: Connects to a provided MongoDB URL
+ */
+export class DcRouterDb {
+  private static instance: DcRouterDb | null = null;
+
+  private localSmartDb: plugins.smartdb.LocalSmartDb | null = null;
+  private smartdataDb!: plugins.smartdata.SmartdataDb;
+  private options: Required<IDcRouterDbConfig>;
+  private isStarted: boolean = false;
+
+  constructor(options: IDcRouterDbConfig = {}) {
+    this.options = {
+      mongoDbUrl: options.mongoDbUrl || '',
+      storagePath: options.storagePath || defaultTsmDbPath,
+      dbName: options.dbName || 'dcrouter',
+      debug: options.debug || false,
+    };
+  }
+
+  /**
+   * Get or create the singleton instance
+   */
+  public static getInstance(options?: IDcRouterDbConfig): DcRouterDb {
+    if (!DcRouterDb.instance) {
+      DcRouterDb.instance = new DcRouterDb(options);
+    }
+    return DcRouterDb.instance;
+  }
+
+  /**
+   * Reset the singleton instance (useful for testing)
+   */
+  public static resetInstance(): void {
+    DcRouterDb.instance = null;
+  }
+
+  /**
+   * Start the database
+   * - If mongoDbUrl is provided, connects directly to external MongoDB
+   * - Otherwise, starts an embedded LocalSmartDb instance
+   */
+  public async start(): Promise<void> {
+    if (this.isStarted) {
+      logger.log('warn', 'DcRouterDb already started');
+      return;
+    }
+
+    try {
+      let connectionUri: string;
+
+      if (this.options.mongoDbUrl) {
+        // External MongoDB mode
+        connectionUri = this.options.mongoDbUrl;
+        logger.log('info', `DcRouterDb connecting to external MongoDB`);
+      } else {
+        // Embedded LocalSmartDb mode
+        await plugins.fsUtils.ensureDir(this.options.storagePath);
+
+        this.localSmartDb = new plugins.smartdb.LocalSmartDb({
+          folderPath: this.options.storagePath,
+        });
+
+        const connectionInfo = await this.localSmartDb.start();
+        connectionUri = connectionInfo.connectionUri;
+
+        if (this.options.debug) {
+          logger.log('debug', `LocalSmartDb started with URI: ${connectionUri}`);
+        }
+
+        logger.log('info', `DcRouterDb started embedded instance at ${this.options.storagePath}`);
+      }
+
+      // Initialize smartdata ORM
+      this.smartdataDb = new plugins.smartdata.SmartdataDb({
+        mongoDbUrl: connectionUri,
+        mongoDbName: this.options.dbName,
+      });
+      await this.smartdataDb.init();
+
+      this.isStarted = true;
+      logger.log('info', `DcRouterDb ready (db: ${this.options.dbName})`);
+    } catch (error: unknown) {
+      logger.log('error', `Failed to start DcRouterDb: ${(error as Error).message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Stop the database
+   */
+  public async stop(): Promise<void> {
+    if (!this.isStarted) {
+      return;
+    }
+
+    try {
+      // Close smartdata connection
+      if (this.smartdataDb) {
+        await this.smartdataDb.close();
+      }
+
+      // Stop embedded LocalSmartDb if running
+      if (this.localSmartDb) {
+        await this.localSmartDb.stop();
+        this.localSmartDb = null;
+      }
+
+      this.isStarted = false;
+      logger.log('info', 'DcRouterDb stopped');
+    } catch (error: unknown) {
+      logger.log('error', `Error stopping DcRouterDb: ${(error as Error).message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Get the smartdata database instance for @Collection decorators
+   */
+  public getDb(): plugins.smartdata.SmartdataDb {
+    if (!this.isStarted) {
+      throw new Error('DcRouterDb not started. Call start() first.');
+    }
+    return this.smartdataDb;
+  }
+
+  /**
+   * Check if the database is ready
+   */
+  public isReady(): boolean {
+    return this.isStarted;
+  }
+
+  /**
+   * Whether running in embedded mode (LocalSmartDb) vs external MongoDB
+   */
+  public isEmbedded(): boolean {
+    return !this.options.mongoDbUrl;
+  }
+
+  /**
+   * Get the storage path (only relevant for embedded mode)
+   */
+  public getStoragePath(): string {
+    return this.options.storagePath;
+  }
+
+  /**
+   * Get the database name
+   */
+  public getDbName(): string {
+    return this.options.dbName;
+  }
+}

ts/db/documents/classes.accounting-session.doc.ts

@@ -0,0 +1,106 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class AccountingSessionDoc extends plugins.smartdata.SmartDataDbDoc<AccountingSessionDoc, AccountingSessionDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public sessionId!: string;
+
+  @plugins.smartdata.svDb()
+  public username!: string;
+
+  @plugins.smartdata.svDb()
+  public macAddress!: string;
+
+  @plugins.smartdata.svDb()
+  public nasIpAddress!: string;
+
+  @plugins.smartdata.svDb()
+  public nasPort!: number;
+
+  @plugins.smartdata.svDb()
+  public nasPortType!: string;
+
+  @plugins.smartdata.svDb()
+  public nasIdentifier!: string;
+
+  @plugins.smartdata.svDb()
+  public vlanId!: number;
+
+  @plugins.smartdata.svDb()
+  public framedIpAddress!: string;
+
+  @plugins.smartdata.svDb()
+  public calledStationId!: string;
+
+  @plugins.smartdata.svDb()
+  public callingStationId!: string;
+
+  @plugins.smartdata.svDb()
+  public startTime!: number;
+
+  @plugins.smartdata.svDb()
+  public endTime!: number;
+
+  @plugins.smartdata.svDb()
+  public lastUpdateTime!: number;
+
+  @plugins.smartdata.index()
+  @plugins.smartdata.svDb()
+  public status!: 'active' | 'stopped' | 'terminated';
+
+  @plugins.smartdata.svDb()
+  public terminateCause!: string;
+
+  @plugins.smartdata.svDb()
+  public inputOctets!: number;
+
+  @plugins.smartdata.svDb()
+  public outputOctets!: number;
+
+  @plugins.smartdata.svDb()
+  public inputPackets!: number;
+
+  @plugins.smartdata.svDb()
+  public outputPackets!: number;
+
+  @plugins.smartdata.svDb()
+  public sessionTime!: number;
+
+  @plugins.smartdata.svDb()
+  public serviceType!: string;
+
+  constructor() {
+    super();
+  }
+
+  public static async findBySessionId(sessionId: string): Promise<AccountingSessionDoc | null> {
+    return await AccountingSessionDoc.getInstance({ sessionId });
+  }
+
+  public static async findActive(): Promise<AccountingSessionDoc[]> {
+    return await AccountingSessionDoc.getInstances({ status: 'active' });
+  }
+
+  public static async findByUsername(username: string): Promise<AccountingSessionDoc[]> {
+    return await AccountingSessionDoc.getInstances({ username });
+  }
+
+  public static async findByNas(nasIpAddress: string): Promise<AccountingSessionDoc[]> {
+    return await AccountingSessionDoc.getInstances({ nasIpAddress });
+  }
+
+  public static async findByVlan(vlanId: number): Promise<AccountingSessionDoc[]> {
+    return await AccountingSessionDoc.getInstances({ vlanId });
+  }
+
+  public static async findStoppedBefore(cutoffTime: number): Promise<AccountingSessionDoc[]> {
+    return await AccountingSessionDoc.getInstances({
+      status: { $in: ['stopped', 'terminated'] } as any,
+      endTime: { $lt: cutoffTime, $gt: 0 } as any,
+    });
+  }
+}

ts/db/documents/classes.acme-cert.doc.ts

@@ -0,0 +1,41 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class AcmeCertDoc extends plugins.smartdata.SmartDataDbDoc<AcmeCertDoc, AcmeCertDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public domainName!: string;
+
+  @plugins.smartdata.svDb()
+  public id!: string;
+
+  @plugins.smartdata.svDb()
+  public created!: number;
+
+  @plugins.smartdata.svDb()
+  public privateKey!: string;
+
+  @plugins.smartdata.svDb()
+  public publicKey!: string;
+
+  @plugins.smartdata.svDb()
+  public csr!: string;
+
+  @plugins.smartdata.svDb()
+  public validUntil!: number;
+
+  constructor() {
+    super();
+  }
+
+  public static async findByDomain(domainName: string): Promise<AcmeCertDoc | null> {
+    return await AcmeCertDoc.getInstance({ domainName });
+  }
+
+  public static async findAll(): Promise<AcmeCertDoc[]> {
+    return await AcmeCertDoc.getInstances({});
+  }
+}

ts/db/documents/classes.api-token.doc.ts

@@ -0,0 +1,56 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+import type { TApiTokenScope } from '../../../ts_interfaces/data/route-management.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class ApiTokenDoc extends plugins.smartdata.SmartDataDbDoc<ApiTokenDoc, ApiTokenDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id!: string;
+
+  @plugins.smartdata.svDb()
+  public name: string = '';
+
+  @plugins.smartdata.svDb()
+  public tokenHash!: string;
+
+  @plugins.smartdata.svDb()
+  public scopes!: TApiTokenScope[];
+
+  @plugins.smartdata.svDb()
+  public createdAt!: number;
+
+  @plugins.smartdata.svDb()
+  public expiresAt!: number | null;
+
+  @plugins.smartdata.svDb()
+  public lastUsedAt!: number | null;
+
+  @plugins.smartdata.svDb()
+  public createdBy!: string;
+
+  @plugins.smartdata.svDb()
+  public enabled!: boolean;
+
+  constructor() {
+    super();
+  }
+
+  public static async findById(id: string): Promise<ApiTokenDoc | null> {
+    return await ApiTokenDoc.getInstance({ id });
+  }
+
+  public static async findByTokenHash(tokenHash: string): Promise<ApiTokenDoc | null> {
+    return await ApiTokenDoc.getInstance({ tokenHash });
+  }
+
+  public static async findAll(): Promise<ApiTokenDoc[]> {
+    return await ApiTokenDoc.getInstances({});
+  }
+
+  public static async findEnabled(): Promise<ApiTokenDoc[]> {
+    return await ApiTokenDoc.getInstances({ enabled: true });
+  }
+}

ts/db/documents/classes.cached.email.ts

@@ -0,0 +1,240 @@
+import * as plugins from '../../plugins.js';
+import { CachedDocument, TTL } from '../classes.cached.document.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+/**
+ * Email status in the cache
+ */
+export type TCachedEmailStatus = 'pending' | 'processing' | 'delivered' | 'failed' | 'deferred';
+
+/**
+ * Helper to get the smartdata database instance
+ */
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+/**
+ * CachedEmail - Stores email queue items in the cache
+ *
+ * Used for persistent email queue storage, tracking delivery status,
+ * and maintaining email history for the configured TTL period.
+ */
+@plugins.smartdata.Collection(() => getDb())
+export class CachedEmail extends CachedDocument<CachedEmail> {
+  // TTL fields from base class (decorators required on concrete class)
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.DAYS_30);
+
+  @plugins.smartdata.svDb()
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * Unique identifier for this email
+   */
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id!: string;
+
+  /**
+   * Email message ID (RFC 822 Message-ID header)
+   */
+  @plugins.smartdata.svDb()
+  public messageId!: string;
+
+  /**
+   * Sender email address (envelope from)
+   */
+  @plugins.smartdata.svDb()
+  public from!: string;
+
+  /**
+   * Recipient email addresses
+   */
+  @plugins.smartdata.svDb()
+  public to!: string[];
+
+  /**
+   * CC recipients
+   */
+  @plugins.smartdata.svDb()
+  public cc!: string[];
+
+  /**
+   * BCC recipients
+   */
+  @plugins.smartdata.svDb()
+  public bcc!: string[];
+
+  /**
+   * Email subject
+   */
+  @plugins.smartdata.svDb()
+  public subject!: string;
+
+  /**
+   * Raw RFC822 email content
+   */
+  @plugins.smartdata.svDb()
+  public rawContent!: string;
+
+  /**
+   * Current status of the email
+   */
+  @plugins.smartdata.svDb()
+  public status!: TCachedEmailStatus;
+
+  /**
+   * Number of delivery attempts
+   */
+  @plugins.smartdata.svDb()
+  public attempts: number = 0;
+
+  /**
+   * Maximum number of delivery attempts
+   */
+  @plugins.smartdata.svDb()
+  public maxAttempts: number = 3;
+
+  /**
+   * Timestamp for next delivery attempt
+   */
+  @plugins.smartdata.svDb()
+  public nextAttempt!: Date;
+
+  /**
+   * Last error message if delivery failed
+   */
+  @plugins.smartdata.svDb()
+  public lastError!: string;
+
+  /**
+   * Timestamp when the email was successfully delivered
+   */
+  @plugins.smartdata.svDb()
+  public deliveredAt!: Date;
+
+  /**
+   * Sender domain (for querying/filtering)
+   */
+  @plugins.smartdata.svDb()
+  public senderDomain!: string;
+
+  /**
+   * Priority level (higher = more important)
+   */
+  @plugins.smartdata.svDb()
+  public priority: number = 0;
+
+  /**
+   * JSON-serialized route data
+   */
+  @plugins.smartdata.svDb()
+  public routeData!: string;
+
+  /**
+   * DKIM signature status
+   */
+  @plugins.smartdata.svDb()
+  public dkimSigned: boolean = false;
+
+  constructor() {
+    super();
+    this.setTTL(TTL.DAYS_30); // Default 30-day TTL
+    this.status = 'pending';
+    this.to = [];
+    this.cc = [];
+    this.bcc = [];
+  }
+
+  /**
+   * Create a new CachedEmail with a unique ID
+   */
+  public static createNew(): CachedEmail {
+    const email = new CachedEmail();
+    email.id = plugins.uuid.v4();
+    return email;
+  }
+
+  /**
+   * Find an email by ID
+   */
+  public static async findById(id: string): Promise<CachedEmail | null> {
+    return await CachedEmail.getInstance({
+      id,
+    });
+  }
+
+  /**
+   * Find all emails with a specific status
+   */
+  public static async findByStatus(status: TCachedEmailStatus): Promise<CachedEmail[]> {
+    return await CachedEmail.getInstances({
+      status,
+    });
+  }
+
+  /**
+   * Find all emails pending delivery (status = pending and nextAttempt <= now)
+   */
+  public static async findPendingForDelivery(): Promise<CachedEmail[]> {
+    const now = new Date();
+    return await CachedEmail.getInstances({
+      status: 'pending',
+      nextAttempt: { $lte: now },
+    });
+  }
+
+  /**
+   * Find emails by sender domain
+   */
+  public static async findBySenderDomain(domain: string): Promise<CachedEmail[]> {
+    return await CachedEmail.getInstances({
+      senderDomain: domain,
+    });
+  }
+
+  /**
+   * Mark as delivered
+   */
+  public markDelivered(): void {
+    this.status = 'delivered';
+    this.deliveredAt = new Date();
+  }
+
+  /**
+   * Mark as failed with error
+   */
+  public markFailed(error: string): void {
+    this.status = 'failed';
+    this.lastError = error;
+  }
+
+  /**
+   * Increment attempt counter and schedule next attempt
+   */
+  public scheduleRetry(delayMs: number = 5 * 60 * 1000): void {
+    this.attempts++;
+    this.status = 'deferred';
+    this.nextAttempt = new Date(Date.now() + delayMs);
+
+    // If max attempts reached, mark as failed
+    if (this.attempts >= this.maxAttempts) {
+      this.status = 'failed';
+      this.lastError = `Max attempts (${this.maxAttempts}) reached`;
+    }
+  }
+
+  /**
+   * Extract sender domain from email address
+   */
+  public updateSenderDomain(): void {
+    if (this.from) {
+      const match = this.from.match(/@([^>]+)>?$/);
+      if (match) {
+        this.senderDomain = match[1].toLowerCase();
+      }
+    }
+  }
+}

ts/db/documents/classes.cached.ip.reputation.ts

@@ -0,0 +1,247 @@
+import * as plugins from '../../plugins.js';
+import { CachedDocument, TTL } from '../classes.cached.document.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+/**
+ * Helper to get the smartdata database instance
+ */
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+/**
+ * IP reputation result data
+ */
+export interface IIPReputationData {
+  score: number;
+  isSpam: boolean;
+  isProxy: boolean;
+  isTor: boolean;
+  isVPN: boolean;
+  country?: string;
+  asn?: string;
+  org?: string;
+  blacklists?: string[];
+}
+
+/**
+ * CachedIPReputation - Stores IP reputation lookup results
+ *
+ * Caches the results of IP reputation checks to avoid repeated
+ * external API calls. Default TTL is 24 hours.
+ */
+@plugins.smartdata.Collection(() => getDb())
+export class CachedIPReputation extends CachedDocument<CachedIPReputation> {
+  // TTL fields from base class (decorators required on concrete class)
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.HOURS_24);
+
+  @plugins.smartdata.svDb()
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * IP address (unique identifier)
+   */
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public ipAddress!: string;
+
+  /**
+   * Reputation score (0-100, higher = better)
+   */
+  @plugins.smartdata.svDb()
+  public score!: number;
+
+  /**
+   * Whether the IP is flagged as spam source
+   */
+  @plugins.smartdata.svDb()
+  public isSpam!: boolean;
+
+  /**
+   * Whether the IP is a known proxy
+   */
+  @plugins.smartdata.svDb()
+  public isProxy!: boolean;
+
+  /**
+   * Whether the IP is a Tor exit node
+   */
+  @plugins.smartdata.svDb()
+  public isTor!: boolean;
+
+  /**
+   * Whether the IP is a VPN endpoint
+   */
+  @plugins.smartdata.svDb()
+  public isVPN!: boolean;
+
+  /**
+   * Country code (ISO 3166-1 alpha-2)
+   */
+  @plugins.smartdata.svDb()
+  public country!: string;
+
+  /**
+   * Autonomous System Number
+   */
+  @plugins.smartdata.svDb()
+  public asn!: string;
+
+  /**
+   * Organization name
+   */
+  @plugins.smartdata.svDb()
+  public org!: string;
+
+  /**
+   * List of blacklists the IP appears on
+   */
+  @plugins.smartdata.svDb()
+  public blacklists!: string[];
+
+  /**
+   * Number of times this IP has been checked
+   */
+  @plugins.smartdata.svDb()
+  public checkCount: number = 0;
+
+  /**
+   * Number of connections from this IP
+   */
+  @plugins.smartdata.svDb()
+  public connectionCount: number = 0;
+
+  /**
+   * Number of emails received from this IP
+   */
+  @plugins.smartdata.svDb()
+  public emailCount: number = 0;
+
+  /**
+   * Number of spam emails from this IP
+   */
+  @plugins.smartdata.svDb()
+  public spamCount: number = 0;
+
+  constructor() {
+    super();
+    this.setTTL(TTL.HOURS_24); // Default 24-hour TTL
+    this.blacklists = [];
+    this.score = 50; // Default neutral score
+    this.isSpam = false;
+    this.isProxy = false;
+    this.isTor = false;
+    this.isVPN = false;
+  }
+
+  /**
+   * Create from reputation data
+   */
+  public static fromReputationData(ipAddress: string, data: IIPReputationData): CachedIPReputation {
+    const cached = new CachedIPReputation();
+    cached.ipAddress = ipAddress;
+    cached.score = data.score;
+    cached.isSpam = data.isSpam;
+    cached.isProxy = data.isProxy;
+    cached.isTor = data.isTor;
+    cached.isVPN = data.isVPN;
+    cached.country = data.country || '';
+    cached.asn = data.asn || '';
+    cached.org = data.org || '';
+    cached.blacklists = data.blacklists || [];
+    cached.checkCount = 1;
+    return cached;
+  }
+
+  /**
+   * Convert to reputation data object
+   */
+  public toReputationData(): IIPReputationData {
+    this.touch();
+    return {
+      score: this.score,
+      isSpam: this.isSpam,
+      isProxy: this.isProxy,
+      isTor: this.isTor,
+      isVPN: this.isVPN,
+      country: this.country,
+      asn: this.asn,
+      org: this.org,
+      blacklists: this.blacklists,
+    };
+  }
+
+  /**
+   * Find by IP address
+   */
+  public static async findByIP(ipAddress: string): Promise<CachedIPReputation | null> {
+    return await CachedIPReputation.getInstance({
+      ipAddress,
+    });
+  }
+
+  /**
+   * Find all IPs flagged as spam
+   */
+  public static async findSpamIPs(): Promise<CachedIPReputation[]> {
+    return await CachedIPReputation.getInstances({
+      isSpam: true,
+    });
+  }
+
+  /**
+   * Find IPs with score below threshold
+   */
+  public static async findLowScoreIPs(threshold: number): Promise<CachedIPReputation[]> {
+    return await CachedIPReputation.getInstances({
+      score: { $lt: threshold },
+    });
+  }
+
+  /**
+   * Record a connection from this IP
+   */
+  public recordConnection(): void {
+    this.connectionCount++;
+    this.touch();
+  }
+
+  /**
+   * Record an email from this IP
+   */
+  public recordEmail(isSpam: boolean = false): void {
+    this.emailCount++;
+    if (isSpam) {
+      this.spamCount++;
+    }
+    this.touch();
+  }
+
+  /**
+   * Update the reputation data
+   */
+  public updateReputation(data: IIPReputationData): void {
+    this.score = data.score;
+    this.isSpam = data.isSpam;
+    this.isProxy = data.isProxy;
+    this.isTor = data.isTor;
+    this.isVPN = data.isVPN;
+    this.country = data.country || this.country;
+    this.asn = data.asn || this.asn;
+    this.org = data.org || this.org;
+    this.blacklists = data.blacklists || this.blacklists;
+    this.checkCount++;
+    this.touch();
+    // Refresh TTL on update
+    this.setTTL(TTL.HOURS_24);
+  }
+
+  /**
+   * Check if this IP should be blocked
+   */
+  public shouldBlock(): boolean {
+    return this.isSpam || this.score < 20 || this.blacklists.length > 2;
+  }
+}

ts/db/documents/classes.cert-backoff.doc.ts

@@ -0,0 +1,35 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class CertBackoffDoc extends plugins.smartdata.SmartDataDbDoc<CertBackoffDoc, CertBackoffDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public domain!: string;
+
+  @plugins.smartdata.svDb()
+  public failures!: number;
+
+  @plugins.smartdata.svDb()
+  public lastFailure!: string;
+
+  @plugins.smartdata.svDb()
+  public retryAfter!: string;
+
+  @plugins.smartdata.svDb()
+  public lastError!: string;
+
+  constructor() {
+    super();
+  }
+
+  public static async findByDomain(domain: string): Promise<CertBackoffDoc | null> {
+    return await CertBackoffDoc.getInstance({ domain });
+  }
+
+  public static async findAll(): Promise<CertBackoffDoc[]> {
+    return await CertBackoffDoc.getInstances({});
+  }
+}

ts/db/documents/classes.proxy-cert.doc.ts

@@ -0,0 +1,38 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class ProxyCertDoc extends plugins.smartdata.SmartDataDbDoc<ProxyCertDoc, ProxyCertDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public domain!: string;
+
+  @plugins.smartdata.svDb()
+  public publicKey!: string;
+
+  @plugins.smartdata.svDb()
+  public privateKey!: string;
+
+  @plugins.smartdata.svDb()
+  public ca!: string;
+
+  @plugins.smartdata.svDb()
+  public validUntil!: number;
+
+  @plugins.smartdata.svDb()
+  public validFrom!: number;
+
+  constructor() {
+    super();
+  }
+
+  public static async findByDomain(domain: string): Promise<ProxyCertDoc | null> {
+    return await ProxyCertDoc.getInstance({ domain });
+  }
+
+  public static async findAll(): Promise<ProxyCertDoc[]> {
+    return await ProxyCertDoc.getInstances({});
+  }
+}

ts/db/documents/classes.remote-ingress-edge.doc.ts

@@ -0,0 +1,54 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class RemoteIngressEdgeDoc extends plugins.smartdata.SmartDataDbDoc<RemoteIngressEdgeDoc, RemoteIngressEdgeDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id!: string;
+
+  @plugins.smartdata.svDb()
+  public name: string = '';
+
+  @plugins.smartdata.svDb()
+  public secret!: string;
+
+  @plugins.smartdata.svDb()
+  public listenPorts!: number[];
+
+  @plugins.smartdata.svDb()
+  public listenPortsUdp!: number[];
+
+  @plugins.smartdata.svDb()
+  public enabled!: boolean;
+
+  @plugins.smartdata.svDb()
+  public autoDerivePorts!: boolean;
+
+  @plugins.smartdata.svDb()
+  public tags!: string[];
+
+  @plugins.smartdata.svDb()
+  public createdAt!: number;
+
+  @plugins.smartdata.svDb()
+  public updatedAt!: number;
+
+  constructor() {
+    super();
+  }
+
+  public static async findById(id: string): Promise<RemoteIngressEdgeDoc | null> {
+    return await RemoteIngressEdgeDoc.getInstance({ id });
+  }
+
+  public static async findAll(): Promise<RemoteIngressEdgeDoc[]> {
+    return await RemoteIngressEdgeDoc.getInstances({});
+  }
+
+  public static async findEnabled(): Promise<RemoteIngressEdgeDoc[]> {
+    return await RemoteIngressEdgeDoc.getInstances({ enabled: true });
+  }
+}

ts/db/documents/classes.route-override.doc.ts

@@ -0,0 +1,32 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class RouteOverrideDoc extends plugins.smartdata.SmartDataDbDoc<RouteOverrideDoc, RouteOverrideDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public routeName!: string;
+
+  @plugins.smartdata.svDb()
+  public enabled!: boolean;
+
+  @plugins.smartdata.svDb()
+  public updatedAt!: number;
+
+  @plugins.smartdata.svDb()
+  public updatedBy!: string;
+
+  constructor() {
+    super();
+  }
+
+  public static async findByRouteName(routeName: string): Promise<RouteOverrideDoc | null> {
+    return await RouteOverrideDoc.getInstance({ routeName });
+  }
+
+  public static async findAll(): Promise<RouteOverrideDoc[]> {
+    return await RouteOverrideDoc.getInstances({});
+  }
+}

ts/db/documents/classes.stored-route.doc.ts

@@ -0,0 +1,38 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class StoredRouteDoc extends plugins.smartdata.SmartDataDbDoc<StoredRouteDoc, StoredRouteDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id!: string;
+
+  @plugins.smartdata.svDb()
+  public route!: plugins.smartproxy.IRouteConfig;
+
+  @plugins.smartdata.svDb()
+  public enabled!: boolean;
+
+  @plugins.smartdata.svDb()
+  public createdAt!: number;
+
+  @plugins.smartdata.svDb()
+  public updatedAt!: number;
+
+  @plugins.smartdata.svDb()
+  public createdBy!: string;
+
+  constructor() {
+    super();
+  }
+
+  public static async findById(id: string): Promise<StoredRouteDoc | null> {
+    return await StoredRouteDoc.getInstance({ id });
+  }
+
+  public static async findAll(): Promise<StoredRouteDoc[]> {
+    return await StoredRouteDoc.getInstances({});
+  }
+}

ts/db/documents/classes.vlan-mappings.doc.ts

@@ -0,0 +1,32 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+export interface IMacVlanMapping {
+  mac: string;
+  vlan: number;
+  description?: string;
+  enabled: boolean;
+  createdAt: number;
+  updatedAt: number;
+}
+
+@plugins.smartdata.Collection(() => getDb())
+export class VlanMappingsDoc extends plugins.smartdata.SmartDataDbDoc<VlanMappingsDoc, VlanMappingsDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public configId: string = 'vlan-mappings';
+
+  @plugins.smartdata.svDb()
+  public mappings!: IMacVlanMapping[];
+
+  constructor() {
+    super();
+    this.mappings = [];
+  }
+
+  public static async load(): Promise<VlanMappingsDoc | null> {
+    return await VlanMappingsDoc.getInstance({ configId: 'vlan-mappings' });
+  }
+}

ts/db/documents/classes.vpn-client.doc.ts

@@ -0,0 +1,81 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class VpnClientDoc extends plugins.smartdata.SmartDataDbDoc<VpnClientDoc, VpnClientDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public clientId!: string;
+
+  @plugins.smartdata.svDb()
+  public enabled!: boolean;
+
+  @plugins.smartdata.svDb()
+  public serverDefinedClientTags?: string[];
+
+  @plugins.smartdata.svDb()
+  public description?: string;
+
+  @plugins.smartdata.svDb()
+  public assignedIp?: string;
+
+  @plugins.smartdata.svDb()
+  public noisePublicKey!: string;
+
+  @plugins.smartdata.svDb()
+  public wgPublicKey!: string;
+
+  @plugins.smartdata.svDb()
+  public wgPrivateKey?: string;
+
+  @plugins.smartdata.svDb()
+  public createdAt!: number;
+
+  @plugins.smartdata.svDb()
+  public updatedAt!: number;
+
+  @plugins.smartdata.svDb()
+  public expiresAt?: string;
+
+  @plugins.smartdata.svDb()
+  public forceDestinationSmartproxy: boolean = true;
+
+  @plugins.smartdata.svDb()
+  public destinationAllowList?: string[];
+
+  @plugins.smartdata.svDb()
+  public destinationBlockList?: string[];
+
+  @plugins.smartdata.svDb()
+  public useHostIp?: boolean;
+
+  @plugins.smartdata.svDb()
+  public useDhcp?: boolean;
+
+  @plugins.smartdata.svDb()
+  public staticIp?: string;
+
+  @plugins.smartdata.svDb()
+  public forceVlan?: boolean;
+
+  @plugins.smartdata.svDb()
+  public vlanId?: number;
+
+  constructor() {
+    super();
+  }
+
+  public static async findByClientId(clientId: string): Promise<VpnClientDoc | null> {
+    return await VpnClientDoc.getInstance({ clientId });
+  }
+
+  public static async findAll(): Promise<VpnClientDoc[]> {
+    return await VpnClientDoc.getInstances({});
+  }
+
+  public static async findEnabled(): Promise<VpnClientDoc[]> {
+    return await VpnClientDoc.getInstances({ enabled: true });
+  }
+}

ts/db/documents/classes.vpn-server-keys.doc.ts

@@ -0,0 +1,31 @@
+import * as plugins from '../../plugins.js';
+import { DcRouterDb } from '../classes.dcrouter-db.js';
+
+const getDb = () => DcRouterDb.getInstance().getDb();
+
+@plugins.smartdata.Collection(() => getDb())
+export class VpnServerKeysDoc extends plugins.smartdata.SmartDataDbDoc<VpnServerKeysDoc, VpnServerKeysDoc> {
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public configId: string = 'vpn-server-keys';
+
+  @plugins.smartdata.svDb()
+  public noisePrivateKey!: string;
+
+  @plugins.smartdata.svDb()
+  public noisePublicKey!: string;
+
+  @plugins.smartdata.svDb()
+  public wgPrivateKey!: string;
+
+  @plugins.smartdata.svDb()
+  public wgPublicKey!: string;
+
+  constructor() {
+    super();
+  }
+
+  public static async load(): Promise<VpnServerKeysDoc | null> {
+    return await VpnServerKeysDoc.getInstance({ configId: 'vpn-server-keys' });
+  }
+}

ts/db/documents/index.ts

@@ -0,0 +1,24 @@
+// Cached/TTL document classes
+export * from './classes.cached.email.js';
+export * from './classes.cached.ip.reputation.js';
+
+// Config document classes
+export * from './classes.stored-route.doc.js';
+export * from './classes.route-override.doc.js';
+export * from './classes.api-token.doc.js';
+
+// VPN document classes
+export * from './classes.vpn-server-keys.doc.js';
+export * from './classes.vpn-client.doc.js';
+
+// Certificate document classes
+export * from './classes.acme-cert.doc.js';
+export * from './classes.proxy-cert.doc.js';
+export * from './classes.cert-backoff.doc.js';
+
+// Remote ingress document classes
+export * from './classes.remote-ingress-edge.doc.js';
+
+// RADIUS document classes
+export * from './classes.vlan-mappings.doc.js';
+export * from './classes.accounting-session.doc.js';

ts/db/index.ts

@@ -0,0 +1,11 @@
+// Unified database manager
+export * from './classes.dcrouter-db.js';
+
+// TTL base class and constants
+export * from './classes.cached.document.js';
+
+// Cache cleaner
+export * from './classes.cache.cleaner.js';
+
+// Document classes
+export * from './documents/index.js';

ts/deliverability/classes.ipwarmupmanager.ts

@@ -1,896 +0,0 @@
-import * as plugins from '../plugins.js';
-import * as paths from '../paths.js';
-import { logger } from '../logger.js';
-import { LRUCache } from 'lru-cache';
-
-/**
- * Represents a single stage in the warmup process
- */
-export interface IWarmupStage {
-  /** Stage number (1-based) */
-  stage: number;
-  /** Maximum daily email volume for this stage */
-  maxDailyVolume: number;
-  /** Duration of this stage in days */
-  durationDays: number;
-  /** Target engagement metrics for this stage */
-  targetMetrics?: {
-    /** Minimum open rate (percentage) */
-    minOpenRate?: number;
-    /** Maximum bounce rate (percentage) */
-    maxBounceRate?: number;
-    /** Maximum spam complaint rate (percentage) */
-    maxComplaintRate?: number;
-  };
-}
-
-/**
- * Configuration for IP warmup process
- */
-export interface IIPWarmupConfig {
-  /** Whether the warmup is enabled */
-  enabled?: boolean;
-  /** List of IP addresses to warm up */
-  ipAddresses?: string[];
-  /** Target domains to warm up (e.g. your sending domains) */
-  targetDomains?: string[];
-  /** Warmup stages defining volume and duration */
-  stages?: IWarmupStage[];
-  /** Date when warmup process started */
-  startDate?: Date;
-  /** Default hourly distribution for sending (percentage of daily volume per hour) */
-  hourlyDistribution?: number[];
-  /** Whether to automatically advance stages based on metrics */
-  autoAdvanceStages?: boolean;
-  /** Whether to suspend warmup if metrics decline */
-  suspendOnMetricDecline?: boolean;
-  /** Percentage of traffic to send through fallback provider during warmup */
-  fallbackPercentage?: number;
-  /** Whether to prioritize engaged subscribers during warmup */
-  prioritizeEngagedSubscribers?: boolean;
-}
-
-/**
- * Status for a specific IP's warmup process
- */
-export interface IIPWarmupStatus {
-  /** IP address being warmed up */
-  ipAddress: string;
-  /** Current warmup stage */
-  currentStage: number;
-  /** Start date of the warmup process */
-  startDate: Date;
-  /** Start date of the current stage */
-  currentStageStartDate: Date;
-  /** Target completion date for entire warmup */
-  targetCompletionDate: Date;
-  /** Daily volume allocation for current stage */
-  currentDailyAllocation: number;
-  /** Emails sent in current stage */
-  sentInCurrentStage: number;
-  /** Total emails sent during warmup process */
-  totalSent: number;
-  /** Whether the warmup is currently active */
-  isActive: boolean;
-  /** Daily statistics for the past week */
-  dailyStats: Array<{
-    /** Date of the statistics */
-    date: string;
-    /** Number of emails sent */
-    sent: number;
-    /** Number of emails opened */
-    opened: number;
-    /** Number of bounces */
-    bounces: number;
-    /** Number of spam complaints */
-    complaints: number;
-  }>;
-  /** Current metrics */
-  metrics: {
-    /** Open rate percentage */
-    openRate: number;
-    /** Bounce rate percentage */
-    bounceRate: number;
-    /** Complaint rate percentage */
-    complaintRate: number;
-  };
-}
-
-/**
- * Defines methods for a policy used to allocate emails to different IPs
- */
-export interface IIPAllocationPolicy {
-  /** Name of the policy */
-  name: string;
-  
-  /**
-   * Allocate an IP address for sending an email
-   * @param availableIPs List of available IP addresses
-   * @param emailInfo Information about the email being sent
-   * @returns The IP to use, or null if no IP is available
-   */
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null;
-}
-
-/**
- * Default IP warmup configuration with industry standard stages
- */
-const DEFAULT_WARMUP_CONFIG: Required<IIPWarmupConfig> = {
-  enabled: true,
-  ipAddresses: [],
-  targetDomains: [],
-  stages: [
-    { stage: 1, maxDailyVolume: 50, durationDays: 2, targetMetrics: { maxBounceRate: 8, minOpenRate: 15 } },
-    { stage: 2, maxDailyVolume: 100, durationDays: 2, targetMetrics: { maxBounceRate: 7, minOpenRate: 18 } },
-    { stage: 3, maxDailyVolume: 500, durationDays: 3, targetMetrics: { maxBounceRate: 6, minOpenRate: 20 } },
-    { stage: 4, maxDailyVolume: 1000, durationDays: 3, targetMetrics: { maxBounceRate: 5, minOpenRate: 20 } },
-    { stage: 5, maxDailyVolume: 5000, durationDays: 5, targetMetrics: { maxBounceRate: 3, minOpenRate: 22 } },
-    { stage: 6, maxDailyVolume: 10000, durationDays: 5, targetMetrics: { maxBounceRate: 2, minOpenRate: 25 } },
-    { stage: 7, maxDailyVolume: 20000, durationDays: 5, targetMetrics: { maxBounceRate: 1, minOpenRate: 25 } },
-    { stage: 8, maxDailyVolume: 50000, durationDays: 5, targetMetrics: { maxBounceRate: 1, minOpenRate: 25 } },
-  ],
-  startDate: new Date(),
-  // Default hourly distribution (percentage per hour, sums to 100%)
-  hourlyDistribution: [
-    1, 1, 1, 1, 1, 2, 3, 5, 7, 8, 10, 11, 
-    10, 9, 8, 6, 5, 4, 3, 2, 1, 1, 1, 0
-  ],
-  autoAdvanceStages: true,
-  suspendOnMetricDecline: true,
-  fallbackPercentage: 50,
-  prioritizeEngagedSubscribers: true
-};
-
-/**
- * Manages the IP warming process for new sending IPs
- */
-export class IPWarmupManager {
-  private static instance: IPWarmupManager;
-  private config: Required<IIPWarmupConfig>;
-  private warmupStatuses: Map<string, IIPWarmupStatus> = new Map();
-  private dailySendCounts: Map<string, number> = new Map();
-  private hourlySendCounts: Map<string, number[]> = new Map();
-  private isInitialized: boolean = false;
-  private allocationPolicies: Map<string, IIPAllocationPolicy> = new Map();
-  private activePolicy: string = 'balanced';
-  
-  /**
-   * Constructor for IPWarmupManager
-   * @param config Warmup configuration
-   */
-  constructor(config: IIPWarmupConfig = {}) {
-    this.config = {
-      ...DEFAULT_WARMUP_CONFIG,
-      ...config,
-      stages: config.stages || [...DEFAULT_WARMUP_CONFIG.stages]
-    };
-    
-    // Register default allocation policies
-    this.registerAllocationPolicy('balanced', new BalancedAllocationPolicy());
-    this.registerAllocationPolicy('roundRobin', new RoundRobinAllocationPolicy());
-    this.registerAllocationPolicy('dedicated', new DedicatedDomainPolicy());
-    
-    this.initialize();
-  }
-  
-  /**
-   * Get the singleton instance of IPWarmupManager
-   * @param config Warmup configuration
-   * @returns Singleton instance
-   */
-  public static getInstance(config: IIPWarmupConfig = {}): IPWarmupManager {
-    if (!IPWarmupManager.instance) {
-      IPWarmupManager.instance = new IPWarmupManager(config);
-    }
-    return IPWarmupManager.instance;
-  }
-  
-  /**
-   * Initialize the warmup manager
-   */
-  private initialize(): void {
-    if (this.isInitialized) return;
-    
-    try {
-      // Load warmup statuses from storage
-      this.loadWarmupStatuses();
-      
-      // Initialize any new IPs that might have been added to config
-      for (const ip of this.config.ipAddresses) {
-        if (!this.warmupStatuses.has(ip)) {
-          this.initializeIPWarmup(ip);
-        }
-      }
-      
-      // Initialize daily and hourly counters
-      const today = new Date().toISOString().split('T')[0];
-      for (const ip of this.config.ipAddresses) {
-        this.dailySendCounts.set(ip, 0);
-        this.hourlySendCounts.set(ip, Array(24).fill(0));
-      }
-      
-      // Schedule daily reset of counters
-      this.scheduleDailyReset();
-      
-      // Schedule daily evaluation of warmup progress
-      this.scheduleDailyEvaluation();
-      
-      this.isInitialized = true;
-      logger.log('info', `IP Warmup Manager initialized with ${this.config.ipAddresses.length} IPs`);
-    } catch (error) {
-      logger.log('error', `Failed to initialize IP Warmup Manager: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-  
-  /**
-   * Initialize warmup status for a new IP address
-   * @param ipAddress IP address to initialize
-   */
-  private initializeIPWarmup(ipAddress: string): void {
-    const startDate = new Date();
-    let targetCompletionDate = new Date(startDate);
-    
-    // Calculate target completion date based on stages
-    let totalDays = 0;
-    for (const stage of this.config.stages) {
-      totalDays += stage.durationDays;
-    }
-    
-    targetCompletionDate.setDate(targetCompletionDate.getDate() + totalDays);
-    
-    const warmupStatus: IIPWarmupStatus = {
-      ipAddress,
-      currentStage: 1,
-      startDate,
-      currentStageStartDate: new Date(),
-      targetCompletionDate,
-      currentDailyAllocation: this.config.stages[0].maxDailyVolume,
-      sentInCurrentStage: 0,
-      totalSent: 0,
-      isActive: true,
-      dailyStats: [],
-      metrics: {
-        openRate: 0,
-        bounceRate: 0,
-        complaintRate: 0
-      }
-    };
-    
-    this.warmupStatuses.set(ipAddress, warmupStatus);
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Initialized warmup for IP ${ipAddress}`, {
-      currentStage: 1,
-      targetCompletion: targetCompletionDate.toISOString().split('T')[0]
-    });
-  }
-  
-  /**
-   * Schedule daily reset of send counters
-   */
-  private scheduleDailyReset(): void {
-    // Calculate time until midnight
-    const now = new Date();
-    const tomorrow = new Date(now);
-    tomorrow.setDate(tomorrow.getDate() + 1);
-    tomorrow.setHours(0, 0, 0, 0);
-    
-    const timeUntilMidnight = tomorrow.getTime() - now.getTime();
-    
-    // Schedule reset
-    setTimeout(() => {
-      this.resetDailyCounts();
-      // Reschedule for next day
-      this.scheduleDailyReset();
-    }, timeUntilMidnight);
-    
-    logger.log('info', `Scheduled daily counter reset in ${Math.floor(timeUntilMidnight / 60000)} minutes`);
-  }
-  
-  /**
-   * Reset daily send counters
-   */
-  private resetDailyCounts(): void {
-    for (const ip of this.config.ipAddresses) {
-      // Save yesterday's count to history before resetting
-      const status = this.warmupStatuses.get(ip);
-      if (status) {
-        const yesterday = new Date();
-        yesterday.setDate(yesterday.getDate() - 1);
-        
-        // Update daily stats with yesterday's data
-        const sentCount = this.dailySendCounts.get(ip) || 0;
-        status.dailyStats.push({
-          date: yesterday.toISOString().split('T')[0],
-          sent: sentCount,
-          opened: Math.floor(sentCount * status.metrics.openRate / 100),
-          bounces: Math.floor(sentCount * status.metrics.bounceRate / 100),
-          complaints: Math.floor(sentCount * status.metrics.complaintRate / 100)
-        });
-        
-        // Keep only the last 7 days of stats
-        if (status.dailyStats.length > 7) {
-          status.dailyStats.shift();
-        }
-      }
-      
-      // Reset counters for today
-      this.dailySendCounts.set(ip, 0);
-      this.hourlySendCounts.set(ip, Array(24).fill(0));
-    }
-    
-    // Save updated statuses
-    this.saveWarmupStatuses();
-    
-    logger.log('info', 'Daily send counters reset');
-  }
-  
-  /**
-   * Schedule daily evaluation of warmup progress
-   */
-  private scheduleDailyEvaluation(): void {
-    // Calculate time until 1 AM (do evaluation after midnight)
-    const now = new Date();
-    const evaluationTime = new Date(now);
-    evaluationTime.setDate(evaluationTime.getDate() + 1);
-    evaluationTime.setHours(1, 0, 0, 0);
-    
-    const timeUntilEvaluation = evaluationTime.getTime() - now.getTime();
-    
-    // Schedule evaluation
-    setTimeout(() => {
-      this.evaluateWarmupProgress();
-      // Reschedule for next day
-      this.scheduleDailyEvaluation();
-    }, timeUntilEvaluation);
-    
-    logger.log('info', `Scheduled daily warmup evaluation in ${Math.floor(timeUntilEvaluation / 60000)} minutes`);
-  }
-  
-  /**
-   * Evaluate warmup progress and possibly advance stages
-   */
-  private evaluateWarmupProgress(): void {
-    if (!this.config.autoAdvanceStages) {
-      logger.log('info', 'Auto-advance stages is disabled, skipping evaluation');
-      return;
-    }
-    
-    // Convert entries to array for compatibility with older JS versions
-    Array.from(this.warmupStatuses.entries()).forEach(([ip, status]) => {
-      if (!status.isActive) return;
-      
-      // Check if current stage duration has elapsed
-      const currentStage = this.config.stages[status.currentStage - 1];
-      const now = new Date();
-      const daysSinceStageStart = Math.floor(
-        (now.getTime() - status.currentStageStartDate.getTime()) / (24 * 60 * 60 * 1000)
-      );
-      
-      if (daysSinceStageStart >= currentStage.durationDays) {
-        // Check if metrics meet requirements for advancing
-        const metricsOK = this.checkStageMetrics(status, currentStage);
-        
-        if (metricsOK) {
-          // Advance to next stage if not at the final stage
-          if (status.currentStage < this.config.stages.length) {
-            this.advanceToNextStage(ip);
-          } else {
-            logger.log('info', `IP ${ip} has completed the warmup process`);
-          }
-        } else if (this.config.suspendOnMetricDecline) {
-          // Suspend warmup if metrics don't meet requirements
-          status.isActive = false;
-          logger.log('warn', `Suspended warmup for IP ${ip} due to poor metrics`, {
-            openRate: status.metrics.openRate,
-            bounceRate: status.metrics.bounceRate,
-            complaintRate: status.metrics.complaintRate
-          });
-        } else {
-          // Extend current stage if metrics don't meet requirements
-          logger.log('info', `Extending stage ${status.currentStage} for IP ${ip} due to metrics not meeting requirements`);
-        }
-      }
-    });
-    
-    // Save updated statuses
-    this.saveWarmupStatuses();
-  }
-  
-  /**
-   * Check if the current metrics meet the requirements for the stage
-   * @param status Warmup status to check
-   * @param stage Stage to check against
-   * @returns Whether metrics meet requirements
-   */
-  private checkStageMetrics(status: IIPWarmupStatus, stage: IWarmupStage): boolean {
-    // If no target metrics specified, assume met
-    if (!stage.targetMetrics) return true;
-    
-    const metrics = status.metrics;
-    let meetsRequirements = true;
-    
-    // Check each metric against requirements
-    if (stage.targetMetrics.minOpenRate !== undefined && 
-        metrics.openRate < stage.targetMetrics.minOpenRate) {
-      meetsRequirements = false;
-      logger.log('info', `Open rate ${metrics.openRate}% below target ${stage.targetMetrics.minOpenRate}% for IP ${status.ipAddress}`);
-    }
-    
-    if (stage.targetMetrics.maxBounceRate !== undefined && 
-        metrics.bounceRate > stage.targetMetrics.maxBounceRate) {
-      meetsRequirements = false;
-      logger.log('info', `Bounce rate ${metrics.bounceRate}% above target ${stage.targetMetrics.maxBounceRate}% for IP ${status.ipAddress}`);
-    }
-    
-    if (stage.targetMetrics.maxComplaintRate !== undefined && 
-        metrics.complaintRate > stage.targetMetrics.maxComplaintRate) {
-      meetsRequirements = false;
-      logger.log('info', `Complaint rate ${metrics.complaintRate}% above target ${stage.targetMetrics.maxComplaintRate}% for IP ${status.ipAddress}`);
-    }
-    
-    return meetsRequirements;
-  }
-  
-  /**
-   * Advance IP to the next warmup stage
-   * @param ipAddress IP address to advance
-   */
-  private advanceToNextStage(ipAddress: string): void {
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status) return;
-    
-    // Store metrics for the completed stage
-    const completedStage = status.currentStage;
-    
-    // Advance to next stage
-    status.currentStage++;
-    status.currentStageStartDate = new Date();
-    status.sentInCurrentStage = 0;
-    
-    // Update allocation
-    const newStage = this.config.stages[status.currentStage - 1];
-    status.currentDailyAllocation = newStage.maxDailyVolume;
-    
-    logger.log('info', `Advanced IP ${ipAddress} to warmup stage ${status.currentStage}`, {
-      previousStage: completedStage,
-      newDailyLimit: status.currentDailyAllocation,
-      durationDays: newStage.durationDays
-    });
-  }
-  
-  /**
-   * Get warmup status for all IPs or a specific IP
-   * @param ipAddress Optional specific IP to get status for
-   * @returns Warmup status information
-   */
-  public getWarmupStatus(ipAddress?: string): IIPWarmupStatus | Map<string, IIPWarmupStatus> {
-    if (ipAddress) {
-      return this.warmupStatuses.get(ipAddress);
-    }
-    return this.warmupStatuses;
-  }
-  
-  /**
-   * Add a new IP address to the warmup process
-   * @param ipAddress IP address to add
-   */
-  public addIPToWarmup(ipAddress: string): void {
-    if (this.config.ipAddresses.includes(ipAddress)) {
-      logger.log('info', `IP ${ipAddress} is already in warmup`);
-      return;
-    }
-    
-    // Add to configuration
-    this.config.ipAddresses.push(ipAddress);
-    
-    // Initialize warmup
-    this.initializeIPWarmup(ipAddress);
-    
-    // Initialize counters
-    this.dailySendCounts.set(ipAddress, 0);
-    this.hourlySendCounts.set(ipAddress, Array(24).fill(0));
-    
-    logger.log('info', `Added IP ${ipAddress} to warmup process`);
-  }
-  
-  /**
-   * Remove an IP address from the warmup process
-   * @param ipAddress IP address to remove
-   */
-  public removeIPFromWarmup(ipAddress: string): void {
-    const index = this.config.ipAddresses.indexOf(ipAddress);
-    if (index === -1) {
-      logger.log('info', `IP ${ipAddress} is not in warmup`);
-      return;
-    }
-    
-    // Remove from configuration
-    this.config.ipAddresses.splice(index, 1);
-    
-    // Remove from statuses and counters
-    this.warmupStatuses.delete(ipAddress);
-    this.dailySendCounts.delete(ipAddress);
-    this.hourlySendCounts.delete(ipAddress);
-    
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Removed IP ${ipAddress} from warmup process`);
-  }
-  
-  /**
-   * Update metrics for an IP address
-   * @param ipAddress IP address to update
-   * @param metrics New metrics
-   */
-  public updateMetrics(
-    ipAddress: string, 
-    metrics: { openRate?: number; bounceRate?: number; complaintRate?: number }
-  ): void {
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status) {
-      logger.log('warn', `Cannot update metrics for IP ${ipAddress} - not in warmup`);
-      return;
-    }
-    
-    // Update metrics
-    if (metrics.openRate !== undefined) {
-      status.metrics.openRate = metrics.openRate;
-    }
-    
-    if (metrics.bounceRate !== undefined) {
-      status.metrics.bounceRate = metrics.bounceRate;
-    }
-    
-    if (metrics.complaintRate !== undefined) {
-      status.metrics.complaintRate = metrics.complaintRate;
-    }
-    
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Updated metrics for IP ${ipAddress}`, {
-      openRate: status.metrics.openRate,
-      bounceRate: status.metrics.bounceRate,
-      complaintRate: status.metrics.complaintRate
-    });
-  }
-  
-  /**
-   * Record a send event for an IP address
-   * @param ipAddress IP address used for sending
-   */
-  public recordSend(ipAddress: string): void {
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      logger.log('warn', `Cannot record send for IP ${ipAddress} - not in warmup`);
-      return;
-    }
-    
-    // Increment daily counter
-    const currentCount = this.dailySendCounts.get(ipAddress) || 0;
-    this.dailySendCounts.set(ipAddress, currentCount + 1);
-    
-    // Increment hourly counter
-    const hourlyCount = this.hourlySendCounts.get(ipAddress) || Array(24).fill(0);
-    const currentHour = new Date().getHours();
-    hourlyCount[currentHour]++;
-    this.hourlySendCounts.set(ipAddress, hourlyCount);
-    
-    // Update warmup status
-    const status = this.warmupStatuses.get(ipAddress);
-    if (status) {
-      status.sentInCurrentStage++;
-      status.totalSent++;
-    }
-  }
-  
-  /**
-   * Check if an IP can send more emails today
-   * @param ipAddress IP address to check
-   * @returns Whether the IP can send more emails
-   */
-  public canSendMoreToday(ipAddress: string): boolean {
-    if (!this.config.enabled) return true;
-    
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      // If not in warmup, assume it can send
-      return true;
-    }
-    
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status || !status.isActive) {
-      return false;
-    }
-    
-    const currentCount = this.dailySendCounts.get(ipAddress) || 0;
-    return currentCount < status.currentDailyAllocation;
-  }
-  
-  /**
-   * Check if an IP can send more emails in the current hour
-   * @param ipAddress IP address to check
-   * @returns Whether the IP can send more emails this hour
-   */
-  public canSendMoreThisHour(ipAddress: string): boolean {
-    if (!this.config.enabled) return true;
-    
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      // If not in warmup, assume it can send
-      return true;
-    }
-    
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status || !status.isActive) {
-      return false;
-    }
-    
-    const currentDailyLimit = status.currentDailyAllocation;
-    const currentHour = new Date().getHours();
-    const hourlyAllocation = Math.ceil((currentDailyLimit * this.config.hourlyDistribution[currentHour]) / 100);
-    
-    const hourlyCount = this.hourlySendCounts.get(ipAddress) || Array(24).fill(0);
-    const currentHourCount = hourlyCount[currentHour];
-    
-    return currentHourCount < hourlyAllocation;
-  }
-  
-  /**
-   * Get the best IP to use for sending an email
-   * @param emailInfo Information about the email being sent
-   * @returns The best IP to use, or null if no suitable IP is available
-   */
-  public getBestIPForSending(emailInfo: {
-    from: string;
-    to: string[];
-    domain: string;
-    isTransactional?: boolean;
-  }): string | null {
-    // If warmup is disabled, return null (caller will use default IP)
-    if (!this.config.enabled || this.config.ipAddresses.length === 0) {
-      return null;
-    }
-    
-    // Prepare information for allocation policy
-    const availableIPs = this.config.ipAddresses
-      .filter(ip => this.canSendMoreToday(ip) && this.canSendMoreThisHour(ip))
-      .map(ip => {
-        const status = this.warmupStatuses.get(ip);
-        return {
-          ip,
-          priority: status ? status.currentStage : 1,
-          capacity: status ? (status.currentDailyAllocation - (this.dailySendCounts.get(ip) || 0)) : 0
-        };
-      });
-    
-    // Use the active allocation policy to determine the best IP
-    const policy = this.allocationPolicies.get(this.activePolicy);
-    if (!policy) {
-      logger.log('warn', `No allocation policy named ${this.activePolicy} found`);
-      return null;
-    }
-    
-    return policy.allocateIP(availableIPs, {
-      ...emailInfo,
-      isTransactional: emailInfo.isTransactional || false,
-      isWarmup: true
-    });
-  }
-  
-  /**
-   * Register a new IP allocation policy
-   * @param name Policy name
-   * @param policy Policy implementation
-   */
-  public registerAllocationPolicy(name: string, policy: IIPAllocationPolicy): void {
-    this.allocationPolicies.set(name, policy);
-    logger.log('info', `Registered IP allocation policy: ${name}`);
-  }
-  
-  /**
-   * Set the active IP allocation policy
-   * @param name Policy name
-   */
-  public setActiveAllocationPolicy(name: string): void {
-    if (!this.allocationPolicies.has(name)) {
-      logger.log('warn', `No allocation policy named ${name} found`);
-      return;
-    }
-    
-    this.activePolicy = name;
-    logger.log('info', `Set active IP allocation policy to ${name}`);
-  }
-  
-  /**
-   * Get the total number of stages in the warmup process
-   * @returns Number of stages
-   */
-  public getStageCount(): number {
-    return this.config.stages.length;
-  }
-  
-  /**
-   * Load warmup statuses from storage
-   */
-  private loadWarmupStatuses(): void {
-    try {
-      const warmupDir = plugins.path.join(paths.dataDir, 'warmup');
-      plugins.smartfile.fs.ensureDirSync(warmupDir);
-      
-      const statusFile = plugins.path.join(warmupDir, 'ip_warmup_status.json');
-      
-      if (plugins.fs.existsSync(statusFile)) {
-        const data = plugins.fs.readFileSync(statusFile, 'utf8');
-        const statuses = JSON.parse(data);
-        
-        for (const status of statuses) {
-          // Restore date objects
-          status.startDate = new Date(status.startDate);
-          status.currentStageStartDate = new Date(status.currentStageStartDate);
-          status.targetCompletionDate = new Date(status.targetCompletionDate);
-          
-          this.warmupStatuses.set(status.ipAddress, status);
-        }
-        
-        logger.log('info', `Loaded ${this.warmupStatuses.size} IP warmup statuses from storage`);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to load warmup statuses: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-  
-  /**
-   * Save warmup statuses to storage
-   */
-  private saveWarmupStatuses(): void {
-    try {
-      const warmupDir = plugins.path.join(paths.dataDir, 'warmup');
-      plugins.smartfile.fs.ensureDirSync(warmupDir);
-      
-      const statusFile = plugins.path.join(warmupDir, 'ip_warmup_status.json');
-      const statuses = Array.from(this.warmupStatuses.values());
-      
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(statuses, null, 2),
-        statusFile
-      );
-      
-      logger.log('debug', `Saved ${statuses.length} IP warmup statuses to storage`);
-    } catch (error) {
-      logger.log('error', `Failed to save warmup statuses: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-}
-
-/**
- * Policy that balances traffic across IPs based on stage and capacity
- */
-class BalancedAllocationPolicy implements IIPAllocationPolicy {
-  name = 'balanced';
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Sort IPs by priority (prefer higher stage IPs) and capacity
-    const sortedIPs = [...availableIPs].sort((a, b) => {
-      // First by priority (descending)
-      if (b.priority !== a.priority) {
-        return b.priority - a.priority;
-      }
-      // Then by remaining capacity (descending)
-      return b.capacity - a.capacity;
-    });
-    
-    // Prioritize higher-stage IPs for transactional emails
-    if (emailInfo.isTransactional) {
-      return sortedIPs[0].ip;
-    }
-    
-    // For marketing emails, spread across IPs with preference for higher stages
-    // Use weighted random selection based on stage
-    const totalWeight = sortedIPs.reduce((sum, ip) => sum + ip.priority, 0);
-    let randomPoint = Math.random() * totalWeight;
-    
-    for (const ip of sortedIPs) {
-      randomPoint -= ip.priority;
-      if (randomPoint <= 0) {
-        return ip.ip;
-      }
-    }
-    
-    // Fallback to the highest priority IP
-    return sortedIPs[0].ip;
-  }
-}
-
-/**
- * Policy that rotates through IPs in a round-robin fashion
- */
-class RoundRobinAllocationPolicy implements IIPAllocationPolicy {
-  name = 'roundRobin';
-  private lastIndex = -1;
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Sort by capacity to ensure even distribution
-    const sortedIPs = [...availableIPs].sort((a, b) => b.capacity - a.capacity);
-    
-    // Move to next IP
-    this.lastIndex = (this.lastIndex + 1) % sortedIPs.length;
-    
-    return sortedIPs[this.lastIndex].ip;
-  }
-}
-
-/**
- * Policy that dedicates specific IPs to specific domains
- */
-class DedicatedDomainPolicy implements IIPAllocationPolicy {
-  name = 'dedicated';
-  private domainAssignments: Map<string, string> = new Map();
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Check if we have a dedicated IP for this domain
-    if (this.domainAssignments.has(emailInfo.domain)) {
-      const dedicatedIP = this.domainAssignments.get(emailInfo.domain);
-      
-      // Check if the dedicated IP is in the available list
-      const isAvailable = availableIPs.some(ip => ip.ip === dedicatedIP);
-      
-      if (isAvailable) {
-        return dedicatedIP;
-      }
-    }
-    
-    // If not, assign one and save the assignment
-    const sortedIPs = [...availableIPs].sort((a, b) => b.capacity - a.capacity);
-    const assignedIP = sortedIPs[0].ip;
-    
-    this.domainAssignments.set(emailInfo.domain, assignedIP);
-    
-    return assignedIP;
-  }
-}

ts/deliverability/index.ts

@@ -1,13 +0,0 @@
-export {
-  IPWarmupManager,
-  type IIPWarmupConfig,
-  type IWarmupStage,
-  type IIPWarmupStatus,
-  type IIPAllocationPolicy
-} from './classes.ipwarmupmanager.js';
-
-export {
-  SenderReputationMonitor,
-  type IDomainReputationMetrics,
-  type IReputationMonitorConfig
-} from './classes.senderreputationmonitor.js';

ts/errors/base.errors.ts

@@ -182,25 +182,41 @@ export class PlatformError extends Error {
   ): PlatformError {
     const nextRetryAt = Date.now() + retryDelay;
     
-    // Create a new instance with the same parameters but updated context
+    // Clone the error with updated context
+    const newContext = {
+      ...this.context,
+      retry: {
+        maxRetries,
+        currentRetry,
+        nextRetryAt,
+        retryDelay
+      }
+    };
+    
+    // Create a new instance using the protected method that subclasses can override
+    const newError = this.createWithContext(newContext);
+    
+    // Update recoverability if we can retry
+    if (currentRetry < maxRetries && newError.recoverability === ErrorRecoverability.NON_RECOVERABLE) {
+      (newError as any).recoverability = ErrorRecoverability.MAYBE_RECOVERABLE;
+    }
+    
+    return newError;
+  }
+  
+  /**
+   * Protected method to create a new instance with updated context
+   * Subclasses can override this to handle their own constructor signatures
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    // Default implementation for PlatformError
     return new (this.constructor as typeof PlatformError)(
       this.message,
       this.code,
       this.severity,
       this.category,
-      // If we can retry, the error is at least maybe recoverable
-      currentRetry < maxRetries 
-        ? ErrorRecoverability.MAYBE_RECOVERABLE 
-        : this.recoverability,
-      {
-        ...this.context,
-        retry: {
-          maxRetries,
-          currentRetry,
-          nextRetryAt,
-          retryDelay
-        }
-      }
+      this.recoverability,
+      context
     );
   }
 
@@ -211,7 +227,7 @@ export class PlatformError extends Error {
     const { retry } = this.context;
     if (!retry) return false;
     
-    return retry.currentRetry < retry.maxRetries;
+    return (retry.currentRetry ?? 0) < (retry.maxRetries ?? 0);
   }
 
   /**
@@ -247,6 +263,18 @@ export class ValidationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ValidationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ValidationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -274,6 +302,18 @@ export class ConfigurationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ConfigurationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ConfigurationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -301,6 +341,18 @@ export class NetworkError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle NetworkError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof NetworkError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -328,6 +380,18 @@ export class ResourceError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ResourceError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ResourceError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -355,6 +419,18 @@ export class AuthenticationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle AuthenticationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof AuthenticationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -382,6 +458,18 @@ export class OperationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle OperationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof OperationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**

ts/errors/email.errors.ts

@@ -1,313 +0,0 @@
-import { 
-  PlatformError, 
-  ValidationError, 
-  NetworkError, 
-  ResourceError, 
-  OperationError
-} from './base.errors.js';
-import type { IErrorContext } from './base.errors.js';
-
-import {
-  EMAIL_SERVICE_ERROR,
-  EMAIL_TEMPLATE_ERROR,
-  EMAIL_VALIDATION_ERROR,
-  EMAIL_SEND_ERROR,
-  EMAIL_RECEIVE_ERROR,
-  EMAIL_ATTACHMENT_ERROR,
-  EMAIL_PARSE_ERROR,
-  EMAIL_RATE_LIMIT_EXCEEDED
-} from './error.codes.js';
-
-/**
- * Base class for all email service related errors
- */
-export class EmailServiceError extends OperationError {
-  /**
-   * Creates a new email service error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_SERVICE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email template errors
- */
-export class EmailTemplateError extends OperationError {
-  /**
-   * Creates a new email template error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_TEMPLATE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email validation errors
- */
-export class EmailValidationError extends ValidationError {
-  /**
-   * Creates a new email validation error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_VALIDATION_ERROR, context);
-  }
-}
-
-/**
- * Error class for email sending errors
- */
-export class EmailSendError extends OperationError {
-  /**
-   * Creates a new email send error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_SEND_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a permanently failed send
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  public static permanent(
-    message: string,
-    context: IErrorContext = {}
-  ): EmailSendError {
-    return new EmailSendError(`Permanent send failure: ${message}`, {
-      ...context,
-      data: {
-        ...context.data,
-        permanent: true
-      },
-      userMessage: 'The email could not be delivered due to a permanent failure.'
-    });
-  }
-
-  /**
-   * Creates an instance for a temporary failed send
-   * 
-   * @param message Error message
-   * @param maxRetries Maximum number of retries
-   * @param currentRetry Current retry count
-   * @param retryDelay Delay between retries in ms
-   * @param context Additional context
-   */
-  public static temporary(
-    message: string,
-    maxRetries: number = 3,
-    currentRetry: number = 0,
-    retryDelay: number = 60000,
-    context: IErrorContext = {}
-  ): EmailSendError {
-    const error = new EmailSendError(`Temporary send failure: ${message}`, {
-      ...context,
-      data: {
-        ...context.data,
-        permanent: false
-      },
-      userMessage: 'The email delivery failed temporarily. It will be retried.'
-    });
-    
-    return error.withRetry(maxRetries, currentRetry, retryDelay) as EmailSendError;
-  }
-
-  /**
-   * Check if this is a permanent send failure
-   */
-  public isPermanent(): boolean {
-    return !!this.context.data?.permanent;
-  }
-}
-
-/**
- * Error class for email receiving errors
- */
-export class EmailReceiveError extends OperationError {
-  /**
-   * Creates a new email receive error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_RECEIVE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email attachment errors
- */
-export class EmailAttachmentError extends ValidationError {
-  /**
-   * Creates a new email attachment error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_ATTACHMENT_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an attachment too large error
-   * 
-   * @param size Attachment size in bytes
-   * @param maxSize Maximum allowed size in bytes
-   * @param filename Attachment filename
-   * @param context Additional context
-   */
-  public static tooLarge(
-    size: number,
-    maxSize: number,
-    filename?: string,
-    context: IErrorContext = {}
-  ): EmailAttachmentError {
-    const filenameText = filename ? ` (${filename})` : '';
-    return new EmailAttachmentError(
-      `Attachment${filenameText} size ${size} bytes exceeds maximum allowed size of ${maxSize} bytes`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          size,
-          maxSize,
-          filename
-        },
-        userMessage: `The attachment${filenameText} is too large. Maximum size is ${Math.round(maxSize / 1024 / 1024)} MB.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an invalid attachment type error
-   * 
-   * @param contentType Attachment content type
-   * @param filename Attachment filename
-   * @param allowedTypes List of allowed content types
-   * @param context Additional context
-   */
-  public static invalidType(
-    contentType: string,
-    filename: string,
-    allowedTypes: string[],
-    context: IErrorContext = {}
-  ): EmailAttachmentError {
-    return new EmailAttachmentError(
-      `Attachment '${filename}' with content type '${contentType}' is not allowed. Allowed types: ${allowedTypes.join(', ')}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          contentType,
-          filename,
-          allowedTypes
-        },
-        userMessage: `The attachment type ${contentType} is not allowed.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for email parsing errors
- */
-export class EmailParseError extends OperationError {
-  /**
-   * Creates a new email parse error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_PARSE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email rate limit exceeded errors
- */
-export class EmailRateLimitError extends ResourceError {
-  /**
-   * Creates a new email rate limit error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_RATE_LIMIT_EXCEEDED, context);
-  }
-
-  /**
-   * Creates an instance with rate limit information
-   * 
-   * @param limit Rate limit
-   * @param remaining Remaining quota
-   * @param resetAt Time when the quota resets
-   * @param scope Rate limit scope (global, domain, user, etc.)
-   * @param context Additional context
-   */
-  public static withLimitInfo(
-    limit: number,
-    remaining: number,
-    resetAt: Date | number,
-    scope: string = 'global',
-    context: IErrorContext = {}
-  ): EmailRateLimitError {
-    const resetTime = typeof resetAt === 'number' ? new Date(resetAt) : resetAt;
-    const resetTimeStr = resetTime.toISOString();
-    
-    return new EmailRateLimitError(
-      `Email rate limit exceeded: ${remaining}/${limit} remaining in ${scope} scope, resets at ${resetTimeStr}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          limit,
-          remaining,
-          resetAt: resetTime.getTime(),
-          resetTimeStr,
-          scope
-        },
-        userMessage: `You've reached the email sending limit. Please try again later.`
-      }
-    );
-  }
-}

ts/errors/index.ts

@@ -12,14 +12,19 @@ export * from './error.codes.js';
 export * from './base.errors.js';
 
 // Export domain-specific error classes
-export * from './email.errors.js';
-export * from './mta.errors.js';
 export * from './reputation.errors.js';
 
+// Export error handler
+export * from './error-handler.js';
+
 // Export utility function to create specific error types based on the error category
 import { getErrorClassForCategory } from './base.errors.js';
 export { getErrorClassForCategory };
 
+// Import needed classes for utility functions
+import { PlatformError } from './base.errors.js';
+import { ErrorSeverity, ErrorCategory, ErrorRecoverability } from './error.codes.js';
+
 /**
  * Create a typed error from a standard Error
  * Useful for converting errors from external libraries or APIs
@@ -33,11 +38,7 @@ export function fromError(
   error: Error,
   code: string,
   contextData: Record<string, any> = {}
-) {
-  // Import and use PlatformError
-  const { PlatformError } = require('./base.errors.js');
-  const { ErrorSeverity, ErrorCategory, ErrorRecoverability } = require('./error.codes.js');
-  
+): PlatformError {
   return new PlatformError(
     error.message,
     code,
@@ -66,7 +67,6 @@ export function fromError(
 export function isRetryable(error: any): boolean {
   // If it's our platform error, use its recoverability property
   if (error && typeof error === 'object' && 'recoverability' in error) {
-    const { ErrorRecoverability } = require('./error.codes.js');
     return error.recoverability === ErrorRecoverability.RECOVERABLE ||
            error.recoverability === ErrorRecoverability.MAYBE_RECOVERABLE ||
            error.recoverability === ErrorRecoverability.TRANSIENT;

ts/errors/mta.errors.ts

@@ -1,611 +0,0 @@
-import { 
-  PlatformError,
-  NetworkError, 
-  AuthenticationError, 
-  OperationError,
-  ConfigurationError
-} from './base.errors.js';
-import type { IErrorContext } from './base.errors.js';
-
-import {
-  MTA_CONNECTION_ERROR,
-  MTA_AUTHENTICATION_ERROR,
-  MTA_DELIVERY_ERROR,
-  MTA_CONFIGURATION_ERROR,
-  MTA_DNS_ERROR,
-  MTA_TIMEOUT_ERROR,
-  MTA_PROTOCOL_ERROR
-} from './error.codes.js';
-
-/**
- * Base class for MTA connection errors
- */
-export class MtaConnectionError extends NetworkError {
-  /**
-   * Creates a new MTA connection error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_CONNECTION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a DNS resolution error
-   * 
-   * @param hostname Hostname that failed to resolve
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static dnsError(
-    hostname: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    return new MtaConnectionError(
-      `Failed to resolve DNS for ${hostname}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not connect to mail server for ${hostname}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a connection timeout
-   * 
-   * @param hostname Hostname that timed out
-   * @param port Port number
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static timeout(
-    hostname: string,
-    port: number,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    return new MtaConnectionError(
-      `Connection to ${hostname}:${port} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          port,
-          timeout
-        },
-        userMessage: `Connection to mail server timed out.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a connection refused error
-   * 
-   * @param hostname Hostname that refused connection
-   * @param port Port number
-   * @param context Additional context
-   */
-  public static refused(
-    hostname: string,
-    port: number,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    return new MtaConnectionError(
-      `Connection to ${hostname}:${port} refused`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          port
-        },
-        userMessage: `Connection to mail server was refused.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA authentication errors
- */
-export class MtaAuthenticationError extends AuthenticationError {
-  /**
-   * Creates a new MTA authentication error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_AUTHENTICATION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for invalid credentials
-   * 
-   * @param hostname Hostname where authentication failed
-   * @param username Username that failed authentication
-   * @param context Additional context
-   */
-  public static invalidCredentials(
-    hostname: string,
-    username: string,
-    context: IErrorContext = {}
-  ): MtaAuthenticationError {
-    return new MtaAuthenticationError(
-      `Authentication failed for user ${username} at ${hostname}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          username
-        },
-        userMessage: `Authentication to mail server failed.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for unsupported authentication method
-   * 
-   * @param hostname Hostname
-   * @param method Authentication method that is not supported
-   * @param supportedMethods List of supported authentication methods
-   * @param context Additional context
-   */
-  public static unsupportedMethod(
-    hostname: string,
-    method: string,
-    supportedMethods: string[] = [],
-    context: IErrorContext = {}
-  ): MtaAuthenticationError {
-    return new MtaAuthenticationError(
-      `Authentication method ${method} not supported by ${hostname}${supportedMethods.length > 0 ? `. Supported methods: ${supportedMethods.join(', ')}` : ''}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          method,
-          supportedMethods
-        },
-        userMessage: `The mail server doesn't support the required authentication method.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA delivery errors
- */
-export class MtaDeliveryError extends OperationError {
-  /**
-   * Creates a new MTA delivery error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_DELIVERY_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a permanent delivery failure
-   * 
-   * @param message Error message
-   * @param recipientAddress Recipient email address
-   * @param statusCode SMTP status code
-   * @param smtpResponse Full SMTP response
-   * @param context Additional context
-   */
-  public static permanent(
-    message: string,
-    recipientAddress: string,
-    statusCode?: string,
-    smtpResponse?: string,
-    context: IErrorContext = {}
-  ): MtaDeliveryError {
-    const statusCodeStr = statusCode ? ` (${statusCode})` : '';
-    return new MtaDeliveryError(
-      `Permanent delivery failure to ${recipientAddress}${statusCodeStr}: ${message}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          recipientAddress,
-          statusCode,
-          smtpResponse,
-          permanent: true
-        },
-        userMessage: `The email could not be delivered to ${recipientAddress}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a temporary delivery failure
-   * 
-   * @param message Error message
-   * @param recipientAddress Recipient email address
-   * @param statusCode SMTP status code
-   * @param smtpResponse Full SMTP response
-   * @param maxRetries Maximum number of retries
-   * @param currentRetry Current retry count
-   * @param retryDelay Delay between retries in ms
-   * @param context Additional context
-   */
-  public static temporary(
-    message: string,
-    recipientAddress: string,
-    statusCode?: string,
-    smtpResponse?: string,
-    maxRetries: number = 3,
-    currentRetry: number = 0,
-    retryDelay: number = 60000,
-    context: IErrorContext = {}
-  ): MtaDeliveryError {
-    const statusCodeStr = statusCode ? ` (${statusCode})` : '';
-    const error = new MtaDeliveryError(
-      `Temporary delivery failure to ${recipientAddress}${statusCodeStr}: ${message}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          recipientAddress,
-          statusCode,
-          smtpResponse,
-          permanent: false
-        },
-        userMessage: `The email delivery to ${recipientAddress} failed temporarily. It will be retried.`
-      }
-    );
-    
-    return error.withRetry(maxRetries, currentRetry, retryDelay) as MtaDeliveryError;
-  }
-
-  /**
-   * Check if this is a permanent delivery failure
-   */
-  public isPermanent(): boolean {
-    return !!this.context.data?.permanent;
-  }
-
-  /**
-   * Get the recipient address associated with this delivery error
-   */
-  public getRecipientAddress(): string | undefined {
-    return this.context.data?.recipientAddress;
-  }
-
-  /**
-   * Get the SMTP status code associated with this delivery error
-   */
-  public getStatusCode(): string | undefined {
-    return this.context.data?.statusCode;
-  }
-}
-
-/**
- * Error class for MTA configuration errors
- */
-export class MtaConfigurationError extends ConfigurationError {
-  /**
-   * Creates a new MTA configuration error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_CONFIGURATION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a missing configuration value
-   * 
-   * @param propertyPath Path to the missing property
-   * @param context Additional context
-   */
-  public static missingConfig(
-    propertyPath: string,
-    context: IErrorContext = {}
-  ): MtaConfigurationError {
-    return new MtaConfigurationError(
-      `Missing required configuration: ${propertyPath}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          propertyPath
-        },
-        userMessage: `The mail server is missing required configuration.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an invalid configuration value
-   * 
-   * @param propertyPath Path to the invalid property
-   * @param value Current value
-   * @param expectedType Expected type or format
-   * @param context Additional context
-   */
-  public static invalidConfig(
-    propertyPath: string,
-    value: any,
-    expectedType: string,
-    context: IErrorContext = {}
-  ): MtaConfigurationError {
-    return new MtaConfigurationError(
-      `Invalid configuration value for ${propertyPath}: got ${value} (${typeof value}), expected ${expectedType}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          propertyPath,
-          value,
-          expectedType
-        },
-        userMessage: `The mail server has an invalid configuration value.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA DNS errors
- */
-export class MtaDnsError extends NetworkError {
-  /**
-   * Creates a new MTA DNS error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_DNS_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an MX record lookup failure
-   * 
-   * @param domain Domain that failed MX lookup
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static mxLookupFailed(
-    domain: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaDnsError {
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    return new MtaDnsError(
-      `Failed to lookup MX records for ${domain}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          domain,
-          recordType: 'MX',
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not find mail servers for ${domain}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a TXT record lookup failure
-   * 
-   * @param domain Domain that failed TXT lookup
-   * @param recordPrefix Optional record prefix (e.g., 'spf', 'dkim', 'dmarc')
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static txtLookupFailed(
-    domain: string,
-    recordPrefix?: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaDnsError {
-    const recordType = recordPrefix ? `${recordPrefix} TXT` : 'TXT';
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    
-    return new MtaDnsError(
-      `Failed to lookup ${recordType} records for ${domain}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          domain,
-          recordType,
-          recordPrefix,
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not verify ${recordPrefix || ''} records for ${domain}.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA timeout errors
- */
-export class MtaTimeoutError extends NetworkError {
-  /**
-   * Creates a new MTA timeout error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_TIMEOUT_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an SMTP command timeout
-   * 
-   * @param command SMTP command that timed out
-   * @param server Server hostname
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static commandTimeout(
-    command: string,
-    server: string,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaTimeoutError {
-    return new MtaTimeoutError(
-      `SMTP command ${command} to ${server} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          command,
-          server,
-          timeout
-        },
-        userMessage: `The mail server took too long to respond.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an overall transaction timeout
-   * 
-   * @param server Server hostname
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static transactionTimeout(
-    server: string,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaTimeoutError {
-    return new MtaTimeoutError(
-      `SMTP transaction with ${server} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          server,
-          timeout
-        },
-        userMessage: `The mail server transaction took too long to complete.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA protocol errors
- */
-export class MtaProtocolError extends OperationError {
-  /**
-   * Creates a new MTA protocol error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_PROTOCOL_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an unexpected server response
-   * 
-   * @param command SMTP command that received unexpected response
-   * @param response Unexpected response
-   * @param expected Expected response pattern
-   * @param server Server hostname
-   * @param context Additional context
-   */
-  public static unexpectedResponse(
-    command: string,
-    response: string,
-    expected: string,
-    server: string,
-    context: IErrorContext = {}
-  ): MtaProtocolError {
-    return new MtaProtocolError(
-      `Unexpected SMTP response from ${server} for command ${command}: got "${response}", expected "${expected}"`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          command,
-          response,
-          expected,
-          server
-        },
-        userMessage: `Received an unexpected response from the mail server.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a syntax error
-   * 
-   * @param details Error details
-   * @param server Server hostname
-   * @param context Additional context
-   */
-  public static syntaxError(
-    details: string,
-    server: string,
-    context: IErrorContext = {}
-  ): MtaProtocolError {
-    return new MtaProtocolError(
-      `SMTP syntax error in communication with ${server}: ${details}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          details,
-          server
-        },
-        userMessage: `There was a protocol error communicating with the mail server.`
-      }
-    );
-  }
-}

ts/errors/reputation.errors.ts

@@ -51,6 +51,16 @@ export class ReputationCheckError extends ReputationError {
   ) {
     super(message, REPUTATION_CHECK_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationCheckError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for an IP reputation check error
@@ -133,6 +143,16 @@ export class ReputationDataError extends ReputationError {
   ) {
     super(message, REPUTATION_DATA_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationDataError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for a data access error
@@ -186,6 +206,16 @@ export class BlocklistError extends ReputationError {
   ) {
     super(message, REPUTATION_BLOCKLIST_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof BlocklistError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for an entity found on a blocklist
@@ -237,6 +267,16 @@ export class ReputationUpdateError extends ReputationError {
   ) {
     super(message, REPUTATION_UPDATE_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationUpdateError)(
+      this.message,
+      context
+    );
+  }
 }
 
 /**
@@ -255,6 +295,16 @@ export class WarmupAllocationError extends ReputationError {
   ) {
     super(message, WARMUP_ALLOCATION_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupAllocationError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for no available IPs
@@ -299,6 +349,16 @@ export class WarmupLimitError extends ResourceError {
   ) {
     super(message, WARMUP_LIMIT_EXCEEDED, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupLimitError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for daily sending limit exceeded
@@ -349,4 +409,14 @@ export class WarmupScheduleError extends ReputationError {
   ) {
     super(message, WARMUP_SCHEDULE_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupScheduleError)(
+      this.message,
+      context
+    );
+  }
 }

ts/http3/http3-route-augmentation.ts

@@ -0,0 +1,153 @@
+import type * as plugins from '../plugins.js';
+
+/**
+ * Configuration for HTTP/3 (QUIC) route augmentation.
+ * HTTP/3 is enabled by default on all qualifying HTTPS routes.
+ */
+export interface IHttp3Config {
+  /** Enable HTTP/3 augmentation on qualifying routes (default: true) */
+  enabled?: boolean;
+  /** QUIC-specific settings applied to all augmented routes */
+  quicSettings?: {
+    /** QUIC connection idle timeout in ms (default: 30000) */
+    maxIdleTimeout?: number;
+    /** Max concurrent bidirectional streams per connection (default: 100) */
+    maxConcurrentBidiStreams?: number;
+    /** Max concurrent unidirectional streams per connection (default: 100) */
+    maxConcurrentUniStreams?: number;
+    /** Initial congestion window size in bytes */
+    initialCongestionWindow?: number;
+  };
+  /** Alt-Svc header settings */
+  altSvc?: {
+    /** Port advertised in Alt-Svc header (default: same as listening port) */
+    port?: number;
+    /** Max age for Alt-Svc advertisement in seconds (default: 86400) */
+    maxAge?: number;
+  };
+  /** UDP session settings */
+  udpSettings?: {
+    /** Idle timeout for UDP sessions in ms (default: 60000) */
+    sessionTimeout?: number;
+    /** Max concurrent UDP sessions per source IP (default: 1000) */
+    maxSessionsPerIP?: number;
+    /** Max accepted datagram size in bytes (default: 65535) */
+    maxDatagramSize?: number;
+  };
+}
+
+type TPortRange = plugins.smartproxy.IRouteConfig['match']['ports'];
+
+/**
+ * Check whether a TPortRange includes port 443.
+ */
+function portRangeIncludes443(ports: TPortRange): boolean {
+  if (typeof ports === 'number') return ports === 443;
+  if (Array.isArray(ports)) {
+    return ports.some((p) => {
+      if (typeof p === 'number') return p === 443;
+      return p.from <= 443 && p.to >= 443;
+    });
+  }
+  return false;
+}
+
+/**
+ * Check if a route name indicates an email route that should not get HTTP/3.
+ */
+function isEmailRoute(route: plugins.smartproxy.IRouteConfig): boolean {
+  const name = route.name?.toLowerCase() || '';
+  return (
+    name.startsWith('smtp-') ||
+    name.startsWith('submission-') ||
+    name.startsWith('smtps-') ||
+    name.startsWith('email-')
+  );
+}
+
+/**
+ * Determine if a route qualifies for HTTP/3 augmentation.
+ */
+export function routeQualifiesForHttp3(
+  route: plugins.smartproxy.IRouteConfig,
+  globalConfig: IHttp3Config,
+): boolean {
+  // Check global enable + per-route override
+  const globalEnabled = globalConfig.enabled !== false; // default true
+  const perRouteOverride = route.action.options?.http3;
+
+  // If per-route explicitly set, use that; otherwise use global
+  const shouldAugment =
+    perRouteOverride !== undefined ? perRouteOverride : globalEnabled;
+  if (!shouldAugment) return false;
+
+  // Must be forward type
+  if (route.action.type !== 'forward') return false;
+
+  // Must include port 443
+  if (!portRangeIncludes443(route.match.ports)) return false;
+
+  // Must have TLS
+  if (!route.action.tls) return false;
+
+  // Skip email routes
+  if (isEmailRoute(route)) return false;
+
+  // Skip if already configured with transport 'all' or 'udp'
+  if (route.match.transport === 'all' || route.match.transport === 'udp') return false;
+
+  // Skip if already has QUIC config
+  if (route.action.udp?.quic) return false;
+
+  return true;
+}
+
+/**
+ * Augment a single route with HTTP/3 fields.
+ * Returns a new route object (does not mutate the original).
+ */
+export function augmentRouteWithHttp3(
+  route: plugins.smartproxy.IRouteConfig,
+  config: IHttp3Config,
+): plugins.smartproxy.IRouteConfig {
+  if (!routeQualifiesForHttp3(route, config)) {
+    return route;
+  }
+
+  return {
+    ...route,
+    match: {
+      ...route.match,
+      transport: 'all' as const,
+    },
+    action: {
+      ...route.action,
+      udp: {
+        ...(route.action.udp || {}),
+        sessionTimeout: config.udpSettings?.sessionTimeout,
+        maxSessionsPerIP: config.udpSettings?.maxSessionsPerIP,
+        maxDatagramSize: config.udpSettings?.maxDatagramSize,
+        quic: {
+          enableHttp3: true,
+          maxIdleTimeout: config.quicSettings?.maxIdleTimeout,
+          maxConcurrentBidiStreams: config.quicSettings?.maxConcurrentBidiStreams,
+          maxConcurrentUniStreams: config.quicSettings?.maxConcurrentUniStreams,
+          altSvcPort: config.altSvc?.port,
+          altSvcMaxAge: config.altSvc?.maxAge ?? 86400,
+          initialCongestionWindow: config.quicSettings?.initialCongestionWindow,
+        },
+      },
+    },
+  };
+}
+
+/**
+ * Augment all qualifying routes in an array.
+ * Returns a new array (does not mutate originals).
+ */
+export function augmentRoutesWithHttp3(
+  routes: plugins.smartproxy.IRouteConfig[],
+  config: IHttp3Config,
+): plugins.smartproxy.IRouteConfig[] {
+  return routes.map((route) => augmentRouteWithHttp3(route, config));
+}

ts/http3/index.ts

@@ -0,0 +1 @@
+export * from './http3-route-augmentation.js';

ts/index.ts

@@ -1,8 +1,40 @@
 export * from './00_commitinfo_data.js';
-import { SzPlatformService } from './platformservice.js';
-export * from './mail/index.js';
+
+// Re-export smartmta (excluding commitinfo to avoid naming conflict)
+export { UnifiedEmailServer } from '@push.rocks/smartmta';
+export type { IUnifiedEmailServerOptions, IEmailRoute, IEmailDomainConfig } from '@push.rocks/smartmta';
 
 // DcRouter
+import { DcRouter } from './classes.dcrouter.js';
 export * from './classes.dcrouter.js';
 
-export const runCli = async () => {}
+// RADIUS module
+export * from './radius/index.js';
+
+// Remote Ingress module
+export * from './remoteingress/index.js';
+
+// HTTP/3 module
+export type { IHttp3Config } from './http3/index.js';
+
+export const runCli = async () => {
+  let options: import('./classes.dcrouter.js').IDcRouterOptions = {};
+
+  if (process.env.DCROUTER_MODE === 'OCI_CONTAINER') {
+    const { getOciContainerConfig } = await import('../ts_oci_container/index.js');
+    options = getOciContainerConfig();
+    console.log('[DCRouter] Starting in OCI Container mode...');
+  }
+
+  const dcRouter = new DcRouter(options);
+  await dcRouter.start();
+  console.log('[DCRouter] Running. Send SIGTERM or SIGINT to stop.');
+
+  const shutdown = async () => {
+    console.log('[DCRouter] Shutting down...');
+    await dcRouter.stop();
+    process.exit(0);
+  };
+  process.once('SIGINT', shutdown);
+  process.once('SIGTERM', shutdown);
+};

ts/logger.ts

@@ -1,5 +1,6 @@
 import * as plugins from './plugins.js';
 import { randomUUID } from 'node:crypto';
+import { SmartlogDestinationBuffer } from '@push.rocks/smartlog/destination-buffer';
 
 // Map NODE_ENV to valid TEnvironment
 const nodeEnv = process.env.NODE_ENV || 'production';
@@ -10,8 +11,11 @@ const envMap: Record<string, 'local' | 'test' | 'staging' | 'production'> = {
   'production': 'production'
 };
 
-// Default Smartlog instance
-const baseLogger = new plugins.smartlog.Smartlog({
+// In-memory log buffer for the OpsServer UI
+export const logBuffer = new SmartlogDestinationBuffer({ maxEntries: 2000 });
+
+// Default Smartlog instance (exported so OpsServer can add push destinations)
+export const baseLogger = new plugins.smartlog.Smartlog({
   logContext: {
     environment: envMap[nodeEnv] || 'production',
     runtime: 'node',
@@ -19,6 +23,9 @@ const baseLogger = new plugins.smartlog.Smartlog({
   }
 });
 
+// Wire the buffer destination so all logs are captured
+baseLogger.addLogDestination(logBuffer);
+
 // Extended logger compatible with the original enhanced logger API
 class StandardLogger {
   private defaultContext: Record<string, any> = {};

ts/mail/core/classes.bouncemanager.ts

@@ -1,902 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-import { LRUCache } from 'lru-cache';
-
-/**
- * Bounce types for categorizing the reasons for bounces
- */
-export enum BounceType {
-  // Hard bounces (permanent failures)
-  INVALID_RECIPIENT = 'invalid_recipient',
-  DOMAIN_NOT_FOUND = 'domain_not_found',
-  MAILBOX_FULL = 'mailbox_full',
-  MAILBOX_INACTIVE = 'mailbox_inactive',
-  BLOCKED = 'blocked',
-  SPAM_RELATED = 'spam_related',
-  POLICY_RELATED = 'policy_related',
-  
-  // Soft bounces (temporary failures)
-  SERVER_UNAVAILABLE = 'server_unavailable',
-  TEMPORARY_FAILURE = 'temporary_failure',
-  QUOTA_EXCEEDED = 'quota_exceeded',
-  NETWORK_ERROR = 'network_error',
-  TIMEOUT = 'timeout',
-  
-  // Special cases
-  AUTO_RESPONSE = 'auto_response',
-  CHALLENGE_RESPONSE = 'challenge_response',
-  UNKNOWN = 'unknown'
-}
-
-/**
- * Hard vs soft bounce classification
- */
-export enum BounceCategory {
-  HARD = 'hard',
-  SOFT = 'soft',
-  AUTO_RESPONSE = 'auto_response',
-  UNKNOWN = 'unknown'
-}
-
-/**
- * Bounce data structure
- */
-export interface BounceRecord {
-  id: string;
-  originalEmailId?: string;
-  recipient: string;
-  sender: string;
-  domain: string;
-  subject?: string;
-  bounceType: BounceType;
-  bounceCategory: BounceCategory;
-  timestamp: number;
-  smtpResponse?: string;
-  diagnosticCode?: string;
-  statusCode?: string;
-  headers?: Record<string, string>;
-  processed: boolean;
-  retryCount?: number;
-  nextRetryTime?: number;
-}
-
-/**
- * Email bounce patterns to identify bounce types in SMTP responses and bounce messages
- */
-const BOUNCE_PATTERNS = {
-  // Hard bounce patterns
-  [BounceType.INVALID_RECIPIENT]: [
-    /no such user/i,
-    /user unknown/i,
-    /does not exist/i,
-    /invalid recipient/i,
-    /unknown recipient/i,
-    /no mailbox/i,
-    /user not found/i,
-    /recipient address rejected/i,
-    /550 5\.1\.1/i
-  ],
-  [BounceType.DOMAIN_NOT_FOUND]: [
-    /domain not found/i,
-    /unknown domain/i,
-    /no such domain/i,
-    /host not found/i,
-    /domain invalid/i,
-    /550 5\.1\.2/i
-  ],
-  [BounceType.MAILBOX_FULL]: [
-    /mailbox full/i,
-    /over quota/i,
-    /quota exceeded/i,
-    /552 5\.2\.2/i
-  ],
-  [BounceType.MAILBOX_INACTIVE]: [
-    /mailbox disabled/i,
-    /mailbox inactive/i,
-    /account disabled/i,
-    /mailbox not active/i,
-    /account suspended/i
-  ],
-  [BounceType.BLOCKED]: [
-    /blocked/i,
-    /rejected/i,
-    /denied/i,
-    /blacklisted/i,
-    /prohibited/i,
-    /refused/i,
-    /550 5\.7\./i
-  ],
-  [BounceType.SPAM_RELATED]: [
-    /spam/i,
-    /bulk mail/i,
-    /content rejected/i,
-    /message rejected/i,
-    /550 5\.7\.1/i
-  ],
-  
-  // Soft bounce patterns
-  [BounceType.SERVER_UNAVAILABLE]: [
-    /server unavailable/i,
-    /service unavailable/i,
-    /try again later/i,
-    /try later/i,
-    /451 4\.3\./i,
-    /421 4\.3\./i
-  ],
-  [BounceType.TEMPORARY_FAILURE]: [
-    /temporary failure/i,
-    /temporary error/i,
-    /temporary problem/i,
-    /try again/i,
-    /451 4\./i
-  ],
-  [BounceType.QUOTA_EXCEEDED]: [
-    /quota temporarily exceeded/i,
-    /mailbox temporarily full/i,
-    /452 4\.2\.2/i
-  ],
-  [BounceType.NETWORK_ERROR]: [
-    /network error/i,
-    /connection error/i,
-    /connection timed out/i,
-    /routing error/i,
-    /421 4\.4\./i
-  ],
-  [BounceType.TIMEOUT]: [
-    /timed out/i,
-    /timeout/i,
-    /450 4\.4\.2/i
-  ],
-  
-  // Auto-responses
-  [BounceType.AUTO_RESPONSE]: [
-    /auto[- ]reply/i,
-    /auto[- ]response/i,
-    /vacation/i,
-    /out of office/i,
-    /away from office/i,
-    /on vacation/i,
-    /automatic reply/i
-  ],
-  [BounceType.CHALLENGE_RESPONSE]: [
-    /challenge[- ]response/i,
-    /verify your email/i,
-    /confirm your email/i,
-    /email verification/i
-  ]
-};
-
-/**
- * Retry strategy configuration for soft bounces
- */
-interface RetryStrategy {
-  maxRetries: number;
-  initialDelay: number; // milliseconds
-  maxDelay: number; // milliseconds
-  backoffFactor: number;
-}
-
-/**
- * Manager for handling email bounces
- */
-export class BounceManager {
-  // Retry strategy with exponential backoff
-  private retryStrategy: RetryStrategy = {
-    maxRetries: 5,
-    initialDelay: 15 * 60 * 1000, // 15 minutes
-    maxDelay: 24 * 60 * 60 * 1000, // 24 hours
-    backoffFactor: 2
-  };
-  
-  // Store of bounced emails
-  private bounceStore: BounceRecord[] = [];
-  
-  // Cache of recently bounced email addresses to avoid sending to known bad addresses
-  private bounceCache: LRUCache<string, {
-    lastBounce: number;
-    count: number;
-    type: BounceType;
-    category: BounceCategory;
-  }>;
-  
-  // Suppression list for addresses that should not receive emails
-  private suppressionList: Map<string, {
-    reason: string;
-    timestamp: number;
-    expiresAt?: number; // undefined means permanent
-  }> = new Map();
-  
-  constructor(options?: {
-    retryStrategy?: Partial<RetryStrategy>;
-    maxCacheSize?: number;
-    cacheTTL?: number;
-  }) {
-    // Set retry strategy with defaults
-    if (options?.retryStrategy) {
-      this.retryStrategy = {
-        ...this.retryStrategy,
-        ...options.retryStrategy
-      };
-    }
-    
-    // Initialize bounce cache with LRU (least recently used) caching
-    this.bounceCache = new LRUCache<string, any>({
-      max: options?.maxCacheSize || 10000,
-      ttl: options?.cacheTTL || 30 * 24 * 60 * 60 * 1000, // 30 days default
-    });
-    
-    // Load suppression list from storage
-    this.loadSuppressionList();
-  }
-  
-  /**
-   * Process a bounce notification
-   * @param bounceData Bounce data to process
-   * @returns Processed bounce record
-   */
-  public async processBounce(bounceData: Partial<BounceRecord>): Promise<BounceRecord> {
-    try {
-      // Add required fields if missing
-      const bounce: BounceRecord = {
-        id: bounceData.id || plugins.uuid.v4(),
-        recipient: bounceData.recipient,
-        sender: bounceData.sender,
-        domain: bounceData.domain || bounceData.recipient.split('@')[1],
-        subject: bounceData.subject,
-        bounceType: bounceData.bounceType || BounceType.UNKNOWN,
-        bounceCategory: bounceData.bounceCategory || BounceCategory.UNKNOWN,
-        timestamp: bounceData.timestamp || Date.now(),
-        smtpResponse: bounceData.smtpResponse,
-        diagnosticCode: bounceData.diagnosticCode,
-        statusCode: bounceData.statusCode,
-        headers: bounceData.headers,
-        processed: false,
-        originalEmailId: bounceData.originalEmailId,
-        retryCount: bounceData.retryCount || 0,
-        nextRetryTime: bounceData.nextRetryTime
-      };
-      
-      // Determine bounce type and category if not provided
-      if (!bounceData.bounceType || bounceData.bounceType === BounceType.UNKNOWN) {
-        const bounceInfo = this.detectBounceType(
-          bounce.smtpResponse || '',
-          bounce.diagnosticCode || '',
-          bounce.statusCode || ''
-        );
-        
-        bounce.bounceType = bounceInfo.type;
-        bounce.bounceCategory = bounceInfo.category;
-      }
-      
-      // Process the bounce based on category
-      switch (bounce.bounceCategory) {
-        case BounceCategory.HARD:
-          // Handle hard bounce - add to suppression list
-          await this.handleHardBounce(bounce);
-          break;
-          
-        case BounceCategory.SOFT:
-          // Handle soft bounce - schedule retry if eligible
-          await this.handleSoftBounce(bounce);
-          break;
-          
-        case BounceCategory.AUTO_RESPONSE:
-          // Handle auto-response - typically no action needed
-          logger.log('info', `Auto-response detected for ${bounce.recipient}`);
-          break;
-          
-        default:
-          // Unknown bounce type - log for investigation
-          logger.log('warn', `Unknown bounce type for ${bounce.recipient}`, {
-            bounceType: bounce.bounceType,
-            smtpResponse: bounce.smtpResponse
-          });
-          break;
-      }
-      
-      // Store the bounce record
-      bounce.processed = true;
-      this.bounceStore.push(bounce);
-      
-      // Update the bounce cache
-      this.updateBounceCache(bounce);
-      
-      // Log the bounce
-      logger.log(
-        bounce.bounceCategory === BounceCategory.HARD ? 'warn' : 'info',
-        `Email bounce processed: ${bounce.bounceCategory} bounce for ${bounce.recipient}`,
-        {
-          bounceType: bounce.bounceType,
-          domain: bounce.domain,
-          category: bounce.bounceCategory
-        }
-      );
-      
-      // Enhanced security logging
-      SecurityLogger.getInstance().logEvent({
-        level: bounce.bounceCategory === BounceCategory.HARD 
-          ? SecurityLogLevel.WARN 
-          : SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_VALIDATION,
-        message: `Email bounce detected: ${bounce.bounceCategory} bounce for recipient`,
-        domain: bounce.domain,
-        details: {
-          recipient: bounce.recipient,
-          bounceType: bounce.bounceType,
-          smtpResponse: bounce.smtpResponse,
-          diagnosticCode: bounce.diagnosticCode,
-          statusCode: bounce.statusCode
-        },
-        success: false
-      });
-      
-      return bounce;
-    } catch (error) {
-      logger.log('error', `Error processing bounce: ${error.message}`, {
-        error: error.message,
-        bounceData
-      });
-      throw error;
-    }
-  }
-  
-  /**
-   * Process an SMTP failure as a bounce
-   * @param recipient Recipient email
-   * @param smtpResponse SMTP error response
-   * @param options Additional options
-   * @returns Processed bounce record
-   */
-  public async processSmtpFailure(
-    recipient: string,
-    smtpResponse: string,
-    options: {
-      sender?: string;
-      originalEmailId?: string;
-      statusCode?: string;
-      headers?: Record<string, string>;
-    } = {}
-  ): Promise<BounceRecord> {
-    // Create bounce data from SMTP failure
-    const bounceData: Partial<BounceRecord> = {
-      recipient,
-      sender: options.sender || '',
-      domain: recipient.split('@')[1],
-      smtpResponse,
-      statusCode: options.statusCode,
-      headers: options.headers,
-      originalEmailId: options.originalEmailId,
-      timestamp: Date.now()
-    };
-    
-    // Process as a regular bounce
-    return this.processBounce(bounceData);
-  }
-  
-  /**
-   * Process a bounce notification email
-   * @param bounceEmail The email containing bounce information
-   * @returns Processed bounce record or null if not a bounce
-   */
-  public async processBounceEmail(bounceEmail: plugins.smartmail.Smartmail<any>): Promise<BounceRecord | null> {
-    try {
-      // Check if this is a bounce notification
-      const subject = bounceEmail.getSubject();
-      const body = bounceEmail.getBody();
-      
-      // Check for common bounce notification subject patterns
-      const isBounceSubject = /mail delivery|delivery (failed|status|notification)|failure notice|returned mail|undeliverable|delivery problem/i.test(subject);
-      
-      if (!isBounceSubject) {
-        // Not a bounce notification based on subject
-        return null;
-      }
-      
-      // Extract original recipient from the body or headers
-      let recipient = '';
-      let originalMessageId = '';
-      
-      // Extract recipient from common bounce formats
-      const recipientMatch = body.match(/(?:failed recipient|to[:=]\s*|recipient:|delivery failed:)\s*<?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})>?/i);
-      if (recipientMatch && recipientMatch[1]) {
-        recipient = recipientMatch[1];
-      }
-      
-      // Extract diagnostic code
-      let diagnosticCode = '';
-      const diagnosticMatch = body.match(/diagnostic(?:-|\\s+)code:\s*(.+)(?:\n|$)/i);
-      if (diagnosticMatch && diagnosticMatch[1]) {
-        diagnosticCode = diagnosticMatch[1].trim();
-      }
-      
-      // Extract SMTP status code
-      let statusCode = '';
-      const statusMatch = body.match(/status(?:-|\\s+)code:\s*([0-9.]+)/i);
-      if (statusMatch && statusMatch[1]) {
-        statusCode = statusMatch[1].trim();
-      }
-      
-      // If recipient not found in standard patterns, try DSN (Delivery Status Notification) format
-      if (!recipient) {
-        // Look for DSN format with Original-Recipient or Final-Recipient fields
-        const originalRecipientMatch = body.match(/original-recipient:.*?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
-        const finalRecipientMatch = body.match(/final-recipient:.*?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
-        
-        if (originalRecipientMatch && originalRecipientMatch[1]) {
-          recipient = originalRecipientMatch[1];
-        } else if (finalRecipientMatch && finalRecipientMatch[1]) {
-          recipient = finalRecipientMatch[1];
-        }
-      }
-      
-      // If still no recipient, can't process as bounce
-      if (!recipient) {
-        logger.log('warn', 'Could not extract recipient from bounce notification', {
-          subject,
-          sender: bounceEmail.options.from
-        });
-        return null;
-      }
-      
-      // Extract original message ID if available
-      const messageIdMatch = body.match(/original[ -]message[ -]id:[ \t]*<?([^>]+)>?/i);
-      if (messageIdMatch && messageIdMatch[1]) {
-        originalMessageId = messageIdMatch[1].trim();
-      }
-      
-      // Create bounce data
-      const bounceData: Partial<BounceRecord> = {
-        recipient,
-        sender: bounceEmail.options.from,
-        domain: recipient.split('@')[1],
-        subject: bounceEmail.getSubject(),
-        diagnosticCode,
-        statusCode,
-        timestamp: Date.now(),
-        headers: {}
-      };
-      
-      // Process as a regular bounce
-      return this.processBounce(bounceData);
-    } catch (error) {
-      logger.log('error', `Error processing bounce email: ${error.message}`);
-      return null;
-    }
-  }
-  
-  /**
-   * Handle a hard bounce by adding to suppression list
-   * @param bounce The bounce record
-   */
-  private async handleHardBounce(bounce: BounceRecord): Promise<void> {
-    // Add to suppression list permanently (no expiry)
-    this.addToSuppressionList(bounce.recipient, `Hard bounce: ${bounce.bounceType}`, undefined);
-    
-    // Increment bounce count in cache
-    this.updateBounceCache(bounce);
-    
-    // Save to permanent storage
-    this.saveBounceRecord(bounce);
-    
-    // Log hard bounce for monitoring
-    logger.log('warn', `Hard bounce for ${bounce.recipient}: ${bounce.bounceType}`, {
-      domain: bounce.domain,
-      smtpResponse: bounce.smtpResponse,
-      diagnosticCode: bounce.diagnosticCode
-    });
-  }
-  
-  /**
-   * Handle a soft bounce by scheduling a retry if eligible
-   * @param bounce The bounce record
-   */
-  private async handleSoftBounce(bounce: BounceRecord): Promise<void> {
-    // Check if we've exceeded max retries
-    if (bounce.retryCount >= this.retryStrategy.maxRetries) {
-      logger.log('warn', `Max retries exceeded for ${bounce.recipient}, treating as hard bounce`);
-      
-      // Convert to hard bounce after max retries
-      bounce.bounceCategory = BounceCategory.HARD;
-      await this.handleHardBounce(bounce);
-      return;
-    }
-    
-    // Calculate next retry time with exponential backoff
-    const delay = Math.min(
-      this.retryStrategy.initialDelay * Math.pow(this.retryStrategy.backoffFactor, bounce.retryCount),
-      this.retryStrategy.maxDelay
-    );
-    
-    bounce.retryCount++;
-    bounce.nextRetryTime = Date.now() + delay;
-    
-    // Add to suppression list temporarily (with expiry)
-    this.addToSuppressionList(
-      bounce.recipient,
-      `Soft bounce: ${bounce.bounceType}`,
-      bounce.nextRetryTime
-    );
-    
-    // Log the retry schedule
-    logger.log('info', `Scheduled retry ${bounce.retryCount} for ${bounce.recipient} at ${new Date(bounce.nextRetryTime).toISOString()}`, {
-      bounceType: bounce.bounceType,
-      retryCount: bounce.retryCount,
-      nextRetry: bounce.nextRetryTime
-    });
-  }
-  
-  /**
-   * Add an email address to the suppression list
-   * @param email Email address to suppress
-   * @param reason Reason for suppression
-   * @param expiresAt Expiration timestamp (undefined for permanent)
-   */
-  public addToSuppressionList(
-    email: string,
-    reason: string,
-    expiresAt?: number
-  ): void {
-    this.suppressionList.set(email.toLowerCase(), {
-      reason,
-      timestamp: Date.now(),
-      expiresAt
-    });
-    
-    this.saveSuppressionList();
-    
-    logger.log('info', `Added ${email} to suppression list`, {
-      reason,
-      expiresAt: expiresAt ? new Date(expiresAt).toISOString() : 'permanent'
-    });
-  }
-  
-  /**
-   * Remove an email address from the suppression list
-   * @param email Email address to remove
-   */
-  public removeFromSuppressionList(email: string): void {
-    const wasRemoved = this.suppressionList.delete(email.toLowerCase());
-    
-    if (wasRemoved) {
-      this.saveSuppressionList();
-      logger.log('info', `Removed ${email} from suppression list`);
-    }
-  }
-  
-  /**
-   * Check if an email is on the suppression list
-   * @param email Email address to check
-   * @returns Whether the email is suppressed
-   */
-  public isEmailSuppressed(email: string): boolean {
-    const lowercaseEmail = email.toLowerCase();
-    const suppression = this.suppressionList.get(lowercaseEmail);
-    
-    if (!suppression) {
-      return false;
-    }
-    
-    // Check if suppression has expired
-    if (suppression.expiresAt && Date.now() > suppression.expiresAt) {
-      this.suppressionList.delete(lowercaseEmail);
-      this.saveSuppressionList();
-      return false;
-    }
-    
-    return true;
-  }
-  
-  /**
-   * Get suppression information for an email
-   * @param email Email address to check
-   * @returns Suppression information or null if not suppressed
-   */
-  public getSuppressionInfo(email: string): {
-    reason: string;
-    timestamp: number;
-    expiresAt?: number;
-  } | null {
-    const lowercaseEmail = email.toLowerCase();
-    const suppression = this.suppressionList.get(lowercaseEmail);
-    
-    if (!suppression) {
-      return null;
-    }
-    
-    // Check if suppression has expired
-    if (suppression.expiresAt && Date.now() > suppression.expiresAt) {
-      this.suppressionList.delete(lowercaseEmail);
-      this.saveSuppressionList();
-      return null;
-    }
-    
-    return suppression;
-  }
-  
-  /**
-   * Save suppression list to disk
-   */
-  private saveSuppressionList(): void {
-    try {
-      const suppressionData = JSON.stringify(Array.from(this.suppressionList.entries()));
-      plugins.smartfile.memory.toFsSync(
-        suppressionData,
-        plugins.path.join(paths.dataDir, 'emails', 'suppression_list.json')
-      );
-    } catch (error) {
-      logger.log('error', `Failed to save suppression list: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Load suppression list from disk
-   */
-  private loadSuppressionList(): void {
-    try {
-      const suppressionPath = plugins.path.join(paths.dataDir, 'emails', 'suppression_list.json');
-      
-      if (plugins.fs.existsSync(suppressionPath)) {
-        const data = plugins.fs.readFileSync(suppressionPath, 'utf8');
-        const entries = JSON.parse(data);
-        
-        this.suppressionList = new Map(entries);
-        
-        // Clean expired entries
-        const now = Date.now();
-        let expiredCount = 0;
-        
-        for (const [email, info] of this.suppressionList.entries()) {
-          if (info.expiresAt && now > info.expiresAt) {
-            this.suppressionList.delete(email);
-            expiredCount++;
-          }
-        }
-        
-        if (expiredCount > 0) {
-          logger.log('info', `Cleaned ${expiredCount} expired entries from suppression list`);
-          this.saveSuppressionList();
-        }
-        
-        logger.log('info', `Loaded ${this.suppressionList.size} entries from suppression list`);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to load suppression list: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Save bounce record to disk
-   * @param bounce Bounce record to save
-   */
-  private saveBounceRecord(bounce: BounceRecord): void {
-    try {
-      const bounceData = JSON.stringify(bounce);
-      const bouncePath = plugins.path.join(
-        paths.dataDir,
-        'emails',
-        'bounces',
-        `${bounce.id}.json`
-      );
-      
-      // Ensure directory exists
-      const bounceDir = plugins.path.join(paths.dataDir, 'emails', 'bounces');
-      plugins.smartfile.fs.ensureDirSync(bounceDir);
-      
-      plugins.smartfile.memory.toFsSync(bounceData, bouncePath);
-    } catch (error) {
-      logger.log('error', `Failed to save bounce record: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Update bounce cache with new bounce information
-   * @param bounce Bounce record to update cache with
-   */
-  private updateBounceCache(bounce: BounceRecord): void {
-    const email = bounce.recipient.toLowerCase();
-    const existing = this.bounceCache.get(email);
-    
-    if (existing) {
-      // Update existing cache entry
-      existing.lastBounce = bounce.timestamp;
-      existing.count++;
-      existing.type = bounce.bounceType;
-      existing.category = bounce.bounceCategory;
-    } else {
-      // Create new cache entry
-      this.bounceCache.set(email, {
-        lastBounce: bounce.timestamp,
-        count: 1,
-        type: bounce.bounceType,
-        category: bounce.bounceCategory
-      });
-    }
-  }
-  
-  /**
-   * Check bounce history for an email address
-   * @param email Email address to check
-   * @returns Bounce information or null if no bounces
-   */
-  public getBounceInfo(email: string): {
-    lastBounce: number;
-    count: number;
-    type: BounceType;
-    category: BounceCategory;
-  } | null {
-    return this.bounceCache.get(email.toLowerCase()) || null;
-  }
-  
-  /**
-   * Analyze SMTP response and diagnostic codes to determine bounce type
-   * @param smtpResponse SMTP response string
-   * @param diagnosticCode Diagnostic code from bounce
-   * @param statusCode Status code from bounce
-   * @returns Detected bounce type and category
-   */
-  private detectBounceType(
-    smtpResponse: string,
-    diagnosticCode: string,
-    statusCode: string
-  ): {
-    type: BounceType;
-    category: BounceCategory;
-  } {
-    // Combine all text for comprehensive pattern matching
-    const fullText = `${smtpResponse} ${diagnosticCode} ${statusCode}`.toLowerCase();
-    
-    // Check for auto-responses first
-    if (this.matchesPattern(fullText, BounceType.AUTO_RESPONSE) || 
-        this.matchesPattern(fullText, BounceType.CHALLENGE_RESPONSE)) {
-      return {
-        type: BounceType.AUTO_RESPONSE,
-        category: BounceCategory.AUTO_RESPONSE
-      };
-    }
-    
-    // Check for hard bounces
-    for (const bounceType of [
-      BounceType.INVALID_RECIPIENT,
-      BounceType.DOMAIN_NOT_FOUND,
-      BounceType.MAILBOX_FULL,
-      BounceType.MAILBOX_INACTIVE,
-      BounceType.BLOCKED,
-      BounceType.SPAM_RELATED,
-      BounceType.POLICY_RELATED
-    ]) {
-      if (this.matchesPattern(fullText, bounceType)) {
-        return {
-          type: bounceType,
-          category: BounceCategory.HARD
-        };
-      }
-    }
-    
-    // Check for soft bounces
-    for (const bounceType of [
-      BounceType.SERVER_UNAVAILABLE,
-      BounceType.TEMPORARY_FAILURE,
-      BounceType.QUOTA_EXCEEDED,
-      BounceType.NETWORK_ERROR,
-      BounceType.TIMEOUT
-    ]) {
-      if (this.matchesPattern(fullText, bounceType)) {
-        return {
-          type: bounceType,
-          category: BounceCategory.SOFT
-        };
-      }
-    }
-    
-    // Handle DSN (Delivery Status Notification) status codes
-    if (statusCode) {
-      // Format: class.subject.detail
-      const parts = statusCode.split('.');
-      if (parts.length >= 2) {
-        const statusClass = parts[0];
-        const statusSubject = parts[1];
-        
-        // 5.X.X is permanent failure (hard bounce)
-        if (statusClass === '5') {
-          // Try to determine specific type based on subject
-          if (statusSubject === '1') {
-            return { type: BounceType.INVALID_RECIPIENT, category: BounceCategory.HARD };
-          } else if (statusSubject === '2') {
-            return { type: BounceType.MAILBOX_FULL, category: BounceCategory.HARD };
-          } else if (statusSubject === '7') {
-            return { type: BounceType.BLOCKED, category: BounceCategory.HARD };
-          } else {
-            return { type: BounceType.UNKNOWN, category: BounceCategory.HARD };
-          }
-        }
-        
-        // 4.X.X is temporary failure (soft bounce)
-        if (statusClass === '4') {
-          // Try to determine specific type based on subject
-          if (statusSubject === '2') {
-            return { type: BounceType.QUOTA_EXCEEDED, category: BounceCategory.SOFT };
-          } else if (statusSubject === '3') {
-            return { type: BounceType.SERVER_UNAVAILABLE, category: BounceCategory.SOFT };
-          } else if (statusSubject === '4') {
-            return { type: BounceType.NETWORK_ERROR, category: BounceCategory.SOFT };
-          } else {
-            return { type: BounceType.TEMPORARY_FAILURE, category: BounceCategory.SOFT };
-          }
-        }
-      }
-    }
-    
-    // Default to unknown
-    return {
-      type: BounceType.UNKNOWN,
-      category: BounceCategory.UNKNOWN
-    };
-  }
-  
-  /**
-   * Check if text matches any pattern for a bounce type
-   * @param text Text to check against patterns
-   * @param bounceType Bounce type to get patterns for
-   * @returns Whether the text matches any pattern
-   */
-  private matchesPattern(text: string, bounceType: BounceType): boolean {
-    const patterns = BOUNCE_PATTERNS[bounceType];
-    
-    if (!patterns) {
-      return false;
-    }
-    
-    for (const pattern of patterns) {
-      if (pattern.test(text)) {
-        return true;
-      }
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Get all known hard bounced addresses
-   * @returns Array of hard bounced email addresses
-   */
-  public getHardBouncedAddresses(): string[] {
-    const hardBounced: string[] = [];
-    
-    for (const [email, info] of this.bounceCache.entries()) {
-      if (info.category === BounceCategory.HARD) {
-        hardBounced.push(email);
-      }
-    }
-    
-    return hardBounced;
-  }
-  
-  /**
-   * Get suppression list
-   * @returns Array of suppressed email addresses
-   */
-  public getSuppressionList(): string[] {
-    return Array.from(this.suppressionList.keys());
-  }
-  
-  /**
-   * Clear old bounce records (for maintenance)
-   * @param olderThan Timestamp to remove records older than
-   * @returns Number of records removed
-   */
-  public clearOldBounceRecords(olderThan: number): number {
-    let removed = 0;
-    
-    this.bounceStore = this.bounceStore.filter(bounce => {
-      if (bounce.timestamp < olderThan) {
-        removed++;
-        return false;
-      }
-      return true;
-    });
-    
-    return removed;
-  }
-}

ts/mail/core/classes.email.ts

@@ -1,708 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailValidator } from './classes.emailvalidator.js';
-
-export interface IAttachment {
-  filename: string;
-  content: Buffer;
-  contentType: string;
-  contentId?: string; // Optional content ID for inline attachments
-  encoding?: string; // Optional encoding specification
-}
-
-export interface IEmailOptions {
-  from: string;
-  to: string | string[]; // Support multiple recipients
-  cc?: string | string[]; // Optional CC recipients
-  bcc?: string | string[]; // Optional BCC recipients
-  subject: string;
-  text: string;
-  html?: string; // Optional HTML version
-  attachments?: IAttachment[];
-  headers?: Record<string, string>; // Optional additional headers
-  mightBeSpam?: boolean;
-  priority?: 'high' | 'normal' | 'low'; // Optional email priority
-  skipAdvancedValidation?: boolean; // Skip advanced validation for special cases
-  variables?: Record<string, any>; // Template variables for placeholder replacement
-}
-
-export class Email {
-  from: string;
-  to: string[];
-  cc: string[];
-  bcc: string[];
-  subject: string;
-  text: string;
-  html?: string;
-  attachments: IAttachment[];
-  headers: Record<string, string>;
-  mightBeSpam: boolean;
-  priority: 'high' | 'normal' | 'low';
-  variables: Record<string, any>;
-  private envelopeFrom: string;
-  private messageId: string;
-  
-  // Static validator instance for reuse
-  private static emailValidator: EmailValidator;
-  
-  constructor(options: IEmailOptions) {
-    // Initialize validator if not already
-    if (!Email.emailValidator) {
-      Email.emailValidator = new EmailValidator();
-    }
-    
-    // Validate and set the from address using improved validation
-    if (!this.isValidEmail(options.from)) {
-      throw new Error(`Invalid sender email address: ${options.from}`);
-    }
-    this.from = options.from;
-
-    // Handle to addresses (single or multiple)
-    this.to = this.parseRecipients(options.to);
-    
-    // Handle optional cc and bcc
-    this.cc = options.cc ? this.parseRecipients(options.cc) : [];
-    this.bcc = options.bcc ? this.parseRecipients(options.bcc) : [];
-    
-    // Validate that we have at least one recipient
-    if (this.to.length === 0 && this.cc.length === 0 && this.bcc.length === 0) {
-      throw new Error('Email must have at least one recipient');
-    }
-
-    // Set subject with sanitization
-    this.subject = this.sanitizeString(options.subject || '');
-    
-    // Set text content with sanitization
-    this.text = this.sanitizeString(options.text || '');
-    
-    // Set optional HTML content
-    this.html = options.html ? this.sanitizeString(options.html) : undefined;
-    
-    // Set attachments
-    this.attachments = Array.isArray(options.attachments) ? options.attachments : [];
-    
-    // Set additional headers
-    this.headers = options.headers || {};
-    
-    // Set spam flag
-    this.mightBeSpam = options.mightBeSpam || false;
-    
-    // Set priority
-    this.priority = options.priority || 'normal';
-    
-    // Set template variables
-    this.variables = options.variables || {};
-    
-    // Initialize envelope from (defaults to the from address)
-    this.envelopeFrom = this.from;
-    
-    // Generate message ID if not provided
-    this.messageId = `<${Date.now()}.${Math.random().toString(36).substring(2, 15)}@${this.getFromDomain() || 'localhost'}>`;
-  }
-
-  /**
-   * Validates an email address using smartmail's EmailAddressValidator
-   * For constructor validation, we only check syntax to avoid delays
-   * 
-   * @param email The email address to validate
-   * @returns boolean indicating if the email is valid
-   */
-  private isValidEmail(email: string): boolean {
-    if (!email || typeof email !== 'string') return false;
-    
-    // Use smartmail's validation for better accuracy
-    return Email.emailValidator.isValidFormat(email);
-  }
-
-  /**
-   * Parses and validates recipient email addresses
-   * @param recipients A string or array of recipient emails
-   * @returns Array of validated email addresses
-   */
-  private parseRecipients(recipients: string | string[]): string[] {
-    const result: string[] = [];
-    
-    if (typeof recipients === 'string') {
-      // Handle single recipient
-      if (this.isValidEmail(recipients)) {
-        result.push(recipients);
-      } else {
-        throw new Error(`Invalid recipient email address: ${recipients}`);
-      }
-    } else if (Array.isArray(recipients)) {
-      // Handle multiple recipients
-      for (const recipient of recipients) {
-        if (this.isValidEmail(recipient)) {
-          result.push(recipient);
-        } else {
-          throw new Error(`Invalid recipient email address: ${recipient}`);
-        }
-      }
-    }
-    
-    return result;
-  }
-
-  /**
-   * Basic sanitization for strings to prevent header injection
-   * @param input The string to sanitize
-   * @returns Sanitized string
-   */
-  private sanitizeString(input: string): string {
-    if (!input) return '';
-    
-    // Remove CR and LF characters to prevent header injection
-    return input.replace(/\r|\n/g, ' ');
-  }
-
-  /**
-   * Gets the domain part of the from email address
-   * @returns The domain part of the from email or null if invalid
-   */
-  public getFromDomain(): string | null {
-    try {
-      const parts = this.from.split('@');
-      if (parts.length !== 2 || !parts[1]) {
-        return null;
-      }
-      return parts[1];
-    } catch (error) {
-      console.error('Error extracting domain from email:', error);
-      return null;
-    }
-  }
-
-  /**
-   * Gets all recipients (to, cc, bcc) as a unique array
-   * @returns Array of all unique recipient email addresses
-   */
-  public getAllRecipients(): string[] {
-    // Combine all recipients and remove duplicates
-    return [...new Set([...this.to, ...this.cc, ...this.bcc])];
-  }
-
-  /**
-   * Gets primary recipient (first in the to field)
-   * @returns The primary recipient email or null if none exists
-   */
-  public getPrimaryRecipient(): string | null {
-    return this.to.length > 0 ? this.to[0] : null;
-  }
-
-  /**
-   * Checks if the email has attachments
-   * @returns Boolean indicating if the email has attachments
-   */
-  public hasAttachments(): boolean {
-    return this.attachments.length > 0;
-  }
-  
-  /**
-   * Add a recipient to the email
-   * @param email The recipient email address
-   * @param type The recipient type (to, cc, bcc)
-   * @returns This instance for method chaining
-   */
-  public addRecipient(
-    email: string,
-    type: 'to' | 'cc' | 'bcc' = 'to'
-  ): this {
-    if (!this.isValidEmail(email)) {
-      throw new Error(`Invalid recipient email address: ${email}`);
-    }
-    
-    switch (type) {
-      case 'to':
-        if (!this.to.includes(email)) {
-          this.to.push(email);
-        }
-        break;
-      case 'cc':
-        if (!this.cc.includes(email)) {
-          this.cc.push(email);
-        }
-        break;
-      case 'bcc':
-        if (!this.bcc.includes(email)) {
-          this.bcc.push(email);
-        }
-        break;
-    }
-    
-    return this;
-  }
-  
-  /**
-   * Add an attachment to the email
-   * @param attachment The attachment to add
-   * @returns This instance for method chaining
-   */
-  public addAttachment(attachment: IAttachment): this {
-    this.attachments.push(attachment);
-    return this;
-  }
-  
-  /**
-   * Add a custom header to the email
-   * @param name The header name
-   * @param value The header value
-   * @returns This instance for method chaining
-   */
-  public addHeader(name: string, value: string): this {
-    this.headers[name] = value;
-    return this;
-  }
-  
-  /**
-   * Set the email priority
-   * @param priority The priority level
-   * @returns This instance for method chaining
-   */
-  public setPriority(priority: 'high' | 'normal' | 'low'): this {
-    this.priority = priority;
-    return this;
-  }
-  
-  /**
-   * Set a template variable
-   * @param key The variable key
-   * @param value The variable value
-   * @returns This instance for method chaining
-   */
-  public setVariable(key: string, value: any): this {
-    this.variables[key] = value;
-    return this;
-  }
-  
-  /**
-   * Set multiple template variables at once
-   * @param variables The variables object
-   * @returns This instance for method chaining
-   */
-  public setVariables(variables: Record<string, any>): this {
-    this.variables = { ...this.variables, ...variables };
-    return this;
-  }
-  
-  /**
-   * Get the subject with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed subject
-   */
-  public getSubjectWithVariables(variables?: Record<string, any>): string {
-    return this.applyVariables(this.subject, variables);
-  }
-  
-  /**
-   * Get the text content with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed text content
-   */
-  public getTextWithVariables(variables?: Record<string, any>): string {
-    return this.applyVariables(this.text, variables);
-  }
-  
-  /**
-   * Get the HTML content with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed HTML content or undefined if none
-   */
-  public getHtmlWithVariables(variables?: Record<string, any>): string | undefined {
-    return this.html ? this.applyVariables(this.html, variables) : undefined;
-  }
-  
-  /**
-   * Apply template variables to a string
-   * @param template The template string
-   * @param additionalVariables Optional additional variables to apply
-   * @returns The processed string
-   */
-  private applyVariables(template: string, additionalVariables?: Record<string, any>): string {
-    // If no template or variables, return as is
-    if (!template || (!Object.keys(this.variables).length && !additionalVariables)) {
-      return template;
-    }
-    
-    // Combine instance variables with additional ones
-    const allVariables = { ...this.variables, ...additionalVariables };
-    
-    // Simple variable replacement
-    return template.replace(/\{\{([^}]+)\}\}/g, (match, key) => {
-      const trimmedKey = key.trim();
-      return allVariables[trimmedKey] !== undefined ? String(allVariables[trimmedKey]) : match;
-    });
-  }
-
-  /**
-   * Gets the total size of all attachments in bytes
-   * @returns Total size of all attachments in bytes
-   */
-  public getAttachmentsSize(): number {
-    return this.attachments.reduce((total, attachment) => {
-      return total + (attachment.content?.length || 0);
-    }, 0);
-  }
-  
-  /**
-   * Perform advanced validation on sender and recipient email addresses
-   * This should be called separately after instantiation when ready to check MX records
-   * @param options Validation options
-   * @returns Promise resolving to validation results for all addresses
-   */
-  public async validateAddresses(options: {
-    checkMx?: boolean;
-    checkDisposable?: boolean;
-    checkSenderOnly?: boolean;
-    checkFirstRecipientOnly?: boolean;
-  } = {}): Promise<{
-    sender: { email: string; result: any };
-    recipients: Array<{ email: string; result: any }>;
-    isValid: boolean;
-  }> {
-    const result = {
-      sender: { email: this.from, result: null },
-      recipients: [],
-      isValid: true
-    };
-    
-    // Validate sender
-    result.sender.result = await Email.emailValidator.validate(this.from, {
-      checkMx: options.checkMx !== false,
-      checkDisposable: options.checkDisposable !== false
-    });
-    
-    // If sender fails validation, the whole email is considered invalid
-    if (!result.sender.result.isValid) {
-      result.isValid = false;
-    }
-    
-    // If we're only checking the sender, return early
-    if (options.checkSenderOnly) {
-      return result;
-    }
-    
-    // Validate recipients
-    const recipientsToCheck = options.checkFirstRecipientOnly ? 
-      [this.to[0]] : this.getAllRecipients();
-    
-    for (const recipient of recipientsToCheck) {
-      const recipientResult = await Email.emailValidator.validate(recipient, {
-        checkMx: options.checkMx !== false,
-        checkDisposable: options.checkDisposable !== false
-      });
-      
-      result.recipients.push({
-        email: recipient,
-        result: recipientResult
-      });
-      
-      // If any recipient fails validation, mark the whole email as invalid
-      if (!recipientResult.isValid) {
-        result.isValid = false;
-      }
-    }
-    
-    return result;
-  }
-  
-  /**
-   * Convert this email to a smartmail instance
-   * @returns A new Smartmail instance
-   */
-  public async toSmartmail(): Promise<plugins.smartmail.Smartmail<any>> {
-    const smartmail = new plugins.smartmail.Smartmail({
-      from: this.from,
-      subject: this.subject,
-      body: this.html || this.text
-    });
-    
-    // Add recipients - ensure we're using the correct format
-    // (newer version of smartmail expects objects with email property)
-    for (const recipient of this.to) {
-      // Use the proper addRecipient method for the current smartmail version
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(recipient);
-      } else {
-        // Fallback for older versions or different interface
-        (smartmail.options.to as any[]).push({
-          email: recipient,
-          name: recipient.split('@')[0] // Simple name extraction
-        });
-      }
-    }
-    
-    // Handle CC recipients
-    for (const ccRecipient of this.cc) {
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(ccRecipient, 'cc');
-      } else {
-        // Fallback for older versions
-        if (!smartmail.options.cc) smartmail.options.cc = [];
-        (smartmail.options.cc as any[]).push({
-          email: ccRecipient,
-          name: ccRecipient.split('@')[0]
-        });
-      }
-    }
-    
-    // Handle BCC recipients
-    for (const bccRecipient of this.bcc) {
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(bccRecipient, 'bcc');
-      } else {
-        // Fallback for older versions
-        if (!smartmail.options.bcc) smartmail.options.bcc = [];
-        (smartmail.options.bcc as any[]).push({
-          email: bccRecipient,
-          name: bccRecipient.split('@')[0]
-        });
-      }
-    }
-    
-    // Add attachments
-    for (const attachment of this.attachments) {
-      const smartAttachment = await plugins.smartfile.SmartFile.fromBuffer(
-        attachment.filename,
-        attachment.content
-      );
-      
-      // Set content type if available
-      if (attachment.contentType) {
-        (smartAttachment as any).contentType = attachment.contentType;
-      }
-      
-      smartmail.addAttachment(smartAttachment);
-    }
-    
-    return smartmail;
-  }
-
-  /**
-   * Get the from email address
-   * @returns The from email address
-   */
-  public getFromEmail(): string {
-    return this.from;
-  }
-  
-  /**
-   * Get the message ID
-   * @returns The message ID
-   */
-  public getMessageId(): string {
-    return this.messageId;
-  }
-  
-  /**
-   * Set a custom message ID
-   * @param id The message ID to set
-   * @returns This instance for method chaining
-   */
-  public setMessageId(id: string): this {
-    this.messageId = id;
-    return this;
-  }
-  
-  /**
-   * Get the envelope from address (return-path)
-   * @returns The envelope from address
-   */
-  public getEnvelopeFrom(): string {
-    return this.envelopeFrom;
-  }
-  
-  /**
-   * Set the envelope from address (return-path)
-   * @param address The envelope from address to set
-   * @returns This instance for method chaining
-   */
-  public setEnvelopeFrom(address: string): this {
-    if (!this.isValidEmail(address)) {
-      throw new Error(`Invalid envelope from address: ${address}`);
-    }
-    this.envelopeFrom = address;
-    return this;
-  }
-  
-  /**
-   * Creates an RFC822 compliant email string
-   * @param variables Optional template variables to apply
-   * @returns The email formatted as an RFC822 compliant string
-   */
-  public toRFC822String(variables?: Record<string, any>): string {
-    // Apply variables to content if any
-    const processedSubject = this.getSubjectWithVariables(variables);
-    const processedText = this.getTextWithVariables(variables);
-    
-    // This is a simplified version - a complete implementation would be more complex
-    let result = '';
-    
-    // Add headers
-    result += `From: ${this.from}\r\n`;
-    result += `To: ${this.to.join(', ')}\r\n`;
-    
-    if (this.cc.length > 0) {
-      result += `Cc: ${this.cc.join(', ')}\r\n`;
-    }
-    
-    result += `Subject: ${processedSubject}\r\n`;
-    result += `Date: ${new Date().toUTCString()}\r\n`;
-    result += `Message-ID: ${this.messageId}\r\n`;
-    result += `Return-Path: <${this.envelopeFrom}>\r\n`;
-    
-    // Add custom headers
-    for (const [key, value] of Object.entries(this.headers)) {
-      result += `${key}: ${value}\r\n`;
-    }
-    
-    // Add priority if not normal
-    if (this.priority !== 'normal') {
-      const priorityValue = this.priority === 'high' ? '1' : '5';
-      result += `X-Priority: ${priorityValue}\r\n`;
-    }
-    
-    // Add content type and body
-    result += `Content-Type: text/plain; charset=utf-8\r\n`;
-    
-    // Add HTML content type if available
-    if (this.html) {
-      const processedHtml = this.getHtmlWithVariables(variables);
-      const boundary = `boundary_${Date.now().toString(16)}`;
-      
-      // Multipart content for both plain text and HTML
-      result = result.replace(/Content-Type: .*\r\n/, '');
-      result += `MIME-Version: 1.0\r\n`;
-      result += `Content-Type: multipart/alternative; boundary="${boundary}"\r\n\r\n`;
-      
-      // Plain text part
-      result += `--${boundary}\r\n`;
-      result += `Content-Type: text/plain; charset=utf-8\r\n\r\n`;
-      result += `${processedText}\r\n\r\n`;
-      
-      // HTML part
-      result += `--${boundary}\r\n`;
-      result += `Content-Type: text/html; charset=utf-8\r\n\r\n`;
-      result += `${processedHtml}\r\n\r\n`;
-      
-      // End of multipart
-      result += `--${boundary}--\r\n`;
-    } else {
-      // Simple plain text
-      result += `\r\n${processedText}\r\n`;
-    }
-    
-    return result;
-  }
-  
-  /**
-   * Convert to simple Smartmail-compatible object (for backward compatibility)
-   * @returns A Promise with a simple Smartmail-compatible object
-   */
-  public async toSmartmailBasic(): Promise<any> {
-    // Create a Smartmail-compatible object with the email data
-    const smartmail = {
-      options: {
-        from: this.from,
-        to: this.to,
-        subject: this.subject
-      },
-      content: {
-        text: this.text,
-        html: this.html || ''
-      },
-      headers: { ...this.headers },
-      attachments: this.attachments ? this.attachments.map(attachment => ({
-        name: attachment.filename,
-        data: attachment.content,
-        type: attachment.contentType,
-        cid: attachment.contentId
-      })) : [],
-      // Add basic Smartmail-compatible methods for compatibility
-      addHeader: (key: string, value: string) => {
-        smartmail.headers[key] = value;
-      }
-    };
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create an Email instance from a Smartmail object
-   * @param smartmail The Smartmail instance to convert
-   * @returns A new Email instance
-   */
-  public static fromSmartmail(smartmail: plugins.smartmail.Smartmail<any>): Email {
-    const options: IEmailOptions = {
-      from: smartmail.options.from,
-      to: [],
-      subject: smartmail.getSubject(),
-      text: smartmail.getBody(false), // Plain text version
-      html: smartmail.getBody(true),  // HTML version
-      attachments: []
-    };
-    
-    // Function to safely extract email address from recipient
-    const extractEmail = (recipient: any): string => {
-      // Handle string recipients
-      if (typeof recipient === 'string') return recipient;
-      
-      // Handle object recipients
-      if (recipient && typeof recipient === 'object') {
-        const addressObj = recipient as any;
-        // Try different property names that might contain the email address
-        if ('address' in addressObj && typeof addressObj.address === 'string') {
-          return addressObj.address;
-        }
-        if ('email' in addressObj && typeof addressObj.email === 'string') {
-          return addressObj.email;
-        }
-      }
-      
-      // Fallback for invalid input
-      return '';
-    };
-    
-    // Filter out empty strings from the extracted emails
-    const filterValidEmails = (emails: string[]): string[] => {
-      return emails.filter(email => email && email.length > 0);
-    };
-    
-    // Convert TO recipients
-    if (smartmail.options.to?.length > 0) {
-      options.to = filterValidEmails(smartmail.options.to.map(extractEmail));
-    }
-    
-    // Convert CC recipients
-    if (smartmail.options.cc?.length > 0) {
-      options.cc = filterValidEmails(smartmail.options.cc.map(extractEmail));
-    }
-    
-    // Convert BCC recipients
-    if (smartmail.options.bcc?.length > 0) {
-      options.bcc = filterValidEmails(smartmail.options.bcc.map(extractEmail));
-    }
-    
-    // Convert attachments (note: this handles the synchronous case only)
-    if (smartmail.attachments?.length > 0) {
-      options.attachments = smartmail.attachments.map(attachment => {
-        // For the test case, if the path is exactly "test.txt", use that as the filename
-        let filename = 'attachment.bin';
-        
-        if (attachment.path === 'test.txt') {
-          filename = 'test.txt';
-        } else if (attachment.parsedPath?.base) {
-          filename = attachment.parsedPath.base;
-        } else if (typeof attachment.path === 'string') {
-          filename = attachment.path.split('/').pop() || 'attachment.bin';
-        }
-        
-        return {
-          filename,
-          content: Buffer.from(attachment.contentBuffer || Buffer.alloc(0)),
-          contentType: (attachment as any)?.contentType || 'application/octet-stream'
-        };
-      });
-    }
-    
-    return new Email(options);
-  }
-}

ts/mail/core/classes.emailvalidator.ts

@@ -1,239 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { logger } from '../../logger.js';
-import { LRUCache } from 'lru-cache';
-
-export interface IEmailValidationResult {
-  isValid: boolean;
-  hasMx: boolean;
-  hasSpamMarkings: boolean;
-  score: number;
-  details?: {
-    formatValid?: boolean;
-    mxRecords?: string[];
-    disposable?: boolean;
-    role?: boolean;
-    spamIndicators?: string[];
-    errorMessage?: string;
-  };
-}
-
-/**
- * Advanced email validator class using smartmail's capabilities
- */
-export class EmailValidator {
-  private validator: plugins.smartmail.EmailAddressValidator;
-  private dnsCache: LRUCache<string, string[]>;
-  
-  constructor(options?: {
-    maxCacheSize?: number;
-    cacheTTL?: number;
-  }) {
-    this.validator = new plugins.smartmail.EmailAddressValidator();
-    
-    // Initialize LRU cache for DNS records
-    this.dnsCache = new LRUCache<string, string[]>({
-      // Default to 1000 entries (reasonable for most applications)
-      max: options?.maxCacheSize || 1000,
-      // Default TTL of 1 hour (DNS records don't change frequently)
-      ttl: options?.cacheTTL || 60 * 60 * 1000,
-      // Optional cache monitoring
-      allowStale: false,
-      updateAgeOnGet: true,
-      // Add logging for cache events in production environments
-      disposeAfter: (value, key) => {
-        logger.log('debug', `DNS cache entry expired for domain: ${key}`);
-      },
-    });
-  }
-  
-  /**
-   * Validates an email address using comprehensive checks
-   * @param email The email to validate
-   * @param options Validation options
-   * @returns Validation result with details
-   */
-  public async validate(
-    email: string,
-    options: {
-      checkMx?: boolean;
-      checkDisposable?: boolean;
-      checkRole?: boolean;
-      checkSyntaxOnly?: boolean;
-    } = {}
-  ): Promise<IEmailValidationResult> {
-    try {
-      const result: IEmailValidationResult = {
-        isValid: false,
-        hasMx: false,
-        hasSpamMarkings: false,
-        score: 0,
-        details: {
-          formatValid: false,
-          spamIndicators: []
-        }
-      };
-      
-      // Always check basic format
-      result.details.formatValid = this.validator.isValidEmailFormat(email);
-      if (!result.details.formatValid) {
-        result.details.errorMessage = 'Invalid email format';
-        return result;
-      }
-      
-      // If syntax-only check is requested, return early
-      if (options.checkSyntaxOnly) {
-        result.isValid = true;
-        result.score = 0.5;
-        return result;
-      }
-      
-      // Get domain for additional checks
-      const domain = email.split('@')[1];
-      
-      // Check MX records
-      if (options.checkMx !== false) {
-        try {
-          const mxRecords = await this.getMxRecords(domain);
-          result.details.mxRecords = mxRecords;
-          result.hasMx = mxRecords && mxRecords.length > 0;
-          
-          if (!result.hasMx) {
-            result.details.spamIndicators.push('No MX records');
-            result.details.errorMessage = 'Domain has no MX records';
-          }
-        } catch (error) {
-          logger.log('error', `Error checking MX records: ${error.message}`);
-          result.details.errorMessage = 'Unable to check MX records';
-        }
-      }
-      
-      // Check if domain is disposable
-      if (options.checkDisposable !== false) {
-        result.details.disposable = await this.validator.isDisposableEmail(email);
-        if (result.details.disposable) {
-          result.details.spamIndicators.push('Disposable email');
-        }
-      }
-      
-      // Check if email is a role account
-      if (options.checkRole !== false) {
-        result.details.role = this.validator.isRoleAccount(email);
-        if (result.details.role) {
-          result.details.spamIndicators.push('Role account');
-        }
-      }
-      
-      // Calculate spam score and final validity
-      result.hasSpamMarkings = result.details.spamIndicators.length > 0;
-      
-      // Calculate a score between 0-1 based on checks
-      let scoreFactors = 0;
-      let scoreTotal = 0;
-      
-      // Format check (highest weight)
-      scoreFactors += 0.4;
-      if (result.details.formatValid) scoreTotal += 0.4;
-      
-      // MX check (high weight)
-      if (options.checkMx !== false) {
-        scoreFactors += 0.3;
-        if (result.hasMx) scoreTotal += 0.3;
-      }
-      
-      // Disposable check (medium weight)
-      if (options.checkDisposable !== false) {
-        scoreFactors += 0.2;
-        if (!result.details.disposable) scoreTotal += 0.2;
-      }
-      
-      // Role account check (low weight)
-      if (options.checkRole !== false) {
-        scoreFactors += 0.1;
-        if (!result.details.role) scoreTotal += 0.1;
-      }
-      
-      // Normalize score based on factors actually checked
-      result.score = scoreFactors > 0 ? scoreTotal / scoreFactors : 0;
-      
-      // Email is valid if score is above 0.7 (configurable threshold)
-      result.isValid = result.score >= 0.7;
-      
-      return result;
-    } catch (error) {
-      logger.log('error', `Email validation error: ${error.message}`);
-      return {
-        isValid: false,
-        hasMx: false,
-        hasSpamMarkings: true,
-        score: 0,
-        details: {
-          formatValid: false,
-          errorMessage: `Validation error: ${error.message}`,
-          spamIndicators: ['Validation error']
-        }
-      };
-    }
-  }
-  
-  /**
-   * Gets MX records for a domain with caching
-   * @param domain Domain to check
-   * @returns Array of MX records
-   */
-  private async getMxRecords(domain: string): Promise<string[]> {
-    // Check cache first
-    const cachedRecords = this.dnsCache.get(domain);
-    if (cachedRecords) {
-      logger.log('debug', `Using cached MX records for domain: ${domain}`);
-      return cachedRecords;
-    }
-    
-    try {
-      // Use smartmail's getMxRecords method
-      const records = await this.validator.getMxRecords(domain);
-      
-      // Store in cache (TTL is handled by the LRU cache configuration)
-      this.dnsCache.set(domain, records);
-      logger.log('debug', `Cached MX records for domain: ${domain}`);
-      
-      return records;
-    } catch (error) {
-      logger.log('error', `Error fetching MX records for ${domain}: ${error.message}`);
-      return [];
-    }
-  }
-  
-  /**
-   * Validates multiple email addresses in batch
-   * @param emails Array of emails to validate
-   * @param options Validation options
-   * @returns Object with email addresses as keys and validation results as values
-   */
-  public async validateBatch(
-    emails: string[],
-    options: {
-      checkMx?: boolean;
-      checkDisposable?: boolean;
-      checkRole?: boolean;
-      checkSyntaxOnly?: boolean;
-    } = {}
-  ): Promise<Record<string, IEmailValidationResult>> {
-    const results: Record<string, IEmailValidationResult> = {};
-    
-    for (const email of emails) {
-      results[email] = await this.validate(email, options);
-    }
-    
-    return results;
-  }
-  
-  /**
-   * Quick check if an email format is valid (synchronous, no DNS checks)
-   * @param email Email to check
-   * @returns Boolean indicating if format is valid
-   */
-  public isValidFormat(email: string): boolean {
-    return this.validator.isValidEmailFormat(email);
-  }
-  
-}

ts/mail/core/classes.rulemanager.ts

@@ -1,177 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailService } from '../services/classes.emailservice.js';
-import { logger } from '../../logger.js';
-
-export class RuleManager {
-  public emailRef: EmailService;
-  public smartruleInstance = new plugins.smartrule.SmartRule<
-    plugins.smartmail.Smartmail<any>
-  >();
-
-  constructor(emailRefArg: EmailService) {
-    this.emailRef = emailRefArg;
-    
-    // Register MTA handler for incoming emails if MTA is enabled
-    if (this.emailRef.mtaService) {
-      this.setupMtaIncomingHandler();
-    }
-  }
-
-  /**
-   * Set up handler for incoming emails via MTA's SMTP server
-   */
-  private setupMtaIncomingHandler() {
-    // The original MtaService doesn't have a direct callback for incoming emails,
-    // but we can modify this approach based on how you prefer to integrate.
-    // One option would be to extend the MtaService to add an event emitter.
-    
-    // For now, we'll use a directory watcher as an example
-    // This would watch the directory where MTA saves incoming emails
-    const incomingDir = this.emailRef.mtaService['receivedEmailsDir'] || './received';
-    
-    // Simple file watcher (in real implementation, use proper file watching)
-    // This is just conceptual - would need modification to work with your specific setup
-    this.watchIncomingEmails(incomingDir);
-  }
-
-  /**
-   * Watch directory for incoming emails (conceptual implementation)
-   */
-  private watchIncomingEmails(directory: string) {
-    console.log(`Watching for incoming emails in: ${directory}`);
-    
-    // Conceptual - in a real implementation, set up proper file watching
-    // or modify the MTA to emit events when emails are received
-    
-    /*
-    // Example using a file watcher:
-    const watcher = plugins.fs.watch(directory, async (eventType, filename) => {
-      if (eventType === 'rename' && filename.endsWith('.eml')) {
-        const filePath = plugins.path.join(directory, filename);
-        await this.handleMtaIncomingEmail(filePath);
-      }
-    });
-    */
-  }
-
-  /**
-   * Handle incoming email received via MTA
-   */
-  public async handleMtaIncomingEmail(emailPath: string) {
-    try {
-      // Process the email file
-      const fetchedSmartmail = await this.emailRef.mtaConnector.receiveEmail(emailPath);
-      
-      console.log('=======================');
-      console.log('Received a mail via MTA:');
-      console.log(`From: ${fetchedSmartmail.options.creationObjectRef.From}`);
-      console.log(`To: ${fetchedSmartmail.options.creationObjectRef.To}`);
-      console.log(`Subject: ${fetchedSmartmail.options.creationObjectRef.Subject}`);
-      console.log('^^^^^^^^^^^^^^^^^^^^^^^');
-
-      logger.log(
-        'info',
-        `email from ${fetchedSmartmail.options.creationObjectRef.From} to ${fetchedSmartmail.options.creationObjectRef.To} with subject '${fetchedSmartmail.options.creationObjectRef.Subject}'`,
-        {
-          eventType: 'receivedEmail',
-          provider: 'mta',
-          email: {
-            from: fetchedSmartmail.options.creationObjectRef.From,
-            to: fetchedSmartmail.options.creationObjectRef.To,
-            subject: fetchedSmartmail.options.creationObjectRef.Subject,
-          },
-        }
-      );
-
-      // Process with rules
-      this.smartruleInstance.makeDecision(fetchedSmartmail);
-    } catch (error) {
-      logger.log('error', `Failed to process incoming MTA email: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-    }
-  }
-
-  public async init() {
-    // Setup email rules
-    await this.createForwards();
-  }
-
-  /**
-   * creates the default forwards
-   */
-  public async createForwards() {
-    const forwards: { originalToAddress: string[]; forwardedToAddress: string[] }[] = [];
-    console.log(`${forwards.length} forward rules configured:`);
-    for (const forward of forwards) {
-      console.log(forward);
-    }
-
-    for (const forward of forwards) {
-      this.smartruleInstance.createRule(
-        10,
-        async (smartmailArg) => {
-          const matched = forward.originalToAddress.reduce<boolean>((prevValue, currentValue) => {
-            return smartmailArg.options.creationObjectRef.To.includes(currentValue) || prevValue;
-          }, false);
-          if (matched) {
-            console.log('Forward rule matched');
-            console.log(forward);
-            return 'apply-continue';
-          } else {
-            return 'continue';
-          }
-        },
-        async (smartmailArg: plugins.smartmail.Smartmail<any>) => {
-          forward.forwardedToAddress.map(async (toArg) => {
-            const forwardedSmartMail = new plugins.smartmail.Smartmail({
-              body:
-                `
-              <div style="background: #CCC; padding: 10px; border-radius: 3px;">
-                <div><b>Original Sender:</b></div>
-                <div>${smartmailArg.options.creationObjectRef.From}</div>
-                <div><b>Original Recipient:</b></div>
-                <div>${smartmailArg.options.creationObjectRef.To}</div>
-                <div><b>Forwarded to:</b></div>
-                <div>${forward.forwardedToAddress.reduce<string>((pVal, cVal) => {
-                  return `${pVal ? pVal + ', ' : ''}${cVal}`;
-                }, null)}</div>
-                <div><b>Subject:</b></div>
-                <div>${smartmailArg.getSubject()}</div>
-                <div><b>The original body can be found below.</b></div>
-              </div>
-              ` + smartmailArg.getBody(),
-              from: 'forwarder@mail.lossless.one',
-              subject: `Forwarded mail for '${smartmailArg.options.creationObjectRef.To}'`,
-            });
-            for (const attachment of smartmailArg.attachments) {
-              forwardedSmartMail.addAttachment(attachment);
-            }
-            
-            // Use the EmailService's sendEmail method to send with the appropriate provider
-            await this.emailRef.sendEmail(forwardedSmartMail, toArg);
-            
-            console.log(`forwarded mail to ${toArg}`);
-            logger.log(
-              'info',
-              `email from ${
-                smartmailArg.options.creationObjectRef.From
-              } to ${toArg} with subject '${smartmailArg.getSubject()}'`,
-              {
-                eventType: 'forwardedEmail',
-                email: {
-                  from: smartmailArg.options.creationObjectRef.From,
-                  to: smartmailArg.options.creationObjectRef.To,
-                  forwardedTo: toArg,
-                  subject: smartmailArg.options.creationObjectRef.Subject,
-                },
-              }
-            );
-          });
-        }
-      );
-    }
-  }
-}

ts/mail/core/classes.templatemanager.ts

@@ -1,325 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { logger } from '../../logger.js';
-
-/**
- * Email template type definition
- */
-export interface IEmailTemplate<T = any> {
-  id: string;
-  name: string;
-  description: string;
-  from: string;
-  subject: string;
-  bodyHtml: string;
-  bodyText?: string;
-  category?: string;
-  sampleData?: T;
-  attachments?: Array<{
-    name: string;
-    path: string;
-    contentType?: string;
-  }>;
-}
-
-/**
- * Email template context - data used to render the template
- */
-export interface ITemplateContext {
-  [key: string]: any;
-}
-
-/**
- * Template category definitions
- */
-export enum TemplateCategory {
-  NOTIFICATION = 'notification',
-  TRANSACTIONAL = 'transactional',
-  MARKETING = 'marketing',
-  SYSTEM = 'system'
-}
-
-/**
- * Enhanced template manager using smartmail's capabilities
- */
-export class TemplateManager {
-  private templates: Map<string, IEmailTemplate> = new Map();
-  private defaultConfig: {
-    from: string;
-    replyTo?: string;
-    footerHtml?: string;
-    footerText?: string;
-  };
-  
-  constructor(defaultConfig?: {
-    from?: string;
-    replyTo?: string;
-    footerHtml?: string;
-    footerText?: string;
-  }) {
-    // Set default configuration
-    this.defaultConfig = {
-      from: defaultConfig?.from || 'noreply@mail.lossless.com',
-      replyTo: defaultConfig?.replyTo,
-      footerHtml: defaultConfig?.footerHtml || '',
-      footerText: defaultConfig?.footerText || ''
-    };
-    
-    // Initialize with built-in templates
-    this.registerBuiltinTemplates();
-  }
-  
-  /**
-   * Register built-in email templates
-   */
-  private registerBuiltinTemplates(): void {
-    // Welcome email
-    this.registerTemplate<{
-      firstName: string;
-      accountUrl: string;
-    }>({
-      id: 'welcome',
-      name: 'Welcome Email',
-      description: 'Sent to users when they first sign up',
-      from: this.defaultConfig.from,
-      subject: 'Welcome to {{serviceName}}!',
-      category: TemplateCategory.TRANSACTIONAL,
-      bodyHtml: `
-        <h1>Welcome, {{firstName}}!</h1>
-        <p>Thank you for joining {{serviceName}}. We're excited to have you on board.</p>
-        <p>To get started, <a href="{{accountUrl}}">visit your account</a>.</p>
-      `,
-      bodyText: 
-        `Welcome, {{firstName}}!
-        
-        Thank you for joining {{serviceName}}. We're excited to have you on board.
-        
-        To get started, visit your account: {{accountUrl}}
-        `,
-      sampleData: {
-        firstName: 'John',
-        accountUrl: 'https://example.com/account'
-      }
-    });
-    
-    // Password reset
-    this.registerTemplate<{
-      resetUrl: string;
-      expiryHours: number;
-    }>({
-      id: 'password-reset',
-      name: 'Password Reset',
-      description: 'Sent when a user requests a password reset',
-      from: this.defaultConfig.from,
-      subject: 'Password Reset Request',
-      category: TemplateCategory.TRANSACTIONAL,
-      bodyHtml: `
-        <h2>Password Reset Request</h2>
-        <p>You recently requested to reset your password. Click the link below to reset it:</p>
-        <p><a href="{{resetUrl}}">Reset Password</a></p>
-        <p>This link will expire in {{expiryHours}} hours.</p>
-        <p>If you didn't request a password reset, please ignore this email.</p>
-      `,
-      sampleData: {
-        resetUrl: 'https://example.com/reset-password?token=abc123',
-        expiryHours: 24
-      }
-    });
-    
-    // System notification
-    this.registerTemplate({
-      id: 'system-notification',
-      name: 'System Notification',
-      description: 'General system notification template',
-      from: this.defaultConfig.from,
-      subject: '{{subject}}',
-      category: TemplateCategory.SYSTEM,
-      bodyHtml: `
-        <h2>{{title}}</h2>
-        <div>{{message}}</div>
-      `,
-      sampleData: {
-        subject: 'Important System Notification',
-        title: 'System Maintenance',
-        message: 'The system will be undergoing maintenance on Saturday from 2-4am UTC.'
-      }
-    });
-  }
-  
-  /**
-   * Register a new email template
-   * @param template The email template to register
-   */
-  public registerTemplate<T = any>(template: IEmailTemplate<T>): void {
-    if (this.templates.has(template.id)) {
-      logger.log('warn', `Template with ID '${template.id}' already exists and will be overwritten`);
-    }
-    
-    // Add footer to templates if configured
-    if (this.defaultConfig.footerHtml && template.bodyHtml) {
-      template.bodyHtml += this.defaultConfig.footerHtml;
-    }
-    
-    if (this.defaultConfig.footerText && template.bodyText) {
-      template.bodyText += this.defaultConfig.footerText;
-    }
-    
-    this.templates.set(template.id, template);
-    logger.log('info', `Registered email template: ${template.id}`);
-  }
-  
-  /**
-   * Get an email template by ID
-   * @param templateId The template ID
-   * @returns The template or undefined if not found
-   */
-  public getTemplate<T = any>(templateId: string): IEmailTemplate<T> | undefined {
-    return this.templates.get(templateId) as IEmailTemplate<T>;
-  }
-  
-  /**
-   * List all available templates
-   * @param category Optional category filter
-   * @returns Array of email templates
-   */
-  public listTemplates(category?: TemplateCategory): IEmailTemplate[] {
-    const templates = Array.from(this.templates.values());
-    if (category) {
-      return templates.filter(template => template.category === category);
-    }
-    return templates;
-  }
-  
-  /**
-   * Create a Smartmail instance from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A configured Smartmail instance
-   */
-  public async createSmartmail<T = any>(
-    templateId: string,
-    context?: ITemplateContext
-  ): Promise<plugins.smartmail.Smartmail<T>> {
-    const template = this.getTemplate(templateId);
-    
-    if (!template) {
-      throw new Error(`Template with ID '${templateId}' not found`);
-    }
-    
-    // Create Smartmail instance with template content
-    const smartmail = new plugins.smartmail.Smartmail<T>({
-      from: template.from || this.defaultConfig.from,
-      subject: template.subject,
-      body: template.bodyHtml || template.bodyText || '',
-      creationObjectRef: context as T
-    });
-    
-    // Add any template attachments
-    if (template.attachments && template.attachments.length > 0) {
-      for (const attachment of template.attachments) {
-        // Load attachment file
-        try {
-          const attachmentPath = plugins.path.isAbsolute(attachment.path) 
-            ? attachment.path 
-            : plugins.path.join(paths.MtaAttachmentsDir, attachment.path);
-            
-          // Use appropriate SmartFile method - either read from file or create with empty buffer
-          // For a file path, use the fromFilePath static method
-          const file = await plugins.smartfile.SmartFile.fromFilePath(attachmentPath);
-          
-          // Set content type if specified
-          if (attachment.contentType) {
-            (file as any).contentType = attachment.contentType;
-          }
-          
-          smartmail.addAttachment(file);
-        } catch (error) {
-          logger.log('error', `Failed to add attachment '${attachment.name}': ${error.message}`);
-        }
-      }
-    }
-    
-    // Apply template variables if context provided
-    if (context) {
-      // Use applyVariables from smartmail v2.1.0+
-      smartmail.applyVariables(context);
-    }
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create and completely process a Smartmail instance from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A complete, processed Smartmail instance ready to send
-   */
-  public async prepareEmail<T = any>(
-    templateId: string,
-    context: ITemplateContext = {}
-  ): Promise<plugins.smartmail.Smartmail<T>> {
-    const smartmail = await this.createSmartmail<T>(templateId, context);
-    
-    // Pre-compile all mustache templates (subject, body)
-    smartmail.getSubject();
-    smartmail.getBody();
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create a MIME-formatted email from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A MIME-formatted email string
-   */
-  public async createMimeEmail(
-    templateId: string,
-    context: ITemplateContext = {}
-  ): Promise<string> {
-    const smartmail = await this.prepareEmail(templateId, context);
-    return smartmail.toMimeFormat();
-  }
-  
-  
-  /**
-   * Load templates from a directory
-   * @param directory The directory containing template JSON files
-   */
-  public async loadTemplatesFromDirectory(directory: string): Promise<void> {
-    try {
-      // Ensure directory exists
-      if (!plugins.fs.existsSync(directory)) {
-        logger.log('error', `Template directory does not exist: ${directory}`);
-        return;
-      }
-      
-      // Get all JSON files
-      const files = plugins.fs.readdirSync(directory)
-        .filter(file => file.endsWith('.json'));
-      
-      for (const file of files) {
-        try {
-          const filePath = plugins.path.join(directory, file);
-          const content = plugins.fs.readFileSync(filePath, 'utf8');
-          const template = JSON.parse(content) as IEmailTemplate;
-          
-          // Validate template
-          if (!template.id || !template.subject || (!template.bodyHtml && !template.bodyText)) {
-            logger.log('warn', `Invalid template in ${file}: missing required fields`);
-            continue;
-          }
-          
-          this.registerTemplate(template);
-        } catch (error) {
-          logger.log('error', `Error loading template from ${file}: ${error.message}`);
-        }
-      }
-      
-      logger.log('info', `Loaded ${this.templates.size} email templates`);
-    } catch (error) {
-      logger.log('error', `Failed to load templates from directory: ${error.message}`);
-      throw error;
-    }
-  }
-}

ts/mail/core/index.ts

@@ -1,6 +0,0 @@
-// Core email components
-export * from './classes.email.js';
-export * from './classes.emailvalidator.js';
-export * from './classes.templatemanager.js';
-export * from './classes.bouncemanager.js';
-export * from './classes.rulemanager.js';

ts/mail/delivery/classes.connector.mta.ts

@@ -1,625 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailService } from '../services/classes.emailservice.js';
-import { logger } from '../../logger.js';
-
-// Import MTA classes
-import { MtaService } from './classes.mta.js';
-import { Email as MtaEmail } from '../core/classes.email.js';
-import { DeliveryStatus } from './classes.emailsendjob.js';
-
-// Re-export for use in index.ts
-export { DeliveryStatus };
-
-// Import Email types
-export interface IEmailOptions {
-  from: string;
-  to: string[];
-  cc?: string[];
-  bcc?: string[];
-  subject: string;
-  text?: string;
-  html?: string;
-  attachments?: IAttachment[];
-  headers?: { [key: string]: string };
-}
-
-
-// Reuse the IAttachment interface
-export interface IAttachment {
-  filename: string;
-  content: Buffer;
-  contentType: string;
-  contentId?: string;
-  encoding?: string;
-}
-
-/**
- * Email status details
- */
-export interface IEmailStatusDetails {
-  /** Number of delivery attempts */
-  attempts?: number;
-  /** Timestamp of last delivery attempt */
-  lastAttempt?: Date;
-  /** Timestamp of next scheduled attempt */
-  nextAttempt?: Date;
-  /** Error message if delivery failed */
-  error?: string;
-  /** Message explaining the status */
-  message?: string;
-}
-
-/**
- * Email status response
- */
-export interface IEmailStatusResponse {
-  /** Current status of the email */
-  status: DeliveryStatus | 'unknown' | 'error';
-  /** Additional status details */
-  details?: IEmailStatusDetails;
-}
-
-/**
- * Options for sending an email via MTA
- */
-export interface ISendEmailOptions {
-  /** Whether to use MIME format conversion */
-  useMimeFormat?: boolean;
-  /** Whether to track clicks */
-  trackClicks?: boolean;
-  /** Whether to track opens */
-  trackOpens?: boolean;
-  /** Message priority (1-5, where 1 is highest) */
-  priority?: number;
-  /** Message scheduling options */
-  schedule?: {
-    /** Time to send the email */
-    sendAt?: Date | string;
-    /** Time the message expires */
-    expireAt?: Date | string;
-  };
-  /** DKIM signing options */
-  dkim?: {
-    /** Whether to sign the message */
-    sign?: boolean;
-    /** Domain to use for signing */
-    domain?: string;
-    /** Key selector to use */
-    selector?: string;
-  };
-  /** Additional headers */
-  headers?: Record<string, string>;
-  /** Message tags for categorization */
-  tags?: string[];
-}
-
-export class MtaConnector {
-  public emailRef: EmailService;
-  private mtaService: MtaService;
-
-  constructor(emailRefArg: EmailService, mtaService?: MtaService) {
-    this.emailRef = emailRefArg;
-    this.mtaService = mtaService || this.emailRef.mtaService;
-  }
-
-  /**
-   * Send an email using the MTA service
-   * @param smartmail The email to send
-   * @param toAddresses Recipients (comma-separated or array)
-   * @param options Additional options
-   */
-
-  /**
-   * Send an email using the MTA service
-   * @param smartmail The email to send
-   * @param toAddresses Recipients (comma-separated or array)
-   * @param options Additional options
-   */
-  public async sendEmail(
-    smartmail: plugins.smartmail.Smartmail<any>,
-    toAddresses: string | string[],
-    options: ISendEmailOptions = {}
-  ): Promise<string> {
-    // Check if recipients are on the suppression list
-    const recipients = Array.isArray(toAddresses) 
-      ? toAddresses 
-      : toAddresses.split(',').map(addr => addr.trim());
-    
-    // Filter out suppressed recipients
-    const validRecipients = [];
-    const suppressedRecipients = [];
-    
-    for (const recipient of recipients) {
-      if (this.emailRef.bounceManager.isEmailSuppressed(recipient)) {
-        suppressedRecipients.push(recipient);
-      } else {
-        validRecipients.push(recipient);
-      }
-    }
-    
-    // Log suppressed recipients
-    if (suppressedRecipients.length > 0) {
-      logger.log('warn', `Skipping ${suppressedRecipients.length} suppressed recipients`, {
-        suppressedRecipients
-      });
-    }
-    
-    // If all recipients are suppressed, throw error
-    if (validRecipients.length === 0) {
-      throw new Error('All recipients are on the suppression list');
-    }
-    
-    // Continue with valid recipients
-    try {
-      // Use filtered recipients - already an array, no need for toArray
-      
-      // Add recipients to smartmail if they're not already added
-      if (!smartmail.options.to || smartmail.options.to.length === 0) {
-        for (const recipient of validRecipients) {
-          smartmail.addRecipient(recipient);
-        }
-      }
-
-      // Handle options
-      const emailOptions: Record<string, any> = { ...options };
-      
-      // Check if we should use MIME format
-      const useMimeFormat = options.useMimeFormat !== false; // Default to true
-      
-      if (useMimeFormat) {
-        // Use smartmail's MIME conversion for improved handling
-        try {
-          // Convert to MIME format
-          const mimeEmail = await smartmail.toMimeFormat(smartmail.options.creationObjectRef);
-          
-          // Parse the MIME email to create an MTA Email
-          return this.sendMimeEmail(mimeEmail, validRecipients);
-        } catch (mimeError) {
-          logger.log('warn', `Failed to use MIME format, falling back to direct conversion: ${mimeError.message}`);
-          // Fall back to direct conversion
-          return this.sendDirectEmail(smartmail, validRecipients);
-        }
-      } else {
-        // Use direct conversion
-        return this.sendDirectEmail(smartmail, validRecipients);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to send email via MTA: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-      
-      // Check if this is a bounce-related error
-      if (error.message.includes('550') || // Rejected
-          error.message.includes('551') || // User not local
-          error.message.includes('552') || // Mailbox full
-          error.message.includes('553') || // Bad mailbox name
-          error.message.includes('554') || // Transaction failed
-          error.message.includes('does not exist') ||
-          error.message.includes('unknown user') ||
-          error.message.includes('invalid recipient')) {
-            
-        // Process as a bounce
-        for (const recipient of validRecipients) {
-          await this.emailRef.bounceManager.processSmtpFailure(
-            recipient,
-            error.message,
-            {
-              sender: smartmail.options.from,
-              statusCode: error.message.match(/\b([45]\d{2})\b/) ? error.message.match(/\b([45]\d{2})\b/)[1] : undefined
-            }
-          );
-        }
-      }
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Send a MIME-formatted email
-   * @param mimeEmail The MIME-formatted email content
-   * @param recipients The email recipients
-   */
-  private async sendMimeEmail(mimeEmail: string, recipients: string[]): Promise<string> {
-    try {
-      // Parse the MIME email
-      const parsedEmail = await plugins.mailparser.simpleParser(mimeEmail);
-      
-      // Extract necessary information for MTA Email
-      const mtaEmail = new MtaEmail({
-        from: parsedEmail.from?.text || '',
-        to: recipients,
-        subject: parsedEmail.subject || '',
-        text: parsedEmail.text || '',
-        html: parsedEmail.html || undefined,
-        attachments: parsedEmail.attachments?.map(attachment => ({
-          filename: attachment.filename || 'attachment',
-          content: attachment.content,
-          contentType: attachment.contentType || 'application/octet-stream',
-          contentId: attachment.contentId
-        })) || [],
-        headers: Object.fromEntries([...parsedEmail.headers].map(([key, value]) => [key, String(value)]))
-      });
-      
-      // Send using MTA
-      const emailId = await this.mtaService.send(mtaEmail);
-      
-      logger.log('info', `MIME email sent via MTA to ${recipients.join(', ')}`, {
-        eventType: 'sentEmail',
-        provider: 'mta',
-        emailId,
-        to: recipients
-      });
-
-      return emailId;
-    } catch (error) {
-      logger.log('error', `Failed to send MIME email: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Send an email using direct conversion (fallback method)
-   * @param smartmail The Smartmail instance
-   * @param recipients The email recipients
-   */
-  private async sendDirectEmail(
-    smartmail: plugins.smartmail.Smartmail<any>,
-    recipients: string[]
-  ): Promise<string> {
-    // Map SmartMail attachments to MTA attachments with improved content type handling
-    const attachments: IAttachment[] = smartmail.attachments.map(attachment => {
-      // Try to determine content type from file extension if not explicitly set
-      let contentType = (attachment as any)?.contentType;
-      
-      if (!contentType) {
-        const extension = attachment.parsedPath.ext.toLowerCase();
-        contentType = this.getContentTypeFromExtension(extension);
-      }
-      
-      return {
-        filename: attachment.parsedPath.base,
-        content: Buffer.from(attachment.contentBuffer),
-        contentType: contentType || 'application/octet-stream',
-        // Add content ID for inline images if available
-        contentId: (attachment as any)?.contentId
-      };
-    });
-
-    // Create MTA Email
-    const mtaEmail = new MtaEmail({
-      from: smartmail.options.from,
-      to: recipients,
-      subject: smartmail.getSubject(),
-      text: smartmail.getBody(false), // Plain text version
-      html: smartmail.getBody(true),  // HTML version
-      attachments
-    });
-    
-    // Prepare arrays for CC and BCC recipients
-    let ccRecipients: string[] = [];
-    let bccRecipients: string[] = [];
-    
-    // Add CC recipients if present
-    if (smartmail.options.cc?.length > 0) {
-      // Handle CC recipients - smartmail options may contain email objects
-      ccRecipients = smartmail.options.cc.map(r => {
-        if (typeof r === 'string') return r;
-        return typeof (r as any).address === 'string' ? (r as any).address : 
-               typeof (r as any).email === 'string' ? (r as any).email : '';
-      });
-      mtaEmail.cc = ccRecipients;
-    }
-    
-    // Add BCC recipients if present
-    if (smartmail.options.bcc?.length > 0) {
-      // Handle BCC recipients - smartmail options may contain email objects
-      bccRecipients = smartmail.options.bcc.map(r => {
-        if (typeof r === 'string') return r;
-        return typeof (r as any).address === 'string' ? (r as any).address : 
-               typeof (r as any).email === 'string' ? (r as any).email : '';
-      });
-      mtaEmail.bcc = bccRecipients;
-    }
-
-    // Send using MTA
-    const emailId = await this.mtaService.send(mtaEmail);
-    
-    logger.log('info', `Email sent via MTA to ${recipients.join(', ')}`, {
-      eventType: 'sentEmail',
-      provider: 'mta',
-      emailId,
-      to: recipients
-    });
-
-    return emailId;
-  }
-  
-  /**
-   * Get content type from file extension
-   * @param extension The file extension (with or without dot)
-   * @returns The content type or undefined if unknown
-   */
-  private getContentTypeFromExtension(extension: string): string | undefined {
-    // Remove dot if present
-    const ext = extension.startsWith('.') ? extension.substring(1) : extension;
-    
-    // Common content types
-    const contentTypes: Record<string, string> = {
-      'pdf': 'application/pdf',
-      'jpg': 'image/jpeg',
-      'jpeg': 'image/jpeg',
-      'png': 'image/png',
-      'gif': 'image/gif',
-      'svg': 'image/svg+xml',
-      'webp': 'image/webp',
-      'txt': 'text/plain',
-      'html': 'text/html',
-      'csv': 'text/csv',
-      'json': 'application/json',
-      'xml': 'application/xml',
-      'zip': 'application/zip',
-      'doc': 'application/msword',
-      'docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-      'xls': 'application/vnd.ms-excel',
-      'xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-      'ppt': 'application/vnd.ms-powerpoint',
-      'pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation'
-    };
-    
-    return contentTypes[ext.toLowerCase()];
-  }
-
-  /**
-   * Retrieve and process an incoming email
-   * For MTA, this would handle an email already received by the SMTP server
-   * @param emailData The raw email data or identifier
-   * @param options Additional processing options
-   */
-  public async receiveEmail(
-    emailData: string,
-    options: {
-      preserveHeaders?: boolean;
-      includeRawData?: boolean;
-      validateSender?: boolean;
-    } = {}
-  ): Promise<plugins.smartmail.Smartmail<any>> {
-    try {
-      // In a real implementation, this would retrieve an email from the MTA storage
-      // For now, we can use a simplified approach:
-      
-      // Parse the email (assuming emailData is a raw email or a file path)
-      const parsedEmail = await plugins.mailparser.simpleParser(emailData);
-      
-      // Extract sender information
-      const sender = parsedEmail.from?.text || '';
-      let senderName = '';
-      let senderEmail = sender;
-      
-      // Try to extract name and email from "Name <email>" format
-      const senderMatch = sender.match(/(.*?)\s*<([^>]+)>/);
-      if (senderMatch) {
-        senderName = senderMatch[1].trim();
-        senderEmail = senderMatch[2].trim();
-      }
-      
-      // Extract recipients
-      const recipients = [];
-      if (parsedEmail.to) {
-        // Extract recipients safely
-        try {
-          // Handle AddressObject or AddressObject[]
-          if (parsedEmail.to && typeof parsedEmail.to === 'object' && 'value' in parsedEmail.to) {
-            const addressList = Array.isArray(parsedEmail.to.value) 
-              ? parsedEmail.to.value 
-              : [parsedEmail.to.value];
-              
-            for (const addr of addressList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                recipients.push({
-                  name: addr.name || '',
-                  email: addr.address || ''
-                });
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let toStr = '';
-          if (parsedEmail.to && typeof parsedEmail.to === 'object' && 'text' in parsedEmail.to) {
-            toStr = String(parsedEmail.to.text || '');
-          }
-          if (toStr) {
-            recipients.push({
-              name: '',
-              email: toStr
-            });
-          }
-        }
-      }
-      
-      // Create a more comprehensive creation object reference
-      const creationObjectRef: Record<string, any> = {
-        sender: {
-          name: senderName,
-          email: senderEmail
-        },
-        recipients: recipients,
-        subject: parsedEmail.subject || '',
-        date: parsedEmail.date || new Date(),
-        messageId: parsedEmail.messageId || '',
-        inReplyTo: parsedEmail.inReplyTo || null,
-        references: parsedEmail.references || []
-      };
-      
-      // Include headers if requested
-      if (options.preserveHeaders) {
-        creationObjectRef.headers = parsedEmail.headers;
-      }
-      
-      // Include raw data if requested
-      if (options.includeRawData) {
-        creationObjectRef.rawData = emailData;
-      }
-      
-      // Create a Smartmail from the parsed email
-      const smartmail = new plugins.smartmail.Smartmail({
-        from: senderEmail,
-        subject: parsedEmail.subject || '',
-        body: parsedEmail.html || parsedEmail.text || '',
-        creationObjectRef
-      });
-      
-      // Add recipients
-      if (recipients.length > 0) {
-        for (const recipient of recipients) {
-          smartmail.addRecipient(recipient.email);
-        }
-      }
-      
-      // Add CC recipients if present
-      if (parsedEmail.cc) {
-        try {
-          // Extract CC recipients safely
-          if (parsedEmail.cc && typeof parsedEmail.cc === 'object' && 'value' in parsedEmail.cc) {
-            const ccList = Array.isArray(parsedEmail.cc.value) 
-              ? parsedEmail.cc.value 
-              : [parsedEmail.cc.value];
-              
-            for (const addr of ccList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                smartmail.addRecipient(addr.address, 'cc');
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let ccStr = '';
-          if (parsedEmail.cc && typeof parsedEmail.cc === 'object' && 'text' in parsedEmail.cc) {
-            ccStr = String(parsedEmail.cc.text || '');
-          }
-          if (ccStr) {
-            smartmail.addRecipient(ccStr, 'cc');
-          }
-        }
-      }
-      
-      // Add BCC recipients if present (usually not in received emails, but just in case)
-      if (parsedEmail.bcc) {
-        try {
-          // Extract BCC recipients safely
-          if (parsedEmail.bcc && typeof parsedEmail.bcc === 'object' && 'value' in parsedEmail.bcc) {
-            const bccList = Array.isArray(parsedEmail.bcc.value) 
-              ? parsedEmail.bcc.value 
-              : [parsedEmail.bcc.value];
-              
-            for (const addr of bccList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                smartmail.addRecipient(addr.address, 'bcc');
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let bccStr = '';
-          if (parsedEmail.bcc && typeof parsedEmail.bcc === 'object' && 'text' in parsedEmail.bcc) {
-            bccStr = String(parsedEmail.bcc.text || '');
-          }
-          if (bccStr) {
-            smartmail.addRecipient(bccStr, 'bcc');
-          }
-        }
-      }
-
-      // Add attachments if present
-      if (parsedEmail.attachments && parsedEmail.attachments.length > 0) {
-        for (const attachment of parsedEmail.attachments) {
-          // Create smartfile with proper constructor options
-          const file = new plugins.smartfile.SmartFile({
-            path: attachment.filename || 'attachment',
-            contentBuffer: attachment.content,
-            base: ''
-          });
-          
-          // Set content type and content ID for proper MIME handling
-          if (attachment.contentType) {
-            (file as any).contentType = attachment.contentType;
-          }
-          
-          if (attachment.contentId) {
-            (file as any).contentId = attachment.contentId;
-          }
-          
-          smartmail.addAttachment(file);
-        }
-      }
-      
-      // Validate sender if requested
-      if (options.validateSender && this.emailRef.emailValidator) {
-        try {
-          const validationResult = await this.emailRef.emailValidator.validate(senderEmail, {
-            checkSyntaxOnly: true // Use syntax-only for performance
-          });
-          
-          // Add validation info to the creation object
-          creationObjectRef.senderValidation = validationResult;
-        } catch (validationError) {
-          logger.log('warn', `Sender validation error: ${validationError.message}`);
-        }
-      }
-
-      return smartmail;
-    } catch (error) {
-      logger.log('error', `Failed to receive email via MTA: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-      throw error;
-    }
-  }
-
-  /**
-   * Check the status of a sent email
-   * @param emailId The email ID to check
-   * @returns Current status and details
-   */
-  public async checkEmailStatus(emailId: string): Promise<IEmailStatusResponse> {
-    try {
-      const status = this.mtaService.getEmailStatus(emailId);
-      
-      if (!status) {
-        return {
-          status: 'unknown' as const,
-          details: { message: 'Email not found' }
-        };
-      }
-
-      return {
-        // Use type assertion to ensure this passes type check
-        status: status.status as DeliveryStatus,
-        details: {
-          attempts: status.attempts,
-          lastAttempt: status.lastAttempt,
-          nextAttempt: status.nextAttempt,
-          error: status.error?.message,
-          message: `Status: ${status.status}${status.error ? `, Error: ${status.error.message}` : ''}`
-        }
-      };
-    } catch (error) {
-      logger.log('error', `Failed to check email status: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        emailId,
-        error: error.message
-      });
-      
-      return {
-        status: 'error' as const,
-        details: { message: error.message }
-      };
-    }
-  }
-}

ts/mail/delivery/classes.delivery.queue.ts

@@ -1,638 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { logger } from '../../logger.js';
-import { type EmailProcessingMode, type IDomainRule } from '../routing/classes.email.config.js';
-
-/**
- * Queue item status
- */
-export type QueueItemStatus = 'pending' | 'processing' | 'delivered' | 'failed' | 'deferred';
-
-/**
- * Queue item interface
- */
-export interface IQueueItem {
-  id: string;
-  processingMode: EmailProcessingMode;
-  processingResult: any;
-  rule: IDomainRule;
-  status: QueueItemStatus;
-  attempts: number;
-  nextAttempt: Date;
-  lastError?: string;
-  createdAt: Date;
-  updatedAt: Date;
-  deliveredAt?: Date;
-}
-
-/**
- * Queue options interface
- */
-export interface IQueueOptions {
-  // Storage options
-  storageType?: 'memory' | 'disk';
-  persistentPath?: string;
-  
-  // Queue behavior
-  checkInterval?: number;
-  maxQueueSize?: number;
-  maxPerDestination?: number;
-  
-  // Delivery attempts
-  maxRetries?: number;
-  baseRetryDelay?: number;
-  maxRetryDelay?: number;
-}
-
-/**
- * Queue statistics interface
- */
-export interface IQueueStats {
-  queueSize: number;
-  status: {
-    pending: number;
-    processing: number;
-    delivered: number;
-    failed: number;
-    deferred: number;
-  };
-  modes: {
-    forward: number;
-    mta: number;
-    process: number;
-  };
-  oldestItem?: Date;
-  newestItem?: Date;
-  averageAttempts: number;
-  totalProcessed: number;
-  processingActive: boolean;
-}
-
-/**
- * A unified queue for all email modes
- */
-export class UnifiedDeliveryQueue extends EventEmitter {
-  private options: Required<IQueueOptions>;
-  private queue: Map<string, IQueueItem> = new Map();
-  private checkTimer?: NodeJS.Timeout;
-  private stats: IQueueStats;
-  private processing: boolean = false;
-  private totalProcessed: number = 0;
-  
-  /**
-   * Create a new unified delivery queue
-   * @param options Queue options
-   */
-  constructor(options: IQueueOptions) {
-    super();
-    
-    // Set default options
-    this.options = {
-      storageType: options.storageType || 'memory',
-      persistentPath: options.persistentPath || path.join(process.cwd(), 'email-queue'),
-      checkInterval: options.checkInterval || 30000, // 30 seconds
-      maxQueueSize: options.maxQueueSize || 10000,
-      maxPerDestination: options.maxPerDestination || 100,
-      maxRetries: options.maxRetries || 5,
-      baseRetryDelay: options.baseRetryDelay || 60000, // 1 minute
-      maxRetryDelay: options.maxRetryDelay || 3600000 // 1 hour
-    };
-    
-    // Initialize statistics
-    this.stats = {
-      queueSize: 0,
-      status: {
-        pending: 0,
-        processing: 0,
-        delivered: 0,
-        failed: 0,
-        deferred: 0
-      },
-      modes: {
-        forward: 0,
-        mta: 0,
-        process: 0
-      },
-      averageAttempts: 0,
-      totalProcessed: 0,
-      processingActive: false
-    };
-  }
-  
-  /**
-   * Initialize the queue
-   */
-  public async initialize(): Promise<void> {
-    logger.log('info', 'Initializing UnifiedDeliveryQueue');
-    
-    try {
-      // Create persistent storage directory if using disk storage
-      if (this.options.storageType === 'disk') {
-        if (!fs.existsSync(this.options.persistentPath)) {
-          fs.mkdirSync(this.options.persistentPath, { recursive: true });
-        }
-        
-        // Load existing items from disk
-        await this.loadFromDisk();
-      }
-      
-      // Start the queue processing timer
-      this.startProcessing();
-      
-      // Emit initialized event
-      this.emit('initialized');
-      logger.log('info', 'UnifiedDeliveryQueue initialized successfully');
-    } catch (error) {
-      logger.log('error', `Failed to initialize queue: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Start queue processing
-   */
-  private startProcessing(): void {
-    if (this.checkTimer) {
-      clearInterval(this.checkTimer);
-    }
-    
-    this.checkTimer = setInterval(() => this.processQueue(), this.options.checkInterval);
-    this.processing = true;
-    this.stats.processingActive = true;
-    this.emit('processingStarted');
-    logger.log('info', 'Queue processing started');
-  }
-  
-  /**
-   * Stop queue processing
-   */
-  private stopProcessing(): void {
-    if (this.checkTimer) {
-      clearInterval(this.checkTimer);
-      this.checkTimer = undefined;
-    }
-    
-    this.processing = false;
-    this.stats.processingActive = false;
-    this.emit('processingStopped');
-    logger.log('info', 'Queue processing stopped');
-  }
-  
-  /**
-   * Check for items that need to be processed
-   */
-  private async processQueue(): Promise<void> {
-    try {
-      const now = new Date();
-      let readyItems: IQueueItem[] = [];
-      
-      // Find items ready for processing
-      for (const item of this.queue.values()) {
-        if (item.status === 'pending' || (item.status === 'deferred' && item.nextAttempt <= now)) {
-          readyItems.push(item);
-        }
-      }
-      
-      if (readyItems.length === 0) {
-        return;
-      }
-      
-      // Sort by oldest first
-      readyItems.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-      
-      // Emit event for ready items
-      this.emit('itemsReady', readyItems);
-      logger.log('info', `Found ${readyItems.length} items ready for processing`);
-      
-      // Update statistics
-      this.updateStats();
-    } catch (error) {
-      logger.log('error', `Error processing queue: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Add an item to the queue
-   * @param processingResult Processing result to queue
-   * @param mode Processing mode
-   * @param rule Domain rule
-   */
-  public async enqueue(processingResult: any, mode: EmailProcessingMode, rule: IDomainRule): Promise<string> {
-    // Check if queue is full
-    if (this.queue.size >= this.options.maxQueueSize) {
-      throw new Error('Queue is full');
-    }
-    
-    // Generate a unique ID
-    const id = `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
-    
-    // Create queue item
-    const item: IQueueItem = {
-      id,
-      processingMode: mode,
-      processingResult,
-      rule,
-      status: 'pending',
-      attempts: 0,
-      nextAttempt: new Date(),
-      createdAt: new Date(),
-      updatedAt: new Date()
-    };
-    
-    // Add to queue
-    this.queue.set(id, item);
-    
-    // Persist to disk if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemEnqueued', item);
-    logger.log('info', `Item enqueued with ID ${id}, mode: ${mode}`);
-    
-    return id;
-  }
-  
-  /**
-   * Get an item from the queue
-   * @param id Item ID
-   */
-  public getItem(id: string): IQueueItem | undefined {
-    return this.queue.get(id);
-  }
-  
-  /**
-   * Mark an item as being processed
-   * @param id Item ID
-   */
-  public async markProcessing(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Update status
-    item.status = 'processing';
-    item.attempts++;
-    item.updatedAt = new Date();
-    
-    // Persist changes if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemProcessing', item);
-    logger.log('info', `Item ${id} marked as processing, attempt ${item.attempts}`);
-    
-    return true;
-  }
-  
-  /**
-   * Mark an item as delivered
-   * @param id Item ID
-   */
-  public async markDelivered(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Update status
-    item.status = 'delivered';
-    item.updatedAt = new Date();
-    item.deliveredAt = new Date();
-    
-    // Persist changes if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.totalProcessed++;
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemDelivered', item);
-    logger.log('info', `Item ${id} marked as delivered after ${item.attempts} attempts`);
-    
-    return true;
-  }
-  
-  /**
-   * Mark an item as failed
-   * @param id Item ID
-   * @param error Error message
-   */
-  public async markFailed(id: string, error: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Determine if we should retry
-    if (item.attempts < this.options.maxRetries) {
-      // Calculate next retry time with exponential backoff
-      const delay = Math.min(
-        this.options.baseRetryDelay * Math.pow(2, item.attempts - 1),
-        this.options.maxRetryDelay
-      );
-      
-      // Update status
-      item.status = 'deferred';
-      item.lastError = error;
-      item.nextAttempt = new Date(Date.now() + delay);
-      item.updatedAt = new Date();
-      
-      // Persist changes if using disk storage
-      if (this.options.storageType === 'disk') {
-        await this.persistItem(item);
-      }
-      
-      // Emit event
-      this.emit('itemDeferred', item);
-      logger.log('info', `Item ${id} deferred for ${delay}ms, attempt ${item.attempts}, error: ${error}`);
-    } else {
-      // Mark as permanently failed
-      item.status = 'failed';
-      item.lastError = error;
-      item.updatedAt = new Date();
-      
-      // Persist changes if using disk storage
-      if (this.options.storageType === 'disk') {
-        await this.persistItem(item);
-      }
-      
-      // Update statistics
-      this.totalProcessed++;
-      
-      // Emit event
-      this.emit('itemFailed', item);
-      logger.log('warn', `Item ${id} permanently failed after ${item.attempts} attempts, error: ${error}`);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    return true;
-  }
-  
-  /**
-   * Remove an item from the queue
-   * @param id Item ID
-   */
-  public async removeItem(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Remove from queue
-    this.queue.delete(id);
-    
-    // Remove from disk if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.removeItemFromDisk(id);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemRemoved', item);
-    logger.log('info', `Item ${id} removed from queue`);
-    
-    return true;
-  }
-  
-  /**
-   * Persist an item to disk
-   * @param item Item to persist
-   */
-  private async persistItem(item: IQueueItem): Promise<void> {
-    try {
-      const filePath = path.join(this.options.persistentPath, `${item.id}.json`);
-      await fs.promises.writeFile(filePath, JSON.stringify(item, null, 2), 'utf8');
-    } catch (error) {
-      logger.log('error', `Failed to persist item ${item.id}: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Remove an item from disk
-   * @param id Item ID
-   */
-  private async removeItemFromDisk(id: string): Promise<void> {
-    try {
-      const filePath = path.join(this.options.persistentPath, `${id}.json`);
-      
-      if (fs.existsSync(filePath)) {
-        await fs.promises.unlink(filePath);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to remove item ${id} from disk: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Load queue items from disk
-   */
-  private async loadFromDisk(): Promise<void> {
-    try {
-      // Check if directory exists
-      if (!fs.existsSync(this.options.persistentPath)) {
-        return;
-      }
-      
-      // Get all JSON files
-      const files = fs.readdirSync(this.options.persistentPath).filter(file => file.endsWith('.json'));
-      
-      // Load each file
-      for (const file of files) {
-        try {
-          const filePath = path.join(this.options.persistentPath, file);
-          const data = await fs.promises.readFile(filePath, 'utf8');
-          const item = JSON.parse(data) as IQueueItem;
-          
-          // Convert date strings to Date objects
-          item.createdAt = new Date(item.createdAt);
-          item.updatedAt = new Date(item.updatedAt);
-          item.nextAttempt = new Date(item.nextAttempt);
-          if (item.deliveredAt) {
-            item.deliveredAt = new Date(item.deliveredAt);
-          }
-          
-          // Add to queue
-          this.queue.set(item.id, item);
-        } catch (error) {
-          logger.log('error', `Failed to load item from ${file}: ${error.message}`);
-        }
-      }
-      
-      // Update statistics
-      this.updateStats();
-      
-      logger.log('info', `Loaded ${this.queue.size} items from disk`);
-    } catch (error) {
-      logger.log('error', `Failed to load items from disk: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Update queue statistics
-   */
-  private updateStats(): void {
-    // Reset counters
-    this.stats.queueSize = this.queue.size;
-    this.stats.status = {
-      pending: 0,
-      processing: 0,
-      delivered: 0,
-      failed: 0,
-      deferred: 0
-    };
-    this.stats.modes = {
-      forward: 0,
-      mta: 0,
-      process: 0
-    };
-    
-    let totalAttempts = 0;
-    let oldestTime = Date.now();
-    let newestTime = 0;
-    
-    // Count by status and mode
-    for (const item of this.queue.values()) {
-      // Count by status
-      this.stats.status[item.status]++;
-      
-      // Count by mode
-      this.stats.modes[item.processingMode]++;
-      
-      // Track total attempts
-      totalAttempts += item.attempts;
-      
-      // Track oldest and newest
-      const itemTime = item.createdAt.getTime();
-      if (itemTime < oldestTime) {
-        oldestTime = itemTime;
-      }
-      if (itemTime > newestTime) {
-        newestTime = itemTime;
-      }
-    }
-    
-    // Calculate average attempts
-    this.stats.averageAttempts = this.queue.size > 0 ? totalAttempts / this.queue.size : 0;
-    
-    // Set oldest and newest
-    this.stats.oldestItem = this.queue.size > 0 ? new Date(oldestTime) : undefined;
-    this.stats.newestItem = this.queue.size > 0 ? new Date(newestTime) : undefined;
-    
-    // Set total processed
-    this.stats.totalProcessed = this.totalProcessed;
-    
-    // Set processing active
-    this.stats.processingActive = this.processing;
-    
-    // Emit statistics event
-    this.emit('statsUpdated', this.stats);
-  }
-  
-  /**
-   * Get queue statistics
-   */
-  public getStats(): IQueueStats {
-    return { ...this.stats };
-  }
-  
-  /**
-   * Pause queue processing
-   */
-  public pause(): void {
-    if (this.processing) {
-      this.stopProcessing();
-      logger.log('info', 'Queue processing paused');
-    }
-  }
-  
-  /**
-   * Resume queue processing
-   */
-  public resume(): void {
-    if (!this.processing) {
-      this.startProcessing();
-      logger.log('info', 'Queue processing resumed');
-    }
-  }
-  
-  /**
-   * Clean up old delivered and failed items
-   * @param maxAge Maximum age in milliseconds (default: 7 days)
-   */
-  public async cleanupOldItems(maxAge: number = 7 * 24 * 60 * 60 * 1000): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAge);
-    let removedCount = 0;
-    
-    // Find old items
-    for (const item of this.queue.values()) {
-      if (['delivered', 'failed'].includes(item.status) && item.updatedAt < cutoff) {
-        // Remove item
-        await this.removeItem(item.id);
-        removedCount++;
-      }
-    }
-    
-    logger.log('info', `Cleaned up ${removedCount} old items`);
-    return removedCount;
-  }
-  
-  /**
-   * Shutdown the queue
-   */
-  public async shutdown(): Promise<void> {
-    logger.log('info', 'Shutting down UnifiedDeliveryQueue');
-    
-    // Stop processing
-    this.stopProcessing();
-    
-    // If using disk storage, make sure all items are persisted
-    if (this.options.storageType === 'disk') {
-      const pendingWrites: Promise<void>[] = [];
-      
-      for (const item of this.queue.values()) {
-        pendingWrites.push(this.persistItem(item));
-      }
-      
-      // Wait for all writes to complete
-      await Promise.all(pendingWrites);
-    }
-    
-    // Clear the queue (memory only)
-    this.queue.clear();
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit shutdown event
-    this.emit('shutdown');
-    logger.log('info', 'UnifiedDeliveryQueue shut down successfully');
-  }
-}

ts/mail/delivery/classes.delivery.system.ts

@@ -1,935 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import * as net from 'node:net';
-import * as tls from 'node:tls';
-import { logger } from '../../logger.js';
-import { 
-  SecurityLogger, 
-  SecurityLogLevel, 
-  SecurityEventType 
-} from '../../security/index.js';
-import { UnifiedDeliveryQueue, type IQueueItem } from './classes.delivery.queue.js';
-import type { Email } from '../core/classes.email.js';
-import type { IDomainRule } from '../routing/classes.email.config.js';
-
-/**
- * Delivery handler interface
- */
-export interface IDeliveryHandler {
-  deliver(item: IQueueItem): Promise<any>;
-}
-
-/**
- * Delivery options
- */
-export interface IMultiModeDeliveryOptions {
-  // Connection options
-  connectionPoolSize?: number;
-  socketTimeout?: number;
-  
-  // Delivery behavior
-  concurrentDeliveries?: number;
-  sendTimeout?: number;
-  
-  // TLS options
-  verifyCertificates?: boolean;
-  tlsMinVersion?: string;
-  
-  // Mode-specific handlers
-  forwardHandler?: IDeliveryHandler;
-  mtaHandler?: IDeliveryHandler;
-  processHandler?: IDeliveryHandler;
-  
-  // Rate limiting
-  globalRateLimit?: number;
-  perPatternRateLimit?: Record<string, number>;
-  
-  // Event hooks
-  onDeliveryStart?: (item: IQueueItem) => Promise<void>;
-  onDeliverySuccess?: (item: IQueueItem, result: any) => Promise<void>;
-  onDeliveryFailed?: (item: IQueueItem, error: string) => Promise<void>;
-}
-
-/**
- * Delivery system statistics
- */
-export interface IDeliveryStats {
-  activeDeliveries: number;
-  totalSuccessful: number;
-  totalFailed: number;
-  avgDeliveryTime: number;
-  byMode: {
-    forward: {
-      successful: number;
-      failed: number;
-    };
-    mta: {
-      successful: number;
-      failed: number;
-    };
-    process: {
-      successful: number;
-      failed: number;
-    };
-  };
-  rateLimiting: {
-    currentRate: number;
-    globalLimit: number;
-    throttled: number;
-  };
-}
-
-/**
- * Handles delivery for all email processing modes
- */
-export class MultiModeDeliverySystem extends EventEmitter {
-  private queue: UnifiedDeliveryQueue;
-  private options: Required<IMultiModeDeliveryOptions>;
-  private stats: IDeliveryStats;
-  private deliveryTimes: number[] = [];
-  private activeDeliveries: Set<string> = new Set();
-  private running: boolean = false;
-  private throttled: boolean = false;
-  private rateLimitLastCheck: number = Date.now();
-  private rateLimitCounter: number = 0;
-  
-  /**
-   * Create a new multi-mode delivery system
-   * @param queue Unified delivery queue
-   * @param options Delivery options
-   */
-  constructor(queue: UnifiedDeliveryQueue, options: IMultiModeDeliveryOptions) {
-    super();
-    
-    this.queue = queue;
-    
-    // Set default options
-    this.options = {
-      connectionPoolSize: options.connectionPoolSize || 10,
-      socketTimeout: options.socketTimeout || 30000, // 30 seconds
-      concurrentDeliveries: options.concurrentDeliveries || 10,
-      sendTimeout: options.sendTimeout || 60000, // 1 minute
-      verifyCertificates: options.verifyCertificates !== false, // Default to true
-      tlsMinVersion: options.tlsMinVersion || 'TLSv1.2',
-      forwardHandler: options.forwardHandler || {
-        deliver: this.handleForwardDelivery.bind(this)
-      },
-      mtaHandler: options.mtaHandler || {
-        deliver: this.handleMtaDelivery.bind(this)
-      },
-      processHandler: options.processHandler || {
-        deliver: this.handleProcessDelivery.bind(this)
-      },
-      globalRateLimit: options.globalRateLimit || 100, // 100 emails per minute
-      perPatternRateLimit: options.perPatternRateLimit || {},
-      onDeliveryStart: options.onDeliveryStart || (async () => {}),
-      onDeliverySuccess: options.onDeliverySuccess || (async () => {}),
-      onDeliveryFailed: options.onDeliveryFailed || (async () => {})
-    };
-    
-    // Initialize statistics
-    this.stats = {
-      activeDeliveries: 0,
-      totalSuccessful: 0,
-      totalFailed: 0,
-      avgDeliveryTime: 0,
-      byMode: {
-        forward: {
-          successful: 0,
-          failed: 0
-        },
-        mta: {
-          successful: 0,
-          failed: 0
-        },
-        process: {
-          successful: 0,
-          failed: 0
-        }
-      },
-      rateLimiting: {
-        currentRate: 0,
-        globalLimit: this.options.globalRateLimit,
-        throttled: 0
-      }
-    };
-    
-    // Set up event listeners
-    this.queue.on('itemsReady', this.processItems.bind(this));
-  }
-  
-  /**
-   * Start the delivery system
-   */
-  public async start(): Promise<void> {
-    logger.log('info', 'Starting MultiModeDeliverySystem');
-    
-    if (this.running) {
-      logger.log('warn', 'MultiModeDeliverySystem is already running');
-      return;
-    }
-    
-    this.running = true;
-    
-    // Emit started event
-    this.emit('started');
-    logger.log('info', 'MultiModeDeliverySystem started successfully');
-  }
-  
-  /**
-   * Stop the delivery system
-   */
-  public async stop(): Promise<void> {
-    logger.log('info', 'Stopping MultiModeDeliverySystem');
-    
-    if (!this.running) {
-      logger.log('warn', 'MultiModeDeliverySystem is already stopped');
-      return;
-    }
-    
-    this.running = false;
-    
-    // Wait for active deliveries to complete
-    if (this.activeDeliveries.size > 0) {
-      logger.log('info', `Waiting for ${this.activeDeliveries.size} active deliveries to complete`);
-      
-      // Wait for a maximum of 30 seconds
-      await new Promise<void>(resolve => {
-        const checkInterval = setInterval(() => {
-          if (this.activeDeliveries.size === 0) {
-            clearInterval(checkInterval);
-            resolve();
-          }
-        }, 1000);
-        
-        // Force resolve after 30 seconds
-        setTimeout(() => {
-          clearInterval(checkInterval);
-          resolve();
-        }, 30000);
-      });
-    }
-    
-    // Emit stopped event
-    this.emit('stopped');
-    logger.log('info', 'MultiModeDeliverySystem stopped successfully');
-  }
-  
-  /**
-   * Process ready items from the queue
-   * @param items Queue items ready for processing
-   */
-  private async processItems(items: IQueueItem[]): Promise<void> {
-    if (!this.running) {
-      return;
-    }
-    
-    // Check if we're already at max concurrent deliveries
-    if (this.activeDeliveries.size >= this.options.concurrentDeliveries) {
-      logger.log('debug', `Already at max concurrent deliveries (${this.activeDeliveries.size})`);
-      return;
-    }
-    
-    // Check rate limiting
-    if (this.checkRateLimit()) {
-      logger.log('debug', 'Rate limit exceeded, throttling deliveries');
-      return;
-    }
-    
-    // Calculate how many more deliveries we can start
-    const availableSlots = this.options.concurrentDeliveries - this.activeDeliveries.size;
-    const itemsToProcess = items.slice(0, availableSlots);
-    
-    if (itemsToProcess.length === 0) {
-      return;
-    }
-    
-    logger.log('info', `Processing ${itemsToProcess.length} items for delivery`);
-    
-    // Process each item
-    for (const item of itemsToProcess) {
-      // Mark as processing
-      await this.queue.markProcessing(item.id);
-      
-      // Add to active deliveries
-      this.activeDeliveries.add(item.id);
-      this.stats.activeDeliveries = this.activeDeliveries.size;
-      
-      // Deliver asynchronously
-      this.deliverItem(item).catch(err => {
-        logger.log('error', `Unhandled error in delivery: ${err.message}`);
-      });
-    }
-    
-    // Update statistics
-    this.emit('statsUpdated', this.stats);
-  }
-  
-  /**
-   * Deliver an item from the queue
-   * @param item Queue item to deliver
-   */
-  private async deliverItem(item: IQueueItem): Promise<void> {
-    const startTime = Date.now();
-    
-    try {
-      // Call delivery start hook
-      await this.options.onDeliveryStart(item);
-      
-      // Emit delivery start event
-      this.emit('deliveryStart', item);
-      logger.log('info', `Starting delivery of item ${item.id}, mode: ${item.processingMode}`);
-      
-      // Choose the appropriate handler based on mode
-      let result: any;
-      
-      switch (item.processingMode) {
-        case 'forward':
-          result = await this.options.forwardHandler.deliver(item);
-          break;
-          
-        case 'mta':
-          result = await this.options.mtaHandler.deliver(item);
-          break;
-          
-        case 'process':
-          result = await this.options.processHandler.deliver(item);
-          break;
-          
-        default:
-          throw new Error(`Unknown processing mode: ${item.processingMode}`);
-      }
-      
-      // Mark as delivered
-      await this.queue.markDelivered(item.id);
-      
-      // Update statistics
-      this.stats.totalSuccessful++;
-      this.stats.byMode[item.processingMode].successful++;
-      
-      // Calculate delivery time
-      const deliveryTime = Date.now() - startTime;
-      this.deliveryTimes.push(deliveryTime);
-      this.updateDeliveryTimeStats();
-      
-      // Call delivery success hook
-      await this.options.onDeliverySuccess(item, result);
-      
-      // Emit delivery success event
-      this.emit('deliverySuccess', item, result);
-      logger.log('info', `Item ${item.id} delivered successfully in ${deliveryTime}ms`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_DELIVERY,
-        message: 'Email delivery successful',
-        details: {
-          itemId: item.id,
-          mode: item.processingMode,
-          pattern: item.rule.pattern,
-          deliveryTime
-        },
-        success: true
-      });
-    } catch (error: any) {
-      // Calculate delivery attempt time even for failures
-      const deliveryTime = Date.now() - startTime;
-      
-      // Mark as failed
-      await this.queue.markFailed(item.id, error.message);
-      
-      // Update statistics
-      this.stats.totalFailed++;
-      this.stats.byMode[item.processingMode].failed++;
-      
-      // Call delivery failed hook
-      await this.options.onDeliveryFailed(item, error.message);
-      
-      // Emit delivery failed event
-      this.emit('deliveryFailed', item, error);
-      logger.log('error', `Item ${item.id} delivery failed: ${error.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_DELIVERY,
-        message: 'Email delivery failed',
-        details: {
-          itemId: item.id,
-          mode: item.processingMode,
-          pattern: item.rule.pattern,
-          error: error.message,
-          deliveryTime
-        },
-        success: false
-      });
-    } finally {
-      // Remove from active deliveries
-      this.activeDeliveries.delete(item.id);
-      this.stats.activeDeliveries = this.activeDeliveries.size;
-      
-      // Update statistics
-      this.emit('statsUpdated', this.stats);
-    }
-  }
-  
-  /**
-   * Default handler for forward mode delivery
-   * @param item Queue item
-   */
-  private async handleForwardDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `Forward delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    // Get target server information
-    const targetServer = rule.target?.server;
-    const targetPort = rule.target?.port || 25;
-    const useTls = rule.target?.useTls ?? false;
-    
-    if (!targetServer) {
-      throw new Error('No target server configured for forward mode');
-    }
-    
-    logger.log('info', `Forwarding email to ${targetServer}:${targetPort}, TLS: ${useTls}`);
-    
-    // Create a socket connection to the target server
-    const socket = new net.Socket();
-    
-    // Set timeout
-    socket.setTimeout(this.options.socketTimeout);
-    
-    try {
-      // Connect to the target server
-      await new Promise<void>((resolve, reject) => {
-        // Handle connection events
-        socket.on('connect', () => {
-          logger.log('debug', `Connected to ${targetServer}:${targetPort}`);
-          resolve();
-        });
-        
-        socket.on('timeout', () => {
-          reject(new Error(`Connection timeout to ${targetServer}:${targetPort}`));
-        });
-        
-        socket.on('error', (err) => {
-          reject(new Error(`Connection error to ${targetServer}:${targetPort}: ${err.message}`));
-        });
-        
-        // Connect to the server
-        socket.connect({
-          host: targetServer,
-          port: targetPort
-        });
-      });
-      
-      // Send EHLO
-      await this.smtpCommand(socket, `EHLO ${rule.mtaOptions?.domain || 'localhost'}`);
-      
-      // Start TLS if required
-      if (useTls) {
-        await this.smtpCommand(socket, 'STARTTLS');
-        
-        // Upgrade to TLS
-        const tlsSocket = await this.upgradeTls(socket, targetServer);
-        
-        // Send EHLO again after STARTTLS
-        await this.smtpCommand(tlsSocket, `EHLO ${rule.mtaOptions?.domain || 'localhost'}`);
-        
-        // Use tlsSocket for remaining commands
-        return this.completeSMTPExchange(tlsSocket, email, rule);
-      }
-      
-      // Complete the SMTP exchange
-      return this.completeSMTPExchange(socket, email, rule);
-    } catch (error: any) {
-      logger.log('error', `Failed to forward email: ${error.message}`);
-      
-      // Close the connection
-      socket.destroy();
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Complete the SMTP exchange after connection and initial setup
-   * @param socket Network socket
-   * @param email Email to send
-   * @param rule Domain rule
-   */
-  private async completeSMTPExchange(socket: net.Socket | tls.TLSSocket, email: Email, rule: IDomainRule): Promise<any> {
-    try {
-      // Authenticate if credentials provided
-      if (rule.target?.authentication?.user && rule.target?.authentication?.pass) {
-        // Send AUTH LOGIN
-        await this.smtpCommand(socket, 'AUTH LOGIN');
-        
-        // Send username (base64)
-        const username = Buffer.from(rule.target.authentication.user).toString('base64');
-        await this.smtpCommand(socket, username);
-        
-        // Send password (base64)
-        const password = Buffer.from(rule.target.authentication.pass).toString('base64');
-        await this.smtpCommand(socket, password);
-      }
-      
-      // Send MAIL FROM
-      await this.smtpCommand(socket, `MAIL FROM:<${email.from}>`);
-      
-      // Send RCPT TO for each recipient
-      for (const recipient of email.getAllRecipients()) {
-        await this.smtpCommand(socket, `RCPT TO:<${recipient}>`);
-      }
-      
-      // Send DATA
-      await this.smtpCommand(socket, 'DATA');
-      
-      // Send email content (simplified)
-      const emailContent = await this.getFormattedEmail(email);
-      await this.smtpData(socket, emailContent);
-      
-      // Send QUIT
-      await this.smtpCommand(socket, 'QUIT');
-      
-      // Close the connection
-      socket.end();
-      
-      logger.log('info', `Email forwarded successfully to ${rule.target?.server}:${rule.target?.port || 25}`);
-      
-      return {
-        targetServer: rule.target?.server,
-        targetPort: rule.target?.port || 25,
-        recipients: email.getAllRecipients().length
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to forward email: ${error.message}`);
-      
-      // Close the connection
-      socket.destroy();
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Default handler for MTA mode delivery
-   * @param item Queue item
-   */
-  private async handleMtaDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `MTA delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    try {
-      // In a full implementation, this would use the MTA service
-      // For now, we'll simulate a successful delivery
-      
-      logger.log('info', `Email processed by MTA: ${email.subject} to ${email.getAllRecipients().join(', ')}`);
-      
-      // Apply MTA rule options if provided
-      if (rule.mtaOptions) {
-        const options = rule.mtaOptions;
-        
-        // Apply DKIM signing if enabled
-        if (options.dkimSign && options.dkimOptions) {
-          // Sign the email with DKIM
-          logger.log('info', `Signing email with DKIM for domain ${options.dkimOptions.domainName}`);
-          
-          // In a full implementation, this would use the DKIM signing library
-        }
-      }
-      
-      // Simulate successful delivery
-      return {
-        recipients: email.getAllRecipients().length,
-        subject: email.subject,
-        dkimSigned: !!rule.mtaOptions?.dkimSign
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to process email in MTA mode: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Default handler for process mode delivery
-   * @param item Queue item
-   */
-  private async handleProcessDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `Process delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    try {
-      // Apply content scanning if enabled
-      if (rule.contentScanning && rule.scanners && rule.scanners.length > 0) {
-        logger.log('info', 'Performing content scanning');
-        
-        // Apply each scanner
-        for (const scanner of rule.scanners) {
-          switch (scanner.type) {
-            case 'spam':
-              logger.log('info', 'Scanning for spam content');
-              // Implement spam scanning
-              break;
-              
-            case 'virus':
-              logger.log('info', 'Scanning for virus content');
-              // Implement virus scanning
-              break;
-              
-            case 'attachment':
-              logger.log('info', 'Scanning attachments');
-              
-              // Check for blocked extensions
-              if (scanner.blockedExtensions && scanner.blockedExtensions.length > 0) {
-                for (const attachment of email.attachments) {
-                  const ext = this.getFileExtension(attachment.filename);
-                  if (scanner.blockedExtensions.includes(ext)) {
-                    if (scanner.action === 'reject') {
-                      throw new Error(`Blocked attachment type: ${ext}`);
-                    } else { // tag
-                      email.addHeader('X-Attachment-Warning', `Potentially unsafe attachment: ${attachment.filename}`);
-                    }
-                  }
-                }
-              }
-              break;
-          }
-        }
-      }
-      
-      // Apply transformations if defined
-      if (rule.transformations && rule.transformations.length > 0) {
-        logger.log('info', 'Applying email transformations');
-        
-        for (const transform of rule.transformations) {
-          switch (transform.type) {
-            case 'addHeader':
-              if (transform.header && transform.value) {
-                email.addHeader(transform.header, transform.value);
-              }
-              break;
-          }
-        }
-      }
-      
-      logger.log('info', `Email successfully processed in store-and-forward mode`);
-      
-      // Simulate successful delivery
-      return {
-        recipients: email.getAllRecipients().length,
-        subject: email.subject,
-        scanned: !!rule.contentScanning,
-        transformed: !!(rule.transformations && rule.transformations.length > 0)
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to process email: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Get file extension from filename
-   */
-  private getFileExtension(filename: string): string {
-    return filename.substring(filename.lastIndexOf('.')).toLowerCase();
-  }
-  
-  /**
-   * Format email for SMTP transmission
-   * @param email Email to format
-   */
-  private async getFormattedEmail(email: Email): Promise<string> {
-    // This is a simplified implementation
-    // In a full implementation, this would use proper MIME formatting
-    
-    let content = '';
-    
-    // Add headers
-    content += `From: ${email.from}\r\n`;
-    content += `To: ${email.to.join(', ')}\r\n`;
-    content += `Subject: ${email.subject}\r\n`;
-    
-    // Add additional headers
-    for (const [name, value] of Object.entries(email.headers || {})) {
-      content += `${name}: ${value}\r\n`;
-    }
-    
-    // Add content type for multipart
-    if (email.attachments && email.attachments.length > 0) {
-      const boundary = `----_=_NextPart_${Math.random().toString(36).substr(2)}`;
-      content += `MIME-Version: 1.0\r\n`;
-      content += `Content-Type: multipart/mixed; boundary="${boundary}"\r\n`;
-      content += `\r\n`;
-      
-      // Add text part
-      content += `--${boundary}\r\n`;
-      content += `Content-Type: text/plain; charset="UTF-8"\r\n`;
-      content += `\r\n`;
-      content += `${email.text}\r\n`;
-      
-      // Add HTML part if present
-      if (email.html) {
-        content += `--${boundary}\r\n`;
-        content += `Content-Type: text/html; charset="UTF-8"\r\n`;
-        content += `\r\n`;
-        content += `${email.html}\r\n`;
-      }
-      
-      // Add attachments
-      for (const attachment of email.attachments) {
-        content += `--${boundary}\r\n`;
-        content += `Content-Type: ${attachment.contentType || 'application/octet-stream'}; name="${attachment.filename}"\r\n`;
-        content += `Content-Disposition: attachment; filename="${attachment.filename}"\r\n`;
-        content += `Content-Transfer-Encoding: base64\r\n`;
-        content += `\r\n`;
-        
-        // Add base64 encoded content
-        const base64Content = attachment.content.toString('base64');
-        
-        // Split into lines of 76 characters
-        for (let i = 0; i < base64Content.length; i += 76) {
-          content += base64Content.substring(i, i + 76) + '\r\n';
-        }
-      }
-      
-      // End boundary
-      content += `--${boundary}--\r\n`;
-    } else {
-      // Simple email with just text
-      content += `Content-Type: text/plain; charset="UTF-8"\r\n`;
-      content += `\r\n`;
-      content += `${email.text}\r\n`;
-    }
-    
-    return content;
-  }
-  
-  /**
-   * Send SMTP command and wait for response
-   * @param socket Socket connection
-   * @param command SMTP command to send
-   */
-  private async smtpCommand(socket: net.Socket, command: string): Promise<string> {
-    return new Promise<string>((resolve, reject) => {
-      const onData = (data: Buffer) => {
-        const response = data.toString().trim();
-        
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        // Check response code
-        if (response.charAt(0) === '2' || response.charAt(0) === '3') {
-          resolve(response);
-        } else {
-          reject(new Error(`SMTP error: ${response}`));
-        }
-      };
-      
-      const onError = (err: Error) => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(err);
-      };
-      
-      const onTimeout = () => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(new Error('SMTP command timeout'));
-      };
-      
-      // Set up listeners
-      socket.once('data', onData);
-      socket.once('error', onError);
-      socket.once('timeout', onTimeout);
-      
-      // Send command
-      socket.write(command + '\r\n');
-    });
-  }
-  
-  /**
-   * Send SMTP DATA command with content
-   * @param socket Socket connection
-   * @param data Email content to send
-   */
-  private async smtpData(socket: net.Socket, data: string): Promise<string> {
-    return new Promise<string>((resolve, reject) => {
-      const onData = (responseData: Buffer) => {
-        const response = responseData.toString().trim();
-        
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        // Check response code
-        if (response.charAt(0) === '2') {
-          resolve(response);
-        } else {
-          reject(new Error(`SMTP error: ${response}`));
-        }
-      };
-      
-      const onError = (err: Error) => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(err);
-      };
-      
-      const onTimeout = () => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(new Error('SMTP data timeout'));
-      };
-      
-      // Set up listeners
-      socket.once('data', onData);
-      socket.once('error', onError);
-      socket.once('timeout', onTimeout);
-      
-      // Send data and end with CRLF.CRLF
-      socket.write(data + '\r\n.\r\n');
-    });
-  }
-  
-  /**
-   * Upgrade socket to TLS
-   * @param socket Socket connection
-   * @param hostname Target hostname for TLS
-   */
-  private async upgradeTls(socket: net.Socket, hostname: string): Promise<tls.TLSSocket> {
-    return new Promise<tls.TLSSocket>((resolve, reject) => {
-      const tlsOptions: tls.ConnectionOptions = {
-        socket,
-        servername: hostname,
-        rejectUnauthorized: this.options.verifyCertificates,
-        minVersion: this.options.tlsMinVersion as tls.SecureVersion
-      };
-      
-      const tlsSocket = tls.connect(tlsOptions);
-      
-      tlsSocket.once('secureConnect', () => {
-        resolve(tlsSocket);
-      });
-      
-      tlsSocket.once('error', (err) => {
-        reject(new Error(`TLS error: ${err.message}`));
-      });
-      
-      tlsSocket.setTimeout(this.options.socketTimeout);
-      
-      tlsSocket.once('timeout', () => {
-        reject(new Error('TLS connection timeout'));
-      });
-    });
-  }
-  
-  /**
-   * Update delivery time statistics
-   */
-  private updateDeliveryTimeStats(): void {
-    if (this.deliveryTimes.length === 0) return;
-    
-    // Keep only the last 1000 delivery times
-    if (this.deliveryTimes.length > 1000) {
-      this.deliveryTimes = this.deliveryTimes.slice(-1000);
-    }
-    
-    // Calculate average
-    const sum = this.deliveryTimes.reduce((acc, time) => acc + time, 0);
-    this.stats.avgDeliveryTime = sum / this.deliveryTimes.length;
-  }
-  
-  /**
-   * Check if rate limit is exceeded
-   * @returns True if rate limited, false otherwise
-   */
-  private checkRateLimit(): boolean {
-    const now = Date.now();
-    const elapsed = now - this.rateLimitLastCheck;
-    
-    // Reset counter if more than a minute has passed
-    if (elapsed >= 60000) {
-      this.rateLimitLastCheck = now;
-      this.rateLimitCounter = 0;
-      this.throttled = false;
-      this.stats.rateLimiting.currentRate = 0;
-      return false;
-    }
-    
-    // Check if we're already throttled
-    if (this.throttled) {
-      return true;
-    }
-    
-    // Increment counter
-    this.rateLimitCounter++;
-    
-    // Calculate current rate (emails per minute)
-    const rate = (this.rateLimitCounter / elapsed) * 60000;
-    this.stats.rateLimiting.currentRate = rate;
-    
-    // Check if rate limit is exceeded
-    if (rate > this.options.globalRateLimit) {
-      this.throttled = true;
-      this.stats.rateLimiting.throttled++;
-      
-      // Schedule throttle reset
-      const resetDelay = 60000 - elapsed;
-      setTimeout(() => {
-        this.throttled = false;
-        this.rateLimitLastCheck = Date.now();
-        this.rateLimitCounter = 0;
-        this.stats.rateLimiting.currentRate = 0;
-      }, resetDelay);
-      
-      return true;
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Update delivery options
-   * @param options New options
-   */
-  public updateOptions(options: Partial<IMultiModeDeliveryOptions>): void {
-    this.options = {
-      ...this.options,
-      ...options
-    };
-    
-    // Update rate limit statistics
-    if (options.globalRateLimit) {
-      this.stats.rateLimiting.globalLimit = options.globalRateLimit;
-    }
-    
-    logger.log('info', 'MultiModeDeliverySystem options updated');
-  }
-  
-  /**
-   * Get delivery statistics
-   */
-  public getStats(): IDeliveryStats {
-    return { ...this.stats };
-  }
-}

ts/mail/delivery/classes.emailsendjob.ts

@@ -1,702 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { Email } from '../core/classes.email.js';
-import { EmailSignJob } from './classes.emailsignjob.js';
-import type { MtaService } from './classes.mta.js';
-
-// Configuration options for email sending
-export interface IEmailSendOptions {
-  maxRetries?: number;
-  retryDelay?: number; // in milliseconds
-  connectionTimeout?: number; // in milliseconds
-  tlsOptions?: plugins.tls.ConnectionOptions;
-  debugMode?: boolean;
-}
-
-// Email delivery status
-export enum DeliveryStatus {
-  PENDING = 'pending',
-  SENDING = 'sending',
-  DELIVERED = 'delivered',
-  FAILED = 'failed',
-  DEFERRED = 'deferred' // Temporary failure, will retry
-}
-
-// Detailed information about delivery attempts
-export interface DeliveryInfo {
-  status: DeliveryStatus;
-  attempts: number;
-  error?: Error;
-  lastAttempt?: Date;
-  nextAttempt?: Date;
-  mxServer?: string;
-  deliveryTime?: Date;
-  logs: string[];
-}
-
-export class EmailSendJob {
-  mtaRef: MtaService;
-  private email: Email;
-  private socket: plugins.net.Socket | plugins.tls.TLSSocket = null;
-  private mxServers: string[] = [];
-  private currentMxIndex = 0;
-  private options: IEmailSendOptions;
-  public deliveryInfo: DeliveryInfo;
-
-  constructor(mtaRef: MtaService, emailArg: Email, options: IEmailSendOptions = {}) {
-    this.email = emailArg;
-    this.mtaRef = mtaRef;
-    
-    // Set default options
-    this.options = {
-      maxRetries: options.maxRetries || 3,
-      retryDelay: options.retryDelay || 300000, // 5 minutes
-      connectionTimeout: options.connectionTimeout || 30000, // 30 seconds
-      tlsOptions: options.tlsOptions || { rejectUnauthorized: true },
-      debugMode: options.debugMode || false
-    };
-    
-    // Initialize delivery info
-    this.deliveryInfo = {
-      status: DeliveryStatus.PENDING,
-      attempts: 0,
-      logs: []
-    };
-  }
-
-  /**
-   * Send the email with retry logic
-   */
-  async send(): Promise<DeliveryStatus> {
-    try {
-      // Check if the email is valid before attempting to send
-      this.validateEmail();
-      
-      // Resolve MX records for the recipient domain
-      await this.resolveMxRecords();
-      
-      // Try to send the email
-      return await this.attemptDelivery();
-    } catch (error) {
-      this.log(`Critical error in send process: ${error.message}`);
-      this.deliveryInfo.status = DeliveryStatus.FAILED;
-      this.deliveryInfo.error = error;
-      
-      // Save failed email for potential future retry or analysis
-      await this.saveFailed();
-      return DeliveryStatus.FAILED;
-    }
-  }
-
-  /**
-   * Validate the email before sending
-   */
-  private validateEmail(): void {
-    if (!this.email.to || this.email.to.length === 0) {
-      throw new Error('No recipients specified');
-    }
-    
-    if (!this.email.from) {
-      throw new Error('No sender specified');
-    }
-    
-    const fromDomain = this.email.getFromDomain();
-    if (!fromDomain) {
-      throw new Error('Invalid sender domain');
-    }
-  }
-
-  /**
-   * Resolve MX records for the recipient domain
-   */
-  private async resolveMxRecords(): Promise<void> {
-    const domain = this.email.getPrimaryRecipient()?.split('@')[1];
-    if (!domain) {
-      throw new Error('Invalid recipient domain');
-    }
-    
-    this.log(`Resolving MX records for domain: ${domain}`);
-    try {
-      const addresses = await this.resolveMx(domain);
-      
-      // Sort by priority (lowest number = highest priority)
-      addresses.sort((a, b) => a.priority - b.priority);
-      
-      this.mxServers = addresses.map(mx => mx.exchange);
-      this.log(`Found ${this.mxServers.length} MX servers: ${this.mxServers.join(', ')}`);
-      
-      if (this.mxServers.length === 0) {
-        throw new Error(`No MX records found for domain: ${domain}`);
-      }
-    } catch (error) {
-      this.log(`Failed to resolve MX records: ${error.message}`);
-      throw new Error(`MX lookup failed for ${domain}: ${error.message}`);
-    }
-  }
-
-  /**
-   * Attempt to deliver the email with retries
-   */
-  private async attemptDelivery(): Promise<DeliveryStatus> {
-    while (this.deliveryInfo.attempts < this.options.maxRetries) {
-      this.deliveryInfo.attempts++;
-      this.deliveryInfo.lastAttempt = new Date();
-      this.deliveryInfo.status = DeliveryStatus.SENDING;
-      
-      try {
-        this.log(`Delivery attempt ${this.deliveryInfo.attempts} of ${this.options.maxRetries}`);
-        
-        // Try each MX server in order of priority
-        while (this.currentMxIndex < this.mxServers.length) {
-          const currentMx = this.mxServers[this.currentMxIndex];
-          this.deliveryInfo.mxServer = currentMx;
-          
-          try {
-            this.log(`Attempting delivery to MX server: ${currentMx}`);
-            await this.connectAndSend(currentMx);
-            
-            // If we get here, email was sent successfully
-            this.deliveryInfo.status = DeliveryStatus.DELIVERED;
-            this.deliveryInfo.deliveryTime = new Date();
-            this.log(`Email delivered successfully to ${currentMx}`);
-            
-            // Record delivery for sender reputation monitoring
-            this.recordDeliveryEvent('delivered');
-            
-            // Save successful email record
-            await this.saveSuccess();
-            return DeliveryStatus.DELIVERED;
-          } catch (error) {
-            this.log(`Error with MX ${currentMx}: ${error.message}`);
-            
-            // Clean up socket if it exists
-            if (this.socket) {
-              this.socket.destroy();
-              this.socket = null;
-            }
-            
-            // Try the next MX server
-            this.currentMxIndex++;
-            
-            // If this is a permanent failure, don't try other MX servers
-            if (this.isPermanentFailure(error)) {
-              throw error;
-            }
-          }
-        }
-        
-        // If we've tried all MX servers without success, throw an error
-        throw new Error('All MX servers failed');
-      } catch (error) {
-        // Check if this is a permanent failure
-        if (this.isPermanentFailure(error)) {
-          this.log(`Permanent failure: ${error.message}`);
-          this.deliveryInfo.status = DeliveryStatus.FAILED;
-          this.deliveryInfo.error = error;
-          
-          // Save failed email for analysis
-          await this.saveFailed();
-          return DeliveryStatus.FAILED;
-        }
-        
-        // This is a temporary failure, we can retry
-        this.log(`Temporary failure: ${error.message}`);
-        
-        // If this is the last attempt, mark as failed
-        if (this.deliveryInfo.attempts >= this.options.maxRetries) {
-          this.deliveryInfo.status = DeliveryStatus.FAILED;
-          this.deliveryInfo.error = error;
-          
-          // Save failed email for analysis
-          await this.saveFailed();
-          return DeliveryStatus.FAILED;
-        }
-        
-        // Schedule the next retry
-        const nextRetryTime = new Date(Date.now() + this.options.retryDelay);
-        this.deliveryInfo.status = DeliveryStatus.DEFERRED;
-        this.deliveryInfo.nextAttempt = nextRetryTime;
-        this.log(`Will retry at ${nextRetryTime.toISOString()}`);
-        
-        // Wait before retrying
-        await this.delay(this.options.retryDelay);
-        
-        // Reset MX server index for the next attempt
-        this.currentMxIndex = 0;
-      }
-    }
-    
-    // If we get here, all retries failed
-    this.deliveryInfo.status = DeliveryStatus.FAILED;
-    await this.saveFailed();
-    return DeliveryStatus.FAILED;
-  }
-
-  /**
-   * Connect to a specific MX server and send the email
-   */
-  private async connectAndSend(mxServer: string): Promise<void> {
-    return new Promise((resolve, reject) => {
-      let commandTimeout: NodeJS.Timeout;
-      
-      // Function to clear timeouts and remove listeners
-      const cleanup = () => {
-        clearTimeout(commandTimeout);
-        if (this.socket) {
-          this.socket.removeAllListeners();
-        }
-      };
-      
-      // Function to set a timeout for each command
-      const setCommandTimeout = () => {
-        clearTimeout(commandTimeout);
-        commandTimeout = setTimeout(() => {
-          this.log('Connection timed out');
-          cleanup();
-          if (this.socket) {
-            this.socket.destroy();
-            this.socket = null;
-          }
-          reject(new Error('Connection timed out'));
-        }, this.options.connectionTimeout);
-      };
-      
-      // Connect to the MX server
-      this.log(`Connecting to ${mxServer}:25`);
-      setCommandTimeout();
-      
-      // Check if IP warmup is enabled and get an IP to use
-      let localAddress: string | undefined = undefined;
-      if (this.mtaRef.config.outbound?.warmup?.enabled) {
-        const warmupManager = this.mtaRef.getIPWarmupManager();
-        if (warmupManager) {
-          const fromDomain = this.email.getFromDomain();
-          const bestIP = warmupManager.getBestIPForSending({
-            from: this.email.from,
-            to: this.email.getAllRecipients(),
-            domain: fromDomain,
-            isTransactional: this.email.priority === 'high'
-          });
-          
-          if (bestIP) {
-            this.log(`Using warmed-up IP ${bestIP} for sending`);
-            localAddress = bestIP;
-            
-            // Record the send for warm-up tracking
-            warmupManager.recordSend(bestIP);
-          }
-        }
-      }
-      
-      // Connect with specified local address if available
-      this.socket = plugins.net.connect({
-        port: 25,
-        host: mxServer,
-        localAddress
-      });
-      
-      this.socket.on('error', (err) => {
-        this.log(`Socket error: ${err.message}`);
-        cleanup();
-        reject(err);
-      });
-      
-      // Set up the command sequence
-      this.socket.once('data', async (data) => {
-        try {
-          const greeting = data.toString();
-          this.log(`Server greeting: ${greeting.trim()}`);
-          
-          if (!greeting.startsWith('220')) {
-            throw new Error(`Unexpected server greeting: ${greeting}`);
-          }
-          
-          // EHLO command
-          const fromDomain = this.email.getFromDomain();
-          await this.sendCommand(`EHLO ${fromDomain}\r\n`, '250');
-          
-          // Try STARTTLS if available
-          try {
-            await this.sendCommand('STARTTLS\r\n', '220');
-            this.upgradeToTLS(mxServer, fromDomain);
-            // The TLS handshake and subsequent commands will continue in the upgradeToTLS method
-            // resolve will be called from there if successful
-          } catch (error) {
-            this.log(`STARTTLS failed or not supported: ${error.message}`);
-            this.log('Continuing with unencrypted connection');
-            
-            // Continue with unencrypted connection
-            await this.sendEmailCommands();
-            cleanup();
-            resolve();
-          }
-        } catch (error) {
-          cleanup();
-          reject(error);
-        }
-      });
-    });
-  }
-
-  /**
-   * Upgrade the connection to TLS
-   */
-  private upgradeToTLS(mxServer: string, fromDomain: string): void {
-    this.log('Starting TLS handshake');
-    
-    const tlsOptions = {
-      ...this.options.tlsOptions,
-      socket: this.socket,
-      servername: mxServer
-    };
-    
-    // Create TLS socket
-    this.socket = plugins.tls.connect(tlsOptions);
-    
-    // Handle TLS connection
-    this.socket.once('secureConnect', async () => {
-      try {
-        this.log('TLS connection established');
-        
-        // Send EHLO again over TLS
-        await this.sendCommand(`EHLO ${fromDomain}\r\n`, '250');
-        
-        // Send the email
-        await this.sendEmailCommands();
-        
-        this.socket.destroy();
-        this.socket = null;
-      } catch (error) {
-        this.log(`Error in TLS session: ${error.message}`);
-        this.socket.destroy();
-        this.socket = null;
-      }
-    });
-    
-    this.socket.on('error', (err) => {
-      this.log(`TLS error: ${err.message}`);
-      this.socket.destroy();
-      this.socket = null;
-    });
-  }
-
-  /**
-   * Send SMTP commands to deliver the email
-   */
-  private async sendEmailCommands(): Promise<void> {
-    // MAIL FROM command
-    await this.sendCommand(`MAIL FROM:<${this.email.from}>\r\n`, '250');
-    
-    // RCPT TO command for each recipient
-    for (const recipient of this.email.getAllRecipients()) {
-      await this.sendCommand(`RCPT TO:<${recipient}>\r\n`, '250');
-    }
-    
-    // DATA command
-    await this.sendCommand('DATA\r\n', '354');
-    
-    // Create the email message with DKIM signature
-    const message = await this.createEmailMessage();
-    
-    // Send the message content
-    await this.sendCommand(message);
-    await this.sendCommand('\r\n.\r\n', '250');
-    
-    // QUIT command
-    await this.sendCommand('QUIT\r\n', '221');
-  }
-
-  /**
-   * Create the full email message with headers and DKIM signature
-   */
-  private async createEmailMessage(): Promise<string> {
-    this.log('Preparing email message');
-    
-    const messageId = `<${plugins.uuid.v4()}@${this.email.getFromDomain()}>`;
-    const boundary = '----=_NextPart_' + plugins.uuid.v4();
-    
-    // Prepare headers
-    const headers = {
-      'Message-ID': messageId,
-      'From': this.email.from,
-      'To': this.email.to.join(', '),
-      'Subject': this.email.subject,
-      'Content-Type': `multipart/mixed; boundary="${boundary}"`,
-      'Date': new Date().toUTCString()
-    };
-    
-    // Add CC header if present
-    if (this.email.cc && this.email.cc.length > 0) {
-      headers['Cc'] = this.email.cc.join(', ');
-    }
-    
-    // Add custom headers
-    for (const [key, value] of Object.entries(this.email.headers || {})) {
-      headers[key] = value;
-    }
-    
-    // Add priority header if not normal
-    if (this.email.priority && this.email.priority !== 'normal') {
-      const priorityValue = this.email.priority === 'high' ? '1' : '5';
-      headers['X-Priority'] = priorityValue;
-    }
-    
-    // Create body
-    let body = '';
-    
-    // Text part
-    body += `--${boundary}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${this.email.text}\r\n`;
-    
-    // HTML part if present
-    if (this.email.html) {
-      body += `--${boundary}\r\nContent-Type: text/html; charset=utf-8\r\n\r\n${this.email.html}\r\n`;
-    }
-    
-    // Attachments
-    for (const attachment of this.email.attachments) {
-      body += `--${boundary}\r\nContent-Type: ${attachment.contentType}; name="${attachment.filename}"\r\n`;
-      body += 'Content-Transfer-Encoding: base64\r\n';
-      body += `Content-Disposition: attachment; filename="${attachment.filename}"\r\n`;
-      
-      // Add Content-ID for inline attachments if present
-      if (attachment.contentId) {
-        body += `Content-ID: <${attachment.contentId}>\r\n`;
-      }
-      
-      body += '\r\n';
-      body += attachment.content.toString('base64') + '\r\n';
-    }
-    
-    // End of message
-    body += `--${boundary}--\r\n`;
-    
-    // Create DKIM signature
-    const dkimSigner = new EmailSignJob(this.mtaRef, {
-      domain: this.email.getFromDomain(),
-      selector: 'mta',
-      headers: headers,
-      body: body,
-    });
-    
-    // Build the message with headers
-    let headerString = '';
-    for (const [key, value] of Object.entries(headers)) {
-      headerString += `${key}: ${value}\r\n`;
-    }
-    let message = headerString + '\r\n' + body;
-    
-    // Add DKIM signature header
-    let signatureHeader = await dkimSigner.getSignatureHeader(message);
-    message = `${signatureHeader}${message}`;
-    
-    return message;
-  }
-
-  /**
-   * Record an event for sender reputation monitoring
-   * @param eventType Type of event
-   * @param isHardBounce Whether the event is a hard bounce (for bounce events)
-   */
-  private recordDeliveryEvent(
-    eventType: 'sent' | 'delivered' | 'bounce' | 'complaint', 
-    isHardBounce: boolean = false
-  ): void {
-    try {
-      // Check if reputation monitoring is enabled
-      if (!this.mtaRef.config.outbound?.reputation?.enabled) {
-        return;
-      }
-      
-      const reputationMonitor = this.mtaRef.getReputationMonitor();
-      if (!reputationMonitor) {
-        return;
-      }
-      
-      // Get domain from sender
-      const domain = this.email.getFromDomain();
-      if (!domain) {
-        return;
-      }
-      
-      // Determine receiving domain for complaint tracking
-      let receivingDomain = null;
-      if (eventType === 'complaint' && this.email.to.length > 0) {
-        const recipient = this.email.to[0];
-        const parts = recipient.split('@');
-        if (parts.length === 2) {
-          receivingDomain = parts[1];
-        }
-      }
-      
-      // Record the event
-      reputationMonitor.recordSendEvent(domain, {
-        type: eventType,
-        count: 1,
-        hardBounce: isHardBounce,
-        receivingDomain
-      });
-    } catch (error) {
-      this.log(`Error recording delivery event: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Send a command to the SMTP server and wait for the expected response
-   */
-  private sendCommand(command: string, expectedResponseCode?: string): Promise<string> {
-    return new Promise((resolve, reject) => {
-      if (!this.socket) {
-        return reject(new Error('Socket not connected'));
-      }
-      
-      // Debug log for commands (except DATA which can be large)
-      if (this.options.debugMode && !command.startsWith('--')) {
-        const logCommand = command.length > 100 
-          ? command.substring(0, 97) + '...' 
-          : command;
-        this.log(`Sending: ${logCommand.replace(/\r\n/g, '<CRLF>')}`);
-      }
-      
-      this.socket.write(command, (error) => {
-        if (error) {
-          this.log(`Write error: ${error.message}`);
-          return reject(error);
-        }
-        
-        // If no response is expected, resolve immediately
-        if (!expectedResponseCode) {
-          return resolve('');
-        }
-        
-        // Set a timeout for the response
-        const responseTimeout = setTimeout(() => {
-          this.log('Response timeout');
-          reject(new Error('Response timeout'));
-        }, this.options.connectionTimeout);
-        
-        // Wait for the response
-        this.socket.once('data', (data) => {
-          clearTimeout(responseTimeout);
-          const response = data.toString();
-          
-          if (this.options.debugMode) {
-            this.log(`Received: ${response.trim()}`);
-          }
-          
-          if (response.startsWith(expectedResponseCode)) {
-            resolve(response);
-          } else {
-            const error = new Error(`Unexpected server response: ${response.trim()}`);
-            this.log(error.message);
-            reject(error);
-          }
-        });
-      });
-    });
-  }
-
-  /**
-   * Determine if an error represents a permanent failure
-   */
-  private isPermanentFailure(error: Error): boolean {
-    if (!error || !error.message) return false;
-    
-    const message = error.message.toLowerCase();
-    
-    // Check for permanent SMTP error codes (5xx)
-    if (message.match(/^5\d\d/)) return true;
-    
-    // Check for specific permanent failure messages
-    const permanentFailurePatterns = [
-      'no such user',
-      'user unknown',
-      'domain not found',
-      'invalid domain',
-      'rejected',
-      'denied',
-      'prohibited',
-      'authentication required',
-      'authentication failed',
-      'unauthorized'
-    ];
-    
-    return permanentFailurePatterns.some(pattern => message.includes(pattern));
-  }
-
-  /**
-   * Resolve MX records for a domain
-   */
-  private resolveMx(domain: string): Promise<plugins.dns.MxRecord[]> {
-    return new Promise((resolve, reject) => {
-      plugins.dns.resolveMx(domain, (err, addresses) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(addresses);
-        }
-      });
-    });
-  }
-
-  /**
-   * Add a log entry
-   */
-  private log(message: string): void {
-    const timestamp = new Date().toISOString();
-    const logEntry = `[${timestamp}] ${message}`;
-    this.deliveryInfo.logs.push(logEntry);
-    
-    if (this.options.debugMode) {
-      console.log(`EmailSendJob: ${logEntry}`);
-    }
-  }
-
-  /**
-   * Save a successful email for record keeping
-   */
-  private async saveSuccess(): Promise<void> {
-    try {
-      plugins.smartfile.fs.ensureDirSync(paths.sentEmailsDir);
-      const emailContent = await this.createEmailMessage();
-      const fileName = `${Date.now()}_success_${this.email.getPrimaryRecipient()}.eml`;
-      plugins.smartfile.memory.toFsSync(emailContent, plugins.path.join(paths.sentEmailsDir, fileName));
-      
-      // Save delivery info
-      const infoFileName = `${Date.now()}_success_${this.email.getPrimaryRecipient()}.json`;
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(this.deliveryInfo, null, 2),
-        plugins.path.join(paths.sentEmailsDir, infoFileName)
-      );
-    } catch (error) {
-      console.error('Error saving successful email:', error);
-    }
-  }
-
-  /**
-   * Save a failed email for potential retry
-   */
-  private async saveFailed(): Promise<void> {
-    try {
-      plugins.smartfile.fs.ensureDirSync(paths.failedEmailsDir);
-      const emailContent = await this.createEmailMessage();
-      const fileName = `${Date.now()}_failed_${this.email.getPrimaryRecipient()}.eml`;
-      plugins.smartfile.memory.toFsSync(emailContent, plugins.path.join(paths.failedEmailsDir, fileName));
-      
-      // Save delivery info
-      const infoFileName = `${Date.now()}_failed_${this.email.getPrimaryRecipient()}.json`;
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(this.deliveryInfo, null, 2),
-        plugins.path.join(paths.failedEmailsDir, infoFileName)
-      );
-    } catch (error) {
-      console.error('Error saving failed email:', error);
-    }
-  }
-
-  /**
-   * Simple delay function
-   */
-  private delay(ms: number): Promise<void> {
-    return new Promise(resolve => setTimeout(resolve, ms));
-  }
-}

ts/mail/delivery/classes.emailsignjob.ts

@@ -1,69 +0,0 @@
-import * as plugins from '../../plugins.js';
-import type { MtaService } from './classes.mta.js';
-
-interface Headers {
-  [key: string]: string;
-}
-
-interface IEmailSignJobOptions {
-  domain: string;
-  selector: string;
-  headers: Headers;
-  body: string;
-}
-
-export class EmailSignJob {
-  mtaRef: MtaService;
-  jobOptions: IEmailSignJobOptions;
-
-  constructor(mtaRefArg: MtaService, options: IEmailSignJobOptions) {
-    this.mtaRef = mtaRefArg;
-    this.jobOptions = options;
-  }
-
-  async loadPrivateKey(): Promise<string> {
-    return plugins.fs.promises.readFile(
-      (await this.mtaRef.dkimCreator.getKeyPathsForDomain(this.jobOptions.domain)).privateKeyPath,
-      'utf-8'
-    );
-  }
-
-  public async getSignatureHeader(emailMessage: string): Promise<string> {
-    const signResult = await plugins.dkimSign(emailMessage, {
-      // Optional, default canonicalization, default is "relaxed/relaxed"
-      canonicalization: 'relaxed/relaxed', // c=
-
-      // Optional, default signing and hashing algorithm
-      // Mostly useful when you want to use rsa-sha1, otherwise no need to set
-      algorithm: 'rsa-sha256',
-
-      // Optional, default is current time
-      signTime: new Date(), // t=
-
-      // Keys for one or more signatures
-      // Different signatures can use different algorithms (mostly useful when
-      // you want to sign a message both with RSA and Ed25519)
-      signatureData: [
-        {
-          signingDomain: this.jobOptions.domain, // d=
-          selector: this.jobOptions.selector, // s=
-          // supported key types: RSA, Ed25519
-          privateKey: await this.loadPrivateKey(), // k=
-
-          // Optional algorithm, default is derived from the key.
-          // Overrides whatever was set in parent object
-          algorithm: 'rsa-sha256',
-
-          // Optional signature specifc canonicalization, overrides whatever was set in parent object
-          canonicalization: 'relaxed/relaxed', // c=
-
-          // Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).
-          // Do not use though. This is available only for compatibility testing.
-          // maxBodyLength: 12345
-        },
-      ],
-    });
-    const signature = signResult.signatures;
-    return signature;
-  }
-}