v6.7.0

- Added new readme.statsgrid.md outlining the implementation plan for dees-statsgrid component.
- Replaced custom stats cards in ops-view-overview.ts and ops-view-network.ts with dees-statsgrid for better visualization.
- Introduced consistent color scheme for success, warning, error, and info states.
- Enhanced interactive features including click actions, context menus, and real-time updates.
- Developed ops-view-emails.ts for email management with features like composing, searching, and viewing emails.
- Integrated mock data generation for emails and network requests to facilitate testing.
- Added responsive design elements and improved UI consistency across components.

.gitignore

@@ -19,4 +19,5 @@ dist_*/
 
 # custom
 **/.claude/settings.local.json
-data/
+.nogit/data/
+readme.plan.md

changelog.md

@@ -1,5 +1,383 @@
 # Changelog
 
+## 2026-02-17 - 6.7.0 - feat(remote-ingress)
+Support auto-derived effective listen ports, make listenPorts optional, add toggle action and refine remote ingress creation/management UI
+
+- Add effectiveListenPorts?: number[] to IRemoteIngress interface (present in API responses)
+- Make createRemoteIngressAction.listenPorts optional and update creation modal to allow empty ports (auto-derived)
+- Add toggleRemoteIngressAction to enable/disable remote ingress edges and wire up Enable/Disable row/context-menu actions
+- Update getPortsHtml to prefer manual listenPorts, fall back to effectiveListenPorts, show '(auto)' when derived and 'none' when no ports
+- Standardize UI actions to use inRow/contextmenu and actionFunc signatures; update create modal to use explicit Cancel/Create menu options and collect form data programmatically
+
+## 2026-02-17 - 6.6.1 - fix(icons)
+standardize icon identifiers to lucide-prefixed names across operational views
+
+- Replaced legacy/ambiguous icon names with 'lucide:...' identifiers in four UI modules: ts_web/elements/ops-view-certificates.ts, ops-view-network.ts, ops-view-overview.ts, and ops-view-security.ts.
+- Updated common action/menu icons (e.g. arrowsRotate -> lucide:RefreshCw, magnifyingGlass -> lucide:Search, copy -> lucide:Copy, fileExport -> lucide:FileOutput).
+- Mapped dashboard/tile icons to lucide equivalents (e.g. server -> lucide:Server, networkWired/sitemap -> lucide:Network, download/upload -> lucide:Download/Upload, microchip/memory -> lucide:Cpu/MemoryStick).
+- Normalized alert and status icons to lucide names (e.g. triangleExclamation -> lucide:TriangleAlert, shield/userShield -> lucide:Shield/ShieldCheck, clock/clockRotateLeft -> lucide:Clock/History).
+
+## 2026-02-17 - 6.6.0 - feat(remoteingress)
+derive effective remote ingress listen ports from route configs and expose them via ops API
+
+- Derive listen ports from SmartProxy route configs with remoteIngress.enabled; supports optional edgeFilter to target edges by id or tags.
+- Add RemoteIngressManager.setRoutes(), derivePortsForEdge(), and getEffectiveListenPorts() which falls back to manual listenPorts when present.
+- dcrouter now supplies route configs to RemoteIngressManager during initialization and when updating SmartProxy configuration to keep derived ports in sync.
+- Ops API now returns effectiveListenPorts for edges; createRemoteIngress.listenPorts is optional and createEdge defaults listenPorts to an empty array.
+- Bump dependency @serve.zone/remoteingress to ^3.0.4 to align types/behavior.
+
+## 2026-02-16 - 6.5.0 - feat(ops-view-remoteingress)
+add 'Create Edge Node' header action to remote ingress table and remove duplicate createNewAction
+
+- Add a 'Create Edge Node' header action in dataActions that opens DeesModal to collect name, listenPorts and tags
+- Parse comma-separated listenPorts into integer array and normalize optional tags
+- Dispatch appstate.createRemoteIngressAction with the collected payload
+- Remove the previously duplicated createNewAction prop from the dees-table
+
+## 2026-02-16 - 6.4.5 - fix(remoteingress)
+mark remote ingress data actions as row actions and bump @design.estate/dees-catalog dependency
+
+- Add type:['row'] to 'Regenerate Secret' and 'Delete' dataActions in ts_web/elements/ops-view-remoteingress.ts to ensure they are treated as row actions in the UI
+- Bump @design.estate/dees-catalog from ^3.42.0 to ^3.42.2 in package.json
+
+## 2026-02-16 - 6.4.4 - fix(deps)
+bump @push.rocks/smartproxy to ^25.7.3
+
+- Updated @push.rocks/smartproxy from ^25.7.2 to ^25.7.3 in package.json
+
+## 2026-02-16 - 6.4.3 - fix(deps)
+bump @push.rocks/smartproxy to ^25.7.2
+
+- Updated package.json: @push.rocks/smartproxy ^25.7.1 -> ^25.7.2 (patch dependency update)
+
+## 2026-02-16 - 6.4.2 - fix(smartproxy)
+bump @push.rocks/smartproxy to ^25.7.1
+
+- Updated dependency @push.rocks/smartproxy from ^25.7.0 to ^25.7.1 in package.json
+- No other source changes; dependency patch bump only
+
+## 2026-02-16 - 6.4.1 - fix(deps)
+bump dependencies: @push.rocks/smartproxy to ^25.7.0 and @serve.zone/remoteingress to ^3.0.2
+
+- Bumped @push.rocks/smartproxy from ^25.5.0 to ^25.7.0
+- Bumped @serve.zone/remoteingress from ^3.0.1 to ^3.0.2
+- Package current version is 6.4.0 — recommended patch release
+
+## 2026-02-16 - 6.4.0 - feat(remoteingress)
+add Remote Ingress hub and management for edge tunnel nodes, including backend managers, tunnel hub integration, opsserver handlers, typedrequest APIs, and web UI
+
+- Introduce RemoteIngressManager for CRUD and persistent storage of edge registrations
+- Introduce TunnelManager to run the RemoteIngressHub, track connected edge statuses, and sync allowed edges to the hub
+- Integrate remote ingress into DcRouter (options.remoteIngressConfig, setupRemoteIngress, startup/shutdown handling, and startup summary)
+- Add OpsServer RemoteIngressHandler exposing typedrequest APIs (create/update/delete/regenerate/get/status)
+- Add web UI: Remote Ingress view, app state parts, actions and components to manage edges and display runtime statuses
+- Add typedrequest and data interfaces for remoteingress and export the remoteingress module; add @serve.zone/remoteingress dependency in package.json
+
+## 2026-02-16 - 6.3.0 - feat(dcrouter)
+add configurable baseDir and centralized path resolution; use resolved data paths for storage, cache and DNS
+
+- Introduce IDcRouterOptions.baseDir to allow configuring base directory for dcrouter data (defaults to ~/.serve.zone/dcrouter).
+- Add DcRouter.resolvedPaths and resolvePaths(baseDir) in ts/paths.ts to centralize computation of dcrouterHomeDir, dataDir, defaultTsmDbPath, defaultStoragePath and dnsRecordsDir.
+- Use resolvedPaths throughout DcRouter: default filesystem storage fsPath, CacheDb storagePath, and DNS records loading now reference resolved paths.
+- Replace ensureDirectories() behavior with ensureDataDirectories(resolvedPaths) to only create data-related directories; keep legacy ensureDirectories wrapper delegating to the new function.
+- Simplify paths module by removing unused legacy path constants and adding a focused API for path resolution and directory creation.
+- Remove an unused import (paths) in contentscanner, cleaning up imports.
+
+## 2026-02-16 - 6.2.4 - fix(deps)
+bump @push.rocks/smartproxy to ^25.5.0
+
+- Updated @push.rocks/smartproxy from ^25.4.0 to ^25.5.0 in package.json
+
+## 2026-02-16 - 6.2.3 - fix(dcrouter)
+persist proxy certificate validity dates and improve certificate status initialization
+
+- Bump @push.rocks/smartacme dependency from ^9.0.0 to ^9.1.3
+- Store validFrom and validUntil alongside proxy cert entries (/proxy-certs) when saving, extracting values by parsing PEM where possible
+- Use stored cert entries (domain, publicKey, validUntil, validFrom) to populate certificateStatusMap at startup
+- Fallback to SmartAcme /certs/ metadata and finally to parsing X.509 from stored PEM to determine expiry/issuedAt when initializing status
+- Update opsserver certificate handler to parse publicKey PEM from cert-store and set expiry/issuedAt and issuer accordingly
+- Adjust variable names and logging to reflect stored cert entry usage
+
+## 2026-02-16 - 6.2.2 - fix(certs)
+Populate certificate status for cert-store-loaded certificates after SmartProxy startup and check proxy-certs in opsserver certificate handler
+
+- Track domains loaded from storageManager '/proxy-certs/' and populate certificateStatusMap with status, routeNames, expiryDate and issuedAt (when available) after SmartProxy starts
+- Opsserver certificate handler now falls back to '/proxy-certs/{domain}' if '/certs/{cleanDomain}' is missing and marks cert-store-only entries as valid with issuer 'cert-store'
+- Bump @push.rocks/smartproxy dependency from ^25.3.1 to ^25.4.0
+
+## 2026-02-16 - 6.2.1 - fix(smartacme,storage)
+Respect wildcard domain requests when retrieving certificates and treat empty/whitespace storage values as null in getJSON
+
+- Pass includeWildcard flag to smartAcme.getCertificateForDomain to avoid incorrectly including/excluding wildcard certificates based on whether the requested domain itself is a wildcard
+- Detect wildcard domains via domain.startsWith('*.') and set includeWildcard to false for wildcard requests
+- Treat empty or whitespace-only stored values as null in StorageManager.getJSON to avoid parsing empty strings as JSON and potential errors
+
+## 2026-02-16 - 6.2.0 - feat(ts_web)
+add Certificate Management documentation and ops-view-certificates reference
+
+- Adds a new 'Certificate Management' section to ts_web/readme.md describing domain-centric overview, certificate sources (ACME/provision/static), expiry monitoring, per-domain backoff, and one-click reprovisioning
+- Adds ops-view-certificates.ts entry to the ops UI file list
+- Documents new route mapping '/certificates' in the readme navigation
+
+## 2026-02-16 - 6.1.0 - feat(certs)
+integrate smartacme v9 for ACME certificate provisioning and add certificate management features, docs, dashboard views, API endpoints, and per-domain backoff scheduler
+
+- Bump dependency: @push.rocks/smartacme -> ^9.0.0
+- Add Certificate Management documentation, examples, and a new Certificates view in the OpsServer dashboard (status, source, expiry, backoff, one‑click reprovision)
+- Integrate smartacme v9 features: per-domain deduplication, global concurrency control, account rate limiting, structured errors, and clean shutdown behavior
+- Introduce per-domain exponential backoff persisted via StorageManager (CertProvisionScheduler) and remove the older serial stagger queue (smartacme v9 handles concurrency/deduping)
+- Expose new typedrequest API methods: getCertificateOverview, reprovisionCertificate (legacy), reprovisionCertificateDomain (preferred)
+- DcRouter now surfaces smartAcme, certProvisionScheduler, and certificateStatusMap; cert provisioning paths call smartAcme directly and clear backoff on success
+- Docs updated to note parallel shutdown/cleanup of HTTP agents and DNS clients
+
+## 2026-02-15 - 6.0.0 - BREAKING CHANGE(certs)
+Introduce domain-centric certificate provisioning with per-domain exponential backoff and a staggered serial scheduler; add domain-based reprovision API and UI backoff display; change certificate overview API to be domain-first and include backoff info; bump related deps.
+
+- Add CertProvisionScheduler: persistent per-domain exponential backoff, retry calculation, and an in-memory serial stagger queue.
+- Integrate scheduler with SmartAcme certProvisionFunction: enqueue provisions, clear backoff on success, record failures to drive backoff.
+- Switch certificate event tracking to be keyed by domain (certificateStatusMap now keyed by domain) and add findRouteNamesForDomain helper.
+- BREAKING: ICertificateInfo shape changed — replaced routeName/domains with domain and routeNames; added optional backoffInfo (failures, retryAfter, lastError).
+- Add domain-based reprovision endpoint (reprovisionCertificateDomain) while retaining legacy route-based reprovision for backward compatibility (internal rename to reprovisionCertificateByRoute).
+- Web UI updated to domain-centric certificate overview, displays route pills, backoff indicator and retry timing, and uses domain-based reprovision action.
+- Dependency bumps: @push.rocks/smartlog -> ^3.1.11, @push.rocks/smartproxy -> ^25.3.1.
+
+## 2026-02-14 - 5.5.0 - feat(certs)
+persist ACME certificates in StorageManager, add storage-backed cert manager, default storage to filesystem, and improve certificate status reporting
+
+- Add StorageBackedCertManager to persist SmartAcme certificates under /certs/ via StorageManager
+- Default storage to filesystem path (dcrouterHomeDir/storage) when options.storage is not provided
+- Wire SmartAcme to use StorageBackedCertManager and provide SmartProxy certStore handlers that load/save/remove certs under /proxy-certs/
+- Ops server certificate handler reads persisted cert data to report expiry/issued dates and treats acme/provision-function routes with no cert data as provisioning
+- Bump @push.rocks/smartproxy dependency to ^25.3.0
+
+## 2026-02-14 - 5.4.6 - fix(deps)
+bump @push.rocks/smartproxy dependency to ^25.2.2
+
+- Updated dependency @push.rocks/smartproxy: ^25.2.0 → ^25.2.2
+- Change is a dependency-only patch update, no source code modifications
+- Current package version is 5.4.5; recommend a patch release
+
+## 2026-02-14 - 5.4.5 - fix(dcrouter)
+bump patch for release pipeline consistency - no code changes
+
+- current version: 5.4.4 (from package.json)
+- git diff: no changes detected
+- recommend patch bump to trigger release artifacts if required
+
+## 2026-02-14 - 5.4.4 - fix(deps)
+bump @push.rocks/smartproxy to ^25.2.0
+
+- Updated @push.rocks/smartproxy from ^25.1.0 to ^25.2.0 (patch, non-breaking).
+- Current package version is 5.4.3; recommend a patch release to 5.4.4.
+
+## 2026-02-14 - 5.4.3 - fix(dependencies)
+bump @push.rocks/smartproxy to ^25.1.0
+
+- Updated @push.rocks/smartproxy from ^25.0.0 to ^25.1.0 in package.json
+
+## 2026-02-13 - 5.4.2 - fix(dcrouter)
+improve domain pattern matching to support routing-glob and wildcard patterns and use matching logic when resolving routes
+
+- Support routing-glob patterns beginning with '*' (e.g. *example.com) to match base domain, wildcard form, and subdomains
+- Treat standard wildcard patterns ('*.example.com') as matching both the base domain (example.com) and its subdomains
+- Use isDomainMatch when resolving routes instead of exact array includes to allow pattern matching
+- Normalize domain and pattern to lowercase and simplify equality checks
+
+## 2026-02-13 - 5.4.1 - fix(network,dcrouter)
+Always register SmartProxy certificate event handlers and include total bytes + improved connection metrics in network stats/UI
+
+- Always register SmartProxy 'certificate-issued', 'certificate-renewed', and 'certificate-failed' handlers (previously only registered when acmeConfig was present) so certificate events are processed regardless of provisioning path.
+- Add totalBytes (in/out) to network stats and propagate it through ts_interfaces and app state so total data transferred is available to the UI.
+- Combine metricsManager.getNetworkStats with collectServerStats to compute activeConnections and adjust connectionDetails/TopEndpoints handling.
+- Update ops UI to display totalBytes in throughput cards and remove a redundant network-specific auto-refresh fetch.
+- Type and state updates: ts_interfaces/data/stats.ts and ts_web/appstate.ts updated with totalBytes and initialization/default mapping adjusted.
+
+## 2026-02-13 - 5.4.0 - feat(certificates)
+include certificate source/issuer and Rust-side status checks; pass eventComms into certProvisionFunction and record expiry information
+
+- bump @push.rocks/smartproxy dependency to ^25.0.0
+- add optional 'source' field to certificate status and propagate event.source when certificates are issued, renewed, or failed
+- change smartProxy.certProvisionFunction signature to accept eventComms; use it to log attempts, set source and expiryDate, and fall back to http-01 on DNS-01 failure
+- make buildCertificateOverview async and query smartProxy.getCertificateStatus for a route when event-based status is unknown
+- improve logging to include certificate source and more contextual messages
+
+## 2026-02-13 - 5.3.0 - feat(certificates)
+add certificate overview and reprovisioning in ops UI and API; track SmartProxy certificate events
+
+- Add CertificateHandler with typedrequest endpoints: getCertificateOverview and reprovisionCertificate
+- Introduce ICertificateInfo and request/response interfaces for certificate operations
+- Frontend: add certificate state part, actions (fetchCertificateOverview, reprovisionCertificate), router view, and ops-view-certificates component
+- DcRouter: add certificateStatusMap, listen to SmartProxy certificate-issued/renewed/failed events, and add findRouteNameForDomain helper
+- Bump dependency @push.rocks/smartproxy to ^24.0.0
+
+## 2026-02-13 - 5.2.0 - feat(monitoring)
+add throughput metrics and expose them in ops UI
+
+- MetricsManager now reports bytesInPerSecond and bytesOutPerSecond as part of throughput
+- Extended IServerStats with requestsPerSecond and throughput {bytesIn, bytesOut, bytesInPerSecond, bytesOutPerSecond}
+- Stats handler updated to include requestsPerSecond and throughput; fallback stats initialize throughput fields to zero
+- Web UI ops overview displays Throughput In/Out (bits/s) and total bytes with new formatting helper
+- Bumped dependency @push.rocks/smartproxy to ^23.1.6
+
+## 2026-02-13 - 5.1.0 - feat(acme)
+Integrate SmartAcme DNS-01 handling and add certificate provisioning for SmartProxy
+
+- Add smartAcme property and lifecycle management (start/stop) in DcRouter
+- Create SmartAcme instance when DNS challenge handlers are present and wire certProvisionFunction to SmartProxy to return certificates for domains
+- Fall back to http-01 provisioning on SmartAcme errors for a domain
+- Stop SmartAcme during shutdown sequence to clean up resources
+- Bump dependency @push.rocks/smartproxy to ^23.1.5
+
+## 2026-02-13 - 5.0.7 - fix(deps)
+bump @push.rocks/smartdns to ^7.8.1 and @push.rocks/smartmta to ^5.2.2
+
+- package.json: updated @push.rocks/smartdns from ^7.8.0 to ^7.8.1 (patch)
+- package.json: updated @push.rocks/smartmta from ^5.2.1 to ^5.2.2 (patch)
+
+## 2026-02-12 - 5.0.6 - fix(deps)
+bump @push.rocks/smartproxy to ^23.1.4
+
+- package.json: @push.rocks/smartproxy ^23.1.2 → ^23.1.4
+- Dependency-only version bump, no source code changes
+
+## 2026-02-12 - 5.0.5 - fix(dcrouter)
+remove legacy handling of emailConfig.routes that added domain-based routes
+
+- Removed loop that added domain-based email routes from emailConfig.routes into emailRoutes
+- Previously created match.domains by extracting the recipient domain (split on '@') and defaulted forward target port to 25
+- Removed creation of TLS passthrough configuration for those forwarded routes
+- This prevents duplicate or incorrect domain-based routes being appended during email route construction
+
+## 2026-02-12 - 5.0.4 - fix(cache)
+use user-writable ~/.serve.zone/dcrouter for TsmDB and centralize data path logic
+
+- Default TsmDB storage changed from /etc/dcrouter/tsmdb to ~/.serve.zone/dcrouter/tsmdb
+- Introduced dcrouterHomeDir, dataDir, and defaultTsmDbPath in ts/paths.ts
+- CacheDb now defaults to defaultTsmDbPath when no storagePath is provided
+- DcRouter initialization updated to use paths.defaultTsmDbPath; README and readme.hints updated to document the new defaults
+- Avoids /etc permission issues and prevents starting a real MongoDB process in tests by using a user-writable default path
+
+## 2026-02-12 - 5.0.3 - fix(packaging)
+add files whitelist to package.json and remove Playwright-generated screenshots
+
+- Add a "files" array to package.json to control published package contents (includes ts/, ts_web/, dist/, dist_*/**, dist_ts/, dist_ts_web/, assets/, cli.js, npmextra.json, readme.md).
+- Remove multiple .playwright-mcp/*.png screenshot files (clean up Playwright test artifacts and reduce repository noise/size).
+
+## 2026-02-12 - 5.0.2 - fix(docs)
+update documentation and packaging configuration: document smartmta/smartdns integrations, adjust API method names, and add release registry info
+
+- README: document SmartDNS as Rust-powered DNS engine and smartmta as TypeScript+Rust MTA; add Rust-powered architecture section and component package table
+- README: update Node.js requirement from 18+ to 20+; replace embedded cache DB TsmDb with LocalTsmDb and reduce listed cached document types
+- README & ts_interfaces: rename typedrequest API adminLogin -> adminLoginWithUsernameAndPassword and add/clarify several API methods (logout, suppression management, RADIUS client/VLAN helpers)
+- README: update test instructions, change test file references and add a test coverage table
+- npmextra.json: re-key package configs (@git.zone/cli, @ship.zone/szci), tidy watch array formatting, and add release.registries and accessLevel for publishing
+
+## 2026-02-11 - 5.0.1 - fix(deps/tests)
+bump two dependencies and disable cache in tests
+
+- Bumped @api.global/typedrequest from ^3.2.5 to ^3.2.6
+- Bumped @push.rocks/smartradius from ^1.1.0 to ^1.1.1
+- Disabled cache in tests by adding cacheConfig: { enabled: false } to DcRouter instantiation in test/test.jwt-auth.ts, test/test.opsserver-api.ts, and test/test.protected-endpoint.ts
+
+## 2026-02-11 - 5.0.0 - BREAKING CHANGE(mta)
+migrate internal MTA to @push.rocks/smartmta and remove legacy mail/deliverability implementation
+
+- Replace ~27k LOC custom MTA (ts/mail/, ts/deliverability/) with @push.rocks/smartmta v5.2.1 (TypeScript+Rust hybrid)
+- Remove many SMTP client/server test suites and test helpers; testing approach and fixtures changed/removed
+- Upgrade dependencies: @push.rocks/smartproxy -> 23.1.2, @push.rocks/smartdns -> 7.8.0, add @push.rocks/smartmta@5.2.1; bump other minor deps
+- API differences: updateEmailRoutes() replaces updateRoutes(); UnifiedEmailServer exposes dkimCreator publicly; bounce/suppression APIs moved to emailServer.* helpers; Email class and IAttachment types moved into @push.rocks/smartmta exports
+- SmartProxy route validation stricter: forward actions must use targets (array) instead of target (singular) — tests/configs updated accordingly
+- DKIM generation/serving moved to smartmta (dcrouter no longer manages DKIM keys directly)
+
+## 2026-02-10 - 4.1.1 - fix(smartproxy)
+upgrade @push.rocks/smartproxy to ^23.1.0 and adapt code/tests for its async getStatistics() API
+
+- Bumped dependency @push.rocks/smartproxy 22.4.2 → 23.1.0 in package.json
+- Changed ts/monitoring/classes.metricsmanager.ts to await smartProxy.getStatistics() (was synchronous)
+- Updated multiple tests to set cacheConfig: { enabled: false } and added socketTimeouts where appropriate
+- Improved SMTP test servers: handle multi-line input, drop data for packet-loss simulation, and ignore socket errors to make tests more robust
+- Added migration notes to readme.hints.md documenting SmartProxy v23.1.0 changes (async getStatistics, Rust proxy behavior)
+
+## 2026-02-10 - 4.1.0 - feat(cache)
+add persistent smartdata-backed cache with LocalTsmDb, cache cleaner, and DcRouter integration
+
+- Introduce CacheDb and CacheCleaner using @push.rocks/smartdata and @push.rocks/smartmongo (LocalTsmDb) for persistent caching
+- Integrate cache initialization, console summary, and graceful shutdown into DcRouter (options.cacheConfig and setupCacheDb())
+- Require svDb() decorators on concrete cache document classes; remove decorators from the abstract CachedDocument base class
+- Switch CacheCleaner to smartdata getInstances() + per-document delete() instead of deleteMany
+- Adapt to LocalTsmDb API changes (folderPath option and start() returning connectionUri) and initialize SmartdataDb with mongoDbUrl/mongoDbName
+- Remove experimentalDecorators and emitDecoratorMetadata from tsconfig to use TC39 Stage 3 decorators (smartdata v7+ compatibility)
+- Add package.json exports mapping (remove main/typings entries) to expose dist entry points
+- Add README documentation for the Smartdata Cache System and configuration/usage examples
+
+## 2026-02-03 - 4.0.0 - BREAKING CHANGE(config)
+convert configuration management to read-only; remove updateConfiguration endpoint and client-side editing
+
+- Removed server-side 'updateConfiguration' TypedHandler and the private updateConfiguration() method; getConfiguration remains as a read-only handler.
+- Removed IReq_UpdateConfiguration interface from request typings; IReq_GetConfiguration marked as read-only.
+- Removed client-side editing functionality: ops-view-config editing state and methods, Edit/Save/Cancel buttons, and updateConfigurationAction; ops-view-config enhanced to display read-only configuration (badges for booleans, array pills, icons, formatted numbers/bytes, empty states, etc.).
+- Tests updated: replaced configuration update tests with verifyIdentity tests and added a read-only configuration access test.
+- Documentation updated to reflect configuration is read-only (readme.md, ts_web/readme.md, ts_interfaces/readme.md, readme.hints.md).
+- Dependencies adjusted: bumped @push.rocks/smartdata to ^7.0.15 and added @push.rocks/smartmongo ^5.1.0; ts/plugins updated to import/export smartmongo.
+
+## 2026-02-02 - 3.1.0 - feat(web)
+determine initial UI view from URL and wire selected view to appdash; add interface and web README files; bump various dependencies
+
+- UI: derive initial active view from window.location.pathname so the dashboard supports deep linking and bookmarks (ts_web/appstate.ts)
+- UI: pass selectedView to dees-simple-appdash by adding a currentViewTab getter in ops-dashboard (ts_web/elements/ops-dashboard.ts)
+- Docs: add TypeScript interfaces README for @serve.zone/dcrouter-interfaces (ts_interfaces/readme.md)
+- Docs: add/update web module README detailing features, routing, and build instructions (ts_web/readme.md) and expand main project README
+- Deps: bump multiple dependencies in package.json (notable bumps: @api.global/typedrequest -> ^3.2.5, @design.estate/dees-catalog -> ^3.42.0, @design.estate/dees-element -> ^2.1.6, @push.rocks/projectinfo -> ^5.0.2, @push.rocks/smartdata -> ^5.16.7, @push.rocks/smartpromise -> ^4.2.3, @push.rocks/smartradius -> ^1.1.0, @push.rocks/smartstate -> ^2.0.30, mailauth -> ^4.12.1)
+
+## 2026-02-01 - 3.0.0 - BREAKING CHANGE(deps)
+upgrade major dependencies, migrate action.target to action.targets (array), adapt to SmartRequest API changes, and add RADIUS server support
+
+- Bumped many major dependencies: @api.global/typedserver 3.x → 8.3.0, @api.global/typedsocket 3.x → 4.1.0, @apiclient.xyz/cloudflare 6.x → 7.1.0, @design.estate/dees-catalog 1.x → 3.41.4, @push.rocks/smartpath 5.x → 6.x, @push.rocks/smartproxy 19.x → 22.x, @push.rocks/smartrequest 2.x → 5.x, uuid 11.x → 13.x, @types/node 25.1.0 → 25.2.0
+
+## 2026-02-01 - 2.13.0 - feat(radius)
+add RADIUS server with MAC authentication (MAB), VLAN assignment, accounting and OpsServer API handlers
+
+- Introduce full RADIUS module under ts/radius: classes.radius.server, classes.vlan.manager, classes.accounting.manager (authentication, VLAN mapping, OUI patterns, accounting, persistence).
+- Integrate RADIUS into DcRouter: add radiusConfig option, setupRadiusServer(), updateRadiusConfig(), start/stop lifecycle handling and startup summary output.
+- Add OpsServer RadiusHandler (ts/opsserver/handlers/radius.handler.ts) exposing TypedRequest endpoints for client management, VLAN mappings, accounting reports and statistics.
+- Add typed request interfaces for RADIUS under ts_interfaces/requests/radius.ts and export them from the requests index.
+- Wire smartradius into plugins (ts/plugins.ts) and export the new module; export RADIUS from ts/index.ts and re-export RADIUS types from classes.dcrouter.
+- Update package.json & npmextra.json: add tswatch script and dev watcher configuration, add @push.rocks/smartradius dependency and a test_watch/devserver.ts dev server entrypoint.
+- Refactor several web UI components (ops-dashboard, ops-view-*) to use 'accessor' for @state properties (small UI state API adjustments).
+- Documentation: update readme.hints.md with RADIUS integration notes and examples.
+
+## 2026-02-01 - 2.12.6 - fix(tests)
+update tests and test helpers to current email/DNS APIs, use non-privileged ports, and improve robustness and resilience
+
+- Email tests: switch to IEmailConfig properties (domains, routes), use router.emailServer (not unifiedEmailServer), change to non-privileged ports (e.g. 2525) and use fs.rmSync for cleanup.
+- SMTP client helper: add pool and domain options; adjust tests to use STARTTLS (secure: false) and tolerate TLS/cipher negotiation failures with try/catch fallbacks.
+- DNS tests: replace dnsDomain with dnsNsDomains and dnsScopes; test route generation without starting services, verify route names/domains, and create socket handlers without binding privileged ports.
+- Socket-handler tests: use high non-standard ports for route/handler tests, verify route naming (email-port-<port>-route), ensure handlers are functions and handle errors gracefully without starting full routers.
+- Integration/storage/rate-limit tests: add waits for async persistence, create/cleanup test directories, return and manage test server instances, relax strict assertions (memory threshold, rate-limiting enforcement) and make tests tolerant of implementation differences.
+- Misc: use getAvailablePort in perf test setup, export tap.start() where appropriate, and generally make tests less brittle by adding try/catch, fallbacks and clearer logs for expected non-deterministic behavior.
+
+## 2026-02-01 - 2.12.5 - fix(mail)
+migrate filesystem helpers to fsUtils, update DKIM and mail APIs, harden SMTP client, and bump dependencies
+
+- Introduce plugins.fsUtils compatibility layer and replace usages of plugins.smartfile.* with plugins.fsUtils.* across storage, routing, deliverability, and paths to support newer smartfile behaviour
+- Update DKIM signing/verifying to new mailauth API: use signingDomain/selector/privateKey and read keys from dkimCreator before signing; adjust verifier fields to use signingDomain
+- Harden SMTP client CommandHandler: add MAX_BUFFER_SIZE, socket close/error handlers, robust cleanup, clear response buffer, and adjust command/data timeouts; reduce default SOCKET_TIMEOUT to 45s
+- Use SmartFileFactory for creating SmartFile attachments and update saving/loading to use fsUtils async/sync helpers
+- Switch test runners to export default tap.start(), relax some memory-test thresholds, and add test helper methods (recordAuthFailure, recordError)
+- Update package.json: simplify bundle script and bump multiple devDependencies/dependencies to compatible versions
+
+## 2025-01-29 - 2.13.0 - feat(socket-handler)
+Implement socket-handler mode for DNS and email services, enabling direct socket passing from SmartProxy
+
+- Add `dnsDomain` configuration option that automatically sets up DNS server with DNS-over-HTTPS (DoH) support
+- Implement socket-handler mode for email services with `useSocketHandler` flag in email configuration
+- Update SmartProxy route generation to create socket-handler actions instead of port forwarding
+- Add automatic route creation for DNS paths `/dns-query` and `/resolve` when dnsDomain is configured
+- Enhance UnifiedEmailServer with `handleSocket` method for direct socket processing
+- Configure DnsServer with `manualHttpsMode: true` to prevent HTTPS port binding while enabling DoH
+- Improve performance by eliminating internal port forwarding overhead
+- Update documentation with socket-handler mode configuration and benefits
+
 ## 2025-05-16 - 2.12.0 - feat(smartproxy)
 Update documentation and configuration guides to adopt new route-based SmartProxy architecture
 

cli.child.js

@@ -0,0 +1,4 @@
+#!/usr/bin/env node
+process.env.CLI_CALL = 'true';
+import * as cliTool from './ts/index.js';
+cliTool.runCli();

html/index.html

@@ -0,0 +1,121 @@
+<!--gitzone default-->
+<!-- made by Lossless GmbH -->
+<!-- checkout https://maintainedby.lossless.com for awesome OpenSource projects -->
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <!--Lets set some basic meta tags-->
+    <meta
+      name="viewport"
+      content="user-scalable=0, initial-scale=1, maximum-scale=1, minimum-scale=1, width=device-width, height=device-height"
+    />
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <meta name="theme-color" content="#000000" />
+
+    <!--Lets make sure we recognize this as an PWA-->
+    <link rel="manifest" href="/manifest.json" />
+    <link rel="icon" type="image/png" href="/assetbroker/manifest/favicon.png" />
+
+    <!--Lets load standard fonts-->
+    <link rel="preconnect" href="https://assetbroker.lossless.one/" crossorigin>
+    <link rel="stylesheet" href="https://assetbroker.lossless.one/fonts/fonts.css">
+
+
+    <!--Lets avoid a rescaling flicker due to default body margins-->
+    <style>
+      html {
+        -ms-text-size-adjust: 100%;
+        -webkit-text-size-adjust: 100%;
+      }
+      body {
+        position: relative;
+        background: #000;
+        margin: 0px;
+      }
+    </style>
+    <script>
+      projectVersion = '';
+    </script>
+  </head>
+  <body>
+    <noscript>
+      <style>
+        body {
+          background: #303f9f;
+          font-family: Inter, Roboto, sans-serif;
+          color: #ffffff;
+        }
+
+        a {
+          color: #ffffff;
+          text-decoration: none;
+        }
+
+        .logo {
+          margin-top: 100px;
+          text-align: center;
+        }
+
+        img {
+          width: 130px;
+        }
+
+        .container {
+          width: 600px;
+          margin: auto;
+          margin-top: 20px;
+          box-shadow: 0px 0px 5px rgba(0, 0, 0, 0.3);
+          overflow: hidden;
+          border-radius: 3px;
+          background: #4357d9;
+        }
+        .contentHeader {
+          padding: 20px;
+          text-align: center;
+          font-size: 25px;
+          border-bottom: 1px solid rgba(255, 255, 255, 0.1);
+        }
+        .content {
+          padding: 20px;
+        }
+        .footer {
+          padding: 10px;
+          text-align: center;
+        }
+      </style>
+      <div class="logo">
+        <img src="https://assetbroker.lossless.one/brandfiles/lossless/svg-minimal-bright.svg" />
+      </div>
+      <div class="container">
+        <div class="contentHeader">We need JavaScript to run properly!</div>
+        <div class="content">
+          This site is being built using lit-element (made by Google). This technology works with
+          JavaScript. Subsequently this website does not work as intended by Lossless GmbH without
+          JavaScript.
+        </div>
+      </div>
+      <div class="footer">
+        <a href="https://lossless.gmbh">Legal Info</a> |
+        <a href="https://lossless.gmbh/privacy">Privacy Policy</a>
+      </div>
+    </noscript>
+    <script type="text/javascript" async defer>
+      window.revenueEnabled = true;
+      const runRevenueCheck = async () => {
+        var e = document.createElement('div');
+        e.id = '476kjuhzgtr764';
+        e.style.display = 'none';
+        document.body.appendChild(e);
+        if (document.getElementById('476kjuhzgtr764')) {
+          window.revenueEnabled = true;
+        } else {
+          window.revenueEnabled = false;
+        }
+        console.log(`revenue enabled: ${window.revenueEnabled}`);
+      };
+
+      runRevenueCheck();
+    </script>
+  </body>
+  <script defer type="module" src="/bundle.js"></script>
+</html>

npmextra.json

@@ -1,12 +1,39 @@
 {
-  "gitzone": {
+  "@git.zone/tswatch": {
+    "watchers": [
+      {
+        "name": "dcrouter-dev",
+        "watch": [
+          "ts/**/*.ts",
+          "ts_*/**/*.ts",
+          "test_watch/devserver.ts"
+        ],
+        "command": "pnpm run build && tsrun test_watch/devserver.ts",
+        "restart": true,
+        "debounce": 500,
+        "runOnStart": true
+      }
+    ]
+  },
+  "@git.zone/tsbundle": {
+    "bundles": [
+      {
+        "from": "./ts_web/index.ts",
+        "to": "./dist_serve/bundle.js",
+        "outputMode": "bundle",
+        "bundler": "esbuild",
+        "production": true
+      }
+    ]
+  },
+  "@git.zone/cli": {
     "projectType": "service",
     "module": {
       "githost": "gitlab.com",
       "gitscope": "serve.zone",
-      "gitrepo": "platformservice",
-      "description": "A multifaceted platform service handling mail, SMS, letter delivery, and AI services.",
-      "npmPackagename": "@serve.zone/platformservice",
+      "gitrepo": "dcrouter",
+      "description": "A traffic router intended to be gating your datacenter.",
+      "npmPackagename": "@serve.zone/dcrouter",
       "license": "MIT",
       "projectDomain": "serve.zone",
       "keywords": [
@@ -17,7 +44,7 @@
         "SMTP server",
         "mail parsing",
         "DKIM",
-        "platform service",
+        "traffic router",
         "letterXpress",
         "OpenAI",
         "Anthropic AI",
@@ -30,12 +57,19 @@
         "SMTP STARTTLS",
         "DNS management"
       ]
+    },
+    "release": {
+      "registries": [
+        "https://verdaccio.lossless.digital",
+        "https://registry.npmjs.org"
+      ],
+      "accessLevel": "public"
     }
   },
-  "npmci": {
+  "@ship.zone/szci": {
     "npmGlobalTools": [],
     "dockerRegistryRepoMap": {
-      "registry.gitlab.com": "code.foss.global/serve.zone/platformservice"
+      "registry.gitlab.com": "code.foss.global/serve.zone/dcrouter"
     },
     "dockerBuildargEnvMap": {
       "NPMCI_TOKEN_NPM2": "NPMCI_TOKEN_NPM2"

package.json

@@ -1,55 +1,65 @@
 {
-  "name": "@serve.zone/platformservice",
+  "name": "@serve.zone/dcrouter",
   "private": false,
-  "version": "2.12.0",
-  "description": "A multifaceted platform service handling mail, SMS, letter delivery, and AI services.",
-  "main": "dist_ts/index.js",
-  "typings": "dist_ts/index.d.ts",
+  "version": "6.7.0",
+  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
   "type": "module",
+  "exports": {
+    ".": "./dist_ts/index.js",
+    "./interfaces": "./dist_ts_interfaces/index.js"
+  },
   "author": "Task Venture Capital GmbH",
   "license": "MIT",
   "scripts": {
-    "test": "(tstest test/)",
+    "test": "(tstest test/ --logfile --timeout 60)",
     "start": "(node --max_old_space_size=250 ./cli.js)",
     "startTs": "(node cli.ts.js)",
-    "build": "(tsbuild tsfolders --allowimplicitany)",
-    "localPublish": ""
+    "build": "(tsbuild tsfolders --allowimplicitany && npm run bundle)",
+    "bundle": "(tsbundle)",
+    "watch": "tswatch"
   },
   "devDependencies": {
-    "@git.zone/tsbuild": "^2.5.1",
-    "@git.zone/tsrun": "^1.2.8",
-    "@git.zone/tstest": "^1.9.0",
-    "@git.zone/tswatch": "^2.0.1",
-    "@types/node": "^22.15.18"
+    "@git.zone/tsbuild": "^4.1.2",
+    "@git.zone/tsbundle": "^2.8.3",
+    "@git.zone/tsrun": "^2.0.1",
+    "@git.zone/tstest": "^3.1.8",
+    "@git.zone/tswatch": "^3.1.0",
+    "@types/node": "^25.2.3"
   },
   "dependencies": {
-    "@api.global/typedrequest": "^3.0.19",
-    "@api.global/typedserver": "^3.0.74",
-    "@api.global/typedsocket": "^3.0.0",
-    "@apiclient.xyz/cloudflare": "^6.4.1",
-    "@push.rocks/projectinfo": "^5.0.1",
-    "@push.rocks/qenv": "^6.1.0",
-    "@push.rocks/smartacme": "^7.3.3",
-    "@push.rocks/smartdata": "^5.15.1",
-    "@push.rocks/smartdns": "^6.2.2",
-    "@push.rocks/smartfile": "^11.0.4",
-    "@push.rocks/smartlog": "^3.1.2",
-    "@push.rocks/smartmail": "^2.1.0",
-    "@push.rocks/smartpath": "^5.0.5",
-    "@push.rocks/smartpromise": "^4.0.3",
-    "@push.rocks/smartproxy": "^18.1.0",
-    "@push.rocks/smartrequest": "^2.1.0",
-    "@push.rocks/smartrule": "^2.0.1",
+    "@api.global/typedrequest": "^3.2.6",
+    "@api.global/typedrequest-interfaces": "^3.0.19",
+    "@api.global/typedserver": "^8.3.0",
+    "@api.global/typedsocket": "^4.1.0",
+    "@apiclient.xyz/cloudflare": "^7.1.0",
+    "@design.estate/dees-catalog": "^3.42.2",
+    "@design.estate/dees-element": "^2.1.6",
+    "@push.rocks/projectinfo": "^5.0.2",
+    "@push.rocks/qenv": "^6.1.3",
+    "@push.rocks/smartacme": "^9.1.3",
+    "@push.rocks/smartdata": "^7.0.15",
+    "@push.rocks/smartdns": "^7.8.1",
+    "@push.rocks/smartfile": "^13.1.2",
+    "@push.rocks/smartguard": "^3.1.0",
+    "@push.rocks/smartjwt": "^2.2.1",
+    "@push.rocks/smartlog": "^3.1.11",
+    "@push.rocks/smartmetrics": "^2.0.10",
+    "@push.rocks/smartmongo": "^5.1.0",
+    "@push.rocks/smartmta": "^5.2.2",
+    "@push.rocks/smartnetwork": "^4.4.0",
+    "@push.rocks/smartpath": "^6.0.0",
+    "@push.rocks/smartpromise": "^4.2.3",
+    "@push.rocks/smartproxy": "^25.7.3",
+    "@push.rocks/smartradius": "^1.1.1",
+    "@push.rocks/smartrequest": "^5.0.1",
     "@push.rocks/smartrx": "^3.0.10",
-    "@push.rocks/smartstate": "^2.0.0",
-    "@serve.zone/interfaces": "^5.0.4",
-    "@tsclass/tsclass": "^9.2.0",
-    "@types/mailparser": "^3.4.6",
-    "ip": "^2.0.1",
-    "lru-cache": "^11.1.0",
-    "mailauth": "^4.8.5",
-    "mailparser": "^3.6.9",
-    "uuid": "^11.1.0"
+    "@push.rocks/smartstate": "^2.0.30",
+    "@push.rocks/smartunique": "^3.0.9",
+    "@serve.zone/interfaces": "^5.3.0",
+    "@serve.zone/remoteingress": "^3.0.4",
+    "@tsclass/tsclass": "^9.3.0",
+    "lru-cache": "^11.2.6",
+    "uuid": "^13.0.0"
   },
   "keywords": [
     "mail service",
@@ -59,7 +69,7 @@
     "SMTP server",
     "mail parsing",
     "DKIM",
-    "platform service",
+    "mail router",
     "letterXpress",
     "OpenAI",
     "Anthropic AI",
@@ -70,7 +80,12 @@
     "email templating",
     "rule management",
     "SMTP STARTTLS",
-    "DNS management"
+    "DNS management",
+    "RADIUS",
+    "AAA",
+    "network authentication",
+    "VLAN assignment",
+    "MAC authentication"
   ],
   "pnpm": {
     "onlyBuiltDependencies": [
@@ -79,5 +94,17 @@
       "puppeteer"
     ]
   },
-  "packageManager": "pnpm@10.7.0+sha512.6b865ad4b62a1d9842b61d674a393903b871d9244954f652b8842c2b553c72176b278f64c463e52d40fff8aba385c235c8c9ecf5cc7de4fd78b8bb6d49633ab6"
+  "packageManager": "pnpm@10.11.0",
+  "files": [
+    "ts/**/*",
+    "ts_web/**/*",
+    "dist/**/*",
+    "dist_*/**/*",
+    "dist_ts/**/*",
+    "dist_ts_web/**/*",
+    "assets/**/*",
+    "cli.js",
+    "npmextra.json",
+    "readme.md"
+  ]
 }

readme.hints.md

@@ -1,5 +1,275 @@
 # Implementation Hints and Learnings
 
+## smartmta Migration (2026-02-11)
+
+### Overview
+dcrouter's custom MTA code (~27,149 lines / 68 files in `ts/mail/` + `ts/deliverability/`) has been replaced with `@push.rocks/smartmta` v5.2.1, a TypeScript+Rust hybrid MTA. dcrouter is now an orchestrator that wires together SmartProxy, smartmta, smartdns, smartradius, and OpsServer.
+
+### Architecture
+- **No socket-handler mode** — smartmta's Rust SMTP server binds its own ports directly
+- **SmartProxy forward mode only** — external email ports forwarded to internal ports where smartmta listens
+- Email traffic flow: External Port → SmartProxy → Internal Port → smartmta UnifiedEmailServer
+
+### Key API Differences (smartmta vs old custom MTA)
+- `updateEmailRoutes()` instead of `updateRoutes()`
+- `dkimCreator` is public (no need for `(this.emailServer as any).dkimCreator`)
+- `bounceManager` is private, but exposed via public methods:
+  - `emailServer.getSuppressionList()`
+  - `emailServer.getHardBouncedAddresses()`
+  - `emailServer.getBounceHistory(email)`
+  - `emailServer.removeFromSuppressionList(email)`
+- `Email` class imported from `@push.rocks/smartmta`
+- `IAttachment` type accessed via `Core` namespace: `import { type Core } from '@push.rocks/smartmta'; type IAttachment = Core.IAttachment;`
+
+### Deleted Directories
+- `ts/mail/` (60 files) — replaced by smartmta
+- `ts/deliverability/` (3 files) — IPWarmupManager/SenderReputationMonitor will move to smartmta
+- `ts/errors/email.errors.ts`, `ts/errors/mta.errors.ts` — smartmta has its own errors
+- `ts/cache/documents/classes.cached.bounce.ts`, `classes.cached.suppression.ts`, `classes.cached.dkim.ts` — smartmta handles its own persistence
+
+### Remaining Cache Documents
+- `CachedEmail` — kept (dcrouter-level queue persistence)
+- `CachedIPReputation` — kept (dcrouter-level IP reputation caching)
+
+### Dependencies Removed
+mailauth, mailparser, @types/mailparser, ip, @push.rocks/smartmail, @push.rocks/smartrule, node-forge
+
+### Pre-existing Test Failures (not caused by migration)
+- `test/test.jwt-auth.ts` — `response.text is not a function` (webrequest compatibility issue)
+- `test/test.opsserver-api.ts` — same webrequest issue, timeouts
+
+### smartmta Location
+Source at `../../push.rocks/smartmta`, release with `gitzone commit -ypbrt`
+
+## Dependency Upgrade (2026-02-11)
+
+### SmartProxy v23.1.2 Route Validation
+- SmartProxy 23.1.2 enforces stricter route validation
+- Forward actions MUST use `targets` (array) instead of `target` (singular)
+- Test configurations that call `DcRouter.start()` need `cacheConfig: { enabled: false }` to avoid starting a real MongoDB process in tests
+
+```typescript
+// WRONG - will fail validation
+action: { type: 'forward', target: { host: 'localhost', port: 10025 } }
+
+// CORRECT
+action: { type: 'forward', targets: [{ host: 'localhost', port: 10025 }] }
+```
+
+**Files Fixed:**
+- `ts/classes.dcrouter.ts` - `generateEmailRoutes()` method
+- `test/test.dcrouter.email.ts` - Updated assertions and added `cacheConfig: { enabled: false }`
+
+## Dependency Upgrade (2026-02-10)
+
+### SmartProxy v23.1.0 Upgrade
+- `@push.rocks/smartproxy`: 22.4.2 → 23.1.0
+
+**Key Changes:**
+- Rust-based proxy components for improved performance
+- Rust binary runs as separate process via IPC
+- `getStatistics()` now returns `Promise<any>` (was synchronous)
+- nftables-proxy removed (not used by dcrouter)
+
+**Code Changes Required:**
+```typescript
+// Old (synchronous)
+const proxyStats = this.dcRouter.smartProxy.getStatistics();
+
+// New (async)
+const proxyStats = await this.dcRouter.smartProxy.getStatistics();
+```
+
+**Files Modified:**
+- `ts/monitoring/classes.metricsmanager.ts` - Added `await` to `getStatistics()` call
+
+## Dependency Upgrade (2026-02-01)
+
+### Major Upgrades Completed
+- `@api.global/typedserver`: 3.0.80 → 8.3.0
+- `@api.global/typedsocket`: 3.1.1 → 4.1.0
+- `@apiclient.xyz/cloudflare`: 6.4.3 → 7.1.0
+- `@design.estate/dees-catalog`: 1.12.4 → 3.41.4
+- `@push.rocks/smartpath`: 5.1.0 → 6.0.0
+- `@push.rocks/smartproxy`: 19.6.17 → 22.4.2
+- `@push.rocks/smartrequest`: 2.1.0 → 5.0.1
+- `uuid`: 11.1.0 → 13.0.0
+
+### Breaking Changes Fixed
+
+1. **SmartProxy v22**: `target` → `targets` (array)
+   ```typescript
+   // Old
+   action: { type: 'forward', target: { host: 'x', port: 25 } }
+   // New
+   action: { type: 'forward', targets: [{ host: 'x', port: 25 }] }
+   ```
+
+2. **SmartRequest v5**: `SmartRequestClient` → `SmartRequest`, `.body` → `.json()`
+   ```typescript
+   // Old
+   const resp = await plugins.smartrequest.SmartRequestClient.create()...post();
+   const json = resp.body;
+   // New
+   const resp = await plugins.smartrequest.SmartRequest.create()...post();
+   const json = await resp.json();
+   ```
+
+3. **dees-catalog v3**: Icon naming changed to library-prefixed format
+   ```typescript
+   // Old (deprecated but supported)
+   <dees-icon iconFA="check"></dees-icon>
+   // New
+   <dees-icon icon="fa:check"></dees-icon>
+   <dees-icon icon="lucide:menu"></dees-icon>
+   ```
+
+### TC39 Decorators
+- ts_web components updated to use `accessor` keyword for `@state()` decorators
+- Required for TC39 standard decorator support
+
+### tswatch Configuration
+The project now uses tswatch for development:
+```bash
+pnpm run watch
+```
+Configuration in `npmextra.json`:
+```json
+{
+  "@git.zone/tswatch": {
+    "watchers": [{
+      "name": "dcrouter-dev",
+      "watch": ["ts/**/*.ts", "ts_*/**/*.ts", "test_watch/devserver.ts"],
+      "command": "pnpm run build && tsrun test_watch/devserver.ts",
+      "restart": true,
+      "debounce": 500,
+      "runOnStart": true
+    }]
+  }
+}
+```
+
+## RADIUS Server Integration (2026-02-01)
+
+### Overview
+DcRouter now supports RADIUS server functionality for network authentication via `@push.rocks/smartradius`.
+
+### Key Features
+- **MAC Authentication Bypass (MAB)** - Authenticate network devices based on MAC address
+- **VLAN Assignment** - Assign VLANs based on MAC address or OUI patterns
+- **RADIUS Accounting** - Track sessions, data usage, and billing
+
+### Configuration Example
+```typescript
+const dcRouter = new DcRouter({
+  radiusConfig: {
+    authPort: 1812,      // Authentication port (default)
+    acctPort: 1813,      // Accounting port (default)
+    clients: [
+      {
+        name: 'switch-1',
+        ipRange: '192.168.1.0/24',
+        secret: 'shared-secret',
+        enabled: true
+      }
+    ],
+    vlanAssignment: {
+      defaultVlan: 100,   // VLAN for unknown MACs
+      allowUnknownMacs: true,
+      mappings: [
+        { mac: '00:11:22:33:44:55', vlan: 10, enabled: true },
+        { mac: '00:11:22', vlan: 20, enabled: true }  // OUI pattern
+      ]
+    },
+    accounting: {
+      enabled: true,
+      retentionDays: 30
+    }
+  }
+});
+```
+
+### Components
+- `RadiusServer` - Main server wrapping smartradius
+- `VlanManager` - MAC-to-VLAN mapping with OUI pattern support
+- `AccountingManager` - Session tracking and billing data
+
+### OpsServer API Endpoints
+- `getRadiusClients` / `setRadiusClient` / `removeRadiusClient` - Client management
+- `getVlanMappings` / `setVlanMapping` / `removeVlanMapping` - VLAN mappings
+- `testVlanAssignment` - Test what VLAN a MAC would get
+- `getRadiusSessions` / `disconnectRadiusSession` - Session management
+- `getRadiusStatistics` / `getRadiusAccountingSummary` - Statistics
+
+### Files
+- `ts/radius/` - RADIUS module
+- `ts/opsserver/handlers/radius.handler.ts` - OpsServer handler
+- `ts_interfaces/requests/radius.ts` - TypedRequest interfaces
+
+## Test Fix: test.dcrouter.email.ts (2026-02-01)
+
+### Issue
+The test `DcRouter class - Custom email storage path` was failing with "domainConfigs is not iterable".
+
+### Root Cause
+The test was using outdated email config properties:
+- Used `domainRules: []` (non-existent property)
+- Used `defaultMode` (non-existent property)
+- Missing required `domains: []` property
+- Missing required `routes: []` property
+- Referenced `router.unifiedEmailServer` instead of `router.emailServer`
+
+### Fix
+Updated the test to use the correct `IUnifiedEmailServerOptions` interface properties:
+```typescript
+const emailConfig: IEmailConfig = {
+  ports: [2525],
+  hostname: 'mail.example.com',
+  domains: [], // Required: domain configurations
+  routes: []   // Required: email routing rules
+};
+```
+
+And fixed the property name:
+```typescript
+expect(router.emailServer).toBeTruthy();  // Not unifiedEmailServer
+```
+
+### Key Learning
+When using `IUnifiedEmailServerOptions` (aliased as `IEmailConfig` in some tests):
+- `domains: IEmailDomainConfig[]` is required (array of domain configs)
+- `routes: IEmailRoute[]` is required (email routing rules)
+- Access the email server via `dcRouter.emailServer` not `dcRouter.unifiedEmailServer`
+
+## Network Metrics Implementation (2025-06-23)
+
+### SmartProxy Metrics API Integration
+- Updated to use new SmartProxy metrics API (v19.6.7)
+- Use `getMetrics()` for detailed metrics with grouped methods:
+  ```typescript
+  const metrics = smartProxy.getMetrics();
+  metrics.connections.active()      // Current active connections
+  metrics.throughput.instant()      // Real-time throughput {in, out}
+  metrics.connections.topIPs(10)    // Top 10 IPs by connection count
+  ```
+- Use `getStatistics()` for basic stats
+
+### Network Traffic Display
+- All throughput values shown in bits per second (kbit/s, Mbit/s, Gbit/s)
+- Conversion: `bytesPerSecond * 8 / 1000000` for Mbps
+- Network graph shows separate lines for inbound (green) and outbound (purple)
+- Throughput tiles and graph use same data source for consistency
+
+### Requests/sec vs Connections
+- Requests/sec shows HTTP request counts (derived from connections)
+- Single connection can handle multiple requests
+- Current implementation tracks connections, not individual requests
+- Trend line shows historical request counts, not throughput
+
+## DKIM Implementation Status (2025-05-30)
+
+**Note:** DKIM is now handled by `@push.rocks/smartmta`. The `dkimCreator` is a public property on `UnifiedEmailServer`.
+
 ## SmartProxy Usage
 
 ### New Route-Based Architecture (v18+)
@@ -175,31 +445,11 @@ tap.test('stop', async () => {
 
 ## Email Integration with SmartProxy
 
-### Architecture
+### Architecture (Post-Migration)
 - Email traffic is routed through SmartProxy using automatic route generation
-- Email server runs on internal ports and receives forwarded traffic from SmartProxy
+- smartmta's UnifiedEmailServer runs on internal ports and receives forwarded traffic from SmartProxy
 - SmartProxy handles external ports (25, 587, 465) and forwards to internal ports
-
-### Email Route Generation
-```typescript
-// Email configuration automatically generates SmartProxy routes
-emailConfig: {
-  ports: [25, 587, 465],
-  hostname: 'mail.example.com',
-  domainRules: [...]
-}
-
-// Generates routes like:
-{
-  name: 'smtp-route',
-  match: { ports: [25] },
-  action: {
-    type: 'forward',
-    target: { host: 'localhost', port: 10025 }
-  },
-  tls: { mode: 'passthrough' } // STARTTLS handled by email server
-}
-```
+- smartmta's Rust SMTP bridge handles SMTP protocol processing
 
 ### Port Mapping
 - External port 25 → Internal port 10025 (SMTP)
@@ -207,6 +457,317 @@ emailConfig: {
 - External port 465 → Internal port 10465 (SMTPS)
 
 ### TLS Handling
-- Ports 25 and 587: Use 'passthrough' mode (STARTTLS handled by email server)
+- Ports 25 and 587: Use 'passthrough' mode (STARTTLS handled by smartmta)
 - Port 465: Use 'terminate' mode (SmartProxy handles TLS termination)
-- Domain-specific TLS can be configured per email rule
+
+## SmartMetrics Integration (2025-06-12) - COMPLETED
+
+### Overview
+Fixed the UI metrics display to show accurate CPU and memory data from SmartMetrics.
+
+### Key Findings
+1. **CPU Metrics:**
+   - SmartMetrics provides `cpuUsageText` as a string percentage
+   - MetricsManager parses it as `cpuUsage.user` (system is always 0)
+   - UI was incorrectly dividing by 2, showing half the actual CPU usage
+
+2. **Memory Metrics:**
+   - SmartMetrics calculates `maxMemoryMB` as minimum of:
+     - V8 heap size limit
+     - System total memory
+     - Docker memory limit (if available)
+   - Provides `memoryUsageBytes` (total process memory including children)
+   - Provides `memoryPercentage` (pre-calculated percentage)
+   - UI was only showing heap usage, missing actual memory constraints
+
+### Changes Made
+1. **MetricsManager Enhanced:**
+   - Added `maxMemoryMB` from SmartMetrics instance
+   - Added `actualUsageBytes` from SmartMetrics data
+   - Added `actualUsagePercentage` from SmartMetrics data
+   - Kept existing memory fields for compatibility
+
+2. **Interface Updated:**
+   - Added optional fields to `IServerStats.memoryUsage`
+   - Fields are optional to maintain backward compatibility
+
+3. **UI Fixed:**
+   - Removed incorrect CPU division by 2
+   - Uses `actualUsagePercentage` when available (falls back to heap percentage)
+   - Shows actual memory usage vs max memory limit (not just heap)
+
+### Result
+- CPU now shows accurate usage percentage
+- Memory shows percentage of actual constraints (Docker/system/V8 limits)
+- Better monitoring for containerized environments
+
+## Network UI Implementation (2025-06-20) - COMPLETED
+
+### Overview
+Revamped the Network UI to display real network data from SmartProxy instead of mock data.
+
+### Architecture
+1. **MetricsManager Integration:**
+   - Already integrates with SmartProxy via `dcRouter.smartProxy.getStats()`
+   - Extended with `getNetworkStats()` method to expose unused metrics:
+     - `getConnectionsByIP()` - Connection counts by IP address
+     - `getThroughputRate()` - Real-time bandwidth rates (bytes/second)
+     - `getTopIPs()` - Top connecting IPs sorted by connection count
+   - Note: SmartProxy base interface doesn't include all methods, manual implementation required
+
+2. **Existing Infrastructure Leveraged:**
+   - `getActiveConnections` endpoint already exists in security.handler.ts
+   - Enhanced to include real SmartProxy data via MetricsManager
+   - IConnectionInfo interface already supports network data structures
+
+3. **State Management:**
+   - Added `INetworkState` interface following existing patterns
+   - Created `networkStatePart` with connections, throughput, and IP data
+   - Integrated with existing auto-refresh mechanism
+
+4. **UI Changes (Minimal):**
+   - Removed `generateMockData()` method and all mock generation
+   - Connected to real `networkStatePart` state
+   - Added `renderTopIPs()` section to display top connected IPs
+   - Updated traffic chart to show real request data
+   - Kept all existing UI components (DeesTable, DeesChartArea)
+
+### Implementation Details
+1. **Data Transformation:**
+   - Converts IConnectionInfo[] to INetworkRequest[] for table display
+   - Calculates traffic buckets based on selected time range
+   - Maps connection data to chart-compatible format
+
+2. **Real Metrics Displayed:**
+   - Active connections count (from server stats)
+   - Requests per second (calculated from recent connections)
+   - Throughput rates (currently showing 0 until SmartProxy exposes rates)
+   - Top IPs with connection counts and percentages
+
+3. **TypeScript Fixes:**
+   - SmartProxy methods like `getThroughputRate()` not in base interface
+   - Implemented manual fallbacks for missing methods
+   - Fixed `publicIpv4` → `publicIp` property name
+
+### Result
+- Network view now shows real connection activity
+- Auto-refreshes with other stats every second
+- Displays actual IPs and connection counts
+- No more mock/demo data
+- Minimal code changes (streamlined approach)
+
+### Throughput Data Fix (2025-06-20)
+The throughput was showing 0 because:
+1. MetricsManager was hardcoding throughputRate to 0, assuming the method didn't exist
+2. SmartProxy's `getStats()` returns `IProxyStats` interface, but the actual object (`MetricsCollector`) implements `IProxyStatsExtended`
+3. `getThroughputRate()` only exists in the extended interface
+
+**Solution implemented:**
+1. Updated MetricsManager to check if methods exist at runtime and call them
+2. Added property name mapping (`bytesInPerSec` → `bytesInPerSecond`)
+3. Created new `getNetworkStats` endpoint in security.handler.ts
+4. Updated frontend to call the new endpoint for complete network metrics
+
+The throughput data now flows correctly from SmartProxy → MetricsManager → API → UI.
+
+## Email Operations Dashboard (2026-02-01)
+
+### Overview
+Replaced mock data in the email UI with real backend data from the delivery queue and security logger.
+
+### New Files Created
+- `ts_interfaces/requests/email-ops.ts` - TypedRequest interfaces for email operations
+- `ts/opsserver/handlers/email-ops.handler.ts` - Backend handler for email operations
+
+### Key Interfaces
+- `IReq_GetQueuedEmails` - Fetch emails from delivery queue by status
+- `IReq_GetSentEmails` - Fetch delivered emails
+- `IReq_GetFailedEmails` - Fetch failed emails
+- `IReq_ResendEmail` - Re-queue a failed email for retry
+- `IReq_GetSecurityIncidents` - Fetch security events from SecurityLogger
+- `IReq_GetBounceRecords` - Fetch bounce records and suppression list
+- `IReq_RemoveFromSuppressionList` - Remove email from suppression list
+
+### UI Changes (ops-view-emails.ts)
+- Replaced mock folders (inbox/sent/draft/trash) with operations views:
+  - **Queued**: Emails pending delivery
+  - **Sent**: Successfully delivered emails
+  - **Failed**: Failed emails with resend capability
+  - **Security**: Security incidents from SecurityLogger
+- Removed `generateMockEmails()` method
+- Added state management via `emailOpsStatePart` in appstate.ts
+- Added resend button for failed emails
+- Added security incident detail view
+
+### Data Flow
+```
+UnifiedDeliveryQueue → EmailOpsHandler → TypedRequest → Frontend State → UI
+SecurityLogger → EmailOpsHandler → TypedRequest → Frontend State → UI
+BounceManager → EmailOpsHandler → TypedRequest → Frontend State → UI
+```
+
+### Backend Data Access
+The handler accesses data from:
+- `dcRouter.emailServer.deliveryQueue` - Email queue items (IQueueItem)
+- `SecurityLogger.getInstance()` - Security events (ISecurityEvent)
+- `emailServer.bounceManager` - Bounce records and suppression list
+
+## OpsServer UI Fixes (2026-02-02)
+
+### Configuration Page Fix
+The configuration page had field name mismatches between frontend and backend:
+- Frontend expected `server` and `storage` sections
+- Backend returns `proxy` section (not `server`)
+- Backend has no `storage` section
+
+**Fix**: Updated `ops-view-config.ts` to use correct section names:
+- `proxy` instead of `server`
+- Removed non-existent `storage` section
+- Added optional chaining (`?.`) for safety
+
+### Auth Persistence Fix
+Login state was using `'soft'` mode in Smartstate which is memory-only:
+- User login was lost on page refresh
+- State reset to logged out after browser restart
+
+**Changes**:
+1. `ts_web/appstate.ts`: Changed loginStatePart from `'soft'` to `'persistent'`
+   - Now uses IndexedDB to persist across browser sessions
+2. `ts/opsserver/handlers/admin.handler.ts`: JWT expiry changed from 7 days to 24 hours
+3. `ts_web/elements/ops-dashboard.ts`: Added JWT expiry check on session restore
+   - Validates stored JWT hasn't expired before auto-logging in
+   - Clears expired sessions and shows login form
+
+## Config UI Read-Only Conversion (2026-02-03)
+
+### Overview
+The configuration UI has been converted from an editable interface to a read-only display. DcRouter is configured through code or remotely, not through the UI.
+
+### Changes Made
+
+1. **Backend (`ts/opsserver/handlers/config.handler.ts`)**:
+   - Removed `updateConfiguration` handler
+   - Removed `updateConfiguration()` private method
+   - Kept `getConfiguration` handler (read-only)
+
+2. **Interfaces (`ts_interfaces/requests/config.ts`)**:
+   - Removed `IReq_UpdateConfiguration` interface
+   - Kept `IReq_GetConfiguration` interface
+
+3. **Frontend (`ts_web/elements/ops-view-config.ts`)**:
+   - Removed `editingSection` and `editedConfig` state properties
+   - Removed `startEdit()`, `cancelEdit()`, `saveConfig()` methods
+   - Removed Edit/Save/Cancel buttons
+   - Removed warning banner about immediate changes
+   - Enhanced read-only display with:
+     - Status badges for boolean values (enabled/disabled)
+     - Array display as pills/tags with counts
+     - Section icons (mail, globe, network, shield)
+     - Better formatting for numbers and byte sizes
+     - Empty state handling ("Not configured", "None configured")
+     - Info note explaining configuration is read-only
+
+4. **State Management (`ts_web/appstate.ts`)**:
+   - Removed `updateConfigurationAction`
+   - Kept `fetchConfigurationAction` (read-only)
+
+5. **Tests (`test/test.protected-endpoint.ts`)**:
+   - Replaced `updateConfiguration` tests with `verifyIdentity` tests
+   - Added test for read-only config access
+   - Kept auth flow testing with different protected endpoint
+
+6. **Documentation**:
+   - `readme.md`: Updated API endpoints to show config as read-only
+   - `ts_web/readme.md`: Removed `updateConfigurationAction` from actions list
+   - `ts_interfaces/readme.md`: Removed `IReq_UpdateConfiguration` from table
+
+### Visual Display Features
+- Boolean values shown as colored badges (green=enabled, red=disabled)
+- Arrays displayed as pills with count summaries
+- Section headers with relevant Lucide icons
+- Numbers formatted with locale separators
+- Byte sizes auto-formatted (B, KB, MB, GB)
+- Time values shown with "seconds" suffix
+- Nested objects with visual indentation
+
+## Smartdata Cache System (2026-02-03)
+
+### Overview
+DcRouter now uses smartdata + LocalTsmDb for persistent caching. Data is stored at `~/.serve.zone/dcrouter/tsmdb`.
+
+### Technology Stack
+| Layer | Package | Purpose |
+|-------|---------|---------|
+| ORM | `@push.rocks/smartdata` | Document classes, decorators, queries |
+| Database | `@push.rocks/smartmongo` (LocalTsmDb) | Embedded TsmDB via Unix socket |
+
+### TC39 Decorators
+The project uses TC39 Stage 3 decorators (not experimental decorators). The tsconfig was updated:
+- Removed `experimentalDecorators: true`
+- Removed `emitDecoratorMetadata: true`
+
+This is required for smartdata v7+ compatibility.
+
+### Cache Document Classes
+Located in `ts/cache/documents/`:
+
+| Class | Purpose | Default TTL |
+|-------|---------|-------------|
+| `CachedEmail` | Email queue items | 30 days |
+| `CachedIPReputation` | IP reputation lookups | 24 hours |
+
+Note: CachedBounce, CachedSuppression, and CachedDKIMKey were removed in the smartmta migration (smartmta handles its own persistence for those).
+
+### Usage Pattern
+```typescript
+// Document classes use smartdata decorators
+@plugins.smartdata.Collection(() => getDb())
+export class CachedEmail extends CachedDocument<CachedEmail> {
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.DAYS_30);
+
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id: string;
+  // ...
+}
+
+// Query examples
+const email = await CachedEmail.getInstance({ id: 'abc123' });
+const pending = await CachedEmail.getInstances({ status: 'pending' });
+await email.save();
+await email.delete();
+```
+
+### Configuration
+```typescript
+const dcRouter = new DcRouter({
+  cacheConfig: {
+    enabled: true,
+    storagePath: '~/.serve.zone/dcrouter/tsmdb',
+    dbName: 'dcrouter',
+    cleanupIntervalHours: 1,
+    ttlConfig: {
+      emails: 30,       // days
+      ipReputation: 1,  // days
+      bounces: 30,      // days
+      dkimKeys: 90,     // days
+      suppression: 30   // days
+    }
+  }
+});
+```
+
+### Cache Cleaner
+- Runs hourly by default (configurable via `cleanupIntervalHours`)
+- Finds and deletes documents where `expiresAt < now()`
+- Uses smartdata's `getInstances()` + `delete()` pattern
+
+### Key Files
+- `ts/cache/classes.cachedb.ts` - CacheDb singleton wrapper
+- `ts/cache/classes.cached.document.ts` - Base class with TTL support
+- `ts/cache/classes.cache.cleaner.ts` - Periodic cleanup service
+- `ts/cache/documents/*.ts` - Document class definitions

readme.plan.md

@@ -1,428 +0,0 @@
-# Platform Service - SmartProxy Architecture Update Plan
-
-**Command to reread CLAUDE.md: `cat /home/philkunz/.claude/CLAUDE.md`**
-
-## Overview
-
-SmartProxy has undergone a major architectural update, moving from a direct port-to-port proxy configuration to a flexible route-based system. This plan outlines the necessary updates to integrate these changes into the platformservice while retaining all SmartProxy functionality.
-
-## New SmartProxy Architecture
-
-### Previous Architecture (Legacy)
-```typescript
-// Old configuration style
-{
-  fromPort: 443,
-  toPort: 8080,
-  targetIP: 'backend.server.com',
-  sniEnabled: true,
-  domainConfigs: [
-    {
-      domain: 'example.com',
-      target: 'backend1.server.com',
-      port: 8081
-    }
-  ]
-}
-```
-
-### New Architecture (Route-Based)
-```typescript
-// New configuration style - FULL SmartProxy functionality
-{
-  routes: [
-    {
-      name: 'https-traffic',
-      match: {
-        ports: 443,
-        domains: ['example.com', '*.example.com']
-      },
-      action: {
-        type: 'forward',
-        target: {
-          host: 'backend.server.com',
-          port: 8080
-        }
-      },
-      tls: {
-        mode: 'terminate',
-        certificate: 'auto'
-      }
-    }
-  ],
-  defaults: {
-    target: {
-      host: 'fallback.server.com',
-      port: 8080
-    },
-    security: {
-      ipAllowList: ['192.168.1.0/24'],
-      maxConnections: 1000
-    }
-  }
-}
-```
-
-## Integration Approach
-
-### 1. Direct SmartProxy Configuration
-
-The DcRouter will expose the full SmartProxy configuration directly, with additional email integration that automatically adds email routes to SmartProxy:
-
-```typescript
-export interface IDcRouterOptions {
-  /**
-   * Full SmartProxy configuration - ALL SmartProxy features available
-   * This handles HTTP/HTTPS and general TCP/SNI traffic
-   */
-  smartProxyConfig?: plugins.smartproxy.ISmartProxyOptions;
-  
-  /**
-   * Email configuration - automatically creates SmartProxy routes for email ports
-   */
-  emailConfig?: IEmailConfig;
-  
-  /**
-   * Additional configuration options
-   */
-  tls?: {
-    contactEmail: string;
-    domain?: string;
-    certPath?: string;
-    keyPath?: string;
-  };
-  
-  /**
-   * DNS server configuration
-   */
-  dnsServerConfig?: plugins.smartdns.IDnsServerOptions;
-}
-```
-
-### 2. Email Route Auto-Generation
-
-When email configuration is provided, DcRouter will automatically generate SmartProxy routes for email traffic:
-
-```typescript
-private async setupSmartProxy() {
-  let routes: plugins.smartproxy.IRouteConfig[] = [];
-  let acmeConfig: plugins.smartproxy.IAcmeOptions | undefined;
-  
-  // If user provides full SmartProxy config, use it directly
-  if (this.options.smartProxyConfig) {
-    routes = this.options.smartProxyConfig.routes || [];
-    acmeConfig = this.options.smartProxyConfig.acme;
-  }
-  
-  // If email config exists, automatically add email routes
-  if (this.options.emailConfig) {
-    const emailRoutes = this.generateEmailRoutes(this.options.emailConfig);
-    routes = [...routes, ...emailRoutes];
-  }
-  
-  // Merge TLS/ACME configuration if provided at root level
-  if (this.options.tls && !acmeConfig) {
-    acmeConfig = {
-      accountEmail: this.options.tls.contactEmail,
-      enabled: true,
-      useProduction: true,
-      autoRenew: true,
-      renewThresholdDays: 30
-    };
-  }
-  
-  // Initialize SmartProxy with combined configuration
-  this.smartProxy = new plugins.smartproxy.SmartProxy({
-    ...this.options.smartProxyConfig,
-    routes,
-    acme: acmeConfig
-  });
-  
-  await this.smartProxy.start();
-  logger.info('SmartProxy started with route-based configuration');
-}
-
-private generateEmailRoutes(emailConfig: IEmailConfig): plugins.smartproxy.IRouteConfig[] {
-  const emailRoutes: plugins.smartproxy.IRouteConfig[] = [];
-  
-  // Create routes for each email port
-  for (const port of emailConfig.ports) {
-    // Handle different email ports differently
-    switch (port) {
-      case 25: // SMTP
-        emailRoutes.push({
-          name: 'smtp-route',
-          match: {
-            ports: [25]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost', // Forward to internal email server
-              port: 10025 // Internal email server port
-            }
-          },
-          // No TLS termination for port 25 (STARTTLS handled by email server)
-          tls: {
-            mode: 'passthrough'
-          }
-        });
-        break;
-        
-      case 587: // Submission
-        emailRoutes.push({
-          name: 'submission-route',
-          match: {
-            ports: [587]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost',
-              port: 10587
-            }
-          },
-          tls: {
-            mode: 'passthrough' // STARTTLS handled by email server
-          }
-        });
-        break;
-        
-      case 465: // SMTPS
-        emailRoutes.push({
-          name: 'smtps-route',
-          match: {
-            ports: [465]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: 'localhost',
-              port: 10465
-            }
-          },
-          tls: {
-            mode: 'terminate', // Terminate TLS and re-encrypt to email server
-            certificate: 'auto'
-          }
-        });
-        break;
-    }
-  }
-  
-  // Add domain-specific email routes if configured
-  if (emailConfig.domainRules) {
-    for (const rule of emailConfig.domainRules) {
-      // Extract domain from pattern (e.g., "*@example.com" -> "example.com")
-      const domain = rule.pattern.split('@')[1];
-      
-      if (domain && rule.mode === 'forward' && rule.target) {
-        emailRoutes.push({
-          name: `email-forward-${domain}`,
-          match: {
-            ports: emailConfig.ports,
-            domains: [domain]
-          },
-          action: {
-            type: 'forward',
-            target: {
-              host: rule.target.server,
-              port: rule.target.port || 25
-            }
-          },
-          tls: {
-            mode: rule.target.useTls ? 'terminate-and-reencrypt' : 'passthrough'
-          }
-        });
-      }
-    }
-  }
-  
-  return emailRoutes;
-}
-```
-
-### 3. Email Server Integration
-
-The email server will run on internal ports and receive traffic from SmartProxy:
-
-```typescript
-private async setupUnifiedEmailHandling() {
-  if (!this.options.emailConfig) {
-    logger.info('No email configuration provided');
-    return;
-  }
-
-  const emailConfig = this.options.emailConfig;
-  
-  // Map external ports to internal ports
-  const portMapping = {
-    25: 10025,   // SMTP
-    587: 10587,  // Submission
-    465: 10465   // SMTPS
-  };
-  
-  // Create internal email server configuration
-  const internalEmailConfig: IEmailConfig = {
-    ...emailConfig,
-    ports: emailConfig.ports.map(port => portMapping[port] || port + 10000),
-    hostname: 'localhost' // Listen on localhost for SmartProxy forwarding
-  };
-  
-  // Initialize email components with internal configuration
-  this.domainRouter = new DomainRouter({
-    domainRules: emailConfig.domainRules,
-    defaultMode: emailConfig.defaultMode,
-    defaultServer: emailConfig.defaultServer,
-    defaultPort: emailConfig.defaultPort,
-    defaultTls: emailConfig.defaultTls
-  });
-  
-  this.unifiedEmailServer = new UnifiedEmailServer({
-    ...internalEmailConfig,
-    domainRouter: this.domainRouter
-  });
-  
-  await this.unifiedEmailServer.start();
-  logger.info('Unified email server started on internal ports');
-}
-```
-
-## Usage Examples
-
-### Example 1: Combined HTTP and Email Configuration
-```typescript
-const dcRouter = new DcRouter({
-  // Full SmartProxy configuration for HTTP/HTTPS
-  smartProxyConfig: {
-    routes: [
-      {
-        name: 'web-traffic',
-        match: {
-          ports: [80, 443],
-          domains: ['www.example.com']
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: 'web-backend.example.com',
-            port: 8080
-          }
-        },
-        tls: {
-          mode: 'terminate',
-          certificate: 'auto'
-        }
-      }
-    ],
-    acme: {
-      accountEmail: 'admin@example.com',
-      enabled: true,
-      useProduction: true
-    }
-  },
-  
-  // Email configuration - automatically creates SmartProxy routes
-  emailConfig: {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    domainRules: [
-      {
-        pattern: '*@example.com',
-        mode: 'mta',
-        mtaOptions: {
-          dkimSign: true,
-          dkimOptions: {
-            domainName: 'example.com',
-            keySelector: 'mail',
-            privateKey: '...'
-          }
-        }
-      }
-    ],
-    defaultMode: 'forward',
-    defaultServer: 'backup-mail.example.com'
-  }
-});
-```
-
-### Example 2: Advanced SmartProxy Features with Email
-```typescript
-const dcRouter = new DcRouter({
-  smartProxyConfig: {
-    routes: [
-      // Custom API route with authentication
-      {
-        name: 'api-route',
-        match: {
-          ports: 443,
-          domains: 'api.example.com',
-          path: '/v1/*'
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: (context) => {
-              // Dynamic host selection based on context
-              return context.headers['x-api-version'] === 'v2' 
-                ? 'api-v2.backend.com' 
-                : 'api-v1.backend.com';
-            },
-            port: 9090
-          }
-        },
-        security: {
-          authentication: {
-            type: 'jwt',
-            jwtSecret: process.env.JWT_SECRET
-          },
-          rateLimit: {
-            maxRequestsPerMinute: 100,
-            maxRequestsPerSecond: 10
-          }
-        }
-      }
-    ],
-    // Advanced SmartProxy options
-    preserveSourceIP: true,
-    enableDetailedLogging: true,
-    maxConnectionsPerIP: 50,
-    connectionRateLimitPerMinute: 1000
-  },
-  
-  // Email automatically integrates with SmartProxy
-  emailConfig: {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    domainRules: []
-  }
-});
-```
-
-## Key Benefits
-
-1. **Full SmartProxy Power**: All SmartProxy features remain available
-2. **Automatic Email Integration**: Email ports are automatically routed through SmartProxy
-3. **Unified TLS Management**: SmartProxy handles all TLS termination and certificates
-4. **Flexible Configuration**: Mix custom SmartProxy routes with automatic email routes
-5. **Performance**: SmartProxy's efficient routing benefits email traffic too
-
-## Implementation Tasks
-
-- [ ] Update DcRouter to preserve full SmartProxy configuration
-- [ ] Implement automatic email route generation
-- [ ] Configure email server to run on internal ports
-- [ ] Test integration between SmartProxy and email server
-- [ ] Update documentation with full SmartProxy examples
-- [ ] Create migration guide showing how to use new features
-- [ ] Test advanced SmartProxy features with email routing
-- [ ] Verify TLS handling for different email ports
-- [ ] Test domain-specific email routing through SmartProxy
-
-## Notes
-
-- SmartProxy acts as the single entry point for all traffic (HTTP, HTTPS, and email)
-- Email server runs on internal ports and receives forwarded traffic from SmartProxy
-- TLS termination is handled by SmartProxy where appropriate
-- STARTTLS for email is handled by the email server itself
-- All SmartProxy features (rate limiting, authentication, dynamic routing) are available

test/readme.md

@@ -0,0 +1,443 @@
+# DCRouter SMTP Test Suite
+
+```
+test/
+├── readme.md                              # This file
+├── helpers/
+│   ├── server.loader.ts                  # SMTP server lifecycle management
+│   ├── utils.ts                          # Common test utilities
+│   └── smtp.client.ts                    # Test SMTP client utilities
+└── suite/
+    ├── smtpserver_commands/              # SMTP command tests (CMD)
+    ├── smtpserver_connection/            # Connection management tests (CM)
+    ├── smtpserver_edge-cases/            # Edge case tests (EDGE)
+    ├── smtpserver_email-processing/      # Email processing tests (EP)
+    ├── smtpserver_error-handling/        # Error handling tests (ERR)
+    ├── smtpserver_performance/           # Performance tests (PERF)
+    ├── smtpserver_reliability/           # Reliability tests (REL)
+    ├── smtpserver_rfc-compliance/        # RFC compliance tests (RFC)
+    └── smtpserver_security/              # Security tests (SEC)
+```
+
+## Test ID Convention
+
+All test files follow a strict naming convention: `test.<category-id>.<description>.ts`
+
+Examples:
+- `test.cmd-01.ehlo-command.ts` - EHLO command test
+- `test.cm-01.tls-connection.ts` - TLS connection test
+- `test.sec-01.authentication.ts` - Authentication test
+
+## Test Categories
+
+### 1. Connection Management (CM)
+
+Tests for validating SMTP connection handling, TLS support, and connection lifecycle management.
+
+| ID    | Test Description                          | Priority | Implementation |
+|-------|-------------------------------------------|----------|----------------|
+| CM-01 | TLS Connection Test                       | High     | `suite/smtpserver_connection/test.cm-01.tls-connection.ts` |
+| CM-02 | Multiple Simultaneous Connections         | High     | `suite/smtpserver_connection/test.cm-02.multiple-connections.ts` |
+| CM-03 | Connection Timeout                        | High     | `suite/smtpserver_connection/test.cm-03.connection-timeout.ts` |
+| CM-04 | Connection Limits                         | Medium   | `suite/smtpserver_connection/test.cm-04.connection-limits.ts` |
+| CM-05 | Connection Rejection                      | Medium   | `suite/smtpserver_connection/test.cm-05.connection-rejection.ts` |
+| CM-06 | STARTTLS Connection Upgrade               | High     | `suite/smtpserver_connection/test.cm-06.starttls-upgrade.ts` |
+| CM-07 | Abrupt Client Disconnection               | Medium   | `suite/smtpserver_connection/test.cm-07.abrupt-disconnection.ts` |
+| CM-08 | TLS Version Compatibility                 | Medium   | `suite/smtpserver_connection/test.cm-08.tls-versions.ts` |
+| CM-09 | TLS Cipher Configuration                  | Medium   | `suite/smtpserver_connection/test.cm-09.tls-ciphers.ts` |
+| CM-10 | Plain Connection Test                     | Low      | `suite/smtpserver_connection/test.cm-10.plain-connection.ts` |
+| CM-11 | TCP Keep-Alive Test                       | Low      | `suite/smtpserver_connection/test.cm-11.keepalive.ts` |
+
+### 2. SMTP Commands (CMD)
+
+Tests for validating proper SMTP protocol command implementation.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CMD-01 | EHLO Command                              | High     | `suite/smtpserver_commands/test.cmd-01.ehlo-command.ts` |
+| CMD-02 | MAIL FROM Command                         | High     | `suite/smtpserver_commands/test.cmd-02.mail-from.ts` |
+| CMD-03 | RCPT TO Command                           | High     | `suite/smtpserver_commands/test.cmd-03.rcpt-to.ts` |
+| CMD-04 | DATA Command                              | High     | `suite/smtpserver_commands/test.cmd-04.data-command.ts` |
+| CMD-05 | NOOP Command                              | Medium   | `suite/smtpserver_commands/test.cmd-05.noop-command.ts` |
+| CMD-06 | RSET Command                              | Medium   | `suite/smtpserver_commands/test.cmd-06.rset-command.ts` |
+| CMD-07 | VRFY Command                              | Low      | `suite/smtpserver_commands/test.cmd-07.vrfy-command.ts` |
+| CMD-08 | EXPN Command                              | Low      | `suite/smtpserver_commands/test.cmd-08.expn-command.ts` |
+| CMD-09 | SIZE Extension                            | Medium   | `suite/smtpserver_commands/test.cmd-09.size-extension.ts` |
+| CMD-10 | HELP Command                              | Low      | `suite/smtpserver_commands/test.cmd-10.help-command.ts` |
+| CMD-11 | Command Pipelining                        | Medium   | `suite/smtpserver_commands/test.cmd-11.command-pipelining.ts` |
+| CMD-12 | HELO Command                              | Low      | `suite/smtpserver_commands/test.cmd-12.helo-command.ts` |
+| CMD-13 | QUIT Command                              | High     | `suite/smtpserver_commands/test.cmd-13.quit-command.ts` |
+
+### 3. Email Processing (EP)
+
+Tests for validating email content handling, parsing, and delivery.
+
+| ID    | Test Description                          | Priority | Implementation |
+|-------|-------------------------------------------|----------|----------------|
+| EP-01 | Basic Email Sending                       | High     | `suite/smtpserver_email-processing/test.ep-01.basic-email-sending.ts` |
+| EP-02 | Invalid Email Address Handling            | High     | `suite/smtpserver_email-processing/test.ep-02.invalid-email-addresses.ts` |
+| EP-03 | Multiple Recipients                       | Medium   | `suite/smtpserver_email-processing/test.ep-03.multiple-recipients.ts` |
+| EP-04 | Large Email Handling                      | High     | `suite/smtpserver_email-processing/test.ep-04.large-email.ts` |
+| EP-05 | MIME Handling                             | High     | `suite/smtpserver_email-processing/test.ep-05.mime-handling.ts` |
+| EP-06 | Attachment Handling                       | Medium   | `suite/smtpserver_email-processing/test.ep-06.attachment-handling.ts` |
+| EP-07 | Special Character Handling                | Medium   | `suite/smtpserver_email-processing/test.ep-07.special-character-handling.ts` |
+| EP-08 | Email Routing                             | High     | `suite/smtpserver_email-processing/test.ep-08.email-routing.ts` |
+| EP-09 | Delivery Status Notifications             | Medium   | `suite/smtpserver_email-processing/test.ep-09.delivery-status-notifications.ts` |
+
+### 4. Security (SEC)
+
+Tests for validating security features and protections.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| SEC-01 | Authentication                            | High     | `suite/smtpserver_security/test.sec-01.authentication.ts` |
+| SEC-02 | Authorization                             | High     | `suite/smtpserver_security/test.sec-02.authorization.ts` |
+| SEC-03 | DKIM Processing                           | High     | `suite/smtpserver_security/test.sec-03.dkim-processing.ts` |
+| SEC-04 | SPF Checking                              | High     | `suite/smtpserver_security/test.sec-04.spf-checking.ts` |
+| SEC-05 | DMARC Policy Enforcement                  | Medium   | `suite/smtpserver_security/test.sec-05.dmarc-policy.ts` |
+| SEC-06 | IP Reputation Checking                    | High     | `suite/smtpserver_security/test.sec-06.ip-reputation.ts` |
+| SEC-07 | Content Scanning                          | Medium   | `suite/smtpserver_security/test.sec-07.content-scanning.ts` |
+| SEC-08 | Rate Limiting                             | High     | `suite/smtpserver_security/test.sec-08.rate-limiting.ts` |
+| SEC-09 | TLS Certificate Validation                | High     | `suite/smtpserver_security/test.sec-09.tls-certificate-validation.ts` |
+| SEC-10 | Header Injection Prevention               | High     | `suite/smtpserver_security/test.sec-10.header-injection-prevention.ts` |
+| SEC-11 | Bounce Management                         | Medium   | `suite/smtpserver_security/test.sec-11.bounce-management.ts` |
+
+### 5. Error Handling (ERR)
+
+Tests for validating proper error handling and recovery.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| ERR-01 | Syntax Error Handling                     | High     | `suite/smtpserver_error-handling/test.err-01.syntax-errors.ts` |
+| ERR-02 | Invalid Sequence Handling                 | High     | `suite/smtpserver_error-handling/test.err-02.invalid-sequence.ts` |
+| ERR-03 | Temporary Failure Handling                | Medium   | `suite/smtpserver_error-handling/test.err-03.temporary-failures.ts` |
+| ERR-04 | Permanent Failure Handling                | Medium   | `suite/smtpserver_error-handling/test.err-04.permanent-failures.ts` |
+| ERR-05 | Resource Exhaustion Handling              | High     | `suite/smtpserver_error-handling/test.err-05.resource-exhaustion.ts` |
+| ERR-06 | Malformed MIME Handling                   | Medium   | `suite/smtpserver_error-handling/test.err-06.malformed-mime.ts` |
+| ERR-07 | Exception Handling                        | High     | `suite/smtpserver_error-handling/test.err-07.exception-handling.ts` |
+| ERR-08 | Error Logging                             | Medium   | `suite/smtpserver_error-handling/test.err-08.error-logging.ts` |
+
+### 6. Performance (PERF)
+
+Tests for validating performance characteristics and benchmarks.
+
+| ID      | Test Description                         | Priority | Implementation |
+|---------|------------------------------------------|----------|----------------|
+| PERF-01 | Throughput Testing                       | Medium   | `suite/smtpserver_performance/test.perf-01.throughput.ts` |
+| PERF-02 | Concurrency Testing                      | High     | `suite/smtpserver_performance/test.perf-02.concurrency.ts` |
+| PERF-03 | CPU Utilization                          | Medium   | `suite/smtpserver_performance/test.perf-03.cpu-utilization.ts` |
+| PERF-04 | Memory Usage                             | Medium   | `suite/smtpserver_performance/test.perf-04.memory-usage.ts` |
+| PERF-05 | Connection Processing Time               | Medium   | `suite/smtpserver_performance/test.perf-05.connection-processing-time.ts` |
+| PERF-06 | Message Processing Time                  | Medium   | `suite/smtpserver_performance/test.perf-06.message-processing-time.ts` |
+| PERF-07 | Resource Cleanup                         | High     | `suite/smtpserver_performance/test.perf-07.resource-cleanup.ts` |
+
+### 7. Reliability (REL)
+
+Tests for validating system reliability and stability.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| REL-01 | Long-Running Operation                    | High     | `suite/smtpserver_reliability/test.rel-01.long-running-operation.ts` |
+| REL-02 | Restart Recovery                          | High     | `suite/smtpserver_reliability/test.rel-02.restart-recovery.ts` |
+| REL-03 | Resource Leak Detection                   | High     | `suite/smtpserver_reliability/test.rel-03.resource-leak-detection.ts` |
+| REL-04 | Error Recovery                            | High     | `suite/smtpserver_reliability/test.rel-04.error-recovery.ts` |
+| REL-05 | DNS Resolution Failure Handling           | Medium   | `suite/smtpserver_reliability/test.rel-05.dns-resolution-failure.ts` |
+| REL-06 | Network Interruption Handling             | Medium   | `suite/smtpserver_reliability/test.rel-06.network-interruption.ts` |
+
+### 8. Edge Cases (EDGE)
+
+Tests for validating handling of unusual or extreme scenarios.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| EDGE-01 | Very Large Email                          | Low      | `suite/smtpserver_edge-cases/test.edge-01.very-large-email.ts` |
+| EDGE-02 | Very Small Email                          | Low      | `suite/smtpserver_edge-cases/test.edge-02.very-small-email.ts` |
+| EDGE-03 | Invalid Character Handling                | Medium   | `suite/smtpserver_edge-cases/test.edge-03.invalid-character-handling.ts` |
+| EDGE-04 | Empty Commands                            | Low      | `suite/smtpserver_edge-cases/test.edge-04.empty-commands.ts` |
+| EDGE-05 | Extremely Long Lines                      | Medium   | `suite/smtpserver_edge-cases/test.edge-05.extremely-long-lines.ts` |
+| EDGE-06 | Extremely Long Headers                    | Medium   | `suite/smtpserver_edge-cases/test.edge-06.extremely-long-headers.ts` |
+| EDGE-07 | Unusual MIME Types                        | Low      | `suite/smtpserver_edge-cases/test.edge-07.unusual-mime-types.ts` |
+| EDGE-08 | Nested MIME Structures                    | Low      | `suite/smtpserver_edge-cases/test.edge-08.nested-mime-structures.ts` |
+
+### 9. RFC Compliance (RFC)
+
+Tests for validating compliance with SMTP-related RFCs.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| RFC-01 | RFC 5321 Compliance                       | High     | `suite/smtpserver_rfc-compliance/test.rfc-01.rfc5321-compliance.ts` |
+| RFC-02 | RFC 5322 Compliance                       | High     | `suite/smtpserver_rfc-compliance/test.rfc-02.rfc5322-compliance.ts` |
+| RFC-03 | RFC 7208 SPF Compliance                   | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-03.rfc7208-spf-compliance.ts` |
+| RFC-04 | RFC 6376 DKIM Compliance                  | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-04.rfc6376-dkim-compliance.ts` |
+| RFC-05 | RFC 7489 DMARC Compliance                 | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-05.rfc7489-dmarc-compliance.ts` |
+| RFC-06 | RFC 8314 TLS Compliance                   | Medium   | `suite/smtpserver_rfc-compliance/test.rfc-06.rfc8314-tls-compliance.ts` |
+| RFC-07 | RFC 3461 DSN Compliance                   | Low      | `suite/smtpserver_rfc-compliance/test.rfc-07.rfc3461-dsn-compliance.ts` |
+
+## SMTP Client Test Suite
+
+The following test categories ensure our SMTP client is production-ready, RFC-compliant, and handles all real-world scenarios properly.
+
+### Client Test Organization
+
+```
+test/
+└── suite/
+    ├── smtpclient_connection/          # Client connection management tests (CCM)
+    ├── smtpclient_commands/            # Client command execution tests (CCMD)
+    ├── smtpclient_email-composition/   # Email composition tests (CEP)
+    ├── smtpclient_security/            # Client security tests (CSEC)
+    ├── smtpclient_error-handling/      # Client error handling tests (CERR)
+    ├── smtpclient_performance/         # Client performance tests (CPERF)
+    ├── smtpclient_reliability/         # Client reliability tests (CREL)
+    ├── smtpclient_edge-cases/          # Client edge case tests (CEDGE)
+    └── smtpclient_rfc-compliance/      # Client RFC compliance tests (CRFC)
+```
+
+### 10. Client Connection Management (CCM)
+
+Tests for validating how the SMTP client establishes and manages connections to servers.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CCM-01 | Basic TCP Connection                      | High     | `suite/smtpclient_connection/test.ccm-01.basic-tcp-connection.ts` |
+| CCM-02 | TLS Connection Establishment              | High     | `suite/smtpclient_connection/test.ccm-02.tls-connection.ts` |
+| CCM-03 | STARTTLS Upgrade                          | High     | `suite/smtpclient_connection/test.ccm-03.starttls-upgrade.ts` |
+| CCM-04 | Connection Pooling                        | High     | `suite/smtpclient_connection/test.ccm-04.connection-pooling.ts` |
+| CCM-05 | Connection Reuse                          | Medium   | `suite/smtpclient_connection/test.ccm-05.connection-reuse.ts` |
+| CCM-06 | Connection Timeout Handling               | High     | `suite/smtpclient_connection/test.ccm-06.connection-timeout.ts` |
+| CCM-07 | Automatic Reconnection                    | High     | `suite/smtpclient_connection/test.ccm-07.automatic-reconnection.ts` |
+| CCM-08 | DNS Resolution & MX Records               | High     | `suite/smtpclient_connection/test.ccm-08.dns-mx-resolution.ts` |
+| CCM-09 | IPv4/IPv6 Dual Stack Support             | Medium   | `suite/smtpclient_connection/test.ccm-09.dual-stack-support.ts` |
+| CCM-10 | Proxy Support (SOCKS/HTTP)               | Low      | `suite/smtpclient_connection/test.ccm-10.proxy-support.ts` |
+| CCM-11 | Keep-Alive Management                     | Medium   | `suite/smtpclient_connection/test.ccm-11.keepalive-management.ts` |
+
+### 11. Client Command Execution (CCMD)
+
+Tests for validating how the client sends SMTP commands and processes responses.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CCMD-01 | EHLO/HELO Command Sending                 | High     | `suite/smtpclient_commands/test.ccmd-01.ehlo-helo-sending.ts` |
+| CCMD-02 | MAIL FROM Command with Parameters        | High     | `suite/smtpclient_commands/test.ccmd-02.mail-from-parameters.ts` |
+| CCMD-03 | RCPT TO Command with Multiple Recipients | High     | `suite/smtpclient_commands/test.ccmd-03.rcpt-to-multiple.ts` |
+| CCMD-04 | DATA Command and Content Transmission    | High     | `suite/smtpclient_commands/test.ccmd-04.data-transmission.ts` |
+| CCMD-05 | AUTH Command (LOGIN, PLAIN, CRAM-MD5)   | High     | `suite/smtpclient_commands/test.ccmd-05.auth-mechanisms.ts` |
+| CCMD-06 | Command Pipelining                       | Medium   | `suite/smtpclient_commands/test.ccmd-06.command-pipelining.ts` |
+| CCMD-07 | Response Code Parsing                    | High     | `suite/smtpclient_commands/test.ccmd-07.response-parsing.ts` |
+| CCMD-08 | Extended Response Handling               | Medium   | `suite/smtpclient_commands/test.ccmd-08.extended-responses.ts` |
+| CCMD-09 | QUIT Command and Graceful Disconnect     | High     | `suite/smtpclient_commands/test.ccmd-09.quit-disconnect.ts` |
+| CCMD-10 | RSET Command Usage                       | Medium   | `suite/smtpclient_commands/test.ccmd-10.rset-usage.ts` |
+| CCMD-11 | NOOP Keep-Alive                          | Low      | `suite/smtpclient_commands/test.ccmd-11.noop-keepalive.ts` |
+
+### 12. Client Email Composition (CEP)
+
+Tests for validating email composition, formatting, and encoding.
+
+| ID     | Test Description                          | Priority | Implementation |
+|--------|-------------------------------------------|----------|----------------|
+| CEP-01 | Basic Email Headers                       | High     | `suite/smtpclient_email-composition/test.cep-01.basic-headers.ts` |
+| CEP-02 | MIME Multipart Messages                   | High     | `suite/smtpclient_email-composition/test.cep-02.mime-multipart.ts` |
+| CEP-03 | Attachment Encoding                       | High     | `suite/smtpclient_email-composition/test.cep-03.attachment-encoding.ts` |
+| CEP-04 | UTF-8 and International Characters       | High     | `suite/smtpclient_email-composition/test.cep-04.utf8-international.ts` |
+| CEP-05 | Base64 and Quoted-Printable Encoding    | Medium   | `suite/smtpclient_email-composition/test.cep-05.content-encoding.ts` |
+| CEP-06 | HTML Email with Inline Images           | Medium   | `suite/smtpclient_email-composition/test.cep-06.html-inline-images.ts` |
+| CEP-07 | Custom Headers                          | Low      | `suite/smtpclient_email-composition/test.cep-07.custom-headers.ts` |
+| CEP-08 | Message-ID Generation                   | Medium   | `suite/smtpclient_email-composition/test.cep-08.message-id.ts` |
+| CEP-09 | Date Header Formatting                  | Medium   | `suite/smtpclient_email-composition/test.cep-09.date-formatting.ts` |
+| CEP-10 | Line Length Limits (RFC 5322)          | High     | `suite/smtpclient_email-composition/test.cep-10.line-length-limits.ts` |
+
+### 13. Client Security (CSEC)
+
+Tests for client-side security features and protections.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CSEC-01 | TLS Certificate Verification              | High     | `suite/smtpclient_security/test.csec-01.tls-verification.ts` |
+| CSEC-02 | Authentication Mechanisms                 | High     | `suite/smtpclient_security/test.csec-02.auth-mechanisms.ts` |
+| CSEC-03 | OAuth2 Support                           | Medium   | `suite/smtpclient_security/test.csec-03.oauth2-support.ts` |
+| CSEC-04 | Password Security (No Plaintext)         | High     | `suite/smtpclient_security/test.csec-04.password-security.ts` |
+| CSEC-05 | DKIM Signing                             | High     | `suite/smtpclient_security/test.csec-05.dkim-signing.ts` |
+| CSEC-06 | SPF Record Compliance                    | Medium   | `suite/smtpclient_security/test.csec-06.spf-compliance.ts` |
+| CSEC-07 | Secure Credential Storage                | High     | `suite/smtpclient_security/test.csec-07.credential-storage.ts` |
+| CSEC-08 | TLS Version Enforcement                  | High     | `suite/smtpclient_security/test.csec-08.tls-version-enforcement.ts` |
+| CSEC-09 | Certificate Pinning                      | Low      | `suite/smtpclient_security/test.csec-09.certificate-pinning.ts` |
+| CSEC-10 | Injection Attack Prevention              | High     | `suite/smtpclient_security/test.csec-10.injection-prevention.ts` |
+
+### 14. Client Error Handling (CERR)
+
+Tests for how the client handles various error conditions.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CERR-01 | 4xx Error Response Handling              | High     | `suite/smtpclient_error-handling/test.cerr-01.4xx-errors.ts` |
+| CERR-02 | 5xx Error Response Handling              | High     | `suite/smtpclient_error-handling/test.cerr-02.5xx-errors.ts` |
+| CERR-03 | Network Failure Recovery                 | High     | `suite/smtpclient_error-handling/test.cerr-03.network-failures.ts` |
+| CERR-04 | Timeout Recovery                         | High     | `suite/smtpclient_error-handling/test.cerr-04.timeout-recovery.ts` |
+| CERR-05 | Retry Logic with Backoff                | High     | `suite/smtpclient_error-handling/test.cerr-05.retry-backoff.ts` |
+| CERR-06 | Greylisting Handling                    | Medium   | `suite/smtpclient_error-handling/test.cerr-06.greylisting.ts` |
+| CERR-07 | Rate Limit Response Handling            | High     | `suite/smtpclient_error-handling/test.cerr-07.rate-limits.ts` |
+| CERR-08 | Malformed Server Response               | Medium   | `suite/smtpclient_error-handling/test.cerr-08.malformed-responses.ts` |
+| CERR-09 | Connection Drop During Transfer         | High     | `suite/smtpclient_error-handling/test.cerr-09.connection-drops.ts` |
+| CERR-10 | Authentication Failure Handling         | High     | `suite/smtpclient_error-handling/test.cerr-10.auth-failures.ts` |
+
+### 15. Client Performance (CPERF)
+
+Tests for client performance characteristics and optimization.
+
+| ID       | Test Description                          | Priority | Implementation |
+|----------|-------------------------------------------|----------|----------------|
+| CPERF-01 | Bulk Email Sending                       | High     | `suite/smtpclient_performance/test.cperf-01.bulk-sending.ts` |
+| CPERF-02 | Connection Pool Efficiency               | High     | `suite/smtpclient_performance/test.cperf-02.pool-efficiency.ts` |
+| CPERF-03 | Memory Usage Under Load                  | High     | `suite/smtpclient_performance/test.cperf-03.memory-usage.ts` |
+| CPERF-04 | CPU Usage Optimization                   | Medium   | `suite/smtpclient_performance/test.cperf-04.cpu-optimization.ts` |
+| CPERF-05 | Parallel Sending Performance             | High     | `suite/smtpclient_performance/test.cperf-05.parallel-sending.ts` |
+| CPERF-06 | Large Attachment Handling                | Medium   | `suite/smtpclient_performance/test.cperf-06.large-attachments.ts` |
+| CPERF-07 | Queue Management                         | High     | `suite/smtpclient_performance/test.cperf-07.queue-management.ts` |
+| CPERF-08 | DNS Caching Efficiency                   | Medium   | `suite/smtpclient_performance/test.cperf-08.dns-caching.ts` |
+
+### 16. Client Reliability (CREL)
+
+Tests for client reliability and resilience.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CREL-01 | Long Running Stability                   | High     | `suite/smtpclient_reliability/test.crel-01.long-running.ts` |
+| CREL-02 | Failover to Backup MX                   | High     | `suite/smtpclient_reliability/test.crel-02.mx-failover.ts` |
+| CREL-03 | Queue Persistence                       | High     | `suite/smtpclient_reliability/test.crel-03.queue-persistence.ts` |
+| CREL-04 | Crash Recovery                          | High     | `suite/smtpclient_reliability/test.crel-04.crash-recovery.ts` |
+| CREL-05 | Memory Leak Prevention                  | High     | `suite/smtpclient_reliability/test.crel-05.memory-leaks.ts` |
+| CREL-06 | Concurrent Operation Safety             | High     | `suite/smtpclient_reliability/test.crel-06.concurrency-safety.ts` |
+| CREL-07 | Resource Cleanup                        | Medium   | `suite/smtpclient_reliability/test.crel-07.resource-cleanup.ts` |
+
+### 17. Client Edge Cases (CEDGE)
+
+Tests for unusual scenarios and edge cases.
+
+| ID       | Test Description                          | Priority | Implementation |
+|----------|-------------------------------------------|----------|----------------|
+| CEDGE-01 | Extremely Slow Server Response           | Medium   | `suite/smtpclient_edge-cases/test.cedge-01.slow-server.ts` |
+| CEDGE-02 | Server Sending Invalid UTF-8             | Low      | `suite/smtpclient_edge-cases/test.cedge-02.invalid-utf8.ts` |
+| CEDGE-03 | Extremely Large Recipients List          | Medium   | `suite/smtpclient_edge-cases/test.cedge-03.large-recipient-list.ts` |
+| CEDGE-04 | Zero-Byte Attachments                    | Low      | `suite/smtpclient_edge-cases/test.cedge-04.zero-byte-attachments.ts` |
+| CEDGE-05 | Server Disconnect Mid-Command            | High     | `suite/smtpclient_edge-cases/test.cedge-05.mid-command-disconnect.ts` |
+| CEDGE-06 | Unusual Server Banners                   | Low      | `suite/smtpclient_edge-cases/test.cedge-06.unusual-banners.ts` |
+| CEDGE-07 | Non-Standard Port Connections            | Medium   | `suite/smtpclient_edge-cases/test.cedge-07.non-standard-ports.ts` |
+
+### 18. Client RFC Compliance (CRFC)
+
+Tests for RFC compliance from the client perspective.
+
+| ID      | Test Description                          | Priority | Implementation |
+|---------|-------------------------------------------|----------|----------------|
+| CRFC-01 | RFC 5321 Client Requirements             | High     | `suite/smtpclient_rfc-compliance/test.crfc-01.rfc5321-client.ts` |
+| CRFC-02 | RFC 5322 Message Format                  | High     | `suite/smtpclient_rfc-compliance/test.crfc-02.rfc5322-format.ts` |
+| CRFC-03 | RFC 2045-2049 MIME Compliance           | High     | `suite/smtpclient_rfc-compliance/test.crfc-03.mime-compliance.ts` |
+| CRFC-04 | RFC 4954 AUTH Extension                 | High     | `suite/smtpclient_rfc-compliance/test.crfc-04.auth-extension.ts` |
+| CRFC-05 | RFC 3207 STARTTLS                      | High     | `suite/smtpclient_rfc-compliance/test.crfc-05.starttls.ts` |
+| CRFC-06 | RFC 1870 SIZE Extension                 | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-06.size-extension.ts` |
+| CRFC-07 | RFC 6152 8BITMIME Extension            | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-07.8bitmime.ts` |
+| CRFC-08 | RFC 2920 Command Pipelining            | Medium   | `suite/smtpclient_rfc-compliance/test.crfc-08.pipelining.ts` |
+
+## Running SMTP Client Tests
+
+### Run All Client Tests
+```bash
+cd dcrouter
+pnpm test test/suite/smtpclient_*
+```
+
+### Run Specific Client Test Category
+```bash
+# Run all client connection tests
+pnpm test test/suite/smtpclient_connection
+
+# Run all client security tests
+pnpm test test/suite/smtpclient_security
+```
+
+### Run Single Client Test File
+```bash
+# Run basic TCP connection test
+tsx test/suite/smtpclient_connection/test.ccm-01.basic-tcp-connection.ts
+
+# Run AUTH mechanisms test
+tsx test/suite/smtpclient_commands/test.ccmd-05.auth-mechanisms.ts
+```
+
+## Client Performance Benchmarks
+
+Expected performance metrics for production-ready SMTP client:
+- **Sending Rate**: >100 emails per second (with connection pooling)
+- **Connection Pool Size**: 10-50 concurrent connections efficiently managed
+- **Memory Usage**: <500MB for 1000 concurrent email operations
+- **DNS Cache Hit Rate**: >90% for repeated domains
+- **Retry Success Rate**: >95% for temporary failures
+- **Large Attachment Support**: Files up to 25MB without performance degradation
+- **Queue Processing**: >1000 emails/minute with persistent queue
+
+## Client Security Requirements
+
+All client security tests must pass for production deployment:
+- **TLS Support**: TLS 1.2+ required, TLS 1.3 preferred
+- **Authentication**: Support for LOGIN, PLAIN, CRAM-MD5, OAuth2
+- **Certificate Validation**: Proper certificate chain validation
+- **DKIM Signing**: Automatic DKIM signature generation
+- **Credential Security**: No plaintext password storage
+- **Injection Prevention**: Protection against header/command injection
+
+## Client Production Readiness Criteria
+
+### Production Gate 1: Core Functionality (>95% tests passing)
+- Basic connection establishment
+- Command execution and response parsing
+- Email composition and sending
+- Error handling and recovery
+
+### Production Gate 2: Advanced Features (>90% tests passing)
+- Connection pooling and reuse
+- Authentication mechanisms
+- TLS/STARTTLS support
+- Retry logic and resilience
+
+### Production Gate 3: Enterprise Ready (>85% tests passing)
+- High-volume sending capabilities
+- Advanced security features
+- Full RFC compliance
+- Performance under load
+
+## Key Differences: Server vs Client Tests
+
+| Aspect | Server Tests | Client Tests |
+|--------|--------------|--------------|
+| **Focus** | Accepting connections, processing commands | Making connections, sending commands |
+| **Security** | Validating incoming data, enforcing policies | Protecting credentials, validating servers |
+| **Performance** | Handling many clients concurrently | Efficient bulk sending, connection reuse |
+| **Reliability** | Staying up under attack/load | Retrying failures, handling timeouts |
+| **RFC Compliance** | Server MUST requirements | Client MUST requirements |
+
+## Test Implementation Priority
+
+1. **Critical** (implement first):
+   - Basic connection and command sending
+   - Authentication mechanisms
+   - Error handling and retry logic
+   - TLS/Security features
+
+2. **High Priority** (implement second):
+   - Connection pooling
+   - Email composition and MIME
+   - Performance optimization
+   - RFC compliance
+
+3. **Medium Priority** (implement third):
+   - Advanced features (OAuth2, etc.)
+   - Edge case handling
+   - Extended performance tests
+   - Additional RFC extensions
+
+4. **Low Priority** (implement last):
+   - Proxy support
+   - Certificate pinning
+   - Unusual scenarios
+   - Optional RFC features
+

test/test.base.ts

@@ -1,65 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-/**
- * Basic test to check if our integrated classes work correctly
- */
-tap.test('verify that SenderReputationMonitor and IPWarmupManager are functioning', async () => {
-  // Create instances of both classes
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['example.com']
-  });
-  
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com']
-  });
-  
-  // Test SenderReputationMonitor
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  
-  const reputationData = reputationMonitor.getReputationData('example.com');
-  expect(reputationData).toBeTruthy();
-  
-  const summary = reputationMonitor.getReputationSummary();
-  expect(summary.length).toBeGreaterThan(0);
-  
-  // Add and remove domains
-  reputationMonitor.addDomain('test.com');
-  reputationMonitor.removeDomain('test.com');
-  
-  // Test IPWarmupManager
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  if (bestIP) {
-    ipWarmupManager.recordSend(bestIP);
-    const canSendMore = ipWarmupManager.canSendMoreToday(bestIP);
-    expect(typeof canSendMore).toEqual('boolean');
-  }
-  
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(stageCount).toBeGreaterThan(0);
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.bouncemanager.ts

@@ -1,197 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { BounceManager, BounceType, BounceCategory } from '../ts/mail/core/classes.bouncemanager.js';
-
-/**
- * Test the BounceManager class
- */
-tap.test('BounceManager - should be instantiable', async () => {
-  const bounceManager = new BounceManager();
-  expect(bounceManager).toBeTruthy();
-});
-
-tap.test('BounceManager - should process basic bounce categories', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Test hard bounce detection
-  const hardBounce = await bounceManager.processBounce({
-    recipient: 'invalid@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'user unknown',
-    domain: 'example.com'
-  });
-  
-  expect(hardBounce.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Test soft bounce detection
-  const softBounce = await bounceManager.processBounce({
-    recipient: 'valid@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'server unavailable',
-    domain: 'example.com'
-  });
-  
-  expect(softBounce.bounceCategory).toEqual(BounceCategory.SOFT);
-  
-  // Test auto-response detection
-  const autoResponse = await bounceManager.processBounce({
-    recipient: 'away@example.com',
-    sender: 'sender@example.com',
-    smtpResponse: 'auto-reply: out of office',
-    domain: 'example.com'
-  });
-  
-  expect(autoResponse.bounceCategory).toEqual(BounceCategory.AUTO_RESPONSE);
-});
-
-tap.test('BounceManager - should add and check suppression list entries', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Add to suppression list permanently
-  bounceManager.addToSuppressionList('permanent@example.com', 'Test hard bounce', undefined);
-  
-  // Add to suppression list temporarily (5 seconds)
-  const expireTime = Date.now() + 5000;
-  bounceManager.addToSuppressionList('temporary@example.com', 'Test soft bounce', expireTime);
-  
-  // Check suppression status
-  expect(bounceManager.isEmailSuppressed('permanent@example.com')).toEqual(true);
-  expect(bounceManager.isEmailSuppressed('temporary@example.com')).toEqual(true);
-  expect(bounceManager.isEmailSuppressed('notsuppressed@example.com')).toEqual(false);
-  
-  // Get suppression info
-  const info = bounceManager.getSuppressionInfo('permanent@example.com');
-  expect(info).toBeTruthy();
-  expect(info.reason).toEqual('Test hard bounce');
-  expect(info.expiresAt).toBeUndefined();
-
-  // Verify temporary suppression info
-  const tempInfo = bounceManager.getSuppressionInfo('temporary@example.com');
-  expect(tempInfo).toBeTruthy();
-  expect(tempInfo.reason).toEqual('Test soft bounce');
-  expect(tempInfo.expiresAt).toEqual(expireTime);
-  
-  // Wait for expiration (6 seconds)
-  await new Promise(resolve => setTimeout(resolve, 6000));
-  
-  // Verify permanent suppression is still active
-  expect(bounceManager.isEmailSuppressed('permanent@example.com')).toEqual(true);
-  
-  // Verify temporary suppression has expired
-  expect(bounceManager.isEmailSuppressed('temporary@example.com')).toEqual(false);
-});
-
-tap.test('BounceManager - should process SMTP failures correctly', async () => {
-  const bounceManager = new BounceManager();
-  
-  const result = await bounceManager.processSmtpFailure(
-    'recipient@example.com',
-    '550 5.1.1 User unknown',
-    {
-      sender: 'sender@example.com',
-      statusCode: '550'
-    }
-  );
-  
-  expect(result.bounceType).toEqual(BounceType.INVALID_RECIPIENT);
-  expect(result.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Check that the email was added to the suppression list
-  expect(bounceManager.isEmailSuppressed('recipient@example.com')).toEqual(true);
-});
-
-tap.test('BounceManager - should process bounce emails correctly', async () => {
-  const bounceManager = new BounceManager();
-  
-  // Create a mock bounce email as Smartmail
-  const bounceEmail = new plugins.smartmail.Smartmail({
-    from: 'mailer-daemon@example.com',
-    subject: 'Mail delivery failed: returning message to sender',
-    body: `
-      This message was created automatically by mail delivery software.
-      
-      A message that you sent could not be delivered to one or more of its recipients.
-      The following address(es) failed:
-      
-      recipient@example.com
-      mailbox is full
-      
-      ------ This is a copy of the message, including all the headers. ------
-      
-      Original-Recipient: rfc822;recipient@example.com
-      Final-Recipient: rfc822;recipient@example.com
-      Status: 5.2.2
-      diagnostic-code: smtp; 552 5.2.2 Mailbox full
-    `,
-    creationObjectRef: {}
-  });
-  
-  const result = await bounceManager.processBounceEmail(bounceEmail);
-  
-  expect(result).toBeTruthy();
-  expect(result.bounceType).toEqual(BounceType.MAILBOX_FULL);
-  expect(result.bounceCategory).toEqual(BounceCategory.HARD);
-  expect(result.recipient).toEqual('recipient@example.com');
-});
-
-tap.test('BounceManager - should handle retries for soft bounces', async () => {
-  const bounceManager = new BounceManager({
-    retryStrategy: {
-      maxRetries: 2,
-      initialDelay: 100, // 100ms for test
-      maxDelay: 1000,
-      backoffFactor: 2
-    }
-  });
-  
-  // First attempt
-  const result1 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com'
-  });
-  
-  // Email should be suppressed temporarily
-  expect(bounceManager.isEmailSuppressed('retry@example.com')).toEqual(true);
-  expect(result1.retryCount).toEqual(1);
-  expect(result1.nextRetryTime).toBeGreaterThan(Date.now());
-  
-  // Second attempt
-  const result2 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com',
-    retryCount: 1
-  });
-  
-  expect(result2.retryCount).toEqual(2);
-  
-  // Third attempt (should convert to hard bounce)
-  const result3 = await bounceManager.processBounce({
-    recipient: 'retry@example.com',
-    sender: 'sender@example.com',
-    bounceType: BounceType.SERVER_UNAVAILABLE,
-    bounceCategory: BounceCategory.SOFT,
-    domain: 'example.com',
-    retryCount: 2
-  });
-  
-  // Should now be a hard bounce after max retries
-  expect(result3.bounceCategory).toEqual(BounceCategory.HARD);
-  
-  // Email should be suppressed permanently
-  expect(bounceManager.isEmailSuppressed('retry@example.com')).toEqual(true);
-  const info = bounceManager.getSuppressionInfo('retry@example.com');
-  expect(info.expiresAt).toBeUndefined(); // Permanent
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.config.md

@@ -0,0 +1,175 @@
+# DCRouter Test Configuration
+
+## Running Tests
+
+### Run All Tests
+```bash
+cd dcrouter
+pnpm test
+```
+
+### Run Specific Category
+```bash
+# Run all connection tests
+tsx test/run-category.ts connection
+
+# Run all security tests  
+tsx test/run-category.ts security
+
+# Run all performance tests
+tsx test/run-category.ts performance
+```
+
+### Run Individual Test File
+```bash
+# Run TLS connection test
+tsx test/suite/connection/test.tls-connection.ts
+
+# Run authentication test
+tsx test/suite/security/test.authentication.ts
+```
+
+### Run Tests with Verbose Output
+```bash
+# All tests with verbose logging
+pnpm test -- --verbose
+
+# Individual test with verbose
+tsx test/suite/connection/test.tls-connection.ts --verbose
+```
+
+## Test Server Configuration
+
+Each test file starts its own SMTP server with specific configuration. Common configurations:
+
+### Basic Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost'
+});
+```
+
+### TLS-Enabled Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  tlsEnabled: true
+});
+```
+
+### Authenticated Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  authRequired: true
+});
+```
+
+### High-Performance Server
+```typescript
+const testServer = await startTestServer({
+  port: 2525,
+  hostname: 'localhost',
+  maxConnections: 1000,
+  size: 50 * 1024 * 1024 // 50MB
+});
+```
+
+## Port Allocation
+
+Tests use different ports to avoid conflicts:
+- Connection tests: 2525-2530
+- Command tests: 2531-2540
+- Email processing: 2541-2550
+- Security tests: 2551-2560
+- Performance tests: 2561-2570
+- Edge cases: 2571-2580
+- RFC compliance: 2581-2590
+
+## Test Utilities
+
+### Server Lifecycle
+All tests follow this pattern:
+```typescript
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import { startTestServer, stopTestServer } from '../../helpers/server.loader.js';
+
+let testServer;
+
+tap.test('setup', async () => {
+  testServer = await startTestServer({ port: 2525 });
+});
+
+// Your tests here...
+
+tap.test('cleanup', async () => {
+  await stopTestServer(testServer);
+});
+
+tap.start();
+```
+
+### SMTP Client Testing
+```typescript
+import { createTestSmtpClient } from '../../helpers/smtp.client.js';
+
+const client = createTestSmtpClient({
+  host: 'localhost',
+  port: 2525
+});
+```
+
+### Low-Level SMTP Testing
+```typescript
+import { connectToSmtp, sendSmtpCommand } from '../../helpers/test.utils.js';
+
+const socket = await connectToSmtp('localhost', 2525);
+const response = await sendSmtpCommand(socket, 'EHLO test.example.com', '250');
+```
+
+## Performance Benchmarks
+
+Expected minimums for production:
+- Throughput: >10 emails/second
+- Concurrent connections: >100
+- Memory increase: <2% under load
+- Connection time: <5000ms
+- Error rate: <5%
+
+## Debugging Failed Tests
+
+### Enable Verbose Logging
+```bash
+DEBUG=* tsx test/suite/connection/test.tls-connection.ts
+```
+
+### Check Server Logs
+Tests output server logs to console. Look for:
+- 🚀 Server start messages
+- 📧 Email processing logs
+- ❌ Error messages
+- ✅ Success confirmations
+
+### Common Issues
+
+1. **Port Already in Use**
+   - Tests use unique ports
+   - Check for orphaned processes: `lsof -i :2525`
+   - Kill process: `kill -9 <PID>`
+
+2. **TLS Certificate Errors**
+   - Tests use self-signed certificates
+   - Production should use real certificates
+
+3. **Timeout Errors**
+   - Increase timeout in test configuration
+   - Check network connectivity
+   - Verify server started successfully
+
+4. **Authentication Failures**
+   - Test servers may not validate credentials
+   - Check authRequired configuration
+   - Verify AUTH mechanisms supported

test/test.contentscanner.ts

@@ -1,6 +1,6 @@
 import { tap, expect } from '@git.zone/tstest/tapbundle';
 import { ContentScanner, ThreatCategory } from '../ts/security/classes.contentscanner.js';
-import { Email } from '../ts/mail/core/classes.email.js';
+import { Email } from '@push.rocks/smartmta';
 
 // Test instantiation
 tap.test('ContentScanner - should be instantiable', async () => {

test/test.dcrouter.email.ts

@@ -0,0 +1,159 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import * as plugins from '../ts/plugins.js';
+import * as path from 'path';
+import * as fs from 'fs';
+import { DcRouter, type IDcRouterOptions } from '../ts/classes.dcrouter.js';
+import type { IUnifiedEmailServerOptions } from '@push.rocks/smartmta';
+
+
+tap.test('DcRouter class - Custom email port configuration', async () => {
+  // Define custom port mapping
+  const customPortMapping: Record<number, number> = {
+    25: 11025,    // Custom SMTP port mapping
+    587: 11587,   // Custom submission port mapping
+    465: 11465,   // Custom SMTPS port mapping
+    2525: 12525   // Additional custom port
+  };
+
+  // Create a custom email configuration using smartmta interfaces
+  const emailConfig: IUnifiedEmailServerOptions = {
+    ports: [25, 587, 465, 2525],
+    hostname: 'mail.example.com',
+    maxMessageSize: 50 * 1024 * 1024, // 50MB
+    domains: [
+      {
+        domain: 'example.com',
+        dnsMode: 'external-dns',
+      },
+      {
+        domain: 'example.org',
+        dnsMode: 'external-dns',
+      }
+    ],
+    routes: [
+      {
+        name: 'forward-example-com',
+        match: {
+          recipients: '*@example.com',
+        },
+        action: {
+          type: 'forward',
+          forward: {
+            host: 'mail1.example.com',
+            port: 25,
+          }
+        }
+      },
+      {
+        name: 'deliver-example-org',
+        match: {
+          recipients: '*@example.org',
+        },
+        action: {
+          type: 'deliver',
+          process: {
+            dkim: true,
+          }
+        }
+      }
+    ]
+  };
+
+  // Create DcRouter options with custom email port configuration
+  const options: IDcRouterOptions = {
+    emailConfig,
+    emailPortConfig: {
+      portMapping: customPortMapping,
+      portSettings: {
+        2525: {
+          terminateTls: false,
+          routeName: 'custom-smtp-route'
+        }
+      },
+    },
+    tls: {
+      contactEmail: 'test@example.com'
+    }
+  };
+
+  // Create DcRouter instance
+  const router = new DcRouter(options);
+
+  // Verify the options are correctly set
+  expect(router.options.emailPortConfig).toBeTruthy();
+  expect(router.options.emailPortConfig!.portMapping).toEqual(customPortMapping);
+
+  // Test the generateEmailRoutes method
+  if (typeof (router as any)['generateEmailRoutes'] === 'function') {
+    const routes = (router as any)['generateEmailRoutes'](emailConfig);
+
+    // Verify that all ports are configured
+    expect(routes.length).toBeGreaterThan(0);
+
+    // Check the custom port configuration
+    const customPortRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 2525 || (Array.isArray(ports) && (ports as number[]).includes(2525));
+    });
+    expect(customPortRoute).toBeTruthy();
+    expect(customPortRoute?.name).toEqual('custom-smtp-route');
+    expect(customPortRoute?.action.targets[0].port).toEqual(12525);
+
+    // Check standard port mappings
+    const smtpRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 25 || (Array.isArray(ports) && (ports as number[]).includes(25));
+    });
+    expect(smtpRoute?.action.targets[0].port).toEqual(11025);
+
+    const submissionRoute = routes.find((r: any) => {
+      const ports = r.match.ports;
+      return ports === 587 || (Array.isArray(ports) && (ports as number[]).includes(587));
+    });
+    expect(submissionRoute?.action.targets[0].port).toEqual(11587);
+  }
+});
+
+tap.test('DcRouter class - Email config with domains and routes', async () => {
+  // Create a basic email configuration
+  const emailConfig: IUnifiedEmailServerOptions = {
+    ports: [2525],
+    hostname: 'mail.example.com',
+    domains: [],
+    routes: []
+  };
+
+  // Create DcRouter options
+  const options: IDcRouterOptions = {
+    emailConfig,
+    tls: {
+      contactEmail: 'test@example.com'
+    },
+    cacheConfig: {
+      enabled: false,
+    }
+  };
+
+  // Create DcRouter instance
+  const router = new DcRouter(options);
+
+  // Start the router to initialize email services
+  await router.start();
+
+  // Verify unified email server was initialized
+  expect(router.emailServer).toBeTruthy();
+
+  // Stop the router
+  await router.stop();
+});
+
+// Final clean-up test
+tap.test('clean up after tests', async () => {
+  // No-op
+});
+
+tap.test('stop', async () => {
+  await tap.stopForcefully();
+});
+
+export default tap.start();

test/test.dcrouter.ts

@@ -1,146 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { 
-  DcRouter,
-  type IDcRouterOptions,
-  type IEmailConfig,
-  type EmailProcessingMode,
-  type IDomainRule
-} from '../ts/classes.dcrouter.js';
-
-tap.test('DcRouter class - basic functionality', async () => {
-  // Create a simple DcRouter instance
-  const options: IDcRouterOptions = {
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router).toBeTruthy();
-  expect(router instanceof DcRouter).toEqual(true);
-  expect(router.options.tls.contactEmail).toEqual('test@example.com');
-});
-
-tap.test('DcRouter class - SmartProxy configuration', async () => {
-  // Create SmartProxy configuration
-  const smartProxyConfig: plugins.smartproxy.ISmartProxyOptions = {
-    fromPort: 443,
-    toPort: 8080,
-    targetIP: '10.0.0.10',
-    sniEnabled: true,
-    acme: {
-      port: 80,
-      enabled: true,
-      autoRenew: true,
-      useProduction: false,
-      renewThresholdDays: 30,
-      accountEmail: 'admin@example.com'
-    },
-    globalPortRanges: [
-      { from: 80, to: 80 },
-      { from: 443, to: 443 }
-    ],
-    domainConfigs: [
-      {
-        domains: ['example.com', 'www.example.com'],
-        allowedIPs: ['0.0.0.0/0'],
-        targetIPs: ['10.0.0.10'],
-        portRanges: [
-          { from: 80, to: 80 },
-          { from: 443, to: 443 }
-        ]
-      }
-    ]
-  };
-
-  const options: IDcRouterOptions = {
-    smartProxyConfig,
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router.options.smartProxyConfig).toBeTruthy();
-  expect(router.options.smartProxyConfig.domainConfigs.length).toEqual(1);
-  expect(router.options.smartProxyConfig.domainConfigs[0].domains[0]).toEqual('example.com');
-});
-
-tap.test('DcRouter class - Email configuration', async () => {
-  // Create consolidated email configuration
-  const emailConfig: IEmailConfig = {
-    ports: [25, 587, 465],
-    hostname: 'mail.example.com',
-    maxMessageSize: 50 * 1024 * 1024, // 50MB
-    
-    defaultMode: 'forward' as EmailProcessingMode,
-    defaultServer: 'fallback-mail.example.com',
-    defaultPort: 25,
-    defaultTls: true,
-    
-    domainRules: [
-      {
-        pattern: '*@example.com',
-        mode: 'forward' as EmailProcessingMode,
-        target: {
-          server: 'mail1.example.com',
-          port: 25,
-          useTls: true
-        }
-      },
-      {
-        pattern: '*@example.org',
-        mode: 'mta' as EmailProcessingMode,
-        mtaOptions: {
-          domain: 'example.org',
-          allowLocalDelivery: true
-        }
-      }
-    ]
-  };
-
-  const options: IDcRouterOptions = {
-    emailConfig,
-    tls: {
-      contactEmail: 'test@example.com'
-    }
-  };
-
-  const router = new DcRouter(options);
-  expect(router.options.emailConfig).toBeTruthy();
-  expect(router.options.emailConfig.ports.length).toEqual(3);
-  expect(router.options.emailConfig.domainRules.length).toEqual(2);
-  expect(router.options.emailConfig.domainRules[0].pattern).toEqual('*@example.com');
-  expect(router.options.emailConfig.domainRules[1].pattern).toEqual('*@example.org');
-});
-
-tap.test('DcRouter class - Domain pattern matching', async () => {
-  const router = new DcRouter({});
-  
-  // Use the internal method for testing if accessible
-  // This requires knowledge of the implementation, so it's a bit brittle
-  if (typeof router['isDomainMatch'] === 'function') {
-    // Test exact match
-    expect(router['isDomainMatch']('example.com', 'example.com')).toEqual(true);
-    expect(router['isDomainMatch']('example.com', 'example.org')).toEqual(false);
-    
-    // Test wildcard match
-    expect(router['isDomainMatch']('sub.example.com', '*.example.com')).toEqual(true);
-    expect(router['isDomainMatch']('sub.sub.example.com', '*.example.com')).toEqual(true);
-    expect(router['isDomainMatch']('example.com', '*.example.com')).toEqual(false);
-    expect(router['isDomainMatch']('sub.example.org', '*.example.com')).toEqual(false);
-  }
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-// Export a function to run all tests
-export default tap.start();

test/test.deliverability.ts

@@ -1,55 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-
-// Import the components we want to test
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-// Ensure test directories exist
-paths.ensureDirectories();
-
-// Test SenderReputationMonitor functionality
-tap.test('SenderReputationMonitor should track sending events', async () => {
-  // Initialize monitor with test domain
-  const monitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['test-domain.com']
-  });
-
-  // Record some events
-  monitor.recordSendEvent('test-domain.com', { type: 'sent', count: 100 });
-  monitor.recordSendEvent('test-domain.com', { type: 'delivered', count: 95 });
-  
-  // Get domain metrics
-  const metrics = monitor.getReputationData('test-domain.com');
-  
-  // Verify metrics were recorded
-  if (metrics) {
-    expect(metrics.volume.sent).toEqual(100);
-    expect(metrics.volume.delivered).toEqual(95);
-  }
-});
-
-// Test IPWarmupManager functionality
-tap.test('IPWarmupManager should handle IP allocation policies', async () => {
-  // Initialize warmup manager
-  const manager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['test-domain.com']
-  });
-  
-  // Set allocation policy
-  manager.setActiveAllocationPolicy('balanced');
-  
-  // Verify allocation methods work
-  const canSend = manager.canSendMoreToday('192.168.1.1');
-  expect(typeof canSend).toEqual('boolean');
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.dns-server-config.ts

@@ -0,0 +1,140 @@
+#!/usr/bin/env tsx
+
+/**
+ * Test DNS server configuration and record registration
+ */
+
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import * as plugins from '../ts/plugins.js';
+
+// Test DNS configuration
+const testDnsConfig = {
+  udpPort: 5353, // Use non-privileged port for testing
+  httpsPort: 8443,
+  httpsKey: './test/fixtures/test-key.pem',
+  httpsCert: './test/fixtures/test-cert.pem',
+  dnssecZone: 'test.example.com',
+  records: [
+    { name: 'test.example.com', type: 'A', value: '192.168.1.1' },
+    { name: 'mail.test.example.com', type: 'A', value: '192.168.1.2' },
+    { name: 'test.example.com', type: 'MX', value: '10 mail.test.example.com' },
+    { name: 'test.example.com', type: 'TXT', value: 'v=spf1 a:mail.test.example.com ~all' },
+    { name: 'test.example.com', type: 'NS', value: 'ns1.test.example.com' },
+    { name: 'ns1.test.example.com', type: 'A', value: '192.168.1.1' }
+  ]
+};
+
+tap.test('DNS server configuration - should extract records correctly', async () => {
+  const { records, ...dnsServerOptions } = testDnsConfig;
+  
+  expect(dnsServerOptions.udpPort).toEqual(5353);
+  expect(dnsServerOptions.httpsPort).toEqual(8443);
+  expect(dnsServerOptions.dnssecZone).toEqual('test.example.com');
+  expect(records).toBeArray();
+  expect(records.length).toEqual(6);
+});
+
+tap.test('DNS server configuration - should handle record parsing', async () => {
+  const parseDnsRecordData = (type: string, value: string): any => {
+    switch (type) {
+      case 'A':
+        return value;
+      case 'MX':
+        const [priority, exchange] = value.split(' ');
+        return { priority: parseInt(priority), exchange };
+      case 'TXT':
+        return value;
+      case 'NS':
+        return value;
+      default:
+        return value;
+    }
+  };
+  
+  // Test A record parsing
+  const aRecord = parseDnsRecordData('A', '192.168.1.1');
+  expect(aRecord).toEqual('192.168.1.1');
+  
+  // Test MX record parsing
+  const mxRecord = parseDnsRecordData('MX', '10 mail.test.example.com');
+  expect(mxRecord).toHaveProperty('priority', 10);
+  expect(mxRecord).toHaveProperty('exchange', 'mail.test.example.com');
+  
+  // Test TXT record parsing
+  const txtRecord = parseDnsRecordData('TXT', 'v=spf1 a:mail.test.example.com ~all');
+  expect(txtRecord).toEqual('v=spf1 a:mail.test.example.com ~all');
+});
+
+tap.test('DNS server configuration - should group records by domain', async () => {
+  const records = testDnsConfig.records;
+  const recordsByDomain = new Map<string, typeof records>();
+  
+  for (const record of records) {
+    const pattern = record.name.includes('*') ? record.name : `*.${record.name}`;
+    if (!recordsByDomain.has(pattern)) {
+      recordsByDomain.set(pattern, []);
+    }
+    recordsByDomain.get(pattern)!.push(record);
+  }
+  
+  // Check grouping
+  expect(recordsByDomain.size).toBeGreaterThan(0);
+  
+  // Verify each group has records
+  for (const [pattern, domainRecords] of recordsByDomain) {
+    expect(domainRecords.length).toBeGreaterThan(0);
+    console.log(`Pattern: ${pattern}, Records: ${domainRecords.length}`);
+  }
+});
+
+tap.test('DNS server configuration - should extract unique record types', async () => {
+  const records = testDnsConfig.records;
+  const recordTypes = [...new Set(records.map(r => r.type))];
+  
+  expect(recordTypes).toContain('A');
+  expect(recordTypes).toContain('MX');
+  expect(recordTypes).toContain('TXT');
+  expect(recordTypes).toContain('NS');
+  
+  console.log('Unique record types:', recordTypes.join(', '));
+});
+
+tap.test('DNS server - mock handler registration', async () => {
+  // Mock DNS server for testing
+  const mockDnsServer = {
+    handlers: new Map<string, any>(),
+    registerHandler: function(pattern: string, types: string[], handler: Function) {
+      this.handlers.set(pattern, { types, handler });
+      console.log(`Registered handler for pattern: ${pattern}, types: ${types.join(', ')}`);
+    }
+  };
+  
+  // Simulate record registration
+  const records = testDnsConfig.records;
+  const recordsByDomain = new Map<string, typeof records>();
+  
+  for (const record of records) {
+    const pattern = record.name.includes('*') ? record.name : `*.${record.name}`;
+    if (!recordsByDomain.has(pattern)) {
+      recordsByDomain.set(pattern, []);
+    }
+    recordsByDomain.get(pattern)!.push(record);
+  }
+  
+  // Register handlers
+  for (const [domainPattern, domainRecords] of recordsByDomain) {
+    const recordTypes = [...new Set(domainRecords.map(r => r.type))];
+    mockDnsServer.registerHandler(domainPattern, recordTypes, (question: any) => {
+      const matchingRecord = domainRecords.find(
+        r => r.name === question.name && r.type === question.type
+      );
+      return matchingRecord || null;
+    });
+  }
+  
+  expect(mockDnsServer.handlers.size).toBeGreaterThan(0);
+});
+
+tap.start({
+  throwOnError: true
+});

test/test.dns-socket-handler.ts

@@ -0,0 +1,148 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/classes.dcrouter.js';
+import * as plugins from '../ts/plugins.js';
+
+let dcRouter: DcRouter;
+
+tap.test('should NOT instantiate DNS server when dnsNsDomains is not set', async () => {
+  dcRouter = new DcRouter({
+    smartProxyConfig: {
+      routes: []
+    },
+    cacheConfig: { enabled: false }
+  });
+
+  await dcRouter.start();
+
+  // Check that DNS server is not created
+  expect((dcRouter as any).dnsServer).toBeUndefined();
+
+  await dcRouter.stop();
+});
+
+tap.test('should generate DNS routes when dnsNsDomains is set', async () => {
+  // This test checks the route generation logic WITHOUT starting the full DcRouter
+  // Starting DcRouter would require DNS port 53 and cause conflicts
+
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.test.local', 'ns2.test.local'],
+    dnsScopes: ['test.local'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Check routes are generated correctly (without starting)
+  const generatedRoutes = (dcRouter as any).generateDnsRoutes();
+  expect(generatedRoutes.length).toEqual(2); // /dns-query and /resolve
+
+  // Check that routes have socket-handler action
+  generatedRoutes.forEach((route: any) => {
+    expect(route.action.type).toEqual('socket-handler');
+    expect(route.action.socketHandler).toBeDefined();
+  });
+
+  // Verify routes target the primary nameserver
+  const dnsQueryRoute = generatedRoutes.find((r: any) => r.name === 'dns-over-https-dns-query');
+  expect(dnsQueryRoute).toBeDefined();
+  expect(dnsQueryRoute.match.domains).toContain('ns1.test.local');
+});
+
+tap.test('should create DNS routes with correct configuration', async () => {
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.example.com', 'ns2.example.com'],
+    dnsScopes: ['example.com'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Access the private method to generate routes
+  const dnsRoutes = (dcRouter as any).generateDnsRoutes();
+
+  expect(dnsRoutes.length).toEqual(2);
+
+  // Check first route (dns-query) - uses primary nameserver (first in array)
+  const dnsQueryRoute = dnsRoutes.find((r: any) => r.name === 'dns-over-https-dns-query');
+  expect(dnsQueryRoute).toBeDefined();
+  expect(dnsQueryRoute.match.ports).toContain(443);
+  expect(dnsQueryRoute.match.domains).toContain('ns1.example.com');
+  expect(dnsQueryRoute.match.path).toEqual('/dns-query');
+
+  // Check second route (resolve)
+  const resolveRoute = dnsRoutes.find((r: any) => r.name === 'dns-over-https-resolve');
+  expect(resolveRoute).toBeDefined();
+  expect(resolveRoute.match.ports).toContain(443);
+  expect(resolveRoute.match.domains).toContain('ns1.example.com');
+  expect(resolveRoute.match.path).toEqual('/resolve');
+});
+
+tap.test('DNS socket handler should be created correctly', async () => {
+  // This test verifies the socket handler creation WITHOUT starting the full router
+  dcRouter = new DcRouter({
+    dnsNsDomains: ['ns1.test.local', 'ns2.test.local'],
+    dnsScopes: ['test.local'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  // Get the socket handler (this doesn't require DNS server to be started)
+  const socketHandler = (dcRouter as any).createDnsSocketHandler();
+  expect(socketHandler).toBeDefined();
+  expect(typeof socketHandler).toEqual('function');
+
+  // Create a mock socket to test the handler behavior without DNS server
+  const mockSocket = new plugins.net.Socket();
+  let socketEnded = false;
+
+  mockSocket.end = () => {
+    socketEnded = true;
+    return mockSocket;
+  };
+
+  // When DNS server is not initialized, the handler should end the socket
+  try {
+    await socketHandler(mockSocket);
+  } catch (error) {
+    // Expected - DNS server not initialized
+  }
+
+  // Socket should be ended because DNS server wasn't started
+  expect(socketEnded).toEqual(true);
+});
+
+tap.test('DNS routes should only be generated when dnsNsDomains is configured', async () => {
+  // Test without DNS configuration - should return empty routes
+  dcRouter = new DcRouter({
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  const routesWithoutDns = (dcRouter as any).generateDnsRoutes();
+  expect(routesWithoutDns.length).toEqual(0);
+
+  // Test with DNS configuration - should return routes
+  const dcRouterWithDns = new DcRouter({
+    dnsNsDomains: ['ns1.example.com'],
+    dnsScopes: ['example.com'],
+    smartProxyConfig: {
+      routes: []
+    }
+  });
+
+  const routesWithDns = (dcRouterWithDns as any).generateDnsRoutes();
+  expect(routesWithDns.length).toEqual(2);
+
+  // Verify socket handler can be created
+  const socketHandler = (dcRouterWithDns as any).createDnsSocketHandler();
+  expect(socketHandler).toBeDefined();
+  expect(typeof socketHandler).toEqual('function');
+});
+
+tap.test('stop', async () => {
+  await tap.stopForcefully();
+});
+
+export default tap.start();

test/test.emailauth.ts

@@ -1,244 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { SpfVerifier, SpfQualifier, SpfMechanismType } from '../ts/mail/security/classes.spfverifier.js';
-import { DmarcVerifier, DmarcPolicy, DmarcAlignment } from '../ts/mail/security/classes.dmarcverifier.js';
-import { Email } from '../ts/mail/core/classes.email.js';
-
-/**
- * Test email authentication systems: SPF and DMARC
- */
-
-// Setup platform service for testing
-let platformService: SzPlatformService;
-
-tap.test('Setup test environment', async () => {
-  // Create platform service with default config from the config module
-  platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: true,
-      host: '0.0.0.0',
-      port: 3000,
-      cors: true
-    },
-    email: {
-      useMta: true,
-      mtaConfig: {
-        smtp: {
-          enabled: true,
-          port: 25,
-          hostname: 'mta.test.local',
-          maxSize: 10 * 1024 * 1024
-        },
-        security: {
-          useDkim: true,
-          verifyDkim: true,
-          verifySpf: true,
-          verifyDmarc: true
-        }
-      }
-    }
-  });
-  // Use start() instead of init() which doesn't exist
-  await platformService.start();
-  expect(platformService.mtaService).toBeTruthy();
-});
-
-// SPF Verifier Tests
-tap.test('SPF Verifier - should parse SPF record', async () => {
-  const spfVerifier = new SpfVerifier(platformService.mtaService);
-  
-  // Test valid SPF record parsing
-  const record = 'v=spf1 a mx ip4:192.168.0.1/24 include:example.org ~all';
-  const parsedRecord = spfVerifier.parseSpfRecord(record);
-  
-  expect(parsedRecord).toBeTruthy();
-  expect(parsedRecord.version).toEqual('spf1');
-  expect(parsedRecord.mechanisms.length).toEqual(5);
-  
-  // Check specific mechanisms
-  expect(parsedRecord.mechanisms[0].type).toEqual(SpfMechanismType.A);
-  expect(parsedRecord.mechanisms[0].qualifier).toEqual(SpfQualifier.PASS);
-  
-  expect(parsedRecord.mechanisms[1].type).toEqual(SpfMechanismType.MX);
-  expect(parsedRecord.mechanisms[1].qualifier).toEqual(SpfQualifier.PASS);
-  
-  expect(parsedRecord.mechanisms[2].type).toEqual(SpfMechanismType.IP4);
-  expect(parsedRecord.mechanisms[2].value).toEqual('192.168.0.1/24');
-  
-  expect(parsedRecord.mechanisms[3].type).toEqual(SpfMechanismType.INCLUDE);
-  expect(parsedRecord.mechanisms[3].value).toEqual('example.org');
-  
-  expect(parsedRecord.mechanisms[4].type).toEqual(SpfMechanismType.ALL);
-  expect(parsedRecord.mechanisms[4].qualifier).toEqual(SpfQualifier.SOFTFAIL);
-  
-  // Test invalid record
-  const invalidRecord = 'not-a-spf-record';
-  const invalidParsed = spfVerifier.parseSpfRecord(invalidRecord);
-  expect(invalidParsed).toBeNull();
-});
-
-// DMARC Verifier Tests
-tap.test('DMARC Verifier - should parse DMARC record', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Test valid DMARC record parsing
-  const record = 'v=DMARC1; p=reject; sp=quarantine; pct=50; adkim=s; aspf=r; rua=mailto:dmarc@example.com';
-  const parsedRecord = dmarcVerifier.parseDmarcRecord(record);
-  
-  expect(parsedRecord).toBeTruthy();
-  expect(parsedRecord.version).toEqual('DMARC1');
-  expect(parsedRecord.policy).toEqual(DmarcPolicy.REJECT);
-  expect(parsedRecord.subdomainPolicy).toEqual(DmarcPolicy.QUARANTINE);
-  expect(parsedRecord.pct).toEqual(50);
-  expect(parsedRecord.adkim).toEqual(DmarcAlignment.STRICT);
-  expect(parsedRecord.aspf).toEqual(DmarcAlignment.RELAXED);
-  expect(parsedRecord.reportUriAggregate).toContain('dmarc@example.com');
-  
-  // Test invalid record
-  const invalidRecord = 'not-a-dmarc-record';
-  const invalidParsed = dmarcVerifier.parseDmarcRecord(invalidRecord);
-  expect(invalidParsed).toBeNull();
-});
-
-tap.test('DMARC Verifier - should verify DMARC alignment', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Test email domains with DMARC alignment
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.net',
-    subject: 'Test DMARC alignment',
-    text: 'This is a test email'
-  });
-  
-  // Test when both SPF and DKIM pass with alignment
-  const dmarcResult = await dmarcVerifier.verify(
-    email,
-    { domain: 'example.com', result: true },  // SPF - aligned and passed
-    { domain: 'example.com', result: true }   // DKIM - aligned and passed
-  );
-  
-  expect(dmarcResult).toBeTruthy();
-  expect(dmarcResult.spfPassed).toEqual(true);
-  expect(dmarcResult.dkimPassed).toEqual(true);
-  expect(dmarcResult.spfDomainAligned).toEqual(true);
-  expect(dmarcResult.dkimDomainAligned).toEqual(true);
-  expect(dmarcResult.action).toEqual('pass');
-  
-  // Test when neither SPF nor DKIM is aligned
-  const dmarcResult2 = await dmarcVerifier.verify(
-    email,
-    { domain: 'differentdomain.com', result: true },  // SPF - passed but not aligned
-    { domain: 'anotherdomain.com', result: true }     // DKIM - passed but not aligned
-  );
-  
-  // We can now see the actual DMARC result and update our expectations
-  
-  expect(dmarcResult2).toBeTruthy();
-  expect(dmarcResult2.spfPassed).toEqual(true);
-  expect(dmarcResult2.dkimPassed).toEqual(true);
-  expect(dmarcResult2.spfDomainAligned).toEqual(false);
-  expect(dmarcResult2.dkimDomainAligned).toEqual(false);
-  
-  // The test environment is returning a 'reject' policy - we can verify that
-  expect(dmarcResult2.policyEvaluated).toEqual('reject');
-  expect(dmarcResult2.actualPolicy).toEqual('reject');
-  expect(dmarcResult2.action).toEqual('reject');
-});
-
-tap.test('DMARC Verifier - should apply policy correctly', async () => {
-  const dmarcVerifier = new DmarcVerifier(platformService.mtaService);
-  
-  // Create test email
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.net',
-    subject: 'Test DMARC policy application',
-    text: 'This is a test email'
-  });
-  
-  // Test pass action
-  const passResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: true,
-    dkimDomainAligned: true,
-    spfPassed: true,
-    dkimPassed: true,
-    policyEvaluated: DmarcPolicy.NONE,
-    actualPolicy: DmarcPolicy.NONE,
-    appliedPercentage: 100,
-    action: 'pass',
-    details: 'DMARC passed'
-  };
-  
-  const passApplied = dmarcVerifier.applyPolicy(email, passResult);
-  expect(passApplied).toEqual(true);
-  expect(email.mightBeSpam).toEqual(false);
-  expect(email.headers['X-DMARC-Result']).toEqual('DMARC passed');
-  
-  // Test quarantine action
-  const quarantineResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: false,
-    dkimDomainAligned: false,
-    spfPassed: false,
-    dkimPassed: false,
-    policyEvaluated: DmarcPolicy.QUARANTINE,
-    actualPolicy: DmarcPolicy.QUARANTINE,
-    appliedPercentage: 100,
-    action: 'quarantine',
-    details: 'DMARC failed, policy=quarantine'
-  };
-  
-  // Reset email spam flag
-  email.mightBeSpam = false;
-  email.headers = {};
-  
-  const quarantineApplied = dmarcVerifier.applyPolicy(email, quarantineResult);
-  expect(quarantineApplied).toEqual(true);
-  expect(email.mightBeSpam).toEqual(true);
-  expect(email.headers['X-Spam-Flag']).toEqual('YES');
-  expect(email.headers['X-DMARC-Result']).toEqual('DMARC failed, policy=quarantine');
-  
-  // Test reject action
-  const rejectResult: any = {
-    hasDmarc: true,
-    spfDomainAligned: false,
-    dkimDomainAligned: false,
-    spfPassed: false,
-    dkimPassed: false,
-    policyEvaluated: DmarcPolicy.REJECT,
-    actualPolicy: DmarcPolicy.REJECT,
-    appliedPercentage: 100,
-    action: 'reject',
-    details: 'DMARC failed, policy=reject'
-  };
-  
-  // Reset email spam flag
-  email.mightBeSpam = false;
-  email.headers = {};
-  
-  const rejectApplied = dmarcVerifier.applyPolicy(email, rejectResult);
-  expect(rejectApplied).toEqual(false);
-  expect(email.mightBeSpam).toEqual(true);
-});
-
-tap.test('Cleanup test environment', async () => {
-  await platformService.stop();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.errors.ts

@@ -1,7 +1,7 @@
 import { tap, expect } from '@git.zone/tstest/tapbundle';
 import * as errors from '../ts/errors/index.js';
 import {
-  PlatformError, 
+  PlatformError,
   ValidationError,
   NetworkError,
   ResourceError,
@@ -12,19 +12,6 @@ import {
   ErrorCategory,
   ErrorRecoverability
 } from '../ts/errors/error.codes.js';
-import {
-  EmailServiceError,
-  EmailTemplateError,
-  EmailValidationError,
-  EmailSendError,
-  EmailReceiveError
-} from '../ts/errors/email.errors.js';
-import {
-  MtaConnectionError,
-  MtaAuthenticationError,
-  MtaDeliveryError,
-  MtaConfigurationError
-} from '../ts/errors/mta.errors.js';
 import {
   ErrorHandler
 } from '../ts/errors/error-handler.js';
@@ -54,9 +41,9 @@ tap.test('Base error classes should set properties correctly', async () => {
   expect(platformError.severity).toEqual(ErrorSeverity.MEDIUM);
   expect(platformError.category).toEqual(ErrorCategory.OPERATION);
   expect(platformError.recoverability).toEqual(ErrorRecoverability.MAYBE_RECOVERABLE);
-  expect(platformError.context.component).toEqual(context.component);
-  expect(platformError.context.operation).toEqual(context.operation);
-  expect(platformError.context.data.foo).toEqual('bar');
+  expect(platformError.context?.component).toEqual(context.component);
+  expect(platformError.context?.operation).toEqual(context.operation);
+  expect(platformError.context?.data?.foo).toEqual('bar');
   expect(platformError.name).toEqual('PlatformError');
 
   // Test ValidationError
@@ -75,94 +62,6 @@ tap.test('Base error classes should set properties correctly', async () => {
   expect(resourceError.category).toEqual(ErrorCategory.RESOURCE);
 });
 
-// Test email error classes
-tap.test('Email error classes should be properly constructed', async () => {
-  // Test EmailServiceError
-  const emailServiceError = new EmailServiceError('Email service error', {
-    component: 'EmailService',
-    operation: 'sendEmail'
-  });
-  expect(emailServiceError.code).toEqual('EMAIL_SERVICE_ERROR');
-  expect(emailServiceError.name).toEqual('EmailServiceError');
-
-  // Test EmailTemplateError
-  const templateError = new EmailTemplateError('Template not found: welcome_email', {
-    data: { templateId: 'welcome_email' }
-  });
-  expect(templateError.code).toEqual('EMAIL_TEMPLATE_ERROR');
-  expect(templateError.context.data.templateId).toEqual('welcome_email');
-
-  // Test EmailSendError with permanent flag
-  const permanentError = EmailSendError.permanent(
-    'Invalid recipient',
-    'user@example.com',
-    { data: { details: 'DNS not found' } }
-  );
-  expect(permanentError.code).toEqual('EMAIL_SEND_ERROR');
-  expect(permanentError.isPermanent()).toEqual(true);
-  expect(permanentError.context.data.permanent).toEqual(true);
-
-  // Test EmailSendError with temporary flag and retry
-  const tempError = EmailSendError.temporary(
-    'Server busy',
-    3,
-    0,
-    1000,
-    { data: { server: 'smtp.example.com' } }
-  );
-  expect(tempError.isPermanent()).toEqual(false);
-  expect(tempError.context.data.permanent).toEqual(false);
-  expect(tempError.context.retry.maxRetries).toEqual(3);
-  expect(tempError.shouldRetry()).toEqual(true);
-});
-
-// Test MTA error classes
-tap.test('MTA error classes should be properly constructed', async () => {
-  // Test MtaConnectionError
-  const dnsError = MtaConnectionError.dnsError('mail.example.com', new Error('DNS lookup failed'));
-  expect(dnsError.code).toEqual('MTA_CONNECTION_ERROR');
-  expect(dnsError.category).toEqual(ErrorCategory.CONNECTIVITY);
-  expect(dnsError.context.data.hostname).toEqual('mail.example.com');
-
-  // Test MtaTimeoutError via MtaConnectionError.timeout
-  const timeoutError = MtaConnectionError.timeout('mail.example.com', 25, 30000);
-  expect(timeoutError.code).toEqual('MTA_CONNECTION_ERROR');
-  expect(timeoutError.context.data.timeout).toEqual(30000);
-
-  // Test MtaAuthenticationError
-  const authError = MtaAuthenticationError.invalidCredentials('mail.example.com', 'user@example.com');
-  expect(authError.code).toEqual('MTA_AUTHENTICATION_ERROR');
-  expect(authError.category).toEqual(ErrorCategory.AUTHENTICATION);
-  expect(authError.context.data.username).toEqual('user@example.com');
-
-  // Test MtaDeliveryError
-  const permDeliveryError = MtaDeliveryError.permanent(
-    'User unknown',
-    'nonexistent@example.com',
-    '550',
-    '550 5.1.1 User unknown'
-  );
-  expect(permDeliveryError.code).toEqual('MTA_DELIVERY_ERROR');
-  expect(permDeliveryError.isPermanent()).toEqual(true);
-  expect(permDeliveryError.getRecipientAddress()).toEqual('nonexistent@example.com');
-  expect(permDeliveryError.getStatusCode()).toEqual('550');
-
-  // Test temporary delivery error with retry
-  const tempDeliveryError = MtaDeliveryError.temporary(
-    'Mailbox temporarily unavailable',
-    'user@example.com',
-    '450',
-    '450 4.2.1 Mailbox temporarily unavailable',
-    3,
-    1,
-    5000
-  );
-  expect(tempDeliveryError.isPermanent()).toEqual(false);
-  expect(tempDeliveryError.shouldRetry()).toEqual(true);
-  expect(tempDeliveryError.context.retry.currentRetry).toEqual(1);
-  expect(tempDeliveryError.context.retry.maxRetries).toEqual(3);
-});
-
 // Test error handler utility
 tap.test('ErrorHandler should properly handle and format errors', async () => {
   // Configure error handler
@@ -187,13 +86,13 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
 
   expect(platformError).toBeInstanceOf(PlatformError);
   expect(platformError.code).toEqual('PLATFORM_OPERATION_ERROR');
-  expect(platformError.context.component).toEqual('TestHandler');
+  expect(platformError.context?.component).toEqual('TestHandler');
 
   // Test formatting error for API response
   const formattedError = ErrorHandler.formatErrorForResponse(platformError, true);
   expect(formattedError.code).toEqual('PLATFORM_OPERATION_ERROR');
   expect(formattedError.message).toEqual('An unexpected error occurred.');
-  expect(formattedError.details.rawMessage).toEqual('Something went wrong');
+  expect(formattedError.details?.rawMessage).toEqual('Something went wrong');
 
   // Test executing a function with error handling
   let executed = false;
@@ -223,6 +122,7 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
     {
       maxAttempts: 5,
       baseDelay: 10, // Use small delay for tests
+      retryableErrorPatterns: [/Temporary failure/], // Add pattern to make error retryable
       onRetry: (error, attempt, delay) => {
         expect(error).toBeInstanceOf(PlatformError);
         expect(attempt).toBeGreaterThan(0);
@@ -245,7 +145,8 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
       'TEST_RETRY_ERROR',
       {
         maxAttempts: 3,
-        baseDelay: 10
+        baseDelay: 10,
+        retryableErrorPatterns: [/Persistent failure/] // Make error retryable so it tries all attempts
       }
     );
   } catch (error) {
@@ -257,7 +158,6 @@ tap.test('ErrorHandler should properly handle and format errors', async () => {
 // Test retry utilities
 tap.test('Error retry utilities should work correctly', async () => {
   let attempts = 0;
-  const start = Date.now();
 
   try {
     await errors.retry(
@@ -303,15 +203,25 @@ tap.test('Error retry utilities should work correctly', async () => {
 });
 
 // Helper function that will reject first n times, then resolve
-async function flaky(failTimes: number, result: any = 'success'): Promise<any> {
-  if (flaky.counter < failTimes) {
-    flaky.counter++;
-    throw new Error(`Flaky failure ${flaky.counter}`);
-  }
-  return result;
+interface FlakyFunction {
+  (failTimes: number, result?: any): Promise<any>;
+  counter: number;
+  reset: () => void;
 }
-flaky.counter = 0;
-flaky.reset = () => { flaky.counter = 0; };
+
+const flaky: FlakyFunction = Object.assign(
+  async function (failTimes: number, result: any = 'success'): Promise<any> {
+    if (flaky.counter < failTimes) {
+      flaky.counter++;
+      throw new Error(`Flaky failure ${flaky.counter}`);
+    }
+    return result;
+  },
+  {
+    counter: 0,
+    reset: () => { flaky.counter = 0; }
+  }
+);
 
 // Test error wrapping and retry combination
 tap.test('Error handling can be combined with retry for robust operations', async () => {
@@ -326,30 +236,27 @@ tap.test('Error handling can be combined with retry for robust operations', asyn
   );
 
   // Execute with retry
-  try {
-    const result = await errors.retry(
-      wrapped,
-      {
-        maxRetries: 3,
-        initialDelay: 10,
-      }
-    );
-    expect(result).toEqual('wrapped success');
-    expect(flaky.counter).toEqual(2);
-  } catch (error) {
-    // Should not reach here
-    expect(false).toEqual(true);
-  }
+  const result = await errors.retry(
+    wrapped,
+    {
+      maxRetries: 3,
+      initialDelay: 10,
+      retryableErrors: [/Flaky failure/]
+    }
+  );
+  expect(result).toEqual('wrapped success');
+  expect(flaky.counter).toEqual(2);
 
   // Reset and test failure case
   flaky.reset();
-  
+
   try {
     await errors.retry(
       () => flaky(5, 'never reached'),
       {
         maxRetries: 2, // Only retry twice, but we need 5 attempts to succeed
         initialDelay: 10,
+        retryableErrors: [/Flaky failure/] // Add pattern to make it retry
       }
     );
     // Should not reach here
@@ -361,7 +268,7 @@ tap.test('Error handling can be combined with retry for robust operations', asyn
 });
 
 tap.test('stop', async () => {
-  // This is a placeholder test to ensure we call tap.stopForcefully()
+  await tap.stopForcefully();
 });
 
-export default tap.stopForcefully();
+export default tap.start();

test/test.integration.ts

@@ -1,128 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import { SzPlatformService } from '../ts/platformservice.js';
-import { MtaService } from '../ts/mail/delivery/classes.mta.js';
-import { EmailService } from '../ts/mail/services/classes.emailservice.js';
-import { BounceManager } from '../ts/mail/core/classes.bouncemanager.js';
-import DcRouter from '../ts/classes.dcrouter.js';
-
-// Test the new integration architecture
-tap.test('should be able to create an independent MTA service', async (tools) => {
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-      hostname: 'test.example.com'
-    }
-  });
-  
-  // Verify it was created properly without a platform service reference
-  expect(mta).toBeTruthy();
-  expect(mta.platformServiceRef).toBeUndefined();
-  
-  // Even without a platform service, it should have its own SMTP rule engine
-  expect(mta.smtpRuleEngine).toBeTruthy();
-});
-
-tap.test('should be able to create an EmailService with an existing MTA', async (tools) => {
-  // Create a platform service with test config
-  const platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: false // Disable server for tests
-    }
-  });
-  
-  // Create a shared bounce manager
-  const bounceManager = new BounceManager();
-  
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Manually set the bounce manager for testing
-  // @ts-ignore - adding property for testing
-  mta.bounceManager = bounceManager;
-  
-  // Create an email service that uses the independent MTA
-  // @ts-ignore - passing a third argument to the constructor
-  const emailService = new EmailService(platformService, {}, mta);
-  
-  // Manually set the mtaService property
-  emailService.mtaService = mta;
-  
-  // Verify relationships
-  expect(emailService.mtaService === mta).toBeTrue();
-  expect(emailService.bounceManager).toBeTruthy();
-  
-  // MTA should not have a direct platform service reference
-  expect(mta.platformServiceRef).toBeUndefined();
-  
-  // But it should have access to bounce manager
-  // @ts-ignore - accessing property for testing
-  expect(mta.bounceManager === bounceManager).toBeTrue();
-});
-
-tap.test('MTA service should have SMTP rule engine', async (tools) => {
-  // Create an independent MTA service
-  const mta = new MtaService(undefined, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Verify the MTA has an SMTP rule engine
-  expect(mta.smtpRuleEngine).toBeTruthy();
-});
-
-tap.test('platform service should support having an MTA service', async (tools) => {
-  // Create a platform service with test config
-  const platformService = new SzPlatformService({
-    id: 'test-platform-service',
-    version: '1.0.0',
-    environment: 'test',
-    name: 'TestPlatformService',
-    enabled: true,
-    logging: {
-      level: 'info',
-      structured: true,
-      correlationTracking: true
-    },
-    server: {
-      enabled: false // Disable server for tests
-    }
-  });
-  
-  // Create MTA - don't await start() to avoid binding to ports
-  platformService.mtaService = new MtaService(platformService, {
-    smtp: {
-      port: 10025, // Use a different port for testing
-    }
-  });
-  
-  // Create email service using the platform
-  platformService.emailService = new EmailService(platformService);
-  
-  // Verify the MTA has a reference to the platform service
-  expect(platformService.mtaService).toBeTruthy();
-  expect(platformService.mtaService.platformServiceRef).toBeTruthy();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-// Export for tapbundle execution
-export default tap.start();

test/test.ipreputationchecker.ts

@@ -6,8 +6,8 @@ import * as plugins from '../ts/plugins.js';
 const originalDnsResolve = plugins.dns.promises.resolve;
 let mockDnsResolveImpl: (hostname: string) => Promise<string[]> = async () => ['127.0.0.1'];
 
-// Setup mock DNS resolver
-plugins.dns.promises.resolve = async (hostname: string) => {
+// Setup mock DNS resolver with proper typing
+(plugins.dns.promises as any).resolve = async (hostname: string) => {
   return mockDnsResolveImpl(hostname);
 };
 

test/test.ipwarmupmanager.ts

@@ -1,323 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-// Cleanup any temporary test data
-const cleanupTestData = () => {
-  const warmupDataPath = plugins.path.join(paths.dataDir, 'warmup');
-  if (plugins.fs.existsSync(warmupDataPath)) {
-    // Remove the directory recursively using fs instead of smartfile
-    plugins.fs.rmSync(warmupDataPath, { recursive: true, force: true });
-  }
-};
-
-// Helper to reset the singleton instance between tests
-const resetSingleton = () => {
-  // @ts-ignore - accessing private static field for testing
-  IPWarmupManager.instance = null;
-};
-
-// Before running any tests
-tap.test('setup', async () => {
-  cleanupTestData();
-});
-
-// Test initialization of IPWarmupManager
-tap.test('should initialize IPWarmupManager with default settings', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance();
-  
-  expect(ipWarmupManager).toBeTruthy();
-  expect(typeof ipWarmupManager.getBestIPForSending).toEqual('function');
-  expect(typeof ipWarmupManager.canSendMoreToday).toEqual('function');
-  expect(typeof ipWarmupManager.getStageCount).toEqual('function');
-  expect(typeof ipWarmupManager.setActiveAllocationPolicy).toEqual('function');
-});
-
-// Test initialization with custom settings
-tap.test('should initialize IPWarmupManager with custom settings', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com', 'test.com'],
-    fallbackPercentage: 75
-  });
-  
-  // Test setting allocation policy
-  ipWarmupManager.setActiveAllocationPolicy('roundRobin');
-  
-  // Get best IP for sending
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Check if we can send more today
-  const canSendMore = ipWarmupManager.canSendMoreToday('192.168.1.1');
-  
-  // Check stage count
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(typeof stageCount).toEqual('number');
-});
-
-// Test IP allocation policies
-tap.test('should allocate IPs using balanced policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  // Use getBestIPForSending multiple times and check if all IPs are used
-  const usedIPs = new Set();
-  for (let i = 0; i < 30; i++) {
-    const ip = ipWarmupManager.getBestIPForSending({
-      from: 'test@example.com',
-      to: ['recipient@test.com'],
-      domain: 'example.com'
-    });
-    if (ip) usedIPs.add(ip);
-  }
-  
-  // We should use at least 2 different IPs with balanced policy
-  expect(usedIPs.size >= 2).toBeTrue();
-});
-
-// Test round robin allocation policy
-tap.test('should allocate IPs using round robin policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('roundRobin');
-  
-  // First few IPs should rotate through the available IPs
-  const firstIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const secondIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const thirdIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Round robin should give us different IPs for consecutive calls
-  expect(firstIP !== secondIP).toBeTrue();
-  
-  // With 3 IPs, the fourth call should cycle back to one of the IPs
-  const fourthIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // Check that the fourth IP is one of the 3 valid IPs
-  expect(['192.168.1.1', '192.168.1.2', '192.168.1.3'].includes(fourthIP)).toBeTrue();
-});
-
-// Test dedicated domain allocation policy
-tap.test('should allocate IPs using dedicated domain policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com', 'other.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  ipWarmupManager.setActiveAllocationPolicy('dedicated');
-  
-  // Instead of mapDomainToIP which doesn't exist, we'll simulate domain mapping
-  // by making dedicated calls per domain - we can't call the internal method directly
-  
-  // Each domain should get its dedicated IP
-  const exampleIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@gmail.com'],
-    domain: 'example.com'
-  });
-  
-  const testIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@test.com',
-    to: ['recipient@gmail.com'],
-    domain: 'test.com'
-  });
-  
-  const otherIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@other.com',
-    to: ['recipient@gmail.com'],
-    domain: 'other.com'
-  });
-  
-  // Since we're not actually mapping domains to IPs, we can only test if they return valid IPs
-  // The original assertions have been modified since we can't guarantee which IP will be returned
-  expect(exampleIP).toBeTruthy();
-  expect(testIP).toBeTruthy();
-  expect(otherIP).toBeTruthy();
-});
-
-// Test daily sending limits
-tap.test('should enforce daily sending limits', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1'],
-    targetDomains: ['example.com']
-    // Remove allocationPolicy which is not in the interface
-  });
-  
-  // Override the warmup stage for testing
-  // @ts-ignore - accessing private method for testing
-  ipWarmupManager.warmupStatuses.set('192.168.1.1', {
-    ipAddress: '192.168.1.1',
-    isActive: true,
-    currentStage: 1,
-    startDate: new Date(),
-    currentStageStartDate: new Date(),
-    targetCompletionDate: new Date(),
-    currentDailyAllocation: 5,
-    sentInCurrentStage: 0,
-    totalSent: 0,
-    dailyStats: [],
-    metrics: {
-      openRate: 0,
-      bounceRate: 0,
-      complaintRate: 0
-    }
-  });
-  
-  // Set a very low daily limit for testing 
-  // @ts-ignore - accessing private method for testing
-  ipWarmupManager.config.stages = [
-    { stage: 1, maxDailyVolume: 5, durationDays: 5, targetMetrics: { maxBounceRate: 8, minOpenRate: 15 } }
-  ];
-  
-  // First pass: should be able to get an IP
-  const ip = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  expect(ip === '192.168.1.1').toBeTrue();
-  
-  // Record 5 sends to reach the daily limit
-  for (let i = 0; i < 5; i++) {
-    ipWarmupManager.recordSend('192.168.1.1');
-  }
-  
-  // Check if we can send more today
-  const canSendMore = ipWarmupManager.canSendMoreToday('192.168.1.1');
-  expect(canSendMore).toEqual(false);
-  
-  // After reaching limit, getBestIPForSending should return null
-  // since there are no available IPs
-  const sixthIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  expect(sixthIP === null).toBeTrue();
-});
-
-// Test recording sends
-tap.test('should record send events correctly', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com'],
-  });
-  
-  // Set allocation policy
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  // Get an IP for sending
-  const ip = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  // If we got an IP, record some sends
-  if (ip) {
-    // Record a few sends
-    for (let i = 0; i < 5; i++) {
-      ipWarmupManager.recordSend(ip);
-    }
-    
-    // Check if we can still send more
-    const canSendMore = ipWarmupManager.canSendMoreToday(ip);
-    expect(typeof canSendMore).toEqual('boolean');
-  }
-});
-
-// Test that DedicatedDomainPolicy assigns IPs correctly
-tap.test('should assign IPs using dedicated domain policy', async () => {
-  resetSingleton();
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2', '192.168.1.3'],
-    targetDomains: ['example.com', 'test.com', 'other.com']
-  });
-  
-  // Set allocation policy to dedicated domains
-  ipWarmupManager.setActiveAllocationPolicy('dedicated');
-  
-  // Check allocation by querying for different domains
-  const ip1 = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  const ip2 = ipWarmupManager.getBestIPForSending({
-    from: 'test@test.com',
-    to: ['recipient@test.com'],
-    domain: 'test.com'
-  });
-  
-  // If we got IPs, they should be consistently assigned
-  if (ip1 && ip2) {
-    // Requesting the same domain again should return the same IP
-    const ip1again = ipWarmupManager.getBestIPForSending({
-      from: 'another@example.com',
-      to: ['recipient@test.com'],
-      domain: 'example.com'
-    });
-    
-    expect(ip1again === ip1).toBeTrue();
-  }
-});
-
-// After all tests, clean up
-tap.test('cleanup', async () => {
-  cleanupTestData();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.jwt-auth.ts

@@ -0,0 +1,131 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+let identity: interfaces.data.IIdentity;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    cacheConfig: { enabled: false },
+  });
+  
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should login with admin credentials and receive JWT', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3000/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+  
+  const response = await loginRequest.fire({
+    username: 'admin',
+    password: 'admin'
+  });
+  
+  expect(response).toHaveProperty('identity');
+  expect(response.identity).toHaveProperty('jwt');
+  expect(response.identity).toHaveProperty('userId');
+  expect(response.identity).toHaveProperty('name');
+  expect(response.identity).toHaveProperty('expiresAt');
+  expect(response.identity).toHaveProperty('role');
+  expect(response.identity.role).toEqual('admin');
+  
+  identity = response.identity;
+  console.log('JWT:', identity.jwt);
+});
+
+tap.test('should verify valid JWT identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+  
+  const response = await verifyRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  expect(response).toHaveProperty('identity');
+  expect(response.identity.userId).toEqual(identity.userId);
+});
+
+tap.test('should reject invalid JWT', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+  
+  const response = await verifyRequest.fire({
+    identity: {
+      ...identity,
+      jwt: 'invalid.jwt.token'
+    }
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeFalse();
+});
+
+tap.test('should verify JWT matches identity data', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+  
+  // The response should contain the same identity data as the JWT
+  const response = await verifyRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  expect(response.identity.expiresAt).toEqual(identity.expiresAt);
+  expect(response.identity.userId).toEqual(identity.userId);
+});
+
+tap.test('should handle logout', async () => {
+  const logoutRequest = new TypedRequest<interfaces.requests.IReq_AdminLogout>(
+    'http://localhost:3000/typedrequest',
+    'adminLogout'
+  );
+  
+  const response = await logoutRequest.fire({
+    identity
+  });
+  
+  expect(response).toHaveProperty('success');
+  expect(response.success).toBeTrue();
+});
+
+tap.test('should reject wrong credentials', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3000/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+  
+  let errorOccurred = false;
+  try {
+    await loginRequest.fire({
+      username: 'admin',
+      password: 'wrongpassword'
+    });
+  } catch (error) {
+    errorOccurred = true;
+    // TypedResponseError is thrown
+    expect(error).toBeTruthy();
+  }
+  
+  expect(errorOccurred).toBeTrue();
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.minimal.ts

@@ -1,66 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-import { IPWarmupManager } from '../ts/deliverability/classes.ipwarmupmanager.js';
-
-/**
- * Basic test to check if our integrated classes work correctly
- */
-tap.test('verify that SenderReputationMonitor and IPWarmupManager are functioning', async (tools) => {
-  // Create instances of both classes
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: true,
-    domains: ['example.com']
-  });
-  
-  const ipWarmupManager = IPWarmupManager.getInstance({
-    enabled: true,
-    ipAddresses: ['192.168.1.1', '192.168.1.2'],
-    targetDomains: ['example.com']
-  });
-  
-  // Test SenderReputationMonitor
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  
-  const reputationData = reputationMonitor.getReputationData('example.com');
-  const summary = reputationMonitor.getReputationSummary();
-  
-  // Basic checks
-  expect(reputationData).toBeTruthy();
-  expect(summary.length).toBeGreaterThan(0);
-  
-  // Add and remove domains
-  reputationMonitor.addDomain('test.com');
-  reputationMonitor.removeDomain('test.com');
-  
-  // Test IPWarmupManager
-  ipWarmupManager.setActiveAllocationPolicy('balanced');
-  
-  const bestIP = ipWarmupManager.getBestIPForSending({
-    from: 'test@example.com',
-    to: ['recipient@test.com'],
-    domain: 'example.com'
-  });
-  
-  if (bestIP) {
-    ipWarmupManager.recordSend(bestIP);
-    const canSendMore = ipWarmupManager.canSendMoreToday(bestIP);
-    expect(canSendMore !== undefined).toBeTrue();
-  }
-  
-  const stageCount = ipWarmupManager.getStageCount();
-  expect(stageCount).toBeGreaterThan(0);
-});
-
-// Final clean-up test
-tap.test('clean up after tests', async () => {
-  // No-op - just to make sure everything is cleaned up properly
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.opsserver-api.ts

@@ -0,0 +1,84 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    cacheConfig: { enabled: false },
+  });
+  
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should respond to health status request', async () => {
+  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
+    'http://localhost:3000/typedrequest',
+    'getHealthStatus'
+  );
+  
+  const response = await healthRequest.fire({
+    detailed: false
+  });
+  
+  expect(response).toHaveProperty('health');
+  expect(response.health.healthy).toBeTrue();
+  expect(response.health.services).toHaveProperty('OpsServer');
+});
+
+tap.test('should respond to server statistics request', async () => {
+  const statsRequest = new TypedRequest<interfaces.requests.IReq_GetServerStatistics>(
+    'http://localhost:3000/typedrequest',
+    'getServerStatistics'
+  );
+  
+  const response = await statsRequest.fire({
+    includeHistory: false
+  });
+  
+  expect(response).toHaveProperty('stats');
+  expect(response.stats).toHaveProperty('uptime');
+  expect(response.stats).toHaveProperty('cpuUsage');
+  expect(response.stats).toHaveProperty('memoryUsage');
+});
+
+tap.test('should respond to configuration request', async () => {
+  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
+    'http://localhost:3000/typedrequest',
+    'getConfiguration'
+  );
+  
+  const response = await configRequest.fire({});
+  
+  expect(response).toHaveProperty('config');
+  expect(response.config).toHaveProperty('email');
+  expect(response.config).toHaveProperty('dns');
+  expect(response.config).toHaveProperty('proxy');
+  expect(response.config).toHaveProperty('security');
+});
+
+tap.test('should handle log retrieval request', async () => {
+  const logsRequest = new TypedRequest<interfaces.requests.IReq_GetRecentLogs>(
+    'http://localhost:3000/typedrequest',
+    'getRecentLogs'
+  );
+  
+  const response = await logsRequest.fire({
+    limit: 10
+  });
+  
+  expect(response).toHaveProperty('logs');
+  expect(response).toHaveProperty('total');
+  expect(response).toHaveProperty('hasMore');
+  expect(response.logs).toBeArray();
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.protected-endpoint.ts

@@ -0,0 +1,120 @@
+import { expect, tap } from '@git.zone/tstest/tapbundle';
+import { DcRouter } from '../ts/index.js';
+import { TypedRequest } from '@api.global/typedrequest';
+import * as interfaces from '../ts_interfaces/index.js';
+
+let testDcRouter: DcRouter;
+let adminIdentity: interfaces.data.IIdentity;
+
+tap.test('should start DCRouter with OpsServer', async () => {
+  testDcRouter = new DcRouter({
+    // Minimal config for testing
+    cacheConfig: { enabled: false },
+  });
+
+  await testDcRouter.start();
+  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
+});
+
+tap.test('should login as admin', async () => {
+  const loginRequest = new TypedRequest<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+    'http://localhost:3000/typedrequest',
+    'adminLoginWithUsernameAndPassword'
+  );
+
+  const response = await loginRequest.fire({
+    username: 'admin',
+    password: 'admin'
+  });
+
+  expect(response).toHaveProperty('identity');
+  adminIdentity = response.identity;
+  console.log('Admin logged in with JWT');
+});
+
+tap.test('should allow admin to verify identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+
+  const response = await verifyRequest.fire({
+    identity: adminIdentity,
+  });
+
+  expect(response).toHaveProperty('valid');
+  expect(response.valid).toBeTrue();
+  console.log('Admin identity verified successfully');
+});
+
+tap.test('should reject verify identity without identity', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+
+  try {
+    await verifyRequest.fire({} as any);
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+    console.log('Successfully rejected request without identity');
+  }
+});
+
+tap.test('should reject verify identity with invalid JWT', async () => {
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
+    'http://localhost:3000/typedrequest',
+    'verifyIdentity'
+  );
+
+  try {
+    await verifyRequest.fire({
+      identity: {
+        ...adminIdentity,
+        jwt: 'invalid.jwt.token'
+      },
+    });
+    expect(true).toBeFalse(); // Should not reach here
+  } catch (error) {
+    expect(error).toBeTruthy();
+    console.log('Successfully rejected request with invalid JWT');
+  }
+});
+
+tap.test('should allow access to public endpoints without auth', async () => {
+  const healthRequest = new TypedRequest<interfaces.requests.IReq_GetHealthStatus>(
+    'http://localhost:3000/typedrequest',
+    'getHealthStatus'
+  );
+
+  // No identity provided
+  const response = await healthRequest.fire({});
+
+  expect(response).toHaveProperty('health');
+  expect(response.health.healthy).toBeTrue();
+  console.log('Public endpoint accessible without auth');
+});
+
+tap.test('should allow read-only config access', async () => {
+  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
+    'http://localhost:3000/typedrequest',
+    'getConfiguration'
+  );
+
+  // Config is read-only and doesn't require auth
+  const response = await configRequest.fire({});
+
+  expect(response).toHaveProperty('config');
+  expect(response.config).toHaveProperty('email');
+  expect(response.config).toHaveProperty('dns');
+  expect(response.config).toHaveProperty('proxy');
+  expect(response.config).toHaveProperty('security');
+  console.log('Configuration read successfully');
+});
+
+tap.test('should stop DCRouter', async () => {
+  await testDcRouter.stop();
+});
+
+export default tap.start();

test/test.ratelimiter.ts

@@ -1,141 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import { RateLimiter } from '../ts/mail/delivery/classes.ratelimiter.js';
-
-tap.test('RateLimiter - should be instantiable', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 10,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  expect(limiter).toBeTruthy();
-});
-
-tap.test('RateLimiter - should allow requests within rate limit', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 5,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Should allow 5 requests
-  for (let i = 0; i < 5; i++) {
-    expect(limiter.isAllowed('test')).toEqual(true);
-  }
-  
-  // 6th request should be denied
-  expect(limiter.isAllowed('test')).toEqual(false);
-});
-
-tap.test('RateLimiter - should enforce per-key limits', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 3,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Should allow 3 requests for key1
-  for (let i = 0; i < 3; i++) {
-    expect(limiter.isAllowed('key1')).toEqual(true);
-  }
-  
-  // 4th request for key1 should be denied
-  expect(limiter.isAllowed('key1')).toEqual(false);
-  
-  // But key2 should still be allowed
-  expect(limiter.isAllowed('key2')).toEqual(true);
-});
-
-tap.test('RateLimiter - should refill tokens over time', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 2,
-    periodMs: 100, // Short period for testing
-    perKey: true
-  });
-  
-  // Use all tokens
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Wait for refill
-  await new Promise(resolve => setTimeout(resolve, 150));
-  
-  // Should have tokens again
-  expect(limiter.isAllowed('test')).toEqual(true);
-});
-
-tap.test('RateLimiter - should support burst allowance', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 2,
-    periodMs: 100,
-    perKey: true,
-    burstTokens: 2, // Allow 2 extra tokens for bursts
-    initialTokens: 4  // Start with max + burst tokens
-  });
-  
-  // Should allow 4 requests (2 regular + 2 burst)
-  for (let i = 0; i < 4; i++) {
-    expect(limiter.isAllowed('test')).toEqual(true);
-  }
-  
-  // 5th request should be denied
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Wait for refill
-  await new Promise(resolve => setTimeout(resolve, 150));
-  
-  // Should have 2 tokens again (rate-limited to normal max, not burst)
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  
-  // 3rd request after refill should fail (only normal max is refilled, not burst)
-  expect(limiter.isAllowed('test')).toEqual(false);
-});
-
-tap.test('RateLimiter - should return correct stats', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 10,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Make some requests
-  limiter.isAllowed('test');
-  limiter.isAllowed('test');
-  limiter.isAllowed('test');
-  
-  // Get stats
-  const stats = limiter.getStats('test');
-  
-  expect(stats.remaining).toEqual(7);
-  expect(stats.limit).toEqual(10);
-  expect(stats.allowed).toEqual(3);
-  expect(stats.denied).toEqual(0);
-});
-
-tap.test('RateLimiter - should reset limits', async () => {
-  const limiter = new RateLimiter({
-    maxPerPeriod: 3,
-    periodMs: 1000,
-    perKey: true
-  });
-  
-  // Use all tokens
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(true);
-  expect(limiter.isAllowed('test')).toEqual(false);
-  
-  // Reset
-  limiter.reset('test');
-  
-  // Should have tokens again
-  expect(limiter.isAllowed('test')).toEqual(true);
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test/test.reputationmonitor.ts

@@ -1,259 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-import { SenderReputationMonitor } from '../ts/deliverability/classes.senderreputationmonitor.js';
-
-// Cleanup any temporary test data
-const cleanupTestData = () => {
-  const reputationDataPath = plugins.path.join(paths.dataDir, 'reputation');
-  if (plugins.fs.existsSync(reputationDataPath)) {
-    // Remove the directory recursively using fs instead of smartfile
-    plugins.fs.rmSync(reputationDataPath, { recursive: true, force: true });
-  }
-};
-
-// Helper to reset the singleton instance between tests
-const resetSingleton = () => {
-  // @ts-ignore - accessing private static field for testing
-  SenderReputationMonitor.instance = null;
-  
-  // Clean up any timeout to prevent race conditions
-  const activeSendReputationMonitors = Array.from(Object.values(global))
-    .filter((item: any) => item && typeof item === 'object' && item._idleTimeout)
-    .filter((item: any) => 
-      item._onTimeout && 
-      item._onTimeout.toString && 
-      item._onTimeout.toString().includes('updateAllDomainMetrics'));
-    
-  // Clear any active timeouts to prevent race conditions
-  activeSendReputationMonitors.forEach((timer: any) => {
-    clearTimeout(timer);
-  });
-};
-
-// Before running any tests
-tap.test('setup', async () => {
-  resetSingleton();
-  cleanupTestData();
-});
-
-// Test initialization of SenderReputationMonitor
-tap.test('should initialize SenderReputationMonitor with default settings', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance();
-  
-  expect(reputationMonitor).toBeTruthy();
-  // Check if the object has the expected methods
-  expect(typeof reputationMonitor.recordSendEvent).toEqual('function');
-  expect(typeof reputationMonitor.getReputationData).toEqual('function');
-  expect(typeof reputationMonitor.getReputationSummary).toEqual('function');
-});
-
-// Test initialization with custom settings
-tap.test('should initialize SenderReputationMonitor with custom settings', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com', 'test.com'],
-    updateFrequency: 12 * 60 * 60 * 1000, // 12 hours
-    alertThresholds: {
-      minReputationScore: 80,
-      maxComplaintRate: 0.05
-    }
-  });
-  
-  // Test adding domains
-  reputationMonitor.addDomain('newdomain.com');
-  
-  // Test retrieving reputation data
-  const data = reputationMonitor.getReputationData('example.com');
-  expect(data).toBeTruthy();
-  expect(data.domain).toEqual('example.com');
-});
-
-// Test recording and tracking send events
-tap.test('should record send events and update metrics', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record a series of events
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: true, count: 3 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: false, count: 2 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'complaint', count: 1 });
-  
-  // Check metrics
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  expect(metrics).toBeTruthy();
-  expect(metrics.volume.sent).toEqual(100);
-  expect(metrics.volume.delivered).toEqual(95);
-  expect(metrics.volume.hardBounces).toEqual(3);
-  expect(metrics.volume.softBounces).toEqual(2);
-  expect(metrics.complaints.total).toEqual(1);
-});
-
-// Test reputation score calculation
-tap.test('should calculate reputation scores correctly', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['high.com', 'medium.com', 'low.com']
-  });
-  
-  // Record events for different domains
-  reputationMonitor.recordSendEvent('high.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('high.com', { type: 'delivered', count: 990 });
-  reputationMonitor.recordSendEvent('high.com', { type: 'open', count: 500 });
-  
-  reputationMonitor.recordSendEvent('medium.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('medium.com', { type: 'delivered', count: 950 });
-  reputationMonitor.recordSendEvent('medium.com', { type: 'open', count: 300 });
-  
-  reputationMonitor.recordSendEvent('low.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('low.com', { type: 'delivered', count: 850 });
-  reputationMonitor.recordSendEvent('low.com', { type: 'open', count: 100 });
-  
-  // Get reputation summary
-  const summary = reputationMonitor.getReputationSummary();
-  expect(Array.isArray(summary)).toBeTrue();
-  expect(summary.length >= 3).toBeTrue();
-  
-  // Check that domains are included in the summary
-  const domains = summary.map(item => item.domain);
-  expect(domains.includes('high.com')).toBeTrue();
-  expect(domains.includes('medium.com')).toBeTrue();
-  expect(domains.includes('low.com')).toBeTrue();
-});
-
-// Test adding and removing domains
-tap.test('should add and remove domains for monitoring', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Add a new domain
-  reputationMonitor.addDomain('newdomain.com');
-  
-  // Record data for the new domain
-  reputationMonitor.recordSendEvent('newdomain.com', { type: 'sent', count: 50 });
-  
-  // Check that data was recorded for the new domain
-  const metrics = reputationMonitor.getReputationData('newdomain.com');
-  expect(metrics).toBeTruthy();
-  expect(metrics.volume.sent).toEqual(50);
-  
-  // Remove a domain
-  reputationMonitor.removeDomain('newdomain.com');
-  
-  // Check that data is no longer available
-  const removedMetrics = reputationMonitor.getReputationData('newdomain.com');
-  expect(removedMetrics === null).toBeTrue();
-});
-
-// Test handling open and click events
-tap.test('should track engagement metrics correctly', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record basic sending metrics
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 950 });
-  
-  // Record engagement events
-  reputationMonitor.recordSendEvent('example.com', { type: 'open', count: 500 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'click', count: 250 });
-  
-  // Check engagement metrics
-  const metrics = reputationMonitor.getReputationData('example.com');
-  expect(metrics).toBeTruthy();
-  expect(metrics.engagement.opens).toEqual(500);
-  expect(metrics.engagement.clicks).toEqual(250);
-  expect(typeof metrics.engagement.openRate).toEqual('number');
-  expect(typeof metrics.engagement.clickRate).toEqual('number');
-});
-
-// Test historical data tracking
-tap.test('should store historical reputation data', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record events over multiple days
-  const today = new Date();
-  const todayStr = today.toISOString().split('T')[0];
-  
-  // Record data
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 1000 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 950 });
-  
-  // Get metrics data
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  // Check that historical data exists
-  expect(metrics.historical).toBeTruthy();
-  expect(metrics.historical.reputationScores).toBeTruthy();
-  
-  // Check that daily send volume is tracked
-  expect(metrics.volume.dailySendVolume).toBeTruthy();
-  expect(metrics.volume.dailySendVolume[todayStr]).toEqual(1000);
-});
-
-// Test event recording for different event types
-tap.test('should correctly handle different event types', async () => {
-  resetSingleton();
-  const reputationMonitor = SenderReputationMonitor.getInstance({
-    enabled: false, // Disable automatic updates to prevent race conditions
-    domains: ['example.com']
-  });
-  
-  // Record different types of events
-  reputationMonitor.recordSendEvent('example.com', { type: 'sent', count: 100 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'delivered', count: 95 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: true, count: 3 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'bounce', hardBounce: false, count: 2 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'complaint', receivingDomain: 'gmail.com', count: 1 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'open', count: 50 });
-  reputationMonitor.recordSendEvent('example.com', { type: 'click', count: 25 });
-  
-  // Check metrics for different event types
-  const metrics = reputationMonitor.getReputationData('example.com');
-  
-  // Check volume metrics
-  expect(metrics.volume.sent).toEqual(100);
-  expect(metrics.volume.delivered).toEqual(95);
-  expect(metrics.volume.hardBounces).toEqual(3);
-  expect(metrics.volume.softBounces).toEqual(2);
-  
-  // Check complaint metrics
-  expect(metrics.complaints.total).toEqual(1);
-  expect(metrics.complaints.topDomains[0].domain).toEqual('gmail.com');
-  
-  // Check engagement metrics
-  expect(metrics.engagement.opens).toEqual(50);
-  expect(metrics.engagement.clicks).toEqual(25);
-});
-
-// After all tests, clean up
-tap.test('cleanup', async () => {
-  resetSingleton();
-  cleanupTestData();
-});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-
-export default tap.start();

test/test.smartmail.ts

@@ -1,248 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-import * as plugins from '../ts/plugins.js';
-import * as paths from '../ts/paths.js';
-
-// Import the components we want to test
-import { EmailValidator } from '../ts/mail/core/classes.emailvalidator.js';
-import { TemplateManager } from '../ts/mail/core/classes.templatemanager.js';
-import { Email } from '../ts/mail/core/classes.email.js';
-
-// Ensure test directories exist
-paths.ensureDirectories();
-
-tap.test('EmailValidator - should validate email formats correctly', async (tools) => {
-  const validator = new EmailValidator();
-  
-  // Test valid email formats
-  expect(validator.isValidFormat('user@example.com')).toBeTrue();
-  expect(validator.isValidFormat('firstname.lastname@example.com')).toBeTrue();
-  expect(validator.isValidFormat('user+tag@example.com')).toBeTrue();
-  
-  // Test invalid email formats
-  expect(validator.isValidFormat('user@')).toBeFalse();
-  expect(validator.isValidFormat('@example.com')).toBeFalse();
-  expect(validator.isValidFormat('user@example')).toBeFalse();
-  expect(validator.isValidFormat('user.example.com')).toBeFalse();
-});
-
-tap.test('EmailValidator - should perform comprehensive validation', async (tools) => {
-  const validator = new EmailValidator();
-  
-  // Test basic validation (syntax-only)
-  const basicResult = await validator.validate('user@example.com', { checkSyntaxOnly: true });
-  expect(basicResult.isValid).toBeTrue();
-  expect(basicResult.details.formatValid).toBeTrue();
-  
-  // We can't reliably test MX validation in all environments, but the function should run
-  const mxResult = await validator.validate('user@example.com', { checkMx: true });
-  expect(typeof mxResult.isValid).toEqual('boolean');
-  expect(typeof mxResult.hasMx).toEqual('boolean');
-});
-
-tap.test('EmailValidator - should detect invalid emails', async (tools) => {
-  const validator = new EmailValidator();
-  
-  const invalidResult = await validator.validate('invalid@@example.com', { checkSyntaxOnly: true });
-  expect(invalidResult.isValid).toBeFalse();
-  expect(invalidResult.details.formatValid).toBeFalse();
-});
-
-tap.test('TemplateManager - should register and retrieve templates', async (tools) => {
-  const templateManager = new TemplateManager({
-    from: 'test@example.com'
-  });
-  
-  // Register a custom template
-  templateManager.registerTemplate({
-    id: 'test-template',
-    name: 'Test Template',
-    description: 'A test template',
-    from: 'test@example.com',
-    subject: 'Test Subject: {{name}}',
-    bodyHtml: '<p>Hello, {{name}}!</p>',
-    bodyText: 'Hello, {{name}}!',
-    category: 'test'
-  });
-  
-  // Get the template back
-  const template = templateManager.getTemplate('test-template');
-  expect(template).toBeTruthy();
-  expect(template.id).toEqual('test-template');
-  expect(template.subject).toEqual('Test Subject: {{name}}');
-  
-  // List templates
-  const templates = templateManager.listTemplates();
-  expect(templates.length > 0).toBeTrue();
-  expect(templates.some(t => t.id === 'test-template')).toBeTrue();
-});
-
-tap.test('TemplateManager - should create smartmail from template', async (tools) => {
-  const templateManager = new TemplateManager({
-    from: 'test@example.com'
-  });
-  
-  // Register a template
-  templateManager.registerTemplate({
-    id: 'welcome-test',
-    name: 'Welcome Test',
-    description: 'A welcome test template',
-    from: 'welcome@example.com',
-    subject: 'Welcome, {{name}}!',
-    bodyHtml: '<p>Hello, {{name}}! Welcome to our service.</p>',
-    bodyText: 'Hello, {{name}}! Welcome to our service.',
-    category: 'test'
-  });
-  
-  // Create smartmail from template
-  const smartmail = await templateManager.createSmartmail('welcome-test', {
-    name: 'John Doe'
-  });
-  
-  expect(smartmail).toBeTruthy();
-  expect(smartmail.options.from).toEqual('welcome@example.com');
-  expect(smartmail.getSubject()).toEqual('Welcome, John Doe!');
-  expect(smartmail.getBody(true).indexOf('Hello, John Doe!') > -1).toBeTrue();
-});
-
-tap.test('Email - should handle template variables', async (tools) => {
-  // Create email with variables
-  const email = new Email({
-    from: 'sender@example.com',
-    to: 'recipient@example.com',
-    subject: 'Hello {{name}}!',
-    text: 'Welcome, {{name}}! Your order #{{orderId}} has been processed.',
-    html: '<p>Welcome, <strong>{{name}}</strong>! Your order #{{orderId}} has been processed.</p>',
-    variables: {
-      name: 'John Doe',
-      orderId: '12345'
-    }
-  });
-  
-  // Test variable substitution
-  expect(email.getSubjectWithVariables()).toEqual('Hello John Doe!');
-  expect(email.getTextWithVariables()).toEqual('Welcome, John Doe! Your order #12345 has been processed.');
-  expect(email.getHtmlWithVariables().indexOf('<strong>John Doe</strong>') > -1).toBeTrue();
-  
-  // Test with additional variables
-  const additionalVars = {
-    name: 'Jane Smith', // Override existing variable
-    status: 'shipped'   // Add new variable
-  };
-  
-  expect(email.getSubjectWithVariables(additionalVars)).toEqual('Hello Jane Smith!');
-  
-  // Add a new variable
-  email.setVariable('trackingNumber', 'TRK123456');
-  expect(email.getTextWithVariables().indexOf('12345') > -1).toBeTrue();
-  
-  // Update multiple variables at once
-  email.setVariables({
-    orderId: '67890',
-    status: 'delivered'
-  });
-  
-  expect(email.getTextWithVariables().indexOf('67890') > -1).toBeTrue();
-});
-
-tap.test('Email and Smartmail compatibility - should convert between formats', async (tools) => {
-  // Create a Smartmail instance
-  const smartmail = new plugins.smartmail.Smartmail({
-    from: 'smartmail@example.com',
-    subject: 'Test Subject',
-    body: '<p>This is a test email.</p>',
-    creationObjectRef: {
-      orderId: '12345'
-    }
-  });
-  
-  // Add recipient and attachment
-  smartmail.addRecipient('recipient@example.com');
-  
-  const attachment = await plugins.smartfile.SmartFile.fromString(
-    'test.txt',
-    'This is a test attachment',
-    'utf8',
-  );
-  
-  smartmail.addAttachment(attachment);
-  
-  // Convert to Email
-  const resolvedSmartmail = await smartmail;
-  const email = Email.fromSmartmail(resolvedSmartmail);
-  
-  // Verify first conversion (Smartmail to Email)
-  expect(email.from).toEqual('smartmail@example.com');
-  expect(email.to.indexOf('recipient@example.com') > -1).toBeTrue();
-  expect(email.subject).toEqual('Test Subject');
-  expect(email.html?.indexOf('This is a test email') > -1).toBeTrue();
-  expect(email.attachments.length).toEqual(1);
-  
-  // Convert back to Smartmail
-  const convertedSmartmail = await email.toSmartmail();
-  
-  // Verify second conversion (Email back to Smartmail) with simplified assertions
-  expect(convertedSmartmail.options.from).toEqual('smartmail@example.com');
-  expect(Array.isArray(convertedSmartmail.options.to)).toBeTrue();
-  expect(convertedSmartmail.options.to.length).toEqual(1);
-  expect(convertedSmartmail.getSubject()).toEqual('Test Subject');
-  expect(convertedSmartmail.getBody(true).indexOf('This is a test email') > -1).toBeTrue();
-  expect(convertedSmartmail.attachments.length).toEqual(1);
-});
-
-tap.test('Email - should validate email addresses', async (tools) => {
-  // Attempt to create an email with invalid addresses
-  let errorThrown = false;
-  
-  try {
-    const email = new Email({
-      from: 'invalid-email',
-      to: 'recipient@example.com',
-      subject: 'Test',
-      text: 'Test'
-    });
-  } catch (error) {
-    errorThrown = true;
-    expect(error.message.indexOf('Invalid sender email address') > -1).toBeTrue();
-  }
-  
-  expect(errorThrown).toBeTrue();
-  
-  // Attempt with invalid recipient
-  errorThrown = false;
-  
-  try {
-    const email = new Email({
-      from: 'sender@example.com',
-      to: 'invalid-recipient',
-      subject: 'Test',
-      text: 'Test'
-    });
-  } catch (error) {
-    errorThrown = true;
-    expect(error.message.indexOf('Invalid recipient email address') > -1).toBeTrue();
-  }
-  
-  expect(errorThrown).toBeTrue();
-  
-  // Valid email should not throw
-  let validEmail: Email;
-  try {
-    validEmail = new Email({
-      from: 'sender@example.com',
-      to: 'recipient@example.com',
-      subject: 'Test',
-      text: 'Test'
-    });
-    
-    expect(validEmail).toBeTruthy();
-    expect(validEmail.from).toEqual('sender@example.com');
-  } catch (error) {
-    expect(error === undefined).toBeTrue(); // This should not happen
-  }
-});
-
-tap.test('stop', async () => {
-  tap.stopForcefully();
-})
-
-export default tap.start();

test/test.storagemanager.ts

@@ -0,0 +1,289 @@
+import { tap, expect } from '@git.zone/tstest/tapbundle';
+import * as plugins from '../ts/plugins.js';
+import * as paths from '../ts/paths.js';
+import { StorageManager } from '../ts/storage/classes.storagemanager.js';
+import { promises as fs } from 'fs';
+import * as path from 'path';
+
+// Test data
+const testData = {
+  string: 'Hello, World!',
+  json: { name: 'test', value: 42, nested: { data: true } },
+  largeString: 'x'.repeat(10000)
+};
+
+tap.test('Storage Manager - Memory Backend', async () => {
+  // Create StorageManager without config (defaults to memory)
+  const storage = new StorageManager();
+  
+  // Test basic get/set
+  await storage.set('/test/key', testData.string);
+  const value = await storage.get('/test/key');
+  expect(value).toEqual(testData.string);
+  
+  // Test JSON helpers
+  await storage.setJSON('/test/json', testData.json);
+  const jsonValue = await storage.getJSON('/test/json');
+  expect(jsonValue).toEqual(testData.json);
+  
+  // Test exists
+  expect(await storage.exists('/test/key')).toEqual(true);
+  expect(await storage.exists('/nonexistent')).toEqual(false);
+  
+  // Test delete
+  await storage.delete('/test/key');
+  expect(await storage.exists('/test/key')).toEqual(false);
+  
+  // Test list
+  await storage.set('/items/1', 'one');
+  await storage.set('/items/2', 'two');
+  await storage.set('/other/3', 'three');
+  
+  const items = await storage.list('/items');
+  expect(items.length).toEqual(2);
+  expect(items).toContain('/items/1');
+  expect(items).toContain('/items/2');
+  
+  // Verify memory backend
+  expect(storage.getBackend()).toEqual('memory');
+});
+
+tap.test('Storage Manager - Filesystem Backend', async () => {
+  const testDir = path.join(paths.dataDir, '.test-storage');
+  
+  // Clean up test directory if it exists
+  try {
+    await fs.rm(testDir, { recursive: true, force: true });
+  } catch {}
+  
+  // Create StorageManager with filesystem path
+  const storage = new StorageManager({ fsPath: testDir });
+  
+  // Test basic operations
+  await storage.set('/test/file', testData.string);
+  const value = await storage.get('/test/file');
+  expect(value).toEqual(testData.string);
+  
+  // Verify file exists on disk
+  const filePath = path.join(testDir, 'test', 'file');
+  const fileExists = await fs.access(filePath).then(() => true).catch(() => false);
+  expect(fileExists).toEqual(true);
+  
+  // Test atomic writes (temp file should not exist)
+  const tempPath = filePath + '.tmp';
+  const tempExists = await fs.access(tempPath).then(() => true).catch(() => false);
+  expect(tempExists).toEqual(false);
+  
+  // Test nested paths
+  await storage.set('/deeply/nested/path/to/file', testData.largeString);
+  const nestedValue = await storage.get('/deeply/nested/path/to/file');
+  expect(nestedValue).toEqual(testData.largeString);
+  
+  // Test list with filesystem
+  await storage.set('/fs/items/a', 'alpha');
+  await storage.set('/fs/items/b', 'beta');
+  await storage.set('/fs/other/c', 'gamma');
+  
+  // Filesystem backend now properly supports list
+  const fsItems = await storage.list('/fs/items');
+  expect(fsItems.length).toEqual(2); // Should find both items
+  
+  // Clean up
+  await fs.rm(testDir, { recursive: true, force: true });
+});
+
+tap.test('Storage Manager - Custom Function Backend', async () => {
+  // Create in-memory storage for custom functions
+  const customStore = new Map<string, string>();
+  
+  const storage = new StorageManager({
+    readFunction: async (key: string) => {
+      return customStore.get(key) || null;
+    },
+    writeFunction: async (key: string, value: string) => {
+      customStore.set(key, value);
+    }
+  });
+  
+  // Test basic operations
+  await storage.set('/custom/key', testData.string);
+  expect(customStore.has('/custom/key')).toEqual(true);
+  
+  const value = await storage.get('/custom/key');
+  expect(value).toEqual(testData.string);
+  
+  // Test that delete sets empty value (as per implementation)
+  await storage.delete('/custom/key');
+  expect(customStore.get('/custom/key')).toEqual('');
+  
+  // Verify custom backend (filesystem is implemented as custom backend internally)
+  expect(storage.getBackend()).toEqual('custom');
+});
+
+tap.test('Storage Manager - Key Validation', async () => {
+  const storage = new StorageManager();
+  
+  // Test key normalization
+  await storage.set('test/key', 'value1'); // Missing leading slash
+  const value1 = await storage.get('/test/key');
+  expect(value1).toEqual('value1');
+  
+  // Test dangerous path elements are removed
+  await storage.set('/test/../danger/key', 'value2');
+  const value2 = await storage.get('/test/danger/key'); // .. is removed, not the whole path segment
+  expect(value2).toEqual('value2');
+  
+  // Test multiple slashes are normalized
+  await storage.set('/test///multiple////slashes', 'value3');
+  const value3 = await storage.get('/test/multiple/slashes');
+  expect(value3).toEqual('value3');
+  
+  // Test invalid keys throw errors
+  let emptyKeyError: Error | null = null;
+  try {
+    await storage.set('', 'value');
+  } catch (error) {
+    emptyKeyError = error as Error;
+  }
+  expect(emptyKeyError).toBeTruthy();
+  expect(emptyKeyError?.message).toEqual('Storage key must be a non-empty string');
+  
+  let nullKeyError: Error | null = null;
+  try {
+    await storage.set(null as any, 'value');
+  } catch (error) {
+    nullKeyError = error as Error;
+  }
+  expect(nullKeyError).toBeTruthy();
+  expect(nullKeyError?.message).toEqual('Storage key must be a non-empty string');
+});
+
+tap.test('Storage Manager - Concurrent Access', async () => {
+  const storage = new StorageManager();
+  const promises: Promise<void>[] = [];
+  
+  // Simulate concurrent writes
+  for (let i = 0; i < 100; i++) {
+    promises.push(storage.set(`/concurrent/key${i}`, `value${i}`));
+  }
+  
+  await Promise.all(promises);
+  
+  // Verify all writes succeeded
+  for (let i = 0; i < 100; i++) {
+    const value = await storage.get(`/concurrent/key${i}`);
+    expect(value).toEqual(`value${i}`);
+  }
+  
+  // Test concurrent reads
+  const readPromises: Promise<string | null>[] = [];
+  for (let i = 0; i < 100; i++) {
+    readPromises.push(storage.get(`/concurrent/key${i}`));
+  }
+  
+  const results = await Promise.all(readPromises);
+  for (let i = 0; i < 100; i++) {
+    expect(results[i]).toEqual(`value${i}`);
+  }
+});
+
+tap.test('Storage Manager - Backend Priority', async () => {
+  const testDir = path.join(paths.dataDir, '.test-storage-priority');
+  
+  // Test that custom functions take priority over fsPath
+  let warningLogged = false;
+  const originalWarn = console.warn;
+  console.warn = (message: string) => {
+    if (message.includes('Using custom read/write functions')) {
+      warningLogged = true;
+    }
+  };
+  
+  const storage = new StorageManager({
+    fsPath: testDir,
+    readFunction: async () => 'custom-value',
+    writeFunction: async () => {}
+  });
+  
+  console.warn = originalWarn;
+  
+  expect(warningLogged).toEqual(true);
+  expect(storage.getBackend()).toEqual('custom'); // Custom functions take priority
+  
+  // Clean up
+  try {
+    await fs.rm(testDir, { recursive: true, force: true });
+  } catch {}
+});
+
+tap.test('Storage Manager - Error Handling', async () => {
+  // Test filesystem errors
+  const storage = new StorageManager({
+    readFunction: async () => {
+      throw new Error('Read error');
+    },
+    writeFunction: async () => {
+      throw new Error('Write error');
+    }
+  });
+  
+  // Read errors should return null
+  const value = await storage.get('/error/key');
+  expect(value).toEqual(null);
+  
+  // Write errors should propagate
+  let writeError: Error | null = null;
+  try {
+    await storage.set('/error/key', 'value');
+  } catch (error) {
+    writeError = error as Error;
+  }
+  expect(writeError).toBeTruthy();
+  expect(writeError?.message).toEqual('Write error');
+  
+  // Test JSON parse errors
+  const jsonStorage = new StorageManager({
+    readFunction: async () => 'invalid json',
+    writeFunction: async () => {}
+  });
+  
+  // Test JSON parse errors
+  let jsonError: Error | null = null;
+  try {
+    await jsonStorage.getJSON('/invalid/json');
+  } catch (error) {
+    jsonError = error as Error;
+  }
+  expect(jsonError).toBeTruthy();
+  expect(jsonError?.message).toContain('JSON');
+});
+
+tap.test('Storage Manager - List Operations', async () => {
+  const storage = new StorageManager();
+  
+  // Populate storage with hierarchical data
+  await storage.set('/app/config/database', 'db-config');
+  await storage.set('/app/config/cache', 'cache-config');
+  await storage.set('/app/data/users/1', 'user1');
+  await storage.set('/app/data/users/2', 'user2');
+  await storage.set('/app/logs/error.log', 'errors');
+  
+  // List root
+  const rootItems = await storage.list('/');
+  expect(rootItems.length).toBeGreaterThanOrEqual(5);
+  
+  // List specific paths
+  const configItems = await storage.list('/app/config');
+  expect(configItems.length).toEqual(2);
+  expect(configItems).toContain('/app/config/database');
+  expect(configItems).toContain('/app/config/cache');
+  
+  const userItems = await storage.list('/app/data/users');
+  expect(userItems.length).toEqual(2);
+  
+  // List non-existent path
+  const emptyList = await storage.list('/nonexistent/path');
+  expect(emptyList.length).toEqual(0);
+});
+
+export default tap.start();

test/test.ts

@@ -1,9 +0,0 @@
-import { tap, expect } from '@git.zone/tstest/tapbundle';
-
-tap.test('should create a platform service', async () => {});
-
-tap.test('stop', async () => {
-  await tap.stopForcefully();
-});
-
-export default tap.start();

test_watch/devserver.ts

@@ -0,0 +1,35 @@
+import { DcRouter } from '../ts/index.js';
+
+const devRouter = new DcRouter({
+  // Configure services as needed for development
+  // OpsServer always starts on port 3000
+
+  // Example: Add SmartProxy routes
+  // smartProxyConfig: {
+  //   routes: [...]
+  // },
+
+  // Example: Add email configuration
+  // emailConfig: {
+  //   ports: [2525],
+  //   hostname: 'localhost',
+  //   domains: [],
+  //   routes: []
+  // },
+});
+
+console.log('Starting DcRouter in development mode...');
+
+await devRouter.start();
+
+// Graceful shutdown handlers
+const shutdown = async () => {
+  console.log('\nShutting down...');
+  await devRouter.stop();
+  process.exit(0);
+};
+
+process.on('SIGINT', shutdown);
+process.on('SIGTERM', shutdown);
+
+console.log('DcRouter dev server running. Press Ctrl+C to stop.');

ts/00_commitinfo_data.ts

@@ -2,7 +2,7 @@
  * autocreated commitinfo by @push.rocks/commitinfo
  */
 export const commitinfo = {
-  name: '@serve.zone/platformservice',
-  version: '2.12.0',
-  description: 'A multifaceted platform service handling mail, SMS, letter delivery, and AI services.'
+  name: '@serve.zone/dcrouter',
+  version: '6.7.0',
+  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }

ts/aibridge/classes.aibridge.ts

@@ -1,3 +0,0 @@
-export class AIBridge {
-  
-}

ts/cache/classes.cache.cleaner.ts

@@ -0,0 +1,166 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { CacheDb } from './classes.cachedb.js';
+
+// Import document classes for cleanup
+import { CachedEmail } from './documents/classes.cached.email.js';
+import { CachedIPReputation } from './documents/classes.cached.ip.reputation.js';
+
+/**
+ * Configuration for the cache cleaner
+ */
+export interface ICacheCleanerOptions {
+  /** Cleanup interval in milliseconds (default: 1 hour) */
+  intervalMs?: number;
+  /** Enable verbose logging */
+  verbose?: boolean;
+}
+
+/**
+ * CacheCleaner - Periodically removes expired documents from the cache
+ *
+ * Runs on a configurable interval (default: hourly) and queries each
+ * collection for documents where expiresAt < now(), then deletes them.
+ */
+export class CacheCleaner {
+  private cleanupInterval: ReturnType<typeof setInterval> | null = null;
+  private isRunning: boolean = false;
+  private options: Required<ICacheCleanerOptions>;
+  private cacheDb: CacheDb;
+
+  constructor(cacheDb: CacheDb, options: ICacheCleanerOptions = {}) {
+    this.cacheDb = cacheDb;
+    this.options = {
+      intervalMs: options.intervalMs || 60 * 60 * 1000, // 1 hour default
+      verbose: options.verbose || false,
+    };
+  }
+
+  /**
+   * Start the periodic cleanup process
+   */
+  public start(): void {
+    if (this.isRunning) {
+      logger.log('warn', 'CacheCleaner already running');
+      return;
+    }
+
+    this.isRunning = true;
+
+    // Run cleanup immediately on start
+    this.runCleanup().catch((error) => {
+      logger.log('error', `Initial cache cleanup failed: ${error.message}`);
+    });
+
+    // Schedule periodic cleanup
+    this.cleanupInterval = setInterval(() => {
+      this.runCleanup().catch((error) => {
+        logger.log('error', `Cache cleanup failed: ${error.message}`);
+      });
+    }, this.options.intervalMs);
+
+    logger.log(
+      'info',
+      `CacheCleaner started with interval: ${this.options.intervalMs / 1000 / 60} minutes`
+    );
+  }
+
+  /**
+   * Stop the periodic cleanup process
+   */
+  public stop(): void {
+    if (!this.isRunning) {
+      return;
+    }
+
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+
+    this.isRunning = false;
+    logger.log('info', 'CacheCleaner stopped');
+  }
+
+  /**
+   * Run a single cleanup cycle
+   */
+  public async runCleanup(): Promise<void> {
+    if (!this.cacheDb.isReady()) {
+      logger.log('warn', 'CacheDb not ready, skipping cleanup');
+      return;
+    }
+
+    const now = new Date();
+    const results: { collection: string; deleted: number }[] = [];
+
+    try {
+      const emailsDeleted = await this.cleanExpiredDocuments(CachedEmail, now);
+      results.push({ collection: 'CachedEmail', deleted: emailsDeleted });
+
+      const ipReputationDeleted = await this.cleanExpiredDocuments(CachedIPReputation, now);
+      results.push({ collection: 'CachedIPReputation', deleted: ipReputationDeleted });
+
+      // Log results
+      const totalDeleted = results.reduce((sum, r) => sum + r.deleted, 0);
+      if (totalDeleted > 0 || this.options.verbose) {
+        const summary = results
+          .filter((r) => r.deleted > 0)
+          .map((r) => `${r.collection}: ${r.deleted}`)
+          .join(', ');
+        logger.log(
+          'info',
+          `Cache cleanup completed. Deleted ${totalDeleted} expired documents. ${summary || 'No deletions.'}`
+        );
+      }
+    } catch (error) {
+      logger.log('error', `Cache cleanup error: ${error.message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Clean expired documents from a specific collection using smartdata API
+   */
+  private async cleanExpiredDocuments<T extends { delete: () => Promise<void> }>(
+    documentClass: { getInstances: (filter: any) => Promise<T[]> },
+    now: Date
+  ): Promise<number> {
+    try {
+      // Find all expired documents
+      const expiredDocs = await documentClass.getInstances({
+        expiresAt: { $lt: now },
+      });
+
+      // Delete each expired document
+      let deletedCount = 0;
+      for (const doc of expiredDocs) {
+        try {
+          await doc.delete();
+          deletedCount++;
+        } catch (deleteError) {
+          logger.log('warn', `Failed to delete expired document: ${deleteError.message}`);
+        }
+      }
+
+      return deletedCount;
+    } catch (error) {
+      logger.log('error', `Error cleaning collection: ${error.message}`);
+      return 0;
+    }
+  }
+
+  /**
+   * Check if the cleaner is running
+   */
+  public isActive(): boolean {
+    return this.isRunning;
+  }
+
+  /**
+   * Get the cleanup interval in milliseconds
+   */
+  public getIntervalMs(): number {
+    return this.options.intervalMs;
+  }
+}

ts/cache/classes.cached.document.ts

@@ -0,0 +1,111 @@
+import * as plugins from '../plugins.js';
+
+/**
+ * Base class for all cached documents with TTL support
+ *
+ * Extends smartdata's SmartDataDbDoc to add:
+ * - Automatic timestamps (createdAt, lastAccessedAt)
+ * - TTL/expiration support (expiresAt)
+ * - Helper methods for TTL management
+ *
+ * NOTE: Subclasses MUST add @svDb() decorators to createdAt, expiresAt, and lastAccessedAt
+ * since decorators on abstract classes don't propagate correctly.
+ */
+export abstract class CachedDocument<T extends CachedDocument<T>> extends plugins.smartdata.SmartDataDbDoc<T, T> {
+  /**
+   * Timestamp when the document was created
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public createdAt: Date = new Date();
+
+  /**
+   * Timestamp when the document expires and should be cleaned up
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public expiresAt: Date;
+
+  /**
+   * Timestamp of last access (for LRU-style eviction if needed)
+   * NOTE: Subclasses must add @svDb() decorator
+   */
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * Set the TTL (time to live) for this document
+   * @param ttlMs Time to live in milliseconds
+   */
+  public setTTL(ttlMs: number): void {
+    this.expiresAt = new Date(Date.now() + ttlMs);
+  }
+
+  /**
+   * Set TTL using days
+   * @param days Number of days until expiration
+   */
+  public setTTLDays(days: number): void {
+    this.setTTL(days * 24 * 60 * 60 * 1000);
+  }
+
+  /**
+   * Set TTL using hours
+   * @param hours Number of hours until expiration
+   */
+  public setTTLHours(hours: number): void {
+    this.setTTL(hours * 60 * 60 * 1000);
+  }
+
+  /**
+   * Check if this document has expired
+   */
+  public isExpired(): boolean {
+    if (!this.expiresAt) {
+      return false; // No expiration set
+    }
+    return new Date() > this.expiresAt;
+  }
+
+  /**
+   * Update the lastAccessedAt timestamp
+   */
+  public touch(): void {
+    this.lastAccessedAt = new Date();
+  }
+
+  /**
+   * Get remaining TTL in milliseconds
+   * Returns 0 if expired, -1 if no expiration set
+   */
+  public getRemainingTTL(): number {
+    if (!this.expiresAt) {
+      return -1;
+    }
+    const remaining = this.expiresAt.getTime() - Date.now();
+    return remaining > 0 ? remaining : 0;
+  }
+
+  /**
+   * Extend the TTL by the specified milliseconds from now
+   * @param ttlMs Additional time to live in milliseconds
+   */
+  public extendTTL(ttlMs: number): void {
+    this.expiresAt = new Date(Date.now() + ttlMs);
+  }
+
+  /**
+   * Set the document to never expire (100 years in the future)
+   */
+  public setNeverExpires(): void {
+    this.expiresAt = new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1000);
+  }
+}
+
+/**
+ * TTL constants in milliseconds
+ */
+export const TTL = {
+  HOURS_1: 1 * 60 * 60 * 1000,
+  HOURS_24: 24 * 60 * 60 * 1000,
+  DAYS_7: 7 * 24 * 60 * 60 * 1000,
+  DAYS_30: 30 * 24 * 60 * 60 * 1000,
+  DAYS_90: 90 * 24 * 60 * 60 * 1000,
+} as const;

ts/cache/classes.cachedb.ts

@@ -0,0 +1,155 @@
+import * as plugins from '../plugins.js';
+import { logger } from '../logger.js';
+import { defaultTsmDbPath } from '../paths.js';
+
+/**
+ * Configuration options for CacheDb
+ */
+export interface ICacheDbOptions {
+  /** Base storage path for TsmDB data (default: ~/.serve.zone/dcrouter/tsmdb) */
+  storagePath?: string;
+  /** Database name (default: dcrouter) */
+  dbName?: string;
+  /** Enable debug logging */
+  debug?: boolean;
+}
+
+/**
+ * CacheDb - Wrapper around LocalTsmDb and smartdata
+ *
+ * Provides persistent caching using smartdata as the ORM layer
+ * and LocalTsmDb as the embedded database engine.
+ */
+export class CacheDb {
+  private static instance: CacheDb | null = null;
+
+  private localTsmDb: plugins.smartmongo.LocalTsmDb;
+  private smartdataDb: plugins.smartdata.SmartdataDb;
+  private options: Required<ICacheDbOptions>;
+  private isStarted: boolean = false;
+
+  constructor(options: ICacheDbOptions = {}) {
+    this.options = {
+      storagePath: options.storagePath || defaultTsmDbPath,
+      dbName: options.dbName || 'dcrouter',
+      debug: options.debug || false,
+    };
+  }
+
+  /**
+   * Get or create the singleton instance
+   */
+  public static getInstance(options?: ICacheDbOptions): CacheDb {
+    if (!CacheDb.instance) {
+      CacheDb.instance = new CacheDb(options);
+    }
+    return CacheDb.instance;
+  }
+
+  /**
+   * Reset the singleton instance (useful for testing)
+   */
+  public static resetInstance(): void {
+    CacheDb.instance = null;
+  }
+
+  /**
+   * Start the cache database
+   * - Initializes LocalTsmDb with file persistence
+   * - Connects smartdata to the LocalTsmDb via Unix socket
+   */
+  public async start(): Promise<void> {
+    if (this.isStarted) {
+      logger.log('warn', 'CacheDb already started');
+      return;
+    }
+
+    try {
+      // Ensure storage directory exists
+      await plugins.fsUtils.ensureDir(this.options.storagePath);
+
+      // Create LocalTsmDb instance
+      this.localTsmDb = new plugins.smartmongo.LocalTsmDb({
+        folderPath: this.options.storagePath,
+      });
+
+      // Start LocalTsmDb and get connection info
+      const connectionInfo = await this.localTsmDb.start();
+
+      if (this.options.debug) {
+        logger.log('debug', `LocalTsmDb started with URI: ${connectionInfo.connectionUri}`);
+      }
+
+      // Initialize smartdata with the connection URI
+      this.smartdataDb = new plugins.smartdata.SmartdataDb({
+        mongoDbUrl: connectionInfo.connectionUri,
+        mongoDbName: this.options.dbName,
+      });
+      await this.smartdataDb.init();
+
+      this.isStarted = true;
+      logger.log('info', `CacheDb started at ${this.options.storagePath}`);
+    } catch (error) {
+      logger.log('error', `Failed to start CacheDb: ${error.message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Stop the cache database
+   */
+  public async stop(): Promise<void> {
+    if (!this.isStarted) {
+      return;
+    }
+
+    try {
+      // Close smartdata connection
+      if (this.smartdataDb) {
+        await this.smartdataDb.close();
+      }
+
+      // Stop LocalTsmDb
+      if (this.localTsmDb) {
+        await this.localTsmDb.stop();
+      }
+
+      this.isStarted = false;
+      logger.log('info', 'CacheDb stopped');
+    } catch (error) {
+      logger.log('error', `Error stopping CacheDb: ${error.message}`);
+      throw error;
+    }
+  }
+
+  /**
+   * Get the smartdata database instance
+   */
+  public getDb(): plugins.smartdata.SmartdataDb {
+    if (!this.isStarted) {
+      throw new Error('CacheDb not started. Call start() first.');
+    }
+    return this.smartdataDb;
+  }
+
+  /**
+   * Check if the database is ready
+   */
+  public isReady(): boolean {
+    return this.isStarted;
+  }
+
+  /**
+   * Get the storage path
+   */
+  public getStoragePath(): string {
+    return this.options.storagePath;
+  }
+
+  /**
+   * Get the database name
+   */
+  public getDbName(): string {
+    return this.options.dbName;
+  }
+}

ts/cache/documents/classes.cached.email.ts

@@ -0,0 +1,240 @@
+import * as plugins from '../../plugins.js';
+import { CachedDocument, TTL } from '../classes.cached.document.js';
+import { CacheDb } from '../classes.cachedb.js';
+
+/**
+ * Email status in the cache
+ */
+export type TCachedEmailStatus = 'pending' | 'processing' | 'delivered' | 'failed' | 'deferred';
+
+/**
+ * Helper to get the smartdata database instance
+ */
+const getDb = () => CacheDb.getInstance().getDb();
+
+/**
+ * CachedEmail - Stores email queue items in the cache
+ *
+ * Used for persistent email queue storage, tracking delivery status,
+ * and maintaining email history for the configured TTL period.
+ */
+@plugins.smartdata.Collection(() => getDb())
+export class CachedEmail extends CachedDocument<CachedEmail> {
+  // TTL fields from base class (decorators required on concrete class)
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.DAYS_30);
+
+  @plugins.smartdata.svDb()
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * Unique identifier for this email
+   */
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public id: string;
+
+  /**
+   * Email message ID (RFC 822 Message-ID header)
+   */
+  @plugins.smartdata.svDb()
+  public messageId: string;
+
+  /**
+   * Sender email address (envelope from)
+   */
+  @plugins.smartdata.svDb()
+  public from: string;
+
+  /**
+   * Recipient email addresses
+   */
+  @plugins.smartdata.svDb()
+  public to: string[];
+
+  /**
+   * CC recipients
+   */
+  @plugins.smartdata.svDb()
+  public cc: string[];
+
+  /**
+   * BCC recipients
+   */
+  @plugins.smartdata.svDb()
+  public bcc: string[];
+
+  /**
+   * Email subject
+   */
+  @plugins.smartdata.svDb()
+  public subject: string;
+
+  /**
+   * Raw RFC822 email content
+   */
+  @plugins.smartdata.svDb()
+  public rawContent: string;
+
+  /**
+   * Current status of the email
+   */
+  @plugins.smartdata.svDb()
+  public status: TCachedEmailStatus;
+
+  /**
+   * Number of delivery attempts
+   */
+  @plugins.smartdata.svDb()
+  public attempts: number = 0;
+
+  /**
+   * Maximum number of delivery attempts
+   */
+  @plugins.smartdata.svDb()
+  public maxAttempts: number = 3;
+
+  /**
+   * Timestamp for next delivery attempt
+   */
+  @plugins.smartdata.svDb()
+  public nextAttempt: Date;
+
+  /**
+   * Last error message if delivery failed
+   */
+  @plugins.smartdata.svDb()
+  public lastError: string;
+
+  /**
+   * Timestamp when the email was successfully delivered
+   */
+  @plugins.smartdata.svDb()
+  public deliveredAt: Date;
+
+  /**
+   * Sender domain (for querying/filtering)
+   */
+  @plugins.smartdata.svDb()
+  public senderDomain: string;
+
+  /**
+   * Priority level (higher = more important)
+   */
+  @plugins.smartdata.svDb()
+  public priority: number = 0;
+
+  /**
+   * JSON-serialized route data
+   */
+  @plugins.smartdata.svDb()
+  public routeData: string;
+
+  /**
+   * DKIM signature status
+   */
+  @plugins.smartdata.svDb()
+  public dkimSigned: boolean = false;
+
+  constructor() {
+    super();
+    this.setTTL(TTL.DAYS_30); // Default 30-day TTL
+    this.status = 'pending';
+    this.to = [];
+    this.cc = [];
+    this.bcc = [];
+  }
+
+  /**
+   * Create a new CachedEmail with a unique ID
+   */
+  public static createNew(): CachedEmail {
+    const email = new CachedEmail();
+    email.id = plugins.uuid.v4();
+    return email;
+  }
+
+  /**
+   * Find an email by ID
+   */
+  public static async findById(id: string): Promise<CachedEmail | null> {
+    return await CachedEmail.getInstance({
+      id,
+    });
+  }
+
+  /**
+   * Find all emails with a specific status
+   */
+  public static async findByStatus(status: TCachedEmailStatus): Promise<CachedEmail[]> {
+    return await CachedEmail.getInstances({
+      status,
+    });
+  }
+
+  /**
+   * Find all emails pending delivery (status = pending and nextAttempt <= now)
+   */
+  public static async findPendingForDelivery(): Promise<CachedEmail[]> {
+    const now = new Date();
+    return await CachedEmail.getInstances({
+      status: 'pending',
+      nextAttempt: { $lte: now },
+    });
+  }
+
+  /**
+   * Find emails by sender domain
+   */
+  public static async findBySenderDomain(domain: string): Promise<CachedEmail[]> {
+    return await CachedEmail.getInstances({
+      senderDomain: domain,
+    });
+  }
+
+  /**
+   * Mark as delivered
+   */
+  public markDelivered(): void {
+    this.status = 'delivered';
+    this.deliveredAt = new Date();
+  }
+
+  /**
+   * Mark as failed with error
+   */
+  public markFailed(error: string): void {
+    this.status = 'failed';
+    this.lastError = error;
+  }
+
+  /**
+   * Increment attempt counter and schedule next attempt
+   */
+  public scheduleRetry(delayMs: number = 5 * 60 * 1000): void {
+    this.attempts++;
+    this.status = 'deferred';
+    this.nextAttempt = new Date(Date.now() + delayMs);
+
+    // If max attempts reached, mark as failed
+    if (this.attempts >= this.maxAttempts) {
+      this.status = 'failed';
+      this.lastError = `Max attempts (${this.maxAttempts}) reached`;
+    }
+  }
+
+  /**
+   * Extract sender domain from email address
+   */
+  public updateSenderDomain(): void {
+    if (this.from) {
+      const match = this.from.match(/@([^>]+)>?$/);
+      if (match) {
+        this.senderDomain = match[1].toLowerCase();
+      }
+    }
+  }
+}

ts/cache/documents/classes.cached.ip.reputation.ts

@@ -0,0 +1,247 @@
+import * as plugins from '../../plugins.js';
+import { CachedDocument, TTL } from '../classes.cached.document.js';
+import { CacheDb } from '../classes.cachedb.js';
+
+/**
+ * Helper to get the smartdata database instance
+ */
+const getDb = () => CacheDb.getInstance().getDb();
+
+/**
+ * IP reputation result data
+ */
+export interface IIPReputationData {
+  score: number;
+  isSpam: boolean;
+  isProxy: boolean;
+  isTor: boolean;
+  isVPN: boolean;
+  country?: string;
+  asn?: string;
+  org?: string;
+  blacklists?: string[];
+}
+
+/**
+ * CachedIPReputation - Stores IP reputation lookup results
+ *
+ * Caches the results of IP reputation checks to avoid repeated
+ * external API calls. Default TTL is 24 hours.
+ */
+@plugins.smartdata.Collection(() => getDb())
+export class CachedIPReputation extends CachedDocument<CachedIPReputation> {
+  // TTL fields from base class (decorators required on concrete class)
+  @plugins.smartdata.svDb()
+  public createdAt: Date = new Date();
+
+  @plugins.smartdata.svDb()
+  public expiresAt: Date = new Date(Date.now() + TTL.HOURS_24);
+
+  @plugins.smartdata.svDb()
+  public lastAccessedAt: Date = new Date();
+
+  /**
+   * IP address (unique identifier)
+   */
+  @plugins.smartdata.unI()
+  @plugins.smartdata.svDb()
+  public ipAddress: string;
+
+  /**
+   * Reputation score (0-100, higher = better)
+   */
+  @plugins.smartdata.svDb()
+  public score: number;
+
+  /**
+   * Whether the IP is flagged as spam source
+   */
+  @plugins.smartdata.svDb()
+  public isSpam: boolean;
+
+  /**
+   * Whether the IP is a known proxy
+   */
+  @plugins.smartdata.svDb()
+  public isProxy: boolean;
+
+  /**
+   * Whether the IP is a Tor exit node
+   */
+  @plugins.smartdata.svDb()
+  public isTor: boolean;
+
+  /**
+   * Whether the IP is a VPN endpoint
+   */
+  @plugins.smartdata.svDb()
+  public isVPN: boolean;
+
+  /**
+   * Country code (ISO 3166-1 alpha-2)
+   */
+  @plugins.smartdata.svDb()
+  public country: string;
+
+  /**
+   * Autonomous System Number
+   */
+  @plugins.smartdata.svDb()
+  public asn: string;
+
+  /**
+   * Organization name
+   */
+  @plugins.smartdata.svDb()
+  public org: string;
+
+  /**
+   * List of blacklists the IP appears on
+   */
+  @plugins.smartdata.svDb()
+  public blacklists: string[];
+
+  /**
+   * Number of times this IP has been checked
+   */
+  @plugins.smartdata.svDb()
+  public checkCount: number = 0;
+
+  /**
+   * Number of connections from this IP
+   */
+  @plugins.smartdata.svDb()
+  public connectionCount: number = 0;
+
+  /**
+   * Number of emails received from this IP
+   */
+  @plugins.smartdata.svDb()
+  public emailCount: number = 0;
+
+  /**
+   * Number of spam emails from this IP
+   */
+  @plugins.smartdata.svDb()
+  public spamCount: number = 0;
+
+  constructor() {
+    super();
+    this.setTTL(TTL.HOURS_24); // Default 24-hour TTL
+    this.blacklists = [];
+    this.score = 50; // Default neutral score
+    this.isSpam = false;
+    this.isProxy = false;
+    this.isTor = false;
+    this.isVPN = false;
+  }
+
+  /**
+   * Create from reputation data
+   */
+  public static fromReputationData(ipAddress: string, data: IIPReputationData): CachedIPReputation {
+    const cached = new CachedIPReputation();
+    cached.ipAddress = ipAddress;
+    cached.score = data.score;
+    cached.isSpam = data.isSpam;
+    cached.isProxy = data.isProxy;
+    cached.isTor = data.isTor;
+    cached.isVPN = data.isVPN;
+    cached.country = data.country || '';
+    cached.asn = data.asn || '';
+    cached.org = data.org || '';
+    cached.blacklists = data.blacklists || [];
+    cached.checkCount = 1;
+    return cached;
+  }
+
+  /**
+   * Convert to reputation data object
+   */
+  public toReputationData(): IIPReputationData {
+    this.touch();
+    return {
+      score: this.score,
+      isSpam: this.isSpam,
+      isProxy: this.isProxy,
+      isTor: this.isTor,
+      isVPN: this.isVPN,
+      country: this.country,
+      asn: this.asn,
+      org: this.org,
+      blacklists: this.blacklists,
+    };
+  }
+
+  /**
+   * Find by IP address
+   */
+  public static async findByIP(ipAddress: string): Promise<CachedIPReputation | null> {
+    return await CachedIPReputation.getInstance({
+      ipAddress,
+    });
+  }
+
+  /**
+   * Find all IPs flagged as spam
+   */
+  public static async findSpamIPs(): Promise<CachedIPReputation[]> {
+    return await CachedIPReputation.getInstances({
+      isSpam: true,
+    });
+  }
+
+  /**
+   * Find IPs with score below threshold
+   */
+  public static async findLowScoreIPs(threshold: number): Promise<CachedIPReputation[]> {
+    return await CachedIPReputation.getInstances({
+      score: { $lt: threshold },
+    });
+  }
+
+  /**
+   * Record a connection from this IP
+   */
+  public recordConnection(): void {
+    this.connectionCount++;
+    this.touch();
+  }
+
+  /**
+   * Record an email from this IP
+   */
+  public recordEmail(isSpam: boolean = false): void {
+    this.emailCount++;
+    if (isSpam) {
+      this.spamCount++;
+    }
+    this.touch();
+  }
+
+  /**
+   * Update the reputation data
+   */
+  public updateReputation(data: IIPReputationData): void {
+    this.score = data.score;
+    this.isSpam = data.isSpam;
+    this.isProxy = data.isProxy;
+    this.isTor = data.isTor;
+    this.isVPN = data.isVPN;
+    this.country = data.country || this.country;
+    this.asn = data.asn || this.asn;
+    this.org = data.org || this.org;
+    this.blacklists = data.blacklists || this.blacklists;
+    this.checkCount++;
+    this.touch();
+    // Refresh TTL on update
+    this.setTTL(TTL.HOURS_24);
+  }
+
+  /**
+   * Check if this IP should be blocked
+   */
+  public shouldBlock(): boolean {
+    return this.isSpam || this.score < 20 || this.blacklists.length > 2;
+  }
+}

ts/cache/documents/index.ts

@@ -0,0 +1,2 @@
+export * from './classes.cached.email.js';
+export * from './classes.cached.ip.reputation.js';

ts/cache/index.ts

@@ -0,0 +1,7 @@
+// Core cache infrastructure
+export * from './classes.cachedb.js';
+export * from './classes.cached.document.js';
+export * from './classes.cache.cleaner.js';
+
+// Document classes
+export * from './documents/index.js';

ts/classes.cert-provision-scheduler.ts

@@ -0,0 +1,130 @@
+import { logger } from './logger.js';
+import type { StorageManager } from './storage/index.js';
+
+interface IBackoffEntry {
+  failures: number;
+  lastFailure: string; // ISO string
+  retryAfter: string;  // ISO string
+  lastError?: string;
+}
+
+/**
+ * Manages certificate provisioning scheduling with:
+ * - Per-domain exponential backoff persisted in StorageManager
+ *
+ * Note: Serial stagger queue was removed — smartacme v9 handles
+ * concurrency, per-domain dedup, and rate limiting internally.
+ */
+export class CertProvisionScheduler {
+  private storageManager: StorageManager;
+  private maxBackoffHours: number;
+
+  // In-memory backoff cache (mirrors storage for fast lookups)
+  private backoffCache = new Map<string, IBackoffEntry>();
+
+  constructor(
+    storageManager: StorageManager,
+    options?: { maxBackoffHours?: number }
+  ) {
+    this.storageManager = storageManager;
+    this.maxBackoffHours = options?.maxBackoffHours ?? 24;
+  }
+
+  /**
+   * Storage key for a domain's backoff entry
+   */
+  private backoffKey(domain: string): string {
+    const clean = domain.replace(/\*/g, '_wildcard_').replace(/[^a-zA-Z0-9._-]/g, '_');
+    return `/cert-backoff/${clean}`;
+  }
+
+  /**
+   * Load backoff entry from storage (with in-memory cache)
+   */
+  private async loadBackoff(domain: string): Promise<IBackoffEntry | null> {
+    const cached = this.backoffCache.get(domain);
+    if (cached) return cached;
+
+    const entry = await this.storageManager.getJSON<IBackoffEntry>(this.backoffKey(domain));
+    if (entry) {
+      this.backoffCache.set(domain, entry);
+    }
+    return entry;
+  }
+
+  /**
+   * Save backoff entry to both cache and storage
+   */
+  private async saveBackoff(domain: string, entry: IBackoffEntry): Promise<void> {
+    this.backoffCache.set(domain, entry);
+    await this.storageManager.setJSON(this.backoffKey(domain), entry);
+  }
+
+  /**
+   * Check if a domain is currently in backoff
+   */
+  async isInBackoff(domain: string): Promise<boolean> {
+    const entry = await this.loadBackoff(domain);
+    if (!entry) return false;
+
+    const retryAfter = new Date(entry.retryAfter);
+    return retryAfter.getTime() > Date.now();
+  }
+
+  /**
+   * Record a provisioning failure for a domain.
+   * Sets exponential backoff: min(failures^2 * 1h, maxBackoffHours)
+   */
+  async recordFailure(domain: string, error?: string): Promise<void> {
+    const existing = await this.loadBackoff(domain);
+    const failures = (existing?.failures ?? 0) + 1;
+
+    // Exponential backoff: failures^2 hours, capped
+    const backoffHours = Math.min(failures * failures, this.maxBackoffHours);
+    const retryAfter = new Date(Date.now() + backoffHours * 60 * 60 * 1000);
+
+    const entry: IBackoffEntry = {
+      failures,
+      lastFailure: new Date().toISOString(),
+      retryAfter: retryAfter.toISOString(),
+      lastError: error,
+    };
+
+    await this.saveBackoff(domain, entry);
+    logger.log('warn', `Cert backoff for ${domain}: ${failures} failures, retry after ${retryAfter.toISOString()}`);
+  }
+
+  /**
+   * Clear backoff for a domain (on success or manual override)
+   */
+  async clearBackoff(domain: string): Promise<void> {
+    this.backoffCache.delete(domain);
+    try {
+      await this.storageManager.delete(this.backoffKey(domain));
+    } catch {
+      // Ignore delete errors (key may not exist)
+    }
+  }
+
+  /**
+   * Get backoff info for UI display
+   */
+  async getBackoffInfo(domain: string): Promise<{
+    failures: number;
+    retryAfter?: string;
+    lastError?: string;
+  } | null> {
+    const entry = await this.loadBackoff(domain);
+    if (!entry) return null;
+
+    // Only return if still in backoff
+    const retryAfter = new Date(entry.retryAfter);
+    if (retryAfter.getTime() <= Date.now()) return null;
+
+    return {
+      failures: entry.failures,
+      retryAfter: entry.retryAfter,
+      lastError: entry.lastError,
+    };
+  }
+}

ts/classes.platformservicedb.ts

@@ -1,27 +0,0 @@
-import * as plugins from './plugins.js';
-import { SzPlatformService } from './platformservice.js';
-
-
-
-export class PlatformServiceDb {
-  public smartdataDb: plugins.smartdata.SmartdataDb;
-  public platformserviceRef: SzPlatformService;
-
-  constructor(platformserviceRefArg: SzPlatformService) {
-    this.platformserviceRef = platformserviceRefArg;
-  }
-
-  public async start() {
-    this.smartdataDb = new plugins.smartdata.SmartdataDb({
-      mongoDbUser: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_USER'),
-      mongoDbName: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_NAME'),
-      mongoDbPass: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_PASS'),
-      mongoDbUrl: await this.platformserviceRef.serviceQenv.getEnvVarOnDemand('MONGO_DB_URL'),
-    });
-    await this.smartdataDb.init();
-  }
-
-  public async stop() {
-    await this.smartdataDb.close();
-  }
-}

ts/classes.smtp.portconfig.ts

@@ -1,295 +0,0 @@
-import * as plugins from './plugins.js';
-
-/**
- * Configuration options for TLS in SMTP connections
- */
-export interface ISmtpTlsOptions {
-  /** Enable TLS for this SMTP port */
-  enabled: boolean;
-  /** Whether to use STARTTLS (upgrade plain connection) or implicit TLS */
-  useStartTls?: boolean;
-  /** Required TLS protocol version (defaults to TLSv1.2) */
-  minTlsVersion?: 'TLSv1.0' | 'TLSv1.1' | 'TLSv1.2' | 'TLSv1.3';
-  /** TLS ciphers to allow (comma-separated list) */
-  allowedCiphers?: string;
-  /** Whether to require client certificate for authentication */
-  requireClientCert?: boolean;
-  /** Whether to verify client certificate if provided */
-  verifyClientCert?: boolean;
-}
-
-/**
- * Rate limiting options for SMTP connections
- */
-export interface ISmtpRateLimitOptions {
-  /** Maximum connections per minute from a single IP */
-  maxConnectionsPerMinute?: number;
-  /** Maximum concurrent connections from a single IP */
-  maxConcurrentConnections?: number;
-  /** Maximum emails per minute from a single IP */
-  maxEmailsPerMinute?: number;
-  /** Maximum recipients per email */
-  maxRecipientsPerEmail?: number;
-  /** Maximum email size in bytes */
-  maxEmailSize?: number;
-  /** Action to take when rate limit is exceeded (default: 'tempfail') */
-  rateLimitAction?: 'tempfail' | 'drop' | 'delay';
-}
-
-/**
- * Configuration for a specific SMTP port
- */
-export interface ISmtpPortSettings {
-  /** The port number to listen on */
-  port: number;
-  /** Whether this port is enabled */
-  enabled?: boolean;
-  /** Port description (e.g., "Submission Port") */
-  description?: string;
-  /** Whether to require authentication for this port */
-  requireAuth?: boolean;
-  /** TLS options for this port */
-  tls?: ISmtpTlsOptions;
-  /** Rate limiting settings for this port */
-  rateLimit?: ISmtpRateLimitOptions;
-  /** Maximum message size in bytes for this port */
-  maxMessageSize?: number;
-  /** Whether to enable SMTP extensions like PIPELINING, 8BITMIME, etc. */
-  smtpExtensions?: {
-    /** Enable PIPELINING extension */
-    pipelining?: boolean;
-    /** Enable 8BITMIME extension */
-    eightBitMime?: boolean;
-    /** Enable SIZE extension */
-    size?: boolean;
-    /** Enable ENHANCEDSTATUSCODES extension */
-    enhancedStatusCodes?: boolean;
-    /** Enable DSN extension */
-    dsn?: boolean;
-  };
-  /** Custom SMTP greeting banner */
-  banner?: string;
-}
-
-/**
- * Configuration manager for SMTP ports
- */
-export class SmtpPortConfig {
-  /** Port configurations */
-  private portConfigs: Map<number, ISmtpPortSettings> = new Map();
-
-  /** Default port configurations */
-  private static readonly DEFAULT_CONFIGS: Record<number, Partial<ISmtpPortSettings>> = {
-    // Port 25: Standard SMTP
-    25: {
-      description: 'Standard SMTP',
-      requireAuth: false,
-      tls: {
-        enabled: true,
-        useStartTls: true,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 60,
-        maxConcurrentConnections: 10,
-        maxEmailsPerMinute: 30
-      },
-      maxMessageSize: 20 * 1024 * 1024 // 20MB
-    },
-    // Port 587: Submission
-    587: {
-      description: 'Submission Port',
-      requireAuth: true,
-      tls: {
-        enabled: true,
-        useStartTls: true,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 100,
-        maxConcurrentConnections: 20,
-        maxEmailsPerMinute: 60
-      },
-      maxMessageSize: 50 * 1024 * 1024 // 50MB
-    },
-    // Port 465: SMTPS (Legacy Implicit TLS)
-    465: {
-      description: 'SMTPS (Implicit TLS)',
-      requireAuth: true,
-      tls: {
-        enabled: true,
-        useStartTls: false,
-        minTlsVersion: 'TLSv1.2'
-      },
-      rateLimit: {
-        maxConnectionsPerMinute: 100,
-        maxConcurrentConnections: 20,
-        maxEmailsPerMinute: 60
-      },
-      maxMessageSize: 50 * 1024 * 1024 // 50MB
-    }
-  };
-
-  /**
-   * Create a new SmtpPortConfig
-   * @param initialConfigs Optional initial port configurations
-   */
-  constructor(initialConfigs?: ISmtpPortSettings[]) {
-    // Initialize with default configurations for standard SMTP ports
-    this.initializeDefaults();
-
-    // Apply custom configurations if provided
-    if (initialConfigs) {
-      for (const config of initialConfigs) {
-        this.setPortConfig(config);
-      }
-    }
-  }
-
-  /**
-   * Initialize port configurations with defaults
-   */
-  private initializeDefaults(): void {
-    // Set up default configurations for standard SMTP ports: 25, 587, 465
-    Object.entries(SmtpPortConfig.DEFAULT_CONFIGS).forEach(([portStr, defaults]) => {
-      const port = parseInt(portStr, 10);
-      this.portConfigs.set(port, {
-        port,
-        enabled: true,
-        ...defaults
-      });
-    });
-  }
-
-  /**
-   * Get configuration for a specific port
-   * @param port Port number
-   * @returns Port configuration or null if not found
-   */
-  public getPortConfig(port: number): ISmtpPortSettings | null {
-    return this.portConfigs.get(port) || null;
-  }
-
-  /**
-   * Get all configured ports
-   * @returns Array of port configurations
-   */
-  public getAllPortConfigs(): ISmtpPortSettings[] {
-    return Array.from(this.portConfigs.values());
-  }
-
-  /**
-   * Get only enabled port configurations
-   * @returns Array of enabled port configurations
-   */
-  public getEnabledPortConfigs(): ISmtpPortSettings[] {
-    return this.getAllPortConfigs().filter(config => config.enabled !== false);
-  }
-
-  /**
-   * Set configuration for a specific port
-   * @param config Port configuration
-   */
-  public setPortConfig(config: ISmtpPortSettings): void {
-    // Get existing config if any
-    const existingConfig = this.portConfigs.get(config.port) || { port: config.port };
-
-    // Merge with new configuration
-    this.portConfigs.set(config.port, {
-      ...existingConfig,
-      ...config
-    });
-  }
-
-  /**
-   * Remove configuration for a specific port
-   * @param port Port number
-   * @returns Whether the configuration was removed
-   */
-  public removePortConfig(port: number): boolean {
-    return this.portConfigs.delete(port);
-  }
-
-  /**
-   * Disable a specific port
-   * @param port Port number
-   * @returns Whether the port was disabled
-   */
-  public disablePort(port: number): boolean {
-    const config = this.portConfigs.get(port);
-    if (config) {
-      config.enabled = false;
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Enable a specific port
-   * @param port Port number
-   * @returns Whether the port was enabled
-   */
-  public enablePort(port: number): boolean {
-    const config = this.portConfigs.get(port);
-    if (config) {
-      config.enabled = true;
-      return true;
-    }
-    return false;
-  }
-
-  /**
-   * Convert port configurations to SmartProxy routes
-   * @returns Array of SmartProxy routes
-   */
-  public toSmartProxyRoutes(): plugins.smartproxy.IRouteConfig[] {
-    const enabledPorts = this.getEnabledPortConfigs();
-    const routes: plugins.smartproxy.IRouteConfig[] = [];
-
-    // Add configured ports as routes
-    for (const portConfig of enabledPorts) {
-      // Create a route for each SMTP port
-      const route: plugins.smartproxy.IRouteConfig = {
-        name: `smtp-port-${portConfig.port}`,
-        match: {
-          ports: [portConfig.port]
-        },
-        action: {
-          type: 'forward',
-          target: {
-            host: 'localhost',
-            port: portConfig.port + 10000  // Map to internal port (e.g., 25 -> 10025)
-          }
-        }
-      };
-
-      // Apply TLS settings
-      if (portConfig.port === 465 && portConfig.tls?.enabled) {
-        // For implicit TLS on port 465
-        route.action.tls = {
-          mode: 'terminate',
-          certificate: 'auto'
-        };
-      } else if (portConfig.tls?.useStartTls) {
-        // For STARTTLS on ports 25 and 587
-        route.action.tls = {
-          mode: 'passthrough'
-        };
-      }
-
-      routes.push(route);
-    }
-
-    return routes;
-  }
-
-  /**
-   * Apply port configurations to SmartProxy settings
-   * @param smartProxy SmartProxy instance
-   * @deprecated Use toSmartProxyRoutes() instead to generate routes
-   */
-  public applyToSmartProxy(smartProxy: plugins.smartproxy.SmartProxy): void {
-    console.warn('SmtpPortConfig.applyToSmartProxy() is deprecated. Use toSmartProxyRoutes() instead.');
-    // This method is deprecated and no longer functional
-  }
-}

ts/classes.storage-cert-manager.ts

@@ -0,0 +1,46 @@
+import * as plugins from './plugins.js';
+import { StorageManager } from './storage/index.js';
+
+/**
+ * ICertManager implementation backed by StorageManager.
+ * Persists SmartAcme certificates under a /certs/ key prefix so they
+ * survive process restarts without re-hitting ACME.
+ */
+export class StorageBackedCertManager implements plugins.smartacme.ICertManager {
+  private keyPrefix = '/certs/';
+
+  constructor(private storageManager: StorageManager) {}
+
+  async init(): Promise<void> {}
+
+  async retrieveCertificate(domainName: string): Promise<plugins.smartacme.Cert | null> {
+    const data = await this.storageManager.getJSON(this.keyPrefix + domainName);
+    if (!data) return null;
+    return new plugins.smartacme.Cert(data);
+  }
+
+  async storeCertificate(cert: plugins.smartacme.Cert): Promise<void> {
+    await this.storageManager.setJSON(this.keyPrefix + cert.domainName, {
+      id: cert.id,
+      domainName: cert.domainName,
+      created: cert.created,
+      privateKey: cert.privateKey,
+      publicKey: cert.publicKey,
+      csr: cert.csr,
+      validUntil: cert.validUntil,
+    });
+  }
+
+  async deleteCertificate(domainName: string): Promise<void> {
+    await this.storageManager.delete(this.keyPrefix + domainName);
+  }
+
+  async close(): Promise<void> {}
+
+  async wipe(): Promise<void> {
+    const keys = await this.storageManager.list(this.keyPrefix);
+    for (const key of keys) {
+      await this.storageManager.delete(key);
+    }
+  }
+}

ts/config/base.config.ts

@@ -1,433 +0,0 @@
-/**
- * Base configuration interface with common properties for all services
- */
-export interface IBaseConfig {
-  /** 
-   * Unique identifier for this configuration
-   * Used to track configuration versions and changes
-   */
-  id?: string;
-
-  /**
-   * Configuration version
-   * Used for migration between different config formats
-   */
-  version?: string;
-
-  /**
-   * Environment this configuration is intended for
-   * (development, test, production, etc.)
-   */
-  environment?: 'development' | 'test' | 'staging' | 'production';
-
-  /**
-   * Display name for this configuration
-   */
-  name?: string;
-
-  /**
-   * Whether this configuration is enabled
-   * Services with disabled configuration shouldn't start
-   */
-  enabled?: boolean;
-  
-  /**
-   * Logging configuration
-   */
-  logging?: {
-    /**
-     * Minimum log level to output
-     */
-    level?: 'error' | 'warn' | 'info' | 'debug';
-    
-    /**
-     * Whether to include structured data in logs
-     */
-    structured?: boolean;
-    
-    /**
-     * Whether to enable correlation tracking in logs
-     */
-    correlationTracking?: boolean;
-  };
-}
-
-/**
- * Base database configuration
- */
-export interface IDatabaseConfig {
-  /**
-   * Database connection string or URL
-   */
-  connectionString?: string;
-  
-  /**
-   * Database host
-   */
-  host?: string;
-  
-  /**
-   * Database port
-   */
-  port?: number;
-  
-  /**
-   * Database name
-   */
-  database?: string;
-  
-  /**
-   * Database username
-   */
-  username?: string;
-  
-  /**
-   * Database password
-   */
-  password?: string;
-  
-  /**
-   * SSL configuration for database connection
-   */
-  ssl?: boolean | {
-    /**
-     * Whether to reject unauthorized SSL connections
-     */
-    rejectUnauthorized?: boolean;
-    
-    /**
-     * Path to CA certificate file
-     */
-    ca?: string;
-    
-    /**
-     * Path to client certificate file
-     */
-    cert?: string;
-    
-    /**
-     * Path to client key file
-     */
-    key?: string;
-  };
-  
-  /**
-   * Connection pool configuration
-   */
-  pool?: {
-    /**
-     * Minimum number of connections in pool
-     */
-    min?: number;
-    
-    /**
-     * Maximum number of connections in pool
-     */
-    max?: number;
-    
-    /**
-     * Connection idle timeout in milliseconds
-     */
-    idleTimeoutMillis?: number;
-  };
-}
-
-/**
- * Base TLS configuration interface
- */
-export interface ITlsConfig {
-  /**
-   * Whether to enable TLS
-   */
-  enabled?: boolean;
-  
-  /**
-   * The domain name for the certificate
-   */
-  domain?: string;
-  
-  /**
-   * Path to certificate file
-   */
-  certPath?: string;
-  
-  /**
-   * Path to private key file
-   */
-  keyPath?: string;
-  
-  /**
-   * Path to CA certificate file
-   */
-  caPath?: string;
-  
-  /**
-   * Minimum TLS version to support
-   */
-  minVersion?: 'TLSv1.2' | 'TLSv1.3';
-  
-  /**
-   * Whether to auto-renew certificates
-   */
-  autoRenew?: boolean;
-  
-  /**
-   * Whether to reject unauthorized certificates
-   */
-  rejectUnauthorized?: boolean;
-}
-
-/**
- * Base retry configuration interface
- */
-export interface IRetryConfig {
-  /**
-   * Maximum number of retry attempts
-   */
-  maxAttempts?: number;
-  
-  /**
-   * Base delay between retries in milliseconds
-   */
-  baseDelay?: number;
-  
-  /**
-   * Maximum delay between retries in milliseconds
-   */
-  maxDelay?: number;
-  
-  /**
-   * Backoff factor for exponential backoff
-   */
-  backoffFactor?: number;
-  
-  /**
-   * Specific error codes that should trigger retries
-   */
-  retryableErrorCodes?: string[];
-  
-  /**
-   * Whether to add jitter to retry delays
-   */
-  useJitter?: boolean;
-}
-
-/**
- * Base rate limiting configuration interface
- */
-export interface IRateLimitConfig {
-  /**
-   * Whether rate limiting is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Maximum number of operations per period
-   */
-  maxPerPeriod?: number;
-  
-  /**
-   * Time period in milliseconds
-   */
-  periodMs?: number;
-  
-  /**
-   * Whether to apply per key (e.g., domain, user, etc.)
-   */
-  perKey?: boolean;
-  
-  /**
-   * Number of burst tokens allowed
-   */
-  burstTokens?: number;
-}
-
-/**
- * Basic HTTP server configuration
- */
-export interface IHttpServerConfig {
-  /**
-   * Whether the HTTP server is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Host to bind to
-   */
-  host?: string;
-  
-  /**
-   * Port to listen on
-   */
-  port?: number;
-  
-  /**
-   * Path prefix for all routes
-   */
-  basePath?: string;
-  
-  /**
-   * CORS configuration
-   */
-  cors?: boolean | {
-    /**
-     * Allowed origins
-     */
-    origins?: string[];
-    
-    /**
-     * Allowed methods
-     */
-    methods?: string[];
-    
-    /**
-     * Allowed headers
-     */
-    headers?: string[];
-    
-    /**
-     * Whether to allow credentials
-     */
-    credentials?: boolean;
-  };
-  
-  /**
-   * TLS configuration
-   */
-  tls?: ITlsConfig;
-  
-  /**
-   * Maximum request body size in bytes
-   */
-  maxBodySize?: number;
-  
-  /**
-   * Request timeout in milliseconds
-   */
-  timeout?: number;
-}
-
-/**
- * Basic queue configuration
- */
-export interface IQueueConfig {
-  /**
-   * Type of storage for the queue
-   */
-  storageType?: 'memory' | 'disk' | 'redis';
-  
-  /**
-   * Path for persistent storage
-   */
-  persistentPath?: string;
-  
-  /**
-   * Redis configuration for queue
-   */
-  redis?: {
-    /**
-     * Redis host
-     */
-    host?: string;
-    
-    /**
-     * Redis port
-     */
-    port?: number;
-    
-    /**
-     * Redis password
-     */
-    password?: string;
-    
-    /**
-     * Redis database number
-     */
-    db?: number;
-  };
-  
-  /**
-   * Maximum size of the queue
-   */
-  maxSize?: number;
-  
-  /**
-   * Maximum number of retry attempts
-   */
-  maxRetries?: number;
-  
-  /**
-   * Base delay between retries in milliseconds
-   */
-  baseRetryDelay?: number;
-  
-  /**
-   * Maximum delay between retries in milliseconds
-   */
-  maxRetryDelay?: number;
-  
-  /**
-   * Check interval for processing in milliseconds
-   */
-  checkInterval?: number;
-  
-  /**
-   * Maximum number of parallel processes
-   */
-  maxParallelProcessing?: number;
-}
-
-/**
- * Basic monitoring configuration
- */
-export interface IMonitoringConfig {
-  /**
-   * Whether monitoring is enabled
-   */
-  enabled?: boolean;
-  
-  /**
-   * Metrics collection interval in milliseconds
-   */
-  metricsInterval?: number;
-  
-  /**
-   * Whether to expose Prometheus metrics
-   */
-  exposePrometheus?: boolean;
-  
-  /**
-   * Port for Prometheus metrics
-   */
-  prometheusPort?: number;
-  
-  /**
-   * Whether to collect detailed metrics
-   */
-  detailedMetrics?: boolean;
-  
-  /**
-   * Alert thresholds
-   */
-  alertThresholds?: Record<string, number>;
-  
-  /**
-   * Notification configuration
-   */
-  notifications?: {
-    /**
-     * Whether to send notifications
-     */
-    enabled?: boolean;
-    
-    /**
-     * Email address to send notifications to
-     */
-    email?: string;
-    
-    /**
-     * Webhook URL to send notifications to
-     */
-    webhook?: string;
-  };
-}

ts/config/email.config.ts

@@ -1,266 +0,0 @@
-import type { IBaseConfig, ITlsConfig, IQueueConfig, IRateLimitConfig, IMonitoringConfig } from './base.config.js';
-
-/**
- * Email service configuration
- */
-export interface IEmailConfig extends IBaseConfig {
-  /**
-   * Whether to use MTA for sending emails
-   */
-  useMta?: boolean;
-  
-  /**
-   * MTA configuration
-   */
-  mtaConfig?: IMtaConfig;
-  
-  /**
-   * Template configuration
-   */
-  templateConfig?: {
-    /**
-     * Default sender email address
-     */
-    from?: string;
-    
-    /**
-     * Default reply-to email address
-     */
-    replyTo?: string;
-    
-    /**
-     * Default footer HTML
-     */
-    footerHtml?: string;
-    
-    /**
-     * Default footer text
-     */
-    footerText?: string;
-  };
-  
-  /**
-   * Whether to load templates from directory
-   */
-  loadTemplatesFromDir?: boolean;
-  
-  /**
-   * Directory path for email templates
-   */
-  templatesDir?: string;
-}
-
-/**
- * MTA configuration
- */
-export interface IMtaConfig {
-  /**
-   * SMTP server configuration
-   */
-  smtp?: {
-    /**
-     * Whether to enable the SMTP server
-     */
-    enabled?: boolean;
-    
-    /**
-     * Port to listen on
-     */
-    port?: number;
-    
-    /**
-     * SMTP server hostname
-     */
-    hostname?: string;
-    
-    /**
-     * Maximum allowed email size in bytes
-     */
-    maxSize?: number;
-  };
-  
-  /**
-   * TLS configuration
-   */
-  tls?: ITlsConfig;
-  
-  /**
-   * Outbound email configuration
-   */
-  outbound?: {
-    /**
-     * Maximum concurrent sending jobs
-     */
-    concurrency?: number;
-    
-    /**
-     * Retry configuration
-     */
-    retries?: {
-      /**
-       * Maximum number of retries per message
-       */
-      max?: number;
-      
-      /**
-       * Initial delay between retries (milliseconds)
-       */
-      delay?: number;
-      
-      /**
-       * Whether to use exponential backoff for retries
-       */
-      useBackoff?: boolean;
-    };
-    
-    /**
-     * Rate limiting configuration
-     */
-    rateLimit?: IRateLimitConfig;
-    
-    /**
-     * IP warmup configuration
-     */
-    warmup?: {
-      /**
-       * Whether IP warmup is enabled
-       */
-      enabled?: boolean;
-      
-      /**
-       * IP addresses to warm up
-       */
-      ipAddresses?: string[];
-      
-      /**
-       * Target domains to warm up
-       */
-      targetDomains?: string[];
-      
-      /**
-       * Allocation policy to use
-       */
-      allocationPolicy?: string;
-      
-      /**
-       * Fallback percentage for ESP routing during warmup
-       */
-      fallbackPercentage?: number;
-    };
-    
-    /**
-     * Reputation monitoring configuration
-     */
-    reputation?: IMonitoringConfig & {
-      /**
-       * Alert thresholds
-       */
-      alertThresholds?: {
-        /**
-         * Minimum acceptable reputation score
-         */
-        minReputationScore?: number;
-        
-        /**
-         * Maximum acceptable complaint rate
-         */
-        maxComplaintRate?: number;
-      };
-    };
-  };
-  
-  /**
-   * Security settings
-   */
-  security?: {
-    /**
-     * Whether to use DKIM signing
-     */
-    useDkim?: boolean;
-    
-    /**
-     * Whether to verify inbound DKIM signatures
-     */
-    verifyDkim?: boolean;
-    
-    /**
-     * Whether to verify SPF on inbound
-     */
-    verifySpf?: boolean;
-    
-    /**
-     * Whether to verify DMARC on inbound
-     */
-    verifyDmarc?: boolean;
-    
-    /**
-     * Whether to enforce DMARC policy
-     */
-    enforceDmarc?: boolean;
-    
-    /**
-     * Whether to use TLS for outbound when available
-     */
-    useTls?: boolean;
-    
-    /**
-     * Whether to require valid certificates
-     */
-    requireValidCerts?: boolean;
-    
-    /**
-     * Log level for email security events
-     */
-    securityLogLevel?: 'info' | 'warn' | 'error';
-    
-    /**
-     * Whether to check IP reputation for inbound emails
-     */
-    checkIPReputation?: boolean;
-    
-    /**
-     * Whether to scan content for malicious payloads
-     */
-    scanContent?: boolean;
-    
-    /**
-     * Action to take when malicious content is detected
-     */
-    maliciousContentAction?: 'tag' | 'quarantine' | 'reject';
-    
-    /**
-     * Minimum threat score to trigger action
-     */
-    threatScoreThreshold?: number;
-    
-    /**
-     * Whether to reject connections from high-risk IPs
-     */
-    rejectHighRiskIPs?: boolean;
-  };
-  
-  /**
-   * Domains configuration
-   */
-  domains?: {
-    /**
-     * List of domains that this MTA will handle as local
-     */
-    local?: string[];
-    
-    /**
-     * Whether to auto-create DNS records
-     */
-    autoCreateDnsRecords?: boolean;
-    
-    /**
-     * DKIM selector to use
-     */
-    dkimSelector?: string;
-  };
-  
-  /**
-   * Queue configuration
-   */
-  queue?: IQueueConfig;
-}

ts/config/index.ts

@@ -1,100 +1,2 @@
-// Export configuration interfaces
-export * from './base.config.js';
-export * from './email.config.js';
-export * from './sms.config.js';
-export * from './platform.config.js';
-
-// Export validation tools
-export * from './validator.js';
-export * from './schemas.js';
-
-// Re-export commonly used types
-import type { IPlatformConfig } from './platform.config.js';
-import type { IEmailConfig, IMtaConfig } from './email.config.js';
-import type { ISmsConfig } from './sms.config.js';
-import type { 
-  IBaseConfig, 
-  ITlsConfig, 
-  IHttpServerConfig, 
-  IRateLimitConfig,
-  IQueueConfig
-} from './base.config.js';
-
-// Default platform configuration
-export const defaultConfig: IPlatformConfig = {
-  id: 'platform-service-config',
-  version: '1.0.0',
-  environment: 'production',
-  name: 'PlatformService',
-  enabled: true,
-  logging: {
-    level: 'info',
-    structured: true,
-    correlationTracking: true
-  },
-  server: {
-    enabled: true,
-    host: '0.0.0.0',
-    port: 3000,
-    cors: true
-  },
-  email: {
-    useMta: true,
-    mtaConfig: {
-      smtp: {
-        enabled: true,
-        port: 25,
-        hostname: 'mta.lossless.one',
-        maxSize: 10 * 1024 * 1024 // 10MB
-      },
-      tls: {
-        domain: 'mta.lossless.one',
-        autoRenew: true
-      },
-      security: {
-        useDkim: true,
-        verifyDkim: true,
-        verifySpf: true,
-        verifyDmarc: true,
-        enforceDmarc: true,
-        useTls: true,
-        requireValidCerts: false,
-        securityLogLevel: 'warn',
-        checkIPReputation: true,
-        scanContent: true,
-        maliciousContentAction: 'tag',
-        threatScoreThreshold: 50,
-        rejectHighRiskIPs: false
-      },
-      domains: {
-        local: ['lossless.one'],
-        autoCreateDnsRecords: true,
-        dkimSelector: 'mta'
-      }
-    },
-    templateConfig: {
-      from: 'no-reply@lossless.one',
-      replyTo: 'support@lossless.one'
-    },
-    loadTemplatesFromDir: true
-  },
-  paths: {
-    dataDir: 'data',
-    logsDir: 'logs',
-    tempDir: 'temp',
-    emailTemplatesDir: 'templates/email'
-  }
-};
-
-// Export main types for convenience
-export type { 
-  IPlatformConfig,
-  IEmailConfig, 
-  IMtaConfig, 
-  ISmsConfig, 
-  IBaseConfig, 
-  ITlsConfig, 
-  IHttpServerConfig,
-  IRateLimitConfig,
-  IQueueConfig
-};
+// Export validation tools only
+export * from './validator.js';

ts/config/platform.config.ts

@@ -1,54 +0,0 @@
-import type { IBaseConfig, IHttpServerConfig, IDatabaseConfig } from './base.config.js';
-import type { IEmailConfig } from './email.config.js';
-import type { ISmsConfig } from './sms.config.js';
-
-/**
- * Platform service configuration
- * Root configuration that includes all service configurations
- */
-export interface IPlatformConfig extends IBaseConfig {
-  /**
-   * HTTP server configuration
-   */
-  server?: IHttpServerConfig;
-  
-  /**
-   * Database configuration
-   */
-  database?: IDatabaseConfig;
-  
-  /**
-   * Email service configuration
-   */
-  email?: IEmailConfig;
-  
-  /**
-   * SMS service configuration
-   */
-  sms?: ISmsConfig;
-  
-  /**
-   * Path configuration
-   */
-  paths?: {
-    /**
-     * Data directory path
-     */
-    dataDir?: string;
-    
-    /**
-     * Logs directory path
-     */
-    logsDir?: string;
-    
-    /**
-     * Temporary directory path
-     */
-    tempDir?: string;
-    
-    /**
-     * Email templates directory path
-     */
-    emailTemplatesDir?: string;
-  };
-}

ts/config/schemas.ts

@@ -1,770 +0,0 @@
-import type { ValidationSchema } from './validator.js';
-
-/**
- * Base TLS configuration schema
- */
-export const tlsConfigSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  domain: {
-    type: 'string',
-    required: false
-  },
-  certPath: {
-    type: 'string',
-    required: false
-  },
-  keyPath: {
-    type: 'string',
-    required: false
-  },
-  caPath: {
-    type: 'string',
-    required: false
-  },
-  minVersion: {
-    type: 'string',
-    required: false,
-    enum: ['TLSv1.2', 'TLSv1.3'],
-    default: 'TLSv1.2'
-  },
-  autoRenew: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  rejectUnauthorized: {
-    type: 'boolean',
-    required: false,
-    default: true
-  }
-};
-
-/**
- * HTTP server configuration schema
- */
-export const httpServerSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  host: {
-    type: 'string',
-    required: false,
-    default: '0.0.0.0'
-  },
-  port: {
-    type: 'number',
-    required: false,
-    default: 3000,
-    min: 1,
-    max: 65535
-  },
-  basePath: {
-    type: 'string',
-    required: false,
-    default: ''
-  },
-  cors: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  tls: {
-    type: 'object',
-    required: false,
-    schema: tlsConfigSchema
-  },
-  maxBodySize: {
-    type: 'number',
-    required: false,
-    default: 1024 * 1024 // 1MB
-  },
-  timeout: {
-    type: 'number',
-    required: false,
-    default: 30000 // 30 seconds
-  }
-};
-
-/**
- * Rate limit configuration schema
- */
-export const rateLimitSchema: ValidationSchema = {
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  maxPerPeriod: {
-    type: 'number',
-    required: false,
-    default: 100,
-    min: 1
-  },
-  periodMs: {
-    type: 'number',
-    required: false,
-    default: 60000, // 1 minute
-    min: 1000
-  },
-  perKey: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  burstTokens: {
-    type: 'number',
-    required: false,
-    default: 5,
-    min: 0
-  }
-};
-
-/**
- * Queue configuration schema
- */
-export const queueSchema: ValidationSchema = {
-  storageType: {
-    type: 'string',
-    required: false,
-    enum: ['memory', 'disk', 'redis'],
-    default: 'memory'
-  },
-  persistentPath: {
-    type: 'string',
-    required: false
-  },
-  redis: {
-    type: 'object',
-    required: false,
-    schema: {
-      host: {
-        type: 'string',
-        required: false,
-        default: 'localhost'
-      },
-      port: {
-        type: 'number',
-        required: false,
-        default: 6379,
-        min: 1,
-        max: 65535
-      },
-      password: {
-        type: 'string',
-        required: false
-      },
-      db: {
-        type: 'number',
-        required: false,
-        default: 0,
-        min: 0
-      }
-    }
-  },
-  maxSize: {
-    type: 'number',
-    required: false,
-    default: 10000,
-    min: 1
-  },
-  maxRetries: {
-    type: 'number',
-    required: false,
-    default: 3,
-    min: 0
-  },
-  baseRetryDelay: {
-    type: 'number',
-    required: false,
-    default: 1000, // 1 second
-    min: 1
-  },
-  maxRetryDelay: {
-    type: 'number',
-    required: false,
-    default: 60000, // 1 minute
-    min: 1
-  },
-  checkInterval: {
-    type: 'number',
-    required: false,
-    default: 1000, // 1 second
-    min: 100
-  },
-  maxParallelProcessing: {
-    type: 'number',
-    required: false,
-    default: 5,
-    min: 1
-  }
-};
-
-/**
- * SMS service configuration schema
- */
-export const smsConfigSchema: ValidationSchema = {
-  apiGatewayApiToken: {
-    type: 'string',
-    required: true
-  },
-  defaultSender: {
-    type: 'string',
-    required: false
-  },
-  rateLimit: {
-    type: 'object',
-    required: false,
-    schema: {
-      ...rateLimitSchema,
-      maxPerRecipientPerDay: {
-        type: 'number',
-        required: false,
-        default: 10,
-        min: 1
-      }
-    }
-  },
-  provider: {
-    type: 'object',
-    required: false,
-    schema: {
-      type: {
-        type: 'string',
-        required: false,
-        enum: ['gateway', 'twilio', 'other'],
-        default: 'gateway'
-      },
-      config: {
-        type: 'object',
-        required: false
-      },
-      fallback: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          type: {
-            type: 'string',
-            required: false,
-            enum: ['gateway', 'twilio', 'other']
-          },
-          config: {
-            type: 'object',
-            required: false
-          }
-        }
-      }
-    }
-  },
-  verification: {
-    type: 'object',
-    required: false,
-    schema: {
-      codeLength: {
-        type: 'number',
-        required: false,
-        default: 6,
-        min: 4,
-        max: 10
-      },
-      expirationSeconds: {
-        type: 'number',
-        required: false,
-        default: 300, // 5 minutes
-        min: 60
-      },
-      maxAttempts: {
-        type: 'number',
-        required: false,
-        default: 3,
-        min: 1
-      },
-      cooldownSeconds: {
-        type: 'number',
-        required: false,
-        default: 60, // 1 minute
-        min: 0
-      }
-    }
-  }
-};
-
-/**
- * MTA configuration schema
- */
-export const mtaConfigSchema: ValidationSchema = {
-  smtp: {
-    type: 'object',
-    required: false,
-    schema: {
-      enabled: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      port: {
-        type: 'number',
-        required: false,
-        default: 25,
-        min: 1,
-        max: 65535
-      },
-      hostname: {
-        type: 'string',
-        required: false,
-        default: 'mta.lossless.one'
-      },
-      maxSize: {
-        type: 'number',
-        required: false,
-        default: 10 * 1024 * 1024, // 10MB
-        min: 1024
-      }
-    }
-  },
-  tls: {
-    type: 'object',
-    required: false,
-    schema: tlsConfigSchema
-  },
-  outbound: {
-    type: 'object',
-    required: false,
-    schema: {
-      concurrency: {
-        type: 'number',
-        required: false,
-        default: 5,
-        min: 1
-      },
-      retries: {
-        type: 'object',
-        required: false,
-        schema: {
-          max: {
-            type: 'number',
-            required: false,
-            default: 3,
-            min: 0
-          },
-          delay: {
-            type: 'number',
-            required: false,
-            default: 300000, // 5 minutes
-            min: 1000
-          },
-          useBackoff: {
-            type: 'boolean',
-            required: false,
-            default: true
-          }
-        }
-      },
-      rateLimit: {
-        type: 'object',
-        required: false,
-        schema: rateLimitSchema
-      },
-      warmup: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          ipAddresses: {
-            type: 'array',
-            required: false,
-            items: {
-              type: 'string'
-            }
-          },
-          targetDomains: {
-            type: 'array',
-            required: false,
-            items: {
-              type: 'string'
-            }
-          },
-          allocationPolicy: {
-            type: 'string',
-            required: false,
-            default: 'balanced'
-          },
-          fallbackPercentage: {
-            type: 'number',
-            required: false,
-            default: 50,
-            min: 0,
-            max: 100
-          }
-        }
-      },
-      reputation: {
-        type: 'object',
-        required: false,
-        schema: {
-          enabled: {
-            type: 'boolean',
-            required: false,
-            default: false
-          },
-          updateFrequency: {
-            type: 'number',
-            required: false,
-            default: 24 * 60 * 60 * 1000, // 1 day
-            min: 60000
-          },
-          alertThresholds: {
-            type: 'object',
-            required: false,
-            schema: {
-              minReputationScore: {
-                type: 'number',
-                required: false,
-                default: 70,
-                min: 0,
-                max: 100
-              },
-              maxComplaintRate: {
-                type: 'number',
-                required: false,
-                default: 0.1, // 0.1%
-                min: 0,
-                max: 100
-              }
-            }
-          }
-        }
-      }
-    }
-  },
-  security: {
-    type: 'object',
-    required: false,
-    schema: {
-      useDkim: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifyDkim: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifySpf: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      verifyDmarc: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      enforceDmarc: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      useTls: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      requireValidCerts: {
-        type: 'boolean',
-        required: false,
-        default: false
-      },
-      securityLogLevel: {
-        type: 'string',
-        required: false,
-        enum: ['info', 'warn', 'error'],
-        default: 'warn'
-      },
-      checkIPReputation: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      scanContent: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      maliciousContentAction: {
-        type: 'string',
-        required: false,
-        enum: ['tag', 'quarantine', 'reject'],
-        default: 'tag'
-      },
-      threatScoreThreshold: {
-        type: 'number',
-        required: false,
-        default: 50,
-        min: 0,
-        max: 100
-      },
-      rejectHighRiskIPs: {
-        type: 'boolean',
-        required: false,
-        default: false
-      }
-    }
-  },
-  domains: {
-    type: 'object',
-    required: false,
-    schema: {
-      local: {
-        type: 'array',
-        required: false,
-        items: {
-          type: 'string'
-        },
-        default: ['lossless.one']
-      },
-      autoCreateDnsRecords: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      dkimSelector: {
-        type: 'string',
-        required: false,
-        default: 'mta'
-      }
-    }
-  },
-  queue: {
-    type: 'object',
-    required: false,
-    schema: queueSchema
-  }
-};
-
-/**
- * Email service configuration schema
- */
-export const emailConfigSchema: ValidationSchema = {
-  useMta: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  mtaConfig: {
-    type: 'object',
-    required: false,
-    schema: mtaConfigSchema
-  },
-  templateConfig: {
-    type: 'object',
-    required: false,
-    schema: {
-      from: {
-        type: 'string',
-        required: false,
-        default: 'no-reply@lossless.one'
-      },
-      replyTo: {
-        type: 'string',
-        required: false,
-        default: 'support@lossless.one'
-      },
-      footerHtml: {
-        type: 'string',
-        required: false
-      },
-      footerText: {
-        type: 'string',
-        required: false
-      }
-    }
-  },
-  loadTemplatesFromDir: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  templatesDir: {
-    type: 'string',
-    required: false
-  }
-};
-
-/**
- * Database configuration schema
- */
-export const databaseConfigSchema: ValidationSchema = {
-  connectionString: {
-    type: 'string',
-    required: false
-  },
-  host: {
-    type: 'string',
-    required: false,
-    default: 'localhost'
-  },
-  port: {
-    type: 'number',
-    required: false,
-    default: 5432,
-    min: 1,
-    max: 65535
-  },
-  database: {
-    type: 'string',
-    required: false
-  },
-  username: {
-    type: 'string',
-    required: false
-  },
-  password: {
-    type: 'string',
-    required: false
-  },
-  ssl: {
-    type: 'boolean',
-    required: false,
-    default: false
-  },
-  pool: {
-    type: 'object',
-    required: false,
-    schema: {
-      min: {
-        type: 'number',
-        required: false,
-        default: 2,
-        min: 1
-      },
-      max: {
-        type: 'number',
-        required: false,
-        default: 10,
-        min: 1
-      },
-      idleTimeoutMillis: {
-        type: 'number',
-        required: false,
-        default: 30000,
-        min: 1000
-      }
-    }
-  }
-};
-
-/**
- * Platform service configuration schema
- */
-export const platformConfigSchema: ValidationSchema = {
-  id: {
-    type: 'string',
-    required: false,
-    default: 'platform-service-config'
-  },
-  version: {
-    type: 'string',
-    required: false,
-    default: '1.0.0'
-  },
-  environment: {
-    type: 'string',
-    required: false,
-    enum: ['development', 'test', 'staging', 'production'],
-    default: 'production'
-  },
-  name: {
-    type: 'string',
-    required: false,
-    default: 'PlatformService'
-  },
-  enabled: {
-    type: 'boolean',
-    required: false,
-    default: true
-  },
-  logging: {
-    type: 'object',
-    required: false,
-    schema: {
-      level: {
-        type: 'string',
-        required: false,
-        enum: ['error', 'warn', 'info', 'debug'],
-        default: 'info'
-      },
-      structured: {
-        type: 'boolean',
-        required: false,
-        default: true
-      },
-      correlationTracking: {
-        type: 'boolean',
-        required: false,
-        default: true
-      }
-    }
-  },
-  server: {
-    type: 'object',
-    required: false,
-    schema: httpServerSchema
-  },
-  database: {
-    type: 'object',
-    required: false,
-    schema: databaseConfigSchema
-  },
-  email: {
-    type: 'object',
-    required: false,
-    schema: emailConfigSchema
-  },
-  sms: {
-    type: 'object',
-    required: false,
-    schema: smsConfigSchema
-  },
-  paths: {
-    type: 'object',
-    required: false,
-    schema: {
-      dataDir: {
-        type: 'string',
-        required: false,
-        default: 'data'
-      },
-      logsDir: {
-        type: 'string',
-        required: false,
-        default: 'logs'
-      },
-      tempDir: {
-        type: 'string',
-        required: false,
-        default: 'temp'
-      },
-      emailTemplatesDir: {
-        type: 'string',
-        required: false,
-        default: 'templates/email'
-      }
-    }
-  }
-};

ts/config/validator.ts

@@ -1,6 +1,5 @@
 import * as plugins from '../plugins.js';
 import { ValidationError } from '../errors/base.errors.js';
-import type { IBaseConfig } from './base.config.js';
 
 /**
  * Validation result
@@ -95,56 +94,6 @@ export type ValidationSchema = Record<string, {
  * Validates configuration objects against schemas and provides default values
  */
 export class ConfigValidator {
-  /**
-   * Basic schema for IBaseConfig
-   */
-  private static baseConfigSchema: ValidationSchema = {
-    id: {
-      type: 'string',
-      required: false
-    },
-    version: {
-      type: 'string',
-      required: false
-    },
-    environment: {
-      type: 'string',
-      required: false,
-      enum: ['development', 'test', 'staging', 'production'],
-      default: 'production'
-    },
-    name: {
-      type: 'string',
-      required: false
-    },
-    enabled: {
-      type: 'boolean',
-      required: false,
-      default: true
-    },
-    logging: {
-      type: 'object',
-      required: false,
-      schema: {
-        level: {
-          type: 'string',
-          required: false,
-          enum: ['error', 'warn', 'info', 'debug'],
-          default: 'info'
-        },
-        structured: {
-          type: 'boolean',
-          required: false,
-          default: true
-        },
-        correlationTracking: {
-          type: 'boolean',
-          required: false,
-          default: true
-        }
-      }
-    }
-  };
 
   /**
    * Validate a configuration object against a schema
@@ -261,15 +210,6 @@ export class ConfigValidator {
     };
   }
 
-  /**
-   * Validate base configuration
-   * 
-   * @param config Base configuration
-   * @returns Validation result for base configuration
-   */
-  public static validateBaseConfig(config: IBaseConfig): IValidationResult {
-    return this.validate(config, this.baseConfigSchema);
-  }
 
   /**
    * Apply defaults to a configuration object based on a schema

ts/deliverability/classes.ipwarmupmanager.ts

@@ -1,896 +0,0 @@
-import * as plugins from '../plugins.js';
-import * as paths from '../paths.js';
-import { logger } from '../logger.js';
-import { LRUCache } from 'lru-cache';
-
-/**
- * Represents a single stage in the warmup process
- */
-export interface IWarmupStage {
-  /** Stage number (1-based) */
-  stage: number;
-  /** Maximum daily email volume for this stage */
-  maxDailyVolume: number;
-  /** Duration of this stage in days */
-  durationDays: number;
-  /** Target engagement metrics for this stage */
-  targetMetrics?: {
-    /** Minimum open rate (percentage) */
-    minOpenRate?: number;
-    /** Maximum bounce rate (percentage) */
-    maxBounceRate?: number;
-    /** Maximum spam complaint rate (percentage) */
-    maxComplaintRate?: number;
-  };
-}
-
-/**
- * Configuration for IP warmup process
- */
-export interface IIPWarmupConfig {
-  /** Whether the warmup is enabled */
-  enabled?: boolean;
-  /** List of IP addresses to warm up */
-  ipAddresses?: string[];
-  /** Target domains to warm up (e.g. your sending domains) */
-  targetDomains?: string[];
-  /** Warmup stages defining volume and duration */
-  stages?: IWarmupStage[];
-  /** Date when warmup process started */
-  startDate?: Date;
-  /** Default hourly distribution for sending (percentage of daily volume per hour) */
-  hourlyDistribution?: number[];
-  /** Whether to automatically advance stages based on metrics */
-  autoAdvanceStages?: boolean;
-  /** Whether to suspend warmup if metrics decline */
-  suspendOnMetricDecline?: boolean;
-  /** Percentage of traffic to send through fallback provider during warmup */
-  fallbackPercentage?: number;
-  /** Whether to prioritize engaged subscribers during warmup */
-  prioritizeEngagedSubscribers?: boolean;
-}
-
-/**
- * Status for a specific IP's warmup process
- */
-export interface IIPWarmupStatus {
-  /** IP address being warmed up */
-  ipAddress: string;
-  /** Current warmup stage */
-  currentStage: number;
-  /** Start date of the warmup process */
-  startDate: Date;
-  /** Start date of the current stage */
-  currentStageStartDate: Date;
-  /** Target completion date for entire warmup */
-  targetCompletionDate: Date;
-  /** Daily volume allocation for current stage */
-  currentDailyAllocation: number;
-  /** Emails sent in current stage */
-  sentInCurrentStage: number;
-  /** Total emails sent during warmup process */
-  totalSent: number;
-  /** Whether the warmup is currently active */
-  isActive: boolean;
-  /** Daily statistics for the past week */
-  dailyStats: Array<{
-    /** Date of the statistics */
-    date: string;
-    /** Number of emails sent */
-    sent: number;
-    /** Number of emails opened */
-    opened: number;
-    /** Number of bounces */
-    bounces: number;
-    /** Number of spam complaints */
-    complaints: number;
-  }>;
-  /** Current metrics */
-  metrics: {
-    /** Open rate percentage */
-    openRate: number;
-    /** Bounce rate percentage */
-    bounceRate: number;
-    /** Complaint rate percentage */
-    complaintRate: number;
-  };
-}
-
-/**
- * Defines methods for a policy used to allocate emails to different IPs
- */
-export interface IIPAllocationPolicy {
-  /** Name of the policy */
-  name: string;
-  
-  /**
-   * Allocate an IP address for sending an email
-   * @param availableIPs List of available IP addresses
-   * @param emailInfo Information about the email being sent
-   * @returns The IP to use, or null if no IP is available
-   */
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null;
-}
-
-/**
- * Default IP warmup configuration with industry standard stages
- */
-const DEFAULT_WARMUP_CONFIG: Required<IIPWarmupConfig> = {
-  enabled: true,
-  ipAddresses: [],
-  targetDomains: [],
-  stages: [
-    { stage: 1, maxDailyVolume: 50, durationDays: 2, targetMetrics: { maxBounceRate: 8, minOpenRate: 15 } },
-    { stage: 2, maxDailyVolume: 100, durationDays: 2, targetMetrics: { maxBounceRate: 7, minOpenRate: 18 } },
-    { stage: 3, maxDailyVolume: 500, durationDays: 3, targetMetrics: { maxBounceRate: 6, minOpenRate: 20 } },
-    { stage: 4, maxDailyVolume: 1000, durationDays: 3, targetMetrics: { maxBounceRate: 5, minOpenRate: 20 } },
-    { stage: 5, maxDailyVolume: 5000, durationDays: 5, targetMetrics: { maxBounceRate: 3, minOpenRate: 22 } },
-    { stage: 6, maxDailyVolume: 10000, durationDays: 5, targetMetrics: { maxBounceRate: 2, minOpenRate: 25 } },
-    { stage: 7, maxDailyVolume: 20000, durationDays: 5, targetMetrics: { maxBounceRate: 1, minOpenRate: 25 } },
-    { stage: 8, maxDailyVolume: 50000, durationDays: 5, targetMetrics: { maxBounceRate: 1, minOpenRate: 25 } },
-  ],
-  startDate: new Date(),
-  // Default hourly distribution (percentage per hour, sums to 100%)
-  hourlyDistribution: [
-    1, 1, 1, 1, 1, 2, 3, 5, 7, 8, 10, 11, 
-    10, 9, 8, 6, 5, 4, 3, 2, 1, 1, 1, 0
-  ],
-  autoAdvanceStages: true,
-  suspendOnMetricDecline: true,
-  fallbackPercentage: 50,
-  prioritizeEngagedSubscribers: true
-};
-
-/**
- * Manages the IP warming process for new sending IPs
- */
-export class IPWarmupManager {
-  private static instance: IPWarmupManager;
-  private config: Required<IIPWarmupConfig>;
-  private warmupStatuses: Map<string, IIPWarmupStatus> = new Map();
-  private dailySendCounts: Map<string, number> = new Map();
-  private hourlySendCounts: Map<string, number[]> = new Map();
-  private isInitialized: boolean = false;
-  private allocationPolicies: Map<string, IIPAllocationPolicy> = new Map();
-  private activePolicy: string = 'balanced';
-  
-  /**
-   * Constructor for IPWarmupManager
-   * @param config Warmup configuration
-   */
-  constructor(config: IIPWarmupConfig = {}) {
-    this.config = {
-      ...DEFAULT_WARMUP_CONFIG,
-      ...config,
-      stages: config.stages || [...DEFAULT_WARMUP_CONFIG.stages]
-    };
-    
-    // Register default allocation policies
-    this.registerAllocationPolicy('balanced', new BalancedAllocationPolicy());
-    this.registerAllocationPolicy('roundRobin', new RoundRobinAllocationPolicy());
-    this.registerAllocationPolicy('dedicated', new DedicatedDomainPolicy());
-    
-    this.initialize();
-  }
-  
-  /**
-   * Get the singleton instance of IPWarmupManager
-   * @param config Warmup configuration
-   * @returns Singleton instance
-   */
-  public static getInstance(config: IIPWarmupConfig = {}): IPWarmupManager {
-    if (!IPWarmupManager.instance) {
-      IPWarmupManager.instance = new IPWarmupManager(config);
-    }
-    return IPWarmupManager.instance;
-  }
-  
-  /**
-   * Initialize the warmup manager
-   */
-  private initialize(): void {
-    if (this.isInitialized) return;
-    
-    try {
-      // Load warmup statuses from storage
-      this.loadWarmupStatuses();
-      
-      // Initialize any new IPs that might have been added to config
-      for (const ip of this.config.ipAddresses) {
-        if (!this.warmupStatuses.has(ip)) {
-          this.initializeIPWarmup(ip);
-        }
-      }
-      
-      // Initialize daily and hourly counters
-      const today = new Date().toISOString().split('T')[0];
-      for (const ip of this.config.ipAddresses) {
-        this.dailySendCounts.set(ip, 0);
-        this.hourlySendCounts.set(ip, Array(24).fill(0));
-      }
-      
-      // Schedule daily reset of counters
-      this.scheduleDailyReset();
-      
-      // Schedule daily evaluation of warmup progress
-      this.scheduleDailyEvaluation();
-      
-      this.isInitialized = true;
-      logger.log('info', `IP Warmup Manager initialized with ${this.config.ipAddresses.length} IPs`);
-    } catch (error) {
-      logger.log('error', `Failed to initialize IP Warmup Manager: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-  
-  /**
-   * Initialize warmup status for a new IP address
-   * @param ipAddress IP address to initialize
-   */
-  private initializeIPWarmup(ipAddress: string): void {
-    const startDate = new Date();
-    let targetCompletionDate = new Date(startDate);
-    
-    // Calculate target completion date based on stages
-    let totalDays = 0;
-    for (const stage of this.config.stages) {
-      totalDays += stage.durationDays;
-    }
-    
-    targetCompletionDate.setDate(targetCompletionDate.getDate() + totalDays);
-    
-    const warmupStatus: IIPWarmupStatus = {
-      ipAddress,
-      currentStage: 1,
-      startDate,
-      currentStageStartDate: new Date(),
-      targetCompletionDate,
-      currentDailyAllocation: this.config.stages[0].maxDailyVolume,
-      sentInCurrentStage: 0,
-      totalSent: 0,
-      isActive: true,
-      dailyStats: [],
-      metrics: {
-        openRate: 0,
-        bounceRate: 0,
-        complaintRate: 0
-      }
-    };
-    
-    this.warmupStatuses.set(ipAddress, warmupStatus);
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Initialized warmup for IP ${ipAddress}`, {
-      currentStage: 1,
-      targetCompletion: targetCompletionDate.toISOString().split('T')[0]
-    });
-  }
-  
-  /**
-   * Schedule daily reset of send counters
-   */
-  private scheduleDailyReset(): void {
-    // Calculate time until midnight
-    const now = new Date();
-    const tomorrow = new Date(now);
-    tomorrow.setDate(tomorrow.getDate() + 1);
-    tomorrow.setHours(0, 0, 0, 0);
-    
-    const timeUntilMidnight = tomorrow.getTime() - now.getTime();
-    
-    // Schedule reset
-    setTimeout(() => {
-      this.resetDailyCounts();
-      // Reschedule for next day
-      this.scheduleDailyReset();
-    }, timeUntilMidnight);
-    
-    logger.log('info', `Scheduled daily counter reset in ${Math.floor(timeUntilMidnight / 60000)} minutes`);
-  }
-  
-  /**
-   * Reset daily send counters
-   */
-  private resetDailyCounts(): void {
-    for (const ip of this.config.ipAddresses) {
-      // Save yesterday's count to history before resetting
-      const status = this.warmupStatuses.get(ip);
-      if (status) {
-        const yesterday = new Date();
-        yesterday.setDate(yesterday.getDate() - 1);
-        
-        // Update daily stats with yesterday's data
-        const sentCount = this.dailySendCounts.get(ip) || 0;
-        status.dailyStats.push({
-          date: yesterday.toISOString().split('T')[0],
-          sent: sentCount,
-          opened: Math.floor(sentCount * status.metrics.openRate / 100),
-          bounces: Math.floor(sentCount * status.metrics.bounceRate / 100),
-          complaints: Math.floor(sentCount * status.metrics.complaintRate / 100)
-        });
-        
-        // Keep only the last 7 days of stats
-        if (status.dailyStats.length > 7) {
-          status.dailyStats.shift();
-        }
-      }
-      
-      // Reset counters for today
-      this.dailySendCounts.set(ip, 0);
-      this.hourlySendCounts.set(ip, Array(24).fill(0));
-    }
-    
-    // Save updated statuses
-    this.saveWarmupStatuses();
-    
-    logger.log('info', 'Daily send counters reset');
-  }
-  
-  /**
-   * Schedule daily evaluation of warmup progress
-   */
-  private scheduleDailyEvaluation(): void {
-    // Calculate time until 1 AM (do evaluation after midnight)
-    const now = new Date();
-    const evaluationTime = new Date(now);
-    evaluationTime.setDate(evaluationTime.getDate() + 1);
-    evaluationTime.setHours(1, 0, 0, 0);
-    
-    const timeUntilEvaluation = evaluationTime.getTime() - now.getTime();
-    
-    // Schedule evaluation
-    setTimeout(() => {
-      this.evaluateWarmupProgress();
-      // Reschedule for next day
-      this.scheduleDailyEvaluation();
-    }, timeUntilEvaluation);
-    
-    logger.log('info', `Scheduled daily warmup evaluation in ${Math.floor(timeUntilEvaluation / 60000)} minutes`);
-  }
-  
-  /**
-   * Evaluate warmup progress and possibly advance stages
-   */
-  private evaluateWarmupProgress(): void {
-    if (!this.config.autoAdvanceStages) {
-      logger.log('info', 'Auto-advance stages is disabled, skipping evaluation');
-      return;
-    }
-    
-    // Convert entries to array for compatibility with older JS versions
-    Array.from(this.warmupStatuses.entries()).forEach(([ip, status]) => {
-      if (!status.isActive) return;
-      
-      // Check if current stage duration has elapsed
-      const currentStage = this.config.stages[status.currentStage - 1];
-      const now = new Date();
-      const daysSinceStageStart = Math.floor(
-        (now.getTime() - status.currentStageStartDate.getTime()) / (24 * 60 * 60 * 1000)
-      );
-      
-      if (daysSinceStageStart >= currentStage.durationDays) {
-        // Check if metrics meet requirements for advancing
-        const metricsOK = this.checkStageMetrics(status, currentStage);
-        
-        if (metricsOK) {
-          // Advance to next stage if not at the final stage
-          if (status.currentStage < this.config.stages.length) {
-            this.advanceToNextStage(ip);
-          } else {
-            logger.log('info', `IP ${ip} has completed the warmup process`);
-          }
-        } else if (this.config.suspendOnMetricDecline) {
-          // Suspend warmup if metrics don't meet requirements
-          status.isActive = false;
-          logger.log('warn', `Suspended warmup for IP ${ip} due to poor metrics`, {
-            openRate: status.metrics.openRate,
-            bounceRate: status.metrics.bounceRate,
-            complaintRate: status.metrics.complaintRate
-          });
-        } else {
-          // Extend current stage if metrics don't meet requirements
-          logger.log('info', `Extending stage ${status.currentStage} for IP ${ip} due to metrics not meeting requirements`);
-        }
-      }
-    });
-    
-    // Save updated statuses
-    this.saveWarmupStatuses();
-  }
-  
-  /**
-   * Check if the current metrics meet the requirements for the stage
-   * @param status Warmup status to check
-   * @param stage Stage to check against
-   * @returns Whether metrics meet requirements
-   */
-  private checkStageMetrics(status: IIPWarmupStatus, stage: IWarmupStage): boolean {
-    // If no target metrics specified, assume met
-    if (!stage.targetMetrics) return true;
-    
-    const metrics = status.metrics;
-    let meetsRequirements = true;
-    
-    // Check each metric against requirements
-    if (stage.targetMetrics.minOpenRate !== undefined && 
-        metrics.openRate < stage.targetMetrics.minOpenRate) {
-      meetsRequirements = false;
-      logger.log('info', `Open rate ${metrics.openRate}% below target ${stage.targetMetrics.minOpenRate}% for IP ${status.ipAddress}`);
-    }
-    
-    if (stage.targetMetrics.maxBounceRate !== undefined && 
-        metrics.bounceRate > stage.targetMetrics.maxBounceRate) {
-      meetsRequirements = false;
-      logger.log('info', `Bounce rate ${metrics.bounceRate}% above target ${stage.targetMetrics.maxBounceRate}% for IP ${status.ipAddress}`);
-    }
-    
-    if (stage.targetMetrics.maxComplaintRate !== undefined && 
-        metrics.complaintRate > stage.targetMetrics.maxComplaintRate) {
-      meetsRequirements = false;
-      logger.log('info', `Complaint rate ${metrics.complaintRate}% above target ${stage.targetMetrics.maxComplaintRate}% for IP ${status.ipAddress}`);
-    }
-    
-    return meetsRequirements;
-  }
-  
-  /**
-   * Advance IP to the next warmup stage
-   * @param ipAddress IP address to advance
-   */
-  private advanceToNextStage(ipAddress: string): void {
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status) return;
-    
-    // Store metrics for the completed stage
-    const completedStage = status.currentStage;
-    
-    // Advance to next stage
-    status.currentStage++;
-    status.currentStageStartDate = new Date();
-    status.sentInCurrentStage = 0;
-    
-    // Update allocation
-    const newStage = this.config.stages[status.currentStage - 1];
-    status.currentDailyAllocation = newStage.maxDailyVolume;
-    
-    logger.log('info', `Advanced IP ${ipAddress} to warmup stage ${status.currentStage}`, {
-      previousStage: completedStage,
-      newDailyLimit: status.currentDailyAllocation,
-      durationDays: newStage.durationDays
-    });
-  }
-  
-  /**
-   * Get warmup status for all IPs or a specific IP
-   * @param ipAddress Optional specific IP to get status for
-   * @returns Warmup status information
-   */
-  public getWarmupStatus(ipAddress?: string): IIPWarmupStatus | Map<string, IIPWarmupStatus> {
-    if (ipAddress) {
-      return this.warmupStatuses.get(ipAddress);
-    }
-    return this.warmupStatuses;
-  }
-  
-  /**
-   * Add a new IP address to the warmup process
-   * @param ipAddress IP address to add
-   */
-  public addIPToWarmup(ipAddress: string): void {
-    if (this.config.ipAddresses.includes(ipAddress)) {
-      logger.log('info', `IP ${ipAddress} is already in warmup`);
-      return;
-    }
-    
-    // Add to configuration
-    this.config.ipAddresses.push(ipAddress);
-    
-    // Initialize warmup
-    this.initializeIPWarmup(ipAddress);
-    
-    // Initialize counters
-    this.dailySendCounts.set(ipAddress, 0);
-    this.hourlySendCounts.set(ipAddress, Array(24).fill(0));
-    
-    logger.log('info', `Added IP ${ipAddress} to warmup process`);
-  }
-  
-  /**
-   * Remove an IP address from the warmup process
-   * @param ipAddress IP address to remove
-   */
-  public removeIPFromWarmup(ipAddress: string): void {
-    const index = this.config.ipAddresses.indexOf(ipAddress);
-    if (index === -1) {
-      logger.log('info', `IP ${ipAddress} is not in warmup`);
-      return;
-    }
-    
-    // Remove from configuration
-    this.config.ipAddresses.splice(index, 1);
-    
-    // Remove from statuses and counters
-    this.warmupStatuses.delete(ipAddress);
-    this.dailySendCounts.delete(ipAddress);
-    this.hourlySendCounts.delete(ipAddress);
-    
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Removed IP ${ipAddress} from warmup process`);
-  }
-  
-  /**
-   * Update metrics for an IP address
-   * @param ipAddress IP address to update
-   * @param metrics New metrics
-   */
-  public updateMetrics(
-    ipAddress: string, 
-    metrics: { openRate?: number; bounceRate?: number; complaintRate?: number }
-  ): void {
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status) {
-      logger.log('warn', `Cannot update metrics for IP ${ipAddress} - not in warmup`);
-      return;
-    }
-    
-    // Update metrics
-    if (metrics.openRate !== undefined) {
-      status.metrics.openRate = metrics.openRate;
-    }
-    
-    if (metrics.bounceRate !== undefined) {
-      status.metrics.bounceRate = metrics.bounceRate;
-    }
-    
-    if (metrics.complaintRate !== undefined) {
-      status.metrics.complaintRate = metrics.complaintRate;
-    }
-    
-    this.saveWarmupStatuses();
-    
-    logger.log('info', `Updated metrics for IP ${ipAddress}`, {
-      openRate: status.metrics.openRate,
-      bounceRate: status.metrics.bounceRate,
-      complaintRate: status.metrics.complaintRate
-    });
-  }
-  
-  /**
-   * Record a send event for an IP address
-   * @param ipAddress IP address used for sending
-   */
-  public recordSend(ipAddress: string): void {
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      logger.log('warn', `Cannot record send for IP ${ipAddress} - not in warmup`);
-      return;
-    }
-    
-    // Increment daily counter
-    const currentCount = this.dailySendCounts.get(ipAddress) || 0;
-    this.dailySendCounts.set(ipAddress, currentCount + 1);
-    
-    // Increment hourly counter
-    const hourlyCount = this.hourlySendCounts.get(ipAddress) || Array(24).fill(0);
-    const currentHour = new Date().getHours();
-    hourlyCount[currentHour]++;
-    this.hourlySendCounts.set(ipAddress, hourlyCount);
-    
-    // Update warmup status
-    const status = this.warmupStatuses.get(ipAddress);
-    if (status) {
-      status.sentInCurrentStage++;
-      status.totalSent++;
-    }
-  }
-  
-  /**
-   * Check if an IP can send more emails today
-   * @param ipAddress IP address to check
-   * @returns Whether the IP can send more emails
-   */
-  public canSendMoreToday(ipAddress: string): boolean {
-    if (!this.config.enabled) return true;
-    
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      // If not in warmup, assume it can send
-      return true;
-    }
-    
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status || !status.isActive) {
-      return false;
-    }
-    
-    const currentCount = this.dailySendCounts.get(ipAddress) || 0;
-    return currentCount < status.currentDailyAllocation;
-  }
-  
-  /**
-   * Check if an IP can send more emails in the current hour
-   * @param ipAddress IP address to check
-   * @returns Whether the IP can send more emails this hour
-   */
-  public canSendMoreThisHour(ipAddress: string): boolean {
-    if (!this.config.enabled) return true;
-    
-    if (!this.config.ipAddresses.includes(ipAddress)) {
-      // If not in warmup, assume it can send
-      return true;
-    }
-    
-    const status = this.warmupStatuses.get(ipAddress);
-    if (!status || !status.isActive) {
-      return false;
-    }
-    
-    const currentDailyLimit = status.currentDailyAllocation;
-    const currentHour = new Date().getHours();
-    const hourlyAllocation = Math.ceil((currentDailyLimit * this.config.hourlyDistribution[currentHour]) / 100);
-    
-    const hourlyCount = this.hourlySendCounts.get(ipAddress) || Array(24).fill(0);
-    const currentHourCount = hourlyCount[currentHour];
-    
-    return currentHourCount < hourlyAllocation;
-  }
-  
-  /**
-   * Get the best IP to use for sending an email
-   * @param emailInfo Information about the email being sent
-   * @returns The best IP to use, or null if no suitable IP is available
-   */
-  public getBestIPForSending(emailInfo: {
-    from: string;
-    to: string[];
-    domain: string;
-    isTransactional?: boolean;
-  }): string | null {
-    // If warmup is disabled, return null (caller will use default IP)
-    if (!this.config.enabled || this.config.ipAddresses.length === 0) {
-      return null;
-    }
-    
-    // Prepare information for allocation policy
-    const availableIPs = this.config.ipAddresses
-      .filter(ip => this.canSendMoreToday(ip) && this.canSendMoreThisHour(ip))
-      .map(ip => {
-        const status = this.warmupStatuses.get(ip);
-        return {
-          ip,
-          priority: status ? status.currentStage : 1,
-          capacity: status ? (status.currentDailyAllocation - (this.dailySendCounts.get(ip) || 0)) : 0
-        };
-      });
-    
-    // Use the active allocation policy to determine the best IP
-    const policy = this.allocationPolicies.get(this.activePolicy);
-    if (!policy) {
-      logger.log('warn', `No allocation policy named ${this.activePolicy} found`);
-      return null;
-    }
-    
-    return policy.allocateIP(availableIPs, {
-      ...emailInfo,
-      isTransactional: emailInfo.isTransactional || false,
-      isWarmup: true
-    });
-  }
-  
-  /**
-   * Register a new IP allocation policy
-   * @param name Policy name
-   * @param policy Policy implementation
-   */
-  public registerAllocationPolicy(name: string, policy: IIPAllocationPolicy): void {
-    this.allocationPolicies.set(name, policy);
-    logger.log('info', `Registered IP allocation policy: ${name}`);
-  }
-  
-  /**
-   * Set the active IP allocation policy
-   * @param name Policy name
-   */
-  public setActiveAllocationPolicy(name: string): void {
-    if (!this.allocationPolicies.has(name)) {
-      logger.log('warn', `No allocation policy named ${name} found`);
-      return;
-    }
-    
-    this.activePolicy = name;
-    logger.log('info', `Set active IP allocation policy to ${name}`);
-  }
-  
-  /**
-   * Get the total number of stages in the warmup process
-   * @returns Number of stages
-   */
-  public getStageCount(): number {
-    return this.config.stages.length;
-  }
-  
-  /**
-   * Load warmup statuses from storage
-   */
-  private loadWarmupStatuses(): void {
-    try {
-      const warmupDir = plugins.path.join(paths.dataDir, 'warmup');
-      plugins.smartfile.fs.ensureDirSync(warmupDir);
-      
-      const statusFile = plugins.path.join(warmupDir, 'ip_warmup_status.json');
-      
-      if (plugins.fs.existsSync(statusFile)) {
-        const data = plugins.fs.readFileSync(statusFile, 'utf8');
-        const statuses = JSON.parse(data);
-        
-        for (const status of statuses) {
-          // Restore date objects
-          status.startDate = new Date(status.startDate);
-          status.currentStageStartDate = new Date(status.currentStageStartDate);
-          status.targetCompletionDate = new Date(status.targetCompletionDate);
-          
-          this.warmupStatuses.set(status.ipAddress, status);
-        }
-        
-        logger.log('info', `Loaded ${this.warmupStatuses.size} IP warmup statuses from storage`);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to load warmup statuses: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-  
-  /**
-   * Save warmup statuses to storage
-   */
-  private saveWarmupStatuses(): void {
-    try {
-      const warmupDir = plugins.path.join(paths.dataDir, 'warmup');
-      plugins.smartfile.fs.ensureDirSync(warmupDir);
-      
-      const statusFile = plugins.path.join(warmupDir, 'ip_warmup_status.json');
-      const statuses = Array.from(this.warmupStatuses.values());
-      
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(statuses, null, 2),
-        statusFile
-      );
-      
-      logger.log('debug', `Saved ${statuses.length} IP warmup statuses to storage`);
-    } catch (error) {
-      logger.log('error', `Failed to save warmup statuses: ${error.message}`, {
-        stack: error.stack
-      });
-    }
-  }
-}
-
-/**
- * Policy that balances traffic across IPs based on stage and capacity
- */
-class BalancedAllocationPolicy implements IIPAllocationPolicy {
-  name = 'balanced';
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Sort IPs by priority (prefer higher stage IPs) and capacity
-    const sortedIPs = [...availableIPs].sort((a, b) => {
-      // First by priority (descending)
-      if (b.priority !== a.priority) {
-        return b.priority - a.priority;
-      }
-      // Then by remaining capacity (descending)
-      return b.capacity - a.capacity;
-    });
-    
-    // Prioritize higher-stage IPs for transactional emails
-    if (emailInfo.isTransactional) {
-      return sortedIPs[0].ip;
-    }
-    
-    // For marketing emails, spread across IPs with preference for higher stages
-    // Use weighted random selection based on stage
-    const totalWeight = sortedIPs.reduce((sum, ip) => sum + ip.priority, 0);
-    let randomPoint = Math.random() * totalWeight;
-    
-    for (const ip of sortedIPs) {
-      randomPoint -= ip.priority;
-      if (randomPoint <= 0) {
-        return ip.ip;
-      }
-    }
-    
-    // Fallback to the highest priority IP
-    return sortedIPs[0].ip;
-  }
-}
-
-/**
- * Policy that rotates through IPs in a round-robin fashion
- */
-class RoundRobinAllocationPolicy implements IIPAllocationPolicy {
-  name = 'roundRobin';
-  private lastIndex = -1;
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Sort by capacity to ensure even distribution
-    const sortedIPs = [...availableIPs].sort((a, b) => b.capacity - a.capacity);
-    
-    // Move to next IP
-    this.lastIndex = (this.lastIndex + 1) % sortedIPs.length;
-    
-    return sortedIPs[this.lastIndex].ip;
-  }
-}
-
-/**
- * Policy that dedicates specific IPs to specific domains
- */
-class DedicatedDomainPolicy implements IIPAllocationPolicy {
-  name = 'dedicated';
-  private domainAssignments: Map<string, string> = new Map();
-  
-  allocateIP(
-    availableIPs: Array<{ ip: string; priority: number; capacity: number }>,
-    emailInfo: {
-      from: string;
-      to: string[];
-      domain: string;
-      isTransactional: boolean;
-      isWarmup: boolean;
-    }
-  ): string | null {
-    if (availableIPs.length === 0) return null;
-    
-    // Check if we have a dedicated IP for this domain
-    if (this.domainAssignments.has(emailInfo.domain)) {
-      const dedicatedIP = this.domainAssignments.get(emailInfo.domain);
-      
-      // Check if the dedicated IP is in the available list
-      const isAvailable = availableIPs.some(ip => ip.ip === dedicatedIP);
-      
-      if (isAvailable) {
-        return dedicatedIP;
-      }
-    }
-    
-    // If not, assign one and save the assignment
-    const sortedIPs = [...availableIPs].sort((a, b) => b.capacity - a.capacity);
-    const assignedIP = sortedIPs[0].ip;
-    
-    this.domainAssignments.set(emailInfo.domain, assignedIP);
-    
-    return assignedIP;
-  }
-}

ts/deliverability/index.ts

@@ -1,13 +0,0 @@
-export {
-  IPWarmupManager,
-  type IIPWarmupConfig,
-  type IWarmupStage,
-  type IIPWarmupStatus,
-  type IIPAllocationPolicy
-} from './classes.ipwarmupmanager.js';
-
-export {
-  SenderReputationMonitor,
-  type IDomainReputationMetrics,
-  type IReputationMonitorConfig
-} from './classes.senderreputationmonitor.js';

ts/errors/base.errors.ts

@@ -182,25 +182,41 @@ export class PlatformError extends Error {
   ): PlatformError {
     const nextRetryAt = Date.now() + retryDelay;
     
-    // Create a new instance with the same parameters but updated context
+    // Clone the error with updated context
+    const newContext = {
+      ...this.context,
+      retry: {
+        maxRetries,
+        currentRetry,
+        nextRetryAt,
+        retryDelay
+      }
+    };
+    
+    // Create a new instance using the protected method that subclasses can override
+    const newError = this.createWithContext(newContext);
+    
+    // Update recoverability if we can retry
+    if (currentRetry < maxRetries && newError.recoverability === ErrorRecoverability.NON_RECOVERABLE) {
+      (newError as any).recoverability = ErrorRecoverability.MAYBE_RECOVERABLE;
+    }
+    
+    return newError;
+  }
+  
+  /**
+   * Protected method to create a new instance with updated context
+   * Subclasses can override this to handle their own constructor signatures
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    // Default implementation for PlatformError
     return new (this.constructor as typeof PlatformError)(
       this.message,
       this.code,
       this.severity,
       this.category,
-      // If we can retry, the error is at least maybe recoverable
-      currentRetry < maxRetries 
-        ? ErrorRecoverability.MAYBE_RECOVERABLE 
-        : this.recoverability,
-      {
-        ...this.context,
-        retry: {
-          maxRetries,
-          currentRetry,
-          nextRetryAt,
-          retryDelay
-        }
-      }
+      this.recoverability,
+      context
     );
   }
 
@@ -247,6 +263,18 @@ export class ValidationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ValidationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ValidationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -274,6 +302,18 @@ export class ConfigurationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ConfigurationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ConfigurationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -301,6 +341,18 @@ export class NetworkError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle NetworkError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof NetworkError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -328,6 +380,18 @@ export class ResourceError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle ResourceError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ResourceError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -355,6 +419,18 @@ export class AuthenticationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle AuthenticationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof AuthenticationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**
@@ -382,6 +458,18 @@ export class OperationError extends PlatformError {
       context
     );
   }
+  
+  /**
+   * Creates a new instance with updated context
+   * Overrides the base implementation to handle OperationError's constructor signature
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof OperationError)(
+      this.message,
+      this.code,
+      context
+    );
+  }
 }
 
 /**

ts/errors/email.errors.ts

@@ -1,313 +0,0 @@
-import { 
-  PlatformError, 
-  ValidationError, 
-  NetworkError, 
-  ResourceError, 
-  OperationError
-} from './base.errors.js';
-import type { IErrorContext } from './base.errors.js';
-
-import {
-  EMAIL_SERVICE_ERROR,
-  EMAIL_TEMPLATE_ERROR,
-  EMAIL_VALIDATION_ERROR,
-  EMAIL_SEND_ERROR,
-  EMAIL_RECEIVE_ERROR,
-  EMAIL_ATTACHMENT_ERROR,
-  EMAIL_PARSE_ERROR,
-  EMAIL_RATE_LIMIT_EXCEEDED
-} from './error.codes.js';
-
-/**
- * Base class for all email service related errors
- */
-export class EmailServiceError extends OperationError {
-  /**
-   * Creates a new email service error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_SERVICE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email template errors
- */
-export class EmailTemplateError extends OperationError {
-  /**
-   * Creates a new email template error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_TEMPLATE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email validation errors
- */
-export class EmailValidationError extends ValidationError {
-  /**
-   * Creates a new email validation error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_VALIDATION_ERROR, context);
-  }
-}
-
-/**
- * Error class for email sending errors
- */
-export class EmailSendError extends OperationError {
-  /**
-   * Creates a new email send error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_SEND_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a permanently failed send
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  public static permanent(
-    message: string,
-    context: IErrorContext = {}
-  ): EmailSendError {
-    return new EmailSendError(`Permanent send failure: ${message}`, {
-      ...context,
-      data: {
-        ...context.data,
-        permanent: true
-      },
-      userMessage: 'The email could not be delivered due to a permanent failure.'
-    });
-  }
-
-  /**
-   * Creates an instance for a temporary failed send
-   * 
-   * @param message Error message
-   * @param maxRetries Maximum number of retries
-   * @param currentRetry Current retry count
-   * @param retryDelay Delay between retries in ms
-   * @param context Additional context
-   */
-  public static temporary(
-    message: string,
-    maxRetries: number = 3,
-    currentRetry: number = 0,
-    retryDelay: number = 60000,
-    context: IErrorContext = {}
-  ): EmailSendError {
-    const error = new EmailSendError(`Temporary send failure: ${message}`, {
-      ...context,
-      data: {
-        ...context.data,
-        permanent: false
-      },
-      userMessage: 'The email delivery failed temporarily. It will be retried.'
-    });
-    
-    return error.withRetry(maxRetries, currentRetry, retryDelay) as EmailSendError;
-  }
-
-  /**
-   * Check if this is a permanent send failure
-   */
-  public isPermanent(): boolean {
-    return !!this.context.data?.permanent;
-  }
-}
-
-/**
- * Error class for email receiving errors
- */
-export class EmailReceiveError extends OperationError {
-  /**
-   * Creates a new email receive error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_RECEIVE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email attachment errors
- */
-export class EmailAttachmentError extends ValidationError {
-  /**
-   * Creates a new email attachment error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_ATTACHMENT_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an attachment too large error
-   * 
-   * @param size Attachment size in bytes
-   * @param maxSize Maximum allowed size in bytes
-   * @param filename Attachment filename
-   * @param context Additional context
-   */
-  public static tooLarge(
-    size: number,
-    maxSize: number,
-    filename?: string,
-    context: IErrorContext = {}
-  ): EmailAttachmentError {
-    const filenameText = filename ? ` (${filename})` : '';
-    return new EmailAttachmentError(
-      `Attachment${filenameText} size ${size} bytes exceeds maximum allowed size of ${maxSize} bytes`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          size,
-          maxSize,
-          filename
-        },
-        userMessage: `The attachment${filenameText} is too large. Maximum size is ${Math.round(maxSize / 1024 / 1024)} MB.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an invalid attachment type error
-   * 
-   * @param contentType Attachment content type
-   * @param filename Attachment filename
-   * @param allowedTypes List of allowed content types
-   * @param context Additional context
-   */
-  public static invalidType(
-    contentType: string,
-    filename: string,
-    allowedTypes: string[],
-    context: IErrorContext = {}
-  ): EmailAttachmentError {
-    return new EmailAttachmentError(
-      `Attachment '${filename}' with content type '${contentType}' is not allowed. Allowed types: ${allowedTypes.join(', ')}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          contentType,
-          filename,
-          allowedTypes
-        },
-        userMessage: `The attachment type ${contentType} is not allowed.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for email parsing errors
- */
-export class EmailParseError extends OperationError {
-  /**
-   * Creates a new email parse error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_PARSE_ERROR, context);
-  }
-}
-
-/**
- * Error class for email rate limit exceeded errors
- */
-export class EmailRateLimitError extends ResourceError {
-  /**
-   * Creates a new email rate limit error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, EMAIL_RATE_LIMIT_EXCEEDED, context);
-  }
-
-  /**
-   * Creates an instance with rate limit information
-   * 
-   * @param limit Rate limit
-   * @param remaining Remaining quota
-   * @param resetAt Time when the quota resets
-   * @param scope Rate limit scope (global, domain, user, etc.)
-   * @param context Additional context
-   */
-  public static withLimitInfo(
-    limit: number,
-    remaining: number,
-    resetAt: Date | number,
-    scope: string = 'global',
-    context: IErrorContext = {}
-  ): EmailRateLimitError {
-    const resetTime = typeof resetAt === 'number' ? new Date(resetAt) : resetAt;
-    const resetTimeStr = resetTime.toISOString();
-    
-    return new EmailRateLimitError(
-      `Email rate limit exceeded: ${remaining}/${limit} remaining in ${scope} scope, resets at ${resetTimeStr}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          limit,
-          remaining,
-          resetAt: resetTime.getTime(),
-          resetTimeStr,
-          scope
-        },
-        userMessage: `You've reached the email sending limit. Please try again later.`
-      }
-    );
-  }
-}

ts/errors/index.ts

@@ -12,14 +12,19 @@ export * from './error.codes.js';
 export * from './base.errors.js';
 
 // Export domain-specific error classes
-export * from './email.errors.js';
-export * from './mta.errors.js';
 export * from './reputation.errors.js';
 
+// Export error handler
+export * from './error-handler.js';
+
 // Export utility function to create specific error types based on the error category
 import { getErrorClassForCategory } from './base.errors.js';
 export { getErrorClassForCategory };
 
+// Import needed classes for utility functions
+import { PlatformError } from './base.errors.js';
+import { ErrorSeverity, ErrorCategory, ErrorRecoverability } from './error.codes.js';
+
 /**
  * Create a typed error from a standard Error
  * Useful for converting errors from external libraries or APIs
@@ -33,11 +38,7 @@ export function fromError(
   error: Error,
   code: string,
   contextData: Record<string, any> = {}
-) {
-  // Import and use PlatformError
-  const { PlatformError } = require('./base.errors.js');
-  const { ErrorSeverity, ErrorCategory, ErrorRecoverability } = require('./error.codes.js');
-  
+): PlatformError {
   return new PlatformError(
     error.message,
     code,
@@ -66,7 +67,6 @@ export function fromError(
 export function isRetryable(error: any): boolean {
   // If it's our platform error, use its recoverability property
   if (error && typeof error === 'object' && 'recoverability' in error) {
-    const { ErrorRecoverability } = require('./error.codes.js');
     return error.recoverability === ErrorRecoverability.RECOVERABLE ||
            error.recoverability === ErrorRecoverability.MAYBE_RECOVERABLE ||
            error.recoverability === ErrorRecoverability.TRANSIENT;

ts/errors/mta.errors.ts

@@ -1,611 +0,0 @@
-import { 
-  PlatformError,
-  NetworkError, 
-  AuthenticationError, 
-  OperationError,
-  ConfigurationError
-} from './base.errors.js';
-import type { IErrorContext } from './base.errors.js';
-
-import {
-  MTA_CONNECTION_ERROR,
-  MTA_AUTHENTICATION_ERROR,
-  MTA_DELIVERY_ERROR,
-  MTA_CONFIGURATION_ERROR,
-  MTA_DNS_ERROR,
-  MTA_TIMEOUT_ERROR,
-  MTA_PROTOCOL_ERROR
-} from './error.codes.js';
-
-/**
- * Base class for MTA connection errors
- */
-export class MtaConnectionError extends NetworkError {
-  /**
-   * Creates a new MTA connection error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_CONNECTION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a DNS resolution error
-   * 
-   * @param hostname Hostname that failed to resolve
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static dnsError(
-    hostname: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    return new MtaConnectionError(
-      `Failed to resolve DNS for ${hostname}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not connect to mail server for ${hostname}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a connection timeout
-   * 
-   * @param hostname Hostname that timed out
-   * @param port Port number
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static timeout(
-    hostname: string,
-    port: number,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    return new MtaConnectionError(
-      `Connection to ${hostname}:${port} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          port,
-          timeout
-        },
-        userMessage: `Connection to mail server timed out.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a connection refused error
-   * 
-   * @param hostname Hostname that refused connection
-   * @param port Port number
-   * @param context Additional context
-   */
-  public static refused(
-    hostname: string,
-    port: number,
-    context: IErrorContext = {}
-  ): MtaConnectionError {
-    return new MtaConnectionError(
-      `Connection to ${hostname}:${port} refused`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          port
-        },
-        userMessage: `Connection to mail server was refused.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA authentication errors
- */
-export class MtaAuthenticationError extends AuthenticationError {
-  /**
-   * Creates a new MTA authentication error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_AUTHENTICATION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for invalid credentials
-   * 
-   * @param hostname Hostname where authentication failed
-   * @param username Username that failed authentication
-   * @param context Additional context
-   */
-  public static invalidCredentials(
-    hostname: string,
-    username: string,
-    context: IErrorContext = {}
-  ): MtaAuthenticationError {
-    return new MtaAuthenticationError(
-      `Authentication failed for user ${username} at ${hostname}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          username
-        },
-        userMessage: `Authentication to mail server failed.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for unsupported authentication method
-   * 
-   * @param hostname Hostname
-   * @param method Authentication method that is not supported
-   * @param supportedMethods List of supported authentication methods
-   * @param context Additional context
-   */
-  public static unsupportedMethod(
-    hostname: string,
-    method: string,
-    supportedMethods: string[] = [],
-    context: IErrorContext = {}
-  ): MtaAuthenticationError {
-    return new MtaAuthenticationError(
-      `Authentication method ${method} not supported by ${hostname}${supportedMethods.length > 0 ? `. Supported methods: ${supportedMethods.join(', ')}` : ''}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          hostname,
-          method,
-          supportedMethods
-        },
-        userMessage: `The mail server doesn't support the required authentication method.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA delivery errors
- */
-export class MtaDeliveryError extends OperationError {
-  /**
-   * Creates a new MTA delivery error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_DELIVERY_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a permanent delivery failure
-   * 
-   * @param message Error message
-   * @param recipientAddress Recipient email address
-   * @param statusCode SMTP status code
-   * @param smtpResponse Full SMTP response
-   * @param context Additional context
-   */
-  public static permanent(
-    message: string,
-    recipientAddress: string,
-    statusCode?: string,
-    smtpResponse?: string,
-    context: IErrorContext = {}
-  ): MtaDeliveryError {
-    const statusCodeStr = statusCode ? ` (${statusCode})` : '';
-    return new MtaDeliveryError(
-      `Permanent delivery failure to ${recipientAddress}${statusCodeStr}: ${message}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          recipientAddress,
-          statusCode,
-          smtpResponse,
-          permanent: true
-        },
-        userMessage: `The email could not be delivered to ${recipientAddress}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a temporary delivery failure
-   * 
-   * @param message Error message
-   * @param recipientAddress Recipient email address
-   * @param statusCode SMTP status code
-   * @param smtpResponse Full SMTP response
-   * @param maxRetries Maximum number of retries
-   * @param currentRetry Current retry count
-   * @param retryDelay Delay between retries in ms
-   * @param context Additional context
-   */
-  public static temporary(
-    message: string,
-    recipientAddress: string,
-    statusCode?: string,
-    smtpResponse?: string,
-    maxRetries: number = 3,
-    currentRetry: number = 0,
-    retryDelay: number = 60000,
-    context: IErrorContext = {}
-  ): MtaDeliveryError {
-    const statusCodeStr = statusCode ? ` (${statusCode})` : '';
-    const error = new MtaDeliveryError(
-      `Temporary delivery failure to ${recipientAddress}${statusCodeStr}: ${message}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          recipientAddress,
-          statusCode,
-          smtpResponse,
-          permanent: false
-        },
-        userMessage: `The email delivery to ${recipientAddress} failed temporarily. It will be retried.`
-      }
-    );
-    
-    return error.withRetry(maxRetries, currentRetry, retryDelay) as MtaDeliveryError;
-  }
-
-  /**
-   * Check if this is a permanent delivery failure
-   */
-  public isPermanent(): boolean {
-    return !!this.context.data?.permanent;
-  }
-
-  /**
-   * Get the recipient address associated with this delivery error
-   */
-  public getRecipientAddress(): string | undefined {
-    return this.context.data?.recipientAddress;
-  }
-
-  /**
-   * Get the SMTP status code associated with this delivery error
-   */
-  public getStatusCode(): string | undefined {
-    return this.context.data?.statusCode;
-  }
-}
-
-/**
- * Error class for MTA configuration errors
- */
-export class MtaConfigurationError extends ConfigurationError {
-  /**
-   * Creates a new MTA configuration error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_CONFIGURATION_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for a missing configuration value
-   * 
-   * @param propertyPath Path to the missing property
-   * @param context Additional context
-   */
-  public static missingConfig(
-    propertyPath: string,
-    context: IErrorContext = {}
-  ): MtaConfigurationError {
-    return new MtaConfigurationError(
-      `Missing required configuration: ${propertyPath}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          propertyPath
-        },
-        userMessage: `The mail server is missing required configuration.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an invalid configuration value
-   * 
-   * @param propertyPath Path to the invalid property
-   * @param value Current value
-   * @param expectedType Expected type or format
-   * @param context Additional context
-   */
-  public static invalidConfig(
-    propertyPath: string,
-    value: any,
-    expectedType: string,
-    context: IErrorContext = {}
-  ): MtaConfigurationError {
-    return new MtaConfigurationError(
-      `Invalid configuration value for ${propertyPath}: got ${value} (${typeof value}), expected ${expectedType}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          propertyPath,
-          value,
-          expectedType
-        },
-        userMessage: `The mail server has an invalid configuration value.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA DNS errors
- */
-export class MtaDnsError extends NetworkError {
-  /**
-   * Creates a new MTA DNS error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_DNS_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an MX record lookup failure
-   * 
-   * @param domain Domain that failed MX lookup
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static mxLookupFailed(
-    domain: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaDnsError {
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    return new MtaDnsError(
-      `Failed to lookup MX records for ${domain}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          domain,
-          recordType: 'MX',
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not find mail servers for ${domain}.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a TXT record lookup failure
-   * 
-   * @param domain Domain that failed TXT lookup
-   * @param recordPrefix Optional record prefix (e.g., 'spf', 'dkim', 'dmarc')
-   * @param originalError Original error
-   * @param context Additional context
-   */
-  public static txtLookupFailed(
-    domain: string,
-    recordPrefix?: string,
-    originalError?: Error,
-    context: IErrorContext = {}
-  ): MtaDnsError {
-    const recordType = recordPrefix ? `${recordPrefix} TXT` : 'TXT';
-    const errorMsg = originalError ? `: ${originalError.message}` : '';
-    
-    return new MtaDnsError(
-      `Failed to lookup ${recordType} records for ${domain}${errorMsg}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          domain,
-          recordType,
-          recordPrefix,
-          originalError: originalError ? {
-            message: originalError.message,
-            stack: originalError.stack
-          } : undefined
-        },
-        userMessage: `Could not verify ${recordPrefix || ''} records for ${domain}.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA timeout errors
- */
-export class MtaTimeoutError extends NetworkError {
-  /**
-   * Creates a new MTA timeout error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_TIMEOUT_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an SMTP command timeout
-   * 
-   * @param command SMTP command that timed out
-   * @param server Server hostname
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static commandTimeout(
-    command: string,
-    server: string,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaTimeoutError {
-    return new MtaTimeoutError(
-      `SMTP command ${command} to ${server} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          command,
-          server,
-          timeout
-        },
-        userMessage: `The mail server took too long to respond.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for an overall transaction timeout
-   * 
-   * @param server Server hostname
-   * @param timeout Timeout in milliseconds
-   * @param context Additional context
-   */
-  public static transactionTimeout(
-    server: string,
-    timeout: number,
-    context: IErrorContext = {}
-  ): MtaTimeoutError {
-    return new MtaTimeoutError(
-      `SMTP transaction with ${server} timed out after ${timeout}ms`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          server,
-          timeout
-        },
-        userMessage: `The mail server transaction took too long to complete.`
-      }
-    );
-  }
-}
-
-/**
- * Error class for MTA protocol errors
- */
-export class MtaProtocolError extends OperationError {
-  /**
-   * Creates a new MTA protocol error
-   * 
-   * @param message Error message
-   * @param context Additional context
-   */
-  constructor(
-    message: string,
-    context: IErrorContext = {}
-  ) {
-    super(message, MTA_PROTOCOL_ERROR, context);
-  }
-
-  /**
-   * Creates an instance for an unexpected server response
-   * 
-   * @param command SMTP command that received unexpected response
-   * @param response Unexpected response
-   * @param expected Expected response pattern
-   * @param server Server hostname
-   * @param context Additional context
-   */
-  public static unexpectedResponse(
-    command: string,
-    response: string,
-    expected: string,
-    server: string,
-    context: IErrorContext = {}
-  ): MtaProtocolError {
-    return new MtaProtocolError(
-      `Unexpected SMTP response from ${server} for command ${command}: got "${response}", expected "${expected}"`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          command,
-          response,
-          expected,
-          server
-        },
-        userMessage: `Received an unexpected response from the mail server.`
-      }
-    );
-  }
-
-  /**
-   * Creates an instance for a syntax error
-   * 
-   * @param details Error details
-   * @param server Server hostname
-   * @param context Additional context
-   */
-  public static syntaxError(
-    details: string,
-    server: string,
-    context: IErrorContext = {}
-  ): MtaProtocolError {
-    return new MtaProtocolError(
-      `SMTP syntax error in communication with ${server}: ${details}`,
-      {
-        ...context,
-        data: {
-          ...context.data,
-          details,
-          server
-        },
-        userMessage: `There was a protocol error communicating with the mail server.`
-      }
-    );
-  }
-}

ts/errors/reputation.errors.ts

@@ -51,6 +51,16 @@ export class ReputationCheckError extends ReputationError {
   ) {
     super(message, REPUTATION_CHECK_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationCheckError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for an IP reputation check error
@@ -133,6 +143,16 @@ export class ReputationDataError extends ReputationError {
   ) {
     super(message, REPUTATION_DATA_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationDataError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for a data access error
@@ -186,6 +206,16 @@ export class BlocklistError extends ReputationError {
   ) {
     super(message, REPUTATION_BLOCKLIST_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof BlocklistError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for an entity found on a blocklist
@@ -237,6 +267,16 @@ export class ReputationUpdateError extends ReputationError {
   ) {
     super(message, REPUTATION_UPDATE_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof ReputationUpdateError)(
+      this.message,
+      context
+    );
+  }
 }
 
 /**
@@ -255,6 +295,16 @@ export class WarmupAllocationError extends ReputationError {
   ) {
     super(message, WARMUP_ALLOCATION_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupAllocationError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for no available IPs
@@ -299,6 +349,16 @@ export class WarmupLimitError extends ResourceError {
   ) {
     super(message, WARMUP_LIMIT_EXCEEDED, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupLimitError)(
+      this.message,
+      context
+    );
+  }
 
   /**
    * Creates an instance for daily sending limit exceeded
@@ -349,4 +409,14 @@ export class WarmupScheduleError extends ReputationError {
   ) {
     super(message, WARMUP_SCHEDULE_ERROR, context);
   }
+  
+  /**
+   * Creates a new instance with updated context
+   */
+  protected createWithContext(context: IErrorContext): PlatformError {
+    return new (this.constructor as typeof WarmupScheduleError)(
+      this.message,
+      context
+    );
+  }
 }

ts/index.ts

@@ -1,8 +1,16 @@
 export * from './00_commitinfo_data.js';
-import { SzPlatformService } from './platformservice.js';
-export * from './mail/index.js';
+
+// Re-export smartmta (excluding commitinfo to avoid naming conflict)
+export { UnifiedEmailServer } from '@push.rocks/smartmta';
+export type { IUnifiedEmailServerOptions, IEmailRoute, IEmailDomainConfig } from '@push.rocks/smartmta';
 
 // DcRouter
 export * from './classes.dcrouter.js';
 
-export const runCli = async () => {}
+// RADIUS module
+export * from './radius/index.js';
+
+// Remote Ingress module
+export * from './remoteingress/index.js';
+
+export const runCli = async () => {};

ts/mail/core/classes.bouncemanager.ts

@@ -1,902 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-import { LRUCache } from 'lru-cache';
-
-/**
- * Bounce types for categorizing the reasons for bounces
- */
-export enum BounceType {
-  // Hard bounces (permanent failures)
-  INVALID_RECIPIENT = 'invalid_recipient',
-  DOMAIN_NOT_FOUND = 'domain_not_found',
-  MAILBOX_FULL = 'mailbox_full',
-  MAILBOX_INACTIVE = 'mailbox_inactive',
-  BLOCKED = 'blocked',
-  SPAM_RELATED = 'spam_related',
-  POLICY_RELATED = 'policy_related',
-  
-  // Soft bounces (temporary failures)
-  SERVER_UNAVAILABLE = 'server_unavailable',
-  TEMPORARY_FAILURE = 'temporary_failure',
-  QUOTA_EXCEEDED = 'quota_exceeded',
-  NETWORK_ERROR = 'network_error',
-  TIMEOUT = 'timeout',
-  
-  // Special cases
-  AUTO_RESPONSE = 'auto_response',
-  CHALLENGE_RESPONSE = 'challenge_response',
-  UNKNOWN = 'unknown'
-}
-
-/**
- * Hard vs soft bounce classification
- */
-export enum BounceCategory {
-  HARD = 'hard',
-  SOFT = 'soft',
-  AUTO_RESPONSE = 'auto_response',
-  UNKNOWN = 'unknown'
-}
-
-/**
- * Bounce data structure
- */
-export interface BounceRecord {
-  id: string;
-  originalEmailId?: string;
-  recipient: string;
-  sender: string;
-  domain: string;
-  subject?: string;
-  bounceType: BounceType;
-  bounceCategory: BounceCategory;
-  timestamp: number;
-  smtpResponse?: string;
-  diagnosticCode?: string;
-  statusCode?: string;
-  headers?: Record<string, string>;
-  processed: boolean;
-  retryCount?: number;
-  nextRetryTime?: number;
-}
-
-/**
- * Email bounce patterns to identify bounce types in SMTP responses and bounce messages
- */
-const BOUNCE_PATTERNS = {
-  // Hard bounce patterns
-  [BounceType.INVALID_RECIPIENT]: [
-    /no such user/i,
-    /user unknown/i,
-    /does not exist/i,
-    /invalid recipient/i,
-    /unknown recipient/i,
-    /no mailbox/i,
-    /user not found/i,
-    /recipient address rejected/i,
-    /550 5\.1\.1/i
-  ],
-  [BounceType.DOMAIN_NOT_FOUND]: [
-    /domain not found/i,
-    /unknown domain/i,
-    /no such domain/i,
-    /host not found/i,
-    /domain invalid/i,
-    /550 5\.1\.2/i
-  ],
-  [BounceType.MAILBOX_FULL]: [
-    /mailbox full/i,
-    /over quota/i,
-    /quota exceeded/i,
-    /552 5\.2\.2/i
-  ],
-  [BounceType.MAILBOX_INACTIVE]: [
-    /mailbox disabled/i,
-    /mailbox inactive/i,
-    /account disabled/i,
-    /mailbox not active/i,
-    /account suspended/i
-  ],
-  [BounceType.BLOCKED]: [
-    /blocked/i,
-    /rejected/i,
-    /denied/i,
-    /blacklisted/i,
-    /prohibited/i,
-    /refused/i,
-    /550 5\.7\./i
-  ],
-  [BounceType.SPAM_RELATED]: [
-    /spam/i,
-    /bulk mail/i,
-    /content rejected/i,
-    /message rejected/i,
-    /550 5\.7\.1/i
-  ],
-  
-  // Soft bounce patterns
-  [BounceType.SERVER_UNAVAILABLE]: [
-    /server unavailable/i,
-    /service unavailable/i,
-    /try again later/i,
-    /try later/i,
-    /451 4\.3\./i,
-    /421 4\.3\./i
-  ],
-  [BounceType.TEMPORARY_FAILURE]: [
-    /temporary failure/i,
-    /temporary error/i,
-    /temporary problem/i,
-    /try again/i,
-    /451 4\./i
-  ],
-  [BounceType.QUOTA_EXCEEDED]: [
-    /quota temporarily exceeded/i,
-    /mailbox temporarily full/i,
-    /452 4\.2\.2/i
-  ],
-  [BounceType.NETWORK_ERROR]: [
-    /network error/i,
-    /connection error/i,
-    /connection timed out/i,
-    /routing error/i,
-    /421 4\.4\./i
-  ],
-  [BounceType.TIMEOUT]: [
-    /timed out/i,
-    /timeout/i,
-    /450 4\.4\.2/i
-  ],
-  
-  // Auto-responses
-  [BounceType.AUTO_RESPONSE]: [
-    /auto[- ]reply/i,
-    /auto[- ]response/i,
-    /vacation/i,
-    /out of office/i,
-    /away from office/i,
-    /on vacation/i,
-    /automatic reply/i
-  ],
-  [BounceType.CHALLENGE_RESPONSE]: [
-    /challenge[- ]response/i,
-    /verify your email/i,
-    /confirm your email/i,
-    /email verification/i
-  ]
-};
-
-/**
- * Retry strategy configuration for soft bounces
- */
-interface RetryStrategy {
-  maxRetries: number;
-  initialDelay: number; // milliseconds
-  maxDelay: number; // milliseconds
-  backoffFactor: number;
-}
-
-/**
- * Manager for handling email bounces
- */
-export class BounceManager {
-  // Retry strategy with exponential backoff
-  private retryStrategy: RetryStrategy = {
-    maxRetries: 5,
-    initialDelay: 15 * 60 * 1000, // 15 minutes
-    maxDelay: 24 * 60 * 60 * 1000, // 24 hours
-    backoffFactor: 2
-  };
-  
-  // Store of bounced emails
-  private bounceStore: BounceRecord[] = [];
-  
-  // Cache of recently bounced email addresses to avoid sending to known bad addresses
-  private bounceCache: LRUCache<string, {
-    lastBounce: number;
-    count: number;
-    type: BounceType;
-    category: BounceCategory;
-  }>;
-  
-  // Suppression list for addresses that should not receive emails
-  private suppressionList: Map<string, {
-    reason: string;
-    timestamp: number;
-    expiresAt?: number; // undefined means permanent
-  }> = new Map();
-  
-  constructor(options?: {
-    retryStrategy?: Partial<RetryStrategy>;
-    maxCacheSize?: number;
-    cacheTTL?: number;
-  }) {
-    // Set retry strategy with defaults
-    if (options?.retryStrategy) {
-      this.retryStrategy = {
-        ...this.retryStrategy,
-        ...options.retryStrategy
-      };
-    }
-    
-    // Initialize bounce cache with LRU (least recently used) caching
-    this.bounceCache = new LRUCache<string, any>({
-      max: options?.maxCacheSize || 10000,
-      ttl: options?.cacheTTL || 30 * 24 * 60 * 60 * 1000, // 30 days default
-    });
-    
-    // Load suppression list from storage
-    this.loadSuppressionList();
-  }
-  
-  /**
-   * Process a bounce notification
-   * @param bounceData Bounce data to process
-   * @returns Processed bounce record
-   */
-  public async processBounce(bounceData: Partial<BounceRecord>): Promise<BounceRecord> {
-    try {
-      // Add required fields if missing
-      const bounce: BounceRecord = {
-        id: bounceData.id || plugins.uuid.v4(),
-        recipient: bounceData.recipient,
-        sender: bounceData.sender,
-        domain: bounceData.domain || bounceData.recipient.split('@')[1],
-        subject: bounceData.subject,
-        bounceType: bounceData.bounceType || BounceType.UNKNOWN,
-        bounceCategory: bounceData.bounceCategory || BounceCategory.UNKNOWN,
-        timestamp: bounceData.timestamp || Date.now(),
-        smtpResponse: bounceData.smtpResponse,
-        diagnosticCode: bounceData.diagnosticCode,
-        statusCode: bounceData.statusCode,
-        headers: bounceData.headers,
-        processed: false,
-        originalEmailId: bounceData.originalEmailId,
-        retryCount: bounceData.retryCount || 0,
-        nextRetryTime: bounceData.nextRetryTime
-      };
-      
-      // Determine bounce type and category if not provided
-      if (!bounceData.bounceType || bounceData.bounceType === BounceType.UNKNOWN) {
-        const bounceInfo = this.detectBounceType(
-          bounce.smtpResponse || '',
-          bounce.diagnosticCode || '',
-          bounce.statusCode || ''
-        );
-        
-        bounce.bounceType = bounceInfo.type;
-        bounce.bounceCategory = bounceInfo.category;
-      }
-      
-      // Process the bounce based on category
-      switch (bounce.bounceCategory) {
-        case BounceCategory.HARD:
-          // Handle hard bounce - add to suppression list
-          await this.handleHardBounce(bounce);
-          break;
-          
-        case BounceCategory.SOFT:
-          // Handle soft bounce - schedule retry if eligible
-          await this.handleSoftBounce(bounce);
-          break;
-          
-        case BounceCategory.AUTO_RESPONSE:
-          // Handle auto-response - typically no action needed
-          logger.log('info', `Auto-response detected for ${bounce.recipient}`);
-          break;
-          
-        default:
-          // Unknown bounce type - log for investigation
-          logger.log('warn', `Unknown bounce type for ${bounce.recipient}`, {
-            bounceType: bounce.bounceType,
-            smtpResponse: bounce.smtpResponse
-          });
-          break;
-      }
-      
-      // Store the bounce record
-      bounce.processed = true;
-      this.bounceStore.push(bounce);
-      
-      // Update the bounce cache
-      this.updateBounceCache(bounce);
-      
-      // Log the bounce
-      logger.log(
-        bounce.bounceCategory === BounceCategory.HARD ? 'warn' : 'info',
-        `Email bounce processed: ${bounce.bounceCategory} bounce for ${bounce.recipient}`,
-        {
-          bounceType: bounce.bounceType,
-          domain: bounce.domain,
-          category: bounce.bounceCategory
-        }
-      );
-      
-      // Enhanced security logging
-      SecurityLogger.getInstance().logEvent({
-        level: bounce.bounceCategory === BounceCategory.HARD 
-          ? SecurityLogLevel.WARN 
-          : SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_VALIDATION,
-        message: `Email bounce detected: ${bounce.bounceCategory} bounce for recipient`,
-        domain: bounce.domain,
-        details: {
-          recipient: bounce.recipient,
-          bounceType: bounce.bounceType,
-          smtpResponse: bounce.smtpResponse,
-          diagnosticCode: bounce.diagnosticCode,
-          statusCode: bounce.statusCode
-        },
-        success: false
-      });
-      
-      return bounce;
-    } catch (error) {
-      logger.log('error', `Error processing bounce: ${error.message}`, {
-        error: error.message,
-        bounceData
-      });
-      throw error;
-    }
-  }
-  
-  /**
-   * Process an SMTP failure as a bounce
-   * @param recipient Recipient email
-   * @param smtpResponse SMTP error response
-   * @param options Additional options
-   * @returns Processed bounce record
-   */
-  public async processSmtpFailure(
-    recipient: string,
-    smtpResponse: string,
-    options: {
-      sender?: string;
-      originalEmailId?: string;
-      statusCode?: string;
-      headers?: Record<string, string>;
-    } = {}
-  ): Promise<BounceRecord> {
-    // Create bounce data from SMTP failure
-    const bounceData: Partial<BounceRecord> = {
-      recipient,
-      sender: options.sender || '',
-      domain: recipient.split('@')[1],
-      smtpResponse,
-      statusCode: options.statusCode,
-      headers: options.headers,
-      originalEmailId: options.originalEmailId,
-      timestamp: Date.now()
-    };
-    
-    // Process as a regular bounce
-    return this.processBounce(bounceData);
-  }
-  
-  /**
-   * Process a bounce notification email
-   * @param bounceEmail The email containing bounce information
-   * @returns Processed bounce record or null if not a bounce
-   */
-  public async processBounceEmail(bounceEmail: plugins.smartmail.Smartmail<any>): Promise<BounceRecord | null> {
-    try {
-      // Check if this is a bounce notification
-      const subject = bounceEmail.getSubject();
-      const body = bounceEmail.getBody();
-      
-      // Check for common bounce notification subject patterns
-      const isBounceSubject = /mail delivery|delivery (failed|status|notification)|failure notice|returned mail|undeliverable|delivery problem/i.test(subject);
-      
-      if (!isBounceSubject) {
-        // Not a bounce notification based on subject
-        return null;
-      }
-      
-      // Extract original recipient from the body or headers
-      let recipient = '';
-      let originalMessageId = '';
-      
-      // Extract recipient from common bounce formats
-      const recipientMatch = body.match(/(?:failed recipient|to[:=]\s*|recipient:|delivery failed:)\s*<?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})>?/i);
-      if (recipientMatch && recipientMatch[1]) {
-        recipient = recipientMatch[1];
-      }
-      
-      // Extract diagnostic code
-      let diagnosticCode = '';
-      const diagnosticMatch = body.match(/diagnostic(?:-|\\s+)code:\s*(.+)(?:\n|$)/i);
-      if (diagnosticMatch && diagnosticMatch[1]) {
-        diagnosticCode = diagnosticMatch[1].trim();
-      }
-      
-      // Extract SMTP status code
-      let statusCode = '';
-      const statusMatch = body.match(/status(?:-|\\s+)code:\s*([0-9.]+)/i);
-      if (statusMatch && statusMatch[1]) {
-        statusCode = statusMatch[1].trim();
-      }
-      
-      // If recipient not found in standard patterns, try DSN (Delivery Status Notification) format
-      if (!recipient) {
-        // Look for DSN format with Original-Recipient or Final-Recipient fields
-        const originalRecipientMatch = body.match(/original-recipient:.*?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
-        const finalRecipientMatch = body.match(/final-recipient:.*?([a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,})/i);
-        
-        if (originalRecipientMatch && originalRecipientMatch[1]) {
-          recipient = originalRecipientMatch[1];
-        } else if (finalRecipientMatch && finalRecipientMatch[1]) {
-          recipient = finalRecipientMatch[1];
-        }
-      }
-      
-      // If still no recipient, can't process as bounce
-      if (!recipient) {
-        logger.log('warn', 'Could not extract recipient from bounce notification', {
-          subject,
-          sender: bounceEmail.options.from
-        });
-        return null;
-      }
-      
-      // Extract original message ID if available
-      const messageIdMatch = body.match(/original[ -]message[ -]id:[ \t]*<?([^>]+)>?/i);
-      if (messageIdMatch && messageIdMatch[1]) {
-        originalMessageId = messageIdMatch[1].trim();
-      }
-      
-      // Create bounce data
-      const bounceData: Partial<BounceRecord> = {
-        recipient,
-        sender: bounceEmail.options.from,
-        domain: recipient.split('@')[1],
-        subject: bounceEmail.getSubject(),
-        diagnosticCode,
-        statusCode,
-        timestamp: Date.now(),
-        headers: {}
-      };
-      
-      // Process as a regular bounce
-      return this.processBounce(bounceData);
-    } catch (error) {
-      logger.log('error', `Error processing bounce email: ${error.message}`);
-      return null;
-    }
-  }
-  
-  /**
-   * Handle a hard bounce by adding to suppression list
-   * @param bounce The bounce record
-   */
-  private async handleHardBounce(bounce: BounceRecord): Promise<void> {
-    // Add to suppression list permanently (no expiry)
-    this.addToSuppressionList(bounce.recipient, `Hard bounce: ${bounce.bounceType}`, undefined);
-    
-    // Increment bounce count in cache
-    this.updateBounceCache(bounce);
-    
-    // Save to permanent storage
-    this.saveBounceRecord(bounce);
-    
-    // Log hard bounce for monitoring
-    logger.log('warn', `Hard bounce for ${bounce.recipient}: ${bounce.bounceType}`, {
-      domain: bounce.domain,
-      smtpResponse: bounce.smtpResponse,
-      diagnosticCode: bounce.diagnosticCode
-    });
-  }
-  
-  /**
-   * Handle a soft bounce by scheduling a retry if eligible
-   * @param bounce The bounce record
-   */
-  private async handleSoftBounce(bounce: BounceRecord): Promise<void> {
-    // Check if we've exceeded max retries
-    if (bounce.retryCount >= this.retryStrategy.maxRetries) {
-      logger.log('warn', `Max retries exceeded for ${bounce.recipient}, treating as hard bounce`);
-      
-      // Convert to hard bounce after max retries
-      bounce.bounceCategory = BounceCategory.HARD;
-      await this.handleHardBounce(bounce);
-      return;
-    }
-    
-    // Calculate next retry time with exponential backoff
-    const delay = Math.min(
-      this.retryStrategy.initialDelay * Math.pow(this.retryStrategy.backoffFactor, bounce.retryCount),
-      this.retryStrategy.maxDelay
-    );
-    
-    bounce.retryCount++;
-    bounce.nextRetryTime = Date.now() + delay;
-    
-    // Add to suppression list temporarily (with expiry)
-    this.addToSuppressionList(
-      bounce.recipient,
-      `Soft bounce: ${bounce.bounceType}`,
-      bounce.nextRetryTime
-    );
-    
-    // Log the retry schedule
-    logger.log('info', `Scheduled retry ${bounce.retryCount} for ${bounce.recipient} at ${new Date(bounce.nextRetryTime).toISOString()}`, {
-      bounceType: bounce.bounceType,
-      retryCount: bounce.retryCount,
-      nextRetry: bounce.nextRetryTime
-    });
-  }
-  
-  /**
-   * Add an email address to the suppression list
-   * @param email Email address to suppress
-   * @param reason Reason for suppression
-   * @param expiresAt Expiration timestamp (undefined for permanent)
-   */
-  public addToSuppressionList(
-    email: string,
-    reason: string,
-    expiresAt?: number
-  ): void {
-    this.suppressionList.set(email.toLowerCase(), {
-      reason,
-      timestamp: Date.now(),
-      expiresAt
-    });
-    
-    this.saveSuppressionList();
-    
-    logger.log('info', `Added ${email} to suppression list`, {
-      reason,
-      expiresAt: expiresAt ? new Date(expiresAt).toISOString() : 'permanent'
-    });
-  }
-  
-  /**
-   * Remove an email address from the suppression list
-   * @param email Email address to remove
-   */
-  public removeFromSuppressionList(email: string): void {
-    const wasRemoved = this.suppressionList.delete(email.toLowerCase());
-    
-    if (wasRemoved) {
-      this.saveSuppressionList();
-      logger.log('info', `Removed ${email} from suppression list`);
-    }
-  }
-  
-  /**
-   * Check if an email is on the suppression list
-   * @param email Email address to check
-   * @returns Whether the email is suppressed
-   */
-  public isEmailSuppressed(email: string): boolean {
-    const lowercaseEmail = email.toLowerCase();
-    const suppression = this.suppressionList.get(lowercaseEmail);
-    
-    if (!suppression) {
-      return false;
-    }
-    
-    // Check if suppression has expired
-    if (suppression.expiresAt && Date.now() > suppression.expiresAt) {
-      this.suppressionList.delete(lowercaseEmail);
-      this.saveSuppressionList();
-      return false;
-    }
-    
-    return true;
-  }
-  
-  /**
-   * Get suppression information for an email
-   * @param email Email address to check
-   * @returns Suppression information or null if not suppressed
-   */
-  public getSuppressionInfo(email: string): {
-    reason: string;
-    timestamp: number;
-    expiresAt?: number;
-  } | null {
-    const lowercaseEmail = email.toLowerCase();
-    const suppression = this.suppressionList.get(lowercaseEmail);
-    
-    if (!suppression) {
-      return null;
-    }
-    
-    // Check if suppression has expired
-    if (suppression.expiresAt && Date.now() > suppression.expiresAt) {
-      this.suppressionList.delete(lowercaseEmail);
-      this.saveSuppressionList();
-      return null;
-    }
-    
-    return suppression;
-  }
-  
-  /**
-   * Save suppression list to disk
-   */
-  private saveSuppressionList(): void {
-    try {
-      const suppressionData = JSON.stringify(Array.from(this.suppressionList.entries()));
-      plugins.smartfile.memory.toFsSync(
-        suppressionData,
-        plugins.path.join(paths.dataDir, 'emails', 'suppression_list.json')
-      );
-    } catch (error) {
-      logger.log('error', `Failed to save suppression list: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Load suppression list from disk
-   */
-  private loadSuppressionList(): void {
-    try {
-      const suppressionPath = plugins.path.join(paths.dataDir, 'emails', 'suppression_list.json');
-      
-      if (plugins.fs.existsSync(suppressionPath)) {
-        const data = plugins.fs.readFileSync(suppressionPath, 'utf8');
-        const entries = JSON.parse(data);
-        
-        this.suppressionList = new Map(entries);
-        
-        // Clean expired entries
-        const now = Date.now();
-        let expiredCount = 0;
-        
-        for (const [email, info] of this.suppressionList.entries()) {
-          if (info.expiresAt && now > info.expiresAt) {
-            this.suppressionList.delete(email);
-            expiredCount++;
-          }
-        }
-        
-        if (expiredCount > 0) {
-          logger.log('info', `Cleaned ${expiredCount} expired entries from suppression list`);
-          this.saveSuppressionList();
-        }
-        
-        logger.log('info', `Loaded ${this.suppressionList.size} entries from suppression list`);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to load suppression list: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Save bounce record to disk
-   * @param bounce Bounce record to save
-   */
-  private saveBounceRecord(bounce: BounceRecord): void {
-    try {
-      const bounceData = JSON.stringify(bounce);
-      const bouncePath = plugins.path.join(
-        paths.dataDir,
-        'emails',
-        'bounces',
-        `${bounce.id}.json`
-      );
-      
-      // Ensure directory exists
-      const bounceDir = plugins.path.join(paths.dataDir, 'emails', 'bounces');
-      plugins.smartfile.fs.ensureDirSync(bounceDir);
-      
-      plugins.smartfile.memory.toFsSync(bounceData, bouncePath);
-    } catch (error) {
-      logger.log('error', `Failed to save bounce record: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Update bounce cache with new bounce information
-   * @param bounce Bounce record to update cache with
-   */
-  private updateBounceCache(bounce: BounceRecord): void {
-    const email = bounce.recipient.toLowerCase();
-    const existing = this.bounceCache.get(email);
-    
-    if (existing) {
-      // Update existing cache entry
-      existing.lastBounce = bounce.timestamp;
-      existing.count++;
-      existing.type = bounce.bounceType;
-      existing.category = bounce.bounceCategory;
-    } else {
-      // Create new cache entry
-      this.bounceCache.set(email, {
-        lastBounce: bounce.timestamp,
-        count: 1,
-        type: bounce.bounceType,
-        category: bounce.bounceCategory
-      });
-    }
-  }
-  
-  /**
-   * Check bounce history for an email address
-   * @param email Email address to check
-   * @returns Bounce information or null if no bounces
-   */
-  public getBounceInfo(email: string): {
-    lastBounce: number;
-    count: number;
-    type: BounceType;
-    category: BounceCategory;
-  } | null {
-    return this.bounceCache.get(email.toLowerCase()) || null;
-  }
-  
-  /**
-   * Analyze SMTP response and diagnostic codes to determine bounce type
-   * @param smtpResponse SMTP response string
-   * @param diagnosticCode Diagnostic code from bounce
-   * @param statusCode Status code from bounce
-   * @returns Detected bounce type and category
-   */
-  private detectBounceType(
-    smtpResponse: string,
-    diagnosticCode: string,
-    statusCode: string
-  ): {
-    type: BounceType;
-    category: BounceCategory;
-  } {
-    // Combine all text for comprehensive pattern matching
-    const fullText = `${smtpResponse} ${diagnosticCode} ${statusCode}`.toLowerCase();
-    
-    // Check for auto-responses first
-    if (this.matchesPattern(fullText, BounceType.AUTO_RESPONSE) || 
-        this.matchesPattern(fullText, BounceType.CHALLENGE_RESPONSE)) {
-      return {
-        type: BounceType.AUTO_RESPONSE,
-        category: BounceCategory.AUTO_RESPONSE
-      };
-    }
-    
-    // Check for hard bounces
-    for (const bounceType of [
-      BounceType.INVALID_RECIPIENT,
-      BounceType.DOMAIN_NOT_FOUND,
-      BounceType.MAILBOX_FULL,
-      BounceType.MAILBOX_INACTIVE,
-      BounceType.BLOCKED,
-      BounceType.SPAM_RELATED,
-      BounceType.POLICY_RELATED
-    ]) {
-      if (this.matchesPattern(fullText, bounceType)) {
-        return {
-          type: bounceType,
-          category: BounceCategory.HARD
-        };
-      }
-    }
-    
-    // Check for soft bounces
-    for (const bounceType of [
-      BounceType.SERVER_UNAVAILABLE,
-      BounceType.TEMPORARY_FAILURE,
-      BounceType.QUOTA_EXCEEDED,
-      BounceType.NETWORK_ERROR,
-      BounceType.TIMEOUT
-    ]) {
-      if (this.matchesPattern(fullText, bounceType)) {
-        return {
-          type: bounceType,
-          category: BounceCategory.SOFT
-        };
-      }
-    }
-    
-    // Handle DSN (Delivery Status Notification) status codes
-    if (statusCode) {
-      // Format: class.subject.detail
-      const parts = statusCode.split('.');
-      if (parts.length >= 2) {
-        const statusClass = parts[0];
-        const statusSubject = parts[1];
-        
-        // 5.X.X is permanent failure (hard bounce)
-        if (statusClass === '5') {
-          // Try to determine specific type based on subject
-          if (statusSubject === '1') {
-            return { type: BounceType.INVALID_RECIPIENT, category: BounceCategory.HARD };
-          } else if (statusSubject === '2') {
-            return { type: BounceType.MAILBOX_FULL, category: BounceCategory.HARD };
-          } else if (statusSubject === '7') {
-            return { type: BounceType.BLOCKED, category: BounceCategory.HARD };
-          } else {
-            return { type: BounceType.UNKNOWN, category: BounceCategory.HARD };
-          }
-        }
-        
-        // 4.X.X is temporary failure (soft bounce)
-        if (statusClass === '4') {
-          // Try to determine specific type based on subject
-          if (statusSubject === '2') {
-            return { type: BounceType.QUOTA_EXCEEDED, category: BounceCategory.SOFT };
-          } else if (statusSubject === '3') {
-            return { type: BounceType.SERVER_UNAVAILABLE, category: BounceCategory.SOFT };
-          } else if (statusSubject === '4') {
-            return { type: BounceType.NETWORK_ERROR, category: BounceCategory.SOFT };
-          } else {
-            return { type: BounceType.TEMPORARY_FAILURE, category: BounceCategory.SOFT };
-          }
-        }
-      }
-    }
-    
-    // Default to unknown
-    return {
-      type: BounceType.UNKNOWN,
-      category: BounceCategory.UNKNOWN
-    };
-  }
-  
-  /**
-   * Check if text matches any pattern for a bounce type
-   * @param text Text to check against patterns
-   * @param bounceType Bounce type to get patterns for
-   * @returns Whether the text matches any pattern
-   */
-  private matchesPattern(text: string, bounceType: BounceType): boolean {
-    const patterns = BOUNCE_PATTERNS[bounceType];
-    
-    if (!patterns) {
-      return false;
-    }
-    
-    for (const pattern of patterns) {
-      if (pattern.test(text)) {
-        return true;
-      }
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Get all known hard bounced addresses
-   * @returns Array of hard bounced email addresses
-   */
-  public getHardBouncedAddresses(): string[] {
-    const hardBounced: string[] = [];
-    
-    for (const [email, info] of this.bounceCache.entries()) {
-      if (info.category === BounceCategory.HARD) {
-        hardBounced.push(email);
-      }
-    }
-    
-    return hardBounced;
-  }
-  
-  /**
-   * Get suppression list
-   * @returns Array of suppressed email addresses
-   */
-  public getSuppressionList(): string[] {
-    return Array.from(this.suppressionList.keys());
-  }
-  
-  /**
-   * Clear old bounce records (for maintenance)
-   * @param olderThan Timestamp to remove records older than
-   * @returns Number of records removed
-   */
-  public clearOldBounceRecords(olderThan: number): number {
-    let removed = 0;
-    
-    this.bounceStore = this.bounceStore.filter(bounce => {
-      if (bounce.timestamp < olderThan) {
-        removed++;
-        return false;
-      }
-      return true;
-    });
-    
-    return removed;
-  }
-}

ts/mail/core/classes.email.ts

@@ -1,708 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailValidator } from './classes.emailvalidator.js';
-
-export interface IAttachment {
-  filename: string;
-  content: Buffer;
-  contentType: string;
-  contentId?: string; // Optional content ID for inline attachments
-  encoding?: string; // Optional encoding specification
-}
-
-export interface IEmailOptions {
-  from: string;
-  to: string | string[]; // Support multiple recipients
-  cc?: string | string[]; // Optional CC recipients
-  bcc?: string | string[]; // Optional BCC recipients
-  subject: string;
-  text: string;
-  html?: string; // Optional HTML version
-  attachments?: IAttachment[];
-  headers?: Record<string, string>; // Optional additional headers
-  mightBeSpam?: boolean;
-  priority?: 'high' | 'normal' | 'low'; // Optional email priority
-  skipAdvancedValidation?: boolean; // Skip advanced validation for special cases
-  variables?: Record<string, any>; // Template variables for placeholder replacement
-}
-
-export class Email {
-  from: string;
-  to: string[];
-  cc: string[];
-  bcc: string[];
-  subject: string;
-  text: string;
-  html?: string;
-  attachments: IAttachment[];
-  headers: Record<string, string>;
-  mightBeSpam: boolean;
-  priority: 'high' | 'normal' | 'low';
-  variables: Record<string, any>;
-  private envelopeFrom: string;
-  private messageId: string;
-  
-  // Static validator instance for reuse
-  private static emailValidator: EmailValidator;
-  
-  constructor(options: IEmailOptions) {
-    // Initialize validator if not already
-    if (!Email.emailValidator) {
-      Email.emailValidator = new EmailValidator();
-    }
-    
-    // Validate and set the from address using improved validation
-    if (!this.isValidEmail(options.from)) {
-      throw new Error(`Invalid sender email address: ${options.from}`);
-    }
-    this.from = options.from;
-
-    // Handle to addresses (single or multiple)
-    this.to = this.parseRecipients(options.to);
-    
-    // Handle optional cc and bcc
-    this.cc = options.cc ? this.parseRecipients(options.cc) : [];
-    this.bcc = options.bcc ? this.parseRecipients(options.bcc) : [];
-    
-    // Validate that we have at least one recipient
-    if (this.to.length === 0 && this.cc.length === 0 && this.bcc.length === 0) {
-      throw new Error('Email must have at least one recipient');
-    }
-
-    // Set subject with sanitization
-    this.subject = this.sanitizeString(options.subject || '');
-    
-    // Set text content with sanitization
-    this.text = this.sanitizeString(options.text || '');
-    
-    // Set optional HTML content
-    this.html = options.html ? this.sanitizeString(options.html) : undefined;
-    
-    // Set attachments
-    this.attachments = Array.isArray(options.attachments) ? options.attachments : [];
-    
-    // Set additional headers
-    this.headers = options.headers || {};
-    
-    // Set spam flag
-    this.mightBeSpam = options.mightBeSpam || false;
-    
-    // Set priority
-    this.priority = options.priority || 'normal';
-    
-    // Set template variables
-    this.variables = options.variables || {};
-    
-    // Initialize envelope from (defaults to the from address)
-    this.envelopeFrom = this.from;
-    
-    // Generate message ID if not provided
-    this.messageId = `<${Date.now()}.${Math.random().toString(36).substring(2, 15)}@${this.getFromDomain() || 'localhost'}>`;
-  }
-
-  /**
-   * Validates an email address using smartmail's EmailAddressValidator
-   * For constructor validation, we only check syntax to avoid delays
-   * 
-   * @param email The email address to validate
-   * @returns boolean indicating if the email is valid
-   */
-  private isValidEmail(email: string): boolean {
-    if (!email || typeof email !== 'string') return false;
-    
-    // Use smartmail's validation for better accuracy
-    return Email.emailValidator.isValidFormat(email);
-  }
-
-  /**
-   * Parses and validates recipient email addresses
-   * @param recipients A string or array of recipient emails
-   * @returns Array of validated email addresses
-   */
-  private parseRecipients(recipients: string | string[]): string[] {
-    const result: string[] = [];
-    
-    if (typeof recipients === 'string') {
-      // Handle single recipient
-      if (this.isValidEmail(recipients)) {
-        result.push(recipients);
-      } else {
-        throw new Error(`Invalid recipient email address: ${recipients}`);
-      }
-    } else if (Array.isArray(recipients)) {
-      // Handle multiple recipients
-      for (const recipient of recipients) {
-        if (this.isValidEmail(recipient)) {
-          result.push(recipient);
-        } else {
-          throw new Error(`Invalid recipient email address: ${recipient}`);
-        }
-      }
-    }
-    
-    return result;
-  }
-
-  /**
-   * Basic sanitization for strings to prevent header injection
-   * @param input The string to sanitize
-   * @returns Sanitized string
-   */
-  private sanitizeString(input: string): string {
-    if (!input) return '';
-    
-    // Remove CR and LF characters to prevent header injection
-    return input.replace(/\r|\n/g, ' ');
-  }
-
-  /**
-   * Gets the domain part of the from email address
-   * @returns The domain part of the from email or null if invalid
-   */
-  public getFromDomain(): string | null {
-    try {
-      const parts = this.from.split('@');
-      if (parts.length !== 2 || !parts[1]) {
-        return null;
-      }
-      return parts[1];
-    } catch (error) {
-      console.error('Error extracting domain from email:', error);
-      return null;
-    }
-  }
-
-  /**
-   * Gets all recipients (to, cc, bcc) as a unique array
-   * @returns Array of all unique recipient email addresses
-   */
-  public getAllRecipients(): string[] {
-    // Combine all recipients and remove duplicates
-    return [...new Set([...this.to, ...this.cc, ...this.bcc])];
-  }
-
-  /**
-   * Gets primary recipient (first in the to field)
-   * @returns The primary recipient email or null if none exists
-   */
-  public getPrimaryRecipient(): string | null {
-    return this.to.length > 0 ? this.to[0] : null;
-  }
-
-  /**
-   * Checks if the email has attachments
-   * @returns Boolean indicating if the email has attachments
-   */
-  public hasAttachments(): boolean {
-    return this.attachments.length > 0;
-  }
-  
-  /**
-   * Add a recipient to the email
-   * @param email The recipient email address
-   * @param type The recipient type (to, cc, bcc)
-   * @returns This instance for method chaining
-   */
-  public addRecipient(
-    email: string,
-    type: 'to' | 'cc' | 'bcc' = 'to'
-  ): this {
-    if (!this.isValidEmail(email)) {
-      throw new Error(`Invalid recipient email address: ${email}`);
-    }
-    
-    switch (type) {
-      case 'to':
-        if (!this.to.includes(email)) {
-          this.to.push(email);
-        }
-        break;
-      case 'cc':
-        if (!this.cc.includes(email)) {
-          this.cc.push(email);
-        }
-        break;
-      case 'bcc':
-        if (!this.bcc.includes(email)) {
-          this.bcc.push(email);
-        }
-        break;
-    }
-    
-    return this;
-  }
-  
-  /**
-   * Add an attachment to the email
-   * @param attachment The attachment to add
-   * @returns This instance for method chaining
-   */
-  public addAttachment(attachment: IAttachment): this {
-    this.attachments.push(attachment);
-    return this;
-  }
-  
-  /**
-   * Add a custom header to the email
-   * @param name The header name
-   * @param value The header value
-   * @returns This instance for method chaining
-   */
-  public addHeader(name: string, value: string): this {
-    this.headers[name] = value;
-    return this;
-  }
-  
-  /**
-   * Set the email priority
-   * @param priority The priority level
-   * @returns This instance for method chaining
-   */
-  public setPriority(priority: 'high' | 'normal' | 'low'): this {
-    this.priority = priority;
-    return this;
-  }
-  
-  /**
-   * Set a template variable
-   * @param key The variable key
-   * @param value The variable value
-   * @returns This instance for method chaining
-   */
-  public setVariable(key: string, value: any): this {
-    this.variables[key] = value;
-    return this;
-  }
-  
-  /**
-   * Set multiple template variables at once
-   * @param variables The variables object
-   * @returns This instance for method chaining
-   */
-  public setVariables(variables: Record<string, any>): this {
-    this.variables = { ...this.variables, ...variables };
-    return this;
-  }
-  
-  /**
-   * Get the subject with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed subject
-   */
-  public getSubjectWithVariables(variables?: Record<string, any>): string {
-    return this.applyVariables(this.subject, variables);
-  }
-  
-  /**
-   * Get the text content with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed text content
-   */
-  public getTextWithVariables(variables?: Record<string, any>): string {
-    return this.applyVariables(this.text, variables);
-  }
-  
-  /**
-   * Get the HTML content with variables applied
-   * @param variables Optional additional variables to apply
-   * @returns The processed HTML content or undefined if none
-   */
-  public getHtmlWithVariables(variables?: Record<string, any>): string | undefined {
-    return this.html ? this.applyVariables(this.html, variables) : undefined;
-  }
-  
-  /**
-   * Apply template variables to a string
-   * @param template The template string
-   * @param additionalVariables Optional additional variables to apply
-   * @returns The processed string
-   */
-  private applyVariables(template: string, additionalVariables?: Record<string, any>): string {
-    // If no template or variables, return as is
-    if (!template || (!Object.keys(this.variables).length && !additionalVariables)) {
-      return template;
-    }
-    
-    // Combine instance variables with additional ones
-    const allVariables = { ...this.variables, ...additionalVariables };
-    
-    // Simple variable replacement
-    return template.replace(/\{\{([^}]+)\}\}/g, (match, key) => {
-      const trimmedKey = key.trim();
-      return allVariables[trimmedKey] !== undefined ? String(allVariables[trimmedKey]) : match;
-    });
-  }
-
-  /**
-   * Gets the total size of all attachments in bytes
-   * @returns Total size of all attachments in bytes
-   */
-  public getAttachmentsSize(): number {
-    return this.attachments.reduce((total, attachment) => {
-      return total + (attachment.content?.length || 0);
-    }, 0);
-  }
-  
-  /**
-   * Perform advanced validation on sender and recipient email addresses
-   * This should be called separately after instantiation when ready to check MX records
-   * @param options Validation options
-   * @returns Promise resolving to validation results for all addresses
-   */
-  public async validateAddresses(options: {
-    checkMx?: boolean;
-    checkDisposable?: boolean;
-    checkSenderOnly?: boolean;
-    checkFirstRecipientOnly?: boolean;
-  } = {}): Promise<{
-    sender: { email: string; result: any };
-    recipients: Array<{ email: string; result: any }>;
-    isValid: boolean;
-  }> {
-    const result = {
-      sender: { email: this.from, result: null },
-      recipients: [],
-      isValid: true
-    };
-    
-    // Validate sender
-    result.sender.result = await Email.emailValidator.validate(this.from, {
-      checkMx: options.checkMx !== false,
-      checkDisposable: options.checkDisposable !== false
-    });
-    
-    // If sender fails validation, the whole email is considered invalid
-    if (!result.sender.result.isValid) {
-      result.isValid = false;
-    }
-    
-    // If we're only checking the sender, return early
-    if (options.checkSenderOnly) {
-      return result;
-    }
-    
-    // Validate recipients
-    const recipientsToCheck = options.checkFirstRecipientOnly ? 
-      [this.to[0]] : this.getAllRecipients();
-    
-    for (const recipient of recipientsToCheck) {
-      const recipientResult = await Email.emailValidator.validate(recipient, {
-        checkMx: options.checkMx !== false,
-        checkDisposable: options.checkDisposable !== false
-      });
-      
-      result.recipients.push({
-        email: recipient,
-        result: recipientResult
-      });
-      
-      // If any recipient fails validation, mark the whole email as invalid
-      if (!recipientResult.isValid) {
-        result.isValid = false;
-      }
-    }
-    
-    return result;
-  }
-  
-  /**
-   * Convert this email to a smartmail instance
-   * @returns A new Smartmail instance
-   */
-  public async toSmartmail(): Promise<plugins.smartmail.Smartmail<any>> {
-    const smartmail = new plugins.smartmail.Smartmail({
-      from: this.from,
-      subject: this.subject,
-      body: this.html || this.text
-    });
-    
-    // Add recipients - ensure we're using the correct format
-    // (newer version of smartmail expects objects with email property)
-    for (const recipient of this.to) {
-      // Use the proper addRecipient method for the current smartmail version
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(recipient);
-      } else {
-        // Fallback for older versions or different interface
-        (smartmail.options.to as any[]).push({
-          email: recipient,
-          name: recipient.split('@')[0] // Simple name extraction
-        });
-      }
-    }
-    
-    // Handle CC recipients
-    for (const ccRecipient of this.cc) {
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(ccRecipient, 'cc');
-      } else {
-        // Fallback for older versions
-        if (!smartmail.options.cc) smartmail.options.cc = [];
-        (smartmail.options.cc as any[]).push({
-          email: ccRecipient,
-          name: ccRecipient.split('@')[0]
-        });
-      }
-    }
-    
-    // Handle BCC recipients
-    for (const bccRecipient of this.bcc) {
-      if (typeof smartmail.addRecipient === 'function') {
-        smartmail.addRecipient(bccRecipient, 'bcc');
-      } else {
-        // Fallback for older versions
-        if (!smartmail.options.bcc) smartmail.options.bcc = [];
-        (smartmail.options.bcc as any[]).push({
-          email: bccRecipient,
-          name: bccRecipient.split('@')[0]
-        });
-      }
-    }
-    
-    // Add attachments
-    for (const attachment of this.attachments) {
-      const smartAttachment = await plugins.smartfile.SmartFile.fromBuffer(
-        attachment.filename,
-        attachment.content
-      );
-      
-      // Set content type if available
-      if (attachment.contentType) {
-        (smartAttachment as any).contentType = attachment.contentType;
-      }
-      
-      smartmail.addAttachment(smartAttachment);
-    }
-    
-    return smartmail;
-  }
-
-  /**
-   * Get the from email address
-   * @returns The from email address
-   */
-  public getFromEmail(): string {
-    return this.from;
-  }
-  
-  /**
-   * Get the message ID
-   * @returns The message ID
-   */
-  public getMessageId(): string {
-    return this.messageId;
-  }
-  
-  /**
-   * Set a custom message ID
-   * @param id The message ID to set
-   * @returns This instance for method chaining
-   */
-  public setMessageId(id: string): this {
-    this.messageId = id;
-    return this;
-  }
-  
-  /**
-   * Get the envelope from address (return-path)
-   * @returns The envelope from address
-   */
-  public getEnvelopeFrom(): string {
-    return this.envelopeFrom;
-  }
-  
-  /**
-   * Set the envelope from address (return-path)
-   * @param address The envelope from address to set
-   * @returns This instance for method chaining
-   */
-  public setEnvelopeFrom(address: string): this {
-    if (!this.isValidEmail(address)) {
-      throw new Error(`Invalid envelope from address: ${address}`);
-    }
-    this.envelopeFrom = address;
-    return this;
-  }
-  
-  /**
-   * Creates an RFC822 compliant email string
-   * @param variables Optional template variables to apply
-   * @returns The email formatted as an RFC822 compliant string
-   */
-  public toRFC822String(variables?: Record<string, any>): string {
-    // Apply variables to content if any
-    const processedSubject = this.getSubjectWithVariables(variables);
-    const processedText = this.getTextWithVariables(variables);
-    
-    // This is a simplified version - a complete implementation would be more complex
-    let result = '';
-    
-    // Add headers
-    result += `From: ${this.from}\r\n`;
-    result += `To: ${this.to.join(', ')}\r\n`;
-    
-    if (this.cc.length > 0) {
-      result += `Cc: ${this.cc.join(', ')}\r\n`;
-    }
-    
-    result += `Subject: ${processedSubject}\r\n`;
-    result += `Date: ${new Date().toUTCString()}\r\n`;
-    result += `Message-ID: ${this.messageId}\r\n`;
-    result += `Return-Path: <${this.envelopeFrom}>\r\n`;
-    
-    // Add custom headers
-    for (const [key, value] of Object.entries(this.headers)) {
-      result += `${key}: ${value}\r\n`;
-    }
-    
-    // Add priority if not normal
-    if (this.priority !== 'normal') {
-      const priorityValue = this.priority === 'high' ? '1' : '5';
-      result += `X-Priority: ${priorityValue}\r\n`;
-    }
-    
-    // Add content type and body
-    result += `Content-Type: text/plain; charset=utf-8\r\n`;
-    
-    // Add HTML content type if available
-    if (this.html) {
-      const processedHtml = this.getHtmlWithVariables(variables);
-      const boundary = `boundary_${Date.now().toString(16)}`;
-      
-      // Multipart content for both plain text and HTML
-      result = result.replace(/Content-Type: .*\r\n/, '');
-      result += `MIME-Version: 1.0\r\n`;
-      result += `Content-Type: multipart/alternative; boundary="${boundary}"\r\n\r\n`;
-      
-      // Plain text part
-      result += `--${boundary}\r\n`;
-      result += `Content-Type: text/plain; charset=utf-8\r\n\r\n`;
-      result += `${processedText}\r\n\r\n`;
-      
-      // HTML part
-      result += `--${boundary}\r\n`;
-      result += `Content-Type: text/html; charset=utf-8\r\n\r\n`;
-      result += `${processedHtml}\r\n\r\n`;
-      
-      // End of multipart
-      result += `--${boundary}--\r\n`;
-    } else {
-      // Simple plain text
-      result += `\r\n${processedText}\r\n`;
-    }
-    
-    return result;
-  }
-  
-  /**
-   * Convert to simple Smartmail-compatible object (for backward compatibility)
-   * @returns A Promise with a simple Smartmail-compatible object
-   */
-  public async toSmartmailBasic(): Promise<any> {
-    // Create a Smartmail-compatible object with the email data
-    const smartmail = {
-      options: {
-        from: this.from,
-        to: this.to,
-        subject: this.subject
-      },
-      content: {
-        text: this.text,
-        html: this.html || ''
-      },
-      headers: { ...this.headers },
-      attachments: this.attachments ? this.attachments.map(attachment => ({
-        name: attachment.filename,
-        data: attachment.content,
-        type: attachment.contentType,
-        cid: attachment.contentId
-      })) : [],
-      // Add basic Smartmail-compatible methods for compatibility
-      addHeader: (key: string, value: string) => {
-        smartmail.headers[key] = value;
-      }
-    };
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create an Email instance from a Smartmail object
-   * @param smartmail The Smartmail instance to convert
-   * @returns A new Email instance
-   */
-  public static fromSmartmail(smartmail: plugins.smartmail.Smartmail<any>): Email {
-    const options: IEmailOptions = {
-      from: smartmail.options.from,
-      to: [],
-      subject: smartmail.getSubject(),
-      text: smartmail.getBody(false), // Plain text version
-      html: smartmail.getBody(true),  // HTML version
-      attachments: []
-    };
-    
-    // Function to safely extract email address from recipient
-    const extractEmail = (recipient: any): string => {
-      // Handle string recipients
-      if (typeof recipient === 'string') return recipient;
-      
-      // Handle object recipients
-      if (recipient && typeof recipient === 'object') {
-        const addressObj = recipient as any;
-        // Try different property names that might contain the email address
-        if ('address' in addressObj && typeof addressObj.address === 'string') {
-          return addressObj.address;
-        }
-        if ('email' in addressObj && typeof addressObj.email === 'string') {
-          return addressObj.email;
-        }
-      }
-      
-      // Fallback for invalid input
-      return '';
-    };
-    
-    // Filter out empty strings from the extracted emails
-    const filterValidEmails = (emails: string[]): string[] => {
-      return emails.filter(email => email && email.length > 0);
-    };
-    
-    // Convert TO recipients
-    if (smartmail.options.to?.length > 0) {
-      options.to = filterValidEmails(smartmail.options.to.map(extractEmail));
-    }
-    
-    // Convert CC recipients
-    if (smartmail.options.cc?.length > 0) {
-      options.cc = filterValidEmails(smartmail.options.cc.map(extractEmail));
-    }
-    
-    // Convert BCC recipients
-    if (smartmail.options.bcc?.length > 0) {
-      options.bcc = filterValidEmails(smartmail.options.bcc.map(extractEmail));
-    }
-    
-    // Convert attachments (note: this handles the synchronous case only)
-    if (smartmail.attachments?.length > 0) {
-      options.attachments = smartmail.attachments.map(attachment => {
-        // For the test case, if the path is exactly "test.txt", use that as the filename
-        let filename = 'attachment.bin';
-        
-        if (attachment.path === 'test.txt') {
-          filename = 'test.txt';
-        } else if (attachment.parsedPath?.base) {
-          filename = attachment.parsedPath.base;
-        } else if (typeof attachment.path === 'string') {
-          filename = attachment.path.split('/').pop() || 'attachment.bin';
-        }
-        
-        return {
-          filename,
-          content: Buffer.from(attachment.contentBuffer || Buffer.alloc(0)),
-          contentType: (attachment as any)?.contentType || 'application/octet-stream'
-        };
-      });
-    }
-    
-    return new Email(options);
-  }
-}

ts/mail/core/classes.emailvalidator.ts

@@ -1,239 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { logger } from '../../logger.js';
-import { LRUCache } from 'lru-cache';
-
-export interface IEmailValidationResult {
-  isValid: boolean;
-  hasMx: boolean;
-  hasSpamMarkings: boolean;
-  score: number;
-  details?: {
-    formatValid?: boolean;
-    mxRecords?: string[];
-    disposable?: boolean;
-    role?: boolean;
-    spamIndicators?: string[];
-    errorMessage?: string;
-  };
-}
-
-/**
- * Advanced email validator class using smartmail's capabilities
- */
-export class EmailValidator {
-  private validator: plugins.smartmail.EmailAddressValidator;
-  private dnsCache: LRUCache<string, string[]>;
-  
-  constructor(options?: {
-    maxCacheSize?: number;
-    cacheTTL?: number;
-  }) {
-    this.validator = new plugins.smartmail.EmailAddressValidator();
-    
-    // Initialize LRU cache for DNS records
-    this.dnsCache = new LRUCache<string, string[]>({
-      // Default to 1000 entries (reasonable for most applications)
-      max: options?.maxCacheSize || 1000,
-      // Default TTL of 1 hour (DNS records don't change frequently)
-      ttl: options?.cacheTTL || 60 * 60 * 1000,
-      // Optional cache monitoring
-      allowStale: false,
-      updateAgeOnGet: true,
-      // Add logging for cache events in production environments
-      disposeAfter: (value, key) => {
-        logger.log('debug', `DNS cache entry expired for domain: ${key}`);
-      },
-    });
-  }
-  
-  /**
-   * Validates an email address using comprehensive checks
-   * @param email The email to validate
-   * @param options Validation options
-   * @returns Validation result with details
-   */
-  public async validate(
-    email: string,
-    options: {
-      checkMx?: boolean;
-      checkDisposable?: boolean;
-      checkRole?: boolean;
-      checkSyntaxOnly?: boolean;
-    } = {}
-  ): Promise<IEmailValidationResult> {
-    try {
-      const result: IEmailValidationResult = {
-        isValid: false,
-        hasMx: false,
-        hasSpamMarkings: false,
-        score: 0,
-        details: {
-          formatValid: false,
-          spamIndicators: []
-        }
-      };
-      
-      // Always check basic format
-      result.details.formatValid = this.validator.isValidEmailFormat(email);
-      if (!result.details.formatValid) {
-        result.details.errorMessage = 'Invalid email format';
-        return result;
-      }
-      
-      // If syntax-only check is requested, return early
-      if (options.checkSyntaxOnly) {
-        result.isValid = true;
-        result.score = 0.5;
-        return result;
-      }
-      
-      // Get domain for additional checks
-      const domain = email.split('@')[1];
-      
-      // Check MX records
-      if (options.checkMx !== false) {
-        try {
-          const mxRecords = await this.getMxRecords(domain);
-          result.details.mxRecords = mxRecords;
-          result.hasMx = mxRecords && mxRecords.length > 0;
-          
-          if (!result.hasMx) {
-            result.details.spamIndicators.push('No MX records');
-            result.details.errorMessage = 'Domain has no MX records';
-          }
-        } catch (error) {
-          logger.log('error', `Error checking MX records: ${error.message}`);
-          result.details.errorMessage = 'Unable to check MX records';
-        }
-      }
-      
-      // Check if domain is disposable
-      if (options.checkDisposable !== false) {
-        result.details.disposable = await this.validator.isDisposableEmail(email);
-        if (result.details.disposable) {
-          result.details.spamIndicators.push('Disposable email');
-        }
-      }
-      
-      // Check if email is a role account
-      if (options.checkRole !== false) {
-        result.details.role = this.validator.isRoleAccount(email);
-        if (result.details.role) {
-          result.details.spamIndicators.push('Role account');
-        }
-      }
-      
-      // Calculate spam score and final validity
-      result.hasSpamMarkings = result.details.spamIndicators.length > 0;
-      
-      // Calculate a score between 0-1 based on checks
-      let scoreFactors = 0;
-      let scoreTotal = 0;
-      
-      // Format check (highest weight)
-      scoreFactors += 0.4;
-      if (result.details.formatValid) scoreTotal += 0.4;
-      
-      // MX check (high weight)
-      if (options.checkMx !== false) {
-        scoreFactors += 0.3;
-        if (result.hasMx) scoreTotal += 0.3;
-      }
-      
-      // Disposable check (medium weight)
-      if (options.checkDisposable !== false) {
-        scoreFactors += 0.2;
-        if (!result.details.disposable) scoreTotal += 0.2;
-      }
-      
-      // Role account check (low weight)
-      if (options.checkRole !== false) {
-        scoreFactors += 0.1;
-        if (!result.details.role) scoreTotal += 0.1;
-      }
-      
-      // Normalize score based on factors actually checked
-      result.score = scoreFactors > 0 ? scoreTotal / scoreFactors : 0;
-      
-      // Email is valid if score is above 0.7 (configurable threshold)
-      result.isValid = result.score >= 0.7;
-      
-      return result;
-    } catch (error) {
-      logger.log('error', `Email validation error: ${error.message}`);
-      return {
-        isValid: false,
-        hasMx: false,
-        hasSpamMarkings: true,
-        score: 0,
-        details: {
-          formatValid: false,
-          errorMessage: `Validation error: ${error.message}`,
-          spamIndicators: ['Validation error']
-        }
-      };
-    }
-  }
-  
-  /**
-   * Gets MX records for a domain with caching
-   * @param domain Domain to check
-   * @returns Array of MX records
-   */
-  private async getMxRecords(domain: string): Promise<string[]> {
-    // Check cache first
-    const cachedRecords = this.dnsCache.get(domain);
-    if (cachedRecords) {
-      logger.log('debug', `Using cached MX records for domain: ${domain}`);
-      return cachedRecords;
-    }
-    
-    try {
-      // Use smartmail's getMxRecords method
-      const records = await this.validator.getMxRecords(domain);
-      
-      // Store in cache (TTL is handled by the LRU cache configuration)
-      this.dnsCache.set(domain, records);
-      logger.log('debug', `Cached MX records for domain: ${domain}`);
-      
-      return records;
-    } catch (error) {
-      logger.log('error', `Error fetching MX records for ${domain}: ${error.message}`);
-      return [];
-    }
-  }
-  
-  /**
-   * Validates multiple email addresses in batch
-   * @param emails Array of emails to validate
-   * @param options Validation options
-   * @returns Object with email addresses as keys and validation results as values
-   */
-  public async validateBatch(
-    emails: string[],
-    options: {
-      checkMx?: boolean;
-      checkDisposable?: boolean;
-      checkRole?: boolean;
-      checkSyntaxOnly?: boolean;
-    } = {}
-  ): Promise<Record<string, IEmailValidationResult>> {
-    const results: Record<string, IEmailValidationResult> = {};
-    
-    for (const email of emails) {
-      results[email] = await this.validate(email, options);
-    }
-    
-    return results;
-  }
-  
-  /**
-   * Quick check if an email format is valid (synchronous, no DNS checks)
-   * @param email Email to check
-   * @returns Boolean indicating if format is valid
-   */
-  public isValidFormat(email: string): boolean {
-    return this.validator.isValidEmailFormat(email);
-  }
-  
-}

ts/mail/core/classes.rulemanager.ts

@@ -1,177 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailService } from '../services/classes.emailservice.js';
-import { logger } from '../../logger.js';
-
-export class RuleManager {
-  public emailRef: EmailService;
-  public smartruleInstance = new plugins.smartrule.SmartRule<
-    plugins.smartmail.Smartmail<any>
-  >();
-
-  constructor(emailRefArg: EmailService) {
-    this.emailRef = emailRefArg;
-    
-    // Register MTA handler for incoming emails if MTA is enabled
-    if (this.emailRef.mtaService) {
-      this.setupMtaIncomingHandler();
-    }
-  }
-
-  /**
-   * Set up handler for incoming emails via MTA's SMTP server
-   */
-  private setupMtaIncomingHandler() {
-    // The original MtaService doesn't have a direct callback for incoming emails,
-    // but we can modify this approach based on how you prefer to integrate.
-    // One option would be to extend the MtaService to add an event emitter.
-    
-    // For now, we'll use a directory watcher as an example
-    // This would watch the directory where MTA saves incoming emails
-    const incomingDir = this.emailRef.mtaService['receivedEmailsDir'] || './received';
-    
-    // Simple file watcher (in real implementation, use proper file watching)
-    // This is just conceptual - would need modification to work with your specific setup
-    this.watchIncomingEmails(incomingDir);
-  }
-
-  /**
-   * Watch directory for incoming emails (conceptual implementation)
-   */
-  private watchIncomingEmails(directory: string) {
-    console.log(`Watching for incoming emails in: ${directory}`);
-    
-    // Conceptual - in a real implementation, set up proper file watching
-    // or modify the MTA to emit events when emails are received
-    
-    /*
-    // Example using a file watcher:
-    const watcher = plugins.fs.watch(directory, async (eventType, filename) => {
-      if (eventType === 'rename' && filename.endsWith('.eml')) {
-        const filePath = plugins.path.join(directory, filename);
-        await this.handleMtaIncomingEmail(filePath);
-      }
-    });
-    */
-  }
-
-  /**
-   * Handle incoming email received via MTA
-   */
-  public async handleMtaIncomingEmail(emailPath: string) {
-    try {
-      // Process the email file
-      const fetchedSmartmail = await this.emailRef.mtaConnector.receiveEmail(emailPath);
-      
-      console.log('=======================');
-      console.log('Received a mail via MTA:');
-      console.log(`From: ${fetchedSmartmail.options.creationObjectRef.From}`);
-      console.log(`To: ${fetchedSmartmail.options.creationObjectRef.To}`);
-      console.log(`Subject: ${fetchedSmartmail.options.creationObjectRef.Subject}`);
-      console.log('^^^^^^^^^^^^^^^^^^^^^^^');
-
-      logger.log(
-        'info',
-        `email from ${fetchedSmartmail.options.creationObjectRef.From} to ${fetchedSmartmail.options.creationObjectRef.To} with subject '${fetchedSmartmail.options.creationObjectRef.Subject}'`,
-        {
-          eventType: 'receivedEmail',
-          provider: 'mta',
-          email: {
-            from: fetchedSmartmail.options.creationObjectRef.From,
-            to: fetchedSmartmail.options.creationObjectRef.To,
-            subject: fetchedSmartmail.options.creationObjectRef.Subject,
-          },
-        }
-      );
-
-      // Process with rules
-      this.smartruleInstance.makeDecision(fetchedSmartmail);
-    } catch (error) {
-      logger.log('error', `Failed to process incoming MTA email: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-    }
-  }
-
-  public async init() {
-    // Setup email rules
-    await this.createForwards();
-  }
-
-  /**
-   * creates the default forwards
-   */
-  public async createForwards() {
-    const forwards: { originalToAddress: string[]; forwardedToAddress: string[] }[] = [];
-    console.log(`${forwards.length} forward rules configured:`);
-    for (const forward of forwards) {
-      console.log(forward);
-    }
-
-    for (const forward of forwards) {
-      this.smartruleInstance.createRule(
-        10,
-        async (smartmailArg) => {
-          const matched = forward.originalToAddress.reduce<boolean>((prevValue, currentValue) => {
-            return smartmailArg.options.creationObjectRef.To.includes(currentValue) || prevValue;
-          }, false);
-          if (matched) {
-            console.log('Forward rule matched');
-            console.log(forward);
-            return 'apply-continue';
-          } else {
-            return 'continue';
-          }
-        },
-        async (smartmailArg: plugins.smartmail.Smartmail<any>) => {
-          forward.forwardedToAddress.map(async (toArg) => {
-            const forwardedSmartMail = new plugins.smartmail.Smartmail({
-              body:
-                `
-              <div style="background: #CCC; padding: 10px; border-radius: 3px;">
-                <div><b>Original Sender:</b></div>
-                <div>${smartmailArg.options.creationObjectRef.From}</div>
-                <div><b>Original Recipient:</b></div>
-                <div>${smartmailArg.options.creationObjectRef.To}</div>
-                <div><b>Forwarded to:</b></div>
-                <div>${forward.forwardedToAddress.reduce<string>((pVal, cVal) => {
-                  return `${pVal ? pVal + ', ' : ''}${cVal}`;
-                }, null)}</div>
-                <div><b>Subject:</b></div>
-                <div>${smartmailArg.getSubject()}</div>
-                <div><b>The original body can be found below.</b></div>
-              </div>
-              ` + smartmailArg.getBody(),
-              from: 'forwarder@mail.lossless.one',
-              subject: `Forwarded mail for '${smartmailArg.options.creationObjectRef.To}'`,
-            });
-            for (const attachment of smartmailArg.attachments) {
-              forwardedSmartMail.addAttachment(attachment);
-            }
-            
-            // Use the EmailService's sendEmail method to send with the appropriate provider
-            await this.emailRef.sendEmail(forwardedSmartMail, toArg);
-            
-            console.log(`forwarded mail to ${toArg}`);
-            logger.log(
-              'info',
-              `email from ${
-                smartmailArg.options.creationObjectRef.From
-              } to ${toArg} with subject '${smartmailArg.getSubject()}'`,
-              {
-                eventType: 'forwardedEmail',
-                email: {
-                  from: smartmailArg.options.creationObjectRef.From,
-                  to: smartmailArg.options.creationObjectRef.To,
-                  forwardedTo: toArg,
-                  subject: smartmailArg.options.creationObjectRef.Subject,
-                },
-              }
-            );
-          });
-        }
-      );
-    }
-  }
-}

ts/mail/core/classes.templatemanager.ts

@@ -1,325 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { logger } from '../../logger.js';
-
-/**
- * Email template type definition
- */
-export interface IEmailTemplate<T = any> {
-  id: string;
-  name: string;
-  description: string;
-  from: string;
-  subject: string;
-  bodyHtml: string;
-  bodyText?: string;
-  category?: string;
-  sampleData?: T;
-  attachments?: Array<{
-    name: string;
-    path: string;
-    contentType?: string;
-  }>;
-}
-
-/**
- * Email template context - data used to render the template
- */
-export interface ITemplateContext {
-  [key: string]: any;
-}
-
-/**
- * Template category definitions
- */
-export enum TemplateCategory {
-  NOTIFICATION = 'notification',
-  TRANSACTIONAL = 'transactional',
-  MARKETING = 'marketing',
-  SYSTEM = 'system'
-}
-
-/**
- * Enhanced template manager using smartmail's capabilities
- */
-export class TemplateManager {
-  private templates: Map<string, IEmailTemplate> = new Map();
-  private defaultConfig: {
-    from: string;
-    replyTo?: string;
-    footerHtml?: string;
-    footerText?: string;
-  };
-  
-  constructor(defaultConfig?: {
-    from?: string;
-    replyTo?: string;
-    footerHtml?: string;
-    footerText?: string;
-  }) {
-    // Set default configuration
-    this.defaultConfig = {
-      from: defaultConfig?.from || 'noreply@mail.lossless.com',
-      replyTo: defaultConfig?.replyTo,
-      footerHtml: defaultConfig?.footerHtml || '',
-      footerText: defaultConfig?.footerText || ''
-    };
-    
-    // Initialize with built-in templates
-    this.registerBuiltinTemplates();
-  }
-  
-  /**
-   * Register built-in email templates
-   */
-  private registerBuiltinTemplates(): void {
-    // Welcome email
-    this.registerTemplate<{
-      firstName: string;
-      accountUrl: string;
-    }>({
-      id: 'welcome',
-      name: 'Welcome Email',
-      description: 'Sent to users when they first sign up',
-      from: this.defaultConfig.from,
-      subject: 'Welcome to {{serviceName}}!',
-      category: TemplateCategory.TRANSACTIONAL,
-      bodyHtml: `
-        <h1>Welcome, {{firstName}}!</h1>
-        <p>Thank you for joining {{serviceName}}. We're excited to have you on board.</p>
-        <p>To get started, <a href="{{accountUrl}}">visit your account</a>.</p>
-      `,
-      bodyText: 
-        `Welcome, {{firstName}}!
-        
-        Thank you for joining {{serviceName}}. We're excited to have you on board.
-        
-        To get started, visit your account: {{accountUrl}}
-        `,
-      sampleData: {
-        firstName: 'John',
-        accountUrl: 'https://example.com/account'
-      }
-    });
-    
-    // Password reset
-    this.registerTemplate<{
-      resetUrl: string;
-      expiryHours: number;
-    }>({
-      id: 'password-reset',
-      name: 'Password Reset',
-      description: 'Sent when a user requests a password reset',
-      from: this.defaultConfig.from,
-      subject: 'Password Reset Request',
-      category: TemplateCategory.TRANSACTIONAL,
-      bodyHtml: `
-        <h2>Password Reset Request</h2>
-        <p>You recently requested to reset your password. Click the link below to reset it:</p>
-        <p><a href="{{resetUrl}}">Reset Password</a></p>
-        <p>This link will expire in {{expiryHours}} hours.</p>
-        <p>If you didn't request a password reset, please ignore this email.</p>
-      `,
-      sampleData: {
-        resetUrl: 'https://example.com/reset-password?token=abc123',
-        expiryHours: 24
-      }
-    });
-    
-    // System notification
-    this.registerTemplate({
-      id: 'system-notification',
-      name: 'System Notification',
-      description: 'General system notification template',
-      from: this.defaultConfig.from,
-      subject: '{{subject}}',
-      category: TemplateCategory.SYSTEM,
-      bodyHtml: `
-        <h2>{{title}}</h2>
-        <div>{{message}}</div>
-      `,
-      sampleData: {
-        subject: 'Important System Notification',
-        title: 'System Maintenance',
-        message: 'The system will be undergoing maintenance on Saturday from 2-4am UTC.'
-      }
-    });
-  }
-  
-  /**
-   * Register a new email template
-   * @param template The email template to register
-   */
-  public registerTemplate<T = any>(template: IEmailTemplate<T>): void {
-    if (this.templates.has(template.id)) {
-      logger.log('warn', `Template with ID '${template.id}' already exists and will be overwritten`);
-    }
-    
-    // Add footer to templates if configured
-    if (this.defaultConfig.footerHtml && template.bodyHtml) {
-      template.bodyHtml += this.defaultConfig.footerHtml;
-    }
-    
-    if (this.defaultConfig.footerText && template.bodyText) {
-      template.bodyText += this.defaultConfig.footerText;
-    }
-    
-    this.templates.set(template.id, template);
-    logger.log('info', `Registered email template: ${template.id}`);
-  }
-  
-  /**
-   * Get an email template by ID
-   * @param templateId The template ID
-   * @returns The template or undefined if not found
-   */
-  public getTemplate<T = any>(templateId: string): IEmailTemplate<T> | undefined {
-    return this.templates.get(templateId) as IEmailTemplate<T>;
-  }
-  
-  /**
-   * List all available templates
-   * @param category Optional category filter
-   * @returns Array of email templates
-   */
-  public listTemplates(category?: TemplateCategory): IEmailTemplate[] {
-    const templates = Array.from(this.templates.values());
-    if (category) {
-      return templates.filter(template => template.category === category);
-    }
-    return templates;
-  }
-  
-  /**
-   * Create a Smartmail instance from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A configured Smartmail instance
-   */
-  public async createSmartmail<T = any>(
-    templateId: string,
-    context?: ITemplateContext
-  ): Promise<plugins.smartmail.Smartmail<T>> {
-    const template = this.getTemplate(templateId);
-    
-    if (!template) {
-      throw new Error(`Template with ID '${templateId}' not found`);
-    }
-    
-    // Create Smartmail instance with template content
-    const smartmail = new plugins.smartmail.Smartmail<T>({
-      from: template.from || this.defaultConfig.from,
-      subject: template.subject,
-      body: template.bodyHtml || template.bodyText || '',
-      creationObjectRef: context as T
-    });
-    
-    // Add any template attachments
-    if (template.attachments && template.attachments.length > 0) {
-      for (const attachment of template.attachments) {
-        // Load attachment file
-        try {
-          const attachmentPath = plugins.path.isAbsolute(attachment.path) 
-            ? attachment.path 
-            : plugins.path.join(paths.MtaAttachmentsDir, attachment.path);
-            
-          // Use appropriate SmartFile method - either read from file or create with empty buffer
-          // For a file path, use the fromFilePath static method
-          const file = await plugins.smartfile.SmartFile.fromFilePath(attachmentPath);
-          
-          // Set content type if specified
-          if (attachment.contentType) {
-            (file as any).contentType = attachment.contentType;
-          }
-          
-          smartmail.addAttachment(file);
-        } catch (error) {
-          logger.log('error', `Failed to add attachment '${attachment.name}': ${error.message}`);
-        }
-      }
-    }
-    
-    // Apply template variables if context provided
-    if (context) {
-      // Use applyVariables from smartmail v2.1.0+
-      smartmail.applyVariables(context);
-    }
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create and completely process a Smartmail instance from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A complete, processed Smartmail instance ready to send
-   */
-  public async prepareEmail<T = any>(
-    templateId: string,
-    context: ITemplateContext = {}
-  ): Promise<plugins.smartmail.Smartmail<T>> {
-    const smartmail = await this.createSmartmail<T>(templateId, context);
-    
-    // Pre-compile all mustache templates (subject, body)
-    smartmail.getSubject();
-    smartmail.getBody();
-    
-    return smartmail;
-  }
-  
-  /**
-   * Create a MIME-formatted email from a template
-   * @param templateId The template ID
-   * @param context The template context data
-   * @returns A MIME-formatted email string
-   */
-  public async createMimeEmail(
-    templateId: string,
-    context: ITemplateContext = {}
-  ): Promise<string> {
-    const smartmail = await this.prepareEmail(templateId, context);
-    return smartmail.toMimeFormat();
-  }
-  
-  
-  /**
-   * Load templates from a directory
-   * @param directory The directory containing template JSON files
-   */
-  public async loadTemplatesFromDirectory(directory: string): Promise<void> {
-    try {
-      // Ensure directory exists
-      if (!plugins.fs.existsSync(directory)) {
-        logger.log('error', `Template directory does not exist: ${directory}`);
-        return;
-      }
-      
-      // Get all JSON files
-      const files = plugins.fs.readdirSync(directory)
-        .filter(file => file.endsWith('.json'));
-      
-      for (const file of files) {
-        try {
-          const filePath = plugins.path.join(directory, file);
-          const content = plugins.fs.readFileSync(filePath, 'utf8');
-          const template = JSON.parse(content) as IEmailTemplate;
-          
-          // Validate template
-          if (!template.id || !template.subject || (!template.bodyHtml && !template.bodyText)) {
-            logger.log('warn', `Invalid template in ${file}: missing required fields`);
-            continue;
-          }
-          
-          this.registerTemplate(template);
-        } catch (error) {
-          logger.log('error', `Error loading template from ${file}: ${error.message}`);
-        }
-      }
-      
-      logger.log('info', `Loaded ${this.templates.size} email templates`);
-    } catch (error) {
-      logger.log('error', `Failed to load templates from directory: ${error.message}`);
-      throw error;
-    }
-  }
-}

ts/mail/core/index.ts

@@ -1,6 +0,0 @@
-// Core email components
-export * from './classes.email.js';
-export * from './classes.emailvalidator.js';
-export * from './classes.templatemanager.js';
-export * from './classes.bouncemanager.js';
-export * from './classes.rulemanager.js';

ts/mail/delivery/classes.connector.mta.ts

@@ -1,625 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailService } from '../services/classes.emailservice.js';
-import { logger } from '../../logger.js';
-
-// Import MTA classes
-import { MtaService } from './classes.mta.js';
-import { Email as MtaEmail } from '../core/classes.email.js';
-import { DeliveryStatus } from './classes.emailsendjob.js';
-
-// Re-export for use in index.ts
-export { DeliveryStatus };
-
-// Import Email types
-export interface IEmailOptions {
-  from: string;
-  to: string[];
-  cc?: string[];
-  bcc?: string[];
-  subject: string;
-  text?: string;
-  html?: string;
-  attachments?: IAttachment[];
-  headers?: { [key: string]: string };
-}
-
-
-// Reuse the IAttachment interface
-export interface IAttachment {
-  filename: string;
-  content: Buffer;
-  contentType: string;
-  contentId?: string;
-  encoding?: string;
-}
-
-/**
- * Email status details
- */
-export interface IEmailStatusDetails {
-  /** Number of delivery attempts */
-  attempts?: number;
-  /** Timestamp of last delivery attempt */
-  lastAttempt?: Date;
-  /** Timestamp of next scheduled attempt */
-  nextAttempt?: Date;
-  /** Error message if delivery failed */
-  error?: string;
-  /** Message explaining the status */
-  message?: string;
-}
-
-/**
- * Email status response
- */
-export interface IEmailStatusResponse {
-  /** Current status of the email */
-  status: DeliveryStatus | 'unknown' | 'error';
-  /** Additional status details */
-  details?: IEmailStatusDetails;
-}
-
-/**
- * Options for sending an email via MTA
- */
-export interface ISendEmailOptions {
-  /** Whether to use MIME format conversion */
-  useMimeFormat?: boolean;
-  /** Whether to track clicks */
-  trackClicks?: boolean;
-  /** Whether to track opens */
-  trackOpens?: boolean;
-  /** Message priority (1-5, where 1 is highest) */
-  priority?: number;
-  /** Message scheduling options */
-  schedule?: {
-    /** Time to send the email */
-    sendAt?: Date | string;
-    /** Time the message expires */
-    expireAt?: Date | string;
-  };
-  /** DKIM signing options */
-  dkim?: {
-    /** Whether to sign the message */
-    sign?: boolean;
-    /** Domain to use for signing */
-    domain?: string;
-    /** Key selector to use */
-    selector?: string;
-  };
-  /** Additional headers */
-  headers?: Record<string, string>;
-  /** Message tags for categorization */
-  tags?: string[];
-}
-
-export class MtaConnector {
-  public emailRef: EmailService;
-  private mtaService: MtaService;
-
-  constructor(emailRefArg: EmailService, mtaService?: MtaService) {
-    this.emailRef = emailRefArg;
-    this.mtaService = mtaService || this.emailRef.mtaService;
-  }
-
-  /**
-   * Send an email using the MTA service
-   * @param smartmail The email to send
-   * @param toAddresses Recipients (comma-separated or array)
-   * @param options Additional options
-   */
-
-  /**
-   * Send an email using the MTA service
-   * @param smartmail The email to send
-   * @param toAddresses Recipients (comma-separated or array)
-   * @param options Additional options
-   */
-  public async sendEmail(
-    smartmail: plugins.smartmail.Smartmail<any>,
-    toAddresses: string | string[],
-    options: ISendEmailOptions = {}
-  ): Promise<string> {
-    // Check if recipients are on the suppression list
-    const recipients = Array.isArray(toAddresses) 
-      ? toAddresses 
-      : toAddresses.split(',').map(addr => addr.trim());
-    
-    // Filter out suppressed recipients
-    const validRecipients = [];
-    const suppressedRecipients = [];
-    
-    for (const recipient of recipients) {
-      if (this.emailRef.bounceManager.isEmailSuppressed(recipient)) {
-        suppressedRecipients.push(recipient);
-      } else {
-        validRecipients.push(recipient);
-      }
-    }
-    
-    // Log suppressed recipients
-    if (suppressedRecipients.length > 0) {
-      logger.log('warn', `Skipping ${suppressedRecipients.length} suppressed recipients`, {
-        suppressedRecipients
-      });
-    }
-    
-    // If all recipients are suppressed, throw error
-    if (validRecipients.length === 0) {
-      throw new Error('All recipients are on the suppression list');
-    }
-    
-    // Continue with valid recipients
-    try {
-      // Use filtered recipients - already an array, no need for toArray
-      
-      // Add recipients to smartmail if they're not already added
-      if (!smartmail.options.to || smartmail.options.to.length === 0) {
-        for (const recipient of validRecipients) {
-          smartmail.addRecipient(recipient);
-        }
-      }
-
-      // Handle options
-      const emailOptions: Record<string, any> = { ...options };
-      
-      // Check if we should use MIME format
-      const useMimeFormat = options.useMimeFormat !== false; // Default to true
-      
-      if (useMimeFormat) {
-        // Use smartmail's MIME conversion for improved handling
-        try {
-          // Convert to MIME format
-          const mimeEmail = await smartmail.toMimeFormat(smartmail.options.creationObjectRef);
-          
-          // Parse the MIME email to create an MTA Email
-          return this.sendMimeEmail(mimeEmail, validRecipients);
-        } catch (mimeError) {
-          logger.log('warn', `Failed to use MIME format, falling back to direct conversion: ${mimeError.message}`);
-          // Fall back to direct conversion
-          return this.sendDirectEmail(smartmail, validRecipients);
-        }
-      } else {
-        // Use direct conversion
-        return this.sendDirectEmail(smartmail, validRecipients);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to send email via MTA: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-      
-      // Check if this is a bounce-related error
-      if (error.message.includes('550') || // Rejected
-          error.message.includes('551') || // User not local
-          error.message.includes('552') || // Mailbox full
-          error.message.includes('553') || // Bad mailbox name
-          error.message.includes('554') || // Transaction failed
-          error.message.includes('does not exist') ||
-          error.message.includes('unknown user') ||
-          error.message.includes('invalid recipient')) {
-            
-        // Process as a bounce
-        for (const recipient of validRecipients) {
-          await this.emailRef.bounceManager.processSmtpFailure(
-            recipient,
-            error.message,
-            {
-              sender: smartmail.options.from,
-              statusCode: error.message.match(/\b([45]\d{2})\b/) ? error.message.match(/\b([45]\d{2})\b/)[1] : undefined
-            }
-          );
-        }
-      }
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Send a MIME-formatted email
-   * @param mimeEmail The MIME-formatted email content
-   * @param recipients The email recipients
-   */
-  private async sendMimeEmail(mimeEmail: string, recipients: string[]): Promise<string> {
-    try {
-      // Parse the MIME email
-      const parsedEmail = await plugins.mailparser.simpleParser(mimeEmail);
-      
-      // Extract necessary information for MTA Email
-      const mtaEmail = new MtaEmail({
-        from: parsedEmail.from?.text || '',
-        to: recipients,
-        subject: parsedEmail.subject || '',
-        text: parsedEmail.text || '',
-        html: parsedEmail.html || undefined,
-        attachments: parsedEmail.attachments?.map(attachment => ({
-          filename: attachment.filename || 'attachment',
-          content: attachment.content,
-          contentType: attachment.contentType || 'application/octet-stream',
-          contentId: attachment.contentId
-        })) || [],
-        headers: Object.fromEntries([...parsedEmail.headers].map(([key, value]) => [key, String(value)]))
-      });
-      
-      // Send using MTA
-      const emailId = await this.mtaService.send(mtaEmail);
-      
-      logger.log('info', `MIME email sent via MTA to ${recipients.join(', ')}`, {
-        eventType: 'sentEmail',
-        provider: 'mta',
-        emailId,
-        to: recipients
-      });
-
-      return emailId;
-    } catch (error) {
-      logger.log('error', `Failed to send MIME email: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Send an email using direct conversion (fallback method)
-   * @param smartmail The Smartmail instance
-   * @param recipients The email recipients
-   */
-  private async sendDirectEmail(
-    smartmail: plugins.smartmail.Smartmail<any>,
-    recipients: string[]
-  ): Promise<string> {
-    // Map SmartMail attachments to MTA attachments with improved content type handling
-    const attachments: IAttachment[] = smartmail.attachments.map(attachment => {
-      // Try to determine content type from file extension if not explicitly set
-      let contentType = (attachment as any)?.contentType;
-      
-      if (!contentType) {
-        const extension = attachment.parsedPath.ext.toLowerCase();
-        contentType = this.getContentTypeFromExtension(extension);
-      }
-      
-      return {
-        filename: attachment.parsedPath.base,
-        content: Buffer.from(attachment.contentBuffer),
-        contentType: contentType || 'application/octet-stream',
-        // Add content ID for inline images if available
-        contentId: (attachment as any)?.contentId
-      };
-    });
-
-    // Create MTA Email
-    const mtaEmail = new MtaEmail({
-      from: smartmail.options.from,
-      to: recipients,
-      subject: smartmail.getSubject(),
-      text: smartmail.getBody(false), // Plain text version
-      html: smartmail.getBody(true),  // HTML version
-      attachments
-    });
-    
-    // Prepare arrays for CC and BCC recipients
-    let ccRecipients: string[] = [];
-    let bccRecipients: string[] = [];
-    
-    // Add CC recipients if present
-    if (smartmail.options.cc?.length > 0) {
-      // Handle CC recipients - smartmail options may contain email objects
-      ccRecipients = smartmail.options.cc.map(r => {
-        if (typeof r === 'string') return r;
-        return typeof (r as any).address === 'string' ? (r as any).address : 
-               typeof (r as any).email === 'string' ? (r as any).email : '';
-      });
-      mtaEmail.cc = ccRecipients;
-    }
-    
-    // Add BCC recipients if present
-    if (smartmail.options.bcc?.length > 0) {
-      // Handle BCC recipients - smartmail options may contain email objects
-      bccRecipients = smartmail.options.bcc.map(r => {
-        if (typeof r === 'string') return r;
-        return typeof (r as any).address === 'string' ? (r as any).address : 
-               typeof (r as any).email === 'string' ? (r as any).email : '';
-      });
-      mtaEmail.bcc = bccRecipients;
-    }
-
-    // Send using MTA
-    const emailId = await this.mtaService.send(mtaEmail);
-    
-    logger.log('info', `Email sent via MTA to ${recipients.join(', ')}`, {
-      eventType: 'sentEmail',
-      provider: 'mta',
-      emailId,
-      to: recipients
-    });
-
-    return emailId;
-  }
-  
-  /**
-   * Get content type from file extension
-   * @param extension The file extension (with or without dot)
-   * @returns The content type or undefined if unknown
-   */
-  private getContentTypeFromExtension(extension: string): string | undefined {
-    // Remove dot if present
-    const ext = extension.startsWith('.') ? extension.substring(1) : extension;
-    
-    // Common content types
-    const contentTypes: Record<string, string> = {
-      'pdf': 'application/pdf',
-      'jpg': 'image/jpeg',
-      'jpeg': 'image/jpeg',
-      'png': 'image/png',
-      'gif': 'image/gif',
-      'svg': 'image/svg+xml',
-      'webp': 'image/webp',
-      'txt': 'text/plain',
-      'html': 'text/html',
-      'csv': 'text/csv',
-      'json': 'application/json',
-      'xml': 'application/xml',
-      'zip': 'application/zip',
-      'doc': 'application/msword',
-      'docx': 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
-      'xls': 'application/vnd.ms-excel',
-      'xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-      'ppt': 'application/vnd.ms-powerpoint',
-      'pptx': 'application/vnd.openxmlformats-officedocument.presentationml.presentation'
-    };
-    
-    return contentTypes[ext.toLowerCase()];
-  }
-
-  /**
-   * Retrieve and process an incoming email
-   * For MTA, this would handle an email already received by the SMTP server
-   * @param emailData The raw email data or identifier
-   * @param options Additional processing options
-   */
-  public async receiveEmail(
-    emailData: string,
-    options: {
-      preserveHeaders?: boolean;
-      includeRawData?: boolean;
-      validateSender?: boolean;
-    } = {}
-  ): Promise<plugins.smartmail.Smartmail<any>> {
-    try {
-      // In a real implementation, this would retrieve an email from the MTA storage
-      // For now, we can use a simplified approach:
-      
-      // Parse the email (assuming emailData is a raw email or a file path)
-      const parsedEmail = await plugins.mailparser.simpleParser(emailData);
-      
-      // Extract sender information
-      const sender = parsedEmail.from?.text || '';
-      let senderName = '';
-      let senderEmail = sender;
-      
-      // Try to extract name and email from "Name <email>" format
-      const senderMatch = sender.match(/(.*?)\s*<([^>]+)>/);
-      if (senderMatch) {
-        senderName = senderMatch[1].trim();
-        senderEmail = senderMatch[2].trim();
-      }
-      
-      // Extract recipients
-      const recipients = [];
-      if (parsedEmail.to) {
-        // Extract recipients safely
-        try {
-          // Handle AddressObject or AddressObject[]
-          if (parsedEmail.to && typeof parsedEmail.to === 'object' && 'value' in parsedEmail.to) {
-            const addressList = Array.isArray(parsedEmail.to.value) 
-              ? parsedEmail.to.value 
-              : [parsedEmail.to.value];
-              
-            for (const addr of addressList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                recipients.push({
-                  name: addr.name || '',
-                  email: addr.address || ''
-                });
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let toStr = '';
-          if (parsedEmail.to && typeof parsedEmail.to === 'object' && 'text' in parsedEmail.to) {
-            toStr = String(parsedEmail.to.text || '');
-          }
-          if (toStr) {
-            recipients.push({
-              name: '',
-              email: toStr
-            });
-          }
-        }
-      }
-      
-      // Create a more comprehensive creation object reference
-      const creationObjectRef: Record<string, any> = {
-        sender: {
-          name: senderName,
-          email: senderEmail
-        },
-        recipients: recipients,
-        subject: parsedEmail.subject || '',
-        date: parsedEmail.date || new Date(),
-        messageId: parsedEmail.messageId || '',
-        inReplyTo: parsedEmail.inReplyTo || null,
-        references: parsedEmail.references || []
-      };
-      
-      // Include headers if requested
-      if (options.preserveHeaders) {
-        creationObjectRef.headers = parsedEmail.headers;
-      }
-      
-      // Include raw data if requested
-      if (options.includeRawData) {
-        creationObjectRef.rawData = emailData;
-      }
-      
-      // Create a Smartmail from the parsed email
-      const smartmail = new plugins.smartmail.Smartmail({
-        from: senderEmail,
-        subject: parsedEmail.subject || '',
-        body: parsedEmail.html || parsedEmail.text || '',
-        creationObjectRef
-      });
-      
-      // Add recipients
-      if (recipients.length > 0) {
-        for (const recipient of recipients) {
-          smartmail.addRecipient(recipient.email);
-        }
-      }
-      
-      // Add CC recipients if present
-      if (parsedEmail.cc) {
-        try {
-          // Extract CC recipients safely
-          if (parsedEmail.cc && typeof parsedEmail.cc === 'object' && 'value' in parsedEmail.cc) {
-            const ccList = Array.isArray(parsedEmail.cc.value) 
-              ? parsedEmail.cc.value 
-              : [parsedEmail.cc.value];
-              
-            for (const addr of ccList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                smartmail.addRecipient(addr.address, 'cc');
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let ccStr = '';
-          if (parsedEmail.cc && typeof parsedEmail.cc === 'object' && 'text' in parsedEmail.cc) {
-            ccStr = String(parsedEmail.cc.text || '');
-          }
-          if (ccStr) {
-            smartmail.addRecipient(ccStr, 'cc');
-          }
-        }
-      }
-      
-      // Add BCC recipients if present (usually not in received emails, but just in case)
-      if (parsedEmail.bcc) {
-        try {
-          // Extract BCC recipients safely
-          if (parsedEmail.bcc && typeof parsedEmail.bcc === 'object' && 'value' in parsedEmail.bcc) {
-            const bccList = Array.isArray(parsedEmail.bcc.value) 
-              ? parsedEmail.bcc.value 
-              : [parsedEmail.bcc.value];
-              
-            for (const addr of bccList) {
-              if (addr && typeof addr === 'object' && 'address' in addr) {
-                smartmail.addRecipient(addr.address, 'bcc');
-              }
-            }
-          }
-        } catch (error) {
-          // If parsing fails, try to extract as string
-          let bccStr = '';
-          if (parsedEmail.bcc && typeof parsedEmail.bcc === 'object' && 'text' in parsedEmail.bcc) {
-            bccStr = String(parsedEmail.bcc.text || '');
-          }
-          if (bccStr) {
-            smartmail.addRecipient(bccStr, 'bcc');
-          }
-        }
-      }
-
-      // Add attachments if present
-      if (parsedEmail.attachments && parsedEmail.attachments.length > 0) {
-        for (const attachment of parsedEmail.attachments) {
-          // Create smartfile with proper constructor options
-          const file = new plugins.smartfile.SmartFile({
-            path: attachment.filename || 'attachment',
-            contentBuffer: attachment.content,
-            base: ''
-          });
-          
-          // Set content type and content ID for proper MIME handling
-          if (attachment.contentType) {
-            (file as any).contentType = attachment.contentType;
-          }
-          
-          if (attachment.contentId) {
-            (file as any).contentId = attachment.contentId;
-          }
-          
-          smartmail.addAttachment(file);
-        }
-      }
-      
-      // Validate sender if requested
-      if (options.validateSender && this.emailRef.emailValidator) {
-        try {
-          const validationResult = await this.emailRef.emailValidator.validate(senderEmail, {
-            checkSyntaxOnly: true // Use syntax-only for performance
-          });
-          
-          // Add validation info to the creation object
-          creationObjectRef.senderValidation = validationResult;
-        } catch (validationError) {
-          logger.log('warn', `Sender validation error: ${validationError.message}`);
-        }
-      }
-
-      return smartmail;
-    } catch (error) {
-      logger.log('error', `Failed to receive email via MTA: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        error: error.message
-      });
-      throw error;
-    }
-  }
-
-  /**
-   * Check the status of a sent email
-   * @param emailId The email ID to check
-   * @returns Current status and details
-   */
-  public async checkEmailStatus(emailId: string): Promise<IEmailStatusResponse> {
-    try {
-      const status = this.mtaService.getEmailStatus(emailId);
-      
-      if (!status) {
-        return {
-          status: 'unknown' as const,
-          details: { message: 'Email not found' }
-        };
-      }
-
-      return {
-        // Use type assertion to ensure this passes type check
-        status: status.status as DeliveryStatus,
-        details: {
-          attempts: status.attempts,
-          lastAttempt: status.lastAttempt,
-          nextAttempt: status.nextAttempt,
-          error: status.error?.message,
-          message: `Status: ${status.status}${status.error ? `, Error: ${status.error.message}` : ''}`
-        }
-      };
-    } catch (error) {
-      logger.log('error', `Failed to check email status: ${error.message}`, {
-        eventType: 'emailError',
-        provider: 'mta',
-        emailId,
-        error: error.message
-      });
-      
-      return {
-        status: 'error' as const,
-        details: { message: error.message }
-      };
-    }
-  }
-}

ts/mail/delivery/classes.delivery.queue.ts

@@ -1,638 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import * as fs from 'node:fs';
-import * as path from 'node:path';
-import { logger } from '../../logger.js';
-import { type EmailProcessingMode, type IDomainRule } from '../routing/classes.email.config.js';
-
-/**
- * Queue item status
- */
-export type QueueItemStatus = 'pending' | 'processing' | 'delivered' | 'failed' | 'deferred';
-
-/**
- * Queue item interface
- */
-export interface IQueueItem {
-  id: string;
-  processingMode: EmailProcessingMode;
-  processingResult: any;
-  rule: IDomainRule;
-  status: QueueItemStatus;
-  attempts: number;
-  nextAttempt: Date;
-  lastError?: string;
-  createdAt: Date;
-  updatedAt: Date;
-  deliveredAt?: Date;
-}
-
-/**
- * Queue options interface
- */
-export interface IQueueOptions {
-  // Storage options
-  storageType?: 'memory' | 'disk';
-  persistentPath?: string;
-  
-  // Queue behavior
-  checkInterval?: number;
-  maxQueueSize?: number;
-  maxPerDestination?: number;
-  
-  // Delivery attempts
-  maxRetries?: number;
-  baseRetryDelay?: number;
-  maxRetryDelay?: number;
-}
-
-/**
- * Queue statistics interface
- */
-export interface IQueueStats {
-  queueSize: number;
-  status: {
-    pending: number;
-    processing: number;
-    delivered: number;
-    failed: number;
-    deferred: number;
-  };
-  modes: {
-    forward: number;
-    mta: number;
-    process: number;
-  };
-  oldestItem?: Date;
-  newestItem?: Date;
-  averageAttempts: number;
-  totalProcessed: number;
-  processingActive: boolean;
-}
-
-/**
- * A unified queue for all email modes
- */
-export class UnifiedDeliveryQueue extends EventEmitter {
-  private options: Required<IQueueOptions>;
-  private queue: Map<string, IQueueItem> = new Map();
-  private checkTimer?: NodeJS.Timeout;
-  private stats: IQueueStats;
-  private processing: boolean = false;
-  private totalProcessed: number = 0;
-  
-  /**
-   * Create a new unified delivery queue
-   * @param options Queue options
-   */
-  constructor(options: IQueueOptions) {
-    super();
-    
-    // Set default options
-    this.options = {
-      storageType: options.storageType || 'memory',
-      persistentPath: options.persistentPath || path.join(process.cwd(), 'email-queue'),
-      checkInterval: options.checkInterval || 30000, // 30 seconds
-      maxQueueSize: options.maxQueueSize || 10000,
-      maxPerDestination: options.maxPerDestination || 100,
-      maxRetries: options.maxRetries || 5,
-      baseRetryDelay: options.baseRetryDelay || 60000, // 1 minute
-      maxRetryDelay: options.maxRetryDelay || 3600000 // 1 hour
-    };
-    
-    // Initialize statistics
-    this.stats = {
-      queueSize: 0,
-      status: {
-        pending: 0,
-        processing: 0,
-        delivered: 0,
-        failed: 0,
-        deferred: 0
-      },
-      modes: {
-        forward: 0,
-        mta: 0,
-        process: 0
-      },
-      averageAttempts: 0,
-      totalProcessed: 0,
-      processingActive: false
-    };
-  }
-  
-  /**
-   * Initialize the queue
-   */
-  public async initialize(): Promise<void> {
-    logger.log('info', 'Initializing UnifiedDeliveryQueue');
-    
-    try {
-      // Create persistent storage directory if using disk storage
-      if (this.options.storageType === 'disk') {
-        if (!fs.existsSync(this.options.persistentPath)) {
-          fs.mkdirSync(this.options.persistentPath, { recursive: true });
-        }
-        
-        // Load existing items from disk
-        await this.loadFromDisk();
-      }
-      
-      // Start the queue processing timer
-      this.startProcessing();
-      
-      // Emit initialized event
-      this.emit('initialized');
-      logger.log('info', 'UnifiedDeliveryQueue initialized successfully');
-    } catch (error) {
-      logger.log('error', `Failed to initialize queue: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Start queue processing
-   */
-  private startProcessing(): void {
-    if (this.checkTimer) {
-      clearInterval(this.checkTimer);
-    }
-    
-    this.checkTimer = setInterval(() => this.processQueue(), this.options.checkInterval);
-    this.processing = true;
-    this.stats.processingActive = true;
-    this.emit('processingStarted');
-    logger.log('info', 'Queue processing started');
-  }
-  
-  /**
-   * Stop queue processing
-   */
-  private stopProcessing(): void {
-    if (this.checkTimer) {
-      clearInterval(this.checkTimer);
-      this.checkTimer = undefined;
-    }
-    
-    this.processing = false;
-    this.stats.processingActive = false;
-    this.emit('processingStopped');
-    logger.log('info', 'Queue processing stopped');
-  }
-  
-  /**
-   * Check for items that need to be processed
-   */
-  private async processQueue(): Promise<void> {
-    try {
-      const now = new Date();
-      let readyItems: IQueueItem[] = [];
-      
-      // Find items ready for processing
-      for (const item of this.queue.values()) {
-        if (item.status === 'pending' || (item.status === 'deferred' && item.nextAttempt <= now)) {
-          readyItems.push(item);
-        }
-      }
-      
-      if (readyItems.length === 0) {
-        return;
-      }
-      
-      // Sort by oldest first
-      readyItems.sort((a, b) => a.createdAt.getTime() - b.createdAt.getTime());
-      
-      // Emit event for ready items
-      this.emit('itemsReady', readyItems);
-      logger.log('info', `Found ${readyItems.length} items ready for processing`);
-      
-      // Update statistics
-      this.updateStats();
-    } catch (error) {
-      logger.log('error', `Error processing queue: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Add an item to the queue
-   * @param processingResult Processing result to queue
-   * @param mode Processing mode
-   * @param rule Domain rule
-   */
-  public async enqueue(processingResult: any, mode: EmailProcessingMode, rule: IDomainRule): Promise<string> {
-    // Check if queue is full
-    if (this.queue.size >= this.options.maxQueueSize) {
-      throw new Error('Queue is full');
-    }
-    
-    // Generate a unique ID
-    const id = `${Date.now()}-${Math.random().toString(36).substring(2, 15)}`;
-    
-    // Create queue item
-    const item: IQueueItem = {
-      id,
-      processingMode: mode,
-      processingResult,
-      rule,
-      status: 'pending',
-      attempts: 0,
-      nextAttempt: new Date(),
-      createdAt: new Date(),
-      updatedAt: new Date()
-    };
-    
-    // Add to queue
-    this.queue.set(id, item);
-    
-    // Persist to disk if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemEnqueued', item);
-    logger.log('info', `Item enqueued with ID ${id}, mode: ${mode}`);
-    
-    return id;
-  }
-  
-  /**
-   * Get an item from the queue
-   * @param id Item ID
-   */
-  public getItem(id: string): IQueueItem | undefined {
-    return this.queue.get(id);
-  }
-  
-  /**
-   * Mark an item as being processed
-   * @param id Item ID
-   */
-  public async markProcessing(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Update status
-    item.status = 'processing';
-    item.attempts++;
-    item.updatedAt = new Date();
-    
-    // Persist changes if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemProcessing', item);
-    logger.log('info', `Item ${id} marked as processing, attempt ${item.attempts}`);
-    
-    return true;
-  }
-  
-  /**
-   * Mark an item as delivered
-   * @param id Item ID
-   */
-  public async markDelivered(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Update status
-    item.status = 'delivered';
-    item.updatedAt = new Date();
-    item.deliveredAt = new Date();
-    
-    // Persist changes if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.persistItem(item);
-    }
-    
-    // Update statistics
-    this.totalProcessed++;
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemDelivered', item);
-    logger.log('info', `Item ${id} marked as delivered after ${item.attempts} attempts`);
-    
-    return true;
-  }
-  
-  /**
-   * Mark an item as failed
-   * @param id Item ID
-   * @param error Error message
-   */
-  public async markFailed(id: string, error: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Determine if we should retry
-    if (item.attempts < this.options.maxRetries) {
-      // Calculate next retry time with exponential backoff
-      const delay = Math.min(
-        this.options.baseRetryDelay * Math.pow(2, item.attempts - 1),
-        this.options.maxRetryDelay
-      );
-      
-      // Update status
-      item.status = 'deferred';
-      item.lastError = error;
-      item.nextAttempt = new Date(Date.now() + delay);
-      item.updatedAt = new Date();
-      
-      // Persist changes if using disk storage
-      if (this.options.storageType === 'disk') {
-        await this.persistItem(item);
-      }
-      
-      // Emit event
-      this.emit('itemDeferred', item);
-      logger.log('info', `Item ${id} deferred for ${delay}ms, attempt ${item.attempts}, error: ${error}`);
-    } else {
-      // Mark as permanently failed
-      item.status = 'failed';
-      item.lastError = error;
-      item.updatedAt = new Date();
-      
-      // Persist changes if using disk storage
-      if (this.options.storageType === 'disk') {
-        await this.persistItem(item);
-      }
-      
-      // Update statistics
-      this.totalProcessed++;
-      
-      // Emit event
-      this.emit('itemFailed', item);
-      logger.log('warn', `Item ${id} permanently failed after ${item.attempts} attempts, error: ${error}`);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    return true;
-  }
-  
-  /**
-   * Remove an item from the queue
-   * @param id Item ID
-   */
-  public async removeItem(id: string): Promise<boolean> {
-    const item = this.queue.get(id);
-    
-    if (!item) {
-      return false;
-    }
-    
-    // Remove from queue
-    this.queue.delete(id);
-    
-    // Remove from disk if using disk storage
-    if (this.options.storageType === 'disk') {
-      await this.removeItemFromDisk(id);
-    }
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit event
-    this.emit('itemRemoved', item);
-    logger.log('info', `Item ${id} removed from queue`);
-    
-    return true;
-  }
-  
-  /**
-   * Persist an item to disk
-   * @param item Item to persist
-   */
-  private async persistItem(item: IQueueItem): Promise<void> {
-    try {
-      const filePath = path.join(this.options.persistentPath, `${item.id}.json`);
-      await fs.promises.writeFile(filePath, JSON.stringify(item, null, 2), 'utf8');
-    } catch (error) {
-      logger.log('error', `Failed to persist item ${item.id}: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Remove an item from disk
-   * @param id Item ID
-   */
-  private async removeItemFromDisk(id: string): Promise<void> {
-    try {
-      const filePath = path.join(this.options.persistentPath, `${id}.json`);
-      
-      if (fs.existsSync(filePath)) {
-        await fs.promises.unlink(filePath);
-      }
-    } catch (error) {
-      logger.log('error', `Failed to remove item ${id} from disk: ${error.message}`);
-      this.emit('error', error);
-    }
-  }
-  
-  /**
-   * Load queue items from disk
-   */
-  private async loadFromDisk(): Promise<void> {
-    try {
-      // Check if directory exists
-      if (!fs.existsSync(this.options.persistentPath)) {
-        return;
-      }
-      
-      // Get all JSON files
-      const files = fs.readdirSync(this.options.persistentPath).filter(file => file.endsWith('.json'));
-      
-      // Load each file
-      for (const file of files) {
-        try {
-          const filePath = path.join(this.options.persistentPath, file);
-          const data = await fs.promises.readFile(filePath, 'utf8');
-          const item = JSON.parse(data) as IQueueItem;
-          
-          // Convert date strings to Date objects
-          item.createdAt = new Date(item.createdAt);
-          item.updatedAt = new Date(item.updatedAt);
-          item.nextAttempt = new Date(item.nextAttempt);
-          if (item.deliveredAt) {
-            item.deliveredAt = new Date(item.deliveredAt);
-          }
-          
-          // Add to queue
-          this.queue.set(item.id, item);
-        } catch (error) {
-          logger.log('error', `Failed to load item from ${file}: ${error.message}`);
-        }
-      }
-      
-      // Update statistics
-      this.updateStats();
-      
-      logger.log('info', `Loaded ${this.queue.size} items from disk`);
-    } catch (error) {
-      logger.log('error', `Failed to load items from disk: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Update queue statistics
-   */
-  private updateStats(): void {
-    // Reset counters
-    this.stats.queueSize = this.queue.size;
-    this.stats.status = {
-      pending: 0,
-      processing: 0,
-      delivered: 0,
-      failed: 0,
-      deferred: 0
-    };
-    this.stats.modes = {
-      forward: 0,
-      mta: 0,
-      process: 0
-    };
-    
-    let totalAttempts = 0;
-    let oldestTime = Date.now();
-    let newestTime = 0;
-    
-    // Count by status and mode
-    for (const item of this.queue.values()) {
-      // Count by status
-      this.stats.status[item.status]++;
-      
-      // Count by mode
-      this.stats.modes[item.processingMode]++;
-      
-      // Track total attempts
-      totalAttempts += item.attempts;
-      
-      // Track oldest and newest
-      const itemTime = item.createdAt.getTime();
-      if (itemTime < oldestTime) {
-        oldestTime = itemTime;
-      }
-      if (itemTime > newestTime) {
-        newestTime = itemTime;
-      }
-    }
-    
-    // Calculate average attempts
-    this.stats.averageAttempts = this.queue.size > 0 ? totalAttempts / this.queue.size : 0;
-    
-    // Set oldest and newest
-    this.stats.oldestItem = this.queue.size > 0 ? new Date(oldestTime) : undefined;
-    this.stats.newestItem = this.queue.size > 0 ? new Date(newestTime) : undefined;
-    
-    // Set total processed
-    this.stats.totalProcessed = this.totalProcessed;
-    
-    // Set processing active
-    this.stats.processingActive = this.processing;
-    
-    // Emit statistics event
-    this.emit('statsUpdated', this.stats);
-  }
-  
-  /**
-   * Get queue statistics
-   */
-  public getStats(): IQueueStats {
-    return { ...this.stats };
-  }
-  
-  /**
-   * Pause queue processing
-   */
-  public pause(): void {
-    if (this.processing) {
-      this.stopProcessing();
-      logger.log('info', 'Queue processing paused');
-    }
-  }
-  
-  /**
-   * Resume queue processing
-   */
-  public resume(): void {
-    if (!this.processing) {
-      this.startProcessing();
-      logger.log('info', 'Queue processing resumed');
-    }
-  }
-  
-  /**
-   * Clean up old delivered and failed items
-   * @param maxAge Maximum age in milliseconds (default: 7 days)
-   */
-  public async cleanupOldItems(maxAge: number = 7 * 24 * 60 * 60 * 1000): Promise<number> {
-    const cutoff = new Date(Date.now() - maxAge);
-    let removedCount = 0;
-    
-    // Find old items
-    for (const item of this.queue.values()) {
-      if (['delivered', 'failed'].includes(item.status) && item.updatedAt < cutoff) {
-        // Remove item
-        await this.removeItem(item.id);
-        removedCount++;
-      }
-    }
-    
-    logger.log('info', `Cleaned up ${removedCount} old items`);
-    return removedCount;
-  }
-  
-  /**
-   * Shutdown the queue
-   */
-  public async shutdown(): Promise<void> {
-    logger.log('info', 'Shutting down UnifiedDeliveryQueue');
-    
-    // Stop processing
-    this.stopProcessing();
-    
-    // If using disk storage, make sure all items are persisted
-    if (this.options.storageType === 'disk') {
-      const pendingWrites: Promise<void>[] = [];
-      
-      for (const item of this.queue.values()) {
-        pendingWrites.push(this.persistItem(item));
-      }
-      
-      // Wait for all writes to complete
-      await Promise.all(pendingWrites);
-    }
-    
-    // Clear the queue (memory only)
-    this.queue.clear();
-    
-    // Update statistics
-    this.updateStats();
-    
-    // Emit shutdown event
-    this.emit('shutdown');
-    logger.log('info', 'UnifiedDeliveryQueue shut down successfully');
-  }
-}

ts/mail/delivery/classes.delivery.system.ts

@@ -1,935 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import * as net from 'node:net';
-import * as tls from 'node:tls';
-import { logger } from '../../logger.js';
-import { 
-  SecurityLogger, 
-  SecurityLogLevel, 
-  SecurityEventType 
-} from '../../security/index.js';
-import { UnifiedDeliveryQueue, type IQueueItem } from './classes.delivery.queue.js';
-import type { Email } from '../core/classes.email.js';
-import type { IDomainRule } from '../routing/classes.email.config.js';
-
-/**
- * Delivery handler interface
- */
-export interface IDeliveryHandler {
-  deliver(item: IQueueItem): Promise<any>;
-}
-
-/**
- * Delivery options
- */
-export interface IMultiModeDeliveryOptions {
-  // Connection options
-  connectionPoolSize?: number;
-  socketTimeout?: number;
-  
-  // Delivery behavior
-  concurrentDeliveries?: number;
-  sendTimeout?: number;
-  
-  // TLS options
-  verifyCertificates?: boolean;
-  tlsMinVersion?: string;
-  
-  // Mode-specific handlers
-  forwardHandler?: IDeliveryHandler;
-  mtaHandler?: IDeliveryHandler;
-  processHandler?: IDeliveryHandler;
-  
-  // Rate limiting
-  globalRateLimit?: number;
-  perPatternRateLimit?: Record<string, number>;
-  
-  // Event hooks
-  onDeliveryStart?: (item: IQueueItem) => Promise<void>;
-  onDeliverySuccess?: (item: IQueueItem, result: any) => Promise<void>;
-  onDeliveryFailed?: (item: IQueueItem, error: string) => Promise<void>;
-}
-
-/**
- * Delivery system statistics
- */
-export interface IDeliveryStats {
-  activeDeliveries: number;
-  totalSuccessful: number;
-  totalFailed: number;
-  avgDeliveryTime: number;
-  byMode: {
-    forward: {
-      successful: number;
-      failed: number;
-    };
-    mta: {
-      successful: number;
-      failed: number;
-    };
-    process: {
-      successful: number;
-      failed: number;
-    };
-  };
-  rateLimiting: {
-    currentRate: number;
-    globalLimit: number;
-    throttled: number;
-  };
-}
-
-/**
- * Handles delivery for all email processing modes
- */
-export class MultiModeDeliverySystem extends EventEmitter {
-  private queue: UnifiedDeliveryQueue;
-  private options: Required<IMultiModeDeliveryOptions>;
-  private stats: IDeliveryStats;
-  private deliveryTimes: number[] = [];
-  private activeDeliveries: Set<string> = new Set();
-  private running: boolean = false;
-  private throttled: boolean = false;
-  private rateLimitLastCheck: number = Date.now();
-  private rateLimitCounter: number = 0;
-  
-  /**
-   * Create a new multi-mode delivery system
-   * @param queue Unified delivery queue
-   * @param options Delivery options
-   */
-  constructor(queue: UnifiedDeliveryQueue, options: IMultiModeDeliveryOptions) {
-    super();
-    
-    this.queue = queue;
-    
-    // Set default options
-    this.options = {
-      connectionPoolSize: options.connectionPoolSize || 10,
-      socketTimeout: options.socketTimeout || 30000, // 30 seconds
-      concurrentDeliveries: options.concurrentDeliveries || 10,
-      sendTimeout: options.sendTimeout || 60000, // 1 minute
-      verifyCertificates: options.verifyCertificates !== false, // Default to true
-      tlsMinVersion: options.tlsMinVersion || 'TLSv1.2',
-      forwardHandler: options.forwardHandler || {
-        deliver: this.handleForwardDelivery.bind(this)
-      },
-      mtaHandler: options.mtaHandler || {
-        deliver: this.handleMtaDelivery.bind(this)
-      },
-      processHandler: options.processHandler || {
-        deliver: this.handleProcessDelivery.bind(this)
-      },
-      globalRateLimit: options.globalRateLimit || 100, // 100 emails per minute
-      perPatternRateLimit: options.perPatternRateLimit || {},
-      onDeliveryStart: options.onDeliveryStart || (async () => {}),
-      onDeliverySuccess: options.onDeliverySuccess || (async () => {}),
-      onDeliveryFailed: options.onDeliveryFailed || (async () => {})
-    };
-    
-    // Initialize statistics
-    this.stats = {
-      activeDeliveries: 0,
-      totalSuccessful: 0,
-      totalFailed: 0,
-      avgDeliveryTime: 0,
-      byMode: {
-        forward: {
-          successful: 0,
-          failed: 0
-        },
-        mta: {
-          successful: 0,
-          failed: 0
-        },
-        process: {
-          successful: 0,
-          failed: 0
-        }
-      },
-      rateLimiting: {
-        currentRate: 0,
-        globalLimit: this.options.globalRateLimit,
-        throttled: 0
-      }
-    };
-    
-    // Set up event listeners
-    this.queue.on('itemsReady', this.processItems.bind(this));
-  }
-  
-  /**
-   * Start the delivery system
-   */
-  public async start(): Promise<void> {
-    logger.log('info', 'Starting MultiModeDeliverySystem');
-    
-    if (this.running) {
-      logger.log('warn', 'MultiModeDeliverySystem is already running');
-      return;
-    }
-    
-    this.running = true;
-    
-    // Emit started event
-    this.emit('started');
-    logger.log('info', 'MultiModeDeliverySystem started successfully');
-  }
-  
-  /**
-   * Stop the delivery system
-   */
-  public async stop(): Promise<void> {
-    logger.log('info', 'Stopping MultiModeDeliverySystem');
-    
-    if (!this.running) {
-      logger.log('warn', 'MultiModeDeliverySystem is already stopped');
-      return;
-    }
-    
-    this.running = false;
-    
-    // Wait for active deliveries to complete
-    if (this.activeDeliveries.size > 0) {
-      logger.log('info', `Waiting for ${this.activeDeliveries.size} active deliveries to complete`);
-      
-      // Wait for a maximum of 30 seconds
-      await new Promise<void>(resolve => {
-        const checkInterval = setInterval(() => {
-          if (this.activeDeliveries.size === 0) {
-            clearInterval(checkInterval);
-            resolve();
-          }
-        }, 1000);
-        
-        // Force resolve after 30 seconds
-        setTimeout(() => {
-          clearInterval(checkInterval);
-          resolve();
-        }, 30000);
-      });
-    }
-    
-    // Emit stopped event
-    this.emit('stopped');
-    logger.log('info', 'MultiModeDeliverySystem stopped successfully');
-  }
-  
-  /**
-   * Process ready items from the queue
-   * @param items Queue items ready for processing
-   */
-  private async processItems(items: IQueueItem[]): Promise<void> {
-    if (!this.running) {
-      return;
-    }
-    
-    // Check if we're already at max concurrent deliveries
-    if (this.activeDeliveries.size >= this.options.concurrentDeliveries) {
-      logger.log('debug', `Already at max concurrent deliveries (${this.activeDeliveries.size})`);
-      return;
-    }
-    
-    // Check rate limiting
-    if (this.checkRateLimit()) {
-      logger.log('debug', 'Rate limit exceeded, throttling deliveries');
-      return;
-    }
-    
-    // Calculate how many more deliveries we can start
-    const availableSlots = this.options.concurrentDeliveries - this.activeDeliveries.size;
-    const itemsToProcess = items.slice(0, availableSlots);
-    
-    if (itemsToProcess.length === 0) {
-      return;
-    }
-    
-    logger.log('info', `Processing ${itemsToProcess.length} items for delivery`);
-    
-    // Process each item
-    for (const item of itemsToProcess) {
-      // Mark as processing
-      await this.queue.markProcessing(item.id);
-      
-      // Add to active deliveries
-      this.activeDeliveries.add(item.id);
-      this.stats.activeDeliveries = this.activeDeliveries.size;
-      
-      // Deliver asynchronously
-      this.deliverItem(item).catch(err => {
-        logger.log('error', `Unhandled error in delivery: ${err.message}`);
-      });
-    }
-    
-    // Update statistics
-    this.emit('statsUpdated', this.stats);
-  }
-  
-  /**
-   * Deliver an item from the queue
-   * @param item Queue item to deliver
-   */
-  private async deliverItem(item: IQueueItem): Promise<void> {
-    const startTime = Date.now();
-    
-    try {
-      // Call delivery start hook
-      await this.options.onDeliveryStart(item);
-      
-      // Emit delivery start event
-      this.emit('deliveryStart', item);
-      logger.log('info', `Starting delivery of item ${item.id}, mode: ${item.processingMode}`);
-      
-      // Choose the appropriate handler based on mode
-      let result: any;
-      
-      switch (item.processingMode) {
-        case 'forward':
-          result = await this.options.forwardHandler.deliver(item);
-          break;
-          
-        case 'mta':
-          result = await this.options.mtaHandler.deliver(item);
-          break;
-          
-        case 'process':
-          result = await this.options.processHandler.deliver(item);
-          break;
-          
-        default:
-          throw new Error(`Unknown processing mode: ${item.processingMode}`);
-      }
-      
-      // Mark as delivered
-      await this.queue.markDelivered(item.id);
-      
-      // Update statistics
-      this.stats.totalSuccessful++;
-      this.stats.byMode[item.processingMode].successful++;
-      
-      // Calculate delivery time
-      const deliveryTime = Date.now() - startTime;
-      this.deliveryTimes.push(deliveryTime);
-      this.updateDeliveryTimeStats();
-      
-      // Call delivery success hook
-      await this.options.onDeliverySuccess(item, result);
-      
-      // Emit delivery success event
-      this.emit('deliverySuccess', item, result);
-      logger.log('info', `Item ${item.id} delivered successfully in ${deliveryTime}ms`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_DELIVERY,
-        message: 'Email delivery successful',
-        details: {
-          itemId: item.id,
-          mode: item.processingMode,
-          pattern: item.rule.pattern,
-          deliveryTime
-        },
-        success: true
-      });
-    } catch (error: any) {
-      // Calculate delivery attempt time even for failures
-      const deliveryTime = Date.now() - startTime;
-      
-      // Mark as failed
-      await this.queue.markFailed(item.id, error.message);
-      
-      // Update statistics
-      this.stats.totalFailed++;
-      this.stats.byMode[item.processingMode].failed++;
-      
-      // Call delivery failed hook
-      await this.options.onDeliveryFailed(item, error.message);
-      
-      // Emit delivery failed event
-      this.emit('deliveryFailed', item, error);
-      logger.log('error', `Item ${item.id} delivery failed: ${error.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_DELIVERY,
-        message: 'Email delivery failed',
-        details: {
-          itemId: item.id,
-          mode: item.processingMode,
-          pattern: item.rule.pattern,
-          error: error.message,
-          deliveryTime
-        },
-        success: false
-      });
-    } finally {
-      // Remove from active deliveries
-      this.activeDeliveries.delete(item.id);
-      this.stats.activeDeliveries = this.activeDeliveries.size;
-      
-      // Update statistics
-      this.emit('statsUpdated', this.stats);
-    }
-  }
-  
-  /**
-   * Default handler for forward mode delivery
-   * @param item Queue item
-   */
-  private async handleForwardDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `Forward delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    // Get target server information
-    const targetServer = rule.target?.server;
-    const targetPort = rule.target?.port || 25;
-    const useTls = rule.target?.useTls ?? false;
-    
-    if (!targetServer) {
-      throw new Error('No target server configured for forward mode');
-    }
-    
-    logger.log('info', `Forwarding email to ${targetServer}:${targetPort}, TLS: ${useTls}`);
-    
-    // Create a socket connection to the target server
-    const socket = new net.Socket();
-    
-    // Set timeout
-    socket.setTimeout(this.options.socketTimeout);
-    
-    try {
-      // Connect to the target server
-      await new Promise<void>((resolve, reject) => {
-        // Handle connection events
-        socket.on('connect', () => {
-          logger.log('debug', `Connected to ${targetServer}:${targetPort}`);
-          resolve();
-        });
-        
-        socket.on('timeout', () => {
-          reject(new Error(`Connection timeout to ${targetServer}:${targetPort}`));
-        });
-        
-        socket.on('error', (err) => {
-          reject(new Error(`Connection error to ${targetServer}:${targetPort}: ${err.message}`));
-        });
-        
-        // Connect to the server
-        socket.connect({
-          host: targetServer,
-          port: targetPort
-        });
-      });
-      
-      // Send EHLO
-      await this.smtpCommand(socket, `EHLO ${rule.mtaOptions?.domain || 'localhost'}`);
-      
-      // Start TLS if required
-      if (useTls) {
-        await this.smtpCommand(socket, 'STARTTLS');
-        
-        // Upgrade to TLS
-        const tlsSocket = await this.upgradeTls(socket, targetServer);
-        
-        // Send EHLO again after STARTTLS
-        await this.smtpCommand(tlsSocket, `EHLO ${rule.mtaOptions?.domain || 'localhost'}`);
-        
-        // Use tlsSocket for remaining commands
-        return this.completeSMTPExchange(tlsSocket, email, rule);
-      }
-      
-      // Complete the SMTP exchange
-      return this.completeSMTPExchange(socket, email, rule);
-    } catch (error: any) {
-      logger.log('error', `Failed to forward email: ${error.message}`);
-      
-      // Close the connection
-      socket.destroy();
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Complete the SMTP exchange after connection and initial setup
-   * @param socket Network socket
-   * @param email Email to send
-   * @param rule Domain rule
-   */
-  private async completeSMTPExchange(socket: net.Socket | tls.TLSSocket, email: Email, rule: IDomainRule): Promise<any> {
-    try {
-      // Authenticate if credentials provided
-      if (rule.target?.authentication?.user && rule.target?.authentication?.pass) {
-        // Send AUTH LOGIN
-        await this.smtpCommand(socket, 'AUTH LOGIN');
-        
-        // Send username (base64)
-        const username = Buffer.from(rule.target.authentication.user).toString('base64');
-        await this.smtpCommand(socket, username);
-        
-        // Send password (base64)
-        const password = Buffer.from(rule.target.authentication.pass).toString('base64');
-        await this.smtpCommand(socket, password);
-      }
-      
-      // Send MAIL FROM
-      await this.smtpCommand(socket, `MAIL FROM:<${email.from}>`);
-      
-      // Send RCPT TO for each recipient
-      for (const recipient of email.getAllRecipients()) {
-        await this.smtpCommand(socket, `RCPT TO:<${recipient}>`);
-      }
-      
-      // Send DATA
-      await this.smtpCommand(socket, 'DATA');
-      
-      // Send email content (simplified)
-      const emailContent = await this.getFormattedEmail(email);
-      await this.smtpData(socket, emailContent);
-      
-      // Send QUIT
-      await this.smtpCommand(socket, 'QUIT');
-      
-      // Close the connection
-      socket.end();
-      
-      logger.log('info', `Email forwarded successfully to ${rule.target?.server}:${rule.target?.port || 25}`);
-      
-      return {
-        targetServer: rule.target?.server,
-        targetPort: rule.target?.port || 25,
-        recipients: email.getAllRecipients().length
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to forward email: ${error.message}`);
-      
-      // Close the connection
-      socket.destroy();
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Default handler for MTA mode delivery
-   * @param item Queue item
-   */
-  private async handleMtaDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `MTA delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    try {
-      // In a full implementation, this would use the MTA service
-      // For now, we'll simulate a successful delivery
-      
-      logger.log('info', `Email processed by MTA: ${email.subject} to ${email.getAllRecipients().join(', ')}`);
-      
-      // Apply MTA rule options if provided
-      if (rule.mtaOptions) {
-        const options = rule.mtaOptions;
-        
-        // Apply DKIM signing if enabled
-        if (options.dkimSign && options.dkimOptions) {
-          // Sign the email with DKIM
-          logger.log('info', `Signing email with DKIM for domain ${options.dkimOptions.domainName}`);
-          
-          // In a full implementation, this would use the DKIM signing library
-        }
-      }
-      
-      // Simulate successful delivery
-      return {
-        recipients: email.getAllRecipients().length,
-        subject: email.subject,
-        dkimSigned: !!rule.mtaOptions?.dkimSign
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to process email in MTA mode: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Default handler for process mode delivery
-   * @param item Queue item
-   */
-  private async handleProcessDelivery(item: IQueueItem): Promise<any> {
-    logger.log('info', `Process delivery for item ${item.id}`);
-    
-    const email = item.processingResult as Email;
-    const rule = item.rule;
-    
-    try {
-      // Apply content scanning if enabled
-      if (rule.contentScanning && rule.scanners && rule.scanners.length > 0) {
-        logger.log('info', 'Performing content scanning');
-        
-        // Apply each scanner
-        for (const scanner of rule.scanners) {
-          switch (scanner.type) {
-            case 'spam':
-              logger.log('info', 'Scanning for spam content');
-              // Implement spam scanning
-              break;
-              
-            case 'virus':
-              logger.log('info', 'Scanning for virus content');
-              // Implement virus scanning
-              break;
-              
-            case 'attachment':
-              logger.log('info', 'Scanning attachments');
-              
-              // Check for blocked extensions
-              if (scanner.blockedExtensions && scanner.blockedExtensions.length > 0) {
-                for (const attachment of email.attachments) {
-                  const ext = this.getFileExtension(attachment.filename);
-                  if (scanner.blockedExtensions.includes(ext)) {
-                    if (scanner.action === 'reject') {
-                      throw new Error(`Blocked attachment type: ${ext}`);
-                    } else { // tag
-                      email.addHeader('X-Attachment-Warning', `Potentially unsafe attachment: ${attachment.filename}`);
-                    }
-                  }
-                }
-              }
-              break;
-          }
-        }
-      }
-      
-      // Apply transformations if defined
-      if (rule.transformations && rule.transformations.length > 0) {
-        logger.log('info', 'Applying email transformations');
-        
-        for (const transform of rule.transformations) {
-          switch (transform.type) {
-            case 'addHeader':
-              if (transform.header && transform.value) {
-                email.addHeader(transform.header, transform.value);
-              }
-              break;
-          }
-        }
-      }
-      
-      logger.log('info', `Email successfully processed in store-and-forward mode`);
-      
-      // Simulate successful delivery
-      return {
-        recipients: email.getAllRecipients().length,
-        subject: email.subject,
-        scanned: !!rule.contentScanning,
-        transformed: !!(rule.transformations && rule.transformations.length > 0)
-      };
-    } catch (error: any) {
-      logger.log('error', `Failed to process email: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Get file extension from filename
-   */
-  private getFileExtension(filename: string): string {
-    return filename.substring(filename.lastIndexOf('.')).toLowerCase();
-  }
-  
-  /**
-   * Format email for SMTP transmission
-   * @param email Email to format
-   */
-  private async getFormattedEmail(email: Email): Promise<string> {
-    // This is a simplified implementation
-    // In a full implementation, this would use proper MIME formatting
-    
-    let content = '';
-    
-    // Add headers
-    content += `From: ${email.from}\r\n`;
-    content += `To: ${email.to.join(', ')}\r\n`;
-    content += `Subject: ${email.subject}\r\n`;
-    
-    // Add additional headers
-    for (const [name, value] of Object.entries(email.headers || {})) {
-      content += `${name}: ${value}\r\n`;
-    }
-    
-    // Add content type for multipart
-    if (email.attachments && email.attachments.length > 0) {
-      const boundary = `----_=_NextPart_${Math.random().toString(36).substr(2)}`;
-      content += `MIME-Version: 1.0\r\n`;
-      content += `Content-Type: multipart/mixed; boundary="${boundary}"\r\n`;
-      content += `\r\n`;
-      
-      // Add text part
-      content += `--${boundary}\r\n`;
-      content += `Content-Type: text/plain; charset="UTF-8"\r\n`;
-      content += `\r\n`;
-      content += `${email.text}\r\n`;
-      
-      // Add HTML part if present
-      if (email.html) {
-        content += `--${boundary}\r\n`;
-        content += `Content-Type: text/html; charset="UTF-8"\r\n`;
-        content += `\r\n`;
-        content += `${email.html}\r\n`;
-      }
-      
-      // Add attachments
-      for (const attachment of email.attachments) {
-        content += `--${boundary}\r\n`;
-        content += `Content-Type: ${attachment.contentType || 'application/octet-stream'}; name="${attachment.filename}"\r\n`;
-        content += `Content-Disposition: attachment; filename="${attachment.filename}"\r\n`;
-        content += `Content-Transfer-Encoding: base64\r\n`;
-        content += `\r\n`;
-        
-        // Add base64 encoded content
-        const base64Content = attachment.content.toString('base64');
-        
-        // Split into lines of 76 characters
-        for (let i = 0; i < base64Content.length; i += 76) {
-          content += base64Content.substring(i, i + 76) + '\r\n';
-        }
-      }
-      
-      // End boundary
-      content += `--${boundary}--\r\n`;
-    } else {
-      // Simple email with just text
-      content += `Content-Type: text/plain; charset="UTF-8"\r\n`;
-      content += `\r\n`;
-      content += `${email.text}\r\n`;
-    }
-    
-    return content;
-  }
-  
-  /**
-   * Send SMTP command and wait for response
-   * @param socket Socket connection
-   * @param command SMTP command to send
-   */
-  private async smtpCommand(socket: net.Socket, command: string): Promise<string> {
-    return new Promise<string>((resolve, reject) => {
-      const onData = (data: Buffer) => {
-        const response = data.toString().trim();
-        
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        // Check response code
-        if (response.charAt(0) === '2' || response.charAt(0) === '3') {
-          resolve(response);
-        } else {
-          reject(new Error(`SMTP error: ${response}`));
-        }
-      };
-      
-      const onError = (err: Error) => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(err);
-      };
-      
-      const onTimeout = () => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(new Error('SMTP command timeout'));
-      };
-      
-      // Set up listeners
-      socket.once('data', onData);
-      socket.once('error', onError);
-      socket.once('timeout', onTimeout);
-      
-      // Send command
-      socket.write(command + '\r\n');
-    });
-  }
-  
-  /**
-   * Send SMTP DATA command with content
-   * @param socket Socket connection
-   * @param data Email content to send
-   */
-  private async smtpData(socket: net.Socket, data: string): Promise<string> {
-    return new Promise<string>((resolve, reject) => {
-      const onData = (responseData: Buffer) => {
-        const response = responseData.toString().trim();
-        
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        // Check response code
-        if (response.charAt(0) === '2') {
-          resolve(response);
-        } else {
-          reject(new Error(`SMTP error: ${response}`));
-        }
-      };
-      
-      const onError = (err: Error) => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(err);
-      };
-      
-      const onTimeout = () => {
-        // Clean up listeners
-        socket.removeListener('data', onData);
-        socket.removeListener('error', onError);
-        socket.removeListener('timeout', onTimeout);
-        
-        reject(new Error('SMTP data timeout'));
-      };
-      
-      // Set up listeners
-      socket.once('data', onData);
-      socket.once('error', onError);
-      socket.once('timeout', onTimeout);
-      
-      // Send data and end with CRLF.CRLF
-      socket.write(data + '\r\n.\r\n');
-    });
-  }
-  
-  /**
-   * Upgrade socket to TLS
-   * @param socket Socket connection
-   * @param hostname Target hostname for TLS
-   */
-  private async upgradeTls(socket: net.Socket, hostname: string): Promise<tls.TLSSocket> {
-    return new Promise<tls.TLSSocket>((resolve, reject) => {
-      const tlsOptions: tls.ConnectionOptions = {
-        socket,
-        servername: hostname,
-        rejectUnauthorized: this.options.verifyCertificates,
-        minVersion: this.options.tlsMinVersion as tls.SecureVersion
-      };
-      
-      const tlsSocket = tls.connect(tlsOptions);
-      
-      tlsSocket.once('secureConnect', () => {
-        resolve(tlsSocket);
-      });
-      
-      tlsSocket.once('error', (err) => {
-        reject(new Error(`TLS error: ${err.message}`));
-      });
-      
-      tlsSocket.setTimeout(this.options.socketTimeout);
-      
-      tlsSocket.once('timeout', () => {
-        reject(new Error('TLS connection timeout'));
-      });
-    });
-  }
-  
-  /**
-   * Update delivery time statistics
-   */
-  private updateDeliveryTimeStats(): void {
-    if (this.deliveryTimes.length === 0) return;
-    
-    // Keep only the last 1000 delivery times
-    if (this.deliveryTimes.length > 1000) {
-      this.deliveryTimes = this.deliveryTimes.slice(-1000);
-    }
-    
-    // Calculate average
-    const sum = this.deliveryTimes.reduce((acc, time) => acc + time, 0);
-    this.stats.avgDeliveryTime = sum / this.deliveryTimes.length;
-  }
-  
-  /**
-   * Check if rate limit is exceeded
-   * @returns True if rate limited, false otherwise
-   */
-  private checkRateLimit(): boolean {
-    const now = Date.now();
-    const elapsed = now - this.rateLimitLastCheck;
-    
-    // Reset counter if more than a minute has passed
-    if (elapsed >= 60000) {
-      this.rateLimitLastCheck = now;
-      this.rateLimitCounter = 0;
-      this.throttled = false;
-      this.stats.rateLimiting.currentRate = 0;
-      return false;
-    }
-    
-    // Check if we're already throttled
-    if (this.throttled) {
-      return true;
-    }
-    
-    // Increment counter
-    this.rateLimitCounter++;
-    
-    // Calculate current rate (emails per minute)
-    const rate = (this.rateLimitCounter / elapsed) * 60000;
-    this.stats.rateLimiting.currentRate = rate;
-    
-    // Check if rate limit is exceeded
-    if (rate > this.options.globalRateLimit) {
-      this.throttled = true;
-      this.stats.rateLimiting.throttled++;
-      
-      // Schedule throttle reset
-      const resetDelay = 60000 - elapsed;
-      setTimeout(() => {
-        this.throttled = false;
-        this.rateLimitLastCheck = Date.now();
-        this.rateLimitCounter = 0;
-        this.stats.rateLimiting.currentRate = 0;
-      }, resetDelay);
-      
-      return true;
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Update delivery options
-   * @param options New options
-   */
-  public updateOptions(options: Partial<IMultiModeDeliveryOptions>): void {
-    this.options = {
-      ...this.options,
-      ...options
-    };
-    
-    // Update rate limit statistics
-    if (options.globalRateLimit) {
-      this.stats.rateLimiting.globalLimit = options.globalRateLimit;
-    }
-    
-    logger.log('info', 'MultiModeDeliverySystem options updated');
-  }
-  
-  /**
-   * Get delivery statistics
-   */
-  public getStats(): IDeliveryStats {
-    return { ...this.stats };
-  }
-}

ts/mail/delivery/classes.emailsendjob.ts

@@ -1,702 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { Email } from '../core/classes.email.js';
-import { EmailSignJob } from './classes.emailsignjob.js';
-import type { MtaService } from './classes.mta.js';
-
-// Configuration options for email sending
-export interface IEmailSendOptions {
-  maxRetries?: number;
-  retryDelay?: number; // in milliseconds
-  connectionTimeout?: number; // in milliseconds
-  tlsOptions?: plugins.tls.ConnectionOptions;
-  debugMode?: boolean;
-}
-
-// Email delivery status
-export enum DeliveryStatus {
-  PENDING = 'pending',
-  SENDING = 'sending',
-  DELIVERED = 'delivered',
-  FAILED = 'failed',
-  DEFERRED = 'deferred' // Temporary failure, will retry
-}
-
-// Detailed information about delivery attempts
-export interface DeliveryInfo {
-  status: DeliveryStatus;
-  attempts: number;
-  error?: Error;
-  lastAttempt?: Date;
-  nextAttempt?: Date;
-  mxServer?: string;
-  deliveryTime?: Date;
-  logs: string[];
-}
-
-export class EmailSendJob {
-  mtaRef: MtaService;
-  private email: Email;
-  private socket: plugins.net.Socket | plugins.tls.TLSSocket = null;
-  private mxServers: string[] = [];
-  private currentMxIndex = 0;
-  private options: IEmailSendOptions;
-  public deliveryInfo: DeliveryInfo;
-
-  constructor(mtaRef: MtaService, emailArg: Email, options: IEmailSendOptions = {}) {
-    this.email = emailArg;
-    this.mtaRef = mtaRef;
-    
-    // Set default options
-    this.options = {
-      maxRetries: options.maxRetries || 3,
-      retryDelay: options.retryDelay || 300000, // 5 minutes
-      connectionTimeout: options.connectionTimeout || 30000, // 30 seconds
-      tlsOptions: options.tlsOptions || { rejectUnauthorized: true },
-      debugMode: options.debugMode || false
-    };
-    
-    // Initialize delivery info
-    this.deliveryInfo = {
-      status: DeliveryStatus.PENDING,
-      attempts: 0,
-      logs: []
-    };
-  }
-
-  /**
-   * Send the email with retry logic
-   */
-  async send(): Promise<DeliveryStatus> {
-    try {
-      // Check if the email is valid before attempting to send
-      this.validateEmail();
-      
-      // Resolve MX records for the recipient domain
-      await this.resolveMxRecords();
-      
-      // Try to send the email
-      return await this.attemptDelivery();
-    } catch (error) {
-      this.log(`Critical error in send process: ${error.message}`);
-      this.deliveryInfo.status = DeliveryStatus.FAILED;
-      this.deliveryInfo.error = error;
-      
-      // Save failed email for potential future retry or analysis
-      await this.saveFailed();
-      return DeliveryStatus.FAILED;
-    }
-  }
-
-  /**
-   * Validate the email before sending
-   */
-  private validateEmail(): void {
-    if (!this.email.to || this.email.to.length === 0) {
-      throw new Error('No recipients specified');
-    }
-    
-    if (!this.email.from) {
-      throw new Error('No sender specified');
-    }
-    
-    const fromDomain = this.email.getFromDomain();
-    if (!fromDomain) {
-      throw new Error('Invalid sender domain');
-    }
-  }
-
-  /**
-   * Resolve MX records for the recipient domain
-   */
-  private async resolveMxRecords(): Promise<void> {
-    const domain = this.email.getPrimaryRecipient()?.split('@')[1];
-    if (!domain) {
-      throw new Error('Invalid recipient domain');
-    }
-    
-    this.log(`Resolving MX records for domain: ${domain}`);
-    try {
-      const addresses = await this.resolveMx(domain);
-      
-      // Sort by priority (lowest number = highest priority)
-      addresses.sort((a, b) => a.priority - b.priority);
-      
-      this.mxServers = addresses.map(mx => mx.exchange);
-      this.log(`Found ${this.mxServers.length} MX servers: ${this.mxServers.join(', ')}`);
-      
-      if (this.mxServers.length === 0) {
-        throw new Error(`No MX records found for domain: ${domain}`);
-      }
-    } catch (error) {
-      this.log(`Failed to resolve MX records: ${error.message}`);
-      throw new Error(`MX lookup failed for ${domain}: ${error.message}`);
-    }
-  }
-
-  /**
-   * Attempt to deliver the email with retries
-   */
-  private async attemptDelivery(): Promise<DeliveryStatus> {
-    while (this.deliveryInfo.attempts < this.options.maxRetries) {
-      this.deliveryInfo.attempts++;
-      this.deliveryInfo.lastAttempt = new Date();
-      this.deliveryInfo.status = DeliveryStatus.SENDING;
-      
-      try {
-        this.log(`Delivery attempt ${this.deliveryInfo.attempts} of ${this.options.maxRetries}`);
-        
-        // Try each MX server in order of priority
-        while (this.currentMxIndex < this.mxServers.length) {
-          const currentMx = this.mxServers[this.currentMxIndex];
-          this.deliveryInfo.mxServer = currentMx;
-          
-          try {
-            this.log(`Attempting delivery to MX server: ${currentMx}`);
-            await this.connectAndSend(currentMx);
-            
-            // If we get here, email was sent successfully
-            this.deliveryInfo.status = DeliveryStatus.DELIVERED;
-            this.deliveryInfo.deliveryTime = new Date();
-            this.log(`Email delivered successfully to ${currentMx}`);
-            
-            // Record delivery for sender reputation monitoring
-            this.recordDeliveryEvent('delivered');
-            
-            // Save successful email record
-            await this.saveSuccess();
-            return DeliveryStatus.DELIVERED;
-          } catch (error) {
-            this.log(`Error with MX ${currentMx}: ${error.message}`);
-            
-            // Clean up socket if it exists
-            if (this.socket) {
-              this.socket.destroy();
-              this.socket = null;
-            }
-            
-            // Try the next MX server
-            this.currentMxIndex++;
-            
-            // If this is a permanent failure, don't try other MX servers
-            if (this.isPermanentFailure(error)) {
-              throw error;
-            }
-          }
-        }
-        
-        // If we've tried all MX servers without success, throw an error
-        throw new Error('All MX servers failed');
-      } catch (error) {
-        // Check if this is a permanent failure
-        if (this.isPermanentFailure(error)) {
-          this.log(`Permanent failure: ${error.message}`);
-          this.deliveryInfo.status = DeliveryStatus.FAILED;
-          this.deliveryInfo.error = error;
-          
-          // Save failed email for analysis
-          await this.saveFailed();
-          return DeliveryStatus.FAILED;
-        }
-        
-        // This is a temporary failure, we can retry
-        this.log(`Temporary failure: ${error.message}`);
-        
-        // If this is the last attempt, mark as failed
-        if (this.deliveryInfo.attempts >= this.options.maxRetries) {
-          this.deliveryInfo.status = DeliveryStatus.FAILED;
-          this.deliveryInfo.error = error;
-          
-          // Save failed email for analysis
-          await this.saveFailed();
-          return DeliveryStatus.FAILED;
-        }
-        
-        // Schedule the next retry
-        const nextRetryTime = new Date(Date.now() + this.options.retryDelay);
-        this.deliveryInfo.status = DeliveryStatus.DEFERRED;
-        this.deliveryInfo.nextAttempt = nextRetryTime;
-        this.log(`Will retry at ${nextRetryTime.toISOString()}`);
-        
-        // Wait before retrying
-        await this.delay(this.options.retryDelay);
-        
-        // Reset MX server index for the next attempt
-        this.currentMxIndex = 0;
-      }
-    }
-    
-    // If we get here, all retries failed
-    this.deliveryInfo.status = DeliveryStatus.FAILED;
-    await this.saveFailed();
-    return DeliveryStatus.FAILED;
-  }
-
-  /**
-   * Connect to a specific MX server and send the email
-   */
-  private async connectAndSend(mxServer: string): Promise<void> {
-    return new Promise((resolve, reject) => {
-      let commandTimeout: NodeJS.Timeout;
-      
-      // Function to clear timeouts and remove listeners
-      const cleanup = () => {
-        clearTimeout(commandTimeout);
-        if (this.socket) {
-          this.socket.removeAllListeners();
-        }
-      };
-      
-      // Function to set a timeout for each command
-      const setCommandTimeout = () => {
-        clearTimeout(commandTimeout);
-        commandTimeout = setTimeout(() => {
-          this.log('Connection timed out');
-          cleanup();
-          if (this.socket) {
-            this.socket.destroy();
-            this.socket = null;
-          }
-          reject(new Error('Connection timed out'));
-        }, this.options.connectionTimeout);
-      };
-      
-      // Connect to the MX server
-      this.log(`Connecting to ${mxServer}:25`);
-      setCommandTimeout();
-      
-      // Check if IP warmup is enabled and get an IP to use
-      let localAddress: string | undefined = undefined;
-      if (this.mtaRef.config.outbound?.warmup?.enabled) {
-        const warmupManager = this.mtaRef.getIPWarmupManager();
-        if (warmupManager) {
-          const fromDomain = this.email.getFromDomain();
-          const bestIP = warmupManager.getBestIPForSending({
-            from: this.email.from,
-            to: this.email.getAllRecipients(),
-            domain: fromDomain,
-            isTransactional: this.email.priority === 'high'
-          });
-          
-          if (bestIP) {
-            this.log(`Using warmed-up IP ${bestIP} for sending`);
-            localAddress = bestIP;
-            
-            // Record the send for warm-up tracking
-            warmupManager.recordSend(bestIP);
-          }
-        }
-      }
-      
-      // Connect with specified local address if available
-      this.socket = plugins.net.connect({
-        port: 25,
-        host: mxServer,
-        localAddress
-      });
-      
-      this.socket.on('error', (err) => {
-        this.log(`Socket error: ${err.message}`);
-        cleanup();
-        reject(err);
-      });
-      
-      // Set up the command sequence
-      this.socket.once('data', async (data) => {
-        try {
-          const greeting = data.toString();
-          this.log(`Server greeting: ${greeting.trim()}`);
-          
-          if (!greeting.startsWith('220')) {
-            throw new Error(`Unexpected server greeting: ${greeting}`);
-          }
-          
-          // EHLO command
-          const fromDomain = this.email.getFromDomain();
-          await this.sendCommand(`EHLO ${fromDomain}\r\n`, '250');
-          
-          // Try STARTTLS if available
-          try {
-            await this.sendCommand('STARTTLS\r\n', '220');
-            this.upgradeToTLS(mxServer, fromDomain);
-            // The TLS handshake and subsequent commands will continue in the upgradeToTLS method
-            // resolve will be called from there if successful
-          } catch (error) {
-            this.log(`STARTTLS failed or not supported: ${error.message}`);
-            this.log('Continuing with unencrypted connection');
-            
-            // Continue with unencrypted connection
-            await this.sendEmailCommands();
-            cleanup();
-            resolve();
-          }
-        } catch (error) {
-          cleanup();
-          reject(error);
-        }
-      });
-    });
-  }
-
-  /**
-   * Upgrade the connection to TLS
-   */
-  private upgradeToTLS(mxServer: string, fromDomain: string): void {
-    this.log('Starting TLS handshake');
-    
-    const tlsOptions = {
-      ...this.options.tlsOptions,
-      socket: this.socket,
-      servername: mxServer
-    };
-    
-    // Create TLS socket
-    this.socket = plugins.tls.connect(tlsOptions);
-    
-    // Handle TLS connection
-    this.socket.once('secureConnect', async () => {
-      try {
-        this.log('TLS connection established');
-        
-        // Send EHLO again over TLS
-        await this.sendCommand(`EHLO ${fromDomain}\r\n`, '250');
-        
-        // Send the email
-        await this.sendEmailCommands();
-        
-        this.socket.destroy();
-        this.socket = null;
-      } catch (error) {
-        this.log(`Error in TLS session: ${error.message}`);
-        this.socket.destroy();
-        this.socket = null;
-      }
-    });
-    
-    this.socket.on('error', (err) => {
-      this.log(`TLS error: ${err.message}`);
-      this.socket.destroy();
-      this.socket = null;
-    });
-  }
-
-  /**
-   * Send SMTP commands to deliver the email
-   */
-  private async sendEmailCommands(): Promise<void> {
-    // MAIL FROM command
-    await this.sendCommand(`MAIL FROM:<${this.email.from}>\r\n`, '250');
-    
-    // RCPT TO command for each recipient
-    for (const recipient of this.email.getAllRecipients()) {
-      await this.sendCommand(`RCPT TO:<${recipient}>\r\n`, '250');
-    }
-    
-    // DATA command
-    await this.sendCommand('DATA\r\n', '354');
-    
-    // Create the email message with DKIM signature
-    const message = await this.createEmailMessage();
-    
-    // Send the message content
-    await this.sendCommand(message);
-    await this.sendCommand('\r\n.\r\n', '250');
-    
-    // QUIT command
-    await this.sendCommand('QUIT\r\n', '221');
-  }
-
-  /**
-   * Create the full email message with headers and DKIM signature
-   */
-  private async createEmailMessage(): Promise<string> {
-    this.log('Preparing email message');
-    
-    const messageId = `<${plugins.uuid.v4()}@${this.email.getFromDomain()}>`;
-    const boundary = '----=_NextPart_' + plugins.uuid.v4();
-    
-    // Prepare headers
-    const headers = {
-      'Message-ID': messageId,
-      'From': this.email.from,
-      'To': this.email.to.join(', '),
-      'Subject': this.email.subject,
-      'Content-Type': `multipart/mixed; boundary="${boundary}"`,
-      'Date': new Date().toUTCString()
-    };
-    
-    // Add CC header if present
-    if (this.email.cc && this.email.cc.length > 0) {
-      headers['Cc'] = this.email.cc.join(', ');
-    }
-    
-    // Add custom headers
-    for (const [key, value] of Object.entries(this.email.headers || {})) {
-      headers[key] = value;
-    }
-    
-    // Add priority header if not normal
-    if (this.email.priority && this.email.priority !== 'normal') {
-      const priorityValue = this.email.priority === 'high' ? '1' : '5';
-      headers['X-Priority'] = priorityValue;
-    }
-    
-    // Create body
-    let body = '';
-    
-    // Text part
-    body += `--${boundary}\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n${this.email.text}\r\n`;
-    
-    // HTML part if present
-    if (this.email.html) {
-      body += `--${boundary}\r\nContent-Type: text/html; charset=utf-8\r\n\r\n${this.email.html}\r\n`;
-    }
-    
-    // Attachments
-    for (const attachment of this.email.attachments) {
-      body += `--${boundary}\r\nContent-Type: ${attachment.contentType}; name="${attachment.filename}"\r\n`;
-      body += 'Content-Transfer-Encoding: base64\r\n';
-      body += `Content-Disposition: attachment; filename="${attachment.filename}"\r\n`;
-      
-      // Add Content-ID for inline attachments if present
-      if (attachment.contentId) {
-        body += `Content-ID: <${attachment.contentId}>\r\n`;
-      }
-      
-      body += '\r\n';
-      body += attachment.content.toString('base64') + '\r\n';
-    }
-    
-    // End of message
-    body += `--${boundary}--\r\n`;
-    
-    // Create DKIM signature
-    const dkimSigner = new EmailSignJob(this.mtaRef, {
-      domain: this.email.getFromDomain(),
-      selector: 'mta',
-      headers: headers,
-      body: body,
-    });
-    
-    // Build the message with headers
-    let headerString = '';
-    for (const [key, value] of Object.entries(headers)) {
-      headerString += `${key}: ${value}\r\n`;
-    }
-    let message = headerString + '\r\n' + body;
-    
-    // Add DKIM signature header
-    let signatureHeader = await dkimSigner.getSignatureHeader(message);
-    message = `${signatureHeader}${message}`;
-    
-    return message;
-  }
-
-  /**
-   * Record an event for sender reputation monitoring
-   * @param eventType Type of event
-   * @param isHardBounce Whether the event is a hard bounce (for bounce events)
-   */
-  private recordDeliveryEvent(
-    eventType: 'sent' | 'delivered' | 'bounce' | 'complaint', 
-    isHardBounce: boolean = false
-  ): void {
-    try {
-      // Check if reputation monitoring is enabled
-      if (!this.mtaRef.config.outbound?.reputation?.enabled) {
-        return;
-      }
-      
-      const reputationMonitor = this.mtaRef.getReputationMonitor();
-      if (!reputationMonitor) {
-        return;
-      }
-      
-      // Get domain from sender
-      const domain = this.email.getFromDomain();
-      if (!domain) {
-        return;
-      }
-      
-      // Determine receiving domain for complaint tracking
-      let receivingDomain = null;
-      if (eventType === 'complaint' && this.email.to.length > 0) {
-        const recipient = this.email.to[0];
-        const parts = recipient.split('@');
-        if (parts.length === 2) {
-          receivingDomain = parts[1];
-        }
-      }
-      
-      // Record the event
-      reputationMonitor.recordSendEvent(domain, {
-        type: eventType,
-        count: 1,
-        hardBounce: isHardBounce,
-        receivingDomain
-      });
-    } catch (error) {
-      this.log(`Error recording delivery event: ${error.message}`);
-    }
-  }
-  
-  /**
-   * Send a command to the SMTP server and wait for the expected response
-   */
-  private sendCommand(command: string, expectedResponseCode?: string): Promise<string> {
-    return new Promise((resolve, reject) => {
-      if (!this.socket) {
-        return reject(new Error('Socket not connected'));
-      }
-      
-      // Debug log for commands (except DATA which can be large)
-      if (this.options.debugMode && !command.startsWith('--')) {
-        const logCommand = command.length > 100 
-          ? command.substring(0, 97) + '...' 
-          : command;
-        this.log(`Sending: ${logCommand.replace(/\r\n/g, '<CRLF>')}`);
-      }
-      
-      this.socket.write(command, (error) => {
-        if (error) {
-          this.log(`Write error: ${error.message}`);
-          return reject(error);
-        }
-        
-        // If no response is expected, resolve immediately
-        if (!expectedResponseCode) {
-          return resolve('');
-        }
-        
-        // Set a timeout for the response
-        const responseTimeout = setTimeout(() => {
-          this.log('Response timeout');
-          reject(new Error('Response timeout'));
-        }, this.options.connectionTimeout);
-        
-        // Wait for the response
-        this.socket.once('data', (data) => {
-          clearTimeout(responseTimeout);
-          const response = data.toString();
-          
-          if (this.options.debugMode) {
-            this.log(`Received: ${response.trim()}`);
-          }
-          
-          if (response.startsWith(expectedResponseCode)) {
-            resolve(response);
-          } else {
-            const error = new Error(`Unexpected server response: ${response.trim()}`);
-            this.log(error.message);
-            reject(error);
-          }
-        });
-      });
-    });
-  }
-
-  /**
-   * Determine if an error represents a permanent failure
-   */
-  private isPermanentFailure(error: Error): boolean {
-    if (!error || !error.message) return false;
-    
-    const message = error.message.toLowerCase();
-    
-    // Check for permanent SMTP error codes (5xx)
-    if (message.match(/^5\d\d/)) return true;
-    
-    // Check for specific permanent failure messages
-    const permanentFailurePatterns = [
-      'no such user',
-      'user unknown',
-      'domain not found',
-      'invalid domain',
-      'rejected',
-      'denied',
-      'prohibited',
-      'authentication required',
-      'authentication failed',
-      'unauthorized'
-    ];
-    
-    return permanentFailurePatterns.some(pattern => message.includes(pattern));
-  }
-
-  /**
-   * Resolve MX records for a domain
-   */
-  private resolveMx(domain: string): Promise<plugins.dns.MxRecord[]> {
-    return new Promise((resolve, reject) => {
-      plugins.dns.resolveMx(domain, (err, addresses) => {
-        if (err) {
-          reject(err);
-        } else {
-          resolve(addresses);
-        }
-      });
-    });
-  }
-
-  /**
-   * Add a log entry
-   */
-  private log(message: string): void {
-    const timestamp = new Date().toISOString();
-    const logEntry = `[${timestamp}] ${message}`;
-    this.deliveryInfo.logs.push(logEntry);
-    
-    if (this.options.debugMode) {
-      console.log(`EmailSendJob: ${logEntry}`);
-    }
-  }
-
-  /**
-   * Save a successful email for record keeping
-   */
-  private async saveSuccess(): Promise<void> {
-    try {
-      plugins.smartfile.fs.ensureDirSync(paths.sentEmailsDir);
-      const emailContent = await this.createEmailMessage();
-      const fileName = `${Date.now()}_success_${this.email.getPrimaryRecipient()}.eml`;
-      plugins.smartfile.memory.toFsSync(emailContent, plugins.path.join(paths.sentEmailsDir, fileName));
-      
-      // Save delivery info
-      const infoFileName = `${Date.now()}_success_${this.email.getPrimaryRecipient()}.json`;
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(this.deliveryInfo, null, 2),
-        plugins.path.join(paths.sentEmailsDir, infoFileName)
-      );
-    } catch (error) {
-      console.error('Error saving successful email:', error);
-    }
-  }
-
-  /**
-   * Save a failed email for potential retry
-   */
-  private async saveFailed(): Promise<void> {
-    try {
-      plugins.smartfile.fs.ensureDirSync(paths.failedEmailsDir);
-      const emailContent = await this.createEmailMessage();
-      const fileName = `${Date.now()}_failed_${this.email.getPrimaryRecipient()}.eml`;
-      plugins.smartfile.memory.toFsSync(emailContent, plugins.path.join(paths.failedEmailsDir, fileName));
-      
-      // Save delivery info
-      const infoFileName = `${Date.now()}_failed_${this.email.getPrimaryRecipient()}.json`;
-      plugins.smartfile.memory.toFsSync(
-        JSON.stringify(this.deliveryInfo, null, 2),
-        plugins.path.join(paths.failedEmailsDir, infoFileName)
-      );
-    } catch (error) {
-      console.error('Error saving failed email:', error);
-    }
-  }
-
-  /**
-   * Simple delay function
-   */
-  private delay(ms: number): Promise<void> {
-    return new Promise(resolve => setTimeout(resolve, ms));
-  }
-}

ts/mail/delivery/classes.emailsignjob.ts

@@ -1,69 +0,0 @@
-import * as plugins from '../../plugins.js';
-import type { MtaService } from './classes.mta.js';
-
-interface Headers {
-  [key: string]: string;
-}
-
-interface IEmailSignJobOptions {
-  domain: string;
-  selector: string;
-  headers: Headers;
-  body: string;
-}
-
-export class EmailSignJob {
-  mtaRef: MtaService;
-  jobOptions: IEmailSignJobOptions;
-
-  constructor(mtaRefArg: MtaService, options: IEmailSignJobOptions) {
-    this.mtaRef = mtaRefArg;
-    this.jobOptions = options;
-  }
-
-  async loadPrivateKey(): Promise<string> {
-    return plugins.fs.promises.readFile(
-      (await this.mtaRef.dkimCreator.getKeyPathsForDomain(this.jobOptions.domain)).privateKeyPath,
-      'utf-8'
-    );
-  }
-
-  public async getSignatureHeader(emailMessage: string): Promise<string> {
-    const signResult = await plugins.dkimSign(emailMessage, {
-      // Optional, default canonicalization, default is "relaxed/relaxed"
-      canonicalization: 'relaxed/relaxed', // c=
-
-      // Optional, default signing and hashing algorithm
-      // Mostly useful when you want to use rsa-sha1, otherwise no need to set
-      algorithm: 'rsa-sha256',
-
-      // Optional, default is current time
-      signTime: new Date(), // t=
-
-      // Keys for one or more signatures
-      // Different signatures can use different algorithms (mostly useful when
-      // you want to sign a message both with RSA and Ed25519)
-      signatureData: [
-        {
-          signingDomain: this.jobOptions.domain, // d=
-          selector: this.jobOptions.selector, // s=
-          // supported key types: RSA, Ed25519
-          privateKey: await this.loadPrivateKey(), // k=
-
-          // Optional algorithm, default is derived from the key.
-          // Overrides whatever was set in parent object
-          algorithm: 'rsa-sha256',
-
-          // Optional signature specifc canonicalization, overrides whatever was set in parent object
-          canonicalization: 'relaxed/relaxed', // c=
-
-          // Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).
-          // Do not use though. This is available only for compatibility testing.
-          // maxBodyLength: 12345
-        },
-      ],
-    });
-    const signature = signResult.signatures;
-    return signature;
-  }
-}

ts/mail/delivery/classes.ratelimiter.ts

@@ -1,281 +0,0 @@
-import { logger } from '../../logger.js';
-
-/**
- * Configuration options for rate limiter
- */
-export interface IRateLimitConfig {
-  /** Maximum tokens per period */
-  maxPerPeriod: number;
-  
-  /** Time period in milliseconds */
-  periodMs: number;
-  
-  /** Whether to apply per domain/key (vs globally) */
-  perKey: boolean;
-  
-  /** Initial token count (defaults to max) */
-  initialTokens?: number;
-  
-  /** Grace tokens to allow occasional bursts */
-  burstTokens?: number;
-  
-  /** Apply global limit in addition to per-key limits */
-  useGlobalLimit?: boolean;
-}
-
-/**
- * Token bucket for an individual key
- */
-interface TokenBucket {
-  /** Current number of tokens */
-  tokens: number;
-  
-  /** Last time tokens were refilled */
-  lastRefill: number;
-  
-  /** Total allowed requests */
-  allowed: number;
-  
-  /** Total denied requests */
-  denied: number;
-}
-
-/**
- * Rate limiter using token bucket algorithm
- * Provides more sophisticated rate limiting with burst handling
- */
-export class RateLimiter {
-  /** Rate limit configuration */
-  private config: IRateLimitConfig;
-  
-  /** Token buckets per key */
-  private buckets: Map<string, TokenBucket> = new Map();
-  
-  /** Global bucket for non-keyed rate limiting */
-  private globalBucket: TokenBucket;
-  
-  /**
-   * Create a new rate limiter
-   * @param config Rate limiter configuration
-   */
-  constructor(config: IRateLimitConfig) {
-    // Set defaults
-    this.config = {
-      maxPerPeriod: config.maxPerPeriod,
-      periodMs: config.periodMs,
-      perKey: config.perKey ?? true,
-      initialTokens: config.initialTokens ?? config.maxPerPeriod,
-      burstTokens: config.burstTokens ?? 0,
-      useGlobalLimit: config.useGlobalLimit ?? false
-    };
-    
-    // Initialize global bucket
-    this.globalBucket = {
-      tokens: this.config.initialTokens,
-      lastRefill: Date.now(),
-      allowed: 0,
-      denied: 0
-    };
-    
-    // Log initialization
-    logger.log('info', `Rate limiter initialized: ${this.config.maxPerPeriod} per ${this.config.periodMs}ms${this.config.perKey ? ' per key' : ''}`);
-  }
-  
-  /**
-   * Check if a request is allowed under rate limits
-   * @param key Key to check rate limit for (e.g. domain, user, IP)
-   * @param cost Token cost (defaults to 1)
-   * @returns Whether the request is allowed
-   */
-  public isAllowed(key: string = 'global', cost: number = 1): boolean {
-    // If using global bucket directly, just check that
-    if (key === 'global' || !this.config.perKey) {
-      return this.checkBucket(this.globalBucket, cost);
-    }
-    
-    // Get the key-specific bucket
-    const bucket = this.getBucket(key);
-    
-    // If we also need to check global limit
-    if (this.config.useGlobalLimit) {
-      // Both key bucket and global bucket must have tokens
-      return this.checkBucket(bucket, cost) && this.checkBucket(this.globalBucket, cost);
-    } else {
-      // Only need to check the key-specific bucket
-      return this.checkBucket(bucket, cost);
-    }
-  }
-  
-  /**
-   * Check if a bucket has enough tokens and consume them
-   * @param bucket The token bucket to check
-   * @param cost Token cost
-   * @returns Whether tokens were consumed
-   */
-  private checkBucket(bucket: TokenBucket, cost: number): boolean {
-    // Refill tokens based on elapsed time
-    this.refillBucket(bucket);
-    
-    // Check if we have enough tokens
-    if (bucket.tokens >= cost) {
-      // Use tokens
-      bucket.tokens -= cost;
-      bucket.allowed++;
-      return true;
-    } else {
-      // Rate limit exceeded
-      bucket.denied++;
-      return false;
-    }
-  }
-  
-  /**
-   * Consume tokens for a request (if available)
-   * @param key Key to consume tokens for
-   * @param cost Token cost (defaults to 1)
-   * @returns Whether tokens were consumed
-   */
-  public consume(key: string = 'global', cost: number = 1): boolean {
-    const isAllowed = this.isAllowed(key, cost);
-    return isAllowed;
-  }
-  
-  /**
-   * Get the remaining tokens for a key
-   * @param key Key to check
-   * @returns Number of remaining tokens
-   */
-  public getRemainingTokens(key: string = 'global'): number {
-    const bucket = this.getBucket(key);
-    this.refillBucket(bucket);
-    return bucket.tokens;
-  }
-  
-  /**
-   * Get stats for a specific key
-   * @param key Key to get stats for
-   * @returns Rate limit statistics
-   */
-  public getStats(key: string = 'global'): {
-    remaining: number;
-    limit: number;
-    resetIn: number;
-    allowed: number;
-    denied: number;
-  } {
-    const bucket = this.getBucket(key);
-    this.refillBucket(bucket);
-    
-    // Calculate time until next token
-    const resetIn = bucket.tokens < this.config.maxPerPeriod ?
-      Math.ceil(this.config.periodMs / this.config.maxPerPeriod) :
-      0;
-    
-    return {
-      remaining: bucket.tokens,
-      limit: this.config.maxPerPeriod,
-      resetIn,
-      allowed: bucket.allowed,
-      denied: bucket.denied
-    };
-  }
-  
-  /**
-   * Get or create a token bucket for a key
-   * @param key The rate limit key
-   * @returns Token bucket
-   */
-  private getBucket(key: string): TokenBucket {
-    if (!this.config.perKey || key === 'global') {
-      return this.globalBucket;
-    }
-    
-    if (!this.buckets.has(key)) {
-      // Create new bucket
-      this.buckets.set(key, {
-        tokens: this.config.initialTokens,
-        lastRefill: Date.now(),
-        allowed: 0,
-        denied: 0
-      });
-    }
-    
-    return this.buckets.get(key);
-  }
-  
-  /**
-   * Refill tokens in a bucket based on elapsed time
-   * @param bucket Token bucket to refill
-   */
-  private refillBucket(bucket: TokenBucket): void {
-    const now = Date.now();
-    const elapsedMs = now - bucket.lastRefill;
-    
-    // Calculate how many tokens to add
-    const rate = this.config.maxPerPeriod / this.config.periodMs;
-    const tokensToAdd = elapsedMs * rate;
-    
-    if (tokensToAdd >= 0.1) { // Allow for partial token refills
-      // Add tokens, but don't exceed the normal maximum (without burst)
-      // This ensures burst tokens are only used for bursts and don't refill
-      const normalMax = this.config.maxPerPeriod;
-      bucket.tokens = Math.min(
-        // Don't exceed max + burst
-        this.config.maxPerPeriod + (this.config.burstTokens || 0), 
-        // Don't exceed normal max when refilling
-        Math.min(normalMax, bucket.tokens + tokensToAdd)
-      );
-      
-      // Update last refill time
-      bucket.lastRefill = now;
-    }
-  }
-  
-  /**
-   * Reset rate limits for a specific key
-   * @param key Key to reset
-   */
-  public reset(key: string = 'global'): void {
-    if (key === 'global' || !this.config.perKey) {
-      this.globalBucket.tokens = this.config.initialTokens;
-      this.globalBucket.lastRefill = Date.now();
-    } else if (this.buckets.has(key)) {
-      const bucket = this.buckets.get(key);
-      bucket.tokens = this.config.initialTokens;
-      bucket.lastRefill = Date.now();
-    }
-  }
-  
-  /**
-   * Reset all rate limiters
-   */
-  public resetAll(): void {
-    this.globalBucket.tokens = this.config.initialTokens;
-    this.globalBucket.lastRefill = Date.now();
-    
-    for (const bucket of this.buckets.values()) {
-      bucket.tokens = this.config.initialTokens;
-      bucket.lastRefill = Date.now();
-    }
-  }
-  
-  /**
-   * Cleanup old buckets to prevent memory leaks
-   * @param maxAge Maximum age in milliseconds
-   */
-  public cleanup(maxAge: number = 24 * 60 * 60 * 1000): void {
-    const now = Date.now();
-    let removed = 0;
-    
-    for (const [key, bucket] of this.buckets.entries()) {
-      if (now - bucket.lastRefill > maxAge) {
-        this.buckets.delete(key);
-        removed++;
-      }
-    }
-    
-    if (removed > 0) {
-      logger.log('debug', `Cleaned up ${removed} stale rate limit buckets`);
-    }
-  }
-}

ts/mail/delivery/classes.smtpserver.ts

@@ -1,806 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { Email } from '../core/classes.email.js';
-import type { MtaService } from './classes.mta.js';
-import { logger } from '../../logger.js';
-import { 
-  SecurityLogger, 
-  SecurityLogLevel, 
-  SecurityEventType,
-  IPReputationChecker, 
-  ReputationThreshold 
-} from '../../security/index.js';
-
-export interface ISmtpServerOptions {
-  port: number;
-  key: string;
-  cert: string;
-  hostname?: string;
-}
-
-// SMTP Session States
-enum SmtpState {
-  GREETING,
-  AFTER_EHLO,
-  MAIL_FROM,
-  RCPT_TO,
-  DATA,
-  DATA_RECEIVING,
-  FINISHED
-}
-
-// Structure to store session information
-interface SmtpSession {
-  state: SmtpState;
-  clientHostname: string;
-  mailFrom: string;
-  rcptTo: string[];
-  emailData: string;
-  useTLS: boolean;
-  connectionEnded: boolean;
-}
-
-export class SMTPServer {
-  public mtaRef: MtaService;
-  private smtpServerOptions: ISmtpServerOptions;
-  private server: plugins.net.Server;
-  private sessions: Map<plugins.net.Socket | plugins.tls.TLSSocket, SmtpSession>;
-  private hostname: string;
-
-  constructor(mtaRefArg: MtaService, optionsArg: ISmtpServerOptions) {
-    console.log('SMTPServer instance is being created...');
-
-    this.mtaRef = mtaRefArg;
-    this.smtpServerOptions = optionsArg;
-    this.sessions = new Map();
-    this.hostname = optionsArg.hostname || 'mta.lossless.one';
-
-    this.server = plugins.net.createServer((socket) => {
-      this.handleNewConnection(socket);
-    });
-  }
-
-  private async handleNewConnection(socket: plugins.net.Socket): Promise<void> {
-    const clientIp = socket.remoteAddress;
-    const clientPort = socket.remotePort;
-    console.log(`New connection from ${clientIp}:${clientPort}`);
-    
-    // Initialize a new session
-    this.sessions.set(socket, {
-      state: SmtpState.GREETING,
-      clientHostname: '',
-      mailFrom: '',
-      rcptTo: [],
-      emailData: '',
-      useTLS: false,
-      connectionEnded: false
-    });
-    
-    // Check IP reputation
-    try {
-      if (this.mtaRef.config.security?.checkIPReputation !== false && clientIp) {
-        const reputationChecker = IPReputationChecker.getInstance();
-        const reputation = await reputationChecker.checkReputation(clientIp);
-        
-        // Log the reputation check
-        SecurityLogger.getInstance().logEvent({
-          level: reputation.score < ReputationThreshold.HIGH_RISK 
-            ? SecurityLogLevel.WARN 
-            : SecurityLogLevel.INFO,
-          type: SecurityEventType.IP_REPUTATION,
-          message: `IP reputation checked for new SMTP connection: score=${reputation.score}`,
-          ipAddress: clientIp,
-          details: {
-            clientPort,
-            score: reputation.score,
-            isSpam: reputation.isSpam,
-            isProxy: reputation.isProxy,
-            isTor: reputation.isTor,
-            isVPN: reputation.isVPN,
-            country: reputation.country,
-            blacklists: reputation.blacklists,
-            socketId: socket.remotePort.toString() + socket.remoteFamily
-          }
-        });
-        
-        // Handle high-risk IPs - add delay or reject based on score
-        if (reputation.score < ReputationThreshold.HIGH_RISK) {
-          // For high-risk connections, add an artificial delay to slow down potential spam
-          const delayMs = Math.min(5000, Math.max(1000, (ReputationThreshold.HIGH_RISK - reputation.score) * 100));
-          await new Promise(resolve => setTimeout(resolve, delayMs));
-          
-          if (reputation.score < 5) {
-            // Very high risk - can optionally reject the connection
-            if (this.mtaRef.config.security?.rejectHighRiskIPs) {
-              this.sendResponse(socket, `554 Transaction failed - IP is on spam blocklist`);
-              socket.destroy();
-              return;
-            }
-          }
-        }
-      }
-    } catch (error) {
-      logger.log('error', `Error checking IP reputation: ${error.message}`, {
-        ip: clientIp,
-        error: error.message
-      });
-    }
-    
-    // Log the connection as a security event
-    SecurityLogger.getInstance().logEvent({
-      level: SecurityLogLevel.INFO,
-      type: SecurityEventType.CONNECTION,
-      message: `New SMTP connection established`,
-      ipAddress: clientIp,
-      details: {
-        clientPort,
-        socketId: socket.remotePort.toString() + socket.remoteFamily
-      }
-    });
-
-    // Send greeting
-    this.sendResponse(socket, `220 ${this.hostname} ESMTP Service Ready`);
-
-    socket.on('data', (data) => {
-      this.processData(socket, data);
-    });
-
-    socket.on('end', () => {
-      const clientIp = socket.remoteAddress;
-      const clientPort = socket.remotePort;
-      console.log(`Connection ended from ${clientIp}:${clientPort}`);
-      
-      const session = this.sessions.get(socket);
-      if (session) {
-        session.connectionEnded = true;
-        
-        // Log connection end as security event
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.INFO,
-          type: SecurityEventType.CONNECTION,
-          message: `SMTP connection ended normally`,
-          ipAddress: clientIp,
-          details: {
-            clientPort,
-            state: SmtpState[session.state],
-            from: session.mailFrom || 'not set'
-          }
-        });
-      }
-    });
-
-    socket.on('error', (err) => {
-      const clientIp = socket.remoteAddress;
-      const clientPort = socket.remotePort;
-      console.error(`Socket error: ${err.message}`);
-      
-      // Log connection error as security event
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.CONNECTION,
-        message: `SMTP connection error`,
-        ipAddress: clientIp,
-        details: {
-          clientPort,
-          error: err.message,
-          errorCode: (err as any).code,
-          from: this.sessions.get(socket)?.mailFrom || 'not set'
-        }
-      });
-      
-      this.sessions.delete(socket);
-      socket.destroy();
-    });
-
-    socket.on('close', () => {
-      const clientIp = socket.remoteAddress;
-      const clientPort = socket.remotePort;
-      console.log(`Connection closed from ${clientIp}:${clientPort}`);
-      
-      // Log connection closure as security event
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.CONNECTION,
-        message: `SMTP connection closed`,
-        ipAddress: clientIp,
-        details: {
-          clientPort,
-          sessionEnded: this.sessions.get(socket)?.connectionEnded || false
-        }
-      });
-      
-      this.sessions.delete(socket);
-    });
-  }
-
-  private sendResponse(socket: plugins.net.Socket | plugins.tls.TLSSocket, response: string): void {
-    try {
-      socket.write(`${response}\r\n`);
-      console.log(`→ ${response}`);
-    } catch (error) {
-      console.error(`Error sending response: ${error.message}`);
-      socket.destroy();
-    }
-  }
-
-  private processData(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: Buffer): void {
-    const session = this.sessions.get(socket);
-    if (!session) {
-      console.error('No session found for socket. Closing connection.');
-      socket.destroy();
-      return;
-    }
-
-    // If we're in DATA_RECEIVING state, handle differently
-    if (session.state === SmtpState.DATA_RECEIVING) {
-      // Call async method but don't return the promise
-      this.processEmailData(socket, data.toString()).catch(err => {
-        console.error(`Error processing email data: ${err.message}`);
-      });
-      return;
-    }
-
-    // Process normal SMTP commands
-    const lines = data.toString().split('\r\n').filter(line => line.length > 0);
-    for (const line of lines) {
-      console.log(`← ${line}`);
-      this.processCommand(socket, line);
-    }
-  }
-
-  private processCommand(socket: plugins.net.Socket | plugins.tls.TLSSocket, commandLine: string): void {
-    const session = this.sessions.get(socket);
-    if (!session || session.connectionEnded) return;
-
-    const [command, ...args] = commandLine.split(' ');
-    const upperCommand = command.toUpperCase();
-
-    switch (upperCommand) {
-      case 'EHLO':
-      case 'HELO':
-        this.handleEhlo(socket, args.join(' '));
-        break;
-      case 'STARTTLS':
-        this.handleStartTls(socket);
-        break;
-      case 'MAIL':
-        this.handleMailFrom(socket, args.join(' '));
-        break;
-      case 'RCPT':
-        this.handleRcptTo(socket, args.join(' '));
-        break;
-      case 'DATA':
-        this.handleData(socket);
-        break;
-      case 'RSET':
-        this.handleRset(socket);
-        break;
-      case 'QUIT':
-        this.handleQuit(socket);
-        break;
-      case 'NOOP':
-        this.sendResponse(socket, '250 OK');
-        break;
-      default:
-        this.sendResponse(socket, '502 Command not implemented');
-    }
-  }
-
-  private handleEhlo(socket: plugins.net.Socket | plugins.tls.TLSSocket, clientHostname: string): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    if (!clientHostname) {
-      this.sendResponse(socket, '501 Syntax error in parameters or arguments');
-      return;
-    }
-
-    session.clientHostname = clientHostname;
-    session.state = SmtpState.AFTER_EHLO;
-
-    // List available extensions
-    this.sendResponse(socket, `250-${this.hostname} Hello ${clientHostname}`);
-    this.sendResponse(socket, '250-SIZE 10485760'); // 10MB max
-    this.sendResponse(socket, '250-8BITMIME');
-    
-    // Only offer STARTTLS if we haven't already established it
-    if (!session.useTLS) {
-      this.sendResponse(socket, '250-STARTTLS');
-    }
-    
-    this.sendResponse(socket, '250 HELP');
-  }
-
-  private handleStartTls(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    if (session.state !== SmtpState.AFTER_EHLO) {
-      this.sendResponse(socket, '503 Bad sequence of commands');
-      return;
-    }
-
-    if (session.useTLS) {
-      this.sendResponse(socket, '503 TLS already active');
-      return;
-    }
-
-    this.sendResponse(socket, '220 Ready to start TLS');
-    this.startTLS(socket);
-  }
-
-  private handleMailFrom(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    if (session.state !== SmtpState.AFTER_EHLO) {
-      this.sendResponse(socket, '503 Bad sequence of commands');
-      return;
-    }
-
-    // Extract email from MAIL FROM:<user@example.com>
-    const emailMatch = args.match(/FROM:<([^>]*)>/i);
-    if (!emailMatch) {
-      this.sendResponse(socket, '501 Syntax error in parameters or arguments');
-      return;
-    }
-
-    const email = emailMatch[1];
-    if (!this.isValidEmail(email)) {
-      this.sendResponse(socket, '501 Invalid email address');
-      return;
-    }
-
-    session.mailFrom = email;
-    session.state = SmtpState.MAIL_FROM;
-    this.sendResponse(socket, '250 OK');
-  }
-
-  private handleRcptTo(socket: plugins.net.Socket | plugins.tls.TLSSocket, args: string): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    if (session.state !== SmtpState.MAIL_FROM && session.state !== SmtpState.RCPT_TO) {
-      this.sendResponse(socket, '503 Bad sequence of commands');
-      return;
-    }
-
-    // Extract email from RCPT TO:<user@example.com>
-    const emailMatch = args.match(/TO:<([^>]*)>/i);
-    if (!emailMatch) {
-      this.sendResponse(socket, '501 Syntax error in parameters or arguments');
-      return;
-    }
-
-    const email = emailMatch[1];
-    if (!this.isValidEmail(email)) {
-      this.sendResponse(socket, '501 Invalid email address');
-      return;
-    }
-
-    session.rcptTo.push(email);
-    session.state = SmtpState.RCPT_TO;
-    this.sendResponse(socket, '250 OK');
-  }
-
-  private handleData(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    if (session.state !== SmtpState.RCPT_TO) {
-      this.sendResponse(socket, '503 Bad sequence of commands');
-      return;
-    }
-
-    session.state = SmtpState.DATA_RECEIVING;
-    session.emailData = '';
-    this.sendResponse(socket, '354 End data with <CR><LF>.<CR><LF>');
-  }
-
-  private handleRset(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    // Reset the session data but keep connection information
-    session.state = SmtpState.AFTER_EHLO;
-    session.mailFrom = '';
-    session.rcptTo = [];
-    session.emailData = '';
-    
-    this.sendResponse(socket, '250 OK');
-  }
-
-  private handleQuit(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    this.sendResponse(socket, '221 Goodbye');
-    
-    // If we have collected email data, try to parse it before closing
-    if (session.state === SmtpState.FINISHED && session.emailData.length > 0) {
-      this.parseEmail(socket);
-    }
-    
-    socket.end();
-    this.sessions.delete(socket);
-  }
-
-  private async processEmailData(socket: plugins.net.Socket | plugins.tls.TLSSocket, data: string): Promise<void> {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    // Check for end of data marker
-    if (data.endsWith('\r\n.\r\n')) {
-      // Remove the end of data marker
-      const emailData = data.slice(0, -5);
-      session.emailData += emailData;
-      session.state = SmtpState.FINISHED;
-      
-      // Save and process the email
-      this.saveEmail(socket);
-      this.sendResponse(socket, '250 OK: Message accepted for delivery');
-    } else {
-      // Accumulate the data
-      session.emailData += data;
-    }
-  }
-
-  private saveEmail(socket: plugins.net.Socket | plugins.tls.TLSSocket): void {
-    const session = this.sessions.get(socket);
-    if (!session) return;
-
-    try {
-      // Ensure the directory exists
-      plugins.smartfile.fs.ensureDirSync(paths.receivedEmailsDir);
-      
-      // Write the email to disk
-      plugins.smartfile.memory.toFsSync(
-        session.emailData,
-        plugins.path.join(paths.receivedEmailsDir, `${Date.now()}.eml`)
-      );
-      
-      // Parse the email
-      this.parseEmail(socket);
-    } catch (error) {
-      console.error('Error saving email:', error);
-    }
-  }
-
-  private async parseEmail(socket: plugins.net.Socket | plugins.tls.TLSSocket): Promise<void> {
-    const session = this.sessions.get(socket);
-    if (!session || !session.emailData) {
-      console.error('No email data found for session.');
-      return;
-    }
-
-    let mightBeSpam = false;
-    // Prepare headers for DKIM verification results
-    const customHeaders: Record<string, string> = {};
-
-    // Authentication results
-    let dkimResult = { domain: '', result: false };
-    let spfResult = { domain: '', result: false };
-    
-    // Check security configuration
-    const securityConfig = this.mtaRef.config.security || {};
-    
-    // 1. Verify DKIM signature if enabled
-    if (securityConfig.verifyDkim !== false) {
-      try {
-        const verificationResult = await this.mtaRef.dkimVerifier.verify(session.emailData, {
-          useCache: true,
-          returnDetails: false
-        });
-      
-        dkimResult.result = verificationResult.isValid;
-        dkimResult.domain = verificationResult.domain || '';
-        
-        if (!verificationResult.isValid) {
-          logger.log('warn', `DKIM verification failed for incoming email: ${verificationResult.errorMessage || 'Unknown error'}`);
-          
-          // Enhanced security logging
-          SecurityLogger.getInstance().logEvent({
-            level: SecurityLogLevel.WARN,
-            type: SecurityEventType.DKIM,
-            message: `DKIM verification failed for incoming email`,
-            domain: verificationResult.domain || session.mailFrom.split('@')[1],
-            details: {
-              error: verificationResult.errorMessage || 'Unknown error',
-              status: verificationResult.status,
-              selector: verificationResult.selector,
-              senderIP: socket.remoteAddress
-            },
-            ipAddress: socket.remoteAddress,
-            success: false
-          });
-        } else {
-          logger.log('info', `DKIM verification passed for incoming email from domain ${verificationResult.domain}`);
-          
-          // Enhanced security logging
-          SecurityLogger.getInstance().logEvent({
-            level: SecurityLogLevel.INFO,
-            type: SecurityEventType.DKIM,
-            message: `DKIM verification passed for incoming email`,
-            domain: verificationResult.domain,
-            details: {
-              selector: verificationResult.selector,
-              status: verificationResult.status,
-              senderIP: socket.remoteAddress
-            },
-            ipAddress: socket.remoteAddress,
-            success: true
-          });
-        }
-        
-        // Store verification results in headers
-        if (verificationResult.domain) {
-          customHeaders['X-DKIM-Domain'] = verificationResult.domain;
-        }
-        
-        customHeaders['X-DKIM-Status'] = verificationResult.status || 'unknown';
-        customHeaders['X-DKIM-Result'] = verificationResult.isValid ? 'pass' : 'fail';
-      } catch (error) {
-        logger.log('error', `Failed to verify DKIM signature: ${error.message}`);
-        customHeaders['X-DKIM-Status'] = 'error';
-        customHeaders['X-DKIM-Result'] = 'error';
-      }
-    }
-    
-    // 2. Verify SPF if enabled
-    if (securityConfig.verifySpf !== false) {
-      try {
-        // Get the client IP and hostname
-        const clientIp = socket.remoteAddress || '127.0.0.1';
-        const clientHostname = session.clientHostname || 'localhost';
-      
-        // Parse the email to get envelope from
-        const parsedEmail = await plugins.mailparser.simpleParser(session.emailData);
-        
-        // Create a temporary Email object for SPF verification
-        const tempEmail = new Email({
-          from: parsedEmail.from?.value[0].address || session.mailFrom,
-          to: session.rcptTo[0],
-          subject: "Temporary Email for SPF Verification",
-          text: "This is a temporary email for SPF verification"
-        });
-        
-        // Set envelope from for SPF verification
-        tempEmail.setEnvelopeFrom(session.mailFrom);
-        
-        // Verify SPF
-        const spfVerified = await this.mtaRef.spfVerifier.verifyAndApply(
-          tempEmail,
-          clientIp,
-          clientHostname
-        );
-        
-        // Update SPF result
-        spfResult.result = spfVerified;
-        spfResult.domain = session.mailFrom.split('@')[1] || '';
-        
-        // Copy SPF headers from the temp email
-        if (tempEmail.headers['Received-SPF']) {
-          customHeaders['Received-SPF'] = tempEmail.headers['Received-SPF'];
-        }
-        
-        // Set spam flag if SPF fails badly
-        if (tempEmail.mightBeSpam) {
-          mightBeSpam = true;
-        }
-      } catch (error) {
-        logger.log('error', `Failed to verify SPF: ${error.message}`);
-        customHeaders['Received-SPF'] = `error (${error.message})`;
-      }
-    }
-    
-    // 3. Verify DMARC if enabled
-    if (securityConfig.verifyDmarc !== false) {
-      try {
-        // Parse the email again
-        const parsedEmail = await plugins.mailparser.simpleParser(session.emailData);
-      
-        // Create a temporary Email object for DMARC verification
-        const tempEmail = new Email({
-          from: parsedEmail.from?.value[0].address || session.mailFrom,
-          to: session.rcptTo[0],
-          subject: "Temporary Email for DMARC Verification",
-          text: "This is a temporary email for DMARC verification"
-        });
-        
-        // Verify DMARC
-        const dmarcResult = await this.mtaRef.dmarcVerifier.verify(
-          tempEmail,
-          spfResult,
-          dkimResult
-        );
-        
-        // Apply DMARC policy
-        const dmarcPassed = this.mtaRef.dmarcVerifier.applyPolicy(tempEmail, dmarcResult);
-        
-        // Add DMARC result to headers
-        if (tempEmail.headers['X-DMARC-Result']) {
-          customHeaders['X-DMARC-Result'] = tempEmail.headers['X-DMARC-Result'];
-        }
-        
-        // Add Authentication-Results header combining all authentication results
-        customHeaders['Authentication-Results'] = `${this.mtaRef.config.smtp.hostname}; ` +
-          `spf=${spfResult.result ? 'pass' : 'fail'} smtp.mailfrom=${session.mailFrom}; ` +
-          `dkim=${dkimResult.result ? 'pass' : 'fail'} header.d=${dkimResult.domain || 'unknown'}; ` +
-          `dmarc=${dmarcPassed ? 'pass' : 'fail'} header.from=${tempEmail.getFromDomain()}`;
-        
-        // Set spam flag if DMARC fails
-        if (tempEmail.mightBeSpam) {
-          mightBeSpam = true;
-        }
-      } catch (error) {
-        logger.log('error', `Failed to verify DMARC: ${error.message}`);
-        customHeaders['X-DMARC-Result'] = `error (${error.message})`;
-      }
-    }
-
-    try {
-      const parsedEmail = await plugins.mailparser.simpleParser(session.emailData);
-      
-      const email = new Email({
-        from: parsedEmail.from?.value[0].address || session.mailFrom,
-        to: session.rcptTo[0], // Use the first recipient
-        headers: customHeaders, // Add our custom headers with DKIM verification results
-        subject: parsedEmail.subject || '',
-        text: parsedEmail.html || parsedEmail.text || '',
-        attachments: parsedEmail.attachments?.map((attachment) => ({
-          filename: attachment.filename || '',
-          content: attachment.content,
-          contentType: attachment.contentType,
-        })) || [],
-        mightBeSpam: mightBeSpam,
-      });
-
-      console.log('Email received and parsed:', {
-        from: email.from,
-        to: email.to,
-        subject: email.subject,
-        attachments: email.attachments.length,
-        mightBeSpam: email.mightBeSpam
-      });
-      
-      // Enhanced security logging for received email
-      SecurityLogger.getInstance().logEvent({
-        level: mightBeSpam ? SecurityLogLevel.WARN : SecurityLogLevel.INFO,
-        type: mightBeSpam ? SecurityEventType.SPAM : SecurityEventType.EMAIL_VALIDATION,
-        message: `Email received and ${mightBeSpam ? 'flagged as potential spam' : 'validated successfully'}`,
-        domain: email.from.split('@')[1],
-        ipAddress: socket.remoteAddress,
-        details: {
-          from: email.from,
-          subject: email.subject,
-          recipientCount: email.getAllRecipients().length,
-          attachmentCount: email.attachments.length,
-          hasAttachments: email.hasAttachments(),
-          dkimStatus: customHeaders['X-DKIM-Result'] || 'unknown'
-        },
-        success: !mightBeSpam
-      });
-
-      // Process or forward the email via MTA service
-      try {
-        await this.mtaRef.processIncomingEmail(email);
-      } catch (err) {
-        console.error('Error in MTA processing of incoming email:', err);
-        
-        // Log processing errors
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.ERROR,
-          type: SecurityEventType.EMAIL_VALIDATION,
-          message: `Error processing incoming email`,
-          domain: email.from.split('@')[1],
-          ipAddress: socket.remoteAddress,
-          details: {
-            error: err.message,
-            from: email.from,
-            stack: err.stack
-          },
-          success: false
-        });
-      }
-    } catch (error) {
-      console.error('Error parsing email:', error);
-      
-      // Log parsing errors
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_VALIDATION,
-        message: `Error parsing incoming email`,
-        ipAddress: socket.remoteAddress,
-        details: {
-          error: error.message,
-          sender: session.mailFrom,
-          stack: error.stack
-        },
-        success: false
-      });
-    }
-  }
-
-  private startTLS(socket: plugins.net.Socket): void {
-    try {
-      const secureContext = plugins.tls.createSecureContext({
-        key: this.smtpServerOptions.key,
-        cert: this.smtpServerOptions.cert,
-      });
-
-      const tlsSocket = new plugins.tls.TLSSocket(socket, {
-        secureContext: secureContext,
-        isServer: true,
-        server: this.server
-      });
-
-      const originalSession = this.sessions.get(socket);
-      if (!originalSession) {
-        console.error('No session found when upgrading to TLS');
-        return;
-      }
-
-      // Transfer the session data to the new TLS socket
-      this.sessions.set(tlsSocket, {
-        ...originalSession,
-        useTLS: true,
-        state: SmtpState.GREETING // Reset state to require a new EHLO
-      });
-      
-      this.sessions.delete(socket);
-
-      tlsSocket.on('secure', () => {
-        console.log('TLS negotiation successful');
-      });
-
-      tlsSocket.on('data', (data: Buffer) => {
-        this.processData(tlsSocket, data);
-      });
-
-      tlsSocket.on('end', () => {
-        console.log('TLS socket ended');
-        const session = this.sessions.get(tlsSocket);
-        if (session) {
-          session.connectionEnded = true;
-        }
-      });
-
-      tlsSocket.on('error', (err) => {
-        console.error('TLS socket error:', err);
-        this.sessions.delete(tlsSocket);
-        tlsSocket.destroy();
-      });
-
-      tlsSocket.on('close', () => {
-        console.log('TLS socket closed');
-        this.sessions.delete(tlsSocket);
-      });
-    } catch (error) {
-      console.error('Error upgrading connection to TLS:', error);
-      socket.destroy();
-    }
-  }
-
-  private isValidEmail(email: string): boolean {
-    // Basic email validation - more comprehensive validation could be implemented
-    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    return emailRegex.test(email);
-  }
-
-  public start(): void {
-    this.server.listen(this.smtpServerOptions.port, () => {
-      console.log(`SMTP Server is now running on port ${this.smtpServerOptions.port}`);
-    });
-  }
-
-  public stop(): void {
-    this.server.getConnections((err, count) => {
-      if (err) throw err;
-      console.log('Number of active connections: ', count);
-    });
-    
-    this.server.close(() => {
-      console.log('SMTP Server is now stopped');
-    });
-  }
-}

ts/mail/delivery/classes.unified.rate.limiter.ts

@@ -1,897 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-
-/**
- * Interface for rate limit configuration
- */
-export interface IRateLimitConfig {
-  maxMessagesPerMinute?: number;
-  maxRecipientsPerMessage?: number;
-  maxConnectionsPerIP?: number;
-  maxErrorsPerIP?: number;
-  maxAuthFailuresPerIP?: number;
-  blockDuration?: number; // in milliseconds
-}
-
-/**
- * Interface for hierarchical rate limits
- */
-export interface IHierarchicalRateLimits {
-  // Global rate limits (applied to all traffic)
-  global: IRateLimitConfig;
-  
-  // Pattern-specific rate limits (applied to matching patterns)
-  patterns?: Record<string, IRateLimitConfig>;
-  
-  // IP-specific rate limits (applied to specific IPs)
-  ips?: Record<string, IRateLimitConfig>;
-  
-  // Temporary blocks list and their expiry times
-  blocks?: Record<string, number>; // IP to expiry timestamp
-}
-
-/**
- * Counter interface for rate limiting
- */
-interface ILimitCounter {
-  count: number;
-  lastReset: number;
-  recipients: number;
-  errors: number;
-  authFailures: number;
-  connections: number;
-}
-
-/**
- * Rate limiter statistics
- */
-export interface IRateLimiterStats {
-  activeCounters: number;
-  totalBlocked: number;
-  currentlyBlocked: number;
-  byPattern: Record<string, {
-    messagesPerMinute: number;
-    totalMessages: number;
-    totalBlocked: number;
-  }>;
-  byIp: Record<string, {
-    messagesPerMinute: number;
-    totalMessages: number;
-    totalBlocked: number;
-    connections: number;
-    errors: number;
-    authFailures: number;
-    blocked: boolean;
-  }>;
-}
-
-/**
- * Result of a rate limit check
- */
-export interface IRateLimitResult {
-  allowed: boolean;
-  reason?: string;
-  limit?: number;
-  current?: number;
-  resetIn?: number; // milliseconds until reset
-}
-
-/**
- * Unified rate limiter for all email processing modes
- */
-export class UnifiedRateLimiter extends EventEmitter {
-  private config: IHierarchicalRateLimits;
-  private counters: Map<string, ILimitCounter> = new Map();
-  private patternCounters: Map<string, ILimitCounter> = new Map();
-  private ipCounters: Map<string, ILimitCounter> = new Map();
-  private cleanupInterval?: NodeJS.Timeout;
-  private stats: IRateLimiterStats;
-  
-  /**
-   * Create a new unified rate limiter
-   * @param config Rate limit configuration
-   */
-  constructor(config: IHierarchicalRateLimits) {
-    super();
-    
-    // Set default configuration
-    this.config = {
-      global: {
-        maxMessagesPerMinute: config.global.maxMessagesPerMinute || 100,
-        maxRecipientsPerMessage: config.global.maxRecipientsPerMessage || 100,
-        maxConnectionsPerIP: config.global.maxConnectionsPerIP || 20,
-        maxErrorsPerIP: config.global.maxErrorsPerIP || 10,
-        maxAuthFailuresPerIP: config.global.maxAuthFailuresPerIP || 5,
-        blockDuration: config.global.blockDuration || 3600000 // 1 hour
-      },
-      patterns: config.patterns || {},
-      ips: config.ips || {},
-      blocks: config.blocks || {}
-    };
-    
-    // Initialize statistics
-    this.stats = {
-      activeCounters: 0,
-      totalBlocked: 0,
-      currentlyBlocked: 0,
-      byPattern: {},
-      byIp: {}
-    };
-    
-    // Start cleanup interval
-    this.startCleanupInterval();
-  }
-  
-  /**
-   * Start the cleanup interval
-   */
-  private startCleanupInterval(): void {
-    if (this.cleanupInterval) {
-      clearInterval(this.cleanupInterval);
-    }
-    
-    // Run cleanup every minute
-    this.cleanupInterval = setInterval(() => this.cleanup(), 60000);
-  }
-  
-  /**
-   * Stop the cleanup interval
-   */
-  public stop(): void {
-    if (this.cleanupInterval) {
-      clearInterval(this.cleanupInterval);
-      this.cleanupInterval = undefined;
-    }
-  }
-  
-  /**
-   * Clean up expired counters and blocks
-   */
-  private cleanup(): void {
-    const now = Date.now();
-    
-    // Clean up expired blocks
-    if (this.config.blocks) {
-      for (const [ip, expiry] of Object.entries(this.config.blocks)) {
-        if (expiry <= now) {
-          delete this.config.blocks[ip];
-          logger.log('info', `Rate limit block expired for IP ${ip}`);
-          
-          // Update statistics
-          if (this.stats.byIp[ip]) {
-            this.stats.byIp[ip].blocked = false;
-          }
-          this.stats.currentlyBlocked--;
-        }
-      }
-    }
-    
-    // Clean up old counters (older than 10 minutes)
-    const cutoff = now - 600000;
-    
-    // Clean global counters
-    for (const [key, counter] of this.counters.entries()) {
-      if (counter.lastReset < cutoff) {
-        this.counters.delete(key);
-      }
-    }
-    
-    // Clean pattern counters
-    for (const [key, counter] of this.patternCounters.entries()) {
-      if (counter.lastReset < cutoff) {
-        this.patternCounters.delete(key);
-      }
-    }
-    
-    // Clean IP counters
-    for (const [key, counter] of this.ipCounters.entries()) {
-      if (counter.lastReset < cutoff) {
-        this.ipCounters.delete(key);
-      }
-    }
-    
-    // Update statistics
-    this.updateStats();
-  }
-  
-  /**
-   * Check if a message is allowed by rate limits
-   * @param email Email address
-   * @param ip IP address
-   * @param recipients Number of recipients
-   * @param pattern Matched pattern
-   * @returns Result of rate limit check
-   */
-  public checkMessageLimit(email: string, ip: string, recipients: number, pattern?: string): IRateLimitResult {
-    // Check if IP is blocked
-    if (this.isIpBlocked(ip)) {
-      return {
-        allowed: false,
-        reason: 'IP is blocked',
-        resetIn: this.getBlockReleaseTime(ip)
-      };
-    }
-    
-    // Check global message rate limit
-    const globalResult = this.checkGlobalMessageLimit(email);
-    if (!globalResult.allowed) {
-      return globalResult;
-    }
-    
-    // Check pattern-specific limit if pattern is provided
-    if (pattern) {
-      const patternResult = this.checkPatternMessageLimit(pattern);
-      if (!patternResult.allowed) {
-        return patternResult;
-      }
-    }
-    
-    // Check IP-specific limit
-    const ipResult = this.checkIpMessageLimit(ip);
-    if (!ipResult.allowed) {
-      return ipResult;
-    }
-    
-    // Check recipient limit
-    const recipientResult = this.checkRecipientLimit(email, recipients, pattern);
-    if (!recipientResult.allowed) {
-      return recipientResult;
-    }
-    
-    // All checks passed
-    return { allowed: true };
-  }
-  
-  /**
-   * Check global message rate limit
-   * @param email Email address
-   */
-  private checkGlobalMessageLimit(email: string): IRateLimitResult {
-    const now = Date.now();
-    const limit = this.config.global.maxMessagesPerMinute!;
-    
-    if (!limit) {
-      return { allowed: true };
-    }
-    
-    // Get or create counter
-    const key = 'global';
-    let counter = this.counters.get(key);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.counters.set(key, counter);
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.count = 0;
-      counter.lastReset = now;
-    }
-    
-    // Check if limit is exceeded
-    if (counter.count >= limit) {
-      // Calculate reset time
-      const resetIn = 60000 - (now - counter.lastReset);
-      
-      return {
-        allowed: false,
-        reason: 'Global message rate limit exceeded',
-        limit,
-        current: counter.count,
-        resetIn
-      };
-    }
-    
-    // Increment counter
-    counter.count++;
-    
-    // Update statistics
-    this.updateStats();
-    
-    return { allowed: true };
-  }
-  
-  /**
-   * Check pattern-specific message rate limit
-   * @param pattern Pattern to check
-   */
-  private checkPatternMessageLimit(pattern: string): IRateLimitResult {
-    const now = Date.now();
-    
-    // Get pattern-specific limit or use global
-    const patternConfig = this.config.patterns?.[pattern];
-    const limit = patternConfig?.maxMessagesPerMinute || this.config.global.maxMessagesPerMinute!;
-    
-    if (!limit) {
-      return { allowed: true };
-    }
-    
-    // Get or create counter
-    let counter = this.patternCounters.get(pattern);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.patternCounters.set(pattern, counter);
-      
-      // Initialize pattern stats if needed
-      if (!this.stats.byPattern[pattern]) {
-        this.stats.byPattern[pattern] = {
-          messagesPerMinute: 0,
-          totalMessages: 0,
-          totalBlocked: 0
-        };
-      }
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.count = 0;
-      counter.lastReset = now;
-    }
-    
-    // Check if limit is exceeded
-    if (counter.count >= limit) {
-      // Calculate reset time
-      const resetIn = 60000 - (now - counter.lastReset);
-      
-      // Update statistics
-      this.stats.byPattern[pattern].totalBlocked++;
-      this.stats.totalBlocked++;
-      
-      return {
-        allowed: false,
-        reason: `Pattern "${pattern}" message rate limit exceeded`,
-        limit,
-        current: counter.count,
-        resetIn
-      };
-    }
-    
-    // Increment counter
-    counter.count++;
-    
-    // Update statistics
-    this.stats.byPattern[pattern].messagesPerMinute = counter.count;
-    this.stats.byPattern[pattern].totalMessages++;
-    
-    return { allowed: true };
-  }
-  
-  /**
-   * Check IP-specific message rate limit
-   * @param ip IP address
-   */
-  private checkIpMessageLimit(ip: string): IRateLimitResult {
-    const now = Date.now();
-    
-    // Get IP-specific limit or use global
-    const ipConfig = this.config.ips?.[ip];
-    const limit = ipConfig?.maxMessagesPerMinute || this.config.global.maxMessagesPerMinute!;
-    
-    if (!limit) {
-      return { allowed: true };
-    }
-    
-    // Get or create counter
-    let counter = this.ipCounters.get(ip);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.ipCounters.set(ip, counter);
-      
-      // Initialize IP stats if needed
-      if (!this.stats.byIp[ip]) {
-        this.stats.byIp[ip] = {
-          messagesPerMinute: 0,
-          totalMessages: 0,
-          totalBlocked: 0,
-          connections: 0,
-          errors: 0,
-          authFailures: 0,
-          blocked: false
-        };
-      }
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.count = 0;
-      counter.lastReset = now;
-    }
-    
-    // Check if limit is exceeded
-    if (counter.count >= limit) {
-      // Calculate reset time
-      const resetIn = 60000 - (now - counter.lastReset);
-      
-      // Update statistics
-      this.stats.byIp[ip].totalBlocked++;
-      this.stats.totalBlocked++;
-      
-      return {
-        allowed: false,
-        reason: `IP ${ip} message rate limit exceeded`,
-        limit,
-        current: counter.count,
-        resetIn
-      };
-    }
-    
-    // Increment counter
-    counter.count++;
-    
-    // Update statistics
-    this.stats.byIp[ip].messagesPerMinute = counter.count;
-    this.stats.byIp[ip].totalMessages++;
-    
-    return { allowed: true };
-  }
-  
-  /**
-   * Check recipient limit
-   * @param email Email address
-   * @param recipients Number of recipients
-   * @param pattern Matched pattern
-   */
-  private checkRecipientLimit(email: string, recipients: number, pattern?: string): IRateLimitResult {
-    // Get pattern-specific limit if available
-    let limit = this.config.global.maxRecipientsPerMessage!;
-    
-    if (pattern && this.config.patterns?.[pattern]?.maxRecipientsPerMessage) {
-      limit = this.config.patterns[pattern].maxRecipientsPerMessage!;
-    }
-    
-    if (!limit) {
-      return { allowed: true };
-    }
-    
-    // Check if limit is exceeded
-    if (recipients > limit) {
-      return {
-        allowed: false,
-        reason: 'Recipient limit exceeded',
-        limit,
-        current: recipients
-      };
-    }
-    
-    return { allowed: true };
-  }
-  
-  /**
-   * Record a connection from an IP
-   * @param ip IP address
-   * @returns Result of rate limit check
-   */
-  public recordConnection(ip: string): IRateLimitResult {
-    const now = Date.now();
-    
-    // Check if IP is blocked
-    if (this.isIpBlocked(ip)) {
-      return {
-        allowed: false,
-        reason: 'IP is blocked',
-        resetIn: this.getBlockReleaseTime(ip)
-      };
-    }
-    
-    // Get IP-specific limit or use global
-    const ipConfig = this.config.ips?.[ip];
-    const limit = ipConfig?.maxConnectionsPerIP || this.config.global.maxConnectionsPerIP!;
-    
-    if (!limit) {
-      return { allowed: true };
-    }
-    
-    // Get or create counter
-    let counter = this.ipCounters.get(ip);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.ipCounters.set(ip, counter);
-      
-      // Initialize IP stats if needed
-      if (!this.stats.byIp[ip]) {
-        this.stats.byIp[ip] = {
-          messagesPerMinute: 0,
-          totalMessages: 0,
-          totalBlocked: 0,
-          connections: 0,
-          errors: 0,
-          authFailures: 0,
-          blocked: false
-        };
-      }
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.connections = 0;
-      counter.lastReset = now;
-    }
-    
-    // Check if limit is exceeded
-    if (counter.connections >= limit) {
-      // Calculate reset time
-      const resetIn = 60000 - (now - counter.lastReset);
-      
-      // Update statistics
-      this.stats.byIp[ip].totalBlocked++;
-      this.stats.totalBlocked++;
-      
-      return {
-        allowed: false,
-        reason: `IP ${ip} connection rate limit exceeded`,
-        limit,
-        current: counter.connections,
-        resetIn
-      };
-    }
-    
-    // Increment counter
-    counter.connections++;
-    
-    // Update statistics
-    this.stats.byIp[ip].connections = counter.connections;
-    
-    return { allowed: true };
-  }
-  
-  /**
-   * Record an error from an IP
-   * @param ip IP address
-   * @returns True if IP should be blocked
-   */
-  public recordError(ip: string): boolean {
-    const now = Date.now();
-    
-    // Get IP-specific limit or use global
-    const ipConfig = this.config.ips?.[ip];
-    const limit = ipConfig?.maxErrorsPerIP || this.config.global.maxErrorsPerIP!;
-    
-    if (!limit) {
-      return false;
-    }
-    
-    // Get or create counter
-    let counter = this.ipCounters.get(ip);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.ipCounters.set(ip, counter);
-      
-      // Initialize IP stats if needed
-      if (!this.stats.byIp[ip]) {
-        this.stats.byIp[ip] = {
-          messagesPerMinute: 0,
-          totalMessages: 0,
-          totalBlocked: 0,
-          connections: 0,
-          errors: 0,
-          authFailures: 0,
-          blocked: false
-        };
-      }
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.errors = 0;
-      counter.lastReset = now;
-    }
-    
-    // Increment counter
-    counter.errors++;
-    
-    // Update statistics
-    this.stats.byIp[ip].errors = counter.errors;
-    
-    // Check if limit is exceeded
-    if (counter.errors >= limit) {
-      // Block the IP
-      this.blockIp(ip);
-      
-      logger.log('warn', `IP ${ip} blocked due to excessive errors (${counter.errors}/${limit})`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.RATE_LIMITING,
-        message: 'IP blocked due to excessive errors',
-        ipAddress: ip,
-        details: {
-          errors: counter.errors,
-          limit
-        },
-        success: false
-      });
-      
-      return true;
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Record an authentication failure from an IP
-   * @param ip IP address
-   * @returns True if IP should be blocked
-   */
-  public recordAuthFailure(ip: string): boolean {
-    const now = Date.now();
-    
-    // Get IP-specific limit or use global
-    const ipConfig = this.config.ips?.[ip];
-    const limit = ipConfig?.maxAuthFailuresPerIP || this.config.global.maxAuthFailuresPerIP!;
-    
-    if (!limit) {
-      return false;
-    }
-    
-    // Get or create counter
-    let counter = this.ipCounters.get(ip);
-    
-    if (!counter) {
-      counter = {
-        count: 0,
-        lastReset: now,
-        recipients: 0,
-        errors: 0,
-        authFailures: 0,
-        connections: 0
-      };
-      this.ipCounters.set(ip, counter);
-      
-      // Initialize IP stats if needed
-      if (!this.stats.byIp[ip]) {
-        this.stats.byIp[ip] = {
-          messagesPerMinute: 0,
-          totalMessages: 0,
-          totalBlocked: 0,
-          connections: 0,
-          errors: 0,
-          authFailures: 0,
-          blocked: false
-        };
-      }
-    }
-    
-    // Check if counter needs to be reset
-    if (now - counter.lastReset >= 60000) {
-      counter.authFailures = 0;
-      counter.lastReset = now;
-    }
-    
-    // Increment counter
-    counter.authFailures++;
-    
-    // Update statistics
-    this.stats.byIp[ip].authFailures = counter.authFailures;
-    
-    // Check if limit is exceeded
-    if (counter.authFailures >= limit) {
-      // Block the IP
-      this.blockIp(ip);
-      
-      logger.log('warn', `IP ${ip} blocked due to excessive authentication failures (${counter.authFailures}/${limit})`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.AUTHENTICATION,
-        message: 'IP blocked due to excessive authentication failures',
-        ipAddress: ip,
-        details: {
-          authFailures: counter.authFailures,
-          limit
-        },
-        success: false
-      });
-      
-      return true;
-    }
-    
-    return false;
-  }
-  
-  /**
-   * Block an IP address
-   * @param ip IP address to block
-   * @param duration Override the default block duration (milliseconds)
-   */
-  public blockIp(ip: string, duration?: number): void {
-    if (!this.config.blocks) {
-      this.config.blocks = {};
-    }
-    
-    // Set block expiry time
-    const expiry = Date.now() + (duration || this.config.global.blockDuration || 3600000);
-    this.config.blocks[ip] = expiry;
-    
-    // Update statistics
-    if (!this.stats.byIp[ip]) {
-      this.stats.byIp[ip] = {
-        messagesPerMinute: 0,
-        totalMessages: 0,
-        totalBlocked: 0,
-        connections: 0,
-        errors: 0,
-        authFailures: 0,
-        blocked: false
-      };
-    }
-    this.stats.byIp[ip].blocked = true;
-    this.stats.currentlyBlocked++;
-    
-    // Emit event
-    this.emit('ipBlocked', {
-      ip,
-      expiry,
-      duration: duration || this.config.global.blockDuration
-    });
-    
-    logger.log('warn', `IP ${ip} blocked until ${new Date(expiry).toISOString()}`);
-  }
-  
-  /**
-   * Unblock an IP address
-   * @param ip IP address to unblock
-   */
-  public unblockIp(ip: string): void {
-    if (!this.config.blocks) {
-      return;
-    }
-    
-    // Remove block
-    delete this.config.blocks[ip];
-    
-    // Update statistics
-    if (this.stats.byIp[ip]) {
-      this.stats.byIp[ip].blocked = false;
-      this.stats.currentlyBlocked--;
-    }
-    
-    // Emit event
-    this.emit('ipUnblocked', { ip });
-    
-    logger.log('info', `IP ${ip} unblocked`);
-  }
-  
-  /**
-   * Check if an IP is blocked
-   * @param ip IP address to check
-   */
-  public isIpBlocked(ip: string): boolean {
-    if (!this.config.blocks) {
-      return false;
-    }
-    
-    // Check if IP is in blocks
-    if (!(ip in this.config.blocks)) {
-      return false;
-    }
-    
-    // Check if block has expired
-    const expiry = this.config.blocks[ip];
-    if (expiry <= Date.now()) {
-      // Remove expired block
-      delete this.config.blocks[ip];
-      
-      // Update statistics
-      if (this.stats.byIp[ip]) {
-        this.stats.byIp[ip].blocked = false;
-        this.stats.currentlyBlocked--;
-      }
-      
-      return false;
-    }
-    
-    return true;
-  }
-  
-  /**
-   * Get the time until a block is released
-   * @param ip IP address
-   * @returns Milliseconds until release or 0 if not blocked
-   */
-  public getBlockReleaseTime(ip: string): number {
-    if (!this.config.blocks || !(ip in this.config.blocks)) {
-      return 0;
-    }
-    
-    const expiry = this.config.blocks[ip];
-    const now = Date.now();
-    
-    return expiry > now ? expiry - now : 0;
-  }
-  
-  /**
-   * Update rate limiter statistics
-   */
-  private updateStats(): void {
-    // Update active counters count
-    this.stats.activeCounters = this.counters.size + this.patternCounters.size + this.ipCounters.size;
-    
-    // Emit statistics update
-    this.emit('statsUpdated', this.stats);
-  }
-  
-  /**
-   * Get rate limiter statistics
-   */
-  public getStats(): IRateLimiterStats {
-    return { ...this.stats };
-  }
-  
-  /**
-   * Update rate limiter configuration
-   * @param config New configuration
-   */
-  public updateConfig(config: Partial<IHierarchicalRateLimits>): void {
-    if (config.global) {
-      this.config.global = {
-        ...this.config.global,
-        ...config.global
-      };
-    }
-    
-    if (config.patterns) {
-      this.config.patterns = {
-        ...this.config.patterns,
-        ...config.patterns
-      };
-    }
-    
-    if (config.ips) {
-      this.config.ips = {
-        ...this.config.ips,
-        ...config.ips
-      };
-    }
-    
-    logger.log('info', 'Rate limiter configuration updated');
-  }
-  
-  /**
-   * Get configuration for debugging
-   */
-  public getConfig(): IHierarchicalRateLimits {
-    return { ...this.config };
-  }
-}

ts/mail/delivery/index.ts

@@ -1,18 +0,0 @@
-// Email delivery components
-export * from './classes.mta.js';
-export * from './classes.smtpserver.js';
-export * from './classes.emailsignjob.js';
-export * from './classes.delivery.queue.js';
-export * from './classes.delivery.system.js';
-
-// Handle exports with naming conflicts
-export { EmailSendJob } from './classes.emailsendjob.js';
-export { DeliveryStatus } from './classes.connector.mta.js';
-export { MtaConnector } from './classes.connector.mta.js';
-
-// Rate limiter exports - fix naming conflict
-export { RateLimiter } from './classes.ratelimiter.js';
-export type { IRateLimitConfig } from './classes.ratelimiter.js';
-
-// Unified rate limiter
-export * from './classes.unified.rate.limiter.js';

ts/mail/index.ts

@@ -1,29 +0,0 @@
-// Export all mail modules for simplified imports
-export * from './routing/index.js';
-export * from './security/index.js';
-export * from './services/index.js';
-
-// Make the core and delivery modules accessible
-import * as Core from './core/index.js';
-import * as Delivery from './delivery/index.js';
-
-export { Core, Delivery };
-
-// For backward compatibility
-import { Email } from './core/classes.email.js';
-import { EmailService } from './services/classes.emailservice.js';
-import { BounceManager, BounceType, BounceCategory } from './core/classes.bouncemanager.js';
-import { EmailValidator } from './core/classes.emailvalidator.js';
-import { TemplateManager } from './core/classes.templatemanager.js';
-import { RuleManager } from './core/classes.rulemanager.js';
-import { ApiManager } from './services/classes.apimanager.js';
-import { MtaService } from './delivery/classes.mta.js';
-import { DcRouter } from '../classes.dcrouter.js';
-
-// Re-export with compatibility names
-export {
-  EmailService as Email, // For backward compatibility with email/index.ts
-  ApiManager,
-  Email as EmailClass, // Provide the actual Email class under a different name
-  DcRouter
-};

ts/mail/routing/classes.dnsmanager.ts

@@ -1,559 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import type { MtaService } from '../delivery/classes.mta.js';
-
-/**
- * Interface for DNS record information
- */
-export interface IDnsRecord {
-  name: string;
-  type: string;
-  value: string;
-  ttl?: number;
-  dnsSecEnabled?: boolean;
-}
-
-/**
- * Interface for DNS lookup options
- */
-export interface IDnsLookupOptions {
-  /** Cache time to live in milliseconds, 0 to disable caching */
-  cacheTtl?: number;
-  /** Timeout for DNS queries in milliseconds */
-  timeout?: number;
-}
-
-/**
- * Interface for DNS verification result
- */
-export interface IDnsVerificationResult {
-  record: string;
-  found: boolean;
-  valid: boolean;
-  value?: string;
-  expectedValue?: string;
-  error?: string;
-}
-
-/**
- * Manager for DNS-related operations, including record lookups, verification, and generation
- */
-export class DNSManager {
-  public mtaRef: MtaService;
-  private cache: Map<string, { data: any; expires: number }> = new Map();
-  private defaultOptions: IDnsLookupOptions = {
-    cacheTtl: 300000, // 5 minutes
-    timeout: 5000 // 5 seconds
-  };
-
-  constructor(mtaRefArg: MtaService, options?: IDnsLookupOptions) {
-    this.mtaRef = mtaRefArg;
-    
-    if (options) {
-      this.defaultOptions = {
-        ...this.defaultOptions,
-        ...options
-      };
-    }
-    
-    // Ensure the DNS records directory exists
-    plugins.smartfile.fs.ensureDirSync(paths.dnsRecordsDir);
-  }
-
-  /**
-   * Lookup MX records for a domain
-   * @param domain Domain to look up
-   * @param options Lookup options
-   * @returns Array of MX records sorted by priority
-   */
-  public async lookupMx(domain: string, options?: IDnsLookupOptions): Promise<plugins.dns.MxRecord[]> {
-    const lookupOptions = { ...this.defaultOptions, ...options };
-    const cacheKey = `mx:${domain}`;
-    
-    // Check cache first
-    const cached = this.getFromCache<plugins.dns.MxRecord[]>(cacheKey);
-    if (cached) {
-      return cached;
-    }
-    
-    try {
-      const records = await this.dnsResolveMx(domain, lookupOptions.timeout);
-      
-      // Sort by priority
-      records.sort((a, b) => a.priority - b.priority);
-      
-      // Cache the result
-      this.setInCache(cacheKey, records, lookupOptions.cacheTtl);
-      
-      return records;
-    } catch (error) {
-      console.error(`Error looking up MX records for ${domain}:`, error);
-      throw new Error(`Failed to lookup MX records for ${domain}: ${error.message}`);
-    }
-  }
-
-  /**
-   * Lookup TXT records for a domain
-   * @param domain Domain to look up
-   * @param options Lookup options
-   * @returns Array of TXT records
-   */
-  public async lookupTxt(domain: string, options?: IDnsLookupOptions): Promise<string[][]> {
-    const lookupOptions = { ...this.defaultOptions, ...options };
-    const cacheKey = `txt:${domain}`;
-    
-    // Check cache first
-    const cached = this.getFromCache<string[][]>(cacheKey);
-    if (cached) {
-      return cached;
-    }
-    
-    try {
-      const records = await this.dnsResolveTxt(domain, lookupOptions.timeout);
-      
-      // Cache the result
-      this.setInCache(cacheKey, records, lookupOptions.cacheTtl);
-      
-      return records;
-    } catch (error) {
-      console.error(`Error looking up TXT records for ${domain}:`, error);
-      throw new Error(`Failed to lookup TXT records for ${domain}: ${error.message}`);
-    }
-  }
-
-  /**
-   * Find specific TXT record by subdomain and prefix
-   * @param domain Base domain
-   * @param subdomain Subdomain prefix (e.g., "dkim._domainkey")
-   * @param prefix Record prefix to match (e.g., "v=DKIM1")
-   * @param options Lookup options
-   * @returns Matching TXT record or null if not found
-   */
-  public async findTxtRecord(
-    domain: string,
-    subdomain: string = '',
-    prefix: string = '',
-    options?: IDnsLookupOptions
-  ): Promise<string | null> {
-    const fullDomain = subdomain ? `${subdomain}.${domain}` : domain;
-    
-    try {
-      const records = await this.lookupTxt(fullDomain, options);
-      
-      for (const recordArray of records) {
-        // TXT records can be split into chunks, join them
-        const record = recordArray.join('');
-        
-        if (!prefix || record.startsWith(prefix)) {
-          return record;
-        }
-      }
-      
-      return null;
-    } catch (error) {
-      // Domain might not exist or no TXT records
-      console.log(`No matching TXT record found for ${fullDomain} with prefix ${prefix}`);
-      return null;
-    }
-  }
-
-  /**
-   * Verify if a domain has a valid SPF record
-   * @param domain Domain to verify
-   * @returns Verification result
-   */
-  public async verifySpfRecord(domain: string): Promise<IDnsVerificationResult> {
-    const result: IDnsVerificationResult = {
-      record: 'SPF',
-      found: false,
-      valid: false
-    };
-    
-    try {
-      const spfRecord = await this.findTxtRecord(domain, '', 'v=spf1');
-      
-      if (spfRecord) {
-        result.found = true;
-        result.value = spfRecord;
-        
-        // Basic validation - check if it contains all, include, ip4, ip6, or mx mechanisms
-        const isValid = /v=spf1\s+([-~?+]?(all|include:|ip4:|ip6:|mx|a|exists:))/.test(spfRecord);
-        result.valid = isValid;
-        
-        if (!isValid) {
-          result.error = 'SPF record format is invalid';
-        }
-      } else {
-        result.error = 'No SPF record found';
-      }
-    } catch (error) {
-      result.error = `Error verifying SPF: ${error.message}`;
-    }
-    
-    return result;
-  }
-
-  /**
-   * Verify if a domain has a valid DKIM record
-   * @param domain Domain to verify
-   * @param selector DKIM selector (usually "mta" in our case)
-   * @returns Verification result
-   */
-  public async verifyDkimRecord(domain: string, selector: string = 'mta'): Promise<IDnsVerificationResult> {
-    const result: IDnsVerificationResult = {
-      record: 'DKIM',
-      found: false,
-      valid: false
-    };
-    
-    try {
-      const dkimSelector = `${selector}._domainkey`;
-      const dkimRecord = await this.findTxtRecord(domain, dkimSelector, 'v=DKIM1');
-      
-      if (dkimRecord) {
-        result.found = true;
-        result.value = dkimRecord;
-        
-        // Basic validation - check for required fields
-        const hasP = dkimRecord.includes('p=');
-        result.valid = dkimRecord.includes('v=DKIM1') && hasP;
-        
-        if (!result.valid) {
-          result.error = 'DKIM record is missing required fields';
-        } else if (dkimRecord.includes('p=') && !dkimRecord.match(/p=[a-zA-Z0-9+/]+/)) {
-          result.valid = false;
-          result.error = 'DKIM record has invalid public key format';
-        }
-      } else {
-        result.error = `No DKIM record found for selector ${selector}`;
-      }
-    } catch (error) {
-      result.error = `Error verifying DKIM: ${error.message}`;
-    }
-    
-    return result;
-  }
-
-  /**
-   * Verify if a domain has a valid DMARC record
-   * @param domain Domain to verify
-   * @returns Verification result
-   */
-  public async verifyDmarcRecord(domain: string): Promise<IDnsVerificationResult> {
-    const result: IDnsVerificationResult = {
-      record: 'DMARC',
-      found: false,
-      valid: false
-    };
-    
-    try {
-      const dmarcDomain = `_dmarc.${domain}`;
-      const dmarcRecord = await this.findTxtRecord(dmarcDomain, '', 'v=DMARC1');
-      
-      if (dmarcRecord) {
-        result.found = true;
-        result.value = dmarcRecord;
-        
-        // Basic validation - check for required fields
-        const hasPolicy = dmarcRecord.includes('p=');
-        result.valid = dmarcRecord.includes('v=DMARC1') && hasPolicy;
-        
-        if (!result.valid) {
-          result.error = 'DMARC record is missing required fields';
-        }
-      } else {
-        result.error = 'No DMARC record found';
-      }
-    } catch (error) {
-      result.error = `Error verifying DMARC: ${error.message}`;
-    }
-    
-    return result;
-  }
-
-  /**
-   * Check all email authentication records (SPF, DKIM, DMARC) for a domain
-   * @param domain Domain to check
-   * @param dkimSelector DKIM selector
-   * @returns Object with verification results for each record type
-   */
-  public async verifyEmailAuthRecords(domain: string, dkimSelector: string = 'mta'): Promise<{
-    spf: IDnsVerificationResult;
-    dkim: IDnsVerificationResult;
-    dmarc: IDnsVerificationResult;
-  }> {
-    const [spf, dkim, dmarc] = await Promise.all([
-      this.verifySpfRecord(domain),
-      this.verifyDkimRecord(domain, dkimSelector),
-      this.verifyDmarcRecord(domain)
-    ]);
-    
-    return { spf, dkim, dmarc };
-  }
-
-  /**
-   * Generate a recommended SPF record for a domain
-   * @param domain Domain name
-   * @param options Configuration options for the SPF record
-   * @returns Generated SPF record
-   */
-  public generateSpfRecord(domain: string, options: {
-    includeMx?: boolean;
-    includeA?: boolean;
-    includeIps?: string[];
-    includeSpf?: string[];
-    policy?: 'none' | 'neutral' | 'softfail' | 'fail' | 'reject';
-  } = {}): IDnsRecord {
-    const {
-      includeMx = true,
-      includeA = true,
-      includeIps = [],
-      includeSpf = [],
-      policy = 'softfail'
-    } = options;
-    
-    let value = 'v=spf1';
-    
-    if (includeMx) {
-      value += ' mx';
-    }
-    
-    if (includeA) {
-      value += ' a';
-    }
-    
-    // Add IP addresses
-    for (const ip of includeIps) {
-      if (ip.includes(':')) {
-        value += ` ip6:${ip}`;
-      } else {
-        value += ` ip4:${ip}`;
-      }
-    }
-    
-    // Add includes
-    for (const include of includeSpf) {
-      value += ` include:${include}`;
-    }
-    
-    // Add policy
-    const policyMap = {
-      'none': '?all',
-      'neutral': '~all',
-      'softfail': '~all',
-      'fail': '-all',
-      'reject': '-all'
-    };
-    
-    value += ` ${policyMap[policy]}`;
-    
-    return {
-      name: domain,
-      type: 'TXT',
-      value: value
-    };
-  }
-
-  /**
-   * Generate a recommended DMARC record for a domain
-   * @param domain Domain name
-   * @param options Configuration options for the DMARC record
-   * @returns Generated DMARC record
-   */
-  public generateDmarcRecord(domain: string, options: {
-    policy?: 'none' | 'quarantine' | 'reject';
-    subdomainPolicy?: 'none' | 'quarantine' | 'reject';
-    pct?: number;
-    rua?: string;
-    ruf?: string;
-    daysInterval?: number;
-  } = {}): IDnsRecord {
-    const {
-      policy = 'none',
-      subdomainPolicy,
-      pct = 100,
-      rua,
-      ruf,
-      daysInterval = 1
-    } = options;
-    
-    let value = 'v=DMARC1; p=' + policy;
-    
-    if (subdomainPolicy) {
-      value += `; sp=${subdomainPolicy}`;
-    }
-    
-    if (pct !== 100) {
-      value += `; pct=${pct}`;
-    }
-    
-    if (rua) {
-      value += `; rua=mailto:${rua}`;
-    }
-    
-    if (ruf) {
-      value += `; ruf=mailto:${ruf}`;
-    }
-    
-    if (daysInterval !== 1) {
-      value += `; ri=${daysInterval * 86400}`;
-    }
-    
-    // Add reporting format and ADKIM/ASPF alignment
-    value += '; fo=1; adkim=r; aspf=r';
-    
-    return {
-      name: `_dmarc.${domain}`,
-      type: 'TXT',
-      value: value
-    };
-  }
-
-  /**
-   * Save DNS record recommendations to a file
-   * @param domain Domain name
-   * @param records DNS records to save
-   */
-  public async saveDnsRecommendations(domain: string, records: IDnsRecord[]): Promise<void> {
-    try {
-      const filePath = plugins.path.join(paths.dnsRecordsDir, `${domain}.recommendations.json`);
-      plugins.smartfile.memory.toFsSync(JSON.stringify(records, null, 2), filePath);
-      console.log(`DNS recommendations for ${domain} saved to ${filePath}`);
-    } catch (error) {
-      console.error(`Error saving DNS recommendations for ${domain}:`, error);
-    }
-  }
-
-  /**
-   * Get cache key value
-   * @param key Cache key
-   * @returns Cached value or undefined if not found or expired
-   */
-  private getFromCache<T>(key: string): T | undefined {
-    const cached = this.cache.get(key);
-    
-    if (cached && cached.expires > Date.now()) {
-      return cached.data as T;
-    }
-    
-    // Remove expired entry
-    if (cached) {
-      this.cache.delete(key);
-    }
-    
-    return undefined;
-  }
-
-  /**
-   * Set cache key value
-   * @param key Cache key
-   * @param data Data to cache
-   * @param ttl TTL in milliseconds
-   */
-  private setInCache<T>(key: string, data: T, ttl: number = this.defaultOptions.cacheTtl): void {
-    if (ttl <= 0) return; // Don't cache if TTL is disabled
-    
-    this.cache.set(key, {
-      data,
-      expires: Date.now() + ttl
-    });
-  }
-
-  /**
-   * Clear the DNS cache
-   * @param key Optional specific key to clear, or all cache if not provided
-   */
-  public clearCache(key?: string): void {
-    if (key) {
-      this.cache.delete(key);
-    } else {
-      this.cache.clear();
-    }
-  }
-
-  /**
-   * Promise-based wrapper for dns.resolveMx
-   * @param domain Domain to resolve
-   * @param timeout Timeout in milliseconds
-   * @returns Promise resolving to MX records
-   */
-  private dnsResolveMx(domain: string, timeout: number = 5000): Promise<plugins.dns.MxRecord[]> {
-    return new Promise((resolve, reject) => {
-      const timeoutId = setTimeout(() => {
-        reject(new Error(`DNS MX lookup timeout for ${domain}`));
-      }, timeout);
-      
-      plugins.dns.resolveMx(domain, (err, addresses) => {
-        clearTimeout(timeoutId);
-        
-        if (err) {
-          reject(err);
-        } else {
-          resolve(addresses);
-        }
-      });
-    });
-  }
-
-  /**
-   * Promise-based wrapper for dns.resolveTxt
-   * @param domain Domain to resolve
-   * @param timeout Timeout in milliseconds
-   * @returns Promise resolving to TXT records
-   */
-  private dnsResolveTxt(domain: string, timeout: number = 5000): Promise<string[][]> {
-    return new Promise((resolve, reject) => {
-      const timeoutId = setTimeout(() => {
-        reject(new Error(`DNS TXT lookup timeout for ${domain}`));
-      }, timeout);
-      
-      plugins.dns.resolveTxt(domain, (err, records) => {
-        clearTimeout(timeoutId);
-        
-        if (err) {
-          reject(err);
-        } else {
-          resolve(records);
-        }
-      });
-    });
-  }
-
-  /**
-   * Generate all recommended DNS records for proper email authentication
-   * @param domain Domain to generate records for
-   * @returns Array of recommended DNS records
-   */
-  public async generateAllRecommendedRecords(domain: string): Promise<IDnsRecord[]> {
-    const records: IDnsRecord[] = [];
-    
-    // Get DKIM record (already created by DKIMCreator)
-    try {
-      // Now using the public method
-      const dkimRecord = await this.mtaRef.dkimCreator.getDNSRecordForDomain(domain);
-      records.push(dkimRecord);
-    } catch (error) {
-      console.error(`Error getting DKIM record for ${domain}:`, error);
-    }
-    
-    // Generate SPF record
-    const spfRecord = this.generateSpfRecord(domain, {
-      includeMx: true,
-      includeA: true,
-      policy: 'softfail'
-    });
-    records.push(spfRecord);
-    
-    // Generate DMARC record
-    const dmarcRecord = this.generateDmarcRecord(domain, {
-      policy: 'none', // Start with monitoring mode
-      rua: `dmarc@${domain}` // Replace with appropriate report address
-    });
-    records.push(dmarcRecord);
-    
-    // Save recommendations
-    await this.saveDnsRecommendations(domain, records);
-    
-    return records;
-  }
-}

ts/mail/routing/classes.domain.router.ts

@@ -1,369 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EventEmitter } from 'node:events';
-import { type IDomainRule, type EmailProcessingMode } from './classes.email.config.js';
-
-/**
- * Options for the domain-based router
- */
-export interface IDomainRouterOptions {
-  // Domain rules with glob pattern matching
-  domainRules: IDomainRule[];
-  
-  // Default handling for unmatched domains
-  defaultMode: EmailProcessingMode;
-  defaultServer?: string;
-  defaultPort?: number;
-  defaultTls?: boolean;
-  
-  // Pattern matching options
-  caseSensitive?: boolean;
-  priorityOrder?: 'most-specific' | 'first-match';
-  
-  // Cache settings for pattern matching
-  enableCache?: boolean;
-  cacheSize?: number;
-}
-
-/**
- * Result of a pattern match operation
- */
-export interface IPatternMatchResult {
-  rule: IDomainRule;
-  exactMatch: boolean;
-  wildcardMatch: boolean;
-  specificity: number; // Higher is more specific
-}
-
-/**
- * A pattern matching and routing class for email domains
- */
-export class DomainRouter extends EventEmitter {
-  private options: IDomainRouterOptions;
-  private patternCache: Map<string, IDomainRule | null> = new Map();
-  
-  /**
-   * Create a new domain router
-   * @param options Router options
-   */
-  constructor(options: IDomainRouterOptions) {
-    super();
-    this.options = {
-      // Default options
-      caseSensitive: false,
-      priorityOrder: 'most-specific',
-      enableCache: true,
-      cacheSize: 1000,
-      ...options
-    };
-  }
-  
-  /**
-   * Match an email address against defined rules
-   * @param email Email address to match
-   * @returns The matching rule or null if no match
-   */
-  public matchRule(email: string): IDomainRule | null {
-    // Check cache first if enabled
-    if (this.options.enableCache && this.patternCache.has(email)) {
-      return this.patternCache.get(email) || null;
-    }
-    
-    // Normalize email if case-insensitive
-    const normalizedEmail = this.options.caseSensitive ? email : email.toLowerCase();
-    
-    // Get all matching rules
-    const matches = this.getAllMatchingRules(normalizedEmail);
-    
-    if (matches.length === 0) {
-      // Cache the result (null) if caching is enabled
-      if (this.options.enableCache) {
-        this.addToCache(email, null);
-      }
-      return null;
-    }
-    
-    // Sort by specificity or order
-    let matchedRule: IDomainRule;
-    
-    if (this.options.priorityOrder === 'most-specific') {
-      // Sort by specificity (most specific first)
-      const sortedMatches = matches.sort((a, b) => {
-        const aSpecificity = this.calculateSpecificity(a.pattern);
-        const bSpecificity = this.calculateSpecificity(b.pattern);
-        return bSpecificity - aSpecificity;
-      });
-      
-      matchedRule = sortedMatches[0];
-    } else {
-      // First match in the list
-      matchedRule = matches[0];
-    }
-    
-    // Cache the result if caching is enabled
-    if (this.options.enableCache) {
-      this.addToCache(email, matchedRule);
-    }
-    
-    return matchedRule;
-  }
-  
-  /**
-   * Calculate pattern specificity
-   * Higher is more specific
-   * @param pattern Pattern to calculate specificity for
-   */
-  private calculateSpecificity(pattern: string): number {
-    let specificity = 0;
-    
-    // Exact match is most specific
-    if (!pattern.includes('*')) {
-      return 100;
-    }
-    
-    // Count characters that aren't wildcards
-    specificity += pattern.replace(/\*/g, '').length;
-    
-    // Position of wildcards affects specificity
-    if (pattern.startsWith('*@')) {
-      // Wildcard in local part
-      specificity += 10;
-    } else if (pattern.includes('@*')) {
-      // Wildcard in domain part
-      specificity += 20;
-    }
-    
-    return specificity;
-  }
-  
-  /**
-   * Check if email matches a specific pattern
-   * @param email Email address to check
-   * @param pattern Pattern to check against
-   * @returns True if matching, false otherwise
-   */
-  public matchesPattern(email: string, pattern: string): boolean {
-    // Normalize if case-insensitive
-    const normalizedEmail = this.options.caseSensitive ? email : email.toLowerCase();
-    const normalizedPattern = this.options.caseSensitive ? pattern : pattern.toLowerCase();
-    
-    // Exact match
-    if (normalizedEmail === normalizedPattern) {
-      return true;
-    }
-    
-    // Convert glob pattern to regex
-    const regexPattern = this.globToRegExp(normalizedPattern);
-    return regexPattern.test(normalizedEmail);
-  }
-  
-  /**
-   * Convert a glob pattern to a regular expression
-   * @param pattern Glob pattern
-   * @returns Regular expression
-   */
-  private globToRegExp(pattern: string): RegExp {
-    // Escape special regex characters except * and ?
-    let regexString = pattern
-      .replace(/[.+^${}()|[\]\\]/g, '\\$&')
-      .replace(/\*/g, '.*')
-      .replace(/\?/g, '.');
-    
-    return new RegExp(`^${regexString}$`);
-  }
-  
-  /**
-   * Get all rules that match an email address
-   * @param email Email address to match
-   * @returns Array of matching rules
-   */
-  public getAllMatchingRules(email: string): IDomainRule[] {
-    return this.options.domainRules.filter(rule => this.matchesPattern(email, rule.pattern));
-  }
-  
-  /**
-   * Add a new routing rule
-   * @param rule Domain rule to add
-   */
-  public addRule(rule: IDomainRule): void {
-    // Validate the rule
-    this.validateRule(rule);
-    
-    // Add the rule
-    this.options.domainRules.push(rule);
-    
-    // Clear cache since rules have changed
-    this.clearCache();
-    
-    // Emit event
-    this.emit('ruleAdded', rule);
-  }
-  
-  /**
-   * Validate a domain rule
-   * @param rule Rule to validate
-   */
-  private validateRule(rule: IDomainRule): void {
-    // Pattern is required
-    if (!rule.pattern) {
-      throw new Error('Domain rule pattern is required');
-    }
-    
-    // Mode is required
-    if (!rule.mode) {
-      throw new Error('Domain rule mode is required');
-    }
-    
-    // Forward mode requires target
-    if (rule.mode === 'forward' && !rule.target) {
-      throw new Error('Forward mode requires target configuration');
-    }
-    
-    // Forward mode target requires server
-    if (rule.mode === 'forward' && rule.target && !rule.target.server) {
-      throw new Error('Forward mode target requires server');
-    }
-  }
-  
-  /**
-   * Update an existing rule
-   * @param pattern Pattern to update
-   * @param updates Updates to apply
-   * @returns True if rule was found and updated, false otherwise
-   */
-  public updateRule(pattern: string, updates: Partial<IDomainRule>): boolean {
-    const ruleIndex = this.options.domainRules.findIndex(r => r.pattern === pattern);
-    
-    if (ruleIndex === -1) {
-      return false;
-    }
-    
-    // Get current rule
-    const currentRule = this.options.domainRules[ruleIndex];
-    
-    // Create updated rule
-    const updatedRule: IDomainRule = {
-      ...currentRule,
-      ...updates
-    };
-    
-    // Validate the updated rule
-    this.validateRule(updatedRule);
-    
-    // Update the rule
-    this.options.domainRules[ruleIndex] = updatedRule;
-    
-    // Clear cache since rules have changed
-    this.clearCache();
-    
-    // Emit event
-    this.emit('ruleUpdated', updatedRule);
-    
-    return true;
-  }
-  
-  /**
-   * Remove a rule
-   * @param pattern Pattern to remove
-   * @returns True if rule was found and removed, false otherwise
-   */
-  public removeRule(pattern: string): boolean {
-    const initialLength = this.options.domainRules.length;
-    this.options.domainRules = this.options.domainRules.filter(r => r.pattern !== pattern);
-    
-    const removed = initialLength > this.options.domainRules.length;
-    
-    if (removed) {
-      // Clear cache since rules have changed
-      this.clearCache();
-      
-      // Emit event
-      this.emit('ruleRemoved', pattern);
-    }
-    
-    return removed;
-  }
-  
-  /**
-   * Get rule by pattern
-   * @param pattern Pattern to find
-   * @returns Rule with matching pattern or null if not found
-   */
-  public getRule(pattern: string): IDomainRule | null {
-    return this.options.domainRules.find(r => r.pattern === pattern) || null;
-  }
-  
-  /**
-   * Get all rules
-   * @returns Array of all domain rules
-   */
-  public getRules(): IDomainRule[] {
-    return [...this.options.domainRules];
-  }
-  
-  /**
-   * Update options
-   * @param options New options
-   */
-  public updateOptions(options: Partial<IDomainRouterOptions>): void {
-    this.options = {
-      ...this.options,
-      ...options
-    };
-    
-    // Clear cache if cache settings changed
-    if ('enableCache' in options || 'cacheSize' in options) {
-      this.clearCache();
-    }
-    
-    // Emit event
-    this.emit('optionsUpdated', this.options);
-  }
-  
-  /**
-   * Add an item to the pattern cache
-   * @param email Email address
-   * @param rule Matching rule or null
-   */
-  private addToCache(email: string, rule: IDomainRule | null): void {
-    // If cache is disabled, do nothing
-    if (!this.options.enableCache) {
-      return;
-    }
-    
-    // Add to cache
-    this.patternCache.set(email, rule);
-    
-    // Check if cache size exceeds limit
-    if (this.patternCache.size > (this.options.cacheSize || 1000)) {
-      // Remove oldest entry (first in the Map)
-      const firstKey = this.patternCache.keys().next().value;
-      this.patternCache.delete(firstKey);
-    }
-  }
-  
-  /**
-   * Clear pattern matching cache
-   */
-  public clearCache(): void {
-    this.patternCache.clear();
-    this.emit('cacheCleared');
-  }
-  
-  /**
-   * Update all domain rules at once
-   * @param rules New set of domain rules to replace existing ones
-   */
-  public updateRules(rules: IDomainRule[]): void {
-    // Validate all rules
-    rules.forEach(rule => this.validateRule(rule));
-    
-    // Replace all rules
-    this.options.domainRules = [...rules];
-    
-    // Clear cache since rules have changed
-    this.clearCache();
-    
-    // Emit event
-    this.emit('rulesUpdated', rules);
-  }
-}

ts/mail/routing/classes.email.config.ts

@@ -1,129 +0,0 @@
-import * as plugins from '../../plugins.js';
-
-/**
- * Email processing modes
- */
-export type EmailProcessingMode = 'forward' | 'mta' | 'process';
-
-/**
- * Consolidated email configuration interface
- */
-export interface IEmailConfig {
-  // Email server settings
-  ports: number[];
-  hostname: string;
-  maxMessageSize?: number;
-  
-  // TLS configuration for email server
-  tls?: {
-    certPath?: string;
-    keyPath?: string;
-    caPath?: string;
-    minVersion?: string;
-  };
-  
-  // Authentication for inbound connections
-  auth?: {
-    required?: boolean;
-    methods?: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
-    users?: Array<{username: string, password: string}>;
-  };
-  
-  // Default routing for unmatched domains
-  defaultMode: EmailProcessingMode;
-  defaultServer?: string;
-  defaultPort?: number;
-  defaultTls?: boolean;
-  
-  // Domain rules with glob pattern support
-  domainRules: IDomainRule[];
-  
-  // Queue configuration for all email processing
-  queue?: {
-    storageType?: 'memory' | 'disk';
-    persistentPath?: string;
-    maxRetries?: number;
-    baseRetryDelay?: number;
-    maxRetryDelay?: number;
-  };
-  
-  // Advanced MTA settings
-  mtaGlobalOptions?: IMtaOptions;
-}
-
-/**
- * Domain rule interface for pattern-based routing
- */
-export interface IDomainRule {
-  // Domain pattern (e.g., "*@example.com", "*@*.example.net")
-  pattern: string;
-  
-  // Handling mode for this pattern
-  mode: EmailProcessingMode;
-  
-  // Forward mode configuration
-  target?: {
-    server: string;
-    port?: number;
-    useTls?: boolean;
-    authentication?: {
-      user?: string;
-      pass?: string;
-    };
-  };
-  
-  // MTA mode configuration
-  mtaOptions?: IMtaOptions;
-  
-  // Process mode configuration
-  contentScanning?: boolean;
-  scanners?: IContentScanner[];
-  transformations?: ITransformation[];
-  
-  // Rate limits for this domain
-  rateLimits?: {
-    maxMessagesPerMinute?: number;
-    maxRecipientsPerMessage?: number;
-  };
-}
-
-/**
- * MTA options interface
- */
-export interface IMtaOptions {
-  domain?: string;
-  allowLocalDelivery?: boolean;
-  localDeliveryPath?: string;
-  dkimSign?: boolean;
-  dkimOptions?: {
-    domainName: string;
-    keySelector: string;
-    privateKey: string;
-  };
-  smtpBanner?: string;
-  maxConnections?: number;
-  connTimeout?: number;
-  spoolDir?: string;
-}
-
-/**
- * Content scanner interface
- */
-export interface IContentScanner {
-  type: 'spam' | 'virus' | 'attachment';
-  threshold?: number;
-  action: 'tag' | 'reject';
-  blockedExtensions?: string[];
-}
-
-/**
- * Transformation interface
- */
-export interface ITransformation {
-  type: string;
-  header?: string;
-  value?: string;
-  domains?: string[];
-  append?: boolean;
-  [key: string]: any;
-}

ts/mail/routing/classes.unified.email.server.ts

@@ -1,991 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { EventEmitter } from 'events';
-import { logger } from '../../logger.js';
-import { 
-  SecurityLogger, 
-  SecurityLogLevel, 
-  SecurityEventType 
-} from '../../security/index.js';
-import { DomainRouter } from './classes.domain.router.js';
-import type { 
-  IEmailConfig, 
-  EmailProcessingMode,
-  IDomainRule 
-} from './classes.email.config.js';
-import { Email } from '../core/classes.email.js';
-import * as net from 'node:net';
-import * as tls from 'node:tls';
-import * as stream from 'node:stream';
-import { SMTPServer as MtaSmtpServer } from '../delivery/classes.smtpserver.js';
-
-/**
- * Options for the unified email server
- */
-export interface IUnifiedEmailServerOptions {
-  // Base server options
-  ports: number[];
-  hostname: string;
-  banner?: string;
-  
-  // Authentication options
-  auth?: {
-    required?: boolean;
-    methods?: ('PLAIN' | 'LOGIN' | 'OAUTH2')[];
-    users?: Array<{username: string, password: string}>;
-  };
-  
-  // TLS options
-  tls?: {
-    certPath?: string;
-    keyPath?: string;
-    caPath?: string;
-    minVersion?: string;
-    ciphers?: string;
-  };
-  
-  // Limits
-  maxMessageSize?: number;
-  maxClients?: number;
-  maxConnections?: number;
-  
-  // Connection options
-  connectionTimeout?: number;
-  socketTimeout?: number;
-  
-  // Domain rules
-  domainRules: IDomainRule[];
-  
-  // Default handling for unmatched domains
-  defaultMode: EmailProcessingMode;
-  defaultServer?: string;
-  defaultPort?: number;
-  defaultTls?: boolean;
-}
-
-/**
- * Interface describing SMTP session data
- */
-export interface ISmtpSession {
-  id: string;
-  remoteAddress: string;
-  clientHostname: string;
-  secure: boolean;
-  authenticated: boolean;
-  user?: {
-    username: string;
-    [key: string]: any;
-  };
-  envelope: {
-    mailFrom: {
-      address: string;
-      args: any;
-    };
-    rcptTo: Array<{
-      address: string;
-      args: any;
-    }>;
-  };
-  processingMode?: EmailProcessingMode;
-  matchedRule?: IDomainRule;
-}
-
-/**
- * Authentication data for SMTP
- */
-export interface IAuthData {
-  method: string;
-  username: string;
-  password: string;
-}
-
-/**
- * Server statistics
- */
-export interface IServerStats {
-  startTime: Date;
-  connections: {
-    current: number;
-    total: number;
-  };
-  messages: {
-    processed: number;
-    delivered: number;
-    failed: number;
-  };
-  processingTime: {
-    avg: number;
-    max: number;
-    min: number;
-  };
-}
-
-/**
- * Unified email server that handles all email traffic with pattern-based routing
- */
-export class UnifiedEmailServer extends EventEmitter {
-  private options: IUnifiedEmailServerOptions;
-  private domainRouter: DomainRouter;
-  private servers: MtaSmtpServer[] = [];
-  private stats: IServerStats;
-  private processingTimes: number[] = [];
-  
-  constructor(options: IUnifiedEmailServerOptions) {
-    super();
-    
-    // Set default options
-    this.options = {
-      ...options,
-      banner: options.banner || `${options.hostname} ESMTP UnifiedEmailServer`,
-      maxMessageSize: options.maxMessageSize || 10 * 1024 * 1024, // 10MB
-      maxClients: options.maxClients || 100,
-      maxConnections: options.maxConnections || 1000,
-      connectionTimeout: options.connectionTimeout || 60000, // 1 minute
-      socketTimeout: options.socketTimeout || 60000 // 1 minute
-    };
-    
-    // Initialize domain router for pattern matching
-    this.domainRouter = new DomainRouter({
-      domainRules: options.domainRules,
-      defaultMode: options.defaultMode,
-      defaultServer: options.defaultServer,
-      defaultPort: options.defaultPort,
-      defaultTls: options.defaultTls,
-      enableCache: true,
-      cacheSize: 1000
-    });
-    
-    // Initialize statistics
-    this.stats = {
-      startTime: new Date(),
-      connections: {
-        current: 0,
-        total: 0
-      },
-      messages: {
-        processed: 0,
-        delivered: 0,
-        failed: 0
-      },
-      processingTime: {
-        avg: 0,
-        max: 0,
-        min: 0
-      }
-    };
-    
-    // We'll create the SMTP servers during the start() method
-  }
-  
-  /**
-   * Start the unified email server
-   */
-  public async start(): Promise<void> {
-    logger.log('info', `Starting UnifiedEmailServer on ports: ${(this.options.ports as number[]).join(', ')}`);
-    
-    try {
-      // Ensure we have the necessary TLS options
-      const hasTlsConfig = this.options.tls?.keyPath && this.options.tls?.certPath;
-      
-      // Prepare the certificate and key if available
-      let key: string | undefined;
-      let cert: string | undefined;
-      
-      if (hasTlsConfig) {
-        try {
-          key = plugins.fs.readFileSync(this.options.tls.keyPath!, 'utf8');
-          cert = plugins.fs.readFileSync(this.options.tls.certPath!, 'utf8');
-          logger.log('info', 'TLS certificates loaded successfully');
-        } catch (error) {
-          logger.log('warn', `Failed to load TLS certificates: ${error.message}`);
-        }
-      }
-      
-      // Create a SMTP server for each port
-      for (const port of this.options.ports as number[]) {
-        // Create a reference object to hold the MTA service during setup
-        const mtaRef = {
-          config: {
-            smtp: {
-              hostname: this.options.hostname
-            },
-            security: {
-              checkIPReputation: false,
-              verifyDkim: true,
-              verifySpf: true,
-              verifyDmarc: true
-            }
-          },
-          // These will be implemented in the real integration:
-          dkimVerifier: {
-            verify: async () => ({ isValid: true, domain: '' })
-          },
-          spfVerifier: {
-            verifyAndApply: async () => true
-          },
-          dmarcVerifier: {
-            verify: async () => ({}),
-            applyPolicy: () => true
-          },
-          processIncomingEmail: async (email: Email) => {
-            // This is where we'll process the email based on domain routing
-            const to = email.to[0]; // Email.to is an array, take the first recipient
-            const rule = this.domainRouter.matchRule(to);
-            const mode = rule?.mode || this.options.defaultMode;
-            
-            // Process based on the mode
-            await this.processEmailByMode(email, { 
-              id: 'session-' + Math.random().toString(36).substring(2),
-              remoteAddress: '127.0.0.1',
-              clientHostname: '',
-              secure: false,
-              authenticated: false,
-              envelope: {
-                mailFrom: { address: email.from, args: {} },
-                rcptTo: email.to.map(recipient => ({ address: recipient, args: {} }))
-              },
-              processingMode: mode,
-              matchedRule: rule
-            }, mode);
-            
-            return true;
-          }
-        };
-        
-        // Create server options
-        const serverOptions = {
-          port,
-          hostname: this.options.hostname,
-          key,
-          cert
-        };
-        
-        // Create and start the SMTP server
-        const smtpServer = new MtaSmtpServer(mtaRef as any, serverOptions);
-        this.servers.push(smtpServer);
-        
-        // Start the server
-        await new Promise<void>((resolve, reject) => {
-          try {
-            smtpServer.start();
-            logger.log('info', `UnifiedEmailServer listening on port ${port}`);
-            
-            // Set up event handlers 
-            (smtpServer as any).server.on('error', (err: Error) => {
-              logger.log('error', `SMTP server error on port ${port}: ${err.message}`);
-              this.emit('error', err);
-            });
-            
-            resolve();
-          } catch (err) {
-            if ((err as any).code === 'EADDRINUSE') {
-              logger.log('error', `Port ${port} is already in use`);
-              reject(new Error(`Port ${port} is already in use`));
-            } else {
-              logger.log('error', `Error starting server on port ${port}: ${err.message}`);
-              reject(err);
-            }
-          }
-        });
-      }
-      
-      logger.log('info', 'UnifiedEmailServer started successfully');
-      this.emit('started');
-    } catch (error) {
-      logger.log('error', `Failed to start UnifiedEmailServer: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Stop the unified email server
-   */
-  public async stop(): Promise<void> {
-    logger.log('info', 'Stopping UnifiedEmailServer');
-    
-    try {
-      // Stop all SMTP servers
-      for (const server of this.servers) {
-        server.stop();
-      }
-      
-      // Clear the servers array
-      this.servers = [];
-      
-      logger.log('info', 'UnifiedEmailServer stopped successfully');
-      this.emit('stopped');
-    } catch (error) {
-      logger.log('error', `Error stopping UnifiedEmailServer: ${error.message}`);
-      throw error;
-    }
-  }
-  
-  /**
-   * Handle new SMTP connection (stub implementation)
-   */
-  private onConnect(session: ISmtpSession, callback: (err?: Error) => void): void {
-    logger.log('info', `New connection from ${session.remoteAddress}`);
-    
-    // Update connection statistics
-    this.stats.connections.current++;
-    this.stats.connections.total++;
-    
-    // Log connection event
-    SecurityLogger.getInstance().logEvent({
-      level: SecurityLogLevel.INFO,
-      type: SecurityEventType.CONNECTION,
-      message: 'New SMTP connection established',
-      ipAddress: session.remoteAddress,
-      details: {
-        sessionId: session.id,
-        secure: session.secure
-      }
-    });
-    
-    // Optional IP reputation check would go here
-    
-    // Continue with the connection
-    callback();
-  }
-  
-  /**
-   * Handle authentication (stub implementation)
-   */
-  private onAuth(auth: IAuthData, session: ISmtpSession, callback: (err?: Error, user?: any) => void): void {
-    if (!this.options.auth || !this.options.auth.users || this.options.auth.users.length === 0) {
-      // No authentication configured, reject
-      const error = new Error('Authentication not supported');
-      logger.log('warn', `Authentication attempt when not configured: ${auth.username}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.AUTHENTICATION,
-        message: 'Authentication attempt when not configured',
-        ipAddress: session.remoteAddress,
-        details: {
-          username: auth.username,
-          method: auth.method,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      return callback(error);
-    }
-    
-    // Find matching user
-    const user = this.options.auth.users.find(u => u.username === auth.username && u.password === auth.password);
-    
-    if (user) {
-      logger.log('info', `User ${auth.username} authenticated successfully`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.AUTHENTICATION,
-        message: 'SMTP authentication successful',
-        ipAddress: session.remoteAddress,
-        details: {
-          username: auth.username,
-          method: auth.method,
-          sessionId: session.id
-        },
-        success: true
-      });
-      
-      return callback(null, { username: user.username });
-    } else {
-      const error = new Error('Invalid username or password');
-      logger.log('warn', `Failed authentication for ${auth.username}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.AUTHENTICATION,
-        message: 'SMTP authentication failed',
-        ipAddress: session.remoteAddress,
-        details: {
-          username: auth.username,
-          method: auth.method,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      return callback(error);
-    }
-  }
-  
-  /**
-   * Handle MAIL FROM command (stub implementation)
-   */
-  private onMailFrom(address: {address: string}, session: ISmtpSession, callback: (err?: Error) => void): void {
-    logger.log('info', `MAIL FROM: ${address.address}`);
-    
-    // Validate the email address
-    if (!this.isValidEmail(address.address)) {
-      const error = new Error('Invalid sender address');
-      logger.log('warn', `Invalid sender address: ${address.address}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.EMAIL_VALIDATION,
-        message: 'Invalid sender email format',
-        ipAddress: session.remoteAddress,
-        details: {
-          address: address.address,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      return callback(error);
-    }
-    
-    // Authentication check if required
-    if (this.options.auth?.required && !session.authenticated) {
-      const error = new Error('Authentication required');
-      logger.log('warn', `Unauthenticated sender rejected: ${address.address}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.AUTHENTICATION,
-        message: 'Unauthenticated sender rejected',
-        ipAddress: session.remoteAddress,
-        details: {
-          address: address.address,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      return callback(error);
-    }
-    
-    // Continue processing
-    callback();
-  }
-  
-  /**
-   * Handle RCPT TO command (stub implementation)
-   */
-  private onRcptTo(address: {address: string}, session: ISmtpSession, callback: (err?: Error) => void): void {
-    logger.log('info', `RCPT TO: ${address.address}`);
-    
-    // Validate the email address
-    if (!this.isValidEmail(address.address)) {
-      const error = new Error('Invalid recipient address');
-      logger.log('warn', `Invalid recipient address: ${address.address}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.EMAIL_VALIDATION,
-        message: 'Invalid recipient email format',
-        ipAddress: session.remoteAddress,
-        details: {
-          address: address.address,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      return callback(error);
-    }
-    
-    // Pattern match the recipient to determine processing mode
-    const rule = this.domainRouter.matchRule(address.address);
-    
-    if (rule) {
-      // Store the matched rule and processing mode in the session
-      session.matchedRule = rule;
-      session.processingMode = rule.mode;
-      logger.log('info', `Email ${address.address} matched rule: ${rule.pattern}, mode: ${rule.mode}`);
-    } else {
-      // Use default mode
-      session.processingMode = this.options.defaultMode;
-      logger.log('info', `Email ${address.address} using default mode: ${this.options.defaultMode}`);
-    }
-    
-    // Continue processing
-    callback();
-  }
-  
-  /**
-   * Handle incoming email data (stub implementation)
-   */
-  private onData(stream: stream.Readable, session: ISmtpSession, callback: (err?: Error) => void): void {
-    logger.log('info', `Processing email data for session ${session.id}`);
-    
-    const startTime = Date.now();
-    const chunks: Buffer[] = [];
-    
-    stream.on('data', (chunk: Buffer) => {
-      chunks.push(chunk);
-    });
-    
-    stream.on('end', async () => {
-      try {
-        const data = Buffer.concat(chunks);
-        const mode = session.processingMode || this.options.defaultMode;
-        
-        // Determine processing mode based on matched rule
-        const processedEmail = await this.processEmailByMode(data, session, mode);
-        
-        // Update statistics
-        this.stats.messages.processed++;
-        this.stats.messages.delivered++;
-        
-        // Calculate processing time
-        const processingTime = Date.now() - startTime;
-        this.processingTimes.push(processingTime);
-        this.updateProcessingTimeStats();
-        
-        // Emit event for delivery queue
-        this.emit('emailProcessed', processedEmail, mode, session.matchedRule);
-        
-        logger.log('info', `Email processed successfully in ${processingTime}ms, mode: ${mode}`);
-        callback();
-      } catch (error) {
-        logger.log('error', `Error processing email: ${error.message}`);
-        
-        // Update statistics
-        this.stats.messages.processed++;
-        this.stats.messages.failed++;
-        
-        // Calculate processing time for failed attempts too
-        const processingTime = Date.now() - startTime;
-        this.processingTimes.push(processingTime);
-        this.updateProcessingTimeStats();
-        
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.ERROR,
-          type: SecurityEventType.EMAIL_PROCESSING,
-          message: 'Email processing failed',
-          ipAddress: session.remoteAddress,
-          details: {
-            error: error.message,
-            sessionId: session.id,
-            mode: session.processingMode,
-            processingTime
-          },
-          success: false
-        });
-        
-        callback(error);
-      }
-    });
-    
-    stream.on('error', (err) => {
-      logger.log('error', `Stream error: ${err.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_PROCESSING,
-        message: 'Email stream error',
-        ipAddress: session.remoteAddress,
-        details: {
-          error: err.message,
-          sessionId: session.id
-        },
-        success: false
-      });
-      
-      callback(err);
-    });
-  }
-  
-  /**
-   * Update processing time statistics
-   */
-  private updateProcessingTimeStats(): void {
-    if (this.processingTimes.length === 0) return;
-    
-    // Keep only the last 1000 processing times
-    if (this.processingTimes.length > 1000) {
-      this.processingTimes = this.processingTimes.slice(-1000);
-    }
-    
-    // Calculate stats
-    const sum = this.processingTimes.reduce((acc, time) => acc + time, 0);
-    const avg = sum / this.processingTimes.length;
-    const max = Math.max(...this.processingTimes);
-    const min = Math.min(...this.processingTimes);
-    
-    this.stats.processingTime = { avg, max, min };
-  }
-  
-  /**
-   * Process email based on the determined mode
-   */
-  private async processEmailByMode(emailData: Email | Buffer, session: ISmtpSession, mode: EmailProcessingMode): Promise<Email> {
-    // Convert Buffer to Email if needed
-    let email: Email;
-    if (Buffer.isBuffer(emailData)) {
-      // Parse the email data buffer into an Email object
-      try {
-        const parsed = await plugins.mailparser.simpleParser(emailData);
-        email = new Email({
-          from: parsed.from?.value[0]?.address || session.envelope.mailFrom.address,
-          to: session.envelope.rcptTo[0]?.address || '',
-          subject: parsed.subject || '',
-          text: parsed.text || '',
-          html: parsed.html || undefined,
-          attachments: parsed.attachments?.map(att => ({
-            filename: att.filename || '',
-            content: att.content,
-            contentType: att.contentType
-          })) || []
-        });
-      } catch (error) {
-        logger.log('error', `Error parsing email data: ${error.message}`);
-        throw new Error(`Error parsing email data: ${error.message}`);
-      }
-    } else {
-      email = emailData;
-    }
-
-    // Process based on mode
-    switch (mode) {
-      case 'forward':
-        await this.handleForwardMode(email, session);
-        break;
-        
-      case 'mta':
-        await this.handleMtaMode(email, session);
-        break;
-        
-      case 'process':
-        await this.handleProcessMode(email, session);
-        break;
-        
-      default:
-        throw new Error(`Unknown processing mode: ${mode}`);
-    }
-    
-    // Return the processed email
-    return email;
-  }
-  
-  /**
-   * Handle email in forward mode (SMTP proxy)
-   */
-  private async handleForwardMode(email: Email, session: ISmtpSession): Promise<void> {
-    logger.log('info', `Handling email in forward mode for session ${session.id}`);
-    
-    // Get target server information
-    const rule = session.matchedRule;
-    const targetServer = rule?.target?.server || this.options.defaultServer;
-    const targetPort = rule?.target?.port || this.options.defaultPort || 25;
-    const useTls = rule?.target?.useTls ?? this.options.defaultTls ?? false;
-    
-    if (!targetServer) {
-      throw new Error('No target server configured for forward mode');
-    }
-    
-    logger.log('info', `Forwarding email to ${targetServer}:${targetPort}, TLS: ${useTls}`);
-    
-    try {
-      // Create a simple SMTP client connection to the target server
-      const client = new net.Socket();
-      
-      await new Promise<void>((resolve, reject) => {
-        // Connect to the target server
-        client.connect({
-          host: targetServer,
-          port: targetPort
-        });
-        
-        client.on('data', (data) => {
-          const response = data.toString().trim();
-          logger.log('debug', `SMTP response: ${response}`);
-          
-          // Handle SMTP response codes
-          if (response.startsWith('2')) {
-            // Success response
-            resolve();
-          } else if (response.startsWith('5')) {
-            // Permanent error
-            reject(new Error(`SMTP error: ${response}`));
-          }
-        });
-        
-        client.on('error', (err) => {
-          logger.log('error', `SMTP client error: ${err.message}`);
-          reject(err);
-        });
-        
-        // SMTP client commands would go here in a full implementation
-        // For now, just finish the connection
-        client.end();
-        resolve();
-      });
-      
-      logger.log('info', `Email forwarded successfully to ${targetServer}:${targetPort}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_FORWARDING,
-        message: 'Email forwarded',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          targetServer,
-          targetPort,
-          useTls,
-          ruleName: rule?.pattern || 'default',
-          subject: email.subject
-        },
-        success: true
-      });
-    } catch (error) {
-      logger.log('error', `Failed to forward email: ${error.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_FORWARDING,
-        message: 'Email forwarding failed',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          targetServer,
-          targetPort,
-          useTls,
-          ruleName: rule?.pattern || 'default',
-          error: error.message
-        },
-        success: false
-      });
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Handle email in MTA mode (programmatic processing)
-   */
-  private async handleMtaMode(email: Email, session: ISmtpSession): Promise<void> {
-    logger.log('info', `Handling email in MTA mode for session ${session.id}`);
-    
-    try {
-      // Apply MTA rule options if provided
-      if (session.matchedRule?.mtaOptions) {
-        const options = session.matchedRule.mtaOptions;
-        
-        // Apply DKIM signing if enabled
-        if (options.dkimSign && options.dkimOptions) {
-          // Sign the email with DKIM
-          logger.log('info', `Signing email with DKIM for domain ${options.dkimOptions.domainName}`);
-          
-          // In a full implementation, this would use the DKIM signing library
-        }
-      }
-      
-      // Get email content for logging/processing
-      const subject = email.subject;
-      const recipients = email.getAllRecipients().join(', ');
-      
-      logger.log('info', `Email processed by MTA: ${subject} to ${recipients}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_PROCESSING,
-        message: 'Email processed by MTA',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          ruleName: session.matchedRule?.pattern || 'default',
-          subject,
-          recipients
-        },
-        success: true
-      });
-    } catch (error) {
-      logger.log('error', `Failed to process email in MTA mode: ${error.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_PROCESSING,
-        message: 'MTA processing failed',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          ruleName: session.matchedRule?.pattern || 'default',
-          error: error.message
-        },
-        success: false
-      });
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Handle email in process mode (store-and-forward with scanning)
-   */
-  private async handleProcessMode(email: Email, session: ISmtpSession): Promise<void> {
-    logger.log('info', `Handling email in process mode for session ${session.id}`);
-    
-    try {
-      const rule = session.matchedRule;
-      
-      // Apply content scanning if enabled
-      if (rule?.contentScanning && rule.scanners && rule.scanners.length > 0) {
-        logger.log('info', 'Performing content scanning');
-        
-        // Apply each scanner
-        for (const scanner of rule.scanners) {
-          switch (scanner.type) {
-            case 'spam':
-              logger.log('info', 'Scanning for spam content');
-              // Implement spam scanning
-              break;
-              
-            case 'virus':
-              logger.log('info', 'Scanning for virus content');
-              // Implement virus scanning
-              break;
-              
-            case 'attachment':
-              logger.log('info', 'Scanning attachments');
-              
-              // Check for blocked extensions
-              if (scanner.blockedExtensions && scanner.blockedExtensions.length > 0) {
-                for (const attachment of email.attachments) {
-                  const ext = this.getFileExtension(attachment.filename);
-                  if (scanner.blockedExtensions.includes(ext)) {
-                    if (scanner.action === 'reject') {
-                      throw new Error(`Blocked attachment type: ${ext}`);
-                    } else { // tag
-                      email.addHeader('X-Attachment-Warning', `Potentially unsafe attachment: ${attachment.filename}`);
-                    }
-                  }
-                }
-              }
-              break;
-          }
-        }
-      }
-      
-      // Apply transformations if defined
-      if (rule?.transformations && rule.transformations.length > 0) {
-        logger.log('info', 'Applying email transformations');
-        
-        for (const transform of rule.transformations) {
-          switch (transform.type) {
-            case 'addHeader':
-              if (transform.header && transform.value) {
-                email.addHeader(transform.header, transform.value);
-              }
-              break;
-          }
-        }
-      }
-      
-      logger.log('info', `Email successfully processed in store-and-forward mode`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.INFO,
-        type: SecurityEventType.EMAIL_PROCESSING,
-        message: 'Email processed and queued',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          ruleName: rule?.pattern || 'default',
-          contentScanning: rule?.contentScanning || false,
-          subject: email.subject
-        },
-        success: true
-      });
-    } catch (error) {
-      logger.log('error', `Failed to process email: ${error.message}`);
-      
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.EMAIL_PROCESSING,
-        message: 'Email processing failed',
-        ipAddress: session.remoteAddress,
-        details: {
-          sessionId: session.id,
-          ruleName: session.matchedRule?.pattern || 'default',
-          error: error.message
-        },
-        success: false
-      });
-      
-      throw error;
-    }
-  }
-  
-  /**
-   * Get file extension from filename
-   */
-  private getFileExtension(filename: string): string {
-    return filename.substring(filename.lastIndexOf('.')).toLowerCase();
-  }
-  
-  /**
-   * Handle server errors
-   */
-  private onError(err: Error): void {
-    logger.log('error', `Server error: ${err.message}`);
-    this.emit('error', err);
-  }
-  
-  /**
-   * Handle server close
-   */
-  private onClose(): void {
-    logger.log('info', 'Server closed');
-    this.emit('close');
-    
-    // Update statistics
-    this.stats.connections.current = 0;
-  }
-  
-  /**
-   * Update server configuration
-   */
-  public updateOptions(options: Partial<IUnifiedEmailServerOptions>): void {
-    // Stop the server if changing ports
-    const portsChanged = options.ports && 
-      (!this.options.ports || 
-       JSON.stringify(options.ports) !== JSON.stringify(this.options.ports));
-    
-    if (portsChanged) {
-      this.stop().then(() => {
-        this.options = { ...this.options, ...options };
-        this.start();
-      });
-    } else {
-      // Update options without restart
-      this.options = { ...this.options, ...options };
-      
-      // Update domain router if rules changed
-      if (options.domainRules) {
-        this.domainRouter.updateRules(options.domainRules);
-      }
-    }
-  }
-  
-  /**
-   * Update domain rules
-   */
-  public updateDomainRules(rules: IDomainRule[]): void {
-    this.options.domainRules = rules;
-    this.domainRouter.updateRules(rules);
-  }
-  
-  /**
-   * Get server statistics
-   */
-  public getStats(): IServerStats {
-    return { ...this.stats };
-  }
-  
-  /**
-   * Validate email address format
-   */
-  private isValidEmail(email: string): boolean {
-    // Basic validation - a more comprehensive validation could be used
-    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-    return emailRegex.test(email);
-  }
-}

ts/mail/routing/index.ts

@@ -1,5 +0,0 @@
-// Email routing components
-export * from './classes.domain.router.js';
-export * from './classes.email.config.js';
-export * from './classes.unified.email.server.js';
-export * from './classes.dnsmanager.js';

ts/mail/security/classes.dkimcreator.ts

@@ -1,120 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-
-import { Email } from '../core/classes.email.js';
-import type { MtaService } from '../delivery/classes.mta.js';
-
-const readFile = plugins.util.promisify(plugins.fs.readFile);
-const writeFile = plugins.util.promisify(plugins.fs.writeFile);
-const generateKeyPair = plugins.util.promisify(plugins.crypto.generateKeyPair);
-
-export interface IKeyPaths {
-  privateKeyPath: string;
-  publicKeyPath: string;
-}
-
-export class DKIMCreator {
-  private keysDir: string;
-
-  constructor(private metaRef: MtaService, keysDir = paths.keysDir) {
-    this.keysDir = keysDir;
-  }
-
-  public async getKeyPathsForDomain(domainArg: string): Promise<IKeyPaths> {
-    return {
-      privateKeyPath: plugins.path.join(this.keysDir, `${domainArg}-private.pem`),
-      publicKeyPath: plugins.path.join(this.keysDir, `${domainArg}-public.pem`),
-    };
-  }
-
-  // Check if a DKIM key is present and creates one and stores it to disk otherwise
-  public async handleDKIMKeysForDomain(domainArg: string): Promise<void> {
-    try {
-      await this.readDKIMKeys(domainArg);
-    } catch (error) {
-      console.log(`No DKIM keys found for ${domainArg}. Generating...`);
-      await this.createAndStoreDKIMKeys(domainArg);
-      const dnsValue = await this.getDNSRecordForDomain(domainArg);
-      plugins.smartfile.fs.ensureDirSync(paths.dnsRecordsDir);
-      plugins.smartfile.memory.toFsSync(JSON.stringify(dnsValue, null, 2), plugins.path.join(paths.dnsRecordsDir, `${domainArg}.dkimrecord.json`));
-    }
-  }
-
-  public async handleDKIMKeysForEmail(email: Email): Promise<void> {
-    const domain = email.from.split('@')[1];
-    await this.handleDKIMKeysForDomain(domain);
-  }
-
-  // Read DKIM keys from disk
-  public async readDKIMKeys(domainArg: string): Promise<{ privateKey: string; publicKey: string }> {
-    const keyPaths = await this.getKeyPathsForDomain(domainArg);
-    const [privateKeyBuffer, publicKeyBuffer] = await Promise.all([
-      readFile(keyPaths.privateKeyPath),
-      readFile(keyPaths.publicKeyPath),
-    ]);
-
-    // Convert the buffers to strings
-    const privateKey = privateKeyBuffer.toString();
-    const publicKey = publicKeyBuffer.toString();
-
-    return { privateKey, publicKey };
-  }
-
-  // Create a DKIM key pair - changed to public for API access
-  public async createDKIMKeys(): Promise<{ privateKey: string; publicKey: string }> {
-    const { privateKey, publicKey } = await generateKeyPair('rsa', {
-      modulusLength: 2048,
-      publicKeyEncoding: { type: 'spki', format: 'pem' },
-      privateKeyEncoding: { type: 'pkcs1', format: 'pem' },
-    });
-
-    return { privateKey, publicKey };
-  }
-
-  // Store a DKIM key pair to disk - changed to public for API access
-  public async storeDKIMKeys(
-    privateKey: string,
-    publicKey: string,
-    privateKeyPath: string,
-    publicKeyPath: string
-  ): Promise<void> {
-    await Promise.all([writeFile(privateKeyPath, privateKey), writeFile(publicKeyPath, publicKey)]);
-  }
-
-  // Create a DKIM key pair and store it to disk - changed to public for API access
-  public async createAndStoreDKIMKeys(domain: string): Promise<void> {
-    const { privateKey, publicKey } = await this.createDKIMKeys();
-    const keyPaths = await this.getKeyPathsForDomain(domain);
-    await this.storeDKIMKeys(
-      privateKey,
-      publicKey,
-      keyPaths.privateKeyPath,
-      keyPaths.publicKeyPath
-    );
-    console.log(`DKIM keys for ${domain} created and stored.`);
-  }
-
-  // Changed to public for API access
-  public async getDNSRecordForDomain(domainArg: string): Promise<plugins.tsclass.network.IDnsRecord> {
-    await this.handleDKIMKeysForDomain(domainArg);
-    const keys = await this.readDKIMKeys(domainArg);
-
-    // Remove the PEM header and footer and newlines
-    const pemHeader = '-----BEGIN PUBLIC KEY-----';
-    const pemFooter = '-----END PUBLIC KEY-----';
-    const keyContents = keys.publicKey
-      .replace(pemHeader, '')
-      .replace(pemFooter, '')
-      .replace(/\n/g, '');
-
-    // Now generate the DKIM DNS TXT record
-    const dnsRecordValue = `v=DKIM1; h=sha256; k=rsa; p=${keyContents}`;
-
-    return {
-      name: `mta._domainkey.${domainArg}`,
-      type: 'TXT',
-      dnsSecEnabled: null,
-      value: dnsRecordValue,
-    };
-  }
-}

ts/mail/security/classes.dkimverifier.ts

@@ -1,383 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { MtaService } from '../delivery/classes.mta.js';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-
-/**
- * Result of a DKIM verification
- */
-export interface IDkimVerificationResult {
-  isValid: boolean;
-  domain?: string;
-  selector?: string;
-  status?: string;
-  details?: any;
-  errorMessage?: string;
-  signatureFields?: Record<string, string>;
-}
-
-/**
- * Enhanced DKIM verifier using smartmail capabilities
- */
-export class DKIMVerifier {
-  public mtaRef: MtaService;
-  
-  // Cache verified results to avoid repeated verification
-  private verificationCache: Map<string, { result: IDkimVerificationResult, timestamp: number }> = new Map();
-  private cacheTtl = 30 * 60 * 1000; // 30 minutes cache
-
-  constructor(mtaRefArg: MtaService) {
-    this.mtaRef = mtaRefArg;
-  }
-
-  /**
-   * Verify DKIM signature for an email
-   * @param emailData The raw email data
-   * @param options Verification options
-   * @returns Verification result
-   */
-  public async verify(
-    emailData: string,
-    options: {
-      useCache?: boolean;
-      returnDetails?: boolean;
-    } = {}
-  ): Promise<IDkimVerificationResult> {
-    try {
-      // Generate a cache key from the first 128 bytes of the email data
-      const cacheKey = emailData.slice(0, 128);
-
-      // Check cache if enabled
-      if (options.useCache !== false) {
-        const cached = this.verificationCache.get(cacheKey);
-        
-        if (cached && (Date.now() - cached.timestamp) < this.cacheTtl) {
-          logger.log('info', 'DKIM verification result from cache');
-          return cached.result;
-        }
-      }
-
-      // Try to verify using mailauth first
-      try {
-        const verificationMailauth = await plugins.mailauth.authenticate(emailData, {});
-        
-        if (verificationMailauth && verificationMailauth.dkim && verificationMailauth.dkim.results.length > 0) {
-          const dkimResult = verificationMailauth.dkim.results[0];
-          const isValid = dkimResult.status.result === 'pass';
-          
-          const result: IDkimVerificationResult = {
-            isValid,
-            domain: dkimResult.domain,
-            selector: dkimResult.selector,
-            status: dkimResult.status.result,
-            signatureFields: dkimResult.signature,
-            details: options.returnDetails ? verificationMailauth : undefined
-          };
-          
-          // Cache the result
-          this.verificationCache.set(cacheKey, {
-            result,
-            timestamp: Date.now()
-          });
-          
-          logger.log(isValid ? 'info' : 'warn', `DKIM Verification using mailauth: ${isValid ? 'pass' : 'fail'} for domain ${dkimResult.domain}`);
-          
-          // Enhanced security logging
-          SecurityLogger.getInstance().logEvent({
-            level: isValid ? SecurityLogLevel.INFO : SecurityLogLevel.WARN,
-            type: SecurityEventType.DKIM,
-            message: `DKIM verification ${isValid ? 'passed' : 'failed'} for domain ${dkimResult.domain}`,
-            details: {
-              selector: dkimResult.selector,
-              signatureFields: dkimResult.signature,
-              result: dkimResult.status.result
-            },
-            domain: dkimResult.domain,
-            success: isValid
-          });
-          
-          return result;
-        }
-      } catch (mailauthError) {
-        logger.log('warn', `DKIM verification with mailauth failed, trying smartmail: ${mailauthError.message}`);
-        
-        // Enhanced security logging
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.WARN,
-          type: SecurityEventType.DKIM,
-          message: `DKIM verification with mailauth failed, trying smartmail fallback`,
-          details: { error: mailauthError.message },
-          success: false
-        });
-      }
-
-      // Fall back to smartmail for verification
-      try {
-        // Parse and extract DKIM signature
-        const parsedEmail = await plugins.mailparser.simpleParser(emailData);
-        
-        // Find DKIM signature header
-        let dkimSignature = '';
-        if (parsedEmail.headers.has('dkim-signature')) {
-          dkimSignature = parsedEmail.headers.get('dkim-signature') as string;
-        } else {
-          // No DKIM signature found
-          const result: IDkimVerificationResult = {
-            isValid: false,
-            errorMessage: 'No DKIM signature found'
-          };
-          
-          this.verificationCache.set(cacheKey, {
-            result,
-            timestamp: Date.now()
-          });
-          
-          return result;
-        }
-        
-        // Extract domain from DKIM signature
-        const domainMatch = dkimSignature.match(/d=([^;]+)/i);
-        const domain = domainMatch ? domainMatch[1].trim() : undefined;
-        
-        // Extract selector from DKIM signature
-        const selectorMatch = dkimSignature.match(/s=([^;]+)/i);
-        const selector = selectorMatch ? selectorMatch[1].trim() : undefined;
-        
-        // Parse DKIM fields
-        const signatureFields: Record<string, string> = {};
-        const fieldMatches = dkimSignature.matchAll(/([a-z]+)=([^;]+)/gi);
-        for (const match of fieldMatches) {
-          if (match[1] && match[2]) {
-            signatureFields[match[1].toLowerCase()] = match[2].trim();
-          }
-        }
-        
-        // Use smartmail's verification if we have domain and selector
-        if (domain && selector) {
-          const dkimKey = await this.fetchDkimKey(domain, selector);
-          
-          if (!dkimKey) {
-            const result: IDkimVerificationResult = {
-              isValid: false,
-              domain,
-              selector,
-              status: 'permerror',
-              errorMessage: 'DKIM public key not found',
-              signatureFields
-            };
-            
-            this.verificationCache.set(cacheKey, {
-              result,
-              timestamp: Date.now()
-            });
-            
-            return result;
-          }
-          
-          // In a real implementation, we would validate the signature here
-          // For now, if we found a key, we'll consider it valid
-          // In a future update, add actual crypto verification
-          
-          const result: IDkimVerificationResult = {
-            isValid: true,
-            domain,
-            selector,
-            status: 'pass',
-            signatureFields
-          };
-          
-          this.verificationCache.set(cacheKey, {
-            result,
-            timestamp: Date.now()
-          });
-          
-          logger.log('info', `DKIM verification using smartmail: pass for domain ${domain}`);
-          
-          // Enhanced security logging
-          SecurityLogger.getInstance().logEvent({
-            level: SecurityLogLevel.INFO,
-            type: SecurityEventType.DKIM,
-            message: `DKIM verification passed for domain ${domain} using fallback verification`,
-            details: {
-              selector,
-              signatureFields
-            },
-            domain,
-            success: true
-          });
-          
-          return result;
-        } else {
-          // Missing domain or selector
-          const result: IDkimVerificationResult = {
-            isValid: false,
-            domain,
-            selector,
-            status: 'permerror',
-            errorMessage: 'Missing domain or selector in DKIM signature',
-            signatureFields
-          };
-          
-          this.verificationCache.set(cacheKey, {
-            result,
-            timestamp: Date.now()
-          });
-          
-          logger.log('warn', `DKIM verification failed: Missing domain or selector in DKIM signature`);
-          
-          // Enhanced security logging
-          SecurityLogger.getInstance().logEvent({
-            level: SecurityLogLevel.WARN,
-            type: SecurityEventType.DKIM,
-            message: `DKIM verification failed: Missing domain or selector in signature`,
-            details: { domain, selector, signatureFields },
-            domain: domain || 'unknown',
-            success: false
-          });
-          
-          return result;
-        }
-      } catch (error) {
-        const result: IDkimVerificationResult = {
-          isValid: false,
-          status: 'temperror',
-          errorMessage: `Verification error: ${error.message}`
-        };
-        
-        this.verificationCache.set(cacheKey, {
-          result,
-          timestamp: Date.now()
-        });
-        
-        logger.log('error', `DKIM verification error: ${error.message}`);
-        
-        // Enhanced security logging
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.ERROR,
-          type: SecurityEventType.DKIM,
-          message: `DKIM verification error during processing`,
-          details: { error: error.message },
-          success: false
-        });
-        
-        return result;
-      }
-    } catch (error) {
-      logger.log('error', `DKIM verification failed with unexpected error: ${error.message}`);
-      
-      // Enhanced security logging for unexpected errors
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.DKIM,
-        message: `DKIM verification failed with unexpected error`,
-        details: { error: error.message },
-        success: false
-      });
-      
-      return {
-        isValid: false,
-        status: 'temperror',
-        errorMessage: `Unexpected verification error: ${error.message}`
-      };
-    }
-  }
-
-  /**
-   * Fetch DKIM public key from DNS
-   * @param domain The domain
-   * @param selector The DKIM selector
-   * @returns The DKIM public key or null if not found
-   */
-  private async fetchDkimKey(domain: string, selector: string): Promise<string | null> {
-    try {
-      const dkimRecord = `${selector}._domainkey.${domain}`;
-      
-      // Use DNS lookup from plugins
-      const txtRecords = await new Promise<string[]>((resolve, reject) => {
-        plugins.dns.resolveTxt(dkimRecord, (err, records) => {
-          if (err) {
-            if (err.code === 'ENOTFOUND' || err.code === 'ENODATA') {
-              resolve([]);
-            } else {
-              reject(err);
-            }
-            return;
-          }
-          // Flatten the arrays that resolveTxt returns
-          resolve(records.map(record => record.join('')));
-        });
-      });
-      
-      if (!txtRecords || txtRecords.length === 0) {
-        logger.log('warn', `No DKIM TXT record found for ${dkimRecord}`);
-        
-        // Security logging for missing DKIM record
-        SecurityLogger.getInstance().logEvent({
-          level: SecurityLogLevel.WARN,
-          type: SecurityEventType.DKIM,
-          message: `No DKIM TXT record found for ${dkimRecord}`,
-          domain,
-          success: false,
-          details: { selector }
-        });
-        
-        return null;
-      }
-      
-      // Find record matching DKIM format
-      for (const record of txtRecords) {
-        if (record.includes('p=')) {
-          // Extract public key
-          const publicKeyMatch = record.match(/p=([^;]+)/i);
-          if (publicKeyMatch && publicKeyMatch[1]) {
-            return publicKeyMatch[1].trim();
-          }
-        }
-      }
-      
-      logger.log('warn', `No valid DKIM public key found in TXT records for ${dkimRecord}`);
-      
-      // Security logging for invalid DKIM key
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.WARN,
-        type: SecurityEventType.DKIM,
-        message: `No valid DKIM public key found in TXT records`,
-        domain,
-        success: false,
-        details: { dkimRecord, selector }
-      });
-      
-      return null;
-    } catch (error) {
-      logger.log('error', `Error fetching DKIM key: ${error.message}`);
-      
-      // Security logging for DKIM key fetch error
-      SecurityLogger.getInstance().logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.DKIM,
-        message: `Error fetching DKIM key for domain`,
-        domain,
-        success: false,
-        details: { error: error.message, selector, dkimRecord: `${selector}._domainkey.${domain}` }
-      });
-      
-      return null;
-    }
-  }
-  
-  /**
-   * Clear the verification cache
-   */
-  public clearCache(): void {
-    this.verificationCache.clear();
-    logger.log('info', 'DKIM verification cache cleared');
-  }
-  
-  /**
-   * Get the size of the verification cache
-   * @returns Number of cached items
-   */
-  public getCacheSize(): number {
-    return this.verificationCache.size;
-  }
-}

ts/mail/security/classes.dmarcverifier.ts

@@ -1,475 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-import type { MtaService } from '../delivery/classes.mta.js';
-import type { Email } from '../core/classes.email.js';
-import type { IDnsVerificationResult } from '../routing/classes.dnsmanager.js';
-
-/**
- * DMARC policy types
- */
-export enum DmarcPolicy {
-  NONE = 'none',
-  QUARANTINE = 'quarantine',
-  REJECT = 'reject'
-}
-
-/**
- * DMARC alignment modes
- */
-export enum DmarcAlignment {
-  RELAXED = 'r',
-  STRICT = 's'
-}
-
-/**
- * DMARC record fields
- */
-export interface DmarcRecord {
-  // Required fields
-  version: string;
-  policy: DmarcPolicy;
-  
-  // Optional fields
-  subdomainPolicy?: DmarcPolicy;
-  pct?: number;
-  adkim?: DmarcAlignment;
-  aspf?: DmarcAlignment;
-  reportInterval?: number;
-  failureOptions?: string;
-  reportUriAggregate?: string[];
-  reportUriForensic?: string[];
-}
-
-/**
- * DMARC verification result
- */
-export interface DmarcResult {
-  hasDmarc: boolean;
-  record?: DmarcRecord;
-  spfDomainAligned: boolean;
-  dkimDomainAligned: boolean;
-  spfPassed: boolean;
-  dkimPassed: boolean;
-  policyEvaluated: DmarcPolicy;
-  actualPolicy: DmarcPolicy;
-  appliedPercentage: number;
-  action: 'pass' | 'quarantine' | 'reject';
-  details: string;
-  error?: string;
-}
-
-/**
- * Class for verifying and enforcing DMARC policies
- */
-export class DmarcVerifier {
-  private mtaRef: MtaService;
-  
-  constructor(mtaRefArg: MtaService) {
-    this.mtaRef = mtaRefArg;
-  }
-  
-  /**
-   * Parse a DMARC record from a TXT record string
-   * @param record DMARC TXT record string
-   * @returns Parsed DMARC record or null if invalid
-   */
-  public parseDmarcRecord(record: string): DmarcRecord | null {
-    if (!record.startsWith('v=DMARC1')) {
-      return null;
-    }
-    
-    try {
-      // Initialize record with default values
-      const dmarcRecord: DmarcRecord = {
-        version: 'DMARC1',
-        policy: DmarcPolicy.NONE,
-        pct: 100,
-        adkim: DmarcAlignment.RELAXED,
-        aspf: DmarcAlignment.RELAXED
-      };
-      
-      // Split the record into tag/value pairs
-      const parts = record.split(';').map(part => part.trim());
-      
-      for (const part of parts) {
-        if (!part || !part.includes('=')) continue;
-        
-        const [tag, value] = part.split('=').map(p => p.trim());
-        
-        // Process based on tag
-        switch (tag.toLowerCase()) {
-          case 'v':
-            dmarcRecord.version = value;
-            break;
-          case 'p':
-            dmarcRecord.policy = value as DmarcPolicy;
-            break;
-          case 'sp':
-            dmarcRecord.subdomainPolicy = value as DmarcPolicy;
-            break;
-          case 'pct':
-            const pctValue = parseInt(value, 10);
-            if (!isNaN(pctValue) && pctValue >= 0 && pctValue <= 100) {
-              dmarcRecord.pct = pctValue;
-            }
-            break;
-          case 'adkim':
-            dmarcRecord.adkim = value as DmarcAlignment;
-            break;
-          case 'aspf':
-            dmarcRecord.aspf = value as DmarcAlignment;
-            break;
-          case 'ri':
-            const interval = parseInt(value, 10);
-            if (!isNaN(interval) && interval > 0) {
-              dmarcRecord.reportInterval = interval;
-            }
-            break;
-          case 'fo':
-            dmarcRecord.failureOptions = value;
-            break;
-          case 'rua':
-            dmarcRecord.reportUriAggregate = value.split(',').map(uri => {
-              if (uri.startsWith('mailto:')) {
-                return uri.substring(7).trim();
-              }
-              return uri.trim();
-            });
-            break;
-          case 'ruf':
-            dmarcRecord.reportUriForensic = value.split(',').map(uri => {
-              if (uri.startsWith('mailto:')) {
-                return uri.substring(7).trim();
-              }
-              return uri.trim();
-            });
-            break;
-        }
-      }
-      
-      // Ensure subdomain policy is set if not explicitly provided
-      if (!dmarcRecord.subdomainPolicy) {
-        dmarcRecord.subdomainPolicy = dmarcRecord.policy;
-      }
-      
-      return dmarcRecord;
-    } catch (error) {
-      logger.log('error', `Error parsing DMARC record: ${error.message}`, {
-        record,
-        error: error.message
-      });
-      return null;
-    }
-  }
-  
-  /**
-   * Check if domains are aligned according to DMARC policy
-   * @param headerDomain Domain from header (From)
-   * @param authDomain Domain from authentication (SPF, DKIM)
-   * @param alignment Alignment mode
-   * @returns Whether the domains are aligned
-   */
-  private isDomainAligned(
-    headerDomain: string,
-    authDomain: string,
-    alignment: DmarcAlignment
-  ): boolean {
-    if (!headerDomain || !authDomain) {
-      return false;
-    }
-    
-    // For strict alignment, domains must match exactly
-    if (alignment === DmarcAlignment.STRICT) {
-      return headerDomain.toLowerCase() === authDomain.toLowerCase();
-    }
-    
-    // For relaxed alignment, the authenticated domain must be a subdomain of the header domain
-    // or the same as the header domain
-    const headerParts = headerDomain.toLowerCase().split('.');
-    const authParts = authDomain.toLowerCase().split('.');
-    
-    // Ensures we have at least two parts (domain and TLD)
-    if (headerParts.length < 2 || authParts.length < 2) {
-      return false;
-    }
-    
-    // Get organizational domain (last two parts)
-    const headerOrgDomain = headerParts.slice(-2).join('.');
-    const authOrgDomain = authParts.slice(-2).join('.');
-    
-    return headerOrgDomain === authOrgDomain;
-  }
-  
-  /**
-   * Extract domain from an email address
-   * @param email Email address
-   * @returns Domain part of the email
-   */
-  private getDomainFromEmail(email: string): string {
-    if (!email) return '';
-    
-    // Handle name + email format: "John Doe <john@example.com>"
-    const matches = email.match(/<([^>]+)>/);
-    const address = matches ? matches[1] : email;
-    
-    const parts = address.split('@');
-    return parts.length > 1 ? parts[1] : '';
-  }
-  
-  /**
-   * Check if DMARC verification should be applied based on percentage
-   * @param record DMARC record
-   * @returns Whether DMARC verification should be applied
-   */
-  private shouldApplyDmarc(record: DmarcRecord): boolean {
-    if (record.pct === undefined || record.pct === 100) {
-      return true;
-    }
-    
-    // Apply DMARC randomly based on percentage
-    const random = Math.floor(Math.random() * 100) + 1;
-    return random <= record.pct;
-  }
-  
-  /**
-   * Determine the action to take based on DMARC policy
-   * @param policy DMARC policy
-   * @returns Action to take
-   */
-  private determineAction(policy: DmarcPolicy): 'pass' | 'quarantine' | 'reject' {
-    switch (policy) {
-      case DmarcPolicy.REJECT:
-        return 'reject';
-      case DmarcPolicy.QUARANTINE:
-        return 'quarantine';
-      case DmarcPolicy.NONE:
-      default:
-        return 'pass';
-    }
-  }
-  
-  /**
-   * Verify DMARC for an incoming email
-   * @param email Email to verify
-   * @param spfResult SPF verification result
-   * @param dkimResult DKIM verification result
-   * @returns DMARC verification result
-   */
-  public async verify(
-    email: Email,
-    spfResult: { domain: string; result: boolean },
-    dkimResult: { domain: string; result: boolean }
-  ): Promise<DmarcResult> {
-    const securityLogger = SecurityLogger.getInstance();
-    
-    // Initialize result
-    const result: DmarcResult = {
-      hasDmarc: false,
-      spfDomainAligned: false,
-      dkimDomainAligned: false,
-      spfPassed: spfResult.result,
-      dkimPassed: dkimResult.result,
-      policyEvaluated: DmarcPolicy.NONE,
-      actualPolicy: DmarcPolicy.NONE,
-      appliedPercentage: 100,
-      action: 'pass',
-      details: 'DMARC not configured'
-    };
-    
-    try {
-      // Extract From domain
-      const fromHeader = email.getFromEmail();
-      const fromDomain = this.getDomainFromEmail(fromHeader);
-      
-      if (!fromDomain) {
-        result.error = 'Invalid From domain';
-        return result;
-      }
-      
-      // Check alignment
-      result.spfDomainAligned = this.isDomainAligned(
-        fromDomain,
-        spfResult.domain,
-        DmarcAlignment.RELAXED
-      );
-      
-      result.dkimDomainAligned = this.isDomainAligned(
-        fromDomain,
-        dkimResult.domain,
-        DmarcAlignment.RELAXED
-      );
-      
-      // Lookup DMARC record
-      const dmarcVerificationResult = await this.mtaRef.dnsManager.verifyDmarcRecord(fromDomain);
-      
-      // If DMARC record exists and is valid
-      if (dmarcVerificationResult.found && dmarcVerificationResult.valid) {
-        result.hasDmarc = true;
-        
-        // Parse DMARC record
-        const parsedRecord = this.parseDmarcRecord(dmarcVerificationResult.value);
-        
-        if (parsedRecord) {
-          result.record = parsedRecord;
-          result.actualPolicy = parsedRecord.policy;
-          result.appliedPercentage = parsedRecord.pct || 100;
-          
-          // Override alignment modes if specified in record
-          if (parsedRecord.adkim) {
-            result.dkimDomainAligned = this.isDomainAligned(
-              fromDomain,
-              dkimResult.domain,
-              parsedRecord.adkim
-            );
-          }
-          
-          if (parsedRecord.aspf) {
-            result.spfDomainAligned = this.isDomainAligned(
-              fromDomain,
-              spfResult.domain,
-              parsedRecord.aspf
-            );
-          }
-          
-          // Determine DMARC compliance
-          const spfAligned = result.spfPassed && result.spfDomainAligned;
-          const dkimAligned = result.dkimPassed && result.dkimDomainAligned;
-          
-          // Email passes DMARC if either SPF or DKIM passes with alignment
-          const dmarcPass = spfAligned || dkimAligned;
-          
-          // Use record percentage to determine if policy should be applied
-          const applyPolicy = this.shouldApplyDmarc(parsedRecord);
-          
-          if (!dmarcPass) {
-            // DMARC failed, apply policy
-            result.policyEvaluated = applyPolicy ? parsedRecord.policy : DmarcPolicy.NONE;
-            result.action = this.determineAction(result.policyEvaluated);
-            result.details = `DMARC failed: SPF aligned=${spfAligned}, DKIM aligned=${dkimAligned}, policy=${result.policyEvaluated}`;
-          } else {
-            result.policyEvaluated = DmarcPolicy.NONE;
-            result.action = 'pass';
-            result.details = `DMARC passed: SPF aligned=${spfAligned}, DKIM aligned=${dkimAligned}`;
-          }
-        } else {
-          result.error = 'Invalid DMARC record format';
-          result.details = 'DMARC record invalid';
-        }
-      } else {
-        // No DMARC record found or invalid
-        result.details = dmarcVerificationResult.error || 'No DMARC record found';
-      }
-      
-      // Log the DMARC verification
-      securityLogger.logEvent({
-        level: result.action === 'pass' ? SecurityLogLevel.INFO : SecurityLogLevel.WARN,
-        type: SecurityEventType.DMARC,
-        message: result.details,
-        domain: fromDomain,
-        details: {
-          fromDomain,
-          spfDomain: spfResult.domain,
-          dkimDomain: dkimResult.domain,
-          spfPassed: result.spfPassed,
-          dkimPassed: result.dkimPassed,
-          spfAligned: result.spfDomainAligned,
-          dkimAligned: result.dkimDomainAligned,
-          dmarcPolicy: result.policyEvaluated,
-          action: result.action
-        },
-        success: result.action === 'pass'
-      });
-      
-      return result;
-    } catch (error) {
-      logger.log('error', `Error verifying DMARC: ${error.message}`, {
-        error: error.message,
-        emailId: email.getMessageId()
-      });
-      
-      result.error = `DMARC verification error: ${error.message}`;
-      
-      // Log error
-      securityLogger.logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.DMARC,
-        message: `DMARC verification failed with error`,
-        details: {
-          error: error.message,
-          emailId: email.getMessageId()
-        },
-        success: false
-      });
-      
-      return result;
-    }
-  }
-  
-  /**
-   * Apply DMARC policy to an email
-   * @param email Email to apply policy to
-   * @param dmarcResult DMARC verification result
-   * @returns Whether the email should be accepted
-   */
-  public applyPolicy(email: Email, dmarcResult: DmarcResult): boolean {
-    // Apply action based on DMARC verification result
-    switch (dmarcResult.action) {
-      case 'reject':
-        // Reject the email
-        email.mightBeSpam = true;
-        logger.log('warn', `Email rejected due to DMARC policy: ${dmarcResult.details}`, {
-          emailId: email.getMessageId(),
-          from: email.getFromEmail(),
-          subject: email.subject
-        });
-        return false;
-        
-      case 'quarantine':
-        // Quarantine the email (mark as spam)
-        email.mightBeSpam = true;
-        
-        // Add spam header
-        if (!email.headers['X-Spam-Flag']) {
-          email.headers['X-Spam-Flag'] = 'YES';
-        }
-        
-        // Add DMARC reason header
-        email.headers['X-DMARC-Result'] = dmarcResult.details;
-        
-        logger.log('warn', `Email quarantined due to DMARC policy: ${dmarcResult.details}`, {
-          emailId: email.getMessageId(),
-          from: email.getFromEmail(),
-          subject: email.subject
-        });
-        return true;
-        
-      case 'pass':
-      default:
-        // Accept the email
-        // Add DMARC result header for information
-        email.headers['X-DMARC-Result'] = dmarcResult.details;
-        return true;
-    }
-  }
-  
-  /**
-   * End-to-end DMARC verification and policy application
-   * This method should be called after SPF and DKIM verification
-   * @param email Email to verify
-   * @param spfResult SPF verification result
-   * @param dkimResult DKIM verification result
-   * @returns Whether the email should be accepted
-   */
-  public async verifyAndApply(
-    email: Email,
-    spfResult: { domain: string; result: boolean },
-    dkimResult: { domain: string; result: boolean }
-  ): Promise<boolean> {
-    // Verify DMARC
-    const dmarcResult = await this.verify(email, spfResult, dkimResult);
-    
-    // Apply DMARC policy
-    return this.applyPolicy(email, dmarcResult);
-  }
-}

ts/mail/security/classes.spfverifier.ts

@@ -1,599 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { logger } from '../../logger.js';
-import { SecurityLogger, SecurityLogLevel, SecurityEventType } from '../../security/index.js';
-import type { MtaService } from '../delivery/classes.mta.js';
-import type { Email } from '../core/classes.email.js';
-import type { IDnsVerificationResult } from '../routing/classes.dnsmanager.js';
-
-/**
- * SPF result qualifiers
- */
-export enum SpfQualifier {
-  PASS = '+',
-  NEUTRAL = '?',
-  SOFTFAIL = '~',
-  FAIL = '-'
-}
-
-/**
- * SPF mechanism types
- */
-export enum SpfMechanismType {
-  ALL = 'all',
-  INCLUDE = 'include',
-  A = 'a',
-  MX = 'mx',
-  IP4 = 'ip4',
-  IP6 = 'ip6',
-  EXISTS = 'exists',
-  REDIRECT = 'redirect',
-  EXP = 'exp'
-}
-
-/**
- * SPF mechanism definition
- */
-export interface SpfMechanism {
-  qualifier: SpfQualifier;
-  type: SpfMechanismType;
-  value?: string;
-}
-
-/**
- * SPF record parsed data
- */
-export interface SpfRecord {
-  version: string;
-  mechanisms: SpfMechanism[];
-  modifiers: Record<string, string>;
-}
-
-/**
- * SPF verification result
- */
-export interface SpfResult {
-  result: 'pass' | 'neutral' | 'softfail' | 'fail' | 'temperror' | 'permerror' | 'none';
-  explanation?: string;
-  domain: string;
-  ip: string;
-  record?: string;
-  error?: string;
-}
-
-/**
- * Maximum lookup limit for SPF records (prevent infinite loops)
- */
-const MAX_SPF_LOOKUPS = 10;
-
-/**
- * Class for verifying SPF records
- */
-export class SpfVerifier {
-  private mtaRef: MtaService;
-  private lookupCount: number = 0;
-  
-  constructor(mtaRefArg: MtaService) {
-    this.mtaRef = mtaRefArg;
-  }
-  
-  /**
-   * Parse SPF record from TXT record
-   * @param record SPF TXT record
-   * @returns Parsed SPF record or null if invalid
-   */
-  public parseSpfRecord(record: string): SpfRecord | null {
-    if (!record.startsWith('v=spf1')) {
-      return null;
-    }
-    
-    try {
-      const spfRecord: SpfRecord = {
-        version: 'spf1',
-        mechanisms: [],
-        modifiers: {}
-      };
-      
-      // Split into terms
-      const terms = record.split(' ').filter(term => term.length > 0);
-      
-      // Skip version term
-      for (let i = 1; i < terms.length; i++) {
-        const term = terms[i];
-        
-        // Check if it's a modifier (name=value)
-        if (term.includes('=')) {
-          const [name, value] = term.split('=');
-          spfRecord.modifiers[name] = value;
-          continue;
-        }
-        
-        // Parse as mechanism
-        let qualifier = SpfQualifier.PASS; // Default is +
-        let mechanismText = term;
-        
-        // Check for qualifier
-        if (term.startsWith('+') || term.startsWith('-') || 
-            term.startsWith('~') || term.startsWith('?')) {
-          qualifier = term[0] as SpfQualifier;
-          mechanismText = term.substring(1);
-        }
-        
-        // Parse mechanism type and value
-        const colonIndex = mechanismText.indexOf(':');
-        let type: SpfMechanismType;
-        let value: string | undefined;
-        
-        if (colonIndex !== -1) {
-          type = mechanismText.substring(0, colonIndex) as SpfMechanismType;
-          value = mechanismText.substring(colonIndex + 1);
-        } else {
-          type = mechanismText as SpfMechanismType;
-        }
-        
-        spfRecord.mechanisms.push({ qualifier, type, value });
-      }
-      
-      return spfRecord;
-    } catch (error) {
-      logger.log('error', `Error parsing SPF record: ${error.message}`, {
-        record,
-        error: error.message
-      });
-      return null;
-    }
-  }
-  
-  /**
-   * Check if IP is in CIDR range
-   * @param ip IP address to check
-   * @param cidr CIDR range
-   * @returns Whether the IP is in the CIDR range
-   */
-  private isIpInCidr(ip: string, cidr: string): boolean {
-    try {
-      const ipAddress = plugins.ip.Address4.parse(ip);
-      return ipAddress.isInSubnet(new plugins.ip.Address4(cidr));
-    } catch (error) {
-      // Try IPv6
-      try {
-        const ipAddress = plugins.ip.Address6.parse(ip);
-        return ipAddress.isInSubnet(new plugins.ip.Address6(cidr));
-      } catch (e) {
-        return false;
-      }
-    }
-  }
-  
-  /**
-   * Check if a domain has the specified IP in its A or AAAA records
-   * @param domain Domain to check
-   * @param ip IP address to check
-   * @returns Whether the domain resolves to the IP
-   */
-  private async isDomainResolvingToIp(domain: string, ip: string): Promise<boolean> {
-    try {
-      // First try IPv4
-      const ipv4Addresses = await plugins.dns.promises.resolve4(domain);
-      if (ipv4Addresses.includes(ip)) {
-        return true;
-      }
-      
-      // Then try IPv6
-      const ipv6Addresses = await plugins.dns.promises.resolve6(domain);
-      if (ipv6Addresses.includes(ip)) {
-        return true;
-      }
-      
-      return false;
-    } catch (error) {
-      return false;
-    }
-  }
-  
-  /**
-   * Verify SPF for a given email with IP and helo domain
-   * @param email Email to verify
-   * @param ip Sender IP address
-   * @param heloDomain HELO/EHLO domain used by sender
-   * @returns SPF verification result
-   */
-  public async verify(
-    email: Email,
-    ip: string,
-    heloDomain: string
-  ): Promise<SpfResult> {
-    const securityLogger = SecurityLogger.getInstance();
-    
-    // Reset lookup count
-    this.lookupCount = 0;
-    
-    // Get domain from envelope from (return-path)
-    const domain = email.getEnvelopeFrom().split('@')[1] || '';
-    
-    if (!domain) {
-      return {
-        result: 'permerror',
-        explanation: 'No envelope from domain',
-        domain: '',
-        ip
-      };
-    }
-    
-    try {
-      // Look up SPF record
-      const spfVerificationResult = await this.mtaRef.dnsManager.verifySpfRecord(domain);
-      
-      if (!spfVerificationResult.found) {
-        return {
-          result: 'none',
-          explanation: 'No SPF record found',
-          domain,
-          ip
-        };
-      }
-      
-      if (!spfVerificationResult.valid) {
-        return {
-          result: 'permerror',
-          explanation: 'Invalid SPF record',
-          domain,
-          ip,
-          record: spfVerificationResult.value
-        };
-      }
-      
-      // Parse SPF record
-      const spfRecord = this.parseSpfRecord(spfVerificationResult.value);
-      
-      if (!spfRecord) {
-        return {
-          result: 'permerror',
-          explanation: 'Failed to parse SPF record',
-          domain,
-          ip,
-          record: spfVerificationResult.value
-        };
-      }
-      
-      // Check SPF record
-      const result = await this.checkSpfRecord(spfRecord, domain, ip);
-      
-      // Log the result
-      const spfLogLevel = result.result === 'pass' ? 
-        SecurityLogLevel.INFO : 
-        (result.result === 'fail' ? SecurityLogLevel.WARN : SecurityLogLevel.INFO);
-      
-      securityLogger.logEvent({
-        level: spfLogLevel,
-        type: SecurityEventType.SPF,
-        message: `SPF ${result.result} for ${domain} from IP ${ip}`,
-        domain,
-        details: {
-          ip,
-          heloDomain,
-          result: result.result,
-          explanation: result.explanation,
-          record: spfVerificationResult.value
-        },
-        success: result.result === 'pass'
-      });
-      
-      return {
-        ...result,
-        domain,
-        ip,
-        record: spfVerificationResult.value
-      };
-    } catch (error) {
-      // Log error
-      logger.log('error', `SPF verification error: ${error.message}`, {
-        domain,
-        ip,
-        error: error.message
-      });
-      
-      securityLogger.logEvent({
-        level: SecurityLogLevel.ERROR,
-        type: SecurityEventType.SPF,
-        message: `SPF verification error for ${domain}`,
-        domain,
-        details: {
-          ip,
-          error: error.message
-        },
-        success: false
-      });
-      
-      return {
-        result: 'temperror',
-        explanation: `Error verifying SPF: ${error.message}`,
-        domain,
-        ip,
-        error: error.message
-      };
-    }
-  }
-  
-  /**
-   * Check SPF record against IP address
-   * @param spfRecord Parsed SPF record
-   * @param domain Domain being checked
-   * @param ip IP address to check
-   * @returns SPF result
-   */
-  private async checkSpfRecord(
-    spfRecord: SpfRecord,
-    domain: string,
-    ip: string
-  ): Promise<SpfResult> {
-    // Check for 'redirect' modifier
-    if (spfRecord.modifiers.redirect) {
-      this.lookupCount++;
-      
-      if (this.lookupCount > MAX_SPF_LOOKUPS) {
-        return {
-          result: 'permerror',
-          explanation: 'Too many DNS lookups',
-          domain,
-          ip
-        };
-      }
-      
-      // Handle redirect
-      const redirectDomain = spfRecord.modifiers.redirect;
-      const redirectResult = await this.mtaRef.dnsManager.verifySpfRecord(redirectDomain);
-      
-      if (!redirectResult.found || !redirectResult.valid) {
-        return {
-          result: 'permerror',
-          explanation: `Invalid redirect to ${redirectDomain}`,
-          domain,
-          ip
-        };
-      }
-      
-      const redirectRecord = this.parseSpfRecord(redirectResult.value);
-      
-      if (!redirectRecord) {
-        return {
-          result: 'permerror',
-          explanation: `Failed to parse redirect record from ${redirectDomain}`,
-          domain,
-          ip
-        };
-      }
-      
-      return this.checkSpfRecord(redirectRecord, redirectDomain, ip);
-    }
-    
-    // Check each mechanism in order
-    for (const mechanism of spfRecord.mechanisms) {
-      let matched = false;
-      
-      switch (mechanism.type) {
-        case SpfMechanismType.ALL:
-          matched = true;
-          break;
-          
-        case SpfMechanismType.IP4:
-          if (mechanism.value) {
-            matched = this.isIpInCidr(ip, mechanism.value);
-          }
-          break;
-          
-        case SpfMechanismType.IP6:
-          if (mechanism.value) {
-            matched = this.isIpInCidr(ip, mechanism.value);
-          }
-          break;
-          
-        case SpfMechanismType.A:
-          this.lookupCount++;
-          
-          if (this.lookupCount > MAX_SPF_LOOKUPS) {
-            return {
-              result: 'permerror',
-              explanation: 'Too many DNS lookups',
-              domain,
-              ip
-            };
-          }
-          
-          // Check if domain has A/AAAA record matching IP
-          const checkDomain = mechanism.value || domain;
-          matched = await this.isDomainResolvingToIp(checkDomain, ip);
-          break;
-          
-        case SpfMechanismType.MX:
-          this.lookupCount++;
-          
-          if (this.lookupCount > MAX_SPF_LOOKUPS) {
-            return {
-              result: 'permerror',
-              explanation: 'Too many DNS lookups',
-              domain,
-              ip
-            };
-          }
-          
-          // Check MX records
-          const mxDomain = mechanism.value || domain;
-          
-          try {
-            const mxRecords = await plugins.dns.promises.resolveMx(mxDomain);
-            
-            for (const mx of mxRecords) {
-              // Check if this MX record's IP matches
-              const mxMatches = await this.isDomainResolvingToIp(mx.exchange, ip);
-              
-              if (mxMatches) {
-                matched = true;
-                break;
-              }
-            }
-          } catch (error) {
-            // No MX records or error
-            matched = false;
-          }
-          break;
-          
-        case SpfMechanismType.INCLUDE:
-          if (!mechanism.value) {
-            continue;
-          }
-          
-          this.lookupCount++;
-          
-          if (this.lookupCount > MAX_SPF_LOOKUPS) {
-            return {
-              result: 'permerror',
-              explanation: 'Too many DNS lookups',
-              domain,
-              ip
-            };
-          }
-          
-          // Check included domain's SPF record
-          const includeDomain = mechanism.value;
-          const includeResult = await this.mtaRef.dnsManager.verifySpfRecord(includeDomain);
-          
-          if (!includeResult.found || !includeResult.valid) {
-            continue; // Skip this mechanism
-          }
-          
-          const includeRecord = this.parseSpfRecord(includeResult.value);
-          
-          if (!includeRecord) {
-            continue; // Skip this mechanism
-          }
-          
-          // Recursively check the included SPF record
-          const includeCheck = await this.checkSpfRecord(includeRecord, includeDomain, ip);
-          
-          // Include mechanism matches if the result is "pass"
-          matched = includeCheck.result === 'pass';
-          break;
-          
-        case SpfMechanismType.EXISTS:
-          if (!mechanism.value) {
-            continue;
-          }
-          
-          this.lookupCount++;
-          
-          if (this.lookupCount > MAX_SPF_LOOKUPS) {
-            return {
-              result: 'permerror',
-              explanation: 'Too many DNS lookups',
-              domain,
-              ip
-            };
-          }
-          
-          // Check if domain exists (has any A record)
-          try {
-            await plugins.dns.promises.resolve(mechanism.value, 'A');
-            matched = true;
-          } catch (error) {
-            matched = false;
-          }
-          break;
-      }
-      
-      // If this mechanism matched, return its result
-      if (matched) {
-        switch (mechanism.qualifier) {
-          case SpfQualifier.PASS:
-            return {
-              result: 'pass',
-              explanation: `Matched ${mechanism.type}${mechanism.value ? ':' + mechanism.value : ''}`,
-              domain,
-              ip
-            };
-          case SpfQualifier.FAIL:
-            return {
-              result: 'fail',
-              explanation: `Matched ${mechanism.type}${mechanism.value ? ':' + mechanism.value : ''}`,
-              domain,
-              ip
-            };
-          case SpfQualifier.SOFTFAIL:
-            return {
-              result: 'softfail',
-              explanation: `Matched ${mechanism.type}${mechanism.value ? ':' + mechanism.value : ''}`,
-              domain,
-              ip
-            };
-          case SpfQualifier.NEUTRAL:
-            return {
-              result: 'neutral',
-              explanation: `Matched ${mechanism.type}${mechanism.value ? ':' + mechanism.value : ''}`,
-              domain,
-              ip
-            };
-        }
-      }
-    }
-    
-    // If no mechanism matched, default to neutral
-    return {
-      result: 'neutral',
-      explanation: 'No matching mechanism found',
-      domain,
-      ip
-    };
-  }
-  
-  /**
-   * Check if email passes SPF verification
-   * @param email Email to verify
-   * @param ip Sender IP address
-   * @param heloDomain HELO/EHLO domain used by sender
-   * @returns Whether email passes SPF
-   */
-  public async verifyAndApply(
-    email: Email,
-    ip: string,
-    heloDomain: string
-  ): Promise<boolean> {
-    const result = await this.verify(email, ip, heloDomain);
-    
-    // Add headers
-    email.headers['Received-SPF'] = `${result.result} (${result.domain}: ${result.explanation}) client-ip=${ip}; envelope-from=${email.getEnvelopeFrom()}; helo=${heloDomain};`;
-    
-    // Apply policy based on result
-    switch (result.result) {
-      case 'fail':
-        // Fail - mark as spam
-        email.mightBeSpam = true;
-        logger.log('warn', `SPF failed for ${result.domain} from ${ip}: ${result.explanation}`);
-        return false;
-        
-      case 'softfail':
-        // Soft fail - accept but mark as suspicious
-        email.mightBeSpam = true;
-        logger.log('info', `SPF softfailed for ${result.domain} from ${ip}: ${result.explanation}`);
-        return true;
-        
-      case 'neutral':
-      case 'none':
-        // Neutral or none - accept but note in headers
-        logger.log('info', `SPF ${result.result} for ${result.domain} from ${ip}: ${result.explanation}`);
-        return true;
-        
-      case 'pass':
-        // Pass - accept
-        logger.log('info', `SPF passed for ${result.domain} from ${ip}: ${result.explanation}`);
-        return true;
-        
-      case 'temperror':
-      case 'permerror':
-        // Temporary or permanent error - log but accept
-        logger.log('error', `SPF error for ${result.domain} from ${ip}: ${result.explanation}`);
-        return true;
-        
-      default:
-        return true;
-    }
-  }
-}

ts/mail/security/index.ts

@@ -1,5 +0,0 @@
-// Email security components
-export * from './classes.dkimcreator.js';
-export * from './classes.dkimverifier.js';
-export * from './classes.dmarcverifier.js';
-export * from './classes.spfverifier.js';

ts/mail/services/classes.apimanager.ts

@@ -1,97 +0,0 @@
-import * as plugins from '../../plugins.js';
-import { EmailService } from './classes.emailservice.js';
-import { logger } from '../../logger.js';
-
-export class ApiManager {
-  public emailRef: EmailService;
-  public typedRouter = new plugins.typedrequest.TypedRouter();
-
-  constructor(emailRefArg: EmailService) {
-    this.emailRef = emailRefArg;
-    this.emailRef.typedrouter.addTypedRouter(this.typedRouter);
-
-    // Register API endpoints
-    this.registerApiEndpoints();
-  }
-
-  /**
-   * Register API endpoints for email functionality
-   */
-  private registerApiEndpoints() {
-    // Register the SendEmail endpoint
-    this.typedRouter.addTypedHandler<plugins.servezoneInterfaces.platformservice.mta.IReq_SendEmail>(
-      new plugins.typedrequest.TypedHandler('sendEmail', async (requestData) => {
-        const mailToSend = new plugins.smartmail.Smartmail({
-          body: requestData.body,
-          from: requestData.from,
-          subject: requestData.title,
-        });
-
-        if (requestData.attachments) {
-          for (const attachment of requestData.attachments) {
-            mailToSend.addAttachment(
-              await plugins.smartfile.SmartFile.fromString(
-                attachment.name,
-                attachment.binaryAttachmentString,
-                'binary'
-              )
-            );
-          }
-        }
-
-        // Send email through the service which will route to the appropriate connector
-        const emailId = await this.emailRef.sendEmail(mailToSend, requestData.to, {});
-        
-        logger.log(
-          'info',
-          `sent an email to ${requestData.to} with subject '${mailToSend.getSubject()}'`,
-          {
-            eventType: 'sentEmail',
-            email: {
-              to: requestData.to,
-              subject: mailToSend.getSubject(),
-            },
-          }
-        );
-        
-        return {
-          responseId: emailId,
-        };
-      })
-    );
-
-    // Add endpoint to check email status
-    this.typedRouter.addTypedHandler<plugins.servezoneInterfaces.platformservice.mta.IReq_CheckEmailStatus>(
-      new plugins.typedrequest.TypedHandler('checkEmailStatus', async (requestData) => {
-        // If MTA is enabled, use it to check status
-        if (this.emailRef.mtaConnector) {
-          const detailedStatus = await this.emailRef.mtaConnector.checkEmailStatus(requestData.emailId);
-          
-          // Convert to the expected API response format
-          const apiResponse: plugins.servezoneInterfaces.platformservice.mta.IReq_CheckEmailStatus['response'] = {
-            status: detailedStatus.status.toString(), // Convert enum to string
-            details: {
-              message: detailedStatus.details?.message || 
-                      (detailedStatus.details?.error ? `Error: ${detailedStatus.details.error}` : 
-                      `Status: ${detailedStatus.status}`)
-            }
-          };
-          return apiResponse;
-        }
-        
-        // Status tracking not available if MTA is not configured
-        return {
-          status: 'unknown',
-          details: { message: 'Status tracking not available without MTA configuration' }
-        };
-      })
-    );
-
-    // Add statistics endpoint
-    this.typedRouter.addTypedHandler<plugins.servezoneInterfaces.platformservice.mta.IReq_GetEMailStats>(
-      new plugins.typedrequest.TypedHandler('getEmailStats', async () => {
-        return this.emailRef.getStats();
-      })
-    );
-  }
-}

ts/mail/services/classes.emailservice.ts

@@ -1,312 +0,0 @@
-import * as plugins from '../../plugins.js';
-import * as paths from '../../paths.js';
-import { MtaConnector } from '../delivery/classes.connector.mta.js';
-import { RuleManager } from '../core/classes.rulemanager.js';
-import { ApiManager } from './classes.apimanager.js';
-import { TemplateManager } from '../core/classes.templatemanager.js';
-import { EmailValidator } from '../core/classes.emailvalidator.js';
-import { BounceManager } from '../core/classes.bouncemanager.js';
-import { logger } from '../../logger.js';
-import type { SzPlatformService } from '../../platformservice.js';
-
-// Import MTA service
-import { MtaService } from '../delivery/classes.mta.js';
-
-// Import configuration interfaces
-import type { IEmailConfig } from '../../config/email.config.js';
-import { ConfigValidator, emailConfigSchema } from '../../config/index.js';
-
-/**
- * Options for sending an email
- * @see ISendEmailOptions in MtaConnector
- */
-export type ISendEmailOptions = import('../delivery/classes.connector.mta.js').ISendEmailOptions;
-
-/**
- * Template context data for email templates
- * @see ITemplateContext in TemplateManager
- */
-export type ITemplateContext = import('../core/classes.templatemanager.js').ITemplateContext;
-
-/**
- * Validation options for email addresses
- * Compatible with EmailValidator.validate options
- */
-export interface IValidateEmailOptions {
-  /** Check MX records for the domain */
-  checkMx?: boolean;
-  /** Check if the domain is disposable (temporary email) */
-  checkDisposable?: boolean;
-  /** Check if the email is a role account (e.g., info@, support@) */
-  checkRole?: boolean;
-  /** Only check syntax without DNS lookups */
-  checkSyntaxOnly?: boolean;
-}
-
-/**
- * Result of email validation
- * @see IEmailValidationResult from EmailValidator
- */
-export type IValidationResult = import('../core/classes.emailvalidator.js').IEmailValidationResult;
-
-/**
- * Email service statistics
- */
-export interface IEmailServiceStats {
-  /** Active email providers */
-  activeProviders: string[];
-  /** MTA statistics, if MTA is active */
-  mta?: {
-    /** Service start time */
-    startTime: Date;
-    /** Total emails received */
-    emailsReceived: number;
-    /** Total emails sent */
-    emailsSent: number;
-    /** Total emails that failed to send */
-    emailsFailed: number;
-    /** Active SMTP connections */
-    activeConnections: number;
-    /** Current email queue size */
-    queueSize: number;
-    /** Certificate information */
-    certificateInfo?: {
-      /** Domain for the certificate */
-      domain: string;
-      /** Certificate expiration date */
-      expiresAt: Date;
-      /** Days until certificate expires */
-      daysUntilExpiry: number;
-    };
-    /** IP warmup information */
-    warmupInfo?: {
-      /** Whether IP warmup is enabled */
-      enabled: boolean;
-      /** Number of active IPs */
-      activeIPs: number;
-      /** Number of IPs in warmup phase */
-      inWarmupPhase: number;
-      /** Number of IPs that completed warmup */
-      completedWarmup: number;
-    };
-    /** Reputation monitoring information */
-    reputationInfo?: {
-      /** Whether reputation monitoring is enabled */
-      enabled: boolean;
-      /** Number of domains being monitored */
-      monitoredDomains: number;
-      /** Average reputation score across domains */
-      averageScore: number;
-      /** Number of domains with reputation issues */
-      domainsWithIssues: number;
-    };
-    /** Rate limiting information */
-    rateLimiting?: {
-      /** Global rate limit statistics */
-      global: {
-        /** Current available tokens */
-        availableTokens: number;
-        /** Maximum tokens per period */
-        maxTokens: number;
-        /** Current consumption rate */
-        consumptionRate: number;
-        /** Number of rate limiting events */
-        rateLimitEvents: number;
-      };
-    };
-  };
-}
-
-/**
- * Email service with MTA support
- */
-export class EmailService {
-  public platformServiceRef: SzPlatformService;
-
-  // typedrouter
-  public typedrouter = new plugins.typedrequest.TypedRouter();
-
-  // connectors
-  public mtaConnector: MtaConnector;
-  public qenv = new plugins.qenv.Qenv('./', '.nogit/');
-
-  // MTA service
-  public mtaService: MtaService;
-
-  // services
-  public apiManager: ApiManager;
-  public ruleManager: RuleManager;
-  public templateManager: TemplateManager;
-  public emailValidator: EmailValidator;
-  public bounceManager: BounceManager;
-
-  // configuration
-  private config: IEmailConfig;
-
-  constructor(platformServiceRefArg: SzPlatformService, options: IEmailConfig = {}) {
-    this.platformServiceRef = platformServiceRefArg;
-    this.platformServiceRef.typedrouter.addTypedRouter(this.typedrouter);
-    
-    // Validate and apply defaults to configuration
-    const validationResult = ConfigValidator.validate(options, emailConfigSchema);
-    
-    if (!validationResult.valid) {
-      logger.warn(`Email service configuration has validation errors: ${validationResult.errors.join(', ')}`);
-    }
-    
-    // Set configuration with defaults
-    this.config = validationResult.config;
-
-    // Initialize validator
-    this.emailValidator = new EmailValidator();
-    
-    // Initialize bounce manager
-    this.bounceManager = new BounceManager();
-
-    // Initialize template manager
-    this.templateManager = new TemplateManager(this.config.templateConfig);
-
-    if (this.config.useMta) {
-      // Initialize MTA service
-      this.mtaService = new MtaService(platformServiceRefArg, this.config.mtaConfig);
-      // Initialize MTA connector
-      this.mtaConnector = new MtaConnector(this);
-    }
-
-    // Initialize API manager and rule manager
-    this.apiManager = new ApiManager(this);
-    this.ruleManager = new RuleManager(this);
-
-    // Set up MTA SMTP server webhook if using MTA
-    if (this.config.useMta) {
-      // The MTA SMTP server will handle incoming emails directly
-      // through its SMTP protocol. No additional webhook needed.
-    }
-  }
-
-  /**
-   * Start the email service
-   */
-  public async start() {
-    // Initialize rule manager
-    await this.ruleManager.init();
-    
-    // Load email templates if configured
-    if (this.config.loadTemplatesFromDir) {
-      try {
-        await this.templateManager.loadTemplatesFromDirectory(paths.emailTemplatesDir);
-      } catch (error) {
-        logger.log('error', `Failed to load email templates: ${error.message}`);
-      }
-    }
-    
-    // Start MTA service if enabled
-    if (this.config.useMta && this.mtaService) {
-      await this.mtaService.start();
-      logger.log('success', 'Started MTA service');
-    }
-    
-    logger.log('success', `Started email service`);
-  }
-
-  /**
-   * Stop the email service
-   */
-  public async stop() {
-    // Stop MTA service if it's running
-    if (this.config.useMta && this.mtaService) {
-      await this.mtaService.stop();
-      logger.log('info', 'Stopped MTA service');
-    }
-    
-    logger.log('info', 'Stopped email service');
-  }
-
-  /**
-   * Send an email using the MTA
-   * @param email The email to send
-   * @param to Recipient(s)
-   * @param options Additional options
-   */
-  public async sendEmail(
-    email: plugins.smartmail.Smartmail<any>,
-    to: string | string[],
-    options: ISendEmailOptions = {}
-  ): Promise<string> {
-    // Determine which connector to use
-    if (this.config.useMta && this.mtaConnector) {
-      return this.mtaConnector.sendEmail(email, to, options);
-    } else {
-      throw new Error('MTA not configured');
-    }
-  }
-  
-  /**
-   * Send an email using a template
-   * @param templateId The template ID
-   * @param to Recipient email(s)
-   * @param context The template context data
-   * @param options Additional options
-   */
-  public async sendTemplateEmail(
-    templateId: string,
-    to: string | string[],
-    context: ITemplateContext = {},
-    options: ISendEmailOptions = {}
-  ): Promise<string> {
-    try {
-      // Get email from template
-      const smartmail = await this.templateManager.prepareEmail(templateId, context);
-      
-      // Send the email
-      return this.sendEmail(smartmail, to, options);
-    } catch (error) {
-      logger.log('error', `Failed to send template email: ${error.message}`, {
-        templateId,
-        to,
-        error: error.message
-      });
-      throw error;
-    }
-  }
-  
-  /**
-   * Validate an email address
-   * @param email The email address to validate
-   * @param options Validation options
-   * @returns Validation result
-   */
-  public async validateEmail(
-    email: string,
-    options: IValidateEmailOptions = {}
-  ): Promise<IValidationResult> {
-    return this.emailValidator.validate(email, options);
-  }
-
-  /**
-   * Get email service statistics
-   * @returns Service statistics in the format expected by the API
-   */
-  public getStats(): plugins.servezoneInterfaces.platformservice.mta.IReq_GetEMailStats['response'] {
-    // First generate detailed internal stats
-    const detailedStats: IEmailServiceStats = {
-      activeProviders: []
-    };
-
-    if (this.config.useMta) {
-      detailedStats.activeProviders.push('mta');
-      detailedStats.mta = this.mtaService.getStats();
-    }
-
-    // Convert detailed stats to the format expected by the API
-    const apiStats: plugins.servezoneInterfaces.platformservice.mta.IReq_GetEMailStats['response'] = {
-      totalEmailsSent: detailedStats.mta?.emailsSent || 0,
-      totalEmailsDelivered: detailedStats.mta?.emailsSent || 0, // Default to emails sent if we don't track delivery separately
-      totalEmailsBounced: detailedStats.mta?.emailsFailed || 0,
-      averageDeliveryTimeMs: 0, // We don't track this yet
-      lastUpdated: new Date().toISOString()
-    };
-
-    return apiStats;
-  }
-}

ts/mail/services/index.ts

@@ -1,3 +0,0 @@
-// Email services
-export * from './classes.emailservice.js';
-export * from './classes.apimanager.js';

ts/monitoring/classes.metricscache.ts

@@ -0,0 +1,75 @@
+export interface ICacheEntry<T> {
+  data: T;
+  timestamp: number;
+}
+
+export class MetricsCache {
+  private cache = new Map<string, ICacheEntry<any>>();
+  private readonly defaultTTL: number;
+  
+  constructor(defaultTTL: number = 500) {
+    this.defaultTTL = defaultTTL;
+  }
+  
+  /**
+   * Get cached data or compute and cache it
+   */
+  public get<T>(key: string, computeFn: () => T | Promise<T>, ttl?: number): T | Promise<T> {
+    const cached = this.cache.get(key);
+    const now = Date.now();
+    const actualTTL = ttl ?? this.defaultTTL;
+    
+    if (cached && (now - cached.timestamp) < actualTTL) {
+      return cached.data;
+    }
+    
+    const result = computeFn();
+    
+    // Handle both sync and async compute functions
+    if (result instanceof Promise) {
+      return result.then(data => {
+        this.cache.set(key, { data, timestamp: now });
+        return data;
+      });
+    } else {
+      this.cache.set(key, { data: result, timestamp: now });
+      return result;
+    }
+  }
+  
+  /**
+   * Invalidate a specific cache entry
+   */
+  public invalidate(key: string): void {
+    this.cache.delete(key);
+  }
+  
+  /**
+   * Clear all cache entries
+   */
+  public clear(): void {
+    this.cache.clear();
+  }
+  
+  /**
+   * Get cache statistics
+   */
+  public getStats(): { size: number; keys: string[] } {
+    return {
+      size: this.cache.size,
+      keys: Array.from(this.cache.keys())
+    };
+  }
+  
+  /**
+   * Clean up expired entries
+   */
+  public cleanup(): void {
+    const now = Date.now();
+    for (const [key, entry] of this.cache.entries()) {
+      if (now - entry.timestamp > this.defaultTTL) {
+        this.cache.delete(key);
+      }
+    }
+  }
+}

ts/monitoring/classes.metricsmanager.ts

@@ -0,0 +1,542 @@
+import * as plugins from '../plugins.js';
+import { DcRouter } from '../classes.dcrouter.js';
+import { MetricsCache } from './classes.metricscache.js';
+
+export class MetricsManager {
+  private logger: plugins.smartlog.Smartlog;
+  private smartMetrics: plugins.smartmetrics.SmartMetrics;
+  private dcRouter: DcRouter;
+  private resetInterval?: NodeJS.Timeout;
+  private metricsCache: MetricsCache;
+  
+  // Constants
+  private readonly MAX_TOP_DOMAINS = 1000; // Limit topDomains Map size
+  
+  // Track email-specific metrics
+  private emailMetrics = {
+    sentToday: 0,
+    receivedToday: 0,
+    failedToday: 0,
+    bouncedToday: 0,
+    queueSize: 0,
+    lastResetDate: new Date().toDateString(),
+    deliveryTimes: [] as number[], // Track delivery times in ms
+    recipients: new Map<string, number>(), // Track email count by recipient
+    recentActivity: [] as Array<{ timestamp: number; type: string; details: string }>,
+  };
+  
+  // Track DNS-specific metrics
+  private dnsMetrics = {
+    totalQueries: 0,
+    cacheHits: 0,
+    cacheMisses: 0,
+    queryTypes: {} as Record<string, number>,
+    topDomains: new Map<string, number>(),
+    lastResetDate: new Date().toDateString(),
+    queryTimestamps: [] as number[], // Track query timestamps for rate calculation
+    responseTimes: [] as number[], // Track response times in ms
+  };
+  
+  // Track security-specific metrics
+  private securityMetrics = {
+    blockedIPs: 0,
+    authFailures: 0,
+    spamDetected: 0,
+    malwareDetected: 0,
+    phishingDetected: 0,
+    lastResetDate: new Date().toDateString(),
+    incidents: [] as Array<{ timestamp: number; type: string; severity: string; details: string }>,
+  };
+  
+  constructor(dcRouter: DcRouter) {
+    this.dcRouter = dcRouter;
+    // Create a new Smartlog instance for metrics
+    this.logger = new plugins.smartlog.Smartlog({
+      logContext: {
+        environment: 'production',
+        runtime: 'node',
+        zone: 'dcrouter-metrics',
+      }
+    });
+    this.smartMetrics = new plugins.smartmetrics.SmartMetrics(this.logger, 'dcrouter');
+    // Initialize metrics cache with 500ms TTL
+    this.metricsCache = new MetricsCache(500);
+  }
+  
+  public async start(): Promise<void> {
+    // Start SmartMetrics collection
+    this.smartMetrics.start();
+    
+    // Reset daily counters at midnight
+    this.resetInterval = setInterval(() => {
+      const currentDate = new Date().toDateString();
+      
+      if (currentDate !== this.emailMetrics.lastResetDate) {
+        this.emailMetrics.sentToday = 0;
+        this.emailMetrics.receivedToday = 0;
+        this.emailMetrics.failedToday = 0;
+        this.emailMetrics.bouncedToday = 0;
+        this.emailMetrics.deliveryTimes = [];
+        this.emailMetrics.recipients.clear();
+        this.emailMetrics.recentActivity = [];
+        this.emailMetrics.lastResetDate = currentDate;
+      }
+      
+      if (currentDate !== this.dnsMetrics.lastResetDate) {
+        this.dnsMetrics.totalQueries = 0;
+        this.dnsMetrics.cacheHits = 0;
+        this.dnsMetrics.cacheMisses = 0;
+        this.dnsMetrics.queryTypes = {};
+        this.dnsMetrics.topDomains.clear();
+        this.dnsMetrics.queryTimestamps = [];
+        this.dnsMetrics.responseTimes = [];
+        this.dnsMetrics.lastResetDate = currentDate;
+      }
+      
+      if (currentDate !== this.securityMetrics.lastResetDate) {
+        this.securityMetrics.blockedIPs = 0;
+        this.securityMetrics.authFailures = 0;
+        this.securityMetrics.spamDetected = 0;
+        this.securityMetrics.malwareDetected = 0;
+        this.securityMetrics.phishingDetected = 0;
+        this.securityMetrics.incidents = [];
+        this.securityMetrics.lastResetDate = currentDate;
+      }
+    }, 60000); // Check every minute
+    
+    this.logger.log('info', 'MetricsManager started');
+  }
+  
+  public async stop(): Promise<void> {
+    // Clear the reset interval
+    if (this.resetInterval) {
+      clearInterval(this.resetInterval);
+      this.resetInterval = undefined;
+    }
+    
+    this.smartMetrics.stop();
+    this.logger.log('info', 'MetricsManager stopped');
+  }
+  
+  // Get server metrics from SmartMetrics and SmartProxy
+  public async getServerStats() {
+    return this.metricsCache.get('serverStats', async () => {
+      const smartMetricsData = await this.smartMetrics.getMetrics();
+      const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
+      const proxyStats = this.dcRouter.smartProxy ? await this.dcRouter.smartProxy.getStatistics() : null;
+
+      return {
+        uptime: process.uptime(),
+        startTime: Date.now() - (process.uptime() * 1000),
+        memoryUsage: {
+          heapUsed: process.memoryUsage().heapUsed,
+          heapTotal: process.memoryUsage().heapTotal,
+          external: process.memoryUsage().external,
+          rss: process.memoryUsage().rss,
+          // Add SmartMetrics memory data
+          maxMemoryMB: this.smartMetrics.maxMemoryMB,
+          actualUsageBytes: smartMetricsData.memoryUsageBytes,
+          actualUsagePercentage: smartMetricsData.memoryPercentage,
+        },
+        cpuUsage: {
+          user: parseFloat(smartMetricsData.cpuUsageText || '0'),
+          system: 0, // SmartMetrics doesn't separate user/system
+        },
+        activeConnections: proxyStats ? proxyStats.activeConnections : 0,
+        totalConnections: proxyMetrics ? proxyMetrics.totals.connections() : 0,
+        requestsPerSecond: proxyMetrics ? proxyMetrics.requests.perSecond() : 0,
+        throughput: proxyMetrics ? {
+          bytesIn: proxyMetrics.totals.bytesIn(),
+          bytesOut: proxyMetrics.totals.bytesOut(),
+          bytesInPerSecond: proxyMetrics.throughput.instant().in,
+          bytesOutPerSecond: proxyMetrics.throughput.instant().out,
+        } : { bytesIn: 0, bytesOut: 0, bytesInPerSecond: 0, bytesOutPerSecond: 0 },
+      };
+    });
+  }
+  
+  // Get email metrics
+  public async getEmailStats() {
+    return this.metricsCache.get('emailStats', () => {
+      // Calculate average delivery time
+      const avgDeliveryTime = this.emailMetrics.deliveryTimes.length > 0
+        ? this.emailMetrics.deliveryTimes.reduce((a, b) => a + b, 0) / this.emailMetrics.deliveryTimes.length
+        : 0;
+      
+      // Get top recipients
+      const topRecipients = Array.from(this.emailMetrics.recipients.entries())
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 10)
+        .map(([email, count]) => ({ email, count }));
+      
+      // Get recent activity (last 50 entries)
+      const recentActivity = this.emailMetrics.recentActivity.slice(-50);
+      
+      return {
+        sentToday: this.emailMetrics.sentToday,
+        receivedToday: this.emailMetrics.receivedToday,
+        failedToday: this.emailMetrics.failedToday,
+        bounceRate: this.emailMetrics.bouncedToday > 0 
+          ? (this.emailMetrics.bouncedToday / this.emailMetrics.sentToday) * 100 
+          : 0,
+        deliveryRate: this.emailMetrics.sentToday > 0 
+          ? ((this.emailMetrics.sentToday - this.emailMetrics.failedToday) / this.emailMetrics.sentToday) * 100 
+          : 100,
+        queueSize: this.emailMetrics.queueSize,
+        averageDeliveryTime: Math.round(avgDeliveryTime),
+        topRecipients,
+        recentActivity,
+      };
+    });
+  }
+  
+  // Get DNS metrics
+  public async getDnsStats() {
+    return this.metricsCache.get('dnsStats', () => {
+      const cacheHitRate = this.dnsMetrics.totalQueries > 0 
+        ? (this.dnsMetrics.cacheHits / this.dnsMetrics.totalQueries) * 100 
+        : 0;
+      
+      const topDomains = Array.from(this.dnsMetrics.topDomains.entries())
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, 10)
+        .map(([domain, count]) => ({ domain, count }));
+      
+      // Calculate queries per second from recent timestamps
+      const now = Date.now();
+      const oneMinuteAgo = now - 60000;
+      const recentQueries = this.dnsMetrics.queryTimestamps.filter(ts => ts >= oneMinuteAgo);
+      const queriesPerSecond = recentQueries.length / 60;
+      
+      // Calculate average response time
+      const avgResponseTime = this.dnsMetrics.responseTimes.length > 0
+        ? this.dnsMetrics.responseTimes.reduce((a, b) => a + b, 0) / this.dnsMetrics.responseTimes.length
+        : 0;
+      
+      return {
+        queriesPerSecond: Math.round(queriesPerSecond * 10) / 10,
+        totalQueries: this.dnsMetrics.totalQueries,
+        cacheHits: this.dnsMetrics.cacheHits,
+        cacheMisses: this.dnsMetrics.cacheMisses,
+        cacheHitRate: cacheHitRate,
+        topDomains: topDomains,
+        queryTypes: this.dnsMetrics.queryTypes,
+        averageResponseTime: Math.round(avgResponseTime),
+        activeDomains: this.dnsMetrics.topDomains.size,
+      };
+    });
+  }
+  
+  // Get security metrics
+  public async getSecurityStats() {
+    return this.metricsCache.get('securityStats', () => {
+      // Get recent incidents (last 20)
+      const recentIncidents = this.securityMetrics.incidents.slice(-20);
+      
+      return {
+        blockedIPs: this.securityMetrics.blockedIPs,
+        authFailures: this.securityMetrics.authFailures,
+        spamDetected: this.securityMetrics.spamDetected,
+        malwareDetected: this.securityMetrics.malwareDetected,
+        phishingDetected: this.securityMetrics.phishingDetected,
+        totalThreatsBlocked: this.securityMetrics.spamDetected + 
+          this.securityMetrics.malwareDetected + 
+          this.securityMetrics.phishingDetected,
+        recentIncidents,
+      };
+    });
+  }
+  
+  // Get connection info from SmartProxy
+  public async getConnectionInfo() {
+    return this.metricsCache.get('connectionInfo', () => {
+      const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
+      
+      if (!proxyMetrics) {
+        return [];
+      }
+      
+      const connectionsByRoute = proxyMetrics.connections.byRoute();
+      const connectionInfo = [];
+      
+      for (const [routeName, count] of connectionsByRoute) {
+        connectionInfo.push({
+          type: 'https',
+          count,
+          source: routeName,
+          lastActivity: new Date(),
+        });
+      }
+      
+      return connectionInfo;
+    });
+  }
+  
+  // Email event tracking methods
+  public trackEmailSent(recipient?: string, deliveryTimeMs?: number): void {
+    this.emailMetrics.sentToday++;
+    
+    if (recipient) {
+      const count = this.emailMetrics.recipients.get(recipient) || 0;
+      this.emailMetrics.recipients.set(recipient, count + 1);
+    }
+    
+    if (deliveryTimeMs) {
+      this.emailMetrics.deliveryTimes.push(deliveryTimeMs);
+      // Keep only last 1000 delivery times
+      if (this.emailMetrics.deliveryTimes.length > 1000) {
+        this.emailMetrics.deliveryTimes.shift();
+      }
+    }
+    
+    this.emailMetrics.recentActivity.push({
+      timestamp: Date.now(),
+      type: 'sent',
+      details: recipient || 'unknown',
+    });
+    
+    // Keep only last 1000 activities
+    if (this.emailMetrics.recentActivity.length > 1000) {
+      this.emailMetrics.recentActivity.shift();
+    }
+  }
+  
+  public trackEmailReceived(sender?: string): void {
+    this.emailMetrics.receivedToday++;
+    
+    this.emailMetrics.recentActivity.push({
+      timestamp: Date.now(),
+      type: 'received',
+      details: sender || 'unknown',
+    });
+    
+    // Keep only last 1000 activities
+    if (this.emailMetrics.recentActivity.length > 1000) {
+      this.emailMetrics.recentActivity.shift();
+    }
+  }
+  
+  public trackEmailFailed(recipient?: string, reason?: string): void {
+    this.emailMetrics.failedToday++;
+    
+    this.emailMetrics.recentActivity.push({
+      timestamp: Date.now(),
+      type: 'failed',
+      details: `${recipient || 'unknown'}: ${reason || 'unknown error'}`,
+    });
+    
+    // Keep only last 1000 activities
+    if (this.emailMetrics.recentActivity.length > 1000) {
+      this.emailMetrics.recentActivity.shift();
+    }
+  }
+  
+  public trackEmailBounced(recipient?: string): void {
+    this.emailMetrics.bouncedToday++;
+    
+    this.emailMetrics.recentActivity.push({
+      timestamp: Date.now(),
+      type: 'bounced',
+      details: recipient || 'unknown',
+    });
+    
+    // Keep only last 1000 activities
+    if (this.emailMetrics.recentActivity.length > 1000) {
+      this.emailMetrics.recentActivity.shift();
+    }
+  }
+  
+  public updateQueueSize(size: number): void {
+    this.emailMetrics.queueSize = size;
+  }
+  
+  // DNS event tracking methods
+  public trackDnsQuery(queryType: string, domain: string, cacheHit: boolean, responseTimeMs?: number): void {
+    this.dnsMetrics.totalQueries++;
+    
+    if (cacheHit) {
+      this.dnsMetrics.cacheHits++;
+    } else {
+      this.dnsMetrics.cacheMisses++;
+    }
+    
+    // Track query timestamp
+    this.dnsMetrics.queryTimestamps.push(Date.now());
+    
+    // Keep only timestamps from last 5 minutes
+    const fiveMinutesAgo = Date.now() - 300000;
+    this.dnsMetrics.queryTimestamps = this.dnsMetrics.queryTimestamps.filter(ts => ts >= fiveMinutesAgo);
+    
+    // Track response time if provided
+    if (responseTimeMs) {
+      this.dnsMetrics.responseTimes.push(responseTimeMs);
+      // Keep only last 1000 response times
+      if (this.dnsMetrics.responseTimes.length > 1000) {
+        this.dnsMetrics.responseTimes.shift();
+      }
+    }
+    
+    // Track query types
+    this.dnsMetrics.queryTypes[queryType] = (this.dnsMetrics.queryTypes[queryType] || 0) + 1;
+    
+    // Track top domains with size limit
+    const currentCount = this.dnsMetrics.topDomains.get(domain) || 0;
+    this.dnsMetrics.topDomains.set(domain, currentCount + 1);
+    
+    // If we've exceeded the limit, remove the least accessed domains
+    if (this.dnsMetrics.topDomains.size > this.MAX_TOP_DOMAINS) {
+      // Convert to array, sort by count, and keep only top domains
+      const sortedDomains = Array.from(this.dnsMetrics.topDomains.entries())
+        .sort((a, b) => b[1] - a[1])
+        .slice(0, Math.floor(this.MAX_TOP_DOMAINS * 0.8)); // Keep 80% to avoid frequent cleanup
+      
+      // Clear and repopulate with top domains
+      this.dnsMetrics.topDomains.clear();
+      sortedDomains.forEach(([domain, count]) => {
+        this.dnsMetrics.topDomains.set(domain, count);
+      });
+    }
+  }
+  
+  // Security event tracking methods
+  public trackBlockedIP(ip?: string, reason?: string): void {
+    this.securityMetrics.blockedIPs++;
+    
+    this.securityMetrics.incidents.push({
+      timestamp: Date.now(),
+      type: 'ip_blocked',
+      severity: 'medium',
+      details: `IP ${ip || 'unknown'} blocked: ${reason || 'security policy'}`,
+    });
+    
+    // Keep only last 1000 incidents
+    if (this.securityMetrics.incidents.length > 1000) {
+      this.securityMetrics.incidents.shift();
+    }
+  }
+  
+  public trackAuthFailure(username?: string, ip?: string): void {
+    this.securityMetrics.authFailures++;
+    
+    this.securityMetrics.incidents.push({
+      timestamp: Date.now(),
+      type: 'auth_failure',
+      severity: 'low',
+      details: `Authentication failed for ${username || 'unknown'} from ${ip || 'unknown'}`,
+    });
+    
+    // Keep only last 1000 incidents
+    if (this.securityMetrics.incidents.length > 1000) {
+      this.securityMetrics.incidents.shift();
+    }
+  }
+  
+  public trackSpamDetected(sender?: string): void {
+    this.securityMetrics.spamDetected++;
+    
+    this.securityMetrics.incidents.push({
+      timestamp: Date.now(),
+      type: 'spam_detected',
+      severity: 'low',
+      details: `Spam detected from ${sender || 'unknown'}`,
+    });
+    
+    // Keep only last 1000 incidents
+    if (this.securityMetrics.incidents.length > 1000) {
+      this.securityMetrics.incidents.shift();
+    }
+  }
+  
+  public trackMalwareDetected(source?: string): void {
+    this.securityMetrics.malwareDetected++;
+    
+    this.securityMetrics.incidents.push({
+      timestamp: Date.now(),
+      type: 'malware_detected',
+      severity: 'high',
+      details: `Malware detected from ${source || 'unknown'}`,
+    });
+    
+    // Keep only last 1000 incidents
+    if (this.securityMetrics.incidents.length > 1000) {
+      this.securityMetrics.incidents.shift();
+    }
+  }
+  
+  public trackPhishingDetected(source?: string): void {
+    this.securityMetrics.phishingDetected++;
+    
+    this.securityMetrics.incidents.push({
+      timestamp: Date.now(),
+      type: 'phishing_detected',
+      severity: 'high',
+      details: `Phishing attempt from ${source || 'unknown'}`,
+    });
+    
+    // Keep only last 1000 incidents
+    if (this.securityMetrics.incidents.length > 1000) {
+      this.securityMetrics.incidents.shift();
+    }
+  }
+  
+  // Get network metrics from SmartProxy
+  public async getNetworkStats() {
+    // Use shorter cache TTL for network stats to ensure real-time updates
+    return this.metricsCache.get('networkStats', () => {
+      const proxyMetrics = this.dcRouter.smartProxy ? this.dcRouter.smartProxy.getMetrics() : null;
+
+      if (!proxyMetrics) {
+        return {
+          connectionsByIP: new Map<string, number>(),
+          throughputRate: { bytesInPerSecond: 0, bytesOutPerSecond: 0 },
+          topIPs: [] as Array<{ ip: string; count: number }>,
+          totalDataTransferred: { bytesIn: 0, bytesOut: 0 },
+          throughputHistory: [] as Array<{ timestamp: number; in: number; out: number }>,
+          throughputByIP: new Map<string, { in: number; out: number }>(),
+          requestsPerSecond: 0,
+          requestsTotal: 0,
+        };
+      }
+
+      // Get metrics using the new API
+      const connectionsByIP = proxyMetrics.connections.byIP();
+      const instantThroughput = proxyMetrics.throughput.instant();
+
+      // Get throughput rate
+      const throughputRate = {
+        bytesInPerSecond: instantThroughput.in,
+        bytesOutPerSecond: instantThroughput.out
+      };
+
+      // Get top IPs
+      const topIPs = proxyMetrics.connections.topIPs(10);
+
+      // Get total data transferred
+      const totalDataTransferred = {
+        bytesIn: proxyMetrics.totals.bytesIn(),
+        bytesOut: proxyMetrics.totals.bytesOut()
+      };
+
+      // Get throughput history from Rust engine (up to 300 seconds)
+      const throughputHistory = proxyMetrics.throughput.history(300);
+
+      // Get per-IP throughput
+      const throughputByIP = proxyMetrics.throughput.byIP();
+
+      // Get HTTP request rates
+      const requestsPerSecond = proxyMetrics.requests.perSecond();
+      const requestsTotal = proxyMetrics.requests.total();
+
+      return {
+        connectionsByIP,
+        throughputRate,
+        topIPs,
+        totalDataTransferred,
+        throughputHistory,
+        throughputByIP,
+        requestsPerSecond,
+        requestsTotal,
+      };
+    }, 200); // Use 200ms cache for more frequent updates
+  }
+}

ts/monitoring/index.ts

@@ -0,0 +1 @@
+export * from './classes.metricsmanager.js';

ts/opsserver/classes.opsserver.ts

@@ -0,0 +1,73 @@
+import type DcRouter from '../classes.dcrouter.js';
+import * as plugins from '../plugins.js';
+import * as paths from '../paths.js';
+import * as handlers from './handlers/index.js';
+
+export class OpsServer {
+  public dcRouterRef: DcRouter;
+  public server: plugins.typedserver.utilityservers.UtilityWebsiteServer;
+  
+  // TypedRouter for OpsServer-specific handlers
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+  
+  // Handler instances
+  public adminHandler: handlers.AdminHandler;
+  private configHandler: handlers.ConfigHandler;
+  private logsHandler: handlers.LogsHandler;
+  private securityHandler: handlers.SecurityHandler;
+  private statsHandler: handlers.StatsHandler;
+  private radiusHandler: handlers.RadiusHandler;
+  private emailOpsHandler: handlers.EmailOpsHandler;
+  private certificateHandler: handlers.CertificateHandler;
+  private remoteIngressHandler: handlers.RemoteIngressHandler;
+
+  constructor(dcRouterRefArg: DcRouter) {
+    this.dcRouterRef = dcRouterRefArg;
+    
+    // Add our typedrouter to the dcRouter's main typedrouter
+    this.dcRouterRef.typedrouter.addTypedRouter(this.typedrouter);
+  }
+
+  public async start() {
+    this.server = new plugins.typedserver.utilityservers.UtilityWebsiteServer({
+      domain: 'localhost',
+      feedMetadata: null,
+      serveDir: paths.distServe,
+    });
+    
+    // The server has a built-in typedrouter at /typedrequest
+    // Add the main dcRouter typedrouter to the server's typedrouter
+    this.server.typedrouter.addTypedRouter(this.dcRouterRef.typedrouter);
+    
+    // Set up handlers
+    await this.setupHandlers();
+
+    await this.server.start(3000);
+  }
+  
+  /**
+   * Set up all TypedRequest handlers
+   */
+  private async setupHandlers(): Promise<void> {
+    // Instantiate all handlers - they self-register with the typedrouter
+    this.adminHandler = new handlers.AdminHandler(this);
+    await this.adminHandler.initialize(); // JWT needs async initialization
+    
+    this.configHandler = new handlers.ConfigHandler(this);
+    this.logsHandler = new handlers.LogsHandler(this);
+    this.securityHandler = new handlers.SecurityHandler(this);
+    this.statsHandler = new handlers.StatsHandler(this);
+    this.radiusHandler = new handlers.RadiusHandler(this);
+    this.emailOpsHandler = new handlers.EmailOpsHandler(this);
+    this.certificateHandler = new handlers.CertificateHandler(this);
+    this.remoteIngressHandler = new handlers.RemoteIngressHandler(this);
+
+    console.log('✅ OpsServer TypedRequest handlers initialized');
+  }
+
+  public async stop() {
+    if (this.server) {
+      await this.server.stop();
+    }
+  }
+}

ts/opsserver/handlers/admin.handler.ts

@@ -0,0 +1,240 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+
+export interface IJwtData {
+  userId: string;
+  status: 'loggedIn' | 'loggedOut';
+  expiresAt: number;
+}
+
+export class AdminHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+  
+  // JWT instance
+  public smartjwtInstance: plugins.smartjwt.SmartJwt<IJwtData>;
+  
+  // Simple in-memory user storage (in production, use proper database)
+  private users = new Map<string, {
+    id: string;
+    username: string;
+    password: string;
+    role: string;
+  }>();
+  
+  constructor(private opsServerRef: OpsServer) {
+    // Add this handler's router to the parent
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+  }
+  
+  public async initialize(): Promise<void> {
+    await this.initializeJwt();
+    this.initializeDefaultUsers();
+    this.registerHandlers();
+  }
+  
+  private async initializeJwt(): Promise<void> {
+    this.smartjwtInstance = new plugins.smartjwt.SmartJwt();
+    await this.smartjwtInstance.init();
+    
+    // For development, create new keypair each time
+    // In production, load from storage like cloudly does
+    await this.smartjwtInstance.createNewKeyPair();
+  }
+  
+  private initializeDefaultUsers(): void {
+    // Add default admin user
+    const adminId = plugins.uuid.v4();
+    this.users.set(adminId, {
+      id: adminId,
+      username: 'admin',
+      password: 'admin',
+      role: 'admin',
+    });
+  }
+  
+  private registerHandlers(): void {
+    // Admin Login Handler
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AdminLoginWithUsernameAndPassword>(
+        'adminLoginWithUsernameAndPassword',
+        async (dataArg) => {
+          try {
+            // Find user by username and password
+            let user: { id: string; username: string; password: string; role: string } | null = null;
+            for (const [_, userData] of this.users) {
+              if (userData.username === dataArg.username && userData.password === dataArg.password) {
+                user = userData;
+                break;
+              }
+            }
+            
+            if (!user) {
+              throw new plugins.typedrequest.TypedResponseError('login failed');
+            }
+            
+            const expiresAtTimestamp = Date.now() + 3600 * 1000 * 24; // 24 hours
+            
+            const jwt = await this.smartjwtInstance.createJWT({
+              userId: user.id,
+              status: 'loggedIn',
+              expiresAt: expiresAtTimestamp,
+            });
+            
+            return {
+              identity: {
+                jwt,
+                userId: user.id,
+                name: user.username,
+                expiresAt: expiresAtTimestamp,
+                role: user.role,
+                type: 'user',
+              },
+            };
+          } catch (error) {
+            if (error instanceof plugins.typedrequest.TypedResponseError) {
+              throw error;
+            }
+            throw new plugins.typedrequest.TypedResponseError('login failed');
+          }
+        }
+      )
+    );
+    
+    // Admin Logout Handler
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_AdminLogout>(
+        'adminLogout',
+        async (dataArg) => {
+          // In a real implementation, you might want to blacklist the JWT
+          // For now, just return success
+          return {
+            success: true,
+          };
+        }
+      )
+    );
+    
+    // Verify Identity Handler
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_VerifyIdentity>(
+        'verifyIdentity',
+        async (dataArg) => {
+          if (!dataArg.identity?.jwt) {
+            return {
+              valid: false,
+            };
+          }
+          
+          try {
+            const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+            
+            // Check if expired
+            if (jwtData.expiresAt < Date.now()) {
+              return {
+                valid: false,
+              };
+            }
+            
+            // Check if logged in
+            if (jwtData.status !== 'loggedIn') {
+              return {
+                valid: false,
+              };
+            }
+            
+            // Find user
+            const user = this.users.get(jwtData.userId);
+            if (!user) {
+              return {
+                valid: false,
+              };
+            }
+            
+            return {
+              valid: true,
+              identity: {
+                jwt: dataArg.identity.jwt,
+                userId: user.id,
+                name: user.username,
+                expiresAt: jwtData.expiresAt,
+                role: user.role,
+                type: 'user',
+              },
+            };
+          } catch (error) {
+            return {
+              valid: false,
+            };
+          }
+        }
+      )
+    );
+  }
+  
+  /**
+   * Create a guard for valid identity (matching cloudly pattern)
+   */
+  public validIdentityGuard = new plugins.smartguard.Guard<{
+    identity: interfaces.data.IIdentity;
+  }>(
+    async (dataArg) => {
+      if (!dataArg.identity?.jwt) {
+        return false;
+      }
+      
+      try {
+        const jwtData = await this.smartjwtInstance.verifyJWTAndGetData(dataArg.identity.jwt);
+        
+        // Check expiration
+        if (jwtData.expiresAt < Date.now()) {
+          return false;
+        }
+        
+        // Check status
+        if (jwtData.status !== 'loggedIn') {
+          return false;
+        }
+        
+        // Verify data hasn't been tampered with
+        if (dataArg.identity.expiresAt !== jwtData.expiresAt) {
+          return false;
+        }
+        
+        if (dataArg.identity.userId !== jwtData.userId) {
+          return false;
+        }
+        
+        return true;
+      } catch (error) {
+        return false;
+      }
+    },
+    {
+      failedHint: 'identity is not valid',
+      name: 'validIdentityGuard',
+    }
+  );
+  
+  /**
+   * Create a guard for admin identity (matching cloudly pattern)
+   */
+  public adminIdentityGuard = new plugins.smartguard.Guard<{
+    identity: interfaces.data.IIdentity;
+  }>(
+    async (dataArg) => {
+      // First check if identity is valid
+      const isValid = await this.validIdentityGuard.exec(dataArg);
+      if (!isValid) {
+        return false;
+      }
+      
+      // Check if user has admin role
+      return dataArg.identity.role === 'admin';
+    },
+    {
+      failedHint: 'user is not admin',
+      name: 'adminIdentityGuard',
+    }
+  );
+}

ts/opsserver/handlers/certificate.handler.ts

@@ -0,0 +1,327 @@
+import * as plugins from '../../plugins.js';
+import type { OpsServer } from '../classes.opsserver.js';
+import * as interfaces from '../../../ts_interfaces/index.js';
+
+export class CertificateHandler {
+  public typedrouter = new plugins.typedrequest.TypedRouter();
+
+  constructor(private opsServerRef: OpsServer) {
+    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
+    this.registerHandlers();
+  }
+
+  private registerHandlers(): void {
+    // Get Certificate Overview
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetCertificateOverview>(
+        'getCertificateOverview',
+        async (dataArg) => {
+          const certificates = await this.buildCertificateOverview();
+          const summary = this.buildSummary(certificates);
+          return { certificates, summary };
+        }
+      )
+    );
+
+    // Legacy route-based reprovision (backward compat)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificate>(
+        'reprovisionCertificate',
+        async (dataArg) => {
+          return this.reprovisionCertificateByRoute(dataArg.routeName);
+        }
+      )
+    );
+
+    // Domain-based reprovision (preferred)
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ReprovisionCertificateDomain>(
+        'reprovisionCertificateDomain',
+        async (dataArg) => {
+          return this.reprovisionCertificateDomain(dataArg.domain);
+        }
+      )
+    );
+  }
+
+  /**
+   * Build domain-centric certificate overview.
+   * Instead of one row per route, we produce one row per unique domain.
+   */
+  private async buildCertificateOverview(): Promise<interfaces.requests.ICertificateInfo[]> {
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const smartProxy = dcRouter.smartProxy;
+    if (!smartProxy) return [];
+
+    const routes = smartProxy.routeManager.getRoutes();
+
+    // Phase 1: Collect unique domains with their associated route info
+    const domainMap = new Map<string, {
+      routeNames: string[];
+      source: interfaces.requests.TCertificateSource;
+      tlsMode: 'terminate' | 'terminate-and-reencrypt' | 'passthrough';
+      canReprovision: boolean;
+    }>();
+
+    for (const route of routes) {
+      if (!route.name) continue;
+
+      const tls = route.action?.tls;
+      if (!tls) continue;
+
+      // Skip passthrough routes - they don't manage certificates
+      if (tls.mode === 'passthrough') continue;
+
+      const routeDomains = route.match.domains
+        ? (Array.isArray(route.match.domains) ? route.match.domains : [route.match.domains])
+        : [];
+
+      // Determine source
+      let source: interfaces.requests.TCertificateSource = 'none';
+      if (tls.certificate === 'auto') {
+        if ((smartProxy.settings as any).certProvisionFunction) {
+          source = 'provision-function';
+        } else {
+          source = 'acme';
+        }
+      } else if (tls.certificate && typeof tls.certificate === 'object') {
+        source = 'static';
+      }
+
+      const canReprovision = source === 'acme' || source === 'provision-function';
+      const tlsMode = tls.mode as 'terminate' | 'terminate-and-reencrypt' | 'passthrough';
+
+      for (const domain of routeDomains) {
+        const existing = domainMap.get(domain);
+        if (existing) {
+          // Add this route name to the existing domain entry
+          if (!existing.routeNames.includes(route.name)) {
+            existing.routeNames.push(route.name);
+          }
+          // Upgrade source if more specific
+          if (existing.source === 'none' && source !== 'none') {
+            existing.source = source;
+            existing.canReprovision = canReprovision;
+          }
+        } else {
+          domainMap.set(domain, {
+            routeNames: [route.name],
+            source,
+            tlsMode,
+            canReprovision,
+          });
+        }
+      }
+    }
+
+    // Phase 2: Resolve status for each unique domain
+    const certificates: interfaces.requests.ICertificateInfo[] = [];
+
+    for (const [domain, info] of domainMap) {
+      let status: interfaces.requests.TCertificateStatus = 'unknown';
+      let expiryDate: string | undefined;
+      let issuedAt: string | undefined;
+      let issuer: string | undefined;
+      let error: string | undefined;
+
+      // Check event-based status from certificateStatusMap (now keyed by domain)
+      const eventStatus = dcRouter.certificateStatusMap.get(domain);
+      if (eventStatus) {
+        status = eventStatus.status;
+        expiryDate = eventStatus.expiryDate;
+        issuedAt = eventStatus.issuedAt;
+        error = eventStatus.error;
+        if (eventStatus.source) {
+          issuer = eventStatus.source;
+        }
+      }
+
+      // Try SmartProxy certificate status if no event data
+      if (status === 'unknown' && info.routeNames.length > 0) {
+        try {
+          const rustStatus = await smartProxy.getCertificateStatus(info.routeNames[0]);
+          if (rustStatus) {
+            if (rustStatus.expiryDate) expiryDate = rustStatus.expiryDate;
+            if (rustStatus.issuer) issuer = rustStatus.issuer;
+            if (rustStatus.issuedAt) issuedAt = rustStatus.issuedAt;
+            if (rustStatus.status === 'valid' || rustStatus.status === 'expired') {
+              status = rustStatus.status;
+            }
+          }
+        } catch {
+          // Rust bridge may not support this command yet — ignore
+        }
+      }
+
+      // Check persisted cert data from StorageManager
+      if (status === 'unknown') {
+        const cleanDomain = domain.replace(/^\*\.?/, '');
+        let certData = await dcRouter.storageManager.getJSON(`/certs/${cleanDomain}`);
+        if (!certData) {
+          // Also check certStore path (proxy-certs)
+          certData = await dcRouter.storageManager.getJSON(`/proxy-certs/${domain}`);
+        }
+        if (certData?.validUntil) {
+          expiryDate = new Date(certData.validUntil).toISOString();
+          if (certData.created) {
+            issuedAt = new Date(certData.created).toISOString();
+          }
+          issuer = 'smartacme-dns-01';
+        } else if (certData?.publicKey) {
+          // certStore has the cert — parse PEM for expiry
+          try {
+            const x509 = new plugins.crypto.X509Certificate(certData.publicKey);
+            expiryDate = new Date(x509.validTo).toISOString();
+            issuedAt = new Date(x509.validFrom).toISOString();
+          } catch { /* PEM parsing failed */ }
+          status = 'valid';
+          issuer = 'cert-store';
+        } else if (certData) {
+          status = 'valid';
+          issuer = 'cert-store';
+        }
+      }
+
+      // Compute status from expiry date
+      if (expiryDate && (status === 'valid' || status === 'unknown')) {
+        const expiry = new Date(expiryDate);
+        const now = new Date();
+        const daysUntilExpiry = (expiry.getTime() - now.getTime()) / (1000 * 60 * 60 * 24);
+
+        if (daysUntilExpiry < 0) {
+          status = 'expired';
+        } else if (daysUntilExpiry < 30) {
+          status = 'expiring';
+        } else {
+          status = 'valid';
+        }
+      }
+
+      // Static certs with no other info default to 'valid'
+      if (info.source === 'static' && status === 'unknown') {
+        status = 'valid';
+      }
+
+      // ACME/provision-function routes with no cert data are still provisioning
+      if (status === 'unknown' && (info.source === 'acme' || info.source === 'provision-function')) {
+        status = 'provisioning';
+      }
+
+      // Phase 3: Attach backoff info
+      let backoffInfo: interfaces.requests.ICertificateInfo['backoffInfo'];
+      if (dcRouter.certProvisionScheduler) {
+        const bi = await dcRouter.certProvisionScheduler.getBackoffInfo(domain);
+        if (bi) {
+          backoffInfo = bi;
+        }
+      }
+
+      certificates.push({
+        domain,
+        routeNames: info.routeNames,
+        status,
+        source: info.source,
+        tlsMode: info.tlsMode,
+        expiryDate,
+        issuer,
+        issuedAt,
+        error,
+        canReprovision: info.canReprovision,
+        backoffInfo,
+      });
+    }
+
+    return certificates;
+  }
+
+  private buildSummary(certificates: interfaces.requests.ICertificateInfo[]): {
+    total: number;
+    valid: number;
+    expiring: number;
+    expired: number;
+    failed: number;
+    unknown: number;
+  } {
+    const summary = { total: 0, valid: 0, expiring: 0, expired: 0, failed: 0, unknown: 0 };
+    summary.total = certificates.length;
+    for (const cert of certificates) {
+      switch (cert.status) {
+        case 'valid': summary.valid++; break;
+        case 'expiring': summary.expiring++; break;
+        case 'expired': summary.expired++; break;
+        case 'failed': summary.failed++; break;
+        case 'provisioning': // count as unknown
+        case 'unknown': summary.unknown++; break;
+      }
+    }
+    return summary;
+  }
+
+  /**
+   * Legacy route-based reprovisioning
+   */
+  private async reprovisionCertificateByRoute(routeName: string): Promise<{ success: boolean; message?: string }> {
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const smartProxy = dcRouter.smartProxy;
+
+    if (!smartProxy) {
+      return { success: false, message: 'SmartProxy is not running' };
+    }
+
+    try {
+      await smartProxy.provisionCertificate(routeName);
+      // Clear event-based status for domains in this route
+      for (const [domain, entry] of dcRouter.certificateStatusMap) {
+        if (entry.routeNames.includes(routeName)) {
+          dcRouter.certificateStatusMap.delete(domain);
+        }
+      }
+      return { success: true, message: `Certificate reprovisioning triggered for route '${routeName}'` };
+    } catch (err) {
+      return { success: false, message: err.message || 'Failed to reprovision certificate' };
+    }
+  }
+
+  /**
+   * Domain-based reprovisioning — clears backoff first, then triggers provision
+   */
+  private async reprovisionCertificateDomain(domain: string): Promise<{ success: boolean; message?: string }> {
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const smartProxy = dcRouter.smartProxy;
+
+    if (!smartProxy) {
+      return { success: false, message: 'SmartProxy is not running' };
+    }
+
+    // Clear backoff for this domain (user override)
+    if (dcRouter.certProvisionScheduler) {
+      await dcRouter.certProvisionScheduler.clearBackoff(domain);
+    }
+
+    // Clear status map entry so it gets refreshed
+    dcRouter.certificateStatusMap.delete(domain);
+
+    // Try to provision via SmartAcme directly
+    if (dcRouter.smartAcme) {
+      try {
+        await dcRouter.smartAcme.getCertificateForDomain(domain);
+        return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}'` };
+      } catch (err) {
+        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      }
+    }
+
+    // Fallback: try provisioning via the first matching route
+    const routeNames = dcRouter.findRouteNamesForDomain(domain);
+    if (routeNames.length > 0) {
+      try {
+        await smartProxy.provisionCertificate(routeNames[0]);
+        return { success: true, message: `Certificate reprovisioning triggered for domain '${domain}' via route '${routeNames[0]}'` };
+      } catch (err) {
+        return { success: false, message: err.message || `Failed to reprovision certificate for ${domain}` };
+      }
+    }
+
+    return { success: false, message: `No routes found for domain '${domain}'` };
+  }
+}