v6.10.0

feat(ops-view-certificates): Make Export and Delete actions available inline (inRow) as well as in the context menu; bump @design.estate/dees-catalog to ^3.43.0
v6.9.0
2026-02-17 17:49:12 +00:00 · 2026-02-17 17:49:12 +00:00 · 2026-02-17 16:28:33 +00:00 · 2026-02-17 16:28:33 +00:00
9 changed files with 525 additions and 66 deletions
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,20 @@
 # Changelog

+## 2026-02-17 - 6.10.0 - feat(ops-view-certificates)
+Make Export and Delete actions available inline (inRow) as well as in the context menu; bump @design.estate/dees-catalog to ^3.43.0
+
+- Added 'inRow' to action types for 'Export' and 'Delete' in ts_web/elements/ops-view-certificates.ts to expose actions inline in the row
+- Updated dependency @design.estate/dees-catalog from ^3.42.2 to ^3.43.0 in package.json
+
+## 2026-02-17 - 6.9.0 - feat(certificates)
+add certificate import, export, and deletion support (server handlers, request types, and UI)
+
+- Add typed request handlers in opsserver: deleteCertificate, exportCertificate, importCertificate (ts/opsserver/handlers/certificate.handler.ts)
+- Implement deleteCertificate/exportCertificate/importCertificate functions handling storage paths, in-memory status map updates, backoff clearing, validation, and SmartAcme-compatible /certs/ and /proxy-certs/ formats
+- Add request interfaces IReq_DeleteCertificate, IReq_ExportCertificate, IReq_ImportCertificate (ts_interfaces/requests/certificate.ts)
+- Add web app actions deleteCertificateAction, importCertificateAction and fetchCertificateExport to call new typed requests (ts_web/appstate.ts)
+- Update certificates UI to support Import, Export, and Delete actions and add downloadJsonFile helper (ts_web/elements/ops-view-certificates.ts)
+
 ## 2026-02-17 - 6.8.0 - feat(remote-ingress)
 support auto-deriving ports for remote ingress edges and expose manual/derived port breakdown in API and UI

--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
  "name": "@serve.zone/dcrouter",
  "private": false,
-  "version": "6.8.0",
+  "version": "6.10.0",
  "description": "A multifaceted routing service handling mail and SMS delivery functions.",
  "type": "module",
  "exports": {
@@ -32,7 +32,7 @@
    "@api.global/typedserver": "^8.3.0",
    "@api.global/typedsocket": "^4.1.0",
    "@apiclient.xyz/cloudflare": "^7.1.0",
-    "@design.estate/dees-catalog": "^3.42.2",
+    "@design.estate/dees-catalog": "^3.43.0",
    "@design.estate/dees-element": "^2.1.6",
    "@push.rocks/projectinfo": "^5.0.2",
    "@push.rocks/qenv": "^6.1.3",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -24,8 +24,8 @@ importers:
        specifier: ^7.1.0
        version: 7.1.0
      '@design.estate/dees-catalog':
-        specifier: ^3.42.2
-        version: 3.42.2(@tiptap/pm@2.27.2)
+        specifier: ^3.43.0
+        version: 3.43.0(@tiptap/pm@2.27.2)
      '@design.estate/dees-element':
        specifier: ^2.1.6
        version: 2.1.6
@@ -351,8 +351,8 @@ packages:
  '@configvault.io/interfaces@1.0.17':
    resolution: {integrity: sha512-bEcCUR2VBDJsTin8HQh8Uw/mlYl2v8A3jMIaQ+MTB9Hrqd6CZL2dL7iJdWyFl/3EIX+LDxWFR+Oq7liIq7w+1Q==}

-  '@design.estate/dees-catalog@3.42.2':
-    resolution: {integrity: sha512-e/d5XpIjuOmQIxHnBq81Uq+TyBHX92Ie1n7jEFBCYtxvi3+P2LU1sQ3VDrvLTpkwGxq7iyagu7BYWHYRtPLPmw==}
+  '@design.estate/dees-catalog@3.43.0':
+    resolution: {integrity: sha512-UFW8oThP9Mc4L0wVVgmuGux868Ct/TwZ1WP8hZCe4e/+5gmxDc+4EArnt5hePHENboe1Soobh9mmrMN6kQZ3xQ==}

  '@design.estate/dees-comms@1.0.30':
    resolution: {integrity: sha512-KchMlklJfKAjQiJiR0xmofXtQ27VgZtBIxcMwPE9d+h3jJRv+lPZxzBQVOM0eyM0uS44S5vJMZ11IeV4uDXSHg==}
@@ -681,74 +681,74 @@ packages:
  '@mongodb-js/saslprep@1.4.6':
    resolution: {integrity: sha512-y+x3H1xBZd38n10NZF/rEBlvDOOMQ6LKUTHqr8R9VkJ+mmQOYtJFxIlkkK8fZrtOiL6VixbOBWMbZGBdal3Z1g==}

-  '@napi-rs/canvas-android-arm64@0.1.92':
-    resolution: {integrity: sha512-rDOtq53ujfOuevD5taxAuIFALuf1QsQWZe1yS/N4MtT+tNiDBEdjufvQRPWZ11FubL2uwgP8ApYU3YOaNu1ZsQ==}
+  '@napi-rs/canvas-android-arm64@0.1.93':
+    resolution: {integrity: sha512-xRIoOPFvneR29Dtq5d9p2AJbijDCFeV4jQ+5Ms/xVAXJVb8R0Jlu+pPr/SkhrG+Mouaml4roPSXugTIeRl6CMA==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [android]

-  '@napi-rs/canvas-darwin-arm64@0.1.92':
-    resolution: {integrity: sha512-4PT6GRGCr7yMRehp42x0LJb1V0IEy1cDZDDayv7eKbFUIGbPFkV7CRC9Bee5MPkjg1EB4ZPXXUyy3gjQm7mR8Q==}
+  '@napi-rs/canvas-darwin-arm64@0.1.93':
+    resolution: {integrity: sha512-daNDi76HN5grC6GXDmpxdfP+N2mQPd3sCfg62VyHwUuvbZh32P7R/IUjkzAxtYMtTza+Zvx9hfLJ3J7ENL6WMA==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [darwin]

-  '@napi-rs/canvas-darwin-x64@0.1.92':
-    resolution: {integrity: sha512-5e/3ZapP7CqPtDcZPtmowCsjoyQwuNMMD7c0GKPtZQ8pgQhLkeq/3fmk0HqNSD1i227FyJN/9pDrhw/UMTkaWA==}
+  '@napi-rs/canvas-darwin-x64@0.1.93':
+    resolution: {integrity: sha512-1YfuNPIQLawsg/gSNdJRk4kQWUy9M/Gy8FGsOI79nhQEJ2PZdqpSPl5UNzf4elfuNXuVbEbmmjP68EQdUunDuQ==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [darwin]

-  '@napi-rs/canvas-linux-arm-gnueabihf@0.1.92':
-    resolution: {integrity: sha512-j6KaLL9iir68lwpzzY+aBGag1PZp3+gJE2mQ3ar4VJVmyLRVOh+1qsdNK1gfWoAVy5w6U7OEYFrLzN2vOFUSng==}
+  '@napi-rs/canvas-linux-arm-gnueabihf@0.1.93':
+    resolution: {integrity: sha512-8kEkOQPZjuyHjupvXExuJZiuiVNecdABGq3DLI7aO1EvQFOOlWMm2d/8Q5qXdV73Tn+nu3m16+kPajsN1oJefQ==}
    engines: {node: '>= 10'}
    cpu: [arm]
    os: [linux]

-  '@napi-rs/canvas-linux-arm64-gnu@0.1.92':
-    resolution: {integrity: sha512-s3NlnJMHOSotUYVoTCoC1OcomaChFdKmZg0VsHFeIkeHbwX0uPHP4eCX1irjSfMykyvsGHTQDfBAtGYuqxCxhQ==}
+  '@napi-rs/canvas-linux-arm64-gnu@0.1.93':
+    resolution: {integrity: sha512-qIKLKkBkYSyWSYAoDThoxf5y1gr4X0g7W8rDU7d2HDeAAcotdVHUwuKkMeNe6+5VNk7/95EIhbslQjSxiCu32g==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]

-  '@napi-rs/canvas-linux-arm64-musl@0.1.92':
-    resolution: {integrity: sha512-xV0GQnukYq5qY+ebkAwHjnP2OrSGBxS3vSi1zQNQj0bkXU6Ou+Tw7JjCM7pZcQ28MUyEBS1yKfo7rc7ip2IPFQ==}
+  '@napi-rs/canvas-linux-arm64-musl@0.1.93':
+    resolution: {integrity: sha512-mAwQBGM3qArS9XEO21AK4E1uGvCuUCXjhIZk0dlVvs49MQ6wAAuCkYKNFpSKeSicKrLWwBMfgWX4qZoPh+M00A==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [linux]

-  '@napi-rs/canvas-linux-riscv64-gnu@0.1.92':
-    resolution: {integrity: sha512-+GKvIFbQ74eB/TopEdH6XIXcvOGcuKvCITLGXy7WLJAyNp3Kdn1ncjxg91ihatBaPR+t63QOE99yHuIWn3UQ9w==}
+  '@napi-rs/canvas-linux-riscv64-gnu@0.1.93':
+    resolution: {integrity: sha512-kaIH5MpPzOZfkM+QMsBxGdM9jlJT+N+fwz2IEaju/S+DL65E5TgPOx4QcD5dQ8vsMxlak6uDrudBc4ns5xzZCw==}
    engines: {node: '>= 10'}
    cpu: [riscv64]
    os: [linux]

-  '@napi-rs/canvas-linux-x64-gnu@0.1.92':
-    resolution: {integrity: sha512-tFd6MwbEhZ1g64iVY2asV+dOJC+GT3Yd6UH4G3Hp0/VHQ6qikB+nvXEULskFYZ0+wFqlGPtXjG1Jmv7sJy+3Ww==}
+  '@napi-rs/canvas-linux-x64-gnu@0.1.93':
+    resolution: {integrity: sha512-KtMZJqYWvOSeW5w3VSV2f5iGnwNdKJm4gwgVid4xNy1NFi+NJSyuglA1lX1u4wIPxizyxh8OW5c5Usf6oSOMNQ==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]

-  '@napi-rs/canvas-linux-x64-musl@0.1.92':
-    resolution: {integrity: sha512-uSuqeSveB/ZGd72VfNbHCSXO9sArpZTvznMVsb42nqPP7gBGEH6NJQ0+hmF+w24unEmxBhPYakP/Wiosm16KkA==}
+  '@napi-rs/canvas-linux-x64-musl@0.1.93':
+    resolution: {integrity: sha512-qRZhOvlDBooRLX6V3/t9X9B+plZK+OrPLgfFixu0A1RO/3VHbubOknfnMnocSDAqk/L6cRyKI83VP2ciR9UO7w==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [linux]

-  '@napi-rs/canvas-win32-arm64-msvc@0.1.92':
-    resolution: {integrity: sha512-20SK5AU/OUNz9ZuoAPj5ekWai45EIBDh/XsdrVZ8le/pJVlhjFU3olbumSQUXRFn7lBRS+qwM8kA//uLaDx6iQ==}
+  '@napi-rs/canvas-win32-arm64-msvc@0.1.93':
+    resolution: {integrity: sha512-um5XE44vF8bjkQEsH2iRSUP9fDeQGYbn/qjM/v4whXG83qsqapAXlOPOQqSARZB1SiNvPUAuXoRsJLlKFmAEFw==}
    engines: {node: '>= 10'}
    cpu: [arm64]
    os: [win32]

-  '@napi-rs/canvas-win32-x64-msvc@0.1.92':
-    resolution: {integrity: sha512-KEhyZLzq1MXCNlXybz4k25MJmHFp+uK1SIb8yJB0xfrQjz5aogAMhyseSzewo+XxAq3OAOdyKvfHGNzT3w1RPg==}
+  '@napi-rs/canvas-win32-x64-msvc@0.1.93':
+    resolution: {integrity: sha512-maHlizZgmKsAPJwjwBZMnsWfq3Ca9QutoteQwKe7YqsmbECoylrLCCOGCDOredstW4BRWqRTfCl6NJaVVeAQvQ==}
    engines: {node: '>= 10'}
    cpu: [x64]
    os: [win32]

-  '@napi-rs/canvas@0.1.92':
-    resolution: {integrity: sha512-q7ZaUCJkEU5BeOdE7fBx1XWRd2T5Ady65nxq4brMf5L4cE1VV/ACq5w9Z5b/IVJs8CwSSIwc30nlthH0gFo4Ig==}
+  '@napi-rs/canvas@0.1.93':
+    resolution: {integrity: sha512-unVFo8CUlUeJCCxt50+j4yy91NF4x6n9zdGcvEsOFAWzowtZm3mgx8X2D7xjwV0cFSfxmpGPoe+JS77uzeFsxg==}
    engines: {node: '>= 10'}

  '@napi-rs/wasm-runtime@1.0.7':
@@ -1966,8 +1966,8 @@ packages:
    resolution: {integrity: sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==}
    engines: {node: '>=12'}

-  apexcharts@5.5.0:
-    resolution: {integrity: sha512-r0GzBUmIAihVDHiPTWrKzd2I+T2Dw+oZTDBRJeBExUuCyqEaCe2pAMEKZnTbJQXyDAhCBzPgkM2SeeKQuW4Ddw==}
+  apexcharts@5.6.0:
+    resolution: {integrity: sha512-BZua59yedRsaDfnxkzNrkyLCvluq2c3ZDBIz4joxSKtgr0xDQXQ5dzceMhf/TpTbAjaF+2NYIpLP3BEEIG2s/w==}

  argparse@1.0.10:
    resolution: {integrity: sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==}
@@ -3610,8 +3610,8 @@ packages:
  prosemirror-markdown@1.13.4:
    resolution: {integrity: sha512-D98dm4cQ3Hs6EmjK500TdAOew4Z03EV71ajEFiWra3Upr7diytJsjF4mPV2dW+eK5uNectiRj0xFxYI9NLXDbw==}

-  prosemirror-menu@1.2.5:
-    resolution: {integrity: sha512-qwXzynnpBIeg1D7BAtjOusR+81xCp53j7iWu/IargiRZqRjGIlQuu1f3jFi+ehrHhWMLoyOQTSRx/IWZJqOYtQ==}
+  prosemirror-menu@1.3.0:
+    resolution: {integrity: sha512-TImyPXCHPcDsSka2/lwJ6WjTASr4re/qWq1yoTTuLOqfXucwF6VcRa2LWCkM/EyTD1UO3CUwiH8qURJoWJRxwg==}

  prosemirror-model@1.25.4:
    resolution: {integrity: sha512-PIM7E43PBxKce8OQeezAs9j4TP+5yDpZVbuurd1h5phUxEKIu+G2a+EUZzIC5nS1mJktDJWzbqS23n1tsAf5QA==}
@@ -4365,7 +4365,7 @@ snapshots:
      '@api.global/typedrequest-interfaces': 3.0.19
      '@api.global/typedsocket': 4.1.0(@push.rocks/smartserve@2.0.1)
      '@cloudflare/workers-types': 4.20260210.0
-      '@design.estate/dees-catalog': 3.42.2(@tiptap/pm@2.27.2)
+      '@design.estate/dees-catalog': 3.43.0(@tiptap/pm@2.27.2)
      '@design.estate/dees-comms': 1.0.30
      '@push.rocks/lik': 6.2.2
      '@push.rocks/smartdelay': 3.0.5
@@ -4963,7 +4963,7 @@ snapshots:
    dependencies:
      '@api.global/typedrequest-interfaces': 3.0.19

-  '@design.estate/dees-catalog@3.42.2(@tiptap/pm@2.27.2)':
+  '@design.estate/dees-catalog@3.43.0(@tiptap/pm@2.27.2)':
    dependencies:
      '@design.estate/dees-domtools': 2.3.8
      '@design.estate/dees-element': 2.1.6
@@ -4983,7 +4983,7 @@ snapshots:
      '@tiptap/extension-underline': 2.27.2(@tiptap/core@2.27.2(@tiptap/pm@2.27.2))
      '@tiptap/starter-kit': 2.27.2
      '@tsclass/tsclass': 9.3.0
-      apexcharts: 5.5.0
+      apexcharts: 5.6.0
      highlight.js: 11.11.1
      ibantools: 4.5.1
      lucide: 0.564.0
@@ -5472,52 +5472,52 @@ snapshots:
    dependencies:
      sparse-bitfield: 3.0.3

-  '@napi-rs/canvas-android-arm64@0.1.92':
+  '@napi-rs/canvas-android-arm64@0.1.93':
    optional: true

-  '@napi-rs/canvas-darwin-arm64@0.1.92':
+  '@napi-rs/canvas-darwin-arm64@0.1.93':
    optional: true

-  '@napi-rs/canvas-darwin-x64@0.1.92':
+  '@napi-rs/canvas-darwin-x64@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-arm-gnueabihf@0.1.92':
+  '@napi-rs/canvas-linux-arm-gnueabihf@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-arm64-gnu@0.1.92':
+  '@napi-rs/canvas-linux-arm64-gnu@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-arm64-musl@0.1.92':
+  '@napi-rs/canvas-linux-arm64-musl@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-riscv64-gnu@0.1.92':
+  '@napi-rs/canvas-linux-riscv64-gnu@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-x64-gnu@0.1.92':
+  '@napi-rs/canvas-linux-x64-gnu@0.1.93':
    optional: true

-  '@napi-rs/canvas-linux-x64-musl@0.1.92':
+  '@napi-rs/canvas-linux-x64-musl@0.1.93':
    optional: true

-  '@napi-rs/canvas-win32-arm64-msvc@0.1.92':
+  '@napi-rs/canvas-win32-arm64-msvc@0.1.93':
    optional: true

-  '@napi-rs/canvas-win32-x64-msvc@0.1.92':
+  '@napi-rs/canvas-win32-x64-msvc@0.1.93':
    optional: true

-  '@napi-rs/canvas@0.1.92':
+  '@napi-rs/canvas@0.1.93':
    optionalDependencies:
-      '@napi-rs/canvas-android-arm64': 0.1.92
-      '@napi-rs/canvas-darwin-arm64': 0.1.92
-      '@napi-rs/canvas-darwin-x64': 0.1.92
-      '@napi-rs/canvas-linux-arm-gnueabihf': 0.1.92
-      '@napi-rs/canvas-linux-arm64-gnu': 0.1.92
-      '@napi-rs/canvas-linux-arm64-musl': 0.1.92
-      '@napi-rs/canvas-linux-riscv64-gnu': 0.1.92
-      '@napi-rs/canvas-linux-x64-gnu': 0.1.92
-      '@napi-rs/canvas-linux-x64-musl': 0.1.92
-      '@napi-rs/canvas-win32-arm64-msvc': 0.1.92
-      '@napi-rs/canvas-win32-x64-msvc': 0.1.92
+      '@napi-rs/canvas-android-arm64': 0.1.93
+      '@napi-rs/canvas-darwin-arm64': 0.1.93
+      '@napi-rs/canvas-darwin-x64': 0.1.93
+      '@napi-rs/canvas-linux-arm-gnueabihf': 0.1.93
+      '@napi-rs/canvas-linux-arm64-gnu': 0.1.93
+      '@napi-rs/canvas-linux-arm64-musl': 0.1.93
+      '@napi-rs/canvas-linux-riscv64-gnu': 0.1.93
+      '@napi-rs/canvas-linux-x64-gnu': 0.1.93
+      '@napi-rs/canvas-linux-x64-musl': 0.1.93
+      '@napi-rs/canvas-win32-arm64-msvc': 0.1.93
+      '@napi-rs/canvas-win32-x64-msvc': 0.1.93
    optional: true

  '@napi-rs/wasm-runtime@1.0.7':
@@ -7301,7 +7301,7 @@ snapshots:
      prosemirror-inputrules: 1.5.1
      prosemirror-keymap: 1.2.3
      prosemirror-markdown: 1.13.4
-      prosemirror-menu: 1.2.5
+      prosemirror-menu: 1.3.0
      prosemirror-model: 1.25.4
      prosemirror-schema-basic: 1.2.4
      prosemirror-schema-list: 1.5.1
@@ -7605,7 +7605,7 @@ snapshots:

  ansi-styles@6.2.3: {}

-  apexcharts@5.5.0:
+  apexcharts@5.6.0:
    dependencies:
      '@yr/monotone-cubic-spline': 1.0.3

@@ -9427,7 +9427,7 @@ snapshots:

  pdfjs-dist@4.10.38:
    optionalDependencies:
-      '@napi-rs/canvas': 0.1.92
+      '@napi-rs/canvas': 0.1.93

  peberminta@0.9.0: {}

@@ -9516,7 +9516,7 @@ snapshots:
      markdown-it: 14.1.1
      prosemirror-model: 1.25.4

-  prosemirror-menu@1.2.5:
+  prosemirror-menu@1.3.0:
    dependencies:
      crelt: 1.0.6
      prosemirror-commands: 1.7.1
--- a/ts/00_commitinfo_data.ts
+++ b/ts/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '6.8.0',
+  version: '6.10.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts/opsserver/handlers/certificate.handler.ts
+++ b/ts/opsserver/handlers/certificate.handler.ts
@@ -42,6 +42,36 @@ export class CertificateHandler {
        }
      )
    );
+
+    // Delete certificate
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_DeleteCertificate>(
+        'deleteCertificate',
+        async (dataArg) => {
+          return this.deleteCertificate(dataArg.domain);
+        }
+      )
+    );
+
+    // Export certificate
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ExportCertificate>(
+        'exportCertificate',
+        async (dataArg) => {
+          return this.exportCertificate(dataArg.domain);
+        }
+      )
+    );
+
+    // Import certificate
+    this.typedrouter.addTypedHandler(
+      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ImportCertificate>(
+        'importCertificate',
+        async (dataArg) => {
+          return this.importCertificate(dataArg.cert);
+        }
+      )
+    );
  }

  /**
@@ -324,4 +354,154 @@ export class CertificateHandler {

    return { success: false, message: `No routes found for domain '${domain}'` };
  }
+
+  /**
+   * Delete certificate data for a domain from storage
+   */
+  private async deleteCertificate(domain: string): Promise<{ success: boolean; message?: string }> {
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const cleanDomain = domain.replace(/^\*\.?/, '');
+
+    // Delete from all known storage paths
+    const paths = [
+      `/proxy-certs/${domain}`,
+      `/proxy-certs/${cleanDomain}`,
+      `/certs/${cleanDomain}`,
+    ];
+
+    for (const path of paths) {
+      try {
+        await dcRouter.storageManager.delete(path);
+      } catch {
+        // Path may not exist — ignore
+      }
+    }
+
+    // Clear from in-memory status map
+    dcRouter.certificateStatusMap.delete(domain);
+
+    // Clear backoff info
+    if (dcRouter.certProvisionScheduler) {
+      await dcRouter.certProvisionScheduler.clearBackoff(domain);
+    }
+
+    return { success: true, message: `Certificate data deleted for '${domain}'` };
+  }
+
+  /**
+   * Export certificate data for a domain as ICert-shaped JSON
+   */
+  private async exportCertificate(domain: string): Promise<{
+    success: boolean;
+    cert?: {
+      id: string;
+      domainName: string;
+      created: number;
+      validUntil: number;
+      privateKey: string;
+      publicKey: string;
+      csr: string;
+    };
+    message?: string;
+  }> {
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const cleanDomain = domain.replace(/^\*\.?/, '');
+
+    // Try SmartAcme /certs/ path first (has full ICert fields)
+    let certData = await dcRouter.storageManager.getJSON(`/certs/${cleanDomain}`);
+    if (certData && certData.publicKey && certData.privateKey) {
+      return {
+        success: true,
+        cert: {
+          id: certData.id || plugins.crypto.randomUUID(),
+          domainName: certData.domainName || domain,
+          created: certData.created || Date.now(),
+          validUntil: certData.validUntil || 0,
+          privateKey: certData.privateKey,
+          publicKey: certData.publicKey,
+          csr: certData.csr || '',
+        },
+      };
+    }
+
+    // Fallback: try /proxy-certs/ with original domain
+    certData = await dcRouter.storageManager.getJSON(`/proxy-certs/${domain}`);
+    if (!certData || !certData.publicKey) {
+      // Try with clean domain
+      certData = await dcRouter.storageManager.getJSON(`/proxy-certs/${cleanDomain}`);
+    }
+
+    if (certData && certData.publicKey && certData.privateKey) {
+      return {
+        success: true,
+        cert: {
+          id: plugins.crypto.randomUUID(),
+          domainName: domain,
+          created: certData.validFrom || Date.now(),
+          validUntil: certData.validUntil || 0,
+          privateKey: certData.privateKey,
+          publicKey: certData.publicKey,
+          csr: '',
+        },
+      };
+    }
+
+    return { success: false, message: `No certificate data found for '${domain}'` };
+  }
+
+  /**
+   * Import a certificate from ICert-shaped JSON
+   */
+  private async importCertificate(cert: {
+    id: string;
+    domainName: string;
+    created: number;
+    validUntil: number;
+    privateKey: string;
+    publicKey: string;
+    csr: string;
+  }): Promise<{ success: boolean; message?: string }> {
+    // Validate PEM content
+    if (!cert.publicKey || !cert.publicKey.includes('-----BEGIN CERTIFICATE-----')) {
+      return { success: false, message: 'Invalid publicKey: must contain a PEM-encoded certificate' };
+    }
+    if (!cert.privateKey || !cert.privateKey.includes('-----BEGIN')) {
+      return { success: false, message: 'Invalid privateKey: must contain a PEM-encoded key' };
+    }
+
+    const dcRouter = this.opsServerRef.dcRouterRef;
+    const cleanDomain = cert.domainName.replace(/^\*\.?/, '');
+
+    // Save to /certs/ (SmartAcme-compatible path)
+    await dcRouter.storageManager.setJSON(`/certs/${cleanDomain}`, {
+      id: cert.id,
+      domainName: cert.domainName,
+      created: cert.created,
+      validUntil: cert.validUntil,
+      privateKey: cert.privateKey,
+      publicKey: cert.publicKey,
+      csr: cert.csr || '',
+    });
+
+    // Also save to /proxy-certs/ (proxy-cert format)
+    await dcRouter.storageManager.setJSON(`/proxy-certs/${cert.domainName}`, {
+      domain: cert.domainName,
+      publicKey: cert.publicKey,
+      privateKey: cert.privateKey,
+      ca: undefined,
+      validUntil: cert.validUntil,
+      validFrom: cert.created,
+    });
+
+    // Update in-memory status map
+    dcRouter.certificateStatusMap.set(cert.domainName, {
+      status: 'valid',
+      source: 'static',
+      expiryDate: cert.validUntil ? new Date(cert.validUntil).toISOString() : undefined,
+      issuedAt: cert.created ? new Date(cert.created).toISOString() : undefined,
+      routeNames: [],
+    });
+
+    return { success: true, message: `Certificate imported for '${cert.domainName}'` };
+  }
 }
--- a/ts_interfaces/requests/certificate.ts
+++ b/ts_interfaces/requests/certificate.ts
@@ -74,3 +74,68 @@ export interface IReq_ReprovisionCertificateDomain extends plugins.typedrequestI
    message?: string;
  };
 }
+
+// Delete a certificate by domain
+export interface IReq_DeleteCertificate extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_DeleteCertificate
+> {
+  method: 'deleteCertificate';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    domain: string;
+  };
+  response: {
+    success: boolean;
+    message?: string;
+  };
+}
+
+// Export a certificate as ICert JSON
+export interface IReq_ExportCertificate extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_ExportCertificate
+> {
+  method: 'exportCertificate';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    domain: string;
+  };
+  response: {
+    success: boolean;
+    cert?: {
+      id: string;
+      domainName: string;
+      created: number;
+      validUntil: number;
+      privateKey: string;
+      publicKey: string;
+      csr: string;
+    };
+    message?: string;
+  };
+}
+
+// Import a certificate from ICert JSON
+export interface IReq_ImportCertificate extends plugins.typedrequestInterfaces.implementsTR<
+  plugins.typedrequestInterfaces.ITypedRequest,
+  IReq_ImportCertificate
+> {
+  method: 'importCertificate';
+  request: {
+    identity?: authInterfaces.IIdentity;
+    cert: {
+      id: string;
+      domainName: string;
+      created: number;
+      validUntil: number;
+      privateKey: string;
+      publicKey: string;
+      csr: string;
+    };
+  };
+  response: {
+    success: boolean;
+    message?: string;
+  };
+}
--- a/ts_web/00_commitinfo_data.ts
+++ b/ts_web/00_commitinfo_data.ts
@@ -3,6 +3,6 @@
 */
 export const commitinfo = {
  name: '@serve.zone/dcrouter',
-  version: '6.8.0',
+  version: '6.10.0',
  description: 'A multifaceted routing service handling mail and SMS delivery functions.'
 }
--- a/ts_web/appstate.ts
+++ b/ts_web/appstate.ts
@@ -780,6 +780,80 @@ export const reprovisionCertificateAction = certificateStatePart.createAction<st
  }
 );

+export const deleteCertificateAction = certificateStatePart.createAction<string>(
+  async (statePartArg, domain) => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState();
+
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_DeleteCertificate
+      >('/typedrequest', 'deleteCertificate');
+
+      await request.fire({
+        identity: context.identity,
+        domain,
+      });
+
+      // Re-fetch overview after deletion
+      await certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
+      return statePartArg.getState();
+    } catch (error) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to delete certificate',
+      };
+    }
+  }
+);
+
+export const importCertificateAction = certificateStatePart.createAction<{
+  id: string;
+  domainName: string;
+  created: number;
+  validUntil: number;
+  privateKey: string;
+  publicKey: string;
+  csr: string;
+}>(
+  async (statePartArg, cert) => {
+    const context = getActionContext();
+    const currentState = statePartArg.getState();
+
+    try {
+      const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+        interfaces.requests.IReq_ImportCertificate
+      >('/typedrequest', 'importCertificate');
+
+      await request.fire({
+        identity: context.identity,
+        cert,
+      });
+
+      // Re-fetch overview after import
+      await certificateStatePart.dispatchAction(fetchCertificateOverviewAction, null);
+      return statePartArg.getState();
+    } catch (error) {
+      return {
+        ...currentState,
+        error: error instanceof Error ? error.message : 'Failed to import certificate',
+      };
+    }
+  }
+);
+
+export async function fetchCertificateExport(domain: string) {
+  const context = getActionContext();
+  const request = new plugins.domtools.plugins.typedrequest.TypedRequest<
+    interfaces.requests.IReq_ExportCertificate
+  >('/typedrequest', 'exportCertificate');
+
+  return request.fire({
+    identity: context.identity,
+    domain,
+  });
+}
+
 // ============================================================================
 // Remote Ingress Actions
 // ============================================================================
--- a/ts_web/elements/ops-view-certificates.ts
+++ b/ts_web/elements/ops-view-certificates.ts
@@ -241,6 +241,61 @@ export class OpsViewCertificates extends DeesElement {
              : '',
        })}
        .dataActions=${[
+          {
+            name: 'Import Certificate',
+            iconName: 'lucide:upload',
+            type: ['header'],
+            actionFunc: async () => {
+              const { DeesModal } = await import('@design.estate/dees-catalog');
+              await DeesModal.createAndShow({
+                heading: 'Import Certificate',
+                content: html`
+                  <dees-form>
+                    <dees-input-fileupload
+                      key="certJsonFile"
+                      label="Certificate JSON (.tsclass.cert.json)"
+                      accept=".json"
+                      .multiple=${false}
+                      required
+                    ></dees-input-fileupload>
+                  </dees-form>
+                `,
+                menuOptions: [
+                  {
+                    name: 'Import',
+                    iconName: 'lucide:upload',
+                    action: async (modal) => {
+                      const { DeesToast } = await import('@design.estate/dees-catalog');
+                      try {
+                        const form = modal.shadowRoot.querySelector('dees-form') as any;
+                        const formData = await form.collectFormData();
+                        const files = formData.certJsonFile;
+                        if (!files || files.length === 0) {
+                          DeesToast.show({ message: 'Please select a JSON file.', type: 'warning', duration: 3000 });
+                          return;
+                        }
+                        const file = files[0];
+                        const text = await file.text();
+                        const cert = JSON.parse(text);
+                        if (!cert.domainName || !cert.publicKey || !cert.privateKey) {
+                          DeesToast.show({ message: 'Invalid cert JSON: missing domainName, publicKey, or privateKey.', type: 'error', duration: 4000 });
+                          return;
+                        }
+                        await appstate.certificateStatePart.dispatchAction(
+                          appstate.importCertificateAction,
+                          cert,
+                        );
+                        DeesToast.show({ message: `Certificate imported for ${cert.domainName}`, type: 'success', duration: 3000 });
+                        modal.destroy();
+                      } catch (err) {
+                        DeesToast.show({ message: `Import failed: ${err.message}`, type: 'error', duration: 4000 });
+                      }
+                    },
+                  },
+                ],
+              });
+            },
+          },
          {
            name: 'Reprovision',
            iconName: 'lucide:RefreshCw',
@@ -268,6 +323,63 @@ export class OpsViewCertificates extends DeesElement {
              });
            },
          },
+          {
+            name: 'Export',
+            iconName: 'lucide:download',
+            type: ['inRow', 'contextmenu'],
+            actionFunc: async (actionData: { item: interfaces.requests.ICertificateInfo }) => {
+              const { DeesToast } = await import('@design.estate/dees-catalog');
+              const cert = actionData.item;
+              try {
+                const response = await appstate.fetchCertificateExport(cert.domain);
+                if (response.success && response.cert) {
+                  const safeDomain = cert.domain.replace(/\*/g, '_wildcard');
+                  this.downloadJsonFile(`${safeDomain}.tsclass.cert.json`, response.cert);
+                  DeesToast.show({ message: `Certificate exported for ${cert.domain}`, type: 'success', duration: 3000 });
+                } else {
+                  DeesToast.show({ message: response.message || 'Export failed', type: 'error', duration: 4000 });
+                }
+              } catch (err) {
+                DeesToast.show({ message: `Export failed: ${err.message}`, type: 'error', duration: 4000 });
+              }
+            },
+          },
+          {
+            name: 'Delete',
+            iconName: 'lucide:trash-2',
+            type: ['inRow', 'contextmenu'],
+            actionFunc: async (actionData: { item: interfaces.requests.ICertificateInfo }) => {
+              const cert = actionData.item;
+              const { DeesModal, DeesToast } = await import('@design.estate/dees-catalog');
+              await DeesModal.createAndShow({
+                heading: `Delete Certificate: ${cert.domain}`,
+                content: html`
+                  <div style="padding: 20px; font-size: 14px;">
+                    <p>Are you sure you want to delete the certificate data for <strong>${cert.domain}</strong>?</p>
+                    <p style="color: #f59e0b; margin-top: 12px;">Note: The certificate may remain in proxy memory until the next restart or reprovisioning.</p>
+                  </div>
+                `,
+                menuOptions: [
+                  {
+                    name: 'Delete',
+                    iconName: 'lucide:trash-2',
+                    action: async (modal) => {
+                      try {
+                        await appstate.certificateStatePart.dispatchAction(
+                          appstate.deleteCertificateAction,
+                          cert.domain,
+                        );
+                        DeesToast.show({ message: `Certificate deleted for ${cert.domain}`, type: 'success', duration: 3000 });
+                        modal.destroy();
+                      } catch (err) {
+                        DeesToast.show({ message: `Delete failed: ${err.message}`, type: 'error', duration: 4000 });
+                      }
+                    },
+                  },
+                ],
+              });
+            },
+          },
          {
            name: 'View Details',
            iconName: 'lucide:Search',
@@ -309,6 +421,19 @@ export class OpsViewCertificates extends DeesElement {
    `;
  }

+  private downloadJsonFile(filename: string, data: any): void {
+    const json = JSON.stringify(data, null, 2);
+    const blob = new Blob([json], { type: 'application/json' });
+    const url = URL.createObjectURL(blob);
+    const a = document.createElement('a');
+    a.href = url;
+    a.download = filename;
+    document.body.appendChild(a);
+    a.click();
+    document.body.removeChild(a);
+    URL.revokeObjectURL(url);
+  }
+
  private renderRoutePills(routeNames: string[]): TemplateResult {
    const maxShow = 3;
    const visible = routeNames.slice(0, maxShow);
Author	SHA1	Message	Date
Juergen Kunz	b21f3385e1	v6.10.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-17 17:49:12 +00:00
Juergen Kunz	dd61e0c962	feat(ops-view-certificates): Make Export and Delete actions available inline (inRow) as well as in the context menu; bump @design.estate/dees-catalog to ^3.43.0	2026-02-17 17:49:12 +00:00
Juergen Kunz	ac3a42fc41	v6.9.0 Some checks failed Docker (tags) / security (push) Failing after 1s Details Docker (tags) / test (push) Has been skipped Details Docker (tags) / release (push) Has been skipped Details Docker (tags) / metadata (push) Has been skipped Details	2026-02-17 16:28:33 +00:00
Juergen Kunz	c23f16149c	feat(certificates): add certificate import, export, and deletion support (server handlers, request types, and UI)	2026-02-17 16:28:33 +00:00