v7.2.0

feat(logs): replace custom logs list with dees-chart-log component and push logs to chart, add log mapping and lifecycle sync, and bump smartlog dependency
v7.1.0
2026-02-20 12:55:20 +00:00 · 2026-02-20 12:55:20 +00:00 · 2026-02-19 17:23:43 +00:00 · 2026-02-19 17:23:43 +00:00 · 2026-02-19 14:36:11 +00:00 · 2026-02-19 14:36:11 +00:00
27 changed files with 1255 additions and 372 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,85 @@
 # Changelog
 ## 2026-02-20 - 7.2.0 - feat(logs)
 replace custom logs list with dees-chart-log component and push logs to chart, add log mapping and lifecycle sync, and bump smartlog dependency
 - Replaced the legacy in-component log list and styling with a dees-chart-log element to render application logs.
 - Added updated() lifecycle handler to push new logs to the chart and new helper methods pushLogsToChart() and getMappedLogEntries() to map log entries to the chart's expected format.
 - Removed the streaming toggle, getActiveFilters(), legacy CSS for the log list, and the old per-entry rendering markup.
 - Added explicit typing for dropdown @selectedOption handlers (e: any).
 - Bumped dependency @push.rocks/smartlog from ^3.2.0 to ^3.2.1 in package.json.
 ## 2026-02-19 - 7.1.0 - feat(ops/monitoring)
 add in-memory log buffer, metrics time-series and ops UI integration
 - bump @push.rocks/smartlog to ^3.2.0
 - introduce SmartlogDestinationBuffer (logBuffer) and wire it into the base logger to provide an in-memory log store for the Ops UI
 - implement minute-resolution time-series buckets in MetricsManager with increment/prune helpers and new APIs getEmailTimeSeries and getDnsTimeSeries
 - sync security counters from SecurityLogger and expose recent security events via StatsHandler
 - wire email delivery lifecycle events and bounce processing to MetricsManager for tracking sent/received/failed metrics
 - LogsHandler now queries the in-memory log buffer, maps smartlog levels/categories, supports search/level/time-range filtering and pagination
 - UI updates: ops-view-overview, ops-view-logs and ops-view-security consume time-series and recent events to render charts, tables and filters
 ## 2026-02-19 - 7.0.1 - fix(monitoring)
 Use smartMetrics cpuPercentage for cpuUsage.user and update smartmetrics and smartproxy dependencies
 - Switch cpuUsage.user from parseFloat(smartMetricsData.cpuUsageText) to smartMetricsData.cpuPercentage to align with smartmetrics v3 API
 - Bump @push.rocks/smartmetrics from ^2.0.10 to ^3.0.1
 - Bump @push.rocks/smartproxy from ^25.7.6 to ^25.7.8
 ## 2026-02-19 - 7.0.0 - BREAKING CHANGE(deps)
 bump dependencies: @serve.zone/remoteingress to ^4.0.0 (breaking), @push.rocks/smartproxy to ^25.7.6, @types/node to ^25.3.0
 - Updated @serve.zone/remoteingress from ^3.3.0 to ^4.0.0 — major breaking change; may require code changes to adapt to new API.
 - Updated @push.rocks/smartproxy from ^25.7.3 to ^25.7.6 — patch update (non-breaking).
 - Updated @types/node from ^25.2.3 to ^25.3.0 — patch update (non-breaking).
 - Current package version is 6.13.2; recommend bumping to 7.0.0 due to the breaking dependency upgrade.
 ## 2026-02-19 - 6.13.2 - fix(runtime)
 prevent memory leaks and improve shutdown/stream handling across services
 - Add CertProvisionScheduler.clear() to reset in-memory backoff cache and call it during DcRouter shutdown
 - Stop any existing SmartAcme instance before creating a new one (await stop and log errors) to avoid duplicate running instances
 - Null out many DcRouter service references and clear certificateStatusMap on shutdown to allow GC of stopped services
 - Cap emailMetrics.recipients map size and trim to ~80% of MAX_TOP_DOMAINS to prevent unbounded growth
 - Await virtualStream.sendData in logs follow handler and clear the interval if the stream errors/closes to avoid interval leaks
 - Limit normalizedMacCache size and evict oldest entries when it exceeds 10000 to prevent unbounded cache growth
 ## 2026-02-18 - 6.13.1 - fix(dcrouter)
 enable PROXY protocol v1 handling for SmartProxy when remoteIngress is enabled to preserve client IPs
 - Set smartProxyConfig.acceptProxyProtocol = true when options.remoteIngressConfig.enabled
 - Whitelist loopback address by setting smartProxyConfig.proxyIPs = ['127.0.0.1']
 - Only applies when remoteIngress is enabled; used to accept tunneled connections forwarded by the hub to preserve original client IPs
 ## 2026-02-18 - 6.13.0 - feat(remoteingress)
 include listenPorts for allowed edges sent to the Rust hub and always resync allowed edges when edge properties change
 - getAllowedEdges now returns listenPorts for each allowed edge (uses getEffectiveListenPorts)
 - remoteingress handler now calls tunnelManager.syncAllowedEdges() whenever tunnelManager exists so ports/tags/enabled changes are propagated
 - Improves Rust hub routing by providing per-edge listening ports and ensuring allowed-edge list is kept up-to-date
 ## 2026-02-18 - 6.12.0 - feat(remote-ingress)
 add Remote Ingress hub integration, OpsServer UI, APIs, and docs
 - Integrates RemoteIngress (hub/tunnel) into DcRouter: runtime manager, tunnel manager and Rust data plane references added
 - Bumps dependency @serve.zone/remoteingress to ^3.3.0
 - Adds configuration defaults and IDcRouterOptions.remoteIngressConfig with tunnelPort/hubDomain/tls fields
 - Introduces OpsServer API endpoints and TypedRequest methods for remote ingress: getRemoteIngresses, createRemoteIngress, updateRemoteIngress, deleteRemoteIngress, regenerateRemoteIngressSecret, getRemoteIngressStatus, getRemoteIngressConnectionToken
 - UI updates: new Remote Ingress dashboard view, connection token generation & copy (clipboard API + fallback), auto-derived ports display, and toast notifications
 - State/API rename: newEdgeSecret -> newEdgeId and clearNewEdgeIdAction; appstate fetchConnectionToken usage
 - Documentation: README, ts/ and ts_web readmes, and ts_interfaces updated with interfaces and examples for Remote Ingress
 - Minor UI icon updates (search -> fa:magnifyingGlass, clipboard icon casing) and other doc/README improvements
 ## 2026-02-18 - 6.11.0 - feat(remoteingress)
 add ability to generate remote ingress connection tokens and UI copy action; add hubDomain config option; update remoteingress dependency to ^3.1.1
 - Add server typed handler 'getRemoteIngressConnectionToken' to generate an encoded connection token containing hubHost, hubPort, edgeId and secret.
 - Add request interface IReq_GetRemoteIngressConnectionToken for typed requests.
 - Add fetchConnectionToken helper in web appstate and a 'Copy Token' action in ops-view-remoteingress to copy tokens to the clipboard with toast feedback.
 - Add hubDomain option to remoteIngressConfig in dcrouter options so an external hostname can be embedded in connection tokens.
 - Bump dependency @serve.zone/remoteingress from ^3.0.4 to ^3.1.1 in package.json.
 ## 2026-02-17 - 6.10.0 - feat(ops-view-certificates)
 Make Export and Delete actions available inline (inRow) as well as in the context menu; bump @design.estate/dees-catalog to ^3.43.0
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@serve.zone/dcrouter",
  "private": false,
-  "version": "6.10.0",
+  "version": "7.2.0",
  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
  "type": "module",
  "exports": {
@@ -24,7 +24,7 @@
    "@git.zone/tsrun": "^2.0.1",
    "@git.zone/tstest": "^3.1.8",
    "@git.zone/tswatch": "^3.1.0",
-    "@types/node": "^25.2.3"
+    "@types/node": "^25.3.0"
  },
  "dependencies": {
    "@api.global/typedrequest": "^3.2.6",
@@ -42,21 +42,21 @@
    "@push.rocks/smartfile": "^13.1.2",
    "@push.rocks/smartguard": "^3.1.0",
    "@push.rocks/smartjwt": "^2.2.1",
-    "@push.rocks/smartlog": "^3.1.11",
+    "@push.rocks/smartlog": "^3.2.1",
-    "@push.rocks/smartmetrics": "^2.0.10",
+    "@push.rocks/smartmetrics": "^3.0.1",
    "@push.rocks/smartmongo": "^5.1.0",
    "@push.rocks/smartmta": "^5.2.2",
    "@push.rocks/smartnetwork": "^4.4.0",
    "@push.rocks/smartpath": "^6.0.0",
    "@push.rocks/smartpromise": "^4.2.3",
-    "@push.rocks/smartproxy": "^25.7.3",
+    "@push.rocks/smartproxy": "^25.7.8",
    "@push.rocks/smartradius": "^1.1.1",
    "@push.rocks/smartrequest": "^5.0.1",
    "@push.rocks/smartrx": "^3.0.10",
    "@push.rocks/smartstate": "^2.0.30",
    "@push.rocks/smartunique": "^3.0.9",
    "@serve.zone/interfaces": "^5.3.0",
-    "@serve.zone/remoteingress": "^3.0.4",
+    "@serve.zone/remoteingress": "^4.0.0",
    "@tsclass/tsclass": "^9.3.0",
    "lru-cache": "^11.2.6",
    "uuid": "^13.0.0"
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -54,11 +54,11 @@ importers:
        specifier: ^2.2.1
        version: 2.2.1
      '@push.rocks/smartlog':
-        specifier: ^3.1.11
+        specifier: ^3.2.1
-        version: 3.1.11
+        version: 3.2.1
      '@push.rocks/smartmetrics':
-        specifier: ^2.0.10
+        specifier: ^3.0.1
-        version: 2.0.10
+        version: 3.0.1
      '@push.rocks/smartmongo':
        specifier: ^5.1.0
        version: 5.1.0(socks@2.8.7)
@@ -75,8 +75,8 @@ importers:
        specifier: ^4.2.3
        version: 4.2.3
      '@push.rocks/smartproxy':
-        specifier: ^25.7.3
+        specifier: ^25.7.8
-        version: 25.7.3
+        version: 25.7.8
      '@push.rocks/smartradius':
        specifier: ^1.1.1
        version: 1.1.1
@@ -96,8 +96,8 @@ importers:
        specifier: ^5.3.0
        version: 5.3.0
      '@serve.zone/remoteingress':
-        specifier: ^3.0.4
+        specifier: ^4.0.0
-        version: 3.0.4
+        version: 4.0.0
      '@tsclass/tsclass':
        specifier: ^9.3.0
        version: 9.3.0
@@ -124,8 +124,8 @@ importers:
        specifier: ^3.1.0
        version: 3.1.0(@tiptap/pm@2.27.2)
      '@types/node':
-        specifier: ^25.2.3
+        specifier: ^25.3.0
-        version: 25.2.3
+        version: 25.3.0
 packages:
@@ -757,10 +757,6 @@ packages:
  '@napi-rs/wasm-runtime@1.1.1':
    resolution: {integrity: sha512-p64ah1M1ld8xjWv3qbvFwHiFVWrq1yFvV4f7w+mzaqiR4IlSgkqhcRdHwsGgomwzBH51sRY4NEowLxnaBjcW/A==}
  '@opentelemetry/api@1.9.0':
    resolution: {integrity: sha512-3giAOQvZiH5F9bMlMiv8+GSPMeqg0dbaeo58/0SlA9sxSqZhnUtxzX9/2FzyhS9sWQf5S0GJE0AKBrFqjpeYcg==}
    engines: {node: '>=8.0.0'}
  '@oxc-project/types@0.99.0':
    resolution: {integrity: sha512-LLDEhXB7g1m5J+woRSgfKsFPS3LhR9xRhTeIoEBm5WrkwMxn6eZ0Ld0c0K5eHB57ChZX6I3uSmmLjZ8pcjlRcw==}
@@ -964,8 +960,8 @@ packages:
  '@push.rocks/smartlog-interfaces@3.0.2':
    resolution: {integrity: sha512-8hGRTJehbsFSJxLhCQkA018mZtXVPxPTblbg9VaE/EqISRzUw+eosJ2EJV7M4Qu0eiTJZjnWnNLn8CkD77ziWw==}
-  '@push.rocks/smartlog@3.1.11':
+  '@push.rocks/smartlog@3.2.1':
-    resolution: {integrity: sha512-zyLH8pQD2UD7l76wJBESEWXU1FSTBLOuRI0/DN139EYyMkwMq1+pdQKptTkJhhVL/OIj56oMg9SpJb4bJB7uKg==}
+    resolution: {integrity: sha512-x9/P59pfzY6HOGYmYrhqmoRl/pliTVx44g2Vbb8dIr/0zA39cAJHlPze1+UGncn37XKGmutK2iLSsJLEsexD0A==}
  '@push.rocks/smartmail@2.2.0':
    resolution: {integrity: sha512-28K4HAcda7ODUUpFCgbS/uA+eqwVRcmLJERIdM9AvLHXaHAPLHH97HmwPPcAu9Sp3z05Um0inmDF51X6yVVkcw==}
@@ -979,8 +975,8 @@ packages:
  '@push.rocks/smartmatch@2.0.0':
    resolution: {integrity: sha512-MBzP++1yNIBeox71X6VxpIgZ8m4bXnJpZJ4nWVH6IWpmO38MXTu4X0QF8tQnyT4LFcwvc9iiWaD15cstHa7Mmw==}
-  '@push.rocks/smartmetrics@2.0.10':
+  '@push.rocks/smartmetrics@3.0.1':
-    resolution: {integrity: sha512-Fr4ZzJWFqTR67ThmPsj+uUfPoWZ+p87n7wItpXVjlQ2mf4pboWnsfmrrC1gqIXca1Dwa2i7L+GPoJ3hOZ+Qhfw==}
+    resolution: {integrity: sha512-wdc9v8F0dQXwraAVCZjGvt2lnGpbVYHWzER9OFR+u+ultMq7aLjUevxSpkS8BkhBMLTuNMCCWIqyAzaCqHzFgQ==}
  '@push.rocks/smartmime@1.0.6':
    resolution: {integrity: sha512-PHd+I4UcsnOATNg8wjDsSAmmJ4CwQFrQCNzd0HSJMs4ZpiK3Ya91almd6GLpDPU370U4HFh4FaPF4eEAI6vkJQ==}
@@ -1034,8 +1030,8 @@ packages:
  '@push.rocks/smartpromise@4.2.3':
    resolution: {integrity: sha512-Ycg/TJR+tMt+S3wSFurOpEoW6nXv12QBtKXgBcjMZ4RsdO28geN46U09osPn9N9WuwQy1PkmTV5J/V4F9U8qEw==}
-  '@push.rocks/smartproxy@25.7.3':
+  '@push.rocks/smartproxy@25.7.8':
-    resolution: {integrity: sha512-9b5dwsLAhuDqnJptGBum4qBHlZwZPqPG3CJKxAwE3uFKjCmcE8qGDwodI0CjrQ7KW2PJ1BMq/Lk4ghs3Da6PWw==}
+    resolution: {integrity: sha512-rKuC/5DgCBQmk1iCY2mZd+ZdH2mBOfcP1hWMARTP4Je4KqnNTJ2STM1tJmc9FmKVXxtEQCxWJnEnq1wNqwQFRA==}
  '@push.rocks/smartpuppeteer@2.0.5':
    resolution: {integrity: sha512-yK/qSeWVHIGWRp3c8S5tfdGP6WCKllZC4DR8d8CQlEjszOSBmHtlTdyyqOMBZ/BA4kd+eU5f3A1r4K2tGYty1g==}
@@ -1131,9 +1127,6 @@ packages:
  '@push.rocks/webrequest@3.0.37':
    resolution: {integrity: sha512-fLN7kP6GeHFxE4UH4r9C9pjcQb0QkJxHeAMwXvbOqB9hh0MFNKhtGU7GoaTn8SVRGRMPc9UqZVNwo6u5l8Wn0A==}
  '@push.rocks/webrequest@4.0.1':
    resolution: {integrity: sha512-I60XZZLVf8W5I7YdmUVVu4G92teE3rg3/aKaV00BRg8vJ3VXx3wc59Qj4em7zxQ5o0HvL8m1Aezw3RFMDPyVgA==}
  '@push.rocks/webrequest@4.0.2':
    resolution: {integrity: sha512-rowzty+Q2papFBcnNYPcy+8CQJukSn/FGfQG8ap0bUgQUsx882u8kEyLM0Q+GlGHS5OiZ+Z0z5TZqLKlk3XHxA==}
@@ -1340,8 +1333,8 @@ packages:
  '@serve.zone/interfaces@5.3.0':
    resolution: {integrity: sha512-venO7wtDR9ixzD9NhdERBGjNKbFA5LL0yHw4eqGh0UpmvtXVc3SFG0uuHDilOKMZqZ8bttV88qVsFy1aSTJrtA==}
-  '@serve.zone/remoteingress@3.0.4':
+  '@serve.zone/remoteingress@4.0.0':
-    resolution: {integrity: sha512-ZD66Y8fvW7SjealziOlhaC7+Y/3gxQkZlj/X8rxgVHmGhlc/YQtn6H6LNVazbM88BXK5ns004Qo6ongAB6Ho0Q==}
+    resolution: {integrity: sha512-kcC9pnQdS5Mw0ypmwT3GIYwrjVQJOjWw5TJ+j46t6Y98S4Mb7wEAAPsU+YRXozpkqUxWUDBeDK1fQHLvoF9PmQ==}
  '@sindresorhus/is@5.6.0':
    resolution: {integrity: sha512-TV7t8GKYaJWsn00tFDqBw8+Uqmr8A0fRU1tvTQhyZzGv0sJCGRQL3JGMI3ucuKo3XIZdUP+Lx7/gh2t3lewy7g==}
@@ -1834,11 +1827,8 @@ packages:
  '@types/node@22.19.11':
    resolution: {integrity: sha512-BH7YwL6rA93ReqeQS1c4bsPpcfOmJasG+Fkr6Y59q83f9M1WcBRHR2vM+P9eOisYRcN3ujQoiZY8uk5W+1WL8w==}
-  '@types/node@25.2.3':
+  '@types/node@25.3.0':
-    resolution: {integrity: sha512-m0jEgYlYz+mDJZ2+F4v8D1AyQb+QzsNqRuI7xg1VQX/KlKS0qT9r1Mo16yo5F/MtifXFgaofIFsdFMox2SxIbQ==}
+    resolution: {integrity: sha512-4K3bqJpXpqfg2XKGK9bpDTc6xO/xoUP/RBWS7AtRMug6zZFaRekiLzjVtAoZMquxoAbzBvy5nxQ7veS5eYzf8A==}
  '@types/pidusage@2.0.5':
    resolution: {integrity: sha512-MIiyZI4/MK9UGUXWt0jJcCZhVw7YdhBuTOuqP/BjuLDLZ2PmmViMIQgZiWxtaMicQfAz/kMrZ5T7PKxFSkTeUA==}
  '@types/ping@0.4.4':
    resolution: {integrity: sha512-ifvo6w2f5eJYlXm+HiVx67iJe8WZp87sfa683nlqED5Vnt9Z93onkokNoWqOG21EaE8fMxyKPobE+mkPEyxsdw==}
@@ -2059,9 +2049,6 @@ packages:
    resolution: {integrity: sha512-RkaJzeJKDbaDWTIPiJwubyljaEPwpVWkm9Rt5h9Nd6h7tEXTJ3VB4qxdZBioV7JO5yLUaOKwz7vDOzlncUsegw==}
    engines: {node: '>=10.0.0'}
  bintrees@1.0.2:
    resolution: {integrity: sha1-SfiW1uhYpKSZ34XDj7OZua/4QPg=}
  body-parser@2.2.2:
    resolution: {integrity: sha512-oP5VkATKlNwcgvxi0vM0p/D3n2C3EReYVX+DNYs5TjZFn/oQt2j+4sVJtSMr18pdRr8wjTcBl6LoV+FUwzPmNA==}
    engines: {node: '>=18'}
@@ -3238,6 +3225,10 @@ packages:
    resolution: {integrity: sha512-ugkC31VaVg9cF0DFVoADH12k6061zNZkZON+aX8AWsR9GhPcErkcMBceb6znR8wLERM2AkkOxy2nWRLpT9Jq5w==}
    engines: {node: 20 || >=22}
  minimatch@10.2.1:
    resolution: {integrity: sha512-MClCe8IL5nRRmawL6ib/eT4oLyeKMGCghibcDWK+J0hh0Q8kqSdia6BvbRMVk6mPa6WqUa5uR2oxt6C5jd533A==}
    engines: {node: 20 || >=22}
  minimatch@3.1.2:
    resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==}
@@ -3548,15 +3539,6 @@ packages:
    resolution: {integrity: sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==}
    engines: {node: '>=12'}
  pidtree@0.6.0:
    resolution: {integrity: sha512-eG2dWTVw5bzqGRztnHExczNxt5VGsE6OwTeCG3fdUf9KBsZzO3R5OIIIzWR+iZA0NtZ+RDVdaoE2dK1cn6jH4g==}
    engines: {node: '>=0.10'}
    hasBin: true
  pidusage@4.0.1:
    resolution: {integrity: sha512-yCH2dtLHfEBnzlHUJymR/Z1nN2ePG3m392Mv8TFlTP1B0xkpMQNHAnfkY0n2tAi6ceKO6YWhxYfZ96V4vVkh/g==}
    engines: {node: '>=18'}
  ping@0.4.4:
    resolution: {integrity: sha512-56ZMC0j7SCsMMLdOoUg12VZCfj/+ZO+yfOSjaNCRrmZZr6GLbN2X/Ui56T15dI8NhiHckaw5X2pvyfAomanwqQ==}
    engines: {node: '>=4.0.0'}
@@ -3576,10 +3558,6 @@ packages:
    resolution: {integrity: sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==}
    engines: {node: '>=0.4.0'}
  prom-client@15.1.3:
    resolution: {integrity: sha512-6ZiOBfCywsD4k1BN9IX0uZhF+tJkV8q8llP64G5Hajs4JOeVLPCwpPVcpXy3BwYiUGgyJzsJJQeOIv7+hDSq8g==}
    engines: {node: ^16 || ^18 || >=20}
  property-information@7.1.0:
    resolution: {integrity: sha512-TwEZ+X+yCJmYfL7TPUOcvBZ4QfoT5YenQiJuX//0th53DE6w0xxLEtfK3iyryQFddXuvkIk51EEgrJQ0WJkOmQ==}
@@ -3978,9 +3956,6 @@ packages:
  tar-stream@3.1.7:
    resolution: {integrity: sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==}
  tdigest@0.1.2:
    resolution: {integrity: sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==}
  text-decoder@1.2.3:
    resolution: {integrity: sha512-3/o9z3X0X0fTupwsYvR03pJ/DjWuqqrfwBgTQzdWDiQSm9KitAyz/9WqsT2JQW7KV2m+bC2ol/zqpW37NHxLaA==}
@@ -4089,8 +4064,8 @@ packages:
  undici-types@6.21.0:
    resolution: {integrity: sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==}
-  undici-types@7.16.0:
+  undici-types@7.18.2:
-    resolution: {integrity: sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==}
+    resolution: {integrity: sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==}
  unified@11.0.5:
    resolution: {integrity: sha512-xKvGhPWw3k84Qjh8bI3ZeJjqnyadK+GEFtazSfZv/rKeTkTjOJho6mFqh2SM96iIcZokxiOpg78GazTSg8+KHA==}
@@ -4325,7 +4300,7 @@ snapshots:
      '@push.rocks/smartfeed': 1.4.0
      '@push.rocks/smartfile': 11.2.7
      '@push.rocks/smartjson': 5.2.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartlog-destination-devtools': 1.0.12
      '@push.rocks/smartlog-interfaces': 3.0.2
      '@push.rocks/smartmanifest': 2.0.2
@@ -4374,7 +4349,7 @@ snapshots:
      '@push.rocks/smartfile': 13.1.2
      '@push.rocks/smartfs': 1.3.1
      '@push.rocks/smartjson': 5.2.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartlog-destination-devtools': 1.0.12
      '@push.rocks/smartlog-interfaces': 3.0.2
      '@push.rocks/smartmanifest': 2.0.2
@@ -4441,7 +4416,7 @@ snapshots:
  '@apiclient.xyz/cloudflare@7.1.0':
    dependencies:
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrequest': 5.0.1
      '@push.rocks/smartstring': 4.1.0
@@ -5175,7 +5150,7 @@ snapshots:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartfile': 13.1.2
      '@push.rocks/smartfs': 1.3.1
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpath': 6.0.0
      '@push.rocks/smartpromise': 4.2.3
      typescript: 5.9.3
@@ -5196,7 +5171,7 @@ snapshots:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartfs': 1.3.1
      '@push.rocks/smartinteract': 2.0.16
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartlog-destination-local': 9.0.2
      '@push.rocks/smartpath': 6.0.0
      '@push.rocks/smartpromise': 4.2.3
@@ -5222,7 +5197,7 @@ snapshots:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartfile': 13.1.2
      '@push.rocks/smartfs': 1.3.1
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartnpm': 2.0.6
      '@push.rocks/smartpath': 6.0.0
      '@push.rocks/smartrequest': 5.0.1
@@ -5257,7 +5232,7 @@ snapshots:
      '@push.rocks/smartexpect': 2.5.0
      '@push.rocks/smartfile': 11.2.7
      '@push.rocks/smartjson': 5.2.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartmongo': 2.2.0(socks@2.8.7)
      '@push.rocks/smartnetwork': 4.4.0
      '@push.rocks/smartpath': 6.0.0
@@ -5303,7 +5278,7 @@ snapshots:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartfs': 1.3.1
      '@push.rocks/smartinteract': 2.0.16
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartlog-destination-local': 9.0.2
      '@push.rocks/smartshell': 3.3.0
      '@push.rocks/smartwatch': 6.3.0
@@ -5534,8 +5509,6 @@ snapshots:
      '@tybys/wasm-util': 0.10.1
    optional: true
  '@opentelemetry/api@1.9.0': {}
  '@oxc-project/types@0.99.0': {}
  '@pdf-lib/standard-fonts@1.0.0':
@@ -5738,7 +5711,7 @@ snapshots:
      '@push.rocks/qenv': 6.1.3
      '@push.rocks/smartfile': 11.2.7
      '@push.rocks/smartjson': 5.2.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpath': 6.0.0
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
@@ -5762,7 +5735,7 @@ snapshots:
      '@api.global/typedrequest': 3.2.6
      '@configvault.io/interfaces': 1.0.17
      '@push.rocks/smartfile': 11.2.7
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpath': 6.0.0
  '@push.rocks/smartacme@9.1.3(socks@2.8.7)':
@@ -5773,7 +5746,7 @@ snapshots:
      '@push.rocks/smartdata': 7.0.15(socks@2.8.7)
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartdns': 7.8.1
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartnetwork': 4.4.0
      '@push.rocks/smartstring': 4.1.0
      '@push.rocks/smarttime': 4.2.3
@@ -5883,7 +5856,7 @@ snapshots:
  '@push.rocks/smartcli@4.0.20':
    dependencies:
      '@push.rocks/lik': 6.2.2
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartobject': 1.0.12
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
@@ -5908,7 +5881,7 @@ snapshots:
    dependencies:
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartmongo': 2.2.0(socks@2.8.7)
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
@@ -5937,7 +5910,7 @@ snapshots:
    dependencies:
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartmongo': 2.2.0(socks@2.8.7)
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
@@ -6129,7 +6102,7 @@ snapshots:
      '@api.global/typedrequest-interfaces': 2.0.2
      '@tsclass/tsclass': 4.4.4
-  '@push.rocks/smartlog@3.1.11':
+  '@push.rocks/smartlog@3.2.1':
    dependencies:
      '@api.global/typedrequest-interfaces': 3.0.19
      '@push.rocks/consolecolor': 2.0.3
@@ -6138,8 +6111,8 @@ snapshots:
      '@push.rocks/smartfile': 11.2.7
      '@push.rocks/smarthash': 3.2.6
      '@push.rocks/smartpromise': 4.2.3
-      '@push.rocks/smarttime': 4.1.1
+      '@push.rocks/smarttime': 4.2.3
-      '@push.rocks/webrequest': 4.0.1
+      '@push.rocks/webrequest': 4.0.2
      '@tsclass/tsclass': 9.3.0
  '@push.rocks/smartmail@2.2.0':
@@ -6173,14 +6146,10 @@ snapshots:
    dependencies:
      matcher: 5.0.0
-  '@push.rocks/smartmetrics@2.0.10':
+  '@push.rocks/smartmetrics@3.0.1':
    dependencies:
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@types/pidusage': 2.0.5
      pidtree: 0.6.0
      pidusage: 4.0.1
      prom-client: 15.1.3
  '@push.rocks/smartmime@1.0.6':
    dependencies:
@@ -6249,7 +6218,7 @@ snapshots:
    dependencies:
      '@push.rocks/smartfile': 13.1.2
      '@push.rocks/smartfs': 1.3.1
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartmail': 2.2.0
      '@push.rocks/smartpath': 6.0.0
      '@push.rocks/smartrust': 1.2.1
@@ -6352,13 +6321,13 @@ snapshots:
  '@push.rocks/smartpromise@4.2.3': {}
-  '@push.rocks/smartproxy@25.7.3':
+  '@push.rocks/smartproxy@25.7.8':
    dependencies:
      '@push.rocks/smartcrypto': 2.0.4
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartrust': 1.2.1
      '@tsclass/tsclass': 9.3.0
-      minimatch: 10.2.0
+      minimatch: 10.2.1
  '@push.rocks/smartpuppeteer@2.0.5(typescript@5.9.3)':
    dependencies:
@@ -6436,7 +6405,7 @@ snapshots:
      '@cfworker/json-schema': 4.1.1
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartenv': 6.0.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpath': 6.0.0
      ws: 8.19.0
    transitivePeerDependencies:
@@ -6471,7 +6440,7 @@ snapshots:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartenv': 5.0.13
      '@push.rocks/smartjson': 5.2.0
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/smarttime': 4.1.1
@@ -6586,7 +6555,7 @@ snapshots:
      '@design.estate/dees-element': 2.1.6
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/smarttime': 4.1.1
@@ -6602,7 +6571,7 @@ snapshots:
      '@design.estate/dees-element': 2.1.6
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/smarttime': 4.1.1
@@ -6618,7 +6587,7 @@ snapshots:
      '@design.estate/dees-element': 2.1.6
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
-      '@push.rocks/smartlog': 3.1.11
+      '@push.rocks/smartlog': 3.2.1
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/smartrx': 3.0.10
      '@push.rocks/smarttime': 4.2.3
@@ -6637,14 +6606,6 @@ snapshots:
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/webstore': 2.0.20
  '@push.rocks/webrequest@4.0.1':
    dependencies:
      '@push.rocks/smartdelay': 3.0.5
      '@push.rocks/smartenv': 5.0.13
      '@push.rocks/smartjson': 5.2.0
      '@push.rocks/smartpromise': 4.2.3
      '@push.rocks/webstore': 2.0.20
  '@push.rocks/webrequest@4.0.2':
    dependencies:
      '@push.rocks/smartdelay': 3.0.5
@@ -6830,7 +6791,7 @@ snapshots:
      '@push.rocks/smartlog-interfaces': 3.0.2
      '@tsclass/tsclass': 9.3.0
-  '@serve.zone/remoteingress@3.0.4':
+  '@serve.zone/remoteingress@4.0.0':
    dependencies:
      '@push.rocks/qenv': 6.1.3
      '@push.rocks/smartrust': 1.2.1
@@ -7362,22 +7323,22 @@ snapshots:
  '@types/body-parser@1.19.6':
    dependencies:
      '@types/connect': 3.4.38
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/buffer-json@2.0.3': {}
  '@types/clean-css@4.2.11':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
      source-map: 0.6.1
  '@types/connect@3.4.38':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/cors@2.8.19':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/debug@4.1.12':
    dependencies:
@@ -7385,7 +7346,7 @@ snapshots:
  '@types/express-serve-static-core@5.1.1':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
      '@types/qs': 6.14.0
      '@types/range-parser': 1.2.7
      '@types/send': 1.2.1
@@ -7398,17 +7359,17 @@ snapshots:
  '@types/from2@2.3.6':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/fs-extra@11.0.4':
    dependencies:
      '@types/jsonfile': 6.1.4
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/glob@8.1.0':
    dependencies:
      '@types/minimatch': 5.1.2
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/hast@3.0.4':
    dependencies:
@@ -7430,12 +7391,12 @@ snapshots:
  '@types/jsonfile@6.1.4':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/jsonwebtoken@9.0.10':
    dependencies:
      '@types/ms': 2.1.0
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/linkify-it@5.0.0': {}
@@ -7458,16 +7419,16 @@ snapshots:
  '@types/mute-stream@0.0.4':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/node-fetch@2.6.13':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
      form-data: 4.0.5
  '@types/node-forge@1.3.14':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/node@18.19.130':
    dependencies:
@@ -7477,11 +7438,9 @@ snapshots:
    dependencies:
      undici-types: 6.21.0
-  '@types/node@25.2.3':
+  '@types/node@25.3.0':
    dependencies:
-      undici-types: 7.16.0
+      undici-types: 7.18.2
  '@types/pidusage@2.0.5': {}
  '@types/ping@0.4.4': {}
@@ -7497,22 +7456,22 @@ snapshots:
  '@types/send@1.2.1':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/serve-static@2.2.0':
    dependencies:
      '@types/http-errors': 2.0.5
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/symbol-tree@3.2.5': {}
  '@types/tar-stream@3.1.4':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/through2@2.0.41':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/trusted-types@2.0.7': {}
@@ -7542,11 +7501,11 @@ snapshots:
  '@types/ws@8.18.1':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
  '@types/yauzl@2.10.3':
    dependencies:
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
    optional: true
  '@ungap/structured-clone@1.3.0': {}
@@ -7692,8 +7651,6 @@ snapshots:
  basic-ftp@5.1.0: {}
  bintrees@1.0.2: {}
  body-parser@2.2.2:
    dependencies:
      bytes: 3.1.2
@@ -8019,7 +7976,7 @@ snapshots:
  engine.io@6.6.4:
    dependencies:
      '@types/cors': 2.8.19
-      '@types/node': 25.2.3
+      '@types/node': 25.3.0
      accepts: 1.3.8
      base64id: 2.0.0
      cookie: 0.7.2
@@ -9167,6 +9124,10 @@ snapshots:
    dependencies:
      brace-expansion: 5.0.2
  minimatch@10.2.1:
    dependencies:
      brace-expansion: 5.0.2
  minimatch@3.1.2:
    dependencies:
      brace-expansion: 1.1.12
@@ -9439,12 +9400,6 @@ snapshots:
  picomatch@4.0.3: {}
  pidtree@0.6.0: {}
  pidusage@4.0.1:
    dependencies:
      safe-buffer: 5.2.1
  ping@0.4.4: {}
  pkg-dir@4.2.0:
@@ -9459,11 +9414,6 @@ snapshots:
  progress@2.0.3: {}
  prom-client@15.1.3:
    dependencies:
      '@opentelemetry/api': 1.9.0
      tdigest: 0.1.2
  property-information@7.1.0: {}
  prosemirror-changeset@2.4.0:
@@ -10050,10 +10000,6 @@ snapshots:
      - bare-abort-controller
      - react-native-b4a
  tdigest@0.1.2:
    dependencies:
      bintrees: 1.0.2
  text-decoder@1.2.3:
    dependencies:
      b4a: 1.7.3
@@ -10152,7 +10098,7 @@ snapshots:
  undici-types@6.21.0: {}
-  undici-types@7.16.0: {}
+  undici-types@7.18.2: {}
  unified@11.0.5:
    dependencies:
--- a/readme.md
+++ b/readme.md
@@ -4,7 +4,7 @@
 **dcrouter: The all-in-one gateway for your datacenter.** 🚀
-A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), DNS, and RADIUS protocols. Designed for enterprises requiring robust traffic management, automatic TLS certificate provisioning, and enterprise-grade email infrastructure — all from a single process.
+A comprehensive traffic routing solution that provides unified gateway capabilities for HTTP/HTTPS, TCP/SNI, email (SMTP), DNS, RADIUS, and remote edge ingress — all from a single process. Designed for enterprises requiring robust traffic management, automatic TLS certificate provisioning, distributed edge networking, and enterprise-grade email infrastructure.
 ## Issue Reporting and Security
@@ -21,6 +21,7 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
 - [Email System](#email-system)
 - [DNS Server](#dns-server)
 - [RADIUS Server](#radius-server)
 - [Remote Ingress](#remote-ingress)
 - [Certificate Management](#certificate-management)
 - [Storage & Caching](#storage--caching)
 - [Security Features](#security-features)
@@ -60,6 +61,14 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
 - **RADIUS accounting** for session tracking, traffic metering, and billing
 - **Real-time management** via OpsServer API
 ### 🌍 Remote Ingress (powered by [remoteingress](https://code.foss.global/serve.zone/remoteingress))
 - **Distributed edge networking** — accept traffic at remote edge nodes and tunnel it to the hub
 - **Edge registration CRUD** with secret-based authentication
 - **Auto-derived ports** — edges automatically pick up ports from routes tagged with `remoteIngress.enabled`
 - **Connection tokens** — generate a single opaque base64url token containing hubHost, hubPort, edgeId, and secret for easy edge provisioning
 - **Real-time status monitoring** — connected/disconnected state, public IP, active tunnels, heartbeat tracking
 - **OpsServer dashboard** with enable/disable, edit, secret regeneration, token copy, and delete actions
 ### ⚡ High Performance
 - **Rust-powered proxy engine** via SmartProxy for maximum throughput
 - **Rust-powered MTA engine** via smartmta (TypeScript + Rust hybrid) for reliable email delivery
@@ -76,8 +85,9 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
 ### 🖥️ OpsServer Dashboard
 - **Web-based management interface** with real-time monitoring
 - **JWT authentication** with session persistence
- **Live views** for connections, email queues, DNS queries, RADIUS sessions, certificates, and security events
+- **Live views** for connections, email queues, DNS queries, RADIUS sessions, certificates, remote ingress edges, and security events
 - **Domain-centric certificate overview** with backoff status and one-click reprovisioning
 - **Remote ingress management** with connection token generation and one-click copy
 - **Read-only configuration display** — DcRouter is configured through code
 ## Installation
@@ -219,6 +229,13 @@ const router = new DcRouter({
    accounting: { enabled: true, retentionDays: 30 }
  },
  // Remote Ingress — edge nodes tunnel traffic to this hub
  remoteIngressConfig: {
    enabled: true,
    tunnelPort: 8443,
    hubDomain: 'hub.example.com',
  },
  // Persistent storage
  storage: { fsPath: '/var/lib/dcrouter/data' },
@@ -246,6 +263,7 @@ graph TB
        TCP[TCP Clients]
        DNS[DNS Queries]
        RAD[RADIUS Clients]
        EDGE[Edge Nodes]
    end
    subgraph "DcRouter Core"
@@ -254,6 +272,7 @@ graph TB
        ES[smartmta Email Server<br/><i>TypeScript + Rust</i>]
        DS[SmartDNS Server<br/><i>Rust-powered</i>]
        RS[SmartRadius Server]
        RI[RemoteIngress Hub<br/><i>Rust data plane</i>]
        CM[Certificate Manager<br/><i>smartacme v9</i>]
        OS[OpsServer Dashboard]
        MM[Metrics Manager]
@@ -273,11 +292,13 @@ graph TB
    SMTP --> ES
    DNS --> DS
    RAD --> RS
    EDGE --> RI
    DC --> SP
    DC --> ES
    DC --> DS
    DC --> RS
    DC --> RI
    DC --> CM
    DC --> OS
    DC --> MM
@@ -288,6 +309,7 @@ graph TB
    SP --> API
    ES --> MAIL
    ES --> DB
    RI --> SP
    CM -.-> SP
    CM -.-> ES
@@ -303,6 +325,7 @@ graph TB
 | **DNS Server** | `@push.rocks/smartdns` | Authoritative DNS with dynamic records and DKIM TXT auto-generation (Rust engine) |
 | **SmartAcme** | `@push.rocks/smartacme` | ACME certificate management with per-domain dedup, concurrency control, and rate limiting |
 | **RADIUS Server** | `@push.rocks/smartradius` | Network authentication with MAB, VLAN assignment, and accounting |
 | **RemoteIngress** | `@serve.zone/remoteingress` | Distributed edge tunneling with Rust data plane and TS management |
 | **OpsServer** | `@api.global/typedserver` | Web dashboard + TypedRequest API for monitoring and management |
 | **MetricsManager** | `@push.rocks/smartmetrics` | Real-time metrics collection (CPU, memory, email, DNS, security) |
 | **StorageManager** | built-in | Pluggable key-value storage (filesystem, custom, or in-memory) |
@@ -312,19 +335,20 @@ graph TB
 DcRouter acts purely as an **orchestrator** — it doesn't implement protocols itself. Instead, it wires together best-in-class packages for each protocol:
-1. **On `start()`**: DcRouter initializes OpsServer (port 3000), then spins up SmartProxy, smartmta, SmartDNS, and SmartRadius based on which configs are provided.
+1. **On `start()`**: DcRouter initializes OpsServer (port 3000), then spins up SmartProxy, smartmta, SmartDNS, SmartRadius, and RemoteIngress based on which configs are provided.
-2. **During operation**: Each service handles its own protocol independently. SmartProxy uses a Rust-powered engine for maximum throughput. smartmta uses a hybrid TypeScript + Rust architecture for reliable email delivery. SmartAcme v9 handles all certificate operations with built-in concurrency control and rate limiting.
+2. **During operation**: Each service handles its own protocol independently. SmartProxy uses a Rust-powered engine for maximum throughput. smartmta uses a hybrid TypeScript + Rust architecture for reliable email delivery. RemoteIngress runs a Rust data plane for edge tunnel networking. SmartAcme v9 handles all certificate operations with built-in concurrency control and rate limiting.
 3. **On `stop()`**: All services are gracefully shut down in parallel, including cleanup of HTTP agents and DNS clients.
 ### Rust-Powered Architecture
-DcRouter itself is a pure TypeScript orchestrator, but three of its core sub-components ship with **compiled Rust binaries** for performance-critical paths. At runtime each package detects the platform, unpacks the correct binary, and communicates with TypeScript over IPC/FFI — so you get the ergonomics of TypeScript with the throughput of native code.
+DcRouter itself is a pure TypeScript orchestrator, but several of its core sub-components ship with **compiled Rust binaries** for performance-critical paths. At runtime each package detects the platform, unpacks the correct binary, and communicates with TypeScript over IPC/FFI — so you get the ergonomics of TypeScript with the throughput of native code.
 | Component | Rust Binary | What It Handles |
 |-----------|-------------|-----------------|
 | **SmartProxy** | `smartproxy-bin` | All TCP/TLS/HTTP proxy networking, NFTables integration, connection metrics |
 | **smartmta** | `mailer-bin` | SMTP server + client, DKIM/SPF/DMARC, content scanning, IP reputation |
 | **SmartDNS** | `smartdns-bin` | DNS server (UDP + DNS-over-HTTPS), DNSSEC, DNS client resolution |
 | **RemoteIngress** | `remoteingress-bin` | Edge tunnel data plane, multiplexed streams, heartbeat management |
 | **SmartRadius** | — | Pure TypeScript (no Rust component) |
 ## Configuration Reference
@@ -333,6 +357,10 @@ DcRouter itself is a pure TypeScript orchestrator, but three of its core sub-com
 ```typescript
 interface IDcRouterOptions {
  // ── Base ───────────────────────────────────────────────────────
  /** Base directory for all dcrouter data. Defaults to ~/.serve.zone/dcrouter */
  baseDir?: string;
  // ── Traffic Routing ────────────────────────────────────────────
  /** SmartProxy config for HTTP/HTTPS and TCP/SNI routing */
  smartProxyConfig?: ISmartProxyOptions;
@@ -376,6 +404,18 @@ interface IDcRouterOptions {
    accounting?: { enabled: boolean; retentionDays?: number };
  };
  // ── Remote Ingress ─────────────────────────────────────────────
  /** Remote Ingress hub for edge tunnel connections */
  remoteIngressConfig?: {
    enabled?: boolean;                   // default: false
    tunnelPort?: number;                 // default: 8443
    hubDomain?: string;                  // External hostname for connection tokens
    tls?: {
      certPath?: string;
      keyPath?: string;
    };
  };
  // ── TLS & Certificates ────────────────────────────────────────
  tls?: {
    contactEmail: string;
@@ -701,6 +741,107 @@ RADIUS is fully manageable at runtime via the OpsServer API:
 - Session monitoring and forced disconnects
 - Accounting summaries and statistics
 ## Remote Ingress
 DcRouter can act as a **hub** for distributed edge nodes using [`@serve.zone/remoteingress`](https://code.foss.global/serve.zone/remoteingress). Edge nodes accept incoming traffic at remote locations and tunnel it back to the hub over a single multiplexed connection. This is ideal for scenarios where you need to accept traffic at multiple geographic locations but process it centrally.
 ### Enabling Remote Ingress
 ```typescript
 const router = new DcRouter({
  remoteIngressConfig: {
    enabled: true,
    tunnelPort: 8443,
    hubDomain: 'hub.example.com',  // Embedded in connection tokens
  },
  // Routes tagged with remoteIngress are auto-derived to edge listen ports
  smartProxyConfig: {
    routes: [
      {
        name: 'web-via-edge',
        match: { domains: ['app.example.com'], ports: [443] },
        action: {
          type: 'forward',
          targets: [{ host: '192.168.1.10', port: 8080 }],
          tls: { mode: 'terminate', certificate: 'auto' }
        },
        remoteIngress: { enabled: true }  // Edges will listen on port 443
      }
    ]
  }
 });
 await router.start();
 ```
 ### Edge Registration
 Edges are registered via the OpsServer API (or dashboard UI). Each edge gets a unique ID and secret:
 ```typescript
 // Via TypedRequest API
 const createReq = new TypedRequest<IReq_CreateRemoteIngress>(
  'https://hub:3000/typedrequest', 'createRemoteIngress'
 );
 const { edge } = await createReq.fire({
  identity,
  name: 'edge-nyc-01',
  autoDerivePorts: true,
  tags: ['us-east'],
 });
 // edge.secret is returned only on creation — save it!
 ```
 ### Connection Tokens 🔑
 Instead of configuring edges with four separate values (hubHost, hubPort, edgeId, secret), DcRouter can generate a single **connection token** — an opaque base64url string that encodes everything:
 ```typescript
 // Via TypedRequest API
 const tokenReq = new TypedRequest<IReq_GetRemoteIngressConnectionToken>(
  'https://hub:3000/typedrequest', 'getRemoteIngressConnectionToken'
 );
 const { token } = await tokenReq.fire({ identity, edgeId: 'edge-uuid' });
 // token = "eyJoIjoiaHViLmV4YW1wbGUuY29tIiwicCI6ODQ0MywiZSI6I..."
 // On the edge side, just pass the token:
 const edge = new RemoteIngressEdge({ token });
 await edge.start();
 ```
 The token is generated using `remoteingress.encodeConnectionToken()` and contains `{ hubHost, hubPort, edgeId, secret }`. The `hubHost` comes from `remoteIngressConfig.hubDomain` (or can be overridden per-request).
 In the OpsServer dashboard, click **"Copy Token"** on any edge row to copy the connection token to your clipboard.
 ### Auto-Derived Ports
 When routes have `remoteIngress: { enabled: true }`, edges with `autoDerivePorts: true` (default) automatically pick up those routes' ports. You can also use `edgeFilter` to restrict which edges get which ports:
 ```typescript
 {
  name: 'web-route',
  match: { ports: [443] },
  action: { /* ... */ },
  remoteIngress: {
    enabled: true,
    edgeFilter: ['us-east', 'edge-uuid-123']  // Only edges with matching id or tags
  }
 }
 ```
 ### Dashboard Actions
 The OpsServer Remote Ingress view provides:
 | Action | Description |
 |--------|-------------|
 | **Create Edge Node** | Register a new edge with name, ports, tags |
 | **Enable / Disable** | Toggle an edge on or off |
 | **Edit** | Modify name, manual ports, auto-derive setting, tags |
 | **Regenerate Secret** | Issue a new secret (invalidates the old one) |
 | **Copy Token** | Generate and copy a base64url connection token to clipboard |
 | **Delete** | Remove the edge registration |
 ## Certificate Management
 DcRouter uses [`@push.rocks/smartacme`](https://code.foss.global/push.rocks/smartacme) v9 for ACME certificate provisioning. smartacme v9 brings significant improvements over previous versions:
@@ -767,6 +908,7 @@ The OpsServer includes a **Certificates** view showing:
 - Expiry dates and issuer information
 - Backoff status for failed domains
 - One-click reprovisioning per domain
 - Certificate import and export
 ## Storage & Caching
@@ -788,7 +930,7 @@ storage: {
 // Simply omit the storage config
 ```
-Used for: TLS certificates, DKIM keys, email routes, bounce/suppression lists, IP reputation data, domain configs, cert backoff state.
+Used for: TLS certificates, DKIM keys, email routes, bounce/suppression lists, IP reputation data, domain configs, cert backoff state, remote ingress edge registrations.
 ### Cache Database
@@ -874,7 +1016,8 @@ The OpsServer provides a web-based management interface served on port 3000. It'
 | 📊 **Overview** | Real-time server stats, CPU/memory, connection counts, email throughput |
 | 🌐 **Network** | Active connections, top IPs, throughput rates, SmartProxy metrics |
 | 📧 **Email** | Queue monitoring (queued/sent/failed), bounce records, security incidents |
-| 🔐 **Certificates** | Domain-centric certificate overview, status, backoff info, reprovisioning |
+| 🔐 **Certificates** | Domain-centric certificate overview, status, backoff info, reprovisioning, import/export |
 | 🌍 **RemoteIngress** | Edge node management, connection status, token generation, enable/disable |
 | 📜 **Logs** | Real-time log viewer with level filtering and search |
 | ⚙️ **Configuration** | Read-only view of current system configuration |
 | 🛡️ **Security** | IP reputation, rate limit status, blocked connections |
@@ -906,6 +1049,18 @@ All management is done via TypedRequest over HTTP POST to `/typedrequest`:
 'getCertificateOverview'               // Domain-centric certificate status
 'reprovisionCertificate'               // Reprovision by route name (legacy)
 'reprovisionCertificateDomain'         // Reprovision by domain (preferred)
 'importCertificate'                    // Import a certificate
 'exportCertificate'                    // Export a certificate
 'deleteCertificate'                    // Delete a certificate
 // Remote Ingress
 'getRemoteIngresses'                   // List all edge registrations
 'createRemoteIngress'                  // Register a new edge
 'updateRemoteIngress'                  // Update edge settings
 'deleteRemoteIngress'                  // Remove an edge
 'regenerateRemoteIngressSecret'        // Issue a new secret
 'getRemoteIngressStatus'               // Runtime status of all edges
 'getRemoteIngressConnectionToken'      // Generate a connection token for an edge
 // Configuration (read-only)
 'getConfiguration'                     // Current system config
@@ -957,6 +1112,8 @@ const router = new DcRouter(options: IDcRouterOptions);
 | `emailServer` | `UnifiedEmailServer` | Email server instance (from smartmta) |
 | `dnsServer` | `DnsServer` | DNS server instance |
 | `radiusServer` | `RadiusServer` | RADIUS server instance |
 | `remoteIngressManager` | `RemoteIngressManager` | Edge registration CRUD manager |
 | `tunnelManager` | `TunnelManager` | Tunnel lifecycle and status manager |
 | `storageManager` | `StorageManager` | Storage backend |
 | `opsServer` | `OpsServer` | OpsServer/dashboard instance |
 | `metricsManager` | `MetricsManager` | Metrics collector |
@@ -1000,7 +1157,7 @@ import { data, requests } from '@serve.zone/dcrouter/interfaces';
 DcRouter includes a comprehensive test suite covering all system components:
 ```bash
-# Run all tests (10 files, 73 tests)
+# Run all tests
 pnpm test
 # Run a specific test file
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '6.10.0',
+  version: '7.2.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts/classes.cert-provision-scheduler.ts
+++ b/ts/classes.cert-provision-scheduler.ts
@@ -106,6 +106,13 @@ export class CertProvisionScheduler {
    }
  }
  /**
   * Clear all in-memory backoff cache entries
   */
  public clear(): void {
    this.backoffCache.clear();
  }
  /**
   * Get backoff info for UI display
   */
--- a/ts/classes.dcrouter.ts
+++ b/ts/classes.dcrouter.ts
@@ -166,6 +166,8 @@ export interface IDcRouterOptions {
    enabled?: boolean;
    /** Port for tunnel connections from edge nodes (default: 8443) */
    tunnelPort?: number;
    /** External hostname of this hub, embedded in connection tokens */
    hubDomain?: string;
    /** TLS configuration for the tunnel server */
    tls?: {
      certPath?: string;
@@ -532,6 +534,12 @@ export class DcRouter {
      // If we have DNS challenge handlers, create SmartAcme and wire to certProvisionFunction
      if (challengeHandlers.length > 0) {
        // Stop old SmartAcme if it exists (e.g., during updateSmartProxyConfig)
        if (this.smartAcme) {
          await this.smartAcme.stop().catch(err =>
            console.error('[DcRouter] Error stopping old SmartAcme:', err)
          );
        }
        this.smartAcme = new plugins.smartacme.SmartAcme({
          accountEmail: acmeConfig?.accountEmail || this.options.tls?.contactEmail || 'admin@example.com',
          certManager: new StorageBackedCertManager(this.storageManager),
@@ -584,6 +592,13 @@ export class DcRouter {
        };
      }
      // When remoteIngress is enabled, the hub binary forwards tunneled connections
      // to SmartProxy with PROXY protocol v1 headers to preserve client IPs.
      if (this.options.remoteIngressConfig?.enabled) {
        smartProxyConfig.acceptProxyProtocol = true;
        smartProxyConfig.proxyIPs = ['127.0.0.1'];
      }
      // Create SmartProxy instance
      console.log('[DcRouter] Creating SmartProxy instance with config:', JSON.stringify({
        routeCount: smartProxyConfig.routes?.length,
@@ -935,6 +950,25 @@ export class DcRouter {
        await this.cacheDb.stop().catch(err => console.error('Error stopping CacheDb:', err));
      }
      // Clear backoff cache in cert scheduler
      if (this.certProvisionScheduler) {
        this.certProvisionScheduler.clear();
      }
      // Allow GC of stopped services by nulling references
      this.smartProxy = undefined;
      this.emailServer = undefined;
      this.dnsServer = undefined;
      this.metricsManager = undefined;
      this.cacheCleaner = undefined;
      this.cacheDb = undefined;
      this.tunnelManager = undefined;
      this.radiusServer = undefined;
      this.smartAcme = undefined;
      this.certProvisionScheduler = undefined;
      this.remoteIngressManager = undefined;
      this.certificateStatusMap.clear();
      console.log('All DcRouter services stopped');
    } catch (error) {
      console.error('Error during DcRouter shutdown:', error);
@@ -1021,7 +1055,25 @@ export class DcRouter {
    // Start the server
    await this.emailServer.start();
-    
+
    // Wire delivery events to MetricsManager for time-series tracking
    if (this.metricsManager && this.emailServer.deliverySystem) {
      this.emailServer.deliverySystem.on('deliveryStart', (item: any) => {
        this.metricsManager.trackEmailReceived(item?.from);
      });
      this.emailServer.deliverySystem.on('deliverySuccess', (item: any) => {
        this.metricsManager.trackEmailSent(item?.to);
      });
      this.emailServer.deliverySystem.on('deliveryFailed', (item: any, error: any) => {
        this.metricsManager.trackEmailFailed(item?.to, error?.message);
      });
    }
    if (this.metricsManager && this.emailServer) {
      this.emailServer.on('bounceProcessed', () => {
        this.metricsManager.trackEmailBounced();
      });
    }
    logger.log('info', `Email server started on ports: ${emailConfig.ports.join(', ')}`);
  }
--- a/ts/logger.ts
+++ b/ts/logger.ts
@@ -1,5 +1,6 @@
 import * as plugins from './plugins.js';
 import { randomUUID } from 'node:crypto';
 import { SmartlogDestinationBuffer } from '@push.rocks/smartlog/destination-buffer';
 // Map NODE_ENV to valid TEnvironment
 const nodeEnv = process.env.NODE_ENV || 'production';
@@ -10,6 +11,9 @@ const envMap: Record<string, 'local' | 'test' | 'staging' | 'production'> = {
  'production': 'production'
 };
 // In-memory log buffer for the OpsServer UI
 export const logBuffer = new SmartlogDestinationBuffer({ maxEntries: 2000 });
 // Default Smartlog instance
 const baseLogger = new plugins.smartlog.Smartlog({
  logContext: {
@@ -19,6 +23,9 @@ const baseLogger = new plugins.smartlog.Smartlog({
  }
 });
 // Wire the buffer destination so all logs are captured
 baseLogger.addLogDestination(logBuffer);
 // Extended logger compatible with the original enhanced logger API
 class StandardLogger {
  private defaultContext: Record<string, any> = {};
--- a/ts/monitoring/classes.metricsmanager.ts
+++ b/ts/monitoring/classes.metricsmanager.ts
@@ -1,6 +1,7 @@
 import * as plugins from '../plugins.js';
 import { DcRouter } from '../classes.dcrouter.js';
 import { MetricsCache } from './classes.metricscache.js';
 import { SecurityLogger, SecurityEventType } from '../security/classes.securitylogger.js';
 export class MetricsManager {
  private logger: plugins.smartlog.Smartlog;
@@ -37,6 +38,10 @@ export class MetricsManager {
    responseTimes: [] as number[], // Track response times in ms
  };
  // Per-minute time-series buckets for charts
  private emailMinuteBuckets = new Map<number, { sent: number; received: number; failed: number }>();
  private dnsMinuteBuckets = new Map<number, { queries: number }>();
  // Track security-specific metrics
  private securityMetrics = {
    blockedIPs: 0,
@@ -139,8 +144,8 @@ export class MetricsManager {
          actualUsagePercentage: smartMetricsData.memoryPercentage,
        },
        cpuUsage: {
-          user: parseFloat(smartMetricsData.cpuUsageText || '0'),
+          user: smartMetricsData.cpuPercentage,
-          system: 0, // SmartMetrics doesn't separate user/system
+          system: 0,
        },
        activeConnections: proxyStats ? proxyStats.activeConnections : 0,
        totalConnections: proxyMetrics ? proxyMetrics.totals.connections() : 0,
@@ -227,20 +232,45 @@ export class MetricsManager {
    });
  }
  /**
   * Sync security metrics from the SecurityLogger singleton (last 24h).
   * Called before returning security stats so counters reflect real events.
   */
  private syncFromSecurityLogger(): void {
    try {
      const securityLogger = SecurityLogger.getInstance();
      const summary = securityLogger.getEventsSummary(86400000); // last 24h
      this.securityMetrics.spamDetected = summary.byType[SecurityEventType.SPAM] || 0;
      this.securityMetrics.malwareDetected = summary.byType[SecurityEventType.MALWARE] || 0;
      this.securityMetrics.phishingDetected = summary.byType[SecurityEventType.DMARC] || 0; // phishing via DMARC
      this.securityMetrics.authFailures =
        summary.byType[SecurityEventType.AUTHENTICATION] || 0;
      this.securityMetrics.blockedIPs =
        (summary.byType[SecurityEventType.IP_REPUTATION] || 0) +
        (summary.byType[SecurityEventType.REJECTED_CONNECTION] || 0);
    } catch {
      // SecurityLogger may not be initialized yet — ignore
    }
  }
  // Get security metrics
  public async getSecurityStats() {
    return this.metricsCache.get('securityStats', () => {
      // Sync counters from the real SecurityLogger events
      this.syncFromSecurityLogger();
      // Get recent incidents (last 20)
      const recentIncidents = this.securityMetrics.incidents.slice(-20);
-      
+
      return {
        blockedIPs: this.securityMetrics.blockedIPs,
        authFailures: this.securityMetrics.authFailures,
        spamDetected: this.securityMetrics.spamDetected,
        malwareDetected: this.securityMetrics.malwareDetected,
        phishingDetected: this.securityMetrics.phishingDetected,
-        totalThreatsBlocked: this.securityMetrics.spamDetected + 
+        totalThreatsBlocked: this.securityMetrics.spamDetected +
-          this.securityMetrics.malwareDetected + 
+          this.securityMetrics.malwareDetected +
          this.securityMetrics.phishingDetected,
        recentIncidents,
      };
@@ -275,10 +305,19 @@ export class MetricsManager {
  // Email event tracking methods
  public trackEmailSent(recipient?: string, deliveryTimeMs?: number): void {
    this.emailMetrics.sentToday++;
    this.incrementEmailBucket('sent');
    if (recipient) {
      const count = this.emailMetrics.recipients.get(recipient) || 0;
      this.emailMetrics.recipients.set(recipient, count + 1);
      // Cap recipients map to prevent unbounded growth within a day
      if (this.emailMetrics.recipients.size > this.MAX_TOP_DOMAINS) {
        const sorted = Array.from(this.emailMetrics.recipients.entries())
          .sort((a, b) => b[1] - a[1])
          .slice(0, Math.floor(this.MAX_TOP_DOMAINS * 0.8));
        this.emailMetrics.recipients = new Map(sorted);
      }
    }
    if (deliveryTimeMs) {
@@ -303,6 +342,7 @@ export class MetricsManager {
  public trackEmailReceived(sender?: string): void {
    this.emailMetrics.receivedToday++;
    this.incrementEmailBucket('received');
    this.emailMetrics.recentActivity.push({
      timestamp: Date.now(),
@@ -318,6 +358,7 @@ export class MetricsManager {
  public trackEmailFailed(recipient?: string, reason?: string): void {
    this.emailMetrics.failedToday++;
    this.incrementEmailBucket('failed');
    this.emailMetrics.recentActivity.push({
      timestamp: Date.now(),
@@ -353,6 +394,7 @@ export class MetricsManager {
  // DNS event tracking methods
  public trackDnsQuery(queryType: string, domain: string, cacheHit: boolean, responseTimeMs?: number): void {
    this.dnsMetrics.totalQueries++;
    this.incrementDnsBucket();
    if (cacheHit) {
      this.dnsMetrics.cacheHits++;
@@ -539,4 +581,90 @@ export class MetricsManager {
      };
    }, 200); // Use 200ms cache for more frequent updates
  }
  // --- Time-series helpers ---
  private static minuteKey(ts: number = Date.now()): number {
    return Math.floor(ts / 60000) * 60000;
  }
  private incrementEmailBucket(field: 'sent' | 'received' | 'failed'): void {
    const key = MetricsManager.minuteKey();
    let bucket = this.emailMinuteBuckets.get(key);
    if (!bucket) {
      bucket = { sent: 0, received: 0, failed: 0 };
      this.emailMinuteBuckets.set(key, bucket);
    }
    bucket[field]++;
  }
  private incrementDnsBucket(): void {
    const key = MetricsManager.minuteKey();
    let bucket = this.dnsMinuteBuckets.get(key);
    if (!bucket) {
      bucket = { queries: 0 };
      this.dnsMinuteBuckets.set(key, bucket);
    }
    bucket.queries++;
  }
  private pruneOldBuckets(): void {
    const cutoff = Date.now() - 86400000; // 24h
    for (const key of this.emailMinuteBuckets.keys()) {
      if (key < cutoff) this.emailMinuteBuckets.delete(key);
    }
    for (const key of this.dnsMinuteBuckets.keys()) {
      if (key < cutoff) this.dnsMinuteBuckets.delete(key);
    }
  }
  /**
   * Get email time-series data for the last N hours, aggregated per minute.
   */
  public getEmailTimeSeries(hours: number = 24): {
    sent: Array<{ timestamp: number; value: number }>;
    received: Array<{ timestamp: number; value: number }>;
    failed: Array<{ timestamp: number; value: number }>;
  } {
    this.pruneOldBuckets();
    const cutoff = Date.now() - hours * 3600000;
    const sent: Array<{ timestamp: number; value: number }> = [];
    const received: Array<{ timestamp: number; value: number }> = [];
    const failed: Array<{ timestamp: number; value: number }> = [];
    const sortedKeys = Array.from(this.emailMinuteBuckets.keys())
      .filter((k) => k >= cutoff)
      .sort((a, b) => a - b);
    for (const key of sortedKeys) {
      const bucket = this.emailMinuteBuckets.get(key)!;
      sent.push({ timestamp: key, value: bucket.sent });
      received.push({ timestamp: key, value: bucket.received });
      failed.push({ timestamp: key, value: bucket.failed });
    }
    return { sent, received, failed };
  }
  /**
   * Get DNS time-series data for the last N hours, aggregated per minute.
   */
  public getDnsTimeSeries(hours: number = 24): {
    queries: Array<{ timestamp: number; value: number }>;
  } {
    this.pruneOldBuckets();
    const cutoff = Date.now() - hours * 3600000;
    const queries: Array<{ timestamp: number; value: number }> = [];
    const sortedKeys = Array.from(this.dnsMinuteBuckets.keys())
      .filter((k) => k >= cutoff)
      .sort((a, b) => a - b);
    for (const key of sortedKeys) {
      const bucket = this.dnsMinuteBuckets.get(key)!;
      queries.push({ timestamp: key, value: bucket.queries });
    }
    return { queries };
  }
 }
--- a/ts/opsserver/handlers/logs.handler.ts
+++ b/ts/opsserver/handlers/logs.handler.ts
@@ -1,6 +1,7 @@
 import * as plugins from '../../plugins.js';
 import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
 import { logBuffer } from '../../logger.js';
 export class LogsHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -64,6 +65,32 @@ export class LogsHandler {
    );
  }
  private static mapLogLevel(smartlogLevel: string): 'debug' | 'info' | 'warn' | 'error' {
    switch (smartlogLevel) {
      case 'silly':
      case 'debug':
        return 'debug';
      case 'warn':
        return 'warn';
      case 'error':
        return 'error';
      default:
        return 'info';
    }
  }
  private static deriveCategory(
    zone?: string,
    message?: string
  ): 'smtp' | 'dns' | 'security' | 'system' | 'email' {
    const msg = (message || '').toLowerCase();
    if (msg.includes('[security:') || msg.includes('security')) return 'security';
    if (zone === 'email' || msg.includes('email') || msg.includes('smtp') || msg.includes('mta')) return 'email';
    if (zone === 'dns' || msg.includes('dns')) return 'dns';
    if (msg.includes('smtp')) return 'smtp';
    return 'system';
  }
  private async getRecentLogs(
    level?: 'error' | 'warn' | 'info' | 'debug',
    category?: 'smtp' | 'dns' | 'security' | 'system' | 'email',
@@ -78,42 +105,64 @@ export class LogsHandler {
    message: string;
    metadata?: any;
  }>> {
-    // TODO: Implement actual log retrieval from storage or logger
+    // Compute a timestamp cutoff from timeRange
-    // For now, return mock data
+    let since: number | undefined;
-    const mockLogs: Array<{
+    if (timeRange) {
      const rangeMs: Record<string, number> = {
        '1h': 3600000,
        '6h': 21600000,
        '24h': 86400000,
        '7d': 604800000,
        '30d': 2592000000,
      };
      since = Date.now() - (rangeMs[timeRange] || 86400000);
    }
    // Map the UI level to smartlog levels for filtering
    const smartlogLevels: string[] | undefined = level
      ? level === 'debug'
        ? ['debug', 'silly']
        : level === 'info'
          ? ['info', 'ok', 'success', 'note', 'lifecycle']
          : [level]
      : undefined;
    // Fetch a larger batch from buffer, then apply category filter client-side
    const rawEntries = logBuffer.getEntries({
      level: smartlogLevels as any,
      search,
      since,
      limit: limit * 3, // over-fetch to compensate for category filtering
      offset: 0,
    });
    // Map ILogPackage → UI log format and apply category filter
    const mapped: Array<{
      timestamp: number;
      level: 'debug' | 'info' | 'warn' | 'error';
      category: 'smtp' | 'dns' | 'security' | 'system' | 'email';
      message: string;
      metadata?: any;
    }> = [];
-    
+
-    const categories: Array<'smtp' | 'dns' | 'security' | 'system' | 'email'> = ['smtp', 'dns', 'security', 'system', 'email'];
+    for (const pkg of rawEntries) {
-    const levels: Array<'debug' | 'info' | 'warn' | 'error'> = ['info', 'warn', 'error', 'debug'];
+      const uiLevel = LogsHandler.mapLogLevel(pkg.level);
-    const now = Date.now();
+      const uiCategory = LogsHandler.deriveCategory(pkg.context?.zone, pkg.message);
-    
+
-    // Generate some mock log entries
+      if (category && uiCategory !== category) continue;
-    for (let i = 0; i < 50; i++) {
+
-      const mockCategory = categories[Math.floor(Math.random() * categories.length)];
+      mapped.push({
-      const mockLevel = levels[Math.floor(Math.random() * levels.length)];
+        timestamp: pkg.timestamp,
-      
+        level: uiLevel,
-      // Filter by requested criteria
+        category: uiCategory,
-      if (level && mockLevel !== level) continue;
+        message: pkg.message,
-      if (category && mockCategory !== category) continue;
+        metadata: pkg.data,
      mockLogs.push({
        timestamp: now - (i * 60000), // 1 minute apart
        level: mockLevel,
        category: mockCategory,
        message: `Sample log message ${i} from ${mockCategory}`,
        metadata: {
          requestId: plugins.uuid.v4(),
        },
      });
      if (mapped.length >= limit) break;
    }
-    
+
-    // Apply pagination
+    return mapped;
    return mockLogs.slice(offset, offset + limit);
  }
  private setupLogStream(
@@ -148,17 +197,17 @@ export class LogsHandler {
      }
      // For follow mode, simulate real-time log streaming
-      intervalId = setInterval(() => {
+      intervalId = setInterval(async () => {
        const categories: Array<'smtp' | 'dns' | 'security' | 'system' | 'email'> = ['smtp', 'dns', 'security', 'system', 'email'];
        const levels: Array<'debug' | 'info' | 'warn' | 'error'> = ['info', 'warn', 'error', 'debug'];
-        
+
        const mockCategory = categories[Math.floor(Math.random() * categories.length)];
        const mockLevel = levels[Math.floor(Math.random() * levels.length)];
-        
+
        // Filter by requested criteria
        if (levelFilter && !levelFilter.includes(mockLevel)) return;
        if (categoryFilter && !categoryFilter.includes(mockCategory)) return;
-        
+
        const logEntry = {
          timestamp: Date.now(),
          level: mockLevel,
@@ -168,10 +217,16 @@ export class LogsHandler {
            requestId: plugins.uuid.v4(),
          },
        };
-        
+
        const logData = JSON.stringify(logEntry);
        const encoder = new TextEncoder();
-        virtualStream.sendData(encoder.encode(logData));
+        try {
          await virtualStream.sendData(encoder.encode(logData));
        } catch {
          // Stream closed or errored — clean up to prevent interval leak
          clearInterval(intervalId!);
          intervalId = null;
        }
      }, 2000); // Send a log every 2 seconds
      // TODO: Hook into actual logger events
--- a/ts/opsserver/handlers/remoteingress.handler.ts
+++ b/ts/opsserver/handlers/remoteingress.handler.ts
@@ -117,8 +117,8 @@ export class RemoteIngressHandler {
            return { success: false, edge: null as any };
          }
-          // Sync allowed edges if enabled status changed
+          // Sync allowed edges — ports, tags, or enabled may have changed
-          if (tunnelManager && dataArg.enabled !== undefined) {
+          if (tunnelManager) {
            await tunnelManager.syncAllowedEdges();
          }
@@ -177,5 +177,46 @@ export class RemoteIngressHandler {
        },
      ),
    );
    // Get a connection token for an edge
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_GetRemoteIngressConnectionToken>(
        'getRemoteIngressConnectionToken',
        async (dataArg, toolsArg) => {
          const manager = this.opsServerRef.dcRouterRef.remoteIngressManager;
          if (!manager) {
            return { success: false, message: 'RemoteIngress not configured' };
          }
          const edge = manager.getEdge(dataArg.edgeId);
          if (!edge) {
            return { success: false, message: 'Edge not found' };
          }
          if (!edge.enabled) {
            return { success: false, message: 'Edge is disabled' };
          }
          const hubHost = dataArg.hubHost
            || this.opsServerRef.dcRouterRef.options.remoteIngressConfig?.hubDomain;
          if (!hubHost) {
            return {
              success: false,
              message: 'No hub hostname configured. Set hubDomain in remoteIngressConfig or provide hubHost.',
            };
          }
          const hubPort = this.opsServerRef.dcRouterRef.options.remoteIngressConfig?.tunnelPort ?? 8443;
          const token = plugins.remoteingress.encodeConnectionToken({
            hubHost,
            hubPort,
            edgeId: edge.id,
            secret: edge.secret,
          });
          return { success: true, token };
        },
      ),
    );
  }
 }
--- a/ts/opsserver/handlers/stats.handler.ts
+++ b/ts/opsserver/handlers/stats.handler.ts
@@ -2,6 +2,7 @@ import * as plugins from '../../plugins.js';
 import type { OpsServer } from '../classes.opsserver.js';
 import * as interfaces from '../../../ts_interfaces/index.js';
 import { MetricsManager } from '../../monitoring/index.js';
 import { SecurityLogger } from '../../security/classes.securitylogger.js';
 export class StatsHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();
@@ -203,6 +204,11 @@ export class StatsHandler {
          if (sections.email) {
            promises.push(
              this.collectEmailStats().then(stats => {
                // Get time-series data from MetricsManager
                const timeSeries = this.opsServerRef.dcRouterRef.metricsManager
                  ? this.opsServerRef.dcRouterRef.metricsManager.getEmailTimeSeries(24)
                  : undefined;
                metrics.email = {
                  sent: stats.sentToday,
                  received: stats.receivedToday,
@@ -212,6 +218,7 @@ export class StatsHandler {
                  averageDeliveryTime: 0,
                  deliveryRate: stats.deliveryRate,
                  bounceRate: stats.bounceRate,
                  timeSeries,
                };
              })
            );
@@ -220,6 +227,11 @@ export class StatsHandler {
          if (sections.dns) {
            promises.push(
              this.collectDnsStats().then(stats => {
                // Get time-series data from MetricsManager
                const timeSeries = this.opsServerRef.dcRouterRef.metricsManager
                  ? this.opsServerRef.dcRouterRef.metricsManager.getDnsTimeSeries(24)
                  : undefined;
                metrics.dns = {
                  totalQueries: stats.totalQueries,
                  cacheHits: stats.cacheHits,
@@ -228,6 +240,7 @@ export class StatsHandler {
                  activeDomains: stats.topDomains.length,
                  averageResponseTime: 0,
                  queryTypes: stats.queryTypes,
                  timeSeries,
                };
              })
            );
@@ -236,6 +249,19 @@ export class StatsHandler {
          if (sections.security && this.opsServerRef.dcRouterRef.metricsManager) {
            promises.push(
              this.opsServerRef.dcRouterRef.metricsManager.getSecurityStats().then(stats => {
                // Get recent events from the SecurityLogger singleton
                const securityLogger = SecurityLogger.getInstance();
                const recentEvents = securityLogger.getRecentEvents(50).map((evt) => ({
                  timestamp: evt.timestamp,
                  level: evt.level,
                  type: evt.type,
                  message: evt.message,
                  details: evt.details,
                  ipAddress: evt.ipAddress,
                  domain: evt.domain,
                  success: evt.success,
                }));
                metrics.security = {
                  blockedIPs: stats.blockedIPs,
                  reputationScores: {},
@@ -244,6 +270,7 @@ export class StatsHandler {
                  phishingDetected: stats.phishingDetected,
                  authenticationFailures: stats.authFailures,
                  suspiciousActivities: stats.totalThreatsBlocked,
                  recentEvents,
                };
              })
            );
--- a/ts/radius/classes.vlan.manager.ts
+++ b/ts/radius/classes.vlan.manager.ts
@@ -100,6 +100,14 @@ export class VlanManager {
    // Cache the result
    this.normalizedMacCache.set(mac, normalized);
    // Prevent unbounded cache growth
    if (this.normalizedMacCache.size > 10000) {
      const iterator = this.normalizedMacCache.keys();
      for (let i = 0; i < 1000; i++) {
        this.normalizedMacCache.delete(iterator.next().value);
      }
    }
    return normalized;
  }
--- a/ts/readme.md
+++ b/ts/readme.md
@@ -0,0 +1,146 @@
 # @serve.zone/dcrouter
 The core DcRouter package — a unified datacenter gateway orchestrator. 🚀
 This is the main entry point for DcRouter. It provides the `DcRouter` class that wires together SmartProxy, smartmta, SmartDNS, SmartRadius, RemoteIngress, and the OpsServer dashboard into a single cohesive service.
 ## Issue Reporting and Security
 For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 ## Installation
 ```bash
 pnpm add @serve.zone/dcrouter
 ```
 ## Usage
 ```typescript
 import { DcRouter } from '@serve.zone/dcrouter';
 const router = new DcRouter({
  smartProxyConfig: {
    routes: [
      {
        name: 'web-app',
        match: { domains: ['example.com'], ports: [443] },
        action: {
          type: 'forward',
          targets: [{ host: '192.168.1.10', port: 8080 }],
          tls: { mode: 'terminate', certificate: 'auto' }
        }
      }
    ],
    acme: { email: 'admin@example.com', enabled: true, useProduction: true }
  }
 });
 await router.start();
 // OpsServer dashboard at http://localhost:3000
 // Graceful shutdown
 await router.stop();
 ```
 ## Module Structure
 ```
 ts/
 ├── index.ts                        # Main exports (DcRouter, re-exported smartmta types)
 ├── classes.dcrouter.ts             # DcRouter orchestrator class + IDcRouterOptions
 ├── classes.cert-provision-scheduler.ts  # Per-domain cert backoff scheduler
 ├── classes.storage-cert-manager.ts # SmartAcme cert manager backed by StorageManager
 ├── logger.ts                       # Structured logging utility
 ├── paths.ts                        # Centralized data directory paths
 ├── plugins.ts                      # All dependency imports
 ├── cache/                          # Cache database (smartdata + LocalTsmDb)
 │   ├── classes.cachedb.ts          # CacheDb singleton
 │   ├── classes.cachecleaner.ts     # TTL-based cleanup
 │   └── documents/                  # Cached document models
 ├── config/                         # Configuration utilities
 ├── errors/                         # Error classes and retry logic
 ├── monitoring/                     # MetricsManager (SmartMetrics integration)
 ├── opsserver/                      # OpsServer dashboard + API handlers
 │   ├── classes.opsserver.ts        # HTTP server + TypedRouter setup
 │   └── handlers/                   # TypedRequest handlers by domain
 │       ├── admin.handler.ts        # Auth (login/logout/verify)
 │       ├── stats.handler.ts        # Statistics + health
 │       ├── config.handler.ts       # Configuration (read-only)
 │       ├── logs.handler.ts         # Log retrieval
 │       ├── email.handler.ts        # Email operations
 │       ├── certificate.handler.ts  # Certificate management
 │       ├── radius.handler.ts       # RADIUS management
 │       └── remoteingress.handler.ts # Remote ingress edge + token management
 ├── radius/                         # RADIUS server integration
 ├── remoteingress/                  # Remote ingress hub integration
 │   ├── classes.remoteingress-manager.ts  # Edge CRUD + port derivation
 │   └── classes.tunnel-manager.ts   # Rust hub lifecycle + status tracking
 ├── security/                       # Security utilities
 ├── sms/                            # SMS integration
 └── storage/                        # StorageManager (filesystem/custom/memory)
 ```
 ## Exports
 ```typescript
 // Main class
 export { DcRouter, IDcRouterOptions } from './classes.dcrouter.js';
 // Re-exported from smartmta
 export { UnifiedEmailServer } from '@push.rocks/smartmta';
 export type { IUnifiedEmailServerOptions, IEmailRoute, IEmailDomainConfig } from '@push.rocks/smartmta';
 // RADIUS
 export { RadiusServer, IRadiusServerConfig } from './radius/index.js';
 // Remote Ingress
 export { RemoteIngressManager, TunnelManager } from './remoteingress/index.js';
 ```
 ## Key Classes
 ### `DcRouter`
 The central orchestrator. Accepts `IDcRouterOptions` and manages the lifecycle of all sub-services:
 | Config Section | Service Started | Package |
 |----------------|----------------|---------|
 | `smartProxyConfig` | SmartProxy (HTTP/HTTPS/TCP/SNI) | `@push.rocks/smartproxy` |
 | `emailConfig` | UnifiedEmailServer (SMTP) | `@push.rocks/smartmta` |
 | `dnsNsDomains` + `dnsScopes` | DnsServer (UDP + DoH) | `@push.rocks/smartdns` |
 | `radiusConfig` | RadiusServer (auth + accounting) | `@push.rocks/smartradius` |
 | `remoteIngressConfig` | RemoteIngressManager + TunnelManager | `@serve.zone/remoteingress` |
 | `tls` + `dnsChallenge` | SmartAcme (ACME cert provisioning) | `@push.rocks/smartacme` |
 | `cacheConfig` | CacheDb (embedded MongoDB) | `@push.rocks/smartdata` |
 | *(always)* | OpsServer (dashboard + API) | `@api.global/typedserver` |
 | *(always)* | MetricsManager | `@push.rocks/smartmetrics` |
 ### `RemoteIngressManager`
 Manages CRUD for remote ingress edge registrations. Persists edges via StorageManager. Provides port derivation from routes tagged with `remoteIngress.enabled`.
 ### `TunnelManager`
 Manages the Rust-based RemoteIngressHub lifecycle. Syncs allowed edges, tracks connection status, and exposes edge statuses (connected, publicIp, activeTunnels, lastHeartbeat).
 ## License and Legal Information
 This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](../LICENSE) file.
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 ### Trademarks
 This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
 Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
 ### Company Information
 Task Venture Capital GmbH
 Registered at District Court Bremen HRB 35230 HB, Germany
 For any legal inquiries or further information, please contact us via email at hello@task.vc.
 By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.
--- a/ts/remoteingress/classes.remoteingress-manager.ts
+++ b/ts/remoteingress/classes.remoteingress-manager.ts
@@ -242,11 +242,15 @@ export class RemoteIngressManager {
  /**
   * Get the list of allowed edges (enabled only) for the Rust hub.
   */
-  public getAllowedEdges(): Array<{ id: string; secret: string }> {
+  public getAllowedEdges(): Array<{ id: string; secret: string; listenPorts: number[] }> {
-    const result: Array<{ id: string; secret: string }> = [];
+    const result: Array<{ id: string; secret: string; listenPorts: number[] }> = [];
    for (const edge of this.edges.values()) {
      if (edge.enabled) {
-        result.push({ id: edge.id, secret: edge.secret });
+        result.push({
          id: edge.id,
          secret: edge.secret,
          listenPorts: this.getEffectiveListenPorts(edge),
        });
      }
    }
    return result;
--- a/ts_interfaces/data/stats.ts
+++ b/ts_interfaces/data/stats.ts
@@ -26,6 +26,11 @@ export interface IServerStats {
  };
 }
 export interface ITimeSeriesPoint {
  timestamp: number;
  value: number;
 }
 export interface IEmailStats {
  sent: number;
  received: number;
@@ -35,6 +40,11 @@ export interface IEmailStats {
  averageDeliveryTime: number;
  deliveryRate: number;
  bounceRate: number;
  timeSeries?: {
    sent: ITimeSeriesPoint[];
    received: ITimeSeriesPoint[];
    failed: ITimeSeriesPoint[];
  };
 }
 export interface IDnsStats {
@@ -47,6 +57,9 @@ export interface IDnsStats {
  queryTypes: {
    [key: string]: number;
  };
  timeSeries?: {
    queries: ITimeSeriesPoint[];
  };
 }
 export interface IRateLimitInfo {
@@ -58,6 +71,17 @@ export interface IRateLimitInfo {
  blocked: boolean;
 }
 export interface ISecurityEvent {
  timestamp: number;
  level: string;
  type: string;
  message: string;
  details?: any;
  ipAddress?: string;
  domain?: string;
  success?: boolean;
 }
 export interface ISecurityMetrics {
  blockedIPs: string[];
  reputationScores: {
@@ -68,6 +92,7 @@ export interface ISecurityMetrics {
  phishingDetected: number;
  authenticationFailures: number;
  suspiciousActivities: number;
  recentEvents?: ISecurityEvent[];
 }
 export interface ILogEntry {
--- a/ts_interfaces/readme.md
+++ b/ts_interfaces/readme.md
@@ -82,6 +82,14 @@ interface IIdentity {
 | `INetworkMetrics` | Bandwidth, connection counts, top endpoints |
 | `ILogEntry` | Timestamp, level, category, message, metadata |
 #### Remote Ingress Interfaces
 | Interface | Description |
 |-----------|-------------|
 | `IRemoteIngress` | Edge registration: id, name, secret, listenPorts, enabled, autoDerivePorts, tags |
 | `IRemoteIngressStatus` | Runtime status: connected, publicIp, activeTunnels, lastHeartbeat |
 | `IRouteRemoteIngress` | Route-level config: enabled flag and optional edgeFilter |
 | `IDcRouterRouteConfig` | Extended SmartProxy route config with optional `remoteIngress` property |
 ### Request Interfaces (`requests`)
 TypedRequest interfaces for the OpsServer API, organized by domain:
@@ -134,6 +142,9 @@ TypedRequest interfaces for the OpsServer API, organized by domain:
 | `IReq_GetCertificateOverview` | `getCertificateOverview` | Domain-centric certificate status |
 | `IReq_ReprovisionCertificate` | `reprovisionCertificate` | Reprovision by route name (legacy) |
 | `IReq_ReprovisionCertificateDomain` | `reprovisionCertificateDomain` | Reprovision by domain (preferred) |
 | `IReq_ImportCertificate` | `importCertificate` | Import a certificate |
 | `IReq_ExportCertificate` | `exportCertificate` | Export a certificate |
 | `IReq_DeleteCertificate` | `deleteCertificate` | Delete a certificate |
 #### Certificate Types
 ```typescript
@@ -159,6 +170,17 @@ interface ICertificateInfo {
 }
 ```
 #### 🌍 Remote Ingress
 | Interface | Method | Description |
 |-----------|--------|-------------|
 | `IReq_CreateRemoteIngress` | `createRemoteIngress` | Register a new edge node |
 | `IReq_DeleteRemoteIngress` | `deleteRemoteIngress` | Remove an edge registration |
 | `IReq_UpdateRemoteIngress` | `updateRemoteIngress` | Update edge settings |
 | `IReq_RegenerateRemoteIngressSecret` | `regenerateRemoteIngressSecret` | Issue a new secret |
 | `IReq_GetRemoteIngresses` | `getRemoteIngresses` | List all edge registrations |
 | `IReq_GetRemoteIngressStatus` | `getRemoteIngressStatus` | Runtime status of all edges |
 | `IReq_GetRemoteIngressConnectionToken` | `getRemoteIngressConnectionToken` | Generate a connection token |
 #### 📡 RADIUS
 | Interface | Method | Description |
 |-----------|--------|-------------|
@@ -183,7 +205,7 @@ import { data, requests } from '@serve.zone/dcrouter-interfaces';
 // 1. Login
 const loginClient = new typedrequest.TypedRequest<requests.IReq_AdminLoginWithUsernameAndPassword>(
  'https://your-dcrouter:3000/typedrequest',
-  'adminLogin'
+  'adminLoginWithUsernameAndPassword'
 );
 const loginResponse = await loginClient.fire({
@@ -199,10 +221,8 @@ const metricsClient = new typedrequest.TypedRequest<requests.IReq_GetCombinedMet
 );
 const metrics = await metricsClient.fire({ identity });
-console.log('Server:', metrics.serverStats);
+console.log('Server:', metrics.metrics.server);
-console.log('Email:', metrics.emailStats);
+console.log('Email:', metrics.metrics.email);
 console.log('DNS:', metrics.dnsStats);
 console.log('Security:', metrics.securityMetrics);
 // 3. Check certificate status
 const certClient = new typedrequest.TypedRequest<requests.IReq_GetCertificateOverview>(
@@ -213,14 +233,23 @@ const certClient = new typedrequest.TypedRequest<requests.IReq_GetCertificateOve
 const certs = await certClient.fire({ identity });
 console.log(`Certificates: ${certs.summary.valid} valid, ${certs.summary.failed} failed`);
-// 4. Check email queues
+// 4. List remote ingress edges
-const queueClient = new typedrequest.TypedRequest<requests.IReq_GetQueuedEmails>(
+const edgesClient = new typedrequest.TypedRequest<requests.IReq_GetRemoteIngresses>(
  'https://your-dcrouter:3000/typedrequest',
-  'getQueuedEmails'
+  'getRemoteIngresses'
 );
-const queued = await queueClient.fire({ identity });
+const edges = await edgesClient.fire({ identity });
-console.log('Queued emails:', queued.emails.length);
+console.log('Registered edges:', edges.edges.length);
 // 5. Generate a connection token for an edge
 const tokenClient = new typedrequest.TypedRequest<requests.IReq_GetRemoteIngressConnectionToken>(
  'https://your-dcrouter:3000/typedrequest',
  'getRemoteIngressConnectionToken'
 );
 const tokenResponse = await tokenClient.fire({ identity, edgeId: edges.edges[0].id });
 console.log('Connection token:', tokenResponse.token);
 ```
 ## License and Legal Information
--- a/ts_interfaces/requests/remoteingress.ts
+++ b/ts_interfaces/requests/remoteingress.ts
@@ -117,3 +117,24 @@ export interface IReq_GetRemoteIngressStatus extends plugins.typedrequestInterfa
    statuses: IRemoteIngressStatus[];
  };
 }
 /**
 * Get a connection token for a remote ingress edge.
 * The token is a single opaque base64url string that encodes hubHost, hubPort, edgeId, and secret.
 */
 export interface IReq_GetRemoteIngressConnectionToken extends plugins.typedrequestInterfaces.implementsTR<
  plugins.typedrequestInterfaces.ITypedRequest,
  IReq_GetRemoteIngressConnectionToken
 > {
  method: 'getRemoteIngressConnectionToken';
  request: {
    identity?: authInterfaces.IIdentity;
    edgeId: string;
    hubHost?: string;
  };
  response: {
    success: boolean;
    token?: string;
    message?: string;
  };
 }
--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '6.10.0',
+  version: '7.2.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts_web/appstate.ts
+++ b/ts_web/appstate.ts
@@ -200,7 +200,7 @@ export interface IRemoteIngressState {
  edges: interfaces.data.IRemoteIngress[];
  statuses: interfaces.data.IRemoteIngressStatus[];
  selectedEdgeId: string | null;
-  newEdgeSecret: string | null;
+  newEdgeId: string | null;
  isLoading: boolean;
  error: string | null;
  lastUpdated: number;
@@ -212,7 +212,7 @@ export const remoteIngressStatePart = await appState.getStatePart<IRemoteIngress
    edges: [],
    statuses: [],
    selectedEdgeId: null,
-    newEdgeSecret: null,
+    newEdgeId: null,
    isLoading: false,
    error: null,
    lastUpdated: 0,
@@ -854,6 +854,18 @@ export async function fetchCertificateExport(domain: string) {
  });
 }
 // ============================================================================
 // Remote Ingress Standalone Functions
 // ============================================================================
 export async function fetchConnectionToken(edgeId: string) {
  const context = getActionContext();
  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
    interfaces.requests.IReq_GetRemoteIngressConnectionToken
  >('/typedrequest', 'getRemoteIngressConnectionToken');
  return request.fire({ identity: context.identity, edgeId });
 }
 // ============================================================================
 // Remote Ingress Actions
 // ============================================================================
@@ -916,11 +928,12 @@ export const createRemoteIngressAction = remoteIngressStatePart.createAction<{
    });
    if (response.success) {
-      // Refresh the list and store the new secret for display
+      // Refresh the list
      await remoteIngressStatePart.dispatchAction(fetchRemoteIngressAction, null);
      return {
        ...statePartArg.getState(),
-        newEdgeSecret: response.edge.secret,
+        newEdgeId: response.edge.id,
      };
    }
@@ -1011,7 +1024,7 @@ export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.create
      if (response.success) {
        return {
          ...currentState,
-          newEdgeSecret: response.secret,
+          newEdgeId: edgeId,
        };
      }
@@ -1025,11 +1038,11 @@ export const regenerateRemoteIngressSecretAction = remoteIngressStatePart.create
  }
 );
-export const clearNewEdgeSecretAction = remoteIngressStatePart.createAction(
+export const clearNewEdgeIdAction = remoteIngressStatePart.createAction(
  async (statePartArg) => {
    return {
      ...statePartArg.getState(),
-      newEdgeSecret: null,
+      newEdgeId: null,
    };
  }
 );
--- a/ts_web/elements/ops-view-certificates.ts
+++ b/ts_web/elements/ops-view-certificates.ts
@@ -382,7 +382,7 @@ export class OpsViewCertificates extends DeesElement {
          },
          {
            name: 'View Details',
-            iconName: 'lucide:Search',
+            iconName: 'fa:magnifyingGlass',
            type: ['doubleClick', 'contextmenu'],
            actionFunc: async (actionData: { item: interfaces.requests.ICertificateInfo }) => {
              const cert = actionData.item;
--- a/ts_web/elements/ops-view-logs.ts
+++ b/ts_web/elements/ops-view-logs.ts
@@ -20,6 +20,15 @@ export class OpsViewLogs extends DeesElement {
    filters: {},
  };
  @state()
  accessor filterLevel: string | undefined;
  @state()
  accessor filterCategory: string | undefined;
  @state()
  accessor filterLimit: number = 100;
  constructor() {
    super();
    const subscription = appstate.logStatePart
@@ -46,87 +55,20 @@ export class OpsViewLogs extends DeesElement {
        align-items: center;
        gap: 8px;
      }
      .logContainer {
        background: ${cssManager.bdTheme('#f8f9fa', '#1e1e1e')};
        border-radius: 8px;
        padding: 16px;
        max-height: 600px;
        overflow-y: auto;
        font-family: 'Consolas', 'Monaco', monospace;
        font-size: 13px;
      }
      .logEntry {
        margin-bottom: 8px;
        line-height: 1.5;
      }
      .logTimestamp {
        color: ${cssManager.bdTheme('#7a7a7a', '#7a7a7a')};
        margin-right: 8px;
      }
      .logLevel {
        font-weight: bold;
        margin-right: 8px;
        padding: 2px 6px;
        border-radius: 3px;
        font-size: 11px;
      }
      .logLevel.debug { 
        color: ${cssManager.bdTheme('#6a9955', '#6a9955')}; 
        background: ${cssManager.bdTheme('rgba(106, 153, 85, 0.1)', 'rgba(106, 153, 85, 0.1)')};
      }
      .logLevel.info { 
        color: ${cssManager.bdTheme('#569cd6', '#569cd6')}; 
        background: ${cssManager.bdTheme('rgba(86, 156, 214, 0.1)', 'rgba(86, 156, 214, 0.1)')};
      }
      .logLevel.warn { 
        color: ${cssManager.bdTheme('#ce9178', '#ce9178')}; 
        background: ${cssManager.bdTheme('rgba(206, 145, 120, 0.1)', 'rgba(206, 145, 120, 0.1)')};
      }
      .logLevel.error { 
        color: ${cssManager.bdTheme('#f44747', '#f44747')}; 
        background: ${cssManager.bdTheme('rgba(244, 71, 71, 0.1)', 'rgba(244, 71, 71, 0.1)')};
      }
      .logCategory {
        color: ${cssManager.bdTheme('#c586c0', '#c586c0')};
        margin-right: 8px;
      }
      .logMessage {
        color: ${cssManager.bdTheme('#333', '#d4d4d4')};
      }
      .noLogs {
        color: ${cssManager.bdTheme('#7a7a7a', '#7a7a7a')};
        text-align: center;
        padding: 40px;
      }
    `,
  ];
  public render() {
    return html`
      <ops-sectionheading>Logs</ops-sectionheading>
-      
+
      <div class="controls">
        <div class="filterGroup">
-          <dees-button 
+          <dees-button
            @click=${() => this.fetchLogs()}
          >
            Refresh Logs
          </dees-button>
          <dees-button 
            @click=${() => this.toggleStreaming()}
            .type=${this.logState.isStreaming ? 'highlighted' : 'normal'}
          >
            ${this.logState.isStreaming ? 'Stop Streaming' : 'Start Streaming'}
          </dees-button>
        </div>
        <div class="filterGroup">
@@ -134,7 +76,7 @@ export class OpsViewLogs extends DeesElement {
          <dees-input-dropdown
            .options=${['all', 'debug', 'info', 'warn', 'error']}
            .selectedOption=${'all'}
-            @selectedOption=${(e) => this.updateFilter('level', e.detail)}
+            @selectedOption=${(e: any) => this.updateFilter('level', e.detail)}
          ></dees-input-dropdown>
        </div>
@@ -143,7 +85,7 @@ export class OpsViewLogs extends DeesElement {
          <dees-input-dropdown
            .options=${['all', 'smtp', 'dns', 'security', 'system', 'email']}
            .selectedOption=${'all'}
-            @selectedOption=${(e) => this.updateFilter('category', e.detail)}
+            @selectedOption=${(e: any) => this.updateFilter('category', e.detail)}
          ></dees-input-dropdown>
        </div>
@@ -152,56 +94,78 @@ export class OpsViewLogs extends DeesElement {
          <dees-input-dropdown
            .options=${['50', '100', '200', '500']}
            .selectedOption=${'100'}
-            @selectedOption=${(e) => this.updateFilter('limit', e.detail)}
+            @selectedOption=${(e: any) => this.updateFilter('limit', e.detail)}
          ></dees-input-dropdown>
        </div>
      </div>
-      <div class="logContainer">
+      <dees-chart-log
-        ${this.logState.recentLogs.length > 0 ? 
+        .label=${'Application Logs'}
-          this.logState.recentLogs.map(log => html`
+        .autoScroll=${true}
-            <div class="logEntry">
+        .maxEntries=${2000}
-              <span class="logTimestamp">${new Date(log.timestamp).toLocaleTimeString()}</span>
+        .showMetrics=${true}
-              <span class="logLevel ${log.level}">${log.level.toUpperCase()}</span>
+      ></dees-chart-log>
              <span class="logCategory">[${log.category}]</span>
              <span class="logMessage">${log.message}</span>
            </div>
          `) : html`
            <div class="noLogs">No logs to display</div>
          `
        }
      </div>
    `;
  }
  async connectedCallback() {
    super.connectedCallback();
    this.fetchLogs();
  }
  async updated(changedProperties: Map<string, any>) {
    super.updated(changedProperties);
    if (changedProperties.has('logState')) {
      this.pushLogsToChart();
    }
  }
  private async pushLogsToChart() {
    const chartLog = this.shadowRoot?.querySelector('dees-chart-log') as any;
    if (!chartLog) return;
    // Ensure the chart element has finished its own initialization
    await chartLog.updateComplete;
    chartLog.clearLogs();
    const entries = this.getMappedLogEntries();
    if (entries.length > 0) {
      chartLog.updateLog(entries);
    }
  }
  private getMappedLogEntries() {
    return this.logState.recentLogs.map((log) => ({
      timestamp: new Date(log.timestamp).toISOString(),
      level: log.level as 'debug' | 'info' | 'warn' | 'error',
      message: log.message,
      source: log.category,
    }));
  }
  private async fetchLogs() {
    const filters = this.getActiveFilters();
    await appstate.logStatePart.dispatchAction(appstate.fetchRecentLogsAction, {
-      limit: filters.limit || 100,
+      limit: this.filterLimit,
-      level: filters.level as 'debug' | 'info' | 'warn' | 'error' | undefined,
+      level: this.filterLevel as 'debug' | 'info' | 'warn' | 'error' | undefined,
-      category: filters.category as 'smtp' | 'dns' | 'security' | 'system' | 'email' | undefined,
+      category: this.filterCategory as 'smtp' | 'dns' | 'security' | 'system' | 'email' | undefined,
    });
  }
  private updateFilter(type: string, value: string) {
-    if (value === 'all') {
+    const resolved = value === 'all' ? undefined : value;
-      value = undefined;
+
    switch (type) {
      case 'level':
        this.filterLevel = resolved;
        break;
      case 'category':
        this.filterCategory = resolved;
        break;
      case 'limit':
        this.filterLimit = resolved ? parseInt(resolved, 10) : 100;
        break;
    }
-    
+
    // Update filters then fetch logs
    this.fetchLogs();
  }
-
+}
  private getActiveFilters() {
    return {
      level: this.logState.filters.level?.[0],
      category: this.logState.filters.category?.[0],
      limit: 100,
    };
  }
  private toggleStreaming() {
    // TODO: Implement log streaming with VirtualStream
    console.log('Streaming toggle not yet implemented');
  }
 }
--- a/ts_web/elements/ops-view-network.ts
+++ b/ts_web/elements/ops-view-network.ts
@@ -287,7 +287,7 @@ export class OpsViewNetwork extends DeesElement {
          .dataActions=${[
            {
              name: 'View Details',
-              iconName: 'lucide:Search',
+              iconName: 'fa:magnifyingGlass',
              type: ['inRow', 'doubleClick', 'contextmenu'],
              actionFunc: async (actionData) => {
                await this.showRequestDetails(actionData.item);
@@ -435,7 +435,7 @@ export class OpsViewNetwork extends DeesElement {
        actions: [
          {
            name: 'View Details',
-            iconName: 'lucide:Search',
+            iconName: 'fa:magnifyingGlass',
            action: async () => {
            },
          },
--- a/ts_web/elements/ops-view-overview.ts
+++ b/ts_web/elements/ops-view-overview.ts
@@ -26,14 +26,36 @@ export class OpsViewOverview extends DeesElement {
    error: null,
  };
  @state()
  accessor logState: appstate.ILogState = {
    recentLogs: [],
    isStreaming: false,
    filters: {},
  };
  constructor() {
    super();
-    const subscription = appstate.statsStatePart
+    const statsSub = appstate.statsStatePart
      .select((stateArg) => stateArg)
      .subscribe((statsState) => {
        this.statsState = statsState;
      });
-    this.rxSubscriptions.push(subscription);
+    this.rxSubscriptions.push(statsSub);
    const logSub = appstate.logStatePart
      .select((stateArg) => stateArg)
      .subscribe((logState) => {
        this.logState = logState;
      });
    this.rxSubscriptions.push(logSub);
  }
  async connectedCallback() {
    super.connectedCallback();
    // Ensure logs are fetched for the overview charts
    if (this.logState.recentLogs.length === 0) {
      appstate.logStatePart.dispatchAction(appstate.fetchRecentLogsAction, { limit: 100 });
    }
  }
  public static styles = [
@@ -96,10 +118,24 @@ export class OpsViewOverview extends DeesElement {
        ${this.renderDnsStats()}
        <div class="chartGrid">
-          <dees-chart-area .label=${'Email Traffic (24h)'} .data=${[]}></dees-chart-area>
+          <dees-chart-area
-          <dees-chart-area .label=${'DNS Queries (24h)'} .data=${[]}></dees-chart-area>
+            .label=${'Email Traffic (24h)'}
-          <dees-chart-log .label=${'Recent Events'} .data=${[]}></dees-chart-log>
+            .series=${this.getEmailTrafficSeries()}
-          <dees-chart-log .label=${'Security Alerts'} .data=${[]}></dees-chart-log>
+            .yAxisFormatter=${(val: number) => `${val}`}
          ></dees-chart-area>
          <dees-chart-area
            .label=${'DNS Queries (24h)'}
            .series=${this.getDnsQuerySeries()}
            .yAxisFormatter=${(val: number) => `${val}`}
          ></dees-chart-area>
          <dees-chart-log
            .label=${'Recent Events'}
            .logEntries=${this.getRecentEventEntries()}
          ></dees-chart-log>
          <dees-chart-log
            .label=${'Security Alerts'}
            .logEntries=${this.getSecurityAlertEntries()}
          ></dees-chart-log>
        </div>
      `}
    `;
@@ -337,4 +373,42 @@ export class OpsViewOverview extends DeesElement {
      <dees-statsgrid .tiles=${tiles}></dees-statsgrid>
    `;
  }
  // --- Chart data helpers ---
  private getRecentEventEntries(): Array<{ timestamp: string; level: 'debug' | 'info' | 'warn' | 'error' | 'success'; message: string; source?: string }> {
    return this.logState.recentLogs.map((log) => ({
      timestamp: new Date(log.timestamp).toISOString(),
      level: log.level as 'debug' | 'info' | 'warn' | 'error',
      message: log.message,
      source: log.category,
    }));
  }
  private getSecurityAlertEntries(): Array<{ timestamp: string; level: 'debug' | 'info' | 'warn' | 'error' | 'success'; message: string; source?: string }> {
    const events: any[] = this.statsState.securityMetrics?.recentEvents || [];
    return events.map((evt: any) => ({
      timestamp: new Date(evt.timestamp).toISOString(),
      level: evt.level === 'critical' || evt.level === 'error' ? 'error' as const : evt.level === 'warn' ? 'warn' as const : 'info' as const,
      message: evt.message,
      source: evt.type,
    }));
  }
  private getEmailTrafficSeries(): Array<{ name: string; color: string; data: Array<{ x: number; y: number }> }> {
    const ts = this.statsState.emailStats?.timeSeries;
    if (!ts) return [];
    return [
      { name: 'Sent', color: '#22c55e', data: (ts.sent || []).map((p: any) => ({ x: p.timestamp, y: p.value })) },
      { name: 'Received', color: '#3b82f6', data: (ts.received || []).map((p: any) => ({ x: p.timestamp, y: p.value })) },
    ];
  }
  private getDnsQuerySeries(): Array<{ name: string; color: string; data: Array<{ x: number; y: number }> }> {
    const ts = this.statsState.dnsStats?.timeSeries;
    if (!ts) return [];
    return [
      { name: 'Queries', color: '#8b5cf6', data: (ts.queries || []).map((p: any) => ({ x: p.timestamp, y: p.value })) },
    ];
  }
 }
--- a/ts_web/elements/ops-view-remoteingress.ts
+++ b/ts_web/elements/ops-view-remoteingress.ts
@@ -176,13 +176,39 @@ export class OpsViewRemoteIngress extends DeesElement {
    return html`
      <ops-sectionheading>Remote Ingress</ops-sectionheading>
-      ${this.riState.newEdgeSecret ? html`
+      ${this.riState.newEdgeId ? html`
        <div class="secretDialog">
-          <strong>Edge Secret (copy now - shown only once):</strong>
+          <strong>Edge created successfully!</strong>
-          <code>${this.riState.newEdgeSecret}</code>
+          <div class="warning">Copy the connection token now. Use it with edge.start({ token: '...' }).</div>
          <div class="warning">This secret will not be shown again. Save it securely.</div>
          <dees-button
-            @click=${() => appstate.remoteIngressStatePart.dispatchAction(appstate.clearNewEdgeSecretAction, null)}
+            @click=${async () => {
              const { DeesToast } = await import('@design.estate/dees-catalog');
              try {
                const response = await appstate.fetchConnectionToken(this.riState.newEdgeId);
                if (response.success && response.token) {
                  if (navigator.clipboard && typeof navigator.clipboard.writeText === 'function') {
                    await navigator.clipboard.writeText(response.token);
                  } else {
                    const textarea = document.createElement('textarea');
                    textarea.value = response.token;
                    textarea.style.position = 'fixed';
                    textarea.style.opacity = '0';
                    document.body.appendChild(textarea);
                    textarea.select();
                    document.execCommand('copy');
                    document.body.removeChild(textarea);
                  }
                  DeesToast.show({ message: 'Connection token copied!', type: 'success', duration: 3000 });
                } else {
                  DeesToast.show({ message: response.message || 'Failed to get token', type: 'error', duration: 4000 });
                }
              } catch (err) {
                DeesToast.show({ message: `Failed: ${err.message}`, type: 'error', duration: 4000 });
              }
            }}
          >Copy Connection Token</dees-button>
          <dees-button
            @click=${() => appstate.remoteIngressStatePart.dispatchAction(appstate.clearNewEdgeIdAction, null)}
          >Dismiss</dees-button>
        </div>
      ` : ''}
@@ -346,6 +372,38 @@ export class OpsViewRemoteIngress extends DeesElement {
                );
              },
            },
            {
              name: 'Copy Token',
              iconName: 'lucide:ClipboardCopy',
              type: ['inRow', 'contextmenu'] as any,
              actionFunc: async (actionData: any) => {
                const edge = actionData.item as interfaces.data.IRemoteIngress;
                const { DeesToast } = await import('@design.estate/dees-catalog');
                try {
                  const response = await appstate.fetchConnectionToken(edge.id);
                  if (response.success && response.token) {
                    // Use clipboard API with fallback for non-HTTPS contexts
                    if (navigator.clipboard && typeof navigator.clipboard.writeText === 'function') {
                      await navigator.clipboard.writeText(response.token);
                    } else {
                      const textarea = document.createElement('textarea');
                      textarea.value = response.token;
                      textarea.style.position = 'fixed';
                      textarea.style.opacity = '0';
                      document.body.appendChild(textarea);
                      textarea.select();
                      document.execCommand('copy');
                      document.body.removeChild(textarea);
                    }
                    DeesToast.show({ message: `Connection token copied for ${edge.name}`, type: 'success', duration: 3000 });
                  } else {
                    DeesToast.show({ message: response.message || 'Failed to get token', type: 'error', duration: 4000 });
                  }
                } catch (err) {
                  DeesToast.show({ message: `Failed: ${err.message}`, type: 'error', duration: 4000 });
                }
              },
            },
            {
              name: 'Delete',
              iconName: 'lucide:trash2',
--- a/ts_web/elements/ops-view-security.ts
+++ b/ts_web/elements/ops-view-security.ts
@@ -249,7 +249,14 @@ export class OpsViewSecurity extends DeesElement {
  private renderOverview(metrics: any) {
    const threatLevel = this.calculateThreatLevel(metrics);
    const threatScore = this.getThreatScore(metrics);
-    
+
    // Derive active sessions from recent successful auth events (last hour)
    const allEvents: any[] = metrics.recentEvents || [];
    const oneHourAgo = Date.now() - 3600000;
    const recentAuthSuccesses = allEvents.filter(
      (evt: any) => evt.type === 'authentication' && evt.success === true && evt.timestamp >= oneHourAgo
    ).length;
    const tiles: IStatsTile[] = [
      {
        id: 'threatLevel',
@@ -271,7 +278,7 @@ export class OpsViewSecurity extends DeesElement {
      {
        id: 'blockedThreats',
        title: 'Blocked Threats',
-        value: metrics.blockedIPs.length + metrics.spamDetected,
+        value: (metrics.blockedIPs?.length || 0) + metrics.spamDetected,
        type: 'number',
        icon: 'lucide:ShieldCheck',
        color: '#ef4444',
@@ -280,11 +287,11 @@ export class OpsViewSecurity extends DeesElement {
      {
        id: 'activeSessions',
        title: 'Active Sessions',
-        value: 0,
+        value: recentAuthSuccesses,
        type: 'number',
        icon: 'lucide:Users',
        color: '#22c55e',
-        description: 'Current authenticated sessions',
+        description: 'Authenticated in last hour',
      },
      {
        id: 'authFailures',
@@ -349,6 +356,11 @@ export class OpsViewSecurity extends DeesElement {
  }
  private renderAuthentication(metrics: any) {
    // Derive auth events from recentEvents
    const allEvents: any[] = metrics.recentEvents || [];
    const authEvents = allEvents.filter((evt: any) => evt.type === 'authentication');
    const successfulLogins = authEvents.filter((evt: any) => evt.success === true).length;
    const tiles: IStatsTile[] = [
      {
        id: 'authFailures',
@@ -362,7 +374,7 @@ export class OpsViewSecurity extends DeesElement {
      {
        id: 'successfulLogins',
        title: 'Successful Logins',
-        value: 0,
+        value: successfulLogins,
        type: 'number',
        icon: 'lucide:Lock',
        color: '#22c55e',
@@ -370,6 +382,15 @@ export class OpsViewSecurity extends DeesElement {
      },
    ];
    // Map auth events to login history table data
    const loginHistory = authEvents.map((evt: any) => ({
      timestamp: evt.timestamp,
      username: evt.details?.username || 'unknown',
      ipAddress: evt.ipAddress || 'unknown',
      success: evt.success ?? false,
      reason: evt.success ? '' : evt.message || 'Authentication failed',
    }));
    return html`
      <dees-statsgrid
        .tiles=${tiles}
@@ -380,7 +401,7 @@ export class OpsViewSecurity extends DeesElement {
      <dees-table
        .heading1=${'Login History'}
        .heading2=${'Recent authentication attempts'}
-        .data=${[]}
+        .data=${loginHistory}
        .displayFunction=${(item) => ({
          'Time': new Date(item.timestamp).toLocaleString(),
          'Username': item.username,
@@ -483,48 +504,38 @@ export class OpsViewSecurity extends DeesElement {
  private getThreatScore(metrics: any): number {
    // Simple scoring algorithm
    let score = 100;
-    score -= metrics.blockedIPs.length * 2;
+    const blockedCount = Array.isArray(metrics.blockedIPs) ? metrics.blockedIPs.length : (metrics.blockedIPs || 0);
-    score -= metrics.authenticationFailures * 1;
+    score -= blockedCount * 2;
-    score -= metrics.spamDetected * 0.5;
+    score -= (metrics.authenticationFailures || 0) * 1;
-    score -= metrics.malwareDetected * 3;
+    score -= (metrics.spamDetected || 0) * 0.5;
-    score -= metrics.phishingDetected * 3;
+    score -= (metrics.malwareDetected || 0) * 3;
-    score -= metrics.suspiciousActivities * 2;
+    score -= (metrics.phishingDetected || 0) * 3;
    score -= (metrics.suspiciousActivities || 0) * 2;
    return Math.max(0, Math.min(100, Math.round(score)));
  }
  private getSecurityEvents(metrics: any): any[] {
-    // Mock data - in real implementation, this would come from the server
+    const events: any[] = metrics.recentEvents || [];
-    return [
+    return events.map((evt: any) => ({
-      {
+      timestamp: evt.timestamp,
-        timestamp: Date.now() - 1000 * 60 * 5,
+      event: evt.message,
-        event: 'Multiple failed login attempts',
+      severity: evt.level === 'critical' ? 'critical' : evt.level === 'error' ? 'high' : evt.level === 'warn' ? 'warning' : 'info',
-        severity: 'warning',
+      details: evt.ipAddress ? `IP: ${evt.ipAddress}` : evt.domain ? `Domain: ${evt.domain}` : evt.type,
-        details: 'IP: 192.168.1.100',
+    }));
      },
      {
        timestamp: Date.now() - 1000 * 60 * 15,
        event: 'SPF check failed',
        severity: 'medium',
        details: 'Domain: example.com',
      },
      {
        timestamp: Date.now() - 1000 * 60 * 30,
        event: 'IP blocked due to spam',
        severity: 'high',
        details: 'IP: 10.0.0.1',
      },
    ];
  }
  private async clearBlockedIPs() {
-    console.log('Clear blocked IPs');
+    // SmartProxy manages IP blocking — not yet exposed via API
    alert('Clearing blocked IPs is not yet supported from the UI.');
  }
  private async unblockIP(ip: string) {
-    console.log('Unblock IP:', ip);
+    // SmartProxy manages IP blocking — not yet exposed via API
    alert(`Unblocking IP ${ip} is not yet supported from the UI.`);
  }
  private async saveEmailSecuritySettings() {
-    console.log('Save email security settings');
+    // Config is read-only from the UI for now
    alert('Email security settings are read-only. Update the dcrouter configuration file to change these settings.');
  }
 }
--- a/ts_web/readme.md
+++ b/ts_web/readme.md
@@ -40,6 +40,15 @@ For reporting bugs, issues, or security vulnerabilities, please visit [community
 - Expiry date monitoring and alerts
 - Per-domain backoff status for failed provisions
 - One-click reprovisioning per domain
 - Certificate import, export, and deletion
 ### 🌍 Remote Ingress Management
 - Edge node registration with name, ports, and tags
 - Real-time connection status (connected/disconnected/disabled)
 - Public IP and active tunnel count per edge
 - Auto-derived port display with manual/derived breakdown
 - **Connection token generation** — one-click "Copy Token" for easy edge provisioning
 - Enable/disable, edit, secret regeneration, and delete actions
 ### 📜 Log Viewer
 - Real-time log streaming
@@ -85,6 +94,7 @@ ts_web/
    ├── ops-view-network.ts   # Network monitoring
    ├── ops-view-emails.ts    # Email queue management
    ├── ops-view-certificates.ts  # Certificate overview & reprovisioning
    ├── ops-view-remoteingress.ts # Remote ingress edge management
    ├── ops-view-logs.ts      # Log viewer
    ├── ops-view-config.ts    # Configuration display
    ├── ops-view-security.ts  # Security dashboard
@@ -106,6 +116,8 @@ The app uses `@push.rocks/smartstate` with multiple state parts:
 | `logStatePart` | Soft | Recent logs, streaming status, filters |
 | `networkStatePart` | Soft | Connections, IPs, throughput rates |
 | `emailOpsStatePart` | Soft | Email queues, bounces, suppression list |
 | `certificateStatePart` | Soft | Certificate list, summary, loading state |
 | `remoteIngressStatePart` | Soft | Edge list, statuses, new edge secret |
 ### Actions
@@ -128,6 +140,23 @@ fetchSecurityIncidentsAction()     // Security events
 fetchBounceRecordsAction()         // Bounce records
 resendEmailAction(emailId)         // Re-queue failed email
 removeFromSuppressionAction(email) // Remove from suppression list
 // Certificates
 fetchCertificateOverviewAction()   // All certificates with summary
 reprovisionCertificateAction(domain) // Reprovision a certificate
 deleteCertificateAction(domain)    // Delete a certificate
 importCertificateAction(cert)      // Import a certificate
 fetchCertificateExport(domain)     // Export (standalone function)
 // Remote Ingress
 fetchRemoteIngressAction()         // Edges + statuses
 createRemoteIngressAction(data)    // Create new edge
 updateRemoteIngressAction(data)    // Update edge settings
 deleteRemoteIngressAction(id)      // Remove edge
 regenerateRemoteIngressSecretAction(id) // New secret
 toggleRemoteIngressAction(id, enabled)  // Enable/disable
 clearNewEdgeSecretAction()         // Dismiss secret banner
 fetchConnectionToken(edgeId)       // Get connection token (standalone function)
 ```
 ### Client-Side Routing
@@ -141,6 +170,7 @@ removeFromSuppressionAction(email) // Remove from suppression list
  /emails/failed    → Failed emails
  /emails/security  → Security incidents
 /certificates    → Certificate management
 /remoteingress   → Remote ingress edge management
 /logs            → Log viewer
 /configuration   → System configuration
 /security        → Security dashboard
Author	SHA1	Message	Date
Juergen Kunz	2a94ffd4c9	v7.2.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-20 12:55:20 +00:00
Juergen Kunz	b2fe6caf33	feat(logs): replace custom logs list with dees-chart-log component and push logs to chart, add log mapping and lifecycle sync, and bump smartlog dependency	2026-02-20 12:55:20 +00:00
Juergen Kunz	822bbc1957	v7.1.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-19 17:23:43 +00:00
Juergen Kunz	eacddc7ce1	feat(ops/monitoring): add in-memory log buffer, metrics time-series and ops UI integration	2026-02-19 17:23:43 +00:00
Juergen Kunz	dc6ce341bd	v7.0.1 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-19 14:36:11 +00:00
Juergen Kunz	1aadc93f92	fix(monitoring): Use smartMetrics cpuPercentage for cpuUsage.user and update smartmetrics and smartproxy dependencies	2026-02-19 14:36:11 +00:00
Juergen Kunz	8fdcd479d6	v7.0.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-19 10:16:23 +00:00
Juergen Kunz	d24dde8eff	BREAKING CHANGE(deps): bump dependencies: @serve.zone/remoteingress to ^4.0.0 (breaking), @push.rocks/smartproxy to ^25.7.6, @types/node to ^25.3.0	2026-02-19 10:16:23 +00:00
Juergen Kunz	40a34073e9	v6.13.2 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-19 08:33:41 +00:00
Juergen Kunz	9ac297c197	fix(runtime): prevent memory leaks and improve shutdown/stream handling across services	2026-02-19 08:33:41 +00:00
Juergen Kunz	ddd0662fb8	v6.13.1 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-18 22:56:18 +00:00
Juergen Kunz	11bc0dde6c	fix(dcrouter): enable PROXY protocol v1 handling for SmartProxy when remoteIngress is enabled to preserve client IPs	2026-02-18 22:56:18 +00:00
Juergen Kunz	610d691244	v6.13.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-18 21:35:18 +00:00
Juergen Kunz	c88410ea53	feat(remoteingress): include listenPorts for allowed edges sent to the Rust hub and always resync allowed edges when edge properties change	2026-02-18 21:35:18 +00:00
Juergen Kunz	9cbdd24281	v6.12.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-18 18:47:18 +00:00
Juergen Kunz	dce1de8c4b	feat(remote-ingress): add Remote Ingress hub integration, OpsServer UI, APIs, and docs	2026-02-18 18:47:18 +00:00
Juergen Kunz	86e6c4f600	v6.11.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-18 06:05:46 +00:00
Juergen Kunz	0618755236	feat(remoteingress): add ability to generate remote ingress connection tokens and UI copy action; add hubDomain config option; update remoteingress dependency to ^3.1.1	2026-02-18 06:05:46 +00:00