import * as plugins from '../../plugins.js'; import { SharedRouteManager as RouteManager } from '../../core/routing/route-manager.js'; import type { ISmartProxyOptions, ISmartProxySecurityPolicy } from './models/interfaces.js'; import type { IRouteConfig } from './models/route-types.js'; import type { IMetrics } from './models/metrics-types.js'; import type { IRustCertificateStatus, IRustStatistics } from './models/rust-types.js'; /** * SmartProxy - Rust-backed proxy engine with TypeScript configuration API. * * All networking (TCP, TLS, HTTP reverse proxy, connection management, security) * is handled by the Rust binary. TypeScript is only: * - The npm module interface (types, route helpers) * - The thin IPC wrapper (this class) * - Socket-handler callback relay (for JS-defined handlers) * - Certificate provisioning callbacks (certProvisionFunction) */ export declare class SmartProxy extends plugins.EventEmitter { settings: ISmartProxyOptions; routeManager: RouteManager; private bridge; private preprocessor; private socketHandlerServer; private datagramHandlerServer; private metricsAdapter; private nftablesManager; private routeUpdateLock; private stopping; private certProvisionPromise; constructor(settingsArg: ISmartProxyOptions); /** * Start the proxy. * Spawns the Rust binary, configures socket relay if needed, sends routes, handles cert provisioning. */ start(): Promise; /** * Stop the proxy. */ stop(): Promise; /** * Update routes atomically. */ updateRoutes(newRoutes: IRouteConfig[]): Promise; /** * Update the global ingress security policy without changing routes. * The Rust engine applies this before route selection and backend connection. */ updateSecurityPolicy(policy: ISmartProxySecurityPolicy): Promise; /** * Provision a certificate for a named route. */ provisionCertificate(routeName: string): Promise; /** * Force renewal of a certificate. */ renewCertificate(routeName: string): Promise; /** * Get certificate status for a route (async - calls Rust). */ getCertificateStatus(routeName: string): Promise; /** * Get the metrics interface. */ getMetrics(): IMetrics; /** * Get statistics (async - calls Rust). */ getStatistics(): Promise; /** * Add a listening port at runtime. */ addListeningPort(port: number): Promise; /** * Remove a listening port at runtime. */ removeListeningPort(port: number): Promise; /** * Get all currently listening ports (async - calls Rust). */ getListeningPorts(): Promise; /** * Get eligible domains for ACME certificates (sync - reads local routes). */ getEligibleDomainsForCertificates(): string[]; /** * Get NFTables status. */ getNfTablesStatus(): plugins.smartnftables.INftStatus | null; /** * Apply NFTables rules for routes using the nftables forwarding engine. */ private applyNftablesRules; /** * Build the Rust configuration object from TS settings. */ private buildRustConfig; /** * For routes with certificate: 'auto', call certProvisionFunction if set. * If the callback returns a cert object, load it into Rust. * If it returns 'http01', let Rust handle ACME. */ private provisionCertificatesViaCallback; /** * Provision a single domain's certificate via the callback. * Includes per-domain timeout and shutdown checks. */ private provisionSingleDomain; /** * Race a promise against a timeout. Rejects with the given message if the timeout fires first. */ private withTimeout; /** * Normalize routing glob patterns into valid domain identifiers for cert provisioning. * - `*nevermind.cloud` → `['nevermind.cloud', '*.nevermind.cloud']` * - `*.lossless.digital` → `['*.lossless.digital']` (already valid wildcard) * - `code.foss.global` → `['code.foss.global']` (plain domain) * - `*mid*.example.com` → skipped with warning (unsupported glob) */ private normalizeDomainsForCertProvisioning; private isValidDomain; }