v4.0.0

BREAKING CHANGE(config): convert configuration management to read-only; remove updateConfiguration endpoint and client-side editing
v3.1.0
2026-02-03 23:26:51 +00:00 · 2026-02-03 23:26:51 +00:00 · 2026-02-02 22:21:55 +00:00 · 2026-02-02 22:21:55 +00:00
26 changed files with 2909 additions and 597 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,24 @@
 # Changelog
 ## 2026-02-03 - 4.0.0 - BREAKING CHANGE(config)
 convert configuration management to read-only; remove updateConfiguration endpoint and client-side editing
 - Removed server-side 'updateConfiguration' TypedHandler and the private updateConfiguration() method; getConfiguration remains as a read-only handler.
 - Removed IReq_UpdateConfiguration interface from request typings; IReq_GetConfiguration marked as read-only.
 - Removed client-side editing functionality: ops-view-config editing state and methods, Edit/Save/Cancel buttons, and updateConfigurationAction; ops-view-config enhanced to display read-only configuration (badges for booleans, array pills, icons, formatted numbers/bytes, empty states, etc.).
 - Tests updated: replaced configuration update tests with verifyIdentity tests and added a read-only configuration access test.
 - Documentation updated to reflect configuration is read-only (readme.md, ts_web/readme.md, ts_interfaces/readme.md, readme.hints.md).
 - Dependencies adjusted: bumped @push.rocks/smartdata to ^7.0.15 and added @push.rocks/smartmongo ^5.1.0; ts/plugins updated to import/export smartmongo.
 ## 2026-02-02 - 3.1.0 - feat(web)
 determine initial UI view from URL and wire selected view to appdash; add interface and web README files; bump various dependencies
 - UI: derive initial active view from window.location.pathname so the dashboard supports deep linking and bookmarks (ts_web/appstate.ts)
 - UI: pass selectedView to dees-simple-appdash by adding a currentViewTab getter in ops-dashboard (ts_web/elements/ops-dashboard.ts)
 - Docs: add TypeScript interfaces README for @serve.zone/dcrouter-interfaces (ts_interfaces/readme.md)
 - Docs: add/update web module README detailing features, routing, and build instructions (ts_web/readme.md) and expand main project README
 - Deps: bump multiple dependencies in package.json (notable bumps: @api.global/typedrequest -> ^3.2.5, @design.estate/dees-catalog -> ^3.42.0, @design.estate/dees-element -> ^2.1.6, @push.rocks/projectinfo -> ^5.0.2, @push.rocks/smartdata -> ^5.16.7, @push.rocks/smartpromise -> ^4.2.3, @push.rocks/smartradius -> ^1.1.0, @push.rocks/smartstate -> ^2.0.30, mailauth -> ^4.12.1)
 ## 2026-02-01 - 3.0.0 - BREAKING CHANGE(deps)
 upgrade major dependencies, migrate action.target to action.targets (array), adapt to SmartRequest API changes, and add RADIUS server support
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@serve.zone/dcrouter",
  "private": false,
-  "version": "3.0.0",
+  "version": "4.0.0",
  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
  "main": "dist_ts/index.js",
  "typings": "dist_ts/index.d.ts",
@@ -26,17 +26,17 @@
    "node-forge": "^1.3.3"
  },
  "dependencies": {
-    "@api.global/typedrequest": "^3.0.19",
+    "@api.global/typedrequest": "^3.2.5",
    "@api.global/typedrequest-interfaces": "^3.0.19",
    "@api.global/typedserver": "^8.3.0",
    "@api.global/typedsocket": "^4.1.0",
    "@apiclient.xyz/cloudflare": "^7.1.0",
-    "@design.estate/dees-catalog": "^3.41.5",
+    "@design.estate/dees-catalog": "^3.42.0",
-    "@design.estate/dees-element": "^2.0.45",
+    "@design.estate/dees-element": "^2.1.6",
-    "@push.rocks/projectinfo": "^5.0.1",
+    "@push.rocks/projectinfo": "^5.0.2",
    "@push.rocks/qenv": "^6.1.3",
    "@push.rocks/smartacme": "^8.0.0",
-    "@push.rocks/smartdata": "^5.15.1",
+    "@push.rocks/smartdata": "^7.0.15",
    "@push.rocks/smartdns": "^7.6.1",
    "@push.rocks/smartfile": "^13.1.2",
    "@push.rocks/smartguard": "^3.1.0",
@@ -44,22 +44,23 @@
    "@push.rocks/smartlog": "^3.1.10",
    "@push.rocks/smartmail": "^2.2.0",
    "@push.rocks/smartmetrics": "^2.0.10",
    "@push.rocks/smartmongo": "^5.1.0",
    "@push.rocks/smartnetwork": "^4.4.0",
    "@push.rocks/smartpath": "^6.0.0",
-    "@push.rocks/smartpromise": "^4.0.3",
+    "@push.rocks/smartpromise": "^4.2.3",
    "@push.rocks/smartproxy": "^22.4.2",
-    "@push.rocks/smartradius": "^1.0.3",
+    "@push.rocks/smartradius": "^1.1.0",
    "@push.rocks/smartrequest": "^5.0.1",
    "@push.rocks/smartrule": "^2.0.1",
    "@push.rocks/smartrx": "^3.0.10",
-    "@push.rocks/smartstate": "^2.0.27",
+    "@push.rocks/smartstate": "^2.0.30",
    "@push.rocks/smartunique": "^3.0.9",
    "@serve.zone/interfaces": "^5.3.0",
    "@tsclass/tsclass": "^9.3.0",
    "@types/mailparser": "^3.4.6",
    "ip": "^2.0.1",
    "lru-cache": "^11.2.5",
-    "mailauth": "^4.12.0",
+    "mailauth": "^4.12.1",
    "mailparser": "^3.9.3",
    "uuid": "^13.0.0"
  },
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -9,7 +9,7 @@ importers:
  .:
    dependencies:
      '@api.global/typedrequest':
-        specifier: ^3.0.19
+        specifier: ^3.2.5
        version: 3.2.5
      '@api.global/typedrequest-interfaces':
        specifier: ^3.0.19
@@ -24,13 +24,13 @@ importers:
        specifier: ^7.1.0
        version: 7.1.0
      '@design.estate/dees-catalog':
-        specifier: ^3.41.5
+        specifier: ^3.42.0
-        version: 3.41.5(@tiptap/pm@2.27.2)
+        version: 3.42.0(@tiptap/pm@2.27.2)
      '@design.estate/dees-element':
-        specifier: ^2.0.45
+        specifier: ^2.1.6
        version: 2.1.6
      '@push.rocks/projectinfo':
-        specifier: ^5.0.1
+        specifier: ^5.0.2
        version: 5.0.2
      '@push.rocks/qenv':
        specifier: ^6.1.3
@@ -39,8 +39,8 @@ importers:
        specifier: ^8.0.0
        version: 8.0.0(socks@2.8.7)
      '@push.rocks/smartdata':
-        specifier: ^5.15.1
+        specifier: ^7.0.15
-        version: 5.16.7(socks@2.8.7)
+        version: 7.0.15(socks@2.8.7)
      '@push.rocks/smartdns':
        specifier: ^7.6.1
        version: 7.6.1
@@ -62,6 +62,9 @@ importers:
      '@push.rocks/smartmetrics':
        specifier: ^2.0.10
        version: 2.0.10
      '@push.rocks/smartmongo':
        specifier: ^5.1.0
        version: 5.1.0(socks@2.8.7)
      '@push.rocks/smartnetwork':
        specifier: ^4.4.0
        version: 4.4.0
@@ -69,13 +72,13 @@ importers:
        specifier: ^6.0.0
        version: 6.0.0
      '@push.rocks/smartpromise':
-        specifier: ^4.0.3
+        specifier: ^4.2.3
        version: 4.2.3
      '@push.rocks/smartproxy':
        specifier: ^22.4.2
        version: 22.4.2(socks@2.8.7)
      '@push.rocks/smartradius':
-        specifier: ^1.0.3
+        specifier: ^1.1.0
        version: 1.1.0
      '@push.rocks/smartrequest':
        specifier: ^5.0.1
@@ -87,8 +90,8 @@ importers:
        specifier: ^3.0.10
        version: 3.0.10
      '@push.rocks/smartstate':
-        specifier: ^2.0.27
+        specifier: ^2.0.30
-        version: 2.0.27
+        version: 2.0.30
      '@push.rocks/smartunique':
        specifier: ^3.0.9
        version: 3.0.9
@@ -108,8 +111,8 @@ importers:
        specifier: ^11.2.5
        version: 11.2.5
      mailauth:
-        specifier: ^4.12.0
+        specifier: ^4.12.1
-        version: 4.12.0
+        version: 4.12.1
      mailparser:
        specifier: ^3.9.3
        version: 3.9.3
@@ -362,8 +365,8 @@ packages:
  '@configvault.io/interfaces@1.0.17':
    resolution: {integrity: sha512-bEcCUR2VBDJsTin8HQh8Uw/mlYl2v8A3jMIaQ+MTB9Hrqd6CZL2dL7iJdWyFl/3EIX+LDxWFR+Oq7liIq7w+1Q==}
-  '@design.estate/dees-catalog@3.41.5':
+  '@design.estate/dees-catalog@3.42.0':
-    resolution: {integrity: sha512-2LOUh92h2ndzlEKOyDqGE2Mdjhmxt6ZeAqHt5KKslNHzmNhdWFKUe6C1Vm2nU6vRvFLXXC/ex56KSP3XcCPD8g==}
+    resolution: {integrity: sha512-pArkafnrhRsHsSxKUMUM2YP5ei/AbcchPEKZY2PyHHAdXcNxyT3pE2Oh1FPcs1pqF2LpEgJRq8KFQbFhvhp8Nw==}
  '@design.estate/dees-comms@1.0.30':
    resolution: {integrity: sha512-KchMlklJfKAjQiJiR0xmofXtQ27VgZtBIxcMwPE9d+h3jJRv+lPZxzBQVOM0eyM0uS44S5vJMZ11IeV4uDXSHg==}
@@ -934,6 +937,9 @@ packages:
  '@push.rocks/smartdata@5.16.7':
    resolution: {integrity: sha512-bu/YSIjQcwxWXkAsuhqE6zs7eT+bTIKV8+/H7TbbjpzeioLCyB3dZ/41cLZk37c/EYt4d4GHgZ0ww80OiKOUMg==}
  '@push.rocks/smartdata@7.0.15':
    resolution: {integrity: sha512-j09BUekmjiGZuvXmdGBiIpBTXFFnxrzG4rOBjZvPO/hG1BwNrvSkIVq20mIwdYomn8JGgya6oJ4Y7NL+FKTqEA==}
  '@push.rocks/smartdelay@3.0.5':
    resolution: {integrity: sha512-mUuI7kj2f7ztjpic96FvRIlf2RsKBa5arw81AHNsndbxO6asRcxuWL8dTVxouEIK8YsBUlj0AsrCkHhMbLQdHw==}
@@ -991,6 +997,9 @@ packages:
  '@push.rocks/smartjson@5.2.0':
    resolution: {integrity: sha512-710e8UwovRfPgUtaBHcd6unaODUjV5fjxtGcGCqtaTcmvOV6VpasdVfT66xMDzQmWH2E9ZfHDJeso9HdDQzNQA==}
  '@push.rocks/smartjson@6.0.0':
    resolution: {integrity: sha512-FYfJnmukt66WePn6xrVZ3BLmRQl9W82LcsICK3VU9sGW7kasig090jKXPm+yX8ibQcZAO/KyR/Q8tMIYZNxGew==}
  '@push.rocks/smartjwt@2.2.1':
    resolution: {integrity: sha512-Xwau9o8u7kLfSGi5v+kiyGB/hiDPclZjVEuj69J0LszO9nOh4OexYizKIOgOzKQMqnYQ03Dy35KqP9pdEjccbQ==}
@@ -1030,6 +1039,9 @@ packages:
  '@push.rocks/smartmongo@2.2.0':
    resolution: {integrity: sha512-ovVCNoJ3D0aBuKtoKaQWWQKvBngaGJq9fAPQigzji1EHsS1XyGpXWCpe5nq/ptGvBROOcpqZcOFEGAcrnb+OjA==}
  '@push.rocks/smartmongo@5.1.0':
    resolution: {integrity: sha512-2tpKf8K+SMdLHOEpafgKPIN+ypWTLwHc33hCUDNMQ1KaL7vokkavA44+fHxQydOGPMtDi22tSMFeVMCcUSzs4w==}
  '@push.rocks/smartmustache@3.0.2':
    resolution: {integrity: sha512-G3LyRXoJhyM+iQhkvP/MR/2WYMvC9U7zc2J44JxUM5tPdkQ+o3++FbfRtnZj6rz5X/A7q03//vsxPitVQwoi2Q==}
@@ -1108,8 +1120,8 @@ packages:
  '@push.rocks/smartspawn@3.0.3':
    resolution: {integrity: sha512-DyrGPV69wwOiJgKkyruk5hS3UEGZ99xFAqBE9O2nM8VXCRLbbty3xt1Ug5Z092ZZmJYaaGMSnMw3ijyZJFCT0Q==}
-  '@push.rocks/smartstate@2.0.27':
+  '@push.rocks/smartstate@2.0.30':
-    resolution: {integrity: sha512-q4UKir7GV3hakJWXQR4DoA4tUVwT5GRkJ/MtanHYF0wZLHfS19+nGmyO9y974zk3eT9hmy3+Lq5cKtU2W6+Y3w==}
+    resolution: {integrity: sha512-IuNW8XtSumXIr7g7MIFyWg5PBwLF2mwsymTJbSEycK2Pa9ZLk4yjRHnR907xCilxgiMU9ixQZyNdpa5MMF999A==}
  '@push.rocks/smartstream@2.0.8':
    resolution: {integrity: sha512-GlF/9cCkvBHwKa3DK4DO5wjfSgqkj6gAS4TrY9uD5NMHu9RQv4WiNrElTYj7iCEpnZgUnLO3tzw1JA3NRIMnnA==}
@@ -1955,6 +1967,9 @@ packages:
  '@types/whatwg-url@11.0.5':
    resolution: {integrity: sha512-coYR071JRaHa+xoEvvYqvnIHaVqaYrLPbsufM9BF63HkwI5Lgmy2QR8Q5K/lYDYo5AK82wOvSOS0UsLTpTG7uQ==}
  '@types/whatwg-url@13.0.0':
    resolution: {integrity: sha512-N8WXpbE6Wgri7KUSvrmQcqrMllKZ9uxkYWMt+mCSGwNc0Hsw9VQTW7ApqI4XNrx6/SaM2QQJCzMPDEXE058s+Q==}
  '@types/which@3.0.4':
    resolution: {integrity: sha512-liyfuo/106JdlgSchJzXEQCVArk0CvevqPote8F8HgWgJ3dRCcTHgJIsLDuee0kxk/mhbInzIZk3QWSZJ8R+2w==}
@@ -2142,6 +2157,10 @@ packages:
    resolution: {integrity: sha512-WIsKqkSC0ABoBJuT1LEX+2HEvNmNKKgnTAyd0fL8qzK4SH2i9NXg+t08YtdZp/V9IZ33cxe3iV4yM0qg8lMQng==}
    engines: {node: '>=16.20.1'}
  bson@7.1.1:
    resolution: {integrity: sha512-TtJgBB+QyOlWjrbM+8bRgH84VM/xrDjyBFgSgGrfZF4xvt6gbEDtcswm27Tn9F9TWsjQybxT8b8VpCP/oJK4Dw==}
    engines: {node: '>=20.19.0'}
  buffer-crc32@0.2.13:
    resolution: {integrity: sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=}
@@ -2570,10 +2589,6 @@ packages:
  fast-json-stable-stringify@2.1.0:
    resolution: {integrity: sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==}
  fast-xml-parser@4.5.2:
    resolution: {integrity: sha512-xmnYV9o0StIz/0ArdzmWTxn9oDy0lH8Z80/8X/TD2EUQKXY4DHxoT9mYBqgGIG17DgddCJtH1M6DriMbalNsAA==}
    hasBin: true
  fast-xml-parser@4.5.3:
    resolution: {integrity: sha512-RKihhV+SHsIUGXObeVy9AXiBbFwkVk7Syp8XgwN5U3JV416+Gwp/GO9i0JYKmikykgz/UHRrrV4ROuZEo/T0ig==}
    hasBin: true
@@ -3098,8 +3113,8 @@ packages:
  lucide@0.563.0:
    resolution: {integrity: sha512-2zBzDJ5n2Plj3d0ksj6h9TWPOSiKu9gtxJxnBAye11X/8gfWied6IYJn6ADYBp1NPoJmgpyOYP3wMrVx69+2AA==}
-  mailauth@4.12.0:
+  mailauth@4.12.1:
-    resolution: {integrity: sha512-2fMtvJBbXV32NlD6f6BSRTLNPsC1UgA+oj4mtAIUzzZlTQF2oNUgWmRQFKf1Ui9ad6KcadF9oqYrl7sCTHBNag==}
+    resolution: {integrity: sha512-mSbMST+YUKj4WAfVvVszw/lnqxYA9AsYX6jYdl9vQdgz1vP5gIMwK6/RcqY+CkMkfkhFzea5+72asj620eAHmQ==}
    engines: {node: '>=18.0.0'}
    hasBin: true
@@ -3344,6 +3359,10 @@ packages:
  mongodb-connection-string-url@3.0.2:
    resolution: {integrity: sha512-rMO7CGo/9BFwyZABcKAWL8UJwH/Kc2x0g72uhDWzG48URRax5TCIcJ7Rc3RZqffZzO/Gwff/jyKwCU9TN8gehA==}
  mongodb-connection-string-url@7.0.1:
    resolution: {integrity: sha512-h0AZ9A7IDVwwHyMxmdMXKy+9oNlF0zFoahHiX3vQ8e3KFcSP3VmsmfvtRSuLPxmyv2vjIDxqty8smTgie/SNRQ==}
    engines: {node: '>=20.19.0'}
  mongodb-memory-server-core@10.4.3:
    resolution: {integrity: sha512-IPjlw73IoSYopnqBibQKxmAXMbOEPf5uGAOsBcaUiNH/TOI7V19WO+K7n5KYtnQ9FqzLGLpvwCGuPOTBSg4s5Q==}
    engines: {node: '>=16.20.1'}
@@ -3379,6 +3398,33 @@ packages:
      socks:
        optional: true
  mongodb@7.0.0:
    resolution: {integrity: sha512-vG/A5cQrvGGvZm2mTnCSz1LUcbOPl83hfB6bxULKQ8oFZauyox/2xbZOoGNl+64m8VBrETkdGCDBdOsCr3F3jg==}
    engines: {node: '>=20.19.0'}
    peerDependencies:
      '@aws-sdk/credential-providers': ^3.806.0
      '@mongodb-js/zstd': ^7.0.0
      gcp-metadata: ^7.0.1
      kerberos: ^7.0.0
      mongodb-client-encryption: '>=7.0.0 <7.1.0'
      snappy: ^7.3.2
      socks: ^2.8.6
    peerDependenciesMeta:
      '@aws-sdk/credential-providers':
        optional: true
      '@mongodb-js/zstd':
        optional: true
      gcp-metadata:
        optional: true
      kerberos:
        optional: true
      mongodb-client-encryption:
        optional: true
      snappy:
        optional: true
      socks:
        optional: true
  ms@2.1.3:
    resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==}
@@ -3430,10 +3476,6 @@ packages:
    resolution: {integrity: sha512-rLvcdSyRCyouf6jcOIPe/BgwG/d7hKjzMKOas33/pHEr6gbq18IK9zV7DiPvzsz0oBJPme6qr6H6kGZuI9/DZg==}
    engines: {node: '>= 6.13.0'}
  nodemailer@7.0.11:
    resolution: {integrity: sha512-gnXhNRE0FNhD7wPSCGhdNh46Hs6nm+uTyg+Kq0cZukNQiYdnCsoQjodNP9BQVG9XrcK/v6/MgpAPBUFyzh9pvw==}
    engines: {node: '>=6.0.0'}
  nodemailer@7.0.13:
    resolution: {integrity: sha512-PNDFSJdP+KFgdsG3ZzMXCgquO7I6McjY2vlqILjtJd0hy8wEvtugS9xKRF2NWlPNGxvLCXlTNIae4serI7dinw==}
    engines: {node: '>=6.0.0'}
@@ -4056,8 +4098,8 @@ packages:
  tldts-core@7.0.21:
    resolution: {integrity: sha512-oVOMdHvgjqyzUZH1rOESgJP1uNe2bVrfK0jUHHmiM2rpEiRbf3j4BrsIc6JigJRbHGanQwuZv/R+LTcHsw+bLA==}
-  tldts@7.0.19:
+  tldts@7.0.21:
-    resolution: {integrity: sha512-8PWx8tvC4jDB39BQw1m4x8y5MH1BcQ5xHeL2n7UVFulMPH/3Q0uiamahFJ3lXA0zO2SUyRXuVVbWSDmstlt9YA==}
+    resolution: {integrity: sha512-Plu6V8fF/XU6d2k8jPtlQf5F4Xx2hAin4r2C2ca7wR8NK5MbRTo9huLUWRe28f3Uk8bYZfg74tit/dSjc18xnw==}
    hasBin: true
  tmp@0.0.33:
@@ -4155,8 +4197,8 @@ packages:
  undici-types@7.16.0:
    resolution: {integrity: sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==}
-  undici@7.16.0:
+  undici@7.19.2:
-    resolution: {integrity: sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g==}
+    resolution: {integrity: sha512-4VQSpGEGsWzk0VYxyB/wVX/Q7qf9t5znLRgs0dzszr9w9Fej/8RVNQ+S20vdXSAyra/bJ7ZQfGv6ZMj7UEbzSg==}
    engines: {node: '>=20.18.1'}
  unified@11.0.5:
@@ -4430,7 +4472,7 @@ snapshots:
      '@api.global/typedrequest-interfaces': 3.0.19
      '@api.global/typedsocket': 4.1.0(@push.rocks/smartserve@2.0.1)
      '@cloudflare/workers-types': 4.20260131.0
-      '@design.estate/dees-catalog': 3.41.5(@tiptap/pm@2.27.2)
+      '@design.estate/dees-catalog': 3.42.0(@tiptap/pm@2.27.2)
      '@design.estate/dees-comms': 1.0.30
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
@@ -5032,7 +5074,7 @@ snapshots:
    dependencies:
      '@api.global/typedrequest-interfaces': 3.0.19
-  '@design.estate/dees-catalog@3.41.5(@tiptap/pm@2.27.2)':
+  '@design.estate/dees-catalog@3.42.0(@tiptap/pm@2.27.2)':
    dependencies:
      '@design.estate/dees-domtools': 2.3.8
      '@design.estate/dees-element': 2.1.6
@@ -5085,7 +5127,7 @@ snapshots:
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrouter': 1.3.3
      '@push.rocks/smartrx': 3.0.10
-      '@push.rocks/smartstate': 2.0.27
+      '@push.rocks/smartstate': 2.0.30
      '@push.rocks/smartstring': 4.1.0
      '@push.rocks/smarturl': 3.1.0
      '@push.rocks/webrequest': 3.0.37
@@ -6047,6 +6089,35 @@ snapshots:
      - supports-color
      - vue
  '@push.rocks/smartdata@7.0.15(socks@2.8.7)':
    dependencies:
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartlog': 3.1.10
      '@push.rocks/smartmongo': 2.2.0(socks@2.8.7)
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/smartstring': 4.1.0
      '@push.rocks/smarttime': 4.1.1
      '@push.rocks/smartunique': 3.0.9
      '@push.rocks/taskbuffer': 3.5.0
      '@tsclass/tsclass': 9.3.0
      mongodb: 7.0.0(socks@2.8.7)
    transitivePeerDependencies:
      - '@aws-sdk/credential-providers'
      - '@mongodb-js/zstd'
      - '@nuxt/kit'
      - bare-abort-controller
      - gcp-metadata
      - kerberos
      - mongodb-client-encryption
      - react
      - react-native-b4a
      - snappy
      - socks
      - supports-color
      - vue
  '@push.rocks/smartdelay@3.0.5':
    dependencies:
      '@push.rocks/smartpromise': 4.2.3
@@ -6203,6 +6274,13 @@ snapshots:
      fast-json-stable-stringify: 2.1.0
      lodash.clonedeep: 4.5.0
  '@push.rocks/smartjson@6.0.0':
    dependencies:
      '@push.rocks/smartenv': 6.0.0
      '@push.rocks/smartstring': 4.1.0
      fast-json-stable-stringify: 2.1.0
      lodash.clonedeep: 4.5.0
  '@push.rocks/smartjwt@2.2.1':
    dependencies:
      '@push.rocks/smartcrypto': 2.0.4
@@ -6317,6 +6395,32 @@ snapshots:
      - supports-color
      - vue
  '@push.rocks/smartmongo@5.1.0(socks@2.8.7)':
    dependencies:
      '@push.rocks/mongodump': 1.1.0(socks@2.8.7)
      '@push.rocks/smartdata': 5.16.7(socks@2.8.7)
      '@push.rocks/smartfs': 1.3.1
      '@push.rocks/smartpath': 5.1.0
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      bson: 6.10.4
      mingo: 7.2.0
      mongodb-memory-server: 10.4.3(socks@2.8.7)
    transitivePeerDependencies:
      - '@aws-sdk/credential-providers'
      - '@mongodb-js/zstd'
      - '@nuxt/kit'
      - bare-abort-controller
      - gcp-metadata
      - kerberos
      - mongodb-client-encryption
      - react
      - react-native-b4a
      - snappy
      - socks
      - supports-color
      - vue
  '@push.rocks/smartmustache@3.0.2':
    dependencies:
      handlebars: 4.7.8
@@ -6580,11 +6684,11 @@ snapshots:
    transitivePeerDependencies:
      - supports-color
-  '@push.rocks/smartstate@2.0.27':
+  '@push.rocks/smartstate@2.0.30':
    dependencies:
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smarthash': 3.2.6
-      '@push.rocks/smartjson': 5.2.0
+      '@push.rocks/smartjson': 6.0.0
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/webstore': 2.0.20
@@ -7607,6 +7711,10 @@ snapshots:
    dependencies:
      '@types/webidl-conversions': 7.0.3
  '@types/whatwg-url@13.0.0':
    dependencies:
      '@types/webidl-conversions': 7.0.3
  '@types/which@3.0.4': {}
  '@types/wrap-ansi@3.0.0': {}
@@ -7804,6 +7912,8 @@ snapshots:
  bson@6.10.4: {}
  bson@7.1.1: {}
  buffer-crc32@0.2.13: {}
  buffer-equal-constant-time@1.0.1: {}
@@ -8267,10 +8377,6 @@ snapshots:
  fast-json-stable-stringify@2.1.0: {}
  fast-xml-parser@4.5.2:
    dependencies:
      strnum: 1.1.2
  fast-xml-parser@4.5.3:
    dependencies:
      strnum: 1.1.2
@@ -8875,17 +8981,17 @@ snapshots:
  lucide@0.563.0: {}
-  mailauth@4.12.0:
+  mailauth@4.12.1:
    dependencies:
      '@postalsys/vmc': 1.1.2
-      fast-xml-parser: 4.5.2
+      fast-xml-parser: 5.3.4
      ipaddr.js: 2.3.0
      joi: 18.0.2
      libmime: 5.3.7
-      nodemailer: 7.0.11
+      nodemailer: 7.0.13
      punycode.js: 2.3.1
-      tldts: 7.0.19
+      tldts: 7.0.21
-      undici: 7.16.0
+      undici: 7.19.2
      yargs: 17.7.2
  mailparser@3.9.3:
@@ -9315,6 +9421,11 @@ snapshots:
      '@types/whatwg-url': 11.0.5
      whatwg-url: 14.2.0
  mongodb-connection-string-url@7.0.1:
    dependencies:
      '@types/whatwg-url': 13.0.0
      whatwg-url: 14.2.0
  mongodb-memory-server-core@10.4.3(socks@2.8.7):
    dependencies:
      async-mutex: 0.5.0
@@ -9365,6 +9476,14 @@ snapshots:
    optionalDependencies:
      socks: 2.8.7
  mongodb@7.0.0(socks@2.8.7):
    dependencies:
      '@mongodb-js/saslprep': 1.4.5
      bson: 7.1.1
      mongodb-connection-string-url: 7.0.1
    optionalDependencies:
      socks: 2.8.7
  ms@2.1.3: {}
  mute-stream@1.0.0: {}
@@ -9397,8 +9516,6 @@ snapshots:
  node-forge@1.3.3: {}
  nodemailer@7.0.11: {}
  nodemailer@7.0.13: {}
  normalize-newline@4.1.0:
@@ -10196,7 +10313,7 @@ snapshots:
  tldts-core@7.0.21: {}
-  tldts@7.0.19:
+  tldts@7.0.21:
    dependencies:
      tldts-core: 7.0.21
@@ -10273,7 +10390,7 @@ snapshots:
  undici-types@7.16.0: {}
-  undici@7.16.0: {}
+  undici@7.19.2: {}
  unified@11.0.5:
    dependencies:
--- a/readme.hints.md
+++ b/readme.hints.md
@@ -1264,4 +1264,56 @@ Login state was using `'soft'` mode in Smartstate which is memory-only:
 2. `ts/opsserver/handlers/admin.handler.ts`: JWT expiry changed from 7 days to 24 hours
 3. `ts_web/elements/ops-dashboard.ts`: Added JWT expiry check on session restore
   - Validates stored JWT hasn't expired before auto-logging in
-   - Clears expired sessions and shows login form
+   - Clears expired sessions and shows login form
 ## Config UI Read-Only Conversion (2026-02-03)
 ### Overview
 The configuration UI has been converted from an editable interface to a read-only display. DcRouter is configured through code or remotely, not through the UI.
 ### Changes Made
 1. **Backend (`ts/opsserver/handlers/config.handler.ts`)**:
   - Removed `updateConfiguration` handler
   - Removed `updateConfiguration()` private method
   - Kept `getConfiguration` handler (read-only)
 2. **Interfaces (`ts_interfaces/requests/config.ts`)**:
   - Removed `IReq_UpdateConfiguration` interface
   - Kept `IReq_GetConfiguration` interface
 3. **Frontend (`ts_web/elements/ops-view-config.ts`)**:
   - Removed `editingSection` and `editedConfig` state properties
   - Removed `startEdit()`, `cancelEdit()`, `saveConfig()` methods
   - Removed Edit/Save/Cancel buttons
   - Removed warning banner about immediate changes
   - Enhanced read-only display with:
     - Status badges for boolean values (enabled/disabled)
     - Array display as pills/tags with counts
     - Section icons (mail, globe, network, shield)
     - Better formatting for numbers and byte sizes
     - Empty state handling ("Not configured", "None configured")
     - Info note explaining configuration is read-only
 4. **State Management (`ts_web/appstate.ts`)**:
   - Removed `updateConfigurationAction`
   - Kept `fetchConfigurationAction` (read-only)
 5. **Tests (`test/test.protected-endpoint.ts`)**:
   - Replaced `updateConfiguration` tests with `verifyIdentity` tests
   - Added test for read-only config access
   - Kept auth flow testing with different protected endpoint
 6. **Documentation**:
   - `readme.md`: Updated API endpoints to show config as read-only
   - `ts_web/readme.md`: Removed `updateConfigurationAction` from actions list
   - `ts_interfaces/readme.md`: Removed `IReq_UpdateConfiguration` from table
 ### Visual Display Features
 - Boolean values shown as colored badges (green=enabled, red=disabled)
 - Arrays displayed as pills with count summaries
 - Section headers with relevant Lucide icons
 - Numbers formatted with locale separators
 - Byte sizes auto-formatted (B, KB, MB, GB)
 - Time values shown with "seconds" suffix
 - Nested objects with visual indentation
--- a/readme.md
+++ b/readme.md
@@ -1,10 +1,14 @@
-# dcrouter
+# @serve.zone/dcrouter
 ![](https://code.foss.global/serve.zone/docs/raw/branch/main/dcrouter.png)
-**dcrouter: a traffic router intended to be gating your datacenter.**
+**dcrouter: A powerful traffic router designed to be the gateway for your datacenter.** 🚀
-A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), and DNS protocols. Designed for enterprises requiring robust traffic management, automatic certificate provisioning, and enterprise-grade email infrastructure.
+A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), DNS protocols, and RADIUS authentication. Designed for enterprises requiring robust traffic management, automatic certificate provisioning, and enterprise-grade email infrastructure.
 ## Issue Reporting and Security
 For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 ## Table of Contents
@@ -13,11 +17,16 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
 - [Quick Start](#quick-start)
 - [Architecture](#architecture)
 - [Configuration](#configuration)
 - [Socket-Handler Mode](#socket-handler-mode)
 - [Email System](#email-system)
 - [SmartProxy Routing](#smartproxy-routing)
 - [RADIUS Server](#radius-server)
 - [Storage System](#storage-system)
 - [Security Features](#security-features)
 - [OpsServer Dashboard](#opsserver-dashboard)
 - [API Reference](#api-reference)
 - [Examples](#examples)
 - [Testing](#testing)
 - [Troubleshooting](#troubleshooting)
 ## Features
@@ -36,14 +45,16 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
 ### 📧 **Complete Email Infrastructure**
 - **Multi-domain SMTP server** on standard ports (25, 587, 465)
- **Pattern-based email routing** with three processing modes
+- **Pattern-based email routing** with four processing modes (forward, process, deliver, reject)
 - **DKIM, SPF, DMARC** authentication and verification
 - **Enterprise deliverability** with IP warmup and reputation management
 - **Bounce handling** with suppression lists
 ### 📡 **RADIUS Server**
 - **MAC Authentication Bypass (MAB)** for network device authentication
 - **VLAN assignment** based on MAC address or OUI patterns
 - **RADIUS accounting** for session tracking and billing
 - **OpsServer API integration** for real-time management
 ### ⚡ **High Performance**
 - **Connection pooling** and efficient resource management
@@ -57,10 +68,18 @@ A comprehensive traffic routing solution that provides unified gateway capabilit
 - **Automatic data migration** between backends
 - **Persistent configuration** for domains, routes, and security data
 ### 🖥️ **OpsServer Dashboard**
 - **Web-based management interface** for real-time monitoring
 - **JWT authentication** with secure admin access
 - **Live statistics** for connections, email, DNS, and RADIUS
 - **Configuration management** via TypedRequest API
 ## Installation
 ```bash
 npm install @serve.zone/dcrouter --save
 # or
 pnpm add @serve.zone/dcrouter
 ```
 ### Prerequisites
@@ -134,6 +153,30 @@ const router = new DcRouter({
 await router.start();
 ```
 ### With OpsServer Dashboard
 ```typescript
 import { DcRouter } from '@serve.zone/dcrouter';
 const router = new DcRouter({
  // Enable OpsServer for web dashboard
  opsServerConfig: {
    port: 3000,
    admin: {
      username: 'admin',
      password: 'your-secure-password'
    }
  },
  // Your routing configuration...
  smartProxyConfig: { /* ... */ },
  emailConfig: { /* ... */ }
 });
 await router.start();
 // Dashboard available at http://localhost:3000
 ```
 ## Architecture
 ### System Overview
@@ -145,38 +188,44 @@ graph TB
        SMTP[SMTP Clients]
        TCP[TCP Clients]
        DNS[DNS Queries]
        RADIUS[RADIUS Clients]
    end
-    
+
    subgraph "DcRouter Core"
        DcRouter[DcRouter Orchestrator]
        SmartProxy[SmartProxy Engine]
        EmailServer[Unified Email Server]
        DnsServer[DNS Server]
        RadiusServer[RADIUS Server]
        CertManager[Certificate Manager]
        OpsServer[OpsServer Dashboard]
    end
-    
+
    subgraph "Backend Services"
        WebServices[Web Services]
        MailServers[Mail Servers]
        Databases[Databases]
        APIs[Internal APIs]
    end
-    
+
    HTTP --> SmartProxy
    TCP --> SmartProxy
    SMTP --> EmailServer
    DNS --> DnsServer
-    
+    RADIUS --> RadiusServer
    DcRouter --> SmartProxy
    DcRouter --> EmailServer
    DcRouter --> DnsServer
    DcRouter --> RadiusServer
    DcRouter --> CertManager
-    
+    DcRouter --> OpsServer
    SmartProxy --> WebServices
    SmartProxy --> APIs
    EmailServer --> MailServers
    EmailServer --> Databases
-    
+
    CertManager -.-> SmartProxy
    CertManager -.-> EmailServer
 ```
@@ -197,12 +246,30 @@ High-performance HTTP/HTTPS and TCP/SNI proxy with:
 Enterprise-grade SMTP server with:
 - Multi-domain support
 - Pattern-based routing
- Three processing modes
+- Four processing modes (forward, process, deliver, reject)
- Complete authentication stack
+- Complete authentication stack (DKIM, SPF, DMARC)
 #### **DNS Server**
 Authoritative DNS server with:
 - Dynamic record management
 - DNS-over-HTTPS (DoH) support
 - ACME DNS-01 challenge handling
 #### **RADIUS Server**
 Network authentication server with:
 - MAC Authentication Bypass (MAB)
 - VLAN assignment
 - Accounting support
 #### **Certificate Manager**
 Automatic TLS certificate provisioning via ACME with DNS-01 challenges.
 #### **OpsServer Dashboard**
 Web-based management interface with:
 - JWT-secured API
 - Real-time statistics
 - Configuration management
 ## Configuration
 ### Complete Configuration Interface
@@ -215,46 +282,67 @@ interface IDcRouterOptions {
    acme?: IAcmeConfig;
    allowSessionTicket?: boolean;
  };
-  
+
  // Email system configuration
  emailConfig?: {
    ports: number[];
    hostname: string;
    domains?: IEmailDomainConfig[];  // Domain infrastructure setup
-    routes: IEmailRoute[];          // Route-based email handling
+    routes: IEmailRoute[];           // Route-based email handling
    auth?: IAuthConfig;
    tls?: ITlsConfig;
    maxMessageSize?: number;
    rateLimits?: IRateLimitConfig;
-    useSocketHandler?: boolean;     // Enable socket-handler mode (no port binding)
+    useSocketHandler?: boolean;      // Enable socket-handler mode (no port binding)
-    defaults?: {                    // Global defaults for all domains
+    defaults?: {                     // Global defaults for all domains
      dnsMode?: 'forward' | 'internal-dns' | 'external-dns';
      dkim?: IDkimConfig;
      rateLimits?: IRateLimitConfig;
    };
  };
-  
+
  // DNS server configuration
  dnsServerConfig?: {
    port?: number;
    authoritative?: boolean;
    records?: IDnsRecord[];
  };
-  
+
  // DNS domain for automatic DNS-over-HTTPS setup
  dnsDomain?: string;               // e.g., 'dns.example.com'
-  
+
  // DNS nameserver domains (enables authoritative DNS)
  dnsNsDomains?: string[];          // e.g., ['ns1.example.com', 'ns2.example.com']
  // RADIUS server configuration
  radiusConfig?: {
    port?: number;
    secret: string;
    clients?: IRadiusClient[];
    macAuth?: IMacAuthConfig;
    vlanAssignment?: IVlanAssignment[];
  };
  // OpsServer configuration
  opsServerConfig?: {
    port?: number;
    admin: {
      username: string;
      password: string;
    };
  };
  // TLS and certificate configuration
  tls?: {
    contactEmail: string;
    domain: string;
  };
-  
+
  // DNS challenge configuration
  dnsChallenge?: {
    cloudflareApiKey: string;
  };
-  
+
  // Storage configuration
  storage?: {
    fsPath?: string;                  // Filesystem storage path
@@ -489,7 +577,7 @@ Reject emails with custom SMTP responses.
 ```typescript
 {
  name: 'reject-spam',
-  match: { 
+  match: {
    senders: '*@spam-domain.com',
    sizeRange: { min: 1000000 } // > 1MB
  },
@@ -526,7 +614,7 @@ Route different domains to different servers:
  name: 'partner-domain',
  match: { recipients: '*@partner.com' },
  action: {
-    type: 'forward', 
+    type: 'forward',
    forward: { host: 'partner-mail.com', port: 587 }
  }
 }
@@ -553,30 +641,6 @@ Different handling for authenticated vs unauthenticated senders:
 }
 ```
 #### **Content-Based Filtering**
 Filter based on size, subject, or headers:
 ```typescript
 {
  name: 'large-email-reject',
  match: { sizeRange: { min: 25000000 } }, // > 25MB
  action: {
    type: 'reject',
    reject: { code: 552, message: 'Message too large' }
  }
 },
 {
  name: 'priority-emails',
  match: { 
    headers: { 'X-Priority': 'high' },
    subject: /urgent|emergency/i
  },
  action: {
    type: 'process',
    process: { queue: 'priority' }
  }
 }
 ```
 ### Email Security Features
 #### **Route Matching Patterns**
@@ -593,7 +657,7 @@ match: { clientIp: '192.168.0.0/16' }        // Private subnet
 match: { clientIp: ['10.0.0.0/8', '172.16.0.0/12'] } // Multiple ranges
 // Header matching
-match: { 
+match: {
  headers: {
    'X-Priority': 'high',
    'Subject': /urgent|emergency/i
@@ -652,7 +716,7 @@ const routes = [
      }
    }
  },
-  
+
  // Static file serving
  {
    name: 'static-assets',
@@ -690,7 +754,7 @@ const tcpRoutes = [
      }
    }
  },
-  
+
  // SNI-based routing for TLS services
  {
    name: 'secure-service',
@@ -709,6 +773,72 @@ const tcpRoutes = [
 ];
 ```
 ## RADIUS Server
 DcRouter includes a RADIUS server for network access control:
 ### Basic RADIUS Configuration
 ```typescript
 const router = new DcRouter({
  radiusConfig: {
    port: 1812,
    secret: 'your-radius-secret',
    clients: [
      {
        name: 'switch-1',
        ip: '192.168.1.1',
        secret: 'client-secret'
      }
    ]
  }
 });
 ```
 ### MAC Authentication Bypass (MAB)
 ```typescript
 const router = new DcRouter({
  radiusConfig: {
    port: 1812,
    secret: 'radius-secret',
    macAuth: {
      enabled: true,
      allowedMacs: [
        'aa:bb:cc:dd:ee:ff',
        'aa:bb:cc:*'  // Wildcard for OUI matching
      ],
      defaultVlan: 100,
      guestVlan: 999
    }
  }
 });
 ```
 ### VLAN Assignment
 ```typescript
 const router = new DcRouter({
  radiusConfig: {
    secret: 'radius-secret',
    vlanAssignment: [
      {
        match: { mac: 'aa:bb:cc:*' },  // Vendor OUI match
        vlan: 100
      },
      {
        match: { mac: 'dd:ee:ff:*' },
        vlan: 200
      },
      {
        match: { default: true },
        vlan: 999  // Guest VLAN
      }
    ]
  }
 });
 ```
 ## Storage System
 ### StorageManager
@@ -756,31 +886,6 @@ The storage system is used for:
 - **IP Reputation**: `/security/ip-reputation/{ip}.json`
 - **Domain Configs**: `/email/domains/{domain}.json`
 ### Data Migration
 Migrate data between storage backends:
 ```typescript
 import { StorageManager } from '@serve.zone/dcrouter';
 // Export from filesystem
 const fsStorage = new StorageManager({ fsPath: './data' });
 const keys = await fsStorage.list('/');
 const data = {};
 for (const key of keys) {
  data[key] = await fsStorage.get(key);
 }
 // Import to cloud storage
 const cloudStorage = new StorageManager({
  readFunction: cloudRead,
  writeFunction: cloudWrite
 });
 for (const [key, value] of Object.entries(data)) {
  await cloudStorage.set(key, value);
 }
 ```
 ## Security Features
 ### IP Reputation Checking
@@ -801,21 +906,57 @@ if (result.isBlocked) {
 }
 ```
-### Content Security Scanner
+### Rate Limiting
 ```typescript
-import { ContentScanner } from '@serve.zone/dcrouter';
+const router = new DcRouter({
-
+  emailConfig: {
-const scanner = new ContentScanner({
+    rateLimits: {
-  spamThreshold: 5.0,
+      inbound: {
-  virusScanning: true,
+        messagesPerMinute: 100,
-  attachmentFiltering: {
+        connectionsPerIp: 10,
-    maxSize: 25 * 1024 * 1024,
+        recipientsPerMessage: 50
-    blockedTypes: ['.exe', '.bat', '.scr']
+      },
      outbound: {
        messagesPerHour: 1000,
        messagesPerDay: 10000
      }
    }
  }
 });
 ```
-const scanResult = await scanner.scanEmail(email);
+## OpsServer Dashboard
 The OpsServer provides a web-based management interface:
 ### Features
 - **Real-time Statistics**: View connections, email throughput, DNS queries, RADIUS sessions
 - **Configuration Display**: View current configuration (read-only)
 - **Log Viewer**: Access system logs with filtering
 - **Security Dashboard**: Monitor threats and blocked connections
 ### API Endpoints
 The OpsServer exposes TypedRequest endpoints:
 ```typescript
 // Health check
 POST /typedrequest { method: 'getHealthStatus' }
 // Server statistics
 POST /typedrequest { method: 'getServerStatistics' }
 // Configuration (read-only)
 POST /typedrequest { method: 'getConfiguration' }
 // Logs
 POST /typedrequest { method: 'getLogs', data: { level: 'info', limit: 100 } }
 // RADIUS
 POST /typedrequest { method: 'getRadiusSessions' }
 POST /typedrequest { method: 'getRadiusClients' }
 ```
 ## API Reference
@@ -830,7 +971,7 @@ constructor(options: IDcRouterOptions)
 #### Methods
 ##### `start(): Promise<void>`
-Starts all configured services (SmartProxy, email server, DNS server).
+Starts all configured services (SmartProxy, email server, DNS server, RADIUS server, OpsServer).
 ##### `stop(): Promise<void>`
 Gracefully stops all services.
@@ -863,9 +1004,6 @@ const status = router.emailService.getEmailStatus(emailId);
 console.log(status.status); // 'pending', 'sent', 'delivered', 'bounced'
 ```
 #### `getDeliveryReport(emailId: string): IDeliveryReport`
 Detailed delivery information including bounce reasons and tracking data.
 ## Examples
 ### Complete Enterprise Setup
@@ -874,6 +1012,15 @@ Detailed delivery information including bounce reasons and tracking data.
 import { DcRouter } from '@serve.zone/dcrouter';
 const router = new DcRouter({
  // OpsServer dashboard
  opsServerConfig: {
    port: 3000,
    admin: {
      username: 'admin',
      password: process.env.ADMIN_PASSWORD
    }
  },
  // HTTP/HTTPS routing
  smartProxyConfig: {
    routes: [
@@ -888,7 +1035,7 @@ const router = new DcRouter({
          tls: { mode: 'terminate', certificate: 'auto' }
        }
      },
-      
+
      // API services
      {
        name: 'api',
@@ -899,20 +1046,9 @@ const router = new DcRouter({
          targets: [{ host: '192.168.1.20', port: 8080 }],
          tls: { mode: 'terminate', certificate: 'auto' }
        }
      },
      // Internal services
      {
        name: 'internal',
        match: { ports: [{ from: 8000, to: 8999 }] },
        action: {
          type: 'forward',
          targets: [{ host: '192.168.1.30', port: 'preserve' }],
          security: { ipAllowList: ['192.168.0.0/16'] }
        }
      }
    ],
-    
+
    // ACME certificate automation
    acme: {
      email: 'ssl@example.com',
@@ -921,12 +1057,12 @@ const router = new DcRouter({
      autoRenew: true
    }
  },
-  
+
  // Enterprise email system
  emailConfig: {
    ports: [25, 587, 465],
    hostname: 'mail.example.com',
-    
+
    // Domain configuration
    domains: [
      {
@@ -936,28 +1072,9 @@ const router = new DcRouter({
          selector: 'mail',
          rotateKeys: true
        }
      },
      {
        domain: 'notifications.example.com',
        dnsMode: 'internal-dns',
        rateLimits: {
          outbound: { messagesPerHour: 10000 }
        }
      }
    ],
-    
+
    // Authentication configuration
    auth: {
      required: true,
      methods: ['PLAIN', 'LOGIN']
    },
    // TLS configuration
    tls: {
      keyPath: './certs/mail-key.pem',
      certPath: './certs/mail-cert.pem'
    },
    // Email routing rules
    routes: [
      // Relay from office network
@@ -967,68 +1084,55 @@ const router = new DcRouter({
        match: { clientIp: '192.168.0.0/16' },
        action: {
          type: 'forward',
-          forward: {
+          forward: { host: 'internal-mail.example.com', port: 25 }
            host: 'internal-mail.example.com',
            port: 25
          }
        }
      },
-      
+
-      // Transactional emails via processing
+      // Process transactional emails
      {
        name: 'notifications',
        priority: 50,
        match: { recipients: '*@notifications.example.com' },
        action: {
          type: 'process',
-          process: {
+          process: { scan: true, dkim: true, queue: 'priority' }
            scan: true,
            dkim: true,
            queue: 'priority'
          }
        }
      },
-      
+
      // Internal emails forwarded to Exchange
      {
        name: 'internal-mail',
        priority: 25,
        match: { recipients: '*@example.com' },
        action: {
          type: 'forward',
          forward: {
            host: 'exchange.internal.example.com',
            port: 25
          }
        }
      },
      // Default reject
      {
        name: 'default-reject',
        match: { recipients: '*' },
        action: {
          type: 'reject',
-          reject: {
+          reject: { code: 550, message: 'Relay denied' }
            code: 550,
            message: 'Relay denied'
          }
        }
      }
    ]
  },
-  
+
  // RADIUS for network devices
  radiusConfig: {
    port: 1812,
    secret: process.env.RADIUS_SECRET,
    macAuth: {
      enabled: true,
      defaultVlan: 100,
      guestVlan: 999
    }
  },
  // DNS server for ACME challenges
  dnsServerConfig: {
    port: 53,
    authoritative: true
  },
-  
+
  // Cloudflare DNS challenges
  dnsChallenge: {
    cloudflareApiKey: process.env.CLOUDFLARE_API_KEY
  },
-  
+
  // Persistent storage
  storage: {
    fsPath: '/var/lib/dcrouter/data'
@@ -1047,33 +1151,33 @@ setInterval(() => {
 }, 60000);
 ```
-### Email Template System
+## Testing
-```typescript
+### Comprehensive Test Suite
 import { EmailService, TemplateManager } from '@serve.zone/dcrouter';
-// Setup email templates
+DcRouter includes a comprehensive test suite with 195 test files covering all aspects of the system:
 const templateManager = new TemplateManager();
 templateManager.addTemplate('welcome', {
  subject: 'Welcome to {{company}}!',
  html: `
    <h1>Welcome {{name}}!</h1>
    <p>Thank you for joining {{company}}.</p>
    <p>Your account: {{email}}</p>
  `,
  text: 'Welcome {{name}}! Thank you for joining {{company}}.'
 });
-// Send templated email
+#### SMTP Protocol Tests
-const emailService = new EmailService(router);
+- **Commands**: EHLO, HELO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT, VRFY, EXPN, HELP
-await emailService.sendTemplatedEmail('welcome', {
+- **Extensions**: SIZE, PIPELINING, STARTTLS
-  to: 'user@example.com',
+- **Connection Management**: TLS/plain connections, timeouts, limits, rejection handling
-  templateData: {
+- **Error Handling**: Syntax errors, invalid sequences, temporary/permanent failures
-    name: 'John Doe',
+- **Email Processing**: Basic sending, multiple recipients, large emails, invalid addresses
-    company: 'Example Corp',
+- **Security**: Authentication, rate limiting
-    email: 'user@example.com'
+- **Performance**: Throughput testing
-  }
+- **Edge Cases**: Very large emails, special characters
-});
+
 #### Running Tests
 ```bash
 # Run all tests
 pnpm test
 # Run specific test categories
 tsx test/suite/smtpserver_commands/test.cmd-01.ehlo-command.ts
 # Run with verbose output
 tstest test/test.integration.ts --verbose
 ```
 ## Troubleshooting
@@ -1109,25 +1213,6 @@ dig TXT your-domain.com
 - Test CIDR notation: `192.168.0.0/16` includes all 192.168.x.x addresses
 - Confirm authentication state matches your expectations
 **Common Route Patterns**
 ```typescript
 // Debug route to log all traffic
 {
  name: 'debug-all',
  priority: 1000,
  match: { recipients: '*' },
  action: { type: 'process', process: { scan: false } }
 }
 // Catch-all reject (should be lowest priority)
 {
  name: 'default-reject',
  priority: 0,
  match: { recipients: '*' },
  action: { type: 'reject', reject: { code: 550, message: 'No route' } }
 }
 ```
 #### DNS Issues
 ```bash
 # Test DNS server
@@ -1137,32 +1222,6 @@ dig @your-server.com your-domain.com
 dig your-domain.com @8.8.8.8
 ```
 ### Logging and Monitoring
 ```typescript
 import { SmartLog } from '@push.rocks/smartlog';
 // Configure logging
 const logger = new SmartLog({
  level: 'info',
  transport: 'console'
 });
 // Monitor email events
 router.emailServer.on('emailReceived', (email) => {
  logger.log('info', `Email received: ${email.from} -> ${email.to}`);
 });
 router.emailServer.on('emailSent', (result) => {
  logger.log('info', `Email sent: ${result.messageId} (${result.status})`);
 });
 // Monitor proxy events
 router.smartProxy.on('connectionEstablished', (connection) => {
  logger.log('info', `Connection: ${connection.clientIp} -> ${connection.target}`);
 });
 ```
 ### Performance Tuning
 ```typescript
@@ -1170,14 +1229,14 @@ const performanceConfig = {
  // Connection limits
  maxConnections: 1000,
  connectionTimeout: 30000,
-  
+
  // Email queue settings
  emailQueue: {
    concurrency: 10,
    maxRetries: 3,
    retryDelay: 300000
  },
-  
+
  // Cache settings
  cache: {
    ipReputation: { ttl: 3600000 }, // 1 hour
@@ -1187,60 +1246,23 @@ const performanceConfig = {
 };
 ```
-## License
+## License and Legal Information
-MIT License - see LICENSE file for details.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file.
-## Testing
+**Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
-### Comprehensive Test Suite
+### Trademarks
-DcRouter includes a comprehensive test suite covering all aspects of the system:
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
-#### SMTP Protocol Tests
+Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
 - **Commands**: EHLO, HELO, MAIL FROM, RCPT TO, DATA, RSET, NOOP, QUIT, VRFY, EXPN, HELP
 - **Extensions**: SIZE, PIPELINING, STARTTLS
 - **Connection Management**: TLS/plain connections, timeouts, limits, rejection handling
 - **Error Handling**: Syntax errors, invalid sequences, temporary/permanent failures
 - **Email Processing**: Basic sending, multiple recipients, large emails, invalid addresses
 - **Security**: Authentication, rate limiting
 - **Performance**: Throughput testing
 - **Edge Cases**: Very large emails, special characters
-#### Storage and Configuration Tests
+### Company Information
 - **Storage Manager**: All backend types (filesystem, custom, memory)
 - **Integration**: Component storage usage and persistence
 - **DNS Validation**: All DNS modes (forward, internal, external)
 - **DNS Mode Switching**: Dynamic configuration changes
 - **Data Migration**: Moving data between storage backends
-#### Running Tests
+Task Venture Capital GmbH
 Registered at District Court Bremen HRB 35230 HB, Germany
-```bash
+For any legal inquiries or further information, please contact us via email at hello@task.vc.
 # Run all tests
 pnpm test
-# Run specific test categories
+By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
 tsx test/suite/commands/test.ehlo-command.ts
 tsx test/suite/connection/test.tls-connection.ts
 tsx test/suite/email-processing/test.basic-email.ts
 # Run with verbose output
 tstest test/suite/security/test.authentication.ts --verbose
 ```
 ### Test Infrastructure
 The test suite uses a self-contained pattern where each test:
 1. Starts its own SMTP server instance
 2. Runs comprehensive test scenarios
 3. Cleans up all resources
 4. Provides detailed logging for debugging
 This ensures tests are isolated, reliable, and can run in parallel.
 ## Support
 - Documentation: [https://docs.serve.zone/dcrouter](https://docs.serve.zone/dcrouter)
 - Issues: [https://github.com/serve-zone/dcrouter/issues](https://github.com/serve-zone/dcrouter/issues)
 - Community: [https://community.serve.zone](https://community.serve.zone)
--- a/test/test.protected-endpoint.ts
+++ b/test/test.protected-endpoint.ts
@@ -10,7 +10,7 @@ tap.test('should start DCRouter with OpsServer', async () => {
  testDcRouter = new DcRouter({
    // Minimal config for testing
  });
-  
+
  await testDcRouter.start();
  expect(testDcRouter.opsServer).toBeInstanceOf(Object);
 });
@@ -20,49 +20,40 @@ tap.test('should login as admin', async () => {
    'http://localhost:3000/typedrequest',
    'adminLoginWithUsernameAndPassword'
  );
-  
+
  const response = await loginRequest.fire({
    username: 'admin',
    password: 'admin'
  });
-  
+
  expect(response).toHaveProperty('identity');
  adminIdentity = response.identity;
  console.log('Admin logged in with JWT');
 });
-tap.test('should allow admin to update configuration', async () => {
+tap.test('should allow admin to verify identity', async () => {
-  const updateRequest = new TypedRequest<interfaces.requests.IReq_UpdateConfiguration>(
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
-    'updateConfiguration'
+    'verifyIdentity'
  );
-  
+
-  const response = await updateRequest.fire({
+  const response = await verifyRequest.fire({
    identity: adminIdentity,
    section: 'security',
    config: {
      rateLimit: true,
      spamDetection: true
    }
  });
-  
+
-  expect(response).toHaveProperty('updated');
+  expect(response).toHaveProperty('valid');
-  expect(response.updated).toBeTrue();
+  expect(response.valid).toBeTrue();
  console.log('Admin identity verified successfully');
 });
-tap.test('should reject configuration update without identity', async () => {
+tap.test('should reject verify identity without identity', async () => {
-  const updateRequest = new TypedRequest<interfaces.requests.IReq_UpdateConfiguration>(
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
-    'updateConfiguration'
+    'verifyIdentity'
  );
-  
+
  try {
-    await updateRequest.fire({
+    await verifyRequest.fire({} as any);
      section: 'security',
      config: {
        rateLimit: false
      }
    });
    expect(true).toBeFalse(); // Should not reach here
  } catch (error) {
    expect(error).toBeTruthy();
@@ -70,22 +61,18 @@ tap.test('should reject configuration update without identity', async () => {
  }
 });
-tap.test('should reject configuration update with invalid JWT', async () => {
+tap.test('should reject verify identity with invalid JWT', async () => {
-  const updateRequest = new TypedRequest<interfaces.requests.IReq_UpdateConfiguration>(
+  const verifyRequest = new TypedRequest<interfaces.requests.IReq_VerifyIdentity>(
    'http://localhost:3000/typedrequest',
-    'updateConfiguration'
+    'verifyIdentity'
  );
-  
+
  try {
-    await updateRequest.fire({
+    await verifyRequest.fire({
      identity: {
        ...adminIdentity,
        jwt: 'invalid.jwt.token'
      },
      section: 'security',
      config: {
        rateLimit: false
      }
    });
    expect(true).toBeFalse(); // Should not reach here
  } catch (error) {
@@ -99,17 +86,34 @@ tap.test('should allow access to public endpoints without auth', async () => {
    'http://localhost:3000/typedrequest',
    'getHealthStatus'
  );
-  
+
  // No identity provided
  const response = await healthRequest.fire({});
-  
+
  expect(response).toHaveProperty('health');
  expect(response.health.healthy).toBeTrue();
  console.log('Public endpoint accessible without auth');
 });
 tap.test('should allow read-only config access', async () => {
  const configRequest = new TypedRequest<interfaces.requests.IReq_GetConfiguration>(
    'http://localhost:3000/typedrequest',
    'getConfiguration'
  );
  // Config is read-only and doesn't require auth
  const response = await configRequest.fire({});
  expect(response).toHaveProperty('config');
  expect(response.config).toHaveProperty('email');
  expect(response.config).toHaveProperty('dns');
  expect(response.config).toHaveProperty('proxy');
  expect(response.config).toHaveProperty('security');
  console.log('Configuration read successfully');
 });
 tap.test('should stop DCRouter', async () => {
  await testDcRouter.stop();
 });
-export default tap.start();
+export default tap.start();
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '3.0.0',
+  version: '4.0.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts/cache/classes.cache.cleaner.ts
+++ b/ts/cache/classes.cache.cleaner.ts
@@ -0,0 +1,170 @@
 import * as plugins from '../plugins.js';
 import { logger } from '../logger.js';
 import { CacheDb } from './classes.cachedb.js';
 // Import document classes for cleanup
 import { CachedEmail } from './documents/classes.cached.email.js';
 import { CachedIPReputation } from './documents/classes.cached.ip.reputation.js';
 import { CachedBounce } from './documents/classes.cached.bounce.js';
 import { CachedSuppression } from './documents/classes.cached.suppression.js';
 import { CachedDKIMKey } from './documents/classes.cached.dkim.js';
 /**
 * Configuration for the cache cleaner
 */
 export interface ICacheCleanerOptions {
  /** Cleanup interval in milliseconds (default: 1 hour) */
  intervalMs?: number;
  /** Enable verbose logging */
  verbose?: boolean;
 }
 /**
 * CacheCleaner - Periodically removes expired documents from the cache
 *
 * Runs on a configurable interval (default: hourly) and queries each
 * collection for documents where expiresAt < now(), then deletes them.
 */
 export class CacheCleaner {
  private cleanupInterval: ReturnType<typeof setInterval> | null = null;
  private isRunning: boolean = false;
  private options: Required<ICacheCleanerOptions>;
  private cacheDb: CacheDb;
  constructor(cacheDb: CacheDb, options: ICacheCleanerOptions = {}) {
    this.cacheDb = cacheDb;
    this.options = {
      intervalMs: options.intervalMs || 60 * 60 * 1000, // 1 hour default
      verbose: options.verbose || false,
    };
  }
  /**
   * Start the periodic cleanup process
   */
  public start(): void {
    if (this.isRunning) {
      logger.log('warn', 'CacheCleaner already running');
      return;
    }
    this.isRunning = true;
    // Run cleanup immediately on start
    this.runCleanup().catch((error) => {
      logger.log('error', `Initial cache cleanup failed: ${error.message}`);
    });
    // Schedule periodic cleanup
    this.cleanupInterval = setInterval(() => {
      this.runCleanup().catch((error) => {
        logger.log('error', `Cache cleanup failed: ${error.message}`);
      });
    }, this.options.intervalMs);
    logger.log(
      'info',
      `CacheCleaner started with interval: ${this.options.intervalMs / 1000 / 60} minutes`
    );
  }
  /**
   * Stop the periodic cleanup process
   */
  public stop(): void {
    if (!this.isRunning) {
      return;
    }
    if (this.cleanupInterval) {
      clearInterval(this.cleanupInterval);
      this.cleanupInterval = null;
    }
    this.isRunning = false;
    logger.log('info', 'CacheCleaner stopped');
  }
  /**
   * Run a single cleanup cycle
   */
  public async runCleanup(): Promise<void> {
    if (!this.cacheDb.isReady()) {
      logger.log('warn', 'CacheDb not ready, skipping cleanup');
      return;
    }
    const now = new Date();
    const results: { collection: string; deleted: number }[] = [];
    try {
      // Clean CachedEmail documents
      const emailsDeleted = await this.cleanCollection(CachedEmail, now);
      results.push({ collection: 'CachedEmail', deleted: emailsDeleted });
      // Clean CachedIPReputation documents
      const ipReputationDeleted = await this.cleanCollection(CachedIPReputation, now);
      results.push({ collection: 'CachedIPReputation', deleted: ipReputationDeleted });
      // Clean CachedBounce documents
      const bouncesDeleted = await this.cleanCollection(CachedBounce, now);
      results.push({ collection: 'CachedBounce', deleted: bouncesDeleted });
      // Clean CachedSuppression documents (but not permanent ones)
      const suppressionDeleted = await this.cleanCollection(CachedSuppression, now);
      results.push({ collection: 'CachedSuppression', deleted: suppressionDeleted });
      // Clean CachedDKIMKey documents
      const dkimDeleted = await this.cleanCollection(CachedDKIMKey, now);
      results.push({ collection: 'CachedDKIMKey', deleted: dkimDeleted });
      // Log results
      const totalDeleted = results.reduce((sum, r) => sum + r.deleted, 0);
      if (totalDeleted > 0 || this.options.verbose) {
        const summary = results
          .filter((r) => r.deleted > 0)
          .map((r) => `${r.collection}: ${r.deleted}`)
          .join(', ');
        logger.log(
          'info',
          `Cache cleanup completed. Deleted ${totalDeleted} expired documents. ${summary || 'No deletions.'}`
        );
      }
    } catch (error) {
      logger.log('error', `Cache cleanup error: ${error.message}`);
      throw error;
    }
  }
  /**
   * Clean expired documents from a specific collection
   */
  private async cleanCollection<T>(
    documentClass: { deleteMany: (filter: any) => Promise<any> },
    now: Date
  ): Promise<number> {
    try {
      const result = await documentClass.deleteMany({
        expiresAt: { $lt: now },
      });
      return result?.deletedCount || 0;
    } catch (error) {
      logger.log('error', `Error cleaning collection: ${error.message}`);
      return 0;
    }
  }
  /**
   * Check if the cleaner is running
   */
  public isActive(): boolean {
    return this.isRunning;
  }
  /**
   * Get the cleanup interval in milliseconds
   */
  public getIntervalMs(): number {
    return this.options.intervalMs;
  }
 }
--- a/ts/cache/classes.cached.document.ts
+++ b/ts/cache/classes.cached.document.ts
@@ -0,0 +1,108 @@
 import * as plugins from '../plugins.js';
 /**
 * Base class for all cached documents with TTL support
 *
 * Extends smartdata's SmartDataDbDoc to add:
 * - Automatic timestamps (createdAt, lastAccessedAt)
 * - TTL/expiration support (expiresAt)
 * - Helper methods for TTL management
 */
 export abstract class CachedDocument<T extends CachedDocument<T>> extends plugins.smartdata.SmartDataDbDoc<T, T> {
  /**
   * Timestamp when the document was created
   */
  @plugins.smartdata.svDb()
  public createdAt: Date = new Date();
  /**
   * Timestamp when the document expires and should be cleaned up
   */
  @plugins.smartdata.svDb()
  public expiresAt: Date;
  /**
   * Timestamp of last access (for LRU-style eviction if needed)
   */
  @plugins.smartdata.svDb()
  public lastAccessedAt: Date = new Date();
  /**
   * Set the TTL (time to live) for this document
   * @param ttlMs Time to live in milliseconds
   */
  public setTTL(ttlMs: number): void {
    this.expiresAt = new Date(Date.now() + ttlMs);
  }
  /**
   * Set TTL using days
   * @param days Number of days until expiration
   */
  public setTTLDays(days: number): void {
    this.setTTL(days * 24 * 60 * 60 * 1000);
  }
  /**
   * Set TTL using hours
   * @param hours Number of hours until expiration
   */
  public setTTLHours(hours: number): void {
    this.setTTL(hours * 60 * 60 * 1000);
  }
  /**
   * Check if this document has expired
   */
  public isExpired(): boolean {
    if (!this.expiresAt) {
      return false; // No expiration set
    }
    return new Date() > this.expiresAt;
  }
  /**
   * Update the lastAccessedAt timestamp
   */
  public touch(): void {
    this.lastAccessedAt = new Date();
  }
  /**
   * Get remaining TTL in milliseconds
   * Returns 0 if expired, -1 if no expiration set
   */
  public getRemainingTTL(): number {
    if (!this.expiresAt) {
      return -1;
    }
    const remaining = this.expiresAt.getTime() - Date.now();
    return remaining > 0 ? remaining : 0;
  }
  /**
   * Extend the TTL by the specified milliseconds from now
   * @param ttlMs Additional time to live in milliseconds
   */
  public extendTTL(ttlMs: number): void {
    this.expiresAt = new Date(Date.now() + ttlMs);
  }
  /**
   * Set the document to never expire (100 years in the future)
   */
  public setNeverExpires(): void {
    this.expiresAt = new Date(Date.now() + 100 * 365 * 24 * 60 * 60 * 1000);
  }
 }
 /**
 * TTL constants in milliseconds
 */
 export const TTL = {
  HOURS_1: 1 * 60 * 60 * 1000,
  HOURS_24: 24 * 60 * 60 * 1000,
  DAYS_7: 7 * 24 * 60 * 60 * 1000,
  DAYS_30: 30 * 24 * 60 * 60 * 1000,
  DAYS_90: 90 * 24 * 60 * 60 * 1000,
 } as const;
--- a/ts/cache/classes.cachedb.ts
+++ b/ts/cache/classes.cachedb.ts
@@ -0,0 +1,152 @@
 import * as plugins from '../plugins.js';
 import { logger } from '../logger.js';
 /**
 * Configuration options for CacheDb
 */
 export interface ICacheDbOptions {
  /** Base storage path for TsmDB data (default: /etc/dcrouter/tsmdb) */
  storagePath?: string;
  /** Database name (default: dcrouter) */
  dbName?: string;
  /** Enable debug logging */
  debug?: boolean;
 }
 /**
 * CacheDb - Wrapper around LocalTsmDb and smartdata
 *
 * Provides persistent caching using smartdata as the ORM layer
 * and LocalTsmDb as the embedded database engine.
 */
 export class CacheDb {
  private static instance: CacheDb | null = null;
  private localTsmDb: plugins.smartmongo.LocalTsmDb;
  private smartdataDb: plugins.smartdata.SmartdataDb;
  private options: Required<ICacheDbOptions>;
  private isStarted: boolean = false;
  constructor(options: ICacheDbOptions = {}) {
    this.options = {
      storagePath: options.storagePath || '/etc/dcrouter/tsmdb',
      dbName: options.dbName || 'dcrouter',
      debug: options.debug || false,
    };
  }
  /**
   * Get or create the singleton instance
   */
  public static getInstance(options?: ICacheDbOptions): CacheDb {
    if (!CacheDb.instance) {
      CacheDb.instance = new CacheDb(options);
    }
    return CacheDb.instance;
  }
  /**
   * Reset the singleton instance (useful for testing)
   */
  public static resetInstance(): void {
    CacheDb.instance = null;
  }
  /**
   * Start the cache database
   * - Initializes LocalTsmDb with file persistence
   * - Connects smartdata to the LocalTsmDb via Unix socket
   */
  public async start(): Promise<void> {
    if (this.isStarted) {
      logger.log('warn', 'CacheDb already started');
      return;
    }
    try {
      // Ensure storage directory exists
      await plugins.fsUtils.ensureDir(this.options.storagePath);
      // Create LocalTsmDb instance
      this.localTsmDb = new plugins.smartmongo.LocalTsmDb({
        dbDir: this.options.storagePath,
      });
      // Start LocalTsmDb and get connection URI
      await this.localTsmDb.start();
      const mongoDescriptor = this.localTsmDb.mongoDescriptor;
      if (this.options.debug) {
        logger.log('debug', `LocalTsmDb started with descriptor: ${JSON.stringify(mongoDescriptor)}`);
      }
      // Initialize smartdata with the connection
      this.smartdataDb = new plugins.smartdata.SmartdataDb(mongoDescriptor);
      await this.smartdataDb.init();
      this.isStarted = true;
      logger.log('info', `CacheDb started at ${this.options.storagePath}`);
    } catch (error) {
      logger.log('error', `Failed to start CacheDb: ${error.message}`);
      throw error;
    }
  }
  /**
   * Stop the cache database
   */
  public async stop(): Promise<void> {
    if (!this.isStarted) {
      return;
    }
    try {
      // Close smartdata connection
      if (this.smartdataDb) {
        await this.smartdataDb.close();
      }
      // Stop LocalTsmDb
      if (this.localTsmDb) {
        await this.localTsmDb.stop();
      }
      this.isStarted = false;
      logger.log('info', 'CacheDb stopped');
    } catch (error) {
      logger.log('error', `Error stopping CacheDb: ${error.message}`);
      throw error;
    }
  }
  /**
   * Get the smartdata database instance
   */
  public getDb(): plugins.smartdata.SmartdataDb {
    if (!this.isStarted) {
      throw new Error('CacheDb not started. Call start() first.');
    }
    return this.smartdataDb;
  }
  /**
   * Check if the database is ready
   */
  public isReady(): boolean {
    return this.isStarted;
  }
  /**
   * Get the storage path
   */
  public getStoragePath(): string {
    return this.options.storagePath;
  }
  /**
   * Get the database name
   */
  public getDbName(): string {
    return this.options.dbName;
  }
 }
--- a/ts/cache/documents/classes.cached.bounce.ts
+++ b/ts/cache/documents/classes.cached.bounce.ts
@@ -0,0 +1,244 @@
 import * as plugins from '../../plugins.js';
 import { CachedDocument, TTL } from '../classes.cached.document.js';
 import { CacheDb } from '../classes.cachedb.js';
 /**
 * Helper to get the smartdata database instance
 */
 const getDb = () => CacheDb.getInstance().getDb();
 /**
 * Bounce type classification
 */
 export type TBounceType = 'hard' | 'soft' | 'complaint' | 'unknown';
 /**
 * Bounce category for detailed classification
 */
 export type TBounceCategory =
  | 'invalid-recipient'
  | 'mailbox-full'
  | 'domain-not-found'
  | 'connection-failed'
  | 'policy-rejection'
  | 'spam-rejection'
  | 'rate-limited'
  | 'other';
 /**
 * CachedBounce - Stores email bounce records
 *
 * Tracks bounce events for emails to help with deliverability
 * analysis and suppression list management.
 */
@plugins.smartdata.Collection(() => getDb())
 export class CachedBounce extends CachedDocument<CachedBounce> {
  /**
   * Unique identifier for this bounce record
   */
  @plugins.smartdata.unI()
  @plugins.smartdata.svDb()
  public id: string;
  /**
   * Email address that bounced
   */
  @plugins.smartdata.svDb()
  public recipient: string;
  /**
   * Sender email address
   */
  @plugins.smartdata.svDb()
  public sender: string;
  /**
   * Recipient domain
   */
  @plugins.smartdata.svDb()
  public domain: string;
  /**
   * Type of bounce (hard/soft/complaint)
   */
  @plugins.smartdata.svDb()
  public bounceType: TBounceType;
  /**
   * Detailed bounce category
   */
  @plugins.smartdata.svDb()
  public bounceCategory: TBounceCategory;
  /**
   * SMTP response code
   */
  @plugins.smartdata.svDb()
  public smtpCode: number;
  /**
   * Full SMTP response message
   */
  @plugins.smartdata.svDb()
  public smtpResponse: string;
  /**
   * Diagnostic code from DSN
   */
  @plugins.smartdata.svDb()
  public diagnosticCode: string;
  /**
   * Original message ID that bounced
   */
  @plugins.smartdata.svDb()
  public originalMessageId: string;
  /**
   * Number of bounces for this recipient
   */
  @plugins.smartdata.svDb()
  public bounceCount: number = 1;
  /**
   * Timestamp of the first bounce
   */
  @plugins.smartdata.svDb()
  public firstBounceAt: Date;
  /**
   * Timestamp of the most recent bounce
   */
  @plugins.smartdata.svDb()
  public lastBounceAt: Date;
  constructor() {
    super();
    this.setTTL(TTL.DAYS_30); // Default 30-day TTL
    this.bounceType = 'unknown';
    this.bounceCategory = 'other';
    this.firstBounceAt = new Date();
    this.lastBounceAt = new Date();
  }
  /**
   * Create a new bounce record
   */
  public static createNew(): CachedBounce {
    const bounce = new CachedBounce();
    bounce.id = plugins.uuid.v4();
    return bounce;
  }
  /**
   * Find bounces by recipient email
   */
  public static async findByRecipient(recipient: string): Promise<CachedBounce[]> {
    return await CachedBounce.getInstances({
      recipient,
    });
  }
  /**
   * Find bounces by domain
   */
  public static async findByDomain(domain: string): Promise<CachedBounce[]> {
    return await CachedBounce.getInstances({
      domain,
    });
  }
  /**
   * Find all hard bounces
   */
  public static async findHardBounces(): Promise<CachedBounce[]> {
    return await CachedBounce.getInstances({
      bounceType: 'hard',
    });
  }
  /**
   * Find bounces by category
   */
  public static async findByCategory(category: TBounceCategory): Promise<CachedBounce[]> {
    return await CachedBounce.getInstances({
      bounceCategory: category,
    });
  }
  /**
   * Check if a recipient has recent hard bounces
   */
  public static async hasRecentHardBounce(recipient: string): Promise<boolean> {
    const bounces = await CachedBounce.getInstances({
      recipient,
      bounceType: 'hard',
    });
    return bounces.length > 0;
  }
  /**
   * Record an additional bounce for the same recipient
   */
  public recordAdditionalBounce(smtpCode?: number, smtpResponse?: string): void {
    this.bounceCount++;
    this.lastBounceAt = new Date();
    if (smtpCode) {
      this.smtpCode = smtpCode;
    }
    if (smtpResponse) {
      this.smtpResponse = smtpResponse;
    }
    this.touch();
  }
  /**
   * Extract domain from recipient email
   */
  public updateDomain(): void {
    if (this.recipient) {
      const match = this.recipient.match(/@([^>]+)>?$/);
      if (match) {
        this.domain = match[1].toLowerCase();
      }
    }
  }
  /**
   * Classify bounce based on SMTP code
   */
  public classifyFromSmtpCode(code: number): void {
    this.smtpCode = code;
    // 5xx = permanent failure (hard bounce)
    if (code >= 500 && code < 600) {
      this.bounceType = 'hard';
      if (code === 550) {
        this.bounceCategory = 'invalid-recipient';
      } else if (code === 551) {
        this.bounceCategory = 'policy-rejection';
      } else if (code === 552) {
        this.bounceCategory = 'mailbox-full';
      } else if (code === 553) {
        this.bounceCategory = 'invalid-recipient';
      } else if (code === 554) {
        this.bounceCategory = 'spam-rejection';
      }
    }
    // 4xx = temporary failure (soft bounce)
    else if (code >= 400 && code < 500) {
      this.bounceType = 'soft';
      if (code === 421) {
        this.bounceCategory = 'rate-limited';
      } else if (code === 450) {
        this.bounceCategory = 'mailbox-full';
      } else if (code === 451) {
        this.bounceCategory = 'connection-failed';
      } else if (code === 452) {
        this.bounceCategory = 'rate-limited';
      }
    }
  }
 }
--- a/ts/cache/documents/classes.cached.dkim.ts
+++ b/ts/cache/documents/classes.cached.dkim.ts
@@ -0,0 +1,241 @@
 import * as plugins from '../../plugins.js';
 import { CachedDocument, TTL } from '../classes.cached.document.js';
 import { CacheDb } from '../classes.cachedb.js';
 /**
 * Helper to get the smartdata database instance
 */
 const getDb = () => CacheDb.getInstance().getDb();
 /**
 * CachedDKIMKey - Stores DKIM key pairs for email signing
 *
 * Caches DKIM private/public key pairs per domain and selector.
 * Default TTL is 90 days (typical key rotation interval).
 */
@plugins.smartdata.Collection(() => getDb())
 export class CachedDKIMKey extends CachedDocument<CachedDKIMKey> {
  /**
   * Composite key: domain:selector
   */
  @plugins.smartdata.unI()
  @plugins.smartdata.svDb()
  public domainSelector: string;
  /**
   * Domain for this DKIM key
   */
  @plugins.smartdata.svDb()
  public domain: string;
  /**
   * DKIM selector (e.g., 'mta', 'default', '2024')
   */
  @plugins.smartdata.svDb()
  public selector: string;
  /**
   * Private key in PEM format
   */
  @plugins.smartdata.svDb()
  public privateKey: string;
  /**
   * Public key in PEM format
   */
  @plugins.smartdata.svDb()
  public publicKey: string;
  /**
   * Public key for DNS TXT record (base64, no headers)
   */
  @plugins.smartdata.svDb()
  public publicKeyDns: string;
  /**
   * Key size in bits (e.g., 1024, 2048)
   */
  @plugins.smartdata.svDb()
  public keySize: number = 2048;
  /**
   * Key algorithm (e.g., 'rsa-sha256')
   */
  @plugins.smartdata.svDb()
  public algorithm: string = 'rsa-sha256';
  /**
   * When the key was generated
   */
  @plugins.smartdata.svDb()
  public generatedAt: Date;
  /**
   * When the key was last rotated
   */
  @plugins.smartdata.svDb()
  public rotatedAt: Date;
  /**
   * Previous selector (for key rotation)
   */
  @plugins.smartdata.svDb()
  public previousSelector: string;
  /**
   * Number of emails signed with this key
   */
  @plugins.smartdata.svDb()
  public signCount: number = 0;
  /**
   * Whether this key is currently active
   */
  @plugins.smartdata.svDb()
  public isActive: boolean = true;
  constructor() {
    super();
    this.setTTL(TTL.DAYS_90); // Default 90-day TTL
    this.generatedAt = new Date();
  }
  /**
   * Create the composite key from domain and selector
   */
  public static createDomainSelector(domain: string, selector: string): string {
    return `${domain.toLowerCase()}:${selector.toLowerCase()}`;
  }
  /**
   * Create a new DKIM key entry
   */
  public static createNew(domain: string, selector: string): CachedDKIMKey {
    const key = new CachedDKIMKey();
    key.domain = domain.toLowerCase();
    key.selector = selector.toLowerCase();
    key.domainSelector = CachedDKIMKey.createDomainSelector(domain, selector);
    return key;
  }
  /**
   * Find by domain and selector
   */
  public static async findByDomainSelector(
    domain: string,
    selector: string
  ): Promise<CachedDKIMKey | null> {
    const domainSelector = CachedDKIMKey.createDomainSelector(domain, selector);
    return await CachedDKIMKey.getInstance({
      domainSelector,
    });
  }
  /**
   * Find all keys for a domain
   */
  public static async findByDomain(domain: string): Promise<CachedDKIMKey[]> {
    return await CachedDKIMKey.getInstances({
      domain: domain.toLowerCase(),
    });
  }
  /**
   * Find the active key for a domain
   */
  public static async findActiveForDomain(domain: string): Promise<CachedDKIMKey | null> {
    const keys = await CachedDKIMKey.getInstances({
      domain: domain.toLowerCase(),
      isActive: true,
    });
    return keys.length > 0 ? keys[0] : null;
  }
  /**
   * Find all active keys
   */
  public static async findAllActive(): Promise<CachedDKIMKey[]> {
    return await CachedDKIMKey.getInstances({
      isActive: true,
    });
  }
  /**
   * Set the key pair
   */
  public setKeyPair(privateKey: string, publicKey: string, publicKeyDns?: string): void {
    this.privateKey = privateKey;
    this.publicKey = publicKey;
    this.publicKeyDns = publicKeyDns || this.extractPublicKeyDns(publicKey);
    this.generatedAt = new Date();
  }
  /**
   * Extract the base64 public key for DNS from PEM format
   */
  private extractPublicKeyDns(publicKeyPem: string): string {
    // Remove PEM headers and newlines
    return publicKeyPem
      .replace(/-----BEGIN PUBLIC KEY-----/g, '')
      .replace(/-----END PUBLIC KEY-----/g, '')
      .replace(/\s/g, '');
  }
  /**
   * Generate the DNS TXT record value
   */
  public getDnsTxtRecord(): string {
    return `v=DKIM1; k=rsa; p=${this.publicKeyDns}`;
  }
  /**
   * Get the full DNS record name
   */
  public getDnsRecordName(): string {
    return `${this.selector}._domainkey.${this.domain}`;
  }
  /**
   * Record that this key was used to sign an email
   */
  public recordSign(): void {
    this.signCount++;
    this.touch();
  }
  /**
   * Deactivate this key (e.g., during rotation)
   */
  public deactivate(): void {
    this.isActive = false;
  }
  /**
   * Activate this key
   */
  public activate(): void {
    this.isActive = true;
  }
  /**
   * Rotate to a new selector
   */
  public rotate(newSelector: string): void {
    this.previousSelector = this.selector;
    this.selector = newSelector.toLowerCase();
    this.domainSelector = CachedDKIMKey.createDomainSelector(this.domain, this.selector);
    this.rotatedAt = new Date();
    this.signCount = 0;
    // Reset TTL on rotation
    this.setTTL(TTL.DAYS_90);
  }
  /**
   * Check if key needs rotation (based on age or sign count)
   */
  public needsRotation(maxAgeDays: number = 90, maxSignCount: number = 1000000): boolean {
    const ageMs = Date.now() - this.generatedAt.getTime();
    const ageDays = ageMs / (24 * 60 * 60 * 1000);
    return ageDays > maxAgeDays || this.signCount > maxSignCount;
  }
 }
--- a/ts/cache/documents/classes.cached.email.ts
+++ b/ts/cache/documents/classes.cached.email.ts
@@ -0,0 +1,230 @@
 import * as plugins from '../../plugins.js';
 import { CachedDocument, TTL } from '../classes.cached.document.js';
 import { CacheDb } from '../classes.cachedb.js';
 /**
 * Email status in the cache
 */
 export type TCachedEmailStatus = 'pending' | 'processing' | 'delivered' | 'failed' | 'deferred';
 /**
 * Helper to get the smartdata database instance
 */
 const getDb = () => CacheDb.getInstance().getDb();
 /**
 * CachedEmail - Stores email queue items in the cache
 *
 * Used for persistent email queue storage, tracking delivery status,
 * and maintaining email history for the configured TTL period.
 */
@plugins.smartdata.Collection(() => getDb())
 export class CachedEmail extends CachedDocument<CachedEmail> {
  /**
   * Unique identifier for this email
   */
  @plugins.smartdata.unI()
  @plugins.smartdata.svDb()
  public id: string;
  /**
   * Email message ID (RFC 822 Message-ID header)
   */
  @plugins.smartdata.svDb()
  public messageId: string;
  /**
   * Sender email address (envelope from)
   */
  @plugins.smartdata.svDb()
  public from: string;
  /**
   * Recipient email addresses
   */
  @plugins.smartdata.svDb()
  public to: string[];
  /**
   * CC recipients
   */
  @plugins.smartdata.svDb()
  public cc: string[];
  /**
   * BCC recipients
   */
  @plugins.smartdata.svDb()
  public bcc: string[];
  /**
   * Email subject
   */
  @plugins.smartdata.svDb()
  public subject: string;
  /**
   * Raw RFC822 email content
   */
  @plugins.smartdata.svDb()
  public rawContent: string;
  /**
   * Current status of the email
   */
  @plugins.smartdata.svDb()
  public status: TCachedEmailStatus;
  /**
   * Number of delivery attempts
   */
  @plugins.smartdata.svDb()
  public attempts: number = 0;
  /**
   * Maximum number of delivery attempts
   */
  @plugins.smartdata.svDb()
  public maxAttempts: number = 3;
  /**
   * Timestamp for next delivery attempt
   */
  @plugins.smartdata.svDb()
  public nextAttempt: Date;
  /**
   * Last error message if delivery failed
   */
  @plugins.smartdata.svDb()
  public lastError: string;
  /**
   * Timestamp when the email was successfully delivered
   */
  @plugins.smartdata.svDb()
  public deliveredAt: Date;
  /**
   * Sender domain (for querying/filtering)
   */
  @plugins.smartdata.svDb()
  public senderDomain: string;
  /**
   * Priority level (higher = more important)
   */
  @plugins.smartdata.svDb()
  public priority: number = 0;
  /**
   * JSON-serialized route data
   */
  @plugins.smartdata.svDb()
  public routeData: string;
  /**
   * DKIM signature status
   */
  @plugins.smartdata.svDb()
  public dkimSigned: boolean = false;
  constructor() {
    super();
    this.setTTL(TTL.DAYS_30); // Default 30-day TTL
    this.status = 'pending';
    this.to = [];
    this.cc = [];
    this.bcc = [];
  }
  /**
   * Create a new CachedEmail with a unique ID
   */
  public static createNew(): CachedEmail {
    const email = new CachedEmail();
    email.id = plugins.uuid.v4();
    return email;
  }
  /**
   * Find an email by ID
   */
  public static async findById(id: string): Promise<CachedEmail | null> {
    return await CachedEmail.getInstance({
      id,
    });
  }
  /**
   * Find all emails with a specific status
   */
  public static async findByStatus(status: TCachedEmailStatus): Promise<CachedEmail[]> {
    return await CachedEmail.getInstances({
      status,
    });
  }
  /**
   * Find all emails pending delivery (status = pending and nextAttempt <= now)
   */
  public static async findPendingForDelivery(): Promise<CachedEmail[]> {
    const now = new Date();
    return await CachedEmail.getInstances({
      status: 'pending',
      nextAttempt: { $lte: now },
    });
  }
  /**
   * Find emails by sender domain
   */
  public static async findBySenderDomain(domain: string): Promise<CachedEmail[]> {
    return await CachedEmail.getInstances({
      senderDomain: domain,
    });
  }
  /**
   * Mark as delivered
   */
  public markDelivered(): void {
    this.status = 'delivered';
    this.deliveredAt = new Date();
  }
  /**
   * Mark as failed with error
   */
  public markFailed(error: string): void {
    this.status = 'failed';
    this.lastError = error;
  }
  /**
   * Increment attempt counter and schedule next attempt
   */
  public scheduleRetry(delayMs: number = 5 * 60 * 1000): void {
    this.attempts++;
    this.status = 'deferred';
    this.nextAttempt = new Date(Date.now() + delayMs);
    // If max attempts reached, mark as failed
    if (this.attempts >= this.maxAttempts) {
      this.status = 'failed';
      this.lastError = `Max attempts (${this.maxAttempts}) reached`;
    }
  }
  /**
   * Extract sender domain from email address
   */
  public updateSenderDomain(): void {
    if (this.from) {
      const match = this.from.match(/@([^>]+)>?$/);
      if (match) {
        this.senderDomain = match[1].toLowerCase();
      }
    }
  }
 }
--- a/ts/cache/documents/classes.cached.ip.reputation.ts
+++ b/ts/cache/documents/classes.cached.ip.reputation.ts
@@ -0,0 +1,237 @@
 import * as plugins from '../../plugins.js';
 import { CachedDocument, TTL } from '../classes.cached.document.js';
 import { CacheDb } from '../classes.cachedb.js';
 /**
 * Helper to get the smartdata database instance
 */
 const getDb = () => CacheDb.getInstance().getDb();
 /**
 * IP reputation result data
 */
 export interface IIPReputationData {
  score: number;
  isSpam: boolean;
  isProxy: boolean;
  isTor: boolean;
  isVPN: boolean;
  country?: string;
  asn?: string;
  org?: string;
  blacklists?: string[];
 }
 /**
 * CachedIPReputation - Stores IP reputation lookup results
 *
 * Caches the results of IP reputation checks to avoid repeated
 * external API calls. Default TTL is 24 hours.
 */
@plugins.smartdata.Collection(() => getDb())
 export class CachedIPReputation extends CachedDocument<CachedIPReputation> {
  /**
   * IP address (unique identifier)
   */
  @plugins.smartdata.unI()
  @plugins.smartdata.svDb()
  public ipAddress: string;
  /**
   * Reputation score (0-100, higher = better)
   */
  @plugins.smartdata.svDb()
  public score: number;
  /**
   * Whether the IP is flagged as spam source
   */
  @plugins.smartdata.svDb()
  public isSpam: boolean;
  /**
   * Whether the IP is a known proxy
   */
  @plugins.smartdata.svDb()
  public isProxy: boolean;
  /**
   * Whether the IP is a Tor exit node
   */
  @plugins.smartdata.svDb()
  public isTor: boolean;
  /**
   * Whether the IP is a VPN endpoint
   */
  @plugins.smartdata.svDb()
  public isVPN: boolean;
  /**
   * Country code (ISO 3166-1 alpha-2)
   */
  @plugins.smartdata.svDb()
  public country: string;
  /**
   * Autonomous System Number
   */
  @plugins.smartdata.svDb()
  public asn: string;
  /**
   * Organization name
   */
  @plugins.smartdata.svDb()
  public org: string;
  /**
   * List of blacklists the IP appears on
   */
  @plugins.smartdata.svDb()
  public blacklists: string[];
  /**
   * Number of times this IP has been checked
   */
  @plugins.smartdata.svDb()
  public checkCount: number = 0;
  /**
   * Number of connections from this IP
   */
  @plugins.smartdata.svDb()
  public connectionCount: number = 0;
  /**
   * Number of emails received from this IP
   */
  @plugins.smartdata.svDb()
  public emailCount: number = 0;
  /**
   * Number of spam emails from this IP
   */
  @plugins.smartdata.svDb()
  public spamCount: number = 0;
  constructor() {
    super();
    this.setTTL(TTL.HOURS_24); // Default 24-hour TTL
    this.blacklists = [];
    this.score = 50; // Default neutral score
    this.isSpam = false;
    this.isProxy = false;
    this.isTor = false;
    this.isVPN = false;
  }
  /**
   * Create from reputation data
   */
  public static fromReputationData(ipAddress: string, data: IIPReputationData): CachedIPReputation {
    const cached = new CachedIPReputation();
    cached.ipAddress = ipAddress;
    cached.score = data.score;
    cached.isSpam = data.isSpam;
    cached.isProxy = data.isProxy;
    cached.isTor = data.isTor;
    cached.isVPN = data.isVPN;
    cached.country = data.country || '';
    cached.asn = data.asn || '';
    cached.org = data.org || '';
    cached.blacklists = data.blacklists || [];
    cached.checkCount = 1;
    return cached;
  }
  /**
   * Convert to reputation data object
   */
  public toReputationData(): IIPReputationData {
    this.touch();
    return {
      score: this.score,
      isSpam: this.isSpam,
      isProxy: this.isProxy,
      isTor: this.isTor,
      isVPN: this.isVPN,
      country: this.country,
      asn: this.asn,
      org: this.org,
      blacklists: this.blacklists,
    };
  }
  /**
   * Find by IP address
   */
  public static async findByIP(ipAddress: string): Promise<CachedIPReputation | null> {
    return await CachedIPReputation.getInstance({
      ipAddress,
    });
  }
  /**
   * Find all IPs flagged as spam
   */
  public static async findSpamIPs(): Promise<CachedIPReputation[]> {
    return await CachedIPReputation.getInstances({
      isSpam: true,
    });
  }
  /**
   * Find IPs with score below threshold
   */
  public static async findLowScoreIPs(threshold: number): Promise<CachedIPReputation[]> {
    return await CachedIPReputation.getInstances({
      score: { $lt: threshold },
    });
  }
  /**
   * Record a connection from this IP
   */
  public recordConnection(): void {
    this.connectionCount++;
    this.touch();
  }
  /**
   * Record an email from this IP
   */
  public recordEmail(isSpam: boolean = false): void {
    this.emailCount++;
    if (isSpam) {
      this.spamCount++;
    }
    this.touch();
  }
  /**
   * Update the reputation data
   */
  public updateReputation(data: IIPReputationData): void {
    this.score = data.score;
    this.isSpam = data.isSpam;
    this.isProxy = data.isProxy;
    this.isTor = data.isTor;
    this.isVPN = data.isVPN;
    this.country = data.country || this.country;
    this.asn = data.asn || this.asn;
    this.org = data.org || this.org;
    this.blacklists = data.blacklists || this.blacklists;
    this.checkCount++;
    this.touch();
    // Refresh TTL on update
    this.setTTL(TTL.HOURS_24);
  }
  /**
   * Check if this IP should be blocked
   */
  public shouldBlock(): boolean {
    return this.isSpam || this.score < 20 || this.blacklists.length > 2;
  }
 }
--- a/ts/cache/documents/classes.cached.suppression.ts
+++ b/ts/cache/documents/classes.cached.suppression.ts
@@ -0,0 +1,262 @@
 import * as plugins from '../../plugins.js';
 import { CachedDocument, TTL } from '../classes.cached.document.js';
 import { CacheDb } from '../classes.cachedb.js';
 /**
 * Helper to get the smartdata database instance
 */
 const getDb = () => CacheDb.getInstance().getDb();
 /**
 * Reason for suppression
 */
 export type TSuppressionReason =
  | 'hard-bounce'
  | 'soft-bounce-exceeded'
  | 'complaint'
  | 'unsubscribe'
  | 'manual'
  | 'spam-trap'
  | 'invalid-address';
 /**
 * CachedSuppression - Stores email suppression list entries
 *
 * Emails to addresses in the suppression list should not be sent.
 * Supports both temporary (30-day) and permanent suppression.
 */
@plugins.smartdata.Collection(() => getDb())
 export class CachedSuppression extends CachedDocument<CachedSuppression> {
  /**
   * Email address to suppress (unique identifier)
   */
  @plugins.smartdata.unI()
  @plugins.smartdata.svDb()
  public email: string;
  /**
   * Reason for suppression
   */
  @plugins.smartdata.svDb()
  public reason: TSuppressionReason;
  /**
   * Human-readable description of why this address is suppressed
   */
  @plugins.smartdata.svDb()
  public description: string;
  /**
   * Whether this is a permanent suppression
   */
  @plugins.smartdata.svDb()
  public permanent: boolean = false;
  /**
   * Number of times we've tried to send to this address after suppression
   */
  @plugins.smartdata.svDb()
  public blockedAttempts: number = 0;
  /**
   * Domain of the suppressed email
   */
  @plugins.smartdata.svDb()
  public domain: string;
  /**
   * Related bounce record ID (if suppressed due to bounce)
   */
  @plugins.smartdata.svDb()
  public relatedBounceId: string;
  /**
   * Source that caused the suppression (e.g., campaign ID, message ID)
   */
  @plugins.smartdata.svDb()
  public source: string;
  /**
   * Date when the suppression was first created
   */
  @plugins.smartdata.svDb()
  public suppressedAt: Date;
  constructor() {
    super();
    this.setTTL(TTL.DAYS_30); // Default 30-day TTL
    this.suppressedAt = new Date();
    this.blockedAttempts = 0;
  }
  /**
   * Create a new suppression entry
   */
  public static createNew(email: string, reason: TSuppressionReason): CachedSuppression {
    const suppression = new CachedSuppression();
    suppression.email = email.toLowerCase().trim();
    suppression.reason = reason;
    suppression.updateDomain();
    // Hard bounces and spam traps should be permanent
    if (reason === 'hard-bounce' || reason === 'spam-trap' || reason === 'complaint') {
      suppression.setPermanent();
    }
    return suppression;
  }
  /**
   * Make this suppression permanent (never expires)
   */
  public setPermanent(): void {
    this.permanent = true;
    this.setNeverExpires();
  }
  /**
   * Make this suppression temporary with specific TTL
   */
  public setTemporary(ttlMs: number): void {
    this.permanent = false;
    this.setTTL(ttlMs);
  }
  /**
   * Extract domain from email
   */
  public updateDomain(): void {
    if (this.email) {
      const match = this.email.match(/@(.+)$/);
      if (match) {
        this.domain = match[1].toLowerCase();
      }
    }
  }
  /**
   * Check if an email is suppressed
   */
  public static async isSuppressed(email: string): Promise<boolean> {
    const normalizedEmail = email.toLowerCase().trim();
    const entry = await CachedSuppression.getInstance({
      email: normalizedEmail,
    });
    return entry !== null && !entry.isExpired();
  }
  /**
   * Get suppression entry for an email
   */
  public static async findByEmail(email: string): Promise<CachedSuppression | null> {
    const normalizedEmail = email.toLowerCase().trim();
    return await CachedSuppression.getInstance({
      email: normalizedEmail,
    });
  }
  /**
   * Find all suppressions for a domain
   */
  public static async findByDomain(domain: string): Promise<CachedSuppression[]> {
    return await CachedSuppression.getInstances({
      domain: domain.toLowerCase(),
    });
  }
  /**
   * Find all permanent suppressions
   */
  public static async findPermanent(): Promise<CachedSuppression[]> {
    return await CachedSuppression.getInstances({
      permanent: true,
    });
  }
  /**
   * Find all suppressions by reason
   */
  public static async findByReason(reason: TSuppressionReason): Promise<CachedSuppression[]> {
    return await CachedSuppression.getInstances({
      reason,
    });
  }
  /**
   * Record a blocked attempt to send to this address
   */
  public recordBlockedAttempt(): void {
    this.blockedAttempts++;
    this.touch();
  }
  /**
   * Remove suppression (delete from database)
   */
  public static async remove(email: string): Promise<boolean> {
    const normalizedEmail = email.toLowerCase().trim();
    const entry = await CachedSuppression.getInstance({
      email: normalizedEmail,
    });
    if (entry) {
      await entry.delete();
      return true;
    }
    return false;
  }
  /**
   * Add or update a suppression entry
   */
  public static async addOrUpdate(
    email: string,
    reason: TSuppressionReason,
    options?: {
      permanent?: boolean;
      description?: string;
      source?: string;
      relatedBounceId?: string;
    }
  ): Promise<CachedSuppression> {
    const normalizedEmail = email.toLowerCase().trim();
    // Check if already suppressed
    let entry = await CachedSuppression.findByEmail(normalizedEmail);
    if (entry) {
      // Update existing entry
      entry.reason = reason;
      if (options?.permanent) {
        entry.setPermanent();
      }
      if (options?.description) {
        entry.description = options.description;
      }
      if (options?.source) {
        entry.source = options.source;
      }
      if (options?.relatedBounceId) {
        entry.relatedBounceId = options.relatedBounceId;
      }
      entry.touch();
    } else {
      // Create new entry
      entry = CachedSuppression.createNew(normalizedEmail, reason);
      if (options?.permanent) {
        entry.setPermanent();
      }
      if (options?.description) {
        entry.description = options.description;
      }
      if (options?.source) {
        entry.source = options.source;
      }
      if (options?.relatedBounceId) {
        entry.relatedBounceId = options.relatedBounceId;
      }
    }
    await entry.save();
    return entry;
  }
 }
--- a/ts/cache/documents/index.ts
+++ b/ts/cache/documents/index.ts
@@ -0,0 +1,5 @@
 export * from './classes.cached.email.js';
 export * from './classes.cached.ip.reputation.js';
 export * from './classes.cached.bounce.js';
 export * from './classes.cached.suppression.js';
 export * from './classes.cached.dkim.js';
--- a/ts/cache/index.ts
+++ b/ts/cache/index.ts
@@ -0,0 +1,7 @@
 // Core cache infrastructure
 export * from './classes.cachedb.js';
 export * from './classes.cached.document.js';
 export * from './classes.cache.cleaner.js';
 // Document classes
 export * from './documents/index.js';
--- a/ts/opsserver/handlers/config.handler.ts
+++ b/ts/opsserver/handlers/config.handler.ts
@@ -1,19 +1,18 @@
 import * as plugins from '../../plugins.js';
 import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
 import { requireAdminIdentity } from '../helpers/guards.js';
 export class ConfigHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();
-  
+
  constructor(private opsServerRef: OpsServer) {
    // Add this handler's router to the parent
    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
    this.registerHandlers();
  }
-  
+
  private registerHandlers(): void {
-    // Get Configuration Handler
+    // Get Configuration Handler (read-only)
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetConfiguration>(
        'getConfiguration',
@@ -26,33 +25,6 @@ export class ConfigHandler {
        }
      )
    );
    // Update Configuration Handler
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_UpdateConfiguration>(
        'updateConfiguration',
        async (dataArg, toolsArg) => {
          try {
            // Require admin access to update configuration
            await requireAdminIdentity(this.opsServerRef.adminHandler, dataArg);
            const updatedConfig = await this.updateConfiguration(dataArg.section, dataArg.config);
            return {
              updated: true,
              config: updatedConfig,
            };
          } catch (error) {
            if (error instanceof plugins.typedrequest.TypedResponseError) {
              throw error;
            }
            return {
              updated: false,
              config: null,
            };
          }
        }
      )
    );
  }
  private async getConfiguration(section?: string): Promise<{
@@ -133,31 +105,4 @@ export class ConfigHandler {
      },
    };
  }
  private async updateConfiguration(section: string, config: any): Promise<any> {
    // TODO: Implement actual configuration updates
    // This would involve:
    // 1. Validating the configuration changes
    // 2. Applying them to the running services
    // 3. Persisting them to storage
    // 4. Potentially restarting affected services
    // For now, just validate and return the config
    if (section === 'email' && config.maxMessageSize && config.maxMessageSize < 1024) {
      throw new Error('Maximum message size must be at least 1KB');
    }
    if (section === 'dns' && config.ttl && (config.ttl < 0 || config.ttl > 86400)) {
      throw new Error('DNS TTL must be between 0 and 86400 seconds');
    }
    if (section === 'proxy' && config.maxConnections && config.maxConnections < 1) {
      throw new Error('Maximum connections must be at least 1');
    }
    // In a real implementation, apply the changes here
    // For now, return the current configuration
    const currentConfig = await this.getConfiguration(section);
    return currentConfig;
  }
 }
--- a/ts/plugins.ts
+++ b/ts/plugins.ts
@@ -51,6 +51,7 @@ import * as smartjwt from '@push.rocks/smartjwt';
 import * as smartlog from '@push.rocks/smartlog';
 import * as smartmail from '@push.rocks/smartmail';
 import * as smartmetrics from '@push.rocks/smartmetrics';
 import * as smartmongo from '@push.rocks/smartmongo';
 import * as smartnetwork from '@push.rocks/smartnetwork';
 import * as smartpath from '@push.rocks/smartpath';
 import * as smartproxy from '@push.rocks/smartproxy';
@@ -61,7 +62,7 @@ import * as smartrule from '@push.rocks/smartrule';
 import * as smartrx from '@push.rocks/smartrx';
 import * as smartunique from '@push.rocks/smartunique';
-export { projectinfo, qenv, smartacme, smartdata, smartdns, smartfile, smartguard, smartjwt, smartlog, smartmail, smartmetrics, smartnetwork, smartpath, smartproxy, smartpromise, smartradius, smartrequest, smartrule, smartrx, smartunique };
+export { projectinfo, qenv, smartacme, smartdata, smartdns, smartfile, smartguard, smartjwt, smartlog, smartmail, smartmetrics, smartmongo, smartnetwork, smartpath, smartproxy, smartpromise, smartradius, smartrequest, smartrule, smartrx, smartunique };
 // Define SmartLog types for use in error handling
 export type TLogLevel = 'error' | 'warn' | 'info' | 'success' | 'debug';
--- a/ts_interfaces/readme.md
+++ b/ts_interfaces/readme.md
@@ -0,0 +1,174 @@
 # @serve.zone/dcrouter-interfaces
 TypeScript interfaces and type definitions for the DCRouter OpsServer API. 📡
 This module provides strongly-typed interfaces for communicating with the DCRouter OpsServer via TypedRequest. Use these interfaces for type-safe API interactions in your frontend applications or integration code.
 ## Issue Reporting and Security
 For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 ## Installation
 ```bash
 npm install @serve.zone/dcrouter-interfaces --save
 # or
 pnpm add @serve.zone/dcrouter-interfaces
 ```
 ## Usage
 ```typescript
 import { data, requests } from '@serve.zone/dcrouter-interfaces';
 // Use data interfaces for type definitions
 const identity: data.IIdentity = {
  jwt: 'your-jwt-token',
  userId: 'user-123',
  name: 'Admin User',
  expiresAt: Date.now() + 3600000,
  role: 'admin'
 };
 // Use request interfaces for API calls
 const statsRequest: requests.IReq_GetServerStatistics = {
  method: 'getServerStatistics',
  request: {
    identity,
    includeHistory: true,
    timeRange: '24h'
  },
  response: null // Will be populated by the response
 };
 ```
 ## Module Structure
 ### Data Interfaces (`data`)
 Core data types used throughout the DCRouter system:
 #### `IIdentity`
 Authentication identity for API requests:
 ```typescript
 interface IIdentity {
  jwt: string;           // JWT token for authentication
  userId: string;        // Unique user identifier
  name: string;          // Display name
  expiresAt: number;     // Token expiration timestamp
  role?: string;         // User role (e.g., 'admin')
  type?: string;         // Identity type
 }
 ```
 #### Statistics Interfaces
 - `IServerStats` - Overall server statistics
 - `IEmailStats` - Email throughput and delivery metrics
 - `IDnsStats` - DNS query statistics
 - `IRateLimitInfo` - Rate limiting status
 - `ISecurityMetrics` - Security event metrics
 - `IConnectionInfo` - Active connection details
 - `IQueueStatus` - Email queue status
 - `IHealthStatus` - System health information
 ### Request Interfaces (`requests`)
 TypedRequest interfaces for the OpsServer API:
 #### Statistics Requests
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_GetServerStatistics` | `getServerStatistics` | Get overall server stats |
 | `IReq_GetEmailStatistics` | `getEmailStatistics` | Get email throughput stats |
 | `IReq_GetDnsStatistics` | `getDnsStatistics` | Get DNS query stats |
 | `IReq_GetRateLimitStatus` | `getRateLimitStatus` | Check rate limit status |
 | `IReq_GetSecurityMetrics` | `getSecurityMetrics` | Get security event metrics |
 | `IReq_GetActiveConnections` | `getActiveConnections` | List active connections |
 | `IReq_GetQueueStatus` | `getQueueStatus` | Get email queue status |
 | `IReq_GetHealthStatus` | `getHealthStatus` | System health check |
 #### Admin Requests
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_AdminLogin` | `adminLogin` | Authenticate as admin |
 | `IReq_AdminLogout` | `adminLogout` | End admin session |
 | `IReq_VerifyIdentity` | `verifyIdentity` | Verify JWT token |
 #### Configuration Requests
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_GetConfiguration` | `getConfiguration` | Get current config (read-only) |
 #### Log Requests
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_GetLogs` | `getLogs` | Retrieve system logs |
 #### RADIUS Requests
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_GetRadiusSessions` | `getRadiusSessions` | List RADIUS sessions |
 | `IReq_GetRadiusClients` | `getRadiusClients` | List RADIUS clients |
 #### Email Operations
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_GetEmailQueues` | `getEmailQueues` | Get email queue details |
 | `IReq_RetryEmail` | `retryEmail` | Retry failed email |
 ## Example: Complete API Integration
 ```typescript
 import * as typedrequest from '@api.global/typedrequest';
 import { data, requests } from '@serve.zone/dcrouter-interfaces';
 // Create typed request client
 const client = new typedrequest.TypedRequest<requests.IReq_AdminLogin>(
  'https://your-dcrouter:3000/typedrequest',
  'adminLogin'
 );
 // Login to get identity
 const loginResponse = await client.fire({
  username: 'admin',
  password: 'your-password'
 });
 const identity = loginResponse.identity;
 // Now use identity for authenticated requests
 const statsClient = new typedrequest.TypedRequest<requests.IReq_GetServerStatistics>(
  'https://your-dcrouter:3000/typedrequest',
  'getServerStatistics'
 );
 const stats = await statsClient.fire({
  identity,
  includeHistory: true,
  timeRange: '24h'
 });
 console.log('Server stats:', stats.stats);
 console.log('History:', stats.history);
 ```
 ## License and Legal Information
 This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 ### Trademarks
 This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
 Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
 ### Company Information
 Task Venture Capital GmbH
 Registered at District Court Bremen HRB 35230 HB, Germany
 For any legal inquiries or further information, please contact us via email at hello@task.vc.
 By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
--- a/ts_interfaces/requests/config.ts
+++ b/ts_interfaces/requests/config.ts
@@ -1,7 +1,7 @@
 import * as plugins from '../plugins.js';
 import * as authInterfaces from '../data/auth.js';
-// Get Configuration
+// Get Configuration (read-only)
 export interface IReq_GetConfiguration extends plugins.typedrequestInterfaces.implementsTR<
  plugins.typedrequestInterfaces.ITypedRequest,
  IReq_GetConfiguration
@@ -15,21 +15,4 @@ export interface IReq_GetConfiguration extends plugins.typedrequestInterfaces.im
    config: any;
    section?: string;
  };
 }
 // Update Configuration
 export interface IReq_UpdateConfiguration extends plugins.typedrequestInterfaces.implementsTR<
  plugins.typedrequestInterfaces.ITypedRequest,
  IReq_UpdateConfiguration
 > {
  method: 'updateConfiguration';
  request: {
    identity?: authInterfaces.IIdentity;
    section: string;
    config: any;
  };
  response: {
    updated: boolean;
    config: any;
  };
 }
--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '3.0.0',
+  version: '4.0.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts_web/appstate.ts
+++ b/ts_web/appstate.ts
@@ -100,10 +100,19 @@ export const configStatePart = await appState.getStatePart<IConfigState>(
  }
 );
 // Determine initial view from URL path
 const getInitialView = (): string => {
  const path = typeof window !== 'undefined' ? window.location.pathname : '/';
  const validViews = ['overview', 'network', 'emails', 'logs', 'configuration', 'security'];
  const segments = path.split('/').filter(Boolean);
  const view = segments[0];
  return validViews.includes(view) ? view : 'overview';
 };
 export const uiStatePart = await appState.getStatePart<IUiState>(
  'ui',
  {
-    activeView: 'overview',
+    activeView: getInitialView(),
    sidebarCollapsed: false,
    autoRefresh: true,
    refreshInterval: 1000, // 1 second
@@ -258,17 +267,17 @@ export const fetchAllStatsAction = statsStatePart.createAction(async (statePartA
  }
 });
-// Fetch Configuration Action
+// Fetch Configuration Action (read-only)
 export const fetchConfigurationAction = configStatePart.createAction(async (statePartArg) => {
  const context = getActionContext();
-  
+
  const currentState = statePartArg.getState();
  try {
    const configRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
      interfaces.requests.IReq_GetConfiguration
    >('/typedrequest', 'getConfiguration');
-    
+
    const response = await configRequest.fire({
      identity: context.identity,
    });
@@ -287,35 +296,6 @@ export const fetchConfigurationAction = configStatePart.createAction(async (stat
  }
 });
 // Update Configuration Action
 export const updateConfigurationAction = configStatePart.createAction<{
  section: string;
  config: any;
 }>(async (statePartArg, dataArg) => {
  const context = getActionContext();
  if (!context.identity) {
    throw new Error('Must be logged in to update configuration');
  }
  const updateRequest = new plugins.domtools.plugins.typedrequest.TypedRequest<
    interfaces.requests.IReq_UpdateConfiguration
  >('/typedrequest', 'updateConfiguration');
  const response = await updateRequest.fire({
    identity: context.identity,
    section: dataArg.section,
    config: dataArg.config,
  });
  if (response.updated) {
    // Refresh configuration
    await configStatePart.dispatchAction(fetchConfigurationAction, null);
    return statePartArg.getState();
  }
  return statePartArg.getState();
 });
 // Fetch Recent Logs Action
 export const fetchRecentLogsAction = logStatePart.createAction<{
  limit?: number;
--- a/ts_web/elements/ops-dashboard.ts
+++ b/ts_web/elements/ops-dashboard.ts
@@ -63,6 +63,14 @@ export class OpsDashboard extends DeesElement {
    },
  ];
  /**
   * Get the current view tab based on the UI state's activeView.
   * Used to pass the correct selectedView to dees-simple-appdash on initial render.
   */
  private get currentViewTab() {
    return this.viewTabs.find(t => t.name.toLowerCase() === this.uiState.activeView) || this.viewTabs[0];
  }
  constructor() {
    super();
    document.title = 'DCRouter OpsServer';
@@ -141,12 +149,13 @@ export class OpsDashboard extends DeesElement {
  public render(): TemplateResult {
    return html`
      <div class="maincontainer">
-        <dees-simple-login 
+        <dees-simple-login
          name="DCRouter OpsServer"
        >
-          <dees-simple-appdash 
+          <dees-simple-appdash
            name="DCRouter OpsServer"
            .viewTabs=${this.viewTabs}
            .selectedView=${this.currentViewTab}
          >
          </dees-simple-appdash>
        </dees-simple-login>
--- a/ts_web/elements/ops-view-config.ts
+++ b/ts_web/elements/ops-view-config.ts
@@ -9,6 +9,7 @@ import {
  state,
  css,
  cssManager,
  type TemplateResult,
 } from '@design.estate/dees-element';
@customElement('ops-view-config')
@@ -20,12 +21,6 @@ export class OpsViewConfig extends DeesElement {
    error: null,
  };
  @state()
  accessor editingSection: string | null = null;
  @state()
  accessor editedConfig: any = null;
  constructor() {
    super();
    const subscription = appstate.configStatePart
@@ -61,6 +56,14 @@ export class OpsViewConfig extends DeesElement {
        font-size: 18px;
        font-weight: 600;
        color: ${cssManager.bdTheme('#333', '#ccc')};
        display: flex;
        align-items: center;
        gap: 12px;
      }
      .sectionTitle dees-icon {
        font-size: 20px;
        color: ${cssManager.bdTheme('#666', '#888')};
      }
      .sectionContent {
@@ -71,12 +74,18 @@ export class OpsViewConfig extends DeesElement {
        margin-bottom: 20px;
      }
      .configField:last-child {
        margin-bottom: 0;
      }
      .fieldLabel {
-        font-size: 14px;
+        font-size: 13px;
        font-weight: 600;
        color: ${cssManager.bdTheme('#666', '#999')};
        margin-bottom: 8px;
        display: block;
        text-transform: uppercase;
        letter-spacing: 0.5px;
      }
      .fieldValue {
@@ -84,41 +93,77 @@ export class OpsViewConfig extends DeesElement {
        font-size: 14px;
        color: ${cssManager.bdTheme('#333', '#ccc')};
        background: ${cssManager.bdTheme('#f8f9fa', '#1a1a1a')};
-        padding: 8px 12px;
+        padding: 10px 14px;
-        border-radius: 4px;
+        border-radius: 6px;
        border: 1px solid ${cssManager.bdTheme('#e9ecef', '#333')};
      }
-      .configEditor {
+      .fieldValue.empty {
-        width: 100%;
+        color: ${cssManager.bdTheme('#999', '#666')};
-        min-height: 200px;
+        font-style: italic;
        font-family: 'Consolas', 'Monaco', monospace;
        font-size: 14px;
        padding: 12px;
        border: 1px solid ${cssManager.bdTheme('#e9ecef', '#333')};
        border-radius: 4px;
        background: ${cssManager.bdTheme('#f8f9fa', '#1a1a1a')};
        resize: vertical;
      }
-      .buttonGroup {
+      .nestedFields {
-        display: flex;
+        margin-left: 16px;
-        gap: 8px;
+        padding-left: 16px;
-        margin-top: 16px;
+        border-left: 2px solid ${cssManager.bdTheme('#e9ecef', '#333')};
      }
-      .warning {
+      /* Status badge styles */
-        background: ${cssManager.bdTheme('#fff3cd', '#4a4a1a')};
+      .statusBadge {
-        border: 1px solid ${cssManager.bdTheme('#ffeaa7', '#666633')};
+        display: inline-flex;
        border-radius: 4px;
        padding: 12px;
        margin-bottom: 16px;
        color: ${cssManager.bdTheme('#856404', '#ffcc66')};
        display: flex;
        align-items: center;
        gap: 6px;
        padding: 4px 12px;
        border-radius: 20px;
        font-size: 13px;
        font-weight: 600;
      }
      .statusBadge.enabled {
        background: ${cssManager.bdTheme('#d4edda', '#1a3d1a')};
        color: ${cssManager.bdTheme('#155724', '#66cc66')};
      }
      .statusBadge.disabled {
        background: ${cssManager.bdTheme('#f8d7da', '#3d1a1a')};
        color: ${cssManager.bdTheme('#721c24', '#cc6666')};
      }
      .statusBadge dees-icon {
        font-size: 14px;
      }
      /* Array/list display */
      .arrayItems {
        display: flex;
        flex-wrap: wrap;
        gap: 8px;
      }
      .arrayItem {
        display: inline-flex;
        align-items: center;
        background: ${cssManager.bdTheme('#e7f3ff', '#1a2a3d')};
        color: ${cssManager.bdTheme('#0066cc', '#66aaff')};
        padding: 4px 12px;
        border-radius: 16px;
        font-size: 13px;
        font-family: 'Consolas', 'Monaco', monospace;
      }
      .arrayCount {
        font-size: 12px;
        color: ${cssManager.bdTheme('#999', '#666')};
        margin-bottom: 8px;
      }
      /* Numeric value formatting */
      .numericValue {
        font-weight: 600;
        color: ${cssManager.bdTheme('#0066cc', '#66aaff')};
      }
      .errorMessage {
        background: ${cssManager.bdTheme('#fee', '#4a1f1f')};
        border: 1px solid ${cssManager.bdTheme('#fcc', '#6a2f2f')};
@@ -133,13 +178,30 @@ export class OpsViewConfig extends DeesElement {
        padding: 40px;
        color: ${cssManager.bdTheme('#666', '#999')};
      }
      .infoNote {
        background: ${cssManager.bdTheme('#e7f3ff', '#1a2a3d')};
        border: 1px solid ${cssManager.bdTheme('#b3d7ff', '#2a4a6d')};
        border-radius: 8px;
        padding: 16px;
        margin-bottom: 24px;
        color: ${cssManager.bdTheme('#004085', '#88ccff')};
        display: flex;
        align-items: center;
        gap: 12px;
      }
      .infoNote dees-icon {
        font-size: 20px;
        flex-shrink: 0;
      }
    `,
  ];
  public render() {
    return html`
      <ops-sectionheading>Configuration</ops-sectionheading>
-      
+
      ${this.configState.isLoading ? html`
        <div class="loadingMessage">
          <dees-spinner></dees-spinner>
@@ -150,118 +212,175 @@ export class OpsViewConfig extends DeesElement {
          Error loading configuration: ${this.configState.error}
        </div>
      ` : this.configState.config ? html`
-        <div class="warning">
+        <div class="infoNote">
-          <dees-icon name="warning"></dees-icon>
+          <dees-icon icon="lucide:info"></dees-icon>
-          <span>Changes to configuration will take effect immediately. Please be careful when editing production settings.</span>
+          <span>This view displays the current running configuration. DcRouter is configured through code or remote management.</span>
        </div>
-        ${this.renderConfigSection('email', 'Email Configuration', this.configState.config?.email)}
+        ${this.renderConfigSection('email', 'Email', 'lucide:mail', this.configState.config?.email)}
-        ${this.renderConfigSection('dns', 'DNS Configuration', this.configState.config?.dns)}
+        ${this.renderConfigSection('dns', 'DNS', 'lucide:globe', this.configState.config?.dns)}
-        ${this.renderConfigSection('proxy', 'Proxy Configuration', this.configState.config?.proxy)}
+        ${this.renderConfigSection('proxy', 'Proxy', 'lucide:network', this.configState.config?.proxy)}
-        ${this.renderConfigSection('security', 'Security Configuration', this.configState.config?.security)}
+        ${this.renderConfigSection('security', 'Security', 'lucide:shield', this.configState.config?.security)}
      ` : html`
        <div class="errorMessage">No configuration loaded</div>
      `}
    `;
  }
-  private renderConfigSection(key: string, title: string, config: any) {
+  private renderConfigSection(key: string, title: string, icon: string, config: any) {
-    const isEditing = this.editingSection === key;
+    const isEnabled = config?.enabled ?? false;
-    
+
    return html`
      <div class="configSection">
        <div class="sectionHeader">
-          <h3 class="sectionTitle">${title}</h3>
+          <h3 class="sectionTitle">
-          <div>
+            <dees-icon icon="${icon}"></dees-icon>
-            ${isEditing ? html`
+            ${title}
-              <dees-button 
+          </h3>
-                @click=${() => this.saveConfig(key)}
+          ${this.renderStatusBadge(isEnabled)}
                type="highlighted"
              >
                Save
              </dees-button>
              <dees-button 
                @click=${() => this.cancelEdit()}
              >
                Cancel
              </dees-button>
            ` : html`
              <dees-button 
                @click=${() => this.startEdit(key, config)}
              >
                Edit
              </dees-button>
            `}
          </div>
        </div>
        <div class="sectionContent">
-          ${isEditing ? html`
+          ${config ? this.renderConfigFields(config) : html`
-            <textarea 
+            <div class="fieldValue empty">Not configured</div>
              class="configEditor"
              @input=${(e) => this.editedConfig = e.target.value}
              .value=${JSON.stringify(config, null, 2)}
            ></textarea>
          ` : html`
            ${this.renderConfigFields(config)}
          `}
        </div>
      </div>
    `;
  }
-  private renderConfigFields(config: any, prefix = '') {
+  private renderStatusBadge(enabled: boolean): TemplateResult {
    return enabled
      ? html`<span class="statusBadge enabled"><dees-icon icon="lucide:check"></dees-icon>Enabled</span>`
      : html`<span class="statusBadge disabled"><dees-icon icon="lucide:x"></dees-icon>Disabled</span>`;
  }
  private renderConfigFields(config: any, prefix = ''): TemplateResult | TemplateResult[] {
    if (!config || typeof config !== 'object') {
-      return html`<div class="fieldValue">${config}</div>`;
+      return html`<div class="fieldValue">${this.formatValue(config)}</div>`;
    }
    return Object.entries(config).map(([key, value]) => {
      const fieldName = prefix ? `${prefix}.${key}` : key;
-      
+      const displayName = this.formatFieldName(key);
-      if (typeof value === 'object' && !Array.isArray(value)) {
+
      // Handle boolean values with badges
      if (typeof value === 'boolean') {
        return html`
          <div class="configField">
-            <label class="fieldLabel">${fieldName}</label>
+            <label class="fieldLabel">${displayName}</label>
-            ${this.renderConfigFields(value, fieldName)}
+            ${this.renderStatusBadge(value)}
          </div>
        `;
      }
-      
+
      // Handle arrays
      if (Array.isArray(value)) {
        return html`
          <div class="configField">
            <label class="fieldLabel">${displayName}</label>
            ${this.renderArrayValue(value, key)}
          </div>
        `;
      }
      // Handle nested objects
      if (typeof value === 'object' && value !== null) {
        return html`
          <div class="configField">
            <label class="fieldLabel">${displayName}</label>
            <div class="nestedFields">
              ${this.renderConfigFields(value, fieldName)}
            </div>
          </div>
        `;
      }
      // Handle primitive values
      return html`
        <div class="configField">
-          <label class="fieldLabel">${fieldName}</label>
+          <label class="fieldLabel">${displayName}</label>
-          <div class="fieldValue">
+          <div class="fieldValue">${this.formatValue(value, key)}</div>
            ${Array.isArray(value) ? value.join(', ') : value}
          </div>
        </div>
      `;
    });
  }
-  private startEdit(section: string, config: any) {
+  private renderArrayValue(arr: any[], fieldKey: string): TemplateResult {
-    this.editingSection = section;
+    if (arr.length === 0) {
-    this.editedConfig = JSON.stringify(config, null, 2);
+      return html`<div class="fieldValue empty">None configured</div>`;
  }
  private cancelEdit() {
    this.editingSection = null;
    this.editedConfig = null;
  }
  private async saveConfig(section: string) {
    try {
      const parsedConfig = JSON.parse(this.editedConfig);
      await appstate.configStatePart.dispatchAction(appstate.updateConfigurationAction, {
        section,
        config: parsedConfig,
      });
      this.editingSection = null;
      this.editedConfig = null;
      // Configuration updated successfully
    } catch (error) {
      console.error(`Error updating configuration:`, error);
    }
    // Determine if we should show as pills/tags
    const showAsPills = arr.every(item => typeof item === 'string' || typeof item === 'number');
    if (showAsPills) {
      const itemLabel = this.getArrayItemLabel(fieldKey, arr.length);
      return html`
        <div class="arrayCount">${arr.length} ${itemLabel}</div>
        <div class="arrayItems">
          ${arr.map(item => html`<span class="arrayItem">${item}</span>`)}
        </div>
      `;
    }
    // For complex arrays, show as JSON
    return html`
      <div class="fieldValue">
        ${arr.length} items configured
      </div>
    `;
  }
-}
+
  private getArrayItemLabel(fieldKey: string, count: number): string {
    const labels: Record<string, [string, string]> = {
      ports: ['port', 'ports'],
      domains: ['domain', 'domains'],
      nameservers: ['nameserver', 'nameservers'],
      blockList: ['IP', 'IPs'],
    };
    const label = labels[fieldKey] || ['item', 'items'];
    return count === 1 ? label[0] : label[1];
  }
  private formatFieldName(key: string): string {
    // Convert camelCase to readable format
    return key
      .replace(/([A-Z])/g, ' $1')
      .replace(/^./, str => str.toUpperCase())
      .trim();
  }
  private formatValue(value: any, fieldKey?: string): string | TemplateResult {
    if (value === null || value === undefined) {
      return html`<span class="empty">Not set</span>`;
    }
    if (typeof value === 'number') {
      // Format bytes
      if (fieldKey?.toLowerCase().includes('size') || fieldKey?.toLowerCase().includes('bytes')) {
        return html`<span class="numericValue">${this.formatBytes(value)}</span>`;
      }
      // Format time values
      if (fieldKey?.toLowerCase().includes('ttl') || fieldKey?.toLowerCase().includes('timeout')) {
        return html`<span class="numericValue">${value} seconds</span>`;
      }
      // Format port numbers
      if (fieldKey?.toLowerCase().includes('port')) {
        return html`<span class="numericValue">${value}</span>`;
      }
      // Format counts with separators
      return html`<span class="numericValue">${value.toLocaleString()}</span>`;
    }
    return String(value);
  }
  private formatBytes(bytes: number): string {
    if (bytes === 0) return '0 B';
    const k = 1024;
    const sizes = ['B', 'KB', 'MB', 'GB', 'TB'];
    const i = Math.floor(Math.log(bytes) / Math.log(k));
    return parseFloat((bytes / Math.pow(k, i)).toFixed(2)) + ' ' + sizes[i];
  }
 }
--- a/ts_web/readme.md
+++ b/ts_web/readme.md
@@ -0,0 +1,230 @@
 # @serve.zone/dcrouter-web
 Web-based Operations Dashboard for DCRouter. 🖥️
 This module provides the frontend web application for the DCRouter OpsServer, built with modern web components using the `@design.estate/dees-element` library. It offers a comprehensive dashboard for monitoring and managing your DCRouter instance in real-time.
 ## Issue Reporting and Security
 For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 ## Features
 ### 🔐 **Secure Authentication**
 - JWT-based authentication flow
 - Automatic session management
 - Secure login with username/password
 ### 📊 **Overview Dashboard**
 - Real-time server statistics
 - Connection monitoring
 - Email throughput visualization
 - DNS query metrics
 - RADIUS session tracking
 ### 🌐 **Network View**
 - Active connection monitoring
 - SmartProxy route visualization
 - TCP/HTTP connection details
 - TLS certificate status
 ### 📧 **Email Management**
 - Email queue monitoring
 - Delivery status tracking
 - Bounce management
 - DKIM key status
 - Domain configuration overview
 ### 📜 **Log Viewer**
 - Real-time log streaming
 - Log level filtering (error, warning, info, debug)
 - Search and filter capabilities
 - Time-range selection
 ### ⚙️ **Configuration**
 - View current system configuration
 - Update settings via TypedRequest API
 - Route management
 - Domain management
 ### 🛡️ **Security Dashboard**
 - IP reputation monitoring
 - Rate limit status
 - Blocked connections
 - Security event tracking
 ## Architecture
 The web application is built using:
 - **@design.estate/dees-element** - Modern web component framework with lit-element
 - **@design.estate/dees-catalog** - Pre-built UI components (appdash, login, forms)
 - **@push.rocks/smartstate** - Reactive state management
 - **@api.global/typedrequest** - Type-safe API communication
 ### Component Structure
 ```
 ts_web/
 ├── index.ts              # Application entry point
 ├── plugins.ts            # External dependency imports
 ├── router.ts             # Client-side routing
 ├── appstate.ts           # State management
 └── elements/
    ├── index.ts          # Component barrel export
    ├── ops-dashboard.ts  # Main dashboard container
    ├── ops-view-overview.ts    # Overview statistics
    ├── ops-view-network.ts     # Network monitoring
    ├── ops-view-emails.ts      # Email management
    ├── ops-view-logs.ts        # Log viewer
    ├── ops-view-config.ts      # Configuration
    ├── ops-view-security.ts    # Security dashboard
    └── shared/
        ├── index.ts      # Shared component exports
        ├── css.ts        # Shared styles
        └── ops-sectionheading.ts  # Section heading component
 ```
 ## State Management
 The application uses `@push.rocks/smartstate` for reactive state management:
 ### State Parts
 ```typescript
 // Login state
 interface ILoginState {
  identity: IIdentity | null;
  isLoggedIn: boolean;
 }
 // UI state
 interface IUiState {
  activeView: string;
  sidebarCollapsed: boolean;
  autoRefresh: boolean;
  refreshInterval: number;
  theme: 'light' | 'dark';
 }
 // Statistics state
 interface IStatsState {
  server: IServerStats;
  email: IEmailStats;
  dns: IDnsStats;
  connections: IConnectionInfo[];
  health: IHealthStatus;
 }
 // Configuration state
 interface IConfigState {
  configuration: IDcRouterConfig;
  loading: boolean;
 }
 ```
 ### Actions
 - `loginAction` - Authenticate user
 - `logoutAction` - End session
 - `fetchAllStatsAction` - Refresh all statistics
 - `fetchConfigurationAction` - Load configuration (read-only)
 ## Client-Side Routing
 The application includes client-side routing for deep linking:
 ```typescript
 // Routes
 /overview       → Overview dashboard
 /network        → Network monitoring
 /emails         → Email management
 /logs           → Log viewer
 /configuration  → System configuration
 /security       → Security dashboard
 ```
 URL state is synchronized with the UI, allowing bookmarking and sharing of specific views.
 ## Building
 The web application is built using `@git.zone/tsbundle`:
 ```bash
 # Build the bundle
 pnpm run bundle
 # Watch for development
 pnpm run watch
 ```
 The bundle is output to `./dist_serve/bundle.js` and served by the OpsServer.
 ## Development
 ### Local Development
 ```typescript
 // Start DCRouter with OpsServer enabled
 import { DcRouter } from '@serve.zone/dcrouter';
 const router = new DcRouter({
  opsServerConfig: {
    port: 3000,
    admin: {
      username: 'admin',
      password: 'dev-password'
    }
  }
 });
 await router.start();
 // Dashboard at http://localhost:3000
 ```
 ### Adding New Views
 1. Create a new view component in `elements/`:
 ```typescript
 import { DeesElement, customElement, html } from '@design.estate/dees-element';
@customElement('ops-view-myview')
 export class OpsViewMyView extends DeesElement {
  public render() {
    return html`<div>My custom view</div>`;
  }
 }
 ```
 2. Import and add to `ops-dashboard.ts`:
 ```typescript
 import { OpsViewMyView } from './ops-view-myview.js';
 private viewTabs = [
  // ... existing tabs
  { name: 'MyView', element: OpsViewMyView }
 ];
 ```
 3. Add route in `router.ts` if needed.
 ## License and Legal Information
 This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 ### Trademarks
 This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
 Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
 ### Company Information
 Task Venture Capital GmbH
 Registered at District Court Bremen HRB 35230 HB, Germany
 For any legal inquiries or further information, please contact us via email at hello@task.vc.
 By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
Author	SHA1	Message	Date
Juergen Kunz	f3f1f58b67	v4.0.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-03 23:26:51 +00:00
Juergen Kunz	9e0e77737b	BREAKING CHANGE(config): convert configuration management to read-only; remove updateConfiguration endpoint and client-side editing	2026-02-03 23:26:51 +00:00
Juergen Kunz	5de3344905	v3.1.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-02 22:21:55 +00:00
Juergen Kunz	ae34314f54	feat(web): determine initial UI view from URL and wire selected view to appdash; add interface and web README files; bump various dependencies	2026-02-02 22:21:55 +00:00